DATA PROTECTION NOTICE
Last revised: October 2022
1. Overview
This document outlines the data protection practices implemented by Ehai AI ("we," "us," or "our") in relation to our offerings and solutions (the "Solutions") and the platform (the "Platform"). Protecting your privacy and keeping your information secure are core priorities for us when delivering our Solutions and operating the Platform.
Our Solutions and Platform may link to external websites and services. We are not responsible for the privacy practices of those third parties. We recommend reviewing their privacy policies before interacting with them.
All information collected by us in connection with our Solutions is treated as confidential. We employ technical, security and organisational measures to protect Personal Data (as defined below) against unauthorised processing, accidental loss, destruction, damage, theft, or disclosure.
When you submit information via our platform, you may be asked to provide personal details (for example) your name, email, phone number, date of birth and other identifying information. This information may be used, among other things, to verify identity, manage records, provide technical support and meet contractual and legal obligations. We may send important notices and, with your consent, share information about products and solutions via SMS, email, etc. You can control notification preferences and opt out of certain communications.
2. Platform; Visitors and Users
2.1. Overview
This section describes data collection from different groups: Platform visitors ("Visitors"), users ("Users"), and commercial partners (collectively "Partners"). Personal Data may include IP address, name, contact details and relationship information as required by applicable data protection laws.
2.2. Collection and Use
By accessing the Platform, you consent to the collection and use of your Personal Data. If you disagree you should not access the Platform. We may collect information via page views, IP addresses and cookies. We also process data submitted through forms and registrations.
2.3. Purposes for Processing Personal Data
We process Personal Data to improve, understand and personalise our Platform and Solutions. This includes improving accuracy, communications about Solutions, support, contractual requirements, and collaboration with partners. Consent or another lawful basis is required for processing.
The following details describe purposes and legal bases for processing Personal Data:
| Account registration and setup | Your consent; performance of the Solutions or contractual requirements |
| Delivering and using the Solutions | Performance of the Solutions or contractual requirements |
| Service updates and notifications | Performance of the Solutions or contractual requirements |
| Responding to enquiries and providing support | Legitimate interests or performance of the Solutions |
| Personalised solutions, advertising and marketing | Legitimate interests or your consent |
| Improving and developing new Solutions | Consent and legitimate interests |
| Distributing advertising and marketing materials | Your consent |
| Assessing marketing campaign performance | Legitimate interests or consent |
| Carrying out various support activities | Legitimate interests or performance of the Solutions |
| Analytics, including statistical evaluation | Legitimate interests |
| Protecting interests, rights and property | Legitimate interests or legal obligations |
2.4. Sharing Personal Data
We may share information with service providers, Partners and contractors. For Visitors and Users in the European Data Region, data processing complies with the GDPR and applicable Data Protection Laws and regulations.
3. Partners
3.1. Summary
To deliver Solutions and cooperate with Partners, we collect and process certain categories of data. Partners are responsible for their own data, and we may access it using secure methods.
3.2. Processing Personal Data
We rely on Partner consent or legitimate interests to process Personal Data. Aggregated Data may be produced for development and quality improvement purposes.
3.3. Controller/Processor
We may act as Controller or Processor depending on the type of data:
- Visitor/User Data: Controller
- Partner Data: Processor
- All data is securely hosted, following high standards of protection. We implement physical, technical and organizational safeguards.
3.4. External Data Protection
Where Solutions involve processing Personal Data on an external platform:
- We act as Processor
- We follow the external party's instructions
- We implement security controls
- We report data breaches
- We do not subcontract without permission
- We do not process data outside the European Economic Area without authorisation
- For electronic marketing communications, consent and opt-out choices are provided.
4. Security
We use administrative, organisational and technical safeguards to protect Personal Data from unauthorised access, disclosure, alteration, loss, misuse or damage. When we share data with third parties, we require them to maintain equivalent data protection standards and put contractual obligations in place for exclusive and secure processing consistent with this Notice.
If you suspect your interaction with us has been compromised, Visitors, Users or Partners should notify us immediately. Please note that, despite our security measures, we cannot guarantee absolute immunity from external attacks. Users acknowledge inherent risks and potential breaches.
5. Cookies
Please see our Cookie Policy for details on the types of cookies and tracking technologies used on the Platform, why they are used and how to accept or reject them.
6. Links to External Sites
While using the Platform, Users may encounter links to external websites outside our control. We are not responsible for the content or privacy practices of those sites. Users should review the privacy policies of any external websites or services before disclosing Personal Data.
7. Retention and Deletion
Data, including Personal Data, will not be retained longer than necessary. Visitors and/or Users with active accounts are responsible for prompt removal of their data where applicable. On account termination or partnership cessation, Personal Data collected via the Platform and/or Solutions will be deleted in accordance with applicable laws and our internal policies.
Withdrawing consent for Personal Data processing may limit access to some or all of the requested Solutions, and may be without remedy or claim.
8. Your Rights
Users have specific rights concerning their Personal Data:
8.1. Right of Access
- Verify whether Personal Data is being processed
- Access Personal Data and related information
- Information about purposes, categories, recipients, storage periods, rights, and existence of profiling
8.2. Right to Rectification
- Correct inaccurate Personal Data
- Complete incomplete Personal Data
8.3. Right to Erasure
- Request deletion of Personal Data on specific grounds
8.4. Right to Restrict Processing
- Obtain restriction of processing in certain circumstances
8.5. Right to Data Portability
- Receive Personal Data in a structured, machine-readable format
- Transfer Personal Data to another controller
8.6. Right to Object
- Object to processing based on legitimate interests or direct marketing
- Cease processing unless compelling legal grounds exist
8.7. Right to Withdraw Consent
- Withdraw consent for Personal Data processing at any time
9. Advertising and Marketing Materials
Consent is obtained to use Personal Data and contact details to provide advertising and marketing materials. You may withdraw consent by sending a written notice to the email address provided.
10. Acceptance of this Notice
By using the Platform and/or the Solutions, Visitors, Users and/or Partners are assumed to have read and accepted this Notice. If you disagree, you should refrain from using the Platform. We reserve the right to amend the Notice, and Users are encouraged to check for updates periodically. Continued use after changes indicates acceptance.
11. Legal Requirement to Disclose Personal Data
Personal Data may be disclosed without prior consent where we believe disclosure is necessary to establish identity, contact or initiate legal proceedings against persons suspected of infringing rights or property. Disclosure will be made when legally required.
12. Data Protection Officer
For privacy and data protection matters, a designated "Data Protection Officer" can be contacted at