This Privacy Statement (“Statement”) describes how Intigriti collects, stores, uses, and discloses your personal data and to whom in the context of its general business activities and the use of this website.
This Statement also describes your rights and how you can contact us to establish them. This Statement is issued on behalf of Intigriti and every reference to “we”, “us”, or “our” in this Statement is a reference to Intigriti, who is the data controller responsible for the processing of your personal data.
For specific information related to the personal data processing in the context of your use of the Intigriti Platform please consult our Platform Privacy Statement for Researchers or our Platform Privacy Statement for Client Users.
1. Who are we?
Intigriti NV, a Limited Liability company incorporated and existing under Belgian law, registered in the Belgian register of commerce under enterprise number 0660.623.646, with its principal office at Klokstraat 16, 2600 Antwerp, Belgium.
2. How do we use and process your personal data?
We process the personal data described in the current section of this privacy statement. For each processing activity, we strive to explain why we process that data and will clarify the legal basis for the processing.
Activity | Personal data Processed | Purpose | Legal basis |
Supplier Relationship management |
The applicable data may be obtained from you directly, from the company or entity you are a part of and/or from relevant public professional third-party resources. | To enable us to assess, establish and further manage the (potential) relationship between the supplier and Intigriti we may need to process personal data. In particular, to negotiate, prepare, execute, and/or manage our agreements and to further interact with them in this context.
| If the supplier is a data subject: performance of an agreement.
In other cases: our legitimate interest in implementing and following up on our agreements with our third-party service providers.
|
Customer relationship management |
The applicable data may be obtained from you directly, from the company or entity you are a part of and/or from relevant public professional third-party resources. | Data relating to our customers and their employees, representatives or collaborators, is processed to prepare, negotiate, manage and execute our agreement with you and to interact with you in the context of our collaboration and the provision of our services. | If the customer is a data subject: performance of an agreement. In other cases: our legitimate interest in implementing and following up on our agreements with our customers. |
Electronic mailings and newsletters communications | Information allowing us to communicate with you, such as your e-mail address. | If you subscribe to one of our newsletters or other periodical e-mail communications, we will process your personal data for that purpose. You may at any time unsubscribe, by clicking on the unsubscribe button included at the bottom of the applicable communication | Your consent (opt-in) |
Direct marketing of our products and services |
| If you are a current customer or researcher, if you have subscribed or otherwise requested to receive information about or products or services, or if we think you would be an interesting match with our company, we may use your personal data to communicate about Intigriti’s platform, activities and services, to invite you to events or seminars and/or to (try to) convince you to cooperate with us. | Our legitimate interest to inform prospects, clients and researchers about our services, or where applicable your consent. |
Purpose of analyzing, predicting and improving results and operations |
| We process personal data to analyze and predict results (such as those arising from our sales and marketing efforts and product usage and consumption), improve the performance of our websites, products and services and customer support, identify potential customers, opportunities and potential new product areas, ascertain trends, improve our websites’ functionality, improve our security, and provide us with general business intelligence, including through the use of machine learning technology. We may also combine the metadata and usage information collected from our websites with other information to enhance the purposes described above. | Your consent |
Managing your inquiries and providing our services |
| If you communicate with us, for example via email, chat, phone or via our website we may store the personal data you provide us with and the content of our communications in order to handle your request, remark or question. | Our legitimate interests, namely, to operate and expand our business and to keep trail of the applicable communications |
Safety security and operations management |
| We process Personal Data, such as contact data, ancillary data and metadata, about you, your use of our products and services to verify your online activities, to monitor suspicious or fraudulent activity and to identify violations of policies regarding the use of our products and services and to manage our business operations. | Legitimate interest in the context of prevention and detection of fraud. |
Lead generation and prospect management |
Currently, in the context of lead generation and prospect management, we might collect personal data from external sources. In that case, we are happy to let you know where we got your personal data.
Please note that the external sources and Intigriti are independent controllers. And we can only exercise your rights from the moment of collection of your data. If you want to exercise your rights with our sources, we have listed below how to contact them.
We have two third-party resources where we might collect the above mentioned personal data indirectly:
| We use personal data to (try to) find interesting prospective clients or security researchers, and to assess if you could be an interesting match to our company and/or services. | Our legitimate interest to generate leads and prospects, for the purpose of expanding our business. |
Risk and claims management |
| We may further preserve personal data that we process in the context of the other purposes outlined herein, for the purpose of allowing ourselves to demonstrate certain events or actions that took place (e.g. to demonstrate that a party has accepted certain terms and conditions, to demonstrate that someone has opted-in to receive marketing communication, to demonstrate that someone has ordered services, etc.).
| Legitimate interest, namely in the context of risk- and claims management (including the collection of debts). |
3. How long do we retain your personal data?
Where a specific retention time is not listed below, we will retain your personal data for a period necessary according to the original purpose of the data collection as outlined in this Statement, as necessary to comply with our legal obligations, resolve disputes, enforce our agreements or as outlined in applicable policies and notices. We determine the appropriate retention time by considering the amount, nature and sensitivity of your personal data , the potential risk of harm from unauthorized use or disclosure thereof and whether we can achieve the processing purposes through other means.
Activity | Retention time |
Supplier Relationship management | As from termination of the agreement with the concerned supplier: retention during the period relevant for legal action (currently 10 years). |
Customer relationship management | As from termination of the agreement with the concerned customer: retention during the period relevant for legal action (10 years). |
Electronic mailings and newsletters communications | Until 2,5 years after your subscription. On the expiry of this term, we will ask you to confirm if you want to continue receiving our communications. |
Direct marketing of our products and services | Until two (2) years from the last meaningful contact we have with you. You may at any time request us not to contact you anymore. Please use the contact details set out in the “Introduction” of this privacy statement. this privacy statement. |
Purpose of analyzing, predicting and improving results and operations | 24 months from your last interaction with the platform. |
Managing your inquiries and providing our services | During the period relevant for legal action (currently 10 years). |
Safety security and operations management | During the period relevant for legal action (currently 10 years). |
Lead generation and prospect management | Until two (2) years from the last meaningful contact we have with you. |
Risk and claims management | During the period relevant for legal action (currently 10 years). |
4. To whom do we disclose your personal data?
Our general recipients are the following:
We will disclose your personal data to our personnel, on a need-to-know basis.
We may share your personal data with financial institutions, payment providers and other relevant services providers, for the purpose of making or receiving payments.
We share your personal data with public authorities (including tax and social security authorities) when we are legally required to do so;
To the extent needed for that purpose, we may potentially share limited personal data with third parties, in connection with an (anticipated or considered) disposal of assets, restructuring, merger or sale of shares.
We share your personal data with our professional advisors, lawyers and bailiffs to the extent relevant to their assistance.
Furthermore, we use various suppliers and service providers and may share personal data with them, where this is needed or useful to enable them to provide their assistance or services to us (e.g. hosting providers or parties who assist us in securing our premises, etc.). These parties may only process your personal data in accordance with our instructions thereto.
5. Which rights do you have in relation to your personal data?
In accordance with the provisions of the GDPR, you have several rights with regard to the personal data that we process about you. Please note that the exercise of your rights may be subject to additional legal conditions. To exercise any of your rights, please send us a written request, using the contact details below.
Right to information and right of access
You have the right to confirmation as to whether or not we process your personal data and, in the event we do so, to access such personal data and receive a copy thereof, as long as this does not adversely affect the rights and freedoms of others. This service is usually free of charge, although we have the right to charge a ‘reasonable fee’ in some circumstances.
Right to rectification
You have the right to request that we rectify any inaccuracies in relation to the personal data we hold about you. Have you noticed an error in the information we hold? Please let us know using the contact details below.
Right to erasure ("right to be forgotten")
In some circumstances, you have the right to request the erasure of your Personal Data or object to the further processing of your information.
We will comply with your request in the following situations:
If your personal data is solely processed based upon your consent.
If you object to the processing on grounds relating to your particular situation and there are no overriding legitimate grounds for processing.
If you object to the processing of your data for direct marketing purposes.
If we have processed your personal data unlawfully.
If the personal data must be deleted to comply with a legal obligation to which we are subject.
There are certain exclusions to the right to erasure. Those exclusions include the situation where processing is necessary:
for exercising the right of freedom of expression and information;
for compliance with a legal obligation; or
for the establishment, exercise or defense of legal claims.
Right to restriction of processing
You have the right to restrict the processing of your personal data if:
You contest the accuracy of the personal data (and only for as long as it takes to verify that accuracy);
The processing is unlawful and you request restriction (as opposed to exercising the right to erasure);
We no longer need the personal data for the purposes of our processing, but you require personal data for the establishment, exercise or defense of legal claims; or
You have objected to processing, pending the verification of that objection.
Once you have exercised your right to restrict the processing of your personal data, we may still process it:
with your consent;
for the establishment, exercise or defense of legal claims;
for the protection of the rights of another natural or legal person; or
for reasons of important public interest.
Right to object to processing
Where we process your personal data based on legitimate interests, you have the right to object to the processing of your personal data on grounds relating to your particular situation. You also have the right to object to the use of your personal data for direct marketing purposes. In this case, no specific reason is required.
Right to data portability
To the extent that the legal basis for our processing of your personal data is consent, and such processing is carried out by automated means, you have the right to receive your personal data from us in a structured, commonly used and machine-readable format. However, this right does not apply where it would adversely affect the rights and freedoms of others. You also have the right to have your personal data transferred directly to another company, if this is technically possible, and/or to store your personal data for further personal use on a private device.
Right to withdraw your consent
If the processing is based on your consent, you have the right to withdraw this consent for the future.
Automated decision-making and profiling
You have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning your, or similarly significantly affects you.
How can you exercise your rights?
Contact us
In order to exercise your rights contact us per email via: privacy@intigriti.com.
We may ask you some relevant questions allowing us to ensure that you are the person you claim to be.
Complaints
You have the right to lodge a complaint with the Belgian Data Protection Authority. However,we would appreciate the chance to deal with your concerns before you approach our supervisory authority ask you to contact us in the first instance.
You can lodge a complaint with the Belgian Data Protection Authority by written mail to:
Data Protection Authority
Rue du Printing 35
1000 Brussels
Tel. +32 (0)2 274 48 00 - Fax +32 (0)2 274 48 35,
Or by email via: contact@apd-gba.be
This is without prejudice to the possibility of taking legal action before the civil courts. If you have suffered damage as a result of the processing of your personal data, you can submit a claim for compensation.
7. International data transfers
Subject to your permission or as permitted by law, the personal data that you provide us with may be transferred outside the EER, in order to consolidate data storage or to simplify our business management. We have adopted globally recognized privacy principles and only collect and/or transmit your personal data to the extent it is necessary to conduct business and perform requested services.
In cases where personal data is transferred to countries that are not recognized by the European Commission as offering an adequate level of personal data protection, such transfers are covered by standard contractual clauses adopted by the European Commission. If applicable to you, you may obtain copies of such safeguards by contacting us.
8. What about personal data of children?
Our Platform is not directed at children. We do not knowingly collect personal data from children. If you are a parent or guardian and believe that your child has provided us with personal data without your consent, please contact us by using the information above in the contact us section of this Statement and we will take the required steps to delete such personal data from our systems.
9. Amendments to this Researcher Privacy Statement
This Statement may be updated from time to time, to reflect changes in our practices, and technologies, and/or to remain consistent with the applicable data protection and privacy laws and principles, and other legal requirements.
If we make any material updates, we will provide you with a prior notice regarding by email or on the platform.