Privacy Policy

Proto Global Ltd.
Last Updated: 27 August 2021

Introduction

Proto Global Ltd. (UK) (the “Company”, “we”, “us”, “our(s)”) is the owner and creator of an application to create conversational agents (the “Services”). This Privacy Policy (“Policy”) is intended to describe the information collected by us, how that information may be used, and with whom it may be shared. By accessing the Services, you acknowledge and agree to have read, fully accept, and be willing to abide by this Policy. The Services are currently under intense development and different aspects of the Services will be deployed over the coming months. Some parts of the Policy refer to functions of the Services that have not yet been implemented or deployed.

Please read this Policy carefully to understand our policies and practices for collecting, processing, and storing your information. If you do not agree with our policies and practices, your choice is not to use our Services. By accessing or using this Services, you indicate that you understand, accept, and consent to the practices described in this Policy. This Policy may change from time to time. Your continued use of the Services after we make changes indicates that you accept and consent to those changes, so please check the Policy periodically for updates. We will notify you in advance of any material changes to this Policy and obtain your consent to any new ways that we collect, use, and disclose your personal information.


Definitions

Capitalized terms in this Policy, where not defined below, shall have the same meaning as in the Company Terms of Service (“Terms”). In addition:

Applicable Law” means (for so long as and to the extent that they apply to the Company) the law of Canada, the U.S., and the GDPR in the European Union.

California Policy” means the policy at Schedule “A” applicable to California residents only.

GDPR” mean the European EU) 2016/679.

Services” refers to the Proto AICX platform and the HermesAI™ natural language processing engine and any other applications, plans, features, software, maintenance, and customer service offered by Proto Global Ltd.

User” refers to a person or entity that has been granted access to the Services and who has agreed to be bound by the Terms.

User Content” refers to content that has been contributed to by users of the application, including personal information.

This Policy describes:

We will only use your personal information in accordance with this Policy unless otherwise required by Applicable Law. We take steps to ensure that the personal information that we collect about you is adequate, relevant, not excessive, and used for limited purposes.


Privacy laws generally define "personal information" as any information about an identifiable individual, which includes information that can be used on its own or with other information to identify, contact, or locate a single person.

This Policy applies to information we collect, use, or disclose about you:

The Services may include links to third-party websites, plug-ins, services, social networks, or applications. Clicking on those links or enabling those connections may allow the third party to collect or share data about you. If you follow a link to a third-party website or engage a third-party plugin, please note that these third parties have their own privacy policies and we do not accept any responsibility or liability for these policies. We do not control these third-party websites, and we encourage you to read the privacy policy of every website you visit.

This Policy DOES NOT apply to information that:

Information we collect about you

We collect and use several types of information from and about you, including:

How we collect information about you

We use different methods to collect your information, including through:

Information You Provide to Us

The information we collect directly from you on or through our Services may include:

Information We Collect Through Cookies and Other Automatic Data Collection Technologies

As you navigate through and interact with our Services, we may use cookies or other automatic data collection technologies to collect certain information about your equipment, browsing actions, and patterns, including:

We may also use these technologies to collect information about your online activities over time and across third-party websites or other online services (behavioral tracking). 

To learn more or to opt-out of tailored advertising please visit Digital Advertising Alliance of Canada’s Opt-Out Tool for information on how you can opt out of behavioral tracking on this Services and how we respond to web browser signals and other mechanisms that enable consumers to exercise choice about behavioral tracking.

The information we collect automatically is statistical data and may include personal information, and we may maintain it or associate it with personal information we collect in other ways that you provide to us, or receive from third parties. It helps us to improve our Services and to deliver a better and more personalized service, including by enabling us to:

The technologies we use for this automatic data collection may include:

Third Party Use of Cookies and Other Tracking Technologies

The Company may allow third parties, including authorized service providers, advertising companies, corporate partners, and ad networks, to display links, promotions and advertisements through the Services. These companies may use tracking technologies, such as cookies, to collect information about users who view or interact with their advertisements. This information may allow them to deliver targeted advertisements and gauge their effectiveness. The Company does not provide any personal information to these third parties.

You can opt-out of several third party ad servers' and networks' cookies simultaneously by using an opt-out tool created by the Network Advertising Initiative. You can also access these websites to learn more about online behavioural advertising and how to stop websites from placing cookies on your device. Opting out of a network does not mean you will no longer receive online advertising. It does mean that the network from which you opted out will no longer deliver ads tailored to your web preferences and usage patterns.

We do not control these third parties' tracking technologies or how they are used. If you have any questions about an advertisement or other targeted content, you should contact the responsible provider directly. For more information about how you can opt out of receiving targeted advertising from many providers, see CHOICES ABOUT HOW WE USE AND DISCLOSE YOUR INFORMATION below.

Information We Collect Through Third Parties

We may collect information about you from third parties with your consent, or where otherwise permitted by law. We may use information collected from third parties to present you with services or products that we determine you may be interested in.

How we use your information

All information provided to the Company through the use of the Services is collected and stored as data that may be used for product development, and is considered to be part of the Intellectual Property Rights (as defined in the Terms) of the Company.

We use information that we collect about you or that you provide to us, including any personal information:

We may use the information we have collected from you to enable us to display advertisements to our advertisers' target audiences. Even though we do not disclose your personal information for these purposes without your consent, if you click on or otherwise interact with an advertisement, the advertiser may assume that you meet its target criteria.

Disclosure of your information

We may disclose aggregated information about our users, and information that does not identify any individual, without restriction.

We may disclose personal information that we collect or you provide as described in this Policy:

Transferring your personal information

We may transfer personal information that we collect or that you provide as described in this Policy to contractors, service providers, and other third parties we use to support our business (such as analytics and search engine providers that assist us with Services improvement and optimization) and who are contractually obligated to keep personal information confidential, use it only for the purposes for which we disclose it to them, and to process the personal information with the same standards set out in this Policy.

We may process, store, and transfer your personal information in and to a foreign country, with different privacy laws that may or may not be as comprehensive as U.K. law. In these circumstances, the governments, courts, law enforcement, or regulatory agencies of that country may be able to obtain access to your personal information through the laws of the foreign country. Whenever we engage a service provider, we require that its privacy and security standards adhere to this Policy and applicable U.K. privacy legislation.

In the event that the Company or any portion of the business represented by the Services, is acquired by or merged with a third party entity, the Company reserves the right, in any of these or similar circumstances, to transfer or assign any or all of the information collected as part of such merger, acquisition, sale, or other change of control. In the event of bankruptcy, insolvency, reorganization, receivership, or assignment for the benefit of creditors, or the application of laws or equitable principles affecting creditors' rights generally, the Company may not be able to control how personal information is treated, transferred, or used.

By submitting your personal information or engaging with the Services, you consent to this transfer, storage, or processing.


Choices about how we use and disclose your information

We strive to provide you with choices regarding the personal information you provide to us. We have created mechanisms to provide you with the following control over your information: 

We do not control third parties' collection or use of your information to serve interest-based advertising. However, these third parties may provide you with ways to choose not to have your information collected or used in this way. You can opt out of several third party ad servers' and networks' cookies simultaneously by using an opt-out tool created by the Network Advertising Initiative. You can also access these websites to learn more about online behavioural advertising and how to stop websites from placing cookies on your device. Opting out of a network does not mean you will no longer receive online advertising. It does mean that the network from which you opted out will no longer deliver ads tailored to your web preferences and usage patterns.


Data security

The security of your personal information is very important to us. We use physical, electronic, and administrative measures designed to secure your personal information from accidental loss and from unauthorized access, use, alteration, and disclosure. We store all information you provide to us behind firewalls on our secure servers. 

As cloud-based software, the Services collect and store information on various servers throughout the world.

Appropriate security measures (including physical, electronic and procedural measures) are in place to safeguard personal information from unauthorized access and disclosure. Only authorized employees and third parties who have agreed to be bound by confidentiality restrictions may be permitted to access personal information, and may do so only for permitted business functions.

The safety and security of your information also depends on you. Where we have given you (or where you have chosen) a password for access to certain parts of our Services, you are responsible for keeping this password confidential. We ask you not to share your password with anyone. We urge you to be careful about giving out information in public areas of the Services like message boards, which any Services user can view.

Unfortunately, the transmission of information via the Internet is not completely secure. Although we do our best to protect your personal information, we cannot guarantee the security of your personal information transmitted to our Services. Any transmission of personal information is at your own risk. We are not responsible for circumvention of any privacy settings or security measures contained on the Services.

Data retention

Except as otherwise permitted or required by Applicable Law or regulation, we will only retain your personal information for as long as necessary to fulfill the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements. Under some circumstances we may anonymize your personal information so that it can no longer be associated with you. We reserve the right to use such anonymous and de-identified data for any legitimate business purpose without further notice to you or your consent.

Children under the age of 13

Our Services are not intended for children under 13 years of age. No one under age 13 may provide any information to or on the Services. We do not knowingly collect personal information from children under 13. If you are under 13, do not use or provide any information on this website or through the Services, use any of the interactive or public comment features of the Services, or provide any information about yourself to us, including your name, address, telephone number, email address, or any screen name or user name you may use. If we learn we have collected or received personal information from a child under 13 without verification of parental consent, we will delete that information. If you believe we might have any information from or about a child under 13, please contact us at team@proto.cx.

Authorized users in the European Union

If personal data provided to Company is protected under the European General Data Protection Regulation (EU) 2016/679 (“GDPR”), such person to whom the personal data relates will have certain rights, which may include the right to view, correct or delete his/her/its personal data, the right to data transferability, and the right to withdraw his/her/its consent for data processing or to object to the processing of his/her/its personal data by Serene. This means that such person, including an Authorized User, can submit a request to Company to send the personal data that Company holds about such person in a computer file to him/her/it or another organization mentioned by him/her/it. 

The Company’s GDPR data processor is Google Cloud Platform.

In order to exercise any of these rights, a written request can be submitted to Company at team@proto.cx for access, correction, deletion, data transfer of the personal data or request for withdrawal of consent or objection to the processing of such person’s personal data, together with a copy of the person’s proof of identity. In the copy of proof of identity, it is advisable to conceal the passport photo, MRZ (machine readable zone, the strip with numbers usually at the bottom of the passport), passport number and citizen service number, so that these items are not legible. 


Authorized users in california

If you are a California resident, California law may provide you with additional rights regarding our use of your personal information. To learn more about your California privacy rights, visit https://oag.ca.gov/privacy/ccpa.

Schedule “A” to this Policy contains terms applicable specifically to California residents who use the Services as Authorized Users (“California Policy”). Many parts of the California Policy are identical to those in this Policy. To the extent possible, the California Policy should be read in harmony with these Terms, and if there is any conflict between the two, the California Policy shall prevail in relation to any California resident’s use of the Services as Authorized Users. 


California's "Shine the Light" law (Civil Code Section § 1798.83) permits users of the Services that are California residents to request certain information regarding our disclosure of personal information to third parties for their direct marketing purposes. To make such a request, please send an e-mail to team@proto.cx.

Accessing and correcting your personal information

It is important that the personal information we hold about you is accurate and current. Please keep us informed if your personal information changes. By law you have the right to request access to and to correct the personal information that we hold about you.

If you want to review, verify, correct, or withdraw consent to the use of your personal information you may also send us an email at team@proto.cx to request access to, correct, or delete any personal information that you have provided to us. We may not accommodate a request to change information if we believe the change would violate any law or legal requirement or cause the information to be incorrect. 

We may request specific information from you to help us confirm your identity and your right to access, and to provide you with the personal information that we hold about you or make your requested changes. Applicable law may allow or require us to refuse to provide you with access to some or all of the personal information that we hold about you, or we may have destroyed, erased, or made your personal information anonymous in accordance with our record retention obligations and practices. If we cannot provide you with access to your personal information, we will inform you of the reasons why, subject to any legal or regulatory restrictions.

We will provide access to your personal information, subject to exceptions set out in applicable privacy legislation. Examples of such exceptions include:

If you are concerned about our response or would like to correct the information provided, you may contact us at team@proto.cx.

Withdrawing your consent

Where you have provided your consent to the collection, use, and transfer of your personal information, you may have the legal right to withdraw your consent under certain circumstances. To withdraw your consent, if applicable, contact us at team@proto.cx. Please note that if you withdraw your consent we may not be able to provide you with a particular product or service. We will explain the impact to you at the time to help you with your decision.

Changes to our privacy policy

It is our policy to post any changes we make to our Policy on this page. If we make material changes to how we treat our users' personal information, we will notify you through a notice on the Services home page. 

We include the date the Policy was last revised at the top of the page. You are responsible for ensuring we have an up-to-date, active, and deliverable email address for you, and for periodically visiting our Services and this Policy to check for any changes.

General terms

If any provision of this Policy is held to be invalid, illegal or unenforceable in any respect, that provision shall be limited or eliminated to the minimum extent necessary so that this Policy shall otherwise remain in full force and effect and enforceable.

If there is any dispute arising out of the Services, by using the Services the User expressly agrees that any such dispute shall be governed by the laws of England and Wales without regard to its conflict of law provisions, and the User expressly agrees and consents to the exclusive jurisdiction and venue of the courts of England and Wales.


Contact information and challenging compliance

We welcome your questions, comments, and requests regarding this Policy and our privacy practices. Please contact us at team@proto.cx

We have procedures in place to receive and respond to complaints or inquiries about our handling of personal information, our compliance with this Policy, and with applicable privacy laws. To discuss our compliance with this Policy please contact us using the contact information listed above.


Schedule “A”

California Policy

This Privacy Policy for California Residents (“California Policy”) supplements the Proto Global Ltd. (UK) (“we”, “us”, “our(s)”) main Privacy Policy and applies solely to all visitors, users, and others who reside in the State of California ("consumers" or "you"). We adopt this notice to comply with the California Consumer Privacy Act of 2018 (CCPA) and any terms defined in the CCPA have the same meaning when used in this California Policy. 

This California Policy does not apply to workforce-related personal information collected from California-based employees, job applicants, contractors, or similar individuals. 

Where noted in this California Policy, the CCPA temporarily exempts personal information reflecting a written or verbal business-to-business communication ("B2B personal information") from some its requirements.

Information we collect

We collect information that identifies, relates to, describes, references, is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular consumer, household, or device ("personal information"). Personal information does not include:

In particular, we have collected the following categories of personal information from consumers within the last twelve (12) months:

Category
Examples
Collected
A. Identifiers.
A real name, alias, postal address, unique personal identifier, online identifier, Internet Protocol address, email address, account name, Social Security number, driver's license number, passport number, or other similar identifiers.
Yes
B. Personal information categories listed
A name, signature, Social Security number, physical characteristics or description, address, telephone number, passport number, driver's license or state
Yes
in the California Customer Records statute (Cal. Civ. Code § 1798.80(e)).
identification card number, insurance policy number, education, employment, employment history, bank account number, credit card number, debit card number, or any other financial information, medical information, or health insurance information.Some personal information included in this category may overlap with other categories.
C. Protected classification characteristics under California or federal law.
Age (40 years or older), race, color, ancestry, national origin, citizenship, religion or creed, marital status, medical condition, physical or mental disability, sex (including gender, gender identity, gender expression, pregnancy or childbirth and related medical conditions), sexual orientation, veteran or military status, genetic information (including familial genetic information).
Yes
D. Commercial information.
Records of personal property, products or services purchased, obtained, or considered, or other purchasing or consuming histories or tendencies.
Yes
E. Biometric information.
Genetic, physiological, behavioral, and biological characteristics, or activity patterns used to extract a template or other identifier or identifying information, such as, fingerprints, faceprints, and voiceprints, iris or retina scans, keystroke, gait, or other physical patterns, and sleep, health, or exercise data.
No
F. Internet or other similar network activity.
Browsing history, search history, information on a consumer's interaction with a website, application, or advertisement.
Yes
G. Geolocation data.
Physical location or movements.
No
H. Sensory data.
A. IdentAudio, electronic, visual, thermal, olfactory, or similar information.ifiers.
No
I. Professional or employment-related information.
Current or past job history or performance evaluations.
No
J. Non-public education information (per the Family Educational
Education records directly related to a student maintained by an educational institution or party acting on its behalf, such as grades, transcripts, class lists, student schedules, student identification codes, student financial information, or student disciplinary records.
No
Rights and Privacy Act (20 U.S.C. Section 1232g, 34 C.F.R. Part 99)).
K. Inferences drawn from other personal information.
Profile reflecting a person's preferences, characteristics, psychological trends, predispositions, behavior, attitudes, intelligence, abilities, and aptitudes.
Yes

We obtain the categories of personal information listed above from the following categories of sources:

Use of personal information

We may use or disclose the personal information we collect for one or more of the following purposes: 

We will not collect additional categories of personal information or use the personal information we collected for materially different, unrelated, or incompatible purposes without providing you notice.


Sharing personal information

We may share your personal information by disclosing it to a third party for a business purpose. 

We only make these business purpose disclosures under written contracts that describe the purposes, require the recipient to keep the personal information confidential, and prohibit using the disclosed information for any purpose except performing the contract. In the preceding twelve (12) months, Company has disclosed personal information for a business purpose to the categories of third parties indicated in the chart below.

We do not sell personal information.

Personal Information
Category
Category of Third-Party Recipients
Business Purpose Disclosures
Sales
A. Identifiers.
Registration and use of the Services.
None.
B: California Customer Records personal information categories.
Registration and use of the Services.
None.
C: Protected classification characteristics under California or federal law.
Registration and use of the Services.
None.
D. Commercial information.
Registration and use of the Services.
None.
E. Biometric information.
None.
None.
F. Internet or other similar network activity.
Registration and use of the Services.
None.
G. Geolocation data.
None.
None.
H. Sensory data.
None.
None.
I. Professional or employment-related information.
None.
None.
J. Non-public education information (per the Family Educational
None.
None.
K. Inferences drawn from other personal information.
Registration and use of the Services.
None.

Your Rights and Choices

The CCPA provides consumers (California residents) with specific rights regarding their personal information. This section describes your CCPA rights and explains how to exercise those rights.

Right to Know and Data Portability

You have the right to request that we disclose certain information to you about our collection and use of your personal information over the past 12 months (the "right to know"). Once we receive your request and confirm your identity (see Exercising Your Rights to Know or Delete), we will disclose to you:

 We do not provide a right to know or data portability disclosure for B2B personal information.


Right to Delete 

You have the right to request that we delete any of your personal information that we collected from you and retained, subject to certain exceptions (the "right to delete"). Once we receive your request and confirm your identity (see Exercising Your Rights to Know or Delete), we will review your request to see if an exception allowing us to retain the information applies. We may deny your deletion request if retaining the information is necessary for us or our service provider(s) to: 

  1. Complete the transaction for which we collected the personal information, provide a good or service that you requested, take actions reasonably anticipated within the context of our ongoing business relationship with you, fulfill the terms of a written warranty or product recall conducted in accordance with federal law, or otherwise perform our contract with you.
  2. Detect security incidents, protect against malicious, deceptive, fraudulent, or illegal activity, or prosecute those responsible for such activities.
  3. Debug products to identify and repair errors that impair existing intended functionality.
  4. Exercise free speech, ensure the right of another consumer to exercise their free speech rights, or exercise another right provided for by law.
  5. Comply with the California Electronic Communications Privacy Act (Cal. Penal Code § 1546 et. seq.).
  6. Engage in public or peer-reviewed scientific, historical, or statistical research in the public interest that adheres to all other applicable ethics and privacy laws, when the information's deletion may likely render impossible or seriously impair the research's achievement, if you previously provided informed consent.
  7. Enable solely internal uses that are reasonably aligned with consumer expectations based on your relationship with us.
  8. Comply with a legal obligation.
  9. Make other internal and lawful uses of that information that are compatible with the context in which you provided it.

We will delete or deidentify personal information not subject to one of these exceptions from our records and will direct our service providers to take similar action. 

We do not provide these deletion rights for B2B personal information.


Exercising Your Rights to Know or Delete

To exercise your rights to know or delete described above, please submit a request by emailing us at team@proto.cx.

Only you, or someone legally authorized to act on your behalf, may make a request to know or delete related to your personal information. 

You may also make a request to know or delete on behalf of your child by the same method.

You may only submit a request to know twice within a 12-month period. Your request to know or delete must:

We cannot respond to your request or provide you with personal information if we cannot verify your identity or authority to make the request and confirm the personal information relates to you. 

You do not need to create an account with us to submit a request to know or delete. However, we do consider requests made through your password protected account sufficiently verified when the request relates to personal information associated with that specific account.

We will only use personal information provided in the request to verify the requestor's identity or authority to make it. 

For instructions on exercising your sale opt-out or opt-in rights, see Personal Information Sales Opt-Out and Opt-In Rights.


Response Timing and Format

We will confirm receipt of your request within ten (10) business days. If you do not receive confirmation within the 10-day timeframe, please contact team@proto.cx.   

We endeavor to substantively respond to a verifiable consumer request within forty-five (45) days of its receipt. If we require more time (up to another 45 days), we will inform you of the reason and extension period in writing.

If you have an account with us, we will deliver our written response to that account. If you do not have an account with us, we will deliver our written response by mail or electronically, at your option. 

Any disclosures we provide will only cover the 12-month period preceding our receipt of your request. The response we provide will also explain the reasons we cannot comply with a request, if applicable. For data portability requests, we will select a format to provide your personal information that is readily useable and should allow you to transmit the information from one entity to another entity without hindrance.

We do not charge a fee to process or respond to your verifiable consumer request unless it is excessive, repetitive, or manifestly unfounded. If we determine that the request warrants a fee, we will tell you why we made that decision and provide you with a cost estimate before completing your request. 


Non-Discrimination

We will not discriminate against you for exercising any of your CCPA rights. Unless permitted by the CCPA, we will not:

However, we may offer you certain financial incentives permitted by the CCPA that can result in different prices, rates, or quality levels. Any CCPA-permitted financial incentive we offer will reasonably relate to your personal information's value and contain written terms that describe the program's material aspects. Participation in a financial incentive program requires your prior opt-in consent, which you may revoke at any time.


Changes to California Policy

We reserve the right to amend this California Policy at our discretion and at any time. When we make changes to this California Policy, we will post the updated notice on the Website and update the notice's effective date. Your continued use of our Website following the posting of changes constitutes your acceptance of such changes.

Contact Information

If you have any questions or comments about this notice, the ways in which Proto collects and uses your information described here, your choices and rights regarding such use, or wish to exercise your rights under California law, please do not hesitate to contact us at:

Email: team@proto.cx

Postal adress:

483 Green Lanes
London
N13 4BS

If you need to access this California Policy in an alternative format due to having a disability, please contact team@proto.cx