Legal

Privacy Notice

1 Introduction

1.1 Welcome to the Circit privacy notice. We hope it provides you with the information you are looking for, but if you need anything else, please reach out to us.

1.2. This privacy notice provides key information about the types of personal data processed by Circit, how we obtain it, and what we do with it.

1.3. Circit treats privacy and the security of personal data with the utmost importance.
We develop our products with privacy and data protection always in mind.

2. Who we are

2.1  Circit Limited and its group companies are represented by Circit Limited, a company registered in Ireland with company registration number 564144 and registered office at The BusinessCentre, Mayor Street, IFSC, Dublin 1, Ireland (“we”, “our”, “us”).

2.2  We can be contacted at privacy@circit.io.

3. Whose data we process

3.1 Circit processes personal data of the following people:

  • visitors to our website;
  • prospective customers and past customers, and their personnel;
  • customers, or personnel of our customers;
  • end-users of the Circit platform (including trials or pilots);
  • vendors or employees of vendors that provide services to us including prospective or past vendors;
  • individuals who apply to Circit to fill a vacant role;
  • individuals whose personal data has been collected by us e.g. for marketing purposes; and
  • Current, past and prospective investors in our company.

4. When Circit collects personal data

4.1 To the extent permitted under applicable law, we may collect personal data about you and any other individual either directly or indirectly, if that data is provided to us by another party in the following circumstances:

You interact with us directly: This can be  through our websites, contact forms surveys, or contact us by phone, email, chatbots, fax or post.

You use our websites and the Circit platform: We may collect your personal data using cookies or similar technologies (as described in ourCookie Notice).

You or your  organisation provide(s) services to us: In this context, we may collect basic personal data about you (mainly professional contact details).

Third parties  provide us with personal data about you: This can happen where: Someone who uses the Circit platform, or has interacted with us in another way, has given your personal data to us;· You are an employee of a customer of ours, and your employer  provides us with your contact details or  other personal data in connection with your use of the Circit platform;· You have a social media account, and social media service provides us with access to certain personal data for marketing purposes e.g.LinkedIn;

You attend a Circit event: Where you attend seminars, learning, training or other events organised by Circit virtually or in person, or where you attend our premises for an event.

5. Personal data Circit collects

5.1 Where Circit collects any personal data, it will be processed and stored securely, for no longer than is necessary. We will comply with our obligations and safeguard your rights under the relevant data protection legislation.

5.2 We collect the following categories of personal data:

5.2.1.Contact Information:

name, business address, email address (business or personal), phone number (business or personal).

5.2.2. Billing and payment information:

the individual or business making or receiving the payment, authorised user details, business bank account information.

5.2.3.www.circit.io online usage, metadata and web information: information on the services you viewed and searched for, response times, errors, duration of access; visit and page interaction (such as scrolling clicks and hovering the mouse over content), username, IP address, browsing time and history, passwords and logging data, device type, time zone, browser plug-in types and versions, social media profile photo or profile information, web log information, device identification number, device type, location information, connection information, operating system and platform.

5.2.4. Communication preferences: marketing preferences, areas of interest, preferred contact method and details, correspondence relating to marketing, consent records, business information, such as name and number of employees.

5.2.5. Organisation details: place of work, job title and organisation contact information.

5.2.6. Physical access data: details of your visit to our office, CCTV recordings and event registration data.

5.2.7. Correspondence: where you contact us for any reason (for example, requests for support, where you have a question, or where you exercise your data protection rights), we will collect personal data contained via correspondence.

5.2.8. Data processed using the Circit platform: this is described in detail in theData Processing Agreement for the relevant type of customer.

5.2.9 Circit does not collect special category data, as defined under the GDPR.

6. Why Circit processes personal data

Table showing purposes or activities of data processing alongside their legal bases, including website communication, access approval, email contact, surveys, customer response, job applications, site functionality, billing, website content analysis, and service provision, all supported by legitimate business interests or consent.

7. If you choose not to provide your personal data

7.1 Should you choose not to provide your personal data to Circit, we may not be able to provide our services to you.

8. If you provide Circit with someone else’s personal data

8.1. Should you for any reason, disclose to us the personal information of another person, you must ensure that you have a lawful basis for both the disclosure and the processing of that personal information in accordance with this notice.

9. Data retention

9.1 Personal information that we process for any purpose or purposes shall not be kept for longer than is necessary for that purpose or those purposes.

9.2 Notwithstanding the other provisions of this section, we will retain documents (including electronic documents) containing personal data:

9.2.1 to the extent that we are required to do so by law;

9.2.2 if we believe that the documents may be relevant to any ongoing or prospective legal proceedings.

10. How Circit keeps personal data secure

10.1 We will take reasonable technical and organisational precautions to prevent the loss, misuse or alteration of your personal information.

10.2 Customer trust is a core value of Circit’s. Circit’s platform is certified to ISO 27001:2022 - InformationSecurity Management Systems. We also hold a SOC 2 Type 2 report which documents additional security controls. Circit is audited twice a year by ISO and SOC auditors.

11. Data sharing

11.1 Circit does not disclose personal data to third parties other than its contracted processors or sub-processors. Our processors which may process your data on our behalf are:

Provider Purpose:

Microsoft 365 Email provider

Intercom Support Platform

Hubspot Sales and marketing

Xero Accounting software

12. Cookies

12.1 Our cookie notice can be viewed atwww.circit.io/legal/cookies-policy

13. Controllers and processors

13.1 This privacy notice describes our processing of your personal data in our capacity as a “data controller”.

13.2 Where we process personal data on behalf of our customers, we are a data processor. Where we are a data processor of your personal data, we use it in accordance with the data controller’s instructions to us. Those instructions include the terms and conditions applicable to the Circit product you or your employer are using, and our DataProcessing Agreement, which is included in those terms.

13.3 If we are a data processor of your personal data, then you should also read the relevant data controller’s privacy notice.

14. Your data protection rights

14.1 You have the following data protection rights:

14.1.1 The right to be informed about the processing of your personal data;

14.1.2 The right to obtain access to your personal data;

14.1.3 The right to have your personal data rectified or erased, or to place restrictions on processing your personal data;

the right to object to the processing of your personal data e.g., for direct marketing purposes or where the processing is based on our legitimate interests;

  • the right to have any personal data you provided to us electronically returned to you in a structured, commonly used and machine-readable format, or sent    directly to another company;
  • where the processing of your personal data is based on your consent, the right to withdraw that consent subject to legal or contractual restrictions;
  • the right to object to any decisions based solely on the automated processing of your personal data, including profiling; and
  • the right to lodge a complaint with the data protection supervisory authority     responsible for data protection matters in your location. For the UK, this is theInformation Commissioner’s Office (ICO). For Ireland, this is theDataProtection Commissioner (DPC).

14.1.4 Please note that in some circumstances the exercise of the above rights may be limited by legal restrictions and exemptions. If relevant, we will explain this when responding to a request to exercise data protection rights.

14.1.5 If you think we hold any personal data about you which is incorrect or if there are any changes to your personal data, please let us know so that we can keep our records accurate and up to date.

14.1.6 If you wish to exercise your data protection rights as an individual, please email privacy@circit.io.

14.1.7 If you do not want us to use your personal data for purposes set out in our privacy notice, we may not be able to provide you with access to all or parts of our website or products.

15. International data transfers

15.1 The Circit platform is hosted entirely within the EU by default. Customers outside of the EU can choose to have their data stored in their own region. In order to provide global support, Circit has full-time employees based outside of the EU. Depending on the time of day, we may offer or assign support from Circit personnel based outside of the EU. Circit will take appropriate measures to ensure that your personal data is granted the same level of protection as if it were processed in the EU/EEA or UK. Such measures include both technical and operational safeguards, use of standard contractual clauses for transfer of personal data outside of the EU/EEA and UK, and Data Transfer Impact Assessments where appropriate.

16. Updates

16.1 We may update this privacy notice from time to time and will publish revised versions on our website at https://www.circit.io/legal/privacy-notice