Privacy Policy

V1.3 effective date - 16th Dec 2024

This privacy policy applies between you, the User of this Website and Kortical, the owner and provider of this Website. Kortical takes the privacy of your information very seriously. This privacy policy applies to our use of any and all Data collected by us or provided by you in relation to your use of the Website.

Please read this privacy policy carefully

Definitions and interpretation

(1.1) In this privacy policy, the following definitions are used:

Data

collectively all information that you submit to Kortical via the Website. This definition incorporates, where applicable, the definitions provided in the Data Protection Laws;

Cookies

a small text file placed on your computer by this Website when you visit certain parts of the Website and/or when you use certain features of the Website. Details of the cookies used by this Website are set out in the clause below (Cookies);

Data Protection Laws

any applicable law relating to the processing of personal Data, including but not limited to the Directive 96/46/EC (Data Protection Directive) or the GDPR, and any national implementing laws, regulations and secondary legislation, for as long as the GDPR is effective in the UK;

GDPR

the General Data Protection Regulation (EU) 2016/679;

Kortical, or us

Kortical, a company incorporated in England and Wales with registered number 10452273 whose registered office is at 41 Swaffield Road, London SW18 3AQ;

UK and EU Cookie Law

the Privacy and Electronic Communications (EC Directive) Regulations 2003 as amended by the Privacy and Electronic Communications (EC Directive) (Amendment) Regulations 2011;

User or you

any third party that accesses the Website and is not either (i) employed by Kortical and acting in the course of their employment or (ii) engaged as a consultant or otherwise providing services to Kortical and accessing the Website in connection with the provision of such services; and

Website

the website that you are currently using, https://kortical.com/, https://k-chat.com/, and any sub-domains of this site unless expressly excluded by their own terms and conditions.

(1.2) In this privacy policy, unless the context requires a different interpretation:

a. the singular includes the plural and vice versa;
b. references to sub-clauses, clauses, schedules or appendices are to sub-clauses, clauses, schedules or appendices of this privacy policy;
c. a reference to a person includes firms, companies, government entities, trusts and partnerships;
d. "including" is understood to mean "including without limitation";
e. reference to any statutory provision includes any modification or amendment of it;
f. the headings and subheadings do not form part of this privacy policy.

Scope of this privacy policy

(2.1) This Privacy Policy applies to you if you:

interact with any of Kortical’s websites (including www.kortical.com, www.k-chat.com), the Kortical platform, K-Chat and Kortical Chat) or our social media pages (collectively, the "Sites") ("website users");
visit Kortical’s premises ("office visitors");
attend a Kortical event or an event which Kortical sponsors ("event attendees");
use Kortical's data exploration tool, machine learning platform, chatbot tool and our other applications and services (collectively, the "Kortical Services") ("customers");
are a marketing prospect, who is anyone whose data Kortical processes for the purposes of assessing customer eligibility ("marketing prospect"); or receive marketing communications from Kortical.

For purposes of the applicable Data Protection Laws, Kortical is the "data controller". This means that Kortical determines the purposes for which, and the manner in which, your Data is processed.

Data collected

(3.1) We may collect the following personal data about:

Website Users, Marketing Communications Recipients, and Marketing Prospects

Registration, contact, and company information (e.g., first and last names, email addresses, phone numbers, avatars, company name, and your role in your company).
Payment information (e.g., credit card information, billing and mailing addresses).
Device data (e.g., operating system type and version, browser type, screen resolution, IP address, unique device identifiers).
Service data (e.g., referring websites, interaction patterns with our emails and services, pages viewed, and links clicked).
Third-party data sources (e.g., profile information from social networking sites, geolocation data, and contact information from our marketing providers).

Chatbot Users

Kortical uses OpenAI language models, hosted within the EU on Microsoft Azure, to support chatbot functionality. When interacting with the chatbot, Data provided may be processed through OpenAI's model in a GDPR-compliant environment as an extension of Kortical’s services. OpenAI and Azure do NOT use your data for training models nor to they store it for their own use. They are a data processor.

Retention of Data

(3.2) We retain data based on the following criteria:

Service Data: Data collected through our chatbot service is retained while you actively use the service. If you cease use, this Data will be deleted 6 months after the termination of your service or subscription.
Marketing Data: Data for marketing purposes is retained for as long as there is active engagement with our content. If you do not engage with our communications, your data will be deemed inactive and deleted after 1 year of inactivity.

Our use of Data

(4.1) We collect and process your personal data for the following purposes:

Providing and facilitating delivery of the Kortical Services and Sites: We process your personal data to perform our contract with you for use of our Services and Sites and to fulfill our obligations under applicable terms of service. Where we have not entered into a contract with you, we process your personal data in reliance on our legitimate interests to operate and administer the Intercom Services and Sites. For example, to create, administer and manage your account.

Communicating with you about the Kortical Services and providing customer support: We may send you service, technical and other administrative messages in reliance on our legitimate interests in administering the Kortical Services. For example, we may send you messages about the availability or security of the Kortical Services. We also process your personal data to respond to your comments and questions and to provide customer care and support.

Improving the Kortical Services and Sites: We process your personal data to improve and optimise the Kortical Services and Sites and to understand how you use the Kortical Services and Sites, including to monitor usage or traffic patterns and to analyse trends and develop new products, services, features and functionality in reliance on our legitimate interests.

Sending marketing communications: Where we have your consent, we process your personal data to send you marketing communications via email, post or SMS about our products, services and upcoming events that might interest you. Please see the "Your Rights" section below to learn how you can control your marketing preferences.

Registering office visitors: We process your personal data for security reasons and for the purpose of hosting your visit to the extent such processing is necessary for our legitimate interests in protecting our premises and confidential information against unauthorised access and the safety of our staff and office visitors.

Managing event registrations and attendance: We process your personal data to plan and host events for which you have registered or that you attend, including sending related communications to you.

Maintaining security of the Kortical Services and Sites: We process your personal data to control unauthorised use or abuse of the Kortical Services and Sites, or otherwise detect, investigate or prevent activities that may violate Kortical policies or applicable laws, in reliance on our legitimate interests to maintain and promote the safety and security of the Intercom Sites and Services.

Displaying personalised advertisements: We may process your personal data to advertise to you and to provide personalised information, including by serving and managing advertisements on our Sites and on third party sites, in reliance on our legitimate interests to support our marketing activities and advertise our products and services or, where necessary, to the extent you have provided your consent.

Carrying out other legitimate business purposes: including invoicing, audits, fraud monitoring and prevention.

Complying with legal obligations:

We process your personal data when cooperating or complying with public and government authorities, courts or regulators in accordance with our obligations under applicable laws and to protect against imminent harm to our rights, property or safety, or that of our users or the public, as required or permitted by law.

(4.2) In certain circumstances, we may collect your personal data on a different legal basis. If we do, or if we use your personal data for purposes that are not compatible with, or are materially different than, the purposes described in this notice or the point of collection, we will explain how and why we use your personal data in a supplementary notice at or before the point of collection. Where we refer to legal bases in this section we mean the legal grounds on which organisations can rely when processing personal data.

(4.3) If you have any questions about our legal bases for processing your personal data, please contact us at support@kortical.com.

Who we share Data with

(5.1) We may share your Data with the following groups of people for the following reasons:

our employees, agents and/or professional advisors - to optimise services;
Google who are our main data storage provider hosted in the UK and Microsoft Azure, which hosts our OpenAI models, hosted in the EU.
Marketing tool providers as defined in the Cookie policy below

in each case, in accordance with this privacy policy.

Keeping Data secure

(6.1) We will use technical and organisational measures to safeguard your Data, for example:

access to your account is controlled by a password and a username that is unique to you.
we store your Data on secure servers.

(6.2) We are certified to ISO 27001. This family of standards helps us manage your Data and keep it secure.

(6.3) Technical and organisational measures include measures to deal with any suspected data breach. If you suspect any misuse or loss or unauthorised access to your Data, please let us know immediately by contacting us via this e-mail address: contact@kortical.com.

Your rights

(7.1) Under GDPR, you have the following rights in relation to your Data:

Right to access - the right to request (i) copies of the information we hold about you at any time, or (ii) that we modify, update or delete such information. If we provide you with access to the information we hold about you, we will not charge you for this, unless your request is "manifestly unfounded or excessive." Where we are legally permitted to do so, we may refuse your request. If we refuse your request, we will tell you the reasons why.
Right to opt-out of marketing communications - if you no longer wish to receive our newsletter and promotional communications, you may opt-out of receiving them by clicking on the "unsubscribe" or "opt-out" link in the communications we send you. Please note, however, that it may not be possible to opt-out of certain service-related communications. You can let us know at any time if you do not wish to receive marketing messages by contacting us on the email address below.
Right to correct - the right to have your Data rectified if it is inaccurate or incomplete.
Right to erase - the right to request that we delete or remove your Data from our systems.
Right to restrict our use of your Data - the right to "block" us from using your Data or limit the way in which we can use it.
Right to data portability - the right to request that we move, copy or transfer your Data.
Right to object - the right to object to our use of your Data including where we use it for our legitimate interests.

(7.2) To make enquiries, exercise any of your rights set out above, or withdraw your consent to the processing of your Data (where consent is our legal basis for processing your Data), please contact us via this e-mail address: support@kortical.com.

(7.3) If you are not satisfied with the way a complaint you make in relation to your Data is handled by us, you may be able to refer your complaint to the relevant data protection authority. For the UK, this is the Information Commissioner's Office (ICO). The ICO's contact details can be found on their website at https://ico.org.uk/.

(7.4) It is important that the Data we hold about you is accurate and current. Please keep us informed if your Data changes during the period for which we hold it.

Links to other websites

(8.1) Our Websites may, from time to time, provide links to other external websites. We have no control over such external websites and are not responsible for the content of these websites. This privacy policy does not extend to your use of such websites. You are advised to read the privacy policy or statement of other websites prior to using them.

Changes of business ownership and control

(9.1) Kortical may, from time to time, expand or reduce our business and this may involve the sale and/or the transfer of control of all or part of Kortical. Data provided by Users will, where it is relevant to any part of our business so transferred, be transferred along with that part and the new owner or newly controlling party will, under the terms of this privacy policy, be permitted to use the Data for the purposes for which it was originally supplied to us.

(9.2) We may also disclose Data to a prospective purchaser of our business or any part of it.

(9.3) In the above instances, we will take steps with the aim of ensuring your privacy is protected.

Cookies

(10.1) This Website may place and access certain Cookies on your computer. Kortical uses Cookies to improve your experience of using the Website and to improve our range of products and services. Kortical has carefully chosen these Cookies and has taken steps to ensure that your privacy is protected and respected at all times.

(10.2) All Cookies used by this Website are used in accordance with current UK and EU Cookie Law.

(10.3) Before the Website places Cookies on your computer, you will be presented with a message bar requesting your consent to set those Cookies. By giving your consent to the placing of Cookies, you are enabling Kortical to provide a better experience and service to you. You may, if you wish, deny consent to the placing of Cookies; however certain features of the Website may not function fully or as intended.

(10.4) This Website may place the following Cookies:

Type of Cookie and its Purpose:

Analytical/performance cookies: Help us understand website usage
Functionality cookies: Store user preferences
Targeting cookies: Personalise advertisements based on user interests

(10.5) You can find a list of Cookies that we use in the Cookies Schedule.

(10.6) You can choose to enable or disable Cookies in your internet browser. By default, most internet browsers accept Cookies but this can be changed. For further details, please consult the help menu in your internet browser.

(10.7) You can choose to delete Cookies at any time; however you may lose any information that enables you to access the Website more quickly and efficiently including, but not limited to, personalisation settings.

(10.8) For more information generally on cookies, including how to disable them, please refer to aboutcookies.org. You will also find details on how to delete cookies from your computer.

General

(11.1) You may not transfer any of your rights under this privacy policy to any other person. We may transfer our rights under this privacy policy where we reasonably believe your rights will not be affected.

(11.2) If any court or competent authority finds that any provision of this privacy policy (or part of any provision) is invalid, illegal or unenforceable, that provision or part-provision will, to the extent required, be deemed to be deleted, and the validity and enforceability of the other provisions of this privacy policy will not be affected.

(11.3) Unless otherwise agreed, no delay, act or omission by a party in exercising any right or remedy will be deemed a waiver of that, or any other, right or remedy.

(11.4) This Agreement will be governed by and interpreted according to the law of England and Wales. All disputes arising under the Agreement will be subject to the exclusive jurisdiction of the English and Welsh courts.

Changes to this privacy policy

(12.1) Kortical reserves the right to change this privacy policy as we may deem necessary from time to time or as may be required by law. Any changes will be immediately posted on the Website and you are deemed to have accepted the terms of the privacy policy on your first use of the Website following the alterations.

Cookies Schedule

Below is a list of the cookies that we use. We have tried to ensure this is complete and up to date, but if you think that we have missed a cookie or there is any discrepancy, please let us know.

Analytical/performance

We use the following analytical/performance cookies:

Description of Cookie: Analytical/Performance cookie
Purpose: We use this cookie to help us analyse how users use the website, which include cookies from: Google Analytics, Hubspot, Fullstory, Mixpanel

Functionality

We use the following functionality cookies:

Description of Cookie: Functional cookie
Purpose: We use this cookie to help us remember the user’s site preferences including username, region and language: Google Analytics, Hubspot

Targeting

We use the following targeting cookies:

Description of Cookie: Targeting cookie
Purpose: We use this cookie to enable us to tailor our marketing communications with you: Google, Hubspot, LinkedIn and Meta