Intact is the US subsidiary of Intact GmbH, which is headquartered in Austria. Our management structure and business processes cross borders. Some of our technological systems and databases are shared between our US and Austrian office. This means that our customer and employee data is transferred across borders.
Intact may from time to time handle personal information collected from individuals located within the European Union member countries and complies with the EU-US Privacy Shield Framework as set forth by the U.S. Department of Commerce regarding the collection, use, onward transfer and retention of personal information from European Union member countries. Intact has certified to the U.S. Department of Commerce that it adheres to the Privacy Shield Principles of:
- Accountability for onward transfer
- Data integrity and purpose limitation
- Recourse, enforcement, and liability
Intact is under the jurisdiction as well as the investigatory and enforcement powers of the US Federal Trade Commission and the Department of Transportation for purposes of the EU-US Privacy Shield Framework.
This Policy applies to all information collected by Intact from which an individual can be identified (“Personal Information”). The Personal Information we collect includes the Employee Information described below as well as certain information including names, email addresses, mailing and billing addresses, telephone and fax numbers, IP addresses, and transaction information collected from customers, potential customers and end-users of our products and services for sales, marketing, order fulfillment and order delivery purposes. Additionally, in our section on Online Information, we also discuss how we gather and use all information gathered online even if it is not Personal Information. Intact will not deviate from this Policy even if applicable national laws are less stringent than this Policy.
Excluding our Employee Information which is discussed below, we collect, process and use your Personal Information only as a part of our business relationship with you and your company, including contract and billing administration; product and service delivery; fulfilling our business obligations to our customers and resellers; communicating with customers and potential customers about marketing and technical information concerning our products and services; notifying our customers and potential customers regarding product launches and important events related to Intact; improving our website; and other related business activities of which you are informed of at the time your Personal Information is collected or as soon thereafter as practical.
Intact further collects personally identifiable information about individuals when such individuals specifically provide such information to us on a voluntary basis or while requesting information on our products or services. If you contact us by form on this website, by e-mail, telephone, or any other communication channel (e.g. SMS, messenger services, etc.), your personal and other data provided will be stored and processed for the purpose of processing your inquiry and follow-up questions. We may disclose Personal Information to our agents, resellers, and business partners or to protect and defend the rights or property of Intact. Intact must reply to lawful requests from public authorities, including to meet national security or law enforcement requirements, for disclosure of Personal Information.
Your personal data will also be processed on our behalf by our service providers (contract processors). These contractors are in particular providers of marketing tools, IT service providers, providers of other tools and software solutions, IT maintenance services and other providers of similar services. All our contractors process your data only on our behalf and on the basis of our instructions for the purposes described in each case.
In general, you may visit our website without providing any Personal Information. However, you may choose to provide us with Personal Information by subscribing to Intact’s newsletter. For this, we require your e-mail address and your consent to receive our newsletter. All other personal information is optional. For more detailed information, please refer to the Declaration of Consent—Newsletter Subscription. Intact will only use your Personal Information in accordance with the terms of this Policy.
We would like to inform you that our website contains links to other websites and social media sites. If you leave our website via one of these links, please note that you are also leaving the scope of this data protection declaration. Your visit to third-party websites and social media sites is subject to their own data protection guidelines, which are outside our area of responsibility.
Please note that we do not take any responsibility or liability for websites of third parties and their contents.
If you wish to block or delete cookies, you can make these changes in your browser settings. The procedures for managing and deleting cookies vary from browser to browser. To find out how you can manage cookies in a particular browser, please use the help function integrated into the browser. Alternatively, you can also search for instructions on the www.allaboutcookies.org website. It explains step by step how to manage and delete cookies in most popular browsers.
Our website uses functions of the web analysis service Google Analytics of Google LLC, 1600 Amphitheatre Pkwy, Mountain View, CA 94043, USA (“Google”). Cookies are used for this purpose, which enables an analysis of the use of the website by its users. The information generated in this way is transferred to the provider’s server and stored there. You can prevent this by setting your browser so that no cookies are stored. Please see the Cookies section for more information.
We have concluded a corresponding data processing contract with the provider. Your IP address is recorded but pseudonymized immediately by deleting the last 8 digits. This means that only a rough localization is possible and that we have no access to your full IP address.
Please note that the cookies set, and tracking carried out by Google is not under our control. For further information, please view the privacy policies of Google.
We collect Employee Information from prospective and present Employees only for legitimate business purposes, including (1) the management and operations of our company, its functions and activities, (2) Employee communications, including Employee surveys, (3) maintaining a global directory, (4) carrying out obligations under employment contracts and employment, tax and benefits laws, and in connection with other working relationships or arrangements, (5) development and training programs, (6) recruiting and hiring job applicants, (7) assessing qualifications and performance, (8) performing background checks and verifying references, (9) managing Employee performance, (10) determining Employee compensation or payment, (11) managing the Employee termination process, and (12) other general human resources purposes. Our European Union Employees at the time of their employment are notified in detail how their Personal Information will be used. Employee information on health, performance evaluations, and disciplinary actions and other sensitive Employee matters, whether it is stored manually or electronically, is accessible by other Intact Employees only if necessary with respect to legitimate human resource functions or issues. Intact will obtain affirmative consent from an Employee before using such Employee’s Personal Information for any purpose other than described above. Employees may decline to provide this consent, and Employees may withdraw their consent at any time.
For legitimate human resources purposes, Employees may choose to voluntarily disclose Personal Information about family members. If our Employees choose to do this, their family member’s Personal Information shall be treated, for the purposes of this Policy, the same as an Employee’s Personal Information. Employee Personal Information is never sold, leased, or rented to any third party. Employee Personal Information will never be disclosed to third parties except as follows: (1) to those retained by Intact as agents for the purposes set forth in the paragraph above, (2) where required pursuant to an applicable law, governmental or judicial order, law or regulation, or to protect the rights or property of Intact, (3) where authorized in writing by the Employee, and (4) where the Employee voluntarily provides Personal Information and the context makes it clear that such information will be provided to a third party.
Where personal data is transferred from the EU to the US in the context of the employment relationship, we will cooperate in investigations by and to comply with the advice of the competent EU Authorities, as applicable.
We will always give you an opportunity to choose opt-out before your Personal Information is (1) disclosed to a third party (other than an Intact agent doing work at our direction), or (2) to be used for a purpose that is materially different than that for which it was originally collected or subsequently authorized by you. Although we do not ever anticipate providing sensitive Personal Information, such as Employee health information, to a non-agent third party or using it for a purpose other than that for which it was collected, we will never do so without first allowing the individual involved to affirmatively and expressly consent (opt-in) to such transfer or use. The only exception to this choice for both sensitive and non-sensitive Personal Information would be where we are required to disclose your Personal Information pursuant to a governmental or judicial order, law or regulation to meet national security or law enforcement requirements.
At a minimum, you will always be able to opt-out from receiving marketing materials from Intact. Where applicable law requires that more stringent requirements (opt-in) be applied before you receive marketing material or other communications from us, we will implement the same.
Accountability for Onward Transfer
As a global organization, we may transfer your Personal Information to our headquarters in Austria, or to third-party business partners, providers, vendors, or contractors, that are located inside or outside of the EU, for purposes described in the section “Notice” above.
We will perform any cross-borders transfer in compliance with applicable privacy and data protection regulations, including the European Union’s General Data Protection Regulation (“GDPR”). We rely on the EU-US Privacy Shield bases to lawfully transfer personal data around the world. We will not transfer Personal Information originating in the EU to third parties unless such third parties have entered into an agreement in writing with us requiring them to provide at least the same level of privacy protection to your Personal Information as required by the Principles of the EU-US Privacy Shield Framework. We will only transfer data to our agents, resellers or third-party service providers (such as accountants, attorneys, consultants, and other service providers) who need the information in order to provide services to or perform activities on behalf of Intact, including in connection with the delivery of services or products, Intact’ management, administration, or legal responsibilities. We acknowledge our liability for such data transfers to third parties.
To protect Personal Information collected and stored by Intact, we have in place reasonable and appropriate technical and operational security measures to prevent Personal Information from loss, misuse, unauthorized access, disclosure, alteration, and destruction.
Data Integrity and Purpose Limitation
We will only collect and retain Personal Information which is relevant to the purposes for which the information is collected, and we will not use it in a way that is incompatible with such purposes unless such use has been subsequently authorized by you. We will take reasonable steps to ensure that Personal Information is reliable for its intended use, accurate, complete, and current. We may occasionally contact you to determine that your data is still accurate and current.
We only store your personal data for as long as we need it to fulfill the respective purposes and our contractual or legal obligations. When we no longer need your personal data, we delete it from our systems and records or make it anonymous so that you can no longer be identified. Anonymized/pseudonymized usage data that we collect as part of the web analysis of this website is retained for 26 months.
Access and Other Rights
You have the right to access, free of charge, obtain a paper or electronic copy, review, correct and update all your Personal Information stored by us, notably to confirm its accuracy. Subject to any relevant legal requirements and exemptions, you may also oppose or limit the processing of your Personal Information or request that certain of your Personal Information be deleted from our files.
Employees may review their personnel files and any Personal Information concerning them upon request as set forth in the Contact Section.
We will make reasonable efforts to comply with the aforementioned requests, unless such requests are prohibited by law, or there is a legitimate purpose to retain your Personal Information, in which case we will inform you without undue delay. We reserve the right to verify your identity before any request relating to your Personal Information processed by us. Please direct any questions about your Personal Information using the contact details provided below.
You have a right to information about the personal data we process about you. In addition, you have the right to have incorrect data corrected and your data deleted (“right to be forgotten”). You may also revoke your consent to the processing of personal data with future effect if the processing is based on your consent. You may also have a right to restrict the processing of your data and to have the data you provide disclosed in a structured, common, and machine-readable format (“data transferability”).
Recourse, Enforcement, and Liability
Since we are committed to protecting your privacy as set forth in this Policy, if you think we are not in compliance with our Policy, or if you have any question or if you wish to take any other action concerning this Policy or your Personal Information, we encourage you to contact us using the contact details provided below. We will investigate your complaint, take appropriate action and report back to you within 45 days.
If the Personal Information in question was transferred from the EU to the United States, and you are not satisfied with our response, we have further committed to refer unresolved Privacy Shield complaints to the International Centre for Dispute Resolution-American Arbitration Association (ICDR-AAA) Program, an alternative dispute resolution provider located in the United States. If you do not receive timely acknowledgment of your complaint from us, or if we have not addressed your complaint to your satisfaction, please contact or visit http://info.adr.org/safeharbor for more information or to file a complaint.
Additionally, with respect to complaints concerning human resources data and non-human resource data that is transferred from the EU, we have agreed to participate in the dispute resolution procedures of the EU Data Protection Authorities. Intact will cooperate with the appropriate EU Data Protection Authorities during investigation and resolution of complaints concerning human resources data and non-human resource data that is transferred from the EU to the United States brought under Privacy Shield. Complaints regarding the processing of human resources data and non-human resource data pertaining to EU citizens may be reported by the individual to the relevant Data Protection Authority.
These recourse mechanisms are available at no cost to you. Damages may be awarded in accordance with applicable law.
Under certain conditions, if you are not satisfied with the above recourse mechanism, you may be able to invoke binding arbitration.
If you have any question or would like to enquire about our privacy practices and this Policy, the use of your Personal Information, object to or restrict our use of your Personal Information or request deletion or correction of such Personal Information, please contact us at:
Intact US, Inc.
111 Mission St.
Santa Cruz, CA 95060
Attention: Peter Krainer
Phone: +43 664 34 29 312
Right to Change Policy
In general, changes will be made to this Policy to address new or modified laws, changes to EU-US Privacy Shield Framework or new or modified business procedures. However, we reserve the right to amend this Policy at any time. Appropriate notice will be given concerning such amendments.
Effective: September 5, 2018.