1. INCIVUS PRIVACY NOTICE OBJECTIVE

This privacy notice will tell you about what we collect and do with your personal information when you visit Incivus website or interact with us for various services or fill your personal information to contact us or wants to access our services where we process your personal information.

Incivus is a Creative Intelligence Platform for marketers. Incivus helps them power the success of their ads at scale, launch campaigns faster and maximize their ad spend. Using AI, we provide precise, objective and granular evaluation on all creative variables of an ad.

2. CONTROLLER’S CONTACT DETAILS

Incivus is the controller for the personal information which we collect and process through our website. If you want to exercise your data privacy rights and know about what information we hold about you.

You can contact us via E-mail

Email: dc@incivus.ai

3. HOW DO WE GET PERSONAL INFORMATION?

Most of the personal information we process is provided to us directly by you for one of the following reasons:

• You subscribe to our E-newsletter.
• You have made an information request to us via website.
• You have made a complaint or enquiry to us.
• You have downloaded our assets from the website like case studies, whitepapers etc.
• You have registered for our webinars, podcasts, events or other thought leadership initiatives.
• You have shared your contact details at past physical events and other networking opportunities.
• You have responded to us on our social handles like LinkedIn, Facebook, Twitter etc.
• You have filled out an inquiry form in our ads on online channels like LI, Google etc.
• You have reached out to us through the contact details shared on the website with enquiries or requests.
• We may collect your personal information from the public domains such as social media platforms or other public repositories of data as part of research project.
• We may collect your personal information from third parties, for further processing of personal information we have sent the consent request/ form to the individuals for their privacy rights.
• An employee of ours gives your contact details as an emergency contact or a reference.
• We may collect & share personal information with third parties to conduct engagement programs.
• We may collect your personal information internal engagement activities.
• We may collect your personal information as a part of Employee Personal File for HR & Admin records.
• We may collect your personal information for recruitment purpose.

If it is not disproportionate or prejudicial, we’ll contact you to let you know we are processing your personal information.

4. HOW WE COLLECT PERSONAL DATA

Incivus collects personal data directly from you via online forms or when you contact Incivus and we also collect personal data from the third parties, and we process that personal data on behalf of Data controller.

Data we collect includes:

• We may collect your contact information such as full name, company name, email address, postal address, and telephone number when you email or call us with an enquiry or an application for work.
• We may also collect your details from publicly available sources or purchase lists from suppliers operating within data protection regulations.
• When we conduct market research, we may collect additional information from you with your valid consent.
• We may process your information on behalf of our clients who have lawfully collected your information for the purpose of asking you whether you would like to participate in market research, consultancy projects, advisory boards, or events. This information may include your full name, job title, company name, email address, telephone number, postal address, and may also include information about your area of specialization or health status.
• Information you provide through online questionnaire or feedback forms.

5. PURPOSE FOR COLLECTING PERSONAL DATA

The personal information we collected would be used for the following purposes:

• We use personal data to provide you with information, you have requested or enquiries about our services and offerings.
• To send you newsletters, e-mails relating to participation in any of our events or surveys, our proprietary product-related information, promotional events.
• Use for conducting market surveys and research with your consent.
• To assess applications for jobs we have on offer.

6. REASONS WE MAY SHARE YOUR PERSONAL DATA

We may share your personal data:

• Within our company in order to manage and provide our services, and for other legitimate business purposes.
• As part of any re-organization, or merger of all or a portion of the Incivus Technologies.
• We will not sell or share your personal information to third parties for their own promotional or marketing purpose unless you give us consent to do so and permitted by applicable law.
• During services delivery as agreed in the contracts with adequate safety measures.

7. HOW TO CONTROL AND ACCESS YOUR PERSONAL DATA

You can access and control your personal data that Incivus holds from you by contacting or submitting a Data Subject Access Request (DSAR) form to the Incivus:

• If Incivus obtained your consent to use your personal data, you can withdraw that consent at any time.
• You can request access to, erasure of, and updates to your personal data.
• You have a right to ask for a copy of the information we hold on you at any time.
• You can also object to or restrict of personal data used for direct marketing purpose or we are performing a task in public interest or pursuing our legitimate interest.
• You opt out from receiving internet-based advertising from Incivus.
• You have the right to ask us to rectify information you think is inaccurate. You also have the right to ask us to complete information you think is incomplete.

8. OUR PRIVACY PRINCIPLES

We operate in multiple jurisdictions and to maintain global privacy posture and maximum legal compliance we have our privacy principles based on OECD guidelines, which also serves as founding principles for laws including however not limited to EU GDPR, UK DPA2018, CCPA, and proposed Indian privacy bill.

The OECD Privacy guidelines are high-level policy recommendations that can be used as a basis to develop a privacy protection framework with the flexibility to accommodate regional and local variations. Meanwhile, they also facilitate international interoperability for transborder flows of personal data. We at Incivus follow the following principles in our “Data Privacy & Protection” practices and our controls are regularly evaluated for:

• Collection Limitation Principle

There shall be limits to the collection of personal data and any such data should be obtained by lawful and fair means and, where appropriate, with the knowledge or consent of the data subject.

• Data Quality Principle

Personal data should be relevant to the purposes for which they are to be used, and, to the extent necessary for those purposes, should be accurate, complete and kept up to date.

• Purpose Specification Principle

The purposes for which personal data are collected should be specified not later than at the time of data collection and the subsequent use limited to the fulfilment of those purposes or such others as are not incompatible with those purposes and as are specified on each occasion of change of purpose.

• Use Limitation Principle

Personal data shall not be disclosed, made available or otherwise used for purposes other than those specified in accordance with (the Purpose Specification Principle) except:

a) with the consent of the data subject; or

b) by the authority of law.

• Security Safeguards Principle

Personal data should be protected by reasonable security safeguards against such risks as loss or unauthorized access, destruction, use, modification or disclosure of data.

• Openness Principle

There should be a general policy of openness about developments, practices and policies with respect to personal data. Means should be readily available of establishing the existence and nature of personal data, and the main purposes of their use, as well as the identity and usual residence of the data controller.

• Individual Participation Principle

An individual should have the right:

1. to obtain from a data controller, or otherwise, confirmation of whether or not the data controller has data relating to him.
2. To have communicated to him, data relating to him within a reasonable time at a charge, if any, that is not excessive; in a reasonable manner; and in a form that is readily intelligible to him.
3. To be given specific reasons if a request made under point (a) and (b) is denied, and to be able to challenge such denial.
4. To challenge data relating to him/her and, if the challenge is successful to have the data erased, rectified, completed or amended.

• Accountability Principle

A data controller should be accountable for complying with measures which give effect to the principles stated above.

9. DATA SUBJECT RIGHTS

Incivus provide their data subject to access their data subject rights provided as per their applicable laws by simply filling the DSAR form or by contacting to Incivus.

There are following rights provided to data subjects as per their applicable laws are:

Right to transparency: Incivus as a Data Controller use clear and plain language when informing data subjects about how their personal data will be processed. The information provided to data subject will be clear, concise, and transparent, and it will be provided to them in an easily accessible format.

Right to be informed: Data subject have the right to be informed. For example – About the fact that their data has been processed, the purpose for which it was processed and the identity of the controller. Incivus will provide this through a Data Protection Notice to their data subjects whose personal data is processing.

Right to access: Data Subjects have the right to receive information from Data Controllers on whether their personal data is processed by their contractor or processor, the purpose of this processing, the categories of data concerned and the recipients to whom their data are disclosed, the storage period, as well as the right to access this personal data.

Right to rectification: Data subjects have the right to rectify their data if it is inaccurate or incomplete.

Right to erasure / Right to be forgotten: Data subjects have the right to erase their data for example if their personal data is no longer needed by the Data Controller if they withdraw their consent or if the processing operation is unlawful.

Right to restrict the processing: Data subjects can ask the controller to restrict the data processing under certain circumstances, such as if they contest the accuracy of the processed data or if they are not sure if their data is lawfully processed.

Right to data portability: Data subjects have the right to obtain the data that the controller holds on them and to transfer it from one controller to another. Where technically possible, the controller has to do this directly.

Right to object: Data subjects can object, on compelling legitimate grounds, to the processing of data relating to them.

Rights not to be subject to automated decision making and profiling: Data subjects have the right not to be subject to a decision based solely on automated processing, including profiling, which results in legal consequences for them or significantly affects them in a similar way.

10. BROWSER BASED CONTROL

We use analytics and other similar technologies to analyze customer behavior, administer the website, track users’ movements, and to collect information about users. This is done in order to personalize and enhance your experience with us.

You can control the data stored by cookies and withdraw consent to cookies by using the browser-based cookie controls described in the Cookies section of this privacy statement. We may use cookies to determine whether your browser can accept a particular type of software, or to stop pop-up boxes appearing each time you visit our site. We may use cookies for other purposes in the future, as our site develops, and this statement will be amended to reflect any such changes.

We use cookies to process information that helps us to secure our website, as well as detect fraud and abuse.

We use cookies for the following purposes:

Analytics cookies: Used to track the use and performance of our website and services.

Web Beacons:

Cookies are not the only way to recognize or track visitors to a website. We may use other, similar technologies from time to time like web beacons (sometimes called “tracking pixels” or “clear gifs”). These are tiny graphics files that contain a unique identifier that enables us to recognize when someone has visited our website. This allows us, for example, to monitor the traffic patterns of visitors from one page within our website to another, to deliver or communicate with cookies, to understand whether you have come to our website from an online advertisement displayed on a third-party website, to improve site performance, and to measure the success of outbound marketing campaigns. In many instances, these technologies are reliant on cookies to function properly, and so declining cookies will impair their functioning.

11. LINKS TO OTHER WEBSITE

Where we provide links to websites of other organizations, this privacy notice does not cover how that organization processes their personal information. We encourage you to read the privacy notice on the other websites you visit.

[Version 1.0 Published on 21st January, 2022]