개인정보처리방침

1. About this policy

IP Infusion Inc. ("IP Infusion," "we," "us," or "our"), a subsidiary of ACCESS CO., LTD., respects your privacy. This Privacy Policy explains how we collect, use, share, transfer, and protect personal information when you visit ipinfusion.com (the "Site"), interact with our products and services, or communicate with us, regardless of where you are located.

We have written this policy to comply with the EU General Data Protection Regulation (GDPR), the UK GDPR and Data Protection Act 2018, the Swiss Federal Act on Data Protection (FADP), the California Consumer Privacy Act as amended by the CPRA (CCPA/CPRA), the Brazilian General Data Protection Law (LGPD), the Australian Privacy Act 1988 and Australian Privacy Principles (APPs), the Canadian Personal Information Protection and Electronic Documents Act (PIPEDA) and provincial equivalents, Japan's APPI, and other applicable laws.

2. Who we are (data controller)

The data controller (or "business" under CCPA, "treatment agent" under LGPD) for personal information collected through this Site is:

IP Infusion Inc.
3965 Freedom Circle, Suite 200
Santa Clara, CA 95054, USA
Email: privacy@ipinfusion.com

Data Protection Officer

You can reach our Data Protection Officer at dpo@ipinfusion.com.

EU / UK Representative

For EU/EEA residents, our Article 27 GDPR representative is named in our Records of Processing. For UK residents, our UK GDPR Article 27 representative is similarly available. Contact privacy@ipinfusion.com and we will route your request to the appropriate representative.

Brazil / LGPD operator

For LGPD inquiries, our Encarregado (DPO equivalent) can be reached at dpo@ipinfusion.com.

3. Information we collect

We collect the following categories of personal information:

카테고리	Examples	Source
Identifiers & contact	Name, work email, phone number, country, company, job title	You — when you fill in a form, register for an event, or contact us
Commercial information	Products inquired about, demo requests, evaluation history, purchase records	You and our resellers/partners
Internet / device data	IP address, browser type, OS, referring URL, pages viewed, timestamps, device identifiers	Automatically, via cookies and server logs
Usage & inference data	Pages visited, content downloaded, marketing engagement	Automatically, via analytics and marketing tools (with your consent where required)
Professional information	Job role, area of interest, employer (when supplied)	You
Audio / visual	Webinar recordings, photographs at events (where attendees are notified)	You / event attendance

We do not knowingly collect "sensitive" or "special category" data (e.g., health, biometric, racial/ethnic origin, sexual orientation) through this Site, and we ask you not to submit such information to us.

4. How we use information & lawful bases (GDPR Art. 6)

Purpose	Lawful basis (GDPR/UK GDPR)
Respond to your inquiries, provide demos/quotes, fulfill orders	Performance of a contract; legitimate interests in responding to prospects
Send marketing emails, event invitations, product news	Your consent (you can withdraw at any time); legitimate interests for B2B soft opt-in where permitted
Operate, secure, and improve the Site and products	Legitimate interests in running and securing our business
Analytics and audience measurement	Your consent (cookies)
Comply with legal obligations (tax, export, audit)	Legal obligation
Detect and prevent fraud or abuse	Legitimate interests; legal obligation

Where we rely on legitimate interests, we have completed a balancing test; you may request a summary at privacy@ipinfusion.com.

5. How we share information

We do not sell personal information for monetary consideration. We share personal information only with the following categories of recipients:

• Affiliates: ACCESS CO., LTD. (our parent) and IP Infusion subsidiaries in Japan, India, and South Korea.
• Authorized channel partners and resellers (e.g., EPS Global, Edgecore Networks): only when you ask us to connect you with a local partner.
• Service providers / sub-processors: CRM (Salesforce, including Pardot/Marketing Cloud Account Engagement), email and event platforms, hosting, analytics (Google), customer-support tooling, and cloud storage. They process data only on our instructions, under written contracts that include GDPR Art. 28 / UK GDPR / LGPD-compliant terms.
• Professional advisors: lawyers, auditors, insurers.
• Authorities: law enforcement, regulators, or courts when required by law or to protect rights, property, or safety.
• Acquirers: in the event of a merger, acquisition, financing, or sale of assets, subject to standard confidentiality protections.

A current list of sub-processors is published at /sub-processors/ and is updated when we add or remove a vendor.

6. International data transfers

IP Infusion is headquartered in the United States, and our affiliates and service providers operate in the US, Japan, India, South Korea, and the EU. When we transfer personal information out of the EEA, UK, Switzerland, or other regulated jurisdictions, we rely on one or more of the following safeguards:

• EU Standard Contractual Clauses (2021/914) and the UK International Data Transfer Addendum for transfers from the EEA / UK to third countries.
• EU-US Data Privacy Framework (DPF), UK Extension, and Swiss-US DPF where the recipient is certified.
• Adequacy decisions where applicable (e.g., Japan, UK, Switzerland).
• Supplementary measures (encryption in transit and at rest, access controls, transfer impact assessments) where required following Schrems II.

You can request a copy of the relevant safeguards at privacy@ipinfusion.com.

7. Cookies & similar technologies

We use strictly necessary cookies to operate the Site. Analytics, functional, and marketing cookies only run with your consent. You can change your choices at any time via the Cookie Preferences link in the footer. Full details are in our Cookie Policy.

We respect the Global Privacy Control (GPC) browser signal: when GPC is enabled, we treat it as an opt-out of analytics and marketing cookies and, in California, as a valid request to opt out of "sale" or "sharing" of personal information.

8. Data retention

We keep personal information only as long as necessary for the purpose for which it was collected:

• Marketing contacts: until you unsubscribe or after 24 months of no engagement, whichever is earlier.
• Sales / customer records: for the life of the relationship plus 7 years for tax, audit, and warranty.
• Web analytics: aggregated after 14 months.
• Server / security logs: typically 90 days, longer if needed for investigation.
• Cookie consent record: 12 months from your most recent choice.

9. Security

We implement technical and organizational measures appropriate to the risk, including TLS in transit, encryption at rest for sensitive systems, role-based access control, MFA for staff, vendor due diligence, an information security program aligned to ISO/IEC 27001 principles, and a documented incident response plan. Despite these measures, no system is perfectly secure.

If we become aware of a personal-data breach that is likely to result in a risk to your rights and freedoms, we will notify the relevant supervisory authorities within 72 hours of becoming aware of it (GDPR Art. 33; UK GDPR; LGPD Art. 48). Affected individuals will be notified without undue delay where the risk is high (GDPR Art. 34). For California residents, we will notify in line with Cal. Civ. Code §1798.82.

10. Your privacy rights

Everyone

• Access a copy of your personal information.
• Correct inaccurate or incomplete information.
• Delete your information, subject to retention obligations.
• Withdraw consent at any time (without affecting prior processing).
• Unsubscribe from marketing via the link in any email or by emailing privacy@ipinfusion.com.

EEA / UK / Switzerland (GDPR / UK GDPR / FADP)

• Right to restriction of processing.
• Right to object, including to processing based on legitimate interests and to direct marketing.
• Right to data portability.
• Right not to be subject to a decision based solely on automated processing, including profiling, that produces legal or similarly significant effects (we do not currently make such decisions).
• Right to lodge a complaint with your supervisory authority (e.g., Ireland's DPC, the UK ICO at ico.org.uk, your national DPA, or the Swiss FDPIC).

California (CCPA / CPRA)

If you are a California resident, you have the right to:

• Know what personal information we collect, use, disclose, or share.
• Delete personal information we have collected.
• Correct inaccurate personal information.
• Opt out of the "sale" or "sharing" of personal information for cross-context behavioral advertising.
• Limit the use of sensitive personal information.
• Not be discriminated against for exercising your rights.

We do not sell personal information for money. We may "share" personal information for cross-context behavioral advertising (e.g., LinkedIn or Google retargeting) only when you have opted in via the cookie banner. To opt out, do any of the following:

• Use the Cookie Preferences link in the footer and switch off Marketing.
• Enable Global Privacy Control in your browser; we will honor it automatically.
• Email privacy@ipinfusion.com with the subject "Do Not Sell or Share."

We do not knowingly sell or share the personal information of consumers under 16. You may designate an authorized agent to make a request on your behalf; we will verify the request and the agent's authority.

Brazil (LGPD)

Brazilian residents have the rights set out in LGPD Art. 18, including: confirmation of processing; access; correction; anonymization, blocking, or deletion of unnecessary data; portability; deletion of data processed with consent; information about sharing; information about the consequences of refusing consent; and revocation of consent. You may also lodge a complaint with the ANPD (gov.br/anpd).

Australia (Privacy Act 1988 / APPs)

Australian residents may access, correct, and complain about our handling of their personal information. If we cannot resolve your complaint, you may contact the Office of the Australian Information Commissioner (OAIC) at oaic.gov.au.

Canada (PIPEDA / provincial laws)

Canadian residents may access and correct their personal information and complain to the Office of the Privacy Commissioner of Canada (priv.gc.ca) or your provincial commissioner (OIPC BC, OIPC AB, OIPC ON for health-related complaints, etc.).

Quebec (Law 25 — An Act to modernize legislative provisions as regards the protection of personal information)

If you are a Quebec resident, in addition to the Canadian rights above, you have the right to:

• Be informed before your personal information is used to render a decision based exclusively on automated processing — and to request the main factors and parameters that led to the decision.
• Request that your personal information be communicated to you in a structured, commonly used technological format (data portability).
• Be informed of any transfer of your personal information outside Quebec, including the categories of personal information transferred and an assessment of whether the destination provides equivalent protection.
• Lodge a complaint with the Commission d'accès à l'information du Québec (cai.gouv.qc.ca).

Our designated Person in Charge of the Protection of Personal Information for Quebec is reachable at dpo@ipinfusion.com (subject line: "Quebec Law 25 — Privacy Officer").

Other regions

If you are located in a region with similar protections (e.g., Japan APPI, South Korea PIPA, South Africa POPIA, India DPDP), the rights described above apply to the extent provided by your local law.

How to exercise your rights

The fastest way is the Privacy Request form. You can also email privacy@ipinfusion.com from the address associated with your data, or write to the postal address in section 14. We will respond within the period required by law (generally one month under GDPR, 45 days under CCPA, 15 days under LGPD). We may need to verify your identity before fulfilling certain requests. Exercising your rights is free; we may charge a reasonable fee for manifestly unfounded or excessive requests, as permitted by law.

11. Children's privacy

The Site is intended for business audiences and is not directed to children. We do not knowingly collect personal information from individuals under 16 (or the applicable age in your jurisdiction). If you believe a child has provided us with personal information, please contact us and we will delete it.

12. Profiling & automated decision-making

We use marketing automation tools (Salesforce / Pardot) to score leads and prioritize sales follow-up based on website engagement, content downloads, email opens, and form submissions. Under GDPR Art. 4(4), this constitutes profiling; we disclose it here for transparency.

Lead scores are indicative only. We do not make decisions based solely on automated processing that produce legal or similarly significant effects on you (GDPR Art. 22). A salesperson reviews every consequential action — for example, a low score does not, by itself, exclude you from receiving information you have requested. You can object to this profiling at any time by emailing privacy@ipinfusion.com; we will exclude you from automated scoring within 30 days.

If you are a Quebec resident, you may also request the main factors and parameters that led to any automated decision, as required by Law 25.

13. Changes to this policy

We may update this Privacy Policy from time to time. Material changes will be highlighted on this page, and where required by law we will obtain fresh consent or notify you in advance. The "Last updated" date at the top reflects the most recent revision.

14. Contact us

IP Infusion Inc.
Attn: Privacy Office
3965 Freedom Circle, Suite 200
Santa Clara, CA 95054, USA
Privacy: privacy@ipinfusion.com
DPO: dpo@ipinfusion.com
Phone: +1 (408) 579-1000