GDPR Compliance
Last updated: February 1, 2026
GDPR Compliant
Inteliworks is committed to protecting the privacy rights of individuals in the European Union and European Economic Area in accordance with the General Data Protection Regulation (GDPR).
Our Commitment to GDPR
The General Data Protection Regulation (GDPR) is a comprehensive data protection law that governs how organizations collect, use, and protect personal data of individuals in the EU/EEA. Inteliworks is fully committed to GDPR compliance.
This page explains how we comply with GDPR requirements and how we help our customers meet their own GDPR obligations.
1. Our Role Under GDPR
As a Data Controller
We act as a Data Controller for personal data we collect directly from you, including:
- Account registration information
- Billing and payment details
- Marketing communications preferences
- Website usage data and cookies
As a Data Processor
We act as a Data Processor for personal data you process through our Services, including:
- Data you input into AI agents
- Contact information of your customers
- Content processed through automated workflows
Our Data Processing Agreement governs our processing as a Processor.
2. Lawful Basis for Processing
We process personal data based on the following lawful bases:
| Processing Activity | Lawful Basis |
|---|---|
| Providing our Services | Contract Performance (Art. 6(1)(b)) |
| Processing payments | Contract Performance (Art. 6(1)(b)) |
| Sending service communications | Contract Performance (Art. 6(1)(b)) |
| Marketing to existing customers | Legitimate Interests (Art. 6(1)(f)) |
| Marketing to prospects | Consent (Art. 6(1)(a)) |
| Analytics and service improvement | Legitimate Interests (Art. 6(1)(f)) |
| Security and fraud prevention | Legitimate Interests (Art. 6(1)(f)) |
| Tax and legal compliance | Legal Obligation (Art. 6(1)(c)) |
3. Your GDPR Rights
Under GDPR, EU/EEA residents have the following rights regarding their personal data:
Right of Access (Art. 15)
You can request a copy of your personal data and information about how we process it.
Right to Rectification (Art. 16)
You can request correction of inaccurate or incomplete personal data.
Right to Erasure (Art. 17)
You can request deletion of your personal data in certain circumstances.
Right to Restrict Processing (Art. 18)
You can request limitation of how we process your data.
Right to Data Portability (Art. 20)
You can receive your data in a machine-readable format or have it transferred.
Right to Object (Art. 21)
You can object to processing based on legitimate interests or for direct marketing.
Withdraw Consent (Art. 7)
You can withdraw consent at any time for consent-based processing.
Automated Decision-Making (Art. 22)
You have rights related to automated decisions that significantly affect you.
4. How to Exercise Your Rights
You can exercise your GDPR rights by:
- Dashboard: Update or delete your data via your account settings
- Email: Contact privacy@inteliworks.io
- Data Request Form: Submit a request through our Privacy Request Form
We will respond to valid requests within 30 days (extendable by 60 days for complex requests). We may need to verify your identity before processing requests.
5. International Data Transfers
When we transfer personal data outside the EEA, we use appropriate safeguards:
- Standard Contractual Clauses (SCCs): EU Commission-approved contractual protections
- Data Processing Agreements: With all sub-processors
- Supplementary Measures: Technical and organizational measures including encryption
Our Data Processing Agreement includes the latest EU SCCs.
6. Data Security Measures
We implement comprehensive technical and organizational measures (TOMs) per GDPR Article 32:
- Encryption of data in transit (TLS 1.3) and at rest (AES-256)
- Role-based access control and least privilege principles
- Multi-factor authentication for all staff
- Regular security assessments and penetration testing
- 24/7 monitoring and incident response procedures
- Employee security training and confidentiality agreements
- Regular backup and disaster recovery testing
7. Data Breach Procedures
In the event of a personal data breach, we follow GDPR requirements:
- Document all breaches in our breach register
- Notify the relevant supervisory authority within 72 hours (when required)
- Notify affected individuals without undue delay (when required)
- Notify you (as our customer) of breaches affecting your data
- Implement measures to prevent recurrence
8. Data Protection Impact Assessments
We conduct Data Protection Impact Assessments (DPIAs) when:
- Implementing new features that process personal data
- Processing is likely to result in high risk to individuals
- Using new technologies or changing processing methods
- Processing special categories of data
9. Data Protection Officer
We have appointed a Data Protection Officer (DPO) to oversee our GDPR compliance:
- Email: dpo@inteliworks.io
- Address: Data Protection Officer, Inteliworks, Inc., 123 Innovation Drive, Wilmington, DE 19801, USA
10. Supervisory Authority
If you are not satisfied with how we handle your GDPR request, you have the right to lodge a complaint with a supervisory authority. You may contact:
- The supervisory authority in your EU member state
- Our lead supervisory authority (if applicable)
A list of EU supervisory authorities can be found on the European Data Protection Board website.
11. Helping You Comply
We provide tools and resources to help you meet your GDPR obligations:
- Data Export: Export your data in machine-readable formats
- Data Deletion: Delete user data and accounts
- Audit Logs: Track data access and processing activities
- DPA: Pre-signed Data Processing Agreement available
- Sub-processor List: Current list of sub-processors
- Security Documentation: Enterprise-grade security reports and security questionnaires