UPDATED: April 2023
Scope/ Purpose
Incorta understands you care how information about you is collected and used, and Incorta is committed to protecting the privacy of individuals who interact with us. This Incorta Global Privacy Policy (“Global Privacy Policy”) describes Incorta, Inc. and its affiliated entities (collectively “Incorta”) privacy practices for our websites, services, and apps that link to this policy. This policy also details our privacy practices related to Incorta marketing, advertising, and company events. Incorta is a business analytics platform. We provide Incorta (“Application”) and related support, consulting, and other services to customers. This Global Privacy Policy refers to Incorta and associated services collectively as our “Services.” We will collectively refer to our emails, newsletters, and other marketing practices as our “Communications.”
For this Global Privacy Policy, “Personal Information” means any information relating to an identified or identifiable natural person. Except when the contract with a covered individual specifies other requirements or relevant legislation imposes extra obligations on Incorta, the Global Privacy Policy applies to the collection, storage, processing, transfer, and use of personal data concerning covered individuals. Any information that can be used to identify or contact a living person is considered personal data, as defined by current legislation. Sensitive personal data is that which, if used improperly, could put the person at serious danger of discrimination that is illegal or arbitrary. Particularly, special categories of data, or information about a person’s racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, genetic information, biometric information, health information, or information about a person’s sex, can be considered sensitive personal data.
This privacy policy does not apply to services that link, post or reference a different privacy policy, certain components of Incorta.com website that hyperlink to a different privacy policy, or if our Services hyperlink to a third-party site or service that has its own privacy policy.
Goal: Incorta recognizes that the personal data it receives is held in a position of trust. We seek to fulfill that trust by adhering to the following general principles regarding personal data.
Incorta Services
INCORTA Cloud (SaaS) is a unified data analytics platform that provides everyone with the means to acquire, enrich, analyze, and act on business data. We provide Services to our customers. As part of the services, customer data may be stored on our systems. As our customer, when you use our Services to process data you have collected, you control the data you collect, what information is uploaded to the Services, who has access to that data and how that data is used. Our Services’ collection, use, transfer, and retention of customer data are governed by our customer’s Global Privacy Policy, not this Global Privacy Policy. As a data processor, we will cooperate with you in your efforts to control your data.
Incorta’s Privacy Principles
Fair and Lawful Processing
- Incorta fairly and legitimately collects and manages personal data.
- In compliance with relevant law, Incorta handles personal data based on consent, to fulfill contractual commitments, for our legitimate business operations, to adhere to legal requirements, or in other ways.
- Incorta is aware that processing any sensitive or unique categories of data requires extra caution, thus we will make sure that we have a proper legal basis for using this type of data (for instance where this is necessary to meet employment law obligations).
- Incorta does not rent, sell, or lease customers’ personal information in agreements with its business clients, partners, and suppliers.
- Incorta honors its privacy promises.
Transparency and Purpose Limitation
- Incorta is transparent and provides notice and where required or appropriate choice to individuals regarding the type of personal data collected and its intended uses.
- For the purposes of ensuring that our data collection supports reasonable business requirements and is proportionate to our needs, Incorta evaluates the purposes for which personal data about covered individuals is to be collected.
- Incorta does not utilize personally identifiable information collected from people for any reason other than what is specified in our notifications.
Vital Interest
- For example, when processing your Personal Information is in your vital interest or required to protect your life.
Consent
- For example, if you opt-in to receive marketing communications from us or expressly provide your consent for us to process your Personal Information. In the event you provide your consent, you may also withdraw your consent when permitted by applicable law, if you contact us.
Data Access & Rights
- People have reasonable access to the personal information Incorta has on file about them and can review and change it as necessary.
- When appropriate, Incorta complies with individuals’ legal rights over their personal data, such as the right to object to a particular type of processing activity or the right to have specific data types deleted.
Data Integrity
- Incorta makes a good faith effort to guarantee that all related personal data is complete, accurate, current, and limited to what is required for the purposes for which it is collected.
- Incorta securely deletes or otherwise destroys personal data after keeping it for as long as is required for the purpose for which it was collected. Other laws and duties that compel Incorta to keep information for a specific amount of time apply to this duty.
Data Security
- Incorta is committed to putting in place the necessary security measures to guard against unauthorized access to or disclosure of personal information.
- For data deemed to be sensitive personal data, Incorta offers additional degrees of protection
Data Sharing and Onward Transfer
In accordance with applicable laws and generally accepted industry standards:
- Incorta does not divulge personal information about individuals to third parties unless those parties agree to protect the information with a level of protection at least as high as that offered by Incorta.
- Incorta transfers personal data globally both inside and outside of the Incorta group of enterprises. To guarantee that there is sufficient protection for the personal data, Incorta participates in a number of international privacy programs, including the APEC Cross Border Privacy Rules and EU Binding Corporate Rules.
Accountability
- Incorta is dedicated to proving that we adhere to the standards outlined in our Global Privacy Policy and to demonstrating the steps we have taken to demonstrate that we take data governance seriously.
- In accordance with the demands of relevant legislation, Incorta will retain a record of its data processing activities and conduct routine compliance audits.
Enforcement/ Oversight
Incorta is dedicated to addressing any issues with personal data. We respond promptly and politely to complaints or disputes involving personal data. The Information Security Department manages complaints, monitors compliance with applicable laws and international compliance programs as well as privacy policies and practices.
Types of Personal Information we Collect
Depending on how you use or interact with our Services, we produce a variety of different forms of Personal Information. The following lists the different types and sources of Personal Information we might gather and produce.
Demographic and Contact Information
Under certain circumstances we may collect demographic and contact information that you provide to us. This information includes: your name, mailing address, email address and telephone number
Online or Other Account Information
We may collect username and email addresses along with corresponding passwords, security questions and other information needed to permit access to certain components of our Services which require registration and/ or credentials.
Webforms and Requests
Any information that you submit to us through online or interactive forms available within our Services will be collected. This includes instances in which you “contact us”, submit feedback, request information about products or services, sign up for newsletters or mailing lists, or reach out to us with questions or concerns. If you wish to exercise your rights related to your data or submit a deletion or a general DSAR (Data Subject Access Rights) request, click on this link.
Websites
Information collected includes: usernames and passwords to enter certain sections of our websites or Services, unique identifiers, preference information (such as marketing preferences) browser types, Internet service providers (ISP) and referring/ exit pages. Additionally, we may collect information about the files you viewed on our sites, operating system, date/time stamps and clickstream data and other information further described in Tracking Technologies.
Mobile Apps/ Social Media
Some of our services are accessible on mobile devices through mobile websites or mobile applications. In the event that you access and use our Services through a mobile device, we may also gather mobile-specific data, such as your device ID, device type, hardware type, media access control (“MAC”) address, the version of your mobile operating system, the platform you used to access or download the Services, location data, and usage data about your device and the Services you use. Because not all of our mobile services have links to this privacy statement, please read the relevant privacy notice before using any mobile services.We maintain pages on many social networking sites.
Our Services may link to our pages or accounts on third party social media networks (“social media”) but our Services do not use social media plug-ins. If you choose to interact with us on social media, we may collect the information you publish or submit. Note that this information is also governed by the privacy policies of the respective companies offering the social media service. We may collect information when you interact with our social networking pages, including:
- Facebook
- Linkedin
- Youtube
- Twitter
- Google
- Vimeo
- Instagram
Device Information/ Log Information
We may also associate the information we collect from your different devices, which helps us provide consistent Services across your devices. Device specific information we may collect includes: Internet Protocol (IP) address, hardware model, operation system, unique device identifiers and mobile network information.
We may also create usage statistics and monitor the traffic from your use or interaction with our Services. Information collected includes ssage details of our Services, and the address (or URL) from where you came from before visiting us, which pages or features you visit or utilize, which browser you use, specific search terms, and items you click on.
Location Information
Depending on how you use or interact with our Services, a variety of methods may be used to acquire your location information. Your IP address, location data linked with the usage of a device, the country or region you choose, or other location-based features and contents of our Services, for instance, can all be used to determine your location.
Business Interactions
The information we have about you, the business you work for or are affiliated with, comes from your requests, communications, and interactions with us. This may include your job title, contact information (phone, email, fax, and address) for your company or organization, details about goods or services you expressed interest in or bought from us, or that we bought from you or your business, and other details required to confirm your eligibility to transact business with us.
Financial Information
We may also gather information needed to conduct a credit card transaction, such as the credit card type, number, and expiration date, if you use a credit card to buy goods or services from us.
Health Information
If you use certain types of our Services, we may collect information about your health or medical condition, and your treatment (including the specific device or product that you are prescribed). Additional privacy laws may apply to this type of sensitive information, so other privacy policies may apply.
Events and Webinars
We may host events to share product information with customers and potential customers. When you sign up to participate in an event we may collect information such as name, email, phone number and company. This information may be added to our CRM and used to contact or follow up with you after the event to answer any inquiries or interest you may have for our services. Under this process, Incorta may contact the customer or potential customer additional information with appropriate data rights considered.
Incorta Text Messages
Our Services may allow us and other users to communicate with you through text messaging periodically. We may contact you regarding the Services we provide to you, such as providing system alerts. You may manage your contact information and notification preferences in your Services account settings.
Communications Subscription Information
From time to time, we may provide information to our customers and potential customers in electronic or print Communications. When you subscribe to our Communications, you may be added to our mailing list and will receive announcements and information about Incorta. Communications will be emailed or mailed to the address that you provide when you subscribe.
When you sign up to receive our Communications, we ask for your name and email address.
We will ask for your consent to use your name and email address to email you our Communications , which contains information about our products and other information we feel might be of interest to you. You can withdraw your consent, and we will stop sending you Communications.
Your name and email address are shared with a third-party mailing system based in the United States and, if applicable, in Europe. This company has contractually committed to providing appropriate safeguards for your data which means it will be protected in line with the legal requirements of the European Union. We do not use the information you provide to make any automated decisions that might affect you. We keep your data for as long as we produce and distribute our Communications. If you withdraw your consent, we will mark your details, so they are not used and delete them after three years.
Buttons, Tools and Content from Other Companies
Incorta websites and services may include buttons, tools, or content that link to other companies services (for example, a Facebook “Like” button). We may collect information about your use of these features. In addition, when you see or interact with these buttons, tools, or content or view an Incorta web page containing them, some information from your browser may automatically be sent to the other company. Please read that company’s Global Privacy Policy for more information regarding its use of that information.
Incorta Online Advertising
We advertise online, including displaying Incorta ads on websites and apps across the Internet. When we advertise online to you, we may collect information about which ads are shown to you, which ads you click on, and the web page where the ad was displayed to you, Including public chat, message boards, and user postings
You might provide Personal Information through your public participation in chat sessions, message boards, user communities associated with our Services, blogs, email exchanges, or newsgroups on our websites. That information may be available to anyone who has access to the website, and this Global Privacy Policy does not apply to information that you generally make available through such websites.
How your Information is Stored and Processed
Your inquiry is stored and processed as an email hosted by GCP (Google Cloud Platform) within the European Economic Area (EEA). It is also logged on a CRM system (Salesforce) on a cloud server based in the United States; We do not use the information you provide to make any automated decisions that might affect you. All European Data is hosted in European Servers and its applicable jurisdiction. We keep inquiry emails for five years, after which they are securely archived. CRM records are kept for three years after the last contact with you.
Incorta Websites and Use of Tracking Technologies
To give you access to some features offered by our Services, our Services may use tracking technology. When you engage with us, these tracking technologies, such as those listed below, may collect or create Personal Information about you, but only if you choose to allow them in your Cookie Settings or in the browser settings specific to you.
Additionally, third parties may be able to collect information about your online activities when you use our websites or Services using cookies or other technologies. We do not respond to web browsers ‘do not track signals or other similar transmissions that indicate a request to disable online tracking of users who visit our websites or who use our websites or Services.
If you browse to a different area of our Services where different monitoring technologies are employed, you might be required to make your selections again. You can change these preferences at any time. To understand more, please examine the Cookie Policy that is displayed when you use our Services. If you have any issues, feel free to get in touch with us.
Click here to learn more about our Cookies Notice/Policy related to www.Incorta.com.
Our Services may incorporate the following tracking technologies:
- Cookies: Small files that are transferred to your device’s hard drive for a period of time to store user preferences and other types of information to help us provide you with certain features. Read more about cookies in our Cookie Policy.
- Web Beacons: Electronic images placed in the code of a webpage, application, or email that allow us to monitor things such as user activity and site traffic.
- Tags: Pieces of code, or tags, which gather information about users. For example, tags are used on our websites to better understand online usage patterns and trends. We may also use tags in our emails or newsletters to count how many of those messages are read.
- Widgets: Small components embedded within our Services which enable you to use certain functionalities
- Google Analytics: Google Analytics uses cookies to collect data such as time of visit, website pages visited, time spent on each Incorta website page, IP address, URL, and type of operating system.
Use of the Information Collected by Incorta
Depending on the Services you use and how you interact with us, we may use your Personal Information in the following ways, as laid out below. If you reside in a certain region, such as the European Union, we may not be able to use your information for some of the below reasons without first receiving your agreement.
We may use the information we collect about you to:
- Provide you Incorta website content and Services, as well as any other services, support, or information you have requested
- Operate and improve our websites and Services, and diagnose related problems
- Personalize our website, Services, and Communications to your likely interests and needs
- Send your business messages such as those related to Services notifications, payments, or renewal of your subscription
- Send you information about Incorta, new releases, special offers, and similar marketing information
- Conduct market research about our customers, their interests, and the effectiveness of our marketing campaigns
- Display personalized ads to you
- Combine information we collect about you with other public or private information sources to provide you with
Communications that may be relevant to you and to enhance the Services we provide to you
- Contact you via telephone to discuss our Services and related offers with you.
- To improve the Services and user experience
- To comply with with applicable laws or legal obligations, such as:
- Compliance with applicable retention obligations
- To investigate potential breaches
- To protect our rights, property, safety and those our users
Aggregate data from our Services are used to benchmark and improve our Services.
Where required under applicable law, we will obtain your consent to use your Personal Information for marketing purposes.
Sharing Information Collected by Incorta
We work with companies that help us run our business. These companies may provide services such as delivering customer support, processing, collecting payments, and sending Communications on our behalf. These companies may have access to your Personal Information as required to help us run our business.
Incorta may also share your Personal Information:
- When you have consented to the sharing
- With our affiliated companies
- When you purchase a license to use or indicate interest in a third-party product or service through Incorta, the third party may contact you about your purchase or interest.
- With our resellers and other sales partners
- When we are required or believe we are required to provide information in response to a subpoena, court order, applicable law, government statute, regulation, or other legal processes
- When we have a good faith belief that the disclosure is necessary to prevent or respond to fraud, defend our websites or Services against attacks, or protect the property and security of Incorta, or the property and security of our customers and users
- To the extent necessary to meet lawful requests by public authorities, including to meet national security or law enforcement requirements
- If we merge with or are acquired by another company,we sell a website, app, or business unit, or all or a substantial portion of our assets are acquired by another company, in which case your information may be one of the assets that are transferred.
- When we hire companies to help us market our websites and Services and provide you with information and offers related to Incorta, including displaying ads to you across the Internet
- When we enlist the services of participating third party carriers to provide messaging services
- When we aggregate and share de-identified information collected by our Services to provide statistical information or market research to third parties
How we Interact with Third Parties
As a resource to our users, we may provide links to other unaffiliated websites or services within our Services. If you choose to visit such third-party websites or services, please note that any information you submit to them is not subject to this Privacy Policy.
Information Security and Storage
We understand that the security of your Personal Information is essential. We implement reasonable administrative, technical, and physical security controls designed to protect your Personal Information from loss, misuse, unauthorized access, disclosure, alteration, or destruction. However, despite our efforts, no security controls are entirely adequate, and we cannot ensure or warrant the security of your Personal Information.
Incorta is committed to putting in place the necessary security measures to guard against unauthorized access to or disclosure of personal information. For data deemed to be sensitive personal data, Incorta offers additional degrees of protection In accordance with applicable laws and generally accepted industry standards:
- Incorta does not divulge personal information about individuals to third parties unless those parties agree to protect the information with a level of protection at least as high as that offered by Incorta.
- Incorta transfers personal data globally both inside and outside of the Incorta group of enterprises. To guarantee that there is sufficient protection for the personal data, Incorta participates in a number of international privacy programs, including EU Binding Corporate Rules.
Your Personal Information and data files are stored on our Systems and Systems of our sub-processors and companies we hire to provide services to us. Below are the security controls and mechanisms that are in place for data to be adequately secured and store data:
- Encryption at rest and in transit (AES256 & TLS1.3)
- Authentication
- Access Controls
- Risk Management & Mitigation
- Logging & Monitoring of unusual data activity
- Infrastructure Hardening- GCP (Google Cloud Platform)
- Key & Password Management
- MFA Enablement with Data Access for admin level accounts.
*This is not a comprehensive list of our security controls. You may contact infosec@incorta.com for detailed list of controls
Cross- Border Data Transfers
Your Personal Information may be stored in the United States or transferred to other countries where the companies we hire to help us run our business are located, such as Egypt. Those countries may not have the same data protection laws as to where you initially provided the information. When we transfer your Personal Information, we will protect it as described in this Global Privacy Policy.
Incorta adheres to the latest EUDPB (European Data Protection Board) statements and amendments related to transfer impact assessments and the Schrems Modules. Personal data related to EU data subjects are hosted on systems located within the European Economic Area.
Updating and Deleting your Personal Information
We take reasonable steps to ensure that the Personal Information we collect is accurate, complete, and current by using the most recent information provided to us. Our websites and Services may allow you to review and edit your Personal Information by accessing your profile or similar feature of the website or Service you are using. For our websites, you may have the ability to manage your cookies and similar technologies through your web browser settings. You should consult the settings and instructions provided by your web browser provider for more information.
You may also submit a request to us to review, edit, or delete your Personal Information by emailing your request to privacy@incorta.com, or if you prefer, you can contact us through physical mail at Incorta, Inc., 2755 Campus Drive #350 San Mateo, CA 94403 (Attn: Privacy Office), or by telephone at (650) 242-1210. Our business hours for telephone contact are 9:00 AM to 5:00 PM PST. Once we verify your identity, we will assist you with your request.
For a faster-automated DSAR (Data Subject Access Rights) Request, you can click here and fill out the form related to Universal data deletion requests unrelated to California and the European Economic Area.
We will retain your Personal Information for as long as necessary to provide you with the websites and Services you use, as needed to comply with our legal obligations or enforce our agreements. For example, we may retain certain records for legal or internal business reasons, such as fraud prevention. Some of your information may also remain on backup systems after using our websites and Services ends.
Opting- Out of Incorta Communications
You may opt out of receiving communications by modifying your website or Service profile or by unsubscribing to the marketing mailings or newsletters you no longer desire. To unsubscribe, please submit your information to privacy@incorta.com, or follow the “Unsubscribe” instructions contained within the mailing, newsletter, or other communication that we send to you. You may also send an email to privacy@incorta.com with “Unsubscribe” in the body and a description of the Communications you no longer desire to receive.
You can further opt-out in our opt-out center here.
California Consumer Protection Act
The California Consumer Privacy Act (“CCPA”) provides some California residents (“you” or “your”) with the following rights, including the right to (I) request information about the personal information we have collected about you; (ii) request information about our sale or disclosure for business purposes of your personal information to third parties; (iii) opt-out of the sale of your personal information to third parties; and (iv) not be discriminated against for exercising any of these rights.
To exercise your rights under the CCPA, please submit a request via email at privacy@incorta.com or submit this online form here.
We will review any request via email or otherwise. We reserve the right to confirm your request, providing us with personal information already maintained by us. We will not use this additional information for anything other than handling your request. You may designate an authorized agent to request in certain circumstances. We will endeavor to fulfill your request within 45 days of receiving that request. We will inform you of the reason and extension period in writing through email or other methods we may determine if we require additional time.
As a California resident, California Civil Code Section 1798.83 permits you to request once-year information regarding disclosing your personal information to third parties for those third parties direct marketing purposes. To make this request, please submit a request via email to Privacy@incorta.com or fill out this form.
General Data Protection Regulation
Your Data Protection Rights under the General Data Protection Regulation (GDPR)
By law, you can ask us what information we hold about you, request access to it, and correct it if it is inaccurate. If we process your information for contractual reasons, you can copy the data. If you believe we are not using your information lawfully, you can stop using it. In some circumstances, you may have the right to erase your data.If you wish to exercise your rights related to your data or submit a deletion or a general DSAR (Data Subject Access Rights) request, click on this link or contact us at privacy@incorta.com
In certain circumstances, you have the following data protection rights:
- The right to access, update or delete the information we have on you. Whenever possible, you can access, update or request deletion of your Personal Data directly within your account settings section. If you cannot perform these actions yourself, please contact us to assist you.
- The right of rectification. You have the right to have your information rectified if that information is inaccurate or incomplete.
- The right to object. You have the right to object to our processing of your Personal Data.
- The right of restriction. You have the right to request that we restrict the processing of your personal information.
- The right to data portability. You have the right to be provided with a copy of the information we have on you in a structured, machine-readable, and commonly used format.
- The right to withdraw consent. You also have the right to withdraw your consent at any time where Incorta relied on your consent to process your personal information.
Minors
Children under the age of 13 are not intended to use the online components of our Services, and we do not intentionally collect Personal Information from them online. Please get in touch with us if you believe we have obtained personal data from a kid under the age of 13 through an online service.
Do Not Track
We must disclose under certain legal provisions whether we respect “Do Not Track” preferences for targeted advertising in your browser. Since there is currently no industry standard on how to respond to these signals as of the date this privacy policy went into effect, Incorta does not currently do so. Instead, we follow the guidelines outlined in this Global Privacy Policy. Contact us if you have any questions.
Changes to this Global Privacy Policy
Occasionally, at our discretion, we may change or update this Global Privacy Policy to allow us to use or share your Personal Information in a materially different way. For new users, such changes will become effective upon posting, and the changes and updates will become effective 30 days after posting for existing users. We encourage you to periodically review this Global Privacy Policy for the latest information on our privacy practices.
Questions or Concerns
If you have any questions about this Global Privacy Policy, please email us at Privacy@Incorta.com. Or contact us directly at this number, or submit a request through this form.
If you have an unresolved privacy or data use concern that we have not addressed satisfactorily, please contact our U.S.-based third party dispute resolution provider (free of charge) at https://feedback-form.truste.com/watchdog/request.
Complaints Under CCPA (California Consumer Protection Act)
Contact Information: For questions about a written comment or complaint you submitted to the Public Inquiry Unit, please fill out and submit our online form. Please specify in the “Your Comments” section the specific Public Inquiry Unit record that you are seeking. Or you may mail your request to
Public Inquiry Unit
Office of the Attorney General
P.O. Box 944255
Sacramento, CA 94244-2550
Complaints under GDPR
If you have a complaint about our use of your information, we would prefer you to contact us directly in the first instance so that we can address your complaint by emailing privacy@incorta.com or submitting this form here. However, you can also contact the Data Protection Commission via their website at dataprotection.ie or write to them at:
Privaon Oy, address Hevosenkenkä 3, 02600 Espoo,
info@privaon.com,
Business ID 2647800-2
Privaon represents Incorta as the DPO and GDPR authority for complaints, resolutions, and risk mitigation; please contact our DPO using the above information for complaints or questions.