Legal:

Research Participant Privacy Policy

Last amended: 19 June 2025

We recognize the importance of protecting personal data and are committed to ensuring its security and responsible processing. This Privacy Policy explains how Sensemitter Services Limited ("Company," "we," "us," or "our"), in its capacity as a Data controller, collects, processes, and protects the personal data of Participants of our content and/or user experience and perception research, surveys, interviews, studies, or similar activities, which underpins the insights and deliverables we provide to our customers (collectively, “Research”).

This Policy applies to all Participants - individuals of legal age (as defined by the laws of their jurisdiction) who have been invited and/or approved by us to take part in Research (“Participant”, "you," "your"). Please read this Policy carefully to understand our privacy practices and your rights under applicable Data Protection Laws.

This Privacy Policy is available only in English, and all communications regarding data privacy and your rights will be conducted in English, unless otherwise required by mandatory laws in your jurisdiction.

BY PARTICIPATING IN RESEARCH YOU ACKNOWLEDGE THAT YOU HAVE READ, UNDERSTOOD, AND AGREED TO THE PROCESSING OF YOUR PERSONAL INFORMATION AS OUTLINED IN THIS POLICY.

BY PARTICIPATING IN RESEARCH YOU CONSENT TO THE USE OF AI-BASED TOOLS TO ANALYSE YOUR EMOTIONAL REACTIONS DURING THE RESEARCH SESSION. YOU UNDERSTAND THAT THIS ANALYSIS IS AUTOMATED AND MAY INCLUDE THE INTERPRETATION OF YOUR OBSERVABLE BEHAVIOURAL CUES AS FURTHER DETAILED IN SECTION 5 BELOW. IF YOU DO NOT WISH FOR YOUR DATA TO BE USED TO TRAIN, IMPROVE, OR ENHANCE OUR AI SYSTEMS BEYOND THE SPECIFIC RESEARCH STUDY IN WHICH YOU ARE PARTICIPATING, YOU MAY OPT OUT OF SUCH USE, AS EXPLAINED IN SECTION 5.

What categories of personal information we collect and why

We are a research and marketing technology company. We specialize in designing and conducting innovative research into user perception, behavior, and emotional response to digital content. Our research findings form the basis of the services and analytics we provide to our clients (“Services”), and also support the continuous development and improvement of our proprietary research Platform (as defined in our Terms of Service). In the course of our research activities, we collect and process your personal data for two main purposes:

to establish and perform our agreement with you, including sending you invitations to participate in Researches, managing your participation, and providing you with relevant information or compensation where applicable;
to conduct our Researches; and
to develop, test, and improve our Platform, including the functionality of our proprietary AI algorithms (as further explained in Section 5 below), unless you have opted out of this use.

The categories of personal data we collect vary depending on the nature of each Research study and our interaction with you, and may include:

Personal data you provide directly

This includes personal data you voluntarily provide when and/or after you accept our invitation to participate in a Research, sign an agreement to participate in a Research, communicate with us through recruitment platforms such as Prolific (www.prolific.com), User Interviews (www.userinterviews.com), Cint (www.cint.com), or any other platforms used for research participant recruitment ("Recruitment Platforms"), or when you contact us directly outside of the Recruitment Platforms — for example, by email, phone, messaging services, or video calls.

1.2. Participation Data

We collect only personal data that is relevant and necessary for the specific Research in which you choose to participate.

1.2.1. For Quantitative Research:

Screening Information: your responses to questions regarding your user experience, interests, habits, preferences, and the devices you use;
Recordings of your facial expressions during interactions with the object of the research (for example, a game, advertisement, video, or other media);
Derived Coded Data: insights reflecting your principal emotional reactions during engagement with the research object (as defined below).

1.2.2. For Qualitative Research we may collect all the data categories listed above under clause 1.2.1 (a) and 1.2.1 (c) (Quantitative Research), and additionally:

Your identifiers: your full name, gender, age, nationality, residential address, and contact information (email address, phone number, your Google Account details).
Recordings of your voice and/or facial expressions during interactions with the object of the research (for example, a game, advertisement, video, or other media), as well as recordings of your device screen while you engage with the research object;
Transcripts of interviews or sessions with you conducted and recorded as part of the Research;
On-Screen Information: any personal or device-related information that may unintentionally become visible to us during the course of Research sessions conducted via Google Meet or similar communication tools. This may include, without limitation, user identifiers, names, nicknames, photos, contact lists, file names, content previews, notifications, apps, services, or other elements displayed on the your screen while navigating your device.

1.3. Information Received from Third Parties. When you participate in any Research studies through Recruitment Platforms, these platforms may provide us with the following personal data about you:

Your unique identifier assigned by the Recruitment Platform;
Your basic demographic details (e.g., first name, age, gender, nationality, country of residence);
Basic information regarding your user experience relevant to the requirements of a specific Research for which we recruit participants;
Any additional information as permitted by the respective Recruitment Platform’s privacy policy.

We may also obtain your personal data from other third-party sources, where permitted or required by applicable law.

Sensitive Personal Data. Under no circumstances we collect or process special categories of personal data, such as information related to your race or ethnicity, religious or philosophical beliefs, sexual life, political opinions, trade union membership, health, genetic or biometric data.

No Minors Data: Our Services are intended solely for individuals over the age of 18. Consequently, we do not knowingly collect personal data from individuals under the age of 18. If it comes to our attention that such data has been collected due to misleading or false information provided to us, we will promptly delete it.

Use of AI components

To conduct our Research activities, we use both proprietary AI systems (as described in Section 5 below) and third-party AI technologies, including large language models developed by OpenAI, LLC (“LLMs”). For example, we may utilize these LLMs to analyze Respondents’ answers across certain Research sessions in order to generate aggregated analytics as part of our Research outcomes. To perform this analysis, we share only the text of your responses extracted from Transcripts and/or session records - excluding any information that could directly or indirectly identify you.

Use of Recordings and Derived Data

During the course of the Research, we make Recordings of your participation (Clauses 1.2.1 (b) and 1.2.2 (b), which we further process as described in this clause below to: (a) capture and extract specific data from the recordings (“Captured Video Data”); and (b) interpret this Captured Video Data to produce Derived Coded Data (Clause 1.2.1 (c)).

Captured Video Data may include information such as facial expressions, and other observable behavioural cues. We use internal AI systems to analyse this data for the purposes of emotional interpretation. Specifically, the Captured Video Data is processed by proprietary algorithms within our Platform (as defined in our Terms of Service), which convert it into coded formats (e.g., numerical or categorical values) representing emotional states or behavioural patterns.

After the completion of the Research study in which you participate, any data linking your identity to your Captured Video Data and Derived Coded Data will be securely removed. Anonymised versions of the Recordings, Captured Video Data and/or Derived Coded Data may, however, be retained and used by us: (a) to improve the accuracy and functionality of our Platform’s emotion recognition algorithms; (b) to enhance the diversity and breadth of our Platform’s datasets; (c) to support advancements in human-computer interaction and usability analysis.

If you do not wish for your Captured Video Data or Derived Coded Data to be used for the purpose of improving our AI systems (as described in the final paragraph above), you may opt out of such use by contacting us at [email protected] before or within 30 (thirty) days following your participation in the Research. In such cases, your Captured Video Data and Derived Coded Data will be used solely for the specific Research study in which you participated and will not be retained or repurposed to train or improve our AI algorithms. Your participation in the Research will not be affected by this choice.

Summary of purposes and legal bases of your personal data processing

We collect and process your personal data for a range of purposes, as specified in the table below. The legal bases under which we process your personal data include:

Consent: We collect and process your personal data based on your explicit consent, which is obtained through consent forms, personal recorded communication with you, emails or checkboxes provided during your interactions with us. Your consent is documented and securely stored in our systems. You may withdraw your consent at any time by contacting us at [email protected].
Contractual necessity: Processing of your personal data may be necessary for the performance of a contract to which you are a party or to take pre-contractual steps at your request.
Legitimate interest: We may process your personal data where it is necessary for our legitimate interests, such as improving our products and Services, ensuring the security of our Platform, and maintaining business relationships. When relying on legitimate interest, we always conduct a balancing test to ensure that our interests do not override your fundamental rights and freedoms.
Legal obligation: We process your personal data when it is necessary to comply with our legal and regulatory obligations, including tax, accounting, anti-money laundering (AML), and data protection laws.
Vital interests and other legal bases: In exceptional cases, we may process your personal data to protect your vital interests or those of another person, or when processing is otherwise permitted under Article 6 of the GDPR.

We DO NOT sell, rent, or trade your personal data to third parties under any circumstances.

We DO NOT use personal data for marketing purposes.

Summary Table of Processing Purposes and Legal Bases

Category of Personal Data	Purpose of Processing	Lawful Basis (GDPR, Article 6)	Retention period
Your identifiers (clause 1.2.2 (a) above)	(a) To identify and communicate with you in connection with the Research you are participating in; (b) To manage your participation in the Research; (c) To send you notifications and updates regarding the Research; (d) To respond to your inquiries or other direct communications; (e) To enter into and perform an agreement with you; (f) To communicate with you in the context of research engagement – including sending invitations to participate in our Research studies, notifying you of new or upcoming Research opportunities, providing relevant Research-related information or proposals, and managing a database of potential respondents for our future research activities.	Article 6(1)(b) – Performance of a contract (where we have a direct contract with you); Article 6(1)(f) – Legitimate interest (to facilitate effective communication in response to your inquiries or other communications); Article 6(1)(f) – Legitimate interest (to manage research-related operations and communications) Article 6(1)(a) – Consent (where we communicate with you the context of research engagement)	Up to 12 months after the end of the relevant Research project or last contact, unless a longer retention period is required by law (e.g., accounting obligations)
Your payment information (i.e. banking details, VAT/tax ID, payment history)	To process payments, rewards, or reimbursements you’re your participation in the Research in case we have a direct (off-Recruitment Platforms) agreement with you	Article 6(1)(b) – Performance of a contract; Article 6(1)(c) – Compliance with a legal obligation (tax and accounting requirements)	Up to 12 months after the end of the relevant paid Research project, unless a longer retention period is required by law (e.g., accounting obligations)
Your On-Screen information (clause 1.2.2 (c) above)	This data is not processed separately from the Recordings	Article 6(1)(a) – Consent	Until the respective Recording is erased or any personal data contained therein is anonymized, as described in the relevant section below in this table
Screening information (clause 1.2.1 (a) above)	(a) To assess your eligibility and suitability for specific Research (b) To communicate with you in the context of research engagement – including sending invitations to participate in our Research studies, notifying you of new or upcoming Research opportunities, providing relevant Research-related information or proposals, and managing a database of potential respondents for our future research activities.	Article 6(1)(a) – Consent	Until the completion of the respective Research, plus up to 6 months for research validation (in case you are selected); Until the completion of the respective Research, plus up to 12 months for communication in the context of research engagement
Recordings (clauses 1.2.1 (b) and 1.2.2 (b) above)	To conduct the Research, to assess your behavioural responses during engagement with the object of the Research, and process Captured Video Data for conversion into Coded Data, as defined in Clause 5 above.	Article 6(1)(a) – Consent	Until the completion of the project, plus up to 12 months for quality control and reporting purposes, unless further anonymised for algorithm improvement.
Derived Coded Data (clause 1.2.1 (c) above)	To analyse your user reactions and behaviours as part of the Research objectives	Article 6(1)(a) – Consent	Until the completion of analysis, plus up to 6 months for research validation; anonymised data may be retained longer (see below).
Transcripts and session records (clause 1.2.2 (c) above)	To document and analyse qualitative Research findings in an aggregated and anonymised manner.	Article 6(1)(a) – Consent	Until project completion, plus up to 6 months for analysis and reporting; anonymised versions may be retained indefinitely for research purposes.
Data from Recruitment Platforms (clause 1.3 above)	To manage your recruitment and ensure eligibility for a particular Research	Article 6(1)(f) – Legitimate interest (managing recruitment processes)	as per the respective Recruitment Platform’s privacy policy

Sharing of your personal data

We only share your personal data with third parties when it is necessary to achieve the purposes described in this Policy and always in compliance with applicable data protection laws. We ensure that any such sharing is subject to appropriate contractual, technical, and organizational safeguards.

Your personal data may be shared with the following categories of recipients:

(a) Customers and Business Partners: We may share anonymised or aggregated research insights with our customers and business partners as part of the services we provide. In certain cases, where strictly necessary (e.g., for quality control or research validation purposes), we may also share limited personal data—such as your feedback, in-game behavior, or excerpts from Recordings—provided such data is subject to appropriate safeguards, including minimization and anonymisation where feasible.

(b) Service Providers and Subcontractors: We engage carefully selected third-party vendors, consultants, and subcontractors to support various aspects of our operations, including research execution, data processing, analytics, and platform development. These third parties act as data processors on our behalf and are contractually bound by strict confidentiality and data protection obligations under Article 28 GDPR.

(c) Hosting and Infrastructure Providers: We rely on trusted infrastructure services, such as Google Cloud and Google Workspace, to securely host and manage our systems and your personal data. These providers operate in accordance with internationally recognized security and data protection standards, and we ensure their compliance through appropriate contractual arrangements.

(d) Prospective Investors and Professional Advisors: in the context of financing, due diligence, or potential mergers/acquisitions, we may disclose your data to investors or their advisors, provided they are subject to strict confidentiality obligations.

(e) Compliance with legal obligations. We may disclose your personal data when required to comply with legal obligations, including responding to subpoenas, court orders, or lawful requests from governmental or regulatory bodies. This may include compliance with tax, banking, anti-corruption, AML, accounting regulations, or other applicable laws.

(f) Legal rights and safety. Your personal data may also be shared if it is necessary to establish, exercise, or defend our legal rights, protect our property, enforce our agreements, or prevent fraud or other illegal activities.

We require all third parties with whom we share your data to maintain appropriate security measures and comply with applicable data protection laws. Third parties are only permitted to process your personal data for specified purposes in accordance with our instructions.

Cookies and other Tracking Technologies

Technologies that we use on our website https://sensemitter.com/ (“Website”) are:

Cookies are small pieces of text entered into the memory of your browser by a website, allowing the website to store information on your device and later retrieve it. They help maintain website functionality and collect information about website usage. We use this information to improve our website, present content in the most efficient and engaging manner and assist in our marketing efforts.
Web beacons are tiny images with a unique identifier, which are not stored on the hard-drive of your device, but are embedded invisibly on web pages. We use web beacons in our marketing HTML-based emails to our subscribers. This allows us to collect information about how subscribers engage with emails and analyze statistics, including open rates and click-through rates. We use this information to improve our email communications and effectiveness of marketing campaigns.

The types of cookies we use are:

(1) Session and persistent cookies:

Session cookies last as long as your online session and disappear from your device when you close your browser.
Persistent cookies stay on your device after you close your browser and last for a time specified in the cookie (unless deleted by you earlier).

(2) First-party and third-party cookies:

First party cookies are set by the website. Only we can read them.
Third-party cookies are set by someone other than our website. You may adjust your browser settings to prevent the receipt of third-party cookies, or to provide notification whenever such third-party cookies are sent to you.

While the cookies that we use may change from time to time as we improve and update the website, they serve the following main purposes:

Strictly necessary cookies are essential for the operation of the website, so that you can navigate it and use its features. Without them some parts of the website will not work.
Functionality cookies allow the website to remember choices you make to provide better functionality and personalized features. These cookies may be set by us or by third-party services we have added to our pages. If you do not allow them then some or all of these services may not function properly.
Analytics and performance cookies help us improve the performance of the website based on the information about how the website is used, for example, page views and traffic sources.
Advertising and marketing cookies may be used to build a profile of your interests and show you relevant adverts on other websites. These cookies can be set through the website by us or our partners.

The list of cookies used on our Website is continuously monitored and displayed in real-time through Cookie Script. You can view the complete list of cookies, including their purpose, duration, and data usage details, at any time. Additionally, you can manage your cookie preferences in real-time via the cookie pop-up available on the Website landing page.

You can delete the cookies installed in the past and manage preferences for cookies in your browser settings. How to manage cookies in the most popular browsers:

Safari: https://support.apple.com/guide/safari/manage-cookies-and-website-data-sfri11471/mac
Google Chrome: https://support.google.com/chrome/answer/95647?hl=en

Edge: https://support.microsoft.com/en-gb/help/4027947/microsoft-edge-delete-cookies

You can manage preferences for third-party cookies via the tools provided by those parties. For example, you can manage Google’s cookies by visiting Google Ad Settings or installing Google Analytics Opt-out Browser Add-on.

You may also follow the instructions provided by the EDAA (EU), the Network Advertising Initiative (US), the Digital Advertising Alliance (US), DAAC (Canada), DDAI (Japan) or other similar services. Such initiatives allow you to select tracking preferences for most of the advertising tools.

If you block or delete cookies in your browser settings, this may mean that the website preferences will be lost and that you might not be able to access or use some of its features.

Where we process and transfer your information

We host and process your data in Europe (and the hosting services are purchased by us from Google Cloud). We may transfer personal data to jurisdictions outside of your home country and outside of European Economic Area (EEA) as necessary for the purposes of processing. You are entitled to learn about the legal basis of data transfers to a country outside the EU and about the security measures we take to safeguard your information. If we transfer personal data originating from the EEA to countries with not adequate level of data protection, we use one of the following legal bases: (i) Standard Contractual Clauses approved by the European Commission, or (ii) the European Commission adequacy decisions about certain countries. We take all steps necessary to provide suitable safeguards to protect your personal data during the cross-border transfer and to ensure that your data is treated in accordance with this Privacy Policy.

How we protect your information

We are committed to safeguarding your personal and confidential information (“PCI”) through robust technical and organizational measures. Our security framework is designed to protect PCI from unauthorized access, use, disclosure, copying, modification, destruction, and accidental loss or misuse.

10.1. Security Measures in Place. We implement industry-standard security controls, including but not limited to:

Access Controls: we enforce strict access controls to ensure that only authorized personnel and contractors can access your PCI, based on the principle of least privilege.
Data Encryption: to prevent unauthorized access, tampering, or interception of PCI, we employ strong encryption mechanisms: (i) in transit: we utilize 256-bit SSL/TLS 1.2 encryption to secure data while it is transmitted from us to you; (ii) at rest: all data stored within our infrastructure is encrypted using AES-256 industry standards, ensuring an additional layer of protection; (ii) backups: regular encrypted backups are maintained to ensure data availability and integrity in the event of an incident.
Secure Infrastructure: all our Services’ infrastructure is hosted within Google Cloud, utilizing state-of-the-art security controls to protect against unauthorized network requests. Google Cloud is ISO/IEC 27001, SOC 1/2/3, and GDPR-compliant, providing a secure environment for our services. More details on Google Cloud’s security standards can be found in their Compliance Programs.
Regular Security Audits: we conduct regular penetration testing, vulnerability assessments, and security audits to proactively identify and mitigate potential risks.
Antivirus and Intrusion Prevention Systems (IPS): deployed to monitor and prevent unauthorized access and potential threats in real-time.
Incident Response: we have established protocols to promptly address any suspected data breaches and will notify you and applicable regulators within legally required timeframes if a breach occurs.

10.2. Privacy Commitment. We are fully dedicated to compliance with the GDPR and other applicable data protection laws. Our privacy measures include:

Mandatory Non-Disclosure Agreements for all employees and contractors handling your PCI.
Regular employee training on data protection best practices and GDPR compliance.

How you can control your information

If you reside in one of EEA jurisdictions, you have the following rights in relation to the processing of your information:

Right to request access. You may obtain confirmation as to whether or not we process your information, learn about the details of such processing and obtain a copy of the information that we process.
Right to request correction. You may verify the accuracy of your information and ask us to update or correct it. We may need to verify the accuracy of the new data you provide to us.
Right to request erasure. You may ask us to delete or remove personal data where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove your personal data where you have successfully exercised your right to object to processing, where we may have processed your information unlawfully or where we are required to erase your personal data to comply with the law. However, we may not always be able to comply with your request of erasure for specific legal reasons which will be notified to you, if applicable, at the time of your request.
Right to object to processing. At any time on grounds relating to your particular situation you have a right to object to processing of your personal data where we are relying on a legitimate interest (or those of a third party). You have the right to object to processing of your personal data for direct marketing purposes and unsubscribe (opt out) from marketing communications at any time by clicking the unsubscribe link in any of these emails or by contacting us at the email specified at the bottom of this section.
Right to request restriction of processing. You may ask us to suspend the processing of your personal data where one of the following applies: (a) if you want us to establish the data’s accuracy; (b) if the processing of personal data is unlawful but you do not want us to erase it; (c) if we no longer require your personal data but you need us to hold the data since you need it to establish, exercise or defend legal claims; (d) you have objected to our use of your data but we need to verify whether we have overriding legitimate grounds to use it.
Right to request the transfer of your personal data to you or to a third party. You may ask us to provide to you, or a third party you have chosen, your personal data in a structured, commonly used, machine-readable format. This right only applies to automated information which you initially provided consent for us to use or where we used the information to perform a contract with you.
Right to withdraw consent. If you have previously provided us with your consent to collect and process your personal data, you can change your mind and withdraw such consent at any time. However, this will not affect the lawfulness of any processing carried out before withdrawal. If you withdraw your consent, we may not be able to provide certain products or services to you. We will advise you if this is the case at the time of withdrawal.
Right to complain to a supervisory authority. If you are unhappy with the way in which your personal data has been processed, you may contact us. If you remain dissatisfied, you may lodge a complaint to your national data protection supervisory authority: https://edps.europa.eu/.

To exercise these rights, you can contact us by submitting an access request by emailing us by email address at the bottom of this section.

If you reside in the United States of America (USA), you have rights under certain USA state data protection laws. However, these rights are not absolute, and in certain cases, we may decline your request as permitted by law. These rights include:

Access. Right (1) to know whether or not we are processing your personal information, (2) to access your personal information, and (3) to obtain a copy of the personal information you disclosed to us, and as permitted by applicable law, including the "Shine The Light" law, (4) to obtain a list of specific third parties to which we have disclosed personal information, (5) to obtain a list of categories of personal information (if any) we disclosed to third parties for direct marketing purposes and the names and addresses of all third parties with which we shared personal information in the immediately preceding calendar year.

Rectification. Right to correct inaccuracies in your personal information.

Erasure. Right to request the deletion of your personal information. Please notice that we have to keep certain personal information in our files after fulfilling such a request, including data required to be kept in accordance with the law or to protect our rights, in particular in the context of court proceedings. The right to delete data may be limited by law or provisions related to freedom of expression and information.

Opt out of sale and sharing. Right to opt out, under certain applicable laws, of (1) the sharing, meaning the processing for targeted advertising, of your personal information, (2) the sale of personal information, or (3) profiling in furtherance of decisions that produce legal or similarly significant effects (profiling).

You can opt out from the selling of your personal information of internet or other electronic network activity, targeted advertising, or profiling by disabling cookies in your browser’s cookie preference settings.

Right to limit use and disclosure of sensitive personal information, namely, to direct us to limit the use of your sensitive personal information that you disclose to us, to that use which is necessary to provide our services and granted by certain applicable laws.
Withdrawing your consent. If we are relying on your consent to process your personal information, which may be express and/or implied consent depending on the applicable law, you have the right to withdraw your consent at any time.
Non-discrimination. Right to not been discriminated for exercising your rights. Please notice that because to the nature of our services, opting out of sharing and sale of your personal information restricts us from providing your application to lenders.

Under certain US state data protection laws, you can designate an authorized agent to make a request on your behalf. We may deny a request from an authorized agent that does not submit proof that they have been validly authorized to act on your behalf in accordance with applicable laws. If you submit the request through an authorized agent, we may need to collect additional information to verify your identity before processing your request and the agent will need to provide a written and signed permission from you to submit such request on your behalf.

Under certain US state data protection laws, if we decline to take action regarding your request, you may appeal our decision by emailing us by email address at the bottom of this section. We will inform you in writing of any action taken or not taken in response to the appeal, including a written explanation of the reasons for the decisions. If your appeal is denied, you may submit a complaint to your state attorney general.

If you wish to exercise any of the rights set out above, please contact us at [email protected]. We will process your request free of charge and as early as possible, but always within one month. Note that before acting on any such request, we will need to verify your identity and may ask you for additional information. We will only use personal information provided in your request to verify your identity or authority to make the request. However, if we cannot verify your identity from the information already maintained by us, we may request that you provide additional information for the purposes of verifying your identity and for security or fraud-prevention purposes. We may not be able to honor your request if we won’t verify your identity.

How long we keep your information

We keep your information for as long as it is necessary for the purposes outlined in the Section 6 above. We may retain your information if required to do so by law or upon an order of a state authority.

Links to third-party websites

The Website may contain links to third-party websites that are not administered by us and are not governed by this Privacy Policy. We encourage you to familiarize yourself with the privacy policies and security practices of the linked third-party websites before providing them any personal data.

Changes to the Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our data processing practices, regulatory requirements, or to address feedback received from our customers. Any changes will be published on this page, and we encourage you to review it regularly to stay informed about how we protect your information. When we post changes, we revise the "Last Updated" date at the top of this policy.

If we make any material changes in the way we collect, use or share your information, we will notify you by prominently posting notice of the changes on our Website and Platform, and if required by applicable law we will request your consent for such changes.

Contact Information

If you have questions or comments regarding this Privacy Policy and our privacy practices, or you have any requests to exercise your legal rights, please contact us at: [email protected]

Registered address: Spyrou Araouzou, 2, FAYSA HOUSE, 2nd floor, Flat/Office 201, 3036, Limassol, Cyprus

***

Main Definitions

CCPA 2018: the California Consumer Privacy Act 2018 and legislation supplementing this Act.

Data controller: The natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data. Unless stated otherwise, for purposes of this Privacy Policy – Sensemitter Services Limited.

GDPR: the General Data Protection Regulation ((EU) 2016/679) and all legislation implementing or supplementing this Regulation.

Personal data, personal information: Any information relating to an identified or identifiable natural person (“data subject”); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier.

Processing of personal data: Any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction. For the purposes of CCPA 2018 “sharing” of personal data shall not be read or mean “sale” of personal data.