Privacy Policy

1 Introduction

Aya Data (referred to as “We, “Our” or “Us”), is committed to safeguarding the privacy and security of your personal information. We take care to preserve the privacy of everyone

that communicate (online or offline) with us, at events, over the phone, via our website, helpdesk and social media platforms.

This privacy notice is to inform you about the data we collect, what we do with your information, measures to keep it secure, and the rights and choices you have over your personal information.

Throughout this notice, we refer to Data Protection Legislation to mean the Data Protection Act 2018, GDPR (General Data Protection Regulation) UK and EU, the Privacy and Electronic Communications (EC Directive) Regulations 2003, Service Organization Control 2 (SOC 2) and any legislation implemented in connection with the aforementioned legislation. This includes any replacement legislation coming into effect from time to time.

2 Controller

Aya Data Ltd is the controller for the personal information we process unless otherwise stated. We are registered with the Information Commissioner’s Office (the ICO) in the United Kingdom with security number CSN9133990.

Aya Data consists of the parent company, Aya Data Limited (a private limited company registered in England and Wales with the company number 13528310 whose registered office is at Labs House 15-19 Bloomsbury Way, Holborn, London, England WC1A 2TH, and subsidiary company (as defined in section 1159 of the UK Companies Act 2006), Aya Data Limited (Ghana).

Aya Data Limited (Ghana) is a company registered in Ghana (company number CS011490122) and its registered office is at Plot 87 Spintex Rd, Accra, Ghana.

This Privacy Notice applies to Aya Data Limited (UK) and all subsidiaries irrespective of location or jurisdiction.

You can contact us either by phone, email or post.

· By phone: +44 (0) 203 797 1289 · By email: info@ayadata.com

· By post: Labs House 15-19 Bloomsbury Way, Holborn, London, England WC1A 2TH

‍

3 The information we collect

We only collect the personal information we know we will genuinely use as per the Data Protection Legislation. The type of personal information that we will collect about you, from third-party websites or that you have voluntarily provided to us on this website or from enquiry/contact forms, event/exhibitions or other contact methods includes:

· Your name;

· Telephone number(s);

· Email address;

· Your company;

· Job title;

· Survey responses;

· Cookies

We may, in additional dealings with you, extend the personal information to include your address, services used, and subscriptions, records of conversations, agreements and financial/payment transactions.

· The legal base for processing your data is centred on your specific consent/performance of a contract/compliance with a legal obligation or our genuine interest that we will have requested/stated when the information was originally provided; therefore, we will not st

‍

4 Purposes of the processing of personal data and the legal basis

We may collect or receive personal information for several reasons connected with our business operations. These may include website usage monitoring and optimization, direct marketing, opinion and market research, and responding to data subject requests.

The aforementioned processing of personal data is based on Aya Data’s legitimate interest to inform and develop its business decisions and eventually provide better services to the users of its services.

We process (your) personal data for the following purposes based on the following legal grounds:

· Data processing is primarily conducted for the execution of contracts concluded with you or your employer with whom we have a business relationship, or for the execution of pre-contractual measures (Art. 6 (1) b GDPR). This pertains, for example to, service and supply contracts and the processing of service and sales inquiries, authentication of contractual partners, processing and review of corresponding offers and inquiries, preparation and signing of contractual documents, execution of service and sales, invoicing and processing of service fee payments, sending of information letters/emails, service and work contracts as well as other contractual relationships.

· In addition, we process your data based on the legal requirements of Art. 6 (1) c GDPR, as well as protect our legitimate interests following Art. 6 (1) f GDPR. In particular, for the fulfilment of tax and other legal controls and reporting obligations. Additionally, for the fulfilment of tax and IT security audits or other authorities, and to comply with legal retention periods. It also serves for optimum maintenance of contact support and customer relations, also with regards to the employees of our business partners, and to optimize our business processes, such as by maintaining a supplier or prospect database and centralizing or outsourcing corporate functions. In this perspective, we may also receive information about the directors and shareholders of your company (e.g., names of directors and shareholders, nationality, triggers for potential conflicts of interest, etc.). This information is required to identify potential reputational and financial risks to which we may be exposed as a result of the business relationship and to comply with applicable anti-corruption, anti-money laundering and similar laws.

· We may also process your data for the assertion and defence of legal claims. Such as, if we should conduct a judicial or extrajudicial dispute with you, say, about the existence or non-existence of payment obligations. This also applies in particular in the case of claims asserted against us due to possible service delivery defects. In the

context of legal disputes, we may transfer your data to our external legal advisors or experts. The legal basis for this processing is Art. 6 (1) f GDPR in conjunction with Art. 9 (2) f GDPR.

· Since you work with IT systems or hardware linked to Aya Data in the course of your activities, personal data will be processed for the purposes of IT administration and security. This pertains, for example: to login credentials, access logs and the like which serve to protect our systems from misuse and attacks by third parties. The legal basis for the processing in this regard is Art. 6 (1) b GDPR, or Art. 6 (1) f GDPR.

· If you use online meeting tools to interact with us, we might collect additional kinds of data, for example, we may record the meetings and also collect information on your login. The legal basis for this processing is Art. 6 (1) b GDPR, or Art. 6 (1) f GDPR.

In individual cases, we process data because you have expressly consented to this (Art. 6 (1) a GDPR), for example in chatting with our chatbot on our site.

‍

5 To whom we might share your information with

Under certain circumstances stated below (beyond the cases already mentioned above), your personal data might be transmitted to third parties for the purposes mentioned above:

· Personal data is transferred to other companies in our group of companies. Exchanges between different companies of the Aya Data Group, including outside the European Union (“EU”), are based on EU standard data protection clauses and additional technical or organizational safeguards, if necessary.

· Service providers, specifically data processors may receive personal data of our business partners or third parties we interact with that is obligatory for the fulfilment of the respective service.

· Information necessary for the processing of existing contracts may be transferred to customers and suppliers.

· Due to legal obligations to report and provide information, certain personal data will be communicated to relevant authorities.

· If it is necessary for the clarification or prosecution of illegal or abusive incidents or, for the establishment, exercise or defence of legal claims, personal data will be forwarded to our legal advisors, the law enforcement authorities and, if necessary, to injured third parties.

· In the eventuality of business restructurings or reorganizations, including financial restructurings, insolvency, Mergers & Acquisitions (M&A) transactions, mergers, acquisitions, spin-offs, joint-ventures, assignments, sale or divestment of companies or parts thereof, any other sale or divestment of business or parts thereof, other business development activities such as in-licensing and out-licensing, personal data may be provided to the buyer, acquiring company, seller, merged companies, licensor, licensee, law firms and other consulting firms, liquidators, banks and other financial institutions, rating agencies and similar organizations. We will always

judiciously consider the need for such transfers and take steps (e.g., anonymization, pseudonymization or aggregation techniques) to reduce the amount of personal data to what is strictly necessary in such cases.

· If you have provided designated recipients (e.g., emergency contacts), personal information will be provided to them under certain circumstances (e.g., emergencies).

When collaborating with service providers and other organizations, legal instruments shall be utilized to ensure your personal data is processed lawfully and stored only as long as necessary. These may happen, for example, using processing agreements according to Art. 28 GDPR or agreements between joint controllers according to Art. 26 GDPR.

Generally, the servers on which we or our service providers store your personal data are located on the territory of the EU. In the course of some processing activities, your personal data may be stored outside the EU or personal data may be accessed by persons performing their activities in countries outside the EU (e.g., annotation staff). Aya Data will ensure an adequate level of personal data protection, inter alia by agreeing on Data Protection Legislation as required by data protection laws, such as model contract clauses approved by the European Commission.

If there is no adequate decision according to Art. 45 GDPR for these countries, legal instruments are used that also ensure the confidentiality, integrity and availability of the (your) personal data. This includes in particular the signing of the so-called EU standard data protection clauses according to Art. 46 (2) c GDPR.

6 Personal Information Retention

We will retain and process your personal data for as long as we can claim a genuine interest, we have valid consent from you, or there is a legal obligation for a certain period, which is determined or specified by applicable law and our company's IT security and data protection policies.

We will always retain your personal information in accordance with the Data Protection Legislation and never retain your information for longer than is necessary.

Unless otherwise required by law, your data will be stored for a period of 7 years after our contract with you expires or 3 years after our last contact with you or some other identifiable action, at which point it will be destroyed as per our data retention policy.

7 Security of processing

Aya Data processes personal information in a manner that seeks to ensure the proper security of personal information, including protection against unauthorized processing and accidental loss, destruction or damage.

Aya Data uses appropriate technical and organizational safeguards (as per our privacy preservation policy document) to ensure this, including the use of firewalls, encryption technologies, secure equipment facilities, proper access controls, training and guidance to personnel involved in the processing of personal information, and subcontractors.

Contracts and other documents kept in the original forms are kept in locked premises, access to which is restricted to authorized persons only.

All parties processing personal data have a duty of confidentiality in matters related to the processing of registered personal data, in accordance with the Employment Contracts Act and the confidentiality provisions of the nondisclosure agreement signed by all employees.

In accordance with this privacy statement, Aya Data may outsource the processing of personal data to service providers or subcontractors, in which case we will ensure, with adequate contractual obligations, that personal data is processed properly and lawfully.

Our website uses a TLS encrypted connection, which means that all personal information is protected in electronic form. If the data is in manual form, it is stored in locked premises and destroyed securely at the appropriate time.

The information received by us through the website traffic monitoring is protected by a TLS encrypted connection. The data obtained through Google Analytics is stored and processed on the service provider’s servers. Logging in to the Google Analytics service linked to the Aya Data website requires logins, and at Aya Data, only limited staff have these logins.

If the data is in Aya Data’s manual format, it will be stored in locked premises and securely destroyed at the appropriate time.

8 Rights of data subjects

Aya Data (referred to as “We, “Our” or “Us”), is committed to safeguarding the privacy and security of your personal information. We take care to preserve the privacy of everyone

that communicate (online or offline) with us, at events, over the phone, via our website, helpdesk and social media platforms.

This privacy notice is to inform you about the data we collect, what we do with your information, measures to keep it secure, and the rights and choices you have over your personal information.

8.1 The right to be informed about our collection and use of personal data

You have the right to be informed about the collection and use of your personal data. We ensure we do this with our internal data protection policies and through our external website notice. These are regularly reviewed and updated to ensure they are accurate and reflect our data processing activities

8.2 Right to Access Your Personal Information

You have the right to access the personal information that we hold about you. This is sometimes termed a ‘Subject Access Request’. If we agree that we are obliged to provide personal information to you (or someone else authorised to receive it on your behalf), we will provide it to you or them free of charge and in most cases within one month, unless we rely on an extension or exemption available to us under Data Protection Legislation, in which instance we will notify you accordingly.

We would ask for you to provide proof of identity and sufficient information about your interactions with us to help us accurately locate your personal information. If you would like to exercise this right, please contact us via our information below.

8.3. Right to Correct Your Personal Information

If any of your personal information we hold is inaccurate, incomplete or out of date, you may ask us to correct it. If you would like to exercise this right, please contact us via our information below.

8.4 Right to Stop or Limit Our Processing of Your Data

You possess the right: to object to us processing your personal information for particular purposes, to have your information deleted if we are keeping it too long or, to have its processing restricted in certain circumstances.

If you would like to exercise this right, please contact us via our information below.

8.5 Right to Erasure

You possess the right to have personal data erased. This is also known as the ‘right to be forgotten. The right is not absolute and only applies in certain circumstances.

8.6 Right to Portability

The right to portability allows you to receive personal data you have provided to a controller in a structured, commonly used and machine-readable format. It also gives you the right to request that a controller transmits this data directly to another controller.

If you would like to exercise this right, please contact us via our information below.

8.7 Exercise of rights

Requests for data subjects’ rights shall be made in writing utilizing our contact details mentioned below. The request must be accompanied by adequate identification information. The request shall be responded to within a reasonable time and, where possible, no later than one month from receiving the request and the verification of identity. The company may request additional information as necessary to comply with the above requests. If the data subject’s request cannot be accepted, the data subject shall be notified of the refusal in writing.

8.8 For more information about your privacy rights

The Information Commissioner’s Office (ICO) regulates data protection and privacy matters in the UK. They make a lot of information accessible to consumers on their website and they ensure that the registered details of all data controllers, such as ourselves, are available publicly.

You may lodge a complaint to the ICO at any time about the way we use your information. However, we hope that you would consider raising any issue or complaint you have with us first.

Your satisfaction is of extreme importance to us, and we will always do our absolute best to solve any issues you may have.

9 Changes to Our Privacy Notice

We may change this Privacy Notice from time to time (for example, if the law changes). We recommend that you check this notice regularly to keep up-to-date

10 Cookies and technical monitoring

We use cookies to track traffic to the www.ayadata.ai website. Cookies allow our website to remember your settings such as language, font size on your computer or mobile device, or other browser preferences. This means that a user does not need to reset

preferences for every visit. On the contrary, if cookies are not used, websites will treat you as a new visitor every time you load a web page. We also employ Google Analytics (Google Inc.). When accepted, your browser automatically sends certain information to Google, such as the address of a webpage you visit or a keyword that directs you from a Google search engine to the Aya Data site. The legal basis for the processing in this respect is Art. 6 (1) a GDPR.

Aya Data does not receive information about the user’s IP address through Google Analytics, but data in an anonymous form and Aya Data is therefore not able to directly identify the user. Google Analytics generates anonymous reports of information obtained through cookies, such as the number of visitors, the website from which the visitor arrives at the Aya Data website, the duration of the website visit, whether the user has visited the website before and which website pages the user visits.

With website traffic tracking, we develop our website to make it even better and to provide a better visitor experience for our users.

11 Giving your reviews and sharing your thoughts

When using our website, you may be able to share information through social networks like LinkedIn, Facebook, YouTube and Twitter. For example, when you ‘like’, ‘share’ or review our services. When doing this, your personal information may be visible to the providers of those social networks and/or their other users. Please remember it is your responsibility to set appropriate privacy settings on your social network accounts, so you are comfortable with how your information is used and shared on them.

11.1 Ways to disable cookies

When accessing our website for the first time (or after you have deleted the cookies previously saved on your device) you have the option of giving your consent to the use of cookies for analytical purposes and cookies from third parties. However, even if you have already agreed, you can still use the options described below to disable them in case you change your mind later. Any user can disable cookies in their web browser. To facilitate the way of managing cookies, below are links to some pages dedicated to specific browsers.

· Google Chrome

· Opera

· Firefox

· Apple Safari

· Windows Internet Explorer

· Microsoft Edge

However, restricting the use of cookie files from our website may lead to restrictions on some of the functions available on our website and limit a better visitor experience.

12 Contact us

In case of any questions regarding the protection of your personal data, you can contact our data protection team at the following address:

Aya Data Limited (Ghana)

· By post: Plot 87 Spintex Rd, Accra, Ghana

· By phone: +223 (0) 558223029

· By email: info@ayadata.com

Aya Data Limited (UK)

· By post: Labs House 15-19 Bloomsbury Way, Holborn, London, England WC1A 2TH

· By phone: +44 (0) 203 797 1289

· By email: info@ayadata.com

Status and amendment of this privacy notice

The status of this privacy notice is 20.08.2022.

We may change this Privacy Notice from time to time (for example, if the law changes). We recommend that you check this notice regularly to keep up-to-date.

13 Additional information

Policy on children using this Website. Our website is not designed or intended for children under eighteen (18) who do not have their parents’ or legal guardians’ consent. In this respect, we do not intentionally collect information from this category of individuals. Nonetheless, any parent or legal guardian that believes their children have sent us personal data without their consent may send us an email at info@ayadata.com.

Special category of personal data. We shall not collect and/or process any particularly sensitive data or data included in the special category for users’ personal data unless they have specifically provided us with them.

Automated decision-making. We shall not use automated decision-making, which includes profiling unless we have been specifically authorized to do so. In such an instance, we would let you know about the logic used in the decision, and about the meaning and expected implications of said processing for you.

Updating data. It is vital that the personal data we have from you be up-to-date and correct. We, therefore, ask that you inform us of any changes in your personal data as soon as possible. In this way, Aya Data’s information is always up-to-date and accurate.