Contact Us
Contact Us

Privacy Policy

Last Updated: August 19, 2025

Introduction

This Privacy Policy (“Policy”) explains how InData Labs Group Limited, together with its affiliates, subsidiaries, and entities under common ownership or control (collectively referred to as “InData Labs”, “we”, “us”, or “our”), collects, uses, discloses, and otherwise processes personal data in the course of our business activities. InData Labs acts as the data controller of your personal data.

We value your privacy and are committed to safeguarding your personal data. Please read this Policy carefully to understand how and why we process your data, and how you can exercise your data rights. We encourage you to review this Privacy Policy alongside any other privacy or fair processing notices we may provide on specific occasions. This will help ensure you are fully informed about how and why we process your personal data. Please note, this Policy is intended to complement not override those other notices.

Below is information about InData Labs as the data controller, including our contact details, as well as details of the relevant data protection supervisory authority in the Republic of Cyprus.

Data controller: InData Labs Group Limited, a company incorporated in the Republic of Cyprus under the registration number HE335507, with its registered office at Kyriakou Matsi 16, Eagle House, 10th Floor, Agioi Omologites, 1082 Nicosia, Cyprus.

For any privacy-related inquiries or concerns, you may contact our Data Protection Officer (DPO) at privacy@indatalabs.com or by post at the following address: Kyriakou Matsi 16, Eagle House, 10th Floor, Agioi Omologites, 1082 Nicosia, Cyprus.

Data Protection Authority: Office of the Commissioner for Personal Data Protection, Republic of Cyprus. Contact details are available here. However, if you have any concerns about how we handle your personal data, we kindly ask that you contact us first so we can address your concerns before you approach the Office of the Commissioner for Personal Data Protection.

  1. Information we collect
  2. Sources of personal data
  3. How we may use your personal data
  4. Purposes of use of your personal data
  5. Disclosures of your personal data and international transfers
  6. Data security
  7. Data retention
  8. Your data rights
  9. Information for U.S.-based residents
  10. Policy updates

1. Information we collect

We may collect personal data about you in a variety of ways, including:

  • When you use or interact with our website,
  • When you contact us by email, through our contact forms, or via social media,
  • When you subscribe to our newsletters or request reports,
  • When you participate in events or otherwise engage with us directly.

Categories of personal data

“Personal data” refers to any information relating to an identified or identifiable natural person. Below are the categories of personal data we may collect during our interactions with you. Please note that certain data elements may fall under more than one category:

  • Identifiers (e.g., name, alias, unique user or personal identifiers, IP address, email address),
  • Contact information (e.g., name, email address, phone number, and username),
  • Usage data and network activity (e.g., information about how you interact with our website, including browser type and version, plug-in details, and browsing behaviour),
  • Technical data (e.g., IP address, login credentials (e.g., for API access), browser and operating system details, time zone, and device characteristics),
  • Sensory data (e.g., audio, visual, or similar recordings, if you participate in a recorded call or meeting),
  • Inferences (e.g., information derived from other data we collect that may reflect preferences, characteristics, interests, or behaviour).

We do not collect any special categories of personal data, such as information regarding race, ethnicity, religious or philosophical beliefs, sexual orientation, political opinions, trade union membership, health, or biometric and genetic data. This website is not intended for children, and we do not knowingly collect personal data from minors.

2. Sources of personal data

We collect personal data from a variety of sources, depending on how you interact with us. These include:

  • Direct interactions: You may provide personal information directly by completing contact forms on our website, subscribing to newsletters, or communicating with us via email or other channels.
  • Automated technologies: When you visit our website, we may automatically collect certain technical and usage data (such as IP address, browser type, operating system, browsing actions, and interaction patterns). This data is gathered through cookies and similar technologies (such as pixel tags, HTML5, etc.).
  • Third-party sources: We may receive certain personal data from trusted third parties and platforms we integrate with, such as:
    • Analytics providers (e.g., Google Analytics),
    • Customer support or chat tools (e.g., Drift, Intercom),
    • Social media platforms (e.g., Facebook),
    • An artificial intelligence model called ChatGPT, which processes your chatbot questions to provide answers related to the services we offer.

3. How we may use your personal data

We will only process your personal data where we have a valid legal basis to do so, as permitted under applicable data protection laws. Most commonly, we rely on one or more of the following legal grounds:

  • Performance of a contract: Where the processing is necessary to enter into or fulfil a contract with you.
  • Legitimate interests: Where it is necessary for our legitimate business interests, and your interests and fundamental rights do not override those interests.
  • Legal or regulatory obligation: Where we are required to comply with a legal or regulatory obligation.

In general, we do not rely on consent as the legal basis for processing your personal data, except where explicitly required, such as for sending you direct marketing communications. You may withdraw your consent to such marketing communications at any time by following the opt-out instructions provided in our messages or by contacting us directly.

4. Purposes of use of your personal data

Below is an overview of the purposes for which we process your personal data, along with the corresponding lawful basis we rely on to ensure compliance with data protection regulations:

Purpose/Activity Examples of data Lawful basis for processing including basis of legitimate interest
To contact you when you have submitted a request via our Chatbot Aurora or the contact form at https://indatalabs.com/contacts; to respond to your specific inquiries regarding our services; to enhance our customer support and communication; and to provide tailored solutions and recommendations based on your request or issue.

 

 (a) Identity Data: name, title and company name

(b) Contact Data: email address, phone number.

 Legitimate interest (to respond to your inquiries and improve the effectiveness of our customer support and services),

Performance of a contract (where your request relates to information or actions required prior to entering into a contract with us).
To deliver promotional and marketing content via our website when you have subscribed to receive our blog newsletters. (a) Identity data: title and company name,

(b) Contact data: email address, phone number.

 Your consent
To provide you with relevant website content and assess its effectiveness when you choose to download our whitepapers.

 

 (a) Identity data: name, job title and company name,
(b) Contact data: email address, phone number;
(c) Usage and technical data.		 Legitimate interest (to understand how users interact with our products and services, improve and develop our offerings, support the growth of our business, and optimize our marketing strategies).

 
To leverage data analytics for enhancing our website, products and services, marketing efforts, customer relationships, and overall user experience. (a) Technical data;

(b) Usage data.

 

 Legitimate interest (to identify customer segments for our products and services, maintain and improve our website’s relevance, support business development, and guide our marketing strategy).

Use of your data for marketing purposes

We will only send you marketing communications if you have provided your explicit consent. You can withdraw your consent at any time by clicking the unsubscribe link in our emails or by contacting us directly.

Use of your data for new purposes

We will inform you, if we need to use your personal data for purposes other than those originally intended. We will clarify the legal basis for the new processing and ensure that the new purpose is compatible with the original one, or obtain your explicit consent where required.

Links to third-party websites

Our website may contain links to third-party websites, plug-ins, or applications. Clicking on these links or enabling such features may allow third parties to collect or share information about you. Please note that we do not control these third-party websites and are not responsible for their privacy practices. We encourage you to review the privacy policies of any external sites you visit.

Use of cookies

We use cookies and web analytics tools (such as Google Analytics) to understand how visitors use our website and to improve your experience. You can manage your cookie preferences through your browser settings or via our cookie consent tool. You can configure your browser to refuse all or some cookies, or to alert you when cookies are being set or accessed. Please note that if you disable or refuse cookies, some parts of our website may become inaccessible or may not function properly. For more details, please refer to our Cookie Policy.

Automated decision-making

We do not engage in any solely automated decision-making processes that produce legal or similarly significant effects. Should this change in the future, we will notify you and provide options for human review in compliance with data protection regulations.

5. Disclosures of your personal data and international transfers

We may share your personal data with trusted third parties when needed, for example, for the purposes outlined in this Policy. This may involve transferring your data outside the European Economic Area (EEA). Where such transfers occur, we ensure an adequate level of protection is in place by using appropriate safeguards, including:

  • Transfer to countries recognized by the European Commission as providing an adequate level of protection,
  • Standard Contractual Clauses (SCCs) approved by the European Commission,
  • Other lawful transfer mechanisms permitted by laws.

We require our third-party service providers to respect the confidentiality and security of your personal data and to process it only in accordance with our instructions and data protection regulations. They are not permitted to use your data for their own purposes.

6. Data security

We adhere to widely recognized standards to ensure the ongoing security and confidentiality of your personal data. We have implemented appropriate technical and organizational measures to protect your personal data from accidental loss, unauthorized access, alteration, disclosure, or misuse. Access to your data is limited to employees, agents, contractors, and other third parties who require it for legitimate business purposes and are bound by confidentiality obligations. In the event of a suspected personal data breach, we will promptly investigate and take all necessary actions as required under the data protection regulations. If the breach is likely to result in a risk to your rights and freedoms, we will notify the relevant supervisory authority within 72 hours of becoming aware of the breach. Where legally required, we will also inform you without undue delay to keep you informed of the nature of the breach and any measures you can take to protect yourself.

7. Data retention

We retain your personal data only for as long as necessary to fulfill the purposes for which it was collected, unless a longer retention period is required by law or necessary for the exercise or defense of legal claims. When determining the appropriate retention period, we consider factors such as the nature and sensitivity of the data, the potential risks associated with its processing, the purposes for which the data is used, and any applicable legal or regulatory obligations. Generally, we keep your data for the duration of our relationship with you and for as long as needed to comply with legal or contractual requirements. Once personal data is no longer necessary, we ensure it is securely deleted or anonymized. If you have any questions about our data retention practices, please contact us.

8. Your data rights

Under certain circumstances, and in accordance with applicable data protection regulations, you have the following rights regarding your personal data:

Right of access: You may make a written request for information we hold about you. We will provide a copy of the personal data to which you are entitled (i) free of charge, but may charge a reasonable fee, based on administrative costs, for any further copies you request and (ii) without undue delay, and at the latest within one month of receipt of your request. This period may be extended by two further months where requests are numerous or complex. We will provide you with information on action taken in response to the exercise of any of these rights. Where you make the request by electronic means, and unless otherwise requested by you, the information will be provided in a commonly used electronic form.

Right to rectification: Where you have requested the rectification of your personal data, we will inform certain recipients to whom that personal data have been disclosed, unless this proves impossible or involves disproportionate effort. We will also inform you about the recipients to whom the personal data has been disclosed, if you request it. We may need to verify the accuracy of the new information you provide.

Right to erasure (“right to be forgotten”): You can request deletion of your personal data where:

  • It’s no longer needed for the purpose it was collected,
  • You withdraw consent (where applicable),
  • You object to processing and there are no overriding legitimate grounds,
  • Your data was processed unlawfully, or
  • Deletion is required to comply with legal obligations.

Right to restrict processing: You can request temporary restriction of processing when:

  • You contest the accuracy of the data,
  • Processing is unlawful and you prefer restriction over erasure,
  • You have objected to processing and we are verifying legitimate grounds.

Where you have exercised your right to restrict processing of your personal data, we are permitted to store it but not further process it. We can only continue to process the personal data where:

  • You consent,
  • The processing is necessary for the exercise or defence of legal claims,
  • The processing is necessary for the protection of the rights of other individuals or legal persons, or
  • The processing is necessary for public interest reasons.

Right to object to the processing: You can object to:

  • Processing based on our legitimate interests, if it impacts your fundamental rights and freedoms,
  • Direct marketing (if applicable).

In such circumstances we must stop processing the personal data, unless we can demonstrate (i) compelling legitimate grounds for the processing which override your rights; or (ii) the processing is necessary for the defence of legal claims.

Where you have requested the erasure or restriction of your personal data, we must inform certain recipients to whom that personal data have been disclosed, unless this proves impossible or involves disproportionate effort. The following methods may be used to restrict processing the personal data: (i) temporarily moving the selected personal data to another processing system, (ii) making the selected personal data unavailable to other users, or (iii) temporarily removing the published personal data from a website (if applicable).

Right to data portability: Where you have requested to port your personal data that you have provided to us, we will provide it in a structured, commonly used and machine readable (i.e. electronic) format, and have the personal data transmitted to another data controller without hindrance. This right only applies where the processing is based on consent or necessary for the performance of a contract to which you are a party and has been carried out by automated means.

Right to withdraw your consent: Where we rely on your consent to process personal data, you may withdraw it at any time. This does not affect the lawfulness of processing carried out before the withdrawal. We’ll inform you if this limits our ability to provide certain services.

To exercise any of these rights, please contact us at privacy@indatalabs.com.

9. Information for U.S.-based residents

Pursuant to California Civil Code Section 1798.83 (“Shine the Light” law), California residents may request, once per calendar year, the following information regarding personal data disclosed to third parties for their direct marketing purposes during the prior calendar year:

  • List of the categories of personal information that were disclosed, and
  • List of the categories of third parties to whom such information was disclosed.

To submit a request, please contact us and clearly indicate that you are making a “California Shine the Light Request.”

Appeal Procedure

If your request remains unresolved, you have the right to appeal our decision within a reasonable timeframe by contacting us and stating clearly that you wish to submit an appeal. We will review your appeal and provide a written response within 60 days of receiving it, explaining any actions taken or the reasons for denying the appeal. If your appeal is denied, you may file a complaint with the relevant U.S. regulatory authority.

10. Policy updates

We may update this Privacy Policy at any time. The latest version will always be available on our website with the effective date noted below.