Privacy policy

Policy version: 28th October 2022

We take your privacy very seriously. Please read this privacy policy carefully as it contains important information on who we are and how and why we collect, store, use and share any information relating to you (your personal data) in connection with your use of our website, application or online platform or facility on or through which you access and/or use our products, services or information (“Platform”). It also explains your rights in relation to your personal data and how to contact us or a relevant regulator in the event you have a complaint.

We collect, use and are responsible for certain personal data about you. When we do so we are subject to the UK General Data Protection Regulation (UK GDPR). We are also subject to the EU General Data Protection Regulation (EU GDPR) in relation to goods and services we offer to individuals and our wider operations in the European Economic Area (EEA).

This privacy policy is divided into the following sections. If you click on each heading you will be taken to the relevant section.


About us and this privacy policy

About us

https://ebi.ai/ (our ‘website’) is provided by Offshorly trading as EBI.AI (‘we’, ‘our’ or ‘us’).  We are the controller of personal data obtained via our Platform, meaning we are the organisation legally responsible for deciding how and for what purposes it is used. This privacy policy relates to your use of our Platform.

Throughout our Platform we may link to other websites owned and operated by certain trusted third parties to make additional products and services available to you as highlighted under the heading “Who we share your personal data with”. Those third party websites may also gather information about you in accordance with their own separate privacy policies. For privacy information relating to those third party websites, please consult their privacy policies as appropriate.

Changes to this privacy policy

We may change this privacy policy from time to time—when we make significant changes we will take steps to inform you.

Contact information

How to contact us

You can contact our data protection officer (‘DPO’) by email if you have any questions about this privacy policy or the information we hold about you, to exercise a right under data protection law or to make a complaint.

Our DPO’s email address is: cathrine@ebi.ai

Please contact us if you have any queries or concerns about our use of your personal data. We hope we will be able to resolve any issues you may have.

How to contact the ICO

You also have the right to lodge a complaint with the UK Information Commissioner. The UK’s Information Commissioner may be contacted using the details at https://ico.org.uk/make-a-complaint or by telephone: 0303 123 1113.

Types of personal data that we collect

The personal data we collect about you depends on the particular activities carried out through our Platform . If you do not provide personal data we ask for where it is indicated to be ‘required’ at the point of collection, it may delay or prevent us from providing services to you.

We may collect and use any combination of the following types of personal data about you:

Identity data

Includes first name, maiden name, last name, username or similar identifier, marital status, title, date of birth, your spoken language, gender, job title and company details.

Contact data

Includes billing address, delivery address, email address and telephone numbers.

Financial data

Includes bank account, billing information and payment card details.

Transaction data

Includes details about payments to and from you and other details of products and services you have purchased from us.

Technical data

Includes internet protocol (IP) address, your login data, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform, and other technology on the devices you use to access this Platform.

Profile data

Includes your username and password, purchases or orders made by you, your interests, preferences, feedback and survey responses (via telephone, email, social media or post).

Usage data

Includes information about how you use our Platform (including anonymised chat transcripts), products, technology systems and services

Marketing and communication data

Includes your preferences in receiving marketing from us and our third parties and your communication preferences.

Identity data

Includes first name, maiden name, last name, username or similar identifier, marital status, title, date of birth, your spoken language, gender, job title and company details.

Contact data

Includes billing address, delivery address, email address and telephone numbers.

Financial data

Includes bank account, billing information and payment card details.

Transaction data

Includes details about payments to and from you and other details of products and services you have purchased from us.

Technical data

Includes internet protocol (IP) address, your login data, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform, and other technology on the devices you use to access this Platform.

Profile data

Includes your username and password, purchases or orders made by you, your interests, preferences, feedback and survey responses (via telephone, email, social media or post).

Usage data

Includes information about how you use our Platform (including anonymised chat transcripts), products, technology systems and services

Marketing and communication data

Includes your preferences in receiving marketing from us and our third parties and your communication preferences.

Personal data processing by us (including purpose, data type & legal basis)

Under data protection law, we can only use your personal data if we have a proper reason. The table below explains what we use your personal data for and why.

More details about how we use your personal data and why are set out in the table below.

What we use your personal data for
Data type
Legal basis for using your data under UK GDPR or otherwise (references are to articles in the UK GDPR)

Create, update and manage your account with us

  • Identity
  • Contact
  • Profile
  • Financial
  • For our legitimate interest – Art.6(1)(f)
  • To comply with our legal and regulatory obligations – Art 6(1)(c)

Providing services to you (or your employers/supplier) and communicating any changes to you (or your

  • Contact
  • For the performance of the contract with you – Art.6(1)(b

Employers/suppliers).

  • Financial
  • To comply with our legal and regulatory obligations – Art 6(1)(c)
  • For legitimate interests to notify you of changes to policies and terms – Art.6(1)(f)

Conducting checks to identify you and verify your identity or to help prevent and detect fraud against you or us

  • Identity
  • Contact
  • Profile
  • Technical
  • To comply with our legal and regulatory obligations – Art 6(1)(c)
  • For our legitimate interests to minimise fraud that could be damaging for you and/or us Art.6(1)(f)

To enforce legal rights or defend or undertake legal proceedings

  • Identity
  • Profile
  • To comply with our legal and regulatory obligations – Art 6(1)(c)
  • For our legitimate interests to protect our business, interests and rights. Art.6(1)(f)

Customise our Platform and its content to your particular preferences based on a record of your selected preferences or on your use of our Platform

  • Technical
  • Marketing and communication
  • Profile
  • We have your consent (via acceptance of our cookies policy) – Art.6(1)(a)
  • Where we are not required to obtain your consent and do not do so, for our legitimate interests (to be as efficient as we can so we can deliver the best service to you at the best price) – Art.6(1)(f)

Protecting the security of systems and data used to provide the service

  • Technical
  • To comply with our legal and regulatory obligations – Art 6(1)(c)
  • We may also use your personal data to ensure the security of systems and data to a standard that goes beyond our legal obligations, and in those cases our reasons are for our legitimate interests, i.e., to protect systems and data and to prevent and detect criminal activity that could be damaging for you and/or us

Statistical analysis to help us understand our customer base

  • Identity
  • Technical
  • Profile
  • Usage
  • For our legitimate interests, i.e., to be as efficient as we can so we can deliver the best service to you at the best price – Art.6(1)(f)

Disclosures and other activities to third parties where legally required to do so

  • Marketing and communication
  • Identity
  • Contact
  • Profile
  • Technical
  • Financial
  • Transactional
  • Usage
  • To comply with our legal and regulatory obligations – Art 6(1)(c)

Marketing our services including offers and promotions to existing and former customers. See ‘Additional information about marketing’ below for further information

  • Marketing and communication
  • Identity
  • Transaction
  • Profile
  • Usage
  • For our legitimate interests, i.e., to promote our business – Art.6(1)(f)

Cookies

See ‘Cookies’ below for further information

  • Technical
  • For our legitimate interests, i.e., to promote our business to existing and former customers – Art.6(1)(f

The audit of data storage

  • Identity
  • Profile
  • For our legitimate interests to verify the integrity of our systems and ensure we operate to the highest standards.
What we use your personal data for
Data type

Create, update and manage your account with us

  • Identity
  • Contact
  • Profile
  • Financial

Providing services to you (or your employers/supplier) and communicating any changes to you (or your

  • Contact

Employers/suppliers).

  • Financial

Conducting checks to identify you and verify your identity or to help prevent and detect fraud against you or us

  • Identity
  • Contact
  • Profile
  • Technical

To enforce legal rights or defend or undertake legal proceedings

  • Identity
  • Profile

Customise our Platform and its content to your particular preferences based on a record of your selected preferences or on your use of our Platform

  • Technical
  • Marketing and communication
  • Profile

Protecting the security of systems and data used to provide the service

  • Technical

Statistical analysis to help us understand our customer base

  • Identity
  • Technical
  • Profile
  • Usage

Disclosures and other activities to third parties where legally required to do so

  • Marketing and communication
  • Identity
  • Contact
  • Profile
  • Technical
  • Financial
  • Transactional
  • Usage

Marketing our services including offers and promotions to existing and former customers. See ‘Additional information about marketing’ below for further information

  • Marketing and communication
  • Identity
  • Transaction
  • Profile
  • Usage

Cookies

See ‘Cookies’ below for further information

  • Technical

The audit of data storage

  • Identity
  • Profile

Additional Information about Marketing

You have the right to opt out of receiving marketing communications at any time by:

1. contacting us by email to our DPO at cathrine@ebi.ai; or

2. using the ‘unsubscribe’ link in emails.

We may ask you to confirm or update your marketing preferences if you ask us to provide further services in the future, or if there are changes in the law, regulation, or the structure of our business. We may share your personal data with other organisations outside the EBI Solutions Limited group for marketing purposes but not without your consent.

How your personal data is collected (e.g., cookies)

Directly
  • When you complete a form on our EBI.AI website or other aspect of our Platform or via LinkedIn;
  • By using our AI assistant on the EBI.AI website or other aspect of our Platform;
  • Through the chat function on the EBI.AI website or other aspect of our Platform; and
  • Via email.
Indirectly
  • Such as your browsing activity while on our Platform; we will collect information indirectly using the technologies explained in the section on Cookies (see below for additional information about cookies).
Third parties’ sources
  • ZoomInfo; and
  • LinkedIn
  • Facebook
  • Google
Directly
  • When you complete a form on our EBI.AI website or other aspect of our Platform or via LinkedIn;
  • By using our AI assistant on the EBI.AI website or other aspect of our Platform;
  • Through the chat function on the EBI.AI website or other aspect of our Platform; and
  • Via email.
Indirectly
  • Such as your browsing activity while on our Platform; we will collect information indirectly using the technologies explained in the section on Cookies (see below for additional information about cookies).
Third parties’ sources
  • ZoomInfo; and
  • LinkedIn
  • Facebook
  • Google

Cookies

Cookies are text files placed on your computer to collect standard internet log information and visitor behaviour information. This information is used to track visitor use of the Platform and to compile statistical reports on Platform activity. Please see the below list of cookies we collect and why:

Cookie name
Owner
Purpose and use

AEC

google.co.uk

This allows Google to analyse specific behaviour and interests of the user including traffic data, user asds interaction data and demographic data.

APISID / SAPISID / HSID /

google.co.uk

These cookies enable Google to collect user information for videos hosted by YouTube.

CONSENT

google.co.uk

This is used to ensure consent to cookie use

NID / SID / 1P_JAR

google.co.uk

Google uses a unique ID to remember preferences such as prefefrred language and to display personalised advertisments based on search and pervious interactions.

SEARCH_SAMESITE

google.co.uk

This is used to send data to Google

__Secure-1PAPISID

google.co.uk

Used by Google to build a profile of the user to ensure relevant content and advertising.

__Secure-1PSID

google.co.uk

Used by Google to build a profile of the user to ensure relevant content and advertising.

__Secure-3PSID

google.co.uk

Used by Google for retargeting purposes.

__cf_bm

Cloudflare

Cloudflare’s Bot Management service and helps manage incoming traffic that matches criteria associated with bots

__cfruid

Cloudflare

Used to ensure rate limiting policies.

__hssc

HubSpot

This cookie is used to keep track of session data

__hssrc

hubspot.com

When HubSpot changes the session cookie, this cookie is also set to determine if the visitor has reset their browser.

__hstc

HubSpot

It contains domain, utk, initial timestamp (first visit), last timestamp (last visit), current timestamp (current visit), and session number (increments with each subsequent session).

_fbp

Facebook

Used to distinguish individual users

_ga

Google Analytics

Used to understand when a user visits website for first time

_gcl_au

Google Analytics

Used to measure conversion from Google Ads

_gcl_aw

Google Analytics

Used to measure conversion from Google Ads

_gid

Google Analytics

Used to understand how a user interacts with website from a paid ad

_hjid

Hotjar

Used when a user first lands on a page using Hotjar

cf_clearance

Cloudflare

Shows a successful pass

cookieconsent_status

ebi.ai

Keeps track of users choices

hs_c2l

hubspot.com

Ensures HubSpot authenticiation

wordpress_test_cookie

ebi.ai

WordPress sets this cookie when a user navigates to the login page. The cookie is used to check whether the web browser is set to allow, or reject cookies.

wp-settings-11

ebi.ai

This cookie is used to personalise the admin and main site interface.

wp_lang

ebi.ai

Used to store language prefernces for WordPress users,

Cookie name
Owner

AEC

google.co.uk

APISID / SAPISID / HSID /

google.co.uk

CONSENT

google.co.uk

NID / SID / 1P_JAR

google.co.uk

SEARCH_SAMESITE

google.co.uk

__Secure-1PAPISID

google.co.uk

__Secure-1PSID

google.co.uk

__Secure-3PSID

google.co.uk

__cf_bm

Cloudflare

__cfruid

Cloudflare

__hssc

HubSpot

__hssrc

hubspot.com

__hstc

HubSpot

_fbp

Facebook

_ga

Google Analytics

_gcl_au

Google Analytics

_gcl_aw

Google Analytics

_gid

Google Analytics

_hjid

Hotjar

cf_clearance

Cloudflare

cookieconsent_status

ebi.ai

hs_c2l

hubspot.com

wordpress_test_cookie

ebi.ai

wp-settings-11

ebi.ai

wp_lang

ebi.ai

For more information about cookies, please visit the ICO website by clicking here

You can set your browser not to accept cookies and the above websites tell you how to remove cookies from your browser.

Following the end of the of the relevant retention period, we will delete or anonymise your personal data.

Who we share your personal data with

We only allow those organisations to handle your personal data if we are satisfied they take appropriate measures to protect your personal data. We also include contractual obligations to ensure they can only use your personal data to provide services to us and/or to you, for example in data processing agreements (DPAs).

We or third parties occasionally also share personal data with:

1. Our and their external auditors, e.g., in relation to the audit of our or their accounts, in which case the recipient of the information will be bound by confidentiality obligations;

2. Our and their professional advisors (such as lawyers and other advisors), in which case the recipient of the information will be bound by confidentiality obligations;

3. Law enforcement agencies, courts, tribunals and regulatory bodies to comply with our legal and regulatory obligations; and

4. Other parties that have or may acquire control or ownership of our business (and our or their professional advisers) in connection with a significant corporate transaction or restructuring, including a merger, acquisition, asset sale, initial public offering or in the event of our insolvency—usually, information will be anonymised but this may not always be possible. The recipient of any of your personal data will be bound by confidentiality obligations.

More details about who we may share your personal data with and why are set out in the table below.

Processing operation (use) by recipient
Recipients (Third parties)
Relevant categories of personal data transferred to recipient

Companies that help us with data storage

  • MongoDB
  • HubSpot
  • Technical
  • Identity
  • Transaction
  • Profile

Reporting

  • Microsoft
  • Usage

Account Emails

  • SendGrid
  • Identity
  • Contact

Data Processing by third parties (where the third party is our supplier and processes data on our behalf).

  • AWS
  • Contact
  • Identity
  • Profile
  • Transaction
  • Usage

Data Processing for third parties (where we are processing data on behalf of third parties who are our customers/clients).

  • Customers/clients
  • Identity
  • Contact

Companies that help us with our project management services

  • Atlassian
  • Identity
  • Contact

Processing data when using our chat service

  • Google
  • Google Home
  • Alexa
  • Microsoft Teams
  • IBM Watson
  • Twilio
  • Facebook/Meta
  • Identity
  • Contact
  • Financial
  • Transaction
  • Technical
  • Profile
  • Usage

Marketing Services

  • Google Ads
  • LinkedIn Campaign Manager (Ads Insight Tag)
  • Google Tag Manager
  • Google Search Console
  • WordPress
  • Hotjar
  • Vimeo
  • Zapier
  • ZoomInfo
  • LinkedIn
  • Kinsta (server)
  • HubSpot
  • Facebook
  • Identity
  • Contact
  • Technical
  • Profile
  • Usage
  • Marketing and communication data
Processing operation (use) by recipient
Recipients (Third parties)

Companies that help us with data storage

  • MongoDB
  • HubSpot

Reporting

  • Microsoft

Account Emails

  • SendGrid

Data Processing by third parties (where the third party is our supplier and processes data on our behalf).

  • AWS

Data Processing for third parties (where we are processing data on behalf of third parties who are our customers/clients).

  • Customers/clients

Companies that help us with our project management services

  • Atlassian

Processing data when using our chat service

  • Google
  • Google Home
  • Alexa
  • Microsoft Teams
  • IBM Watson
  • Twilio
  • Facebook/Meta

Marketing Services

  • Google Ads
  • LinkedIn Campaign Manager (Ads Insight Tag)
  • Google Tag Manager
  • Google Search Console
  • WordPress
  • Hotjar
  • Vimeo
  • Zapier
  • ZoomInfo
  • LinkedIn
  • Kinsta (server)
  • HubSpot
  • Facebook

Keeping your personal data secure

We have appropriate security measures to prevent personal data from being accidentally lost, or used or accessed unlawfully. We limit access to your personal data to those who have a genuine business need to access it. We continually test our systems and processing to ensure that we meet the expectations of g industry standards for information security.

We also have procedures in place to deal with any suspected data security breach. We will report any unlawful data breach of this Platform’s database or the database(s) to all relevant persons and authorities within 72 hours of the breach if it is apparent that personal data stored in an identifiable manner has been stolen.

How long your personal data will be kept

We will not keep your personal data for longer than we need it for the purpose for which it is used. We will retain your personal data for a maximum of two years from the date of our last communication, on the legal bases of legitimate interest. Different retention periods apply for different types of personal data.

If you no longer wish to keep your account with us we will delete it and all your data upon request.

Further details on this are available from the ICO’s website, see here, on retention of personal data.

Your rights

You generally have the following rights, which you can usually exercise free of charge:

Access to a copy of your personal data

The right to be provided with a copy of your personal data.

Correction (also known as rectification)

The right to require us to correct any mistakes in your personal data.

Erasure (also known as the right to be forgotten)

The right to require us to delete your personal data—in certain situations.

Restriction of use

The right to require us to restrict use of your personal data in certain circumstances, e.g., if you contest the accuracy of the data.

Data portability

The right to receive the personal data you provided to us, in a structured, commonly used and machine-readable format and/or transmit that data to a third party—in certain situations.

To object to use

The right to object:

  • at any time to your personal data being used for direct marketing (including profiling); and
  • in certain other situations to our continued use of your personal data, e.g., where we use your personal data for our legitimate interests unless there are compelling legitimate grounds for the processing to continue or the processing is required for the establishment, exercise or defence of legal claims
Not to be subject to decisions without human involvement
  • The right not to be subject to a decision based solely on automated processing (including profiling) that produces legal effects concerning you or similarly significantly affects you.
  • We do not make any such decisions based on data collected by our Platform.
The right to withdraw consents
  • If you have provided us with a consent to use your personal data you have a right to withdraw that consent easily at any time.
  • You may withdraw consents by emailing DPO at cathrine@ebi.ai
  • Withdrawing a consent will not affect the lawfulness of our use of your personal data in reliance on that consent before it was withdrawn.
Access to a copy of your personal data

The right to be provided with a copy of your personal data.

Correction (also known as rectification)

The right to require us to correct any mistakes in your personal data.

Erasure (also known as the right to be forgotten)

The right to require us to delete your personal data—in certain situations.

Restriction of use

The right to require us to restrict use of your personal data in certain circumstances, e.g., if you contest the accuracy of the data.

Data portability

The right to receive the personal data you provided to us, in a structured, commonly used and machine-readable format and/or transmit that data to a third party—in certain situations.

To object to use

The right to object:

  • at any time to your personal data being used for direct marketing (including profiling); and
  • in certain other situations to our continued use of your personal data, e.g., where we use your personal data for our legitimate interests unless there are compelling legitimate grounds for the processing to continue or the processing is required for the establishment, exercise or defence of legal claims
Not to be subject to decisions without human involvement
  • The right not to be subject to a decision based solely on automated processing (including profiling) that produces legal effects concerning you or similarly significantly affects you.
  • We do not make any such decisions based on data collected by our Platform.
The right to withdraw consents
  • If you have provided us with a consent to use your personal data you have a right to withdraw that consent easily at any time.
  • You may withdraw consents by emailing DPO at cathrine@ebi.ai
  • Withdrawing a consent will not affect the lawfulness of our use of your personal data in reliance on that consent before it was withdrawn.

For further information on each of those rights, including the circumstances in which they do and do not apply, please contact us (see ‘How to contact us’ below). You may also find it helpful to refer to the guidance published by the UK Information Commission on your rights under the UK GDPR. A more detailed explanation of the above rights is available here.

If you would like to exercise any of those rights, please email our Data Protection officer at cathrine@ebi.ai when contacting us please:

1. provide enough information to identify yourself (e.g., your full name, address and customer or matter reference number) and any additional identity information we may reasonably request from you, and

2. let us know which right(s) you want to exercise and the information to which your request relates.