Privacy Policy

DPF Contact:

• Email: dpf@integral.com
• Phone: 650-424-4500

2.1 Information You Provide Directly

• Contact Information:Name, email address, phone number, fax number, postal address
• Professional Information:Company/organization name, job title, business contact details
• Account Information:Username, password, account preferences
• Identity Verification:National ID, passport, driving license, tax ID (where required by law, such as MiFID II)
• Employee Information:For Integral employees – employment details, salary information, emergency contacts, photo, marital status, bank details, ethnicity (self-identified), employment history
• Communications:Content of messages, emails, and other communications with us

2.2 Information Collected Automatically

• Device Information: IP address, browser type and version, device identifiers
• Usage Data: Pages visited, time spent on pages, click-through rates, referral sources
• Technical Data: Operating system, time zone settings, browser plug-in types
• Location Data: General geographic location based on IP address

2.3 Information from Third Parties

• Information from our business partners and service providers
• Data from employees or agents of our institutional customers (where we act as processor)
• Publicly available information from legitimate sources

3. HOW WE USE YOUR PERSONAL DATA

3.1 Purposes and Legal Bases

We process your personal data for the following purposes with the corresponding legal bases:

3.2 Legitimate Interests

Where we rely on legitimate interests, these include:

• Network and information security
• Fraud prevention and detection
• Business development and improvement of services
• Internal group administration
• Compliance with non-EU legal obligations

4.1 Categories of Recipients

• Integral Group Companies: We may share data with our subsidiaries and affiliates for the purposes described in this policy
• Service Providers: Third-party processors who provide IT, payment, marketing, and other business services
• Business Partners: Organizations we work with to provide joint services (with your consent where required)
• Professional Advisors: Lawyers, accountants, auditors, and other advisors
• Regulatory Authorities: Financial regulators, tax authorities, and other government bodies where required by law
• Law Enforcement: Police, courts, and other authorities when legally required

4.2 International Transfers

We may transfer your personal data outside the European Economic Area (EEA) to:

United States: Under adequacy decisions or appropriate safeguards (Standard Contractual Clauses)

Other Countries: Only where adequate protection is ensured through:

• • Adequacy decisions by the European Commission
  • Standard Contractual Clauses approved by the European Commission
  • Binding Corporate Rules (where applicable)
  • Other appropriate safeguards under GDPR Article 46

For copies of safeguards or further information about transfers, contact us at privacy@integral.com.

4.3 Accountability for Onward Transfer Principle

In the context of an onward transfer, Integral Development Corp. has responsibility for the processing of personal information it receives under the DPF and subsequently transfers to a third party acting as an agent on its behalf.  Integral Development Corp. remains liable under the DPF Principles if its agent processes such personal information in a manner inconsistent with the Principles, unless Integral Development Corp. proves that it is not responsible for the event giving rise to the damage.

Before transferring personal data to third parties, we:

• Provide Notice and Choice as described above
• Enter into a contract with the third party that provides the same level of protection as required by the DPF Principles
• Take reasonable and appropriate steps to ensure the third party effectively processes personal data in a manner consistent with our DPF obligations

Onward Transfer Requirements:

• We remain liable if third-party agents process personal data inconsistently with the DPF Principles, unless we prove we are not responsible for the event giving rise to the damage
• We conduct due diligence on potential transfer recipients
• We provide stop transfer procedures when we have knowledge that a recipient is processing personal data in a way contrary to the DPF Principles

4.4 Security Principle

We take reasonable and appropriate measures to protect personal data from:

• Loss
• Misuse
• Unauthorized access, disclosure, alteration, and destruction

Security Measures Include:

• Encryption of data in transit and at rest using industry-standard protocols
• Role-based access controls with multi-factor authentication
• Network security including firewalls, intrusion detection systems, and security monitoring
• Regular employee training on security awareness and data protection
• Incident response procedures for detecting, investigating, and responding to breaches
• Regular security assessments and compliance reviews
• Secure data centers with physical access controls
• Regular security audits and penetration testing

4.5 Data Integrity and Purpose Limitation Principle

We ensure that personal data is:

• Reliable for its intended use
• Accurate, complete, and current as necessary for the purposes for which it is used
• Limited to what is relevant for the purposes of processing

Data Quality Measures:

• Regular data accuracy reviews and updates
• Automated data validation processes
• User access to review and correct their personal data
• Data minimization practices
• Regular purging of outdated or unnecessary data

4.6 Access Principle 

We provide individuals with:

• Reasonable access to personal data about them that we hold
• The opportunity to correct, amend, or delete information that is inaccurate or has been processed in violation of the DPF Principles

Access Procedures:

• Submit requests to privacy@integral.com
• Include sufficient information to identify yourself and specify the data requested
• We respond within 30 days of receiving a complete request
• We may charge a reasonable fee for access that covers our costs
• We provide data in a readily understandable format

Limitations on Access

We may limit or deny access where:

• The burden or expense of providing access would be disproportionate to the risks to privacy
• The rights of persons other than the individual would be violated
• It is commercially proprietary information
• Access is otherwise restricted by law or regulation

4.7 Recourse, Enforcement and Liability Principle

We provide effective mechanisms for:

• Investigating and resolving individual complaints and disputes
• Verifying compliance with the DPF Principles
• Remedying problems arising out of failure to comply with the Principles

Internal Compliance:

• Annual DPF compliance reviews
• Employee training on DPF requirements
• Regular audits of data processing activities
• Documented procedures for handling complaints and breaches

5. HOW LONG WE KEEP YOUR PERSONAL DATA

6.1 Individual Rights

Individuals in the European Union, United Kingdom, and Switzerland have the following rights regarding their personal data under the EU GDPR, UK GDPR, and the Swiss FADP respectively:

• Right of Access: Obtain confirmation of processing and access to your personal data
• Right of Rectification: Correct inaccurate or incomplete data
• Right of Erasure: Request deletion of personal data in certain circumstances
• Right to Restrict Processing: Limit how we use your data in specific situations
• Right to Data Portability: Receive your data in a structured, machine-readable format
• Right to Object: Object to processing based on legitimate interests or for direct marketing
• Rights Related to Automated Decision-Making: Not to be subject to solely automated decisions with legal effects
• Right to Withdraw Consent: Where processing is based on consent, withdraw it at any time

6.2 Right to Opt Out

• For personal data received from the European Union, United Kingdom, or Switzerland under the Data Privacy Framework, Integral offers individuals the opportunity to choose (opt out) whether their personal data is (i) to be disclosed to a third party (other than a service provider acting on our behalf), or (ii) to be used for a purpose that is materially different from the purpose(s) for which it was originally collected or subsequently authorized by the individual.
• For sensitive personal information, we will obtain affirmative express consent (opt in) from individuals before disclosing such information to a third party or using it for a purpose other than those for which it was originally collected or subsequently authorized through the exercise of opt-in choice.
• To exercise your choice or opt-out, please contact us at privacy@integral.com

6.3 How to Exercise Your Rights

To exercise your rights:

• Email: privacy@integral.com
• Post: Data Protection Officer, Integral Development Corp., 380 Portage Ave, Palo Alto, CA 94306 USA
• We will respond to valid requests within one month (extendable by two months for complex requests)

6.4 Right to Complain

Supervisory Authorities:

7.1 What We Use

We use cookies, web beacons, and similar technologies for:

• Strictly Necessary: Essential for website functionality
• Performance: Analytics and site improvement
• Functional: Enhanced user experience and preferences
• Marketing: Targeted advertising and content

7.2 Managing Cookies

• Cookie Settings: Manage preferences via our Cookie Declaration at www.integral.com/cookie-declaration/
• Browser Settings: Configure your browser to block or delete cookies
• Opt-out Tools: Industry opt-out mechanisms for advertising cookies

For detailed cookie information, see our separate Cookie Policy

9.1 Special Categories of Personal Data

We do not generally process special categories of personal data (sensitive data) except for employee ethnicity data (self-identified, with explicit consent) or where necessary for legal requirements.

9.2 Children’s Data

Our services are not directed at children under 16. We do not knowingly collect personal data from children under 16 without appropriate parental consent.

10. CHANGES TO THIS POLICY

11.1 Automated Decision-Making

We may use automated systems for:

• Fraud Detection: Automated screening for security purposes
• Service Personalization: Algorithm-based content recommendations
• Risk Assessment: Automated compliance checks

You have the right to obtain human intervention and contest automated decisions that significantly affect you.

11.2 Profiling

We may create profiles based on your usage patterns to:

• Improve service delivery
• Provide personalized experiences
• Detect fraudulent activity

11.3 Third-Party Links

Our services may contain links to third-party websites. We are not responsible for their privacy practices. Please review their privacy policies separately.