Talk to our team
See it in action

Privacy policy

Effective date: Jun 10, 2025 Last revised: Jun 10, 2025

GRAPH AI SERVICES INDIA PRIVATE LIMITED (hereinafter referred to as the “Company", "we", "us", or "our") is committed to protecting and respecting the privacy, confidentiality, and security of Personal Data (defined below) entrusted to us by our clients, prospects, partners, website visitors, and all other individuals whose Personal Data we process. This privacy policy (hereinafter referred to as the "Policy") sets out the basis on which any Personal Data we collect, receive, or otherwise process will be handled by us, in accordance with applicable data protection laws across all jurisdictions in which we operate.   Please read this Policy carefully. By interacting with our website, attending our events, submitting your details through any of our channels, or otherwise providing us with your personal data, you acknowledge that you have read, understood, and agree to the collection, use, and processing of your personal data as described herein. Where your consent is required as a legal basis for processing, it will be obtained separately and explicitly.  
  1. DEFINITIONS AND INTERPRETATION
    1. In this Policy, unless the context otherwise requires, the following terms shall have the meanings ascribed to them below:
      1. Applicable Law” means all mandatory laws, statutes, regulations, rules, orders, directives, and guidelines concerning data protection, privacy, and information security that apply to the processing of Personal Data under this Privacy Policy. This includes any local, national, or international legal frameworks governing the collection, use, disclosure, transfer, or storage of data, including cross-border transfers, intra-group sharing and any AI-specific regulations, as amended or updated from time to time.
      2. "Controller" or “Data Fiduciary” means the entity that, alone or jointly with others, determines the purposes and means of the processing of personal data. For the purposes of this Policy, the Company acts as the Controller or Data Fiduciary in respect of personal data processed under this Policy, unless otherwise stated.
      3. Cookies” shall have the meaning given to it in Clause 11.1 of this Policy.
      4. Data Protection Impact Assessment” or “DPIA” means a structured, proactive analysis conducted to evaluate how our platform(s) process(es) Personal Data, specifically focusing on identifying and minimizing risks to individual privacy. This systematic evaluation occurs prior to deploying new technologies—such as artificial intelligence, machine learning models, or automated processing systems—and ensures that data minimization, security safeguards, and privacy-by-design principles are embedded into our software architecture globally.
      5. "Data Subject" or “Data Principal” means any identified or identifiable natural person whose personal data is processed by the Company.
      6. Legitimate Interest” or “Legitimate Use” means the lawful, justified, and ethically sound reasons for which the Controller / Data Fiduciary processes Personal Data, provided that such processing is necessary, proportionate, and does not override the fundamental rights, freedoms, or privacy expectations of the Data Subject / Data Principal.
      7. Legitimate Interests Assessment” or “LIA” shall have the meaning given to it in Clause 5.2 of this Policy.
      8. "Personal Data" means any information relating to an identified or identifiable natural person, including but not limited to a name, identification number, location data, online identifier, or one or more factors specific to the physical, physiological, genetic, mental, economic, cultural, or social identity of that natural person.
      9. "Processing" means any operation or set of operations performed on personal data, whether or not by automated means, including collection, recording, organisation, structuring, storage, adaptation, retrieval, consultation, use, disclosure by transmission, dissemination, alignment, combination, restriction, erasure, or destruction.
      10. "Processor" or “Data Processor” means any natural or legal person, public authority, agency, or other body that processes personal data on behalf of the Controller / Data Fiduciary.
      11. "Sensitive Personal Data" or "Special Categories of Data" means personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, genetic data, biometric data processed for the purpose of uniquely identifying a natural person, data concerning health, or data concerning a natural person's sex life or sexual orientation, or any data classified as sensitive under Applicable Law.
      12. "Third-Party Service Provider" means any external vendor, partner, platform, or technology provider engaged by the Company to process personal data on its behalf, including but not limited to email marketing platforms, customer relationship management (CRM) systems, cloud service providers, and analytics tools.
      13. “Vital Interests” means any processing of Personal Data that is strictly necessary to protect an essential, life-or-death interest of the Data Subject / Data Principal or another natural person, in accordance with Applicable Law. This processing basis is reserved exclusively for urgent, critical circumstances and emergency situations where a delay would result in severe harm, and includes, but is not limited to medical emergencies, threats to life or safety and humanitarian disasters. 
      14. "Website" means the Company's official website(s) and any associated digital platforms, portals, or applications operated by or on behalf of the Company.
    2. References to any statute, regulation, or legislative enactment shall include references to any amendment, modification, re-enactment, or successor legislation thereof.
    3. The singular includes the plural and vice versa, and any gender includes all genders.
    4. Headings are for convenience only and shall not affect the interpretation of this Policy.
  2. DATA PROTECTION OFFICER / PRIVACY OFFICER
    1. We appoint a qualified Data Protection Officer (or equivalent Privacy Officer) responsible for: monitoring compliance with this Policy and Applicable Laws; advising on DPIAs; acting as contact point for Data Subjects / Data Principals and supervisory authorities; and maintaining the records of processing activities. If you have any questions about our privacy practices, you can contact our Data Protection Officer, whose details are below:
      CONTACT FIELD DETAIL
      DPO / Privacy Officer Name Ashish Pedaprolu
      Title Data Protection Officer
      Email dataprotectionoffcier@graphsafety.ai
      Postal Address [Graph AI Services India Private Limited], Attn: DPO, [Innov8 Pranava Business Park, Office C7-3, 7th Floor,
      Beside Harsha Toyota Showroom,
      Kothaguda, Hitec City, Telangana - 500084, ]
      Phone [+919885348555]
    2. Where the Company operates through subsidiaries, affiliates, or associated entities in multiple jurisdictions, each relevant entity may act as a Controller/Data Fiduciary in respect of the Personal Data it collects and processes locally. The Company shall maintain a register of all such entities and their respective data processing activities, available upon request.
    3. For all queries, requests, or complaints relating to the processing of your Personal Data, or to exercise any of your rights under Applicable Laws pertaining to data protection, you may contact us using the details set out in Clause 2.1 above or as further specified in Clause 15 of this Policy.
  3. PERSONAL DATA WE COLLECT
    1. We collect and process only such Personal Data as is adequate, relevant, and limited to what is necessary in relation to the purposes for which it is processed, keeping in line with the principle of data minimisation. The categories of Personal Data we collect include, without limitation, the following: 
      1. Identity Data: first name, last name, title, job title, employer or company name, and professional designation.
      2. Contact Data: business and/or personal email address, telephone number, business address, and other contact particulars.
      3. Professional and Corporate Data: industry, seniority level, areas of professional interest, company size, and organisational role.
      4. Event and Engagement Data: records of attendance at our events, webinars, conferences, or seminars; interactions with our communications; registration data submitted in connection with events.
      5. Technical and Usage Data: IP address, browser type and version, device identifiers, operating system, time zone, cookie identifiers, pages visited on our Website, clickstream data, referral source, and other technical data automatically collected when you access or use our Website.
      6. Marketing and Communications Data: records of your preferences in receiving marketing and communications from us, your communication preferences, opt-in or opt-out status, and interaction data (open rates, click-through rates) relating to our electronic communications.
      7. Enquiry and Correspondence Data: any Personal Data contained in correspondence, enquiries, or communications you direct to us, whether by email, contact form, telephone, or otherwise.
      8. Social Media and Professional Network Data: publicly available professional data collected from platforms such as LinkedIn or other professional networks, where you have made such information publicly accessible and where collection is in compliance with the platform's terms and Applicable Law.
    2. We do not, as a matter of standard practice, seek to collect Sensitive Personal Data. In the event that Sensitive Personal Data is incidentally disclosed to us or is required for a specific purpose, we will obtain your explicit consent prior to processing such Personal Data and will apply heightened security and confidentiality measures. 
    3. We do not knowingly collect Personal Data from individuals under the age of eighteen (18) years. If you are under 18, please do not submit Personal Data to us. Should we become aware that Personal Data of a minor has been collected inadvertently, we shall take immediate steps to delete such Personal Data.
  4. SOURCES OF PERSONAL DATA
    1. We collect Personal Data from the following sources:
      1. Directly from you: when you complete forms or registration details on our Website; when you contact us by email, telephone, or through any digital communication channel; when you sign up for or attend our events, webinars, conferences, or seminars; when you subscribe to our newsletter, publications, or marketing communications; or when you engage with us in any other manner.
      2. Automatically via your use of our Website: through cookies, web beacons, pixel tags, log files, and similar tracking technologies deployed on our Website. Please refer to Clause 11 (Cookies and Tracking Technologies) for further information.
      3. From events and exhibitions: where you interact with our representatives, provide a business card, scan a badge, or otherwise share your contact or professional details with us at industry events, trade fairs, seminars, or conferences.
      4. From third parties: including data enrichment providers, business intelligence platforms, event organisers, industry associations, referral partners, and public registers or databases, where applicable and lawful. 
      5. From our clients and partners: where a client, partner, or third party provides us with your Personal Data for the purposes of fulfilling a business engagement or introducing a prospective relationship. 
    2. Where we receive Personal Data about you from a third party, we shall take reasonable steps to ensure that the third party had a lawful basis for sharing such Personal Data with us, and that you have been informed of our receipt and intended use of your Personal Data, as required by Applicable Law.
  5. PURPOSES AND LEGAL BASES FOR PROCESSING
    1. We process Personal Data only where we have a lawful basis for doing so. The following table sets out the primary purposes for which we process Personal Data and the corresponding legal bases relied upon:
      1.  To communicate with prospects, clients, and partners in connection with our products, services, and business activities — Legal basis: Legitimate Interests or Legitimate Use, and/or performance of a contract.
      2.  To send marketing communications, newsletters, industry updates, event invitations, and promotional materials — Legal basis: Consent (where required by Applicable Law) and/or Legitimate Interests or Legitimate Use.
      3. To manage and administer registration for and attendance at our events, webinars, and conferences — Legal basis: Performance of a contract and/or Legitimate Interests or Legitimate Use.
      4. To operate, maintain, and improve our Website and digital platforms, and to analyse usage patterns and trends — Legal basis: Legitimate Interests or Legitimate Use.
      5. To respond to enquiries, requests, or complaints submitted to us — Legal basis: Legitimate Interests or Legitimate Use and/or performance of a contract.
      6. To maintain our business records and manage our client and prospect database — Legal basis: Legitimate Interests or Legitimate Use and/or compliance with a legal obligation.
      7. To comply with applicable legal, regulatory, or professional obligations — Legal basis: Compliance with a legal obligation.
      8. To establish, exercise, or defend legal claims — Legal basis: Legitimate Interests or Legitimate Use and/or Vital Interests.
    2. Where our legal basis for processing is Legitimate Interests or Legitimate Use, we have conducted and documented a legitimate interests’ assessment (“Legitimate Interests Assessment” or "LIA") to ensure that our interests are not overridden by your rights and interests. A copy of our LIA is available upon written request. 
    3. Where our legal basis for processing is consent, you have the right to withdraw your consent at any time without detriment and without affecting the lawfulness of processing carried out prior to such withdrawal. Withdrawal of consent may be effected by contacting us as set out in Clause 2.1 or by using any unsubscribe mechanism included in our communications. Legitimate Interests Assessment” or "LIA") to ensure that our interests are not overridden by your rights and interests. A copy of our LIA is available upon written request. 
    4. We will not use your Personal Data for any purpose that is incompatible with the purposes set out in this Clause 5 without giving you prior notice and, where required, obtaining your consent. Legitimate Interests Assessment” or "LIA") to ensure that our interests are not overridden by your rights and interests. A copy of our LIA is available upon written request. 
  6. MARKETING AND ELECTRONIC COMMUNICATIONS
    1. We may use your Personal Data to send you marketing communications, including newsletters, industry insights, thought leadership content, event invitations, product or service updates, and other promotional materials, by email or other electronic means.
    2. Where required by Applicable Law we will only send you marketing communications where we have obtained your prior, express, and informed consent, or where we are otherwise lawfully permitted to do so.
    3. In respect of individuals with whom we have an existing business relationship, and where permitted by Applicable Law, we may send marketing communications on the basis of our Legitimate Interests or Legitimate Use, subject always to your right to opt out at any time.
    4. Every marketing communication sent by us or on our behalf shall include a clear, prominent, and functional mechanism by which you may opt out of receiving further marketing communications. Opt-out requests shall be processed without undue delay and in any event within ten (10) business days of receipt.
    5. We utilise Third-Party Service Providers to facilitate the dispatch of electronic communications, including email marketing platforms and newsletter distribution services. Such providers process your Personal Data solely on our behalf and under our instructions, in accordance with Clause 7 of this Policy.
    6. Where your Personal Data has been collected via events, business card exchange, or other professional channels, we will inform you at the point of first subsequent contact of our identity, the source from which we obtained your Personal Data, and the purpose for which we intend to use it, in compliance with applicable transparency requirements. 
  7. THIRD-PARTY SERVICE PROVIDERS AND DATA PROCESSORS
    1. We engage Third-Party Service Providers to assist us in operating our business, delivering our services, and fulfilling the purposes described in this Policy. Such Third-Party Service Providers may process Personal Data on our behalf as Data Processors. These include, without limitation, providers of the following services:
      1. Email marketing and newsletter distribution platforms;
      2. Customer relationship management (CRM) systems;
      3. Cloud hosting, storage, and infrastructure services;
      4. Website analytics and performance monitoring tools;
      5. Event management and registration platforms;
      6. Marketing automation and lead management software;
      7. Legal, compliance, and professional advisory services; and
      8. Information technology and cybersecurity services.
    2. We require all Third-Party Service Providers to whom we disclose Personal Data to:
      1. Enter into a written data processing agreement with the Company and/or the Controller / Data Fiduciary that imposes data protection obligations no less protective than those applicable to the Company and/or the Controller / Data Fiduciary under Applicable Law;
      2. Process Personal Data only on documented instructions from the Company and/or the Controller / Data Fiduciary;
      3. Maintain appropriate technical and organisational security measures to protect Personal Data against unauthorised access, disclosure, alteration, or destruction;
      4. Not sub-process Personal Data without the prior written consent of the Company and/or the Controller / Data Fiduciary; and
      5. Promptly notify the Company and/or the Controller / Data Fiduciary of any Personal Data breach, security incident, or regulatory enquiry affecting the Personal Data processed on our behalf.
    3. We do not sell, rent, lease, or otherwise transfer your Personal Data to third parties for their own independent marketing or commercial purposes, unless we have your express prior consent or are required to do so by Applicable Law.
    4. We may disclose Personal Data to the following categories of recipients, in addition to Third-Party Service Providers:
      1. Regulatory authorities, law enforcement agencies, courts, or other governmental bodies, where required by Applicable Law or court order;
      2. Prospective or actual acquirers, investors, or business partners in connection with a merger, acquisition, restructuring, or sale of all or part of our business assets, subject to appropriate confidentiality undertakings; and
      3. Professional advisers, including legal counsel, auditors, and insurers, where necessary for the conduct of our business or the defence of legal claims.
  8. INTERNATIONAL TRANSFERS OF PERSONAL DATA
    1. Given the global nature of our operations, Personal Data may be transferred to, stored in, or processed in countries outside the jurisdiction in which it was collected, including countries that may not offer an equivalent level of data protection to that afforded in your country of residence. 
    2. Where Personal Data is transferred across international borders, we shall ensure that such transfers are carried out in compliance with Applicable Laws pertaining to cross-border Personal Data transfer, utilising one or more of the following safeguard mechanisms, as appropriate:
      1. Adequacy decisions: transfers to countries that have been deemed by the relevant authority (including the European Commission, the UK Information Commissioner, the Data Protection Board of India or equivalent) to provide an adequate level of data protection;
      2. Standard contractual clauses: the use of model contractual clauses approved or adopted by the relevant supervisory authority, including the EU Standard Contractual Clauses (SCCs) and/or the UK International Data Transfer Agreement (IDTA); 
      3. Binding corporate rules: where applicable, approved binding corporate rules governing intra-group transfers;
      4. Derogations: in limited and specific circumstances, where another derogation under applicable data protection law is available, including explicit consent, necessity for the performance of a contract, or important reasons of public interest; and
      5. Other lawful transfer mechanisms: including any alternative mechanisms recognised or approved under applicable local law in the jurisdictions in which we operate.
    3. You may request further information about the safeguards in place for any specific international transfer by contacting us as set out in Clause 2.1. 
  9. DATA RETENTION
    1. We retain Personal Data for no longer than is necessary for the purposes for which it was collected and processed, or as required or permitted by Applicable Law. Our retention practices are guided by the following principles:
      1. We maintain a Data Retention Schedule that sets out the applicable retention periods for each category of personal data we process. A copy of our Data Retention Schedule is available upon written request. 
      2. Marketing and prospecting data: Personal Data collected for marketing or prospecting purposes will be retained for a period of: (i) thirteen (13) months from the date of last meaningful interaction, unless you opt out, withdraw consent, or request erasure at an earlier date; or (ii) any other relevant time period specified by Applicable Law. We will follow the most relevant and rigorous retention period for retention of your Personal Data, in accordance with Applicable Law.
      3. Event data: Personal Data collected in connection with event attendance or registration will be retained for a period of: (i) thirteen (13) months following the conclusion of the relevant event, unless required for a longer period in connection with an ongoing business relationship; or (ii) any other relevant time period specified by Applicable Law. We will follow the most relevant and rigorous retention period for retention of your Personal Data, in accordance with Applicable Law.
      4. Business correspondence and records: Personal Data contained in business records and correspondence will be retained for such periods as are required by applicable legal, regulatory, tax, or professional obligations. In the event of prevalence of two or more different retention periods under Applicable Law, then the more rigorous retention period, as required under Applicable Law, will be followed. 
    2. At the expiry of the applicable retention period, Personal Data will be securely deleted, anonymised, or destroyed in a manner that ensures it cannot be reconstructed or identified, unless retention is required or permitted by Applicable Law.
    3. Where you withdraw consent, opt out of marketing, or request erasure of your Personal Data, we will suppress your Personal Data from active processing within the retention period set out in this Clause. We may, however, retain a minimal record of your name and opt-out status for the purposes of honouring your preference and preventing inadvertent future contact.
  10. SECURITY OF PERSONAL DATA
    1. We are committed to ensuring the security, integrity, and confidentiality of all Personal Data in our possession or control. We implement and maintain appropriate technical and organisational measures designed to protect Personal Data against accidental or unlawful destruction, loss, alteration, unauthorised disclosure, or access.
    2. Our security measures include, without limitation: 
      1. Encryption of Personal Data in transit and at rest using industry-standard protocols;
      2. Access controls and authentication mechanisms, including role-based access controls and multi-factor authentication;
      3. Regular security assessments, vulnerability testing, and penetration testing;
      4. Employee training on data protection, information security, and privacy best practices;
      5. Incident response and data breach management procedures; and
      6. Physical security measures at our premises and data processing facilities.
    3. Notwithstanding the foregoing, no method of electronic transmission or storage is entirely secure. Whilst we endeavour to protect your Personal Data, we cannot guarantee absolute security. In the event of a Personal Data breach, we will take prompt action to contain, investigate, and remediate the breach, and will notify the relevant supervisory authority and/or affected individuals in accordance with our legal obligations.
    4. Access to Personal Data is restricted to those employees, contractors, and third parties who have a legitimate need to access it for the purposes set out in this Policy. All such persons are subject to binding confidentiality obligations.
  11. COOKIES AND TRACKING TECHNOLOGIES
    1. Our Website uses cookies, web beacons, pixel tags, and similar tracking technologies (collectively, "Cookies") to enhance the functionality and user experience of our Website, to analyse usage and traffic, and to support our marketing activities.
    2. Cookies are small text files placed on your device when you visit our Website. They allow us to recognise your device, remember your preferences, and gather information about how you use our Website.
    3. We use the following categories of Cookies:
      1. Strictly Necessary Cookies: essential for the operation of our Website and cannot be disabled without impairing functionality;
      2. Performance and Analytics Cookies: used to collect information about how visitors use our Website, enabling us to improve its performance and content;
      3. Functionality Cookies: used to remember your preferences and personalise your experience; and
      4. Marketing and Targeting Cookies: used to deliver relevant advertising and to track the effectiveness of our marketing campaigns.
    4. Non-essential Cookies are placed only with your prior consent, obtained through our cookie consent mechanism on first visit to our Website. You may withdraw or modify your cookie preferences at any time by accessing our Cookie Preference Centre or by adjusting the settings of your browser. 
    5. Please note that restricting or disabling certain Cookies may impact the functionality and user experience of our Website. A detailed Cookie Policy, setting out all Cookies in use and their respective purposes and retention periods, is available on our Website. 
  12. YOUR DATA PROTECTION RIGHTS
    1. Subject to Applicable Law and any applicable exemptions or limitations, you may be entitled to exercise the following rights in respect of your Personal Data:
      1. Right of Access: The right to request confirmation of whether we process Personal Data about you and, if so, to receive a copy of such Personal Data together with supplementary information about our Processing activities.
      2. Right to Rectification: The right to request correction of inaccurate Personal Data or completion of incomplete Personal Data held by us.
      3. Right to Erasure: The right to request deletion of your Personal Data where it is no longer necessary for the purposes for which it was collected, where you withdraw consent (and there is no other lawful basis for Processing), or where the Processing is unlawful.
      4. Right to Restriction of Processing: The right to request that we restrict the Processing of your Personal Data in certain circumstances, including where accuracy is contested or where Processing is unlawful but you object to erasure.
      5. Right to Data Portability: The right to receive your Personal Data in a structured, commonly used, and machine-readable format and to transmit such Personal Data to another Controller / Data Fiduciary, where the Processing is based on consent or on a contract and is carried out by automated means.
      6. Right to Object: The right to object to Processing based on Legitimate Interests or Legitimate Use, or to Processing for direct marketing purposes (including profiling for such purposes), at any time and without charge.
      7. Rights in Relation to Automated Decision-Making and Profiling: The right not to be subject to a decision based solely on automated Processing, including profiling, which produces legal or similarly significant effects, except where such Processing is necessary for the performance of a contract, is required by Applicable Law, or is based on your explicit consent.
      8. Right to Withdraw Consent: Where Processing is based on your consent, the right to withdraw such consent at any time, without prejudice to the lawfulness of Processing based on consent prior to withdrawal.
    2. In addition to the rights set out in Clause 12.1, individuals in relevant jurisdictions may be entitled to additional rights under the relevant Applicable Law such as, the right to access information, right to correction and erasure, right to opt-out of sale or sharing of personal information, the right to revoke consent, right to limit use of sensitive personal information, the right to non-discrimination for exercising your rights, right to grievance redressal, the right to nominate, rights of anonymisation, rights of portability, and the right to oppose Processing.
    3. To exercise any of the rights described in this Clause 12, please submit a written request to us using the contact details set out in Clause 2.1. We may be required to verify your identity before processing your request. We will respond to all valid requests within the timeframes prescribed by Applicable Law, and in any event within thirty (30) calendar days of receipt (subject to any extensions permitted by Applicable Law).
    4. We will not charge a fee for the exercise of your rights, unless your request is manifestly unfounded, repetitive, or excessive, in which case we may charge a reasonable administrative fee or decline to act on your request, in each case subject to Applicable Law.
  13. DATA PROTECTION BY DESIGN AND BY DEFAULT
    1. The Company is committed to embedding data protection principles into the design and operation of all new products, services, systems, and processes from the outset, in accordance with the principle of data protection by design and by default.
    2. By default, we process only such Personal Data as is necessary for each specific purpose of processing and do not retain such Personal Data for longer than is necessary. Access to Personal Data is limited to authorised personnel with a need to know.
    3. Where we introduce new data processing activities or technologies that are likely to result in a high risk to the rights and freedoms of individuals, we will conduct a Data Protection Impact Assessment prior to commencing such processing, in accordance with relevant provisions under Applicable Law pertaining to data protection. 
  14. LINKS TO THIRD-PARTY WEBSITES AND PLATFORMS
    1. Our Website and communications may contain hyperlinks to third-party websites, platforms, and services that are not operated or controlled by us. This Policy does not apply to such third-party websites or platforms.
    2. We are not responsible for the privacy practices, data handling procedures, or content of any third-party websites or platforms. We encourage you to review the privacy policies of any third-party websites you visit before providing any personal data.
    3. The inclusion of any hyperlink on our Website does not constitute an endorsement, recommendation, or approval by us of the linked website or platform.
  15. COMPLAINTS AND THE RIGHT TO LODGE A COMPLAINT WITH A SUPERVISORY AUTHORITY
    1. We are committed to handling all data protection queries, requests, and complaints promptly, fairly, and transparently. If you have any concerns about the way in which we process your Personal Data, please contact us in the first instance using the details set out in Clause 2.1. We will investigate your complaint and endeavour to resolve it in a timely and satisfactory manner.
    2. If you are not satisfied with our response or believe that we are Processing your Personal Data in a manner that is not compliant with the Applicable Law pertaining to data protection, you have the right to lodge a complaint with the relevant data protection supervisory authority in your jurisdiction. 
    3. Nothing in this Clause will limit your rights under Applicable Law to seek alternative legal or administrative remedies.
  16. CHANGES TO THIS PRIVACY POLICY
    1. We reserve the right to amend, update, or revise this Policy at any time to reflect changes in Applicable Law, regulatory guidance, our business practices, or our data Processing activities. The most current version of this Policy will be published on our Website and will supersede all prior versions.
    2. Where changes to this Policy are material, we will notify you by email (where we hold your contact details) or by prominent notice on our Website, prior to the change becoming effective. We will also update the "Last Revised" date at the top of this Policy to reflect the date of the most recent revision.
    3. Your continued engagement with us, use of our Website, or receipt of our communications following notification of any material change to this Policy shall constitute your acknowledgement of the revised Policy. Where your consent is required for any new Processing activity, we shall obtain such consent separately.
  17. MISCELLANEOUS
    1. If any provision of this Policy is found by a court or supervisory authority of competent jurisdiction to be invalid, unlawful, or unenforceable, that provision shall be deemed severed from this Policy and shall not affect the validity, legality, or enforceability of the remaining provisions.
    2. This Policy does not create any contractual rights or obligations between us and you, save as expressly provided herein or as required by Applicable Law.
    3. This Policy is intended to be read in conjunction with any other notices, policies, or statements we provide to you in connection with specific Processing activities, including but not limited to any separate Cookie Policy, Employee Privacy Notice, or Client Engagement Privacy Notice, that may be published from time to time or available on request or shared separately.
    4. In the event of any conflict between this Policy and any applicable mandatory provision of Applicable Law, the applicable mandatory provision of Applicable Law shall prevail.