IDC Asia/Pacific Privacy Policy

International Data Corporation Asia/Pacific Pte Ltd (hereinafter as “we” or “IDC”) is committed to conducting its business in line with best personal data protection practices and relevant laws including the Singapore Personal Data Protection Act 2012 (“PDPA”). Personal data refers to any data about an individual who can be identified from that data, or from that data and other information to which IDC has or is likely to have access. This Privacy Policy provides you with transparent information about how IDC collects, processes, shares, and otherwise uses your personal data and about your related rights.

  1. Who Processes Your Data?
    1. The controller of your personal data is IDC in Singapore (as listed at the top of this Privacy Policy).
    2. For all matters related to privacy and the collection, disclosure, processing, use and storage of your personal data, please contact the IDC Privacy Team at privacy@idc.com.

    For more information about IDC, please refer to here.

  2. Purposes for which we Collect, Use and Disclose your Personal Data
    1. We generally do not collect your personal data unless (a) it is provided to us voluntarily by you directly or via a third party who has been duly authorised by you to disclose your personal data to us (your “authorised representative”) after (i) you (or your authorised representative) have been notified of the purposes for which the data is collected, and (ii) you (or your authorised representative) have provided written consent to the collection, use and disclosure of your personal data for those purposes, or (b) collection, use or disclosure of personal data without consent is permitted or required by the PDPA or other laws. We shall seek your consent before collecting any additional personal data and before using or disclosing your personal data for a purpose which has not been notified to you (except where permitted or authorised by law).
    2. Depending on the product or/and service involved, IDC may collect, use or disclose various data types for distinct purposes. Below, you will find more information on the data collected, used or disclosed in relation to the products and services IDC provide:
      1. Syndicated Research: IDC may use your name and email address, business phone number, information about your organization, your job title, and other information provided by you at the time of registering with idc.com to deliver the Syndicated Research services and products ordered by you or your organization as part of a corporate account. We may also use your contact details to communicate with you when producing reports and other Syndicated Research services and products. In addition, we may log your IP address for legitimate interests such as security purposes.

        In order to enhance our services and in particular, to improve user experience, prevent misuse of IDC services and user accounts, or to provide feedback and usage statistics to our clients, we may track your usage of our services (such as search history). Corporate administrators (hereinafter as "Corporate Administrators") at our client organizations have access to usage statistics for their organization’s account base. If your user account, including personal data, is part of a corporate account, then a Corporate Administrator at your organization may request your user data containing personal data and usage information. Corporate Administrators can access user information only for individuals within their organization’s corporate profile.

      2. Custom Solution Services: IDC may use your name and email address, business phone number, information about your organization, and your job title to provide Custom Solution Services (e.g. consulting and advisory services) ordered by you or your organization. In some cases, IDC may collect additional personal data if required due to the nature of the Custom Solution project.
      3. Events Organization: When organizing conferences, webcasts, networking events, and other events, we may collect the name, email address, job title, company, and business phone number of each participant during the registration process. Alternatively, event participants may be asked to register through the idc.com general registration form as described in Section 2.2.1 above. In addition, we may collect details pertaining to professional profiles, including photos and information from social media profiles, as well as the names and email addresses of contacts from event partners (including sponsors). We may also collect any feedback or information that participants, speakers, and/or partners have volunteered to provide to us via questionnaires submitted prior to, during or after events. We will use such data to organize and market such events, manage event participation, and present details about speakers and sponsors in the programs and/or promotional materials of such events, as well as on our website and via social media. We may share information on participants and speakers other than their contact details with our event partners, as listed on the event website, to prepare, improve, and organize the event, including the collection and review of event statistics, and to ensure that the event's content is relevant to and customized for the event audience.

        Some public IDC events may be recorded by means of photographs, audio recordings, and/or videos. Such photographs and recordings may subsequently appear on the respective event website, other relevant website, on social media, in the press, or in promotional materials (such as IDC promotional videos or program guides). All events to be thus documented will be clearly indicated as such. IDC may separately seek your consent prior to recording if you are to feature predominantly in the planned recording (e.g. speakers and participants in interviews).

        Based on participants' and speakers’ consent, we may share their contact details with our event partners, as listed on the event website, for follow-up communication, including marketing. We may ask you for such consent during your event registration and/or during the course of the event. The consent you grant to IDC to share your contact details with event partners is unrelated to any consent that you may grant directly to any event partner during event networking, including by allowing an event partner to scan your electronic business card.

        Certain Events Organization services may be provided in cooperation with IDC’s parent company, International Data Group (IDG) and your data may be shared with an IDG company to provide the services to you.

        If you request us to arrange additional event-related services for you, such as booking accommodation and/or flight tickets, we will also use your personal data to secure the requested arrangements.

        Networking tools at events: IDC may provide specific tools during the event to enhance your networking opportunities — in particular, a networking application and electronic business cards, as described below.

        Mobile application: An event mobile app may include your name, company, and job title (along with your photo, profile, and social media information, as provided by you) and may be visible to all other event participants. Opting for "private mode” will ensure that your name and contact details do not appear in the application.

        Electronic business cards: We may provide you with electronic business cards. These are incorporated, for instance, in your event badge and contain your name, email address, business phone number, job title, and company. You may provide such contact details to event partners by allowing them to scan your electronic business card. By allowing an event partner to scan your electronic business card, you provide your consent to this event partner to use your contact details, as included in the electronic business card, for any follow-up communication, including marketing communication on a one-time basis. Please refer to the Privacy Policy of the relevant event partner for more details about the processing of your personal data by the given event partner and your rights vis-à-vis this event partner.

      4. Ancillary Services: To provide services related to updates on industry developments, IDC may use your name and email address to deliver these updates to you or your organization. Such services may include newsletters, market updates, market snapshots, and other value-added services or features provided by IDC, whether for remuneration or free of charge.

        Irrespective of whether IDC provides its services to you or your organization, we may also process your name and email address and personal data that you provide to us when we ask for your insight in relation to a specific industry or topic (e.g. when you fill out a survey form that we sent to you).

  3. IDC may also collect, disclose and use your personal data to inform you about IDC news, services, features, and special offers and to invite you to our events that we believe may be of interest to you, including the provision of marketing communication within the limits prescribed by law.
    1. Your marketing communication preferences may be changed at any time. If you would like to unsubscribe from receiving marketing emails, please follow the "unsubscribe" link and/or instructions which is placed at the foot of every IDC email.
    2. Please note, however, that we may occasionally send you important information (including via email) about the IDC services you are using or have used, including changes to applicable terms and conditions, and/or other communication or notifications, as may be required to fulfil our legal and contractual obligations. Such communication is not affected by your marketing communication preferences.
  4. IDC may also collect, use or disclose your personal data for the following purposes:
    • To carry out any applicable contractual obligations that we have to you or third parties, or in connection with our provision of the goods and services requested by you or your organization;
    • To verify your identity;
    • To process any payments that you or your organization makes to us;
    • To process and confirm your applications and registrations;
    • To respond to your inquiries, or fulfil your requests;
    • For quality control, appraisal, as well as staff management, training and development;
    • To conduct market research and analysis;
    • To enable you to provide us with further information;
    • If you contact us, to keep a record of your contact information and correspondence to use when responding to you;
    • To notify you about important information regarding changes to our terms, conditions and policies;
    • To analyse use of our goods and services to help us improve, and to detect problems, identify usage trends and improve user experience;
    • To protect against fraudulent or illegal activity or imminent harm;
    • To comply with any applicable laws, regulations, codes of practice, guidelines, or rules, legal processes or to assist in law enforcement and investigations conducted by any governmental and/or regulatory authority;
    • In connection with any legal proceedings or prospective legal proceedings;
    • To establish, exercise, enforce or defend the legal rights of IDC, including in connection with corporate restructuring, such as a merger or business acquisition, or in connection with an insolvency situation;
    • To ensure the security and operability of our network and services;
    • To update our records of your details, including contact and marketing details, where we identify that they are inaccurate or incomplete; and
    • Any other incidental business purposes related to or in connection with the above.
  5. For How Long Do We Store Your Data?
    1. We will store your personal data for as long as is necessary to fulfil the purposes we have collected it for, for any other legal or business purposes (including any accounting or reporting requirements), or for as long as we are legally obligated or permitted by applicable laws.
    2. We will store photographs and video and audio recordings from each event for a period of 3 years from the end of the respective event.
    3. You have the right to withdraw your consent at any time. For more details on the withdrawal of your consent, please see the Your Rights section below.
  6. Reliance on the Legitimate Interest Exception
    1. In certain instances, we may also process your personal data without your consent based on the legitimate interests of IDC or another person.
    2. In relying on the legitimate interests exception of the PDPA, we will assess the likely adverse effects on the individual and determine that the legitimate interest outweigh any adverse effect.
    3. In line with the legitimate interests’ exception, IDC may collect, use or disclose your personal data for the following purposes: delivering our products and services to business customers, exchanging professional knowledge about the industry, exercising our legal rights, detecting or preventing fraud or imminent harm, detecting and preventing misuse of services and user accounts, performing credit analysis, and ensuring the security and operability of our network and services such as network analysis to prevent fraud and financial crime and to prevent data loss on company-issued devices. In specific cases, we process your data based on consent or other permitted legal bases.
  7. Cookies; web analytics

    We may use cookies and other tools allowing us to track and/or analyze user behavior on our websites. For more information about our use of such tools, please refer to the IDC Cookie Policy.

  8. How Do We Secure Your Data When It Is Disclosed to and Collected, Processed, Used, and Stored by Our Suppliers and Affiliates?
    1. Our affiliates, as listed here, working with us or on our behalf for the purposes described in this Privacy Policy may have access to your personal data.
    2. We share your data with our trusted business partners, who process your data as our vendors and data processors on our behalf and pursuant to our instructions. We strive to select our vendors carefully and ensure they are able to provide adequate data protection and security safeguards.
    3. In this regard, where your personal data is transferred by IDC out of Singapore, we will take steps to ensure that your personal data continues to receive a standard of protection that is at least comparable to the PDPA.
    4. In relation to the above, we may share your data with the following third parties:
      • Suppliers that provide IT support to IDC;
      • Suppliers that support our marketing activities;
      • Other professional service providers.
    5. IDC shares your personal data with non-affiliated third parties when necessary, which may include:
      • Regulators and law enforcement officials;
      • Credit, debit and charge card companies, banks and other entities processing payment;
      • Potential buyers or investors of IDC or any of IDC’s companies;
      • A third party to whom disclosure is necessary for the performance of obligations in the course of or in connection with our provisions of the goods and services requested by your or your organization.
  9. What Are Your Rights?
    1. If you have any questions or concerns about our website and/or the handling of your personal data, and/or you wish to correct or amend that information where you believe that it is inaccurate, and/or have questions about your data subject rights please contact us at any time via the contact details provided in the Section 1 of this Privacy Policy.
    2. You have the following rights:
      1. The Right to Access: Upon your request, we will provide you with access to the personal data in our possession or under our control and information about the ways in which such personal data has been or may have been used or disclosed by IDC within a year before the date of the request. , We will send you a copy of that data as soon as reasonably possible from the time the request is received.
      2. The Right to Receive Information: You may contact us at any time with a request to receive more information regarding the following:
        • the purposes for which we have used or disclosed, or may have used or disclosed, your personal data;
        • the recipients of your personal data; and
        • your rights as a data subject.
      3. The Right to Portability: You have the right to receive a copy of your personal data from us in a structured and commonly used machine-readable format. You may also request us to transfer such data to another data controller.
      4. The Right to Rectification: If you discover that any of the data we possess about you is incorrect or incomplete, you can request to have such data amended via the contact information provided in Section 1 of this Privacy Policy.
      5. The Right to Withdraw Consent: You have the right to withdraw your consent at any time to our use of your personal data by giving reasonable notice to IDC. Please note that a withdrawal of your consent does not affect the legality of the use of your personal data prior to your consent being withdrawn. You may withdraw consent and request us to stop collecting, using, or disclosing your personal data by submitting your request through the contact details provided in the Section 1 of this Privacy Policy. Upon receipt of your written request to withdraw your consent, IDC may require reasonable time (depending on the complexity of the request and its impact on our relationship with you) for your request to be processed and for us to notify you of the consequences of us acceding to the same, including any legal consequences which may affect your rights and liabilities to us. In general, we seek to process your request within ten (10) business days of receiving it. Whilst we respect your decision to withdraw your consent, please note that depending on the nature and scope of your request, we may not be in a position to continue providing our goods or services to you and we shall, in such circumstances, notify you before completing the processing of your request. Please note that withdrawing consent does not affect our right to continue to collect, use and disclose personal data where such collection, use and disclose without consent is permitted or required under applicable laws.
    3. You may have other rights as a data subject under other applicable laws. To exercise any of the above-mentioned rights, please contact us through the contact information provided in Section 1 of this Privacy Policy.
    4. Additionally, you have the right to lodge a complaint with the competent Data Protection Authority if you believe your rights regarding our use of your personal data have been violated.
  10. Data Security
    1. IDC strives to ensure its security measures are reasonable and in line with the industry’s best practices to prevent unauthorised access, collection, use, disclosure, copying, modification, disposal or similar risks and the loss of any storage medium or device on which personal data is stored. We strive to ensure the ongoing confidentiality, integrity, availability, and resilience of our processing systems and services and will aim to restore the availability of personal data and access thereto in a timely manner in the event of a physical or technical incident. We employ various security measures to protect the information we collect, as appropriate to the type of information, including encryption, firewalls, and access controls. IDC further ensures that all individuals who have access to your data and are involved in the collection, processing, use, and/or storage thereof are bound by appropriate confidentiality obligations and have appropriate training.
    2. You are responsible for keeping confidential any passwords that we give you (or you choose) that enable you to access certain parts of our website. For security reasons, such passwords must not be shared with anyone.
  11. Links to Other Sites
    1. We may provide references and/or links to other companies, organizations, and/or public institutions on our website that enable you to access their websites directly from ours. The websites of these entities are governed by the entities' own privacy policies. Please note that we are not responsible for the content of such websites and cannot accept responsibility for any issues arising in connection with such third parties' use of your personal data. If you have any queries concerning the way your personal data is processed, used, or stored by such entities, we recommend referring to the privacy policies on the relevant websites.
  12. Changes to this Privacy Policy
    1. We may periodically modify the provisions of this Privacy Policy and encourage you to review it from time to time in order to stay up to date with the most recent developments in the area of the protection of your personal data. In the event of significant changes, we may also choose to notify you via email should we have your email address in our records.
    2. Updated versions of this Privacy Policy will be published on our website.
    3. This Privacy Policy was last updated on April 22, 2022.
  13. Questions?
    For all matters related to privacy and the collection, processing, use and storage of your personal data, please contact the IDC Privacy Team at privacy@idc.com.