Privacy policy

Last updated: May 4, 2019

1. Introduction

Intrinsicx Technologies Limited, a company registered in Ireland under number 553481, whose registered office is at 88 Harcourt Street, Dublin 2, Ireland, and its associated companies (collectively “Intrinsicx”, “the Company”, “we”, “our”, “us”) are committed to protecting and respecting the personal data we may collect from you, or that your employer may provide to us, through the use of the Intrinsicx application (the “Platform”).

We are committed not only to the letter of the law, but also to the spirit of the law, and we place high importance on the correct, lawful, and fair handling of all personal data, respecting the legal rights, privacy, and trust of all individuals with whom we deal.

This policy sets out the basis on which we collect, process, transfer, store and dispose of such data, and our obligations under applicable data protection law (including EU Regulation 2016/679 General Data Protection Regulation (“GDPR”)) and the rights of Client Employees (“data subjects”) in respect of their personal data.

2. Questions, Contacting Us, Reporting Violations

If you have any questions, concerns or complaints about this Policy, or wish to report a potential security violation, please contact:

Data Protection Officer
Intrinsicx Technologies Limited
88 Harcourt Street
Dublin 2, Ireland
privacy@intrinsicx.com

3. Personal Data We Collect and Process

In the normal course of our business, we collect and process data relating to:

1. Platform Participants – stakeholders (employees, consultants, contractors, associates, freelancers, etc.), partners, customers, clients, suppliers, shareholders, investors, etc. of our Client companies, nominated for access to our Platform.
2. Platform Users – administrators and Managers/Leaders from our Client company, nominated for access to the results/reporting environment within our Platform.
3. Potential Platform Users – typically potential clients evaluating the Platform on a trial basis.
4. Marketing and Support Data – collected for our own marketing, client support, billing, and administration purposes.

For item 4 above, we are the data controller. For items 1–3, our Client company is the data controller, on whose behalf and in accordance with whose lawful instructions we process your personal data.

For items 1 and 2, we have entered into a Client Agreement for Platform use, and any data you provide to us, including via the Platform, is governed by the terms of that agreement.

4. How We Collect and Process Your Data

4.1 For Platform Participants, Users, and Potential Users:

We may collect your data through:

• 4.1.1 Direct or indirect interactions (e.g. via Platform, emails, phone), which may include name, email, job role, seniority, age, employer type, etc.
• 4.1.2 Information provided by our Client company nominating you.
• 4.1.3 Information you submit within the Platform (e.g. feedback or opinions).
• 4.1.4 Usage data (e.g. access times, behaviour, device/browser type, etc.).
• 4.1.5 Sensitive data: We do not collect special category personal data unless explicitly requested by the Client company with your consent. If you voluntarily submit such data, we deem that as explicit consent.

4.2 For Marketing and Support Data:

• We collect data to enhance relationships with Clients and Prospects.
• Processing is based on legitimate interest for improving service relevance and maintaining relationships.

5. How We Use Your Data

• 5.1 To fulfil our obligations under the Client Agreement, helping Clients understand stakeholder perceptions, culture, and engagement.
• 5.2 Clients typically use a “legitimate interests” basis for this data processing.
• 5.3 Participation is voluntary, even if pre-enrolled.
• 5.4 All reporting to Clients is anonymised unless:
  • 5.4.1 Client waives anonymity explicitly (they must notify Participants).
  • 5.4.2 Participants include personal information in free-text comments.
  • 5.4.3 Exceptional risk to safety or unlawful acts prompt identity disclosure (only when justified and typically with consent).
• 5.5 We may use anonymised, aggregated data for benchmarking and reports.
• 5.6 We use selected 3rd parties integrated with our Platform (listed below), all held to high security standards.
• 5.7 Data may be disclosed to legal, regulatory, or Client parties where necessary for compliance or contract enforcement.

6. Data Security and Encryption

• The Platform uses “security by design” principles and industry-standard encryption.
• All data is encrypted in transit (TLS with secure ciphers).
• Hosting (via Amazon Web Services) ensures encrypted data at rest and in transit.

7. Data Retention

• Personal data is only retained as long as necessary and in accordance with legal obligations.
• 7.1 Typically deleted 12 months after the end of a Client Agreement unless otherwise agreed.
• 7.2 We will honour specific requests for deletion or return, as stated in Client Agreements.

8. Your Rights Regarding Personal Data

You have the right to:

• 8.2.1 Access your personal data
• 8.2.2 Object to data processing
• 8.2.3 Rectify inaccurate data
• 8.2.4 Erase your data (with some exceptions)
• 8.2.5 Restrict processing
• 8.2.6 Request portability of your data to another provider

To exercise these rights, contact:
privacy@intrinsicx.com or dpo@intriniscx.com

We may request identity confirmation before fulfilling any data-related requests.

9. Changes to This Privacy Policy

This policy may be updated as needed to comply with law or internal changes. The latest version will always be posted at www.intrinsicx.com and on the Platform.

10. 3rd Party Service Providers

We currently use the following providers:

• Amazon Web Services (AWS): Hosting and data storage in the EU.
  https://aws.amazon.com/compliance
• SolarWinds Papertrail: Log management with encrypted archives.
  https://www.solarwinds.com/legal/privacy
• Sentry: Application monitoring and error detection.
  https://sentry.io/privacy
  https://sentry.io/security

‍