Introduction

1. Who We Are

2. Information We Collect

2.1 Website Visitors
When you visit our websites, we may collect:
‍
‍Information you provide directly:
-Name and surname
-Email address
-Telephone number
-Company name and role
-Country and location
-Message content (when you contact us)

This information is collected when you:
‍
-Submit a contact form or demo request
-Sign up for our newsletter
-Download resources or whitepapers
-Attend webinars or events
-Correspond with us by email or phone

‍Information collected automatically:
-IP address and approximate geographic location
-Browser type and version
-Operating system
-Pages visited and time spent on pages
-Referral source (how you arrived at our website)
-Device information
-Cookies and similar tracking technologies (see Section 8)

2.2 Trial Account Users
‍When you register for a trial account on our cloud platform, we collect:
‍
‍Registration information:
-Email address (required)
-Password (encrypted using industry-standard cryptographic algorithms before storage)
-Name and company details (if provided)
-Authentication data if registering via Google or Microsoft 365

‍Usage information:
-Login times and session duration
-Features accessed and actions performed
-System logs and error reports
-Data entered into trial account (which you control)

2.3 Commercial Customer Representatives
‍For individuals who are representatives, administrators, or users of our commercial customers' accounts:
‍
-Contact details (name, email, phone)
-Role and access permissions
-Usage and activity logs
-Support ticket information
-Training and certification records

‍Note: Business data processed within customer production environments is covered by separate Data Processing Agreements, not this Privacy Policy.

3. How We Use Your Information

We process your personal data for the following purposes:
3.1 Website Visitors
‍Purpose: To respond to your enquiries and provide information
Legal Basis: Legitimate interests (responding to requests and business development) or consent (where required)

‍Purpose: To send you marketing communications about our products and services
Legal Basis: Consent (which you can withdraw at any time) or legitimate interests (for existing business contacts)

‍Purpose: To improve our website and understand how visitors use it
Legal Basis: Legitimate interests (improving user experience and website performance)

3.2 Trial Account Users
‍Purpose: To provide and maintain your trial account
Legal Basis: Contract performance (providing the trial service you requested)

‍Purpose: To communicate with you about your trial and our services
Legal Basis: Legitimate interests (supporting trial users and converting to commercial relationships)

‍Purpose: To monitor usage and improve our platform
Legal Basis: Legitimate interests (service improvement and security)3.3 Commercial Customers

‍Purpose: To deliver our services under commercial agreements
Legal Basis: Contract performance

‍Purpose: To provide technical support and maintain service quality
Legal Basis: Contract performance and legitimate interests

‍Purpose: To communicate about service updates, maintenance, and security
Legal Basis: Contract performance and legal obligations

‍Purpose: To comply with legal and regulatory requirements
Legal Basis: Legal obligation

3.4 General Processing
‍We may also process your information to:
-Detect, prevent, and address fraud, security issues, or technical problems
-Comply with applicable laws, regulations, or legal processes
-Enforce our Terms & Conditions
-Protect the rights, property, or safety of Emakin, our customers, or the public

4. Legal Basis for Processing (GDPR)

Under the General Data Protection Regulation (GDPR), we must have a legal basis for processing your personal data.
We rely on the following legal bases:

‍Contract Performance: Processing necessary to perform our contract with you or take steps at your request before entering into a contract.
‍Legitimate Interests: Processing necessary for our legitimate business interests, such as:

-Responding to enquiries and providing information
-Marketing to existing business contacts
-Improving our services and website
-Detecting and preventing fraud
-Managing our business operations

We always balance our legitimate interests against your rights and freedoms.

‍Consent: Where you have given clear consent for us to process your personal data for a specific purpose (e.g., marketing communications).
‍Legal Obligation: Where processing is necessary to comply with legal or regulatory requirements.

5. How We Share Your Information

We engage trusted third-party service providers to support our business operations. These providers may process personal data on our behalf, including:

‍Cloud infrastructure providers (hosting and storage)
‍Email and communication services (for sending emails and notifications)
‍Analytics providers (to understand website usage)
‍Customer support tools (to manage support tickets)
‍Payment processors (for commercial customers)

All service providers are contractually required to:

Process data only on our instructions
Implement appropriate security measures
Comply with applicable data protection laws

A list of our sub-processors is available upon request at privacy@emakin.com.

5.2 Business Transfers
‍If Emakin is involved in a merger, acquisition, or sale of assets, your personal information may be transferred as part of that transaction. We will notify you via email and/or prominent notice on our website before your information is transferred and becomes subject to a different privacy policy.

5.3 Legal Requirements
‍We may disclose your personal information if required to do so by law or in response to:

Valid legal process (court orders, subpoenas, warrants)
Government or regulatory requests
Requests to protect the rights, property, or safety of Emakin or others
Situations involving potential threats to physical safety
Investigations of fraud or violations of our Terms & Conditions

5.4 With Your Consent
‍We may share your information with third parties when we have your explicit consent to do so.

6. International Data Transfers

Emakin is based in the Republic of Ireland, within the European Union. However, some of our service providers may be located outside the European Economic Area (EEA).

When we transfer personal data outside the EEA, we ensure appropriate safeguards are in place, including:

‍Standard Contractual Clauses (SCCs): We use the European Commission's Standard Contractual Clauses, which provide adequate safeguards for data transfers.
‍Adequacy Decisions: We may transfer data to countries that the European Commission has deemed to provide an adequate level of data protection.
‍Other Safeguards: In some cases, we may rely on other lawful transfer mechanisms, such as Binding Corporate Rules or certifications under recognised frameworks.

For commercial customers, specific data residency options may be available. Please refer to your service agreement or contact sales@emakin.com for details about data centre locations.

7. Data Retention

We retain your personal information only for as long as necessary to fulfil the purposes for which it was collected, comply with legal obligations, resolve disputes, and enforce our agreements.

‍Website enquiries: We retain enquiry information for up to 3 years after last contact, unless you request earlier deletion.
‍Trial accounts: Trial account data is retained for the duration of the trial period plus 30 days, after which it may be deleted unless converted to a commercial account.
‍Marketing communications: We retain marketing contact data until you unsubscribe or request deletion, or until we determine the data is no longer relevant (typically after 3 years of inactivity).
‍Commercial customers: Data retention periods for commercial customers are specified in service agreements and Data Processing Agreements.
‍Legal requirements: Some information may be retained longer to comply with legal, tax, or accounting obligations.

You can request deletion of your personal data at any time (see Section 10: Your Rights).

8. Cookies & Tracking Technologies

8.1 What Are Cookies?
Cookies are small text files placed on your device when you visit a website. They help websites remember your preferences and understand how you use them.

8.2 Cookies We Use
‍Essential Cookies: These cookies are necessary for the website to function properly. They enable core functionality such as security, network management, and accessibility.
‍
‍Analytics Cookies: We use Google Analytics to understand how visitors interact with our website. This helps us improve user experience and website performance.Information collected includes:
-Pages visited and time spent
-Navigation paths through the site
-Browser and device information
-Approximate geographic location

‍Marketing Cookies: These cookies track visitors across websites to display relevant advertisements and measure campaign effectiveness.

8.3 Third-Party Analytics
‍Google Analytics: We use Google Analytics to analyse website traffic and usage patterns. Google Analytics collects information anonymously and reports website trends without identifying individual visitors.

To learn more about how Google uses data, visit: https://policies.google.com/technologies/partner-sitesGoogle Analytics Opt-Out: You can opt out of Google Analytics tracking by installing the Google Analytics Opt-out Browser Add-on: https://tools.google.com/dlpage/gaoptout

‍8.4 Social Sign-In
‍We offer the option to register or sign in using:
‍
-Google OAuth
-Microsoft 365 OAuth

When you use these services, they may collect information about your interaction with our platform according to their own privacy policies. We receive only the information necessary to create your account (typically name and email address).

8.5 Managing Cookies
‍You can control and manage cookies through your browser settings. However, disabling certain cookies may limit your ability to use some features of our website.

Most browsers allow you to:
‍
-View cookies stored on your device
-Delete cookies
-Block cookies from specific sites
-Block third-party cookies
-Block all cookies

For more information about cookies and how to manage them, visit: www.allaboutcookies.org

9. Data Security

We take the security of your personal information seriously and implement appropriate technical and organisational measures to protect it against unauthorised access, alteration, disclosure, or destruction.

9.1 Security Measures
‍Our security measures include:
‍
‍Encryption: All data transmitted between your browser and our servers is encrypted using industry-standard SSL/TLS protocols. Passwords are encrypted using secure cryptographic algorithms before storage.
‍Access Controls: Access to personal data is restricted to authorised personnel who need it to perform their job functions. All access is logged and monitored.
‍Secure Infrastructure: Our systems are hosted on secure cloud infrastructure with enterprise-grade physical and network security.
‍Regular Security Testing: We conduct regular security assessments, vulnerability scans, and penetration testing to identify and address potential security issues.
‍Security Monitoring: We continuously monitor our systems for suspicious activity and security incidents.
‍Backup & Recovery: Regular data backups are performed to prevent data loss and ensure business continuity.
‍Staff Training: All employees receive security awareness training and are bound by confidentiality obligations.

9.2 Your Responsibility
‍You are responsible for:
‍
-Keeping your account credentials confidential
-Using strong, unique passwords
-Not sharing your account access with others
-Notifying us immediately of any suspected security breach

9.3 Security Incidents
‍Despite our security measures, no system is completely secure. If we become aware of a security breach that affects your personal data, we will:
‍
-Notify affected individuals without undue delay
-Report the breach to relevant supervisory authorities as required by law
-Take immediate steps to contain and remediate the incident
-Provide information about the breach and recommended protective actions

10. Your Rights Under GDPR

If you are located in the European Economic Area (EEA) or the UK, you have the following rights regarding your personal data:

10.1 Right of Access
‍You have the right to request a copy of the personal data we hold about you.

10.2 Right to Rectification
‍You have the right to request correction of inaccurate or incomplete personal data.

10.3 Right to Erasure ("Right to Be Forgotten")
‍You have the right to request deletion of your personal data in certain circumstances, such as:
‍
-The data is no longer necessary for the purposes for which it was collected
-You withdraw your consent (where processing is based on consent)
-You object to processing and there are no overriding legitimate grounds
-The data has been unlawfully processed

Note: This right is not absolute. We may need to retain certain information to comply with legal obligations or for legitimate business purposes.

10.4 Right to Restriction of Processing
‍You have the right to request that we restrict processing of your personal data in certain circumstances, such as:

-You contest the accuracy of the dataProcessing is unlawful, but you don't want the data erased
-We no longer need the data, but you need it for legal claims
-You have objected to processing, pending verification of our legitimate grounds

10.5 Right to Data Portability
‍You have the right to receive your personal data in a structured, commonly used, and machine-readable format and to transmit it to another controller.

10.6 Right to Object
‍You have the right to object to processing based on legitimate interests or for direct marketing purposes. When you object to marketing, we will stop processing your data for that purpose.

10.7 Right to Withdraw Consent
‍Where processing is based on your consent, you have the right to withdraw that consent at any time. This will not affect the lawfulness of processing before withdrawal.

10.8 Right to Lodge a ComplaintYou have the right to lodge a complaint with a supervisory authority, particularly in the EU member state where you reside, work, or where an alleged infringement of data protection law occurred.
‍
‍Irish Data Protection Commission:
21 Fitzwilliam Square South
Dublin 2, D02 RD28
Ireland
Phone: +353 (0)761 104 800
Email: info@dataprotection.ie
Website: www.dataprotection.ie

‍10.9 Exercising Your Rights
‍To exercise any of these rights, please contact us at privacy@emakin.com with:
‍
-Your full name and contact details
-A clear description of your request
-Proof of identity (if required to verify your identity)

We will respond to your request within one month. In complex cases, this may be extended by up to two additional months, and we will inform you of any such extension.

11. Children's Privacy

Our services are not directed at children under the age of 16, and we do not knowingly collect personal information from children under 16. If you become aware that a child has provided us with personal information, please contact us at privacy@emakin.com, and we will take steps to delete such information.

12. Marketing Communications

12.1 How We Use Your Information for Marketing

With your consent or where we have a legitimate interest, we may send you marketing communications about:

-Product updates and new features
-Industry insights and best practices
-Webinars, events, and training opportunities
-Case studies and customer success stories
-Promotional offers and special announcements

12.2 Opting Out
‍You can opt out of marketing communications at any time by:
‍
-Clicking the "unsubscribe" link in any marketing email
-Contacting us at privacy@emakin.com

‍Please note: Even if you opt out of marketing communications, we may still send you service-related communications, such as:
‍
-Account notifications
-Security alerts
-System maintenance updates
-Responses to your enquiries
-Legal notices

13. Commercial Customer Data Processing

13.1 Emakin as Data Processor
For commercial customers using Emakin's platform to process their business data (e.g., employee information, customer records, business processes), Emakin acts as a data processor, and our customer acts as the data controller.

13.2 Data Processing Agreement
Commercial customers enter into a separate Data Processing Agreement (DPA) that specifies:

-The nature and purpose of data processing
-Types of personal data processed
-Categories of data subjects
-Emakin's obligations as a processor
-Security measures and sub-processors
-Data subject rights procedures
-Data breach notification requirements
-Data deletion and return procedures

13.3 Customer Responsibilities
As data controller, our commercial customers are responsible for:

-Obtaining necessary consents from data subjects
-Ensuring lawful basis for processing
-Providing privacy notices to data subjects
-Responding to data subject rights requests
-Determining data retention periods
-Instructing Emakin on data processing activities

13.4 Requesting a DPA
‍Commercial customers can request a copy of our Data Processing Agreement by contacting sales@emakin.com or their account manager.

14. Links to Third-Party Websites

Our websites may contain links to third-party websites, resources, or services. This Privacy Policy does not apply to those third-party sites. We are not responsible for the privacy practices or content of third-party sites.

We encourage you to review the privacy policies of any third-party sites you visit.

15. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, services, legal requirements, or for other operational, legal, or regulatory reasons.

‍Notification of Changes:
‍
-Material changes will be posted prominently on this page with an updated "Last Updated" date
-We may also notify you by email (for registered users) or through a notice on our website
-For significant changes affecting your rights, we may seek your consent where required by law

‍Your Continued Use:Your continued use of our website or services after changes to this Privacy Policy constitutes acceptance of the updated policy.

We encourage you to review this Privacy Policy periodically to stay informed about how we protect your information.

16. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data processing practices, please contact us:

‍Privacy Enquiries:
Email: privacy@emakin.com

‍General Enquiries:
Email: info@emakin.com

‍Postal Address:
Emakin Limited
The CHQ Building, Dogpatch Labs
Custom House Quay
Dublin 1, D01 Y6H7
Republic of Ireland

‍Commercial Customer Support:
Email: support@emakin.com

‍Sales Enquiries:
Email: sales@emakin.com

17. Glossary of Terms

Data Controller: The entity that determines the purposes and means of processing personal data.
‍Data Processor: The entity that processes personal data on behalf of the data controller.
‍Data Subject: An individual whose personal data is processed.
‍Personal Data: Any information relating to an identified or identifiable natural person.
‍Processing: Any operation performed on personal data, including collection, storage, use, disclosure, or deletion.
‍GDPR: General Data Protection Regulation (EU) 2016/679.
‍EEA: European Economic Area, consisting of EU member states plus Iceland, Liechtenstein, and Norway.
‍Consent: Freely given, specific, informed, and unambiguous indication of agreement to processing of personal data.
‍Legitimate Interest: A lawful basis for processing when it is necessary for the purposes of legitimate interests pursued by the controller or a third party, except where such interests are overridden by the interests or fundamental rights of the data subject.