Myriad AI - Regulatory Compliance Solutions Myriad AI - Regulatory Compliance Solutions
Myriad AI - Regulatory Compliance Solutions Myriad AI - Regulatory Compliance Solutions

Privacy Policy

This Website Privacy Policy describes how Myriad Technology Inc. (”Myriad”, ”we”, ”us”, or ”our”) as a data controller handles personal data that collects from and about you when you visit our website, currently located at myriad.company and myriad.ai (the ”Website” and the ”Website Privacy Policy”); engage with us through our newsletters, emails, and branded social media accounts; or interact with in person. This Website Privacy Policy also describes legal rights you may have, subject to applicable law, and how you can exercise them.

To understand more about how Myriad handles personal data we collect about users of our cloud-based legal operations platform, please see our Platform Privacy Policy, which is accessible directly in the platform.

Who we are

Myriad helps companies monitor regulatory developments and navigate compliance requirements. Our Services are provided exclusively on a business-to-business basis and are not intended for consumers.

Although Myriad is headquartered in the United States (the ”US”) and offers its products globally, all technical and organizational processing of data, including personal data, is managed from the European Union (the ”EU”) and operates on infrastructure located within the EU.

We comply with the General Data Protection Regulation (the ”GDPR”) and other applicable laws governing the processing of personal data.

What We Process

  1. Acting as a data controller (someone who determines the purposes and means of the processing), we collect certain information about you, which are defined as personal data by applicable laws, mainly the GDPR. This includes information that alone or in combination with other information may be used to identify, contact, or locate you, such as your name, address, email address, or phone number or can be linked to you.

  2. We collect personal data from two (2) different sources. The sources are following:

    1. Personal data you give us directly (see point 2.3 below);

    2. Personal data we collect from other sources (see point 2.4 below).

  3. Personal data you give us directly represents information we collect directly from you. For instance, we collect information that you voluntarily provide in the following ways:

    1. Communication with us: Your first and last name, email address, phone number, current organization, position or title, depends on what you share. We also collect any information and content you choose to provide to us as part of your communication.

    2. When you sign-up for our Services. In order to provide you with our Services, we ask you for your email address to verify your identity. This Website Privacy Policy doesn’t cover processing of personal data when you use our other Services than the Website.

  4. Personal data we collect from other sources represents information we obtained from other sources, for instance, we may use information from a third-party data provider to update information about you in our contact database. The other relevant sources are represented by:

    1. Another individual at your organization;

    2. Our business partners,

    3. Publicly available information on internet websites; or

    4. Third parties that help us update, expand, and analyze our records and inform our networking and marketing efforts.

How We Use Personal Data

  1. We act as a data controller with respect to and use the above described information collected for:

    1. Website Delivery (service provision - contract performance, legitimate interest): To provide, maintain, operate and improve our Website (we keep data for as long as you stay on our Website);

    2. Website Development (legitimate interest): To improve our Website based on your visits (we keep this data for 2 years since its collection);

    3. Communications and Customer Support (service provision, consent): To communicate with you (including ads but also responding to your requests, inquiries, comments, and suggestions) (we keep this data for 2 years since you last interacted with us);

    4. Email Address Verification (service provision): To verify email address before launching the provision of our Platform (we keep this data for 2 years since you last interacted with us);

    5. Analytics (legitimate interest): To monitor and analyze usage and trends to improve user experience (we keep this data for 2 years since its collection);

    6. Security & Compliance (legitimate interest): To detect, prevent, and address technical issues and security threats (we keep this data for 2 years since collection or longer, if required by law);

    7. Marketing (legitimate interest, consent): To further our networking, marketing, and social strategies (including notifying you about services, offers, promotions, and events we think might be of interest to you and posting testimonials) (we keep this data for 2 years since you last interacted with us); and

    8. Carry out any other purpose (based on lawful basis) described to you prior or at the time personal data was collected.

  2. Our processing of personal data for all purposes involves both automated and manual (human) methods of processing. Our automated methods are often linked to and supported by manual methods.

Sharing Your Personal Data

  1. We do not sell or rent your personal data. We may share your personal data with certain third parties in the following circumstances:

    1. Companies in the group: We may share personal data between and among any current or future parents, subsidiaries (Myriad Technology s.r.o.), affiliates, and other companies under common control and ownership with Myriad for purposes listed above.

    2. Vendors and service providers: We may share personal data with vendors, consultants, and other service providers who need to access the data for purposes above, such as providing analytics services, cloud-hosting (service provision), or marketing.

    3. Advertising and analytics partners: We may share your personal data with other third parties that provide advertising, campaign measurement, online analytics and other services, in order to help us reach individuals with relevant ads and measure our ad campaigns, or to better understand how individuals interact with our website. For marketing purposes, we use a third-party provider HubSpot, Inc. For further information on how HubSpot, Inc. processes personal data, see the following website: www.legal.hubspot.com/privacy-policy.

    4. Business transfers: We may share personal data with another company in connection with or during negotiations of any merger, acquisition, financing, re-organization, bankruptcy, sale of all or a portion of our assets, or transition of services to another provider.

    5. Legal requirements: We may share personal data when we believe it is necessary to comply with a legal obligation, including lawful requests from public authorities to meet national security or law enforcement requirements. We may also share personal data when we believe it is necessary to protect Myriad’s rights and property, to protect the safety of our users, and to defend against legal liability.

Personal Data Transfer

We do not systematically transfer personal data to our main establishment in the US. Personal data we collect may be processed for the purposes set out in this Website Privacy Policy outside the EU when we engage vendors or service providers (data processors), as disclosed in this Website Privacy Policy. When doing so, we choose only such data processors providing appropriate safeguards for data security and confidentiality and we rely on adequacy decisions or standard contractual clauses to ensure your privacy rights.

Personal Data Retention

We only keep your personal data for so long as reasonably necessary for the purposes described in this Website Privacy Policy, as required by law, or as necessary to resolve disputes and enforce our rights and agreements.

Personal Data Security

  1. Taking into account the nature, scope, context and purposes of the processing of data, Myriad implements appropriate technical and organizational measures to ensure a level of security appropriate to such risks. Myriad uses commercially reasonable efforts to protect the availability, authenticity, integrity and confidentiality of data, including personal data. Such measures include, without limitation:

    1. Access Control and Identity Management. Role-based access controls applying the principles of least privilege and need-to-know.

    2. Logical and Technical Segregation. Logical, functional and technical separation mechanisms to prevent unauthorized access between data belonging to different customers.

    3. Secure Development Lifecycle (SDLC). Implementation of technical and organizational secure development lifecycle practices.

    4. Encryption. Encryption of data in transit and at rest using current, industry-recognized cryptographic algorithms and key management practices.

    5. Infrastructure Security. Use of firewalls, intrusion detection and prevention systems, network segmentation and hardened system configurations to protect Myriad’s infrastructure and hosted environments.

    6. Security Monitoring and Incident Response. Continuous monitoring of security events and maintenance of incident response plans defining procedures for timely detection, investigation, mitigation and notification of security incidents.

    7. Vulnerability Management. Regular vulnerability scanning and timely patch management processes.

    8. Third-Party Risk Management. A vendor and subprocessor security management program, including appropriate due diligence and contractual safeguards.

    9. Endpoint Security. Protection of endpoints used to access production systems or data through enterprise-grade security controls, including anti-malware protection, disk encryption, secure configuration and access management. Remote access is permitted only via secure channels (such as VPN or zero-trust access mechanisms).

Your Data Protection Rights

  1. Depending on your location, you may have the following rights regarding your personal data:

    1. Access: The right to request access to your personal data.

    2. Correction: The right to request the correction of inaccurate personal data.

    3. Deletion: The right to request the deletion of your personal data.

    4. Restriction: The right to request the restriction of processing your personal data.

    5. Portability: The right to request the transfer of your personal data to another organization.

    6. Objection: The right to object to the processing of your personal data.

    7. Opting out of promotional messages: You can opt out of receiving our promotional emails at any time. You may do so by emailing us at the email address stated below or by following the opt-out instructions in the promotional emails we send you. If you opt out of receiving such communications, please be aware that we may continue to send you non-promotional emails (such as emails related to our business relationship or emails about changes to our legal terms).

  2. To exercise any of these rights, please contact us at dpo@myriad.company.

  3. Please note that we may keep certain personal data as necessary to comply with our legal obligations or for legitimate business purposes, such as to resolve disputes or enforce our agreements. We may also keep cached archived copies of personal data for a certain period of time.

Children’s Privacy

Our services are intended for professionals, adults, as well as our Website, and we do not knowingly collect personal data from children. If you are a parent or legal guardian and think your child below the age of 16 years (or a lower age threshold where applicable) has given us personal data without your consent, please contact us at dpo@myriad.company.

Third-Party Links

Our Website may contain links to third-party websites, services, and applications that are not operated or controlled by Myriad. This Website Privacy Policy does not apply to the privacy practices of those third parties and therefore we are not responsible for the privacy practices or the content of these websites. The fact that we link to a website, service, or application is not an endorsement, authorization, or representation of our affiliation with that third party. We encourage you to review the privacy policies of any third-party sites you visit.

Changes to Website Privacy Policy

We may update this Website Privacy Policy from time to time. The update is indicated by the date of the last revision. We will notify you of any changes that concern you by posting the new Website Privacy Policy on this page. You are advised to review this Website Privacy Policy periodically for any changes.

If we make material changes, we may provide you with additional notice, such as posting a statement on our homepage or sending you an email notification, if we have your email address on file.

Contact Us

The contact details:

Myriad Technology Inc.
3738 22nd Street,
94114 San Francisco,
CA, US

Email: dpo@myriad.company