Privacy Policy

This privacy notice applies to the personal data (the latter being understood as “any information relating to an identified or identifiable natural person” as per Art. 4 of the General Data Protection Regulation (Regulation (EU) 2016/679) processing activities as carried out throughout the use of our services, including “DeepCI Affiliates” and “DeepCI Affiliate Information Services”.​

DeepCI is part of an international group of companies (EveryMatrix Group) which, with respect to corporate website operations, may act as controllers (jointly with other entities of the EveryMatrix Group). For this website, the primary controller is:

EveryMatrix S.R.L.
4, Tudor Arghezi Street,
District 2, 020944,
Bucharest,
Romania.

As part of the activities conducted by us, we may collect, store, transmit, share, assess personal data relating to you. For these reasons, we are committed to being transparent about how we collect and process that data and to meeting our data protection obligations.

Types of Information Processed

We may process the following personal information relating to you:

1. Identifying:

Information that uniquely or semi-uniquely identifies you (i.e. name, user-name).

2. Demographic:

Information that describes your characteristics shared with others (i.e. geographic).

3. Contact:

Information that provides a mechanism for contacting you (e.g. email address, physical address, telephone number and other social media related contact details).

4. Professional:

Information about your professional career (i.e. job titles, office location).

5. Location:

Information about your location (i.e. IP address, country, city).

6. Communication:

Information communicated from or to you in the course of your interactions with us (e.g. email, phone calls and chats).

7. Usage Data:

Information about how the account is being used, including login history, feature usage patterns, and activity logs, may be processed for diagnostic purposes.

8. Device Information:

Details about the devices used to access the account, such as device type, operating system, and browser information, may be collected to identify compatibility issues.

9. Security Data:

Diagnostic processes often involve checking the security settings and configurations of the account, which may include analyzing password strength, two-factor authentication settings, and security logs.

10. Error Logs:

In the event of errors or issues, diagnostic processes may log error messages or codes to help identify and resolve technical problems. These logs may contain information related to the error and the user’s interactions.

11. Aggregated Data:

Information about our users that we combine together so that it no longer identifies or references an individual user and other anonymized information for regulatory compliance, industry and market analysis, demographic profiling, marketing and advertising, and other business purposes.

Our Legal Bases to Process Your Information

• Performance of a contract;
• Compliance with legal obligations; and
• Our legitimate interest to:Manage risks and align with the EU Best Practices for the effective implementation of restrictive measures (as updated from time to time) (“the EU Best Practices”):In such a case, within the onboarding and ongoing monitoring stages, through the operation of third-party software tools, we will perform checks on names, company registration numbers and country of domicile of yours in order to check whether, among others, you are located in a sanctioned jurisdiction.
• Enhance user experience and track performance of our services;
• Contact you;
• Administer user accounts, payments and related subscriptions;
• Conduct internal reporting, statistical analysis and research;
• Provide support and troubleshooting;
• Exercise reliance on third party sourced information;
• Exercise and defend legal claims;
• Conduct business transfer transactions within the context of merger, acquisition, reorganization, sale of assets, bankruptcy, or insolvency event;
• Pursue network security, detection and prevention of fraud and other fraudulent activities; and

Maintain accurate records of the information that we receive from the use of our services

We will only use your personal data for the purposes for which it was obtained, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose.

Sharing and Disclosure of Your Personal Data

We may use third-party service providers in the context of the provision of our services. These providers may process your personal data and may be located inside or outside of the European Economic Area (“EEA”).

The categories of such third parties are the following:

1. Marketing providers to perform certain marketing activities on our behalf and only with your consent;
2. IT/system support services;
3. Content management software service providers (i.e. Share Point -https://privacy.microsoft.com/en-us/privacystatement);
4. PEP and sanction lists screening service providers (i.e. Webshield – Webshield Privacy Policy);
5. Third parties assisting in investigations (such as AML investigations) for the purpose of detecting and preventing fraud or other security or technical problems;
6. Cloud services providers for provision of cloud-based services such as storage or hosting certain software (i.e. AWS – https://aws.amazon.com/privacy);
7. Professional advisors acting as processors or joint controllers including lawyers, auditors and insurers who provide consultancy;
8. Service providers for the purpose of data analytics (e.g. Google – Google Data Privacy and Security);
9. Service providers enabling communication with you from a technical standpoint (e.g. via email, chat);
10. Payment service providers (i.e. Stripe – Stripe Privacy Policy)

You can always contact us to receive the full list of our service providers which process your data.

Corporate Affiliates

We may share your information, including personal data, to any member of our group of companies insofar as reasonably necessary for the purposes, and on the legal bases, set out in this notice.

Kindly note the EveryMatrix Group is present in different jurisdictions globally, therefore your personal data may be transferred outside of the EU/EEA.

If we do transfer your personal data to other group entities or business partners/providers which are outside of the EU/EEA area, and there is no possibility to rely on a transfer of personal data based on adequacy decision (Art. 45 of the GDPR), we will take all reasonable steps to ensure that adequate measures are in place by implementing, among others, EU Commission’s standard contractual clauses in accordance with Art. 46 of the GDPR.

You can always contact us to receive the full details over the jurisdictions to which your personal data is sent and the details of the extra-EU/EEA entities involved in such overseas processing activities. You can also obtain visibility over the standard contractual clauses and stipulations in place within the context of a transfer of your personal data to third countries.

The Retention Period of Your Personal Data

We will keep your personal data for at least 5 years from the termination of the business relationship with you. You still have the right to request erasure of your personal data at any time; nonetheless, such a request may not be fully or partially accommodated by us due to compliance with legal obligations or to exercise or defend our rights at law. In such circumstances, you will be informed accordingly.

Security Employed to Protect Your Personal Data

We take the measures that can be reasonably expected to the make sure that the personal data of yours and others are processed safely and in accordance with this notice, our internal policies and procedures, and applicable law.

However, transfers of information over the internet and mobile networks can never occur without any risk, so all transfers are made on the own risk of the person transferring the data. It is important that you also take responsibility to ensure that your personal data is protected. It is your responsibility that your login information is kept secret.

Your Rights with Respect to Your Personal Data

You have the right to:

1. make subject access requests regarding the nature of information held and to whom it has been disclosed;
2. prevent processing likely to cause damage or distress;
3. prevent processing for purposes of direct marketing;
4. be informed about the mechanics of automated decision-taking process that will significantly affect you;
5. dispute an automated process of your personal data;
6. sue for compensation if you suffer any damage by any contravention of the applicable law;
7. take action to rectify, block, erased, including the right to be forgotten, or destroy inaccurate personal data;
8. request the supervisory authority to assess whether any provision of applicable law has been contravened;
9. have your personal data provided in a structured, commonly used and machine-readable format, and the right to have that data transmitted to another controller; and
10. object to any automated profiling that is occurring without consent.

You may exercise any of the rights described in this section by sending an email at:

dpo@everymatrix.com

Alternatively, should you have a complaint, you can always reach out to our Lead Supervisory Authority:

The National Supervisory Authority for Personal Data Processing
(‘Autoritatea Nationala de Supraveghere a Prelucrarii Datelor cu Caracter Personal’ or ‘ANSPDCP’)
28 30 Magheru Blvd
District 1, Bucharest
T +40 318 059 211
F +40 318 059 602
www.dataprotection.ro

Our Website – www.deepci.com and Cookies:

Cookie	Description	Duration	Type
PHPSESSID	This cookie is native to PHP applications. The cookie stores and identifies a user’s unique session ID to manage user sessions on the website. The cookie is a session cookie and will be deleted when all the browser windows are closed.	Session	Necessary
_ga_*	Google Analytics sets this cookie to store and count page views.	1 year 1 month 4 days	Analytics   Google Analytics – Data Privacy and Security
_ga	Google Analytics sets this cookie to calculate visitor, session and campaign data and track site usage for the site’s analytics report. The cookie stores information anonymously and assigns a randomly generated number to recognise unique visitors.	1 year 1 month 4 days	Analytics   Google Analytics – Data Privacy and Security

Changes

We have the right to, at any time, make changes or additions to the privacy notice. It is your responsibility to check the terms of this notice from time to time.

Validity

This notice was lastly updated on 29 January 2024.