Mentalok Logo

Privacy Policy

Last Updated: 28 December, 2024
Version: v2.0

Welcome to MENTALOK.IO!

The MentaLab platform is dedicated to delivering products and services related to Natural Language Processing (NLP) and Large Language Models (LLM), utilising both our own offerings and those provided by third parties with whom we collaborate.

We place great importance on the security of your personal data and are committed to creating a secure online environment for our users. This Privacy Policy outlines the purposes, methods, scope, and security measures associated with the collection, use, storage, sharing, transfer, and processing of your personal information as we provide our products and services to you. Additionally, it details your rights regarding access, correction, supplementation, and deletion of your personal information. To enhance your understanding, we have employed clear and straightforward language and defined key terms in "Appendix 1 - Glossary of Terms," which is attached for your reference.

This Privacy Policy is not applicable to services provided by third parties that utilise our products or services, such as our API, to deliver their own offerings to end users. In cases where a third party serves as a personal information processor—by presenting, linking, or repackaging our products and services—end users are required to comply with the privacy policy of that third party. We do not possess insight into, nor control over, the purposes for which third parties collect and utilise personal information. Consequently, we strongly advise end users to thoroughly review and exercise caution when engaging with such third-party services.

Before using MentaLab products and services, it is imperative that you read and fully comprehend this Privacy Policy. By using the relevant products or services, you acknowledge that you have understood and agreed to the terms outlined in this Privacy Policy. Should you have any enquiries regarding this Privacy Policy, please do not hesitate to contact us at the email address provided (info@mentalok.io). If you do not agree with the terms of this Privacy Policy, you must cease using MentaLab products and services immediately.

Key Definitions and Terms Used in This Privacy Policy

Before proceeding with our privacy policy, we would like to clarify several important terms that you will encounter throughout this document.

Whenever we mention "MENTALOK.IO" or "MentaLab", we are referring to Mentalok (Hong Kong) Limited. Our company structure includes various affiliates, which comprise our subsidiaries and associated entities under our consolidated statement, along with any organisations that either control us, are controlled by us, or share common control with us. In this context, "control" means having the ability to influence a company's management, whether through ownership, voting rights, contractual arrangements, or other legally binding methods.

Throughout this document, "you" refers to any individual who uses our products or services, including those who purchase our paid offerings. We distinguish this from "your end user", which specifically refers to individuals who interact with our MentaLab service through your product or service implementation. When we mention "this platform", we are specifically referring to the MentaLab platform.

Regarding data-related terminology, "personal information" encompasses any electronically or otherwise recorded information that could either independently or in combination with other data, identify an individual or reveal their behavioural patterns. The person to whom this information relates is referred to as the "personal information subject".

Understanding these terms is crucial for comprehending our privacy practices and your rights under this policy.

1.0. Collection and Use of Your Personal Information

1.1. Personal Information Collected During Your Use of Our Products and Services

We may collect and utilise your personal information to fulfil the essential business functions of our platform. Below is a comprehensive outline of our core business functions and the types of information required to achieve these functions. We will only collect and use such personal information with your explicit consent:

1.1.1. Account Registration/Login

To register or log in to your account, you must provide your email address or phone number along with a password. Alternatively, you may opt to register via a third-party account, in which case we will gather information from your third-party account. If you register as a corporate user, you may also provide us with basic business information such as your name, work email, position and company name to complete your account registration.

1.1.2. Utilisation of Paid Services/Products

When you engage with our paid services/products, we will collect necessary payment details including your order information, billing address, billing contact and payment information to facilitate invoicing and the payment process for your orders.

1.1.3. User Input Information

While using our products/services, we will collect any personal information contained in the content you input, files you upload, or feedback you provide (collectively referred to as "Input Information") to generate content tailored to your needs. Please be aware that failure to provide such information will prevent you from accessing the corresponding services/products. We will not retain Input Information that could be used to identify a user, nor will we create user profiles based on Input Information and usage. If you choose to use voice input, you must grant microphone permissions; otherwise, you will be unable to input content via voice.

1.1.4. Communication Information

If you reach out to us through any communication channels, we may collect your name, contact details and any messages you send us during our communications (collectively referred to as "Communication Information") to verify your identity and address any issues you raise.

1.1.5. Browsing and Login Data

When you browse or log in to use our products/services, we may collect your user-side system time, time zone, and IP address. This information allows us to monitor user traffic based on system time, time zone, and IP address, enabling us to conduct data analysis to maintain the security of our system.

1.1.6. Cookie and Browser Information

We will collect cookie data to identify logged-in users. Additionally, we will gather your selected browser language while using our services, allowing us to adjust the website language accordingly for your convenience. Furthermore, we collect technical browser information to identify details about your browser type and version, ensuring compatibility with browser APIs and enhancing your experience on our platform.

1.1.7. Collection and Processing of End-User Information

a) Purpose of Collection

When end users interact with our chatbot service (as integrated into our business clients' platforms), we collect personal information including but not limited to names, contact numbers, email addresses, and enquiry details. This information is necessary to:

  • Enable our business clients to follow up on sales leads
  • Provide personalised responses to end user enquiries
  • Maintain conversation context for better service
  • Improve our services and develop new features
  • Analyse usage patterns and optimise performance
b) Information Flow and Processing
  • The collected personal information will be made available to our business clients through their designated dashboard/interface
  • Personal information will be retained for the duration of the business relationship with our clients and for a reasonable period thereafter for legitimate business purposes, including:
    • Analysis of operational data
    • Historical record keeping
    • Archiving purposes
    • Legal compliance
  • We do not use your data to train our AI models
  • We implement strict access controls and user permissions to ensure data security
c) Data Storage and Security
  • All data is stored in Singapore
  • We implement encryption both at rest and in transit
  • We utilise rate limiting and domain allowlist controls
  • Access to personal information is strictly limited to authorised personnel
  • Regular security audits and updates are performed to maintain data protection
d) Data Protection Responsibilities
  • We act as a data processor on behalf of our business clients
  • Our business clients remain the data controllers and are responsible for obtaining necessary consents from their end users
  • We implement appropriate security measures to protect all collected personal information
  • We maintain compliance with applicable data protection regulations

1.2. Personal Information Acquired from Third Parties

1.2.1. Acquisition of Data from Third Parties

We may obtain your personal information from a third party (partner) with your explicit consent. In this context, the third party acts as a data processor (controller) of your personal information. The type and extent of personal information shared with the third party, as well as the methods of sharing, will be determined by the third party based on its products and services. We encourage you to carefully review the privacy policy and user agreement of the third party. We will process your personal information under the authority of the third party strictly in accordance with the contract established between us and the third party. We assure you that your personal information will be handled in full compliance with the terms of the contract and applicable laws.

1.2.2. Utilisation of Publicly Available Information

We may collect and appropriately utilise publicly available information about you from websites and other public channels, or acquire business information that your company has publicly disclosed from third parties. This information aids us in gaining a better understanding of our customer base, including your industry, company size, and website URL.

Please note that if such information cannot individually or collectively identify you, it will not be classified as personal information under the law. Conversely, if your information can identify you either individually or in conjunction with other information, or if we use any data that cannot be linked to specific personal information in combination with your other personal information, such information will be treated and protected as your personal information in accordance with this Privacy Policy during the period of combined use.

2.0. Utilisation of Cookies and Similar Technologies

When you utilise our services, we will store small data files known as Cookies on your computer or mobile device to ensure the proper functioning of our website. Cookies typically contain identifiers, site names, and various numbers and characters. The primary functions of Cookies are to facilitate your use of our platform's products and services and to assist our website in counting unique visitors. Through Cookies, we can offer you more personalised services and allow you to set specific service options. When you engage with our platform's products and/or services, we will send Cookies to your device. When you interact with services provided by us to partners, we permit Cookies (or other anonymous identifiers) to be sent to our servers.

We will not utilise Cookies for any purpose other than those outlined herein. You have the option to manage or delete Cookies according to your preferences. You can clear all Cookies stored on your computer, and most web browsers have the functionality to block Cookies. Consequently, if you choose to do this, you may need to adjust your user settings each time you visit our website, and you may be unable to log in or utilise the services or functions provided by MentaLab that rely on Cookies.

For further information regarding the types of Cookies we use, their purposes, and how to control them, please refer to AboutCookies.org.

3.0. Authorisation and Consent of End Users

This section pertains to third parties (partners) who are our business associates. You should be aware that you may access, integrate, or apply our MentaLab services into your products or services, and your end users may provide personal information while using your products or services. In this case, you, as the data processor (controller) of the end users' personal information, will determine the type and scope of personal information collected from end users, the methods of collection and processing, and whether to entrust us with processing the personal information about end users provided by you. You acknowledge and agree that we will provide data processing services based on your instructions; however, we cannot control or determine how you collect, use, and provide data belonging to your end users.

By accepting this Privacy Policy and accessing, integrating, or applying our products or services into your own offerings, you acknowledge and guarantee that:

  • You have informed end users of the following and obtained their full, necessary, and explicit authorisation, consent, and permission: you will collect and use the end users' personal information necessary for providing services, and you will entrust us to process their personal information (including its transmission and storage in Singapore). Additionally, you shall fully inform end users of the risks associated with such entrusted processing and obtain their express consent;
  • Unless otherwise stipulated by applicable laws, you have informed end users of the following and obtained their full, necessary, and explicit authorisation, consent, and permission: you will allow us to process the personal information you provide to us and to use the personal information of end users for the purposes and uses outlined in Section 1 hereof, subject to applicable laws and regulations. You have fully informed end users of the relevant terms of this Privacy Policy, including presenting this Privacy Policy, its updates, and hyperlinks to end users.
  • You have complied with and will continue to comply with applicable laws, regulations, and regulatory requirements, including but not limited to developing and publishing relevant policies regarding the protection of personal information and privacy;
  • You have provided end users with an easily accessible mechanism to exercise their rights, which describes how and when users can exercise their rights to be informed and make decisions regarding the processing of their personal information, access and/or copy, correct and/or supplement their personal information, request us to delete their personal information, request us to explain relevant personal information processing rules, and also describes the rights of close relatives regarding personal information. When an end user requests to exercise their rights and such request involves our obligations (such as deleting the user's personal information), you shall notify us within a reasonable period of time or ask the end user to inform us, and we will respond to such requests in accordance with the provisions of this Privacy Policy, the contract signed by you and us, and applicable laws.

4.0. Sharing, Transfer, and Disclosure of Your Personal Information

4.1. Sharing of Personal Information

We are committed to protecting your personal information and will not share it with any third party, except under the following circumstances:

  • 4.1.1. With Your Explicit Consent: We will only share your personal information with other parties after obtaining your explicit consent.
  • 4.1.2. Legal Compliance: We may share your personal information as required by applicable laws, regulations, legal procedures, or governmental requests, including those related to national security, emergency services, or law enforcement.
  • 4.1.3. Protection of Interests: We may disclose your personal information to a third party when necessary to protect your interests or those of the public, property, or safety, as permitted by law.
  • 4.1.4. Public Disclosure: If you have publicly disclosed your personal information, or if we can lawfully obtain it from other public channels, we may share it accordingly.
  • 4.1.5. Sharing with Affiliates: Your personal information may be shared with our affiliates, but only the necessary information will be shared in accordance with this Privacy Policy. Should an affiliate wish to change the purpose of processing your personal information, we will seek your consent again.
  • 4.1.6. Service Partners: To enhance the quality of our products and services, we may engage service partners, including third-party service providers, contractors, or agents, to process certain personal information on our behalf. For instance, third-party suppliers may send emails, push notifications, or conduct statistical analyses of de-identified information for us.

We will enter into strict confidentiality agreements or data processing agreements with any company, organisation, or individual entrusted with processing your personal information. These agreements will specify the entrusted matters, processing purposes, duration, methods, types of personal information to be processed, protection measures, and the rights and obligations of both parties. We will ensure that such entities process personal information in strict compliance with our requirements, this Privacy Policy, and relevant confidentiality and security measures. We will oversee the personal information processing activities of these third-party service providers. Should these third parties change the purpose of processing your personal information, they must seek your consent again, and we will monitor compliance. If you refuse to allow our service partners to collect or use the necessary personal information for providing services, you may be unable to access certain services offered by these partners within our products and services.

4.2. Transfer of Personal Information

We will not transfer your personal information to any company, organisation, or individual unless:

  • 4.2.1. With Your Explicit Consent: We will only transfer your personal information after obtaining your explicit consent.
  • 4.2.2. Public Disclosure: If you have publicly disclosed your personal information, or if we can lawfully obtain it from other public channels, we may proceed with the transfer.

In the event of a merger, acquisition, or bankruptcy liquidation involving the transfer of personal information, we will inform you of the name or contact information of the recipient and will require the new entity holding your personal information to adhere to this Privacy Policy. If the transfer does not involve personal information, we will fully inform you and delete or anonymise all personal information under our control within fifteen business days.

We will ensure that any third party involved in the transfer is required, through agreements or otherwise, to implement appropriate confidentiality and security measures when handling personal information.

4.3. Public Disclosure of Personal Information

4.3. Public Disclosure of Personal Information

Subject to applicable laws and regulations, we will not publicly disclose your personal information without your explicit consent.

5.0. Storage of Your Personal Information

5.1. Storage Location

Your personal information is primarily stored in Singapore. Our infrastructure employs industry-standard security measures, including:

  • Encryption at rest and in transit
  • Access control mechanisms
  • Regular security audits
  • Continuous monitoring systems
  • Backup and disaster recovery protocols

5.2. Storage Period

We retain your personal information for:

  • The duration of your business relationship with us
  • A reasonable period thereafter for:
    • Analysing operational data
    • Historical record keeping
    • Archiving purposes
    • Legal compliance
  • We will delete or anonymise your personal information upon:
    • Your verified request
    • Termination of the business relationship
    • When the data is no longer necessary for the purposes collected
  • Exception: We may retain certain information if required by law or for legitimate business purposes, such as:
    • Financial records (as required by tax laws)
    • Dispute resolution
    • Security incident investigation
    • Compliance with legal obligations

6.0. Protection of Your Personal Information

6.1. We are committed to safeguarding the information you provide by implementing safety measures that meet industry standards. These measures are designed to prevent unauthorised access, disclosure, use, alteration, damage, or loss of your data. We will take all reasonably practicable steps to ensure the security of your information. For instance, data exchanges between your browser and our services will be secured using SSL encryption. Our website will also utilise HTTPS, and we will employ encryption technology to maintain the confidentiality of your data. Additionally, we will implement trusted protection mechanisms to guard against malicious attacks, establish access control measures to restrict personal information access to authorised personnel only, and conduct regular security and privacy training for our employees to enhance their awareness of the importance of protecting personal information.

6.2. Our data security capabilities encompass a comprehensive security framework based on the data life cycle, which includes data collection, transmission, storage, usage, circulation, archiving, deletion, and other processing stages.

6.3. We will take all reasonably practicable measures to avoid the collection of unrelated personal information. Your personal information will be retained only for the duration necessary to fulfil the purposes outlined in this policy, and we will employ technical measures, such as encryption, to protect the stored information.

6.4. It is important to note that the internet does not guarantee absolute security. Communication methods such as email and instant messaging are not encrypted, and we strongly advise against sending personal information through these channels. We recommend using complex passwords and changing them regularly to help ensure the security of your account.

6.5. While we strive to maintain the security of any information you send to us, no online environment is entirely safe. We have made necessary and reasonable efforts to protect your data; however, there remains a risk of personal harm, property loss, reputational damage, and other losses due to data theft, unauthorised access, or misuse. You acknowledge this risk and voluntarily assume responsibility for it.

6.6. In the unfortunate event of a personal information security incident, we will promptly notify you, as required by applicable laws and regulations. This notification will include essential information about the incident, its potential impacts, the measures we have taken or will take in response, recommendations for mitigating risks, and any remedies available to you. We will communicate relevant information regarding the incident through methods such as email or notification push. If it is impractical to inform each affected individual individually, we will employ reasonable and effective methods to make public announcements. Furthermore, we will actively report the progress of our response to personal information security incidents to the relevant regulatory authorities.

7.0. Exercising Your Rights Regarding Personal Information

We place significant importance on your management of personal information and strive to protect your rights to access, view, copy, modify, supplement, and delete your personal information, thereby ensuring your privacy and data security.

7.1. Right to Be Informed and Make Decisions

7.1.1.

This Privacy Policy outlines how we process your personal information. We are dedicated to maintaining transparency in our use of your data; therefore, we will remind you of this Privacy Policy and provide you with the opportunity to make an informed decision regarding your consent when you first register or each time you log into your account. You may also view the complete Privacy Policy at any time, as detailed in the section titled [How We Update and Revise This Privacy Policy].

7.1.2.

In the event that our products cease operation or service, we will immediately halt the collection of your personal information, notify you of this change either individually or through a public announcement at least thirty calendar days in advance, and delete or anonymise all personal information we hold within fifteen business days following the formal cessation of service.

7.2. Right of Access

7.2.1.

You may directly view or access your personal information on our website by logging into your account at any time on the relevant product page. Should you encounter any difficulties in accessing your personal information or exercising your right to access, please contact us as outlined in the section titled [How You Contact Us].

7.3. Rights of Correction and Supplementation

7.3.1.

If you wish to exercise your rights to correct or supplement your data, such as editing corporate or individual information in your account, changing your password, or adding information, you may do so by accessing the Personal Content of MentaLab.

7.3.2.

If you are unable to make corrections or supplements to your personal information independently or face any issues while exercising this right, please reach out to us as specified in the section titled [How You Contact Us].

7.4. Right of Deletion

7.4.1.

You may request the deletion of your personal information by contacting our customer service at info@mentalok.io if:

  • We have collected and used your personal information in violation of applicable laws and regulations;
  • We have collected and used your personal information in breach of the agreement between you and us;
  • We have collected and used your personal information without your consent;
  • We have shared or transferred your personal information to a third party in violation of laws and regulations or the agreement between you and us, in which case we will immediately cease such actions and notify the third party to delete the information promptly;
  • We have publicly disclosed your personal information in violation of laws and regulations or the agreement between you and us, in which case we will immediately stop such actions and inform the relevant recipients to delete it;
  • You no longer utilise our products or services, or you have cancelled your account;
  • We have ceased to provide you with our products or services.

7.4.2.

In processing your deletion request, we may need to verify your identity to ensure account security. Your personal information will be deleted within fifteen business days of responding to your request, unless otherwise mandated by laws and regulations. Please be aware that if you request the deletion of specific personal information about a user, that user may be unable to continue using our products and services.

7.5. Withdrawal of Your Authorisation

7.5.1.

Generally, our business functions can be performed with the basic personal information collected. You may contact our customer service at info@mentalok.io to withdraw your consent regarding the collection and use of your personal information. Upon withdrawal of your consent, we will cease to collect and use your relevant personal information. However, please note that withdrawing your consent may prevent us from providing specific functions and/or services associated with that consent. Withdrawal of consent will not affect our processing of your personal information that was conducted with your consent prior to such withdrawal.

7.6. Account Cancellation

7.6.1.

You may cancel your registered account at any time by following the relevant instructions provided in the documentation for account deletion. Please be aware that cancelling your MentaLab account will result in the permanent loss of your rights to the account and any associated data. We will assist you with the account cancellation process after verifying your identity and ensuring that all assets in your account are appropriately managed through consultations with you. Following the cancellation of your MentaLab account, we will cease to provide you with our products or services and will delete or anonymise your personal information within fifteen business days upon your request, unless otherwise stipulated by laws and regulations.

7.7. Refusal of Notification Push

7.7.1.

We may send marketing messages to your email address or phone number. You have the option to opt out of receiving marketing emails/messages from MentaLab by following the unsubscribe/opt-out instructions included in the received communications, or by directly indicating your preference not to receive marketing calls from MentaLab. Additionally, you may contact customer service at info@mentalok.io to opt out of future marketing emails/messages.

7.7.2.

Please note that even if you opt out of marketing communications, we may still send you non-promotional information related to updates of our Service Terms or Privacy Policy, security alerts, and other notifications pertinent to your access or use of our products and services.

7.8. Protection of Deceased Individuals' Personal Information

7.8.1.

In the unfortunate event of a user's (individual only) death, the close relatives of the deceased may exercise the rights to access, copy, correct, or delete the personal information of the deceased for their legitimate and proper interests, unless otherwise specified by the deceased user during their lifetime.

7.8.2.

To fully protect the personal information rights of the deceased user, the close relative applying to exercise the rights specified in this section must submit the identification document and death certificate of the deceased user, their own identification document, proof of relationship with the deceased, the type of rights they wish to exercise, and the purpose of the request, in accordance with the process designated by us or our customer service instructions. Further information regarding the protection process, conditions, and related matters concerning the personal information of the deceased user can be obtained using the contact details specified in this Privacy Policy.

7.9. Response to Your Requests

7.9.1.

For security purposes, we may need to verify your identity before processing your requests. You may be required to provide written documentation or other proof of identity. In principle, we will respond to all requests made under this section within fifteen business days after receiving and verifying your identity.

7.9.2.

We generally do not charge fees for reasonable requests as described above. However, we may refuse requests that are unreasonably repetitive, require excessive technical means (such as the development of new systems or fundamental changes to current practices), pose risks to the legitimate rights and interests of others, or are highly unrealistic (such as requests involving information stored on backup tapes).

7.9.3.

We will be unable to respond to your requests under any of the following circumstances:

  • Related to our fulfilment of obligations under laws and regulations;
  • Directly related to public security, public health, or significant public interests;
  • We have sufficient evidence that you have acted with subjective malice or engaged in any abuse of rights;
  • For the purpose of safeguarding your or other individuals' life, property, or other significant legitimate rights and interests, where obtaining consent is difficult;
  • Responding to your request would cause serious harm to your legitimate rights and interests, or those of other individuals or organisations;
  • Involving trade secrets.

Should you have any questions regarding the exercise of the rights described above, please contact us using the contact details provided in Section 10.0 of this Privacy Policy.

8.0. Processing of Children's Personal Information

We wish to clarify that we do not permit the registration of any child, as defined by the laws of your country or region, as a user of our services. Furthermore, we do not accept any personal information pertaining to children that you may provide. We advise you to exercise caution when sharing information. If you are a partner whose application is specifically designed for children, it is imperative that you obtain the consent of the child's guardian prior to collecting, using, or providing the child's personal information to us. You should also ensure that the guardian is made aware of and agrees to the privacy policy associated with the products and services you offer, as well as this Privacy Policy.

Due to the limitations of current technologies and business practices, it is challenging for us to proactively identify information pertaining to children. Should a guardian become aware of any unauthorised collection of a child's personal information, they may contact us to request its deletion. In instances where we discover such occurrences, we will take immediate action to delete the information, unless we are legally required to retain it.

9.0. Updates and Revisions to this Privacy Policy

In our commitment to providing you with enhanced services, our platform and related services will undergo updates and modifications from time to time. Consequently, we will revise this Privacy Policy as necessary. Any amendments to this Privacy Policy will form an integral part of it and will carry the same legal weight. We will not diminish your rights under this Privacy Policy without your explicit consent.

We will publish the updated policy on our official website or communicate it to you via email or message. Additionally, we will notify you of any significant changes in a timely manner before the new terms take effect, ensuring you remain informed of the latest version of this Privacy Policy.

By continuing to use our services after any changes to this Privacy Policy, you acknowledge and accept the updated terms. If you wish to express your disagreement with any changes, please contact us directly at info@mentalok.io. For any material changes, we will provide more prominent notifications, which may include emails and/or announcements detailing the specific alterations to this Privacy Policy. Therefore, we encourage you to review and understand the privacy policy applicable to you at all times. If you do not agree with the terms of this Privacy Policy, you must cease accessing and using our services.

The term "material changes" as referenced in this Privacy Policy encompasses, but is not limited to, the following:

  • Significant alterations in our service model, including the purpose of processing personal information, the types of personal information processed, and the manner in which personal information is utilised;
  • Major changes in our ownership or organisational structure, such as ownership transfers due to business adjustments, bankruptcy, mergers, or acquisitions;
  • Changes regarding the primary entities with whom personal information is shared, transferred, or publicly disclosed;
  • Significant modifications to your rights concerning personal information processing and the methods by which you may exercise those rights;
  • Changes to our responsible department, contact information, and channels for lodging complaints regarding personal information protection;
  • Any high-risk factors identified in a personal information impact assessment report.

This Privacy Policy and its updates are an essential component of the MentaLab User Service Agreement. MentaLab reserves all rights not expressly granted under this Privacy Policy.

10.0. Contacting Us

At MentaLab, we are dedicated to addressing any disputes that may arise concerning our data protection practices. We have established a specialised privacy protection team to assist you. Should you have any questions or require assistance, please do not hesitate to reach out to our privacy protection group via email at info@mentalok.io.

For enquiries, comments, or complaints regarding your account information, personal information, or any other documentation technologies, or to exercise your rights, please contact us at info@mentalok.io or through any other specified communication method. We aim to respond to all queries within fifteen business days.

11.0. Legal Basis for Processing Your Personal Information (Applicable to EEA)

As a partner, it is crucial for you to pay special attention to the following stipulations regarding personal information processing activities. You must comply with the General Data Protection Regulation ("GDPR") if you meet any of the following criteria:

  • You are situated in the European Economic Area ("EEA"), regardless of whether the processing activity occurs within the EU;
  • You provide goods or services (either for a fee or free of charge) to any individual within the EEA, or monitor their behaviour within the EEA;
  • You are located outside the EEA, yet the laws of any EU member state apply to you pursuant to international public law, such as embassies or consulates of EEA member states.

If you are a resident of the EEA, the legal basis for our collection and utilisation of your personal information will depend on the specific personal information in question and the context in which we collect it.

Generally, we collect personal information under the following circumstances: when it is necessary to fulfil a contract between you and us, when the processing aligns with our legitimate interests and does not infringe upon your data protection rights or fundamental rights and freedoms, or when we have obtained your explicit consent. In certain situations, we may also have a legal obligation to collect personal information from you, or we may need the information to protect your or others' vital interests. For instance, we may disclose your personal information as required by relevant authorities for public safety purposes or in response to requests from law enforcement agencies.

If you have any questions or require further clarification regarding the legal basis for our collection and use of your personal information, please do not hesitate to contact us using the details provided in the Introduction of this Privacy Policy.