Integrated Marketing Technology Inc. (“IMT”)
Integrated Marketing Technology Inc. (“IMT”) is committed to protecting Personal Data and complying with applicable data protection and privacy laws, including the General Data Protection Regulation (“GDPR”), the EU-U.S. Data Privacy Framework (“EU-U.S. DPF”), and the UK Extension to the EU-U.S. DPF.
This Privacy Policy explains how IMT processes Personal Data solely in its capacity as a data processor, acting on behalf of its Clients.
1. Role of IMT (Processor-Only)
IMT provides data management and technology services to business Clients. IMT does not determine the purposes or means of processing Personal Data.
For purposes of applicable data protection laws:
IMT acts as a data processor
IMT’s Clients act as data controllers
IMT processes Personal Data only on documented instructions from its Clients
IMT does not sell, license, or use Client Personal Data for its own independent purposes.
2. Scope
This Policy applies to Personal Data processed by IMT in the United States on behalf of Clients whose Individual Customers are located in the European Union (“EU”) or the United Kingdom (“UK”).
This Policy does not apply to anonymized, aggregated, or de-identified data that cannot reasonably be used to identify an individual.
3. Data Privacy Framework Participation
IMT complies with:
The EU-U.S. Data Privacy Framework
The UK Extension to the EU-U.S. Data Privacy Framework
IMT has certified to the U.S. Department of Commerce that it adheres to the DPF Principles regarding the processing of Personal Data transferred from the EU and UK to the United States.
If there is a conflict between this Policy and the DPF Principles, the DPF Principles shall govern with respect to international data transfers. Nothing in this Policy limits or replaces IMT’s obligations under GDPR or other applicable data protection laws.
More information is available at: https://www.dataprivacyframework.gov
4. Categories of Personal Data Processed
IMT processes Personal Data only as instructed by its Clients, which may include:
Name
Email address
Mailing address
Telephone number
Account, transaction, or customer identifiers
The specific categories of Personal Data processed depend entirely on the Client’s services, instructions, and configuration.
5. Purpose and Legal Basis for Processing
IMT processes Personal Data solely for the purpose of providing contracted services to its Clients, including:
Data hosting and storage
Reporting, analytics, and technical processing
System operations, maintenance, and support
Under GDPR, IMT relies on:
Article 28 – processing on behalf of a controller
Article 6(1)(b) – processing necessary for performance of a contract
Clients are responsible for determining and communicating the lawful basis for collecting Personal Data from their Individual Customers.
6. Marketing and Business Communications
IMT does not use Client Personal Data for marketing purposes.
Personal Data submitted directly to IMT through business inquiries (such as prospective clients contacting IMT) is used solely to respond to those inquiries and conduct legitimate business communications.
7. Data Transfers to Third Parties
IMT may engage third-party service providers (“Sub-processors”) to assist in providing services.
All Sub-processors:
Act only on IMT’s documented instructions
Are bound by written agreements
Are required to implement data protection safeguards consistent with GDPR and the DPF
Clients are informed of material changes to Sub-processors in accordance with contractual agreements.
IMT remains responsible under the DPF for onward transfers of Personal Data to Sub-processors.
Be advised that we may be required to disclose your personal information in response to lawful requests by public authorities in the United States, including to meet national security or law enforcement requirements.
8. Data Security
IMT implements appropriate technical and organizational measures pursuant to GDPR Article 32, including:
Role-based access controls
Network and firewall protections
Encryption where appropriate
Employee access limitations
Periodic security reviews based on risk assessments
While no system can guarantee absolute security, IMT maintains safeguards aligned with industry standards.
9. Data Retention and Deletion
IMT retains Personal Data only for as long as instructed by its Clients or as required by applicable law.
Upon termination of services, and at the Client’s direction, IMT will:
Return Personal Data, or
Securely delete Personal Data
If no deletion instructions are provided, IMT retains Personal Data only as necessary to fulfill contractual and legal obligations.
10. Personal Data Breach Notification
IMT will notify Clients without undue delay after becoming aware of a Personal Data breach involving data processed on their behalf, in accordance with contractual obligations and applicable law.
11. Individual Rights
Because IMT acts solely as a data processor, requests to exercise rights under GDPR (including access, rectification, erasure, restriction, portability, or objection) should be directed to the applicable Client.
IMT does not independently verify the identity of data subjects or make determinations regarding rights requests. If IMT receives a request directly, it will forward the request to the relevant Client unless legally required to respond.
12. Questions or Complaints
Questions regarding this Policy may be directed to: privacy@imtnetwork.com
EU or UK Individuals may submit complaints related to DPF compliance as described below.
13. Enforcement and Dispute Resolution
In compliance with the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF, we commit to resolve DPF Principles-related complaints about our collection and use of your personal information. EU, and UK individuals with inquiries or complaints regarding our handling of personal data received in reliance on the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF, should first contact us at privacy@imtnetwork.com.
We commit to refer unresolved complaints to the ANA DPF Dispute Resolution Program, an alternative dispute resolution provider based in the United States. If you do not receive timely acknowledgment of your DPF Principles-related complaint from us, or if we have not addressed your DPF Principles-related complaint to your satisfaction, please visit https://www.ana.net/content/show/id/accountability-dpf-consumers for more information or to file a complaint. The services of the ANA DPF Dispute Resolution Program are provided at no cost to you.
ANA DPF Dispute Resolution
https://ana.net/dpf-consumers
2020 K Street NW, Suite 660
Washington, D.C. 20006
As a last resort, individuals may invoke binding arbitration through the Data Privacy Framework Panel.
IMT is subject to the investigatory and enforcement powers of the U.S. Federal Trade Commission.
14. Changes to This Policy
IMT may update this Policy from time to time. Material changes will be posted on this page.
15. Defined Terms
For purposes of this Policy:
“Personal Data” means information that identifies or could reasonably be used to identify a real person, either directly or indirectly
“Client” means a business client of IMT acting as a data controller
“Individual” or “Data Subject” means a natural person whose Personal Data is processed
“Sub-processor” means a third party engaged by IMT to process Personal Data on behalf of Clients
Effective Date: September 26, 2016
Last Updated: February 4, 2026
