Privacy notice

Page updated 17 November 2021.

This privacy notice will inform you as to how we collect, use and protect your personal data. It will also tell you about your privacy rights and how the law protects you.

1. Important information and who we are

Purpose of this privacy notice

This privacy notice aims to give you information on how we collect and process your personal data.

This website is not intended for children and we do not knowingly collect data relating to children.

It is important that you read this privacy notice together with any other privacy notice or fair processing notice we may provide on specific occasions when we are collecting or processing personal data about you so that you are fully aware of how and why we are using your data. This privacy notice supplements the other notices and is not intended to override them.

Controller

Iress is made up of different legal entities, details of which can be found here: Iress Legal Entities. This privacy notice is issued on behalf of the Iress Group so when we mention “Iress”, "we", "us" or "our" in this privacy notice, we are referring to the relevant company in the Iress Group responsible for processing your data.

Contact details

If you have any questions about this privacy notice or any questions or concerns regarding the manner in which your personal data is being processed please send your query to:

Compliance Officer,
Iress Limited,
Honeybourne Place,
Jessop Avenue,
Cheltenham,
GL50 3SH

Email: compliance@iress.com

Our EU Representative

If you are resident in the EU you may raise any issues or queries relating to our processing of your personal data with our EU representative (appointed pursuant to Article 27 of the GDPR).

Our EU representative is Iress SAS, a member of the Iress Group incorporated in France. Our EU representative can be contacted directly by emailing them at the following address: qhhr@iress.com

Changes to the privacy notice

We keep our privacy notice under regular review. This version has been published on 17 November 2021. Historical versions of our privacy notice can be obtained by contacting us. Details of previous versions of this privacy notice can be found in section 11.

Your duty to inform us of changes

It is important that the personal data we hold about you is accurate and current. Please keep us informed if your personal data changes by contacting us.

Third-party links and embedded content

This website may include links to third-party websites and applications. Clicking on those links or enabling those connections may allow third parties to collect or share data about you. We do not control these third-party websites and are not responsible for their privacy statements or the manner in which they process your personal data. When you leave our website, we encourage you to read the privacy notice of every website you visit.

This website may also include embedded third-party content. Any embedded content that references a third party’s name or trade mark may be embedded third-party content. Interacting with that third-party content may allow third parties to collect or share data about you. We are not responsible for the manner in which third parties may process your personal data following your access of such content (including their delivery of cookies); nor are we responsible for third-party privacy statements. When you access embedded third-party content, we encourage you to read any associated privacy notice provided by a third party related to the embedded content (which may require you to follow links to the third party’s privacy notice or website).

2. The data we collect about you

Personal data means any information about an individual from which that person can be identified. It does not include anonymised or aggregated data, where it is not possible to identify an individual from that data.

We may collect, use, store and transfer different kinds of personal data about you, and we have grouped this together as follows:

Identity data - includes first name, maiden name, last name, username or similar identifier, marital status, title, date of birth and gender. If you attend our offices, we may collect details of your car registration.

Contact data - includes billing address, postal address, email address and telephone numbers.

Financial data - includes bank account and payment card details.

Transaction data - includes details about payments to and from you and other details of products and services you have purchased from us.

Technical data -includes internet protocol (IP) address, your login data, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform and other technology on the devices you use to access this website, products you viewed or searched for, page response times, download errors, length of visits to certain pages, page interaction information (such as scrolling, clicks, and mouse-overs).

Profile data - includes your username and password, purchases or orders made by you and any requests for support, your interests, preferences, feedback, survey responses, entries to competitions or promotions, and where you have registered for training or an event.

Usage data - includes information about how you use our products and services, this website, or any other Iress websites you may visit, for example the ‘Iress Community’ website or the ‘Iress Learning Centre’ website).

Marketing and communications data - includes your preferences in receiving marketing from us and our third parties and your communication preferences.

We also collect, use and share aggregated data such as statistical or demographic data. aggregated data may be derived from your personal data but is not considered personal data in law as this data does not directly or indirectly reveal your identity. For example, we may aggregate your usage data to calculate the percentage of users accessing a specific website feature. However, if we combine or connect aggregated data with your personal data so that it can directly or indirectly identify you, we treat the combined data as personal data which will be used in accordance with this privacy notice.

We do not collect any special categories of personal data about you (this includes details about your race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, information about your health and genetic and biometric data). Nor do we collect any information about criminal convictions and offences.

If you do not provide personal data

Where we need to collect personal data by law, or under the terms of a contract we have with you and you do not provide that data when requested, we may not be able to perform the contract we have in place with you, or are trying to enter into with you (for example, to provide you with goods or services). In this case, we may have to cancel a product or service you have with us but we will notify you if this is the case at the time.

3. How your personal data is collected

We use different methods to collect data from and about you including through:

Direct interactions. You may give us your identity, contact and financial data by filling in forms or by corresponding with us by post, phone, email or otherwise. This includes personal data you provide when you:

Register as a user of our products or services;
Subscribe to our publications;
Request marketing communications to be sent to you or you update your marketing preferences;
Enter a competition, promotion or survey;
Attend seminars, training or other events;
Give us some feedback.

Automated technologies or interactions. As you interact with our website, we may automatically collect technical data about your equipment, browsing actions and patterns. We collect this personal data by using cookies, server logs and other similar technologies. We may also receive technical data about you if you visit other websites employing our cookies. Please see our cookies policy for further details.

Third parties or publicly available sources. We may receive personal data about you from various third parties and public sources as set out below:

Third parties to whom you have provided your personal data where you have expressly consented to them sharing your contact details with Iress or to a category in which Iress’ business activities would fall (including where you have attended an event which has been sponsored by Iress and you have agreed to the event organiser sharing your contact details with event sponsors);
Publicly available sources, for example Companies House, The Financial Conduct Authority, directories, search engines and social media.

4. How we use your personal data

We will only use your personal data when the law allows us to. Most commonly, we will use your personal data:

Where we need to perform the contract we are about to enter into or have entered into with you; or
Where it is necessary for our legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interests; or
Where we need to comply with a legal or regulatory obligation; or
Where you have agreed to us processing your personal data.

The lawful basis on which we will rely in processing your personal data will depend on the purpose for which we are using it – further details are set out in the following paragraph.

Purposes for which we will use your personal data

We have set out below, in a table format, a description of all the ways we plan to use your personal data, and which of the legal bases we rely on to do so. We have also identified what our legitimate interests are where appropriate.

Note that we may process your personal data on more than one lawful basis depending on the specific purpose for which we are using your data. Please contact us if you need details about the specific lawful basis we are relying on to process your personal data where more than one lawful basis has been set out in the table below.

Version	Date	Detail of change
1.0	May 2018	First published
1.1	July 2019	References to IRESS changed to Iress to reflect brand change
1.2	18th February 2020	Minor update to paragraph 1: including update to Iress compliance email address. Minor grammatical updates to paragraph 2. Minor update to paragraph 3 including grammatical updates and an update to how personal data is collected via direct interactions. Update to paragraph 4 regarding storage of customer personal data on customer relationship management system. Other minor updates to paragraph 4. Update to paragraph 5 regarding the activities that are carried out by external third parties in relation to the processing of customer data. Other minor grammatical updates to paragraph 5. Update to paragraph 8 to include anonymised data being used for commercial purposes. New paragraph 11 setting out version control.
1.3	18 December 2020	Update to paragraph 1 to include a reference to our EU Representative, including a minor update to the publishing date of this privacy notice. Update to paragraph 11 to include a reference to the new version of this privacy notice.
1.4	10 May 2021	Update to include new URL for marketing preference page in the UK
1.5	17 November 2021	Paragraph 1 - amendments to Contact Details Paragraph 2 - update to description of ‘usage data’ Paragraph 4 - updates to the table setting out the purpose for which we will use your personal data Paragraph 5 - updates to the third parties to whom we may provide your personal data Paragraph 6 - updates to the section regarding international transfers of personal data to reflect the UK’s withdrawal from the EU and the invalidity of the Privacy Shield. Paragraph 9 - updates to include reference to the CNIL as the supervisory authority for France

We are required to comply with all applicable privacy legislation in the jurisdictions in which we conduct our business.

Iress Ltd and its branches and subsidiaries ("Iress", "us" or "we") are committed to protecting the personal information we hold.

This privacy notice describes the type of information we collect, how we use and disclose it and how we protect that information. By providing us with your information, you consent to us collecting, using, disclosing and transferring that information as set out in this privacy notice.

Information collected

At times we may request that you supply us with personal information. Generally this information is requested when you subscribe for a product, or request a service or information from us - such as when you request a fact sheet or a demonstration of our products and services.

Personal information which we may collect from you includes the following:

General

your name;
your job title and company details;
your address;
your phone/fax and email details;
your date of birth;
payment information such as your bank account details;
your education and work experience in applications we receive from you;
your user name, and passwords for our online products;
information about your internet-enabled device and browsing patterns such as your IP address, operating system and browser type.

Although we generally only collect information that has been provided directly by you, there are times that we may collect information from third parties e.g. a company that provide services to us or an information service provider.

Use of information

Your information is collected and may be used by us:

to verify your identity;
to meet our legal and regulatory obligations;
to enable you to use our online products, our website or receive the benefit of certain services;
to help us improve and develop our website, online products and services;
to understand our user demographics and use of our website and online products;
for administration and client relationship management;
to answer questions and respond to comments, requests or queries you send us, including any application for employment;
for corporate and investor communications (in compliance with ASIC or other regulator’s requirements);
to manage fiscal components;
to send invoices or reminder notices or otherwise notify you of changes to our online products or services, and any other purpose related to or ancillary to any of the above.

We may keep your information for a reasonable period for these purposes.

Sharing of information

We may share your personal information with:

the companies in our corporate group;
our personnel, subcontractors, agents and advisors who have a need for that information as they assist us in running our business, this website or providing related services;
our subcontractors, suppliers and advisors to the extent necessary and relevant for the provision of our online products or services;
third party vendors to satisfy our third party data payment arrangements;
those other persons we believe are reasonably necessary to comply with our legal and regulatory requirements and/or exercise any rights we have under our contracts

Where we wish to share your personal information with third parties who are not listed above then we shall seek your consent before doing so, unless the data is anonymised (i.e. it doesn’t identify individuals) – in which case we may share the information without first obtaining your consent.

We may disclose your information to members of our corporate group located overseas. Countries in which we are based include Australia, the United Kingdom, Singapore, Malaysia, Hong Kong, South Africa, New Zealand and Canada. We have appropriate controls in place in relation to intra-group transfers.

In addition, we may transfer your information to countries or jurisdictions which do not provide the same level of data protection as the country in which you reside (including without limitation to the US), if necessary for achieving the purposes set out above. If we do make such a transfer, we will, if appropriate, put a contract in place to ensure your information is protected.

By submitting your personal data, you agree to such transfer, storing and processing as set out above. We will take all steps reasonably necessary to ensure that your data is treated securely and in accordance with this privacy notice.

Use of cookies

Please see our cookies policy.

Marketing

We may share your information with our business partners for marketing purposes or we may send you information about other organisations' products and services. We may contact you by mail, telephone, fax, email or other electronic messaging service with offers of products, services or information that may be of interest to you. By providing us with your contact details you consent to being contacted by these methods for these purposes. If you do not wish to receive marketing information from any companies within our group or our business partners (other than on the website which you have requested information about) please indicate this on the relevant form where we collect your information, or contact us using the details below.

Security

We take appropriate steps and maintain electronic, physical, procedural and organisational safeguards using industry standard techniques and controls to protect the information we hold (including your personal information) from misuse, loss, unauthorised access, modification or disclosure.

Changes

We reserve the right, at our discretion, to change, modify, add or remove portions from this notice at any time so we encourage you to review this privacy notice regularly.

Third Party Sites

Our corporate website contains links to other websites, including social media sites and widgets. We are not responsible for the content or privacy practices (including the delivery of any cookies) of these websites. We strongly encourage you to read the privacy notices and policies of those websites before providing those third parties with your information.

Access and correction

You have the right to access, request corrections to and copies of the personal information we hold about you. For quality control and training purposes we may monitor or record your communications with us.

Data Retention and past employees

We will only retain your personal information for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements. Details of retention periods for different aspects of your personal information are available on request. To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements.

In some circumstances, we may anonymise your personal information so that it can no longer be associated with you, in which case we may use such information without further notice to you. Once you are no longer an employee, worker or contractor of the company we will retain and securely destroy your personal information in accordance with our data retention policy.

Right to withdraw consent

In the limited circumstances where you may have provided your consent to the collection, processing and transfer of your personal information for a specific purpose, you have the right to withdraw your consent for that specific processing at any time. To withdraw your consent, please contact people@iress.com. Once we have received notification that you have withdrawn your consent, we will no longer process your information for the purpose or purposes you originally agreed to, unless we have another legitimate basis for doing so in law.

Contact

If you have any questions or comments about this privacy notice, or any concerns about our handling of your personal information, please contact our Compliance Manager whose contact details appear below.

If you wish to make a formal complaint, please make your complaint in writing to our Compliance Manager. We will consider your complaint promptly and contact you to seek to resolve the matter.

The Compliance Manager
Iress Limited
Level 16, 385 Bourke St, Melbourne, VIC, 3000

Phone: +61 3 9018 5800
Email: corporate@iress.com