Privacy Policy

1. Introduction

NewCo Ltd. ("we," "our," or "us"), Company No: NEW123, registered at New Address 1, is committed to protecting your privacy and personal data in accordance with the General Data Protection Regulation (GDPR) and applicable data protection laws.

This Privacy Policy explains how we collect, use, store, and protect your personal data when you use the Axiom platform and services.

We are the data controller for the personal data we process. Our Data Protection Officer can be contacted at dpo@axiom-ai.dev.

2. Personal Data We Collect

2.1 Information You Provide

• Account information: name, email address, password (encrypted)
• Payment information: billing address, payment card details (processed by our payment provider)
• Profile information: professional background, preferences
• Communications: messages sent through our platform, support inquiries
• Service requests: project descriptions, requirements

2.2 Information Automatically Collected

• Technical data: IP address, browser type and version, device information
• Usage data: pages visited, time spent, interaction patterns
• Cookies and tracking technologies (see our Cookie Policy)

2.3 Information from Third Parties

We may receive data from payment processors, analytics providers, and security services necessary to operate our platform.

3. Lawful Basis and Purposes for Processing

We process your personal data only when we have a lawful basis:

3.1 Contractual Necessity

To provide our services, process transactions, and fulfill our contractual obligations to you.

3.2 Legitimate Interests

• Platform improvement and optimization
• Fraud prevention and security
• Customer support and relationship management
• Analytics and business intelligence

3.3 Legal Obligations

To comply with legal requirements including tax, accounting, and anti-money laundering obligations.

3.4 Consent

For marketing communications and non-essential cookies. You may withdraw consent at any time.

4. Data Sharing and Disclosure

We do not sell your personal data. We share data only as follows:

4.1 Service Providers

We engage trusted third-party processors for:

• Payment processing (PCI-DSS compliant)
• Cloud hosting and infrastructure
• Email communications
• Analytics services

All processors are bound by data processing agreements ensuring GDPR compliance.

4.2 Specialists

When you engage a specialist, relevant project information is shared to facilitate service delivery.

4.3 Legal Requirements

We may disclose data when required by law, to protect our rights, or in response to valid legal requests from authorities.

5. International Data Transfers

Your data is primarily stored within the European Economic Area (EEA). Where we transfer data outside the EEA, we ensure appropriate safeguards are in place:

• Standard Contractual Clauses approved by the European Commission
• Adequacy decisions by the European Commission
• Other legally recognized transfer mechanisms

6. Data Retention

We retain personal data only as long as necessary:

• Account data: While your account is active and up to 7 years after closure for legal obligations
• Transaction records: 7 years for tax and accounting purposes
• Marketing data: Until you withdraw consent or 2 years of inactivity
• Technical logs: 90 days

7. Data Security

We implement appropriate technical and organizational measures to protect your data:

• Encryption in transit (TLS) and at rest
• Access controls and authentication
• Regular security assessments and audits
• Employee training on data protection
• Incident response procedures

In the event of a data breach affecting your rights, we will notify you and the relevant supervisory authority within 72 hours as required by GDPR.

8. Your Rights Under GDPR

You have the following rights regarding your personal data:

8.1 Right of Access

Request a copy of your personal data we hold.

8.2 Right to Rectification

Correct inaccurate or incomplete personal data.

8.3 Right to Erasure

Request deletion of your personal data (subject to legal retention requirements).

8.4 Right to Restriction

Request restriction of processing in certain circumstances.

8.5 Right to Data Portability

Receive your data in a structured, commonly used format and transmit it to another controller.

8.6 Right to Object

Object to processing based on legitimate interests or for direct marketing.

8.7 Right to Withdraw Consent

Withdraw consent for processing based on consent (does not affect prior lawful processing).

To exercise these rights, contact us at privacy@axiom-ai.dev. We will respond within one month. You also have the right to lodge a complaint with your local data protection supervisory authority.

9. Cookies and Tracking

We use cookies and similar technologies. For detailed information, see our Cookie Policy. You can manage cookie preferences through your browser settings or our cookie consent tool.

10. Marketing Communications

We send marketing communications only with your consent. You may unsubscribe at any time using the link in our emails or by contacting privacy@axiom-ai.dev. We will process your opt-out within 48 hours.

11. Children's Privacy

Our services are not intended for individuals under 16 years of age. We do not knowingly collect personal data from children. If you believe we have collected data from a child, please contact us immediately at privacy@axiom-ai.dev.

12. Automated Decision-Making

We may use automated systems to match clients with specialists. You have the right to request human review of automated decisions that significantly affect you.

13. Changes to This Policy

We may update this Privacy Policy from time to time. Material changes will be notified to you by email or prominent notice on our platform at least 30 days in advance. The "Last updated" date will be revised accordingly.