Effective Date: December 14, 2022

Privacy Policy

Yembo, Inc. (“we,” “our,” or “us”) is committed to respecting the privacy of our users. This Privacy Policy (“Policy”) describes how we collect, use, and disclose personal data that we obtain about visitors to yembo.ai, our platform, and our services (together, “Services”). This Policy does not apply when we are collecting personal data on behalf of our business customers.

If you are an individual seeking moving services (“Shipper”) or you are applying for insurance or making a claim (“Insured”), your use of our Services is subject to our End User Terms of Use .
If you are a moving company providing moving services (“Mover”), your use of our Services is subject to our SaaS Agreement for Moving Companies .
If you are a company providing insurance or underwriting services (“Insurer”) or a company providing insurance claim services (“Claims Adjuster”), your use of our Services is subject to the commercial agreement we have entered into with you.
If you are a resident of the United Kingdom or European Union, please see our Additional Provisions for United Kingdom and European Union Residents . If you are a resident of Canada, please see our Additional Provisions for Canadian Residents .

Personal Data We Collect from You

Personal Data We Collect Directly from You. We collect personal data about you directly from you and from third parties, as well as automatically through your use of our Services.

The personal data we collect from you depends on how you use our Services. Personal data we collect may include:

To respond to inquiries or communications you send to us, we collect contact information, such as your name, e-mail address, mailing address, and phone number.
We collect the personal data you provide us when you fill out a survey, questionnaire, or other type of form you complete through the Services. We also collect your responses to surveys that we may ask you to complete for research purposes or to help direct our activities.
While you are navigating our website or using the Services, we may also collect your search queries or information about your viewing history.
We collect any personal data you choose to e-mail or communicate to us while using the Services.
We collect personal data required to provide the Services, such as details regarding moving services, insurance services, policies and claims, payment information (collected by our third-party payment processors), unique identifiers, such as username and account number, and the identity of the agent, company, or other individual who referred you to the Services.
If you use our Services from a mobile device, that device may send us data about your location based on your phone settings. We will ask you to opt-in before we use GPS or other tools to identify your precise location.

Personal Data We Collect from Shippers and Insureds. As part of the Services, we may also collect additional personal data from Shippers and Insureds, which may include:

If you contact us or our business customers who purchase e-mail syncing or telephony services from us, we collect records and copies of your correspondence.
We may also collect copies of e-mails, text messages, and other correspondence you may exchange with our business customers, or other customer records that our business customers provide to us, such as terms of contracts governing moving services that you purchase from them, or details regarding insurance services, products, claims, or policy estimates.
We may also collect and record personal data from customer service sessions you may engage in with our business customers, such as phone calls, chat messages, and video chat sessions, for quality assurance purposes and to safeguard ourselves against fraudulent claims for damages.
For Shippers, we may also collect personal data you submit when inquiring about, or booking, moving services, including your contact information, originating and terminating addresses, and certain details about your home (e.g., number of bedrooms, items in your home) that you capture when you take videos or still images, and that you provide or upload to us for purposes of generating quotes and information regarding moving services.
For Insureds, we may also collect personal data you submit when inquiring about, purchasing, or making a claim for insurance services, including your contact information, address, unique identifiers, such as username or account number, and certain details about your home (e.g., number of bedrooms, items in your home, damages or risks in your home) that you capture when you take videos or still images, and that you provide or upload to us for purposes of generating policies, making claims, and other information regarding insurance services.

Personal Data We Collect from Business Customers. We provide services to various business customers, including Movers, Insurers, and Claims Adjusters. If you are a business customer, we may collect additional personal data from you, which will depend on how you use the Services. Personal data we may collect may include:

To provide you with the Services, we may collect your name, e-mail address, postal address, telephone number, username, the identity of the agent or other individual who referred you to the Services, details regarding moving services, insurance claims, services and policies, payment information, and details of service contracts that you enter into with your customers.
We may also collect and record personal data from customer service sessions, such as phone calls, chat messages, and video chat sessions, for quality assurance purposes and to safeguard ourselves against fraudulent claims for damages.
If you purchase e-mail syncing services, we collect details regarding your preferred e-mail client, authentication information, and e-mail syncing preferences. If you choose to use our e-mail syncing feature, we collect and store copies of e-mail correspondence you exchange with your customers and prospective customers. We import and store e-mail correspondence when you have created a Shipper record for a customer within the Services.
If you purchase telephony services, we collect your phone number, including a provisioned phone number and personal phone number, call forwarding preferences, SMS messages, and recordings of calls you choose to record for customer service and quality assurance purposes.
We may also collect and record personal data from customer service sessions you may engage in with us, such as phone calls, chat messages, and video chat sessions, for quality assurance purposes and to safeguard ourselves against fraudulent claims for damages.
For Movers, we also collect your customer records, including contact information, move details (including move date, survey date, number of bedrooms, beginning and end destination), videos and photos that Shippers have provided or uploaded to us for purposes of obtaining moving services, shipping estimates, and customer IDs.
For Insurers and Claims Adjusters, we also collect your customer records, including contact information, details (including survey date, number of bedrooms, property address), videos and photos that Insureds have provided or uploaded to us for purposes of obtaining insurance services, policy estimates, and customer IDs.

Personal Data We Collect from Users or Employees of Business Customers. If you are a user or employee of one of our business customers, we may collect your contact information, including your name, company name, job title, e-mail address, and phone numbers.

Personal Data We Collect from Other Entities. When you access the Services, we may collect personal data about you from third-party sources, such as: business customers, service providers, business partners, public and third-party databases, platform providers, non-affiliated partners, other users of our Services, public sources, third-party advertising partners, or from other third parties. Personal data we collect may be combined with other personal data we have collected about you to complete requests or facilitate transactions you have initiated via the Services, or for other purposes. Personal data we may collect about you from third-party sources may include your name, e-mail address, mailing address, phone number, and other contact information.

Personal Data We Collect Automatically. We automatically collect personal data about your use of our Services through cookies, web beacons, and other technologies. To the extent permitted by applicable law, we combine this personal data with other personal data we collect about you, including your personal data. Please see the Our Use of Cookies and Other Tracking Mechanisms section below for more information.

When you use our website, we may collect your browser type and operating system, web pages you view on our website, links you click on our website, and your IP address. We may also collect personal data about the length of time you spent visiting our website and/or using our Services, and the referring URL, or the web pages that led you to our website.‍

How We Use Your Personal Data

Our Uses of Your Personal Data. We use your personal data, including your personal data, for the following purposes:

To communicate with you about your use of our Services, to respond to your inquiries, and for other customer service purposes.
To send you information, including quotes, confirmations, technical notices, updates, security alerts, and support and administrative messages.
To compare and verify information for accuracy and to update our records.
To e-mail, text message, or otherwise contact you with information and updates about, and changes to, the Services.
To tailor the content and information that we may send or display to you, to offer location customization and personalized help and instructions, and to otherwise personalize your experiences while using the Services.
To provide, maintain, and improve our Services. For example, we may use images of furniture that you have sent us to teach our AI and to improve our Services’ ability to identify different types of furniture.
To allow our customers to send you communications, news or updates about their products and services.
To better understand how users access and use our Services, both on an aggregated and individualized basis.
To handle inquiries and complaints you or other users of our Services submit to us.
To improve our Services, or for research and analytics purposes.
To administer surveys and questionnaires, such as for market research or user satisfaction purposes.
To comply with legal obligations, as part of our general business operations, and for other business administration purposes, such as maintaining customer records, monitoring your compliance with any of your agreements with us, collecting debts owed to us, and safeguarding our business interests.
Where we believe necessary to investigate, prevent, or take action regarding illegal activities, suspected fraud, and in situations involving potential threats to the safety of any person or violations of our agreements with you, or this Policy.
To fulfill any other purpose for which you provide the information, or that you otherwise request or consent to.

We may share your personal data as follows:
‍ Our Business Customers. We may disclose your personal data to our business customers to provide the Services.

Vendors, Service Providers, and Other Processors. We may disclose the personal data we collect from you to vendors, service providers, or other processors, such as customer management providers and IT services providers, to help us provide our Services to you, to assist us in analyzing how our Services are used, and to provide other services.

Subsidiaries and Affiliates. We may disclose the personal data we collect from you to our affiliates or subsidiaries as needed to provide the Services to you.
In addition, we may also share your personal data under the following circumstances:
‍
Business Transfers. If we or our affiliates are or may be acquired by, merged with, or invested in by another company, or if any of our assets are or may be transferred to another company, whether as part of a bankruptcy or insolvency proceeding or otherwise, we may transfer the personal data we have collected from you to the other company. As part of the business transfer process, we may share certain of your personal data with lenders, auditors, and third-party advisors, including attorneys and consultants.

In Response to Legal Process. We may disclose your personal data to comply with the law, a judicial proceeding, court order, or other legal process, such as in response to a court order or a subpoena.

To Protect Us and Others. We may disclose your personal data when we believe it is appropriate to do so to investigate, prevent, or take action regarding illegal activities, suspected fraud, situations involving potential threats to the safety of any person, violations of our agreements with you or this Policy, or as evidence in litigation in which we are involved.

Aggregate and De-Identified Personal Data. We may share aggregate or de-identified personal data about users with third parties for marketing, advertising, research, or other purposes.

For residents of Australia, we may disclose your personal data to recipients which are located outside of Australia. Those recipients are likely to be in the United States, Germany, Singapore, and Ireland.

How We Support Our Business Customers

We provide services to business customers who may be considered “businesses” under the California Consumer Privacy Act, as amended by the California Privacy Rights Act (the “CCPA”). While we are not a “business,” as defined by the CCPA, we may at times operate as a service provider. As such, we process or maintain personal data on behalf of our business customers that provide personal data to us in compliance with written contracts that we directly enter into with our business customers. We will only use and disclose personal data we receive from our business customers as reasonably necessary and proportionate to achieve the purpose for which the personal data was collected or processed, or for another purpose that is compatible with the context in which the personal information was collected, as listed under Cal. Civil Code section 1798.140(e)(1) through (e)(8) or as otherwise required by the CCPA.
In general, when we operate as a service provider, we will handle requests directed at our business customers on their behalf, as required under our agreements with them. We assist our business customers with their CCPA compliance obligations by acting on their behalf, according to their instructions.
Please review our business customers’ privacy policies and terms of use agreements to understand how they are using your personal data.

Our Use of Cookies and Other Tracking Mechanisms

We and our third-party service providers use cookies and other tracking mechanisms to track personal data about your use of our Services. We may combine this personal data with other personal data we collect from you (and our third-party service providers may do so on our behalf).

Cookies. Cookies are alphanumeric identifiers that we transfer to your device through your web browser for record-keeping purposes. Some cookies allow us to make it easier for you to navigate our Services, while others are used to enable a faster log-in process or to allow us to track your activities for quality assurance or troubleshooting purposes while using our Services. There are two types of cookies: session and persistent cookies.

Session Cookies. Session cookies exist only during an online session. They disappear from your device when you close your browser or turn off your device. We use session cookies to allow our systems to uniquely identify you during a session or while you are logged into the Services. This allows us to process your online transactions and requests and verify your identity, after you have logged in and as you move through our Services.
Persistent Cookies. Persistent cookies remain on your device after you have closed your browser or turned off your device. We use persistent cookies to track aggregate and statistical information about user activity.

Disabling Cookies. Most web browsers automatically accept cookies, but if you prefer, you can edit your browser options to block them in the future. The Help portion of the toolbar on most browsers will tell you how to prevent your computer from accepting new cookies, how to have the browser notify you when you receive a new cookie, or how to disable cookies altogether. Visitors to our website who disable cookies will be able to browse certain areas of the website, but some features may not function.

Clear GIFs, Pixel Tags and Other Technologies. Clear GIFs are tiny graphics with a unique identifier, similar in function to cookies. In contrast to cookies, which are stored on your device, clear GIFs are embedded invisibly on web and app pages. We may use clear GIFs (a.k.a. web beacons, web bugs, or pixel tags), in connection with our Services to, among other things, track the activities of website visitors, help us manage content, and compile statistics about website usage. We and our third-party service providers also use clear GIFs in HTML e-mails to our customers, to help us track e-mail response rates, identify when our e-mails are viewed, and track whether our e-mails are forwarded.

Third-Party Analytics. We use automated devices and applications to evaluate usage of our website. We also may use other analytic means to evaluate our website. We use these tools to help us improve the performance of our Sites, Services, and user experiences. These entities may use cookies and other tracking technologies, such as web beacons or local storage objects (LSOs), to perform their services.

Do-Not-Track Signals. Please note that our website does not recognize or respond to any signal which your browser might transmit through the so-called “Do Not Track” feature your browser might have. If you wish to disable cookies on our website, you should not rely on any “Do Not Track” feature your browser might have. For more information about do-not-track signals, please click here .

Session Replay Technology. Session replay technologies, such as LogRocket, may be used to collect personal data regarding visitor behavior on the Services. For more information about LogRocket, please see the LogRocket privacy policy available at https://logrocket.com/privacy/.

Ad Networks. We may use network advertisers to serve advertisements on non-affiliated websites or other media (e.g., social networking platforms). This enables us and these network advertisers to target advertisements to you for products and services in which you might be interested. Ad network providers, advertisers, sponsors and/or traffic measurement services may use cookies, JavaScript, pixels, LSOs, and other tracking technologies to measure the effectiveness of their ads and to personalize advertising content to you. These cookies and other technologies are governed by each entity’s specific policy, not this one. We may provide these advertisers with personal data about you.

Users may opt out of many ad networks. For example, you may go to the Digital Advertising Alliance (“DAA”) Consumer Choice Page (and https://youradchoices.ca/en/tools for Canada residents, and https://www.youronlinechoices.com for UK and EU residents) for information about opting out of interest-based advertising. Please be advised that opting out of ad networks will opt you out from certain companies’ delivery of interest-based content or ads to you, but it does not mean you will no longer receive any advertising through our website or on other websites. You may continue to receive advertisements, for example, based on the website you are viewing (i.e., contextually based ads). Additional information is available on the DAA’s website at www.aboutads.info.

Storage of Your Personal Data and Cross-Border Transfers

We use cloud services provided by third-party service providers who may be outside of your country of origin to store the personal data that we collect. This means that your personal data may be transferred to, or stored in, another country and accessible to foreign courts, law enforcement and national security authorities.
You may ‎contact us (as provided in the Contact Us section below) to obtain information ‎about our policies ‎and ‎practices regarding our transfer of personal data across borders, ‎or to ask questions ‎about ‎the collection, use, disclosure, or storage of personal data by us or ‎our foreign service ‎‎providers. ‎

Third-Party Links

Our Services may contain links to third-party websites. Any access to and use of such linked websites is not governed by this Policy, but instead is governed by the privacy policies of those third-party websites. We are not responsible for the personal data practices of such third-party websites.

Security of Your Personal Data

We have implemented reasonable precautions to protect the personal data we collect from loss, misuse, and unauthorized access, disclosure, alteration, and destruction. Please be aware that despite our efforts, no data security measures can guarantee security.
You should take steps to protect against unauthorized access to your password, phone, and computer by, among other things, signing off after using a shared computer, choosing a robust, unique password that nobody else knows or can easily guess, and keeping your log-in and password private. We are not responsible for any lost, stolen, or compromised passwords or for any activity on your account via unauthorized password activity.

Access Your Personal Data

You may access, modify, or request correction of personal data that you have submitted by contacting us using the information in the Contact Us section below. We will respond to your requests to access or correct personal data we hold about you in a reasonable time and will take all reasonable steps to ensure that the personal data we hold about you remains accurate, up to date, and complete.

Your Choices Regarding Our Use of Your Personal Data

We may send periodic promotional e-mails to you. You may opt-out of promotional e-mails by following the opt-out instructions contained in the e-mail. If you opt out of receiving promotional e-mails, we may still send you e-mails about your account or any services you have requested or received from us.

Notice Concerning Children

We do not knowingly collect, use, or disclose personal data from children, except as required by law or regulation. If we learn that we have collected the personal data of a child, we will take steps to delete the personal data as soon as possible. Please immediately contact us if you become aware that a child has provided us with personal data.

Changes to this Policy

This Policy is current as of the Effective Date posted above. We may change this Policy from time to time, so please be sure to check back periodically. We will post any changes to this Policy on our website.

Contact Us

If you have questions about the privacy aspects of our website or Services or would like to make a complaint, please contact us at: privacy@yembo.ai .

Additional Provisions for Canadian Residents

The following section applies to individuals in Canada.
a. Legal Basis for Processing Personal Data

b. Limits on Collection of Personal Data

We will not collect personal data indiscriminately but will limit collection of personal ‎information to that which is reasonable and necessary. We will also collect personal data as ‎authorized by law.‎

c. Limits for Using, Disclosing and Retaining Personal Data

Your Personal Data will only be used or disclosed for the purposes set out above and as ‎authorized by law.‎

We will keep Personal Data used to make a decision affecting you for at least one year after ‎using it to make the decision, except to the extent that you delete or remove that information ‎yourself. ‎
We will destroy, erase or make anonymous documents or other records containing personal ‎information as soon as it is reasonable to assume that the original purpose is no longer being served ‎by retention of the information and retention is no longer necessary for a legal or business purpose.‎
We will take due care when destroying Personal Data so as to prevent unauthorized access ‎to the information.‎

d. Access

Upon written request to our Privacy Officer and authentication of identity, we will provide you ‎‎your Personal Data under our control. We will also give you information about the ways in ‎‎which that information is being used and a description of the individuals and organizations to ‎‎whom that information has been disclosed. We may charge you a reasonable fee for doing so.‎

We will make the information available within a reasonable time and within the timelines established by applicable law.
In some situations, we may not be able to provide access to certain Personal Data (e.g., if ‎‎disclosure would reveal Personal Data about another individual, the Personal Data is ‎‎protected by solicitor/client privilege, the information was collected for the purposes of an ‎‎investigation or where disclosure of the information would reveal confidential commercial ‎‎information that could harm the competitive position of us). We may also be prevented by law ‎‎from providing access to certain Personal Data.‎

Where an access request is refused, we will notify you in writing, document the reasons for refusal ‎‎and outline further steps which are available to you.‎

e. Accuracy

We will make a reasonable effort to ensure that Personal Data we are using or disclosing is ‎accurate and complete. If you demonstrate the inaccuracy or incompleteness of Personal Data, we will amend the ‎information as required. If appropriate, we will send the amended information to third parties to ‎whom the information has been disclosed.‎ When a challenge regarding the accuracy of Personal Data is not resolved to your ‎satisfaction, we will annotate the Personal Data under our control with a note that the ‎correction was requested but not made.‎

f. CASL Policy

We are committed to compliance with Canada’s Anti-Spam Legislation (“CASL”). Any electronic communication we send to outside parties is protected by a range of business procedures, processes and policies to ensure that such communication is done in compliance with CASL. In our electronic communications with outside parties, we comply with the rules established by CASL and enforced by various Canadian authorities including the Canadian Radio-television and Telecommunications Commission. CASL regulates, and our policies generally apply to, each commercial electronic message (a “CEM”) that we send. A CEM is an electronic message sent to an electronic address that, among its purposes, encourages participation in a commercial activity.
In addition to adopting and updating this Policy, we undertake various transparency initiatives to ensure we comply with CASL, which include:

Consent— we do not send you CEMs without your consent. This consent typically must be “express” (expressly acknowledged by you), but in certain circumstances can be “implied”. In other limited circumstances businesses are exempt from consent requirements. We adopted our sign-up, registration and consent forms in order to ensure that your consent is meaningful (i.e. informed and freely given) as required by CASL. When we collect your electronic contact information, you will know the exact purposes behind the collection.
Content— we adopted processes to ensure that our CEMs contain the following requirements prescribed under CASL, which will usually be in the footer of the CEM. We will:
- Identify ourselves as the party sending the CEM, and whether we are sending the message on our own behalf or on behalf of someone else;
- Provide you with our contact information; and
- Set out a clear, working unsubscribe mechanism or preference centre that is easy to use, automatic, and at no cost to you (other than your own cost of connecting to the Internet).
Clarity— we ensured that each aspect of a CEM, including its header, content, or any links or URLs in the CEM) conveys the appropriate information, whether viewed individually or taken as a whole, so that you always know what you are clicking on.

If you receive a CEM from us but believe that you should not have or no longer wish to receive CEMs, we will aim to respect your preferences in a timely manner once you update them through our unsubscribe mechanism. CASL requires us to process unsubscribe requests within 10 business days. If you have any questions or concerns about our unsubscribe options, you may contact us at the address indicated in the Contact Us section of our Policy.

Additional Provisions for United Kingdom and European Union Residents

This section of the Policy aims to give additional information to United Kingdom (“UK”) and European Union (“EU”) residents regarding how we process your Personal Data in order to comply with European laws. The detail set out below, and the specific rights listed, apply only to those in the UK and EU.
It is important that you read this section of the Policy together with the main body of the Policy you so that you are fully aware of how and why we are using your Personal Data. This section of the Policy supplements the other information given and is not intended to override any other part of the Policy.

Data Protection Officer

We have appointed a data protection officer (“DPO”) who is responsible for overseeing questions in relation to this Policy. If you have any questions about this Policy, including any requests to exercise your legal rights, please contact the DPO at dpo@yembo.ai.
You have the right to make a complaint at any time to the relevant data protection regulator in your jurisdiction. Please see below for further details. We would, however, appreciate the chance to deal with your concerns before you approach the relevant regulator, so please contact us in the first instance.

Purposes for Processing and Lawful Bases

As set out in our Policy, we process your Personal Data for a number of different reasons.
We have set out below, in a table format, a description of all the ways we plan to use your Personal Data, and which of the legal bases we rely on to do so. We have also identified what our legitimate interests are where appropriate.
Note that we may process your Personal Data for more than one lawful basis depending on the specific purpose for which we are using your data. Please contact us if you need details about the specific legal ground we are relying on to process your Personal Data where more than one basis has been set out in the table below.

Purpose/Activity	Lawful basis for processing including basis of legitimate interest
Providing Our Services. To provide our Site and Services to you, to communicate with you about your use of the Site and Services, to respond to your inquiries, and for other customer service purposes	(a) Performance of a contract with you (b) Necessary for our legitimate interests (for running our business, to keep our records updated and to study how customers use our products/services)
Changes to terms. To notify you about changes to our terms or this Policy	Necessary to comply with a legal obligation
Improving Our Site, Services & Security. To improve our Site and Services and for other internal business purposes, including detecting security incidents, debugging to identify and repair errors that impair existing functionality	(a) Necessary for our legitimate interests (for running our business, provision of administration and IT services and network security) (b) Necessary to comply with a legal obligation
Protecting Rights & Interests. Where we believe necessary to investigate, to prevent or take action regarding illegal activities, suspected fraud, situations involving potential threats to the safety of any person or violations of our agreements or this Policy	(a) Necessary for our legitimate interests (for network security, to prevent fraud and in the context of a business reorganisation or group restructuring exercise) (b) Necessary to comply with a legal obligation
Tailoring Content. To tailor the content and information that we may send or display to you and to personalize your experiences while using the Website or our Services	Necessary for our legitimate interests (to study how customers use our products/services, to develop them, to grow our business and to inform our marketing strategy)
Research & Analytics. To better understand how users access and use our Site and Services in order to improve our Site and Services and respond to user preferences, to administer surveys, programs and questionnaires, and for other research and analytical purposes	Necessary for our legitimate interests (to define types of customers for our products and services, to keep our website updated and relevant, to develop our business and to inform our marketing strategy)
Marketing & Communications. For marketing, advertising and promotional purposes, for example, we may use your information, such as your e-mail address, to send you news and newsletters, special offers, events, surveys, and promotions, or to otherwise contact you about services or information we think may interest you. We also use the information that we learn about you to assist us in advertising our Services on third-party websites and social media and to assist us in evaluating the success of our advertising campaigns on various platforms	Necessary for our legitimate interests (to develop our products/services and grow our business)
Legal Compliance. To comply with legal obligations, as part of our general business operations, and for other business or administration purposes	(a) Necessary for our legitimate interests (for running our business, provision of administration and IT services and network security) (b) Necessary to comply with a legal obligation
Consent. For other purposes that you consent to from time to time.	Consent

We will only use your Personal Data for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose. If you wish to get an explanation as to how the processing for the new purpose is compatible with the original purpose, please contact us.

If we need to use your Personal Data for an unrelated purpose, we will notify you and we will explain the legal basis which allows us to do so.

Please note that we may process your Personal Data without your knowledge or consent, in compliance with the above rules, where this is required or permitted by law.

Data Subject Rights

Subject to certain exemptions, and in some cases dependent upon the processing activity we are undertaking, you have certain rights in relation to your Personal Data.

Right to Access Personal Data
You have a right to request that we provide you with a copy of your Personal Data that we hold and you have the right to be informed of: (a) the source of your Personal Data; (b) the purposes, legal basis and methods of processing; (c) the data controller’s identity; and (d) the entities or categories of entities to whom your Personal Data may be transferred.

Right to Rectify or Erase Personal Data
You have a right to request that we rectify inaccurate Personal Data. We may seek to verify the accuracy of the Personal Data before rectifying it.

You can also request that we erase your Personal Data in limited circumstances where:

it is no longer needed for the purposes for which it was collected; or
you have withdrawn your consent (where the data processing was based on consent); or
following a successful right to object (see Right to Object to the Processing of your Personal Data ); or
it has been processed unlawfully; or
to comply with a legal obligation to which we are subject.

We are not required to comply with your request to erase Personal Data if the processing of your Personal Data is necessary:

for compliance with a legal obligation; or
for the establishment, exercise or defence of legal claims

Right to Restrict the Processing of your Personal Data
You can ask us to restrict your Personal Data, but only where:

its accuracy is contested, to allow us to verify its accuracy; or
the processing is unlawful, but you do not want it erased; or
it is no longer needed for the purposes for which it was collected, but we still need it to establish, exercise or defend legal claims; or
you have exercised the right to object, and verification of overriding grounds is pending.

We can continue to use your Personal Data following a request for restriction, where:

we have your consent; or
to establish, exercise or defend legal claims; or
to protect the rights of another natural or legal person.

Right to Transfer Your Personal Data
You can ask us to provide your Personal Data to you in a structured, commonly used, machine-readable format, or you can ask to have it transferred directly to another data controller, but in each case only where:

the processing is based on your consent or on the performance of a contract with you; and
the processing is carried out by automated means.

Right to Object to the Processing of your Personal Data
You can object to any processing of your Personal Data which has our legitimate interests as its legal basis, if you believe your fundamental rights and freedoms outweigh our legitimate interests.
If you raise an objection, we have an opportunity to demonstrate that we have compelling legitimate interests which override your rights and freedoms.

Right to Object to How we use your Personal Data for Direct Marketing Purposes
You can request that we change the manner in which we contact you for marketing purposes.
You can request that we not transfer your Personal Data to unaffiliated third parties for the purposes of direct marketing or any other purposes.

Right to Obtain a Copy of Personal Data Safeguards used for Transfers Outside Your Jurisdiction
You can ask to obtain a copy of, or reference to, the safeguards under which your Personal Data is transferred outside of the UK or the European Union.
We may redact data transfer agreements to protect commercial terms.

Right to Lodge a Complaint with your Local Supervisory Authority
You have a right to lodge a complaint with your local supervisory authority if you have concerns about how we are processing your Personal Data.
We ask that you please attempt to resolve any issues with us first, although you have a right to contact your supervisory authority at any time.

International Data Transfers

Your Personal Data may be processed outside your jurisdiction, and in countries that are not subject to an adequacy decision by the European Commission or your local legislature or regulator, and that may not provide for the same level of data protection as your jurisdiction, such as the European Economic Area. We ensure that the recipient of your Personal Data offers an adequate level of protection and security, for instance by entering into the appropriate back-to-back agreements and, if required, standard contractual clauses for the transfer of data as approved by the European Commission (Art. 46 GDPR).

Additional Information and Contact Details

We may ask you for additional information to confirm your identity and for security purposes, before disclosing the Personal Data requested to you. We reserve the right to charge a fee where permitted by law, for instance if your request is manifestly unfounded or excessive.

You can exercise your rights by contacting us using the details listed under the Contact Us section of our Policy, or by contacting our DPO at: dpo@yembo.ai. Subject to legal and other permissible considerations, we will make every reasonable effort to honor your request promptly or inform you if we require further information in order to fulfill your request.

We try to respond to all legitimate requests within a reasonable time and within the timelines established by applicable law. Occasionally it could take us longer than a month if your request is particularly complex or you have made a number of requests. In this case, we will notify you and keep you updated.

We may not always be able to fully address your request, for example if it would impact the duty of confidentiality we owe to others, or if we are legally entitled to deal with the request in a different way.