UPDATED: April 2023
Goal: Incorta recognizes that the personal data it receives is held in a position of trust. We seek to fulfill that trust by adhering to the following general principles regarding personal data.
Incorta’s Privacy Principles
Fair and Lawful Processing
- Incorta fairly and legitimately collects and manages personal data.
- In compliance with relevant law, Incorta handles personal data based on consent, to fulfill contractual commitments, for our legitimate business operations, to adhere to legal requirements, or in other ways.
- Incorta is aware that processing any sensitive or unique categories of data requires extra caution, thus we will make sure that we have a proper legal basis for using this type of data (for instance where this is necessary to meet employment law obligations).
- Incorta does not rent, sell, or lease customers’ personal information in agreements with its business clients, partners, and suppliers.
- Incorta honors its privacy promises.
Transparency and Purpose Limitation
- Incorta is transparent and provides notice and where required or appropriate choice to individuals regarding the type of personal data collected and its intended uses.
- For the purposes of ensuring that our data collection supports reasonable business requirements and is proportionate to our needs, Incorta evaluates the purposes for which personal data about covered individuals is to be collected.
- Incorta does not utilize personally identifiable information collected from people for any reason other than what is specified in our notifications.
- For example, when processing your Personal Information is in your vital interest or required to protect your life.
- For example, if you opt-in to receive marketing communications from us or expressly provide your consent for us to process your Personal Information. In the event you provide your consent, you may also withdraw your consent when permitted by applicable law, if you contact us.
Data Access & Rights
- People have reasonable access to the personal information Incorta has on file about them and can review and change it as necessary.
- When appropriate, Incorta complies with individuals’ legal rights over their personal data, such as the right to object to a particular type of processing activity or the right to have specific data types deleted.
- Incorta makes a good faith effort to guarantee that all related personal data is complete, accurate, current, and limited to what is required for the purposes for which it is collected.
- Incorta securely deletes or otherwise destroys personal data after keeping it for as long as is required for the purpose for which it was collected. Other laws and duties that compel Incorta to keep information for a specific amount of time apply to this duty.
- Incorta is committed to putting in place the necessary security measures to guard against unauthorized access to or disclosure of personal information.
- For data deemed to be sensitive personal data, Incorta offers additional degrees of protection
Data Sharing and Onward Transfer
In accordance with applicable laws and generally accepted industry standards:
- Incorta does not divulge personal information about individuals to third parties unless those parties agree to protect the information with a level of protection at least as high as that offered by Incorta.
- Incorta transfers personal data globally both inside and outside of the Incorta group of enterprises. To guarantee that there is sufficient protection for the personal data, Incorta participates in a number of international privacy programs, including the APEC Cross Border Privacy Rules and EU Binding Corporate Rules.
- In accordance with the demands of relevant legislation, Incorta will retain a record of its data processing activities and conduct routine compliance audits.
Incorta is dedicated to addressing any issues with personal data. We respond promptly and politely to complaints or disputes involving personal data. The Information Security Department manages complaints, monitors compliance with applicable laws and international compliance programs as well as privacy policies and practices.
Types of Personal Information we Collect
Depending on how you use or interact with our Services, we produce a variety of different forms of Personal Information. The following lists the different types and sources of Personal Information we might gather and produce.
Demographic and Contact Information
Under certain circumstances we may collect demographic and contact information that you provide to us. This information includes: your name, mailing address, email address and telephone number
Online or Other Account Information
We may collect username and email addresses along with corresponding passwords, security questions and other information needed to permit access to certain components of our Services which require registration and/ or credentials.
Webforms and Requests
Any information that you submit to us through online or interactive forms available within our Services will be collected. This includes instances in which you “contact us”, submit feedback, request information about products or services, sign up for newsletters or mailing lists, or reach out to us with questions or concerns. If you wish to exercise your rights related to your data or submit a deletion or a general DSAR (Data Subject Access Rights) request, click on this link.
Information collected includes: usernames and passwords to enter certain sections of our websites or Services, unique identifiers, preference information (such as marketing preferences) browser types, Internet service providers (ISP) and referring/ exit pages. Additionally, we may collect information about the files you viewed on our sites, operating system, date/time stamps and clickstream data and other information further described in Tracking Technologies.
Mobile Apps/ Social Media
Some of our services are accessible on mobile devices through mobile websites or mobile applications. In the event that you access and use our Services through a mobile device, we may also gather mobile-specific data, such as your device ID, device type, hardware type, media access control (“MAC”) address, the version of your mobile operating system, the platform you used to access or download the Services, location data, and usage data about your device and the Services you use. Because not all of our mobile services have links to this privacy statement, please read the relevant privacy notice before using any mobile services.We maintain pages on many social networking sites.
Our Services may link to our pages or accounts on third party social media networks (“social media”) but our Services do not use social media plug-ins. If you choose to interact with us on social media, we may collect the information you publish or submit. Note that this information is also governed by the privacy policies of the respective companies offering the social media service. We may collect information when you interact with our social networking pages, including:
Device Information/ Log Information
We may also associate the information we collect from your different devices, which helps us provide consistent Services across your devices. Device specific information we may collect includes: Internet Protocol (IP) address, hardware model, operation system, unique device identifiers and mobile network information.
We may also create usage statistics and monitor the traffic from your use or interaction with our Services. Information collected includes ssage details of our Services, and the address (or URL) from where you came from before visiting us, which pages or features you visit or utilize, which browser you use, specific search terms, and items you click on.
Depending on how you use or interact with our Services, a variety of methods may be used to acquire your location information. Your IP address, location data linked with the usage of a device, the country or region you choose, or other location-based features and contents of our Services, for instance, can all be used to determine your location.
The information we have about you, the business you work for or are affiliated with, comes from your requests, communications, and interactions with us. This may include your job title, contact information (phone, email, fax, and address) for your company or organization, details about goods or services you expressed interest in or bought from us, or that we bought from you or your business, and other details required to confirm your eligibility to transact business with us.
We may also gather information needed to conduct a credit card transaction, such as the credit card type, number, and expiration date, if you use a credit card to buy goods or services from us.
If you use certain types of our Services, we may collect information about your health or medical condition, and your treatment (including the specific device or product that you are prescribed). Additional privacy laws may apply to this type of sensitive information, so other privacy policies may apply.
Events and Webinars
We may host events to share product information with customers and potential customers. When you sign up to participate in an event we may collect information such as name, email, phone number and company. This information may be added to our CRM and used to contact or follow up with you after the event to answer any inquiries or interest you may have for our services. Under this process, Incorta may contact the customer or potential customer additional information with appropriate data rights considered.
Incorta Text Messages
Our Services may allow us and other users to communicate with you through text messaging periodically. We may contact you regarding the Services we provide to you, such as providing system alerts. You may manage your contact information and notification preferences in your Services account settings.
Communications Subscription Information
From time to time, we may provide information to our customers and potential customers in electronic or print Communications. When you subscribe to our Communications, you may be added to our mailing list and will receive announcements and information about Incorta. Communications will be emailed or mailed to the address that you provide when you subscribe.
When you sign up to receive our Communications, we ask for your name and email address.
We will ask for your consent to use your name and email address to email you our Communications , which contains information about our products and other information we feel might be of interest to you. You can withdraw your consent, and we will stop sending you Communications.
Your name and email address are shared with a third-party mailing system based in the United States and, if applicable, in Europe. This company has contractually committed to providing appropriate safeguards for your data which means it will be protected in line with the legal requirements of the European Union. We do not use the information you provide to make any automated decisions that might affect you. We keep your data for as long as we produce and distribute our Communications. If you withdraw your consent, we will mark your details, so they are not used and delete them after three years.
Buttons, Tools and Content from Other Companies
Incorta Online Advertising
We advertise online, including displaying Incorta ads on websites and apps across the Internet. When we advertise online to you, we may collect information about which ads are shown to you, which ads you click on, and the web page where the ad was displayed to you, Including public chat, message boards, and user postings
How your Information is Stored and Processed
Your inquiry is stored and processed as an email hosted by GCP (Google Cloud Platform) within the European Economic Area (EEA). It is also logged on a CRM system (Salesforce) on a cloud server based in the United States; We do not use the information you provide to make any automated decisions that might affect you. All European Data is hosted in European Servers and its applicable jurisdiction. We keep inquiry emails for five years, after which they are securely archived. CRM records are kept for three years after the last contact with you.
Incorta Websites and Use of Tracking Technologies
To give you access to some features offered by our Services, our Services may use tracking technology. When you engage with us, these tracking technologies, such as those listed below, may collect or create Personal Information about you, but only if you choose to allow them in your Cookie Settings or in the browser settings specific to you.
Additionally, third parties may be able to collect information about your online activities when you use our websites or Services using cookies or other technologies. We do not respond to web browsers ‘do not track signals or other similar transmissions that indicate a request to disable online tracking of users who visit our websites or who use our websites or Services.
Click here to learn more about our Cookies Notice/Policy related to www.Incorta.com.
Our Services may incorporate the following tracking technologies:
- Web Beacons: Electronic images placed in the code of a webpage, application, or email that allow us to monitor things such as user activity and site traffic.
- Tags: Pieces of code, or tags, which gather information about users. For example, tags are used on our websites to better understand online usage patterns and trends. We may also use tags in our emails or newsletters to count how many of those messages are read.
- Widgets: Small components embedded within our Services which enable you to use certain functionalities
Use of the Information Collected by Incorta
Depending on the Services you use and how you interact with us, we may use your Personal Information in the following ways, as laid out below. If you reside in a certain region, such as the European Union, we may not be able to use your information for some of the below reasons without first receiving your agreement.
We may use the information we collect about you to:
- Provide you Incorta website content and Services, as well as any other services, support, or information you have requested
- Operate and improve our websites and Services, and diagnose related problems
- Personalize our website, Services, and Communications to your likely interests and needs
- Send your business messages such as those related to Services notifications, payments, or renewal of your subscription
- Send you information about Incorta, new releases, special offers, and similar marketing information
- Conduct market research about our customers, their interests, and the effectiveness of our marketing campaigns
- Display personalized ads to you
- Combine information we collect about you with other public or private information sources to provide you with
Communications that may be relevant to you and to enhance the Services we provide to you
- Contact you via telephone to discuss our Services and related offers with you.
- To improve the Services and user experience
- To comply with with applicable laws or legal obligations, such as:
- Compliance with applicable retention obligations
- To investigate potential breaches
- To protect our rights, property, safety and those our users
Aggregate data from our Services are used to benchmark and improve our Services.
Where required under applicable law, we will obtain your consent to use your Personal Information for marketing purposes.
Sharing Information Collected by Incorta
We work with companies that help us run our business. These companies may provide services such as delivering customer support, processing, collecting payments, and sending Communications on our behalf. These companies may have access to your Personal Information as required to help us run our business.
Incorta may also share your Personal Information:
- When you have consented to the sharing
- With our affiliated companies
- When you purchase a license to use or indicate interest in a third-party product or service through Incorta, the third party may contact you about your purchase or interest.
- With our resellers and other sales partners
- When we are required or believe we are required to provide information in response to a subpoena, court order, applicable law, government statute, regulation, or other legal processes
- When we have a good faith belief that the disclosure is necessary to prevent or respond to fraud, defend our websites or Services against attacks, or protect the property and security of Incorta, or the property and security of our customers and users
- To the extent necessary to meet lawful requests by public authorities, including to meet national security or law enforcement requirements
- If we merge with or are acquired by another company,we sell a website, app, or business unit, or all or a substantial portion of our assets are acquired by another company, in which case your information may be one of the assets that are transferred.
- When we hire companies to help us market our websites and Services and provide you with information and offers related to Incorta, including displaying ads to you across the Internet
- When we enlist the services of participating third party carriers to provide messaging services
- When we aggregate and share de-identified information collected by our Services to provide statistical information or market research to third parties
How we Interact with Third Parties
Information Security and Storage
We understand that the security of your Personal Information is essential. We implement reasonable administrative, technical, and physical security controls designed to protect your Personal Information from loss, misuse, unauthorized access, disclosure, alteration, or destruction. However, despite our efforts, no security controls are entirely adequate, and we cannot ensure or warrant the security of your Personal Information.
Incorta is committed to putting in place the necessary security measures to guard against unauthorized access to or disclosure of personal information. For data deemed to be sensitive personal data, Incorta offers additional degrees of protection In accordance with applicable laws and generally accepted industry standards:
- Incorta does not divulge personal information about individuals to third parties unless those parties agree to protect the information with a level of protection at least as high as that offered by Incorta.
- Incorta transfers personal data globally both inside and outside of the Incorta group of enterprises. To guarantee that there is sufficient protection for the personal data, Incorta participates in a number of international privacy programs, including EU Binding Corporate Rules.
Your Personal Information and data files are stored on our Systems and Systems of our sub-processors and companies we hire to provide services to us. Below are the security controls and mechanisms that are in place for data to be adequately secured and store data:
- Encryption at rest and in transit (AES256 & TLS1.3)
- Access Controls
- Risk Management & Mitigation
- Logging & Monitoring of unusual data activity
- Infrastructure Hardening- GCP (Google Cloud Platform)
- Key & Password Management
- MFA Enablement with Data Access for admin level accounts.
*This is not a comprehensive list of our security controls. You may contact email@example.com for detailed list of controls
Cross- Border Data Transfers
Incorta adheres to the latest EUDPB (European Data Protection Board) statements and amendments related to transfer impact assessments and the Schrems Modules. Personal data related to EU data subjects are hosted on systems located within the European Economic Area.
Updating and Deleting your Personal Information
We take reasonable steps to ensure that the Personal Information we collect is accurate, complete, and current by using the most recent information provided to us. Our websites and Services may allow you to review and edit your Personal Information by accessing your profile or similar feature of the website or Service you are using. For our websites, you may have the ability to manage your cookies and similar technologies through your web browser settings. You should consult the settings and instructions provided by your web browser provider for more information.
You may also submit a request to us to review, edit, or delete your Personal Information by emailing your request to firstname.lastname@example.org, or if you prefer, you can contact us through physical mail at Incorta, Inc., 2755 Campus Drive #350 San Mateo, CA 94403 (Attn: Privacy Office), or by telephone at (650) 242-1210. Our business hours for telephone contact are 9:00 AM to 5:00 PM PST. Once we verify your identity, we will assist you with your request.
For a faster-automated DSAR (Data Subject Access Rights) Request, you can click here and fill out the form related to Universal data deletion requests unrelated to California and the European Economic Area.
We will retain your Personal Information for as long as necessary to provide you with the websites and Services you use, as needed to comply with our legal obligations or enforce our agreements. For example, we may retain certain records for legal or internal business reasons, such as fraud prevention. Some of your information may also remain on backup systems after using our websites and Services ends.
Opting- Out of Incorta Communications
You may opt out of receiving communications by modifying your website or Service profile or by unsubscribing to the marketing mailings or newsletters you no longer desire. To unsubscribe, please submit your information to email@example.com, or follow the “Unsubscribe” instructions contained within the mailing, newsletter, or other communication that we send to you. You may also send an email to firstname.lastname@example.org with “Unsubscribe” in the body and a description of the Communications you no longer desire to receive.
You can further opt-out in our opt-out center here.
California Consumer Protection Act
The California Consumer Privacy Act (“CCPA”) provides some California residents (“you” or “your”) with the following rights, including the right to (I) request information about the personal information we have collected about you; (ii) request information about our sale or disclosure for business purposes of your personal information to third parties; (iii) opt-out of the sale of your personal information to third parties; and (iv) not be discriminated against for exercising any of these rights.
To exercise your rights under the CCPA, please submit a request via email at email@example.com or submit this online form here.
We will review any request via email or otherwise. We reserve the right to confirm your request, providing us with personal information already maintained by us. We will not use this additional information for anything other than handling your request. You may designate an authorized agent to request in certain circumstances. We will endeavor to fulfill your request within 45 days of receiving that request. We will inform you of the reason and extension period in writing through email or other methods we may determine if we require additional time.
As a California resident, California Civil Code Section 1798.83 permits you to request once-year information regarding disclosing your personal information to third parties for those third parties direct marketing purposes. To make this request, please submit a request via email to Privacy@incorta.com or fill out this form.
General Data Protection Regulation
Your Data Protection Rights under the General Data Protection Regulation (GDPR)
By law, you can ask us what information we hold about you, request access to it, and correct it if it is inaccurate. If we process your information for contractual reasons, you can copy the data. If you believe we are not using your information lawfully, you can stop using it. In some circumstances, you may have the right to erase your data.If you wish to exercise your rights related to your data or submit a deletion or a general DSAR (Data Subject Access Rights) request, click on this link or contact us at firstname.lastname@example.org
In certain circumstances, you have the following data protection rights:
- The right to access, update or delete the information we have on you. Whenever possible, you can access, update or request deletion of your Personal Data directly within your account settings section. If you cannot perform these actions yourself, please contact us to assist you.
- The right of rectification. You have the right to have your information rectified if that information is inaccurate or incomplete.
- The right to object. You have the right to object to our processing of your Personal Data.
- The right of restriction. You have the right to request that we restrict the processing of your personal information.
- The right to data portability. You have the right to be provided with a copy of the information we have on you in a structured, machine-readable, and commonly used format.
- The right to withdraw consent. You also have the right to withdraw your consent at any time where Incorta relied on your consent to process your personal information.
Children under the age of 13 are not intended to use the online components of our Services, and we do not intentionally collect Personal Information from them online. Please get in touch with us if you believe we have obtained personal data from a kid under the age of 13 through an online service.
Do Not Track
Questions or Concerns
If you have an unresolved privacy or data use concern that we have not addressed satisfactorily, please contact our U.S.-based third party dispute resolution provider (free of charge) at https://feedback-form.truste.com/watchdog/request.
Complaints Under CCPA (California Consumer Protection Act)
Contact Information: For questions about a written comment or complaint you submitted to the Public Inquiry Unit, please fill out and submit our online form. Please specify in the “Your Comments” section the specific Public Inquiry Unit record that you are seeking. Or you may mail your request to
Public Inquiry Unit
Office of the Attorney General
P.O. Box 944255
Sacramento, CA 94244-2550
Complaints under GDPR
If you have a complaint about our use of your information, we would prefer you to contact us directly in the first instance so that we can address your complaint by emailing email@example.com or submitting this form here. However, you can also contact the Data Protection Commission via their website at dataprotection.ie or write to them at:
Privaon Oy, address Hevosenkenkä 3, 02600 Espoo,
Business ID 2647800-2
Privaon represents Incorta as the DPO and GDPR authority for complaints, resolutions, and risk mitigation; please contact our DPO using the above information for complaints or questions.