Accelerate innovation Our AI-powered platform increases the pace of training development.

Ethermind_logo

Privacy policy

Last updated: 29th July 2024

We at Ethermind respect your privacy and are committed to processing any information we obtain from you or about you in compliance with the requirements of the applicable data protection legislation, including the EU General Data Protection Regulation, the UK General Data Protection Regulation and the Swiss Data Protection Act. This Privacy Policy describes our practices relating to Personal Data we collect from or about you when you use our website, applications and services (collectively, “Services”).

This Privacy Policy does not apply to content that we process on behalf of customers of our business offerings. Our use of that data is governed by our customer agreements covering access to and use of those offerings, including the Terms of Service.

1. Data controller

Ethermind Ltd, a company registered in England and Wales under company number 14880452, whose registered office is at 71-75 Shelton Street, Covent Garden, London, WC2H 9JQ, United Kingdom, is the controller and is responsible for the processing of your Personal Data as set out in this Privacy Policy.

2. Personal Data we collect

We collect personal data relating to you (“Personal Data”). This data generally falls in three categories: personal data that you provide, personal data that we receive automatically from your use of our Services, and personal data that we receive from other sources.

Personal Data You Provide: We collect the following Personal Data when you create an account or communicate with us:

  • User account information: When you create an account with us, we collect information associated with your account. This information includes your name, contact information (eg, email address), account credentials (eg, username and password), course codes, payment card information, and transaction history (we refer to this information as “User account information”).
  • User content: When you use our Services, we collect Personal Data that is included in the input, file uploads, learning and other materials which may contain information about identified or identifiable natural persons (eg, customer information, business partner contact details etc.) or feedback that you provide to our Services (we refer to this information as “User content”).
  • Communication information: If you communicate with us, we collect your name, contact information (eg, email address), and the contents of any messages you send (we refer to this information as “Communication information”).
  • Social media information: We have pages on social media sites like Facebook and LinkedIn. When you interact with our social media pages, we collect Personal Data that you choose to provide to us, such as your contact details (we refer to this information as “Social media information”). The companies that host our social media pages may provide us with aggregate information and analytics about your social media activity. Incidentally, these data may include demographic data relating to the target audience, including trends in terms of age, sex, relationship and occupation, information on the lifestyles and centres of interest of the target audience and information on the purchases and online purchasing habits of visitors to the page, the categories of goods and services that appeal the most, and geographical data.
  • Other information: We collect other information that you may provide to us, such as when you participate in our events or user surveys or provide us with information to establish your identity (we refer to this information as “Other information”).

Personal Data We Receive Automatically From Your Use of the Services: When you visit, use, or interact with the Services, we receive the following information (“Technical Information”):

  • Log data: Information that your browser or device automatically sends when you use our Services. Log data includes your Internet Protocol address, browser type and settings, the date and time of your request, and how you interact with our Services.
  • Usage data: We may automatically collect information about your use of the Services, such as the types of content that you view or engage with, the features you use and the actions you take, as well as your time zone, country, the dates and times of access, user agent and version, type of computer or mobile device, and your computer connection.
  • Device information: Includes name of the device, operating system, device identifiers, and browser you are using. Information collected may depend on the type of device you use and its settings.
  • Cookies and similar technologies: We use cookies to distinguish you from other users of our Services. This helps us to provide you with a good experience when you browse our website and also allows us to improve our Services. For detailed information on the cookies we use and the purposes for which we use them see our Cookie policy.

Personal Data We Receive From Other Sources: We may receive information from trusted partners, such as security solution providers to protect against fraud, abuse, and other security threats to our Services, or marketing vendors who provide us with information about potential customers of our business services.

3. How we use Personal Data

We may use Personal Data for the following purposes:

  • To provide and maintain our Services;
  • To improve and develop our Services and new features and conduct research;
  • To communicate with you, including to send you information or marketing about our Services and events;
  • To prevent fraud, criminal activity, or misuse of our Services, and to protect the security of our systems and Services;
  • To comply with legal obligations and to protect the rights, privacy, safety, or property of our users, us, our affiliates, or any third party; and
  • To aggregate or de-identify information about you.

We aggregate or de-identify Personal Data so that it can no longer be used to identify you and use this information to analyse the effectiveness of our Services, to improve and add features to our Services, to conduct research and for other similar purposes. In addition, from time to time, we may share or publish aggregated information like general user statistics with third parties. We collect this information through the Services, through cookies, and through other means described in this Privacy Policy. We will maintain and use de-identified information in anonymous or de-identified form and we will not attempt to re-identify the information, unless required by law.

4. Retention

We’ll retain your Personal Data for only as long as we need in order to provide our Services to you, or for other legitimate business purposes such as resolving disputes, safety and security reasons, or complying with our legal obligations. The period for which we retain Personal Data will depend on a number of factors, such as:

  • Our purpose for processing the data (such as whether we need to retain the data to provide our Services);
  • The amount, nature, and sensitivity of the data;
  • The potential risk of harm from unauthorised use or disclosure of the data;
  • Any legal requirements that we are subject to.

In some cases, the length of time we retain data depends on your settings.

5. Data sharing

We will only disclose your Personal Data to third parties where required by law or to our employees, contractors, designated agents, or third-party service providers who require such information to assist us with the provision of the Services, including third-party service providers who provide services to us or on our behalf.

We may use third-party service providers for various purposes, including, but not limited to, obtaining credential verification and data storage or hosting. These third-party service providers may be located outside of the country in which you are domiciled.

To provide the Services, we rely on the following data processors:

Name and address of the data processor

Description of the processing activities / services

Place of processing and data transfers to third countries

Microsoft Ireland Operations Limited, One Microsoft Court, South County Business Park, Leopardstown, Dublin 18, D18 DH6k

Data storage, hosting and processing of User content (incl. user chat sessions in the context of the User’s use of Services) on Azure cloud services and infrastructure

Place of processing: UK and West/North Europe (Netherlands/Ireland)

Data transfer basis: EU SCCs as amended by the UK addendum to the EU SCCs issued by the Information Commissioner under section 119A(1) of the Data Protection Act 2018 (“UK Addendum”) and/or the EU-US Data Privacy Framework and/or the UK-US Data Bridge

OpenAI OpCo, LLC, with a registered office at 3180 18th Street, San Francisco, California 94110, United States, and OpenAI Ireland Ltd., a company incorporated in the Republic of Ireland with its registered office at 1st Floor, The Liffey Trust Centre, 117-126 Sheriff Street Upper, Dublin 1, D01 YC43, Ireland and company number 737350

Access to large language models for completion, text embeddings, APIs

OpenAI infrastructure is hosted by Azure in multiple United States regions.

Additional information on Azure infrastructure security can be found at https://learn.microsoft.com/en-us/azure/security/fundamentals/infrastructure

Okta, Inc., 100 First Street, San Francisco, California 94105, USA

Auth0, which handlesend-user data present in user profiles, including metadata, processed for the purposes of authenticating users. Ethermind shares the following categories of data with Auth0, which acts as a data processor for these categories of data:

·       Username

·       Password

·       Email address

Place of processing: the infrastructure-as-a-service provider region elected by Ethermind is UK.

Stripe Payments Europe, Limited, The One Building, 1 Lower Grand Canal Street Dublin, D02 HD59 Ireland

Stripe is the payment and billing system we use to provide the Services.

Ethermind shares the following categories of data with Stripe, which acts as a data processor for these categories of data:

·       Payment details (eg, name, credit card number, expiry date, CVC code)

Stripe, our payment processor, collects, uses, and processes your information, including payment information, in accordance with their privacy policies. You can access their privacy policy via the following link: Stripe Privacy Policy.

Data transfers to the US take place on the basis of either of the following:

  • Transfers to certain countries or recipients that are recognised as having an adequate level of protection for personal data under applicable law.  
  • EU Standard Contractual Clauses approved by the European Commission and the UK International Data Transfer Addendum issued by the Information Commissioner’s Office. You can obtain a copy of the relevant Standard Contractual Clauses.
  • Other lawful methods available to us under applicable law

Where necessary, our data processors may share personal information outside of the UK. When doing so, they comply with the UK GDPR, making sure appropriate safeguards are in place.

We require all our third-party service providers, by written contract, to implement appropriate security measures to protect Personal Data consistent with our policies and any data security obligations applicable to us. We do not permit our third-party service providers to process your Personal Data for their own purposes. We only permit them to process your Personal Data for specified purposes in accordance with our instructions.

We may also disclose your Personal Data for the following additional purposes where permitted or required by applicable law:

  • To comply with legal obligations or valid legal processes such as search warrants, subpoenas, or court orders. When we disclose your Personal Data to comply with a legal obligation or legal process, we will take reasonable steps to ensure that we only disclose the minimum Personal Data necessary for the specific purpose and circumstances.
  • To protect the rights and property of Ethermind.
  • During emergency situations or where necessary to protect the safety or vital interests of persons.
  • If a business transfer or change in ownership occurs and the disclosure is necessary to complete the transaction. In these circumstances, we will limit data sharing to what is absolutely necessary, and we will anonymise the data where possible.
  • For additional purposes with your consent where such consent is required by law.

6. Your legal rights

It is important that Personal Data we hold about you is accurate and current. Please keep us informed if your Personal Data changes. By law you may have the right to request access to, correct, and erase the Personal Data that we hold about you, or object to the processing of your Personal Data under certain circumstances. You may also have the right to request that we transfer your Personal Data to another party. If you want to review, verify, correct, or request erasure of your Personal Data, object to the processing of your Personal Data, or request that we transfer a copy of your Personal Data to another party, please contact us at privacy@ethermind.ai. Any such communication must be in writing.

We may request specific information from you to help us confirm your identity and your right to access, and to provide you with the Personal Data that we hold about you or make your requested changes. Applicable law may allow or require us to refuse to provide you with access to some or all of the Personal Data that we hold about you, or we may have destroyed, erased, or anonymised your Personal Data in accordance with our record retention obligations and practices. If we cannot provide you with access to your Personal Data, we will inform you of the reasons why, subject to any legal or regulatory restrictions.

7. Legal bases for processing

Purpose

Type of Personal Data

Retention period

Legal basis

To provide and maintain the Services, incl. identify management and access

Username

For as long as the user has an active subscription to the Services, and up to 30 days after receiving a request for deletion of the user account

Necessity to perform a contract with you, eg, to set up a user account, allowing you to upload documents and create and use the personas

Password

Email address

Role in the organisation

Payment details

Log data

30 days

Where necessary for our legitimate interests to analyse the use of and improve our Services

Usage data

60 days

Where necessary for our legitimate interests to analyse the use of and improve our Services

Device information

30 days

Where necessary for our legitimate interests to analyse the use of and improve our Services

Cookies and similar technologies

30 days

Consent to place cookies on your device to analyse. Where you provide your consent, Ethermind uses Google Analytics to collect the following information about how you use the Services:

·       The pages that you visit on ethermind.ai

·       How much time you spend on each ethermind.ai page

·       How you got to ethermind.ai

·       What you clock on while you’re visiting ethermind.ai

·       A rough indication of your location using your anonymised Internet Protocol address

We will not identify you through analytics information, and will not combine analytics information with other data sets in a way that would identify who you are.

To improve and develop the Services and new features and conduct market research

User content, incl. learning and other materials which may contain information about identified or identifiable natural persons

For as long as the user has an active subscription to the Services, and up to 30 days after receiving a request for deletion of the user account

Necessity to perform a contract with you, eg, to set up a user account, allowing you to upload documents and create and use the personas

User surveys and feedback

30 days

Where necessary for our legitimate interests and those of third parties, including in developing, improving, or promoting our Services

To prevent fraud, criminal activity, or misuses of our Services, and to protect the security of our systems and Services

Log data

6 months

Where necessary for our legitimate interests and those of third parties, including in protecting our Services from abuse, fraud, or security risks, such as processing data from security partners to protect against fraud, abuse and security threats in our Services

Usage data

Device information

Cookies and similar technologies

Consent to place cookies on your device to analyse. Where you provide your consent, Ethermind uses Google Analytics to collect the following information about how you use the Services:

·       The pages that you visit on ethermind.ai

·       How much time you spend on each ethermind.ai page

·       How you got to ethermind.ai

·       What you clock on while you’re visiting ethermind.ai

·       A rough indication of your location using your anonymised Internet Protocol address

We will not identify you through analytics information, and will not combine analytics information with other data sets in a way that would identify who you are.

To communicate with you, including to send you information or commercial (marketing) communications about our Services and events

Username

For as long as the user has an active subscription to the Services, and up to 30 days after receiving a request for deletion of the user account

Where necessary for our legitimate interests and those of third parties, we want to keep you informed about updates, promotions, and special offers related to the Services

Email address

User surveys and feedback

8. Changes to the Privacy Policy

We reserve the right to update this Privacy Policy at any time, and we will provide you with a new Privacy Policy when we make any updates. If we would like to use your previously collected personal data for different purposes than those we notified you about at the time of collection, we will provide you with notice and, where required by law, seek your consent, before using your personal data for a new or unrelated purpose. We may process your personal data without your knowledge or consent only where required by applicable law or regulation.

9. How to contact us

If you have any questions about our processing of your personal data or would like to make an access or other request, please contact us at privacy@ethermind.ai.

10. How to complain

If you have any concerns about our use of your personal data, you can make a complaint to us using the contact details at the top of this privacy notice. If you remain unhappy with how we’ve used your data after raising a complaint with us, you can also complain to the ICO.

The ICO’s address:        

Information Commissioner’s Office
Wycliffe House
Water Lane
Wilmslow
Cheshire
SK9 5AF

Helpline number: 0303 123 1113

Website: https://www.ico.org.uk/make-a-complaint

Subscribe to our newsletter

Latest industry news, product guides, and best practices. Get our monthly newsletter right in your inbox.

Product

© 2024 Ethermind