ABOUT US AND OUR POLICY
(Last update: 22 January 2024 )
AI ARTEMIDA TECHNOLOGIES LIMITED, incorporated under the laws of Cyprus (registered number HE 387863) at the following address: 12, Demostheni Severi Ave, Office 601, 6th floor, 1080 Nicosia, Cyprus (hereafter referred to as the “Company”, “we”, “us” and “our”), complies with all relevant data protection laws and strives to maintain robust data protection for users of our Services.
This document presents the Company’s Privacy Policy (hereinafter referred to as the “Policy”, “Privacy Policy”) regarding the nature, purpose, processing methods (collection, use, storage, distribution, deletion, etc.) and features of protecting the personal data / personal information collected through our Services (hereinafter referred to as the “Personal Data” or the “Data”). In addition, in this document, you can find information about your rights and how to contact us if you have any questions about processing information about you.
The term “Services” in this Privacy Policy is used with the same meaning as in the Terms of Use.
This Policy includes the following sections:
- GENERAL PROVISIONS ON DATA PROTECTION
- WHAT DATA WE PROCESS
- HOW WE OBTAIN DATA
- PURPOSE AND LEGAL BASIS FOR DATA PROCESSING
- MARKETING SETTINGS
- EXCHANGE/DISCLOSURE OF DATA AND LINKS OF THIRD PARTIES
- INTERNATIONAL DATA TRANSFER
- DATA RETENTION PERIODS
- DATA PROTECTION METHODS
- CONFIDENTIALITY OF FINANCIAL INFORMATION
- COOKIE FILES AND OTHER TRACKING TECHNOLOGIES
- DATA SUBJECT’S RIGHTS
- OUR CONTACTS
1. GENERAL PROVISIONS ON DATA PROTECTION
This Policy applies to those individuals whose Personal Data is processed or may be processed by us in future as a data controller, including, but not limited to, if such persons access our Services, use our Website and other websites administered by us, including the mobile application, contact us with inquiries, contact us for an appointment, follow a hyperlink (link) to this Policy, or attend our events followed by the collection of Personal Data.
Our services are mainly intended for use in the United Kingdom, the EU countries, and Ukraine. At the same time, we understand that our services may be of interest to users around the world, for which reason the Company makes its website available practically worldwide, excluding the EU list of non-cooperative jurisdictions and the jurisdictions specified in the UN and OECD blacklists.
We do our best to protect all Personal Data received from our users and the Website users and comply with all local data protection laws to the extent they apply to us.
As a rule, we do not collect Personal Data when you visit our Website, except for the lawful operation of cookies and similar technologies, and when you consent to process Data in some instances. However, the provision of Data through the Website is voluntary. We do not require you to register or provide Data to browse the Website. However, a failure to provide specific Data may lead to the company’s inability to deliver you a desired service you would like to order through the Website.
If you are a UK or EU Person and to process your Personal Data we need to receive your consent as it is prescribed by applicable law, we will process your Personal Data only in the case we have received from you a freely given, specific, informed, and unambiguous indication of your wishes by which you signify agreement to the processing of your Personal Data (“Consent”).
You may give your consent by ticking the respective box when you register for an account with our Service. In the case you tick the respective box, you irrevocably and unconditionally consent and agree that we shall be entitled to process your Personal Data as it is indicated by your Consent.
You may give your consent by ticking the respective box when you contact us for an appointment and book meetings etc. In the case you tick the respective box, you irrevocably and unconditionally consent and agree that we shall be entitled to process your Personal Data as it is indicated by your Consent.
Your Consent covers all processing activities with your Personal Data carried out for the same purpose or purposes. When the processing has multiple purposes, your Consent should be deemed given for all of them.
All of our services available for use on our websites and the Website are governed by this Policy and relevant legislation concerning Personal Data processing and protection. If you do not want us to collect and process any Data about you under this Policy, you will not be able to use all the functionality, our websites, our services, the Website and the related Services
We inform you that the Company acts as a Data Controller for the purposes of the General Data Protection Regulation (EU GDPR), the UK Data Protection Act 2018, and any other applicable data protection law1 when we control Data collection methods and determine the purposes for which such Data will be used.
At the same time, we will use specific Data for or in the process of providing certain services only at the
direction of our customers, for example, when a customer using the Services finds information or
himself/herself enters the information containing Personal Data. The customer independently determines
the purposes of processing of, and all further proceedings as to, such Data. In this case, the Company acts
as a Data Processor.
This Policy does not apply when the Company acts as a Data Processor or in any other similar role, or on
behalf of a third party. In this case, we process Personal Data on the instructions and on behalf of a third
party. Accordingly, a third party’s privacy policy/statement shall apply.
We will process your Data only if at least one of the following legal grounds for processing exists:
- Processing is necessary for the conclusion and/or the performance of a contract with you (including any offer and acceptance thereof), including when you use our Services;
- Processing is required by the laws of the countries in which we provide our products and/or services or make them available;
- There is a significant public interest based on current legislation (for example, to prevent and detect illegal activities);
- You gave your consent to Data processing;
- Processing is necessary for the purposes of any legitimate interests of the Company, as the controller, or a third party (except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data).
Please note that our Website may contain hyperlinks (links) to external resources or third-party websites.
We are not responsible for data processing by such third-party resources and websites. If you use such a
hyperlink (link), first of all, please carefully read the terms of processing and security of your Data.
This Policy may be updated from time to time, including as required by applicable law. The Company may
notify you of any changes to the Policy either by email (please make sure that you have provided us with
your email address and we have the right to send you email notifications) or by posting a notice of changes
on our Website. We suggest that you review this Policy for any changes from time to time.
Please remember that you can always delete or change your Data as well as exercise your other rights
under applicable law and this Policy.
2. WHAT DATA WE PROCESS
Depending on how you interact with us, how you use the Website, and what Services you use, the Personal
Data we collect and process may include the following:
- name and surname;
- username/nickname in social networks;
- contact details, in particular, email address, telephone number, postal address (country, city, postal code, street);
- information about employer and your position as well as work contacts (email address, phone number);
- profile photo;
- data collected from feedback form, booking form and online chat (usually name and email address);
- information about the software, devices and technologies you used to access the Services, your Internet Protocol address (IP address), browser version, user’s browser setting, screen size;
- consent and/or preferences we obtain from you as you use the Services, such as the communication method and language you prefer;
- identity documents such as a copy of your passport or driver’s licence if you submit to us a request about data subject rights;
- customer account data, for example, login and password for authentication and access
Some Personal Data may be obtained by the Company from publicly available sources, for example, when
such information is (a) available to the public and usually posted on the Internet; (b) lawfully made
available to the general public, such as social media, public registries, etc.
In addition, we may process other Data if you voluntarily provide it to the Company, for example, when you
send us a request or contact the support service.
The Company will not collect or process bank card data used to pay for the Services. This function is performed by our payment processor under its terms and conditions (if such payment method is available).
Since we may change the services and products we offer, the set of data we ask for specific processes may vary accordingly.
Please note that our Services are not intended for children under 132. Accordingly, we do not knowingly collect or process information about children. If you become aware of cases of use of the Company Services by children or that we receive Data from children, please inform us immediately.
3. HOW WE OBTAIN DATA
The Company may obtain your Data in a variety of ways and from various sources, including, but not limited to:
- when you register on the Website;
- when you update your account;
- when you order and/or use our Services;
- when you subscribe to our newsletter;
- when you book a meeting;
- when you contact us (via a dedicated form on the Website, by email, phone) etc.
We may collect information based on analysing the actions taken while using the Website through cookies
and similar technologies.
When the Company receives any Personal Data from third parties rather than directly from data subjects,
such third parties are responsible for their compliance with the relevant data protection laws.
4. PURPOSE AND LEGAL BASIS FOR DATA PROCESSING
We will process your Data solely for the purposes provided for by the applicable law.
We process Personal Data for the following purposes and on the following legal basis (data may be processed on several legal bases):
- setting up and administering your account on the Website (legitimate interest, conclusion of a contract);
- providing you with access to our Services and their further use (conclusion and/or performance of a contract);
- conducting internal research, development, testing, and improvement of the features and functions of our Services (performance of a contract, legitimate interest);
- providing customer support (conclusion and/or performance of a contract, legitimate interest);
- meeting our internal and external audit requirements, including our information security obligations, and if your employer is our customer and provides you with access to our Services to meet their internal audit requirements;
- personalising your user experience and allowing us to provide the type of content and product offerings that are of most interest to you (consent, legitimate interest in some cases);
- contacting you concerning participation in events (webinars, seminars, meetings, other similar events) held by the Company in which you may be interested in connection with the use of the Services or products (legitimate interest, consent in some cases);
- direct marketing and/or performance evaluation, including through a survey, and other manifestations of the Company’s research activities (legitimate interest);
- administrative, analytical, and statistical purposes (legitimate interest);
- providing advertising information (consent);
- notifying you as a customer of any changes and making other announcements related to the Services (performance of a contract, legitimate interest);
- managing your subscription and unsubscription (consent);
- protecting against any malicious actions of users (such as fraud, etc.), detecting and/or investigating a crime in connection with other security considerations of the Company (legitimate interest, compliance with legal requirements);
- processing (considering) your inquiries and/or complaints and responding to them (legitimate interest);
- responding to requests from data subjects, supervisory and/or law enforcement authorities (legitimate interest, compliance with legal requirements);
- protecting other legitimate interests of the Company, for example, preparing a claim or defence to a claim (legitimate interest).
When we process personal information from public sources for our Services, we proceed from the legal basis that such processing is necessary for our legitimate interests. In particular, when using our Services by the professional community, our legitimate interests include reducing the risk of fraud, creating a more secure business environment, and increasing corporate transparency, including information about the existence, ownership, and activities of legal entities and related persons.
Where we rely on legitimate interests as the legal basis for processing your Personal Data, we will balance those interests with your interests, fundamental rights and freedoms, as required by applicable law and best industry practice.
5. MARKETING SETTINGS
The Company may provide you with marketing and event information in several ways, such as email, telephone, text messages, direct mailing, and online (when using the Services).
It is mandatory for us to comply with both your marketing preferences and the requirements of applicable data protection laws. We process your Data to send marketing materials where we have your express consent or where there is a legitimate interest in direct marketing.
The information contained in direct marketing must not conflict with your interests. For example, from time to time, we may send you marketing materials about products and services that you may be interested in based on your interest in our Services.
You can opt out of marketing even if you have previously given us consent. You can also object to receiving direct marketing.
If you decide to opt out of marketing or object to receiving direct marketing from us, you can contact us at any time. In particular, marketing emails received from the Company will have a special button or prominent link allowing you to unsubscribe from receiving such communications in the future. You can also personalise your marketing settings in your account on the Website. Alternatively, you can write a request to our data protection officer (hereinafter referred to as “DPO”), whose contacts are indicated in this Policy.
At the same time, even if you opt out of receiving marketing messages, we may send you email service announcements or essential information about transactions related to your accounts or subscriptions. This is necessary, in particular, for contract performance and customer support.
6. EXCHANGE/DISCLOSURE OF DATA AND LINKS OF THIRD PARTIES
Following the standard practice that complies with the requirements of applicable data protection laws, your Data may be transferred to third parties outside the Company in such cases:
- when we have your consent or at your request;
- to state, federal, and other regulatory, administrative or law enforcement authorities/agencies as a part of the official proceedings (upon request);
- in response to a judgement or other decision of a court as a part of the official proceedings;
- to establish or exercise the right of the Company or an affiliate of the Company to defend against your claims;
- to investigate and/or prevent fraud by users/customers;
- if we believe that it is necessary and/or in the interests of the Company to protect or exercise its rights or the legal rights of other persons.
In some cases, we may need to transfer your Data to third parties.
In particular, we may transfer your Data, including but not limited to contact and technical data, to third parties such as service providers who perform various functions necessary for the operation of our Services.
Depending on the services provided for the processing of Data necessary for the operation of the Services, we may transfer information to the following third parties based on our instructions, under this Policy, and data protection laws:
- to our partners providing customer service technologies and performing other shared services functions of the Services;
- to our partners providing the Company’s services necessary for the functioning of the Services, in particular, customer support services (processing customer requests through various communication channels), email services, cloud services, marketing services, research services;
- to our partners providing fraud detection and prevention services as well as legal and financial (accounting) services;
- to our partners acting as payments processing companies (payment providers);
- to third parties to whom we are obliged to disclose your Data under the law (for example, state institutions, law enforcement agencies, and courts).
Our partners (suppliers of various services) are prohibited from processing Personal Data that we transfer to them for a specific purpose for any purposes other than those specified by us as the Data Controller. At the same time, we conclude contracts with such partners demanding that they provide the same level of protection and security of your Data that is required of us as per the applicable law. We also limit the use of your Data following any consent provided by you (if consent is the basis for Data processing).
If you use Google ID or Facebook to register on our Website, it automatically activates the data exchange between the corresponding partner and us.
In the event of a merger, reorganisation or a similar corporate event, or the sale of the Company or part of the Company’s assets, the information collected by us, including Personal Data, can be transferred to another company/organisation (merger or acquisition target). Undoubtedly, all such Data transfers will be carried out under the applicable data protection legislation and our confidentiality obligations, as specified in this Policy.
Our Website may contain hyperlinks (links) to other third-party websites that do not belong to the Company and are not controlled by the Company. The Opencorporates Database (https://opencorporates.com) and the National Archives (https://www.nationalarchives.gov.uk) are among them. The Company provides such content only for convenience, and including any link does not imply endorsement by us of the linked website. Please remember that we are not responsible for using Personal Data by these websites and for their privacy policies. The Company recommends that you be careful when you leave our Website and read a Privacy Policy of each third-party website that collects and then processes your Data.
7. INTERNATIONAL DATA TRANSFER
The Company is an international company that collaborates with various companies in different parts of the world to promote and/or provide customer access to its Services. Accordingly, your Data can be processed outside your country of residence, including countries that may not provide the same level of protection of your Data as your country.
In particular, the Personal Data that we process in the context of our Services is stored in the cloud environment in Germany (service of Microsoft Azure Germany).
When we transmit Personal Data to recipients in other countries outside the European Economic Area, Switzerland or the United Kingdom, we take measures to comply with the relevant legal and technological requirements, as described in this Policy and under the applicable legislation on data protection, including the requirements in Articles 44-50 of the General Data Protection Regulation (EU GDPR).
When transferring your Data to third countries that are not bound by an “adequacy decision” of the European Commission, the Company will use Standard Contractual Clauses, mandatory corporate rules, and special agreements on data transfer and processing. In addition, we will require all data recipients to ensure the proper level of protection and security of your Data that is required by the applicable data protection legislation.
In some cases, Company may need your explicit consent to the international Data transfer.
8. DATA RETENTION PERIODS
We retain your Personal Data solely during the time necessary to achieve the goals for which we have collected it, in particular, to satisfy any legal requirements, for accounting or reporting purposes, and to ensure the performance of contracts.
To determine the corresponding retention period for Personal Data, in addition to processing objectives, we also consider the volume, nature, and category of Data, the potential risk of harm from unauthorised use or disclosure of Data, as well as the relevant requirements of the applicable legislation.
As a rule, we retain basic information about our customers for six years after they have ceased to be our customers (for tax and legal purposes).
Please note that the regulations of some countries may impose additional requirements, so the Data retention period may vary. In particular, if the legislation of a country where a user of our Services resides contains statute of limitation provisions that determine the period during which you can file a claim against us, and we therefore need the appropriate evidence of legal relations with you, we can process your Data during this period.
We also need to consider any periods for which we may need to retain your Data to comply with our legal obligations to you or regulatory authorities.
Eventually, we can minimise your Data that we process or even make your Data anonymous (for research or statistical purposes) so that it is no longer connected with you personally. If the Data is anonymised, we can use this information essentially indefinitely since it no longer contains any Personal Data.
If we process Data with your consent to processing (in particular, for marketing purposes), you have the right to withdraw your consent at any time or send us a request for Data deletion or temporary suspension of Data processing. To do this, please get in touch with our DPO (please see contact information below).
The Data of individuals in the data set obtained from public sources will be published on the Website as long as it remains accessible from the relevant public sources. For example, if an individual’s Personal Data has been removed from the sanctions list, this data must also be removed from our database.
9. DATA PROTECTION METHODS
The Company is very serious about the security of Personal Data. To ensure the secure storage of your Data, we have implemented a variety of technical and administrative tools that protect the Data from any unauthorised or illegal processing and any loss, destruction or damage. We regularly test our security measures to ensure they remain operational and effective.
First, we use regular malware scanning. The antivirus protection product we use is one of the best on the market.
We use encryption when transferring Personal Data outside the Company. We definitely use other technical means to protect information that we collect online or transmit to third parties, including encryption, firewalls and password protection.
The Data you provide will be safely stored on our servers, which are inaccessible to the public.
The Company adheres to the principle of data minimisation. We process information related to our users/customers that is really necessary for us to perform certain functions and for the specific goals defined in this Policy. Your Data is available only for a limited number of employees who need access to the relevant Data to fulfil their functional duties. We constantly train the employees on our Policies regulating data privacy and security issues.
We do our best to protect the Data, but you need to be aware that no method of transmission over the Internet, or method of electronic storage is 100% secure. Therefore, we cannot guarantee its absolute security. If the Company learns of a security breach, we will endeavour to notify you provided that we are obliged to do so under the applicable legislation so that you can take appropriate security measures.
10. CONFIDENTIALITY OF FINANCIAL INFORMATION
We apply security measures when our customer orders the Services and makes payment to ensure the Data security.
All financial transactions are processed through a gateway provider, and no credit card data for financial transactions is stored or processed on our servers.
We use a third-party payment service provider to process your payments. These payment processing services allow our Website to process your online credit card payments.
An online form embedded in our Website will send your credit card information directly to a payment provider who collects and processes payment information under its privacy policy. Only you can share information necessary to perform a transaction with the financial service provider that processes the transaction.
The Company does not participate in the transaction processing. Nevertheless, we can receive consolidated information about all purchases made, including the transaction amount, necessary to confirm the Services purchase.
11. COOKIE FILES AND OTHER TRACKING TECHNOLOGIES
Cookie files are small text files that are placed on your device, for example, a computer or mobile device, when you visit websites. The Website will remember your preferences and actions for a certain period so that you do not have to configure them again. Our cookie files usually do not identify a specific user, but only identify the device used.
Cookie files and other tracking technologies on our Website can be used in different ways, for example, for the proper operation of the Website itself, traffic tracking or advertising. In particular, we use cookies and other tracking technologies to improve the quality and efficiency of our Services and for security purposes.
To learn more about what cookies are, how they work, and how to manage or delete them, please visit www.allaboutcookies.org.
A list of cookies and other tracking technologies used by the Company on the Website, as well as detailed information about cookie files, is available in a separate Cookie Policy.
12. DATA SUBJECT’S RIGHTS
According to the data protection legislation of the European Union and the UK (EU GDPR and UK Data Protection Act 2018, respectively), your rights regarding your Personal Data include:
- Right of access to your Data (“Data Subject Access Request”). This right gives you the opportunity to get a copy of your Personal Data that we process and to find out detailed information about how and why we process this Data. In this Policy, you can read the general information about what Personal Data we process and for what purposes. If you want to know more and fail to find this information in the Policy, you can request this information from us, in particular, by contacting our DPO (please see contacts in the next section below).
- Right to rectification gives you the opportunity to amend any incomplete or inaccurate Data about you that we process. If you find that some of your Personal Data that we process is incorrect or outdated, please inform us of this, including contacting the Company’s DPO. However, in some cases, we will not be able to change your Data, for example, when it has already been used in an offer contract and/or is contained in any written document issued and presented to us.
- Right to erasure (“right to be forgotten”) and withdrawal of consent to the processing of your Data. This right gives you the opportunity to demand Data deletion if the Company has no legal grounds to continue their processing. If we process your Data in accordance with the consent to processing (in particular, for the purpose of marketing distributions), any further processing can be stopped at any time by withdrawing the consent to the processing. In the cases referred to in Article 14 of GDPR, the Company will delete the processed Personal Data, with the exception of the Data that we must store in accordance with the law. At the same time, we will not always be able to fulfil your request for the deletion of Data for specific reasons about which you will be informed in response to the request.
- Right to object to the processing of your Data. This right gives you the opportunity to object if you think that our processing of your Data affects your personal rights and freedoms. In some cases, we can demonstrate that we have significant legal grounds for processing your Personal Data that prevail over your rights and freedoms. You have the absolute right to object to the processing of your Data for direct marketing purposes.
- Right to restrict processing of your Data gives you the opportunity to suspend or restrict the processing
of your Data. This means the requirement to stop any processing of your Data, except for storage under
certain circumstances, namely:
- you want us to verify the accuracy of your Data;
- if we illegally process your Data, but you do not want to delete it;
- if you need to save your Data since it is necessary for you to establish, exercise or defend a legal claim, even if we have stopped processing such Data;
- you have objected to our processing of your Data, but we need to establish that there are overriding legal grounds to grant your objection.
- Right to data portability gives you the opportunity to request, in some cases, the transfer of Personal Data to you or to a third party of your choice. We provide Personal Data in a structured, commonly used and machine-readable format. This right applies only to cases where the Data was received from you based on your consent or for the conclusion and fulfilment of a contract with you.
- Right to automated decision-making, including profiling. You have the right not to be subject to a decision based solely on automated Data processing, including profiling, which produces legal effects concerning you or similarly significantly affects you.
- Right to lodge a complaint. The GDPR and the UK Data Protection Act 2018 allow you to lodge a complaint with the relevant supervisory authority (data protection regulator). In the UK, the supervisory authority is the Information Commissioner’s Office, which can be contacted via its official website at https://ico.org.uk/concerns/ or by calling 03031231113. Our users residing in EEA countries can lodge a complaint with the Cyprus Office of the Commissioner for Personal Data Protection by calling +35722818456 or emailing commissioner@dataprotection.gov.cy.
Please contact us if you would like to exercise any of your rights above.
Please note that not all of these rights are always available to everyone. There are individual exceptions when some of these rights do not apply to your Data processed by us.
In the case of publicly available sources, there is an exception to the “right to be forgotten” if the processing is necessary to exercise the right to freedom of expression and information. We process Personal Data in the context of performing journalistic functions, disclosing Personal Data to the public for purposes of public interest and exercising our fundamental right to freedom of expression and information in accordance with Article 10 of the European Convention on Human Rights and Article 11 of the European Charter of Fundamental Rights and Freedoms.
If we become aware that a publicly available source has removed (or made inaccessible) certain information about you due to exceptional circumstances (for example, due to a serious risk to personal safety), we will promptly update the records.
You may notify us of any request made to publicly available sources to remove or restrict access to your Data by submitting a request to us. Your request should include the relevant URLs and full details of the reasons for requesting such removal or restriction.
Please note that when you contact us, you must go through the identification process and describe your specific requirements so that we can process your request and give a lawful response. If we cannot identify you via messages or requests, or if we have reasonable suspicions about your identity, we may ask you to provide proof of identity. This is the only way we can avoid disclosing your Personal Data to someone who may impersonate you, i.e. the identification process is carried out in your best interests. Any additional information collected for verification purposes will only be used to verify identity.
While we process requests as quickly as possible, we ask you to keep in mind that providing a complete and lawful response regarding Personal Data is a complex process that can take up to a month or even longer. If we need more time to prepare a complete response, we will let you know.
13. OUR CONTACTS
Please contact us if you have any questions or would like to lodge a complaint about this Policy or in relation to our use of your Personal Data.
We have appointed a Data Protection Officer (DPO) who is the contact person for any questions or comments regarding the protection and processing of your Data.
You can contact us by sending an email to dpo@artemida.ai
[1] In accordance with the Law of Ukraine “On Personal Data Protection”, the Company is the owner of personal data.
[2] We consider a user/customer to be a child if they are under the age of 13, unless their country has a different age limit (in some countries, it is under the age of 16 or 18).