Privacy Policy Website

Noctis AI Ltd, a company incorporated in England and Wales, company number 15375780, with registered office at 65 London Wall, London, EC2M 5TU, United Kingdom.

Contact point for data protection matters: privacy@onyard.io.

NoctisAI recommends that users read this Privacy Policy carefully and entirely to ensure that they are aware of all practices and policies relating to the collection, use, disclosure, processing, and protection of personal data. This Privacy Policy applies to visitors to our Website as well as users who contact Noctis AI using the relevant functionality on the Website.

By accessing and using the Website, the user acknowledges and confirms that they are at least eighteen (18) years old, or of the legal age of majority in the jurisdiction in which they reside, and consents to the collection, use, and processing of personal data as described in this Privacy Policy.

Except as set out in this Privacy Policy, NoctisAI will not use the user’s personal data for any other purpose without consent. NoctisAI does not sell, lease, license, or rent personal data to any third party, and does not use the collected personal data for advertising or marketing purposes.

When the user uses the Service, NoctisAI collects information, including personal data, for the purpose of providing, maintaining, and improving the Service, responding to submitted requests, and complying with applicable laws or regulations. NoctisAI collects personal data primarily when the user contacts NoctisAI’s support team by email, phone, or contact form on the Website with respect to the products and services offered by us.

The user voluntarily gives NoctisAI information that we collect and process as described in this Privacy Policy. The provided information may include personal data such as name, email address, phone number, and physical address. When the user voluntarily submits personal data with an inquiry or request relating to the Service or our products and services, NoctisAI will process that personal data in accordance with this Privacy Policy.

In some cases, NoctisAI may require additional information, including personal data, in order to identify the user while processing an inquiry or request. NoctisAI may also maintain a record of communications with users, including follow-ups and subsequent feedback, for internal purposes.

NoctisAI automatically collects information through the user’s use of the Website. Each time users access the Website, NoctisAI may collect information including which Service is used, which areas of the Website are visited, the time of access, actions taken on the Website, any error messages generated, and browser, operating system, and internet protocol (IP) address information.

NoctisAI collects this information automatically as part of technical log files or other metadata, as well as through the use of cookies and similar tracking technologies. Personally identifiable information collected through the Website is treated as personal data under this Privacy Policy. NoctisAI may also use collected information in anonymized or aggregated form for purposes including improving user experience, enhancing the Website or the Service, and developing new services.

Cookies or similar technologies may be used for many purposes, including remembering the user and user preferences and tracking visits to the Website or access to the Service. Cookies assign a number to the user that has no meaning outside of the assigning website or application.

NoctisAI uses cookies for purposes including tracking movements within the Website, analyzing trends, gathering statistical data, and improving user experience and the overall quality of the Website and the Service. Cookies are encoded and encrypted so that only NoctisAI can interpret the information stored in them. Cookies can be disabled or controlled through browser or device settings, although some features of the Service or Website may not function properly if cookies are disabled.

The processing may concern single operations or a set of operations involving the data provided by the user.

The Data Controller processes the following personal data of the user: full name, if communicated by the user, and business email address. No special categories of personal data under Article 9 GDPR, nor data relating to criminal convictions and offences under Article 10 GDPR, are processed.

Personal data of the user are processed for the following purposes:

If there is another legal basis for NoctisAI to collect and process personal data in its capacity as Data Controller, the required notification will be provided to the user at or before the time the personal data is collected.

If the user voluntarily provides personal data to NoctisAI when contacting us with respect to the Service or the products offered by us, that user will be deemed to have given consent to the collection, use, and processing of personal data by NoctisAI as reasonably necessary to carry out the specific purpose or purposes for which the data was provided.

• to provide, maintain, administer, support, protect, and improve the Services;
• to provide customer support;
• to handle and process inquiries submitted by users;
• to investigate any fraud, illegal activity, or wrongdoing in connection with the Website;
• to protect the rights, property, and safety of users, NoctisAI, and third parties;
• to troubleshoot, investigate, and fix service-related errors;
• to fulfil obligations established by law, regulation, EU law, or an order of the Authority;
• to exercise the rights of the Data Controller, including in court;
• to respond to user requests concerning rights under applicable data protection laws and regulations;
• where processing is necessary for compliance with a legal obligation to which NoctisAI is subject;
• where processing is necessary for the purposes of the legitimate interests pursued by NoctisAI as Data Controller, except where those interests are overridden by the interests or fundamental rights and freedoms of the user requiring protection of personal data.

The processing of data is carried out through paper or IT procedures by internally authorized and trained individuals. Those individuals are allowed access to users’ personal data only to the extent necessary for the performance of the processing activities.

The Data Controller periodically verifies the tools used to process data and the security measures provided for them, which are constantly updated. The Data Controller also verifies, including by means of subjects authorized to execute the processing, that no personal data are collected, processed, or stored beyond what is required, and that data are kept with guarantees of integrity and authenticity and used only for the purposes actually performed.

The Data Controller will process personal data for the time necessary to fulfil the purposes set out above.

Personal data may be disclosed to employees and contractors of the Data Controller authorized to process the data, professional advisors such as accountants, auditors, and legal counsel, IT service providers and hosting providers acting as data processors under appropriate contractual arrangements, and competent public authorities where required by law.

NoctisAI does not sell personal data and does not disclose it to third parties for their own marketing purposes.

The data will not otherwise be disseminated or communicated to unrelated third parties.

The Data Controller has adopted a variety of security measures to protect personal data against the risk of loss, misuse, or alteration.

The Data Controller may process, including through its suppliers, personal data and IT data to the extent necessary and proportionate to ensure the security and resilience of a network or servers connected to it against unforeseen events or illicit or malicious acts that could compromise the availability, authenticity, integrity, and confidentiality of personal data. For these purposes, the Data Controller maintains procedures for the management of personal data breaches in compliance with applicable legal obligations.

Personal data are primarily stored and processed within the European Economic Area on servers of companies duly appointed as Data Processors.

Where a transfer outside the UK or EEA is required, NoctisAI ensures appropriate safeguards are in place, such as an adequacy decision, the EU Standard Contractual Clauses, and the UK International Data Transfer Addendum where applicable.

NoctisAI will retain personal data for no longer than strictly necessary for the purposes for which the personal data is collected and processed. The retention period depends on applicable legal or regulatory requirements, the purposes of the collection and processing, and the legitimate interests of NoctisAI in establishing, exercising, or defending legal rights.

NoctisAI will delete the user’s personal data from its production servers when the user exercises the right to be forgotten or, if applicable, withdraws consent.

Notwithstanding the above, NoctisAI will retain certain personal data or portions of it in backups and log files for continuity, disaster recovery, legal claims, audit, statutory, and regulatory purposes, subject to the periods specified below.

• backup files on backup servers for up to one (1) month from the date of deletion from production servers, in order to ensure compliance with internal business continuity and disaster recovery procedures;
• log files to comply with applicable laws or regulations, exercise or defend ongoing legal claims, and meet audit or statutory requirements. Personal data retained in log files will be kept for a minimum of five (5) years from the date of deletion from production servers, or longer if required by applicable law.
• all personal data retained in backup files and log files will continue to be treated in accordance with this Privacy Policy until automatically deleted after the applicable retention period has elapsed.

The user has the right to:

• obtain confirmation of whether personal data concerning them exist, even if not yet recorded, and receive that data in an intelligible form;
• obtain indication of the origin of the personal data where the data were not obtained directly from the user;
• obtain indication of the purposes and methods of processing;
• obtain indication of the logic applied in case of processing carried out with the aid of electronic instruments;
• obtain indication of the identity of the Data Controller, the managers, and the designated representative pursuant to Article 3(1) GDPR;
• obtain indication of the subjects or categories of parties to whom the personal data may be communicated or who may learn about it as appointed representative in the territory of the State, managers, or agents;
• obtain indication of the retention period of the data or the criteria used to determine it;
• obtain updating, rectification, or integration of the data where appropriate;
• obtain deletion, anonymization, or blocking of data processed unlawfully, including data that no longer need to be kept for the purposes for which they were collected or subsequently processed;
• obtain confirmation that the operations referred to above have been notified, including their content, to parties to whom the data have been communicated or disseminated, except where this proves impossible or involves a use of means manifestly disproportionate to the protected right.

Requests may be addressed to privacy@onyard.io and will be handled within the timeframes set by applicable law.

The user also has the right to lodge a complaint with a supervisory authority, in particular the UK Information Commissioner’s Office at ico.org.uk, or the supervisory authority of the Member State of their habitual residence, place of work, or place of the alleged infringement.

Each update of this policy will be promptly made available to the client by appropriate means.

It will also be communicated if the Data Controller intends to process personal data of the user for purposes other than those referred to in this notice before proceeding and in time to give consent where necessary.