All the legal stuff
*Puts on serious voice
Accessibility
Questions and Feedback
We intend that you should have no difficulty in accessing any information on this website. However, if you do have any difficulty we want to hear from you so that we can put things right. Please contact us.
We’re constantly working to make the IDX website as usable and accessible as possible for every user.
We have made every effort to ensure that this website meets or exceeds the relevant legal requirements. We believe that this website meets or exceeds the requirements of the level A criteria of the World Wide Web Consortium Web Accessibility Initiative (WCAG WAI) 2.0 guidelines.
The website will be compatible with recent versions of most assistive devices.
Terms of Use
General
These terms of use are governed by the laws of England and Wales and you agree that the English courts shall have exclusive jurisdiction in any dispute.
To the extent that any part of these terms of use is found to be invalid, unlawful or unenforceable by any court of competent jurisdiction such part shall to that extent be severed from the remaining terms all of which shall remain in full force and effect as permitted by law.
IDX
53 Tooley Street
London
SE1 2QN
UK
This website (the “Website”) is the website of Investis Digital Limited (“Investis Digital”, “IDX”, “us” or “we”), a company registered in England and Wales under company number 3930926 and with its registered address at 53 Tooley Street, London SE1 2QN, email [email protected].
The pages on the Website are published by Investis Digital Limited (“IDX”).
Please read these terms of use of the Website carefully as by using the Website you agree to be bound by them. You also agree that you are at least 18 years old and have the capacity to enter into a binding agreement. We reserve the right to vary these terms of use at any time and will post any variations here. You are advised to review these terms of use on a regular basis as you will be deemed to have accepted variations if you continue to use the Website after they have been posted. If you do not agree to abide by these terms of use you should not use the Website in any way.
Accessing the Website
IDX does not guarantee that the Website, or any content on it, will always be available or be uninterrupted. Access to the Website is permitted on a temporary basis. We may suspend, withdraw, discontinue or change all or any part of the Website without notice. We will not be liable to you if for any reason the Website is unavailable at any time or for any period.
You are responsible for making all arrangements necessary for you to have access to the Website.
You are also responsible for ensuring that any persons with access to the Website through your internet connection are aware of these terms of use, and that they comply with them. u do not agree to abide by these terms of use you should not use the Website in any way.
Your Login Details
Any personal information provided when you register for alert services on the Website will be held in accordance with the IDX Privacy Policy available on the Website (https://www.investisdigital.com/privacy-statement).
If you choose, or you are provided with, a username, password or any other piece of information as part of our security procedures, you must treat such information as confidential.
We have the right to disable any user accounts at any time if, in our reasonable opinion, you have failed to comply with any of the provisions of these terms of use and/or if we believe that your account is being used in an unauthorized or fraudulent manner.
If you know or suspect that anyone other than you has or is likely to access your user account on our Website, you must promptly notify us. Following such notification, you may be required to set up a new account with a new email address.
Information we provide on the Website
Information published by IDX on the Website is supplied by IDX and, where indicated, by certain third parties. IDX takes care and precautions to ensure that information published on the Website is accurate when posted and regularly updated but IDX does not guarantee and is not liable for its accuracy or timeliness and IDX may change the information at any time without notice. You must not rely on the information on the Website and you acknowledge that you must take appropriate steps to verify this information before acting on it. Nothing contained on this Website is to be construed as medical, legal, investment, financial or other advice, or as any instruction or guidance regarding any products or services. The information on this Website is not intended to be a substitute for any advice.
IDX publishes the website “as is” without any warranty of any kind, express or implied, as to the operation of the website, the accuracy of the information or the products or services referred to on the website (in so far as such warranties may be excluded under any relevant law) and to the extent permitted by law, IDX shall not be liable to you, whether in contract, tort (including negligence), breach of statutory duty, or otherwise, for any losses or damage whether direct or indirect (including, without limitation direct or indirect loss of profits), consequential, special or otherwise incidental that may result from use of the website howsoever arising.
Nothing in these terms of use excludes or limits our liability for death or personal injury arising from our negligence, or our fraud or fraudulent misrepresentation, or any other liability that cannot be excluded or limited by law.
Intellectual property rights
All intellectual property rights in our Website, including the copyright in the design and architecture of the Website is owned by IDX or its licensors. IDX owns the copyright in the content published on the Website except where otherwise indicated by a third party's proprietary notice. We enforce our intellectual property rights to the fullest extent possible. Images, trademarks and brands are also protected by other intellectual property laws and may not be reproduced or appropriated in any manner without written permission of their respective owners. Unless specifically prohibited by a notice published on any page, you may make a print copy of such parts of the Website as you may reasonably require for your own personal use provided that any copy has attached to it any relevant proprietary notices and/or disclaimers. All other use is prohibited.
If any content on the Website consists of software, you may not modify, reverse engineer, decompile, disassemble or create derivative works based on the content, or remove any proprietary notices or labels that it contains.
The "Investis", "Investis Digital" and "IDX" marks, and all other names, logos and marks on our Website are owned or licensed by IDX or its licensors or affiliates and may not be used without our express prior written permission.
Viruses
We do not guarantee that the Website will be secure or free from malware or viruses. You are responsible for configuring your information technology, computer programs and platform in order to access the Website. You should use your own virus protection software.
You must not misuse the Website by knowingly introducing viruses, trojans, worms, logic bombs or other material which is malicious or technologically harmful. You must not attempt to gain unauthorized access to the Website, the server on which the Website is stored or any server, computer or database connected to the Website. You must not attack the Website via a denial-of-service attack or a distributed denial-of service attack. By breaching this provision, you would commit a criminal offence under the Computer Misuse Act 1990. We will report any such breach to the relevant law enforcement authorities and we will cooperate with those authorities by disclosing your identity to them. In the event of such a breach, your right to use the Website will cease immediately.
Third Party websites
Links in this Website may allow you to leave this Website or be sent to a third-party’s website. Where our Website contains links to other websites and resources provided by third parties, these links are provided for your information only. Third-party linked websites are not under our control and we are not responsible for the contents of any linked website or any link contained in a linked website, or any changes or updates to such websites. The inclusion of any link does not imply endorsement or adoption by IDX of the linked website and should not be interpreted as approval by us of those linked websites or information you may obtain from them.
You are responsible for taking precautions to ensure that whatever you select for your use is free of items such as infection viruses, worms, Trojan horses or other code that manifests contaminating or destructive properties and other items of a harmful or destructive nature. It is also your responsibility to review the privacy policies on any linked sites as their privacy rules and standards may be different from ours and we are not responsible for their privacy policies or practices. You should also review the terms and conditions of any linked websites.
We welcome bookmarks and links to our Website for lawful purposes. You are free to establish a hypertext link to this Website as long as the link does not state or imply any sponsorship or endorsement of your website by us or our affiliates. We reserve the right, in our sole discretion at any time, to deny any request, or rescind any permission granted, to link to this Website and to require termination of any such link to this Website. You may not frame any content of this Website or utilize any framing techniques in any way, including enclosing any trademark, logo, or other proprietary information (including images, text, page layout, or form), without our prior written consent. You may not incorporate any intellectual property contained on this Website or owned by us or our licensors. You may not use any meta tags or any other “hidden text” utilizing our name or trademarks without our express written consent.
We are not responsible for the content of any other website from which you have accessed the Website or to which you may hyperlink from the website and cannot be held liable for any loss or damage you incur as a result thereof.
No unlawful or prohibited use
As a condition of your use of this Website, you agree not to use this Website for any purpose that is unlawful or prohibited by these terms of use or any notices. You agree not to use this Website in any manner that could damage, disable, overburden, or impair any IDX server, or the network(s) connected to any IDX server, or interfere with any other party’s use and enjoyment of this Website. You agree not to attempt to gain unauthorized access to this Website, other accounts, computer systems or networks connected to any IDX server or to this Website, through hacking, password mining or any other means. You also agree not to obtain or attempt to obtain any materials or information through any means not intentionally made available through this Website.
Other terms that apply
IDX has a privacy policy (“Privacy Policy”) that sets out the privacy policies and practices of Inve IDX as they relate to the collection, use and disclosure of personal data in connection with your use of this Website. Our Privacy Policy can be accessed here: https://www.idx.inc/privacy-policy
IDX has a cookies policy ("Cookies Policy") that sets out information about the cookies used on this Website. Our Cookies Policy can be accessed here: https://www.idx.inc/cookie-policy
Privacy Policy
We are Investis Digital Limited, a company registered in England and Wales under company number 3930926 and with its registered address at 53 Tooley Street, London SE1 2QN ("Investis", "IDX", "We", "Us", "Our").
IDX respects your right to privacy and will process personal information you provide in accordance with the General Data Protection Regulation (EU 2016/679), Data Protection Act 2018, the Privacy and Electronic Communications (EC Directive) Regulations 2003 and other applicable privacy laws.
We have prepared this Privacy Policy to explain how, why and when we collect data from you.
Definitions and Interpretation
In this Policy, the following terms shall have the following meanings:
"Personal Data": means any and all data that relates to an identifiable person who can be directly or indirectly identified from that data. In this case, it means personal data that you give to Us via Our Website. This definition shall, where applicable, incorporate the definitions provided in the EU Regulation 2016/679 – the General Data Protection Regulation (“GDPR”).
What Does This Policy Cover?
This Privacy Policy applies to visitors, employees, customers, prospective customers and suppliers use of Our Website.
Your Rights
As a data subject, you have the following rights under the GDPR, which this Privacy Policy and Our use of personal data have been designed to uphold:
- The right to be informed about Our collection and use of personal data;
- The right of access to the personal data We hold about you;
- The right to rectification if any personal data We hold about you is inaccurate or incomplete;
- The right to be forgotten – i.e. the right to ask Us to delete any personal data We hold about you
- The right to restrict (i.e. prevent) the processing of your personal data;
- The right to data portability (obtaining a copy of your personal data to re-use with another service or organization);
- The right to object to Us using your personal data for particular purposes; and
- Rights with respect to automated decision making and profiling.
We will consider all requests in respect of these rights. Please note, however, that certain personal information may be exempt from such requests in certain circumstances, for example if we need to keep using the personal data to comply with our own legal obligations or to establish, exercise or defend legal claims. If an exception applies, we will tell you this when responding to your request. We may request you provide us with the information necessary to confirm your identity before responding to any request you make.
If you have any cause for complaint about Our use of your personal data, please contact Us using the details provided under the ‘How Can You Access Your Data’ section and We will do Our best to solve the problem for you. If We are unable to help, you also have the right to lodge a complaint with the UK’s supervisory authority, the Information Commissioner’s Office.
What Data Do We Collect?
If you register on this site, you will be asked to provide certain information about yourself (such as your name, address, email address and telephone number, login details such as user name and password). We only ask that this information is provided should you want use a service, make an enquiry or speak to us about Our products or services. We only collect the minimum data required to carry out your enquiry.
We may also automatically collect some technical data such as your Internet Protocol (IP) address, your login information, browser type and information to understand how visitors interact with websites by collecting and reporting information anonymously. This is necessary for Us to allow you to use Our Website.
Our Website use cookies, which are small files placed on your internet browser when you visit Our Website. We use cookies in order to offer you a more tailored experience in the future, by understanding and remembering your particular browsing preferences. Detailed information on the cookies we use and the purposes for which we use them can be found in our Cookie Policy when visiting Our Website.
How Do We Use Your Data?
If We do collect any personal data, it will be processed and stored securely, for no longer than is necessary in light of the reason(s) for which it was first collected. We will comply with Our obligations and safeguard your rights under the GDPR at all times.
If you contact Us and We obtain your personal details from your email, through Our contact page or by registering on Our Website, we may collect, use and store them as follows:
- To receive and reply to your email;
- To contact you for legitimate business interests;
- To contact you about your account and our services;
- To contact you for service-related reasons that you have subscribed to, signed up for, or participate in (e.g. to make you aware of any changes in your subscription, reminding you of a password or username, or about a comment you have made on a website);
- To fulfill subscription orders, provide information relating to the product you signed up to;
- To track traffic flows and to make our websites easier for you to use and to better understand how our websites are used;
- Planning and managing our business activities by understanding aggregated analysis on behavior and habits;
- For improvement and maintenance of Our Website and to provide technical support for Our Website;
- To ensure the security of Our Website;
- To recognize you when you return to Our Website, to store information about your preferences, and to allow us to customize Our Website for you;
- For internal corporate reporting, business administration, ensuring adequate insurance coverage for our business. We may process your personal data for these purposes where it is in our legitimate interests to do so;
- To comply with any procedures, laws and regulations which apply to us – this may include where we reasonably consider it is in our legitimate interests or the legitimate interests of others to comply, as well as where we are legally required to do so; and
- To establish, exercise or defend our legal rights – this may include where we reasonably consider it is in our legitimate interests or the legitimate interests of others, as well as where we are legally required to do so.
We provide an unsubscribe option on all of Our communications.
We consider that the legal bases for using your personal information as set out in this privacy policy are as follows:
- Our use of your personal information is necessary to perform our obligations under any contract with you (for example, to comply with the terms of use of our website which you accept by browsing our website); or
- Our use of your personal information is necessary for complying with our legal obligations (for example, for health and safety purposes); or
- Where neither (a) nor (b) apply, use of your personal information is necessary for our legitimate interests or the legitimate interests of others (for example, to ensure the security of our website). Our legitimate interests are to:
- run, grow and develop our business;
- operate our website; and
- carry out marketing, market research and business development.
- If we rely on our legitimate interests for using your personal information, we will undertake a balancing test to ensure that our legitimate interests are not outweighed by your interests or fundamental rights and freedoms which require protection of the personal information. We may process your personal data in some cases for marketing purposes on the basis of your consent, which you may withdraw at any time. If we rely on your consent for us to use your personal information in a particular way, but you later change your mind, you may withdraw your consent by contacting us at [email protected] and we will stop doing so. However, if you withdraw your consent, this may impact the ability for us to be able to provide services to you (for example, we may not be able to provide e-mail marketing information to you).
How Long Do We Keep Your Data?
IDX will not keep personal data for any longer than is necessary in light of the purpose or purposes for which that personal data was originally collected, held, and processed.
We will always retain your personal information in accordance with law and regulation and never retain your information for longer than is necessary.
When personal data is no longer required, all reasonable steps will be taken to securely erase or otherwise dispose of it without delay.
Children
Our Website and services are not directed at children and we do not knowingly collect any personal data from children. If you are a child and we learn that we have inadvertently obtained personal data from you from Our Website, or from any other source, then we will delete that information as soon as possible. Please contact us at [email protected] if you are aware that we may have inadvertently collected personal data from a child.
Where do we store Your Data?
The data that we collect from you may be transferred to and stored at a destination outside the European Economic Area (EEA). It may also be processed by staff operating outside the EEA working within the IDX group or one of our suppliers. Such staff may be engaged in, among other things, the fulfillment of your order and the provision of support services. By submitting your personal data, you agree to this transfer, storing and processing. We will take all steps reasonably necessary to ensure that your data is treated securely, in accordance with your rights and in accordance with this Privacy Policy. All information you provide to us is stored on Our secure servers.
If you register for the alert service, you will need to provide your name and email address. This information will be held by Investis Digital and may be accessed by Investis Digital India PVT. Ltd. (a subsidiary of Investis Digital) from its premises in India for administration of the alert service. The information will not be used for any other purpose; it will be stored securely and will not be shared with third parties.
Risks and how we keep your personal data secure
Data security is very important to Us, and to protect your data We have taken suitable measures to safeguard and secure any data We hold about you (even if it is only your email address).
We have put in place security procedures and technical and organizational measures to safeguard your personal information. Access to all internal servers is limited to the specialist IT and Data personnel.
In the course of provision of your personal data to us, your personal data may be transferred over the internet. Although we make every effort to protect the personal data which you provide to us, the transmission of information over the internet is not completely secure. As such, you acknowledge and accept that we cannot guarantee the security of your personal data transmitted to Our Website and that any such transmission is at your own risk. Once we have received your personal data, we will use strict procedures and security features to prevent unauthorized access to it.
Where we have given you (or where you have chosen) a password which enables you to access your online account, you are responsible for keeping this password confidential.
How Can You Access Your Data? (Subject Access Request)
You have the right to ask for a copy of any of your personal data held by Us (where such data is held). Under the GDPR, no fee is payable as long as requests are reasonable.
If you wish to exercise your rights, or have any questions regarding your Personal Data please contact IDX using the details below.
Please contact Us for more details at [email protected] or by telephone on +44 (0)20 7038 9000.
We may require proof of your identity before we can give effect to these rights.
Do We Share Your Personal Data?
To fulfill certain services, We work within the IDX group, external suppliers and our other service providers and sub-contractors, including payment processors, utility providers, suppliers of technical and support services and insurers, some of which may reside outside of the European Economic Area (EEA). For us to provide this order/service We may need to share your data with an organization. We may share your personal information with our group companies where it is in our legitimate interests to do so for internal administrative purposes (for example, for corporate strategy, compliance, auditing and monitoring, and quality assurance).
We do not subscribe you to marketing emails without your consent.
We do not allow the vendors who help us process transactions or services to sell or give away your information. Any third parties with whom we share your personal data are limited (by law and by contract) in their ability to use your personal data. We will always ensure that any third parties with whom we share your personal data are subject to privacy and security obligations consistent with this Privacy Policy and applicable laws.
Links to Other Websites
We sometimes provide you with links to other websites, but these websites are not under our control. Therefore, We will not be liable to you for any issues arising in connection with their use of your information, the website content or the services offered to you by these websites. We advise you to consult the privacy policy and terms and conditions on each website to see how each supplier may process your information.
Changes to Our Privacy Policy
We may change this Privacy Policy from time to time (for example, if the law changes). Any changes will be immediately posted on Our Website and you will be deemed to have accepted the terms of the Privacy Policy on your first use of Our Website following the alterations. We recommend that you check this page regularly to keep up-to-date.
The practices described in this Privacy Policy are current as of June 2025.
GDPR Compliance
IDX is committed to the General Data Protection Regulation and protecting Personally Identifiable Information. In addition to the GDPR compliance, our policies and procedures follow the rigorous controls set out in ISO 27001:2022.
We have adopted and applied GDPR Principles within our organization and we are also accredited with ‘Technical standard related to Privacy and personal data protection – ISO27701:2019’.
We respect the rights of Data Subjects and we have set up internal processes around Data Privacy and Protection objectives that include (but not limited to) Data Breach procedures, Data Erasure requests and Right to Information procedures.
What is GDPR?
The EU implemented the General Data Protection Regulation (GDPR) in May 2018, which affects how companies collect, process and store consumer data.
Does this apply to me?
The EU implemented the General Data Protection Regulation (GDPR) in May 2018, which affects how companies collect, process and store consumer data.
GDPR Key Terms
- Data Subject - GDPR defines data subjects as identified or identifiable natural person[s]. In other words, data subjects are just people from whom or about whom you collect information in connection with your business and its operations.
- Data Controller - The GDPR definition of a controller is the natural or legal person, public authority, agency or another body which, alone or jointly with others, determines the purposes and means of the processing of personal data.
- Data Processor - Those entities that process personal data on behalf of data controllers, and as directed by data controllers, are considered data processors.
- Consent - The GDPR steps up the standard for disclosures when obtaining consent, as it needs to be freely given, specific, informed and unambiguous, with controllers using clear and plain legal language that is clearly distinguishable from other matters.
Top FAQs
IDX has always held ourselves accountable to the strongest of governance models to ensure data privacy and protection for our clients. We work with reputed third-party audit firms for the compliance and certification of our data handling, and storing procedures in line with industry best practices.
IDX has voluntarily submitted to a 3rd party audit of our GDPR controls. While this is not required by governing bodies, we have chosen this path to ensure that we have the best possible in planning in place for our clients. As part of this audit, a leading international compliance and certification agency ‘Crest Certification Services’ has certified IDX for our demonstrated ability to process and secure the personal data in accordance with the GDPR regulation.
This combined with IDX's ISO 27001 (ISMS) credentials, ISO27701 (PIMS) and robust & matured security processes that are modelled after SSAE16 SOC-1/2 make ID an ideal choice for clients who are very sensitive towards PII processing and the storing of sensitive data.
Your data is completely secured with IDX.
We are certified for ISO 27001:2022, ISO 9001:2015 and ISO27701:2019. Security is at the center of everything we do. Our security processes and policies are inspired by industry best practices for information security and data protection. Our dedicated Information Security team ensures our controls can defend against the latest cyber threats.
IDX has a standard procedure in place that requires a DPA – Data Processing Addendum/Agreement - in place for every client relationship where personal data is involved. IDX's dedicated GDPR Compliance team works with the client's compliance team to ensure the proper documentation is in place before the data processing activities commence.
Yes. IDX's hosting platforms, other products and services have been enhanced to ensure the protection of the personal data however as a website owner and Data Controller, you still need to think about ensuring the website is compliant. This means ensuring the website has a well-drafted privacy policy, cookie policy, cookie notice including controls that allow users to disable optional cookies amongst the other components. Note that IDX does not create privacy and cookie policy on our client’s behalf. Our role as a data processor means the policy must come through our client (the data controller) and we must be held accountable to those requirements.
Clients should work with their IDX contact to ensure that GDPR compliant policies exist on their website and that they have a data protection agreement in place for any subcontractors that collect data on their website.
The Cookie Law is a privacy legislation that provides directions on how a website must use Cookies - including transparently providing information about cookies and giving users a real choice to allow cookies or not. Historically, the “cookie law” of 2011, required ‘consent’ to drop any ‘non-essential’ cookies regardless of whether personal data was collected or not. The concept of “non-essential” cookies is not a new one. The ICO’s 2012 guidance on cookies said implied consent (i.e. an opt-out rather than an opt-in) was permitted; “Implied consent has always been a reasonable proposition in the context of data protection law and privacy regulation and it remains so in the context of storage of information or access to information using cookies and similar devices.”
The Cookie Law was introduced as an EU Directive which then was adopted by all EU countries including the UK. Each country updated its local laws to comply with this, for example, Privacy and Electronic Communications Regulations in the UK.
What is the new guidance from the UK's Information Commissioner's Office (ICO) on cookies?
Early July, The ICO released new guidance on the use of Cookies and Similar Technologies which provides directions on how to comply with:
-
Privacy and Electronic Communications (EC Directive) Regulations 2003 (‘PECR’)
-
The General Data Protection Regulation (Regulation (EU) 2016/679) (‘GDPR’)
The main takeaway from this new guidance is that Implied Consent is no longer acceptable. In July 2019 GDPR further refined what constitutes valid consent and the ICO’s latest guidance confirms; “There is no definition of consent given in PECR or in the ePrivacy Directive; instead, the GDPR definition of consent applies”. Users must therefore take, in the words of the Regulator; “a clear and positive action to consent to non-essential cookies” and “pre-ticked boxes or any equivalents, such as sliders defaulted to ‘on’, cannot be used for non-essential cookies”.
What impact will these changes have on a website I host with you?
Some clients already had a mechanism to obtain explicit consent at the guidance of their own legal and compliance teams. These clients will have to review the privacy policy, cookie policy and cookie control mechanism to ensure they are still in compliance with the latest guidance.
A large number of clients relied on “implied consent”. These clients will need to work with their IDX contacts to deploy changes to ensure they are in compliance with the latest guidance.
Note that a negative impact of this change is that once it is put in place, you will likely see a drop off in your website analytics package. This does not mean that visitors are not finding your website; it does mean they have elected to remain anonymous. Reply
Some clients already had a mechanism to obtain explicit consent at the guidance of their own legal and compliance teams. These clients will have to review the privacy policy, cookie policy and cookie control mechanism to ensure they are still in compliance with the latest guidance.
A large number of clients relied on “implied consent”. These clients will need to work with their IDX contacts to deploy changes to ensure they are in compliance with the latest guidance.
If you are a European company or target an EU based audience we strongly urge you to adopt this guidance and follow through on these website changes to avoid the risk of a fine from the ICO. However, you may also elect to sign a disclaimer and not have this change put in place for your website.
No (although you may be affected by the CCPA in Jan 2020 and may want to get ahead of that now). Currently you do not need to block cookies by default for audiences outside the EU. This can be done by adding geo-location to your website or by hosting clones of your website in the EU and U.S.
All clients must review their website cookie policies to ensure they are in line with the requirements of the PECR and GDPR. If you are using old cookie policy obtained from IDX, you must swap this with a new policy of your own.
IDX does not collect data for its own purpose. The data is collected only on the instructions of the Data Controller which is ultimately the owner of the data.
Yes. Anyone can exercise the right to be deleted. Contact our GDPR team or your IDX contacts to assist you in this process.
Yes. The guidelines and options to toggle the preferences are accessible through the cookie notice or cookie policy.
Yes, they can. Contact your account manager to organize a call with our GDPR experts to learn more about how this is already being done on your website.
If an individual opts out or objects to data collection, a process is in place to remove the individual’s data from our systems. The data controllers or the client must also have their own standardized procedures for managing data sent to them by IDX to ensure compliance with GDPR. Users may similarly opt out through the footer provided in all IDX email communication.
Only if strictly necessary for the delivery of the contracted services, information may be processed from the IDX offices in the US and India. In such cases, the data transfer is based on IDX entities entering into a data transfer agreement.
Additionally, the information transferred to a client becomes the property of the client. Any additional third-party data transfers thereon must be outlined in the client’s data handling policy and privacy policy including transfer outside EU by the client.
All client data information captured in the European Union is stored at Amazon Web Services based in Ireland and Frankfurt.
Data we collect on behalf of clients is shared only with that client or with sub-processors covered by Data Processing Agreements and following our privacy policy. If a data sharing agreement is in place, IDX closely monitors these agreements on behalf of the client. It’s important to note that IDX does not sell data to third parties.
Yes, IDX has appointed Holly McMullan as the Data Protection Officer (DPO). She can be contacted at the email ID [email protected]
Yes. We have adequate controls in place to identify, protect, detect, respond to, and recover from data breaches. Once a root cause has been established, a complete history of any breach and corresponding remediation steps will be communicated to the client. Our clients will be familiar with this procedure as a similar process already exists for security risk notifications. As per the requirements of the GDPR, our data breach reporting procedures will take no longer than 48 hours and will very often be much faster.
Our clients use different analytics providers and there is no way for us to ensure ongoing compliance when regulations change. Some of these vendors behave differently with some working through JavaScript and others through server-side integrations and it is not possible for us to track and manage compliance for technology working outside our platform. Examples of this include server side integration for Facebook and other advertising/marketing automation technologies. In these situations, please talk to our GDPR compliance team to learn how you can hold these subcontractors accountable for their data handling practices. IDX’s own Connect.ID Intelligence Analytics is GDPR compliant and as the provider of that tool we do take full responsibility for Intelligence updates when regulations change.
No. The CCPA was passed into law in June of 2018 and is being described as the GDPR of the U.S. This act has strong privacy legislation and will come into full effect on January 1st 2020. IDX will be posting more information about complying with CCPA in the coming months.
More Information
Should you require more detailed information, specifically on IDX’s approach to the GDPR, please contact your Account Manager. You can also send GDPR related queries to [email protected].
Modern Slavery Statement
This policy applies to all individuals working for us or on our behalf in any capacity, including employees at all levels, director, agency workers, volunteers, contractors and suppliers. IDX strictly prohibits the use of modern slavery and human trafficking in our operation and supply chain. We have and will continue to be committed to implementing systems and controls aimed at ensuring that modern slavery is not taking place anywhere within our organisation or in any of our supply chains. We expect our suppliers to hold their own suppliers to the same high standards.
Our Modern Slavery Act Statement outlines the steps IDX take to ensure our business is ethical. The full statement is also available on the IDX home page.
Company Overview
IDX is a global digital communications company. We combine effective storytelling with innovative digital approaches to help businesses communicate clearly and authentically with any audience. Using performance marketing and corporate communications, we craft a seamless presence for our clients, positively influencing the awareness, affinity, and action of the people that matter most.
Founded in 200, we have more than 2,000 global clients supported by 500 staff. We're headquartered in London and have offices across Europe, North America, and Asia-Pacific.
This statement is made pursuant to s.54 of the Modern Slavery Act 2015 and sets out the steps that IDX has taken and is continuing to take to ensure that modern slavery or human trafficking is not taking place within our business or supply chain.
Modern slavery encompasses slavery, servitude, human trafficking and forced labour. IDX has a zero-tolerance approach to any form of modern slavery. We are committed to acting ethically and with integrity and transparency in all business dealings and to putting effective systems and controls in place to safeguard against any form of modern slavery taking place within the business or our supply chain.
Our Policy and Commitment
We operate several internal policies to ensure we are conducting business in an ethical and transparent manner. These include:
- Anti-slavery policy: This policy sets out the organization's stance on modern slavery and explains how employees can identify an instances of this and where they can go for help.
- Recruitment Policy: We operate a robust recruitment policy, including conducting eligibility to work checks for all employees to safeguard against human trafficking or individuals being forced to work against their will.
- Whistleblowing policy: We operate a whistleblowing policy so all employees know they can raise concerns about how colleagues are being treated, or practices within our business or supply chain, without fear of reprisals.
- Staff Handbook: All our employees have a contract which sets out their working conditions, expected hours of work and salary. The handbook also details other policies and outlines who they can speak to regarding any issues which they believe need to be highlighted.
Our Suppliers
Our supply chain comprises primarily services, including professional advisory services, travel services and IT services, as well as office supplies. We have reviewed our supply chain and believe the overall risk of modern slavery is low owing to:
- The nature of goods and services which we procure (mostly services, mostly skilled professions),
- The locations from which we procure it (mostly in developed markets), and
- Our procurement practices (for example, we agree to reasonable terms and ensure timely payment). While the overall risk is low, these criteria also enable us to identify where the risk may be higher.
In addition, if a supplier is suspected of violations, we will assess any instances of non-compliance on a case-by-case basis and will then tailor remedial action appropriately. We will only trade with those who comply with this policy.
Our contractors and partners are required to ensure all personnel used by the contractor to provide services comply with all applicable laws, rules and regulations, including without limitation U.S. Anti-Kickback Statute (42 U.S.C. § 1320a-7b(b)), the U.S. Foreign Corrupt Practices Act (5 U.S.C. §§ 78dd-1, et seq.), the U.K Bribery Act 2010, the U.K. Modern Slavery Act 2015 and all applicable privacy and discrimination laws, rules and regulations.
Agreed Actions
In order to demonstrate our commitment to the Modern Slavery Act 2015 and ethical sourcing, IDX is undertaking or has already undertaken the following actions:
In order to demonstrate our commitment to the Modern Slavery Act 2015 and the ethical sourcing, IDX is undertaking or has already undertaken, the following actions:
- Training will be provided to all appropriate employees on the requirements and ethos of the Act. This may be repeated as required.
- This statement will be made available on the homepage of our company website.
- Our policies and procedures will be reviewed annually and updated as required, to ensure there continues to be appropriate safeguards in place against any mistreatment of individuals.
Approval for this statement
This statement was approved by the Board of Directors on 9th December 2020.