Privacy Policy

Summary in Plain Language

Technosive is committed to protecting your privacy. We collect information necessary to provide our DPO CX platforms, improve our services, and comply with legal obligations. You have rights to access, correct, delete, or transfer your personal data. We implement security measures to protect your information and never sell your personal data to third parties. This policy explains our practices in detail.

1. Information We Collect

1.1 Personal Data Provided by You

When you use our DPO CX platform, we collect:

  • Contact Information: Name, email address, phone number, company name
  • Account Credentials: Username, encrypted password, authentication tokens
  • Professional Information: Job title, organization type, industry sector
  • Communication Data: Messages sent through our platforms, support inquiries
  • Payment Information: Billing address, payment card details (processed via PCI-compliant payment processors)

1.2 Automatically Collected Information

We automatically collect:

  • Usage Data: Pages visited, features used, time spent, actions performed
  • Device Information: IP address, browser type, operating system, device identifiers
  • Log Data: Access times, referring URLs, error messages
  • Analytics Data: Aggregated, anonymized usage patterns for service improvement

1.3 Data from Third Parties

With your consent or where legally permitted, we may receive:

  • Professional profile information from business networking platforms
  • Company registration data from public or commercial databases
  • Compliance or regulatory information from authorized sources

2. How We Use Your Personal Data

2.1 Service Provision

We use your personal data to:

  • Provide and maintain access to DPO CX platforms
  • Process your requests and deliver subscribed services
  • Manage user accounts and authentication
  • Generate reports and analytics within our platforms
  • Facilitate AI-driven insights and recommendations (PrivaXAI)

2.2 Legal and Regulatory Compliance

  • Comply with GDPR, UK GDPR, PDPL, and other applicable regulations
  • Respond to legal requests, court orders, and regulatory inquiries
  • Maintain audit trails and evidence of compliance activities
  • Verify identity and prevent fraud or unauthorized access

2.3 Communication and Support

  • Send service-related notifications and updates
  • Respond to inquiries and provide technical support
  • Share regulatory updates and compliance guidance
  • Process feedback and improve our services

2.4 Legal Basis for Processing (GDPR/UK GDPR)

  • Contract Performance: Fulfilling our service agreements
  • Legitimate Interests: Service improvement, fraud prevention, security
  • Legal Obligation: Compliance with regulatory requirements
  • Consent: Where explicitly provided for non-essential processing

3. Data Sharing and Disclosure

3.1 We Never Sell Your Personal Data

Technosive does not sell, rent, or monetize your personal data.

3.2 Authorized Third Parties

We may share data with:

  • Service Providers: Cloud hosting, payment processing, analytics (subject to data processing agreements)
  • Subprocessors: Entities engaged to perform specific services on our behalf
  • Regulatory Authorities: When required by law or regulatory obligation
  • Business Partners: Only with your explicit consent for joint service delivery
  • Professional Advisors: Legal, financial, or compliance advisors as needed

3.3 Cross-Border Data Transfers

πŸ‡¬πŸ‡§ UK GDPR Variant

Personal data may be transferred to countries outside the UK only where adequate safeguards are in place, including: - Countries with UK adequacy regulations - Standard Contractual Clauses (SCCs) approved by the ICO - Binding Corporate Rules (BCRs) where applicable - Your explicit consent for specific transfers

πŸ‡ͺπŸ‡Ί EU GDPR Variant

Personal data may be transferred to non-EEA countries only with appropriate safeguards: - Countries with EU adequacy decisions - Standard Contractual Clauses (SCCs) adopted by the European Commission - Binding Corporate Rules (BCRs) - Derogations under Article 49 GDPR for specific cases

πŸ‡ΈπŸ‡¦ Saudi PDPL Variant

Cross-border data transfers comply with Saudi PDPL requirements: - Transfers only to countries with adequate data protection laws - Your explicit consent for transfers outside Saudi Arabia - Contractual safeguards ensuring PDPL-equivalent protection - SDAIA approval where required for specific transfers

4. Data Security and Retention

4.1 Security Measures

We implement appropriate technical and organizational measures:

  • Encryption in transit (TLS 1.3+) and at rest (AES-256)
  • Access controls, authentication, and authorization systems
  • Regular security assessments and penetration testing
  • Incident response procedures and breach notification protocols
  • Employee training and confidentiality obligations

4.2 Data Retention Periods

We retain personal data only as long as necessary:

  • Account Data: While your account is active plus 7 years post-termination (legal requirement)
  • Usage Logs: Maximum 2 years for security and analysis purposes
  • Support Communications: 3 years from last interaction
  • Compliance Records: As required by applicable regulations (typically 7 years)

After retention periods expire, data is securely deleted or anonymized.

5. Your Data Protection Rights

5.1 Rights Under GDPR, UK GDPR, and PDPL

You have the right to:

  • Access: Request a copy of your personal data
  • Rectification: Correct inaccurate or incomplete data
  • Erasure: Request deletion of your personal data ("right to be forgotten")
  • Restrict Processing: Limit how we use your data
  • Data Portability: Receive your data in a structured, machine-readable format
  • Object: Object to processing based on legitimate interests
  • Withdraw Consent: Remove consent where consent is the legal basis
  • Complain: Lodge a complaint with supervisory authorities

5.2 Additional Rights Under PDPL

  • Opt-out of automated decision-making
  • Notification of data breaches without undue delay
  • Access to data shared with third parties

5.3 How to Exercise Your Rights

Submit requests to:

  • Email: dpo@technosive.com
  • Post: Technosive Data Protection Officer, [Address]
  • Response Time: Within 30 days (extendable by 60 days for complex requests)

6. Automated Decision-Making and AI (PrivaXAI)

Our PrivaXAI platform uses AI for:

  • Risk assessment and compliance scoring
  • Pattern recognition in data processing activities
  • Automated report generation and recommendations
  • Anomaly detection and compliance alerts

Your Rights: You may request human intervention, express your point of view, and contest automated decisions. Contact dpo@technosive.com to exercise these rights.

7. Children's Privacy

Our services are intended for business and professional use. We do not knowingly collect personal data from individuals under 16 years of age (GDPR), 13 years (UK GDPR), or 13 years (PDPL). If we discover such data has been collected, we will delete it immediately.

8. Cookies and Tracking Technologies

We use:

  • Necessary Cookies: Required for site functionality and security
  • Analytics Cookies: Anonymous usage data for service improvement
  • Preference Cookies: Remember your settings and choices

You can manage cookie preferences through our cookie banner or browser settings. Disabling cookies may affect site functionality.

9. Data Breach Notification

In the event of a personal data breach:

  • GDR/UK GDPR: We will notify supervisory authorities within 72 hours of becoming aware, and affected individuals without undue delay if high risk is present
  • PDPL: We will notify SDAIA within 72 hours and affected individuals without undue delay
  • Notification will include nature of breach, categories affected, likely consequences, and remedial measures taken

10. Changes to This Privacy Policy

We may update this policy to reflect changes in our practices, legal requirements, or technology. Material changes will be communicated via:

  • Email notification to registered users
  • Platform notification for active users
  • Website notice at least 30 days before effective date

Last Updated: January 2025

11. Contact Information

For privacy-related inquiries, requests, or complaints:

  • Data Protection Officer: dpo@technosive.com
  • General Inquiries: privacy@technosive.com
  • Website: https://technosive.com

Supervisory Authorities

UK: Information Commissioner's Office (ICO)
EU: Local Data Protection Authority (DPA) in your member state
Saudi Arabia: Saudi Data & AI Authority (SDAIA)

12. Jurisdiction-Specific Appendices

πŸ‡¬πŸ‡§ United Kingdom Appendix

  • β€’ This policy complies with the Data Protection Act 2018 and UK GDPR
  • β€’ UK supervisory authority: Information Commissioner's Office (ICO)
  • β€’ Data subjects may lodge complaints with the ICO: https://ico.org.uk/concerns
  • β€’ Cross-border transfers governed by UK adequacy regulations and ICO-Approved SCCs

πŸ‡ͺπŸ‡ͺ European Union Appendix

  • β€’ This policy complies with Regulation (EU) 2016/679 (GDPR)
  • β€’ EU supervisory authority: Local Data Protection Authority in your member state
  • β€’ Data subjects may lodge complaints with their national DPA
  • β€’ Cross-border transfers governed by EU adequacy decisions and European Commission SCCs

πŸ‡ΈπŸ‡¦ Saudi Arabia Appendix

  • β€’ This policy complies with Saudi Personal Data Protection Law (PDPL) and its regulations
  • β€’ Supervisory authority: Saudi Data & AI Authority (SDAIA)
  • β€’ Data subjects may lodge complaints with SDAIA: https://sdaia.gov.sa
  • β€’ Cross-border transfers require SDAIA approval unless destination country has adequate protection
  • β€’ Data localization requirements for sensitive personal data as specified by SDAIA