ELERIAN CONVERSATIONAL AI LTD
PLEASE READ THROUGH CAREFULLY
At Elerian Conversational AI Limited we’ve developed a new kind of Digital Agent. With our human-centred approach to technology development we are on a mission to improve the lives of those around us. We believe that the privacy and protection of your personal data is central to our service. As part of our commitment to you, we are dedicated to being open and transparent about how we process every piece of your data.
We take your privacy very seriously and we ask that you read this Privacy Notice carefully as it contains important information about our processing and your rights.
About Us and This Notice
Elerian Conversational AI Limited (‘we’ or ‘us’) are a ‘data controller’ for the purposes of the General Data Protection Regulation (EU) 2016/679 and the Data Protection Act 2018 (“Data Protection Laws”), and we are responsible for, and control the processing of, your personal information.
This notice covers our privacy practices for our Services. We are required to process your personal information in order to provide you, the Service User, with our Services. By entering into business with us you are accepting our Terms of Service and confirming that you have read and understand this policy including how and why we use your information. If you are not happy with the data processing or collection processes outlined in this policy, unfortunately we will be unable to offer you our Services.
As a service provider we may contract the services of valid third-parties who will be involved in processing your data, as part of our onboarding process we require them to match our high standards of data privacy and compliance, through proof of adherence to GDPR, completion of a non-disclosure agreement and data privacy risk assessments. Technology and risk fluctuate over time and as such we continually evaluate, modify, and adjust our security environment, along with ensuring that everything we do matches our documented compliance processes.
Useful Words and Phrases
Personal Data – This means any information from which a living individual can be identified. This will include information such as telephone numbers, names, addresses, e-mail addresses, photographs, voice recordings. It will also include expressions of opinion and indications of intentions about you (and your own expressions of opinion/intentions). It will also cover information which on its own does not identify someone, but which would identify them if put together with other information which we have or are likely to have in the future.
Special categories of data – This means any information relating to:
- Racial or ethnic origin
- Political opinions
- Religious beliefs or beliefs of a similar nature
- Trade union membership
- Physical or mental health or condition
- Sexual life
- Genetic data or biometric data for the purpose of uniquely identifying you
Processing – This covers virtually anything anyone can do with personal data, including:
- Obtaining, recording, retrieving, consulting or holding it
- Organising, adapting or altering it
- Disclosing, disseminating or otherwise making it available
- Aligning, blocking, erasing or destroying it
Data Subject – The person to whom the personal data relates.
ICO – This means the UK Information Commissioner’s Office which is responsible for implementing, overseeing and enforcing the Data 7 Protection Laws.
Data Controller – This means any person who determines the purposes for which, and the manner in which, any personal data are processed.
Data Processor – This means any person who processes the personal data on behalf of the data controller.
Data Protection Laws – This means the laws which govern the handling of data. This includes the General Data Protection Regulation (EU) 2016/679 and the Data Protection Act 2018.
What Information Do We Collect and Hold?
We use your personal data for the following purposes listed in this section. We are allowed to do so on certain legal bases, please see section ‘How is processing your data lawful‘ for further detail.
Information provided by you as part of our client onboarding processes, we will require your company details, your full name, your email address and you may also provide us with a phone number, these details will be stored in a restricted access folder on our DropBox and may be provided to our third-party accountant. If you share any additional data that contains personal information, that data will also be processed and stored by us as necessary for providing you with the Service.
Information provided from your use of our website, we may gather certain information about you such as your general location and IP address for analytics. Your operating system, version, browser and browser version, and device type may also be collected. This information is not stored by us at any time.
Information about your browsing activity on our website as well as data about which pages you visited may be collected by third-parties in the interests of providing live support and issue troubleshooting should a problem occur while you are browsing the website. Although this data is gathered by a third-party, access to it is restricted to ourselves.
Transferring data to our servers by means of Dropbox, Sharepoint, Wetransfer, MS Teams etc, will provide us with temporary access to the files that you select. Once file transfer is complete our access can be revoked and no information about your account is shared with us.
The personal data of your third parties may be provided to us by the Service User in the course of utilising our Services, such as when transferring client data to us for processing. Any information obtained in this way is restricted to being stored within our server environment that has no incoming traffic routes from the internet and the data is stored in an encrypted volume using 256 bit AES encryption and is not processed further in any way.
Information Use and Legal Basis for Processing
We use the information we collect from you for the purposes outlined below:
Fulfilling our Contract and Provision of Services
It is necessary to process your personal data and personal data of your third-parties so that we can perform the contract you have with us and to provide you with our Product and Services.
We use an anonymised version of some of your personal data in order to train our artificial intelligence systems so that they can deliver improved functionality. It is in our legitimate interests to do this in order that our artificial intelligences systems can model users and we can improve their ability. To safeguard the data, we anonymise it so that you cannot be identified from that data.
We will use your information to communicate with you on matters related to our contract with you. For example to provide you with Service notifications, with assistance should you contact us, regarding Service updates or changes in our business operations or for any other reason that we believe may be of interest to you. You may notify us at any time should you wish to be excluded from such notifications please refer to the ‘How to contact us’ section below for details on how to get in touch.
Safety and Security
We use the information we collect to promote the safety and security of the Services, our Service Users, and other parties. For example, we may use the information to authenticate Service Users, protect against fraud and abuse, respond to a legal request or claim, conduct audits, and enforce our terms and policies.
Transfer of Personal Data
As Elerian Conversational AI Ltd operates a global service, it may be necessary to transfer your data and information to other countries for processing. We rely on numerous legal bases to lawfully transfer personal information, including your consent and EU model contractual clauses, which contain certain security and privacy protections.
Third Party Access to Your Personal Data
Below lists one some of our key service providers that act acts as our processors and with whom we share your personal data.
Who information is shared with:
- Amazon web services- host and provide our service infrastructure
- Dropbox – our document management system
- Microsoft O365 – Our email and instant messaging platforms
Our Sub-contractors are heavily vetted in our recruitment process and are required to provide and verify personal details, produce a valid form of identification and who are contractually bound by strict confidentiality and data protection clauses. A copy of the relevant clauses can be made available on request.
How we keep your data secure
We use technical and organisational measures to safeguard your personal data. Whilst we will use all reasonable efforts to safeguard your personal data, you acknowledge that the use of the internet is not entirely secure and for this reason we cannot guarantee the security or integrity of any personal data that are transferred from you or to you via the internet.
If you have any particular concerns about your information, please see the ‘How to contact us’ section below.
When will we delete your data?
- We will retain your personal data as long as is necessary for us to provide you with our services.
- Your Contact and billing information is retained for the longer of up to seven (7) years as is necessary for tax and legal purposes, or as long as you remain a client of ours.
- Any Media (including audio, video, transcripts etc) are stored for between 90 days and 120 days from date of completion or termination of a contract, unless we receive a request from you for return of the data within 30 days of that completion or termination date.
- In the event that personal data is processed but no contract is entered into, your data will be removed from our systems between 90 and 120 days after the date of receipt.
Know Your Data Rights
As a data subject, you have the following rights under the Data Protection Laws:
- the right to object to processing of your personal data (not relevant for you under this Privacy Notice)
- the right of access to personal data relating to you
- the right to correct any mistakes in your information
- rights in relation to automated decision making (not relevant for you under this Privacy Notice)
- the right to restrict or prevent the processing of your personal data
- the right to have your personal data ported to another controller (e.g. if you decided you wanted to give your information to another service provider or you just wanted a copy)
- the right to erasure
- the right to withdraw consent to your personal data being processed
These rights are explained in more detail below, but if you have any comments, concerns or complaints about the use of your Personal Data by us, please refer to the “How to contact us” section of this policy. We will respond to any rights that you exercise within a month of receiving your request, unless the request is particularly complex, in which case we will respond within three months. Please be aware that there are exceptions that apply to some of the rights so not all of them apply to the processing we do under this Privacy Notice.
You have a right to object to us processing your personal data where we rely on a legitimate interest as our legal grounds for processing. If you object to us processing your personal data we will no longer be able to process your personal data or provide you with our services, unless we can demonstrate compelling grounds for continuing to do so. We believe we have demonstrated compelling grounds in the section headed “How is processing your personal data lawful“. Where we process your personal data on grounds of consent then you can withdraw consent to at any time. Please refer to the ‘How to contact us’ section below
You have a right to ask to see what personal data we hold about you and be provided with:
- a copy
- details of the purpose for which it is being or is to be processed
- details of the recipients or classes of recipients to whom it is or may be disclosed, including if they are overseas and what protections are used for those oversea transfers
- the period for which it is held (or the criteria we use to determine how long it is held);
- any information available about the source of that data; and
- whether we carry out any automated decision-making, including profiling, and where we do information about the logic involved and the envisaged outcome or consequences of that decision or profiling.
- To help us find the information easily, please provide us as much information as possible about the type of information you would like to see.
You have a right to correct any mistakes in your information free of charge. If you would like to do this, please:
- Contact us by your preferred method, refer to the section “How to contact us” below
- let us know the information that is incorrect and how it needs to be corrected
- provide enough information for us to identify you
You have a right to restrict processing of Personal Data and may request that we stop processing your personal data temporarily if:
- you do not think that your data is accurate. We will start processing again once we have checked whether or not it is accurate
- the processing is unlawful, but you do not want us to erase your data
- we no longer need the personal data for our processing, but you need the data to establish, exercise or defend legal claims
- you have objected to processing because you believe that your interests should override our legitimate interests
You have a right to ask for copies of your personal data (data portability), which you have provided to us as part of your use of our services and which we hold electronically. You can also ask us to provide this directly to another party.
You have a right to erasure and can ask us to delete your personal data where:
- you do not believe that we need your data in order to process it for the purposes set out in this Privacy Notice
- if you had given us consent to process your data, you withdraw that consent and we cannot otherwise legally process your data
- you object to our processing and we do not have any legitimate interests that mean we can continue to process your data
- your data has been processed unlawfully or have not been erased when it should have been
What will happen if your rights are breached?
You may be entitled to compensation for damage caused by contravention of the Data Protection Laws.
Changes to this privacy notice
If in the case that any amendments are required for this Privacy Notice, we will post details online on our website www.elerian.ai . In addition, if we believe that any changes have a significant impact on you we will ensure that you are contacted directly advising of the modifications.
How to contact us
If you have any questions or concerns about this Privacy Notice or our use of your personal data, then please contact us via email at firstname.lastname@example.org. Alternatively, you may contact us by post at Elerian Conversational AI Limited, 8 Coldbath Square, EC1R 5HL United Kingdom.
Complaints to the regulator
If you believe that there has been a breach of your data processing rights in relation with this notice please contact us as soon as possible in order to resolve the matter. Similarly, you have the right to complain to your local data protection regulator or to the Information Commissioner’s Office (the UK’s independent supervisory authority). Information about how to do this is available on the ICO’s website, at www.ico.org.uk.