Last Updated: 31st July 2024
Effective Date: 31st July 2024
1. Introduction
Welcome to CxO Sight (“Company“, “we“, “our“, “us“). We are committed to protecting and respecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your personal information when you visit our website www.cxosight.com (“Website“) and use our services, including our AI platform and human fractional services (collectively, “Services“).
By accessing or using our Services, you acknowledge that you have read, understood, and agree to be bound by this Privacy Policy. If you do not agree with the terms of this Privacy Policy, please do not access the Website or use our Services.
2. Definitions
- “Personal Data”: Any information that relates to an identified or identifiable individual.
- “Processing”: Any operation or set of operations performed on Personal Data, whether or not by automated means.
- “Controller”: The entity that determines the purposes and means of processing Personal Data.
- “Processor”: The entity that processes Personal Data on behalf of the Controller.
- “Third-Party Services”: External services and platforms that assist us in providing our Services, including but not limited to OpenAI, Anthropic, Serper, and Google Gemini.
3. Information We Collect
3.1. Personal Data
We may collect and process the following Personal Data about you:
- Contact Information: Name, email address, telephone number, postal address.
- Professional Information: Job title, company name, industry.
- Account Information: Username, password, and other information necessary to set up and maintain your account.
- Payment Information: Billing address, credit/debit card details, and transaction history.
- Communication Records: Records of correspondence and communications with us, including support requests and feedback.
3.2. Usage Data
We may automatically collect information about how you access and use our Services (“Usage Data“), including:
- Technical Information: IP address, browser type and version, time zone setting, operating system, and platform.
- Usage Information: Pages visited, links clicked, features used, time and date of access, and other interaction data.
- Device Information: Information about the device you use to access our Services, including hardware model and unique device identifiers.
3.3. Cookies and Similar Technologies
We use cookies and similar tracking technologies to monitor and analyse usage, improve functionality, and personalise your experience. For detailed information on the cookies we use and the purposes for which we use them, please refer to Section 9 of this Privacy Policy.
3.4. Information from Third-Party Services
When you use our AI platform, certain data may be processed by Third-Party Services such as OpenAI, Anthropic, Serper, and Google Gemini. These services may collect and process data in accordance with their own privacy policies. We recommend reviewing their privacy policies to understand how they handle your data.
4. How We Use Your Information
We use your information for the following purposes:
4.1. To Provide and Maintain Our Services
- Service Delivery: To set up and manage your account, provide access to our AI platform and human fractional services, and process transactions.
- Performance Monitoring: To monitor and analyse the usage of our Services, ensuring their proper functioning and improving performance.
- Customer Support: To respond to your inquiries, support requests, and feedback.
4.2. To Improve and Develop Our Services
- Enhancements: To conduct research and analysis to improve existing Services and develop new features.
- Personalisation: To tailor content and recommendations to your preferences and usage patterns.
4.3. To Communicate with You
- Transactional Communications: To send you information related to your account, transactions, and updates to our Services.
- Marketing Communications: To provide you with news, offers, and information about our Services and events that may interest you. You can opt-out of receiving marketing communications at any time.
4.4. To Ensure Security and Prevent Fraud
- Security Measures: To protect our Services, systems, and users from security threats, fraud, and other malicious activities.
- Compliance: To enforce our Terms and Conditions and comply with legal obligations.
4.5. Legal Obligations and Rights
- Compliance with Laws: To comply with applicable laws, regulations, and legal processes.
- Protection of Rights: To protect and defend our rights, property, and safety, as well as those of our users and third parties.
5. Legal Basis for Processing Personal Data
We process your Personal Data based on the following legal grounds:
- Contractual Necessity: Processing is necessary for the performance of a contract with you or to take steps at your request before entering into a contract.
- Legitimate Interests: Processing is necessary for our legitimate interests, such as improving and securing our Services, provided that such interests are not overridden by your data protection rights.
- Consent: Where you have given explicit consent for specific processing activities, such as receiving marketing communications.
- Legal Obligation: Processing is necessary to comply with legal obligations to which we are subject.
6. How We Share Your Information
We may share your Personal Data with the following parties and under the following circumstances:
6.1. Third-Party Service Providers
We engage trusted third-party companies and individuals to perform functions and provide services to us, including:
- AI Service Providers: Such as OpenAI, Anthropic, Serper, and Google Gemini, for processing data to deliver AI-driven services.
- Payment Processors: To handle billing and payment transactions securely.
- Cloud Hosting and Storage Providers: To store and manage data securely.
- Analytics and Marketing Services: To analyse usage patterns and assist in marketing efforts.
- Professional Advisors: Including lawyers, auditors, and insurers for business operations and compliance.
Safeguards: We ensure that all third-party service providers process your Personal Data securely and in accordance with applicable data protection laws. They are only permitted to process your data for specified purposes and in accordance with our instructions.
6.2. Business Transfers
In the event of a merger, acquisition, restructuring, or sale of all or a portion of our assets, your Personal Data may be transferred to the relevant third party. We will notify you of any such change in ownership or transfer of assets.
6.3. Legal Obligations
We may disclose your Personal Data if required to do so by law or in response to valid requests by public authorities (e.g., courts, law enforcement agencies).
6.4. Protection of Rights and Safety
We may disclose your information to:
- Enforce our Terms and Conditions and other agreements.
- Protect the rights, property, or safety of CxO Sight, our users, or others.
- Investigate and prevent fraudulent activities, security issues, and technical problems.
6.5. With Your Consent
We may share your Personal Data with third parties when we have your explicit consent to do so.
7. International Data Transfers
Your Personal Data may be transferred to and processed in countries outside of the United Kingdom that may have different data protection laws. Specifically, data processed by our Third-Party Service Providers may be stored and processed in various jurisdictions.
Safeguards: When transferring Personal Data internationally, we ensure appropriate safeguards are in place, such as:
- Standard Contractual Clauses (SCCs): We implement SCCs approved by the European Commission or UK authorities to ensure adequate data protection.
- Adequacy Decisions: We transfer data to countries that have been deemed to provide an adequate level of data protection by relevant authorities.
- Binding Corporate Rules: For intra-group transfers, we may rely on binding corporate rules approved by data protection authorities.
You may request further information about the safeguards we have in place by contacting us via our contact form.
8. Data Security
We take the security of your Personal Data seriously and implement appropriate technical and organisational measures to protect it from unauthorised access, alteration, disclosure, or destruction.
Security Measures Include:
- Encryption: Data is encrypted both in transit and at rest using industry-standard protocols.
- Access Controls: Strict access controls ensure that only authorised personnel can access Personal Data.
- Network Security: Firewalls, intrusion detection systems, and other network security measures protect our systems.
- Regular Audits and Assessments: We conduct regular security assessments and audits to identify and mitigate potential risks.
- Staff Training: Our employees receive regular training on data protection and information security practices.
No Absolute Security: While we strive to protect your Personal Data, no method of transmission over the internet or electronic storage is completely secure. Therefore, we cannot guarantee absolute security, and any transmission is at your own risk.
9. Cookies and Similar Technologies
9.1. What Are Cookies?
Cookies are small text files placed on your device by websites you visit. They are widely used to make websites work efficiently and provide information to the site owners.
9.2. Types of Cookies We Use
- Essential Cookies: Necessary for the operation of our Website and Services. They enable core functionalities such as security, network management, and accessibility.
- Analytical/Performance Cookies: Help us understand how users interact with our Website by collecting and reporting information anonymously.
- Functionality Cookies: Enable enhanced functionality and personalisation, such as remembering your preferences.
- Targeting/Advertising Cookies: Collect information about your browsing habits to make advertising more relevant to you and your interests.
9.3. Third-Party Cookies
We may allow third-party service providers to place cookies on your device for the purposes mentioned above. These third parties include analytics providers like Google Analytics and advertising partners.
9.4. Managing Cookies
- Browser Settings: You can manage or disable cookies through your browser settings. However, disabling certain cookies may affect the functionality and performance of our Website and Services.
- Cookie Consent Banner: Upon your first visit to our Website, you will be presented with a cookie consent banner allowing you to accept or customise your cookie preferences.
- Do Not Track: Our Website does not respond to Do Not Track signals from browsers.
9.5. More Information
For detailed information about the cookies we use and how to manage them, please refer to our Cookie Policy.
10. Data Retention
10.1. Retention Periods
We retain your Personal Data only for as long as necessary to fulfil the purposes for which it was collected, including:
- Account Information: Retained for as long as your account remains active and for a reasonable period thereafter in accordance with legal obligations.
- Transaction Data: Retained as required by financial and tax regulations.
- Usage Data: Retained for internal analysis purposes, typically for a shorter period unless used to strengthen security or improve functionality.
10.2. Deletion and Anonymisation
Upon expiry of the retention period, we will securely delete or anonymise your Personal Data. If deletion is not possible (e.g., because the data is stored in backup archives), we will securely store and isolate the data from further processing until deletion is possible.
10.3. Your Rights Regarding Retention
You have the right to request the deletion or anonymisation of your Personal Data under certain circumstances. Please refer to Section 11 for more information on your data protection rights.
11. Your Data Protection Rights
Under the UK GDPR, you have the following rights regarding your Personal Data:
11.1. Right to Access
You have the right to request confirmation as to whether we process your Personal Data and, if so, to request a copy of the information we hold about you.
11.2. Right to Rectification
You have the right to request the correction of any inaccurate or incomplete Personal Data we hold about you.
11.3. Right to Erasure
You have the right to request the deletion of your Personal Data when:
- The data is no longer necessary for the purposes for which it was collected.
- You withdraw your consent and there is no other legal ground for processing.
- You object to the processing and there are no overriding legitimate grounds.
- The data has been unlawfully processed.
- The data must be erased to comply with a legal obligation.
11.4. Right to Restrict Processing
You have the right to request the restriction of processing your Personal Data when:
- You contest the accuracy of the data.
- The processing is unlawful, and you oppose erasure.
- We no longer need the data, but you require it for legal claims.
- You have objected to processing pending verification of our legitimate grounds.
11.5. Right to Data Portability
You have the right to receive your Personal Data in a structured, commonly used, and machine-readable format and to transmit that data to another controller where processing is based on consent or contract and carried out by automated means.
11.6. Right to Object
You have the right to object to the processing of your Personal Data based on legitimate interests or for direct marketing purposes.
11.7. Right to Withdraw Consent
Where processing is based on your consent, you have the right to withdraw such consent at any time without affecting the lawfulness of processing based on consent before its withdrawal.
11.8. Right to Lodge a Complaint
You have the right to lodge a complaint with the Information Commissioner’s Office (ICO) if you believe that we have violated your data protection rights.
Contact Details of ICO:
- Website: https://ico.org.uk/
- Telephone: 0303 123 1113
11.9. Exercising Your Rights
To exercise any of these rights, please contact us at via our contact form.
We may need to verify your identity before fulfilling your request. We will respond to all legitimate requests within one month.
12. Children’s Privacy
Our Services are not intended for individuals under the age of 18. We do not knowingly collect Personal Data from children. If you become aware that a child has provided us with Personal Data, please contact us immediately. If we become aware that we have collected Personal Data from a child without verification of parental consent, we will take steps to remove that information from our servers.
13. Third-Party Websites
Our Website and Services may contain links to third-party websites and services that are not operated by us. This Privacy Policy does not apply to those third-party websites. We encourage you to review the privacy policies of any third-party sites you visit.
14. Changes to This Privacy Policy
We may update this Privacy Policy from time to time to reflect changes in our practices or legal requirements.
14.1. Notification of Changes
- Minor Changes: Updated Privacy Policies will be posted on this page with a new effective date.
- Material Changes: We will notify you of significant changes via email or through prominent notices on our Website prior to the change becoming effective.
14.2. Continued Use
Your continued use of our Services after any changes to this Privacy Policy constitutes your acceptance of such changes.
15. Acceptance of This Privacy Policy
By accessing and using our Services, you acknowledge that you have read and understood this Privacy Policy and agree to be bound by its terms.
16. Contact Us
If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us via our contact form
We are committed to resolving any complaints or concerns regarding our use of your Personal Data and will respond to your inquiries promptly.
Effective Date: 31st July 2024