LAST UPDATED: February 2024
Nory.ai and its affiliates (collectively, “Nory,” “we,” or “us”) want you to be familiar with how we collect, use and disclose personal information when you visit our website https://nory.ai/ or enter a contractual agreement with us for one of our Services.
This privacy notice relates the data processing through our website. If you have any questions or would like to make any requests about your personal information such as opting out of marketing, please email [email protected].
If you are already a valued Nory customer, then you are a controller of any information you upload to our platform and Nory acts as your data processor. A separate privacy notice governs our processing where we act as your processor and should be read in conjunction with any terms and conditions as may be applicable to you.
CONTACT US
Website: https://nory.ai/
Email: [email protected]
- HOW NORY USES PERSONAL INFORMATION
| Information that you provide to us: | ||||||||||
| Categories of personal information we collect | Purposes of use (“Processing Purposes” described in more detail below) | Source of Information | Legal basis | |||||||
| Contact information such as name, email and contact number
Analytics and preferences |
Provide you with our Services, and register your account on the platform,
Marketing relevant products and personalising your experience on the platform. |
You
Prospective customers |
Performance of contract
Legitimate interests |
|||||||
| Research and feedback | Provide you with our Services personalise your experience on the platform | You,
Nory Customers Prospective customers Third party vendors |
Legitimate interests | |||||||
| Information that we collect for business-to-business relationships only | ||||||||||
| Categories of personal information we collect | Purposes of use (“Processing Purposes” described in more detail below) | Source of Information | Legal basis | |||||||
| Business contact information | Build and manage business-to-business relationships | You
Third party vendors |
Performance of contract
Legitimate interests Legal obligation |
|||||||
| Transactional information (as permitted by law) | Build and manage business-to-business relationships | You
Third party vendors |
Performance of contract
Legitimate interests |
|||||||
| Due diligence and AML information (as permitted by law) | Compliance and risk management activities for business-to-business relationships | You or your company’s responses to our due diligence questions
Third party vendor risk compliance screening and data validation tools and databases, |
Performance of contract
Legitimate interests Legal obligation |
|||||||
| Information we collect automatically from you and /or your device | ||||||||||
| Categories of personal information we collect | Purposes of use (“Processing Purposes” described in more detail below) | Source of Information | Legal basis | |||||||
| Device information and identifiers | Provide you with our Services
Personalise your experience Send you relevant marketing and advertising Safety and security Build and manage business-to-business relationships |
You
Third party service providers |
Legitimate interests
Legal obligation |
|||||||
| Geolocation
*Please note: this information is considered “sensitive” under certain laws, and we process this information in accordance with applicable legal requirements. |
Provide you with our Services
Personalise your experience Send you relevant marketing and advertising Safety and security Market and advertise for third parties Build and manage business-to-business relationships |
You | Legitimate interests | |||||||
| Information that we collect from third parties: | ||||||||||
| Categories of personal information we collect | Purposes of use (“Processing Purposes” described in more detail below) | Source of Information | Legal Basis | |||||||
| Information from public and commercial sources | Build and manage business-to-business relationships | Advertising providers
Analytics providers Marketers Third party vendors Public records databases |
Legitimate interests | |||||||
| Third Party Partners in Connection with providing our Services
For example: contact information such as authentication information, account legitimacy, search requests, payment provision, SDK analytics, log events and device identifiers such as IP addresses, device IDs or other unique identifiers. |
Provide our Services
Personalise your experience Provide seamless experience across platforms and devices Obtain analytics through SDK providers such as (Google and Facebook) to improve performance Safety and security Send you relevant marketing and advertising |
Advertising providers
Analytics providers Marketers Partners
Third party vendors Public records databases |
Performance of contract
Legitimate interests Legal obligation |
|||||||
| Due diligence information (where required and permitted by law) | To conduct due diligence checks on potential and existing customers, selling partners and suppliers and background and suitability checks on individuals.
Compliance and risk management activities for business-to-business relationships Build and manage business-to-business relationships |
You or your company’s responses to our due diligence questions
Third party risk, compliance screening and data validation tools and databases, |
Legal obligation
Performance of contract Legitimate interests |
|||||||
Sensitive Data
Unless we request it, we ask that you do not provide or disclose any sensitive personal information (e.g., social security numbers, information related to racial or ethnic origin, political opinions, religion or other beliefs, health, biometrics or genetic characteristics, criminal background, or trade union membership). We do not require this for the services.
Anonymisation Of Data
In some circumstances we will anonymise your personal information (so that it can no longer be associated with you) for research or statistical purposes, in which case we may use this information indefinitely without further notice to you. By way of example, anonymisation techniques may include removing direct identifiers from a dataset or replacing point coordinates in geo-referenced data with non-disclosing features or variables, or other recognised techniques appropriate to the data in question.
3) HOW WE SHARE YOUR PERSONAL INFORMATION
We may disclose your personal information to third parties where necessary for the following reasons:
- To third parties where necessary to manage and operate our business, including management of contracts and providing the functionality of our Services.
- To service providers, website hosting service providers, information technology and related infrastructure service providers, analytics providers, email delivery service providers.
- For legal and compliance reasons, including responding to requests and legal demands from regulators or other authorities, pursuing legal rights and remedies and defending claims.
- For fraud prevention and security, including ensuring the security and safety of our premises.
- To comply with applicable law and regulations
- We have a legitimate interest in disclosing or transferring your personal information to a third-party in the event of any reorganisation, merger, sale, joint venture, assignment, transfer, or other disposition of all or any portion of our business, assets, or stock (including in connection with any bankruptcy or similar proceedings). You will be notified of any such business transaction and of possible changes to the processing of your personal information in accordance with applicable law and the ‘Updates to This Privacy Notice’ section.
4) HOW LONG WE KEEP YOUR DATA
Generally, we will retain Creator data for as long as they are active users on the platform. Where users have deactivated their accounts, we will retain data for 12 months before deleting same, unless required to retain it longer for regulatory or compliance reasons.
We will retain your personal information for the period necessary to fulfil the purposes outlined in this Privacy Notice unless a longer retention period is required or permitted by law, for example, for the purposes of satisfying any legal, regulatory, tax, accounting or reporting requirements.
The criteria used to determine our retention periods are set out in our retention policy and will vary depending on such factors as (i) the length of time we have an ongoing relationship with you and provide goods or services to you (for example, for as long as you have an account with us); (ii) whether there is a legal obligation to which we are subject (for example, certain laws require us to keep records of transactions for a certain period of time before we can delete them); or (iii) whether retention is advisable in light of our legal position (such as in regard to enforcement of our contractual terms, applicable statutes of limitations, litigation or regulatory investigations).
Retention Periods Based on Legal Obligations
- Where a legal obligation arises or retention is advisable in light of our legal position, in some circumstances, we will retain certain personal information, even after your account has been deleted and/or we no longer provide goods or services to you. Some examples are described below.
- To cooperate with law enforcement or public, regulatory and government authorities: If we receive a preservation order or search warrant, related to your account, we will preserve personal information subject to such order or warrant after you delete your account.
- To comply with legal provisions on tax and accounting: We may retain your personal information, such as financial and relationship history after you delete your account, as required by local tax law and to comply with bookkeeping requirements.
To pursue or defend a legal action: We may retain relevant personal information in the event of a legal claim or complaint, including regulatory investigations or legal proceedings about a claim related to your personal information, or if we reasonably believe there is a prospect of litigation (whether in respect of our relationship with you or otherwise) for the amount of time appropriate to local limitation periods after the dispute has been settled or decided by a court or tribunal from which there is no further right of appeal.
5) HOW WE KEEP YOUR DATA SECURE
We seek to use reasonable organisational, technical and administrative measures to protect personal information within our organisation, such as encryption and multi factor authentication. Unfortunately, no data transmission or storage system can be guaranteed to be 100% secure. If you have reason to believe that your interaction with us is no longer secure, please immediately notify us in accordance with the “Contacting Us” section below.
6) THIRD-PARTY SERVICES
This Privacy Notice does not address, and we are not responsible for, the privacy, information, or other practices of any third parties, including any third-party operating any website or service to which our products or services link. The inclusion of a link via any of our services does not imply endorsement of the linked site or service by us or by our affiliates.
7) THIRD PARTY LINKS
This website may include links to third-party websites, plug-ins and applications. Clicking on those links or enabling those connections may allow third parties to collect or share data about you. We do not control these third-party websites and are not responsible for their privacy statements. When you leave our website, we encourage you to read the privacy notice of every website you visit.
8) CHILDREN
Our Services are intended for users over the age of 18. We do not knowingly collect personal information from children for the purposes outlined in this Privacy Notice.
9) INTERNATIONAL TRANSFERS
Nory is incorporated in Ireland. Whilst most of our data processing is carried out in the EU, we may transfer your information to service providers, and other third parties located outside of your country of residence. Where we do so, this is necessary to provide our Services and for the purposes outlined in this Privacy Notice. Data privacy laws vary from country to country and may not be equivalent to, or as protective as, the laws in your home country. We take steps to ensure that reasonable safeguards are in place with the aim to ensure an appropriate level of protection for your information, in accordance with applicable law. These measures include data transfer agreements. By providing us with your information, you acknowledge any such transfer, storage or use.
10) YOUR RIGHTS
You may be able to exercise certain privacy rights. The rights available to you depend on our reason for processing your personal information and the requirements of applicable law (i.e., your rights will vary depending on whether you are located in, for example, the European Union, or the United Kingdom. Specifically, you may have the following rights:
- access to your information
- withdrawal of your consent (where consent is relied on for processing purposes)
- ask us to make changes to the information we hold about you to make sure that it is accurate and up to date
- delete or erase your information (sometimes called the right to be forgotten)
- stop or restrict our processing of your information
- object to our processing your information
- not be subject to automated decision-making and
- request the transfer of some of the information we hold about you (known as data portability).
Whilst Nory acts as a data processor for Nory Customer End Users, if you have any questions, concerns, or complaints about the way we process your personal information, please contact [email protected]. Whilst we would like an opportunity to assist you first, you also have a right to lodge a complaint with a regulator / supervisory authority in your country such as the Irish Data Protection Commission or Information Commissioner’s Office if based in the UK.
Exercising Your Rights
To exercise any of your rights as set out above, please contact us by submitting a request to [email protected]. Please note that you will need to verify your identity before we can fulfil your request. Your request must: (i) provide sufficient information that allows us to reasonably verify that you are the person about whom we collected personal information or an authorised representative of that person; and (ii) describe the request with sufficient detail that allows us to properly understand, evaluate, and respond to it. We will only use personal information provided in a verifiable consumer request to verify the requestor’s identity or authority to make the request. We will respond to your verifiable request within any prescribed timelines. In some regions, there may be limitations on how often a request relating to personal information may be submitted.
11) UPDATES TO THIS NOTICE
The “LAST UPDATED” legend at the top of this Privacy Notice indicates when this Privacy Notice was last revised. Any changes will become effective when we post the revised Privacy Notice.