Initia Systems Privacy Policy

1. Who We Are

Initia Systems Limited ("Initia", "we", "our", or "us") is committed to protecting and respecting your privacy. This Privacy Policy outlines how we collect, use, store, disclose, and safeguard your personal data when you use our website, communicate with us, or access our Governance, Risk, and Compliance (GRC) SaaS services (the "Services").

This policy applies to:

• •Website visitors ("Visitors")
• •Platform users, including Risk Admins and Item Owners, from customer organisations ("Users")
• •Prospective customers and marketing contacts

Initia Systems is incorporated in England and Wales, company number 15048221, with its principal office at 167-169 Great Portland Street, 5th Floor, London, W1W 5PF, United Kingdom. Our designated Data Protection Officer can be reached at privacy@initiasystems.com.

2. Information We Collect

We collect personal data when you:

• •Visit our website or use the Services
• •Submit forms (e.g. demo requests, contact us)
• •Use features within the Initia platform
• •Interact with us via social media or email

Types of Data Collected:

• •Identity Data: Name, job title, and company name
• •Contact Data: Email address and telephone number
• •Account Data: Login credentials, user role, and organisation ID
• •Technical Data: IP address, browser type/version, device ID, cookies, and analytics data
• •Usage Data: Platform activity, click behaviour, time on pages, module usage, and engagement levels
• •Marketing and Communication Data: Preferences, subscription status, and email interaction data

Sources of Collection:

• •Directly from you through web forms, registration, and communication
• •Automatically via cookies, logs, and tracking tools
• •Indirectly from third-party tools (e.g. Google Analytics, LinkedIn)

3. Legal Basis and How We Use Your Data

We process your personal data in accordance with the UK GDPR and other applicable laws. Depending on the context, we process your information to:

• •Provide and maintain access to the Initia platform and Services (contractual necessity)
• •Respond to your inquiries and support requests (legitimate interest)
• •Notify you about feature updates and usage alerts (legitimate interest)
• •Send marketing communications where consent has been given (consent or legitimate interest)
• •Fulfil legal and regulatory obligations (legal obligation)

4. Data Sharing and International Transfers

We do not sell your personal data. We may share your personal data with:

• •Trusted third-party providers for CRM, hosting, analytics, and marketing
• •Legal authorities when required to comply with law
• •Professional advisors such as legal or financial consultants

International Data Transfers: Some providers (e.g. AWS, Google, HubSpot) may store or process data outside the UK/EU. When transfers occur, we use appropriate safeguards like Standard Contractual Clauses (SCCs) or UK adequacy mechanisms.

5. Your Rights

You have the following rights under data protection laws:

• •Access the personal data we hold about you
• •Rectify inaccurate or incomplete information
• •Request deletion of your data ("right to be forgotten")
• •Restrict or object to processing
• •Withdraw your marketing consent at any time
• •Request data portability (structured, machine-readable format)

To exercise these rights, contact us at privacy@initiasystems.com. We may request verification to confirm your identity.

6. Data Retention

We retain data only as long as necessary for the purposes outlined:

• •Platform data: duration of contract plus 12 months
• •Marketing data: until opt-out or inactivity
• •Cookies and analytics data: as outlined in our Cookie Policy

7. Security Measures

We implement strong technical and organisational measures to safeguard personal data, including:

• •TLS encryption for data in transit
• •AES-256 encryption for data at rest
• •Role-based access control (RBAC)
• •Continuous logging and activity monitoring

8. Cookies and Tracking

We use cookies and similar technologies to:

• •Support essential platform functionality
• •Improve your browsing and app experience
• •Monitor usage and feature interaction
• •Support tailored marketing initiatives

Cookie preferences can be managed via your browser settings. For full details, refer to our Cookie Policy.

9. Marketing and Communication Preferences

We may contact you with updates, feature announcements, or promotions:

• •Only where you have provided opt-in consent or where a legitimate interest applies
• •You can unsubscribe at any time via link or by contacting privacy@initiasystems.com

10. Children's Data

Initia does not knowingly collect data from individuals under the age of 13. Our Services are not designed for children.

11. Changes to This Policy

We may periodically update this Privacy Policy. Material changes will be communicated via email or in-app notifications. Continued use of our Services after changes implies your agreement with the updated terms.

12. Complaints

If you have concerns about how we process your data, contact us at privacy@initiasystems.com. You also have the right to file a complaint with the UK Information Commissioner's Office (ICO):https://ico.org.uk