Introduction
IT Labs ® (“US”, “WE”, OUR/S”) means the group of companies operating under the IT Labs ® and Growth Labs Academy™ brands (here in after “the Company”). This website and its policies encompass the group’s operation and business worldwide. We respect your privacy and understand its fundamental importance in today’s digital age. Thus, a commitment to data protection is one of our paramount values. We also recognize the potential of technology to help you communicate with us, via our website and other technology, and we would like to utilize this technology over time to interact and further develop a relationship with you. We have developed the following guidelines in line with various globally recognized regulatory frameworks, primary among them, being the General Data Protection Regulation (EU) 2016/679 (“GDPR”), to ensure responsible use, processing, and security of the information you share with us.
Please read the following to learn more about OUR Privacy Policy and YOUR rights. If you do not agree to the terms of this Privacy Policy, please do not provide us with any information and do not use our websites or services. Your continued use of our websites and services under the Privacy Policy in force shall signify your acceptance of its terms. We retain the right to change or update our Privacy Policy from time to time and consequently publish such modifications. Your continued use of our website and services signifies that you have accepted such modifications. For additional policies and procedures, please see our Terms and Conditions.
Any reference to “YOU” “YOUR” or “YOURS” shall mean any user and visitor of this website or any person who establishes a relation with The Company or for which The Company collects and processes personal data, pursuant to the terms and conditions herein in this Privacy Policy.
How do we collect information?
We collect personal data solely for specific purposes, as our corporate policies prescribe as well. The information we collect enables us to continuously operate and undertake our business activities, as well as provide and offer our services to you. How we collect information is therefore prescribed as follows:
Business Contacts
We collect information via our information forms on our website for business contacts, where you provide us with your name, surname, e-mail, telephone number, as well as a company name or affiliation. Such business contacts are later on stored in our customer relationship management tool (“CRM”) for building a further relationship with you, managing the services we provide to you, or further marketing of our services to you.
We may also collect various business contacts from other online and offline sources maintaining our lawful basis for processing, which are as well stored in our CRM, as well as collect information automatically when you visit or interact with our website, in a prescribed manner and conditions. For more information, please visit Our Cookies and Similar Technologies section.
Recruitment, Employment or Enrollment
We collect your information via our information forms on our website via our integrated providers to which this website may redirect, where you provide us with your name and surname, e-mail, telephone number, as well as your expertise and curriculum vitae (CV), including any information in such CVs. Such information is integrated with Workable, our current talent recruitment vendor, and further stored, processed, and used in and from Workable. We have separate Workable Privacy Notice intended for the purposes of recruitment and employment, consistent with personal data protection requirements and this Policy. For any cases where we may obtain your information for recruitment or engagement purposes via other sources, we maintain its lawful basis processing pursuant to our policies and again store such information in Workable.
We also use Workable for your enrollment; in case you decide to apply for any of the courses we would offer under our Growth Labs Academy brand.
Marketing
We collect your information from the information forms on our website, specifically our Newsletter information field, where you provide us with your name, surname, e-mail, job title (if applicable), telephone, company you work at (if applicable), and such company business information (if applicable). We currently use Mailchimp as our marketing platform and such information is stored there and further processed in line with our newsletter activities. You can always unsubscribe from our newsletter and we will remove your data.
Service Provision
We may collect or have access to information of data subjects, as our direct customers or data subject to which our clients are controllers, in connection and necessary for providing services to You directly or our clients. Our policy is to collect only the personal data necessary for specified purposes and we ask you or our clients only to share personal data where it is strictly needed for those purposes. Where we need to process personal data to provide our services, we ask you or our clients to provide the necessary information for data subjects concerned regarding its use. We advise all our clients to conclude separate data processing agreements in cases, where it is necessary for us to have access or use, collect or process client’s data subject’s information if required per applicable regulation.
Suppliers and Individual Contractors
We may collect or provide access to personal data to our vetted suppliers and individual contractors, for the purpose of receiving a service, or the purpose of further providing service to our clients, solely where there is a necessity for it, in order for the services to be provided or received. We require our suppliers to conclude data processing agreements with us for this purpose and we commit our individual contractors with our and/or our client’s data protection policies within our service contracts with them. We also undergo vetting process for our suppliers and vendors, to ensure their compliance with data privacy and security processes.
How do we use the information?
We use the information we collect and process for:
- Administering, developing, managing, and maintaining our relationship with prospects, clients, partners, suppliers, contractors, candidates, employees, Growth Labs Academy mentors and Growth Labs Academy students
- Enrollment of students to Growth Labs Academy
- Application of Mentors to Growth Labs Academy
- Managing and providing our website to function and make our website user experience better
- Respond to your query, including providing you with any requested information about our products and services
- Follow up feedback so we ensure that we have answered you to your satisfaction, prior to a sale
- Candidate status check for engagement or employment opportunity
- Managing and administering an employment or individual contractor’s relationship, including payroll, labor rights, and benefits
- Providing you with regular Newsletters, in case you have subscribed or are part of The Company staff
- Providing required services to customers or receiving services from suppliers
- Managing and administering our security, quality, and risk management
- Complying with any applicable regulatory or legislative inquiry or competent authority order
- Protecting or addressing a matter of public interest and protection of third-parties’ rights and freedoms
- Facilitate invoicing towards Growth Labs Academy students and mentors
We do not:
- Currently collect your financial or PCI information via our website
- Knowingly collect children’s data (go to our Children’s section below)
- Collect special categories of data or sensitive information via our website
What is our legal basis for processing?
Our policies prescribe and regulate that we collect, process, and use personal data solely if there is a purpose or concrete necessity to do so.
Depending on such purpose or necessity, we may collect or process personal data:
- When such data is required for the purposes of performance of a contract, to which the data subject is a party, then the processing is based on a contractual lawful basis.
- When the processing is necessary to comply with regulatory or legislative obligations (required by law), the processing will be made for legal obligations on a lawful basis.
- When the processing is necessary to provide or receive a service, to develop, administer, manage, and maintain our business, to develop employment or engagement opportunities with candidates, to ensure our security, quality, and risk management, to manage, improve and enhance our benefits and work environment, we shall rely on our legitimate interest as a lawful basis of processing and properly document it.
- Based on written consent from the data subject, if we ask for such consent
- We may process personal data we have collected, based on other lawful basis required by applicable law or regulation, such as protection of public interest, etc, in case such legal necessity occurs.
What are your Rights?
You have the following rights with regard to your personal data as a data subject, which you may request from us, when applicable, by writing to dpo@it-labs.com:
Right to access
You have the right to access your data, held by us in the capacity of a data controller, and where reasonably possible, taking in mind the efforts and resources required, you have the right to receive your personal data from us in a structured, commonly used and machine-readable format. In case your inquiry involves a disproportionate requirement of resources or efforts, we may apply a reasonable charge, for which you will be informed.
Right to rectification
In order to update your information held by us, please write to the mail specified above, or contact us via our webpage information applications. In case you have been granted access permission to any of the systems we use, that allows you to rectify and update your information directly, please do so, in the way our policies and systems require. When reasonably possible, once we are informed and made aware that any personal data is no longer accurate, we shall in a reasonably possible period, make corrections, based on your information to update data.
Right to erasure (right to be forgotten)
You may require the erasure of your data in the circumstances when such data is no longer necessary in relation to the purposes for which it was collected or otherwise processed, in the case of withdrawal of consent in consent-based processing or for processing for direct marketing. There are certain general exclusions from the right to erasure, such as: exercising the right of freedom of expression and information, for compliance with a legal obligation or a contract, or for exercise, submission, or defense of a legal claim. Right to erasure logically cannot be applied in case you require to restrict processing (example: when you require for us to no longer contact you, however, we have to keep you in our system in order to maintain the knowledge we and our staff are not to further contact you).
Right to restrict processing
Unless the processing is required by law, you have the right to require a restriction of processing your personal data, on reasonable grounds within your particular case. Unless we demonstrate compelling reasons to continue to process your data due to exercise, submission, or defense of legal claims, we will restrict and no longer process your data.
Right to object to processing
Unless the processing is required by law, you have the right to object to processing your personal data, on reasonable grounds within your particular case. Unless we demonstrate compelling reasons to continue to process your data due to exercise, submission, or defense of legal claims, demonstrated legitimate interest, public interest, or protection of the rights and freedoms of a third-party, we will cease to process your data. You have the right to object to processing in the case of direct marketing, in which case we shall cease processing your data for this purpose.
Right to data portability
In case applicable, you may request for us to transfer your data to another controller.
Right to complaint
In case you have a compelling reason to believe that we do not process your personal data lawfully, you have a right to lodge a complaint as prescribed in the Complaints section below.
Right to withdraw consent
When we process information based on your provided written consent, you have the right to withdraw such consent at any time and properly inform us of it on the contact e-mail provided above. We shall review any such case and respond with action in a reasonable time, as per our prescribed response policies. Withdrawal shall not affect the lawful processing prior to the request for withdrawal being made.
Upon due analysis of each request received, we may conclude to retain our right to reject requests that are unreasonable or not required by law, including those that we demonstrate that are extremely impractical, impossible, or absurd, could require disproportionate technical effort, could expose us to operational and security risks, or could endanger the rights and freedoms of third-parties, or public interest. We may retain information as required or permitted by applicable laws and regulations, including to honor your choices, for our billing or records purposes and to fulfill the purposes described in this Policy.
How do we share information?
We may share the information we collect with other parties, including with third-party service providers who process data on our behalf, such as email service providers, document information management and ticketing platforms; recruitment and human resources platforms, marketing and customer relationship management platforms, security platforms, payroll, and financial systems, or other internal third-party systems we use in order to administer, develop, manage, maintain and ensure our business and operations. We may also share information we collect with third-parties, as part of a prospective or completed sale, merger, acquisition, or other transfer of all or part of our assets, including in other regulatory administration proceedings; pursuant to a subpoena, court order, governmental inquiry, or other legal process or as otherwise required or permitted by law, or to protect our rights or the rights of third-parties; or with your consent, or as otherwise disclosed at the time of data collection or sharing.
In case we share information, we always do so under strict confidentiality obligation and where applicable or required by law, under applicable data processing agreement, or under demonstrated technical, organizational, and security measures by the third-parties we share information with, including platforms and systems infrastructures, in order to maintain and further ensure the security and protection of the data.
Please go to our International Transfers section below, for further information on how we manage international transfers.
Our Security
We are committed in ensuring the protection of personal data and thus we take the security of all the data we manage very seriously. We adhere to internationally recognized security standards and our information security management system is independently certified in compliance with the requirements of ISO/27001. We have a framework of policies, procedures, and training in place covering data protection, confidentiality, and security. We as well, regularly review the appropriateness and the effectiveness of the measures we have in place, to keep the data we manage secure.
However, the Internet is an open system, and no method of transmission over the Internet or method of electronic storage is 100% secure. Although we cannot guarantee any unauthorized access shall never occur, we strive to prevent your personal data from being accidentally lost, used, or accessed in an unauthorized way, altered or disclosed, through the appropriate security measures and safeguards we have in place, including where appropriate using Secure Sockets Layer (SSL) encryption when collecting or transferring sensitive information; limiting access and permissions to the information we collect about you, to only those resources with a strict ‘need to know’, in order to carry out business tasks; implementing physical, digital and organizational safeguards on industry-standard levels. We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulatory body of a breach, where we are legally required to do so.
Data Retention
We maintain a retention policy within our companies and various retention periods per type and form of data, or local legislative requirement. As a general rule, we retain the personal data we collect and process for as long as it is necessary for the particular purpose we have obtained them. When possible or required, retention is set as prescribed with applicable law or regulation. In case there isn’t any specific legal, legislative (including bylaws), regulatory or contractual requirement, we set our retention periods based on an assessment of the necessity and legitimate interest to retain them. Certain retention periods may be extended in case required to protect our legal rights in the establishment, exercise, or defense of claims or in case required by applicable law. When the retention period expires or data is no longer necessary, we apply our internal policy for data disposal, set based on the type of data and the form and media of such data.
We apply the practice of regular periodic retention monitoring.
Cookies and Similar Technologies
We use cookies and similar tracking technologies to track the activity on the website and store certain information. Tracking technologies used are beacons to collect and track information and to improve and analyze website traffic. The technologies we use include:
- Cookies or Browser Cookies
- Web Beacons (also referred to as pixel tags)
What are Cookies?
Cookies are small text files that can be used by our website to make a user’s experience more efficient. They are used to enhance and enable the performance of our website. We use cookies to personalize content and ads, provide social media features, enhance user experience, and analyze our website traffic. We also share information about your use of our website with our social media, advertising, and analytics partners who may combine it with other information that you’ve provided to them or that they’ve collected from your use of their services. Please see our below.
If you have any questions about the cookies used by our website, please contact us at privacy@it-labs.com.
What are Beacons?
Web Beacons are small electronic files that permit us to count users who have visited those pages or opened an email and for other related website statistics (for example, recording the popularity of a certain section and verifying system and server integrity). They are also known as web beacons and are frequently referred to as clear gifs, pixel tags, and single-pixel gifs. Web beacons do not place information on your device, but they may work in conjunction with cookies to monitor website activity.
We do not use web beacons to collect personal data about visitors. We may use these technical methods to analyze website performance and reliability data such as timing (e.g., page load) metrics on our sites. We may use web beacons to track the effectiveness of an ad, and also use web beacons in HTML emails that we send subscribers who have opted in to receive email from us, to determine whether our recipients have opened those emails and/or clicked on links in those emails.
If you have any questions about the web beacons used by our website, please contact us at privacy@it-labs.com.
Cookies Control (Consent Tool) – Cookies Declaration
We can store cookies on your device if they are strictly necessary for the operation of this website, meaning the website cannot operate or work without them. For all other types of cookies, including third-parties’ cookies, we need your permission/consent. Save for the strictly necessary cookies, all other categories of cookies have a default setting of being disabled. It is your choice to opt-in to enable them or not via our Cookies Consent Tool, which appears when you enter our website.
Our website uses different types of cookies. Some cookies are placed by third-party services that appear on our pages. You can at any time change or withdraw your consent setting from our website. Please state your consent ID and its date, which you may find on our Cookie Deceleration, when you contact us at privacy@it-labs.com regarding your cookies consent.
Cookies Categories and List
There are four categories of Cookies that we use:
Necessary Cookies
Necessary cookies help make a website usable by enabling basic functions like page navigation and access to secure areas of the website. The website cannot function properly without these cookies.
Preference cookies
Preference cookies enable a website to remember information that changes the way the website behaves or looks, like your preferred language or the region that you are in.
Statistic cookies
Statistic cookies help website owners to understand how visitors interact with websites by collecting and reporting information anonymously.
Marketing cookies
Marketing cookies are used to track visitors across websites. The intention is to display ads that are relevant and engaging for the individual user and thereby more valuable for publishers and third-party advertisers.
You can access the detailed list of cookies per each category, along with the defined purpose and retention of each, including third parties’ cookies, in the Details section dropdown of our Consent Declaration (by Cookiebot).
Direct Marketing
We may use information collected from users that have subscribed to a newsletter on our website, for business development, prospecting, and marketing purposes, including email marketing materials (for example, sending regular Newsletters). Users may choose not to receive newsletters further, by choosing the unsubscribe option in the automated e-mail received, in case we use Mailchimp as our marketing platform, or reply to the e-mail received, with a request to be unsubscribed. Please note that the above does not affect users’ ability to make their choices on cookies in accordance with this Privacy Policy and the Cookies Declaration cited above.
In case of downloads of trials and materials, appropriate consent-based opt-in will apply.
Third-Party Links and Tools
Our website may provide links to third-party websites or apps. We do not control the privacy practices or policies of those websites or apps, and they are not covered by this Privacy Policy. We encourage you to review the privacy notices or privacy policies of other websites or apps that you use or have transferred to, by using a link from our website, in order to learn about their data protection practices, prior to you using them further.
We do not accept any liability or accountability for your use of such third-party links, websites, platforms, or applications.
International Transfers
We are a group of companies with entities in various jurisdictions in the world, who apply common functional group level operations, in order to run, manage, develop and maintain our business, as well as use third-parties located in other countries to help us in the same. That may result in personal data being transferred outside the countries where we, you or our customers are located. It also results in intercompany transfers or access, among our entities in different locations.
Our operations and business may require that we transfer personal data in respect of such data being regulated by the EU legislation and the General Data Protection Regulation (GDPR) in the following manner: i) cross-border transfers in jurisdictions outside of the European Economic Area (“EEA”) and ii) transfers to countries that do not have adequacy decision by the European Commission and thus may not have established laws that provide specific protections for personal data satisfactory to the standards and requirements of the GDPR.
In such cases, for our third-party providers and our intercompany transfers, we ensure to apply that any such transfers shall be done under an agreement that covers the EU requirements for the transfer of personal data outside the EU, such as the European Commission (“EC”) approved and adopted Standard Contractual Clauses (“SCC”), or under a specific data processing agreement which includes the SCCs adopted by the EC. The European Commission approved and adopted SCCs are available HERE.
Each of our entities adheres to and applies the internal policies and procedures or has the same level of their own policies and procedures, relating to the collection and processing of personal data which complies with the GDPR prescribed data protection principles, ensuring a minimum adequate level of protection of personal data.
We also take the proactive role when it comes to our customers, and in case it detects that the service we will be providing or are required in providing, includes the necessity of personal data processing or transfers, we offer and advise our customers to regulate such actions with appropriate technical and organizational safeguards and data processing provisions, including where required, EU adopted SCCs.
Children
Our website is a general audience website and is intended to be used by adults and teens (13 years and older). It is not intended for children under the age of 13, and The Company does not want or need to collect any personal data from such children. Any data shared with us for children (teens) from age 13 until adulthood (depending on applicable local law) is required by you to be specifically noted to us when shared, so we take proper measures in its protection.
We do not knowingly collect personal data from children and in case there is an event in which it has come to our knowledge that we have inadvertently collected or obtained children’s data, we shall activate our policies promptly and within reasonable time and efforts, delete and dispose of such data.
In case you have any knowledge of such data being shared with us or our website, please write to us at dpo@it-labs.com, so we are able to take appropriate measures.
Complaints
We have faith that you will never need to file a complaint for the application of your rights as data subjects or our use of personal data, however, in case there is such an event, please send your complaint to dpo@it-labs.com or the contact details specified below, as a hard copy letter. We will look into every such complaint and respond to you within a reasonable time, always aiming to resolve any issue at hand to your satisfaction, if such is reasonably doable, within the level of your rights or prescribed by applicable law.
In case you have a compelling reason to believe that we do not process your personal data lawfully, you also have a right to lodge a complaint to the applicable data processing authority. You may do so, at your local data protection authority, the data protection authority of the jurisdiction where you believe such non-compliant processing occurred, or to our leading data protection authorities, as follows:
For European Union-related complaints (The Company B.V. – EU Representative) – the corresponding Data Protection Authority’s website can be found HERE.
Additional Information for Canada, Switzerland, and UK residents
This section applies to the residents of Canada, Switzerland, and the UK residents. Please note that this Policy’s regulation with respect to the collection, use, sharing, data subjects’ rights, purpose and lawful basis or processing, international transfers, and cookies apply to you as well. You may contact us at dpo@it-labs.com for any further aspect you may find of importance to your rights under your applicable data protection or privacy local law and we shall put effort to respond to you in a reasonable time.
Additional Information for California residents
California Consumers Privacy Act (CCPA) grants consumers certain rights and imposes restrictions on particular business practices as set forth below. California consumers have the right to request that we disclose what personal information we collect, use, disclose, and sell about you. At this time We are not subject to the provisions of CCPA because we do not process personal information from California consumers, in any quantity, or for any express purposes to profit from it. Nonetheless, we welcome any inquiries or complaints with respect to our website by sending queries to privacy@it-labs.com. When you submit your request, we will take steps to attempt to verify your identity. We will seek to match the information in your request to the personal information we maintain about you. As part of our verification process, we may ask you to submit additional information. Please understand that, depending on the type of request you submit, to protect the privacy and security of your personal information, we will only complete your request where we are satisfied that we have verified your identity to a reasonable degree of certainty.
Additional Information for Brazil residents
Brazil data subjects have legal rights under Brazil’s Federal Law nº 13.709/2018 (LGPD), as well as any other applicable laws in relation to your personal information.
To access personal information. You can ask us to confirm whether or not we have and are using your personal information and for a copy of your information.
To correct personal information. You can ask us to correct any information about you which is incorrect, inaccurate, or outdated. We will be happy to rectify such information but would need to verify the accuracy of the information first.
To erase/anonymize personal information. You can ask us to erase, anonymize or block your information if you think we no longer need to use it for the purpose we collected it from you, or if such data are excessive or are processed in violation of applicable law. You can also ask us to erase your information if you have withdrawn your consent to us using your information (if we originally asked for your consent to use your information). We may not always be able to comply with your request, for example where we need to keep using your information to comply with our legal obligations or where we need to use your information to establish, exercise, or defend legal claims.
To object to how we use your information. You can object to any use of your information that we have justified on any legal basis other than consent only in case of infringement of the applicable law. If you raise an objection, we may continue to use your information if we can demonstrate that we have a legal basis to continue to use the information.
To ask us to transfer your information to another organization. You can ask us to provide your personal information to you or you can ask to have it transferred directly to another data controller (e.g. another company).
Other rights. You may at any time revoke your consent to the processing of your personal data, whenever you have given it. You may file a claim before the competent governmental authorities, such as the national data protection authority, which you may reach here. You can ask us to provide information about any public and private entities with which we have shared your data. You may request a review of decisions taken solely based on automated processing of personal data that affects your interests, including decisions intended to define your personal, professional, consumer, and or aspects of your personality.
We may ask you for proof of identity when making a request to exercise any of these rights. We do this to make sure that we only disclose information where we know we are dealing with the right individual.
We may not always be able to do what you have asked, for example, if it would impact the duty of confidentiality we owe to others, or if we are otherwise legally entitled to deal with the request in a different way. If there is any inconsistency between the rights above and this Privacy Policy, the above specific rights shall prevail in respect of Brazil.
How to Contact Us
In case you wish to contact us, please write to us on privacy@it-labs.com.
To contact our Group Data Protection Officer, please write to dpo@it-labs.com.
Policy Update
Our Privacy Policy may be modified or updated from time to time. If we decide or have a regulatory requirement to make any material changes to our privacy notices herein in this Policy, we will post these changes on this website, so users are aware of any such changes or modifications of material nature. If at any point, we decide to use individual user information in a manner different than what was stated at the time it was collected, we will notify users of this change in writing and apply the appropriate measure to ensure the lawful basis of the processing is maintained for any other purpose. This Privacy Policy was last modified and published on this website on June 28.2023 and is deemed effective from its publishing date.
Do You have further questions or anything to address with us?
If you have any further questions, wish to address any other aspect to us regarding privacy, or believe we are not abiding by its published Privacy Policy, we invite you to contact us at dpo@it-labs.com and report this, so we can properly investigate and take if needed, any appropriate measures.