Privacy and Data Protection Policy

Section 1: Definitions

Client – The individual or organization requesting services from OneIMS.

Client’s Customers – Third parties that may provide personal information to OneIMS’ Clients.

Customer Data – The data collected, processed, or stored during the use of OneIMS services.

GDPR – General Data Protection Regulation (EU) 2016/679 of the European Parliament and Council on the protection of natural persons with regard to the processing of personal data and on the free movement of such data.

Party – Singularly, Company or Client; collectively, Parties.

Personal Data Breach – A breach of security leading to accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to, Personal Data transmitted, stored, or otherwise processed.

Personally Identifiable Information (PII) – Any information relating to an identified or identifiable individual where such information is contained within Customer Data and is protected under applicable Data Protection Law.

Section 2: Personal Information

A. Information We Collect

OneIMS collects limited personal information necessary to provide our services effectively. This may include first and last name, organization name, business address(es), email address(es), phone number(s), and job title or role.

We do not collect or store sensitive personal information such as financial, health, or government identification data.

All information collected is business-related and, in most cases, publicly available through professional or company websites, social media, or third-party business directories.

B. How Personal Information Is Used

Personal information is used to deliver services requested by Clients, communicate regarding projects or accounts, send notifications related to OneIMS’ services, and improve customer experience.

We do not sell, rent, or trade any personal data for monetary or marketing gain.

C. Access to Personal Information

Clients may request access to their information and ask for updates or corrections through our website contact form.

We do not maintain a customer login portal for account management.

Section 3: PII Protection

A. Protecting Your Information

OneIMS uses up to 256-bit Secure Sockets Layer (SSL) encryption for data transmission and AES-256 encryption at rest on secure cloud servers such as Heroku.

We use secure password management software such as Keeper Security and Single Sign-On (SSO) via Google Workspace for account authentication and credential management.

We do not store customer data on any local machines. All processing and storage occur in secure, cloud-based environments compliant with industry best practices.

B. Security Practices

OneIMS follows administrative, technical, and physical safeguards to protect information from unauthorized access, misuse, or disclosure.

While no system is 100% secure, we continuously evaluate our security protocols to ensure compliance with industry standards and applicable privacy laws.

In the event of a Personal Data Breach, OneIMS will notify affected parties within 72 hours of becoming aware of the breach, as required under applicable law.

C. Disclosure of Information

OneIMS does not sell or trade any PII. Information may be shared only with trusted partners or service providers who assist in delivering OneIMS services such as hosting providers, CRM tools, or analytics partners.

Disclosures may also occur to comply with applicable laws or legal processes, enforce OneIMS’ Terms of Service, or detect or prevent fraud, abuse, or security incidents.

We may share non-personally identifiable information such as aggregate analytics or usage trends to improve our services.

D. Unsubscribe / Opt-Out

You may opt out of any marketing or promotional communications at any time by clicking the “unsubscribe” link in our emails or by writing to:

OneIMS
110 N. Wacker Drive, Suite 2500
Chicago, IL 60606

E. Links to Third-Party Sites

Our website may contain links to third-party websites. OneIMS is not responsible for the privacy practices or content of such sites. Users should review each site’s privacy policy before providing any personal information.

Section 4: U.S. Privacy Compliance (CCPA, CPRA, and State Laws)

A. Applicability

While OneIMS primarily provides B2B marketing and consulting services, we comply with applicable U.S. data privacy laws, including the California Consumer Privacy Act (CCPA), California Privacy Rights Act (CPRA), Virginia Consumer Data Protection Act (VCDPA), Colorado Privacy Act (CPA), and similar state laws.

We do not sell or share personal information within the meaning of these laws.

B. Your Privacy Rights

Depending on your location, you may have the right to access the personal data we hold about you, request deletion of your personal data, correct inaccuracies, opt out of data sharing for targeted advertising, or limit the use of sensitive personal information.

To exercise your rights, please submit a request through our website contact form. We will verify your identity and respond in accordance with applicable laws.

C. Data Retention

OneIMS retains personal data only for as long as necessary to fulfill the purposes outlined in this policy, comply with legal obligations, or resolve disputes.

D. International Data Transfers

Although OneIMS primarily serves U.S.-based clients, data may be processed or stored in other jurisdictions through secure third-party providers such as HubSpot and Google Cloud. All transfers comply with applicable data protection laws and contractual safeguards.

Section 5: GDPR Compliance

While OneIMS does not directly market to or contract with EU residents, we acknowledge that some of our Clients may engage EU-based individuals.

We comply with GDPR requirements for data minimization, security, and breach notification. EU data subjects may request information access or deletion through our website contact form.

Section 6: Indemnity

OneIMS is not responsible for the privacy or data management practices of Clients or third parties that process data independently.

Clients are solely responsible for managing and securing their own customer data. In the event of a breach caused by Client systems or third-party actions, the Client agrees to indemnify and hold OneIMS harmless.

Section 7: Miscellaneous

A. Changes to this Policy

OneIMS may update this policy periodically. The updated version will be posted on our website with a revised “Last Updated” date. Continued use of our services constitutes acceptance of the revised policy.

B. Severability

If any provision of this policy is held invalid or unenforceable, the remaining provisions shall continue in full force and effect.

C. Headings

Headings are provided for convenience and do not affect interpretation.

D. Cookie Usage and Opt-Out

We use cookies and similar technologies for analytics, advertising, and website optimization. You can manage or opt out of cookies using your browser settings or by visiting YourAdChoices or Network Advertising Initiative.

E. Microsoft Tools

We partner with Microsoft Clarity and Microsoft Advertising to analyze website behavior and improve our services. Data captured includes non-identifiable behavioral metrics, heatmaps, and session replays.

For more information on Microsoft’s privacy practices, visit the Microsoft Privacy Statement.

Contact Us

If you have any questions about this Privacy and Data Protection Policy, please reach out through our website contact form or write to:

OneIMS
110 N. Wacker Drive, Suite 2500
Chicago, IL 60606