Privacy Policy

Privacy Policy (the "Policy")

This policy describes how IDT strategies and consulting, LLC (collectively “IDT,” “we,” “our,” or “us”) collect, use, transfer, and disclose your information.

“Personal information” is information that identifies you as an individual or relates to an identifiable individual. This policy describes our practices of processing personal information that we collect and use in connection with:

Websites operated by us from which you are accessing this policy (the “Site”);
Software platforms and applications we make available for use on or through computers or mobile devices (the “applications”);
Our social media pages from which you are accessing this policy (collectively, our “social media pages”);
HTML-formatted email messages we send to you that link to this Policy;
Communications, including via emails, SMS and/or text messages we send to you manually and from software that may qualify as autodialers (“Texts”); and
Offline business interactions you have with us, including in person discussions, telephone conversations, and non-electronic communications.

Collectively, we refer to the services provided through the site, applications, social media pages, email messages, and offline business interactions as the “services.” note, references in this Policy to “include” or "including" mean "including without limitation."

Who we are & what we do

IDT strategies and consulting is an organizational consulting firm. We are a DEI leadership and consulting firm committed to transforming people and businesses into more inclusive and strategically-aligned organizations. We specialize in partnering with organizations to develop comprehensive and pragmatic strategies that lead to structural and cultural change.

IDT provides a wide range of organizational consulting services to help companies structure their organization, and some of these services involve the collection and use of your Personal information. For certain services, IDT is the company responsible (or the ‘controller’) for the collection and use of your personal Information. These services are described in this policy.

The services for which IDT collects and uses your personal information as a controller (and which are covered by this policy) are:

Recruitment and Retention Strategies. We may maintain talent pool data to help clients find talent at various levels and positions.
Assessing and auditing. We work with organizations to evaluate their current diversity and inclusion efforts through audits and assessments. We identify strengths, weaknesses, and areas for improvement to develop a tailored and pragmatic approach to cultural and organizational change, and as such, may collect organizational and personal information.
Learning services and development products. We may offer e-learning and training services for individuals and organizations from time-to-time.
Data analysis and metrics. We help organizations collect and analyze data related to DEI strategic efforts. We may retain data for short and long-term analyses and planning.
Training and education. We help organizations collect and analyze data related to DEI strategic efforts. We may collect data to establish metrics that track progress, measure the impact of initiatives, and identify areas that require further attention.
Our site. We disclose research, whitepapers, and service information on the Site; provide access to our E-learning platform to purchase books and products; and share issues of our quarterly newsletters.

For additional controller activities, see the processing of personal information (provide link) section below.

The services for which IDT collects and uses your personal information as a processor are:

Consulting services. We help our clients implement their business strategy by consulting with them on strategy execution and organization design, talent strategy and work design, rewards and benefits, assessment and succession, leadership development, and other talent needs.
Assessment and survey services. We help clients in their roles as the data controllers, conduct employee and candidate assessments and surveys.
Software products. We provide software products that our clients can use, for example, to conduct assessments, surveys, or career coaching. When we collect and use your personal information in relation to these software products, we do so as a processor for our clients.

Collection And Processing Of Personal Information

‍

How We Collect Personal Information

We collect personal information (provide link) in a variety of ways, including through our services and from other sources, as set out in the grid below. If you do not provide the information requested, we may not be able to provide the services. We will note which personal information is required to provide the services at the time of its collection.

If you disclose any personal information relating to other people to us, you represent that you have the authority to do so and to permit us to use the information in accordance with this policy.

Processing Of Personal Information

IDT collects personal information to provide services to you, our clients, and to operate our business. The type of personal information we collect about you depends on the situation and/or services. Please do not provide us with any personal information if you do not agree with this policy.

We use your personal information for legitimate business purposes as described in the overview below.

Providing Our Products And Services

Customer service

Examples of processing activities: administering customer-care services to facilitate and address inquiries, requests, comments and complaints about any of our services (such as in person, through phone lines, texts, email, or on social media pages), for example, to send you documents or product information you request or assist you in using the services.

Personal information categories: name & contact details; business contact details; account information; billing information; relationship history; transaction information; device information; telephone call recordings; and preferences.

Legal basis: Performance of the user agreement we enter into with you to provide the services.Legitimate interests, such as responding to inquiries or complaints. Legal obligations*, such as when you submit a request to access your personal information.

Third party sources: N/A

Who has access to your personal information: as detailed in the disclosure of personal information section (hyperlink).

‍

Communicating Important Changes/Service Messages

Examples of processing activities: send you important information regarding our relationship with you, our services, any changes to our terms, conditions, policies and procedures, and/or other administrative information via email, texts, social media pages, or other communication applications.

Personal information categories: name & contact details; business contact details (ex: telephone number and email address); account information; preferences; relationship history; transaction information; device information; and social media information.

Legal basis: Legitimate interests, such as to ensure our services are used in accordance with our terms, conditions, and policies. performance of contract, where provided in our user agreement. Legal obligations,* such as to inform you of material changes to our user agreement to comply with applicable consumer and/or data protection laws.

Third party sources: N/A

Who has access to your personal information: as detailed in the disclosure of personal information section (hyperlink).

‍

Operations and general business

Examples of processing activities: administering online services (including troubleshooting and diagnostic testing, conducting performance analyses of our systems and services, testing new system features to evaluate their impact, system and log maintenance, technical support, system debugging, and the hosting of data); employee training and managing work activities and personnel generally; and facilitating mergers, acquisitions and other reorganizations and restructurings of our business (including prospective transactions).**

Personal information categories: personal information as relevant for the specific business operation.

Legal basis: Legitimate interests, such as responding to customer complaints and concerns. Legal obligations,* for example, relating to financial transactions, such as the obligation to maintain books and records.

Third party sources: Third party organizations, when they share personal information with us to, for example, facilitate mergers, acquisitions and other reorganization and restructurings of our business.

Who has access to your personal information: as detailed in the disclosure of personal information section (hyperlink).

‍

Marketing And Engagement

Marketing

Examples of processing activities: send you promotional information about our services, products, articles, whitepapers, newsletters, conduct surveys, promotions, offers and other news about IDT. These materials may be sent by texts, where you have opted-in. You may opt out of texts at any time by replying STOP to a message or by contacting us as set out below.

Personal information categories: name & contact details; business contact details; account information; relationship history; transaction information; preferences; marketing data; event photographs and videos; user content; device information; and social media information.

Legal basis: Legitimate interests, such as to promote our services and products. Consent, for example, where we would like to send you direct texts and email marketing communications, but do not have an existing relationship with you, we will ask for and rely on your prior opt-in consent. Please note that if we obtained your personal information because you are using our services at the request of your employer, you will not receive marketing materials as a result of the personal information we obtained from the services.

Third party sources: Publicly available databases. Marketing / advertising service providers. Data broker service providers.

Who has access to your personal information: as detailed in the disclosure of personal information section (hyperlink).

‍

Relationship Building and Engagement

Examples of processing activities: facilitate and respond to any product reviews, social sharing, and posts on our services.

Personal information categories: name & contact details; business contact details; account information; marketing data; social media information; and user content.

Legal basis: legitimate interests, such as engaging with individuals who post on our social media pages.

Third party sources: marketing / advertising service providers. data broker service providers.

Who has access to your personal information: as detailed in the disclosure of personal information section (hyperlink).

‍

Personalization And Improving Our Products And/Or Services

Personalizing our services

Examples of processing activities: Personalize our interactions with you and provide you with information tailored to your interests, such as a tailored learning journey on our online services as well as our website; deliver content via our services that we believe will be relevant and interesting to you. We may recommend your learning journey and personal development activities based on any assessment results.

Personal information categories: Name & contact details; business contact details; account information; marketing data; social media information; relationship history; transaction information; device information; and preferences.

Legal basis: Consent, for example, where we would like to send you trainings tailored to your specific interests and/or behavior, and such tailoring of training may result in profiling. Legitimate interests, such as providing tailored services based on past usage and/or preferences, and such tailoring would be based on basic and privacy-non-intrusive segmentation.

Third party sources: publicly available databases. Marketing / advertising service providers. Data broker service providers.

Who has access to your personal information: as detailed in the disclosure of personal information section (hyperlink).

‍

Improving and developing new products and services

Examples of processing activities: Conduct data analysis, for example, monitoring and analyzing usage of services and using data analytics to improve the efficiency of our services; develop new products and services; consider ways for enhancing, improving, repairing, maintaining or modifying our current products and services; identify usage trends, for example, understanding which parts of our services are of most interest to users; determine the effectiveness of our promotional campaigns, so that we can adapt our campaigns to the needs and interests of our users; and operate and expand our business activities, for example, understanding which parts of our services are of most interest to our users so we can focus our energies on meeting our users’ interests.

Personal information categories: Name & contact details; business contact details; account information; relationship history; transaction information; preferences; user content; device information; telephone call recordings; and social media information.

Legal basis: Legitimate interests, such as developing new services and/or products. Consent, such as when we use cookies and similar technologies and the data collected by means of such technologies qualify as personal information.

Third party sources: Publicly available databases. Marketing / advertising service providers. Data broker service providers.

Who has access to your personal information: As detailed in the disclosure of personal information section (hyperlink).

‍

Pseudonymizing, key coding, aggregating, and/or anonymizing personal information

Examples of processing activities: Pseudonymizing or key-coding your personal information, meaning information that may directly identify you is replaced with a code to minimize unwanted or unintended identification. Such key-coded information can be de- coded by using the key so that it identifies you again. Aggregating and/or anonymizing personal information so that it will no longer be considered personal information. For example, we may use this information to train our aI algorithms or test them for bias, generate norms by industry, geography, level, etc., enable us to understand where our services are being utilized, conduct ongoing validation studies, compile reports, and publish research to further the knowledge base of change management, organizational leadership, and the application of DEI in the workplace.

Personal information categories: Personal information as relevant for the specific business purpose.

Legal basis: Legitimate interests, such as to generate other data for our use. We may use and disclose such data for any purpose if it no longer identifies you or any other individual.

Third party sources: N/A

Who has access to your personal information: As detailed in the disclosure of personal information section (hyperlink).

Security And Legal Reasons

Fraud prevention and security

Examples of processing activities: Conduct audits, verify that our internal processes function as intended and are compliant with legal, regulatory, or contractual requirements; monitor for and prevent fraud; and security purposes, including system security and on-site security of our premises.

Personal information categories: Name & contact details; business contact details; account information; billing information; device information; relationship history; telephone call recordings; CCTV and site security information; and transaction information.

Legal basis: Legal obligations,* such as to detect and prevent cyberattacks. Legitimate interests, such as identifying and/or preventing fraudulent transactions.

Third party sources: N/A

Who has access to your personal information: As detailed in the disclosure of personal information section (hyperlink).

‍

Legal and compliance

Examples of processing activities: Fulfill our legal and compliance-related obligations, including complying with applicable laws; complying with legal processes; responding to requests from public and government authorities; meeting national security or law enforcement requirements. Enforcing our terms and conditions; protecting our operations; protecting IDT’s rights, privacy, or property; and allowing us to pursue available legal remedies, defend claims, and limit the damages that IDT may sustain.

Personal information categories: Personal information as relevant for the specific legal action, regulatory investigation, and/or legal processes in question, which may include: Name & contact details; business contact details; account information; billing information; user content; Preferences; marketing data; relationship history; transaction information; visitor and event information; user photographs and videos; social media information; event photographs and videos; CCTV and site security information; telephone call recordings; and device information.

Legal basis: Legal obligations*, such as complying with legal processes. Legitimate interests, such as enforcing terms and conditions to protect trademarks and bringing or defending legal claims.

Third party sources: Public and/or government and/or regulatory authorities, including courts, tribunals, regulators, and government authorities. Third persons (legal or natural), as relevant for the specific legal action and/or processes in question (such as lawyers, auditors, insurers, advisory firms etc.).

Who has access to your personal information: As detailed in the disclosure of personal information section (hyperlink).

‍

Emergency and incident responses

Examples of processing activities: Ensuring the safety of on-site personnel and visitors; responding to, handling and documenting on-site accidents and medical and other emergencies; actively monitoring properties to ensure adequate incident prevention, response and documentation (including CCTV); requesting assistance from emergency services; and sending notifications and alerts in the event of incidents or emergencies (such as via texts, email, call, audio-visual device prompts, etc.).

Personal information categories: Name & contact details; CCTV and site security information; and visitor and event information.

Legal basis: Legal obligations,* for example, relating to health and safety regulations and documenting on-site accidents. Legitimate interests, such as monitoring properties through CCTV to ensure individuals’ safety. Protect individuals’ vital interests, such as contacting medical or emergency services where an individual’s life is at risk.

Third party sources: N/A

Who has access to your personal information: As detailed in the disclosure of personal information section (hyperlink).

*For more information on our legal obligations, please see ‘other disclosures’ section below.
** For more information on disclosure of personal information in connection with a sale or business transaction, please see ‘other disclosures’ section below.

Personal information

We collect the following categories of personal information:

A. personal information we receive from you and examples of that personal information:

Name and contact details

First and last name, nickname or alias, title, prefix, email address, telephone number, postal address, date of birth, gender, race, country of residence, citizenship.

‍

Phone number

Your personal phone number (or any other number) at which you opt in/elect to receive Texts or calls.

‍

Business contact details

Company name, business email address, business telephone number, business postal address, country of business.

‍

Account information

Your chosen username and password, and other information you share in your account.

‍

Billing information

Such as debit or credit card details, bank account details, billing address.

‍

Digital career credentials

Digital career credentials related to certifications, course completions, or education credentials.

‍

Professional information

Resume information, qualifications, professional experience, employment history, education, professional credentials, memberships in professional organizations, skills, information from former employers and other references, results of candidate assessments and related data, and compensation and benefits information (where permitted by applicable law).

‍

User content

Reviews about our products and services, and other content you may create or share on our services, including posts on our social media pages, blogs, and comment sections.

‍

Preferences

Language, interests, preferred means of communication, and other customer feedback/preferences that you might express during your use of our services.

‍

Marketing data

Your choices regarding our promotional emails, messages and other marketing displayed or provided to you, and preferred methods of such promotional communication.

‍

Relationship history

Details of your communications with us, and details of your claims, complaints, and queries in general.

‍

Transaction information

Details of products and services you have purchased from us.

‍

Visitor and event information

Dietary restrictions, travel and accommodation details, issued identification pass to access the premises, and other details specific to a particular event or conference that you share with us.

‍

User photographs and videos

Photos and videos submitted by you while using our services or that you make publicly available on the internet (e.g., linkedIn).

‍

Telephone call recordings

Audio recordings of telephone calls when you contact us.

B. personal Information we collect through your use of our services or from other sources and examples of that personal information:

Social media, industry and professional directories

Profile pictures, social media account ID, and other social media and job board profile information, including lists of friends/followers on social media.

Background information

Information on, or the verification of, your employment or educational background, and behavior.

Event photographs and videos

Photos and videos taken at one of our panels/events/conferences.

CCTV and site security information

Images or video footage captured or recorded by CCTV and other security measures on our premises.

Device information

Information about your devices and your use of our services, e.g., we may log certain statistics about the traffic on our site like the users' domains and browser types. This includes data obtained through cookies and similar technologies, as described in our cookies and similar technologies policy (insert hyperlink).

Public record information

Information from public business records and industry directories, for example corporate registrations.

Name and contact details

First and last name, nickname or alias, title, prefix, email address, telephone number, postal address, date of birth, gender, race, country of residence, citizenship.

Business contact details

Company name, business email address, business telephone number, business postal address, country of business.

Professional information

Disclosure of personal information

As an organizational consulting firm, to the extent permitted by law, we may share personal information with our affiliates to provide seamless services to you and our clients.

From time to time, we also disclose personal information to our network of independent consultants who provide services on IDT’s behalf.

You can obtain a list of our partners and consultants by contacting privacy@idtchangestrategies.com.

IDT may disclose personal Information to third-party service providers who provide support for our services or business operation.

IDT may work with third-party service providers who provide services that may include assessment services, including assessment validation services, website hosting and IT consulting services, data analysis, background checking, public relations services, marketing services, attorneys, accountants, and other administrative and back-up and security services.
As part of providing services, these third-parties will be provided with access to personal information. In addition, our software development partners may use personal information, like usage metrics or bug issues, to modify, improve, refine, and validate their technology, research and development.

IDT may disclose or transfer all or part of your personal information in the event of a sale of our company. We may also disclose or transfer all or part of your personal information in the event of a merger, joint venture, assignment, or consolidation involving our company or one or more of our affiliates. This may also occur if there is a sale or transfer or other disposition of assets or of any portion of our business (including in connection with bankruptcy or similar proceedings). You will be notified of any such business transaction and of possible changes to the processing of your personal information in accordance with applicable law and the ‘Updates To This Policy’ section.

There may be other times that we disclose your personal information.

IDT may also use or disclose personal information (to comply with a legal obligation or because we have legitimate interest to do so) to: (i) comply with applicable laws, (ii) respond to inquiries, requests or orders from public or government authorities, including those outside of your country of residence, or (iii) protect the rights, privacy, safety or property, of IDT.
We cannot and do not assume any responsibility for the actions or omissions of third parties, such as clients, including the way they use personal information received either from IDT or from other independent sources.

Other disclosures

We also disclose your personal information as necessary or appropriate, in particular when we have a legal obligation or legitimate interest to do so, as set out in further detail below.

To comply with applicable law and regulations

This may include laws outside your country of residence, which could give rise to a legal obligation requiring us to process your personal information, including:

Civil and commercial matters: where we are in receipt of a court order, motion to compel, or subpoena to disclose information for the purposes of court proceedings, such as under Regulation (EU) No 1215/2012 on jurisdiction and the recognition and enforcement of judgments in civil and commercial matters.
Criminal matters: to comply with requests and orders, including from US, EU and EU Member state law enforcement to provide information in relation to a criminal investigation in compliance with applicable local laws, or to take steps to report information we believe is important to law enforcement where required or advisable under applicable local laws.
Consumer matters: to comply with requests from competent authorities, including the FTC under US law or national authorities under EU or EU member state consumer protection law, under directive (EU) 2019/2161 and its implementing laws in EU member states.
Corporate and taxation matters: to comply with our obligations under applicable corporate and tax legislation, such as where a national tax law requires collection of specific transactional personal information for tax purposes.
Regulatory matters: to respond to a request or to provide information we believe is necessary or appropriate to comply with our obligations to engage with regulators, including if relevant EU member state data protection supervisory authorities initiate investigation under the general data protection regulation into IDT or the California privacy protection agency initiates an investigation under the California consumer privacy act. These can include authorities outside of your country of residence.
Compliance and internal investigations: to comply with global whistleblowing requirements, including under state whistleblower protection laws in the US and directive (EU) 2019/1937 and its implementing laws in EU member states.
Health and safety regulations: to comply with health and safety reporting obligations in accordance with applicable local laws, such as in relation to accidents involving members of the public on our premises.
Anti-discrimination laws: to comply with diversity reporting obligations, including the civil rights act of 1964 in the US.

‍

For other legal reasons

For dispute resolution purposes;
To protect our rights, privacy, safety or property, and/or that of our affiliates, you or others.

‍

In connection with a sale or business transaction

We have a legitimate interest in disclosing or transferring your personal information to a third party in the event of any reorganization, merger, sale, joint venture, assignment, transfer, or other disposition of all or any portion of our business, assets, or stock (including in connection with any bankruptcy or similar proceedings). You will be notified of any such business transaction and of possible changes to the processing of your personal information in accordance with applicable law and the ‘updates to this policy’ section.

‍

Other information we collect

IDT collects other information that does not reveal your specific identity (“other information”), such as:

Information collected through cookies, pixel tags, and other technologies, app usage data,
Demographic information and other information provided by you, and
Aggregated information.

Because ‘other information’ does not reveal your specific identity, we may use and disclose it for any purpose. If we combine other information with personal information, we will treat the combined information as personal information for as long as it is combined. Where we maintain or use de-identified information, we will continue to maintain and use the de-identified information only in a de-identified fashion and will not attempt to re-identify the information.

If we are required to treat other Information as personal information under applicable law, we may use and disclose it for the purposes for which we use and disclose your personal information as detailed in this policy.

We and our third-party service providers may collect other information in a variety of ways.

We use “cookies” (small text files placed on a visitor’s computer hard drive) and other similar technologies to help us collect information like the type of content a visitor to the site consumes, pages visited, mouse clicks, keystrokes, the length of time each visitor spends at any area of the site, and other traffic data. Cookies and similar technologies enhance your experience on the site and help us debug, identify, and fix errors that impair the intended functionality and quality of the site. We do not currently respond to browser do-not-track signals. Please see IDT’s cookie policy for more information about our use of cookies. You can access our cookie tool here: https://www.idtchangestrategies.com/privacy

If you do not want information collected through the use of cookies, most browsers allow you to automatically decline cookies, or be given the choice of declining or accepting a particular cookie(s) from a particular site. If you disable cookies and similar technologies, your experience on the site may be diminished and some features may not work as intended.

Additional guidelines

IDT may from time to time sponsor special features or promotions related to the services and additional privacy information may be posted. Depending on the nature of the service being utilized, your location, or our contract with our client that may have asked you to participate in a service, you may be asked to consent to the collection, use, transfer, and disclosure of your personal information. You may also be shown a privacy notice before participating in a service. That privacy notice, to the extent it conflicts with this policy, will govern that particular service, feature, or promotion.

Where your phone number is used for texts, please note that message frequency varies. Message and/or data rates may apply; consult your carrier for details. Consent to receive texts is not required and is neither a condition of purchasing a IDT service nor a condition to receive services.

Choices and individuals’ rights

Your provision of personal information to us is voluntary, although if you do not provide certain personal information, you may not be able to participate in our services. We will note which personal information is required for us to provide the services at the time of its collection. Contact us at privacy@idtchangestrategies.com if you would like to:

ask questions about how we handle your personal information, or if we are processing your personal information,
withdraw your consent (which will not affect the lawfulness of processing prior to the withdrawal) to our use of your personal information, including information about the possibility of denying consent and the consequences of such denial,
object to our use of your personal information for our legitimate business interests,
not be subject to a decision based solely on automated processing which produces legal effects or review such decisions made solely based on automated processing of personal information,
request a copy of your personal information for purposes of transmitting it to another company (to the extent this right to data portability is provided to you by applicable law),
request to access, correct, update, suppress or restrict the use of your personal information,some text
- For requests to access, correct, update, suppress or restrict the use of your personal information, please include all relevant email addresses, as well as the names of any IDT or IDT-related Sites, products, or services you may have accessed in your communication to privacy@idtchangestrategies.com.
- Although we strive to maintain accurate personal information, if it is determined the personal information is not accurate, we will work to correct it.
request that your personal information be deletedsome text
- When requesting that we delete your personal information, please include all relevant email addresses as well as the names of any IDT or IDT-related sites, products, or services you may have accessed in your communication to privacy@idtchangestrategies.com.
- IDT will make reasonable attempts to delete personal information upon your request.
- Please note that to maintain consistency in our services and operations, we retain backup systems. When you ask that your information be removed from IDT’s databases, we may not be able to delete residual copies from our systems or from our backup systems, but they will continue to be protected as required under this Policy.

If you would like to opt-out of receiving marketing communications from us, please contact us at privacy@idtchangestrategies.com.

If you request to opt-out of receiving marketing communications from us through an email request, please include “remove user” in the subject line of the email, and include your full name, user id, and telephone number in the body of the email message.
You may also forward a copy of the email or marketing communications from which you want to opt-out.
You may unsubscribe from texts at any time by replying “stop” or by contacting us as set out below.
Please note that if you opt out of receiving marketing-related communications from us, we may still send you important administrative messages from which you cannot opt out.

We will respond to your request(s) consistent with applicable law. We may decline to process requests that in our reasonable opinion may jeopardize the privacy and safety of others or put our intellectual property at risk.

Please note that when we perform services at the specific request of our client, your request may need to be directed to that client. We may only be able to provide you with a redacted summary of our final assessment report because these reports contain confidential client personal information that we are not allowed to disclose.
For your protection, we may only implement requests with respect to the personal information associated with the email address that you use to send us your request, and we may need to verify your identity before implementing your request. We will comply with your request as soon as reasonably practical and may need to contact you to be sure that we understand your request.
We also may need to retain certain personal information about you such as your email address to honor opt-out or similar requests.
Specific additional rights may apply if required by applicable law.

When the processing of your personal information is subject to privacy laws of the European Economic Area (EEA), you may also lodge a complaint or report (privacyeea@idtchangestrategies.com) an alleged infringement of applicable data protection law with a data protection authority for your country or region where you have your habitual residence or place of work, or where an alleged infringement of applicable data protection law has occurred. A list of data protection authorities in the European Economic Area (EEA) is available at https://ec.europa.eu/newsroom/article29/items/612080. If the processing of your personal information is subject to the privacy laws of the United Kingdom (UK), you may lodge a complaint with the UK Information Commissioner’s Office (ICO). If you are not certain whether the processing of your personal information is subject to EEA or UK privacy laws, please contact us in accordance with the “contact us” section below.

Jurisdiction and cross-border transfer

Your personal information may be stored and processed where we engage service providers, and by using the services, you understand that your personal information may be transferred to countries outside of your country of residence, including the United States, which may have data protection rules that are different from those of your country. We can provide a list of destination countries upon written request.

Where our services will involve transferring your personal information outside the UK and/or EEA, we ensure a similar degree of protection is afforded to it by ensuring at least one of the following safeguards is implemented:

Adequacy decisions: Some of the non-EEA countries are recognized under the UK GDPR and by the European commission as providing an adequate level of data protection according to EEA standards (the full list of these countries is available here https://ec.europa.eu/info/law/law-topic/data-protection/data- transfers-outside-eu/adequacy-protection-personal-data-non-eu-countries_en).

Security

IDT seeks to use reasonable organizational, technical, and administrative measures to protect personal information within our organization. Unfortunately, no data transmission or storage system can be guaranteed to be 100% secure.

If you have reason to believe that your interaction with us is no longer secure (for example, if you feel that the security of any account you might have with us has been compromised or your user credentials are no longer secure), please immediately notify us of the problem by contacting us as described in the “Contacting Us” section below.

Retention period

We will retain your Personal Information for the period necessary to fulfill the purposes outlined in this Policy unless a longer retention period is required or permitted by law, for example, for the purposes of satisfying any legal, regulatory, tax, accounting or reporting requirements.

The criteria used to determine our retention periods include:some text
- The length of time we have an ongoing relationship with you or our client and provide the Services to you (for example, for as long as you have an account with us or keep using the Services),
- A period beyond the time of the ongoing relationship if we have a legitimate internal operations need, such as a need to retain the information for analysis, record-keeping, and compliance with data retention schedules,
- If there is a legal obligation to which we are subject (for example, certain laws require us to keep records of your transactions for a certain period before we can delete them), or
- If retention is advisable considering our legal position (such as regarding applicable statutes of limitations, litigation or regulatory investigations).

Where a legal obligation arises or retention is advisable in light of our legal position, in some circumstances, we will retain certain Personal Information, even after your account has been deleted and/or we no longer provide the Services to you, for example:

To cooperate with law enforcement or public, regulatory and government authorities: If we receive a preservation order or search warrant related to your Services account, we will preserve Personal Information subject to such order or warrant after you delete your Services account.
To comply with legal provisions on tax and accounting: We may retain your Personal Information, such as Billing Information, Relationship History, Transaction Information, Customer Invoices as permitted by applicable laws and IDT policies after you delete your Services account, as required by tax law and to comply with bookkeeping requirements.
To pursue or defend a legal action: We may retain relevant Personal Information in the event of a legal claim or complaint, including regulatory investigations or legal proceedings about a claim related to your Personal Information, or if we reasonably believe there is a prospect of litigation (whether in respect of our relationship with you or otherwise) as permitted by applicable laws and IDT policies after the dispute has been settled or decided by a court or tribunal from which there is no further right of appeal.
To document security or fraud incidents: We may keep and archive records of incidents for internal purposes and as documentation of steps taken.

In some circumstances and subject to applicable law, we de-identify, aggregate, pseudonymize, and/or use other technical and operational controls to anonymize your Personal Information (so that it can no longer be associated with you) for research or statistical purposes, in which case we may use this information indefinitely without further notice to you.

Third party services

This Policy does not address, and we are not responsible for, the privacy, information, or other practices of any other third parties, including any third party operating any website or service to which the Services link.

You may have the opportunity to follow a link from or to other websites maintained by IDT, or other third parties. The inclusion of a link to a third party site or service from our Services does not imply our endorsement of the linked site or service by us or by our affiliates. Because these other websites may not be hosted or controlled by IDT, this Policy does not address the privacy practices of those websites. We encourage you to review the privacy policies of each of those websites.
Please note that we are not responsible for the information collection, use, disclosure, or security policies or practices (including the data security practices) of other organizations, such as LinkedIn, Facebook, Apple, Google, Microsoft, RIM, or any other app developer, app provider, social media platform provider, operating system provider, wireless service provider or device manufacturer, including any Personal Information you disclose to other organizations through or in connection with the Apps or our Social Media Pages.

Sensitive information

Unless we request it, we ask that you not send us, and you not disclose, any sensitive Personal Information (e.g., social security numbers, information related to racial or ethnic origin, political opinions, religion or other beliefs, health, biometrics or genetic characteristics, criminal background, or trade union membership) through the Services or otherwise to us.

Updates to this policy

IDT reviews its privacy practices regularly, and those practices are subject to change. You can determine when this Policy was last revised by checking the “Last Updated” legend at the bottom of the Policy. Any changes to the Policy will become effective upon posting of the revised Policy on the Internet.

Use of services by minors

The Services are not directed to individuals under the age of sixteen (16), and we do not knowingly collect Personal Information from individuals under 16. We request that these individuals do not provide their Personal Information through the Services.

Summaries of policy

This Policy is the sole authorized statement of IDT’s practices with respect to the collection of Personal Information through the Services and the usage of Personal Information. Any summaries of this Policy generated by third party software or otherwise (for example, in connection with the “Platform for Privacy Preferences” or “P3P”) have no legal effect, are in no way binding upon IDT, cannot be relied upon in substitute for this Policy, and neither supersede nor modify this Policy.

Contacting us

IDT Strategies and Consulting LLC, located at 165 Concord Road, Sudbury, MA 01776, is the company responsible for collection, use, and disclosure of your Personal Information under this Policy.

To submit questions regarding this Policy, use the following contact information: via email to IDT at privacy@idtchangestrategies.com or, if by postal mail to IDT Strategies and Consulting, 165 Concord Road, Sudbury, MA 01776, Attn: Privacy Office.

Because email communications are not always secure, please do not include credit card or other sensitive information in your emails to us.

For any inquiries regarding our compliance with EEA privacy laws and the content of this Privacy Policy, please contact us at PrivacyEEA@idtstrategies.com.

Additional Information For California Residents

Pursuant to the California Consumer Privacy Act of 2018, as amended by the California Privacy Rights Act (collectively the “CCPA”), IDT is providing the following additional details regarding the categories of Personal Information that we collect, use and disclose about California residents and California residents’ rights. This section supplements the above disclosures in this Policy.

Notice at collection

The following chart details which categories of Personal Information about California residents we collect, as well as which categories of Personal Information we have collected and disclosed for our operational business purposes in the preceding 12 months. The chart also details the categories of Personal Information that we “sell” (the term “sale” is broadly defined under the CCPA to include an exchange of Personal Information for valuable consideration of any kind, not simply for monetary compensation), including within the preceding 12 months.

Categories of Personal Information

Identifiers, such as name, contact information, IP address, and other online identifiers

Disclosed to Which Categories of Third Parties for Operational Business Purposes

Our trusted third-party service providers; strategic alliance partners and independent consultants

Sold to Which Categories of Third Parties

Clients (in exceptional cases, e.g., market research, recruitment strategy, or succession planning, IDT may sell name and contact information to our clients)

Categories of Personal Information

Personal information, as defined in the California customer records law, such as name, contact information, medical information, insurance information, education information, employment information, and government-issued ID numbers

Disclosed to Which Categories of Third Parties for Operational Business Purposes

Our trusted third-party service providers; strategic alliance partners and independent consultants

Sold to Which Categories of Third Parties

Clients (in exceptional cases, e.g., market research, recruitment strategy, or succession planning, IDT may sell name, contact information, and employment information to our clients)

Categories of Personal Information

Protected Class Information, such as age, sex, disability status, primary language, race, citizenship, and marital status, to the extent required or permitted by applicable law

Disclosed to Which Categories of Third Parties for Operational Business Purposes

Our trusted third-party service providers; strategic alliance partners and independent consultants; required government agencies

Sold to Which Categories of Third Parties

Clients (in exceptional cases, e.g., market research, recruitment strategy, or succession planning, IDT may sell age, sex, primary language, and citizenship to our clients)

Categories of Personal Information

Commercial information, such as transaction information and purchase history

Disclosed to Which Categories of Third Parties for Operational Business Purposes

Our trusted third-party service providers; strategic alliance partners and independent consultants

Sold to Which Categories of Third Parties

None

Categories of Personal Information

Internet or network activity information, such as browsing history and interactions with our website

Disclosed to Which Categories of Third Parties for Operational Business Purposes

Our trusted third-party service providers; strategic alliance partners and independent consultants

Sold to Which Categories of Third Parties

None

Categories of Personal Information

Geolocation data, such as device location and approximate location derived from IP address

Disclosed to Which Categories of Third Parties for Operational Business Purposes

Our trusted third-party service providers; strategic alliance partners and independent consultants

Sold to Which Categories of Third Parties

None

Categories of Personal Information

Audio, electronic, visual and similar information, such as photographs or audio and video recordings created in connection with our business activities

Disclosed to Which Categories of Third Parties for Operational Business Purposes

Our trusted third-party service providers; strategic alliance partners and independent consultants

Sold to Which Categories of Third Parties

None

Categories of Personal Information

Professional or employment-related information, such as work history and prior employer, information relating to references, details of qualifications, skills and experience, human resources data, and data necessary for benefits and related administration services for benefits and related administration services

Disclosed to Which Categories of Third Parties for Operational Business Purposes

Our trusted third-party service providers; strategic alliance partners and

Sold to Which Categories of Third Parties Independent consultants

Clients (in exceptional cases, e.g., market research, recruitment strategy, or succession planning, IDT may sell professional and employment-related information to our clients)

Categories of Personal Information

Inferences drawn from any of the Personal Information listed above to create a profile about, for example, an individual’s preferences or abilities

Disclosed to Which Categories of Third Parties for Operational Business Purposes

Our trusted third-party service providers; strategic alliance partners and independent consultants

Sold to Which Categories of Third Parties

None

10.

Categories of Personal Information

Personal Information that reveals an individual’s Social Security, driver’s license, state identification card, or passport number; account log-in in combination with any required security or access code, password, or credentials allowing access to an account; precise geolocation; racial or ethnic origin, religious or philosophical beliefs, citizenship, or union membership; the contents of mail, email, and Texts unless we are the intended recipient of the communication;
Personal Information collected and analyzed concerning an individual’s health;
Personal Information collected and analyzed concerning an individual’s sex life or sexual orientation

Disclosed to Which Categories of Third Parties for Operational Business Purposes

Our trusted third-party service providers; strategic alliance partners and independent consultants

Sold to Which Categories of Third Parties

None

For information on the sources of these categories of Personal Information, please refer to the “How we Collect Personal Information” section in this Policy, above. For information on retention periods for Personal Information and Sensitive Personal Information, please refer to the “Retention Period” section in this Policy, above.

For details on how we use your Personal Information, please refer to the chart under the “Processing of Personal Information” section at the start of this Policy. In addition, we collect, process, and disclose Sensitive Personal Information for purposes of: providing goods or services as requested; ensuring safety, security, and integrity; countering wrongful or unlawful actions; short term transient use such as displaying first party, non-personalized advertising; performing services for our business, including maintaining and servicing accounts, providing customer service, processing or fulfilling orders and transactions, verifying customer information, processing payments, providing financing, providing analytic services, providing storage, or providing similar services on behalf of our business; activities relating to quality and safety control or product improvement; and other collection and processing that is not for the purpose of inferring characteristics about an individual. We do not use Sensitive Personal Information beyond these purposes.

You have the right to opt out of the “sale” of your Personal Information. For more information on this right and to exercise your right to opt-out of sale, please contact privacy@idtchangestrategies.com.

We do not “share” Personal Information, including Sensitive Personal Information, for purposes of cross-context behavioral advertising, as defined under the CCPA, and we have not engaged in “sharing” in the 12 months preceding the date this Policy was updated. Without limiting the foregoing, we do not knowingly “sell” or “share” Personal Information, including Sensitive Personal Information, of minors under 16 years of age.

If you are a California resident, you may request that we:

Disclose to you the following information:some text
- The categories of Personal Information we collected about you and the categories of sources from which we collected such Personal Information;
- The specific pieces of Personal Information we collected about you;
- The categories of Personal Information about you that we sold and the categories of third parties to whom we sold such Personal Information;
- The business or commercial purpose for collecting or selling Personal Information about you; and
- The categories of Personal Information about you that we otherwise disclosed, and the categories of third parties with whom we disclosed or to whom we disclosed such Personal Information (if applicable).
Delete Personal Information we collected from you.
Access Personal Information about yourself.
Correct inaccurate Personal Information about yourself.
Opt-out of the future sale of your Personal Information.

To make a request for disclosures, deletion, access or correction, as described above, or to opt-out of the future sale of your Personal Information, please submit this Privacy Request form (create hyperlink) to Privacy@idtchangestrategies.com or call us at 508-962-1796.

We will verify and respond to your request consistent with applicable law, taking into account the type and sensitivity of the Personal Information subject to the request. In most cases, IDT will verify your identity by confirming that: (1) you control the email address associated with your Personal Information; and (2) your description of your interactions with IDT matches our records. If necessary, we may require additional information to verify your request.

If an agent would like to make a request on your behalf as permitted under applicable law, the agent may use the submission methods noted above. As part of our verification process, we may request that the agent provide, as applicable, proof concerning his or her status as an authorized agent. In addition, we may require that you verify your identity as described above or confirm that you provided the agent permission to submit the request.

You have the right to be free from unlawful discrimination for exercising your rights under the CCPA.

‍

Cookies Policy

Terms of Usage