Privacy Policy

Privacy Policy

Privacy Notice

Last Updated: 03 November 2024

Your privacy is important to us. At Cortx (“Company,” “we,” “us,” or “our”), we are committed to protecting your personal data, respecting your privacy rights, and adhering to relevant regulations, including the General Data Protection Regulation (GDPR), the California Consumer Privacy Act (CCPA), and upcoming legislation such as the EU AI Act. This notice provides essential information about how we handle personal data, our lawful basis for processing, your rights, and how you can exercise those rights.

1. Introduction and Scope

  1. Controller Information
    For the purposes of GDPR, Cortx is the data controller for the processing of personal data described in this Privacy Notice. If we process personal data on behalf of our customers, we act as a data processor, and our customers’ privacy policies (not ours) govern how they collect and handle your personal data.

  2. Services Covered
    This Privacy Notice applies to the personal data we handle via www.cortx.co and our products and services (collectively, the “Services”). It does not apply to third-party websites, applications, or services, even if they are linked within our Services. We encourage you to review the privacy practices of third parties before sharing your personal data with them.

  3. EU AI Act
    In preparation for and alignment with the forthcoming EU AI Act, we strive to meet the requirements of transparency, accountability, and risk management with respect to any AI systems that may process personal data. If we implement AI-driven systems in our Services, we will ensure:

    • Adequate risk assessments and mitigation measures.

    • Compliance with transparency obligations, including clear communication about AI-based decision-making (if any).

    • Respect for fundamental rights and freedoms, especially regarding the personal data used to train, validate, or operate AI models.

2. Transparency and Security

  1. Transparency
    This Privacy Notice explains our own handling of personal data collected directly from you or automatically (e.g., via cookies or log data). Our customers’ or partners’ collection and use of your personal data is governed by their own privacy policies.

  2. Privacy and Security
    We take reasonable steps—such as encryption, access controls, and third-party security assessments—to protect personal data. We share personal data only as needed:

    • To provide our Services or support.

    • To comply with legal obligations.

    • To protect our rights, property, or safety or that of others.

  3. Minimal Data Collection

    • You may browse our site without providing personal data.

    • If you choose to contact us (e.g., via web forms, email, or SMS), we will use your information only to respond or provide the requested Service.

    • We do not sell or share your personal data with third parties for their independent marketing purposes.

  4. Only Necessary Data
    We ask for personal data only when it is required for the Services we provide. If you have concerns about sharing your personal data, please contact us at privacy@cortx.co.

3. Your Rights Under GDPR and CCPA

We comply with the GDPR for individuals in the European Economic Area (EEA) and the CCPA for individuals in California, while also extending similar data protection principles worldwide.

  1. GDPR Rights (for EEA residents)

    • Right to be Forgotten (Erasure): You may request deletion of your personal data. This right is not absolute and may be subject to our legal and contractual obligations.

    • Right to Information: You have the right to know how we process your data and why, including any third parties we share it with.

    • Right to Access: You can request a copy of your personal data and information on how it is being processed.

    • Right to Rectification: If your data is inaccurate or outdated, you can request correction.

    • Right to Withdraw Consent: Where processing is based on consent, you can withdraw your consent at any time.

    • Right to Object: You can object to certain types of processing (e.g., direct marketing, certain legitimate interests).

    • Right to Data Portability: You can request a copy of your data in a machine-readable format and/or have it transferred to a third party, if technically feasible.

    • Right to Restrict Processing: You may request to limit the processing of your personal data under specific circumstances.

  2. CCPA Rights (for California residents)

    • Right to Know: You can request to know the categories of data we collect, why we collect it, and the categories of third parties with whom we share it.

    • Right to Delete: You can request deletion of your personal data, subject to legal or contractual obligations.

    • Right to Non-Discrimination: We will not discriminate against you for exercising your privacy rights.

    • Right to Limit Use and Disclosure of Sensitive Personal Information: You may request that we limit how we use your sensitive personal information to purposes necessary for providing our Services.

  3. How to Exercise Your Rights

    • To exercise any of these rights, please contact us at privacy@cortx.co.

    • We may need to verify your identity to protect your data from unauthorized access.

    • We will respond to valid requests within applicable statutory timelines.

4. Information Collection and Use

  1. Email Addresses

    • We do not send spam or rent/sell email addresses.

    • We may send you product updates or service-related notifications directly.

  2. SMS Texts

    • We may use SMS to communicate updates or opportunities. Standard message rates may apply.

    • Reply STOP to cancel or HELP for assistance.

  3. Marketing

    • If you opt in to receive marketing communications, we may send promotional emails or messages about our products and services.

    • You can opt out any time by following the unsubscribe link or contacting us at privacy@cortx.co.

  4. Log Data

    • We collect standard log data (e.g., IP addresses, browser type, pages viewed, timestamps) for traffic analysis, functionality improvements, and user experience enhancements.

    • This data may be associated with your account if you choose to fill out forms or register.

  5. Location Information & IP Addresses

    • We may use IP addresses and related device information for security monitoring, analytics, or location-based services, if you provide consent or if it is necessary for our legitimate interests.

  6. Cookies and Tracking Technologies

    • We and our analytics partners use cookies and similar technologies to improve functionality and user experience.

    • You can manage your cookie preferences in your browser settings. Some features may not function properly if cookies are disabled.

  7. Data Aggregation

    • We may aggregate and anonymize collected data to improve our Services or for commercial insights.

    • Aggregated data does not include personally identifiable information.

  8. Data Sharing

    • We share personal data only under the following conditions:

      • With employees or contractors who need access and are bound by confidentiality.

      • As required by law or to protect rights and safety.

      • In connection with mergers or acquisitions, provided the successor continues to follow this Privacy Notice.

    • We do not sell personal data to third parties.

5. Data Security and Retention

  1. Security Measures

    • We follow industry-standard practices, including encryption, secure protocols (HTTPS), and limited-access data centers, to protect your data.

    • No method of transmission over the internet is entirely secure; thus, we cannot guarantee absolute protection.

  2. Data Retention

    • We retain personal data only as long as necessary for the purposes described in this Privacy Notice or as required by law.

    • You can request deletion or access to your data by contacting privacy@cortx.co.

  3. Third-Party Services and International Transfers

    • We use Amazon Web Services (AWS) and other reputable providers that may store or process data in multiple locations.

    • When transferring data outside of the EEA, we use lawful transfer mechanisms (e.g., Standard Contractual Clauses) to ensure adequate protection.

    • For users outside the EEA, any transfer of data to the UK or EEA is protected under this Privacy Notice.

6. Children’s Privacy

  • Our Services are not directed at individuals under 18.

  • We do not knowingly collect personal data from children. If we discover we have collected data from a child, we will promptly delete it.

7. Compliance with the EU AI Act

Although the EU AI Act is still in the legislative process, we are preparing for compliance by:

  • Risk Management: Evaluating any AI systems we use to determine the level of risk to individuals and implementing appropriate mitigation measures.

  • Transparency: Informing users if and when AI technology influences decisions regarding personal data, and providing clear contact points for further information.

  • Data Minimization and Quality: Ensuring only necessary personal data is processed for AI-related activities and striving for data accuracy to reduce risks of bias or harm.

  • Monitoring and Accountability: Keeping records of AI systems and their purposes, and regularly reviewing performance to ensure ongoing compliance and protection of fundamental rights.

If we begin using AI that significantly impacts you (e.g., automated decision-making with legal or similarly significant effects), we will provide you with specific information about such processing and your right to object or request manual intervention, as required by GDPR and the EU AI Act.

8. Policy Changes and Contact

  1. Privacy Policy Updates

    • We may update this Privacy Notice periodically to reflect changes in our data practices or legal obligations.

    • Significant changes will be posted on our website, and we encourage you to review this page from time to time.

  2. Contact Information

    • Email: privacy@cortx.co

    • Address: Sutton Vale Country Park, Vale Road, Dover, England, CT15 5DH

  3. Regulatory Authority Contact

    • If you have unresolved concerns, you have the right to lodge a complaint with a relevant data protection authority, such as the UK’s Information Commissioner’s Office (ICO) or an equivalent body in your EEA member state.

Thank you for reviewing our Privacy Notice.
If you have any questions or concerns about how we handle your personal data or our approach to AI and data protection, please contact us at privacy@cortx.co. We value your privacy and strive to ensure that we meet and exceed your expectations and regulatory requirements.