top of page
PRIVACY POLICY

Irongate Systems

 

Last updated: 15 June 2025

 

In this Privacy Policy, we, us or our means Irongate Systems LLC EIN 981698958 and all group companies of Irongate Systems LLC EIN 981698958, including Irongate Technologies Limited EU Company no. 759274, and IGS Technologies Limited (UK Company No. 15266556).

​

This Privacy Policy applies to all users of Irongate Systems globally, including in the United States and Canada.

We understand that protecting your personal information is important. This Privacy Policy sets out our commitment to protecting the privacy of personal information provided to us, or collected by us, when interacting with you.

​

Where applicable, Irongate Systems complies with US state privacy laws, including the California Consumer Privacy Act (CCPA/CPRA) and similar laws across all states in the US including Virginia, Colorado, Connecticut, and Utah. These provide rights of access, deletion, correction, and the right to opt out of certain processing. We will honor these rights for all US residents.

​

For Canadian customers, Irongate Systems complies with the federal Personal Information Protection and Electronic Documents Act (PIPEDA), as well as provincial laws such as Alberta’s PIPA, British Columbia’s PIPA, and Quebec’s Law 25. These provide individuals with rights of access, correction, withdrawal of consent, and safeguards for cross-border transfers.

​

This Privacy Policy takes into account the requirements of the Privacy Act 1988 (Cth). In addition to the Australian laws, individuals located in the European Union or European Economic Area (EU) may also have rights under the General Data Protection Regulation 2016/679 and individuals located in the United Kingdom (UK) may have rights under the General Data Protection Regulation (EU) 2016/679) (UK GDPR) and the Data Protection Act 2018 (DPA 2018) (together, the GDPR). Appendix 1 outlines the details of the additional rights of individuals located in the EU and UK as well as information on how we process the personal information of individuals located in the EU and UK.

 

The information we collect

Personal information: is information or an opinion, whether true or not and whether recorded in a material form or not, about an individual who is identified or reasonably identifiable.

The types of personal information we may collect about you include:

  • Identity Data including your name and job title.

  • Contact Data including your telephone number, address and email.

  • Financial Data including bank account and payment card details (through our third party payment processor, who stores such information and we do not have access to that information).

  • Technical and Usage Data when you access any of our websites or platforms, details about your internet protocol (IP) address, login data, browser session and geo-location data, statistics on page views and sessions, device and network information, acquisition sources, search queries and/or browsing behavior, access and use of our website (including through the use of Internet cookies), and communications with our website.

  • Profile Data including your username and password for Irongate and information you share with our platform, and support requests you have made.

  • Marketing and Communications Data including your preferences in receiving marketing from us and our third parties and your communication preferences.

  • Professional data including where you are a worker of ours or applying for a role with us, your professional history such as your previous positions and professional experience.

  • Sensitive information is a sub-set of personal information that is given a higher level of protection. Sensitive information means information relating to your racial or ethnic origin, political opinions, religion, trade union or other professional associations or memberships, philosophical beliefs, sexual orientation or practices, criminal records, health information or biometric information. We do not actively request sensitive information about you. If at any time we need to collect sensitive information about you, unless otherwise permitted by law, we will first obtain your consent and we will only use it as required or authorized by law.

 

How we collect personal information

We collect personal information in a variety of ways, including:

  • when you provide it directly to us, including face-to-face, over the phone, over email, or online;

  • when you complete a form, such as the ‘contact us’ form on our website, downloading any of our white papers or signing up for any other content, or responding to surveys;

  • when you use any website we operate (including from any analytics and cookie providers or marketing providers. See the “Cookies” section below for more detail on the use of cookies);

  • from third parties, such as where our clients input information into our platform about their supply chain, and it includes your contact details; or

  • from publicly available sources.

 

Why we collect, hold, use and disclose personal information

We have set out below, in a table format, a description of the purposes for which we plan to collect, hold, use and disclose your personal information.

​

​

​

​

​

​

​

​

​

​

​

​

​

​

​

​

​

​

​​

​

​

​

​

​

​

​

​

​

​

​​

Our disclosures of personal information to third parties

Personal information: We may disclose personal information to:

  • our employees, contractors and/or related entities;

  • IT service providers, data storage, web-hosting and server providers, such as Amazon Web Services and HubSpot;

  • marketing or advertising providers;

  • professional advisors, bankers, auditors, our insurers and insurance brokers;

  • payment systems operators or processors;

  • our existing or potential agents or business partners;

  • if we merge with, or are acquired by, another company, or sell all or a portion of our assets, your personal information may be disclosed to our advisers and any prospective purchaser’s advisers and may be among the assets transferred;

  • courts, tribunals and regulatory authorities, in the event you fail to pay for goods or services we have provided to you;

  • courts, tribunals, regulatory authorities and law enforcement officers, as required or authorized by law, in connection with any actual or prospective legal proceedings, or in order to establish, exercise or defend our legal rights;

  • third parties to collect and process data, such as analytics providers and cookies; and

  • any other third parties as required or permitted by law, such as where we receive a subpoena.

  • Your mobile opt-in data will not be shared with any third parties.

 

 

Data Residency and International Transfers

Irongate is committed to meeting data residency requirements and protecting the privacy of our customers across all regions where we operate.

 

Project Data Residency

  • Project data is processed within Australia and the UK region where the project is created, unless otherwise agreed with the customer.

  • Where local hosting is required by law or by customer agreement, Irongate ensures that project data remains within that jurisdiction and is not transferred across borders, except where expressly authorized by the customer.

  • Administrative and support services may be provided by Irongate personnel in other regions, but these activities do not involve transferring project data outside its hosting region.

 

International Transfers

In limited cases, Irongate may transfer personal information (such as account, billing, or support data) across borders. When this occurs, we apply one of the following safeguards to ensure equivalent protection:

 

  • Adequacy Decisions: Where the destination country is recognized by the European Union or the United Kingdom as providing an adequate level of protection (e.g., New Zealand, Japan, Switzerland), transfers can take place without additional measures.

  • EU–US Data Privacy Framework (DPF): For transfers to the United States, if our service providers (such as cloud hosting vendors) are certified under the DPF, transfers are considered compliant with EU and UK law.

  • Standard Contractual Clauses (SCCs) or Binding Corporate Rules (BCRs): If the recipient is not DPF-certified, Irongate relies on approved contractual mechanisms, such as SCCs or BCRs, to provide equivalent protection. Where SCCs are used, we also perform a Transfer Impact Assessment (TIA) to evaluate whether US or other foreign laws could affect those protections.

 

Compliance Across Jurisdictions

  • For EU/UK customers, Irongate complies with the General Data Protection Regulation (GDPR) and the UK GDPR, applying the safeguards above.

  • For Canadian customers, Irongate complies with PIPEDA and relevant provincial privacy laws (Alberta PIPA, BC PIPA, Quebec Law 25) when transferring data outside of Canada.

  • For US customers, Irongate complies with applicable state privacy laws (including CCPA/CPRA, Virginia CDPA, and others), ensuring that data is processed lawfully and securely.

 

Customer Assurance

Irongate does not sell personal information. We only transfer personal information across borders when necessary to provide our services, and always subject to contractual, technical, and organizational safeguards.

 

Overseas disclosure

We store personal information in Australia (and in the United Kingdom, where you contract with IGS Technologies Limited (UK Company No. 15266556). Where we disclose your personal information to our group companies or third parties, our group companies and those third parties may also store, transfer or access personal information outside of the country where you are based. We will only transfer your personal information overseas in accordance with applicable data protection laws.

 

Your rights and controlling your personal information

Your choice and consent: Please read this Privacy Policy carefully. If you provide personal information to us, you understand we will collect, hold, use and disclose your personal information in accordance with this Privacy Policy.

 

You do not have to provide personal information to us, however, if you do not, it may affect our ability to do business with you. Prior express consent shall be obtained before collecting or processing personal data for any purpose outside the scope defined in this Privacy Policy. Data subjects maintain the right to withdraw consent at any time by providing notice through the designated contact channels listed herein. Such withdrawal requests will be executed as soon as possible, unless we have a lawful basis to retain the personal data.

​

Information from third parties: If we receive personal information about you from a third party, we will protect it as set out in this Privacy Policy. If you are a third party providing personal information about somebody else, you represent and warrant that you have such person’s consent to provide the personal information to us.

​

Restrict and unsubscribe: To object to processing for direct marketing/unsubscribe from our email database or opt-out of communications (including marketing communications), please contact us using the details below or opt-out using the opt-out facilities provided in the communication.

​

Access: You may request access to the personal information that we hold about you. An administrative fee may be payable for the provision of such information. Please note, in some situations, we may be legally permitted to withhold access to your personal information. If we cannot provide access to your information, we will advise you as soon as reasonably possible and provide you with the reasons for our refusal and any mechanism available to complain about the refusal. If we can provide access to your information in another form that still meets your needs, then we will take reasonable steps to give you such access.

​

Correction: If you believe that any information we hold about you is inaccurate, out of date, incomplete, irrelevant or misleading, please contact us using the details below. We will take reasonable steps to promptly correct any information found to be inaccurate, out of date, incomplete, irrelevant or misleading. Please note, in some situations, we may be legally permitted to not correct your personal information. If we cannot correct your information, we will advise you as soon as reasonably possible and provide you with the reasons for our refusal and any mechanism available to complain about the refusal. We rely on you to ensure that the personal information you provide to us is accurate, complete, and up-to-date. You may contact us at any time to update or correct your information.

​

Complaints: If you wish to make a complaint, please contact us using the details below and provide us with full details of the complaint. We will promptly investigate your complaint and respond to you, in writing, setting out the outcome of our investigation and the steps we will take in response to your complaint. If you are not satisfied with our response, you may contact the Office of the Australian Information Commissioner.

​

We shall implement systematic reviews of our privacy practices, controls, and processing activities to ensure continued adherence to this Privacy Policy and all applicable statutory and regulatory requirements. Any identified instances of non-compliance, whether due to willful violation or error, will be handled in accordance with internal protocols. Disciplinary measures proportionate to the severity of the breach may be imposed against our employees, which may result in the termination of their employment. We further reserve our legal rights to pursue civil or criminal action against any parties responsible for any unlawful breaches of this policy.

 

​Storage and security

We are committed to ensuring that the personal information we collect is secure. In order to prevent unauthorized access or disclosure, we have put in place suitable physical, electronic and managerial procedures, to safeguard and secure personal information and protect it from misuse, interference, loss and unauthorized access, modification and disclosure.

While we are committed to security, we cannot guarantee the security of any information that is transmitted to or by us over the Internet. The transmission and exchange of information is carried out at your own risk.

 

Cookies

We may use cookies on our website from time to time. Cookies are text files placed in your computer's browser to store your preferences. Cookies, by themselves, do not tell us your email address or other personally identifiable information. However, they do recognize you when you return to our online website and allow third parties to cause our advertisements to appear on your social media and online media feeds as part of our retargeting campaigns. If and when you choose to provide our online website with personal information, this information may be linked to the data stored in the cookie.

​

You can block cookies by activating the setting on your browser that allows you to refuse the setting of all or some cookies. However, if you use your browser settings to block all cookies (including essential cookies) you may not be able to access all or parts of our website.

 

​Links to other websites

Our website may contain links to other party’s websites. We do not have any control over those websites and we are not responsible for the protection and privacy of any personal information which you provide whilst visiting those websites. Those websites are not governed by this Privacy Policy.

 

 

Amendments

We may, at any time and at our discretion, vary this Privacy Policy by publishing the amended Privacy Policy on our website. We recommend you check our website regularly to ensure you are aware of our current Privacy Policy.

 

For any questions or notices, please contact us at:

Irongate Systems LLC EIN 981698958 (Attention: Data Protection Manager) info@irongatesystems.com

​

image.png
bottom of page