Privacy Policy

1. Data controller

The controller of your personal data is:

Aizen Limited (hereinafter "Aizen", "we" or "the company") is registered in Ireland and operates under Irish and European data protection law. For specific questions about your personal data, you can write to [email protected] with "Data Protection" in the subject line.

2. Data we collect

We only collect personal data necessary to provide our services, maintain the contractual relationship or comply with legal obligations. The data is grouped into the following categories:

2.1. Data you provide directly

• Identification and contact data: name, surname, role, company, email address, phone.
• Professional data: industry sector, company size, functional area, information about the processes you wish to automate.
• Communication data: content of messages, forms and communications you exchange with us.
• Billing data: in case of contract, fiscal and banking information necessary to issue invoices and process payments.

2.2. Data collected automatically

• Browsing data: IP address, browser type and device, operating system, pages visited, time spent, source page.
• Cookies and similar technologies: as detailed in our Cookie Policy.

2.3. Data during service delivery

In the context of contracted automation projects, we may access data the client decides to share with us to design and implement solutions. Such data is processed as data processors, under the client's instructions and according to the service agreement and, where applicable, the corresponding Data Processing Agreement (DPA).

3. Purposes and legal basis for processing

We process your personal data for the following purposes, each backed by a specific legal basis under Article 6 GDPR:

3.1. Responding to inquiries and commercial information

Purpose: respond to your information requests, manage your free diagnosis request and send you information about our services.

Legal basis: your explicit consent, or pre-contractual measures taken at your request (Art. 6.1.a and 6.1.b GDPR).

3.2. Service contract performance

Purpose: provide the contracted services of diagnosis, automation, AI integration and support.

Legal basis: performance of a contract to which you are party (Art. 6.1.b GDPR).

3.3. Compliance with legal obligations

Purpose: comply with tax, accounting, commercial and audit obligations applicable to Aizen Limited.

Legal basis: legal obligation applicable to the controller (Art. 6.1.c GDPR).

3.4. Commercial communications

Purpose: sending newsletters, case studies, invitations to webinars or professional events.

Legal basis: your consent, which you can revoke at any time, or the legitimate interest in maintaining a relationship with existing clients within the framework of Article 13 of Statutory Instrument 336/2011 (Irish ePrivacy Regulations).

3.5. Service improvement and analytics

Purpose: analyze the use of the website and improve the visitor experience.

Legal basis: our legitimate interest in improving our services, properly weighed against your rights (Art. 6.1.f GDPR).

4. Retention periods

We retain your personal data only for the time necessary for the purposes for which they were collected, and subsequently during the applicable legal periods:

• Commercial inquiry data not converted to client: up to 24 months from last contact, or until you request deletion.
• Client data: throughout the contractual relationship and subsequently during the periods required by Irish tax, commercial and accounting regulations (minimum 6 years from end of relationship).
• Accounting and tax data: 7 years pursuant to Section 886 of the Taxes Consolidation Act 1997 of Ireland.
• Commercial communications: until you withdraw your consent.

Once the applicable periods have elapsed, the data will be deleted or irreversibly anonymized.

5. Recipients and data processors

Your data is not sold or transferred to third parties for purposes other than those described. We only share information with the following categories of recipients:

• Technology providers (data processors): hosting, email, web analytics, CRM, payment processing and productivity tools. All bound by contracts ensuring GDPR compliance.
• Aizen Cybersecurity and other Aizen group entities, only when necessary for service delivery or to ensure information security.
• External advisors: lawyers, auditors and tax consultants, subject to confidentiality.
• Competent authorities: when there is a legal obligation or judicial decision requiring it.

6. International data transfers

Some of our technology providers may be located outside the European Economic Area (EEA). In those cases, we ensure that transfers are made with appropriate guarantees under Chapter V of GDPR, including:

• European Commission adequacy decisions (e.g., EU-US Data Privacy Framework for certified US providers).
• Standard Contractual Clauses approved by the European Commission.
• Additional technical and organizational measures when necessary.

You may request a copy of the applied safeguards by writing to [email protected].

7. Your rights

As a data subject, you have the following rights recognized by GDPR and the Data Protection Act 2018:

• Right of access: obtain confirmation of whether we process your data and access it.
• Right to rectification: request correction of inaccurate or incomplete data.
• Right to erasure ("right to be forgotten"): request deletion of your data when no longer necessary or when you withdraw consent.
• Right to restrict processing: request that we limit the use of your data in certain circumstances.
• Right to data portability: receive your data in structured, commonly used and machine-readable format.
• Right to object: object to processing based on legitimate interest or for direct marketing purposes.
• Right not to be subject to automated decisions: including profiling that produces significant legal effects.
• Right to withdraw consent: at any time, without affecting the lawfulness of prior processing.

To exercise any of these rights, write to [email protected] indicating the right you wish to exercise and attaching a copy of an identification document. We will respond within a maximum of one month (extendable to two additional months in complex cases).

8. Security measures

Aizen Limited is part of the Aizen group, specialized in cybersecurity for governments and critical organizations. We apply appropriate technical and organizational measures to ensure a level of security appropriate to the risk, including:

• Encryption of data in transit (TLS 1.3) and at rest (AES-256).
• Role-based access controls (RBAC) and multi-factor authentication.
• Network and environment segmentation.
• Periodic security audits and penetration tests.
• Traceability and activity logging on sensitive data.
• Continuous training of the team on data protection and security.
• Compliance with ISO 27001 standards and NIS2 requirements.

9. Minors

Our services are aimed at professionals and companies. We do not intentionally collect personal data from minors under 16. If we become aware that we have received data from a minor without proper authorization, we will delete it immediately.

10. Changes to this policy

We may update this Privacy Policy to reflect changes in our practices, applicable legislation or our services. When changes are substantial, we will notify affected users through the usual means (email, website notice). The "Last updated" date at the top indicates when it was last modified.

11. How to contact us

For any questions related to this policy or the processing of your personal data, you can contact us through: