Privacy Policy

1. Introduction

This policy applies to users of the Integrin platform and to individuals who interact with Integrin directly. It explains what personal data Integrin handles, why, and how long it is kept.

2. Who We Are

Integrin provides a compliance management platform used by organisations to manage regulatory and operational data.

In providing the platform, Integrin acts as a data processor for customer data. This means that customers control the data they upload and manage within the system.

Integrin acts as a data controller in relation to its own operational data, including user accounts, system access, communications, and platform security monitoring.

3. Personal Data We Collect

Integrin collects and processes a limited amount of personal data necessary to operate the platform.

This includes user account information such as name, email address, and contact details. It also includes system-generated data such as login activity, security and access logs, IP addresses, and audit records of user activity within the platform. This data is used to maintain the security and integrity of the platform and to support compliance and accountability obligations.

Customers may store business data within the platform that includes incidental personal data, such as contact details of individuals associated with business transactions. Integrin does not control this data and processes it only on behalf of the customer.

Where individuals submit enquiries through the Integrin website (including the contact form), Integrin collects the contact details and message content provided, solely in order to respond to the enquiry.

4. How We Use Personal Data

Personal data is used to provide and operate the platform, including managing user access, maintaining system security, and supporting the delivery of services.

System-generated data, including audit logs and IP addresses, is used to detect and prevent unauthorised access, ensure system integrity, and support troubleshooting and support activities.

Integrin does not use personal data for marketing purposes without consent and does not sell personal data.

5. Legal Basis for Processing

Integrin processes personal data on the basis of contractual necessity where it is required to provide access to the platform and deliver services to users.

In addition, Integrin processes certain data, such as system logs and security-related information, on the basis of legitimate interests, specifically to maintain the security, reliability, and integrity of the platform.

6. Data Sharing

Integrin does not share personal data with third parties except where necessary to provide the service.

This includes the use of service providers for infrastructure hosting and email delivery. These providers process data only on behalf of Integrin and are bound by data-protection obligations equivalent to those in the Integrin DPA.

Within the platform, data may be shared between users or organisations where this has been explicitly configured by the customer. Integrin does not control or determine such sharing and acts solely on the instructions of the customer in this regard.

7. Data Retention

Personal data is retained only for as long as necessary to provide the service and fulfil contractual and legal obligations.

User account data is retained for the duration of the user’s access to the platform, and for a reasonable period thereafter, in line with applicable legal, contractual, and accounting obligations.

Security and access logs, including IP address data, are retained for up to 90 days. This retention period supports security monitoring, incident investigation, and operational requirements. After this period, log data is deleted or anonymised.

Audit logs of user activity within the platform form part of customers’ compliance records, and are retained for the duration of the customer’s contract and for a reasonable period thereafter to meet compliance, legal, and contractual obligations.

Customer data is retained in accordance with the customer’s use of the platform. Upon termination of the service or deletion of a tenant environment, customer data is deleted from production systems within 30 days. Residual data contained within backups may be retained for a further period of up to 30 days, after which it is permanently deleted.

Backups are retained for up to 30 days for disaster recovery purposes and are automatically deleted thereafter. Where personal data is included within backups, it may persist for the duration of the applicable backup retention period before being permanently removed.

8. Data Security

Integrin implements appropriate technical and organisational measures to protect personal data.

These measures include access controls, authentication mechanisms, audit logging, and secure data transmission using industry-standard encryption protocols. The platform is hosted within European Union data centres.

Access to systems and data is restricted based on role and necessity, and internal processes are designed to support the principle of least privilege.

9. Your Rights

Individuals have the right to request access to personal data held about them, as well as the right to request correction or deletion of that data where applicable.

In addition, individuals have the right to request restriction of processing, to object to processing in certain circumstances, and to request the portability of their personal data where applicable.

Individuals also have the right to lodge a complaint with a supervisory authority. Integrin is established in Ireland, and the relevant supervisory authority is the Data Protection Commission.

Requests can be made by contacting Integrin directly. Integrin will respond within the timeframes required under applicable data protection laws.

Where Integrin acts as a processor, requests should be directed to the relevant customer organisation, which acts as the controller of the data.

10. Cookies and Similar Technologies

Integrin uses cookies and similar technologies only where necessary to operate the platform.

These include essential cookies required for authentication, session management, and secure access to the platform. These cookies do not track users for marketing purposes and are necessary for the functioning of the service.

Integrin does not currently use analytics or third-party tracking technologies on its platform or website. If this changes, the Privacy Policy will be updated and a consent mechanism put in place before any non-essential cookies or tracking are activated.

11. Automated Decision-Making

Integrin does not engage in automated decision-making that produces legal effects or similarly significant effects on individuals.

12. Children

The Integrin platform is not directed to, and is not intended for use by, individuals under the age of 16.

13. International Transfers

All primary data processing takes place within the European Union. Where sub-processors are subject to jurisdictions outside the European Union, appropriate safeguards are applied in accordance with applicable data protection laws, including standard contractual clauses or equivalent mechanisms.

14. Changes to this Policy

This Privacy Policy may be updated to reflect changes in the platform or legal requirements. Material changes will be notified to customers, and the current version is available on request from [email protected].

15. Contact

If you have any questions about this Privacy Policy or how personal data is handled, you can contact Integrin at [email protected].