Our Privacy Policy

At Colossyan, we are committed to maintaining robust privacy protections for our customers, users and website visitors. This privacy notice (“Notice”) summarizes how we collect, use and safeguard the information you provide to us and what choices you have with respect to your privacy.

This Notice applies to the data processing of Colossyan Inc. (“Colossyan”) and its relevant Affiliates in relation to the Colossyan Services and the Colossyan websites (such as colossyan.com and app.colossyan.com) (together our “Services”). This Notice does not apply to any third-party applications or software integrated with the Service ("Third-Party Services"), or to the privacy practices of any other third-party products, services or businesses. Unless defined otherwise, capitalized terms in this Notice will have the same meaning as in the Terms of Service.

About us

Colossyan Inc is a data controller of the Services described in this Notice. The Colossyan Affiliates that are controllers of personal data for the activities described in this Notice are Colossyan Ltd (with address 5 New Street Square, London, United Kingdom, EC4A 3TW) and Colossyan kft (with address Budapest, Akadémia u. 6, 1054 Hungary).

For certain activities set out in this Notice, if you access our Services on behalf of your organisation and your organisation has an enterprise account with us, we will act as a data processor in respect of the processing of your personal data and your organisation will be a controller. In such circumstances, please see your organisation’s privacy notice for more information about how to exercise your rights and your organisation’s lawful basis for processing your personal data in connection with the provision of our Services.

What type of personal data do we process?

A) Information that you provide to us where you interact with our Services

  • Registration data: When you register to our Services, you need to provide us with your email address, password and username. The data that we request at the time of registration is necessary for the provision of our Services.
  • Billing information: If you subscribe to a paid Service, you also need to provide certain billing information (such as your name, address and VAT number). You might also provide payment information, such as payment card details, which we collect via a secure payment processing service, Stripe Inc. This data is necessary to provide you with the Colossyan Services.
  • Additional data provided by you: You may decide to share further information, including personal data, with us when you contact us, provide feedback to us regarding the Services or otherwise communicate with us. It is solely your decision to share any other data with us during such communications, so our processing of such data will be based on your consent.
  • If we engage you to provide services to us we may collect your name, contact details and invoicing details. Further if we are engaging you to create stock avatars, you will need to provide us with images and/recordings of your likeness and/or voice.

B) Content that you or a third-party upload to our Services

  • Rather than use our stock avatars, you may use our Services to create a personalised AI Avatar by creating a Studio Avatar, a Lite Avatar or an Instant Avatar (together “Custom Avatar”). If you decide to get a Custom Avatar, you may upload personal data including your voice, picture or video footage (which you can either send to us by email or create directly on our website).
  • Your image and/or other personal data may also be included in any content (e.g training materials) uploaded to our Service

C) Information that we collect about you when you use our Service, including technical information about your interaction

  • Technical data: As most websites and services provided through the Internet, we gather certain information and store it in log files when you interact with our Services. This information includes internet protocol (IP)address, details of the website that you are viewing, such as full web page URL, browser type, device type and operating system and any other information available to us about the device you are using, geolocation, diagnostic data (including crash logs, launch time, hang rate and energy use, and any other data collected for technical diagnostics purposes), and any relevant unique identifiers assigned to a device or browser (including cookie identifiers).
  • Usage data: When you use our Services, we collect information about browsing activity on our website, interaction with our emails, and interaction with ads that you see as a result of our personalisation and insight and analysis activities. This may include information about pageviews and events on our website, information about the webpage or other source that users were previously on before reaching our website, information about when the session started and ended, information about views of and clicks on our ads, together with advertising or other identifiers associated with a user or their device (e.g. a device’s IDFA (iOS) or AAID (Android).

We may use cookies or other tracking technologies to collect this type of data. For detailed information about the tracking technologies we use, please see our Cookie Notice.

E) Information that we collect from third-parties

  • Our partners: We receive information about you and your activities on our website from third-party partners, such as advertising partners and/or data enrichment partners. This includes unique identifiers and a profile of your possible interests and characteristics, which may have been built by observing your activity on our Services, including those operated by third parties, that use our partners’ services. Please note our third party partners may collect information about directly through cookies and other tracking technologies on our sites and/or third party digital properties. For more information about the use of third party cookies on our sites please see our Cookie Notice.

Why do we process your data and what is our legal basis?

We may process your personal data for several purposes. How we use your personal data depends on how you use our Service and your preferences you have communicated to us.

  • Provision of our Service: We may use your personal data for the provision of the Service, for example, where you feature in uploaded content or otherwise provide voice, picture and video footage to create avatars. We do this where it is necessary for the performance of a contract with individual users or where we have legitimate interests to provide a service to our business users. Where we do this on behalf of our client (including your organisation) as a data processor, we do not require a legal basis for such processing
  • Billing and managing your account: We will process certain information, such as financial data for billing purposes, i.e. to complete transactions, and send you purchase confirmations and invoices. We may also use personal data for the maintenance of your account, and for authentication purposes. E.g. We use your email address to enable you to log in to our services. We do this where we have legitimate interests to provide effective account maintenance and support.
  • Service communication: We will send you necessary information regarding the Services, such as administrative messages, to your email address provided to us. Please be aware that you cannot opt out of receiving such messages from us, including necessary security alerts and legal notices. We do this where we have legitimate interests to provide effective customer support and account security.
  • Marketing and Sales Outreach: With your consent, we may use your email address to send you marketing communications. You can withdraw your consent for such communications at any time by contacting us using the details in the “Contact Us” section of this Notice. We may also use the content you upload to the services with certain third-party software tools to tailor and enhance our marketing and sales outreach to you.
  • Online personalised advertising: We may process technical data and usage data to provide you with, and analyse the effectiveness of, personalised ads when you use our Services. By “personalised ads”, we mean advertisements for products and services that you have shown an interest in when you have used our Services or which we or our partners otherwise think you might be interested in based on your browsing habits. Note, our third-party partners may also use the data that is collected to show personalised ads for products and services offered by third parties. We may use cookies and other similar technologies for this purpose. Please see our Cookie Notice for further information. We do this where we have legitimate interests to provide effective insights and analysis or with your consent where non-essential cookies are used.
  • Insight and analytics: We may use technical data and usage data to carry out website insight and analysis, so we can measure use of, and develop and improve our website. We may use cookies and other similar technologies for this purpose. Please see our Cookie Notice for further information. We do this where we have legitimate interests to provide effective insights and analysis or with your consent where non-essential cookies are used.
  • Personalisation: We may use technical data and usage data to personalise user experiences when using our Services, such as showing our users content and website features that we think may be of interest or relevance to our users. We may use cookies and other similar technologies for this purpose. Please see the Cookie Notice for further information. We do this where we have legitimate interests to give users and customers the best experience, and to support our marketing and advertising activities or with your consent where non-essential cookies are used.
  • Data improvement: We may use technical data and usage data to improve the quality of our data through the use of Services and data of third party data suppliers, including to (i) enrich the data we hold about our customers and users (for example, adding data to information that we already hold); (ii) carry out data cleansing and tracing (for example, identifying redundant records and updating records); and / or (iii) segment our customers and users (for example, identifying target sub-groups of our customers or users). We may use cookies and other similar technologies for this purpose. Please see the Cookie Notice for more information. We do this where we have legitimate interests to ensure the effective and efficient use of data and to support other activities described in this Notice or with your consent where non-essential cookies are used.
  • Security: We use information about you to secure your profile, verify accounts, to monitor suspicious or fraudulent activity and to identify violations of our Terms of Service or Acceptable Use Policy. We do this where we have legitimate interests to provide effective security of our Services.
  • Protecting our legitimate business interests and legal rights: Where required by law or where we believe it is necessary to protect our legal rights, interests and the interests of others, we use information about you in connection with legal claims, compliance, regulatory, and audit functions, and disclosures in connection with the acquisition, merger or sale of our business. We do this where we have a legal obligation or we have legitimate interests to operate our business effectively.
  • Other: We may also process your data for any other purposes for which we obtain your consent where necessary or otherwise in accordance applicable law and this policy.

How long will we process your data?

We will retain your personal data as long as it is needed to fulfill the purposes specified above (for example, to provide you with our Services), unless a longer retention period is required or permitted by law (such as tax, accounting or other legal requirements). When we have no ongoing legitimate business need to process your personal data, we will either delete or anonymize it in accordance with our deletion policy.

Third parties we share your data with

In certain cases we need to share your personal data with our Affiliates and third parties. In any case, we will share your personal data only in accordance with applicable laws and this Notice, and in the following cases:

  • Advertising partners: We share personal data with our third-party advertising partners. This data is used to provide you with, and measure the effectiveness of, online personalised advertising and for other advertising related activities. We may also share your personal data with, or otherwise use the services of, third-party social media and advertising technology companies, so that we can advertise our business, including our Services, on other websites, apps, and other digital platforms, including social media, that are operated by third parties.
  • Legal compliance: We may transmit personal data if the applicable legal provisions so require, or when such action is necessary to comply with any laws, e.g. with criminal authorities if we are required to cooperate for such purposes. We may also need to share personal data for the protection of our rights and interests, to protect your safety or the safety of others or to investigate fraud, in accordance with the applicable laws.
  • Third-party service providers: In certain cases, we use Colossyan affiliates and third parties as service providers or business partners to process personal data and support our business. These services may help us keep Colossyan running by storing or processing your data on our behalf. We use third-party service providers to assist in providing the Colossyan services, for example to provide infrastructure, or to provide technologies integrated with our services, to make and receive payments, and to help us provide customer support and email notifications. We may also contract with companies to provide certain services, such as authentication, analytics, and marketing services. If you make a purchase through our website, your payment and subscription information will be processed by Stripe Inc, a payment processing service, in accordance with its Privacy Policy.

We may share your data with professional advisers acting as service providers, processors, controllers, or joint controllers - including lawyers, bankers, auditors, and insurers who provide consultancy, banking, legal, insurance and accounting services, and to the extent we are legally obliged to share or have a legitimate interest in sharing your data.

Data transfers

Our Services are hosted in Germany and the UK and Colossyan is located in the United States (“Applicable Regions”). If you access our website or Services from any other region of the world with laws or other requirements governing personal data collection, use, or disclosure that differ from applicable laws in the Applicable Regions, then through your continued use of our Services, you are transferring your data to the Applicable Regions.

For UK and/or EEA citizens, we may transfer your personal data to countries that do not have data protection laws that protect personal data to the same standard as UK and EU laws. When doing so, we rely on one of the following:

  1. Adequacy decisions: We may transfer your personal data to countries or organisations that have been deemed to provide an adequate level of protection for personal data by the European Commission, the UK Government, or any other relevant government body. This may include transfers to organisations that participate in the Data Privacy Framework.
  2. Contractual safeguards: We may use specific contracts approved by the European Commission, the UK Government, or any other relevant governmental body to safeguard personal data. The contracts that we usually rely on are referred to as “Standard Contractual Clauses” or “SCCs”, although we may from time to time use other approved mechanisms.

How do we protect your data?

We implement security measures designed to protect your information from unauthorized access. Your account is protected by your account password. You should never disclose your password to others and it is recommended that you log out of your account after each use. We also protect your information from potential security breaches by implementing certain technological security measures including encryption, firewalls and secure socket layer technology. However, these measures do not guarantee that your information will not be accessed, disclosed, altered or destroyed by breach of such firewalls and secure server software. By using our Service, you acknowledge that you understand and agree to assume these risks.

If you fail to provide your personal data

Where we are required by law to collect your personal data, or we need to collect your personal data under the terms of a contract we have with you, and you fail to provide that personal data when we request it, we may not be able to perform the contract we have or are trying to enter into with you. This may apply where you do not provide the personal data we need in order to provide the Service you have requested from us. In this case, we may have to cancel the provision of the relevant Services to you, in which case we will notify you.

Your privacy rights

You may ask us to:

  • Provide information about and copies of the personal data that we process about you,
  • correct inaccuracies or amend your personal data,
  • stop processing your personal data and/or to stop sending you marketing communications,
  • delete your personal data

Please note, however, that we may need to retain certain information for record-keeping purposes, to complete transactions or to comply with our legal obligations.

  • restrict processing of your personal data in certain circumstances (for example, where you believe that the personal data we hold about you is inaccurate or unlawfully held)
  • provide with your personal data in a structured, machine-readable and commonly used format and to request that we transfer the personal data to another data controller without hindrance, and
  • The right not to be subject to a decision when it is based on automatic processing, including profiling, if it produces a legal effect or similarly significantly affects you, unless such profiling is necessary for the entering into, or the performance of, a contract between you and us.

You can request this by sending an email to info@colossyan.com. We will respond to your request within the statutory timeframes. Please note that we may ask you to verify your identity before complying with the request.

You also have the right to complain to a data protection authority or claim damages before the court if necessary. In the UK, contact details for the Information Commissioner’s Office can be found here or, in the EU a list of contact details for the EU data protection authorities is available here.

Children’s privacy

Our Services are not directed to anyone under the age of 13. We do not knowingly collect or solicit information from anyone under the age of 13, or allow anyone under the age of 13 to sign up for the Service. In the event that we learn that we have gathered information from anyone under the age of 13 without the consent of a parent or guardian, we will delete that information as soon as possible. If you believe we have collected such information, please contact us using the details in the “Contact Us” section.

Changes

We reserve the right to change this Notice from time to time. If there are any material changes to this policy, you will be notified by sending a Notice to the primary email address specified in your account or by placing a prominent Notice on our website. We encourage you to periodically review this page for the latest information on our privacy practices.

Contact Us

If you have any further questions or complaints in relation to our processing of your data, please contact info@colossyan.com.