Effective Date: December 14, 2022

Last Updated: March 29, 2024

Yembo, Inc. (“we,” “our,” or “us”) is committed to respecting the privacy of our users. This Privacy Policy (“Policy”) describes how we collect, use, and disclose personal data about visitors to yembo.ai, and users of our mobile application, platform, and our services (together, “Services”). This Policy does not apply when we are collecting personal data on behalf of our business customers.

By using our Services, you acknowledge that your personal data will be handled as described in this Policy. Your use of our Services and any dispute over privacy, is subject to this Policy and various terms and conditions applicable depending on how you interact with us. For example:

If you are an individual seeking moving services or you are applying for insurance or making a claim, your use of our Services is subject to our End User Terms of Use.
If you interact with us on behalf of a moving company providing moving services to others, your use of our Services is subject to our SaaS Agreement for Moving Companies.
If you interact with us on behalf of an insurance provider, underwriter, or a company providing insurance claim services, your use of our Services is subject to the commercial agreement we have entered into with you or your company.
If you are located in the United Kingdom or European Union, please see our Additional Provisions for Individuals Located in the United Kingdom and European Union. If you are located in Canada, please see our Additional Provisions for Individuals Located in Canada.

Personal Data We Collect from You

We collect personal data directly from you, from third party sources, and automatically when you use our Services. To the extent permitted by applicable law, we may combine the information we collect from publicly available or third-party sources.

Personal Information Collected Directly. While the personal information we collect varies depending on how you interact with us, in general we may collect the following personal information directly from you:

Basic Services and Support. We collect personal data necessary to provide or enable the Services, such as your name, contact information, email address, phone number, physical address, employer, job title, details regarding moving services, insurance services, policies and claims, payment information (collected by our payment processors), unique identifiers, such as username and account number, and who referred you to the Services.
Moving Services (Individuals). When you use our Services to inquire about, obtain quotes, book, or manage moving, shipping, or related services, we collect personal data you submit including contact information, originating and terminating addresses, and certain details about your home that you capture when you take videos or still images (e.g., number of bedrooms, items in your home), and any other information that you provide or upload for these purposes.
Moving Services (Business Customers). When you use our Services on behalf of, or under the account of, our business customers (e.g., to manage a move or an insurance claim on behalf of your employer), we may collect your name, work e-mail address, postal address, telephone number, username, customer IDs, who referred you to the Services, details regarding moving services, insurance claims, services and policies, payment information, details of service contracts that you enter into with your customers, and any other information that you or your customers provide or upload for these purposes.

Insurance Services. When you use our Services to obtain or manage insurance products or services, including to obtain policy quotes from our customers or to make or manage claims, we may collect personal data you submit when inquiring about, purchasing, or making a claim, including contact information, physical address, unique identifiers (such as username or account number), claim numbers, certain details about your home that you capture when you take videos or still images (e.g., number of bedrooms, items in your home, damages or risks in your home), and any other information you provide or upload for these purposes .

E-Mail Syncing and Telephony Services. If you use our e-mail syncing and telephony services, either as an individual or a business customer (or under the account of a business customer), we may collect or receive phone numbers, including a provisioned phone number and personal phone number, records and copies of your correspondence, call forwarding preferences, SMS messages, and recordings of calls you choose to record for customer service and quality assurance purposes, preferred e-mail client, authentication information, and e-mail syncing preferences.
Correspondence Using our Services. We may receive copies of e-mails, text messages, and other correspondence you may exchange with our business customers or other users of our Services. We may also receive other customer records that our business customers or other users provide to us, such as terms of contracts governing moving services, or details regarding insurance services, products, claims, or policy estimates.

Customer Service and Support Provided on Behalf of our Customers. We may collect and record personal data from customer service sessions you may engage in, such as phone calls, chat messages, and video chat sessions, for quality assurance purposes and to safeguard ourselves against fraudulent claims for damages.

Inquiries and Communications. We may collect contact information, such as your name, e-mail address, mailing address, phone number, and the contents of any communication to respond to inquiries or communications you send to us.
Surveys and Questionnaires. We may collect the personal data you provide us when you fill out a survey, questionnaire, or other type of form you complete through the Services. We also collect your responses to surveys that we may ask you to complete for research purposes or to help direct our activities.

Personal Data From Third-Party Sources. We may collect personal data about you from third-party sources, such as: business customers, service providers, business partners, public and third-party databases, platform providers, non-affiliated partners, other users of our Services, public sources, third-party advertising partners, or from other third parties.

Personal Data Collected Automatically. We automatically collect personal data about your use of our Services through cookies, web beacons, and other technologies. Such information includes:

Device and browsing information. We use cookies, log files, pixel tags and other tracking technologies to automatically collect information when users access or use our Services, such as IP address, general location information, domain name, page views, a date/time stamp, browser type, device type, device ID, Internet service provider, referring and exiting URLs, operating system, language, clickstream data, and similar device and usage information.
Activities and usage. We also collect activity information related to your use of the Services, such as information about the links clicked, searches, features used, items viewed, time spent within the Services, files uploaded, and products and items you view.
Location information. We may collect or derive location information about you, such as through your IP address. Further, with your permission, we may collect geolocation information from your device. You may turn off location data sharing through your device settings.

Please see the Our Use of Cookies and Other Tracking Mechanisms section below for more information.

How We Use Your Personal Data

Generally, we collect, use, disclose and otherwise process use your personal data for the following purposes:

Services and Support. To provide and operate our Services, communicate with you about your use of our Services, to respond to your inquiries and complaints, and for other customer service purposes.
Administration. To send you information, including quotes, confirmations, technical notices, updates, security alerts, change alerts, and support and administrative messages.
Verification. To compare and verify information for accuracy and to update our records.
Customization and Personalization. To tailor the content and information that we may send or display to you, to offer location customization and personalized help and instructions, and to otherwise personalize your experiences while using the Services.
Analytics and Improvement. To provide, maintain, and improve our Services and better understand how users access and use our Services, both on an aggregated and individualized basis. For example, we may use images of furniture that you have sent us to teach our AI and to improve our Services’ ability to identify different types of furniture.
Enable Customer Communications. To allow our customers to send you communications, news or updates about their products and services.
Surveys and Questionnaires. To administer surveys and questionnaires, such as for market research or user satisfaction purposes.
Legal Obligations. To comply with legal obligations, as part of our general business operations, and for other business administration purposes, such as maintaining customer records, monitoring your compliance with any of your agreements with us, collecting debts owed to us, and safeguarding our business interests.
Security and Protection of Rights. Where we believe necessary to investigate, prevent, or take action regarding illegal activities, suspected fraud, and in situations involving potential threats to the safety of any person or violations of our agreements with you, or this Policy.
General Business And Operational Support. To consider and implement mergers, acquisitions, reorganizations, bankruptcies, and other business transactions such as financings, and related to the administration of our general business, accounting, auditing, compliance, recordkeeping, and legal functions
Other Purposes. To fulfill any other purpose for which you provide the information, or that you otherwise request or consent to.

How We Share Your Personal Data‍

We may share personal data as follows:
‍

Our Business Customers. We may disclose personal data to our business customers, or others under the account a business customer, to provide or enable the Services. For example, if you use our Services to collect data about a home or location (both as an individual and on behalf of, or under the account of, a business customer), we may disclose your personal data to our business customer and others to enable our Services.
Vendors, Service Providers, and Other Processors. We may disclose the personal data we collect to vendors, service providers, or other processors, such as customer management providers and IT services providers, to help us provide our Services, to assist us in analyzing how our Services are used, and to provide other services.
Subsidiaries and Affiliates. We may disclose personal data to our affiliates or subsidiaries as needed to provide or enable the Services.
Business Transfers. If we or our affiliates are or may be acquired by, merged with, or invested in by another company, or if any of our assets are or may be transferred to another company, whether as part of a bankruptcy or insolvency proceeding or otherwise, we may transfer personal data to the other company. As part of the business transfer process, we may share personal data with lenders, auditors, and third-party advisors, including attorneys and consultants.
In Response to Legal Process. We may disclose personal data to comply with the law, a judicial proceeding, court order, or other legal process, such as in response to a court order or a subpoena.
To Protect Us and Others. We may disclose personal data when we believe it is appropriate to do so to investigate, prevent, or take action regarding illegal activities, suspected fraud, situations involving potential threats to the safety of any person, violations of our agreements with you or this Policy, or as evidence in litigation in which we are involved.
Aggregate and De-Identified Personal Data. We may share aggregate or de-identified personal data with third parties for marketing, advertising, research, or other purposes.

For residents of Australia, we may disclose personal data to recipients which are located outside of Australia. Those recipients are likely to be in the United States, Germany, Singapore, and Ireland.

How We Support Our Business Customers

We provide services to business customers who may be considered “businesses” under the California Consumer Privacy Act, as amended by the California Privacy Rights Act (the “CCPA”). Under the CCPA, we may operate as a “service provider.” As such, we process or maintain personal data on behalf of our business customers in compliance with written contracts with our business customers.
In general, when we operate as a service provider, we assist our business customers with their CCPA compliance obligations pursuant to our agreements and their instructions.
Please review our business customers’ privacy policies and terms of use agreements to understand how they are using your personal data.

Our Use of Cookies and Other Tracking Mechanisms

We and our third-party service providers use cookies and other tracking mechanisms to track personal data about your use of our Services. We may combine this personal data with other personal data we collect from you (and our third-party service providers may do so on our behalf).

Cookies. Cookies are alphanumeric identifiers that we transfer to your device through your web browser for record-keeping purposes. Some cookies allow us to make it easier for you to navigate our Services, while others are used to enable a faster log-in process or to allow us to track your activities for quality assurance or troubleshooting purposes while using our Services. There are two types of cookies: session and persistent cookies.

Session Cookies. Session cookies exist only during an online session. They disappear from your device when you close your browser or turn off your device. We use session cookies to allow our systems to uniquely identify you during a session or while you are logged into the Services. This allows us to process your online transactions and requests and verify your identity, after you have logged in and as you move through our Services.
Persistent Cookies. Persistent cookies remain on your device after you have closed your browser or turned off your device. We use persistent cookies to track aggregate and statistical information about user activity.

Disabling Cookies. Most web browsers automatically accept cookies, but if you prefer, you can edit your browser options to block them in the future. The Help portion of the toolbar on most browsers will tell you how to prevent your computer from accepting new cookies, how to have the browser notify you when you receive a new cookie, or how to disable cookies altogether. Visitors to our website who disable cookies will be able to browse certain areas of the website, but some features may not function.

Clear GIFs, Pixel Tags and Other Technologies. Clear GIFs are tiny graphics with a unique identifier, similar in function to cookies. In contrast to cookies, which are stored on your device, clear GIFs are embedded invisibly on web and app pages. We may use clear GIFs (a.k.a. web beacons, web bugs, or pixel tags), in connection with our Services to, among other things, track the activities of website visitors, help us manage content, and compile statistics about website usage. We and our third-party service providers also use clear GIFs in HTML e-mails to our customers, to help us track e-mail response rates, identify when our e-mails are viewed, and track whether our e-mails are forwarded.

Third-Party Analytics. We use automated devices and applications to evaluate usage of our website. We also may use other analytic means to evaluate our website. We use these tools to help us improve the performance of our Sites, Services, and user experiences. These entities may use cookies and other tracking technologies, such as web beacons or local storage objects (LSOs), to perform their services.

Do-Not-Track Signals. Please note that our website does not recognize or respond to any signal which your browser might transmit through the so-called “Do Not Track” feature your browser might have. If you wish to disable cookies on our website, you should not rely on any “Do Not Track” feature your browser might have. For more information about do-not-track signals, please click here.

Session Replay Technology. Session replay technologies, such as LogRocket, may be used to collect personal data regarding visitor behavior on the Services. For more information about LogRocket, please see the LogRocket privacy policy available at https://logrocket.com/privacy/.

Ad Networks. We may use network advertisers to serve advertisements on non-affiliated websites or other media (e.g., social networking platforms). This enables us and these network advertisers to target advertisements to you for products and services in which you might be interested. Ad network providers, advertisers, sponsors and/or traffic measurement services may use cookies, JavaScript, pixels, LSOs, and other tracking technologies to measure the effectiveness of their ads and to personalize advertising content to you. These cookies and other technologies are governed by each entity’s specific policy, not this one. We may provide these advertisers with personal data about you.

Users may opt out of many ad networks. For example, you may go to the Digital Advertising Alliance (“DAA”) Consumer Choice Page (and https://youradchoices.ca/en/tools for Canada residents, and https://www.youronlinechoices.com for UK and EU residents) for information about opting out of interest-based advertising. Please be advised that opting out of ad networks will opt you out from certain companies’ delivery of interest-based content or ads to you, but it does not mean you will no longer receive any advertising through our website or on other websites. You may continue to receive advertisements, for example, based on the website you are viewing (i.e., contextually based ads). Additional information is available on the DAA’s website at www.aboutads.info.

Storage of Your Personal Data and Cross-Border Transfers

We use cloud services provided by third-party service providers who may be outside of your country of origin to store the personal data that we collect. This means that your personal data may be transferred to, or stored in, another country and accessible to foreign courts, law enforcement and national security authorities.
You may ‎contact us (as provided in the Contact Us section below) to obtain information ‎about our policies ‎and ‎practices regarding our transfer of personal data across borders, ‎or to ask questions ‎about ‎the collection, use, disclosure, or storage of personal data by us or ‎our foreign service ‎‎providers. ‎

Third-Party Links

Our Services may contain links to third-party websites. Any access to and use of such linked websites is not governed by this Policy, but instead is governed by the privacy policies of those third-party websites. We are not responsible for the personal data practices of such third-party websites.

Security of Your Personal Data

We have implemented safeguards intended to protect the personal data we collect from loss, misuse, and unauthorized access, disclosure, alteration, and destruction. Please be aware that despite our efforts, no data security measures can guarantee security.

You should take steps to protect against unauthorized access to your password, phone, and computer by, among other things, signing off after using a shared computer, choosing a robust, unique password that nobody else knows or can easily guess, and keeping your log-in and password private. We are not responsible for any lost, stolen, or compromised passwords or for any activity on your account via unauthorized password activity.

Your Choices Regarding Our Use of Your Personal Data

We may send periodic promotional e-mails to you. You may opt-out of promotional e-mails by following the opt-out instructions contained in the e-mail. If you opt out of receiving promotional e-mails, we may still send you e-mails about your account or any services you have requested or received from us.

Notice Concerning Children

We do not knowingly collect, use, or disclose personal data from children, except as required by law or regulation. If we learn that we have collected the personal data of a child, we will take steps to delete the personal data as soon as possible. Please immediately contact us if you become aware that a child has provided us with personal data.

Changes to this Policy

This Policy is current as of the Effective Date posted above. We may change this Policy from time to time, so please be sure to check back periodically. We will post any changes to this Policy on our website.

Contact Us

If you have questions about the privacy aspects of our website or Services or would like to make a complaint, please contact us at: privacy@yembo.ai.

Additional Provisions for Individuals Located in Canada

The following section applies to individuals located in Canada.

Legal Basis for Processing Personal Data
1. Consent
  We will process your Personal Data only with your knowledge and consent, except where exempted, required or permitted by applicable laws. The form of consent may vary depending on the circumstances and the type of information being requested.
  
  Your consent may be express with clear options to say “yes” or “no”, such as by being asked to check a box to indicate your consent, or implied, such as when you provide us with your address through a form or e-mail seeking information and we use those means to respond to your request. Your consent can also be provided by your authorized representative. Taking into account the sensitivity of your Personal Data, purposes of collection, and your reasonable expectations, we will obtain the form of consent that is appropriate to the Personal Data being processed. By using our Services, or otherwise by choosing to provide us with your Personal Data, you acknowledge and consent to the processing of your Personal Data in accordance with this Policy and as may be further identified when the Personal Data is collected. When we process your Personal Data for a new purpose, we will document that new purpose and ask for your consent again.
  
  By using our Service, or otherwise by choosing to provide us with your Personal Data, you acknowledge and consent to the processing of your Personal Data in accordance with this Policy and as may be further identified when the Personal Data is collected.
  
  You may refuse to provide consent or may notify us at any time that you wish to withdraw or change your consent to the processing of your Personal Data without penalty, subject to legal or contractual restrictions and reasonable notice by (i) changing your privacy preferences through the Services, (ii) deleting your account with the Services and stopping use of the Services, (iii) opting out of the use of your Personal Data by contacting us using the information in the Contact Us section of our Policy. However, if you withdraw or change your consent, we may not be able to provide you with the Service.
2. Other Legal Bases
  Aside from consent, we may also process your Personal Data under other legal bases, as permitted by applicable law.
Limits on Collection of Personal Data
We will not collect personal data indiscriminately but will limit collection of personal ‎information to that which is reasonable and necessary. We will also collect personal data as ‎authorized by law.‎
Limits for Using, Disclosing and Retaining Personal Data
Your Personal Data will only be used or disclosed for the purposes set out above and as ‎authorized by law.‎

We will keep Personal Data used to make a decision affecting you for at least one year after ‎using it to make the decision, except to the extent that you delete or remove that information ‎yourself. ‎

We will destroy, erase or make anonymous documents or other records containing personal ‎information as soon as it is reasonable to assume that the original purpose is no longer being served ‎by retention of the information and retention is no longer necessary for a legal or business purpose.‎

We will take due care when destroying Personal Data so as to prevent unauthorized access ‎to the information.‎
Access
Upon written request and authentication of identity, we will provide you ‎‎your Personal Data under our control. We will also give you information about the ways in ‎‎which that information is being used and a description of the individuals and organizations to ‎‎whom that information has been disclosed. We may charge you a reasonable fee for doing so.‎

We will make the information available within a reasonable time and within the timelines established by applicable law.

In some situations, we may not be able to provide access to certain Personal Data (e.g., if ‎‎disclosure would reveal Personal Data about another individual, the Personal Data is ‎‎protected by solicitor/client privilege, the information was collected for the purposes of an ‎‎investigation or where disclosure of the information would reveal confidential commercial ‎‎information that could harm the competitive position of us). We may also be prevented by law ‎‎from providing access to certain Personal Data.‎

Where an access request is refused, we will notify you in writing, document the reasons for refusal ‎‎and outline further steps which are available to you.‎
Accuracy
We will make a reasonable effort to ensure that Personal Data we are using or disclosing is ‎accurate and complete. If you demonstrate the inaccuracy or incompleteness of Personal Data, we will amend the ‎information as required. If appropriate, we will send the amended information to third parties to ‎whom the information has been disclosed.‎ When a challenge regarding the accuracy of Personal Data is not resolved to your ‎satisfaction, we will annotate the Personal Data under our control with a note that the ‎correction was requested but not made.‎
CASL Policy
We are committed to compliance with Canada’s Anti-Spam Legislation (“CASL”). Any electronic communication we send to outside parties is protected by a range of business procedures, processes and policies to ensure that such communication is done in compliance with CASL. In our electronic communications with outside parties, we comply with the rules established by CASL and enforced by various Canadian authorities including the Canadian Radio-television and Telecommunications Commission. CASL regulates, and our policies generally apply to, each commercial electronic message (a “CEM”) that we send. A CEM is an electronic message sent to an electronic address that, among its purposes, encourages participation in a commercial activity.

In addition to adopting and updating this Policy, we undertake various transparency initiatives to ensure we comply with CASL, which include:

Consent— we do not send you CEMs without your consent. This consent typically must be “express” (expressly acknowledged by you), but in certain circumstances can be “implied”. In other limited circumstances businesses are exempt from consent requirements. We adopted our sign-up, registration and consent forms in order to ensure that your consent is meaningful (i.e. informed and freely given) as required by CASL. When we collect your electronic contact information, you will know the exact purposes behind the collection.
Content— we adopted processes to ensure that our CEMs contain the following requirements prescribed under CASL, which will usually be in the footer of the CEM. We will:
- Identify ourselves as the party sending the CEM, and whether we are sending the message on our own behalf or on behalf of someone else;
- Provide you with our contact information; and
- Set out a clear, working unsubscribe mechanism or preference centre that is easy to use, automatic, and at no cost to you (other than your own cost of connecting to the Internet).

Clarity— we ensured that each aspect of a CEM, including its header, content, or any links or URLs in the CEM) conveys the appropriate information, whether viewed individually or taken as a whole, so that you always know what you are clicking on.

If you receive a CEM from us but believe that you should not have or no longer wish to receive CEMs, we will aim to respect your preferences in a timely manner once you update them through our unsubscribe mechanism. CASL requires us to process unsubscribe requests within 10 business days. If you have any questions or concerns about our unsubscribe options, you may contact us at the address indicated in the Contact Us section of our Policy.

Additional Provisions for Individuals Located in the United Kingdom and European Union

This section of the Policy aims to give additional information to individuals located in the United Kingdom (“UK”) and European Union (“EU”) regarding how we process your Personal Data in order to comply with European laws. The detail set out below, and the specific rights listed, apply only to individuals located in the UK and EU.

It is important that you read this section of the Policy together with the main body of the Policy you so that you are fully aware of how and why we are using your Personal Data. This section of the Policy supplements the other information given and is not intended to override any other part of the Policy.

Chief Privacy Officer

Our Chief Privacy Officer (“CPO”) is responsible for overseeing questions in relation to this Policy. If you have any questions about this Policy, including any requests to exercise your legal rights, please contact the CPO at cpo@yembo.ai.

You have the right to make a complaint at any time to the relevant data protection regulator in your jurisdiction. Please see below for further details. We would, however, appreciate the chance to deal with your concerns before you approach the relevant regulator, so please contact us in the first instance.

Purposes for Processing and Lawful Bases

As set out in our Policy, we process your Personal Data for a number of different reasons.

We have set out below, in a table format, a description of all the ways we plan to use your Personal Data, and which of the legal bases we rely on to do so. We have also identified what our legitimate interests are where appropriate.

Note that we may process your Personal Data for more than one lawful basis depending on the specific purpose for which we are using your data. Please contact us if you need details about the specific legal ground we are relying on to process your Personal Data where more than one basis has been set out in the table below.

Purpose/Activity	Lawful basis for processing including basis of legitimate interest
Providing Our Services. To provide our Site and Services to you, to communicate with you about your use of the Site and Services, to respond to your inquiries, and for other customer service purposes	(a) Performance of a contract with you (b) Necessary for our legitimate interests (for running our business, to keep our records updated and to study how customers use our products/services)
Changes to terms. To notify you about changes to our terms or this Policy	Necessary to comply with a legal obligation
Improving Our Site, Services & Security. To improve our Site and Services and for other internal business purposes, including detecting security incidents, debugging to identify and repair errors that impair existing functionality	(a) Necessary for our legitimate interests (for running our business, provision of administration and IT services and network security) (b) Necessary to comply with a legal obligation
Protecting Rights & Interests. Where we believe necessary to investigate, to prevent or take action regarding illegal activities, suspected fraud, situations involving potential threats to the safety of any person or violations of our agreements or this Policy	(a) Necessary for our legitimate interests (for network security, to prevent fraud and in the context of a business reorganisation or group restructuring exercise) (b) Necessary to comply with a legal obligation
Tailoring Content. To tailor the content and information that we may send or display to you and to personalize your experiences while using the Website or our Services	Necessary for our legitimate interests (to study how customers use our products/services, to develop them, to grow our business and to inform our marketing strategy)
Research & Analytics. To better understand how users access and use our Site and Services in order to improve our Site and Services and respond to user preferences, to administer surveys, programs and questionnaires, and for other research and analytical purposes	Necessary for our legitimate interests (to define types of customers for our products and services, to keep our website updated and relevant, to develop our business and to inform our marketing strategy)
Marketing & Communications. For marketing, advertising and promotional purposes, for example, we may use your information, such as your e-mail address, to send you news and newsletters, special offers, events, surveys, and promotions, or to otherwise contact you about services or information we think may interest you. We also use the information that we learn about you to assist us in advertising our Services on third-party websites and social media and to assist us in evaluating the success of our advertising campaigns on various platforms	Necessary for our legitimate interests (to develop our products/services and grow our business)
Legal Compliance. To comply with legal obligations, as part of our general business operations, and for other business or administration purposes	(a) Necessary for our legitimate interests (for running our business, provision of administration and IT services and network security) (b) Necessary to comply with a legal obligation
Consent. For other purposes that you consent to from time to time.	Consent

We will only use your Personal Data for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose. If you wish to get an explanation as to how the processing for the new purpose is compatible with the original purpose, please contact us.

If we need to use your Personal Data for an unrelated purpose, we will notify you and we will explain the legal basis which allows us to do so.

Please note that we may process your Personal Data without your knowledge or consent, in compliance with the above rules, where this is required or permitted by law.

Data Subject Rights

Subject to certain exemptions, and in some cases dependent upon the processing activity we are undertaking, you have certain rights in relation to your Personal Data.

Right to Access Personal Data

You have a right to request that we provide you with a copy of your Personal Data that we hold and you have the right to be informed of: (a) the source of your Personal Data; (b) the purposes, legal basis and methods of processing; (c) the data controller’s identity; and (d) the entities or categories of entities to whom your Personal Data may be transferred.

Right to Rectify or Erase Personal Data

You have a right to request that we rectify inaccurate Personal Data. We may seek to verify the accuracy of the Personal Data before rectifying it.

You can also request that we erase your Personal Data in limited circumstances where:

it is no longer needed for the purposes for which it was collected; or
you have withdrawn your consent (where the data processing was based on consent); or
following a successful right to object (see Right to Object to the Processing of your Personal Data ); or
it has been processed unlawfully; or
to comply with a legal obligation to which we are subject.

We are not required to comply with your request to erase Personal Data if the processing of your Personal Data is necessary:

for compliance with a legal obligation; or
for the establishment, exercise or defence of legal claims

Right to Restrict the Processing of your Personal Data

You can ask us to restrict your Personal Data, but only where:

its accuracy is contested, to allow us to verify its accuracy; or
the processing is unlawful, but you do not want it erased; or
it is no longer needed for the purposes for which it was collected, but we still need it to establish, exercise or defend legal claims; or
you have exercised the right to object, and verification of overriding grounds is pending.

We can continue to use your Personal Data following a request for restriction, where:

we have your consent; or
to establish, exercise or defend legal claims; or
to protect the rights of another natural or legal person.

Right to Transfer Your Personal Data

You can ask us to provide your Personal Data to you in a structured, commonly used, machine-readable format, or you can ask to have it transferred directly to another data controller, but in each case only where:

the processing is based on your consent or on the performance of a contract with you; and
the processing is carried out by automated means.

Right to Object to the Processing of your Personal Data

You can object to any processing of your Personal Data which has our legitimate interests as its legal basis, if you believe your fundamental rights and freedoms outweigh our legitimate interests.

If you raise an objection, we have an opportunity to demonstrate that we have compelling legitimate interests which override your rights and freedoms.

Right to Object to How we use your Personal Data for Direct Marketing Purposes

You can request that we change the manner in which we contact you for marketing purposes.
You can request that we not transfer your Personal Data to unaffiliated third parties for the purposes of direct marketing or any other purposes.

Right to Obtain a Copy of Personal Data Safeguards used for Transfers Outside Your Jurisdiction

You can ask to obtain a copy of, or reference to, the safeguards under which your Personal Data is transferred outside of the UK or the European Union.

We may redact data transfer agreements to protect commercial terms.

Right to Lodge a Complaint with your Local Supervisory Authority

You have a right to lodge a complaint with your local supervisory authority if you have concerns about how we are processing your Personal Data.

We ask that you please attempt to resolve any issues with us first, although you have a right to contact your supervisory authority at any time.

International Data Transfers

Your Personal Data may be processed outside your jurisdiction, and in countries that are not subject to an adequacy decision by the European Commission or your local legislature or regulator, and that may not provide for the same level of data protection as your jurisdiction, such as the European Economic Area. We ensure that the recipient of your Personal Data offers an adequate level of protection and security, for instance by entering into the appropriate back-to-back agreements and, if required, standard contractual clauses for the transfer of data as approved by the European Commission.

Additional Information and Contact Details

We may ask you for additional information to confirm your identity and for security purposes, before disclosing the Personal Data requested to you. We reserve the right to charge a fee where permitted by law, for instance if your request is manifestly unfounded or excessive.

You can exercise your rights by contacting us using the details listed under the Contact Us section of our Policy, or by contacting our Chief Privacy Office at: cpo@yembo.ai. Subject to legal and other permissible considerations, we will make every reasonable effort to honor your request promptly or inform you if we require further information in order to fulfill your request.

We try to respond to all legitimate requests within a reasonable time and within the timelines established by applicable law. Occasionally it could take us longer than a month if your request is particularly complex or you have made a number of requests. In this case, we will notify you and keep you updated.

We may not always be able to fully address your request, for example if it would impact the duty of confidentiality we owe to others, or if we are legally entitled to deal with the request in a different way.