Privacy Policy

Last updated August 23, 2023

This privacy notice describes how and why Inita AG (“Company,” “we,” “us,” or “our”), domiciled at Vordergasse 59, Schaffhausen 8200, Switzerland, collects, stores, uses, and/or shares (“processes”) your information when you use our services (“Services”), such as when you:

• Visit our website at https://inita.com or any website of ours that links to this privacy notice,
• Create your account on our website,
• Subscribe to our news feed,
• Upload your data to the Services,
• Engage with us in other related ways.

This privacy notice does not apply to third parties’ websites or services.

Questions or concerns? Reading this privacy notice will help you understand what information we process when you use our website or the Services, how we process this information, your privacy rights and choices with regard to your personal data. If you have any questions or concerns or if you want to exercise any of your rights, please contact us at privacy@inita.com. If you want to contact our representative in the EU, please write at legal-eu@inita.com.

We may update this privacy notice to keep it consistent with our privacy and data processing practices and to comply with the law if it changes. We may inform you of certain important changes to this privacy notice. You can always find the latest version of this privacy notice on our website: https://inita.com/privacy-policy/.

Please read this privacy notice carefully.

If you do not agree with our policies and practices described in this privacy notice, please do not use our Services, do not visit our website, and do not provide your information to us.

What information do we process?

Depending on the situation, we process different data. You can find out more about the data we process in this section. Some data may be treated as personal data in accordance with the laws of certain territories and countries. By referring to personal data we mean any information relating to an identified or identifiable natural person, excluding any anonymized and depersonalized data where an identity is absent or has been removed and cannot be recovered.

Data Provided by You.

We process data that you voluntarily provide to us when you register on the Services, express an interest in obtaining information about us or our products and the Services, when you participate in activities on the Services, or otherwise when you contact us.

The data that we process depends on the context of your interactions with us and the Services, the choices you make, and the products and features you use. The data we process includes the following:

• Name,
• Email address,
• Password,
• Business name,
• Business phone number,
• Business email address,
• Business address,
• Contact preferences,
• Contact or authentication data billing addresses.

Payment Data.

We process data necessary to handle your payments if you make purchases, such as your payment instrument number, and the security code associated with your payment instrument.

All payment data is stored by Stripe. You may find their privacy policy link here: https://stripe.com/en-lu/privacy.

Social Media Login Data.

Our Services offer you the ability to register and log in using your third-party social media account details (like your Facebook or Twitter logins). Where you choose to do this, we will receive certain profile information about you from your social media provider. The data we receive may vary depending on the social media provider concerned, but usually it includes your name, email address, and profile picture, as well as other information you choose to make public on such a social media platform.

We will use the data obtained only for the declared purposes. Please note that we do not control, and are not responsible for, other uses of your personal data by your third-party social media provider. We recommend that you review their privacy notice to understand how they collect, use, and share your personal information, and how you can set your privacy preferences on their sites and apps.

When registering through a social media account, you must not use accounts belonging to other people or companies. If your account information has changed or you notice an error, please notify us at the address below so that we can update the information.

Information obtained when you use the Services.

To provide you with the functionality of our Services and for security purposes, weprocess certain information when you visit, use, or navigate the Services. This information includes device and usage information, such as your IP address, browser and device characteristics, operating system, language preferences, referring URLs, device name, country, location, information about how and when you use our Services, and other technical information. This information is needed to maintain the security and operation of our Services, and for our internal analytics and reporting purposes.

The information we process includes:

• Log and Usage Data.
  Log and usage data is service-related, diagnostic, usage, and performance information our servers automatically obtain when you access or use our Services and which we record in log files. Depending on how you interact with us, this log data may include your IP address, type, screen resolution and manufacturer’s brand name of your device, browser type, and settings, and information about your activity in the Services: timestamps associated with your usage, pages and files viewed, search queries, and other actions you take, such as which features you use, device event information (such as system activity: loading pages, clicking buttons and links, scrolling pages).

• Device Data.
  We process device data such as information about your computer, phone, tablet, or other device you use to access the Services. Depending on the device used, this device data may include information such as your IP address (or proxy server), device and application identification numbers, location, browser type, hardware model, Internet service provider and/or mobile carrier, operating system, and system configuration information.

• Location Data.
  We process location data such as information about your device’s location, which can be either precise or imprecise. How much data we obtain depends on the type and settings of the device you use to access the Services. For example, we may use GPS and other technologies to obtain geolocation data that tells us your current location (based on your IP address). You can opt out of allowing us to process this information either by refusing access to the information or by disabling your Location setting on your device. However, if you choose to opt out, you may not be able to use certain aspects of the Services.

Cookies.

We obtain data through cookies and similar technologies. You can find more information on our Cookie Notice.

What information do we not process?

We do not process any special categories of personal data, such as biometric data, and personal data of minors.

We do not need to process such data and we urge you to refrain from uploading such data to the Services.

If you accidentally upload such data to the Services, please notify us immediately at the address below so that we may remove such data promptly.

Why do we process your information?

We process your information for a variety of reasons, depending on how you interact with our Services, including:

• To facilitate account creation and authentication and otherwise manage user accounts. We process your information so you can create and log in to your account on the Services, as well as keep your account in working order.
• To deliver and facilitate delivery of the Services to the user. We process your information to provide you with the requested service.
• To improve our Services. We process your information to make our Services better and to meet your business needs.
• To request feedback. We process your information when necessary to request feedback and to contact you about your use of our Services.
• To send you marketing and promotional communications. We process your information you send to us for our marketing purposes if this is in accordance with your marketing preferences. You can opt out of our marketing emails at any time. For more information, see “What are your privacy rights?” section below.

What legal bases do we rely on to process your personal data?

We rely on the following legal bases to process your personal data, depending on the type of data and the purposes of data processing:

• Consent. We process your personal data if you have given us permission (i.e., consent) to use your personal data for a specific purpose.
• Performance of a Contract. We process your personal data when it is necessary to fulfill our contractual obligations to you, including providing our Services or at your request prior to entering into a contract with you.
• Legal Obligations. We process your personal data where it is necessary for compliance with our legal obligations, such as to cooperate with a law enforcement body or regulatory agency, exercise or defend our legal rights, or disclose your information as evidence in litigation in which we are involved.
• Legitimate Interest. We process your personal data when we pursue our legitimate interests, except where such interests are overridden by the interests or fundamental rights and freedoms of data subjects.

When and with whom do we share your personal data?

Vendors, Consultants, and Other Third-Party Service Providers. We may share your data with third-party vendors, service providers, contractors, or agents (“third parties“) who perform services for us or on our behalf and require access to such information to do that work. We have contracts in place with our third parties, which are designed to help safeguard your personal data. This means that they cannot do anything with your personal data unless we have instructed them to do it. They will also not share your personal information with any organization apart from us unless we have authorized them to do so. They also commit to protect your data they hold on our behalf and to retain it for the period we instruct.

The list of third parties we may share personal information with are as follows:

• Google Ireland Limited (https://www.google.com/) to authorize you to the Services if you choose to log in with your Google account, to provide you with personalized ads, and to improve the Services. Data processed for the provision of personalized ads: list of the Services, product offering, pricing structure, website pages. Data processed for improving the Services is described at https://support.google.com/analytics/answer/11593727. Google privacy policy: https://policies.google.com/privacy?hl=en. You can disable the use of Google Analytics on our and other websites and in our Services by following this link: https://tools.google.com/dlpage/gaoptout.
• Meta Platforms, Inc. (https://www.meta.com/) to authorize you to the Services if you choose to log in with your Facebook account, and to provide you with personalized ads on Facebook and Instagram. Data processed for the provision of personalized ads: list of the Services, product offering, pricing structure, website pages. Meta privacy policy: https://www.facebook.com/privacy/policy/.
• EMEA SARL (https://aws.amazon.com/) to store your data in AWS Cognito and AWS Dynamo DB. Amazon Web Services privacy policy: https://aws.amazon.com/privacy/.
• Stripe, Inc. (https://stripe.com/) to enable payments if you make purchases. Processed data: your payment instrument number, and the security code associated with your payment instrument. Stripe privacy policy: https://stripe.com/privacy.
• Azure OpenAI Service by Microsoft Corporation (https://azure.microsoft.com/en-us/products/ai-services/openai-service-b) to enable you with AI-driven features of the Services, to customize AI-powered content to your business and to fine-tune and tailor AI models to get AI-driven content of better quality. Processed data: data provided by you to the Services. Information about data processing by Azure OpenAI Service: https://learn.microsoft.com/en-us/legal/cognitive-services/openai/data-privacy. Microsoft Privacy Statement: https://privacy.microsoft.com/en-us/privacystatement.

Where do we process your data?

We are an international team, and we provide our Services all around the world.

Your data may be processed by our employees, who can only access your data through their job duties on a need-to-know basis. Some of our employees are located outside of the EU, the EEA, and Switzerland. If you have questions or want to know from which countries access may be possible, you can write us at the address below.

If you are in the EEA, the UK or Switzerland.

For data transfers to third countries, we always implement appropriate safeguards to ensure that your personal data always remains safe and that your rights are respected.

We can transfer your personal data to a third party in a third country only if:

• The country or the third party is recognized by the European Commission, by the Secretary of State (for the UK), by the Swiss Federal Council (for Switzerland), as providing adequate protection.
• A valid transfer mechanism is applied such as the modernized Standard Contractual Clauses issued by the European Commission, approved by the Information Commissioner (for the UK), by the Federal Data Protection and Information Commissioner (for Switzerland), and the supplementary measures are implemented, where necessary.
• The transfer has your explicit consent.
• The transfer is necessary for the performance of a contract with you or to take steps requested by you prior to entering into that contract.

If you wish to obtain a copy of the Standard Contractual Clauses used, please contact us at the address below.

To determine if a non-EU country has an adequate level of data protection, please visit https://commission.europa.eu/law/law-topic/data-protection/international-dimension-data-protection/adequacy-decisions_en.

Do we use cookies and other tracking technologies?

We use cookies and similar tracking technologies (like web beacons and pixels) to access or store information. Specific information about how we use such technologies and how you can refuse certain cookies is set out in our Cookie Notice.

How long do we keep your information?

We will only keep your personal data for as long as it is necessary for the declared purposes, unless a longer retention period is required or permitted by law (such as tax, accounting, or other legal requirements). No purpose will require us keeping your personal data for longer than three (3) months past the termination of your account.

When we have no ongoing legal obligations or legitimate interests to process your personal data, we will either delete or anonymize such data, or, if this is not possible (for example, because your personal data has been stored in backup archives), then we will securely store your personal data and isolate it from any further processing until deletion is possible.

How do we keep your information safe?

To protect your personal data, we take reasonable precautions and follow industry best practices to make sure it is not inappropriately lost, misused, accessed, disclosed, altered, or destroyed.

All the personal data we process is located within the EU and the United States on secure servers behind a firewall. No third parties have access to your personal data unless the law allows them to do so.

We have a data protection regime in place to oversee the effective and secure processing of your personal data.

What are your privacy rights?

In some countries and regions you may have certain rights in relation to your personal data under applicable data protection laws.

If you wish to exercise your rights with respect to your personal data, please contact us using the email address provided below. We will consider and act upon any request in accordance with applicable data protection laws. We may ask you to further confirm your identity and will respond to you within the time period specified by applicable data protection law. Please note that in certain cases stipulated by applicable data protection law, we may charge you reasonable fee for processing your request or refuse your request.

If you are in the EEA, the UK or Switzerland.

You are entitled to exercise the following rights in relation to your personal data:

• The right to obtain all your personal data we store (“Right of access”). In some cases, the right of access may be limited for technical reasons, including if the data has been anonymized and cannot be linked to any data subject.
• The right to completely delete your personal data (“Right to erasure” or “right to be forgotten”).
• The right to correct your personal data (“Right to rectification”).
• The right to impose restrictions on processing of your personal data (“Right to restriction”).
• The right to object to processing of your personal data (“Right to object”).
• The right to receive provided personal data in a structured, commonly used and machine-readable format and to transmit those data to another controller (“Right to data portability”).
• The right not to be subject to a decision based solely on automated processing, including profiling.
• The right to withdraw a consent where the data processing is based on the consent.
• The right to lodge a complaint with a data protection authority. You can find contact details of local data protection authorities here: https://edpb.europa.eu/about-edpb/about-edpb/members_en. If you are in the UK, please visit at https://ico.org.uk/make-a-complaint/data-protection-complaints/data-protection-complaints/. If you are in Switzerland, the contact details for the data protection authority are available here: https://www.edoeb.admin.ch/edoeb/en/home.html.

If you are in Brazil.

You are entitled to exercise the following rights in relation to your personal data:

• The right to obtain confirmation as to the existence of personal data processing.
• The right to access your personal data.
• The right to rectify incomplete, inaccurate or outdated data.
• The right to have unnecessary, excessive or noncompliant personal data anonymized, blocked or erased.
• The right to data portability.
• The right to have personal data processed under the data subject’s consent erased.
• The right to be informed about third parties with which your data has been shared.
• The right to be informed about the possibility to refuse providing personal data and the corresponding consequences.
• The right to withdraw your consent.
• The right to request a review of automated decisions that affect your interest and were solely based on automated processing of your personal data (the review does not need to be necessarily made by a natural person).

Withdrawing your consent.

If we rely on your consent to process your personal data, which may be explicit or implicit consent depending on the situation and the applicable law, you have the right to withdraw your consent at any time. Usually, you can withdraw your consent in the same way you provided it (for example, by changing your settings). Also, you can withdraw your consent by contacting us by using the email address provided below.

However, please note that this will not affect the lawfulness of the processing before its withdrawal nor, when applicable law allows, will it affect the processing of your personal information conducted in reliance on lawful processing grounds other than consent.

Opting out of marketing and promotional communications.

You can unsubscribe from our marketing and promotional communications at any time by contacting us using the email address provided below. You will then be removed from the marketing lists. However, we may still communicate with you — for example, to send you service-related messages that are necessary for the administration and use of your account, to respond to service requests, or for other non-marketing purposes.

Account Information

You may review, change, or terminate your account at any time.

If you would like to review or change the information in your account or terminate your account, you can log in to your account settings and update your user account.

Upon your request to terminate your account, we will deactivate or delete your account and information from our active databases. However, we may retain some information in our files to prevent fraud, troubleshoot problems, assist with any investigations, enforce our legal terms and/or comply with applicable legal requirements.

Cookies and similar technologies.

Most web browsers are set to accept cookies by default. If you prefer, you can choose to set your browser to remove cookies and to reject cookies. If you choose to remove cookies or reject cookies, this could affect certain features or services of our Services.

Do California residents have specific privacy rights?

California Civil Code Section 1798.83, also known as the “Shine The Light” law, permits our users who are California residents to request and obtain from us, once a year and free of charge, information about categories of personal information (if any) we disclosed to third parties for direct marketing purposes and the names and addresses of all third parties with which we shared personal information in the immediately preceding calendar year. If you are a California resident and would like to make such a request, please submit your request in writing to us using the contact information provided below.

If you are under 18 years of age, reside in California, and have a registered account with Services, you have the right to request removal of unwanted data that you publicly post on the Services. To request removal of such data, please contact us using the contact information provided below and include the email address associated with your account and a statement that you reside in California. We will make sure the data is not publicly displayed on the Services, but please be aware that the data may not be completely or comprehensively removed from all our systems (e.g., backups, etc.).

How can you contact us about this notice?

If you have questions or comments about this privacy notice, or if you wish to exercise any of your rights, or if you would like to contact our Data Protection Officer, you may email at privacy@inita.com or by post to:
Inita AG
Vordergasse 59
Schaffhausen 8200
Switzerland