Notice & Choice

IBR may receive personal data in the form of work schedules from an organization, for the purpose of determining fatigue-related risks. IBR applications allow entry of proposed schedules and generate graphical predictions of performance along with tables of estimated effectiveness scores for objective comparison. This data may include basic personal information about workplace personnel, such as names and/or employee identification number, however IBR only uses data relevant to the service provided and is processed only as permitted by the Principles.

Notice to individuals regarding the collection, use, and/or transfer of the personal data described above is provided in contracts or agreements.

If for any reason the data is to be used for a purpose that is materially different from the purpose for which it was originally collected or subsequently authorized, IBR will request your consent beforehand.

Individuals may have the right to limit the use and disclosure of their personal information, such as whether your personal information is disclosed to a third party or used for purposes materially different from the purpose for which the personal information was originally collected or subsequently authorized by you. If you wish to limit the use and disclosure of personal information, please contact us at info@ibrinc.org.

Accountability for Onward Transfer

IBR will not provide personal data to any third-party organizations without express permission. IBR will remain responsible and liable for the work provided by any such third-party organization. Contracts with third-party organizations are maintained and noted that the third party will apply the same level of protection for Personal Data as is required by the Privacy Policy Notice and Choice Principles. The third-party organization also agrees to notify IBR if it can no longer meet its obligation. If this determination is met, the third-party ceases processing or will take appropriate steps of remediation.

If the use of a third party is necessary, IBR will obtain consent through a contract/agreement, outlining the type of personal data collected and used. IBR will provide information on the nature, type, or manner of the third-party organization(s). Personal data will not be shared with a third-party organization without consent. Additionally, disclosure of personal information may be necessary to meet a legal obligation or a lawful request by public authorities, including to meet national security or law enforcement requirements.

Security

IBR takes reasonable and appropriate measures to protect the personal data that it creates, maintains, uses, or disseminates to protect it from loss, misuse and unauthorized access, disclosure, alteration, and destruction. These measures consider the risks involved in the processing and the nature of the personal data.

Data Integrity and Purpose Limitation

IBR collects and processes personal data only to the extent that is necessary to provide its services.  IBR will notify and obtain your consent if we use your personal data in any other manner.  IBR will take reasonable steps necessary to ensure that personal data is accurate, complete, current, and reliable for its intended use.

Access

Individuals whose personal data is held by IBR have the right to request access to the personal data to review, correct, update, suppress, or delete it if it is inaccurate or has been processed in violation of the Principles, except where the burden or expense of providing access would be disproportionate to the risks of the individual’s privacy, or where the rights of persons other than the individual would be violated.  Requests to review and correct the personal data can be made to info@ibrinc.org.

What personal information do we collect?

By nature of providing our services, as appropriate, we may receive additional information related to an employee such as email address, mailing address, phone number, company name, company size.

Basic contact information may be collected when an individual requests additional information from IBR or SAFTE-FAST websites.

  • System use requirements and contact information may be collected when we are provided with contractual documents (Request for Proposal, Contract Agreement, Change Request, etc.)
  • We will collect scheduling, sleep, operational, or other data as provided by the customer (Customer Data) when provided with sample data for systems integration, testing, verification or support
  • We may collect personal sleep information and/or subjective survey results as part of research (Research Data)
  • Standard internet technologies, such as cookies, are used to keep track of interactions with the website and web applications

When do we collect information?

We collect information through the normal course of business with our clients.

  • Customers may electronically submit data or information to our software or support services (“Customer Data”)
  • IBR will not review, share, distribute, or reference any such Customer Data except as defined in approved contractual documents, or as may be required by law. In accordance with IBR and the Customer’s contractual documents, IBR may access Customer Data only for the purposes of providing the services, preventing or addressing service or technical problems, at a Customer’s request in connection with customer support matters, or as may be required by law

How do we use your information?

Customer Data is used to determine risk associated with fatigue. This data is analyzed and used to generate graphical predictions of performance along with tables of estimated effectiveness scores for objective comparison.

  • Information is collected to provide Customers with the software and services they may request
  • Collected information can be used to provide customers with additional information about our software, services, promotions, and events
  • Collected information can be used to improve our software and services
  • We do not share, sell, rent, or trade personally identifiable information with third parties for their promotional purposes. IBR may share information collected with other companies that work on IBR’s behalf
  • Robust security measures are used to protect information

For Mobile Applications and Wearable Data

If you have downloaded a mobile application that collects personal data from a wearable device shared with IBR, such as sleep, activity, and physiological data, then you have consented to allow IBR to use such data for scientific purposes. IBR will not identify you as the source of such data.  IBR will delete your data upon request.

How do we protect visitor information?

Your personal information is contained behind secured networks and is only accessible by a limited number of persons who have special access rights to such systems and are required to keep the information confidential. In addition, all sensitive/credit information you supply is encrypted via Secure Socket Layer (SSL) technology.

We implement a variety of security measures when entering, submitting, or accessing information to maintain the safety of your personal information.

Communication Preferences

  • Marketing emails from IBR include instructions on how to opt out of receiving further marketing emails
  • Email is primarily used for direct customer communication. If alternate contact methods are requested by the Customer (phone, internet-based meetings, or chat), IBR will maintain primary contact method(s) as part of basic contact information

COPPA (Children Online Privacy Protection Act)

The Children’s Online Privacy Protection Act (COPPA) requires websites that market to, serve, or attract children under thirteen (13) to engage in certain procedures to protect those children’s privacy and interest, including the provision of certain rights to parents. The Federal Trade Commission, the nation’s consumer protection agency, enforces the COPPA Rule, which spells out what operators of websites and online services must do to protect children’s privacy and safety online. IBR does not market to, serve or attract children under thirteen (13).

Fair Information Practices

The Fair Information Practices Principles form the backbone of privacy law in the United States and the concepts they include have played a significant role in the development of data protection laws around the globe. Understanding the Fair Information Practice Principles and how they should be implemented is critical to comply with the various privacy laws that protect personal information.

To be in line with Fair Information Practices, should a data breach occur, we will notify the users via email within 1 business day.

CAN-SPAM Act

The CAN-SPAM Act is a law that sets the rules for commercial email, establishes requirements for commercial messages, gives recipients the right to have emails stopped from being sent to them, and spells out tough penalties for violations.

We collect your email address to:

  • Send information and respond to inquiries and/or other requests or questions
  • Process orders and send information and updates pertaining to orders
  • Send you additional information related to your product and/or service

To be in accordance with CAN-SPAM we agree to:

  • NOT use false, or misleading subjects or email addresses
  • Identify the message as an advertisement in some reasonable way
  • Include the physical address of our business or site headquarters
  • Monitor third party email marketing services for compliance, if one is used
  • Honor opt-out/unsubscribe requests quickly
  • Allow users to unsubscribe by using the link at the bottom of each email

If at any time you would like to unsubscribe from receiving future emails, you can email us at info@ibrinc.org and we will promptly remove you from ALL correspondence.

European Union Representative

We have appointed EU Rep as our Representative under Article 27 of the EU General Data Protection Regulation (“GDPR”). All GDPR queries from EU Data Subjects or Data Protection authorities should be submitted to eurep.ie via their dedicated form. Bizlegal t/a EUREP, Company number 635921, Ireland. You may also contact us directly at info@ibrinc.org.

Legal Basis for Processing

IBR processes the personal data of all data subjects based on contractual necessity, and legitimate interest as described below.

Personal data of any data subject may be processed by IBR when it is necessary for the performance of a contract. This includes any contractual data management and processing activity that IBR engages in with a data subject to perform essential business functions.

In addition to contractual necessity, IBR processes the personal data of any data subject based on the engagement of legitimate interests. Legitimate interests apply to all aspects of data storage, management, and use.

Data subjects have the right to object to the processing of their personal data based on legitimate interest. For more information on how to exercise this right, please refer to the relevant sections of this Privacy Policy.

External Third-Party Recipients of Personal Data

IBR reserves the right to share personal data with external-third party recipients for essential business functions. These recipients include, but are not limited to, Amazon Web Service (AWS), Atlassian, Salesforce, and Microsoft.

Additional third-party recipients utilized by IBR can be service providers, marketing and advertising partners, legal and compliance obligations, business transfers, and all other third-parties with consent. IBR ensures that all external third-party recipients handle your data securely and in compliance with all relevant laws and regulations.

IBR reserves the right to update the third-party recipients, and the purpose for sharing personal data as needed. All changes will be reflected in this Privacy Policy.

Data Retention

IBR will retain personal data only for as long as necessary to fulfill the purposes outlined in this Privacy Policy. The following data retention schedule provides retention periods for different categories of personal data:

Type of Record Retention Period Retention Period
Information collected via www.saftefast.com website forms, or email at info@saftefast.com 1 year
Employment Applications 3 years
Contracts Permanently
Customer Data Until Contract Termination
Research Data Permanently

IBR utilizes the following criteria for the determination of data retention periods:

IBR retains records based on content, the likelihood the record is needed again, the consequence of not having the record and to fulfill any regulatory requirements for inspection or audit and legal retention requirements.

Cookies and Tracking Technologies

IBR’s SAFTE-FAST website (www.saftefast.com) utilizes cookies to collect information about how the data subject interacts with the website, and to enhance overall browsing experience. To achieve this, IBR uses Google Analytics, a web service provided by Google, Inc. (Google). Google Analytics uses cookies to analyze website use, and other related activity using the following cookies:

Session Cookies: these are temporary cookies that are erased when the user closes their browser. They are utilized for a smooth and enhances user experience on the site.

Persistent Cookies: these cookies remain on the user’s device for an extended period and must be manually deleted. Their main function is recognizing a returning user and analyzing the user’s behavior over time.

IBR uses Google Analytics to understand how users engage with the website. The information generated by the cookies is stored on serves owned by Google. Google uses this information to evaluate the use of IBR’s website, generate reports, and provide relevant and additional services.

Users can interact with the cookie consent banner on the IBR website to manage their preferences. Users can choose to accept or reject cookies and delete them at any time.

Withdraw Consent

The data subject has the right to withdraw their consent to data processing at any time. If the data subject provided consent for the processing of their personal data, and wishes to withdraw their consent, they can do so through the following steps outlines below:

The data subject can utilize the “Manage Preferences” function on the cookie banner found within the IBR website. This function allows the data subject to manually withdraw consent.

The data subject can alternatively withdraw consent to data processing by contacting the Chief Operating Officer. The data subject can reach out to IBR via email at info@ibrinc.org or by utilizing the contact details in the “Contacting IBR” section of the Privacy Policy.

By continuing to utilize the IBR website, the user is consenting to the use of cookies as described in this policy.

Contact

If you have any questions regarding IBR’s Privacy Policy, please contact IBR at:

Institutes for Behavior Resources, Inc. (IBR)
2104 Maryland Avenue
Baltimore, Maryland, 21218
USA
info@ibrinc.org
Last Edited on May 16, 2024

TERMS AND CONDITIONS OF USE OF THIS WEBSITE

PRIVACY

The use of the IBR’s website is governed by our Privacy Policy.

SECURITY

IBR’s web sites have reasonable security measures in place to protect against the loss, misuse and alteration of information under our control. These precautions include data encryption, firewall protection, and restricted server access. However, we cannot guarantee that unauthorized third parties will never be able to defeat those measures or use your personal information for improper purposes.

CHANGES TO PRIVACY POLICY

IBR reserves the right to change its privacy policies at any time. Any changes to the policy will be posted on this page. For members of IBR, this privacy policy is a supplement to, not a replacement for, any other agreements or terms provided by IBR to you.

COPYRIGHT

All content included on this site, such as text, graphics, logos, button icons, images, audio clips, digital downloads, data compilations, and software, is the property of IBR or its content suppliers and is protected by United States and international copyright laws. The compilation of all content on this site is the exclusive property of IBR and is protected by U.S. and international copyright laws.

You are not permitted to use this website other than for private, non-commercial purposes. Use of the website for any other purpose than the aforementioned private, non-commercial purposes is prohibited. Reuse of any data obtained from this website for commercial purposes is strictly prohibited this includes any automated tools to retrieve data from or enter data into this web site is also strictly prohibited.

TRADEMARKS

IBR and other marks indicated on this site are registered trademarks of IBR in the United States and other countries. IBR’s trademarks and trade dress may not be used in connection with any product or service that is not IBR’s, in any manner that is likely to cause confusion among customers, or in any manner that disparages or discredits IBR. All other trademarks not owned by IBR that appear on this site are the property of their respective owners, who may or may not be affiliated with or connected to IBR.

LICENSE AND SITE ACCESS

IBR grants you a limited license to access and make personal use of this site and not to download (other than page caching) or modify it, or any portion of it, except with express written consent of IBR. This license does not permit any resale or commercial use of this site or its contents; any collection and use of any product listings, descriptions, or prices; any derivative use of this site or its contents; any downloading or copying of account information for the benefit of another merchant; or any use of data mining, robots, or similar data gathering and extraction tools. No part of this site may be reproduced, duplicated, copied, sold, resold, visited, or otherwise exploited for any commercial purpose without express written consent of IBR. You may not frame or utilize framing techniques to enclose any trademark, logo, or other proprietary information (including images, text, page layout, or form) of IBR without express written consent. You may not use any meta tags or any other “hidden text” utilizing IBR name or trademarks without the express written consent of IBR. Any unauthorized use terminates the permission or license granted by IBR and may subject you to liability. You may not use any IBR logo or other proprietary graphic or trademark as part of a hyperlink without express written permission.

COPYRIGHT COMPLAINTS

IBR respects the intellectual property of others. If you believe that your work has been copied or used in a way that constitutes copyright infringement, please contact IBR using the contact information at the bottom of this page.

SECURITY

IBR’s web sites have reasonable security measures in place to protect against the loss, misuse and alteration of information under our control. These precautions include data encryption, firewall protection, and restricted server access. However, we cannot guarantee that unauthorized third parties will never be able to defeat those measures or use your personal information for improper purposes. As you wish, you may place any order by telephone, though it is possible that different prices will apply.

DISCLAIMER OF WARRANTIES AND LIMITATION OF LIABILITY

THIS SITE IS PROVIDED BY IBR ON AN “AS IS” AND “AS AVAILABLE” BASIS. IBR MAKES NO REPRESENTATIONS OR WARRANTIES OF ANY KIND, EXPRESS OR IMPLIED, AS TO THE OPERATION OF THIS SITE OR THE INFORMATION, CONTENT, MATERIALS, OR PRODUCTS INCLUDED ON THIS SITE. YOU EXPRESSLY AGREE THAT YOUR USE OF THIS SITE IS AT YOUR SOLE RISK. TO THE FULL EXTENT PERMISSIBLE BY APPLICABLE LAW, IBR DISCLAIMS ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. IBR DOES NOT WARRANT THAT THIS SITE, ITS SERVERS, OR E-MAIL SENT FROM IBR ARE FREE OF VIRUSES OR OTHER HARMFUL COMPONENTS. IBR WILL NOT BE LIABLE FOR ANY DAMAGES OF ANY KIND ARISING FROM THE USE OF THIS SITE, INCLUDING, BUT NOT LIMITED TO DIRECT, INDIRECT, INCIDENTAL, PUNITIVE, AND CONSEQUENTIAL DAMAGES. CERTAIN STATE LAWS DO NOT ALLOW LIMITATIONS ON IMPLIED WARRANTIES OR THE EXCLUSION OR LIMITATION OF CERTAIN DAMAGES. IF THESE LAWS APPLY TO YOU, SOME OR ALL OF THE ABOVE DISCLAIMERS, EXCLUSIONS, OR LIMITATIONS MAY NOT APPLY TO YOU, AND YOU MIGHT HAVE ADDITIONAL RIGHTS.

APPLICABLE LAW

By using any materials on IBR’s website, you agree that the laws of the State of Maryland, without regard to principles of conflict of laws, will govern these Terms and Conditions of Use and any dispute of any sort that might arise between you and IBR.

CONTACTING IBR

Institutes for Behavior Resources, Inc. (IBR)
2104 Maryland Avenue
Baltimore, Maryland, 21218
USA
info@ibrinc.org
Last Edited on May 16, 2024