GDPR Statement

General Data Protection Regulation

This policy describes how Indr, Inc. collects and processes personal data with respect to data subjects covered by the EU General Data Protection Regulation. Depending on your geographic location, some parts of this statement may not apply to you. Except as described below, we are the data controller of personal data collected from our corporate website or our product website.  

Our U.S physical address is:

Indr, Inc.
4445 Eastgate Mall Suite #200
San Diego, CA 92121

Our GDPR representatives:

We have appointed the following representatives in Europe as required by European data protection legislation  For general privacy related issues you may reach us by emailing privacy@indr.com or submitting a request at http://indr.com/dsar 

EU Representative
Osano International Compliance Services Limited
ATTN: IKVT
3 Dublin Landings
North Wall Quay
Dublin 1
D01C4E0

UK Representative
Osano UK Compliance LTD
ATTN: IKVT
42-46 Fountain Street
Belfast
Antrim
BT1 – 5EF

GDPR Principles

The GDPR principles exist to aid companies to stay and remain within the boundaries of the regulation and understand its main objectives. Therefore, we comply with the contours and principles expressed to be the core of GDPR compliance, which are:

Lawfulness, fairness, and transparency. These first principles express the need to comply with the GDPR when required under this regulation due to our activities, as expressed in this Statement. We are to keep you as informed as possible regarding our GDPR compliance. 

Purpose Limitation. As is determined in the text of the GDPR, all purposes for data processing and collection must remain specific, explicit, and legitimate. The controller must use such collected personal data for the particular purposes for which you have consented to its collection and processing. 

Data minimization. We only collect the data which is necessary and relevant for our activities. The less personal information we collect or process, the better for every party involved.

Accuracy. We keep data as up-to-date as possible and try to ensure we erase inaccurate data or if we believe data is outdated.

Storage limitations.We keep personal information only as long as necessary for the purposes stated in our Privacy Policy.

Integrity and confidentiality. We protect and secure all personal data we store and process and have methods to anonymize personal data.

Accountability. We keep committed to recording our activities and strategies, proving compliance with the GDPR, and constantly reviewing and improving the management of personal data. 

Sources of Data Collection

We may collect information about you during your visit and when you use our website, app, and services. To give you more information on the sources of the data we collect from you, consider that we are doing so;

When you directly share it with us. We directly collect data from you when you voluntarily give it to us, such as when you register on the website or app, when you contact us, when you sign up for our services or our newsletter or promotional emails, or even when you give us information about yourself in person, by phone or text, or by email. 

Automatically through your use of our services, website, or other similar activities. Your personal information is collected automatically when you browse our site or app, even when you are not a registered user. For example, we gather information such as your IP address, which webpages you stay on and how long, and other user data and information about the device you use when on the website or app. 

From third-party sources. We may also gather personal information about you from third parties. We may receive personal information about you or your contacts if you register for our services or access our website through a social media account. The types of personal information we may receive from social media accounts will depend on your privacy settings in those accounts. We may also receive personal information about you from our partners and processors or from other third parties to whom you have given permission to share your information.

International Data Transfer Mechanisms

If we transfer your personal information from Europe to another country that is not deemed by the European Commission and/or UK Government, as applicable, to provide an adequate level of protection to personal information, that transfer will be performed subject to appropriate safeguards and otherwise in accordance with applicable European data protection legislation. For example, we may use specific appropriate safeguards, which are designed to give personal information effectively the same protection it has in Europe – such as standard-form contracts approved by relevant authorities for this purpose. Please contact us for further information about any such transfers or the specific safeguards applied.

Your Rights

European data protection legislation gives you certain rights regarding your personal information. If you are located within Europe, you may ask us to take the following actions in relation to your personal information that we hold

  • Access. Provide you with information about our processing of your personal information and give you access to your personal information.
  • Correct. Update or correct inaccuracies in your personal information.
  • Delete. Delete your personal information.
  • Transfer. Transfer a machine-readable copy of your personal information to you or a third party of your choice.
  • Restrict. Restrict the processing of your personal information.
  • Object. Object to our reliance on our legitimate interests as the basis of our processing of your personal information that impacts your rights.
  • Withdraw Consent. When we use your personal information based on your consent, you have the right to withdraw that consent at any time.  

 

Exercising These Rights.

You may submit requests by email to privacy@indr.com, using our intake form at http://indr.com/dsar, or our postal address provided above. We may request specific information from you to help us confirm your identity and process your request. Whether or not we are required to fulfill any request you make will depend on a number of factors (e.g., why and how we are processing your personal information), if we reject any request you may make (whether in whole or in part) we will let you know our grounds for doing so at the time, subject to any legal restrictions.  

Your Right to Lodge a Complaint with your Supervisory Authority

In addition to your rights outlined above, if you are not satisfied with our response to a request you make, or how we process your personal information, you can make a complaint to the data protection regulator in your habitual place of residence. 

For users in the European Economic Area – the contact information for the data protection regulator in your place of residence can be found here: https://edpb.europa.eu/about-edpb/board/members_en 

For users in the UK – the contact information for the UK data protection regulator is below:

The Information Commissioner’s Office
Water Lane, Wycliffe House
Wilmslow – Cheshire SK9 5AF
Tel. +44 303 123 1113 
Website:  https://ico.org.uk/make-a-complaint

For users in Switzerland – the contact information the Swiss data protection regulator can be found here: https://www.edoeb.admin.ch/edoeb/en/home/the-fdpic/contact.html  

Additionally, if you feel we have failed to address any of your requests regarding your personal data, you may have the right to lodge a complaint with a Data Protection Authority. Here is a list of the contacts for them: https://edpb.europa.eu/about-edpb/about-edpb/members_en   

Data Protection Officer

We have an appointed Data Protection Officer. You may contact them at:  

Data Protection Officer – Indr, Inc.
4445 Eastgate Mall Suite #200
San Diego, CA 92121
dpo@indr.com  

If you think the DPO is not the correct party to address for any questions or inquiries about this Statement contact us at our provided contact data above.

Sub-processors

To support delivery of our Services, Indr may engage and use data processors with access to certain Customer Data (each, a “Subprocessor”). This page provides important information about the identity, location and role of each Subprocessor. Indr currently uses third party Subprocessors to provide infrastructure services, and to help us provide customer support and email notifications. Prior to engaging any third party Subprocessor, Indr, Inc.  performs diligence to evaluate their privacy, security and confidentiality practices, and executes an agreement implementing its applicable obligations.
 

Sub-processor

Purpose

Data Location

Amazon Web Services

Hosting & Infrastructure

United States

Neo4j Aura

Cloud-based Graph Database

United States

Google, Inc

Cloud-based Email Service Provider

United States

HubSpot, Inc.

CRM & Marketing Platform

United States

Intercom, Inc.

Cloud-based Customer Support Services

United States

Slack Technologies

Cloud-based Team Chat Services

United States

Atlassian

Feedback Mgmt & Processing

United States