Your privacy is important to us. Orga AI's policy is to respect your privacy and comply with all applicable laws and regulations regarding any personal information we may collect about you, including on our website, https://orga-ai.com, and other sites we own and operate.

Personal information is any information about you that can be used to identify you. This includes information about you as a person (such as name, address, and date of birth), your devices, payment data, and even information about how you use a website or online service.

If our site contains links to third-party sites and services, keep in mind that those sites and services have their own privacy policies. After following a link to any third-party content, you should read the information published in their privacy policy regarding how they collect and use personal information. This Privacy Policy does not apply to any of your activities after you leave our site.

Information We Collect

The information we collect is classified into one of these two categories: 'voluntarily provided' information and 'automatically collected' information.

'Voluntarily provided' information refers to any information you provide to us consciously and actively when using or participating in any of our services and promotions.

'Automatically collected' information refers to any information sent automatically by your devices when accessing our products and services.

Log Data

When you visit our website, our servers may automatically log standard data provided by your web browser. This can include your device's Internet Protocol (IP) address, browser type and version, the pages you visit, the time and date of your visit, the time spent on each page, and other details about your visit.

Additionally, if you encounter certain errors while using the site, we may automatically collect data about the error and the circumstances surrounding the incident. This data may include technical details about your device, what you were trying to do when the error occurred, and other technical information related to the issue. You may or may not receive a notice of such errors, even at the time they occur, informing you that they have occurred or what the nature of the error is.

Note that while this information may not personally identify you on its own, it may be possible to combine it with other data to personally identify individual persons.

Personal Information

We may ask you for personal information—such as when you submit content to us, register for an account, or contact us—which may include one or more of the following data:

• Name

• Email address

Legitimate Reasons for Processing Your Personal Information

We only collect and use your personal information when we have a legitimate reason to do so. In such cases, we only collect personal information that is reasonably necessary to provide you with our services.

Collection and Use of Information

We may collect personal information provided by you when you take any of the following actions on our website:

• Registering to create an account

• Using a mobile device or web browser to access our content

• Contacting us via email, social media, or any similar technology

• When you mention us on social media

We may combine voluntarily provided personal information and automatically collected information with general information or research data we receive from other reliable sources. For example, our marketing and market research activities may uncover data and insights that we can combine with information about how visitors use our site to improve our site and their experience on it.

Security of Your Personal Information

When we collect and process personal information, and while we retain this information, we will protect it using commercially acceptable means to prevent loss and theft, as well as unauthorized access, disclosure, copying, use, or modification.

Although we will do our best to protect the personal information you provide to us, please be aware that no method of transmission or electronic storage is 100% secure, and nobody can guarantee absolute security of data.

You are responsible for selecting the password and its overall security level, which will determine the security of your own information within the boundaries of our services. For example, you should ensure that passwords associated with access to your personal information and your accounts are secure and confidential.

How Long We Retain Your Personal Information

We retain your personal information only for as long as is necessary. This period may depend on for what we are using your information under this Privacy Policy. For example, if you have provided us with personal information as part of creating an account with us, we may retain this information for as long as your account exists in our system. If your personal information is no longer needed for that purpose, we will delete it or anonymize it by removing all details that identify you.

However, we may retain your personal information if we need it to comply with a legal, accounting, or reporting obligation, or for public interest archiving, scientific or historical research, or statistical purposes.

Children's Privacy

None of our products and services are directed at children under the age of 13, and we do not knowingly collect personal information about children under the age of 13.

Disclosure of Personal Information to Third Parties

We may disclose personal information to:

• a parent company, subsidiary, or affiliate of our company

• third-party service providers in order to enable them to provide their services, including (without limitation) IT service providers, data storage providers, hosting and servers, analytics, error loggers, debt collectors, maintenance or troubleshooting providers, marketing providers, professional advisors, and payment system operators

• our employees, contractors, and/or related entities

• our existing or potential business agents or partners

• credit reporting agencies, courts, tribunals, and regulatory authorities, in the event you fail to pay for the goods or services we have provided to you

• courts, tribunals, regulatory authorities, and law enforcement agents, as required by law, in connection with any ongoing or future legal proceedings, or to establish, exercise or defend our legal rights

• third parties, including agents or subcontractors, who assist us in providing you with information, products, services or direct marketing

• third parties for collecting and processing data

• an entity that buys, or to which we transfer all or virtually all of our assets and businesses

The third parties we currently use include:

• Google Analytics

• Framer Inc.

• MailChimp

International Transfers of Personal Information

The personal information we collect is stored and/or processed in Spain, the United States, or where we or our partners, affiliates, and external providers maintain infrastructures.

The countries in which we store, process, or transfer your personal information may not have the same data protection laws as the country in which you initially provided the information. If we transfer your personal information to third parties in other countries: (i) we will make those transfers in accordance with the requirements of applicable law; and (ii) we will protect the personal information transferred in accordance with this Privacy Policy.

Your Rights and Control Over Your Personal Information

Your choice: by providing us with personal information, you understand that we will collect, retain, use, and disclose your personal information in accordance with this Privacy Policy. You are not obligated to provide us with personal information; however, failing to do so may affect your use of our website or the products and/or services offered on or through it.

Third-party Information: if we receive personal information about you from a third party, we will protect it as outlined in this Privacy Policy. If you are a third party providing personal information about another individual, you represent and warrant that you have that individual's consent to provide us with their personal information.

Marketing Permission: if you have previously consented to us using your personal information for direct marketing purposes, you may change your mind at any time by contacting us using the details provided below.

Access: you can request details of the personal information we have about you.

Correction: if you believe that the information we hold about you is outdated or incomplete, irrelevant or misleading, please contact us using the details provided in this Privacy Policy. We will take reasonable steps to correct any information that is found to be inaccurate, incomplete, misleading, or outdated.

No Discrimination: we will not discriminate against you for exercising any of your rights regarding your personal information. Unless your personal information is necessary to provide you with a specific service or offer (for example, providing user support), we will not deny you goods or services or charge you different prices or fees for goods or services, including by granting discounts or other benefits, or imposing penalties, nor will we provide you with a different level or quality of goods or services.

Notification of Data Breaches: we will comply with applicable laws regarding any data breach.

Complaints: if you believe we have violated a relevant data protection law and wish to make a complaint, please contact us using the details provided below and provide us with all details of the alleged breach. We will investigate your complaint promptly and respond in writing, outlining the outcome of our investigation and the actions we will take to address your complaint. You also have the right to contact a regulatory agency or data protection authority regarding your complaint.

Unsubscribe: to unsubscribe from our email database or stop receiving communications (including marketing communications), please contact us using the details provided in this Privacy Policy, or unsubscribe via the opt-out features included in the communication. We may need to ask you for specific information to help us confirm your identity.

Use of Cookies

We use 'cookies' to collect information about you and your activity on our site. A cookie is a small piece of information that our website stores on your computer and accesses each time you visit it, so we can understand how you use our site. This helps us provide you with content based on the preferences you have specified.

Please refer to our Cookie Policy for more information.

Business Transfers

If we or our assets are acquired, or in the unlikely event that we cease operations or go bankrupt, we will include data, including your personal information, among the assets transferred to the acquiring party. You agree that such transfers may occur, and that any party that acquires us may, to the extent permitted by applicable law, continue using your personal information according to this policy, which will serve as the basis for any ownership or usage rights we have over that information.

Limits of Our Policy

Our website may have links to external sites that we do not operate. Please be aware that we have no control over the content and policies of those sites, and we cannot accept any responsibility or liability for their respective privacy practices.

Changes to this Policy

At our discretion, we may change our Privacy Policy to reflect updates to our business processes, current acceptable practices, or legislative or regulatory changes. If we decide to change this Privacy Policy, we will post the changes here, on the same link through which you accessed this Privacy Policy.

If the changes are significant, or as required by applicable law, we will contact you (based on your selected preferences for our communications) and all our registered users with the new details and links to the updated or modified policy.

If required by law, we will obtain your permission or give you the opportunity to opt-in or opt-out, as applicable, for any new use of your personal information.

Additional Disclosures for Compliance with the General Data Protection Regulation (GDPR) (EU)

Data Controller / Data Processor

The GDPR distinguishes between organizations that process personal information for their own purposes (known as 'data controllers') and organizations that process personal information on behalf of other organizations (known as 'data processors'). We, [presentation_name], with a registered address provided in our Contact section, are a data processor concerning the personal information you provide to us.

Legal Grounds for Processing Your Personal Information

We will only collect and use your personal information when we have the legitimate right to do so. In such cases, we will collect and use your personal information in a lawful, fair, and transparent manner. If we need your consent to process your personal information and you are under 16 years old, we will seek consent from your parent, guardian, or legal custodian to process your personal information for that specific purpose.

Our legal grounds depend on the services you use and how you use them. This means we only collect and use your information for the following reasons:

Consent Given by You

When you give us your consent to collect and use your personal information for a specific purpose. You can withdraw your consent at any time using the features we provide; however, this will not affect any use of your information that has already been made. You may give your consent to provide your email address for the purpose of receiving our marketing emails. While you can opt-out at any time, we cannot withdraw any email we have already sent. If you have any questions about how to withdraw your consent, please feel free to contact us using the details provided in the Contact section of this Privacy Policy.

Execution of a Contract or Transaction

When you have entered into a contract or transaction with us, or to take preparatory steps prior to entering into a contract or transaction with you. For example, if you contact us for an inquiry, we may need personal information such as your name and contact details to respond.

Our Legitimate Interests

When we consider it necessary for our legitimate interests, for example, to provide, operate, improve, and communicate our services. We believe our legitimate interests include research and development, understanding our audience, marketing and promoting our services, actions taken to operate our services efficiently, marketing analysis, and actions taken to protect our legal rights and interests.

Compliance with the Law

In some cases, we may have a legal obligation to use or retain your personal information. Such cases may include (among others) court orders, criminal investigations, government requests, and regulatory obligations. If you have any questions about how we retain personal information to comply with the law, please feel free to contact us using the details provided in the Contact section of this Privacy Policy.

International Transfers Outside the European Economic Area (EEA)

We will ensure that any transfer of personal information from EEA countries to countries outside the EEA is protected by adequate safeguards, for example, by using standard data protection clauses approved by the European Commission or the use of binding corporate rules or other legally accepted means.

Your Rights and Control Over Your Personal Information

Restrict: you have the right to request that we restrict the processing of your personal information if

1. you have concerns about the accuracy of your personal information; 

2. you believe your personal information has been processed unlawfully;

3. you need us to retain personal information solely for the purposes of a legal claim; or

4. we are in the process of considering your objection concerning processing based on legitimate interests.

Object to Processing: you have the right to object to the processing of your personal information that is based on our legitimate interests or public interest. If this is done, we must provide compelling legitimate grounds for the processing which overrides your interests, rights, and freedoms, in order to continue processing your personal information.

Data Portability: you may have the right to request a copy of the personal information we hold about you. Whenever possible, we will provide this information in CSV format or another easily machine-readable format. You may also have the right to request that we transfer this personal information to a third party.

Additional Disclosures for Compliance with US State Privacy Laws

The following section includes provisions that comply with the privacy laws of these states (California, Colorado, Delaware, Florida, Virginia, and Utah) and apply only to residents of those states. Specific references to a particular state (in a heading or in the text) are only a reference to the law of that state and only apply to residents of that state. Language that is not state-specific applies to all of the above states.

No Tracking

Some browsers have a 'Do Not Track' feature that lets you tell websites that you do not want them to track your online activities. At this time, we do not respond to browser 'Do Not Track' signals.

We adhere to the standards outlined in this privacy policy, ensuring that we collect and process personal information in a lawful, fair, transparent manner and with legitimate and legal grounds for doing so.

Cookies and Pixels

At all times, you can refuse cookies on our site if your browser permits. Most browsers allow you to turn on settings in your browser to refuse the setting of all or some cookies. Consequently, your ability to limit cookies is based solely on the capabilities of your browser. Please refer to the Cookies section of this privacy policy for more information.

California Privacy Laws - CPPA

Under Section 1798.83 of the California Civil Code, if you live in California and your business relationship with us is primarily for personal, family or household purposes, you may ask us about the information we disclose to other organizations for their marketing purposes. In accordance with your right to non-discrimination, we may provide you with certain financial incentives permitted by the California Consumer Privacy Act and California Privacy Rights Act (collectively, CCPA) that may result in different prices, rates or quality levels for the goods or services we provide. Any financial incentives permitted by the CCPA that we offer will reasonably relate to the value of your personal information and we will provide written terms that clearly describe the nature of such offer. Participation in a financial incentive program requires your prior consent, which you may revoke at any time.

Under Section 1798.83 of the California Civil Code, if you live in California and your business relationship with us is primarily for personal, family or household purposes, you may ask us about the information we disclose to other organizations for their marketing purposes. To make such a request, please contact us using the details provided in this privacy policy with 'California Privacy Information Request' in the subject line. You may make this type of request once every calendar year. We will email you a list of categories of personal information we have disclosed to other organizations for their marketing purposes in the last calendar year, along with their names and addresses. Not all personal information shared in this way is covered by Section 1798.83 of the California Civil Code.

California Collection Notice

In the past 12 months, we have collected the following categories of personal information listed under the CCPA:

• Identifiers, such as name, email address, phone number, account name, IP address, and an ID or number assigned to your account.

• Demographic data, such as your age or gender. This category includes data that may qualify as protected classifications under other California or federal laws.

For more information about the information we collect, including the sources from which we receive information, please review the section 'Information We Collect'. We collect and use these categories of personal information for the business purposes described in the section 'Collection and Use of Information', including providing and managing our Service.

Right to Know and Delete

You have rights to delete your personal information that we have collected and to know certain information about our data practices in the past 12 months. In particular, you have the right to request the following from us:

• The categories of personal information we have collected about you;

• The categories of sources from which personal information was collected;

• The categories of personal information about you that we have disclosed for business purposes or sold;

• The categories of third parties to whom personal information was disclosed for business purposes or sold;

• The business or commercial purpose for collecting or selling personal information; and

• The specific pieces of personal information we have collected about you.

To exercise any of these rights, please contact us using the details provided in this privacy policy.

In addition to the rights discussed above, you have the right to request information from us regarding how we share certain personal information as defined by applicable law with third parties and affiliates for their own direct marketing purposes.

To receive this information, send us a request using the contact details provided in this privacy policy. Requests should include 'Privacy Rights Request' in the first line of the description and include your name, address, city, state, and postal code.

Additional Disclosures for Compliance with Australia Privacy Act (AU)

International Transfers of Personal Information

When disclosing your personal information is governed solely by Australian privacy laws, you agree that some third parties may not be governed by the Privacy Act and the Australian Privacy Principles contained in the Privacy Act. You agree that if such a third party engages in any act or practice that contravenes the Australian Privacy Principles, they will not be liable under the Privacy Act and you will not seek recourse under the Privacy Act.

Additional Disclosures for Compliance with the Personal Information Protection and Electronic Documents Act (PIPEDA) (Canada)

Additional Scope of Personal Information

Under PIPEDA, we broaden our definition of personal information to include any information about an individual, such as financial information, information about their appearance, their opinions and views (such as expressed online or through a survey), opinions that others may have about you, and any personal correspondence you may have with us. While this information may not directly identify you, please note that it can be combined with other information to do so.

Since PIPEDA refers to personal information using the term Personally Identifiable Information (PII), any reference to personal information and PII in this privacy policy and in official Orga AI communications is considered equivalent in all respects.

Valid Consent

When you provide us with your consent to collect and use your personal information for a specific purpose. You may withdraw your consent at any time using the tools we provide; however, this will not affect the use of your information that has already been conducted. When you contact us, we rely on your consent based on your positive action of contacting us, therefore you consent to your name and email address being used so that we can respond to your query. Under PIPEDA, consent is only valid if it is reasonably expected that a person to whom the organization’s activities are targeted understands the nature, purpose, and consequences of collecting, using or disclosing the personal information to which they are consenting.

When you opt-in to receive marketing communications from us, we will do so solely on the basis of your indication of consent or until you tell us otherwise, which you can do at any time.

While you may request that we delete your contact data at any time, we cannot retrieve any email we have already sent. If you have any further questions about how to withdraw your consent, please feel free to consult the details provided in the Contact Us section of this privacy policy.

International Transfers of Information

While Orga AI strives to maintain, store, and handle customer data in locations within Canada, it may use agents or service providers located in the United States (US), the European Economic Area (EEA), or the United Kingdom (UK) to collect, use, retain, and process personal information as part of providing services to you. While we make all reasonable efforts to ensure that personal information receives the same level of security in any other jurisdiction as it does in Canada, please be aware that privacy protections under US laws may not be deemed adequate.

Customer Data Rights

While PIPEDA does not contain an extensive set of consumer rights, it grants consumers the right to:

• Access personal information that organizations have about them;

• Correct any inaccurate or outdated personal information that the organization has about them (or, if this is not possible, delete inaccurate personal information)

• Withdraw consent for any activity for which they have given consent (for example, direct marketing or cookies)

Right to Withdraw Consent

When you provide us with your consent to collect and use your personal information for a specific purpose. Subject to certain restrictions, you may, at any time, refuse to give your consent or continue giving your consent for the collection, use or disclosure of your personal information by notifying us through the email address listed below in the 'Contact Us' section. Withdrawing consent may affect our ability to provide or continue providing services.

Customers cannot refuse the collection, use, and disclosure of their personal information if that information is necessary to:

• be collected, used, or disclosed as required by law;

• meet the terms of any contractual agreement; and

• be collected, used, or disclosed as required by regulatory bodies, including self-regulatory organizations.

While you may request that we delete your contact data at any time, we cannot retrieve any email we have already sent. If you have any further questions about how to withdraw your consent, please feel free to consult the details provided in the Contact Us section of this privacy policy.

Right of Access Under PIPEDA

PIPEDA grants you the general right to access the PII (Personally Identifiable Information) that organizations have under this law. Under PIPEDA, you must submit your request for access in writing and pay a nominal fee of $30.00.

If you believe any organizational fee is unfair, you have the right to lodge a complaint about it. We reserve the right to determine how we disclose copies of your PII. We will take all necessary steps to fulfill your request within 30 days of receipt, otherwise, we must inform you of our inability to do so before the 30-day limit if:

• meeting the time limit would unreasonably interfere with our business activities; or

• the time required to conduct the necessary inquiries to respond to the request would make it impractical to meet the time limit.

We may also extend the time limit by the time necessary to convert the personal information into an alternative format. In these circumstances, we will inform you of the delay within the first 30 days and explain the reason.

Right of Rectification Under PIPEDA

You may request a correction of any factual error or omission in your PII. We will ask you to provide some evidence to support your claim. Under PIPEDA, an organization must modify the information as necessary if you successfully demonstrate that it is incomplete or inaccurate.

You can contact us at any time using the information provided in the Contact Us section of this privacy policy if you believe your PII in our systems is incorrect or incomplete.

If we cannot agree to change the information, you have the right to register your concerns with the Office of the Privacy Commissioner of Canada.

Compliance with the Ten Privacy Principles of PIPEDA

This privacy policy complies with the requirements of PIPEDA and the ten privacy principles, which are as follows:

1. Accountability. Orga AI is responsible for the PII under its control and will designate one or more individuals to ensure organizational accountability for compliance with the ten privacy principles under PIPEDA, the details of which are included below. All staff are responsible for protecting customers' personal information.

2. Identifying Purposes. Orga AI identifies the purposes for which personal information is collected at or before the time the information is collected.

3. Consent. Consent is required for the collection, use, or disclosure of personal information by Orga AI, except where permitted or required by PIPEDA or other laws. Additionally, when customers access a product or service we offer, they are deemed to have given consent. Express consent may be obtained verbally, in writing, or through electronic means. Alternatively, consent may be implied through customers' actions or continued use of a product or service following notice of changes by Orga AI.

4. Limiting Collection. The personal information collected will be limited to that which is necessary for the purposes identified by Orga AI.

5. Limiting Use, Disclosure, and Retention. We will not use or disclose personal information for purposes other than those for which the information was collected, except with your consent or as required by law. We will retain personal information only for as long as is necessary to fulfill the purposes for which that information was collected and for the applicable legal requirements.

6. Accuracy. Orga AI will maintain personal information in an accurate, complete, and up-to-date format, as necessary for the purpose(s) for which the personal information was collected.

7. Security Safeguards. We will protect personal information with appropriate security safeguards commensurate with the sensitivity of that information.

8. Openness. We will make available to customers our policies and practices relating to the collection and management of personal information upon request, including our brochures or other information explaining our policies, standards, or codes.

9. Client Access. We will inform customers about the existence, use, and disclosure of their personal information and provide them with access to their personal information, subject to any legal restrictions. We may require written requests to access personal information and, in most cases, will respond within 30 days of receiving such requests. Customers may verify the accuracy and completeness of their personal information and may request corrections or updates to personal information as appropriate.

10. Challenging Compliance. Customers may direct any questions or inquiries about our compliance with this privacy policy and the requirements of PIPEDA using the contact information provided in the Contact Us section of this privacy policy.

Cookie Compliance

Our email interactions with our customers comply with Canadian Anti-Spam Legislation. The company does not send unsolicited emails to individuals with whom it has no relationship. We will not sell personal information, such as email addresses, to third parties that are not related. Occasionally, your personal information may be provided to our third-party partners to manage the products and services you request.

When you leave our website by linking to another website, you will be subject to the privacy and security policies of the new website. We encourage you to read the privacy policies of all websites you visit, especially if you share personal information with them.

Please refer to our Cookie Policy for more information.

Inquiries, Reporting, and Escalation

To consult Orga AI's privacy policy or to report user privacy violations, you can contact us using the details provided in the Contact Us section of this privacy policy.

If we do not resolve your concern satisfactorily, you may also contact the Office of the Privacy Commissioner of Canada:

30 Victoria Street
Gatineau, QC K1A 1H3
Toll Free: 1.800.282.1376
www.priv.gc.ca

Additional Disclosures for Compliance with the UK General Data Protection Regulation (GDPR)

Data Controller / Data Processor

The GDPR distinguishes between organizations that process personal information for their own purposes (known as 'data controllers') and organizations that process personal information on behalf of other organizations (known as 'data processors'). For the purposes covered by this Privacy Policy, we are a Data Controller concerning the personal information you provide to us and comply with our obligations as a data controller under the GDPR.

Content Provided by Third Parties

We may indirectly collect personal information about you from third parties who have permission to share it. For example, if you purchase a product or service from a company that works with us and give us permission to use your data to complete the transaction.

We may also collect publicly available information about you, such as from social media and messaging platforms you may use. The availability of this information will depend on both the privacy policies and privacy settings you have on those platforms.

Additional Disclosure for the Collection and Use of Personal Information

In addition to the purposes mentioned that justify the collection and use of personal information, we may also engage in marketing and market research activities, including how visitors use our site, opportunities for website improvement, and user experience.

Personal Information No Longer Necessary for Our Purposes

If your personal information is no longer necessary for our stated purposes, or if you inform us under your Data Subject Rights, we will delete or anonymize it by removing all details that identify you ('Anonymization'). However, if necessary, we may retain your personal information to comply with a legal, accounting, or reporting obligation or for public interest archiving, scientific or historical research, or for statistical purposes.

Legal Bases for Processing Your Personal Information

Data protection and privacy laws allow us to collect and use your personal data on a limited number of legal bases. In such cases, we will collect and use your personal information in a lawful, fair, and transparent manner. We never engage in direct marketing to anyone under 18 years of age.

Our legal bases depend on the services you use and how you use them. This is a non-exhaustive list of the legal bases we use:

Consent by You

When you provide us with your consent to collect and use your personal information for a specific purpose. You may withdraw your consent at any time using the options we provide; however, this will not affect any use of your information that has already occurred. When you contact us, we rely on your consent based on your positive action of contact, therefore you consent to your name and email address being used so that we can respond to your query.

If you agree to receive marketing communications from us, we will do so solely on the basis of your indication of consent or until you tell us otherwise, which you can do at any time.

While you may request that we delete your contact data at any time, we cannot retrieve any email we have already sent. If you have any further questions about how to withdraw your consent, please feel free to consult the details provided in the Contact Us section of this privacy policy.

Compliance with a Contract or Transaction

When you have entered into a contract or transaction with us, or to take preparatory steps before entering into a contract or transaction with you. For example, if you contact us with an inquiry, we may require personal information such as your name and contact details to respond.

Our Legitimate Interests

When we consider it necessary for our legitimate interests, such as providing, operating, improving, and communicating our services. We believe our legitimate interests include research and development, understanding our audience, marketing and promoting our services, actions taken to operate our services efficiently, marketing analysis, and actions taken to protect our legal rights and interests.

Compliance with the Law

In some cases, we may have a legal obligation to use or retain your personal information. These cases may include (but are not limited to) court orders, criminal investigations, government requests, and regulatory obligations. For example, we are required to keep financial records for a period of 7 years. If you have any other questions about how we retain personal information to comply with the law, please feel free to consult the details provided in the Contact Us section of this privacy policy.

International Transfers of Personal Information

Following an adequacy decision by the European Commission, the UK has achieved a level of protection essentially equivalent to that guaranteed by the GDPR of the UK.

On occasion, when we share your data with third parties, they may be located outside the UK or the European Economic Area ('EEA'). Those countries to which we transfer, store, or process your personal information may not have the same data protection laws as the country in which you initially provided the information.

If we transfer your personal information to third parties in other countries:

• we will make those transfers in accordance with the requirements of the UK GDPR (Article 45) and the Data Protection Act 2018;

• we will implement appropriate safeguards to protect the transferred data, including transit safeguards, such as standard contractual clauses ('SCCs') or binding corporate rules.

Your Rights as a Data Subject

Right to Limit Processing: You have the right to request that we limit the processing of your personal information if (i) you have concerns about the accuracy of your personal information; (ii) you believe your personal information has been processed unlawfully; (iii) you need us to retain personal information solely for the purpose of making a legal claim; or (iv) we are considering your objection regarding processing based on legitimate interests.

Right to Object: You have the right to object to the processing of your personal information that is based on our legitimate interests or the public interest. If you do this, we must provide legitimate and compelling reasons for the processing that outweigh your interests, rights, and freedoms, in order to continue processing your personal information.

Right to be Informed: You have the right to be informed about how your information is collected, processed, shared, and stored.

Right of Access: You may request a copy of the personal information we have about you at any time by submitting a Data Subject Access Request (DSAR). The legal timeframe for complying with a DSAR request is 30 calendar days from the receipt of your request.

Right of Deletion: In certain circumstances, you may request that your personal data be deleted from the records held by organizations. However, this is a qualified right; it is not absolute and can only be applied in certain circumstances.

When can the right of deletion apply?

• When the personal data is no longer necessary for the purpose for which it was originally collected or processed.

• If consent was the legal basis for processing personal data and that consent has been withdrawn. Orga AI relies on consent to process personal data in very few circumstances.

• The Company relies on legitimate interests as a legal basis for processing personal data and an individual has exercised their right to object and it has been determined that the Company does not have compelling legitimate grounds to refuse that request.

• The personal data is being processed for direct marketing purposes, for example, a person's name and email address, and the individual objects to such processing.

• There is legislation requiring that personal data be destroyed.

Right to Data Portability: Individuals have the right to obtain some of their personal data from an organization in a way that is accessible and machine-readable, for example, as a CSV file. Associated with this, individuals also have the right to request that an organization transfer their personal data to another organization.

However, the right to data portability:

• only applies to personal data that a person has provided directly to Orga AI in electronic format; and

• the subsequent transfer will only be available when this is 'technically feasible.'

Right to Rectification: If personal data is inaccurate, outdated, or incomplete, individuals have the right to correct, update, or complete that data. Collectively, this is referred to as the right to rectification. Rectification may involve filling in gaps, i.e., completing incomplete personal data, although this will depend on the purposes of the processing. This may involve adding a supplementary statement to the incomplete data to highlight any inaccuracies or related claims.

This right only applies to an individual's own personal data; a person cannot request the rectification of another person's information.

Notification of Data Breaches: Upon discovering a data breach, we will investigate the incident and report it to the UK data protection regulator and to you, if we deem it appropriate to do so.

Complaints: You have the right to lodge a complaint at any time with the Information Commissioner’s Office (ICO), the UK's supervisory authority for data protection matters (www.ico.org.uk). However, we would appreciate the opportunity to resolve your concerns before you approach the ICO, so please contact us in the first instance using the details provided below. Please provide us with as much information as possible about the alleged breach. We will investigate your complaint promptly and respond in writing, stating the outcome of our investigation and the actions we will take to address your complaint.

Inquiries, Reporting, and Escalation

To consult Orga AI's privacy policy or report user privacy violations, you can contact our Data Protection Officer using the details in the Contact Us section of this privacy policy.

If we do not resolve your concern satisfactorily, you may also contact the Information Commissioner’s Office (ICO), the UK’s data protection authority:

Information Commissioner's Office
Wycliffe House
Water Lane
Wilmslow
Cheshire
SK9 5AF

Phone: 0303 123 1113 (local rate)
Website: www.ico.org.uk 

Contact

If You Are Located Outside the United States of America:

ORGA ARTIFICIAL INTELLIGENCE S.L.

C/ MARIANO CUBER 17 46011 POBLATS MARÍTIMS,

VALENCIA (SPAIN)

NIF: B19347236,

hi@orga-ai.com

If You Are Located Within the United States of America:

Orga AI Inc.

800 N King Street Suite 304 3595 Wilmington, DE, 19801 US

+1 (628) 2511344

legal@orga-ai.com