Effective Date: SEPTEMBER 3, 2021

Privacy Policy

Yembo, Inc. ("Company," "we," "our," or "us") is committed to respecting and protecting the privacy of our users. This Privacy Policy ("Policy"), describes how we collect, use, and disclose information that we obtain about visitors to our website, https://yembo.ai/ (the "Site"), our web-based platform ("Platform") and the services available through our Platform and Site (collectively, the "Services"), and does not apply to any other platforms or services that we own or operate.

At Yembo, we take data privacy seriously. This Policy describes our privacy practices for the activities set out in this Policy. Please read this Policy carefully, as it outlines how we collect, use, share, and otherwise process information that identifies, relates to, describes, is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular individual or household ("Personal Data"). Additionally, this Policy outlines your choices and rights with respect to our processing of your Personal Data.

Your use of our Services, and any dispute over privacy, is subject to this Policy. If you are an individual seeking moving services (a "Shipper"), your use of our Services is subject to our End User Terms of Use, including its applicable limitations on damages and the resolution of disputes. If you are a moving company providing moving services ("Mover"), your use of our Services is subject to our SaaS Agreement for Moving Companies, including its applicable limitations on damages and the resolution of disputes. If you are a company providing insurance underwriting services (“Underwriter”) or a company providing insurance claim services (“Claims Adjuster”), your use of our Services is subject to the commercial agreement we have entered into with you.

If you are a resident of the United Kingdom or European Union, please see our Additional Provisions for United Kingdom and European Union Residents. If you are a resident of Canada, please see our Additional Provisions for Canadian Residents.

‍

Information We Collect from You

‍
Information We Collect Directly from You. We collect information about you directly from you and from third parties, and automatically through your use of our Services.

The information we collect from you depends on how you use our Services. Information we collect may include:

To respond to inquiries or communications you send to us, we collect contact information, such as your name, e-mail address, mailing address, and phone number.
We collect the information you provide us when you fill out a survey, questionnaire, or other type of form you complete through the Services. We also collect your responses to surveys that we may ask you to complete for research purposes or to help direct our activities.
While you are navigating the Site or using the Services, we may also collect your search queries or information about your viewing history.
We collect any information you choose to e-mail or communicate to us while using the Services.
We collect information required to provide the Services, such as details regarding moving services, insurance services, policies and claims, payment information (collected by our third-party payment processors), unique identifiers, such as username and account number, and the identity of the agent, company, or other individual who referred you to the Services.
If you use our Services from a mobile device, that device may send us data about your location based on your phone settings. We will ask you to opt-in before we use GPS or other tools to identify your precise location.
‍

Information We Collect from Shippers and Insureds. As part of the Services, we may also collect additional information from Shippers and Insureds, which may include:

If you contact us or our business customers who purchase e-mail syncing or telephony services from us, we collect records and copies of your correspondence.
We may also collect copies of e-mails, text messages, and other correspondence you may exchange with our business customers, or other customer records that our business customers provide to us, such as terms of contracts governing moving services that you purchase from them, or details regarding insurance services, products, claims, or policy estimates.
We may also collect and record information from customer service sessions you may engage in with our business customers, such as phone calls, chat messages, and video chat sessions, for quality assurance purposes and to safeguard ourselves against fraudulent claims for damages.
For Shippers, we also collect information you submit when inquiring about, or booking, moving services, including your contact information, originating and terminating address and certain details about your home (e.g., number of bedrooms, items in your home) that you capture when you take videos or still images, and that you provide or upload to us for purposes of generating quotes and information regarding moving services.
For Insureds, we also collect information you submit when inquiring about, or purchasing, insurance services, including your contact information, address, unique identifier, such as username or account number, and certain details about your home (e.g., number of bedrooms, items in your home) that you capture when you take videos or still images, and that you provide or upload to us for purposes of generating policies and information regarding insurance services.

‍

Information We Collect from Business Customers. We provide services to various business customers, including Movers, Underwriters, and Claims Adjusters. If you are a business customer, we may collect additional information from you, which will depend on how you use the Services. Information we may collect may include:

‍

To provide you with the Services, we may collect your name, e-mail address, postal address, telephone number, username, the identity of the agent or other individual who referred you to the Services, details regarding moving services, insurance claims, services and policies, payment information, and details of service contracts that you enter into with your customers.
We may also collect and record information from customer service sessions, such as phone calls, chat messages, and video chat sessions, for quality assurance purposes and to safeguard ourselves against fraudulent claims for damages.
If you purchase e-mail syncing services, we collect details regarding your preferred e-mail client, authentication information, and e-mail syncing preferences. If you choose to use our e-mail syncing feature, we collect and store copies of e-mail correspondence you exchange with your customers and prospective customers. We import and store e-mail correspondence when you have created a shipper record for a customer within the Services.
If you purchase telephony services, we collect your phone number, including a provisioned phone number and personal phone number, call forwarding preferences, SMS messages, and recordings of calls you choose to record for customer service and quality assurance purposes.
We may also collect and record information from customer service sessions you may engage in with us, such as phone calls, chat messages, and video chat sessions, for quality assurance purposes and to safeguard ourselves against fraudulent claims for damages.
For Movers, we also collect your customer records, including contact information, move details (including move date, survey date, number of bedrooms, beginning and end destination), videos and photos that Shippers have provided or uploaded to us for purposes of obtaining moving services, shipping estimates, and customer IDs.
For Underwriters and Claims Adjusters, we also collect your customer records, including contact information, details (including survey date, number of bedrooms, property address), videos and photos that Insureds have provided or uploaded to us for purposes of obtaining insurance services, policy estimates, and customer IDs.

Information We Collect from Users or Employees of Business Customers. If you are a user or employee of one of our business customers, we may collect your contact information, including your name, company name, job title, e-mail address, and phone numbers.

Information We Collect from Other Entities. When you access the Services, we may collect information about you from third-party sources, such as: business customers, service providers, business partners, public and third-party databases, platform providers, non-affiliated partners, other users of our Services, public sources, third-party advertising partners, or from other third parties. Information we collect may be combined with other information we have collected about you in order to complete requests you have made or facilitate transactions you have initiated via the Services, or for other purposes. Information we may collect about you from third-party sources may include your name, e-mail address, mailing address, phone number, and other contact information.

Information We Collect Automatically. We automatically collect information about your use of our Services through cookies, web beacons, and other technologies. To the extent permitted by applicable law, we combine this information with other information we collect about you, including your Personal Data. Please see the Our Use of Cookies and Other Tracking Mechanisms section below for more information.

When you use our Site, we may collect your browser type and operating system, web pages you view on the Site, links you click on the Site, and your IP address. We may also collect information about the length of time you spent visiting our Site and/or using our Services, and the referring URL, or the web pages that led you to our Site.‍

‍

How We Use Your Information

‍

Our Uses of Your Personal Data. We use your information, including your Personal Data, for the following purposes:

To provide and maintain our Services.
To communicate with you about your use of our Services, to respond to your inquiries, and for other customer service purposes.
To send you information including quotes, confirmations, technical notices, updates, security alerts, and support and administrative messages.
To compare and verify information for accuracy and to update our records.
To e-mail, text message, or otherwise contact you with information and updates about, and changes to, the Services.
To tailor the content and information that we may send or display to you, to offer location customization and personalized help and instructions, and to otherwise personalize your experiences while using the Services.
To allow our customers to send you communications, news or updates about their products and services.
To better understand how users access and use our Services, both on an aggregated and individualized basis.
To handle inquiries and complaints you or other users of our Services submit to us.
To improve our Service, or for research and analytics purposes.
To administer surveys and questionnaires, such as for market research or user satisfaction purposes.
To comply with legal obligations, as part of our general business operations, and for other business administration purposes, such as maintaining customer records, monitoring your compliance with any of your agreements with us, collecting debts owed to us, and safeguarding our business interests.
Where we believe necessary to investigate, prevent or take action regarding illegal activities, suspected fraud, and in situations involving potential threats to the safety of any person or violations of our agreements with you, or this Policy.
To fulfill any other purpose for which you provide the information, or that you otherwise request or consent to.

You may instruct us to refrain from using your Personal Data in any way that is not required ‎for us to provide the Services to you. We will not refuse you access to any product or service ‎merely because you have advised us to stop using your Personal Data in any way ‎that is not required for the Services.‎ To provide us with instructions, you may contact us via the Contact Us section below.

‍

‍How We Share Your Information‍

‍

We may share your information, including Personal Data, as follows:

‍

Our Business Customers. We may disclose your information to our business customers for purposes of providing the Services.

Vendors, Service Providers, and Other Processors. We may disclose the information we collect from you to vendors, service providers, or other processors, such as customer management providers and IT services providers, to help us provide our Services to you, to assist us in analyzing how our Services are used, and to provide other services.

Subsidiaries and Affiliates. We may disclose the information we collect from you to our affiliates or subsidiaries as needed to provide the Services to you.

Other Third Parties. We may also disclose the information we collect from you to other third parties we use to support our business.

‍

In addition, we may also share your Personal Data under the following circumstances:

‍

Business Transfers. If we or our affiliates are or may be acquired by, merged with, or invested in by another company, or if any of our assets are or may be transferred to another company, whether as part of a bankruptcy or insolvency proceeding or otherwise, we may transfer the information we have collected from you to the other company. As part of the business transfer process, we may share certain of your Personal Data with lenders, auditors, and third-party advisors, including attorneys and consultants.

In Response to Legal Process. We disclose your information to comply with the law, a judicial proceeding, court order, or other legal process, such as in response to a court order or a subpoena.

To Protect Us and Others. We disclose your information when we believe it is appropriate to do so to investigate, prevent, or take action regarding illegal activities, suspected fraud, situations involving potential threats to the safety of any person, violations of our agreements with you or this Policy, or as evidence in litigation in which we are involved.

Aggregate and De-Identified Information. We share aggregate or de-identified information about users with third parties for marketing, advertising, research, or other purposes.

For residents of Australia, we may disclose your Personal Data to recipients which are located outside of Australia. Those recipients are likely to be located in the United States, Germany, Singapore, and Ireland.

Our Role as a Service Provider Under the CCPA

When we operate as a service provider under the California Consumer Privacy Act (“CCPA”), we process or maintain Personal Data on behalf of our business customers that provide Personal Data to us in compliance with written contracts that we enter into with our business customers directly. In accordance with the CCPA, we will only use and disclose Personal Data we receive from our business customers as necessary to provide the Services to our business customers, to retain or employ another service provider where that service provider meets the requirements of a service provider under the CCPA, for our internal use to build and improve the quality of our Services as permitted under the CCPA, to detect security incidents or protect against fraudulent or illegal activity, and for the purposes enumerated under CCPA Civil Code section 1798.145(a)(1) through (a)(4) or as otherwise required by the CCPA.

‍

In general, when we operate as a service provider, we will handle requests on behalf of our business customers as they require under our agreement, which allows us to comply with the CCPA by acting on their behalf according to their instructions or by responding to a consumer that the request cannot be acted upon because the request has been sent to a service provider.

Our Use of Cookies and Other Tracking Mechanisms

We and our third-party service providers use cookies and other tracking mechanisms to track information about your use of our Services. We may combine this information with other Personal Data we collect from you (and our third-party service providers may do so on our behalf).

Cookies. Cookies are alphanumeric identifiers that we transfer to your device through your web browser for record-keeping purposes. Some cookies allow us to make it easier for you to navigate our Services, while others are used to enable a faster log in process or to allow us to track your activities for quality assurance or troubleshooting purposes while using our Services. There are two types of cookies: session and persistent cookies.

Session Cookies. Session cookies exist only during an online session. They disappear from your device when you close your browser or turn off your device. We use session cookies to allow our systems to uniquely identify you during a session or while you are logged into the Services. This allows us to process your online transactions and requests and verify your identity, after you have logged in and as you move through our Services.

Persistent Cookies. Persistent cookies remain on your device after you have closed your browser or turned off your device. We use persistent cookies to track aggregate and statistical information about user activity.

Disabling Cookies. Most web browsers automatically accept cookies, but if you prefer, you can edit your browser options to block them in the future. The Help portion of the toolbar on most browsers will tell you how to prevent your computer from accepting new cookies, how to have the browser notify you when you receive a new cookie, or how to disable cookies altogether. Visitors to our Site who disable cookies will be able to browse certain areas of the Site, but some features may not function.

Clear GIFs, Pixel Tags and Other Technologies. Clear GIFs are tiny graphics with a unique identifier, similar in function to cookies. In contrast to cookies, which are stored on your device, clear GIFs are embedded invisibly on web and app pages. We may use clear GIFs (a.k.a. web beacons, web bugs or pixel tags), in connection with our Services to, among other things, track the activities of Site visitors, help us manage content, and compile statistics about Site usage. We and our third-party service providers also use clear GIFs in HTML e-mails to our customers, to help us track e-mail response rates, identify when our e-mails are viewed, and track whether our e-mails are forwarded.

Third Party Analytics. We use automated devices and applications, such as Google Analytics, to evaluate usage of our Site. We also may use other analytic means to evaluate our Site. We use these tools to help us improve the performance of our Sites, Services, and user experiences. These entities may use cookies and other tracking technologies, such as web beacons or local storage objects (LSOs), to perform their services. To learn more about Google's privacy practices, please review the Google Policy at https://www.google.com/policies/privacy/. You can also download the Google Analytics Opt-out Browser Add-on to prevent their data from being used by Google Analytics at https://tools.google.com/dlpage/gaoptout.

Cross-Device Use. We and our third party service providers, including Google, may use the information that we collect about you (whether directly from our Site, through your device(s), or from a third party) to help us and our third party service providers identify other devices that you use (e.g., a mobile phone, tablet, other computer, etc.). We and our third-party service providers also may use the cross-device use and other information we learn about you to serve targeted advertising on your devices and to send you e-mails. To opt-out of cross-device advertising, you may follow the instructions set forth in the Third-Party Ad Networks section below. Please note: if you opt-out of these targeted advertising cookies, your opt-out may be specific to the web browser, app, or device from which you accessed the opt-out. If you use multiple devices or web browsers, you may need to opt-out from each browser or device that you use.

Do-Not-Track Signals. Please note that our Site does not recognize or respond to any signal which your browser might transmit through the so-called "Do Not Track" feature your browser might have. If you wish to disable cookies on our Site, you should not rely on any "Do Not Track" feature your browser might have. For more information about do-not-track signals, please click here.

Session Replay Technology. Session replay technologies, such as LogRocket, may be used to collect information regarding visitor behavior on the Services. For more information about LogRocket, please see the LogRocket Policy available at https://logrocket.com/privacy/. You can opt out of LogRocket's collection and processing of data generated by your use of the Services by contacting LogRocket.

Ad Networks. We may use network advertisers to serve advertisements on non-affiliated websites or other media (e.g., social networking platforms). This enables us and these network advertisers to target advertisements to you for products and services in which you might be interested. Ad network providers, advertisers, sponsors and/or traffic measurement services may use cookies, JavaScript, pixels, LSOs and other tracking technologies to measure the effectiveness of their ads and to personalize advertising content to you. These cookies and other technologies are governed by each entity's specific Policy, not this one. We may provide these advertisers with information, including Personal Data, about you.

Users may opt out of many ad networks. For example, you may go to the Digital Advertising Alliance ("DAA") Consumer Choice Page (and https://youradchoices.ca/en/tools for Canada residents, and https://www.youronlinechoices.com for UK and EU residents) for information about opting out of interest-based advertising. Please be advised that opting out of ad networks will opt you out from certain companies' delivery of interest-based content or ads to you, but it does not mean you will no longer receive any advertising through our Site or on other websites. You may continue to receive advertisements, for example, based on the particular website that you are viewing (i.e., contextually based ads). Additional information is available on the DAA's website at www.aboutads.info.

Storage of Your Personal Data and Cross-Border Transfers

We use cloud services provided by third-party service providers who may be outside of your country of origin to store the Personal Data that we collect. This means that your information may be transferred to, or stored in, another country and accessible to foreign courts, law enforcement and national security authorities.

You may ‎contact us (as provided in the Contact Us section below) to obtain information ‎about our policies ‎and ‎practices regarding our transfer of Personal Data across borders, ‎or to ask questions ‎about ‎the collection, use, disclosure or storage of Personal Data by us or ‎our foreign service ‎‎providers. ‎

Third-Party Links

Our Site and Services may contain links to third-party websites. Any access to and use of such linked websites is not governed by this Policy, but instead is governed by the privacy policies of those third-party websites. We are not responsible for the information practices of such third-party websites.

Security of Your Personal Data

We have implemented reasonable precautions to protect the information we collect from loss, misuse, and unauthorized access, disclosure, alteration, and destruction. Please be aware that despite our efforts, no data security measures can guarantee security.

You should take steps to protect against unauthorized access to your password, phone, and computer by, among other things, signing off after using a shared computer, choosing a robust, unique password that nobody else knows or can easily guess, and keeping your log-in and password private. We are not responsible for any lost, stolen, or compromised passwords or for any activity on your account via unauthorized password activity.

Access Your Personal Data

You may access, modify, or request correction of Personal Data that you have submitted by contacting us using the information in the Contact Us section below. We will respond to your requests to access or correct Personal Data we hold about you in a reasonable time and will take all reasonable steps to ensure that the Personal Data we hold about you remains accurate, up to date, and complete.

Your Choices Regarding Our Use of Your Personal Data

We may send periodic promotional e-mails to you. You may opt-out of promotional e-mails by following the opt-out instructions contained in the e-mail. If you opt-out of receiving promotional e-mails, we may still send you e-mails about your account or any services you have requested or received from us.

Notice Concerning Children

We do not knowingly collect, use, or disclose information from children under 18, except as required by law or regulation. If we learn that we have collected the Personal Data of a child under 18, we will take steps to delete the information as soon as possible. Please immediately contact us if you become aware that a child has provided us with Personal Data.

Changes to this Policy

This Policy is current as of the Effective Date set forth above. We may change this Policy from time to time, so please be sure to check back periodically. We will post any changes to this Policy on our Site.

Contact Us

If you have questions about the privacy aspects of our Site or Services or would like to make a complaint, please contact us at: privacy@yembo.ai

If you are not satisfied with our response to your question or concern, you may be able to file a complaint under applicable privacy laws. We will provide you with the contact information to do so if requested. We strive to offer an accessible and simple complaint procedure. We will promptly investigate all complaints received, and if a complaint is justified, we will take the necessary steps to resolve the issue in question.

Additional Provisions for Canadian Residents

The following section applies to individuals in Canada.

a. Legal Basis for Processing Personal Data

i. Consent

We will process your Personal Data only with your knowledge and consent, except where exempted, required or permitted by applicable laws. The form of consent may vary depending on the circumstances and the type of information being requested.

Your consent may be express with clear options to say "yes" or "no", such as by being asked to check a box to indicate your consent, or implied, such as when you provide us with your address through a form or e-mail seeking information and we use those means to respond to your request. Your consent can also be provided by your authorized representative. Taking into account the sensitivity of your Personal Data, purposes of collection, and your reasonable expectations, we will obtain the form of consent that is appropriate to the Personal Data being processed. By using our Services, or otherwise by choosing to provide us with your Personal Data, you acknowledge and consent to the processing of your Personal Data in accordance with this Policy and as may be further identified when the Personal Data is collected. When we process your Personal Data for a new purpose, we will document that new purpose and ask for your consent again.

By using our Service, or otherwise by choosing to provide us with your Personal Data, you acknowledge and consent to the processing of your Personal Data in accordance with this Policy and as may be further identified when the Personal Data is collected.

You may refuse to provide consent or may notify us at any time that you wish to withdraw or change your consent to the processing of your Personal Data without penalty, subject to legal or contractual restrictions and reasonable notice by (i) changing your privacy preferences through the Services, (ii) deleting your account with the Services and stopping use of the Services, (iii) opting out of the use of your Personal Data by contacting us using the information in the Contact Us section of our Policy. However, if you withdraw or change your consent, we may not be able to provide you with the Service.

ii. Other Legal Bases

Aside from consent, we may also process your Personal Data under other legal bases, as permitted by applicable law.

b. Limits on Collection of Personal Data

We will not collect personal data indiscriminately but will limit collection of personal ‎information to that which is reasonable and necessary. We will also collect personal data as ‎authorized by law.‎

c. Limits for Using, Disclosing and Retaining Personal Data

Your Personal Data will only be used or disclosed for the purposes set out above and as ‎authorized by law.‎

We will keep Personal Data used to make a decision affecting you for at least one year after ‎using it to make the decision, except to the extent that you delete or remove that information ‎yourself. ‎

We will destroy, erase or make anonymous documents or other records containing personal ‎information as soon as it is reasonable to assume that the original purpose is no longer being served ‎by retention of the information and retention is no longer necessary for a legal or business purpose.‎

We will take due care when destroying Personal Data so as to prevent unauthorized access ‎to the information.‎

d. Access

Upon written request to our Privacy Officer and authentication of identity, we will provide you ‎‎your Personal Data under our control. We will also give you information about the ways in ‎‎which that information is being used and a description of the individuals and organizations to ‎‎whom that information has been disclosed. We may charge you a reasonable fee for doing so.‎

We will make the information available within a reasonable time and within the timelines established by applicable law.

In some situations, we may not be able to provide access to certain Personal Data (e.g., if ‎‎disclosure would reveal Personal Data about another individual, the Personal Data is ‎‎protected by solicitor/client privilege, the information was collected for the purposes of an ‎‎investigation or where disclosure of the information would reveal confidential commercial ‎‎information that could harm the competitive position of us). We may also be prevented by law ‎‎from providing access to certain Personal Data.‎

Where an access request is refused, we will notify you in writing, document the reasons for refusal ‎‎and outline further steps which are available to you.‎

e. Accuracy

We will make a reasonable effort to ensure that Personal Data we are using or disclosing is ‎accurate and complete. If you demonstrate the inaccuracy or incompleteness of Personal Data, we will amend the ‎information as required. If appropriate, we will send the amended information to third parties to ‎whom the information has been disclosed.‎ When a challenge regarding the accuracy of Personal Data is not resolved to your ‎satisfaction, we will annotate the Personal Data under our control with a note that the ‎correction was requested but not made.‎

f. CASL Policy

We are committed to compliance with Canada's Anti-Spam Legislation ("CASL"). Any electronic communication we send to outside parties is protected by a range of business procedures, processes and policies to ensure that such communication is done in compliance with CASL. In our electronic communications with outside parties, we comply with the rules established by CASL and enforced by various Canadian authorities including the Canadian Radio-television and Telecommunications Commission. CASL regulates, and our policies generally apply to, each commercial electronic message (a "CEM") that we send. A CEM is an electronic message sent to an electronic address that, among its purposes, encourages participation in a commercial activity.

In addition to adopting and updating this Policy, we undertake various transparency initiatives to ensure we comply with CASL, which include:

Consent— we do not send you CEMs without your consent. This consent typically must be "express" (expressly acknowledged by you), but in certain circumstances can be "implied". In other limited circumstances businesses are exempt from consent requirements. We adopted our sign-up, registration and consent forms in order to ensure that your consent is meaningful (i.e. informed and freely given) as required by CASL. When we collect your electronic contact information, you will know the exact purposes behind the collection.
Content— we adopted processes to ensure that our CEMs contain the following requirements prescribed under CASL, which will usually be in the footer of the CEM. We will:
Identify ourselves as the party sending the CEM, and whether we are sending the message on our own behalf or on behalf of someone else;
Provide you with our contact information; and
Set out a clear, working unsubscribe mechanism or preference centre that is easy to use, automatic, and at no cost to you (other than your own cost of connecting to the Internet).
Clarity— we ensured that each aspect of a CEM, including its header, content, or any links or URLs in the CEM) conveys the appropriate information, whether viewed individually or taken as a whole, so that you always know what you are clicking on.

If you receive a CEM from us but believe that you should not have or no longer wish to receive CEMs, we will aim to respect your preferences in a timely manner once you update them through our unsubscribe mechanism. CASL requires us to process unsubscribe requests within 10 business days. If you have any questions or concerns about our unsubscribe options, you may contact us at the address indicated in the Contact Us section of our Policy.

Additional Provisions for United Kingdom and European Union Residents

This section of the Policy aims to give additional information to United Kingdom ("UK") and European Union ("EU") residents regarding how we process your Personal Data in order to comply with European laws. The detail set out below, and the specific rights listed, apply only to those in the UK and EU.

It is important that you read this section of the Policy together with the main body of the Policy you so that you are fully aware of how and why we are using your Personal Data. This section of the Policy supplements the other information given and is not intended to override any other part of the Policy.

‍

Data Protection Officer

‍

We have appointed a data protection officer ("DPO") who is responsible for overseeing questions in relation to this Policy. If you have any questions about this Policy, including any requests to exercise your legal rights, please contact the DPO at dpo@yembo.ai.

You have the right to make a complaint at any time to the relevant data protection regulator in your jurisdiction. Please see below for further details. We would, however, appreciate the chance to deal with your concerns before you approach the relevant regulator, so please contact us in the first instance.

‍

Purposes for Processing and Lawful Bases

‍

As set out in our Policy, we process your Personal Data for a number of different reasons.

We have set out below, in a table format, a description of all the ways we plan to use your Personal Data, and which of the legal bases we rely on to do so. We have also identified what our legitimate interests are where appropriate.

Note that we may process your Personal Data for more than one lawful basis depending on the specific purpose for which we are using your data. Please contact us if you need details about the specific legal ground we are relying on to process your Personal Data where more than one basis has been set out in the table below.

‍

Purpose/Activity

Lawful basis for processing including basis
of legitimate interest

Providing Our Services. To provide our Site and Services to you, to communicate with you about your use of the Site and Services, to respond to your inquiries, and for other customer service purposes

(a) Performance of a contract with you
(b) Necessary for our legitimate interests (for running our business, to keep our records updated and to study how customers use our products/services)

Changes to terms. To notify you about changes to our terms or this Policy

Necessary to comply with a legal obligation

Improving Our Site, Services & Security. To improve our Site and Services and for other internal business purposes, including detecting security incidents, debugging to identify and repair errors that impair existing functionality

(a) Necessary for our legitimate interests (for running our business, provision of administration and IT services and network security)
(b) Necessary to comply with a legal obligation

Tailoring Content. To tailor the content and information that we may send or display to you and to personalize your experiences while using the Website or our Services

Necessary for our legitimate interests (to study how customers use our products/services, to develop them, to grow our business and to inform our marketing strategy)

Research & Analytics. To better understand how users access and use our Site and Services in order to improve our Site and Services and respond to user preferences, to administer surveys, programs and questionnaires, and for other research and analytical purposes

Necessary for our legitimate interests (to define types of customers for our products and services, to keep our website updated and relevant, to develop our business and to inform our marketing strategy)

Marketing & Communications. For marketing, advertising and promotional purposes, for example, we may use your information, such as your e-mail address, to send you news and newsletters, special offers, events, surveys, and promotions, or to otherwise contact you about services or information we think may interest you. We also use the information that we learn about you to assist us in advertising our Services on third-party websites and social media and to assist us in evaluating the success of our advertising campaigns on various platforms

Necessary for our legitimate interests (to develop our products/services and grow our business)

Legal Compliance. To comply with legal obligations, as part of our general business operations, and for other business or administration purposes

(a) Necessary for our legitimate interests (for running our business, provision of administration and IT services and network security)
(b) Necessary to comply with a legal obligation

Consent. For other purposes that you consent to from time to time.

Consent

We will only use your Personal Data for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose. If you wish to get an explanation as to how the processing for the new purpose is compatible with the original purpose, please contact us.

If we need to use your Personal Data for an unrelated purpose, we will notify you and we will explain the legal basis which allows us to do so.

Please note that we may process your Personal Data without your knowledge or consent, in compliance with the above rules, where this is required or permitted by law.

‍

Data Subject Rights

‍

Subject to certain exemptions, and in some cases dependent upon the processing activity we are undertaking, you have certain rights in relation to your Personal Data.

Right to Access Personal Data

You have a right to request that we provide you with a copy of your Personal Data that we hold and you have the right to be informed of: (a) the source of your Personal Data; (b) the purposes, legal basis and methods of processing; (c) the data controller's identity; and (d) the entities or categories of entities to whom your Personal Data may be transferred.

Right to Rectify or Erase Personal Data

You have a right to request that we rectify inaccurate Personal Data. We may seek to verify the accuracy of the Personal Data before rectifying it.

You can also request that we erase your Personal Data in limited circumstances where:

it is no longer needed for the purposes for which it was collected; or
you have withdrawn your consent (where the data processing was based on consent); or
following a successful right to object (see Right to Object to the Processing of your Personal Data); or
it has been processed unlawfully; or
to comply with a legal obligation to which we are subject.

We are not required to comply with your request to erase Personal Data if the processing of your Personal Data is necessary:

for compliance with a legal obligation; or
for the establishment, exercise or defence of legal claims

Right to Restrict the Processing of your Personal Data

You can ask us to restrict your Personal Data, but only where:

its accuracy is contested, to allow us to verify its accuracy; or
the processing is unlawful, but you do not want it erased; or
it is no longer needed for the purposes for which it was collected, but we still need it to establish, exercise or defend legal claims; or
you have exercised the right to object, and verification of overriding grounds is pending.

We can continue to use your Personal Data following a request for restriction, where:

we have your consent; or
to establish, exercise or defend legal claims; or
to protect the rights of another natural or legal person.

Right to Transfer Your Personal Data

You can ask us to provide your Personal Data to you in a structured, commonly used, machine-readable format, or you can ask to have it transferred directly to another data controller, but in each case only where:

the processing is based on your consent or on the performance of a contract with you; and
the processing is carried out by automated means.

Right to Object to the Processing of your Personal Data

You can object to any processing of your Personal Data which has our legitimate interests as its legal basis, if you believe your fundamental rights and freedoms outweigh our legitimate interests.

If you raise an objection, we have an opportunity to demonstrate that we have compelling legitimate interests which override your rights and freedoms.

Right to Object to How we use your Personal Data for Direct Marketing Purposes

You can request that we change the manner in which we contact you for marketing purposes.

You can request that we not transfer your Personal Data to unaffiliated third parties for the purposes of direct marketing or any other purposes.

Right to Obtain a Copy of Personal Data Safeguards used for Transfers Outside Your Jurisdiction

You can ask to obtain a copy of, or reference to, the safeguards under which your Personal Data is transferred outside of the UK or the European Union.

We may redact data transfer agreements to protect commercial terms.

Right to Lodge a Complaint with your Local Supervisory Authority

You have a right to lodge a complaint with your local supervisory authority if you have concerns about how we are processing your Personal Data.

We ask that you please attempt to resolve any issues with us first, although you have a right to contact your supervisory authority at any time.

International Data Transfers

Your Personal Data may be processed outside your jurisdiction, and in countries that are not subject to an adequacy decision by the European Commission or your local legislature or regulator, and that may not provide for the same level of data protection as your jurisdiction, such as the European Economic Area. We ensure that the recipient of your Personal Data offers an adequate level of protection and security, for instance by entering into the appropriate back-to-back agreements and, if required, standard contractual clauses for the transfer of data as approved by the European Commission (Art. 46 GDPR).

Additional Information and Contact Details

We may ask you for additional information to confirm your identity and for security purposes, before disclosing the Personal Data requested to you. We reserve the right to charge a fee where permitted by law, for instance if your request is manifestly unfounded or excessive.

You can exercise your rights by contacting us using the details listed under the Contact Us section of our Policy, or by contacting our DPO at: dpo@yembo.ai. Subject to legal and other permissible considerations, we will make every reasonable effort to honor your request promptly or inform you if we require further information in order to fulfill your request.

We try to respond to all legitimate requests within a reasonable time and within the timelines established by applicable law. Occasionally it could take us longer than a month if your request is particularly complex or you have made a number of requests. In this case, we will notify you and keep you updated.

We may not always be able to fully address your request, for example if it would impact the duty of confidentiality we owe to others, or if we are legally entitled to deal with the request in a different way.