Privacy Policy
Version 1.1
Dated 07.08.24
Scope of this Privacy Policy
Elnora AI delivers solutions that enable our clients to meet their strategic goals. This Privacy Policy applies to Personal Data that we collect through this website, through other Elnora AI websites on which we post this Privacy Policy, in any of our Platforms or Applications and offline when you interact with us (such as when you inquire about or purchase services from us). Depending on your relationship with us, additional privacy notices may apply.
Data Controller
For the purposes of the EU General Data Protection Regulation (and the UK version thereof, collectively GDPR) and other applicable laws, “Elnora AI OÜ”, organization number 16818352 is the data controller for the collection and further processing of Personal Data that we collect through this website. When we refer to Elnora AI throughout this Privacy Policy, we refer to the relevant group entity/entities acting as the data processor and/or data controller.
Contact Us/Questions/Complaints
If you have questions or complaints regarding Elnora AI's handling of Personal Data, please contact contact@elnora.ai
What Personal Data Do We Collect?
We collect information, including Personal Data, directly from you, from other persons, and automatically as you use our website and services (collectively, our "Services").
The Personal Data that we collect in our capacity as a data controller (“Personal Data”) is predominantly:
1. Services Information: Information when you use our Platform or Applications. Information to provide our services to you or to a business that has or may have a professional relationship with you.
-
Account Information: When you create an account with us, we collect information associated with your account, including your name, contact information, account credentials, payment card information, and transaction history
-
Input to the Services (“Input”), and receive output from the Services based on the Input (“Output”), together (“Content”)
-
Log Data: Information that your browser or device automatically sends when you use our Services. Log data includes your Internet Protocol address, browser type and settings, the date and time of your request, and how you interact with our Services.
-
Usage Data: We may automatically collect information about your use of the Services, such as the types of content that you view or engage with, the features you use and the actions you take, as well as your time zone, country, the dates and times of access, user agent and version, type of computer or mobile device, and your computer connection.
-
Device Information: Includes name of the device, operating system, device identifiers, and browser you are using. Information collected may depend on the type of device you use and its settings.
-
Any communication or correspondence to Elnora AI
-
We may collect logs of Double Factor Authentication for Log-in purposes
-
Other Information You Provide: We collect other information that you may provide to us, such as when you participate in our events or surveys or provide us with information to establish your age or identity
2. Business Contact Information: May include information from our clients, suppliers, and other business contacts (whether current, former, or prospective).
-
Contact information such as names, email addresses, mailing addresses, and telephone numbers,
-
Job title and employer name
-
Any documents our clients upload on our platform
-
Any communication or correspondence to Elnora AI
-
Answers to our product questions and surveys
3. Website Visitor Information: Information that we collect through our website
-
Device and usage information
-
Contact information provided in connection with a request or communication
-
(IP) address used to connect your computer to the Internet
-
Cookies: We use cookies and similar technologies to operate and administer our Services, and improve your experience.
How do we use Personal Data?
We may use Personal Data for the following purposes:
-
To provide and maintain our Services;
-
To improve and develop our Services and new features and conduct research;
-
To communicate with you, including to send you information or marketing about our Services and events;
-
To prevent fraud, criminal activity, or misuses of our Services, and to protect the security of our systems and Services; and
-
To comply with legal obligations and to protect the rights, privacy, safety, or property of our users, us, our affiliates, or any third party.
Aggregated or De-Identified Information. We aggregate or de-identify Personal Data so that it can no longer be used to identify you and use this information to analyse the effectiveness of our Services, to improve and add features to our Services, to conduct research and for other similar purposes. In addition, from time to time, we may share or publish aggregated information like general user statistics with third parties. We collect this information through the Services, through cookies, and through other means described in this Privacy Policy. We will maintain and use de-identified information in anonymous or de-identified form and we will not attempt to re-identify the information, unless required by law.
Legal Basis for the Processing
Below you can find additional information about the purposes of processing each category of Personal Data, the legal bases relied upon (as well as the legitimate interests pursued, if applicable) and the categories of recipients to whom Personal Data is disclosed in connection with the respective purposes.
1. Services Information
1.1 Processing Purpose: Provide our services to you, bill our services, and process payments
-
Legal Bases:
-
Performance of a contract/taking steps to enter into a contract
-
Legitimate interests (beyond contract requirements): We have a legitimate interest in furthering relationships with our clients to facilitate the continued sales of our products and services.
-
-
Categories of Recipients:
-
Affiliates or subsidiaries, information technology services providers (hosting provider)
-
Payment service processors, billing agents, SaaS-based financial applications
1.2 Processing Purpose: Send you information about our products and services.
-
Legal Bases:
-
Legitimate interest: We have a legitimate interest in furthering relationships with our clients to facilitate the continued sales and promotion of our services.
-
Categories of Recipients:
-
Affiliates or subsidiaries, information technology services providers
-
Ad networks, data analytics providers, billing providers, advertising partners
1.3 Processing Purpose: Understand Clients' Needs and Preferences, Provide Tailored Products and Services to Clients, and Promote or sell Products toClients
-
Legal Bases:
-
Legitimate interest: We have a legitimate interest in furthering relationships with our clients to facilitate the continued sales and promotion of our services.
-
Categories of Recipients:
-
Affiliates or subsidiaries, information technology services providers
-
Ad networks, data analytics providers, billing providers, advertising partners
1.4 Processing Purpose: Safeguard and Defend Our Rights, and Meet Any Regulatory or Legal Requirements
-
Legal Bases:
-
Legitimate interest: We have a legitimate interest in safeguarding and defending our rights.
-
Compliance with legal obligations
-
Categories of Recipients:
-
Government entities, law enforcement, courts, affiliates or subsidiaries, professional services organizations
1.5 Other purposes that we provide notice of and/or seek consent, where such notice or consent is required by applicable law.
2. Business Contact Information
2.1 Processing Purpose: Communicate with Clients Throughout our Relationship, Bill our services, and process Client Payments
-
Legal Bases:
-
Performance of a contract/taking steps to enter into a contract
-
Legitimate interests (beyond contract requirements): We have a legitimate interest in performing our contracts/entering into contracts with clients and in furthering relationships with our clients to facilitate the continued sales of our products and services.
-
Categories of Recipients:
-
Affiliates or subsidiaries, information technology services providers (hosting provider)
-
Payment service processors, billing agents, SaaS-based financial applications
2.2 Processing Purpose: Understand Clients' Needs and Preferences, Provide Tailored Products and Services to Clients, and Promote or sell Products to Clients
-
Legal Bases:
-
Legitimate interest: We have a legitimate interest in furthering relationships with our clients to facilitate the continued sales and promotion of our products and services.
-
Categories of Recipients:
-
Affiliates or subsidiaries, information technology services providers
-
Ad networks, data analytics providers, billing providers, advertising partners
2.3 Processing Purpose: Safeguard and Defend Our Rights, and Meet Any Regulatory or Legal Requirements
-
Legal Bases:
-
Legitimate interest: We have a legitimate interest in safeguarding and defending our rights.
-
Compliance with legal obligations
-
Categories of Recipients:
-
Government entities, law enforcement, courts, affiliates or subsidiaries, professional services organizations
2.4 Other purposes that we provide notice of and/or seek consent, where such notice or consent is required by applicable law.
3. Website Visitor Information
3.1 Processing Purpose: Provide Our Website
-
Legal Bases:
-
Legitimate interest: We have a legitimate interest in providing a website for the public to develop and further our business.
-
Categories of Recipients:
-
Information technology services providers, group companies, data analytics providers
3.2 Processing Purpose: Contact and Provide Information Requested by Visitors
-
Legal Bases:
-
Taking steps at entering into a contract (as far as the communication directly relates to this and the data subject is a potential party to the contract)
-
Legitimate interest: (as far as the communication does not directly relate to a (potential) contract or if the data subject is not a potential party to the contract) We have a legitimate interest in communicating with you upon your request and to deal with any matters arising of that contact
-
Categories of Recipients:
-
Information technology services providers, group companies, joint marketing partners, payment processors, financial institutions
3.3 Processing Purpose: Website Analytics and Targeted Advertising
We may use software tools to measure and collect session information, including page response times, length of visits to certain pages, page
interaction information, and methods used to browse away from the page.
-
Legal Bases:
-
Legitimate interest: We have a legitimate interest in analyzing the usage of our website in order to continuously improve it and to customize it to Website Visitors’ needs and share information about our website via social media.
-
Categories of Recipients:
-
Same as above
3.4 Processing Purpose: Enable Users to Recommend Our Website via Social Plugins
-
Legal Bases:
-
Legitimate interests
-
Categories of Recipients:
-
Information technology services providers (including our hosting provider), group companies, ad networks, data analytics providers, billing providers, joint marketing partners,
-
plug-in providers listed on our website (e.g., LinkedIn)
3.5 Processing Purpose: Enable Users to Access Third-Party Content on Our Website
-
Legal Bases:
-
Legitimate interests
-
Categories of Recipients:
-
Same as above
3.6 Processing Purpose: determine disruptions and to ensure the security of our systems, including the detection and tracing of (the attempt of)
unauthorized access to our web servers
-
Legal Bases:
-
Compliance with a legal obligation (deriving from data security requirements)
-
Legitimate interest (as far as the processing goes beyond what is legally required): We have a legitimate in resolving disruptions, ensuring the security of our systems and the detection and tracing of (the attempt of) unauthorized access.
-
Categories of Recipients:
-
Information technology services providers, consultants, forensics providers
3.7 Processing Purpose: Safeguard and Defend Our Rights and Meet Any Regulatory or Legal Requirements
-
Legal Bases:
-
Legitimate interest: We have a legitimate interest in safeguarding and defending our rights.
-
Compliance with a legal obligation
-
Categories of Recipients:
-
Government entities, law enforcement, courts, advisors, other group entities.
Disclosure of Personal Data
Please note that we will disclose your information where required or permitted by law, where we believe it is appropriate to do so. Representative examples include:
-
to enforce our terms and conditions and contracts with you
-
to protect our group operations and rights
-
to protect the rights and safety of our clients and other persons
-
to comply with court orders, enforcement actions by or any other legal proceedings
-
to pursue any remedies available to us or limit damages that we may suffer
-
to respond to requests from public and governmental authorities, including public and governmental authorities outside of your country of establishment
-
to comply with any other relevant aspects of applicable laws from time to time, including applicable laws outside of your country of establishment
For these reasons, we may disclose your information to courts, government entities, legal advisors, law enforcement, and to other persons where we are required or permitted to make such as disclosure.
All the above categories exclude text messaging originator opt-in data and consent; this information will not be shared with any third parties.
Sources of Information
We may collect the above information directly from you, from your employer, and, where permitted by law, from lead generation or publicly available sources.
You directly provide Elnora AI with most of the data we collect. We collect data and process data on our website when you:
-
Register online via our Platform, Website, or Application
-
Voluntarily complete a customer survey, user testing or provide feedback on any of our message boards or via email
-
Visit our Website, Platform and Applications.
Information Collected through Cookies and Other Tracking Technologies
When you visit the website, we and our service providers/processors may use cookies and other tracking technologies (collectively, "cookies") to automatically collect information about you and your visit to our website. A cookie is a small text file containing a string of alphanumeric characters that a website stores on your device that we can later retrieve. We may use cookies that last until you close your browser ("Session Cookies") or cookies that last until they are deleted by you or your browser ("Persistent Cookies"). The information that we collect through cookies, which may be defined as Personal Data in the jurisdiction in which you reside, includes the web address you came from or are going to, device model, operating system, the type of web browser, internet service provider/mobile carrier, unique identifiers, mobile network carrier, the duration of the visit, time zone and IP address, and additional information provided by the browser or device. Whether we collect some or all of this Personal Data depends on the type of device used, your device settings, and, where required by applicable law, whether you have provided consent cookies that are not strictly necessary for the functioning of our website.
You stop or restrict the placement of cookies on your computer or remove them from your browser by clicking on Cookie Preferences by adjusting your web browser preferences or using certain browsers or tools as described below. As applicable, please note that blocking or deleting non-essential cookies may affect the website's functionality.
We also may use cookies to administer the website, store your preferences for certain kinds of information, track your movements around the website, analyze trends and gather information about website visitors, to or make emails more useful or interesting (for example, we may receive a confirmation when you open or forward an e-mail from us, if your device or settings support such capabilities). Non-affiliated entities that we engage, including data analytics providers, social media providers, and ad networks also may collect data from you on our website through cookies.
Social Plugins
We might use social plugins on the website, such as plugins for LinkedIn. If you click on the plugin, your browser will create a direct link to the other entity. Please visit the social media platform’s privacy policy for more information.
Embedded Content
We may implement the following kinds of third-party content on our website:
-
YouTube videos (YouTube is operated by Google LLC, 1600 Amphitheatre Parkway in Mountain View, California), with the applicable Privacy Policy available here;
To be able to access the third-party content on our website, you first need to activate it by confirming via click that you wish to view the video in question/listen to the podcast in question.
If you choose to activate the third-party content on our website, your browser will create a direct link to the other entity which may allow this entity to collect your Personal Data. Please visit the respective platform's privacy policy for more information.
Ad Networks
We may use ad network advertisers to serve advertisements on affiliated and non-affiliated website. This enables us and the ad network advertisers to target advertisements to you for products and services in which you might be interested. Ad network providers, advertisers, analytics providers and/or traffic measurement services may use cookies, JavaScript, web beacons (including clear GIFs), and other tracking technologies to measure the effectiveness of their ads and to personalize advertising content to you. These cookies and other technologies are governed by each entity's specific privacy policy, not this one. We may provide these advertisers with information, including Personal Data, about you.
You can also control how participating ad networks use the Personal Data that they collect about your visits to our website, and those of third parties, in order to display more relevant targeted advertising to you. You can change your preferences at any time by clicking on Cookie Preferences. Please note that any choice with regards to cookie-based advertising only applies to the web browser and device through which you exercise that choice. If you delete your cookies, you may need to reapply your choices. Additionally, you will still continue to non-personalized ads even if you opt-out of personalized advertising.
Retention
We’ll retain your Personal Data for only as long as we need in order to provide our Service to you, or for other legitimate business purposes such as resolving disputes, safety and security reasons, or complying with our legal obligations. How long we retain Personal Data will depend on a number of factors, such as:
-
Our purpose for processing the data (such as whether we need to retain the data to provide our Services);
-
The amount, nature, and sensitivity of the data;
-
The potential risk of harm from unauthorized use or disclosure of the data;
-
Any legal requirements that we are subject to.
In some cases, the length of time we retain data depends on your settings.
For example, Elnora AI data controls offer you the ability to turn off chat history. When chat history is disabled, the conversation will not appear in your history and we will permanently delete new conversations after 30 days and review them only as needed to monitor for and investigate abuse.
Your Rights
Choices of Business Contacts and Website Visitors (collectively "you" or "your" for this section)
Some jurisdictions, such as countries within the EU and the UK give you a right to make the following choices regarding your Personal Data:
Access to Your Personal Data:
You may request access to your Personal Data or confirmation that we have and/or process information about you.
Changes to Your Personal Data:
We rely on you to update and correct your Personal Data. You may ask us to correct information that is inaccurate or incomplete. Note that we may keep historical information in our backup files as permitted by law.
Deletion of Your Personal Data:
You may request that we delete your Personal Data. If required by law, we will grant a request to delete, block, or anonymize the information, as applicable, but you should note that in many situations, we must keep your Personal Data to comply with our legal obligations, resolve disputes, enforce our agreements, or for another business purposes.
Revocation of Consent:
When we process your Personal Data based upon consent, you may revoke consent. Please note that if you refuse to provide your consent, or revoke your consent, for the processing of Personal Data, then we may no longer be able to provide you services. If you have agreed to receive marketing communications, you may always opt-out at a later date. You have the right at any time to stop Elnora AI from contacting you for marketing purposes.
Contact Information for Exercising Rights
If you are in the EU and the UK may exercise the rights described above by contacting contact@elnora.ai
If you are not satisfied with our response, and are in the EU or UK, you may have a right to lodge a complaint with your local supervisory authority.
Safeguards
Elnora AI takes measures in an effort to safeguard the Personal Data in our possession. Please note that no measures are 100% secure.
A note about accuracy: Services like Elnora AI generate responses by reading a user’s request and, in response, predicting the words most likely to appear next. In some cases, the words most likely to appear next may not be the most factually accurate. For this reason, you should not rely on the factual accuracy of output from our models. If you notice that output contains factually inaccurate information about you and you would like us to correct the inaccuracy, you may submit a correction request to contact@elnora.ai. Given the technical complexity of how our models work, we may not be able to correct the inaccuracy in every instance. In that case, you may request that we remove your Personal Data from Elnora AI’s output by reaching out to contact@elnora.ai.
Cross-border Transfers
Your Personal Data may be stored and processed in any country where we have facilities or in which we engage service providers, and by using our Applications you understand that your information may be transferred to countries outside of your country of residence, which may have data protection rules that are different from those of your country. In certain circumstances, courts, law enforcement agencies, regulatory agencies or security authorities in those other countries may be entitled to access your Personal Data
If you are located in the EEA: Some of the non-EEA countries are recognized by the European Commission as providing an adequate level of data protection according to EEA. For transfers from the EEA to countries not considered adequate by the European Commission, we have put in place adequate measures such as Standard Contractual Clauses to protect your Personal Data.
Accessibility
If you are visually impaired, you may access this notice through your browser's audio reader.
Changes to the privacy policy
We may update this Privacy Policy from time to time. When we do, we will post an updated version on this page, unless another type of notice is required by applicable law.