Inbenta Holdings Inc. and its affiliates (“Inbenta,” “we,” “our,” or “us”) provide online Platform and Generative AI services as well as Professional Services to its customers and partners.
This privacy policy applies to Inbenta’s public-facing website and online services applications, including inbenta.com and all related websites, web-based services, mobile apps, and services that may be integrated with third-party communication channels (the “Inbenta Sites and Services”).
This privacy policy explains what personal data we collect from visitors to the Inbenta Sites and Services, how we use and share that information, and the rights and choices you have in connection with that information, including how you can limit certain uses and sharing of your information.
When we refer to “personal data,” we mean information about an identified individual or about an individual whom we could identify. Subject to applicable law, personal data generally does not include publicly available information or anonymized or de-identified data.
This privacy policy does not apply to third-party websites, products or services, even if they link to the Inbenta Sites and Services or integrate the Inbenta services. We recommend that you review the privacy practices of those third parties before connecting or accessing third-party websites and sharing any personal data, including with the Inbenta services as deployed by any third-party. See the Links to Other Websites section for more information.
Similarly, this privacy policy does not apply to careers pages hosted by our third-party vendors or to personal data we collect or use about job applicants or employees. We collect, use, and disclose personal data about job applicants or employees for different reasons than other personal data we may collect, use, or disclose. For information about how we collect, use, or disclose personal data about job applicants or employees, please contact us using information in the Contact Us section.
Without prejudice to your rights under applicable laws, this privacy policy is not contractual and does not form part of your contract with us or our affiliates or subsidiaries.
This privacy policy is provided in a layered format. You can jump to a specific section by clicking on the section below.
TABLE OF CONTENTS
This privacy policy is provided in a layered format. You can jump to a specific section by clicking on the section below.
- 1. Who You Are
- 2. COOKIE, PIXEL, AND SESSION REPLAY POLICY
- 3. AGGREGATED, DE-IDENTIFIED, OR ANONYMOUS INFORMATION
- 4. YOUR CHOICES
- 5. LOCALIZATION OF DATA STORAGE AND PROCESSING
- 6. DATA SECURITY
- 7. LINKS TO OTHER WEBSITES
- 8. CHILDREN’S PRIVACY
- 9. ADDITIONAL INFORMATION FOR CERTAIN JURISDICTIONS
- 10. UPDATES TO THIS PRIVACY POLICY
- 11. CONTACT US
1. WHO YOU ARE
Depending upon how and why you interact with the Inbenta Sites and Services, the types of personal data we collect, use, or disclose may vary. Our privacy policy is organized to explain how we use personal data about visitors to the Inbenta sites, about individuals who use the Inbenta online services, and individuals who use Inbenta services integrated into other communication channels, because we collect, use, and disclose information differently depending on how you interact with us.
This privacy policy applies to the following types of individuals and our collection, use, or disclosure of these individuals’ personal data:
- An Inbenta Site Visitor: You visit or interact with the Inbenta sites, whether or not with the Inbenta online services.
- An Inbenta Online Service User: You interact with the Inbenta online services, whether it is hosted on the Inbenta sites or by a third party, or you load a page containing the Inbenta online services. For example, you visit a third-party website that has an Inbenta service integrated.
- An Inbenta Integrated Service User: You interact with an Inbenta service that is integrated into a communication channel managed by a third party, such as WhatsApp.
You may be included in some or all of these categories.
For example, if you visit the Inbenta sites, you are an Inbenta Site Visitor, and the “If you are an Inbenta Site Visitor” section explains how we may collect, use, or disclose your personal data. If you visit a third-party site that uses Inbenta online services, and you load the Inbenta service or interact with the Inbenta service, you are an Inbenta Service User. The “If you are an Inbenta Online Service User or load an Inbenta Service” section explains how we may collect your personal data through the Inbenta online services and how we may use or disclose it. And if you visit a page on the Inbenta sites that has the Inbenta services, and you load the Inbenta service or interact with the Inbenta service, you are both an Inbenta Site Visitor and an Inbenta Online Service User.
We encourage you to read this privacy policy thoroughly. For more information, contact us using the information in the “Contact Us” section.
1.1. IF YOU ARE AN INBENTA SITE VISITOR
As an Inbenta Site Visitor, you visit and interact with the Inbenta sites. For example, if you visit www.inbenta.com, you are an Inbenta Site Visitor for those interactions.
We collect identifiers, Internet or other electronic activity information, geolocation data, electronic information, and professional or employment-related information about Inbenta Site Visitors. We get this information automatically, from you, and from others, and we can use this information for multiple purposes, such as providing and enhancing the Inbenta sites. We may disclose this information to other entities both inside and outside of our corporate family.
If you load or interact with a Inbenta service on our site, the “If you are an Inbenta Online Service User or load an Inbenta Service” section explains how we may collect your personal data through the Inbenta service and how we may use or disclose that data.
a. Types of Personal Data We Collect About Inbenta Site Visitors and Why
We may collect the following categories of personal data about Inbenta Site Visitors, for the purposes stated in the chart.
Category of Personal data | Examples | Purpose of Collection and Use |
Identifiers | First and last name, contact information, device ID or IP address and user-generated content (including reviews and feedback) |
|
Internet or other electronic activity information | Browsing history on the Inbenta Sites; clickstream data; browser and operating system type; navigation paths; data/time stamps; cookie identifiers; and other information about device characteristics and how you interact with the Inbenta Sites and Services |
|
Geolocation information | Geolocation information based on your IP address, country |
|
Electronic information | Session replay |
|
Professional or employment-related information | Employer name, professional contact information |
|
b. How We Collect Information About Inbenta Site Visitors
We may collect personal data about Inbenta Site Visitors from the following sources:
Sources of Personal Data | Categories of Personal Data We Collect |
Directly from you
We may collect personal data from you when you interact with the Inbenta Sites or our services, submit inquiries or request information from us, or otherwise contact or communicate with us. |
|
Automatically
We may collect personal data from you automatically when, logged in, you visit the Inbenta Sites, as you load the Inbenta Sites, or as you interact with us. These services may record mouse clicks, page views, mouse movements and scrolling activity and are used by Inbenta to analyze trends and administer the Inbenta Sites. See the “Cookie, Pixel, and Session Replay Policy” section. |
|
Third parties
We may collect personal data from third-party social media platforms and sites, such as when you engage with our social media pages, online communities and forums, and when you mention us on your own or other social media pages, online communities or forums. Please note that online forums may be publicly accessible and other individuals may view information you post in the forums. |
|
c. Parties To Whom We May Disclose Information About Inbenta Site Visitors
We disclose personal data about Inbenta Site Visitors as follows:
Categories of Third-Party Recipient and Purpose for Disclosure | Categories of Personal Data We May Share |
Inbenta group companies We may disclose personal information to other companies under common ownership or control. We do so to provide you with the requested services, to take actions based on your requests, or to manage our ongoing business operations. |
|
Our service providers and third-party vendors We use third-party vendors to perform operational functions related to the Inbenta Sites. Some of these vendors (e.g., marketing automation vendors or hosting providers) may have access to your personal data, but only as necessary to provide services to us. If the third-party vendor is our service provider, we have agreements in place with the vendors requiring your information to be kept confidential and reasonable data security measures to be used to protect it. |
|
Government entities We may disclose personal data to government entities and agencies, regulators, law enforcement, and other third parties, including to comply with applicable laws and regulations, to respond to a subpoena, search warrant, or pursuant to legal process, and to establish or exercise our legal rights or for fraud or crime-prevention purposes or for the protection of the rights, property, or safety of our company or third parties. We may also disclose personal data in relation to a known or suspected violation of our terms of use, fraud prevention or other unlawful use, including with entities assisting us with an investigation, or as may be required by applicable law. |
|
Business partners We may engage third parties to perform certain functions on our behalf. To do so, we may disclose personal data to our third-party business partners and service providers in order to maintain and operate the Inbenta Sites and Services and provide, improve, and personalize the Inbenta Sites and Services, including to fulfill requests for the services, and for other technical and processing functions, such as sending emails on our behalf and technical support. |
|
Successor organizations Subject to applicable law, we reserve the right to transfer some or all personal data in our possession to a successor organization in the event of a merger, acquisition, bankruptcy, or other sale or transfer of all or a portion of our assets. If any such transaction occurs, the purchaser will be entitled to use and disclose the personal data collected by us in the same manner that we are able to, and the purchaser will assume the rights and obligations regarding personal data as described in this privacy policy. |
|
1.2. IF YOU ARE AN INBENTA ONLINE SERVICE USER OR IF YOU LOAD AN INBENTA SERVICE
Inbenta Online Service Users are individuals who load an Inbenta service on a page, whether on the Inbenta sites or on a third-party site, or who interact with an Inbenta service.
We collect identifiers, Internet or other electronic activity information, and geolocation data about Inbenta Online Service Users. We get this information automatically. We can use this information for multiple purposes, such as providing and enhancing the Inbenta Sites and Services or detecting and preventing fraud, and we may disclose this information to other entities both inside and outside of our corporate family.
We do not collect the content or substance of your communications submitted through the Inbenta service, however. That information is collected by our customer purchasing the Inbenta service and may only be accessed by our customer. For information about how that information is used, please read our customer’s privacy policy.
a. Types of Information We Collect About Inbenta Online Service Users and Why
We may collect the following categories of personal data about Inbenta Online Sevices Users, for the purposes stated in the chart.
Category of Personal Data | Examples | Purpose of Collection and Use |
Identifiers | Device ID; IP address |
|
Internet or other electronic activity information | Clickstream data; browser and operating system type; navigation paths; data/time stamps; cookie identifiers; or other information about device characteristics and how you interact with the Inbenta service |
|
Geolocation information | Geolocation information based on your IP address |
|
b. How We Collect Information About Inbenta Online Service Users
We may have collected personal data about Inbenta Online Service Users from the following sources stated in the chart.
Sources of Personal Data | Categories of Personal Data We Collect |
Automatically
We may collect personal data from you automatically when you load the Inbenta service or as you interact with the Inbenta service. We usually store the data we collect automatically about Inbenta Online Service Users in identifiable form for a limited period of time. In special circumstances, like extended investigations about technical attacks, we may preserve log data longer, for analysis. We store aggregate statistics about use of content delivery networks indefinitely, but those statistics don’t include data identifiable to you personally. |
|
c. Parties To Whom We May Disclose Personal Data About Inbenta Online Service Users
We disclose personal data about Inbenta Online Service Users as follows:
Categories of Third-Party Recipient and Purpose for Disclosure | Categories of Personal Data We May Share |
Inbenta group companies We may disclose personal information to other companies under common ownership or control. We do so to provide you with the requested services, to take actions based on your requests, or to manage our ongoing business operations. |
|
Our service providers and third-party vendors We use third-party vendors to perform operational functions related to the Inbenta services. Some of these vendors (e.g., hosting providers) may have access to your personal data, but only as necessary to provide services to us. If the third-party vendor is our service provider, we have agreements in place with the vendors requiring your information to be kept confidential and reasonable data security measures to be used to protect it. We may share personal data with service providers or other third parties to detect, protect against, and respond to security incidents or other malicious, deceptive, illegal, or fraudulent activity or other threats and for legal compliance purposes or pursuant to legal process. |
|
Government entities We may share personal data with government entities and agencies, regulators, law enforcement, and other third parties, including to comply with applicable laws and regulations, to respond to a subpoena, search warrant, or pursuant to legal process, and to establish or exercise our legal rights or for fraud or crime-prevention purposes or for the protection of the rights, property, or safety of our company or third parties. We may also share personal data in relation to a known or suspected violation of our terms of use, fraud prevention or other unlawful use, including with entities assisting us with an investigation, or as may be required by applicable law. |
|
Business partners We may engage third parties to perform certain functions on our behalf. To do so, we may disclose personal data to our third-party business partners and service providers in order to maintain and operate the Inbenta services and provide, improve, and personalize the Inbenta services, including to fulfill requests for the services, and for other technical and processing functions, such as sending emails on our behalf and technical support. |
|
Successor organizations Subject to applicable law, we reserve the right to transfer some or all personal data in our possession to a successor organization in the event of a merger, acquisition, bankruptcy, or other sale or transfer of all or a portion of our assets. If any such transaction occurs, the purchaser will be entitled to use and disclose the personal data collected by us in the same manner that we are able to, and the purchaser will assume the rights and obligations regarding personal data as described in privacy policy. |
|
d. Additional Information For Inbenta Online Service Users
We may use aggregated, de-identified, or anonymized information about how you use the Inbenta service or from which domains or websites you load the Inbenta service to improve the functionality of the Inbenta service and improve our service offerings, including using this data at an aggregate level to create data analytics offerings to analyze trends. Please see the “Aggregated, De-Identified, or Anonymous Information” section for more information.
When you interact with the Inbenta service, you generate personal data that includes the substance of your communications through the Inbenta service. We do not collect the content or substance of your interactions with the Inbenta service. Rather, that information is collected (through Inbenta’s servers) by our customer purchasing the Inbenta service, who is providing the website that has the Inbenta service you interacted with, and you should refer to the privacy policy of that company or website to understand how it may collect, use, or disclose your personal data contained in the content or substance of your interactions with the Inbenta service. We do not determine the purpose or means of processing that information. For example, our website, www.inbenta.com, uses the Inbenta Chat. The information automatically sent by loading the Inbenta Chat or interacting with the Inbenta Chat is governed by this section of our privacy policy. If you decide to interact with the Inbenta Chat, the content or substance of your interactions with the Inbenta Chat is governed by the “If You Are An Inbenta Site Visitor” section.
1.3. IF YOU ARE AN INBENTA INTEGRATED SERVICE USER
Inbenta Integrated Service Users are individuals who use or interact with an Inbenta service integrated with a third-party communication channel managed by a third party, who is an Inbenta customer. For example, an Inbenta customer may offer a WhatsApp channel that is integrated with an Inbenta service.
We collect identifiers about Inbenta Integrated Service Users automatically. We can use this information for multiple purposes, such as providing and enhancing the Inbenta Sites and Services or detecting and preventing fraud, and we may disclose this information to other entities both inside and outside of our corporate family.
a. Types of Information We Collect About Inbenta Integrated Service Users and Why
We may collect the following categories of personal data about Inbenta Integrated Service Users, for the purposes stated in the chart.
Category of Personal Data | Examples | Purpose of Collection and Use |
Identifiers | User ID associated with the channel that the Inbenta service is integrated with (e.g., for WhatsApp a phone number or for Facebook a Facebook ID) |
|
b. How We Collect Information About Inbenta Integrated Service Users
We may have collected personal data about Inbenta Integrated Service Users from the following sources stated in the chart.
Sources of Personal Data | Categories of Personal Data We Collect |
Automatically
We may collect personal data from you automatically when you interact with the Inbenta Service integrated with the channel. We usually store the data we collect automatically about Inbenta Integrated Service Users in identifiable form for a limited period of time. In special circumstances, like extended investigations about technical attacks, we may preserve log data longer, for analysis. We store aggregate statistics about use of content delivery networks indefinitely, but those statistics don’t include data identifiable to you personally. |
|
c. Parties To Whom We May Disclose Personal Data About Inbenta Integrated Service Users
We disclose personal data about Inbenta Integrated Service Users as follows:
Categories of Third-Party Recipient and Purpose for Disclosure | Categories of Personal Data We May Share |
Inbenta group companies We may disclose personal information to other companies under common ownership or control. We do so to provide the requested services, to take actions based on your requests, or to manage our ongoing business operations. |
|
Our service providers and third-party vendors We use third-party vendors to perform operational functions related to the Inbenta services. Some of these vendors (e.g., hosting providers) may have access to your personal data, but only as necessary to provide services to us. If the third-party vendor is our service provider, we have agreements in place with the vendors requiring your information to be kept confidential and reasonable data security measures to be used to protect it. We may share personal data with service providers or other third parties to detect, protect against, and respond to security incidents or other malicious, deceptive, illegal, or fraudulent activity or other threats and for legal compliance purposes or pursuant to legal process. |
|
Government entities We may share personal data with government entities and agencies, regulators, law enforcement, and other third parties, including to comply with applicable laws and regulations, to respond to a subpoena, search warrant, or pursuant to legal process, and to establish or exercise our legal rights or for fraud or crime-prevention purposes or for the protection of the rights, property, or safety of our company or third parties. We may also share personal data in relation to a known or suspected violation of our terms of use, fraud prevention or other unlawful use, including with entities assisting us with an investigation, or as may be required by applicable law. |
|
Business partners We may engage third parties to perform certain functions on our behalf. To do so, we may disclose personal data to our third-party business partners and service providers in order to maintain and operate the Inbenta services and provide, improve, and personalize the Inbenta services, including to fulfill requests for the services, and for other technical and processing functions, such as sending emails on our behalf and technical support. |
|
Successor organizations Subject to applicable law, we reserve the right to transfer some or all personal data in our possession to a successor organization in the event of a merger, acquisition, bankruptcy, or other sale or transfer of all or a portion of our assets. If any such transaction occurs, the purchaser will be entitled to use and disclose the personal data collected by us in the same manner that we are able to, and the purchaser will assume the rights and obligations regarding personal data as described in privacy policy. |
|
d. Additional Information For Inbenta Integrated Service Users
We may use aggregated, de-identified, or anonymized information about how you interact with the Inbenta service integrated with your chosen communication channel to improve the functionality of the Inbenta services and improve our service offerings, including using this data at an aggregate level to create data analytics offerings to analyze trends. Please see the “Aggregated, De-Identified, or Anonymous Information” section for more information.
Inbenta’s customer may have chosen to integrate an Inbenta service with the customer’s selected communication channel. In providing the Inbenta service to our customer, information that you provide while interacting with our customer through the Inbenta service will be collected on behalf of the customer through Inbenta’s servers. Inbenta will have access to the personal data you may have disclosed in the content or substance of your interactions with our customer, but Inbenta does not collect any such information for its own use, and we do not determine the purpose or means of processing that information. You should refer to the privacy policy of our customer to understand how it may collect, use, or disclose any personal data you may have disclosed in the content or substance of your interactions with our customer.
2. COOKIE, PIXEL, AND SESSION REPLAY POLICY
a. Usage Info and Cookies
When you access the Inbenta Sites and Services (including loading or interacting with the Inbenta services), our servers automatically collect and record the IP address associated with your computer and some additional information, such as your device ID and browser type and version. This information is used to help us administer the Inbenta Sites and Services, and it is transmitted automatically by your web browser. This information may be appended to your profile information to remember your preferences and diagnose technical problems.
This information may be stored in cookies. If you do not wish to accept cookies, you can turn them off in your browser or select your preferences in our Cookie Policy.
The additional information we may collect includes device ID, browser type and version, the operating system of your device and language, country, the date and time of visits, the pages viewed, time spent on the Inbenta Sites and Services, and the websites visited just before an Inbenta site or service.
We use cookies to collect this information. Cookies are small data files sent by a website and stored on the computer or device at the request of that site. Cookies store information related to a user’s browser to enable us to recognize your device on return visits to the Inbenta Sites and Services and to remember your preferences.
Most browsers allow you to control cookies, including whether or not to accept them and how to remove them. If you want to block the use and saving of cookies from the Inbenta Sites and Services on to the computer’s hard drive, you should take the necessary steps within your web browser’s settings to block all cookies from the services and external serving vendors. Please note that if you choose to erase or block your cookies, certain parts of our services may not function correctly. For information on how to disable cookies in your browser, refer to your browser’s documentation. In addition, our Cookie Policy has additional relevant information.
We may also use web beacons, pixels, or similar collection mechanisms, and in certain circumstances may collect IP addresses, screen resolution and browser software and operating system types, clickstream patterns, dates and times that our site is accessed, and other categories of data.
The Inbenta Sites and Services currently use Google Analytics. Please read “How Google uses data when you use our partners’ sites or apps,” which you can find at www.google.com/policies/privacy/partners/, for information about how Google Analytics collects and processes data. If you wish to opt out of Google Analytics, please visit https://tools.google.com/dlpage/gaoptout.
b. Do-Not-Track
The Inbenta Sites and Services do not support Do-Not-Track functionality. Do-Not-Track is a preference you can set on your web browser to inform websites that you do not want to be “tracked’ by third parties. Inbenta does not respond to Do-Not-Track Signals as it does not track you when you leave an Inbenta site. Inbenta’s third-party service providers, who provide ad serving, retargeting services and web analytics services to Inbenta, may not respond to Do-Not-Track signals. If an individual comes to an Inbenta site directly with a Do-Not-Track signal enabled on such individual’s browser, Inbenta does not look for the Do-Not-Track signal or respond to it.
c. Interest-Based Advertising
Interest-based ads, also known as personalized ads, are ads that are targeted to you based on your web browsing and app usage over time and across websites or apps. For example, the Inbenta Sites and Services may use third-party ad servers, retargeting services, and web analytics systems, such as Google, to analyze aggregate web usage statistics and provide the ability to display targeted advertisements to you based on your visit to our website. Inbenta does not display advertisements on the Inbenta sites nor within any of our services, but our customer purchasing the Inbenta service you interact with may make different choices not controlled by Inbenta, and you should refer to the privacy policy of that company or website to understand how it may display ads to you.
You may be able to restrict the use of information for interest-based advertising and to opt-out of receiving interest-based ads. Some of these third parties may use cookies and other technologies to collect information about your online activities over time and across third-party websites or online services to deliver advertising based on your interests and preferences, as inferred from your browsing history. Some of these ads may be personalized, meaning that they are intended to be relevant to you based on information that those third-party providers collect about your visits to this site and elsewhere over time.
To learn more about this type of advertising and how to opt-out of this form of advertising, you may either visit http://optout.aboutads.info to opt-out of sites and services participating in the Digital Advertising Alliance (“DAA”) self-regulatory program, or visit https://optout.networkadvertising.org to opt-out of this form of advertising by members of the Network Advertising Initiative (“NAI”). Note that electing to opt-out does not stop advertising from appearing in your browser or applications, although it may make the ads you see less relevant to your interests. Your choice to opt out on a particular browser or device applies only to the collection and use of information from that particular browser or device. Opting out on a particular device does not opt you out of information collection on other devices, nor does it limit cross-device sharing on those other devices. If you use different browsers on a device or multiple devices, for each browser and device you wish to opt out, please opt out each device and browser separately.
Depending on where you live or are located, you may have additional rights.
d. Session Replay
We partner with Microsoft Clarity and Microsoft Advertising to capture how you use and interact with the Inbenta Sites and Services through behavioral metrics, heatmaps, and session replay. We do not use session replay technology in the Inbenta services.
Inbenta’s website usage data is captured using first and third-party cookies and other tracking technologies to determine the popularity of our services and other online activity. We use this information as described in the If You Are An Inbenta Site Visitor section. For more information about how Microsoft collects and uses your data, visit the Microsoft Privacy Policy. We do not use these technologies to collect information that is inconsistent with your intent, and we do not use it to record sensitive information related to credit cards. We do not provide information gathered to third parties other than our service providers.
If an Inbenta Service is loaded on a third-party site, please be aware that if the third-party site uses session-replay or similar technologies, the third-party site may be able to reconstruct how you interacted with the Inbenta Service. See the Links To Other Websites section for more information.
3. AGGREGATED, DE-IDENTIFIED, OR ANONYMOUS INFORMATION
We may create aggregated, de-identified, or anonymous information from personal data by removing certain data components that makes the data identifiable (such as your name, email address, or linkable tracking ID), or through aggregation, obfuscation or other means for us to use to understand how to improve or enhance the Inbenta Sites and Services. Subject to applicable law, such aggregated, de-identified, or anonymized information is not personal data and our use of such information is not subject to this privacy policy.
4. YOUR CHOICES
You have certain choices with respect to your personal data. Any individual may have the right to opt-out of sharing their personal information, if such personal information is disclosed to a third-party or is used for a materially different purpose for which it was initially collected or subsequently authorized by the individual. If you wish to exercise this right, please contact privacy@inbenta.com.
a. Update Your Communications Preferences
We may use your contact information to send you email messages regarding updates to the Inbenta Sites and Services, such as the publication of new Inbenta information and content, promotional offers, or to communicate with you about the Inbenta Sites and Services. You may opt-out of receiving these emails at any time via our Preference Center. Please be advised that you may not be able to opt-out of receiving certain messages from us, including legal notices.
In order to opt-out of third-party communications, you need to contact the applicable third party. If you have any questions relating to opting-out, please contact us at privacy@inbenta.com.
b. Exercise Rights Based On Your Residency Or Location
Residents of certain states or countries may have additional or different rights as described elsewhere in this privacy policy.
5. LOCALIZATION OF DATA STORAGE AND PROCESSING
a. Location of the Inbenta Sites and Services
The Inbenta Sites and Services are operated from various locations globally; however, Inbenta’s headquarters and management are in the United States. If you are located outside of the United States, any information you provide to us may be transferred to, processed, or maintained in the United States. If you are located outside of the United States, the transfer of personal data may be necessary to provide you with the requested information and services, or to perform any requested transaction.
b. Transfers
The provision of Inbenta services may involve the processing of personal data by companies located in countries outside the European Economic Area (international data transfers). However, it is only done with companies that are in countries that offer an adequate level of protection or have made available to us Standard Contractual Clauses (SCC) in accordance with the decision of the European Commission to Data transfers from controllers in the EU to processors established outside the EU.
Specifically, information we collect from you might be processed in the United States, and by using Inbenta services you acknowledge and consent to the processing of your data in the United States for the purpose of providing such services to you.
c. EU-U.S. Data Privacy Framework with UK Extension, and Swiss-U.S. Data Privacy Framework
European data privacy laws restrict the transfer of personal data out of Europe, in particular to the United States, where we are located. To address those restrictions, we comply with certain frameworks agreed to by the United States and the European Union, Switzerland, and the United Kingdom, through which we can transfer personal data out of Europe. We also use contracts and agreements issued by the European Commission and the United Kingdom to comply with the transfer restrictions.
Inbenta complies with the EU-U.S. Data Privacy Framework (EU-U.S. DPF), the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. Data Privacy Framework (Swiss-U.S. DPF) as set forth by the U.S. Department of Commerce. Inbenta has certified to the U.S. Department of Commerce that it adheres to the EU-U.S. Data Privacy Framework Principles (EU-U.S. DPF Principles) with regard to the processing of personal data received from the European Union in reliance on the EU-U.S. DPF and from the United Kingdom (and Gibraltar) under the UK Extension to the EU-U.S. DPF. Inbenta has certified to the U.S. Department of Commerce that it adheres to the Swiss-U.S. Data Privacy Framework Principles (Swiss-U.S. DPF Principles) with regard to the processing of personal data received from Switzerland in reliance on the Swiss-U.S. DPF. If there is any conflict between the terms in this privacy policy and the EU-U.S. DPF Principles and/or the Swiss-U.S. DPF Principles, the Principles shall govern. To learn more about the Data Privacy Framework (DPF) program, and to view our certification, please visit https://www.dataprivacyframework.gov/.
Inbenta is responsible for the processing of personal data it receives, under the DPF, and subsequently transfers to a third party acting as an agent on its behalf. Inbenta complies with the DPF Principles for all onward transfers of personal data from the EU, UK, and Switzerland, including the onward transfer liability provisions.
The Federal Trade Commission has jurisdiction over Inbenta’s compliance with the EU-U.S. DPF, the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. DPF. In certain situations, Inbenta may be required to disclose personal data in response to lawful requests by public authorities, including to meet national security or law enforcement requirements.
In compliance with the EU-U.S. DPF, the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. DPF, Inbenta commits to refer unresolved complaints concerning our handling of personal data received in reliance on the EU-U.S. DPF, the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. DPF to TRUSTe, an alternative dispute resolution provider based in the United States. If you do not receive timely acknowledgment of your DPF Principles-related complaint from us, or if we have not addressed your DPF Principles-related complaint to your satisfaction, please visit https://feedback-form.truste.com/watchdog/request for more information or to file a complaint. These dispute resolution services are provided at no cost to you.
For complaints regarding DPF compliance not resolved by any of the other DPF mechanisms, you have the possibility, under certain conditions, to invoke binding arbitration. Further information can be found on the official DPF website.
In addition to participating in the DPF, we also use the EU Standard Contractual Clauses as issued by the European Commission as well as the UK International Data Transfer Agreement as secondary measures. Where needed based on our data transfer impact assessments, we implement additional technical and/or organization measures intended to adequately protect your data.
6. DATA SECURITY
We have taken steps to secure and protect your personal data from loss, unauthorized access, unauthorized disclosure, misuse, destruction, or alteration. However, there is always some risk involved in transmitting information over the Internet, and we cannot fully eliminate security risks associated with the storage and transmission of personal data.
7. LINKS TO OTHER WEBSITES
The Inbenta Sites and Services contains links to other websites, including social networking websites, mobile applications, or Internet locations (collectively “Third-Party Sites”). We have no control over and are not responsible for third-party websites, their privacy practices, their content, or any goods or services available through the Third-Party Sites. Our privacy policy does not apply to Third-Party Sites; any information you provide to a Third-Party Site is subject to that Third-Party Site’s privacy policy or privacy policy.
The fact that we link to a website is not an endorsement or representation of an affiliation with that website. You should carefully review the applicable privacy policies before using or engaging with any Third-Party Site on any of the Inbenta site or service.
The Inbenta Sites and Services may include social network sharing widgets that may provide information to their associated social networks or third parties about your interactions with our web pages that you visit, even if you do not click on or otherwise interact with the plug-in or widget. Information is transmitted from your browser and may include an identifier assigned by the social network or third party, information about your browser type, operating system, device type, IP address, and the URL of the web page where the widget appears. If you use social networking tools or visit social networking sites, we encourage you to read their privacy disclosures to learn what information they collect, use, and share.
8. CHILDREN’S PRIVACY
The Inbenta Sites and Services offered are not directed to or intended for use by minors. We do not knowingly collect or solicit personal data from minors, or knowingly allow such persons to register for our services. No minor may provide any personal data to Inbenta or on the Inbenta Sites and Services. If you are a minor, please do not attempt to register for the Inbenta Sites and Services or send any information about yourself to us, including your name, address, telephone number, or email address. If we learn that we have inadvertently collected personal data from a minor without parental consent, we will take steps to delete the data as permitted by law. If you believe that we might have any information from or about a minor, please contact us at privacy@inbenta.com.
9. ADDITIONAL INFORMATION FOR CERTAIN JURISDICTIONS
Inbenta Sites and Services may be accessed via the Internet from various locations. We provide additional information about our controllers and data protection officers (as applicable) and privacy rights for certain jurisdictions where Inbenta has a presence:
9.1. BRAZIL
The Lei Geral de Proteção de Dados (LGPD) regulates the collection, use, and disclosure of personal data of individuals in Brazil and by companies located in Brazil. If we are processing your personal data in Brazil, the controller of your data is Inbenta Brasil Consultoria E Tecnologia LTDA.
Inbenta Brasil Consultoria E Tecnologia LTDA may be contacted as follows:
Av. Paulista, 2028 – 10º andar – Bela Vista, São Paulo – SP 01310-200
privacy@inbenta.com
If you are in Brazil and we are processing your personal data outside of Brazil, the particular entity that is the controller of your data may vary. Please contact Inbenta Brasil Consultoria E Tecnologia LTDA for more information at privacy@inbenta.com.
If the LGPD is applicable to you, you may have the right to:
- confirm that your personal data is being processed;
- access your personal data;
- correct incomplete, incorrect or out-of-date personal data;
- have anonymized, blocked, or deleted any unnecessary, excessive, or non-compliant personal data;
- request that a data controller moves your personal data to another service provider (data portability);
- delete your personal data (with exceptions);
- be given information on public or private entities with whom, and how your personal data has been shared; and
- be given information about your rights to not give consent to process your personal data, and consequences of refusal.
Note that we may have to process your personal data as a condition of providing a service or to handle a request to exercise one of the LGPD rights. For example, if you ask us to provide you with information about our services, we must process your personal data in order to provide you with the information you requested. The LGPD requires that we specially highlight this fact.
You can exercise your LGPD rights by emailing our DPO or by filling in our online webform. Our DPO can be contacted as follows:
Lluís Sarabia
Tarragona 161, 9th floor, 08014 Barcelona, Spain
privacy@inbenta.com
We will confirm receipt of your rights request within 10 days of receipt of your request, along with a description of the steps we will take to verify and respond. According to the requirements of the LGDP, we must provide the requested information or delete your personal data within 15 days of receipt of your request.
You can lodge a complaint regarding your LGPD rights with Brazil’s Autoridade Nacional de Proteção de Dados (ANPD). If you are a Brazilian resident, you may also lodge a complaint with Consumer’s rights authorities (PROCON) of your Brazilian state of residence.
9.2. EUROPEAN ECONOMIC AREA, UNITED KINGDOM AND SWITZERLAND
a. General
The General Data Protection Regulation (GDPR) governs processing of personal data by organizations in the European Economic Area or about individuals located in the European Economic Area. The current members of the European Economic Area are Austria, Belgium, Bulgaria, Croatia, Cyprus, Czech Republic, Denmark, Estonia, Finland, France, Germany, Greece, Hungary, Iceland, Ireland, Italy, Latvia, Liechtenstein, Lithuania, Luxembourg, Malta, the Netherlands, Norway, Poland, Portugal, Romania, Slovakia, Slovenia, Spain, and Sweden.
The Data Protection Act 2018 (UK GDPR) governs processing of personal data by organizations in the United Kingdom or about individuals located in the United Kingdom.
The Federal Act on Data Protection (FADP) governs processing of personal data by organizations in Switzerland or about individuals located in Switzerland.
The controller of the Inbenta Sites and Services is Inbenta Technologies Inc. and our representative in Europe is the Inbenta Holdings Inc. Spain Branch.
Inbenta Technologies Inc. and Inbenta Holdings Inc., Spain Branch may be contacted as follows:
Inbenta Technologies Inc. | Inbenta Holdings Inc. |
We process your personal data based upon your consent, as necessary to perform a contract with you or that we are entering into with you, based on legitimate interests, or as required by our legal obligations within the European Economic Area, the United Kingdom or Switzerland.
Basis for processing your Personal Data. We process your personal data based upon your consent, as necessary to perform a contract with you or that we are entering into with you, based on legitimate interests, or as required by our legal obligations within the European Economic Area, the United Kingdom or Switzerland. If you would like more information about the legitimate interests and bases for processing in particular processing operations, we invite you to contact us at privacy@inbenta.com.
Examples of personal data processed based upon your consent. If we are directing marketing communications to you, in your individual capacity, we do so with your consent unless an exception applies (such as to send you direct marketing about similar products or services to ones you have already purchased from us). If you wish to withdraw your consent, you may unsubscribe through the email or contact us at privacy@inbenta.com. Withdrawing your consent does not affect processing operations we have already completed based upon your consent.
Examples of personal data processed based upon a contract with you. If we have entered into a contract with you, in your individual capacity, we process your personal data as necessary to enter into and perform our obligations under the contract. These can include, for example, processing your payment information to collect payment and your contact information.
Examples of personal data processed based upon legitimate interests. We may process your personal data for our legitimate interests or the legitimate interests of third parties, which include advertising or market and opinion research, as far as you have not objected to the use of your data; entering into a contract with a third party (which could include your employer) and performing our obligations under that contract; the examination and optimization of processes for needs analysis; the further development of services and products as well as existing systems and processes; the disclosure of personal data within the framework of due diligence in the course of company sale negotiations; for comparison with European and international anti-terrorist lists, insofar as this goes beyond the legal obligations; the enrichment of our data, e.g., by using or researching publicly accessible data; statistical evaluations or market analysis; benchmarking; the assertion of legal claims and defense in legal disputes which are not directly attributable to the contractual relationship; the restricted processing of data, if a deletion is not possible or only possible with disproportionately high effort due to the special type of storage; the development of scoring systems or automated decision-making processes; the prevention and investigation of criminal offenses, if not exclusively for the fulfillment of legal requirements; and complying with our legal obligations in countries outside of the European Economic Area, the United Kingdom or Switzerland. If you would like more information, or to object to a particular processing operation based upon legitimate interests, please contact us at privacy@inbenta.com.
Our use of automated decision-making. We may engage in decision-making or profiling in the course of our processing operations. We do not, however, engage in solely automated decision-making, including profiling, that in our view would produce legal effects or similarly significantly affect you.
b. Retention
We retain personal data for as long as needed or permitted in light of the purpose(s) for which it was obtained. The criteria used to determine our retention periods include (i) the length of time we have an ongoing relationship with you; (ii) whether there is a legal obligation to which we are subject; and (iii) whether retention is advisable in light of our legal position (such as in regard to applicable statutes of limitations, litigation or regulatory investigations).
c. Data Subject Rights
If the GDPR, UK-GDPR or FADP apply to your personal data, you may have the right to:
- access your personal data;
- rectify inaccurate personal data about you;
- erase of your personal data;
- place restrictions on processing your personal data;
- object to processing your personal data;
- receive your personal data in a portable format;
- withdraw your consent for processing;
- be informed about how, why, for how long your data is processed, and to which third-parties your data is disclosed; and
- not to be subject to a decision based solely on automated processing.
These rights are not absolute and may be subject to limitations or restrictions. You can exercise your GDPR, UK-GDPR and FADP rights by emailing our DPO or by filling in our online webform. Our DPO can be contacted as follows:
Tarragona 161, 9th floor, 08014 Barcelona, Spain
privacy@inbenta.com
We will confirm receipt of your rights request within 10 days of receipt of your request, along with a description of the steps we will take to verify and respond. According to the requirements of the GDPR and UK-GDPR, we must provide the requested information or delete your personal data within 30 days of receipt of your request.
You also have the right to lodge a complaint with a supervisory authority. If you are in the European Economic Area or would like to contact a European supervisory authority, their contact information is here. If you are in the United Kingdom or would like to contact the UK Information Commissioner’s Office, you can do so here. If you are in Switzerland or would like to contact the Federal Data Protection and Information Commissioner (FDPIC), you can do so here.
9.3. CANADA
The Personal Information Protection and Electronic Documents Act (PIPEDA) regulates the collection, use, and disclosure of personal information of individuals in Canada and by companies located in Canada in the course of a commercial activity. If we are processing your personal information in Canada, the controller of your data is Inbenta Technologies Inc. Canada.
Inbenta Technologies Inc. Canada may be contacted as follows:
40 Temperance Street, 3200, Toronto (Ontario), Canada, MSH 084
privacy@inbenta.com
If you are in Canada and we are processing your personal information outside of Canada, the particular entity that is the controller of your data may vary. Please contact Inbenta Technologies Inc. Canada for more information at privacy@inbenta.com.
If the PIPEDA is applicable to you, you may have the right to:
- access the personal information we hold about you and be informed about how it is being used or disclosed;
- ask for the correction or completion of your personal information;
- withdraw consent to the collection, use, and disclosure of your personal information, subject to legal or contractual restrictions. We will inform you of any consequences of withdrawing your consent;
- know how we collect, use, and disclose your personal information. This includes knowing the purposes for which your personal information is used and to whom it may be disclosed;
- challenge compliance if you have concerns about our privacy practices, by contacting us or lodging a complaint with the authorities;
- request the portability of your personal information to another organization if feasible, in a structured and commonly used format, in certain circumstances; and
- restrict the ways we use or disclose your personal information, in certain circumstances.
You can exercise your PIPEDA rights by emailing our DPO or by filling in our online webform. Our DPO can be contacted as follows:
Lluís Sarabia
Tarragona 161, 9th floor, 08014 Barcelona, Spain
privacy@inbenta.com
You can lodge a complaint regarding your PIPEDA rights with the Office of the Privacy Commissioner of Canada.
9.4. JAPAN
The Act on the Protection of Personal Information regulates the collection, use, and disclosure of personal data by organizations in Japan. The personal information handling business operator in Japan is Inbenta Japan LLC.
Inbenta Japan LLC may be contacted as follows:
T010-0966 Akita-ken Akita-shi
Sanno 1-10-22 Ishikawa Jumusho, Bill 1F A
privacy@inbenta.com
If Japanese law applies to your personal data, you may have the right to:
- access your personal data;
- ask us to cease providing your personal data in identified form to a third party;
- understand the purposes of which we are using or disclosing personal data;
- consent to our processing your personal data for new purposes;
- correct personal data that is not factual;
- ask us to cease using your personal data or to delete your personal data; and
- appoint an agent to make these requests on your behalf.
These rights are not absolute and are subject to multiple exceptions. For example, we may decline to provide you with access to your personal data if doing so would be likely to harm the life, body, property, or other rights or interests of you or someone else or would be likely to seriously interfere with the proper implementation of our businesses. If we decline to do what you have requested in full or in part, we will strive to explain the reason why to you.
We may charge you a reasonable fee if you request to access your personal data or to understand the purposes of our use or disclosure of your personal data. The fee will be reasonable based upon our actual expenses in responding to your request.
You can exercise your rights under the Act on the Protection of Personal Information by emailing us at privacy@inbenta.com or by filling in our online webform.
9.5. CALIFORNIA (U.S.)
Inbenta is covered under the CCPA as we collect and process the Personal Data of California residents. This privacy policy provides the required notices to California residents. The CCPA also prohibits covered businesses from providing discriminatory treatment to California residents if they exercise their rights under the Act.
California residents have the following rights under the California Consumer Privacy Act (CCPA), amended by the California Privacy Rights Act (CPRA):
- Right to Opt Out of having their personal data sold to or shared with other persons or parties. We do not sell or share personal data.
- Right to request to delete their personal data, subject to certain exceptions.
- Right to request inaccuracies in their personal data we process.
- Right to request to limit the use of their sensitive personal data. We do not use or disclose sensitive personal data.
- Right to know:
- What specific pieces of information we have about the resident.
- The categories of personal data we have collected about the resident.
- The categories of sources from which the personal data is collected.
- The categories of personal data that we sell, share, or disclose for a business purpose about the resident.
- The categories of third parties to whom the personal data is sold, shared, or disclosed for a business purpose. The business or commercial purpose for collecting, selling, or sharing personal data.
The CCPA defines “sale” to include data transfers for monetary or other valuable consideration. We do not sell or share your personal information to third parties. As stated above in the data collection sections, we collect and transmit your data to third-party service providers in order to deliver services to you. We do not have actual knowledge that we have sold or shared the Personal Data of
California residents under 16 years of age.
To exercise your rights, please fill in our online webform or email us at privacy@inbenta.com. If you email us, please put in the subject line of your email the right you are seeking to invoke: “-California- and -Right you want to invoke-“. According to the CCPA, amended by the CPRA, California residents may also exercise their rights by writing us at our headquarters office in Texas:
Inbenta Technologies Inc.
950 West Bethany Drive, Suite 400, Allen, TX 75013
We will confirm receipt of your request to know, delete, or correct within 10 days along with a description of what steps we will take to verify and respond. We must provide the requested information or delete your personal data within 45 days of receipt of your request but can use an additional 45 days, but we will let you know if additional time is needed.
When contacting us, we may ask you to provide certain, limited personal data, such as your name, e-mail address and/or username to verify your request and to match with our records and systems. We will not retain this personal data or use it for any other purpose. To inquire about exercising these rights, please contact us at privacy@inbenta.com.
We do not respond to requests under California’s “Shine The Light” law (California Civil Code § 1798.83) because in the immediately preceding calendar year we have not disclosed the types of personal data requiring disclosure under that law.
9.6. OTHER U.S. STATES
We may be subject to other State data privacy laws based on our interaction with residents of those States and our use of their personal data. These laws provide said individuals enhanced rights with respect to their personal data when interacting with us. This section explains what rights said individuals may have under the mentioned laws.
Please note the rules implementing some of these laws have not yet been finalized. We will update our processes, disclosures, and this notice as these implementing rules are finalized, and as otherwise necessary.
Said individuals have the following rights, which may vary from one State to another:
- Right to confirm whether we process their personal data.
- Right to access the personal data we process.
- Right to request to receive their personal data in a portable and, if technically feasible, readily usable format.
- Right to correct inaccuracies in their personal data we process.
- Right to request we delete their personal data.
- Right to Opt Out of processing their personal data for purposes of targeted advertising, the sale of their personal data, or profiling in furtherance of decisions that produce legal or similarly significant effects concerning that individual.
The definition of “sale” may vary from one State to another. We do not sell or process personal data for purposes of targeted advertising or for profiling in furtherance of decisions that produce legal or similarly significant effects concerning individuals, or for money or other valuable consideration by Inbenta to a third party.
To exercise your rights, please fill in our online webform or email us at privacy@inbenta.com. If you email us, please put in the subject line of your email the right you are seeking to invoke: “-Name of your State of residence- and -Right you want to invoke-“.
You may submit multiple requests at once through our webform or in an email. There is no cost for submitting your first request; if you submit multiple requests in a twelve-month period, we may charge you a reasonable fee to cover the administrative costs of complying with your requests or decline to act on your requests.
For requests other than a Right to Opt Out, we are permitted to use commercially reasonable efforts to authenticate you are who you say you are and if you are making a request on behalf of another, that you have the authority to do so. If we are unable to do so, we may request that you provide additional information reasonably necessary to authenticate you. If we cannot authenticate you or your authority, we will deny the request.
If you submit a Right to Opt Out request, we are permitted to deny the request if we have a good faith, reasonable and documented belief that the request is fraudulent, and we will tell you that and why. You may appeal our decision by emailing us at privacy@inbenta.com with the subject line “Appeal of Request” and including our response to your request. We will also include this information in our response to your request. If you appeal our decision, we have 60 days to respond.
If you submit a request, we will tell you what the result is of your request without undue delay and within 45 days after we receive your request. We may extend that deadline by 45 days, to 90 days in total, in some cases. If we extend the deadline, we will tell you that and why. Inbenta does not discriminate against a consumer for exercising their rights.
Inbenta does not collect personal data for reasons not disclosed to the consumer without prior consent, does not process data in violation of any State of Federal laws that prohibit unlawful discrimination, and does not process or sell sensitive data, including biometric data, or process or sell sensitive data of children.
In addition, when you visit our website, we may use the information we collect automatically through online interactions, as described above in the Cookie, Pixel, and Session Replay Policy section for targeted advertising, which we may disclose or make available to advertising and social media networks.
“Personal data” refers to personal data that is linked or reasonably linkable to an identified or identifiable individual. U.S. State data privacy laws include exceptions for personal data regulated under other laws or maintained for certain reasons or in certain contexts. For example, they do not apply to publicly available information, including information that we reasonably believe individuals have lawfully made available to the public. As another example, we will not delete personal data when it is necessary to maintain that personal data to comply with a legal obligation.
10. UPDATES TO THIS PRIVACY POLICY
We may update this privacy policy from time to time. The “effective date” at the top of this privacy policy indicates when this privacy policy was last revised. Any changes are effective when we post the revised privacy policy on the Inbenta Sites and Services. We encourage you to routinely review this privacy policy to learn about updates to our privacy practices.
11. CONTACT US
For more information or if you have questions or concerns about our privacy practices, please contact us as it follows:
Inbenta Technologies Inc.
950 West Bethany Drive, Suite 400
Allen, TX 75013 USA
privacy@inbenta.com