Customer Privacy Notice

Definition

Personal information is information that is about or can be related to an identifiable individual.

Sensitive personal information  includes:

• Information on medical or health conditions

• Financial information

• Racial or ethnic origin

• Political opinions

• Religious or philosophical beliefs

• Trade union membership

• Sexual preferences

• Information related to offenses or criminal convictions

Purpose and Authority

As a rule, ibml does not require the collection of personal information from customers. There are 3 exceptions:

  • CAS outsourcing scanning functions do handle customer protected information (technically 4th party)
  • As a part of the sales process, some customer data that may include customer protected data, is used for testing scanner functions.
  • ibml service personnel may inadvertently have access to customer protected information while performing service calls. ibml’s service personnel do not need access to customer data to resolve service issues.
  • ibml may inadvertently receive personal information from customer documents by handling customer test or trouble information. It is ibml’s intent that all such personal information is redacted prior to being sent to ibml.
  • Some company confidential and personal information may be collected as a result of the contracting process

Sharing

  • Any personal or private information that ibml receives or might access is not shared with the exception that ibml will comply with any legal request to share customer protected information with law enforcement.
  • ibml will provide an "Accounting of Disclosures", unless prohibited by a legal restraint,  for any customer data that has been shared when requested by the customer.

Internal Use

  • CAS uses customer protected information internally during scanning operations to provide the customer contracted scanning services.
  • Any other personal or private information that ibml personnel receive or have access to is only used for the purposes noted above and is not shared.

Protection

Section 7.5 of ibml’s IT Security Policies and Standards describes the protection of customer protected information.

  • Customer protected information in hardcopy format is stored in locking storage cabinets with restricted, sign out access. Customers sending documents to ibml must fill out the ibml customer document classification form. For documents classified as “secure”, the form must include an accurate tally and description of the documents being sent, the expiration date for ibml’s authorization to possess the secure documents, and the desired procedures to follow at the end of the authorized period.
  • Customer protected information in electronic format is stored in secure data stores on ibml servers, or on encrypted volumes on removable media with restricted access.

Access

As all customer personal information that ibml receives or has access to is a copy of existing information that is maintained by the customer, there is no need for customers to have access to this data for review and update.

Retention

  • Customer contracts with CAS should specify the retention period for any customer data that CAS has access to. Customer data is deleted at the end of the retention period.
  • The customer document classification form requires customers to specify the retention period for hardcopy customer protected information. These hardcopy documents are shredded at the end of the retention period.
  • Any customer data provided to the help desk is deleted 1 year after the incident is closed.

Contact

Customers can contact their customer services representative or email security@ibml.com with privacy related questions.