PRIVACY POLICY

REGULATIV.AI PRIVACY POLICY

Last updated: 20 April 2023

The website www.regulativ.ai (the "Site") is owned and operated by Regulativ.ai LTD, a limited liability company 12728027 registered in England and Wales with registered office at 71-75 Shelton Street, Covent Garden, London, WC2H 9JQ, U.K.) ("we", "our", and "us").

We are committed to protecting your personal information. Personal data is any information that can identify you as an individual. This policy (together with our terms of use and any other documents referred to therein) sets the basis for processing any personal data that we receive from you or that you provide to us. Please read the following carefully to understand our policies and procedures regarding your data and how we will manage it.

Regulativ is registered with the Information Commissioner's Office under registration number A8921440.

Under data protection laws, we do not need to appoint an authorised data protection officer. However, we have selected a Privacy Officer to be responsible for matters relating to this Privacy Policy
CONTACTING US
For any questions about this privacy policy or your personal data held or processed by us, or to exercise any of your rights as described in this policy or under data protection laws, you can contact us: By post: Privacy Officer, 71-75 Shelton Street, Covent Garden, London, WC2H 9JQ, U.K.

By email: privacy@regulativ.ai

DATA PROTECTION PRINCIPLES

We are governed by the following principles when managing your personal data:

1.  Lawfulness, fairness, and transparency – data is managed lawfully, fairly, and transparently.

2.  Data minimisation – data is adequate, relevant and limited to that which is necessary for the purposes for which they are used.

3.  Purpose limitation – data is collected for specific, unequivocal and genuine purposes and not further treated in a manner incompatible with those purposes.

4. Accuracy – data is precise and, where required, maintained in a current state.

5. Integrity and confidentiality – data is managed in a way that guarantees suitable security of the personal data, including safeguarding against unauthorised or unlawful use and accidental loss, destruction or damage by using appropriate technical or organisational measures.

6.  Storage limitation – data must be kept in a form that permits identification of data subjects for no longer than is necessary for the purposes for which the personal data are processed.

PERSONAL DATA WE COLLECT

PERSONAL DATA YOU GIVE US

The categories of personal data you provide may include your name, business name, address, email address and phone number, financial and bank account information or personal description.

Personal data we collect about you

Concerning each of your visits to the Site or use of our services, we may automatically collect the following information:
You may give us personal data about you via the Site by signing up to use our software applications or by corresponding with us by phone, email or otherwise. This includes personal data you provide when you register to use the Site, subscribe to our service, or otherwise.

The categories of personal data you provide may include your name, business name, address, email address and phone number, financial and bank account information or personal description.

Personal data we collect about you

Concerning each of your visits to the Site or use of our services, we may automatically collect the following information:
  • Technical information, including the Internet Protocol (I.P.) address used to connect your computer to the internet, your login information, browser type and version, time zone setting, browser plug-in types and versions, operating system and platform; and
  • Information about your visit or usage, including the full Uniform Resource Locators (URL) clickstream to, through and from the Site (including date and time); items you viewed or searched for; page response times, download errors, length of visits to certain pages, page interaction information (such as scrolling, clicks, and mouse-overs), and methods used to browse away from the page and any phone number used to call our customer service number.
Personal data we receive from other sources

We may receive information about you if you use any other websites that we operate or other services that we provide.

We are also working closely with third parties (including, for example, business partners, sub-contractors in technical, payment and delivery services, advertising networks, analytics providers, search information providers, credit reference agencies). We may receive information about you from them.

USES MADE OF YOUR PERSONAL DATA

We only use your personal data if we have a legal basis for doing so. The purposes for which we use and process your data and the legal basis on which we carry out each type of processing are explained in the table below.
Purposes for which we will process the personal data
Legal basis for the processing
To enter into and perform contracts with you.
We must process your personal data in this way to enter into a contract with you and to fulfil our contractual obligations to you.
To provide you with information and services that you request from us.
Our legitimate interests are to respond to your queries and provide any information requested to generate and develop business. To ensure we offer a reasonable and responsive service, we consider this use to be proportionate and will not be prejudicial or detrimental to you.
To enforce the terms and conditions of or of and any contracts entered into with you.
It is in our legitimate interests to enforce our terms and conditions and any contracts entered into with you. We consider this use to be necessary for our legitimate interests and proportionate.
To populate our database, which we use for marketing purposes.
It is in our legitimate interests to market our services. We endeavour to ensure that the contacts in our database are relevant and up-to-date. We consider this use to be proportionate and will not be prejudicial or detrimental to you.    

You can opt out of receiving direct marketing-related email communications or text messages by following the unsubscribe link.
To send you publications, event information and marketing communications.
It is in our legitimate interests to market our services. We consider this use to be proportionate and will not be prejudicial or detrimental to you.    

For direct marketing sent by email to new contacts (that is, individuals with whom we have not previously engaged), we need your consent to send you unsolicited direct marketing.
To send you information regarding changes to our services, our policies, other terms and conditions, and other administrative information.
It is in our legitimate interests to ensure that any changes to our services, policies, and other terms and conditions and additional administrative information are communicated to you. We consider this necessary for our legitimate interests and will not be prejudicial or detrimental to you.
To administer the Site, including troubleshooting, data analysis, testing, research, statistical and survey purposes.

To improve the Site to ensure that consent is presented most effectively for you and your computer, mobile device or other items hardware through which you access the Site; and  

To keep the Site safe and secure.
It is in our legitimate interests to continually monitor and improve our services and your site experience and ensure network security for all these categories. We consider this necessary for our legitimate interests and will not be prejudicial or detrimental to you.
To measure or understand the effectiveness of any marketing we provide to you and others and deliver relevant marketing.
It is in our legitimate interests to continually improve our offering and to develop our business. We consider this necessary to generate business effectively and will not be prejudicial or detrimental to you.

DISCLOSURE OF YOUR PERSONAL DATA

We may share your personal data with any member of our group, which means our subsidiaries, our ultimate holding company and its subsidiaries, as defined in section 1159 of the U.K. Companies Act 2006.

We may share your personal data with selected third parties, including:
  • Business partners, suppliers and sub-contractors as necessary to carry out the purposes for which the information was supplied or collected; and
  • Analytics and search engine providers that assist us in the improvement and optimisation of the Site and services.

    Our third-party service providers are subject to security and confidentiality obligations and are only permitted to process your personal data for specified purposes and following our instructions.

    In addition, we may disclose your personal data:
  • If we sell or buy any business or assets, in which case we may disclose your personal data to the prospective seller or buyer of such business or assets.
  • If a third party acquires all or substantially all of our assets, our customers' personal data about our customers will be one of the transferred assets.
  • If we are under a duty to disclose or share your personal data to comply with any legal obligation,
  • To enforce or apply our terms of use or terms and conditions of supply and other agreements; or
  • To establish, exercise, or defend our rights or the rights of our staff, customers, or others. This includes exchanging information with other companies and organisations for fraud protection and credit risk reduction.

INTERNATIONAL TRANSFERS

The personal data that we collect from you may be transferred to, and stored at, a location outside the European Economic Area ("EEA"), as follows:
  • With our staff operating outside the EEA;
  • With our business partners, suppliers and sub-contractors located outside the EEA;
  • With our third-party service providers, who assist with running our Sites, and that are located outside the EEA.

    This includes India and U.S.

    Where personal data is transferred to and stored outside the EEA, we take steps to provide appropriate safeguards to protect your personal data, including
  • Moving your personal data to a country, territory, sector, or international organisation which the European Commission has determined ensures an adequate level of protection, as permitted under Article 45(1) GDPR;
  • Under the EU-U.S. Privacy Shield Framework, which enables U.S. business to self-certify as a means of complying with E.U. data protection laws;

    The European Commission has decided that Canada (commercial organisations only) provides adequate levels of data protection. In the absence of an adequacy decision or of appropriate safeguards listed above, we will only transfer personal data to a third country where one of the following applies (as permitted under Article 49 GDPR)):
    entering into standard contractual clauses approved by the European Commission, obliging recipients to protect your personal data as permitted under Article 46(2)(c) GDPR;
  • The transfer is necessary for the performance of our contractual engagement with you;
  • The transfer is required for the establishment, exercise or defence of legal claims; or

    You have provided explicit consent to the transfer.

    If you want further information on the specific mechanism used by us when transferring your personal data out of the EEA, please contact us using the details set out above. We will take all steps reasonably necessary to ensure that your data is treated securely and in accordance with this policy.
  • You have provided explicit consent to the transfer.

    If you want further information on the specific mechanism used by us when transferring your personal data out of the EEA, please contact us using the details set out above. We will take all steps reasonably necessary to ensure that your data is treated securely and in accordance with this policy.
Security of your personal data

All information you provide to us is stored on our secure servers. Where we have given you (or where you have chosen) a password that enables you to access certain parts of the Site or services, you are responsible for keeping this password confidential. We ask you not to share a password with anyone.

Unfortunately, the transmission of information via the internet is not completely secure. We cannot guarantee the security of your data transmitted to the Site or services; any communication is at your own risk. Once we have received your information, we will use strict procedures and security features to prevent unauthorised access.

HOW LONG WE KEEP YOUR PERSONAL DATA

Your personal data will not be kept for longer than is necessary for the purposes for which it was collected and processed.

The criteria we use for retaining your personal data include the following:
  • General queries and correspondence – when you make an enquiry or contact us by email or telephone, we will keep your personal data for as long as necessary to respond to your queries. After this period, we will not hold your personal data for longer than 12 months if we have not had any subsequent active contact with you;
  • Direct marketing – where we store your personal data on our database for direct marketing purposes, we will retain your data for no longer than 24 months if we have not had any subsequent active contact with you.
  • Legal and regulatory requirements – we may need to retain personal data for up 12 years where necessary to comply with our legal obligations, resolve disputes or enforce our terms and conditions.

YOUR RIGHTS

ACCESS TO AND UPDATING YOUR PERSONAL DATA

You have the right to access personal data which we hold about you ("data subject access request"). This enables you to receive a copy of the personal information we hold about you and check that we are processing it lawfully. Note that we may refuse to comply with a data subject access request if the request is manifestly unfounded or excessive, or repetitive in nature.

You also have the right to receive your personal data in a structured and commonly used format so that it can be transferred to another data controller ("data portability"). Note that this right only applies where we process your personal information with your consent or for the performance of a contract and when processing is carried out by automated means.

We want to make sure that your personal data is accurate and up to date. You may ask us to correct or remove personal information you think is inaccurate. Please keep us informed if your personal data changes during your relationship with us. We may refuse to comply with a request for rectification if the request is manifestly unfounded, excessive, or repetitive.

RIGHT TO OBJECT

DIRECT MARKETING

You have the right to object at any time to our processing of your personal data for direct marketing purposes.

Where we process your personal data based on our legitimate interests

You also have the right to object, on grounds relating to your particular situation, at any time to the processing of your personal data, which is based on our legitimate interests. Where you object on this ground, we shall no longer process your personal data unless we can demonstrate compelling legitimate grounds for the processing that overrides your interests, rights and freedoms, or the establishment, exercise, or defence of legal claims.

YOUR OTHER RIGHTS

You also have the following rights under data protection laws to request that we rectify your inaccurate or incomplete data.

In certain circumstances, you have the right to:
  • Request the erasure of your personal data erasure ("right to be forgotten");
  • Restrict the processing of your personal data to processing in certain circumstances.
Please note that the above rights are not absolute, and we may be entitled to refuse requests, wholly or partly, where exceptions under the applicable law apply. We may refuse an erasure request, for example, where the processing is necessary to comply with a legal obligation or necessary for establishing, exercising, or defending legal claims. We may refuse to comply with a request for restriction if the request is manifestly unfounded or excessive, or repetitive in nature.

EXERCISING YOUR RIGHTS

You can exercise any of your rights as described in this policy and under data protection laws by contacting us as provided in "Contacting us" above.

Save as described in this policy or provided under data protection laws, there is no charge for exercising your legal rights. However, if your requests are manifestly unfounded or excessive, in particular, because of their repetitive character, we may either: (a) charge a reasonable fee taking into account the administrative costs of providing the information or taking action requested; or (b) refuse to act on the request.

Where we have reasonable doubts concerning the person's identity making the request, we may request additional information necessary to confirm your identity.

COOKIES

To improve the Site, we may use small files commonly known as "cookies". A cookie is a small amount of data that often includes a unique identifier sent to your computer or mobile phone (your "device") from the Site and stored on your device's browser or hard drive.

By continuing to browse the Site, you agree to our use of cookies. If you do not want us to use cookies when you use the Site, you can set your internet browser not to accept cookies. However, if you block cookies, some of the features on this Site may not function. You can find more information about managing cookies for all the commonly used internet browsers by visiting www.allaboutcookies.org. This website will also explain how you can delete cookies that are already stored on your device.

We use "Google Analytics", a web analytics service provided by Google Inc. ("Google"), on the Site. Google Analytics uses cookies to help the Site analyse how users use the Site. We can then use this information to improve navigability and the Site generally.

The information generated by the cookie about your use of the Site (including your I.P. address) will be transmitted to and stored by Google on servers in the United States. Google will use this information to evaluate your use of the Site, compiling reports on website activity for website operators and providing other services relating to website activity and internet usage. Google may also transfer this information to third parties where required to do so by law or where such third parties process the information on Google's behalf. Google will not associate your I.P. address with any other data held by Google. You may refuse the use of cookies by selecting the appropriate settings on your browser; however, please note that you may not be able to use the full functionality of the Site if you do this.

By using this Site, you consent to the processing of data about you by Google in the manner and purposes set out above. However, you can opt-out of Google Analytics without affecting how you visit the Site. For more information on opting out of being tracked by Google Analytics across all websites you use, visit this Google page.

LINKS

From time to time, the Site may contain links to and from the websites of our partners and other third parties. If you follow a link to any of these websites, please note that we do not accept any responsibility or liability for processing your personal data through these websites.

COMPLAINTS

If you have concerns about our use of your personal data, please send an email with the details of your complaint to our Privacy Officer by email at privacy@regulativ.ai

You have the right to make a complaint at any time with a supervisory authority, in particular in the E.U. (or EEA) state where you work, normally live or where any alleged infringement of data protection laws occurred. The supervisory authority in the U.K. is the Information Commissioner's Office ("ICO"), which can be contacted at https://ico.org.uk/ or by telephone on 0303 123 1113.

CHANGES TO OUR POLICY

We may change this privacy policy from time to time. Any changes we may make to this policy in the future will be posted on the Site and, where appropriate, notified to you by email or by other suitable means.