Data Privacy

All the employee data collected through the Innential platform will be owned and accessible only by the respective company and can be requested from Innential at any point in time.

Data collection and usage

Innential collects the following data:

  • Email Address

  • Encrypted Password

  • First Name

  • Last Name

  • User’s role in the organization

  • User’s learning preferences - skills wanted

  • User’s skills (optional)

  • User’s learning content usage data - opens, reads, shares (optional)

  • User’s personal development goals (optional)

  • User’s feedback data - provided by colleagues (optional)

  • User’s association with a team (optional)

The collected data is used for providing the users within the organization with information about skills available and skills needed in the organization as well as to recommend individually to each user personalised - based on an algorithm, 3rd party learning content such as Articles, E-learning courses and Books from websites such as Medium, Udemy, Udacity, Amazon and other content platforms.

Third-party data sharing

Innential uses the following 3rd party services that involve data processing:

Hotjar (In-app analysis of user experience)

Company Address:

Hotjar Limited, Dragonara Business Centre, 5th Floor, Dragonara Road, Paceville St Julian's STJ 3141, Malta

Data we share with Hotjar:

  • Browsing information (visited sites, clicks)

  • Basic device and application information (Operating system type and version, browser type and version, screen size)

  • Organization name

Hotjar is GDPR compliant, and does not record sensitive data, such as text or numeric information visible on screen. If required by law, Hotjar will pass along the information to third parties.

Hotjar's DPA

Sentry (Technical error tracking and logging)

Company Address:

Functional Software, Inc. dba Sentry, 45 Fremont Street, 8th Floor, San Francisco, CA 94105, United States

Data we share with Sentry:

  • IP Address

  • Geolocation (based on the IP address)

  • Unique user ID on the platform

  • Basic device and application information (Operating system type and version, browser type and version)

Sentry is Privacy Shield certified, ensuring the European data protection law. If required by law, Sentry will pass along the information to third parties.

Sentry's DPA

Intercom (In-app chat and communication with users)

Company Address:

Intercom R&D Unlimited Company, 18-21 St. Stephen’s Green, Dublin 2, Ireland

Data we share with Intercom:

  • IP Address

  • Geolocation (based on the IP address)

  • Unique user ID on the platform

  • User email on the platform

  • Browsing information (visited sites)

  • Basic device and application information (Operating system type and version, browser type and version)

Intercom is Privacy Shield certified, ensuring the European data protection law. Intercom may transfer the data to certain third parties for the purposes of processing on behalf of Intercom, or if required to do so by law.

Intercom's DPA

Google Analytics (Analytics and tracking)

Company Address:

Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland

Data we share with Google:

  • IP Address (anonymized)

  • Geolocation (based on the IP address)

  • Organization name

  • Basic device and application information (Type of device, operating system type and version, browser type, and version)

Google is Privacy Shield certified, ensuring the European data protection law. Google may transfer the data to certain third parties for the purposes of the processing, or if required to do so by law. Google will not connect IP addresses of Innential users to other data stored by Google.

Google's DPA

Data storage

Digital Ocean

Company Address:

DigitalOcean LLC, 101 6th Ave, New York, NY 10013, United States

All data collected by Innential is stored in the Digital Ocean data center located in Frankfurt.

Innential staff uses two-factor authentication for accessing Digital Ocean accounts and has a limited number of employees with access to the production servers, that are trained in regards to data security.

DigitalOcean's DPA

Your rights

You have the following rights in regards to your personal information:

Access

You have the right to access information about the personal data we hold about you. This right of access includes the following information:

  • the purposes of the processing;

  • the categories of the personal data concerned;

  • the recipients or categories of recipients to whom the personal data have been or will be disclosed;

  • the envisaged data storage period or at least the criteria used to determine that period;

  • the existence of the right to rectification, erasure, restriction of processing or objection;

  • the right to lodge a complaint with a supervisory authority;

  • where the personal data are not collected from the data subject, any available information as to their source;

  • the existence of automated decision-making, including profiling, meaningful information about the logic involved, as well as the significance and the envisaged consequences of such processing.

Right to object to processing

You have the right to object to the processing of your personal data where that processing is being undertaken by us on the basis of our (or a third party’s) legitimate interest. In such a case we are required to cease processing your data unless we can demonstrate compelling grounds that override your objection. You also have the right to object at any time to the processing by us of your personal data for direct marketing purposes.

Rectification

You have the right to request that we rectify any inaccurate personal data that we hold about you.

Erasure

You have the right to request that we erase any personal data that we hold about you, based on one of a number of grounds, including the withdrawal of your consent (where our processing of that data is undertaken on the basis of your consent), or if you object to our continued processing (as mentioned above). This right does not extend to information which is not personal data. On request, we will delete the data within 30 days from when the request is received. We also reserve the right to retain your personal data in an anonymised form for statistical and benchmarking purposes.

Stored user data will be automatically deleted in case of expired contract within 6 months. During that period the data can be requested by the company and will be provided in a .json or .csv format

Request to restriction of processing

This enables you to ask us to restrict the processing of your personal data in certain circumstances, for example, if you want us to establish its accuracy or the reason for processing it.

Portability

You have the right to obtain copies of your personal data to enable you to reuse your personal data across different services and with different companies. You may also request that your personal data is transmitted directly to another organisation where this is technically feasible using our data processing systems.

Change of preferences

You can change your data processing preferences at any time. For example, if you have given your consent to direct marketing, but have changed your mind, you have the ability to opt-out of receiving marketing communications by emailing us at contact@innential.com