Circulus Privacy Policy

1. Who We Are

‍

Data Controller: Circulus, an Irish company with a business address at 77 Sir John Rogerson's Quay, Dublin 2, D02 Y7Y5, Ireland, is the controller of your personal data collected via our website and services.

‍

Contact Details: If you have questions about this Privacy Policy, please contact us at:
Circulus Innovations Limited
77 Sir John Rogerson's Quay, Dublin 2, D02 Y7Y5, Ireland
Email: info@circulusinnovations.com

‍

2. Scope of This Policy

‍

This Privacy Policy applies to personal data we collect:

‍

• Through our Website: When you visit our site, create an account, or interact with our online features.
  
• Marketplace Services: When you buy or sell products on the Circulus Marketplace.
  
• AI-Driven Features: When you use or engage with our AI system (e.g., product recommendations, chat assistance, or other algorithmic decision-making tools).
  
• Communications: When you contact us via email, phone, or social media channels.

If we collect personal data through other channels, we will provide supplementary notices or policies where required by law.

‍

3. Data We Collect

‍

3.1 Information You Provide Directly

• Account Information: Name, email address, phone number, postal address, login credentials, payment details (where applicable), and other required registration details.
  
• Profile or Seller Information: If you are a seller, business name, VAT number, company address, banking details for payouts, and similar data.
• Customer Service Interactions: Communication records with our support team, feedback, survey responses, or queries.
  
• User-Generated Content: Reviews, comments, images, or other materials you upload or submit on the Marketplace.

3.2 Information Collected Automatically

• Device and Usage Data: IP address, browser type, operating system, time zone, referring URLs, and pages viewed.
  
• Cookies and Similar Technologies: We use cookies, beacons, and pixels to track user behavior, remember preferences, and gather analytics. For more information, see our Cookie Policy.

3.3 AI-Related Data Processing

• User Inputs: Any text or data you enter into our AI-driven features (e.g., chat prompts, product preference details) may be processed to generate responses, recommendations, or insights.
  
• Interaction Logs: We may keep logs of AI-generated outputs and user interactions to train and refine our AI models. We store these AI interaction logs in a GDPR-compliant manner and retain them only as long as necessary for the stated purposes (see Section 7 on Data Retention). Where feasible, we anonymize or pseudonymize this data to protect your identity.
  
• Anonymization and Personalization: In certain cases, we may keep user interaction data in a form that still associates you with your preferences to provide more personalized results (including search results, information layout, or product suggestions). However, whenever possible, we anonymize or pseudonymize data to minimize any privacy impact.

3.4 Information From Third Parties

• Payment Processors: We may receive partial financial information or transaction statuses (e.g., successful payments) from payment service providers.
• Third-Party Integrations: If you link or sign in via a social media account or another external service, we may receive certain profile information (e.g., name, email) as permitted by your privacy settings on that platform.
  

‍

‍

4. Legal Bases for Processing

We process your personal data in accordance with GDPR’s lawful bases:

• Contract Performance: To fulfill our obligations under a contract with you (e.g., processing your orders, handling payments, providing AI-powered services).
• Legitimate Interests: For our legitimate business interests, such as enhancing website performance, improving AI models, fraud detection, securing the platform, and marketing communications (where not overridden by your privacy rights).
• Consent: Where required by law, we will request your consent before processing certain data (e.g., sending direct marketing or using specific types of cookies). You may withdraw your consent at any time without affecting the lawfulness of processing prior to withdrawal.‍
• Legal Obligations: To comply with applicable laws, regulations, or court orders (e.g.,record-keeping for tax and accounting purposes).

‍

5. Your Rights

We use your personal data for the following purposes:

• Providing and Improving Our Services
  Facilitating Marketplace transactions, including order processing, payment, shipping, and returns.
  
• Operating, maintaining, and optimizing our AI-driven features, including training or refining models based on anonymized or pseudonymized user interactions.
  
• Account Management and Customer Support
  Creating and managing user accounts.
  
• Responding to inquiries, complaints, and requests for technical support.
  
• Marketing and Promotional Activities
  Sending newsletters, promotional emails, or targeted ads about our services or those of our partners, subject to your opt-in preferences.
  Measuring the effectiveness of our marketing campaigns and tailoring content to your interests.
  

• Analytics and Personalization
  Conducting data analysis to understand user behaviors and enhance user experience.
  Personalizing recommendations or search results on the Marketplace using AI algorithms.
  (AI recommendations do not impact pricing, discount eligibility, or order approval; these remain subject to standard criteria and are not automated in amanner that would affect your rights.)
  
• Compliance and Protection
  Detecting, investigating, and preventing fraud or other illegal activities. Protecting our legal rights, enforcing our Terms of Use, and complying with legal obligations.

‍

6. Data Sharing and Transfers

We do not sell your personal data. However, we may share certain information:

• Sellers and Buyers: To facilitate Marketplace transactions (e.g., sharing shipping addresses with sellers).
• Service Providers: With trusted third parties who assist us (e.g., payment processors, hosting providers, AI infrastructure providers, analytics services).
• Affiliates and Subsidiaries: With entities under common control or ownership, provided they follow privacy practices no less protective than ours.
• Legal Compliance: If required by law, court order, or to protect our legal rights (e.g., in response to regulatory inquiries or judicial processes).
• Business Transfers: In connection with any merger, sale, acquisition, or transfer of our assets, your data may be part of the transaction, subject to confidentiality obligations.
• Third-Party Advertising (if applicable): We do not sell your data for advertising. Where we engage in advertising collaborations, we ensure compliance with GDPR. If data is shared with third-party advertisers for targeted advertising, we disclose what categories of data are involved, how it is used, and obtain any required consent. Failure to comply with such disclosure and consent requirements could expose us to GDPR penalties, and we are committed to meeting all relevant obligations.

6.1 International Data Transfers

If we transfer personal data from the EU/EEA to a country that does not provide an adequate level of data protection, we will ensure appropriate safeguards (such as Standard Contractual Clauses) are in place. You can request more information about such safeguards by contacting us.

‍

‍

7. Data Retention

We retain your personal data only for as long as necessary to:

• Fulfill the purposes for which we collected it.
• Comply with legal and regulatory obligations (e.g., tax, accounting).
• Resolve disputes and enforce our agreements.
• Support our AI model training in anonymized or pseudonymized form.

In particular, AI interaction logs used for model improvement are retained for no longer than [12 months], unless applicable laws or legitimate business needs require a different retention period. After this period, we will eithersecurely delete the data or anonymize it so that it can no longer be linked to any individual. When we have no ongoing legitimate business need or legal basisto retain personal data, we will either securely delete or anonymize it.

‍

‍

8. Your Rights Under GDPR

You have the following rights regarding your personal data:

• Right of Access: Obtain confirmation of whether we process your data and request a copy of the data.
• Right to Rectification: Request correction of inaccurate or incomplete data.
• Right to Erasure (“Right to be Forgotten”): Ask for your data to be deleted under certain conditions.
• Right to Restrict Processing: Ask us to stop processing your data, but still store it, in specific cases.
• Right to Data Portability: Receive your data in a structured, commonly used format and have it transferred to another controller, where technically feasible.
• Right to Object: Object to processing based on legitimate interests or for direct marketing.
• Right Not to Be Subject to Automated Decision-Making: If we use purely automated decision-making that significantly affects you, you have the right to request human intervention or challenge the decision.
• Right to Withdraw Consent: If you have given consent, you may withdraw it at any time without affecting the lawfulness of processing before withdrawal.

To exercise any of these rights, please contact us at info@circulusinnovations.com. We will respond to all legitimate requests within one month (30 days) in accordance with GDPR requirements, and we will inform you if we need more time. You also have the right to lodge a complaint with the Irish Data Protection Commission or your local supervisory authority if you believe your rights have been infringed.

‍

‍

9. Protecting Children’s Privacy

Our services are not intended for individuals under 16 years of age. If you become aware that a child has provided us with personal data without parental or guardian consent, please contact us immediately. We will take steps to deletesuch information as required by applicable law.

‍

‍

‍

10. Security Measures

We implement appropriate technical and organizational measures to protect personal data against unauthorized access, alteration, disclosure, or destruction. This includes, where appropriate, encryption, access controls, secure hosting, and regular security assessments. However, no internet-based service is entirely secure, and we cannot guarantee absolute security.

‍

‍

11. Automated Decisions and AI

We may use automated algorithms, including AI, to enhance user experience,personalize recommendations, detect fraudulent activity, or respond to queries.While these systems help us process information more efficiently, we strive to maintain transparency and fairness. AI-based suggestions do not affect productpricing, order approvals, or credit eligibility. If a decision significantly affects you, you have the right to request human review (see Section 8).

‍

‍

‍

12. Updates to This Policy

We reserve the right to modify or update this Privacy Policy at any time. We will post the updated version on our Website, and the “Last Updated” date at the top will reflect the effective date of the changes. Your continued use of our services after any changes constitutes acceptance of the revised policy.

‍

‍

‍

13. Contact Us

If you have questions about this Privacy Policy, your personal data, or wish to exercise any of your legal rights, please contact:

Circulus Innovations Limited
77 Sir John Rogerson's Quay, Dublin 2, D02 Y7Y5, Ireland
Email: info@circulusinnovations.com

‍

‍

‍

‍

By using our services, you acknowledge that you have read and understood this Privacy Policy. If you do not agree, please discontinue the use of our Website and services.

‍

‍