Nebuli^® Privacy Policy

1.1. Who we are

Nebuli is an ecosystem of Products and Services that applies Augmented Intelligence algorithms, human-centric design methodologies, behavioural analytics, economic research and other specialist activities to help customers with their digital transformation, digital ethics and specialist business and marketing strategies, both locally and internationally.

Unless stated otherwise, all Products and Services offered by Nebuli are owned and provided by Nebuli Limited (“Nebuli Ltd.”, “Nebuli”, “Company”, “we”, or “us”), Company Number 10622690, a limited company registered in England and Wales with the registered office address: White Collar Factory, 1 Old Street Yard, London, EC1Y 8AF, United Kingdom.

This Privacy Policy covers ONLY all Products and Services OWNED by Nebuli. This agreement does not cover other (i.e. Third Party) websites linked to Nebuli’s Products and Services, including any websites or services that may indicate a special relationship or partnership with Nebuli. Please note that any linked third-party websites and/or services may collect personal information from you. Nebuli CANNOT offer any information or reassurance about the level of privacy protection offered from or by those linked third-party websites and services, which are NOT controlled or maintained by Nebuli. We strongly Advise you to locate and read carefully the privacy statements displayed on any third party websites you visit, as well as their terms and conditions and cookie policy.

This Privacy Policy applies when you (“User” “Participant”, “Contributor”, “Visitor”, “Organisation”, “Company”, “Legal Entity”, “Member”, “Subscriber”, “Client”  or “Customer”) access, visit or use any portion of our Products and Services.

This Privacy Policy also applies to all of our employees, staff members and contractors, as well as suppliers, business contacts, employees and/or staff members of our Users, users of our Users’ websites and any other individuals that the organisation has a relationship with or may need to contact.

To get in touch, please email us via nebuli.com/contact. We do not use an office telephone number but we can engage with you via online video calls on request.

1.2. What this Privacy Policy does

This Privacy Policy describes your privacy rights, how the law protects you, and inform our employees, staff members and contractors of all their obligations and protocols when processing your data.

This Privacy Policy also describes how Nebuli collects, uses, stores, shares and protects your information in connection with our Products and Services including, but not limited to, Products and Services accessible via or provided to you directly via the domains nebuli.com, nebu.li, subdomains and any other domains and websites owned by Nebuli (collectively, our “Websites”); cloud-hosted tools or Apps including, but not limited to, mobile, tablet and any other software applications and plugins related to our Websites (collectively, our “Tools”); and images, videos, audio, text, playlists, metadata, and any other interactive material available through our Products and Services (collectively, our “Content”).

At Nebuli we are committed to protecting and respecting your privacy and personal data in compliance with the law and guidelines of the General Data Protection Regulation (EU) 2016/679 (“GDPR”) and the UK Data Protection Act 2018 (“Data Protection Laws”). Please read this Privacy Policy to learn about your rights, what information we collect, how we use and protect it.

1.3. When these terms apply

In order to access or use our Services you must agree to the terms of this Privacy Policy, so please read them carefully. We recommend that you download this agreement for future reference. We will ask you to confirm that you agree to the terms of this Privacy Policy when you create an account to use any part of our Services and an agreement will come into existence between you and us when you confirm that you accept these terms of this Privacy Policy.

If you use any of our Services before you have confirmed that you accept the terms of this Privacy Policy then, by using or accessing our Services, you agree that you have read, understood and accept the terms of this Privacy Policy, as well as our General Terms and Conditions of Use of our Services and our Cookie Policy and all and/or any other notices posted by us throughout our Services or directly to you via additional agreements or project contracts.

If you disagree with any of the terms of this Privacy Policy, please do not proceed to accessing or using our Services. You are responsible for ensuring that all persons who use or access our Services are aware of the terms of this Privacy Policy, our General Terms and Conditions and our Cookie Policy and that they fully comply with them. If you sign up for any of our Services, you will be confirming that you intend to use our Services in the course of your business, craft, trade or profession.

When you use our Services on behalf of a Company or Organisation, or any other legal entity, then by accepting the terms of this Privacy Policy you confirm that you have sufficient authority to enter into a contract on the Company’s, Organisation’s or legal entity’s behalf and that you understand and agree that the Company or Organisation or any other legal entity will be our customer and not you personally. Even if you have not set up a Company or Organisation or any other legal entity yet, you will be treated as a ‘trader’ and not a ‘consumer’ under the UK consumer law when you sign up to any of our Services and, once you have set up your Company or Organisation or any other legal entity, any further instructions you give us will be from the Company or Organisation or the other legal entity and not you personally.

If you do not accept or agree with the terms of this Privacy Policy you cannot use or access any of our Services. If you have proceeded to payment (where applicable) and then commenced use of our Services we will determine that you have fully accepted all of this agreement’s terms, as well as our General Terms and Conditions of Use of our Services and our Cookie Policy and all and/or any other notices posted by us throughout our Products and Services or directly to you via additional agreements or project contracts.

1.4. It’s your data and we respect it

Your personal and company data is sensitive and entitled to protection. We strongly believe and advocate the principle that your privacy is your power and it is a human right.

1.5. What is personal data?

Where we mention “Personal Data” it is referring to data about you from which you could be identified – such as your name, your date of birth, your contact details and even your IP address. All rights, titles and interests in your data held by Nebuli and throughout Nebuli’s Products and Services (where relevant) are 100% yours and we NEVER sell, disclose or make your data or information available to anyone without your explicit permission (other than being legally required such as by a court order).

1.6. Our legal obligations

By law, all organisations in the UK are obliged to process your personal data in certain ways and to ensure that you are given an appropriate amount of information about how they use it. You also have various rights to seek information from those organisations about how they are using your data, and to prevent them from processing it unlawfully.

1.7. Your Data Controller

Nebuli is your Data Controller and responsible for your Personal Data and is responsible for overseeing questions in relation to this Privacy Policy. If you have any questions about this Privacy Policy, including any requests to exercise your legal rights surrounding your Personal Data, please contact our legal team at legal@nebuli.com.

1.8. Processing your data

In discharging our responsibilities as the Data Controller, we have Data Processors who deal with your data on behalf of Nebuli. The responsibilities assigned to the Data Processors, as individuals and/or Nebuli as a whole, involve the following:

1. Ensuring that all processing of Personal Data is governed by the Data Protection Laws.
2. Full commitment to confidentiality under an appropriate statutory obligation of confidentiality.
3. Obtaining the prior specific or general written authorisation of the Data Controller before engaging another Processor.
4. Assisting the Data Controller in the fulfilment of the Data Controller’s obligation to respond to requests for exercising the data subject’s rights.
5. Implementing appropriate technical and organisational measures to ensure a level of security appropriate to the risk associated with the processing of Personal Data.
6. Making available to the Controller all information necessary to demonstrate compliance with the obligations laid down in the Data Protection Laws and allow for and contribute to audits, including inspections, conducted by the Data Controller or another auditor mandated by the Data Controller.
7. Maintaining a record of all categories of processing activities carried out on behalf of the Data Controller.
8. Notifying the Data Controller without undue delay after becoming aware of a Personal Data Breach.
9. Cooperating, on request, with the supervisory authority in the performance of its tasks.
10. Ensuring that any person acting under the authority of the Data Processor who has access to Personal Data does not process them except on instructions from the Data Controller.
11. Designating a data protection officer where required by the Data Protection Laws, publishing their details and communicating them to the supervisory authority. 
12. Supporting the data protection officer in performing their tasks by providing resources necessary to carry out those tasks and access to Personal Data and processing operations, and to maintain his or her expert knowledge.

1.9. General authority to appoint sub-processors

Where necessary, by accepting the terms of this Privacy Policy, you authorise us to appoint third parties to process personal data as a sub-processor as we see fit. This clause will be deemed to be your general written authorisation under Article 28(2) of the GDPR. We will let you know if we plan to make any changes concerning the addition or replacement of any sub-processors before we make the change.

When we engage a sub-processor, we will ensure that we have a written contract in place with the sub-processor that sets out the same data protection obligations on the third party as are set out in clause 1.8 (or substantially on that sub-processor’s standard terms of business), in particular providing sufficient guarantees to implement appropriate technical and organisational measures to ensure that the processing will meet the requirements of the relevant Data Protection Legislation.

If we appoint a sub-processor, we remain fully liable to you for the performance of the sub-processor’s data protection obligations.

1.10. This Privacy Policy is subject to change

Please note that we reserve the right to revise or amend the terms of this Privacy Policy at any time to reflect changes to our business or changes in the law. Please note that it is your responsibility to check the terms of this Privacy Policy for any changes regularly before using or accessing any of our Services.

At Nebuli, we strongly believe in being transparent about how and when we collect and use your personal data and/or business data (if you are a business customer) and tell you why we need it, and how we use it.

2.1. Voluntary Provision of Data

Any personal, commercial, company and user-generated information will only ever be uploaded voluntarily by you and you confirm that you have obtained the necessary consent and have given appropriate notices to lawfully upload any individual’s personal data or company data, or data belonging to any other legal entity, to our Websites and Services for the duration and purposes of the terms of this Privacy Policy.

When you voluntarily supply your personal data to us, for example where you use our Websites to upload or send personal data (by contacting us via our Websites about our Services that we may offer to you, submitting applications for vacancies, or similar activities in which your volunteer data about yourself) contact us by post, telephone, email or SMS, report a problem with any of our Websites or Services, we may collect, store and use the personal data that you disclose to us. The personal data we collect from you may include your title, name, address, email address, company, job title, employment history and phone number – but will depend on precisely what details you volunteer to us as you interact with our Websites and Services.

2.2. Why do we need personal data?

We may collect, use, store and transfer different kinds of Personal Data to achieve the following:

1. Providing the most relevant professional advice, content and reports related to market trends, ideas, news and other professional services.
2. Our services may include reviewing client files for quality assurance purposes, which may involve processing personal data for the relevant client.
3. Promoting our Services, new product releases, Service updates to existing and prospective business clients.
4. Sending invitations and providing access to guests attending our events, meetups and webinars.
5. Personalising online landing pages and communications we think would be of interest based on interactions with us.
6. Administering, maintaining and ensuring the security of our Information Technology systems, Services, Applications and Websites.
7. Authenticating registered users to restricted areas of our Services.
8. Seeking qualified candidates, and forwarding candidate career inquiries to the appropriate team members at Nebuli, which may involve third-party recruiters who are governed by their own privacy terms and policies.
9. Processing online requests, including responding to communications from individuals or requests for proposals and quotations.
10. Contacting journalists regarding company press releases, invitations to annual press events, highlighting messages that may be of interest on specific industry topics.
11. Travel arrangement assistance.
12. Supporting clients in running a series of development programs for education and learning purposes to inform leaders in their target industries.
13. Complying with legal and regulatory obligations relating to countering money laundering, terrorist financing, fraud and other forms of financial crime.

2.3. The legal basis for collecting personal data

There are a number of justifiable reasons under the Data Protection Laws that allow Nebuli to collect and process Personal Data. The main avenues we rely on are:

1. Consent: Certain situations allow us to collect your Personal Data, such as when you tick a box that confirms you are happy to receive email newsletters from us, or ‘opt in’ to a service.
2. ‍Contractual Obligations: We may require certain information from you in order to fulfil our contractual obligations and provide you with the agreed Services.
3. Legal Compliance: We are required by law to collect and process certain types of data, such as fraudulent activity or other illegal actions.
4. Legitimate Interest: We might need to collect certain information from you to be able to meet our legitimate interests – this covers aspects that can be reasonably expected as part of running our business, that will not have a material impact on your rights, freedom or interests. Examples could be your address and geolocation so that our Services can include that address at the bottom of forms generated so the recipient of the form knows who to contact, or storing your ID documents as part of our fraud prevention measures.

2.4. Legitimate basis of processing your data

Nebuli’s use of your data for the purposes described above is based on the following legitimate basis:

1. If you are a User and/or Customer, we are entitled to use your data in order to fulfil our contractual obligations with you and, if you are acting on behalf of a legal entity, we have a legitimate interest to use your data in order to maintain the relation with your company, organisation or any other legal entity as a Nebuli client.
2. In addition, we are entitled by law to use your data for direct marketing purposes, in order to send you commercial communications related to Nebuli products or services which are similar to the Services we agreed to provide to you, since legislation on data privacy recognises direct marketing to clients as a legitimate interest of use of personal data, and legislation on information society services expressly allows Nebuli to send you commercial communications by electronic means, provided that they are related to products or services which are similar to the Services we agreed to provide to you. In any case, you are entitled to ask us not to send you any commercial communications or ‘opt out’ from our communication via our Websites. Furthermore, all commercial communications that you might receive in the future, will include an easy and free-of-charge way for you to ask us not to receive further commercial communications.

2.5. How do we use your data?

1. We use the data we collect from you to perform the services we agreed to provide to you, in conjunction with our General Terms and Conditions of use and our Cookie Policy.
2. We also use your information to review, monitor, maintain, and analyse how to improve the Services provided.
3. We may internally perform statistical and other technical and mathematical analysis on information we collect (such as demographics and metadata) to analyse and measure user behavior and trends, to understand how people use our services, in order to improve and optimise our Services, and to monitor, troubleshoot and improve our Services, including to help us evaluate or devise new features.
4. We may use your information for internal purposes designed to keep our services secure and operational, such as testing purposes, troubleshooting, to prevent abusive activity (such as fraud, spam, phishing activities and others), and for service improvement, research and development purposes.
5. If you connect your Nebuli Account in any of our Services (where applicable) with your account on a Social Media or any other third party platforms, we may use the information that you make available through the applicable Social Media or the third party platforms and that the applicable Social Media or third party platforms have made available to Nebuli, in accordance with the privacy or other settings that are applicable to your Social Media or third party platforms accounts.
6. We will occasionally send you Nebuli Products and/or Services intros, tips, use cases and user stories by any means, including, but not limited to, email and similar means of electronic communication such as personalised advertisements as part of our support provision to you while you are using and/or accessing our Services and help you use our Services more effectively. In order to customise and personalise such information and commercial communications as much as possible, Nebuli may use statistical techniques that allow the creation of user profiles and data segmentation.

2.6. We are not data brokers

We do NOT and WILL NOT sell your data to third parties for any marketing, commercial or any other what Nebuli perceives as unethical or immoral purposes. However, we may share your information with our carefully selected service providers who help us operate and provide our Services to you, in which case such third parties are required to comply with our privacy policy and any other adequate technical and organisational data protection measures. We contractually bind these service providers to our Data Processing Agreements to keep your data confidential and to use it only for the purpose of providing their services and pursuant to the Data Protection Laws. We may engage with several or all of the following categories of such service providers and/or third-parties:

1. Parties that support us as we provide our services (e.g., providers of telecommunication systems, mailroom support, IT system support, archiving services, document production services and cloud-based software services).
2. Our professional advisers, including lawyers, auditors and insurers.
3. A potential buyer, transferee, merger partner or seller and their advisers in connection with an actual or potential transfer or merger/acquisition of part or all of our business or assets, or any associated rights or interests.
4. Payment services providers.
5. Marketing services providers.
6. Law enforcement or other government and regulatory agencies or to other third parties as required by, and in accordance with, applicable law or regulation.
7. Recruitment services providers.

We will never disclose your personal data to any third party except:

1. for providing our Services you requested and for which Nebuli collaborates with third parties,
2. when we have your permission,
3. when it is required by a competent authority in the exercise of its duties (for example in order to investigate, prevent or take action regarding illegal activities), or
4. as otherwise required by law.

2.7. International transfer of your data

While Nebuli is currently a UK-based company, we operate an international business that serves customers around the world. If we need to transfer any personal data and/or company data outside your country (for example, if our service providers store personal data on servers outside in different locations around the world) we will ensure that appropriate safeguards are in place to keep your data secure, and that effective legal remedies are available for data subjects, or that there is an ‘adequacy decision’ or ‘adequacy regulation’ (as defined in the UK’s Data Protection Act 2018).

If we need to transfer any data, we will comply with our obligations under the relevant Data Protection Laws to provide an adequate level of protection to any personal data and/or company data that is transferred. As a way of guidance, your information may be stored and processed in the US, UK, European Economic Area (the “EEA”) or other countries or jurisdictions outside the US where Nebuli has facilities. We are currently storing data in the UK and the EEA and so, by using our Services, you are permitting and consenting to the transfer of information, including your personal data, outside of the US. By submitting your personal data, you agree to this transfer, storing or processing.

2.8. Data Security

Your data is uploaded and downloaded over a secure connection, your credentials are encrypted and hashed. We never store (or even know) your password. Your personal and/or company data and any Confidential Information you may upload to our Services and Websites is stored securely, and only people you have assigned as members of your team (in addition to any Nebuli team member approved under these terms) can access your data, per the access permissions you assigned to those team members. We expect you to ensure that your team, particularly those you provide Admin access to, have strong passwords, ideally different from their login credentials used in any other (third-party) websites, such as, but not limited to, social network websites and apps.

Any information and data we receive and/or collect from you while using our Services, including but not limited to your personal information, your use of our Products and Services, demographic profile, geolocation and IP address. Below is how we may collect your information:

3.1. Types of data we collect

We may collect, use, store and transfer different kinds of Personal Data about you which we have grouped together below. Please note that not all of the following types of data will necessarily be collected from you, but this is the full scope of data that we collect:

1. Registration/Profile/Identity Data: such as first name, last name, title and gender.
2. Contact Data: such as your address, phone number, social media profiles, and email address.
3. Communications Data: includes your preferences in receiving targeted marketing campaigns from us and your communication preferences.
4. Billing Data: such as debit/credit cardholder information (name/billing address…etc) of whoever purchased our Services, bank account/IBAN information.
5. Transaction Data includes details about payments from you for our Services and purchases you have made online via our Websites.
6. Technical Data: internet protocol (IP) address, browser type and version, time zone setting and location, operating system and platform, and other technology on the devices you use to access our Websites and/or Services.
7. Customer Support/Work/Interests Data includes feedback and survey responses. If you have done a webchat or contacted us by email, video chat or live chat we will retain a record of such correspondences for training purposes and quality assurance.
8. Usage Data includes information about how you use our Websites, Products and Services.
9. Other data you want to share: We may collect your personal information or data if you submit it to us in other contexts. For example, if you provide us with a testimonial, or when running a contest with Nebuli. We may also obtain personal data directly from individuals in a variety of other ways, including but not limited to obtaining personal data from individuals who provide us their business card, complete our online forms, subscribe to our newsletters, e-mail notifications and our subscriptions preferences centre, register for webinars, attend meetings or events we host, visit our offices or apply for jobs or open roles. We may also obtain personal data directly when, for example, we are establishing a business relationship, performing professional services through a contract, or through our hosted software applications.

3.2. Automated collection of data and cookies

We may also collect personal data about you when you visit our Websites through the use of technologies such as cookies. The following are examples of data we may collect:

1. information about your device, browser or operating system;
2. your IP address;
3. information about links that you click and pages you view on our Websites;
4. length of visits to certain pages;
5. subjects you viewed or searched for;
6. page response times;
7. records of download errors and/or broken links;
8. page interaction information (such as details of your scrolling, clicks, and mouse-overs);
9. methods used to browse away from the page; and
10. the full Uniform Resource Locators (URL) clickstream to, through and from our Websites (including date and time).

Furthermore, as you interact with our Websites, we will automatically collect technical information about your equipment, browsing actions and patterns using cookies and other similar technologies throughout our Website. Please refer to our Cookie Policy for more information. As a way of guidance, below is the general list of the type of cookies we may place throughout our Websites:

We use the collected data described above for several different reasons. Firstly, we use it to ensure that our Websites work properly, serve you well and that you are able to receive the full benefit from them. Second, we use the data to monitor online traffic and audience participation across our Websites, especially our Content. We undertake these activities because we have a legitimate interest in doing so.

3.3. Granting Nebuli’s staff access to your data

As part of our Services, you may occasionally contact us for customer support and/or we may need further details about your company in order to adequately provide you with our Services, both online and offline. Thus, it may be necessary for our team to access your personal and/or company data for the purpose of assistance, and to enable them to carry out the key Services that are necessary. This will only happen with your implied consent to do so, such as during an active conversation between yourself and Nebuli’s team member on our live video calls, face-to-face meetings or where it is necessary to answer a question you have asked them on email or live chat.

Once you have finished working with any of our team members, they will immediately remove their access from your personal and/or company’s databases, cloud accounts or online profile accounts in any of our Websites and Services. We also require our team members to regularly review the list of third-party data which they have accessed and to remove themselves from any persona; and/or company databases, cloud accounts or online profile accounts on our Websites and Services that they are not actively assisting to minimise the risk of any data breach. 

Additionally, we recommend that you also have the ability to remove our team members from your personal and/or company’s databases, cloud accounts or online profile accounts on our Websites and Services at any time, so that only those who you have permitted to have access to your data has it.

3.4. Collecting anonymous data

We may use anonymous data collected from your use and/or access to our Websites and Services for administrative tasks, analytics, advertising and promotional purposes, and we may share such information with other entities (such as service providers) for such purposes. We may also aggregate data to enable research or analysis so that we can better understand and better serve you and others throughout our Websites and Services. For example, we may conduct research on your demographics, user behaviour and psychographics. Although this aggregated data may be based in part on Personal Data, it does not identify you personally.

We may share this type of anonymous data with our selected service providers, our affiliates, agents and current and prospective business partners. We may also use your anonymous data outside of Nebuli to improve third-party marketing or use your data in combination with third-party data to improve your experiences both within and beyond Nebuli’s Services. We may retain your IP address and/or other device-identifying data in order to help us diagnose problems with our servers, to administer our Websites including personalising content or links relevant to your geographic area or device-type, to verify that your account is not being used by others, to gather broad anonymous demographic data (such as the number of visitors from a specific geographic area), to enforce compliance with our General Terms and Conditions of Use for our Websites and/or Services, business contracts or otherwise in order to protect our Services, Customers/Users, or other third parties. We use analytics tools including Google Analytics and/or others. These provide us with information about how our customers and users use and/or access our Websites and Services.

3.5. Indirect or passive data collection

Nebuli may collect personal information or data from third parties if customers/users give permission to those third parties to share such information with others or the data is extracted from publicly accessible sources. Such sources may include:

1. Public sources: Personal data may be obtained from public registers (such as Companies House), news articles, sanctions lists, and Internet searches.
2. Social and professional networking sites: If you register or login to our websites using social media (e.g., LinkedIn, Google, or Twitter) to authenticate your identity and connect your social media login information with us, we will collect information or content needed for the registration or login that you permitted your social media provider to share with us. That information may include your name and email address and depending on your privacy settings, additional details about you, so please review the privacy controls on the applicable service to set how much information you want to be shared with us.
3. Business clients: Our business clients may engage us to perform professional services which involve sharing personal data they control as part of that engagement. For example, reviewing their employees’ workflow data or their customer’s data via their CRM systems, etc. Our services may also include processing personal data under our clients’ control on our hosted software applications, which may be governed by different privacy terms and policies.
4. Financial and Transaction Data: from payment service providers and delivery services such as Stripe and Paypal.
5. Advertising Networks and Analytics providers: such as Google Ads, Linkedin Ads and others.
6. Recruitment services: We may obtain personal data about candidates from an employment agency, and other parties including former employers, social media companies (such as Linkedin) and credit reference agencies.

3.6. Data collected by external and third-party websites and services

At Nebuli, our aim is to keep you informed to help you navigate through the murky waters of the ever-evolving post-digital transformation world. Hence, we share as much information as possible throughout our Websites and Services, which may contain hyperlinks to other websites offered by parties other than Nebuli (“third-party websites”). We occasionally share links and content from third-party websites and media outlets that feature Nebuli, our work, opinion pieces and market trends and such third-party websites are provided for your reference and convenience only. Nebuli does not control these third-party websites and is not responsible for their content; nor does Nebuli’s inclusion of hyperlinks to such third-party websites imply any endorsement of the material on such websites or any association with their operators. Nebuli cannot be held responsible or liable for the accuracy of the information contained within the linked third-party websites or for any consequences arising from the use of their information, or for their data collection practices and their access to your private data. It is your responsibility to verify any information contained within the linked third-party websites before relying on them. Please note that the information contained within the linked third-party websites may be changed or updated at any time without any prior notice. Linked third-party websites may contain their own terms and conditions, privacy and cookie policies which we strongly advise you to locate and review.

Unless otherwise specifically stated on our Websites or Services, Nebuli does not endorse any product or service or make any representation regarding the reliability, quality or accuracy of any products, content or services featured in, or linked to, any advertisement appearing on third-party websites.

In the course of assisting you with any of our Services, both of us understand that the other party has disclosed or may disclose business, technical, financial or other confidential, sensitive or proprietary information relating to their business (“Confidential Information”). Confidential Information includes non-public information regarding features, functionality and performance of our Service, non-public information data provided by you to us to enable the provision of our Services (such as, but not limited to, company data, business plans, financials, pitch decks, investor interest information, customer information, market research data, etc), and any other information that, based on the circumstances under which it was disclosed, a reasonable person would believe to be confidential. Both of us agree:

1. 1. to take reasonable precautions to protect such Confidential Information; and
   2. not to use (except in the performance of our Services or as otherwise permitted herein) or divulge to any third person any such Confidential Information.

The foregoing provisions will not apply with respect to any information that any of us can prove:

1. 1. is or becomes generally available to the public;
   2. was in its possession or known by it prior to receipt from the other party;
   3. was rightfully disclosed to it without restriction by a third party;
   4. was independently developed without use of any Confidential Information owned by the other party; or
   5. is required to be disclosed by law.

We typically do not collect sensitive or Special Categories of Personal Data about individuals (such as details about an individual’s race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, information about an individual’s health, and genetic and biometric data), nor do we collect any information about criminal convictions and offences.

If for any legal reason we do need to process sensitive personal data, it is with the consent of the individuals involved and their Data controllers, for example, a healthcare authority who hired Nebuli for specialist Services.

We may obtain the following sensitive data for legitimate purposes, where necessary:

1. Dietary restrictions or access requirements when registering for in-person events that reveal religious beliefs or physical health.
2. Personal identification documents that may reveal race or ethnic origin, and possibly biometric data of private individuals, beneficial owners of corporate entities, or applicants.
3. Expense receipts submitted for individual tax or accounting advice that reveal affiliations with trade unions or political opinions.
4. Adverse information about potential or existing clients and applicants that may reveal criminal convictions or offences information.
5. Information provided to us by our clients in the course of a professional engagement.

Furthermore, we do not collect Child data or any information from individuals under the age of 13, we may occasionally receive details about children attending performances and other events we host with their parents or guardians (e.g., school events and presentations, galas, and technology exhibits).

Our Websites are not directed at children under the age of 13 (each “Child” together “Children”) and we do not knowingly collect personal data about Children via our Websites – unless such websites were designed to serve educational organisations and institutions as part of our educational Services. Furthermore, we may occasionally receive details about children attending educational events with their parents or guardians hosted by Nebuli or a partner institution (such as, school events, presentations, and technology exhibitions – collectively “Educational Events”). We will explicitly state if such Websites and/or Educational Events serve children under the age of 13 and further data precautions shall be applied. If you believe we have collected personal data about your Child, you may contact us at legal@nebuli.com and request that we cease processing data about your Child.

7.1. For how long do we keep your personal data?

We will hold your personal data on our systems only for as long as required to provide you with the Services you have requested or to perform the purpose for which that data was collected.

For example, we are bound to retain Services contracts made between us and our customers as they act as a record moving forwards, equally, we need to retain profile information users create via our Websites so we know which profiles are attached to which companies. In contrast, any conversations or correspondence you have with us over video calls, email or through our live chat software will be retained while the matter is ongoing, but once our conversation ends we may delete the record of that conversation.

In some circumstances we may anonymise your personal data (so that it can no longer be associated with you) for research or statistical purposes, in which case we may use this data indefinitely without further notice to you.

We may also retain your Personal Data for a longer period than usual in the event of a complaint or if we reasonably believe there is a prospect of litigation in respect to our relationship with you.

In some circumstances you can ask us to delete your data: see clause 8 ‘Your Rights’ below for further information.

7.2. Change of Purpose

We will only use your Personal Data for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose. We will inform you and provide you with an explanation as to how the processing for the new purpose is compatible with the original purpose, where we deem it necessary.

If we need to use your Personal Data for an unrelated purpose, we will notify you and we will explain the legal basis which allows us to do so.

Please note that we may process your personal data without your knowledge or consent, in compliance with the above rules, where this is required or permitted by law.

As the owner of your data (i.e. the “Data Subject”), you have a number of rights in relation to your personal data and below is how you can exercise them:

8.1. Right to access

You may have heard of this right being described as a “Subject Access Request” where you may, at any time, request access to the personal data that we hold which relates to you.

This right entitles you to receive a copy of the personal data that we hold about you in order to enable you to check that it is correct and to ensure that we are processing that personal data lawfully. Please note that it is not a right that allows you to request personal data about other people, or a right to request specific documents from us that do not relate to your personal data.

You can exercise this right at any time by writing to us using our contact page at: nebuli.com/contact and telling us that you are making a Subject Access Request. You do not need to fill in any specific forms to make this kind of request.

8.2. Your right to rectification

You may, at any time, request that we correct personal data that we hold about you which you believe is incorrect or inaccurate. Please note that we may ask you to verify any new data that you provide to us and may take our own steps to check that the new data you have supplied us with is right.

You can exercise this right at any time by writing to us using our contact page at: nebuli.com/contact and telling us that you are making a request to have your personal data rectified and on what basis you are making that request. If you want us to replace inaccurate data with new data, you should tell us what that new data is. You do not need to fill in any specific forms to make this kind of request.

8.3. Your right to erasure

You may have heard of this right being described as the “Right to be Forgotten” where you may, at any time, ask us to erase personal data if you do not believe that we need to continue retaining it.

Please note that we are not always obliged to erase personal data when asked to do so. If for any reason we believe that we have a good legal reason to continue processing personal data that you ask us to erase, we will tell you what that reason is at the time we respond to your request.

You can exercise this right at any time by writing to us using our contact page at: nebuli.com/contact and telling us that you are making a request to have your personal data erased and on what basis you are making that request. You do not need to fill in any specific forms to make this kind of request.

8.4. Your right to restrict processing

Where we process your personal data on the basis of legitimate interests, as described throughout this Privacy Policy explaining how and why we use your information, you are entitled to ask us to stop processing it in that way if you feel that our continuing to do so impacts on your fundamental rights and freedoms or if you feel that those legitimate interests are not valid.

You may also ask us to stop processing your personal data:

1. if you dispute the accuracy of that personal data and want us to verify that data’s accuracy;
2. where it has been established that our use of the data is unlawful but you do not want us to erase it;
3. where we no longer need to process your personal data (and would otherwise dispose of it) but you wish for us to continue storing it in order to enable you to establish, exercise or defend any legal claims.

Please note that if for any reason we believe that we have a good legal reason to continue processing personal data that you ask us to stop processing, we will tell you what that reason is, either at the time we first respond to your request or after we have had the opportunity to consider and investigate it.

You can exercise this right at any time by writing to us using our contact page at: nebuli.com/contact and telling us that you are making a request to have us stop processing the relevant aspect of your personal data and describing which of the above conditions you believe is relevant to that request. You do not need to fill in any specific forms to make this kind of request.

8.5. Your right to portability

This is your right to request that we move, copy or transfer your personal data. If you wish to transfer certain personal data that we hold about you, which is processed by automated means, to a third party you may write to us and ask us to provide it to you in a commonly used machine-readable format.

8.6. Your right to object

This is your right to object to our use of your personal data including where we use it for our legitimate interests. In relation to automated decision making and profiling, you also have the right to be informed about the existence of any automated decision making and profiling of your personal data, and where appropriate, be provided with meaningful information about the logic involved, as well as the significance and the envisaged consequences of such processing that affects you.

8.7. Your right to stop receiving communications

Where we send you e-mail marketing communications or any other regulated electronic messages, you have the right to opt-out at any time. You can do this by using the ‘unsubscribe’ link that appears in the footer of each communication (or the equivalent mechanism in those communications).

Alternatively, if for any reason you cannot use those links, or if you would prefer to contact us directly – you can unsubscribe by writing to us at hi@nebuli.com and telling us which communications you would like us to stop sending you.

8.8. Exercising your rights

To make enquiries, exercise any of your rights set out above, or withdraw your consent to the processing of your data (where consent is our legal basis for processing your data), please contact us via this email address: legal@nebuli.com. When you write to us making a request to exercise your rights we are entitled to ask you to prove that you are who you say you are. We may ask you to provide copies of relevant ID documents to help us to verify your identity.

It will help us to process your request if you clearly state which right you wish to exercise and, where relevant, why it is that you are exercising it. The clearer and more specific you can be, the faster and more efficiently we can deal with your request. If you do not provide us with sufficient information then we may delay actioning your request until you have provided us with additional information (and where this is the case we will tell you).

If you are not satisfied with the way a complaint you make in relation to your data is handled by us, you may be able to refer your complaint to the relevant data protection authority. For the UK, this is the Information Commissioner’s Office (ICO). The ICO’s contact details can be found on their website at https://ico.org.uk/.

Please note that it is important that any personal data that we hold about you is accurate and current. It is your responsibility to keep us informed if your personal data changes during the period for which we hold it.

Please also see our General Terms and Conditions which sets out the terms, disclaimers, and limitations of liability governing your use of Nebuli’s Websites and Services.

You may not transfer any of your rights under this Privacy Policy to any other person. We may transfer our rights under this Privacy Policy where we reasonably believe your rights will not be affected.

If any court or competent authority finds that any provision of this Privacy Policy (or part of any provision) is invalid, illegal or unenforceable, that provision or part-provision will, to the extent required, be deemed to be deleted, and the validity and enforceability of the other provisions of this Privacy Policy will not be affected.

Unless otherwise agreed, no delay, act or omission by a party in exercising any right or remedy will be deemed a waiver of that, or any other, right or remedy.

This Agreement will be governed by and interpreted according to the law of England and Wales. All disputes arising under the Agreement will be subject to the exclusive jurisdiction of the English and Welsh courts.