An IBMid uniquely identifies you when you access our websites, make a request or order, or use a product or service. If you log into our websites with an IBMid we may link the information we collect with your account. An IBMid is also used to give you access to IBM Applications, Cloud and Online Services and allows you to manage your contract and billing history. The email address in your IBMid may be used to contact you in relation to any services to which you subscribe.

Business contact information is typically information that you would find on a business card, such as name and business contact details. We use this information to contact or communicate with you about business matters. If we receive business contact information from a third party, such as an IBM Business Partner or supplier, we will confirm that the information was shared appropriately.

We may also combine your business contact information with other business-relevant information, such as information about your professional education, skills, work experience, or other publicly available information, such as business-related blogs, publications, job roles, and certifications. This information may be used to tailor our interactions with you in any part of IBM’s business, for example in the sales process, to maintain a relationship with you, and for post-contractual relationships.

We collect information about your use of our websites, such as:

• the webpages you view,
• the amount of time you spend on pages,
• the website URL that referred you to our pages,
• your geographic information derived from your IP address,
• and any hyperlinks you select.

We use this information to improve and personalize your experience with our websites, provide you with content that you may be interested in, create marketing insights, and to improve our websites, online services, and related technologies.

We also collect the information that your browser or device automatically sends, such as:

• your browser type and IP address,
• operating system, device type, and version information,
• language settings,
• crash logs,
• IBMid information (if signed in),
• and passwords.

We use this information to provide you with access to our webpages, improve the webpage view on your device and browser, adapt to your settings and language, and adapt content for relevancy or any legal requirements for your country. We also use this information to comply with system and network security requirements, and to provide support. For more information see, Support Services and Protecting You and IBM.

We also provide platforms and forums that enable online sharing, support, and collaboration among registered members. Any information that you submit to these platforms may be made available to others on the internet, or removed by us, as covered in the platform privacy notice or terms. We are not responsible for any content that you make available through your use of our products or services.

We prepare reports on the use of our websites to derive insights into trending topics and general market knowledge. These reports may be provided to third parties with details on how users interacted with or showed interest in the third-party products or services that were presented on our websites.

We accept no responsibility for the content provided on, or privacy practices, of third-party websites or applications.

The information that we collect on our cloud and online services may include:

• the pages you view,
• your settings within the service,
• your browser type and IP address,
• operating system, device type, and version information,
• crash logs,
• IBMid information (if signed in),
• and passwords.

This information is collected to provide you with access, to operate the service, for support, to personalize and improve your experience of the service, to develop other services and technologies, and generate technical and market insights. For more information on the technologies that we use to collect this information, and setting your preferences, see Cookies and Similar Technologies.

As a public cloud provider, IBM does not use personal information processed under a contract for the purposes of marketing and advertising without express consent.

Mobile application privacy notices may provide details about the information that is collected by the app, such as geo-location information or the unique User-ID of a device. Unique User-IDs are used to connect to servers and to connect the use of the device across apps. Depending on the functions of the app, you can tailor your privacy settings by using the settings menu or in your user profile.

IBM Learning offers education services and collects information on course completions to be able to provide you with credentials, certificates, or further information when needed.

We accept no responsibility for the content provided on, or privacy practices, of third-party websites or applications.

We use information that we collect for marketing purposes. This may include information:

• Collected directly from you through your interactions with IBM, such as attendance at events or submission of online registration forms,
• Received from third-party data providers, subject to controls confirming that the third party legally acquired the information and has the right to provide the information to IBM for use in our marketing communications,
• Collected on our websites or from your interactions with IBM emails and content, including content on third-party sites. For more information on the technologies that we use to collect this information, see Cookies and Similar Technologies.

Subject to your preferences, we may use this information to market to you regarding IBM products, services, and offerings. For example, we may:

• Contact you by using email, telephone, or postal mail
• Personalize your experience with IBM products and services, such as sharing more relevant content or pre-filling registration forms on our websites.
• Deliver targeted IBM advertisements on third-party websites based on information we or authorized third parties collect about your interactions with IBM websites, our content, emails, or, in select geographies, activity linked to your hashed email address.

To set or update your preferences with regards to marketing activities using your email address, phone, or postal address, visit the IBM Privacy Preference Center.  You may also submit an opt-out request, or select Unsubscribe in each marketing email.

To opt out of the use of your hashed email for personalization or targeted advertising, you can withdraw your email consent by using any of these options.

To review or set your preferences regarding the information that we collect about you online on our websites, select Cookie Preferences in the website footer.

We also use this information to develop marketing and business intelligence, which is essential for our business operations. For example, we may:

• Combine the information we collect to better understand your interests and potential business needs,
• Use aggregated data to measure effectiveness of our marketing campaigns and events, and to proceed to informed business decisions and investments,
• Aggregate the information that is collected about IBM website visitors for the purposes of developing and modelling marketing audiences.

The information collected in a contractual relationship may include the business contact information of the requester, an IBMid, and the order details. Information that is required for shipment and payment, for the implementation of services, or to grant access to the product or service may also be collected.

This information may be collected for various purposes, depending on the nature of the products or services, for example, for contractual management and compliance, to provide support, for the improvement or development of our products and services, to contact you for customer satisfaction surveys, and to generate technical and market insights. For more information, see IBM Applications, Cloud and Online Services.

The information collected in a contractual relationship is not used for the purposes of marketing and advertising without obtaining consent before processing.

The information that we collect may include any information exchanged during our phone conversations or provided during Live Chat support sessions on our websites. This may include a recording or transcript of your conversations with us. We may use this information to inform you of products or services that are related to your support request. This can include product updates or fixes, and we may combine the information that is collected through other interactions with you or your organization to provide more valuable suggestions in relation to product support, such as any available training regarding the issue.

While we handle the support case, we may have incidental access to information that you have provided or information that is on your system. This information may contain information about you, your organization's employees, customers, or other relevant parties. The conditions regarding the handling and processing of this information is covered by the applicable Terms of Use or other agreements between your organization and IBM, such as the Terms of Use for Exchanging Diagnostic Data.

The security solutions we use to protect your information, our infrastructure, and our networks may collect information such as IP addresses and log files. This is necessary for the functionality and utility of security programs to enable the investigation of any potential security incidents and generate insights on security threats.

We may use specialized tooling and other technical means to collect information at access points to, and in, IT systems and networks to detect unauthorized access, viruses, and indications of malicious activities. The information we collect may be used to conduct investigations when unauthorized access, malware or malicious activities are suspected, and to remove or isolate malicious code or content.

The information that is collected at our locations is used to issue access badges. We may verify the identity of visitors where legally permissible and, for supplier personnel working on site, a badge with a photo identification may be requested for identification purposes.

Camera supervision and access management are used for reasons of security and safety of our locations, employees, and assets. More information may be available at the IBM location.

Regarding recruitment, we may look for prospective candidates with the help of recruitment intermediaries and may use publicly available information on social media platforms to identify prospective candidates for a specific function.

When an employee leaves IBM, we retain basic information from the former employee about their employment at IBM.

After an employee retires, we process information about the retiree for fulfilling the pension obligations toward the retiree. Information about the processing of pension information, or other retirement programs, can be found with the local organization responsible for pensions. In some countries, this may be an independent organization. In some cases, retirees may still participate in IBM-organized initiatives or programs, such as volunteer and social responsibility programs. Such participation is voluntary, and more information is provided on the relevant websites or information pages for those initiatives.

We collect information about our business operations to make informed decisions about the organization, the business, and to report on performance, audits, and trends. For example, we use this information to analyze the costs and quality of our operations. Where possible, this is done by using aggregated information, but may use personal information.

We collect and use information from our business systems, which may include personal information, to:

• protect or enforce our rights, including to detect fraud or other criminal activities (for example, by using information in payment systems)
• handle and resolve disputes
• answer complaints and defend IBM in legal proceedings
• and comply with legal obligations in the countries where we do business

We collect information from the use of our business processes, websites, cloud and online services, products, or technologies. This information may include personal information and is used for product and process development. For example, we may use this information to increase efficiency, decrease costs, or improve services by developing automated processes and tools, or to develop or improve the technologies on which these are based.

A cookie is a piece of data that a website may send to your browser, which may be stored on your computer and can be used to identify your computer. Web beacons, including pixels and tags, are technologies that are used to track a user visiting an IBM web page or if a web page was copied to another website. Local Shared Objects can store content information displayed on the webpage visited, and preferences. All of these technologies may be used to provide connected features across our websites or display targeted IBM advertising (subject to your cookie preferences) on other websites based on your interests. Web beacons may also be used to track your interaction with email messages or newsletters, such as to determine whether messages are opened or links are selected.

Session cookies can be used to track your progression from page to page so that you are not asked for information that you have already provided during the current session, or information that is needed to be able to complete a transaction. Session cookies are erased when the web browser is closed. Persistent cookies store user preferences for successive visits to a website, such as recording your choice of language and country location. Persistent cookies erase their data within 12 months.

You can use the IBM Cookie Manager to learn more about the online tracking technologies we use and to review or set your preferences regarding the information that we collect about you on our websites. The IBM Cookie Manager is either presented as a notification window when you first visit a webpage or opened by selecting Cookie Preferences in the website footer. The IBM Cookie Manager does not address all types of tracking technologies (for example, email pixels). When using mobile apps, use the options on your mobile device to manage settings.

Blocking, disabling, or rejecting IBM cookies may cause services to not function properly, such as in connection with a shopping cart, or block the use of websites or IBM Cloud services that require you to sign in. Disabling cookies does not disable other online tracking technologies, but prevents the other technologies from accessing any details stored in cookies.

Our websites offer the possibility to use third-party social media options.  If you elect to use these options, these third-party sites may log information about you, such as your IP address, access time, and referring website URLs. If you are logged in to those social media sites, they may also link collected information with your profile information. We accept no responsibility for the privacy practices of these third-party services and encourage you to review their privacy policies for more information.

For information on cookies and how to remove these technologies by using browser settings, see https://www.allaboutcookies.org/. 

Internally, personal information is shared for our business purposes: to improve efficiency, for cost savings, and internal collaboration between our subsidiaries (such as Red Hat). For example, we may share personal information such as managing our relationship with you and other external parties, compliance programs, or systems and networks security.

Our internal access to personal information is restricted and granted only on a need-to-know basis. Sharing of this information is subject to the appropriate intracompany arrangements, our policies, and security standards. For more information, see Legal Basis.

Externally,

• our business with suppliers may include the collection, use, analysis, or other types of processing of personal information on our behalf. 
• our business model includes cooperation with independent Business Partners for marketing, selling, and the provision of IBM products and services. Where appropriate (for example, when necessary for the fulfilment of an order), we share business contact information with selected Business Partners.
• we may share personal information with professional advisors, including lawyers, auditors, and insurance companies to receive their services.
• we may share contractual relationship information with others, for instance, our Business Partners, financial institutions, shipping companies, postal, or government authorities, such as the customs authorities that are involved in fulfillment.
• We may share personal information with third parties, such as advertising technology partners, data analytics providers and social networks engaged by IBM to deliver targeted IBM advertisements on their platforms, to aggregate information for analysis, and to track engagement with those advertisements.

In certain circumstances, personal information may be subject to disclosure to government agencies in accordance with judicial proceedings, court orders, or legal processes. We may also share personal information to protect the rights of IBM or others when IBM believes that such rights may be affected, for example to prevent fraud.

IBM International Group B.V.,

Johan Huizingalaan 765,

1066 VH Amsterdam,

The Netherlands

IBM United Kingdom Limited,

PO Box 41, North Harbour,

Portsmouth,

Hampshire, PO6 3AU,

United Kingdom

We rely on this legal basis when we need to process certain personal information, such as your contact details, payment details, and shipment details, to perform our obligations or to manage our contractual relationship with you.

Examples:

• If you intend to purchase a product or service, we require your business contact information to enter into a contract with you or you may need to create an IBMid (see Your Account) to access a purchased product online.
• When fulfilling a contract, you may need to receive support services, for which we will need to collect your contact information.
• We need personal information to consider job applicants or manage the pension entitlements of retirees (see Recruitment and Former Employees).

Legitimate interests relate to being able to conduct and organize business, which includes the marketing of our offerings, protecting our legal interests, securing our IT environment, or meeting client requirements.
Examples:

• We capture your use of, and interaction with our websites to improve them.
• We process your IBMid (see Your Account) to manage access authorization of our services.
• Where we have a contractual relationship with the organization that you are working for, we have a legitimate interest to process your personal information used to manage this contract.
• We process your business contact information (see Your Account) in combination with other business-relevant information to tailor our interactions with you and promote our products and services. We may process your contact information together with details of an IBM event you attended to develop Marketing and business intelligence.
• We process the personal information of applicants based on our legitimate interest to source suitable talent (see Recruitment and Former Employees).
• We have to keep our general business operations functional. To this end we may, for example, processes the login information of our IT systems and networks, or CCTV footage at IBM locations for security and safety purposes.

We may also process personal information where it is necessary to defend our rights in judicial, administrative, or arbitral proceedings. This also falls under the legal basis of legitimate interest in countries where they are not a separate legal basis.

We process personal information for credit protection, which is a specific legal basis under Brazilian law (LGPD) but is also covered under the legal basis of legitimate interest in other countries.

The processing is based on your consent where we request this.
Example:

• the optional use of Cookies and Similar Technologies or email of Marketing materials.

Where we need to process certain personal information based on our legal obligation. Example:

• We may be obliged to ask for a government-issued ID for certain transactions, such as for a financing transaction (see Contractual Relationship).