INFRASPEAK is strictly committed to protecting the privacy, confidentiality, and security of personal data. This Privacy Policy applies globally to our business interactions with Customers, Suppliers, Platform Users, Event Attendees, and E-meeting Participants.

INFRASPEAK acts as a Data Controller when determining the purposes and means of our own corporate data processing (e.g., marketing, event organization, direct client management). Where we process personal data strictly within our cloud application environment on behalf and under the documented instructions of our corporate clients, INFRASPEAK acts exclusively as a Data Processor.

2. What Kind of Information We Keep About You

We collect and process only the personal data necessary to provide our services and execute corporate activities:

Identity Data: Full name, taxpayer identification number (Tax ID/NIF/CPF), IP and physical address.
Contact Data: Professional work email address and telephone/mobile number.
Professional Data: Job title and corporate role.
Location Data: Real-time GPS data, collected only if explicitly requested and enabled by the Customer (acting as Data Controller).
Audiovisual Data: Images and voice recordings collected during corporate events, webinars, or electronic business meetings (e-meetings).

3. How We Collect Your Personal Data

Personal data is collected through direct interactions and designated functional operations:

Through the negotiation, execution, and signing of commercial service contracts.
When a user registers an account profile or logs into the Infraspeak application, Infraspeak Network, or Infraspeak Direct.
When natural persons fill out physical forms, digital forms, online demo requests, or register for company-sponsored events.
Through real-time GPS tracking synchronized via mobile devices, strictly subject to client controller authorization.
Via automated image and voice capture tools during recorded corporate e-meetings or public corporate events.

4. Purposes and Lawfulness of Processing

We process your personal data under the lawful grounds established in Article 6 of the General Data Protection Regulation (GDPR):

Purpose of Processing	Data Categories Involved	Legal Basis (GDPR Art. 6)
Contract Execution & Service Provision: Drafting, signing, and managing service agreements; establishing user application profiles.	Identity Data, Contact Data, Professional Data.	Contractual Necessity: Article 6(1)(b).
Location Tracking: Mapping and assessing the real-time position of app users and assigned equipment on a digital layout.	Location Data (GPS).	Contractual Necessity: Article 6(1)(b).
Infraspeak Network & Infraspeak Direct Engagement: Reaching out to platform users to discuss commercial engagement and service expansions.	Contact Data (Name, Work email, phone).	Legitimate Interest: Article 6(1)(b)/(f) (Direct commercial engagement with existing business profiles).
Corporate Event Organization & PR: Capturing images and voice to promote, document, and broadcast corporate events.	Audiovisual Data (Image, voice), Identity Data.	Consent or Legitimate Interest: Article 6(1)(a) or 6(1)(f) depending on context.
Business E-Meetings Optimization: Transcribing, recording, and assessing video interactions for contract negotiation and business tracking.	Audiovisual Data (Image, voice), Identity Data.	Contractual Steps or Legitimate Interest: Article 6(1)(b) or 6(1)(f).
Legal Compliance: Fulfilling corporate tax, accounting, audit, and regulatory reporting duties.	Identity Data, Contact Data, Transaction Logs.	Legal Obligation: Article 6(1)(c).

5. Sharing and International Transfer of Personal Data

To guarantee high-tier functionality, data is securely distributed to authorized sub-processors or third-party cloud tools:

Core Platform and CRM Sub-processors:

Amazon Web Services EMEA SARL (Database hosting within the EU).
Google Ireland Limited (Google Drive cloud storage and enterprise productivity suites).
Anthropic PBC (Use of an Artificial Intelligence model to support the Client during the implementation phase).
HubSpot Ireland Limited (Customer Relationship Management - CRM).
DealHub Ltd (Contract generation, business proposal negotiation, and signing workflows).
Planhat AB (Customer success software and CRM data analysis).

Demo Sub-processor:
- Navattic Inc. (Demos automation Software).

Business E-Meetings Optimization Sub-processor:

Glyphic AI Limited (AI-powered transcription and data processing for enterprise virtual meetings).

Corporate Events and Public Relations Sub-processors:

When attending Infraspeak corporate events, public audiovisual interactions or related identification data may be processed through: YouTube, LinkedIn, TikTok, Instagram, and Facebook.

Artificial Intelligence: The use of Artificial Intelligence tools or tools incorporating Artificial Intelligence modules is subject to security assessments pursuant to ISO 27001 and to the provider’s compliance with the AI Act, the GDPR, and the LGPD. Data shared with Artificial Intelligence tools or tools incorporating Artificial Intelligence modules shall always be minimized in accordance with the provisions of the GDPR and the LGPD, and shall under no circumstances be used for the training of any model.

International Transfers: Personal data is primarily hosted within the European Economic Area (EEA). Where third-party service elements necessitate data rendering outside the EEA, transfers are strictly governed by valid adequacy decisions or Standard Contractual Clauses (SCCs) in full compliance with Chapter V of the GDPR.

Trust Center: For further information regarding the processing of your data and the security measures implemented by us, please refer to our Trust Center.

6. Data Retention Period

Personal data is retained only for as long as necessary to fulfill the operational purposes detailed in this policy, or to meet legal statutory recording requirements. As a general operational rule:

Data processing for Platform Users terminates when their employer's commercial contract with INFRASPEAK expires or is terminated.
Data is removed or anonymized once a specific user stops providing services to or working for the designated INFRASPEAK Customer.
In the event of unresolved disputes or prospective litigation, data access is strictly restricted to designated legal functions for the duration of the applicable statute of limitations.

7. Data Subject Rights

Natural persons hold enforceable global rights regarding their personal data, which can be exercised by contacting privacy@infraspeak.com:

Right to Information & Access: Request clear confirmation of whether your data is processed, alongside a complete, permanent copy of your records.
Right to Rectification: Request immediate correction of outdated, inaccurate, or incomplete corporate records.
Right to Erasure ("Right to be Forgotten"): Request full data deletion where there is no overriding legal or contractual ground for its retention.
Right to Object: Object at any time to data processing carried out under legitimate interest grounds.
Right to Restriction: Request the freezing of data processing while its structural accuracy or legal validity is being formally verified.
Right to Withdraw Consent: Where processing relies on prior consent, you can revoke it at any time without any commercial or operational detriment.

Identity Verification Note: For your safety and to prevent unauthorized third-party disclosures, INFRASPEAK will request proportionate identity verification when rights are exercised. No standard service fees apply ; however, manifestly unfounded or repetitive/excessive requests may trigger a reasonable administrative fee or a refusal to act, in line with GDPR parameters.

Privacy Policy Update: INFRASPEAK reserves the right to update this Privacy Policy at any time.

For any queries regarding this Privacy Policy or other related subjects please contact privacy@infraspeak.com.

Infraspeak Platform

Capabilities

By category

⠀By industry

Resources

About us

Infraspeak Privacy and Personal Data Protection Policy

1. Scope and Purpose