Last updated July 2020
How and why we collect data and covering your choices
INCA is a business which operates globally as part of the GroupM group of companies. In the European Economic Area (EEA) and Switzerland the INCA legal entity responsible for the data that Inca collects is GroupM UK Ltd. Outside of the EEA and Switzerland the responsible legal entity is GroupM LLC.
What information is collected and used by INCA?
We collect information that enables us to identify your browser and device and tell us which pages within our Website you visit and on which pages you spend the most time. We do this by using the following:
Is a small alphanumeric text file that we automatically assign to visitors to our website. It is stored in your browser and allows us to identify you. Sometimes a cookie resides on your device for just the single time you’re visiting our Website; this is called a session cookie. Sometimes a cookie remains on your device until you delete it or it expires automatically; this is called a persistent cookie. Both types of cookies are used on our Website.
Means Internet protocol address
Is a line of code that sits within our webpages and which we use to record that you have visited a particular page within our website.
We use some, or all, of this information to improve your website experience by delivering content that you are likely to prefer on future visits. Our lawful basis for this type of processing is that we have a legitimate interest in understanding and improving your experience of our Website.
If you don’t agree to us using cookies and the above information, you may prevent their use through your browser settings or you may choose to update your cookie preferences here. By choosing not to accept cookies, certain Website features may not work as we have intended.
Specific Cookie Types used by GroupM
Performance Analytics Tracking
This type of cookie provides aggregated information about where a user may go on the Website.
Google Analytics (persistent)
Google Analytics (session)
This cookie may appear as has_js. We do not retain this data as it is deleted upon closing of your browser, and therefore we cannot share it with any third parties.
Collection and Use of Contact Information
There are a few instances where we may collect your name and contact details (such as e-mail address, telephone number and postal address). But, we won’t collect this information without consent and never use it in online advertising placement. Examples where you might voluntarily provide your name and contact details include:
Responding to requests
We keep a record of information, including email address and other contact information, solely for responding to a user’s request. For example:
If you click on the “contact us” link and submit a question or comment, we will collect your name, e-mail address, and phone number to send you a reply.
By entering your contact information as noted above you are consenting to INCA using that information to contact you regarding your request. This consent is our legal basis for using the information in this way.
INCA is a data controller responsible for your personal data (as this term or similar term is defined by applicable law) when you visit our Website or provide us with contact information.
*This section only applies if you are a resident of California under the California Consumer Privacy Act of 2018 (“CCPA”) and other California privacy laws (together “California Laws”)
Pursuant to Section 1798.83 of the California Civil Code, residents of California can obtain certain information about the types of personal information that companies with whom they have an established business relationship have shared with third parties for direct marketing purposes during the preceding calendar year. To request a list of companies, if any, to which INCA has provided personal information for its own marketing purposes, please email us at DPO@groupm.com . Please allow 30 days for a response.
CCPA Personal Information We Collect
The Website collects the following categories of personal information, and the Website has collected the following categories of personal information (i) from its consumers within the last twelve (12) months, (ii) for the following purposes and (iii) from the following sources. In addition, we may share personal information with the below-identified categories of third parties.
Except as otherwise expressly set forth herein, we will not collect additional categories of personal data or use the personal data we collect for materially different, unrelated, or incompatible purposes without providing you notice.
Category of Personal Information
Name, postal address, online identifier, Internet Protocol address, email address.
Purposes for which such information will be used or was collected in the preceding 12 months
To respond to your requests, provide the requested service, market our services to you and provide information about events.
Categories of sources from which personal information will be collected or has been collected in the preceding 12 months
User completing a web form on the Website(s), registering for one of our events or subscribing to the newsletter.
Cookie ID/IP address/Browser/Device ID/Location data
See “cookie” information above.
Internet or other similar network activity
Browsing history, search history, information on a consumer’s interaction with a website, application or advertisement.
As used in this CCPA section, “personal information” does not include:
- Information that is lawfully made available from federal, state or local government records.
- De-identified or aggregated information
- Information excluded from the scope of the California Consumer Privacy Act of 2018 (“CCPA”), such as:
- Health or medical information covered by the Health Insurance Portability and Accountability Act of 1996 (HIPAA) and the California Confidentiality of Medical Information Act (CMIA) or clinical trial data; and
- Personal information covered by certain sector-specific privacy laws, including the Fair Credit Reporting Act (FRCA), the Gramm-Leach-Bliley Act (GLBA) or California Financial Information Privacy Act (FIPA), and the Driver’s Privacy Protection Act of 1994.
Your Right to Know and Access Information
California consumers have the right to request that we disclose to them, for the 12-month period preceding the date of the request, (i) the categories of personal information we have collected about them, (ii) the categories of sources from which personal information is collected, (iii) the business or commercial purpose for the information collection, (iv) the categories of third parties with whom we have shared personal information, and (v) the specific pieces of personal information we hold about them.
Your Right to Request Deletion
You have the right to request that we delete any personal information that we collected from you and retained, subject to certain exceptions. Once we receive and confirm your verifiable consumer request, we will delete (and direct our service providers to delete) your personal information from our records. However, we may retain information that has been de-identified or aggregated.
- Furthermore, we may deny your deletion request if retaining the information is necessary for us or our service provider(s) in order to perform certain actions set forth under CCPA, such as detecting security incidents and protecting against illegal activity.
- In any access or deletion request that you make pursuant to this notice, you should include your full name, e-mail address, and clear instructions regarding changes and/or information you are requesting in sufficient detail that allows us to properly understand, evaluate, and respond to your request. In addition, we ask that you please provide sufficient information to enable us to reasonably verify that you are the person (or an authorized representative of the person) regarding whom we collected the personal information. Generally speaking, verification will be performed by matching the identifying information provided by you to the personal information that we already have. We do not charge a fee to process or respond to your verifiable consumer request unless it is excessive, repetitive, or manifestly unfounded. If we determine that the request warrants a fee, we will tell you why we made that decision and provide you with a cost estimate before completing your request.
- In order to protect the security of your personal information, we will not honor a request if we cannot verify your identity (or, in the case of an authorized representative, authority to make the request) and confirm that the personal information relates to you. With respect to any requests to delete your data, once we receive and verify your request, we will delete (and direct our service providers to delete) your personal information from our records, unless an exception under applicable law applies. If we cannot comply (in whole or in part) with a request, the response we provide will also explain the reasons we cannot comply.
- We will respond to consumer requests in a reasonably timely manner. If we require extra time to respond, we will inform you of the reason and extension period in writing.
If you use an authorized agent to exercise the right to opt-out, you must provide the authorized agent written permission to do so, and we may deny the request if the authorized agent does not submit proof that it has been authorized by you to act on your behalf.
Note – Subject to applicable law, opting out through this mechanism will not prevent your personal information from being shared with third parties for non-marketing purposes (for example, to process one of your transactions). Further, this opt out mechanism will not prevent the transfer of personal information in connection with a merger, acquisition, bankruptcy or other sale of all or a portion of our assets.
To exercise any of your rights herein, you can contact us using the contact information provided at the bottom of this Privacy Notice. Please remember that any disclosures we provide will only cover the 12-month period preceding our receipt of your request. We will not discriminate against you for exercising any of your rights hereunder!
Frequently Asked Questions
Does INCA share any information with other vendors or partners?
Does INCA transfer your Personal Data outside the European Union?
If you provide us with personal data, we may transfer that personal data to our affiliates and subsidiaries or to other third parties, across borders, and from your country or jurisdiction to other countries or jurisdictions around the world to enable us to use that personal data as described above. Our standard practice is to use European Union model clauses for the transfer of data from the EEA & Switzerland to other non-EEA countries.
Use of this site by Children & Children’s data
We’re sensitive to children’s privacy. Our Website is not developed for or directed at children under age 13. We specifically request that children not provide information about themselves through our Website. If you believe your child has provided this kind of information and would like it deleted from our database, you can contact us at DPO@groupm.com . If we become aware we’ve collected information about a child under the age of 13, we’ll delete it.
Data retention and storage
We will keep your information that we collect on the Website for a reasonable period for the purposes set out above. We follow generally accepted online advertising industry standards to ensure that your personal data disclosed to us is kept secure, accurate and up to date and kept only for so long as is necessary for the purposes for which it is used. These standards include undertaking necessary physical, electronic, and management activities required to protect data integrity, access, and use.
Information Security: Maintaining the privacy of our users’ information is very important to us which means we take care and pay special attention to our security measures to protect this information from data breaches. We follow industry standards to protect against the unauthorized access to, retention of, and disclosure of information. This includes physical, electronic, and management activities to protect information integrity, access, and use.
Transfer of data upon change of control: In the event that another company acquires us, or all or substantially all of the assets of our business, through a consolidation, merger, asset purchase, or other transaction, we reserve the right to transfer all information (including any information you may have provided through the “contact us” page) that is in our possession or under our control to the acquiring party, and that information may be used by the acquiring party in its business.
Data Subject Rights of individuals in the EEA and Switzerland: You have the right to access, update, change, delete, restrict the use of, or obtain a copy of your Personal Data in an easily readable format. In certain circumstances, you may also request that GroupM transfer your Personal Data to a third party, and the right to object to its use for marketing purposes. If you wish to exercise any of these rights, please contact our DPO at DPO@GroupM.com.
Where our processing of your personal data is based on your consent, you also have the right to withdraw this consent at any time by contacting our DPO at DPO@GroupM.com. Please note that your withdrawal of consent will not affect the lawfulness of our processing of your personal data prior to withdrawal of consent.
Changes to this Privacy Notice
Please note that because of the changing nature of privacy laws and regulations, digital technologies, and our business, we may modify this Privacy Notice from time to time. Please review this Privacy Notice periodically to become aware of any changes that may have occurred (we will update the effective date at the top of the page to help you know when changes have been made).
If you have any Complaints or wish to contact us
Please use the details set out below depending on where you are located and we will do our best to address any complaints or worries you may have about how we collect and handle your Personal Data.
If for whatever reason you don’t feel like we have adequately addressed your concerns you can contact the Data Protection Authority in your jurisdiction and make a formal complaint.