top of page

Data Processing Agreement

The following sets out the details of processing as required by Article 28 of GDPR.

 

We reserve the sole right at any time to modify, discontinue or terminate our services, or modify these terms without notice. It is your responsibility to check these terms periodically for changes. By continuing to use our services after we make and post any such modification, you agree to be legally bound by the revised terms. You may not alter these terms without our express written consent.
 

Please specify the purposes for which the Data Processor intends to process the Personal Data.

IntentPro provides dashboarding and intelligence on leads, sales, marketing and delivery data .

Its QuickAction feature allows users to save prompts and interact with Generative Ai models by uploading their own company data. 

 

Please specify the categories of data subject whose Personal Data shall be processed under this Agreement.

IntentPro: Client Visitors, Leads, Opportunities, Customers. Client marketing, sales, account management and delivery teams.

QuickAction: client company data

 

Please specify the categories of Personal Data that shall be processed under this Agreement.


IntentPro: Browser cookies, IP addresses, website interactions, first name, last name, company, job title, email, telephone, opportunity value, sales value, sales date, renewal information, delivery dates, other information pertained to sales, marketing, delivery and renewal information.

QuickAction: Company data as uploaded by clients as well as email recipient information.

 

Please record transfers of Personal Data outside of the EEA and/or the UK, recording the country and/or international organisation and, where applicable, please document suitable safeguards.


All our data is hosted within the European Union.
 

Please specify how long you think the Personal Data will be retained for, where possible.


Retention for pseudonymous identifiers (cookie and IP address) is expected to be 1-2 years.
 

Where possible, please describe the measures put in place under Article 32(1) GDPR.


IntentPro have implemented appropriate organisational measures through our Information Security policies/procedures and our Security and GDPR Awareness training programmes.

Data is only accessed over https, ensuring the data is encrypted in transit All data at rest is encrypted within the AWS RDS, using AWS KMS as our Key Management System.

Database backups are encrypted and geo-replicated to another data centre in the AWS availability zone. Inbound traffic is only permitted via an AWS WAF. Application logs are written to a central/auditable service. Access to the Database layer is only possible by our senior engineers through a secured client VPN.

We only use UK/EU based AWS Data Centres which are ISO27001 certified.


List the sub-processors who will process Personal Data.
 

Amazon Web Services (London – eu-west-2) 
Blenheim Chalcot IT Services PVT.LTD

Microsoft Azure (UK South) 
Retool, Inc. (EU-central-1 - Frankfurt, Germany)

 


 

bottom of page