Privacy policy
Last updated and effective date: 29 March 2023
This Privacy Notice describes how Pactum AI group entities listed below (“Pactum”, “we”, “us” or “our”) process and safeguard personal data of data subjects who visit our website at www.pactum.com, use or engage with our offered products and services (collectively, “Services”) and with whom we otherwise interact.
Please note that this Privacy Notice does not apply to the extent where we collect and process personal data in the role of a data processor on behalf and in accordance with the instructions of our customers, unless expressly provided otherwise in the Privacy Notice. Each customer is responsible for providing the privacy notice governing the relevant processing for the purposes determined by our customers.
Controller of personal data (responsible entity)
The controller and responsible entity for the processing of your personal data is the entity listed below who determines the purposes and means of the processing of your personal data:
| Location | Controller | Contact details |
| United States | Pactum AI, Inc. | Address:
800 West El Camino Real, Suite 180 Mountain View, California, 94040 United States E-mail: [email protected] |
| Estonia (Europe) | Pactum AI OÜ | Address: Rotermanni tn 12, Tallinn city, Harju county, 10111 Estonia
E-mail: [email protected] |
For most data processing purposes, and where we have not expressly determined otherwise below in this Privacy Notice, Pactum AI entities act as joint controllers.
Categories of personal data and sources of collection
We collect and process your personal data in a variety of ways. The following provides the list of the types and sources of personal data that Pactum entity (or entities) may collect and process either as an independent data controller or, where applicable, as joint controllers.
| Category of personal data | Source of collection |
| General personal data and contact details, such as your name, company name, e-mail address and phone number, and work position or title. | We collect this information when you communicate with us. We may also receive this data from our customers or other business partners, such as third party service providers, and to the extent permitted by applicable law, from public databases. |
| Information collected in the course of using and engaging with our website and Services, such as your IP address, used devices, e-mail and other communications, chat and call transcripts, any other usage, navigation, telemetric and log data concerning the use of our website and Services. | We collect this information when you use and engage with our website and Services. We may also receive this data from third party service providers, including cookie vendors. For more information regarding the use and the purposes for which we use the cookies and similar technologies, please read our Cookie Policy. |
| Information you or our business partners provide by communicating with us, such as data required for establishing and maintaining a business or contractual relationship, feedback data collected in customer satisfaction surveys, content of submitted customer inquiry or support request, or any other information that you or our business partners voluntarily provide to us. | We collect this information when you or our business partners communicate with us, including by submitting customer inquiries and support requests, participating in customer satisfaction surveys, etc. |
| Information collected in the course of visiting our office premises, such as time of arrival and departure, hosting employee. | We collect this information when you register your visit to our office premises. |
Purposes and legal bases for processing personal data
We process your personal data for a variety of purposes. The following provides the list of the purposes and legal grounds for processing your personal data we process.
Legitimate interest
| Purpose of Processing | Processed Types of Information |
| Approaching prospective customers for the purpose of establishing contractual relationships by marketing and promoting our Services through mediums such as emails, newsletters, other promotional material, etc. | General personal data and contact details. |
| Maintaining business and contractual relationships, including by managing databases of our business partners, customers and customers’ suppliers, procuring services from vendors, and providing our Services to the customers. The controller of your personal data for this purpose is the entity with whom the customer, vendor or other business partner has concluded a contractual relationship or is in negotiations with in order to enter into a contractual relationship. | General personal data and contact details, information you or our contractual partners provide by communicating with us. |
| Managing and responding to customer inquiries and support requests. | General personal data and contact details, content of submitted customer inquiry or support request. |
| Improving and developing our website and Services. | Information collected in the course of using and engaging with our website and Services, information you or our business partners provide by communicating with us. |
| Maintaining and improving security within our website and Services, including to detect, prevent, or otherwise address fraud or other unlawful activity. | Information collected in the course of using and engaging with our website and Services, information you or our business partners provide by communicating with us. |
| Establish, exercise or defend any potential legal claim. The controller of your personal data is the entity establishing, exercising or defending its legal claim. | All types of personal data collected by us. |
| Management and registration of visitors to our office premises. The controller of your personal data is the entity whose office you are visiting. | Information collected in the course of visiting our office premises. |
Compliance with a legal obligation
| Purpose of Processing | Processed Types of Information |
| Compliance with applicable legal requirements deriving from, e.g. accounting and taxation laws. | Data required for establishing and maintaining a business or contractual relationship. |
Retention of personal data
We process your personal data only for as long as necessary for the fulfillmentfulfilment of the original purposes of personal data processing, which are described above, or as long as required to comply with applicable legal obligations. We determine the appropriate retention period for personal data on the basis of the nature and sensitivity of the personal data being processed, the potential risk of harm from unauthorized use or disclosure of the personal data, whether we can achieve the purposes of the processing through other means, and on the basis of applicable legal requirements.
Once the established retention time period for a particular purpose expires and unless you instruct us otherwise and we agree on the terms on longer storage of your data, we will delete or anonymize the personal data, so it can no longer be associated with you.
Sharing of personal data
In addition to the specific situations discussed elsewhere in this Privacy Notice, we may disclose information in the following situations:
- Affiliates and acquisitions. We may share information within and between Pactum group companies. In addition, if we are involved in a merger or if another company acquires, or anticipates acquiring, our company or part of our company, business, or our assets, we may share information with that company, including at the planning and negotiation stages.
- Other disclosures. We may disclose information in response to lawful requests by state authorities, court orders, or in connection with any legal process, or if permitted or required by applicable law. We may also share your information in order to establish or exercise our rights, to defend against a legal claim, to investigate, prevent, or take action regarding possible illegal activities, suspected fraud, safety of person or property, or a violation of our policies, or to comply with your request for the provision of services by a third party intermediary. For these reasons, your personal data may be disclosed to courts, state authorities, legal advisors, etc.
- Service providers. We may share your information with third party service providers who provide services to us or on our behalf in accordance with our instructions. Among other things, service providers help us to administer our website, assist with technical support, and send communications. In these cases, we will control and remain responsible for the use of your personal data at all times.
- Customers. We may share your information with our customers, when we collect data as data processors on behalf and in accordance with the instructions of our customers.
How we protect personal data
We use adequate technical and organizational security measures to protect your data information. For example, we only grant access to your personal data to authorized employees who have committed themselves to confidentiality or are under a statutory obligation of confidentiality. We make our best efforts to keep your personal data safe and always require the high level of security and confidentiality from our employees.
Please note that no method of transmission over the Internet, or method of electronic storage, is fully secure. While we use reasonable efforts to protect your personal data from loss, destruction, unauthorized access, misuse, or disclosure, we cannot fully guarantee the security of your personal data. In the event that we are required by law to inform you of any unauthorized access to your personal data, we may notify you electronically, in writing, or by telephone, if permitted to do so by law.
Transmission of personal data to other countries
Pactum group includes entities established in the European Union and in the United States. We transmit information between and among our group of companies and we use service providers who may be established outside of the EU/EEA. As a result, your personal data may be processed in a foreign country where privacy laws may be less stringent than the laws in your country. Nonetheless, we take steps to treat personal data using the same privacy principles that apply pursuant to the law of the country in which we first received it. By submitting your personal data to us you acknowledge the transfer, storage and processing of your personal data in a country other than your country of residence including, but not necessarily limited to, the United States. With respect to transfers from the European Economic Area to foreign countries not providing an adequate level of data protection, we base the transfer on appropriate safeguards, such as standard data protection clauses adopted by the European Commission. If you would like to receive more information regarding the transfers of your personal data and the safeguards applied by us, you can contact us at the contact details provided in the beginning of this Privacy Notice.
Information for California Residents
- California information collection and sharing disclosure. California Civil Code 1798.83, 1798.115(c), 1798.130(a)(5)(c), 1798.130(c), and 1798.140 gives California Residents the right to know whether certain categories of personal data are collected, “sold” or transferred for an organization’s “business purpose” (as those terms are defined under California law). The table below indicates the categories of personal data we collect and transfer in a variety of contexts. Please note that because this list is comprehensive it may refer to types of information that we collect and share about people other than yourself. For example, while we transfer credit card or debit card numbers for our business purpose in order to process payments for orders placed with us, we do not collect or transfer credit card or debit card numbers of individuals that submit questions through our website’s “contact us” page. In addition, if you would like more information concerning the categories of personal data (if any) we share with third parties or affiliates for their direct marketing purposes, you may make such requests by contacting us at the address described below. We do not discriminate against California residents who exercise any of their rights described in this privacy policy.
| Categories of personal data collected | Disclosed for a business purpose | Sold |
| Identifiers – such as name, postal address, phone number, unique personal identifier, online identifier, internet protocol (IP) address, device ID, e-mail address, social security number (partial and full), driver’s license number, passport number, or other similar identifiers. | ✓ | ☐ |
| Financial information – such as bank account number, credit or debit card number, or other financial information. | ✓ | ☐ |
| Characteristics of legally protected classifications – such as gender. | ✓ | ☐ |
| Commercial Information – such as information about products and services obtained from us and individuals’ preferences. | ✓ | ☐ |
| Internet/Electronic Activity – such as information about interactions with our website, mobile application, or advertisements. | ✓ | ☐ |
| Geolocation data – such as precise physical location. | ✓ | ☐ |
| Audio, electronic, visual, thermal, olfactory, or similar information – such as photographs. | ✓ | ☐ |
| Professional/employment information – such as occupation and professional references. | ✓ | ☐ |
| Inferences drawn from any of the above information. | ✓ | ☐ |
Your rights
Subject to the restrictions and conditions set out in applicable law, you may exercise the following rights as a data subject:
- Access to your personal data. You may request access to your personal data at any time.
- Rectification to your personal data. You may request that we update, correct or rectify any inaccurate or incomplete personal data.
- Deletion of your personal data. You may request that we delete your personal data, by contacting us at the contact details provided in the beginning of this Privacy Notice. However, please note that certain information is strictly necessary in order to fulfil the purposes defined in this Privacy Notice and may also be required by law. Therefore, such personal data may not be deleted.
- Revocation of consent and right to object. You may revoke consent to our processing (where our processing is based upon consent), or object to our processing (where our processing is not based upon your consent). In some cases we may limit or deny your request if we are required or permitted by law to do so. Please note that revocation of consent does not affect the lawfulness of the processing of personal data carried out on the basis of consent before revocation.
- Data portability. You may request a copy of the personal data that you have provided to us. In some cases we may limit or deny your request if we are required or permitted by law to do so, e.g. if it is necessary for the purpose of our legitimate interest to protect our trade secrets or any other confidential information.
You may exercise these rights by contacting us at the contact details provided in the beginning of this Privacy Notice. We will respond to your requests and to provide you with additional privacy-related information within the timeframes specified in applicable law. Please note that we may ask you for additional information to adequately verify your identity before actioning your request to exercise your rights as a data subject.
If you are not satisfied with our response or have a concern that your privacy rights have been infringed, and you are in the European Union, you have the right to lodge a complaint with your local supervisory authority. List and contact details of European supervisory authorities can be found here.
Changes to this Privacy Notice
We may change our Privacy Notice and practices over time in order to adapt it to any updates that might arise. In case of making any substantial update, we will notify you via the email that you have communicated us. You can see when this Privacy Notice was last updated by checking the date indicated in the beginning of the Privacy Notice.
