We store personal data about our employees, clients, vendors and other individuals for a variety of business purposes. This policy explains how we protect personal data and ensure that our employees and contractors understand the rules governing their use of personal data to which they have access in the course of their work.
Inbot. Inbot or “we” means, separately or together, Inbot, Inc. a Delaware Corporation; Inbot GmbH, a Germany Corporation; Inbot Oy, a Finland Corporation; and Inbot Oü, an Estonia Corporation.
Data subject. The individual Inbot is holding information about. This includes our vendors, vendor prospects, community members, employees and contractors.
Personal data. Information relating to identifiable individuals, including vendors, vendor prospects and their employees, community members, wallet users, current and former employees, contractors and other possible other parties.
Personal data we gather may include: person’s contact details, addresses, online profiles, IP addresses, job titles, nationality, country of residence, required KYC (Know Your Customer) information such as photos of the individual, passport or other official identifying documents, proof-of-address documents such as utility bills. Our systems may enhance this personal data with additional metadata such as tags and categories. In addition, we store any other data you may voluntarily upload to your account, including, but not limited to personal address books or metadata of emails, calls and calendars.
Sensitive personal data. Personal data about an individual's racial or ethnic origin, political opinions, religious or similar beliefs, trade union membership (or non-membership), physical or mental health or condition, criminal offences, or related proceedings.
We do not collect or store any sensitive personal data.
This policy applies to all employees and contractors of Inbot. Our employees and contractors must be familiar with this policy and comply with its terms. We may supplement or amend this policy by additional policies and guidelines from time to time.
Inbot is a startup company and is therefore not required to appoint a separate DPO (Data Protection Officer). All of our team members and the leadership will take all reasonable steps to protect the data that is trusted with us.
We will also periodically audit our systems and processes to find possible gaps in our security policies. We will also require our suppliers to comply with data protection regulations such as GDPR.
Our customers and members can inquire about our data protection policies any time by emailing us at firstname.lastname@example.org.
Fair and lawful processing. We must process personal data fairly and lawfully in accordance with individuals’ rights. This generally means that we should not process personal data unless the individual whose details we are processing has consented to this happening.
The processing of all data must be:
Justification for personal data. We will process personal data in compliance with all eight data protection principles:
We will document any additional justification for the processing of sensitive data that might be conceived in the future.
We will ensure that any personal data we process for our data subjects is accurate, adequate, relevant and not excessive, given the purpose for which it was obtained. We will not process personal data obtained for one purpose for any unconnected purpose unless the individual concerned has agreed to this or would otherwise reasonably expect this.
Data subjects may ask that we correct inaccurate personal data relating to them. If you believe that your information is inaccurate, you should inform us at email@example.com.
We will conduct regular data audits to manage and mitigate risks. These audits include information on what data is held, where it is stored, how it is used, who is responsible and any further regulations or retention timescales that may be relevant.
Some data that we collect is subject to active consent by the data subject. This consent can be revoked at any time. We only use data that is necessary for the purposes of legitimate interests pursued by us, except where such interests are overridden by the interests, rights or freedoms of the data subject. This includes the performance of a contract with the data subject or taking the steps to enter into a contract, as well as to protect the vital interests of a data subject or another person.
Exemptions. Certain data may be exempted from the provisions of the GDPR or legally required from us without the explicit consent of the data subject. This includes, but is not limited to: