innovature_logo

Statement on GDPR

The General Data Protection Regulation (“GDPR”) aims to strengthen the protection of personal data in the European Union (“EU”). Coming into force on May 25, 2018, the GDPR replaces the current EU Data Protection Directive as well as its national implementations in EU member states.

Innovature Corporation (“Innovature”) builds its success on the trust its customers, partners, employees and other stakeholders place in our ability to provide premier location products and services. This includes a high level of protection and security regarding the personal data that our stakeholders entrust to us. As a controller and processor of personal data, Innovature confirms that we have the required policies, processes and procedures in place to comply with the GDPR.

Innovature has worked to ensure that every part of our organization that comes into contact with personal data, from both internal and external sources, has implemented privacy practices that align with the GDPR. This work was driven by an executive-led GDPR steering group.

We have also taken compliance a step further by fortifying data protection and privacy as a core component of Innovature’s composition. We have achieved this by applying the same GDPR-compliant standards across our organization internationally, which allows us to provide our stakeholders with the same level of transparency and consistency.

Our commitment to this end is enshrined in our policies and service terms. In our work, we apply the following principles:

  • We are accountable for ensuring our fair and lawful collection and processing of personal data, meaning we collect and process data honestly, ethically, with integrity and in a manner that is consistent with applicable laws and our values. We maintain evidence of compliance so we can demonstrate our commitment to these principles to interested parties, including data subjects, competent data protection supervisory authorities, internal stakeholders and regulators.
  • We use a privacy by design and by default approach, meaning that privacy is a key consideration in the creation, delivery and support of our products and services.
  • We focus on transparency, choice and individual participation, meaning that we provide appropriate privacy notices and information about our collection and use of personal data. We provide fair and reasonable choices for the collection and use of personal data, and we allow individuals to access, update and delete their personal data.
  • We abide by collection and purpose limitation practices, meaning that we only collect and process personal data that is adequate and relevant to the specified, explicit and legitimate purposes for which it was collected.
  • We apply responsible data management practices to govern the processing of personal data. We classify and catalogue information accordingly and in a systematic, holistic manner. We take measures to avoid extracting or copying personal data to unmanaged environments.
  • We do not disclose personal data to law enforcement, governmental agencies or third parties unless required by law. We limit disclosures of personal data to our partners to what is described in our privacy notices, or to what has been authorized by our customers or end-users.
  • We implement appropriate security safeguards, including technical and organizational measures, to protect personal data against unauthorized access, use, modification or loss. We also require our partners to apply appropriate security and privacy safeguards.

Innovature GDPR FAQ

At Innovature Technologies, we welcome the GDPR as an opportunity to strengthen our commitment to data protection and privacy. Since the application of GDPR to a global business can be quite complex, we have provided answers to some common questions below:

Innovature has implemented the required policies, processes and procedures to comply with the GDPR. As a controller and processor of personal data, Innovature builds its success on the trust its customers, partners, employees and other stakeholders place in our ability to provide premier location products and services. This includes ensuring a high level of protection and security regarding the personal data that is entrusted to us.

Both. Innovature has taken compliance a step further by fortifying data protection and privacy as a core component of our composition. We have achieved this by applying the same GDPR-compliant standards across our organization internationally (unless otherwise required by applicable local law), which allows us to provide our stakeholders with the same level of transparency and consistency. Our commitment to this end is enshrined in our Privacy Policy and Code of Conduct.

Data privacy is a global issue, hence Innovature has applied the EU requirements for GDPR to our organization’s approach to data protection and privacy worldwide, unless otherwise required by applicable local law. Similarly in markets that we operate in like Japan, we are voluntarily compliant with privacy regulations like Privacy Mark (#17002893) and JISQ15001 

Innovature collects and processes data honestly, ethically, with integrity and in a manner that is always consistent with applicable laws and our values. We maintain evidence of compliance, so we can demonstrate our commitment to these principles to competent data protection supervisory authorities and regulators.

Innovature follows a “privacy by design and by default” methodology, making privacy a key consideration in the creation, delivery and support of our products and services. This also means that our default approach to collection and use of personal data is to focus on transparency, choice and individual participation.

At Innovature, we abide by the principle of collection and purpose limitation, meaning that we only collect and process personal data that is adequate and relevant to the specified, explicit and legitimate purposes for which it was collected. We apply responsible data management practices to govern the processing of personal data. We classify and catalogue information accordingly and in a systematic, holistic manner. We take measures to avoid extracting or copying personal data to unmanaged environments.

Innovature does not disclose personal data to law enforcement, or governmental agencies unless required by law. We limit disclosures of personal data to our partners and any other third parties to what is described in our privacy notices, or to what has been authorized by our customers or end users.

Innovature implements appropriate security safeguards, including technical and organizational measures, to protect personal data against unauthorized access, use, modification or loss. We also require our partners to apply appropriate security and privacy safeguards. Innovature maintains Privacy Mark certification as proof of its commitment to ensuring the security of the data it collects and maintains.

Innovature can be either a controller or a processor, depending on the product or service concerned. Where Innovature acts as a controller, we will only process personal data for the limited purposes as described in our privacy policies or relevant service terms or consents. Depending on the product or service concerned, Innovature either establishes its legal basis for processing personal data as a controller independently, or we flow this requirement down to our customers through a requirement to provide our applicable terms to relevant data subjects. If Innovature is a processor, we only process the data on the instructions of the relevant controller (i.e., the customer), or as required by law.  As a processor, we are legally required to enter into data processing agreements with our customers and we have created agreements for all cases where this is required.

Innovature develops global products and services and so it makes sense that we apply the highest common denominator (i.e., the GDPR) when it comes to standards. International data transfers from the EU to 3rd countries that have not been deemed to provide an adequate level of data protection by the European Commission are protected through standard contractual clauses or other approved transfer mechanisms. Internally, Innovature has implemented standard contractual clauses between each of its legal entities to ensure that all data transfers within the Innovature organization are conducted pursuant to a legally sufficient transfer mechanism.

Securing valid consent has been changed to an affirmative action as required by the GDPR. Where Innovature processes personal data based on consent, all ‘opt-out’ consents have been changed to ‘opt-in’. Where required, Innovature workflows and technical implementations have been changed accordingly.

In general, Innovature does not share personal data with third parties except to assist Innovature in providing services, or to comply with relevant laws.  Where Innovature engages data processors, Innovature has included relevant safeguards into its contracts. Innovature also conducts diligence in the vendor selection phase to ensure its data processors provide sufficient privacy and security protections. Innovature monitors compliance of its vendors on an ongoing basis e.g., by conducting relevant audits or compliance evaluations.

Jesper Bågeman

Partner, Technology

Jesper Bågeman is an IT enthusiast committed to driving positive change through technology. He leads with three core principles: fostering genuine partnerships with clients, integrating sustainability into operations, and prioritizing the empowerment and well-being of team members. Jesper’s dedication to these values ensures that he delivers impactful results.

jesper

Tiby Kuruvila

Cheif Advisor

Tiby is a respected technology expert recognized for his contributions in project management and technology development. His dedication to technological advancement and client relationship management has established him as a valuable asset in driving business growth and maintaining customer satisfaction across various sectors.

tiby

Meghna George

HR Manager

Meghna is dedicated to shaping HR practices and fostering a culture of growth and empowerment, steering Innovature toward a brighter future. With an impressive background in Human Resources, Meghna has successfully led HR shared services and managed the HRBP portfolio for large delivery units. Her expertise encompasses strategic planning, change management, and employee development, making her a pivotal force in driving organizational excellence.

meghna

Unnikrishnan S

Vice President

Unnikrishnan brings a wealth of experience in delivering impactful software projects and implementing strategic technological initiatives. His comprehensive knowledge in project management, operations, and client engagement consistently yields significant results, making him a trusted leader in the field of IT.

unnikrishnan

Gijo M S

CEO, Global

Gijo is based in Japan and possesses two decades of experience in modern web technology, big data analysis, cloud computing, and data mining. He plays a pivotal role in shaping the company’s global reputation, particularly within the Japanese IT industry, and brings extensive experience in sales, delivery management, partner management, operations, and technology consulting.

Gijo

Ravindranath A V

CEO, India & Americas

Ravindranath is a seasoned executive renowned for his global proficiency in IT strategy, infrastructure, and software services delivery. With a focus on innovation, he translates clients’ business concepts into actionable solutions across diverse industries such as banking, retail, education, and telecommunications.

ravi