This privacy statement is effective as of April 29, 2024


The IBM Center for The Business of Government is a part of IBM.  We value your privacy and are committed to protecting and processing your personal information responsibly.

This privacy statement describes how IBM collects, uses, and shares personal information.

Personal Information We Collect and Use

This section describes the various types of information that we collect and how we use it.

We only collect information relevant to orders placed on the website.  This includes your name, address, and telephone number.  We do not share this information within our Center or IBM.

Conducting our Business Operations

We collect and use information to improve our business operations, systems, and processes. For example, information may be used to conduct, maintain, audit, and optimize our operations, and to defend our rights.

Cookies and Similar Technologies

When you visit our website, we collect information regarding your connection and your activity by using various online tracking technologies, such as cookies. Information that is collected with these technologies may be necessary to operate the website or service, to improve performance, to help us understand how our online services are used, or to determine the interests of our users.


Unless otherwise indicated, our website is not intended for use by children or minors as specified by law in their jurisdiction.

Controller and Representative Information

IBM does business through its subsidiaries worldwide. The privacy laws in some countries consider a Controller to be the legal entity (or natural person) who defines the purposes for which the processing of personal information takes place and how that information is processed. Parties that are involved in processing operations on behalf of a Controller may be designated as Processors. Designations and associated obligations differ, depending on the jurisdiction.

Where this is relevant for the privacy laws in your country, the Controller of your personal information is IBM’s main subsidiary in your country or region, unless International Business Machines Corporation (IBM Corp.) or another IBM subsidiary identifies itself as the Controller for a specific interaction with you.

The contact details of our main subsidiary of a country or region can be found by selecting your country or region and selecting Contact on the footer of websites. IBM Corp. can be contacted at: International Business Machines Corporation, 1, North Castle Drive, Armonk, New York, United States of America.

Where IBM Corp. or a subsidiary it controls is required to appoint a legal representative, the following representatives have been appointed.

Information Security and Retention

To protect your personal information from unauthorized access, use, and disclosure, we implement reasonable physical, administrative, and technical safeguards. These safeguards include role-based access controls and encryption to keep personal information private while in transit.

IBM’s AI models and systems are designed, trained, validated, and tested on data from publicly available sources that may incidentally contain Personal Information. We have implemented safeguards, processes, and tools to mitigate associated impacts and help address responsible development and deployment of trustworthy AI.

We only retain personal information as long as necessary to fulfill the purposes for which it is processed, or to comply with legal and regulatory retention requirements. Legal and regulatory retention requirements may include retaining information for:

  • audit and accounting purposes,
  • statutory retention terms,
  • the handling of disputes,
  • and the establishment, exercise, or defense of legal claims in the countries where we do business. 

We retain any contractual relationship information for administrative purposes, legal and regulatory retention requirements, defending IBM rights, and to manage IBM's relationship with you. The information that is provided in a supplementary privacy notice may provide more detailed information on applicable retention terms.

When personal information is no longer needed, we have processes in place to securely delete it, for example by erasing electronic files and shredding physical records.

Your Rights

You have certain rights when it comes to the handling of your personal information. The Contact Us form in the header of this page can be used to:

  • request access to the personal information that we have on you, or have it updated or corrected. Depending on the applicable law, you may have additional rights concerning your personal information.
  • Request to obtain your personal information in a usable format and transmit it to another party (also known as the right to data portability).
  • Request to delete the personal information we hold about you.
  • Opt-out of specific personal information processing types, such as targeted advertising.
  • ask questions related to this Privacy Statement and privacy practices. Your message is forwarded to the appropriate member of IBM's Data Privacy Team, including the responsible Data Protection Officers.
  • submit a complaint to IBM if you are not satisfied with how IBM is processing your personal information.

Your rights may be subject to limitations and exceptions resulting from applicable laws. For example, there may be situations where we cannot share certain information that you seek if disclosing this means disclosing information about others.

You may also have the right to complain to the competent supervisory authority. Information about additional rights, when they apply, and the right to complain to the competent supervisory authority can be found here.

If you have an unresolved privacy or data use concern that we have not addressed satisfactorily, please contact our U.S.-based third-party dispute resolution provider (free of charge) here.

Legal Basis

In some jurisdictions, the lawful handling of personal information is subject to a justification, sometimes referred to as legal basis. The legal bases that we rely on for the lawful handling of your personal information vary depending on the purpose and applicable law.

The different legal bases that we may use are:

Privacy Statement Updates

If a material change is made to this Privacy Statement, the effective date is revised, and a notice is posted on the updated Privacy Statement for 30 days. By continuing to use our websites and services after a revision takes effect, it is considered that users have read and understand the changes.