Privacy Policy

Learn how we collect, use and protect your personal information. This is our commitment to data security.

• EU, UK and Asia Policy
• U.S. Policy

Last Updated: October, 2024

Who are we?

Imbox Protection A/S, business reg. no. 32941060, Ved Skoven 54, 8541 Skødstrup, Denmark (”Imbox”, ”we” or ”us”) is the data controller responsible for the processing of your personal data as described in this privacy policy.

If you have any questions regarding this privacy policy or our processing of your personal data in general, you may contact us at support@imboxprotection.com.

We process your personal data

We process personal data for various purposes, which you can read more about in this privacy policy.

We only disclose your personal data when necessary to comply with the purposes for which the personal data was collected or if it is necessary to comply with our legal obligations.

Business partner and customer contact persons

As part of the company’s day-to-day business operations, we process the following categories of personal data regarding business partner and customer contact persons or if you contact us through our website or by email for business opportunity purposes. The processing activities are related to sales, handling of ongoing customer relationships, service, support, events, etc.

• Ordinary personal data, including name, contact information, employer, position and other CRM-related personal data in accordance with art. 6(1)(f) of the GDPR.

To the extent necessary, we disclose your personal data to business partners, suppliers, etc., including subcontractors, freight companies, accountants and attorneys.

We process the above-mentioned personal data for as long as the business or customer relationship or opportunity exists or until the relevant contact person is no longer employed by our business partner, customer, etc. Personal data registered in connection with sales, delivery, invoicing, etc., are stored for five (5) years after the end of the relevant financial year.

Users of our website

We process your personal data if you give your consent to cookies. The purpose of the processing is to manage and develop our website and market our products and services to you. Depending on which cookie you consent to when you enter our website, we may process the following categories of personal data about you:

• Ordinary personal data, including IP address, which pages you visit on our website in accordance with art. 6(1)(a) of the GDPR.

If you consent to third-party cookies, we share information about your visit to our website with these third parties for statistical purposes, to improve our website, measure our marketing efficiency and to target marketing.

Learn more about cookies in our [cookie policy].

The retention period for our processing of your personal data depends on which cookie categories you consent to.

Interaction on social media

We process your personal data if you follow Imbox, correspond with Imbox or like Imbox posts on social media, e.g. on Facebook or LinkedIn. The processing activities are for statistical and marketing purposes and include the following categories of personal data:

• Ordinary personal data, including your IP address and social media profile information, in accordance with art. 6(1)(a) and (f) of the GDPR.

In connection with these processing activities, we are joint data controllers with the social media providers in accordance with art. 26 of the GDPR.

Applicants

We process your personal data if you apply for a job at Imbox. The purpose of the processing is to be able to access your application material for relevant or future vacancies. Depending on the personal data you provide in your application material, we process the following categories of personal data about you:

• Ordinary personal data that we receive in connection with your application, including name, contact information, employment history, education, competencies, photo etc., in accordance with art. 6(1)(b) and art. 6(1)(f) of the GDPR.
• Ordinary personal data that we may collect from public online media, including Facebook, LinkedIn etc., in accordance with art. 6(1)(b) and art. 6(1)(f) of the GDPR.
• Ordinary personal data that we may collect from your references or public authorities based on your consent in accordance with art. 6(1)(a) of the GDPR and section 8(2)(1) in the Danish Data Protection Act.
• Ordinary personal data that we may collect in connection with personality tests or similar tests based on your consent in accordance with art. 6(1)(a) of the GDPR.

Depending on the type of data you have provided in your application material, we may also process sensitive or confidential personal data, including the Danish civil registration number. If we process such personal data about you because you have provided such information in your application material without being asked to do so, we regard your submission of the application material as your consent to the processing of this information in connection with the recruitment process in accordance with art. 9(2)(a) of the GDPR and section 11(2)(2) in the Danish Data Protection Act.

If necessary, we may disclose your personal data to recruitment partners and test providers, operations and software suppliers and other data processors.

If your application leads to employment with us, we will generally store your personal data in accordance with our privacy policy for employees, after which the data is stored for up to five (5) years after termination of the employment.

If your application does not lead to employment with us, we will normally store your personal data until the recruitment process is complete, after which your personal data will be deleted.

We may request your consent to store your application for 12 months for the purpose of future vacancies. If so, we will request your consent in accordance with art. 6(1)(a) of the GDPR.

If you have submitted an unsolicited job application, we will store it until we have assessed the application and whether it is appropriate to store it with a view to possible subsequent employment. If we find that we have a purpose for storing your application, we will request your consent to store your application for 12 months, depending on the position you are applying for, in accordance with art. 6(1)(a) of the GDPR. Otherwise, we will delete your application when we have made the above assessment.

Under specific circumstances, we may store your personal data for a longer period of time in order to be able to defend ourselves against any potential legal claims in accordance with art. 6(1)(c) of the GDPR.

Withdrawal Of consent

If we process your personal data based on your consent, you may withdraw your consent at any time by contacting us as outlined above under clause 1.

If you withdraw your consent, it will not affect the legality of our processing of your personal data until the time you withdraw the consent.

Transfer of personal data to third countries

To the extent necessary to comply with the purposes of the processing of your personal data, we may transfer personal data to international organisations or companies established in countries outside the EU/EEA. We only perform such transfers if we have a sufficient legal basis for this, including, e.g.:

• If the European Commission has assessed that the security in the relevant third country is adequate in accordance with the nature of art. 45 of the GDPR;
• If other appropriate safeguards can be provided, including, e.g. the conclusion of the EU Commission’s standard contracts in accordance with the nature of art. 46 of the GDPR; or
• If one or more of the exceptions in art. 49 of the GDPR apply.
• SECURITY MEASURES

Your personal data security is a high priority to us, and our focus is therefore on processing your personal data in compliance with applicable data protection law.

To best protect your personal data, we continuously assess the risks that may be associated with our processing of your personal data. We pay particular attention to protecting your personal data against discrimination, identity theft, financial loss, loss of reputation and confidentiality.

In the event of a data breach that involves a high risk to your rights, we will notify you of the breach as soon as possible under the given circumstances.

Your rights

When we process your personal data, you have several rights in accordance with the GDPR. If you request to make use of your rights, you can contact us as described above under clause 1.

• Right of access. You are entitled to access and receive copies of the personal data we process about you.
• Right of rectification. If we process incorrect personal data about you, you are, to the same extent, entitled to rectification of any such incorrect personal data.
  In specific cases, you have the right to have the personal data we process about you deleted.
• Restriction of processing. In specific cases, you have the right to request that our processing of your personal data shall be limited to storage.
• Objection. In specific cases, you are entitled to object to our processing of your personal data.
• Data portability. In specific cases, you are entitled to receive your personal data in a structured, commonly used, and machine-readable format and to have such personal data readily transferred from one data controller to another.
• Avenues of complaint

You have the right to file a complaint to your local data protection authority or to the Danish Data Protection Agency if you are dissatisfied with the way in which we process your personal data. However, we hope that you will reach out to us first to find a solution.

The Danish Data Protection Agency’s contact information and information on how to file a complaint can be found at www.datatilsynet.dk.

Last Updated: October, 2024

Overview

This U.S. Privacy Policy (“Policy”) is designed to help you understand how we at Imbox Protection Inc., and our affiliates and subsidiaries (collectively, “Imbox”, “us”, “we”, or “our”) process your personal data, including the types of personal data we collect, how we use it, how and when it may be shared, and the rights and choices you have with respect to your personal data. It also explains how we communicate with you and how you can make requests or submit inquiries to us about your personal data.

Personal data is typically data that identifies an individual or relates to an identifiable individual. The definition of personal data (used interchangeably with “personal information”) depends on the applicable law based on your physical location. Only the definition that applies to your physical location will apply to you under this Policy.

We appreciate you taking the time to read this Policy and understand our data and privacy related practices.

This Policy applies to all personal data that we collect during any written, electronic, and oral communications online or offline when you:

• interact with our websites located at https://imboxprotection.com/, and any other websites, pages, mobile applications, features or content we own or operate that contain a link to this Policy (collectively, the “Site(s)”);
• interact with us on social media, including Facebook and LinkedIn;
• contact us about our products and services on behalf of a potential customer; and
• apply for a job at Imbox (collectively, the “Services”).

This Policy does not apply to you if you are located in the European Economic Area or the United Kingdom when your personal data is collected. Instead, please refer to our GDPR EU Privacy Policy above.

By continuing to use our Services, you acknowledge you have read and understand this Privacy Policy.  If you are not comfortable with any part of this Policy, please discontinue access or use of our Services.

We may make changes to this Policy from time to time. The “Last Updated” date provided above indicates the last time we made changes to this Policy.  We will notify you of any material changes to this Policy as required under the law.

1. Personal Data We Collect

We collect certain personal data about you and your use of our Services. The personal data that we collect depends on your interactions with us, and the choices you make.

Data You Voluntarily Provide to Us. We may collect your email address, name, and any other data you choose to provide when sign up for our marketing communications or seek information from us for other matters. Personal data that you provide by web forms will be used only for such purposes as are described at the point of collection. In addition to your contact information, we also collect data about your work history and education and other information provided on your resume when you apply for a job with us.

For more information about how we process data in connection with a Job Application, please refer to the “Job Applicant” section below.

Data We Automatically Collect. We may collect certain types of data automatically, such as when you interact with the Sites or use the Services. We may collect the following types of data automatically from you:

1. Usage Data. When you browse our Sites, we may automatically collect log data such as your web request, Internet Protocol (“IP”) address, browser type, domain names, referring and exit pages and URLs, pages viewed and the order of these page views, the date and time you access our servers, and other diagnostic data.
2. Device Information. When you use your desktop or mobile device to access our Services, we may be able to identify your device’s unique device identifier, MAC address, and operating system.
3. Location Information. When you use our Services, we may infer the approximate physical location and geographic regions of your device from your IP address.

For more information about the data we collect automatically and the choices you have, please see our Cookie Policy at the bottom of the website.

2. How We Use Your Personal Data

We use your personal data for the following business and commercial purposes, unless restricted by applicable law:

1. To Provide Our Services. We may use your personal data to provide you with our Services that you request, including providing you requested information about our products and services and managing ongoing customer relationships.
2. To Maintain Legal and Regulatory Compliance. Our Services are subject to certain laws and regulations which may require us to process your personal data. For example, we process your personal data to fulfill our business obligations, to manage risk as required under applicable laws and regulations, or to respond to requests by judicial process or governmental agency.
3. To Enforce Compliance with Our Agreements and Policies. We may process your personal data for compliance purposes, such as carrying out our obligations and enforcing our agreements or other legal rights.
4. To Detect and Prevent Fraud and Security Risks. We may process your personal data to help monitor, prevent and detect fraud and abusive use of our Services, monitor unauthorized access, enhance system security, and combat spam, malware, malicious activities or other security risks.
5. To Provide Marketing Communication. We may collect your email address or other electronic addresses that you voluntarily provide to us when you subscribe to our marketing communications. We will send you information on products, services and promotions. When you no longer wish to receive these marketing messages from us, you can opt out at any time by unsubscribing or following the instructions contained within such messages or contacting us via the methods specified in the “Contact Us” section below.
6. To Research and Develop Our Services. We may process your personal data and derive analytical and statistical data to better understand the way you use and interact with our Services. For instance, analyzing where, on which types of devices and how our Sites are used, how many visitors we receive, and where they click on the Sites may help us improve our existing Services and to build new Services. Please see our Cookie Policy at the bottom of the website for more information.
7. To Personalize Your Experience. We may process your personal data to personalize your experience. By personalization, we enable you to more easily interact with our Services across platforms and devices.
8. To Facilitate Corporate Acquisitions, Mergers, and Transactions. We may process any information regarding your account and your use of our Services as is necessary in the context of corporate acquisitions, mergers or other corporate transactions.
9. With Your Consent. For any other purpose disclosed to you prior to you providing us your personal data or which is reasonably necessary to provide the services or other related services requested, with your permission or upon your direction.

3. How We Disclose Your Personal Data

We may share personal data about you with third parties in the following circumstances:

1. Within Our Corporate Organization. We may share your personal data within our organization, such as with our subsidiaries, corporate affiliates, joint venturers, or other companies under common control with us, to provide you with the Services and to take actions based on your request.
2. With Our Service Providers. We may share your personal data with third-party service providers acting on our behalf to help us operate our Services. Service providers provide us with support services such as website hosting, data analytics, market consulting, and network maintenance. These third-party service providers may have access to or process your personal data for the purpose of providing services for us.
3. During Business Transaction or Other Asset Transfers. We may disclose and transfer information about you to buyers, service providers, advisors, potential transactional partners or other third parties in connection with the advisors, potential transactional partners or other third parties of a corporate transaction in which we are acquired by or merged with another company, or we sell, liquidate, or transfer all or a portion of our business or assets. By engaging with us or using our Services, you understand and agree to our assignment or transfer of rights to your personal data.
4. For Legal Compliance & Safety. We may access, preserve, and disclose information about you if we believe doing so is required or appropriate to (a) comply with law enforcement requests and legal processes, such as a court order or subpoena; (b) comply with requests from auditors, examiners or other regulators; (c) exercise, establish or defend our legal rights; or (d) protect your, our, or other’s rights, property or safety.
5. With Your Consent. We may share your personal data with other companies if you give us permission or direct us to share your information.

4. Job Applicants

We process your personal data if you apply for a job at Imbox. The purpose of the processing is to be able to access your application material for relevant or future vacancies. Depending on the personal data you provide in your application material, we process the following categories of personal data about you:

• Ordinary personal data that we receive in connection with your application, including name, contact information, employment history, education, competencies, photo etc.
• Ordinary personal data that we may collect from public online media, including Facebook, LinkedIn etc.
• Ordinary personal data that we may collect from your references or public authorities
• Ordinary personal data that we may collect in connection with personality tests or similar tests
• Information obtained through background checks conducted in accordance with applicable law

If necessary, we may disclose your personal data to recruitment partners and test providers, operations, and software suppliers and other data processors.

If your application leads to employment with us, we will generally store your personal data in accordance with our privacy policy for employees, after which the data is stored for up to five (5) years after termination of the employment.

If your application does not lead to employment with us, we will normally store your personal data until the recruitment process is complete, after which your personal data will be deleted unless retention is otherwise required under applicable law.

If you have submitted an unsolicited job application, we will store it until we have assessed the application and whether it is appropriate to store it with a view to possible subsequent employment.

If we find that we have a purpose for storing your application, we will request your consent to store your application for 12 months, depending on the position you are applying for. Otherwise, unless retention is required under applicable law, we will delete your application when we have made the above assessment. Under specific circumstances, we may store your personal data for a longer period of time in order to be able to defend ourselves against any potential legal claims.

5. How We Protect Your Personal Data

We follow generally accepted standards to protect the personal data submitted to us, both during transmission and once it is received. We maintain our Services and all associated information with technical, administrative, and physical safeguards to protect against the loss, unauthorized access, destruction, misuse, modification and improper disclosure of your personal data.

Unfortunately, no data transmission or storage system can be guaranteed to be 100% secure. We cannot guarantee the security of our databases or the databases of the third parties with which we may share such information, nor can we guarantee that the information you supply will not be intercepted while being transmitted over the internet. 

If you feel that the security of any account you might have with us has been compromised, you should contact us immediately as described in the “Contact Us” section.

6. Retention

We will retain your information for as long as needed to provide you Services or for other purposes stated in this Policy. We will cease to retain your personal data or remove the means by which the personal data can be associated with you as soon as it is reasonable to assume that such retention no longer serves the purpose for which the personal data was collected and is no longer necessary for legal or business purposes.

If you wish to delete your information or request that we no longer use your information to provide you services, please contact us as described in the “Contact Us” section. Please note that, we may still retain and use your information as necessary to comply with our legal obligations, resolve disputes, and enforce our agreements.

7. Your Privacy Choices

Marketing Communications. We offer you certain choices about how we communicate with you. To update your preferences, limit the communications you receive from us, please contact us as specified in the “Contact Us” section at the end of this Policy. Where provided by law, you may withdraw your consent previously provided to us, and we will apply your preferences going forward. You can also choose not to receive marketing communications from us by clicking on the unsubscribe link in our marketing content.

Managing Cookies. For more information about your choices regarding cookies, please refer to our Cookie Policy at the bottom at our website.

8. Children

Our Services are not directed to, and we do not knowingly collect personal data from, children under the age of 16. If you are under 16, please do not attempt to fill out our forms or send any personal data about yourself to us. If you are a parent or guardian and wish to review information collected from your child, or have that information modified or deleted, you may contact us via the method identified in the “Contact Us” section below.

If we become aware that a child under 16 has provided us with personal data, we will terminate the user’s access to our Service and take steps to delete such information from our systems, unless we have a legal obligation to keep it.

9. Additional Disclosure to California Residents

If you are a California resident, this section applies to you in addition to the rest of this Privacy Policy. The California Consumer Privacy Act, as amended by the California Privacy Rights Act (“California Privacy Laws”) requires us to disclose the following additional information related to our privacy practices.

Categories of Personal Data Collected, Used, and Disclosed

In the preceding 12 months, depending how you interact with our Services (excluding if you applied for a job with us), we may have collect the following categories of personal data (as defined under Cal. Civ. Code §1798.140(v)(1)):

• Identifiers, such as your name, unique personal identifier, email, or similar identifiers.
• Internet or other electronic network activity information, such as technical information, including the Internet protocol (IP) address used to connect your computer to the Internet, browser type and version, time zone setting, browser plug-in types and versions, operating system and platform, and information about your visit, including your browsing history, search history, the webpage visited before you came to our Sites, length of visit and number of page views, click-stream data, locale preferences, your mobile carrier, and system configuration information.

For more information about the personal data we collect and how we collect it, please refer to Section 1 above, “Personal Data We Collect.”

For more information about the business purposes for which we collect your personal data, please refer to Section 2 above, “How We Use Your Personal Data.”

For more information about the categories of third parties with whom we may share your personal data, please refer to Section 3 above, “How We Disclose Your Personal Data.”

We do not process any sensitive personal data to infer characteristics about you without your consent.

California Privacy Rights. California residents have the rights listed below. Please note, your rights in relation to your personal data are not absolute. Depending upon the circumstances, access to your rights under the applicable law may be denied: (a) when denial of the request is required or authorized by law; (b) when granting the request would have a negative impact on another's privacy; (c) to protect our rights and properties; (d) where the request is frivolous or vexatious, or for other reasons.

1. Right to Know/Access. You have the right to obtain a copy, or a list of categories of the personal data that we hold about you, as well as other supplementary information, such as the purposes of processing, and the entities to whom we disclose your personal data.
2. Right to Correct. You have the right to correct any of your personal data in our records and systems. You may request us to rectify, correct or update any of your personal data held by us that is inaccurate.
3. Right to Delete. Under certain circumstances, you may have the right to request that we delete the personal data that we hold about you. This right is not absolute, and we may refuse your right to delete if it is reasonably necessary for us to provide a service requested by you; to perform a contract between us; to maintain functionality and ensure security of our systems; to enable solely expected internal uses of your personal data; to exercise a right provided by law; to comply with a legal obligation, or if there are compelling legitimate grounds for keeping your personal data.
4. Right to Object to Automated Decision-Making. Upon issuance of regulations by the California Privacy Protection Agency, you will have the right not to be subject to a decision that is based on automated processing which significantly impacts your rights. No decision will be made by us about you on the basis of automated decision making which has a significant impact on you.
5. Right Against Discrimination. You have the right not to be discriminated against for exercising any of the rights described in this section. We will not discriminate against you for exercising your privacy rights.
6. Right to Opt Out of Selling/Sharing. You have the right to opt-out of: (i) the sale of your personal data; and (ii) the sharing of your personal data for targeted advertising. We do not sell or share your personal data. We rely on your consent to use your personal data for cross-contextual behavioral advertising. You can change your consent preferences under the Cookie Policy page. Please note that you may still receive generalized ads after opting out of targeted advertising.
7. Shine the Light. If you are a California resident, you have the right to ask us for a notice describing what, if any, categories of personal data we share with third parties or corporate affiliates for those third parties’ or corporate affiliates’ direct marketing purposes. That notice will identify the categories of personal data shared with third parties and used for direct marketing purposes and the name and address of the third parties that received such personal data.

Submitting a Request to Exercise Your Rights

In addition to methods provided above, you can assert your privacy rights by emailing us at support@imboxprotection.com. Please note that to protect your privacy and security, we must be able to verify your identity before we can process your request to exercise any of the privacy rights that you may be entitled to under the applicable law. We may conduct the verification process by email or phone, and we may ask you to provide information such as your name, contact information, and any additional relevant information based on your relationship with us. You may also use an authorized agent to submit a request to opt out on your behalf if you provide the authorized agent signed written permission to do so.

Job Applicants. If you applied for a job with us, in the preceding 12, months we may have collected the following categories of personal data (as defined under Cal. Civ. Code  §1798.140(v)(1)):

• Identifiers, such as your name, address, email address, phone number, IP address, social security number, tribal identification number, and Careers Sites account information
• Protected classifications, including gender, age, ethnic background, veteran status, and disability status
• Internet activity information, including IP address and the job postings you view and which you apply
• Professional or employment-related information, including your work history, skills, professional certifications and other information you provide on your resume/CV
• Education information, including the college(s) you attended, the degrees you have obtained, and your grade point average

We processed and disclosed this information as required to consider your application for employment. For more information about how this information was processed and to whom it was disclosed, please refer to the “Job Applicants” section of this Policy .

Do Not Track. Some Internet browsers, such as Internet Explorer, Firefox, and Safari, include the ability to transmit “Do Not Track” or “DNT” signals. Since uniform standards for “DNT” signals have not been adopted, our Site does not currently process or respond to “DNT” signals.

10. Contact Us

If you have any questions regarding this Privacy Policy or our processing of your personal data in general, you may contact us at support@imboxprotection.com or at 750 N State St., Office #149, Chicago, IL 60654.