Privacy Policy
PACTUM PRIVACY NOTICE
Last updated and effective date: 30 June 2025This Privacy Notice (“Privacy Notice“) together with our Cookie Policy describe how Pactum AI Inc. Group (“Pactum“, “we“, “us” or “our“) processes the personal data of data subjects who visit our website at www.pactum.com and social media pages (e.g. LinkedIn), use or engage with our offered products and services (collectively, “Services”) and with whom we otherwise interact.
Please note that this Privacy Notice does not apply where Pactum processes personal data as a data processor on behalf of our clients. In such cases, we act strictly in accordance with the client’s instructions and the terms of our contractual agreement. The client, as the data controller, is solely responsible for determining the purposes and means of the processing of such personal data, and for providing the appropriate privacy notice to affected individuals.
Unless explicitly stated otherwise in this Privacy Notice, any processing we carry out in our capacity as a processor is outside the scope of this notice.
1. CONTROLLER OF YOUR PERSONAL DATA
The controller of your personal data is Pactum AI Inc. In certain cases, particularly for IT and security-related purposes, Pactum AI Inc. may also act as a joint controller together with other affiliated entities. Pactum AI Inc. remains the primary point of contact for individuals seeking to exercise their rights under applicable privacy laws, and we will coordinate with other joint controllers as necessary to respond to such requests.
Pactum AI Inc.
Registry code: 7515312
Address: 800 West El Camino Real, Suite 180, Mountain View, California, 94040, USA
E-mail: [email protected]
2. PERSONAL DATA WE PROCESS
Pactum processes the personal data described in this Privacy Notice primarily in connection with the roles of the data subjects as representatives, employees, or authorized contacts of our business partners, clients, suppliers, and other third parties involved in our B2B operations.
We do not intend to collect or process personal data of minors or individuals who are not engaged in a professional or business capacity with Pactum. Where we become aware that personal data of minors has been inadvertently collected, we will take reasonable steps to delete or anonymize such data without undue delay.
In the context of our business activities, we may process personal data relating to the following categories of individuals:
- Representatives and contact persons of clients, including prospective, current, and former clients
- Representatives and contact persons of vendors, service providers, and subcontractors
- Authorized signatories and decision-makers of business partners
- Individuals participating in meetings, communications, or collaborative projects involving Pactum
- Visitors to our office premises
- Users of our website and digital platforms
- Individuals submitting support requests, contact forms, or other inquiries
- Individuals whose professional information is used in marketing or promotional communications (e.g. case studies, testimonials)
The following table provides an overview of the categories of personal data processed by Pactum, including descriptions and examples of each category, as well as typical sources from which this data is collected.
| Category of Personal Data | Description / Examples | Source(s) of Data Collection |
| Identification and Contact Data | Name, address, phone number, email address, job title, company name | Provided directly by clients, prospective clients, suppliers, partners, website visitors, and physical visitors |
| Contractual and Transaction Data | Contract details, service agreements, invoices, payment and billing information, tax details | Provided by clients and suppliers during contractual negotiations and ongoing business relationships |
| Technical and Usage Data | IP address, device information, browser type, cookies, log files, website navigation data | Automatically collected through our websites, apps, and services; also via third-party analytics tools |
| Communications Data | Emails, chat messages, call recordings and transcripts, meeting notes, correspondence history | Collected from interactions with clients, partners, and users of our services, including recordings from meetings or calls |
| Access and Security Data | Visitor identification records, access logs for physical premises, authentication credentials | Collected during visits to our offices or when accessing our digital systems |
| Feedback and Survey Data | Responses to client satisfaction surveys, feedback forms, service evaluations | Provided voluntarily by clients, suppliers, and partners |
| Reporting Data | Whistleblowing reports, investigation notes, identity of reporter (if disclosed) | Submitted voluntarily via reporting channels, may include anonymous reports |
| Visual and Audio Data | Photographs, video recordings, audio recordings made during events, meetings, or other corporate communications | Directly collected at company events, meetings, or from submitted materials |
3. PURPOSES AND LEGAL BASES FOR PROCESSING PERSONAL DATA
We process your personal data only when there is a valid legal basis to do so. Below is a summary of the purposes for which we process personal data, along with descriptions, examples of the data used, and the corresponding legal grounds for processing:
| Purpose | Description | Examples of Personal Data Used | Legal Ground(s) for Processing |
| Marketing and Client Acquisition | Approaching prospective clients, responding to inquiries, promoting products and services. | Identification & contact data, communication data, usage data | Consent or legitimate business interest |
| Contract Conclusion and Management | Establishing, managing, and terminating contractual relationships with clients and suppliers. | Identification & contact data, contractual data, communication data | Legal obligation or legitimate business interest |
| Service Delivery and Support | Providing, operating, and developing Pactum’s products and services; customer support and meetings. | Identification & contact data, communication data, usage data | Legitimate business interest, which is supplemented with customer’s instructions |
| Project and Task Management | Managing client-related tasks, projects, and collaborations (internal and external). | Identification & contact data, communication data | Legitimate business interest, which is supplemented with customer’s instructions |
| Billing, Accounting, and Tax | Invoicing, payment processing, accounting, and tax reporting related to client and supplier contracts. | Identification & contact data, financial data | Legal obligation or legitimate business interest |
| Business Relationship Management | Managing ongoing client and supplier relationships, including satisfaction surveys and feedback. | Identification & contact data, communication data | Consent or legitimate business interest |
| Compliance and Legal Obligations | Handling litigation, auditing, reporting (e.g. whistleblowing), and regulatory compliance. | Identification & contact data, communication data, contractual data | Legal obligation or legitimate business interest |
| Security and Access Management | Managing physical and IT access to company premises, systems, and services; abuse and fraud prevention. | Identification & contact data, usage data | Legal obligation or legitimate business interest |
| Analytics and Improvement | Analyzing usage and communication data to improve services and business operations. | Usage data, communication data | Legitimate business interest |
| Improving and developing our website and services | We analyze how users interact with our website and services to improve functionality, user experience, and the quality of services provided. | Usage and technical data, Communication data | Consent |
| Management and registration of visitors to office premises | We manage and document visits to Pactum’s office locations to ensure site security and comply with internal access protocols. | Identification and contact data, Visit-related data | Legitimate business interest |
| Recording meetings and generating meeting notes | We may record video or voice calls and use automated tools to transcribe, summarize, or analyze discussions for internal documentation or follow-up purposes. Participants are informed in advance. | Identification and contact data, Communication data, Audio-visual data | Consent or legitimate business interest |
| Monitoring email engagement | We track interaction with sent emails (e.g. whether an email was opened or links were clicked) to measure communication effectiveness, especially in B2B engagement and client success efforts. | Communication data, Technical/usage data | Legitimate business interest |
| Establishing, exercising or defending legal claims | We may process personal data to protect our rights, respond to claims, or pursue remedies, including in relation to disputes, investigations, or proceedings. | Any personal data categories relevant to the legal matter, including identification and contact data, communication data, contractual data, and other relevant records. | Legal obligation or legitimate business interest |
| Corporate communications and marketing | Use of photographs and video recordings for internal communications, corporate culture promotion, and external marketing materials (e.g., website, social media). Consent will be obtained for any external use. | Visual and Audio Data (photos, videos, audio recordings) | Legitimate business interest or consent |
Reliance on Legitimate Interest. Where Pactum processes your personal data based on legitimate interest, we ensure that such processing is necessary and proportionate to achieve our business purposes without overriding your fundamental rights and freedoms. We conduct a thorough assessment to balance our interests with your privacy rights, taking appropriate safeguards to protect your data.
Reliance on Consent. When Pactum processes your personal data based on your consent, this means you have freely given clear and informed permission for a specific purpose. We ensure that you receive detailed information about the purpose of processing, the types of data involved, and your rights before you provide your consent. Consent is sought only where it is required by law or where no other legal basis for processing applies.
Cookies and Similar Technologies. We may use cookies and similar tracking technologies (such as pixels or web beacons) on our website and online services to collect and process technical and usage data. These technologies help us enhance user experience, analyze performance, provide relevant content, and support our marketing efforts.
For more detailed information about the types of cookies and similar technologies we use, the purposes for which we use them, and how you can manage your preferences, please refer to our Cookie Policy.
Automated decision-making. We do not rely on automated decision-making with legal or similarly significant effects without human review.
4. RECIPIENTS OF YOUR PERSONAL DATA
- Internal Disclosures
We may share your personal data within the Pactum group of companies for purposes related to managing business relationships, IT systems, finance, and shared administrative services. All internal recipients are required to maintain strict confidentiality and data security.
- Event Photos and Videos
From time to time, Pactum may capture photos or videos during business events, trainings, or seminars that involve clients, partners, or suppliers. These materials may be used internally to reflect company culture or shared with external audiences such as on our website or social media channels. We will seek your consent before using identifiable images or videos for any external purpose. You may refuse consent without any negative consequences, and you may also request not to be recorded.
- Disclosures to Third Parties
Your personal data may be shared with third parties in the following contexts:
Legal and Regulatory Authorities: When required or permitted by law, such as for compliance with tax, safety, or other applicable regulations.
Service Providers: We engage trusted third-party providers (e.g., IT service vendors, legal advisors, payment processors) who process data on our behalf under strict confidentiality and contractual safeguards.
Corporate Transactions: In the event of mergers, acquisitions, or restructuring, your data may be transferred to relevant parties with appropriate protections.
Protection and Compliance: To protect Pactum’s rights or safety, investigate fraud or misconduct, or respond to lawful requests from authorities.
- CCPA Notice (if applicable):
Pactum is generally not subject to the California Consumer Privacy Act of 2018, as amended by the California Privacy Rights Act of 2020 (collectively, “CCPA”) due to the nature of our business and the personal data we process. We confirm that we do not sell personal data or share it for cross-context behavioral advertising purposes as defined under the CCPA and similar laws. Should our practices change in the future, we will update this Privacy Notice accordingly and seek any required consents.
5. INTERNATIONAL TRANSFERS OF PERSONAL DATA
Pactum operates internationally with entities in the European Union and the United States. We may transfer your personal data between our group companies and to trusted service providers located outside the EU/EEA. These countries may have different data protection laws than your country of residence, which might be less comprehensive.
We are committed to protecting your personal data in line with the privacy principles applicable in the country where we first collected it. By providing your personal data to us, you acknowledge and are informed that your personal data may be transferred, stored, and processed in a country other than your country of residence, including, but not limited to, the United States.
In particular, your data may be processed within the following countries:
- United States
- Canada
- United Kingdom
- Switzerland
Pactum ensures that any such international data transfers are carried out in compliance with applicable data protection laws. These transfers are based on appropriate safeguards, such as:
- Adequacy decisions issued by the European Commission, or
- Standard Contractual Clauses (SCCs) approved by the European Commission, supplemented where necessary by additional technical, contractual, or organizational measures to ensure an essentially equivalent level of protection.
Where applicable, we also assess the legal framework of the third country to determine whether the transfer poses any additional risks to the rights and freedoms of individuals.
6. RETENTION OF YOUR PERSONAL DATA
We process your personal data only for as long as necessary to fulfill the purposes described in this Privacy Notice or to comply with applicable legal obligations. When determining the appropriate retention period, we consider factors such as the nature and sensitivity of the personal data, the potential risks associated with unauthorized use or disclosure, whether the processing purposes can be achieved by other means, and relevant legal requirements.
Once the retention period for a specific purpose expires, and unless you instruct us otherwise and we agree to longer storage terms, we will securely delete or anonymize your personal data so that it can no longer be linked to you.
7. SECURITY MEASURES
We implement appropriate technical, physical, and organizational security measures designed to protect your personal data against unauthorized access, loss, destruction, misuse, or disclosure. These measures include, but are not limited to, access controls, encryption, secure storage, and regular security assessments.
However, please be aware that despite our best efforts and reasonable safeguards, no system or method of transmission over the internet or electronic storage is completely secure. Therefore, we cannot guarantee absolute security of your personal data. You can learn more about our security measures here: https://pactum.com/security/.
8. DATA SUBJECT’S RIGHTS
Subject to the restrictions and conditions set out in applicable data protection laws, you have the following rights as a data subject:
- To request access to your personal data;
- To request rectification of your personal data;
- To request erasure of your personal data. However, please note that certain information is strictly necessary to fulfil the purposes defined in this Privacy Notice and may also be required by law. Thus, we may not erase all of your personal data;
- To request restriction of the processing of your personal data;
- To object to the processing of your personal data, where the legal basis for processing is the legitimate interest;
- To request transmission of your personal data to another controller (right to data portability), where the legal basis for processing is your consent or an agreement entered into between us, and where technically feasible;
- To withdraw your consent regarding processing of personal data where the processing is based on your consent. Withdrawal of consent does not affect the lawfulness of the processing carried out on the basis of consent before withdrawal.
If you believe there is a problem with how we handle your personal data, you have the right to lodge a complaint with a relevant data protection authority in your country of residence or seek judicial remedy. For individuals located within the European Economic Area (EEA), this includes the competent supervisory authority in your member state, which you can find listed on the European Data Protection Board’s website here.
If you have any questions, concerns, or requests regarding this Privacy Notice or how we process your personal data, please contact us using the contact details provided at the beginning of this document. We encourage you to reach out to us first so we can address your concerns promptly, though you have no obligation to do so.
9. UPDATES TO THIS PRIVACY NOTICE
We may update this Privacy Notice from time to time to reflect changes in our data processing practices or legal requirements. Unless required by law, we will not actively notify you of such updates. The most current version of this Privacy Notice will always be available on our website. Please refer to the “Last updated” date at the top of this document to see when it was last revised.