Privacy Policy

Effective Date: January 31, 2025

This Privacy Policy explains how Commly ("we," "us," or "our") collects, processes, uses, discloses, and safeguards your personal data in compliance with the General Data Protection Regulation (GDPR) and other applicable European data protection laws. By accessing or using our website, products, or services (collectively, the "Services"), you acknowledge that you have read, understood, and agree to the collection and use of your personal data as described in this policy.

1. Who We Are

Commly is an EU-based company committed to protecting your privacy and ensuring the security of your personal data.

Registered Office: Carrer Roger de Flor, 11, local 1, 08490, Tordera, Barcelona, Spain

Legal Contact Email: privacy@commly.ai

We strive to be transparent about how we process your information and provide you with control over your personal data.

2. Information We Collect

Depending on how you interact with our Services, we may collect and process the following types of information:

A. Personal Identification Information

  • Registration Data: Name, email address, username, contact number, and other information provided when you register for an account or use our Services.
  • User Profile Information: Details you provide to create or update your profile, including preferences and interests.

B. Contact and Communication Data

  • Communication Data: Information you provide when contacting us via email, phone, or other channels, including feedback and survey responses.

C. Technical and Usage Data

  • Usage Data: Automatically collected information such as IP address, browser type and version, operating system, access times, pages viewed, and referring URLs.
  • Device Information: Information about the device you use to access our Services, including device identifiers, network information, and mobile device data.

D. Multimedia Data

If you use features of our Services that involve audio or video (e.g., video conferencing, recordings, live sessions), we may record and store such content. These recordings are used solely for providing or improving our Services and for security purposes.

E. Location Data

With your consent, we may collect precise or approximate location data from your device to enhance user experience, provide location-based services, or for security purposes.

F. Cookies and Tracking Data

Cookies: We collect data through cookies and similar tracking technologies (e.g., web beacons, pixel tags) to personalize your experience, analyze site usage, and improve our Services.

Tracking Technologies: Information collected automatically through our use of web analytics and third-party tracking tools.

3. How We Collect Your Data

  • Directly from You: When you register, fill out forms, subscribe to newsletters, contact customer support, or otherwise interact with our Services.
  • Automatically: Through cookies, server logs, and similar technologies when you access or use our website or mobile applications.
  • From Third Parties: When you use a third-party service to access our Services (for example, when you log in via social media or a single sign-on provider), we may receive certain information from that provider.

4. Legal Bases for Processing Your Data

For users within the European Economic Area (EEA), we process your personal data on the following legal bases:

Consent: Where you have explicitly provided your consent to process your data for specific purposes.

Contractual Necessity: When processing is necessary for the performance of a contract to which you are a party (e.g., providing access to our Services).

Legal Obligation: Where processing is required for compliance with applicable laws and regulations.

Legitimate Interests: Where processing is necessary for our legitimate interests (or those of a third party), provided these interests are not overridden by your rights and freedoms.

5. How We Use Your Information

A. Provision and Management of Services

  • Account Management: Creating and managing your account, providing customer support, and communicating with you regarding account updates.
  • Service Delivery: Enabling access to our Services, processing transactions, and fulfilling your requests.

B. Improvement and Development

  • Performance Analysis: Analyzing how our Services are used to improve functionality, develop new features, and enhance user experience.
  • Research and Development: Using anonymized and aggregated data for research purposes and to conduct internal audits of our systems.

C. Communication and Marketing

  • Updates and Notifications: Sending you important updates, notifications, and administrative messages.
  • Marketing Communications: With your consent, sending newsletters, promotional emails, and information about offers, events, or changes to our Services.
  • Personalization: Tailoring content and recommendations based on your usage patterns and preferences.

D. Security and Legal Purposes

  • Fraud Prevention and Security: Monitoring for and preventing unauthorized access, fraud, or other harmful activities.
  • Compliance: Meeting legal obligations, resolving disputes, and enforcing our agreements.

6. Data Sharing and Disclosure

We do not sell your personal data. We may share your information in the following limited circumstances:

A. With Service Providers

We work with trusted third-party service providers who perform functions on our behalf (e.g., hosting, payment processing, analytics, customer support). These providers are contractually bound to use your data only for the purposes for which we disclose it and to protect it in line with GDPR requirements.

B. For Legal Reasons

  • To comply with legal obligations: Such as court orders, subpoenas, or investigations.
  • For protection of rights: To protect the rights, property, or safety of Commly, our users, or others.
  • During Business Transfers: In the event of a merger, acquisition, or reorganization, provided the recipient agrees to safeguard your data in a manner consistent with this Privacy Policy.

C. With Your Consent

We may also share your data with third parties if you have explicitly consented to such sharing.

7. Cookies and Tracking Technologies

A. What Are Cookies?

Cookies are small text files stored on your device that help us enhance your online experience by remembering your preferences and tracking site usage.

B. How We Use Cookies

  • Recognize your device and maintain your session.
  • Analyze user behavior to improve our Services.
  • Deliver personalized content and targeted advertisements.
  • Monitor the effectiveness of our communications and marketing efforts.

C. Managing Cookies

Most web browsers allow you to control cookies through their settings. You may disable cookies; however, please note that this may affect the functionality of our Services.

8. Data Security Measures

We implement a range of technical and organizational measures to ensure the security and confidentiality of your personal data, including:

Encryption: Data is encrypted in transit (using HTTPS/SSL) and at rest where applicable.

Access Controls: Strict access controls and authentication protocols are in place to restrict access to personal data.

Regular Audits: We conduct regular security audits, vulnerability assessments, and penetration tests.

Employee Training: Our employees receive ongoing training on data security and privacy best practices.

Despite our efforts, please be aware that no security system is impenetrable, and we cannot guarantee absolute security.

9. Data Retention

We will retain your personal data only for as long as necessary to fulfill the purposes outlined in this Privacy Policy or as required by law. When the data is no longer needed, we will securely delete or anonymize it. Specific retention periods may vary depending on the type of data and the purpose for which it was collected.

10. International Data Transfers

If your personal data is transferred outside the European Economic Area (EEA), we ensure that it is protected in accordance with EU data protection standards. Such transfers may be facilitated through:

Standard Contractual Clauses: As approved by the European Commission.

Other Safeguards: That provide an equivalent level of data protection.

By using our Services, you consent to the transfer of your data to countries outside the EEA under these safeguards.

11. Your Rights Under the GDPR

As a data subject within the EEA, you have the following rights:

Right to Access: You may request access to the personal data we hold about you.

Right to Rectification: You can ask us to correct any inaccurate or incomplete data.

Right to Erasure ("Right to be Forgotten"): Under certain conditions, you can request that we delete your personal data.

Right to Restrict Processing: You have the right to request that we limit the processing of your personal data.

Right to Data Portability: You may request to receive your personal data in a structured, commonly used, and machine-readable format, or request that we transfer your data to another controller.

Right to Object: You can object to our processing of your personal data, particularly in relation to direct marketing or processing based on our legitimate interests.

Right to Withdraw Consent: Where processing is based on your consent, you have the right to withdraw that consent at any time without affecting the lawfulness of processing based on consent before its withdrawal.

Right to Lodge a Complaint: You may lodge a complaint with a supervisory authority if you believe that our processing of your personal data violates applicable laws.

12. How to Exercise Your Rights

If you wish to exercise any of your rights or have any questions regarding your personal data, please contact us using the details provided below. We will respond to your request in accordance with applicable law and within the statutory time limits.

Contact Information:

Email: privacy@commly.ai

Phone: +34 667 433 041

Please include sufficient detail in your request to help us identify your records and process your inquiry.

13. Data Protection Impact Assessments and Automated Decision-Making

A. Data Protection Impact Assessments (DPIAs)

Where our processing is likely to result in a high risk to the rights and freedoms of individuals, we undertake Data Protection Impact Assessments to evaluate and mitigate such risks. These assessments help ensure that appropriate measures are in place to protect your personal data.

B. Automated Decision-Making

Our Services may use automated systems for certain processes. If any decisions that have a legal or similarly significant effect on you are made solely on the basis of automated processing, we will ensure that appropriate safeguards and human oversight are provided in accordance with GDPR requirements.

14. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technologies, or applicable laws. We will notify you of any significant changes by updating the "Effective Date" at the top of this document and, where appropriate, by providing notice through our Services or via email. We encourage you to review this policy periodically.

15. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us at:

Email: privacy@commly.ai

Phone: +34 667 433 041