Legal Notes

Raico Technology Ltd (Company No. 16566975) (“Raico”, “we”, “us” or “our”) is committed to protecting the privacy and personal data of individuals who interact with us. This Privacy Policy explains how we collect, use, disclose, store, and otherwise process personal data when you:

• Visit or interact with our websites and online properties (the “Website”);
• Use our software-as-a-service platform, applications, and related features (the “Platform”);
• Purchase, access, or use our products and services, including advisory, professional, and support services (together with the Website and Platform, the “Services”);
• Communicate with us as a customer, prospective customer, partner, supplier, or other business contact.

This Privacy Policy also explains your rights and choices under applicable data protection laws.

Controller: Raico Technology Ltd
Company number: 16566975
Registered office: 12 Oliver Grove, Ebbsfleet Valley, Swanscombe, England, DA10 1FJ
Email: privacy@raico.io
Data Protection Officer (DPO): Angela Raib

Where we process personal data on behalf of our customers in the course of providing the Platform or Services, we act as a processor. Such processing is governed by the applicable customer agreement and our Data Processing Addendum ("DPA"), which reflects commitments aligned with UK GDPR, EU GDPR, SOC 2, and ISO 27001 requirements.

This Privacy Policy applies to:

• visitors to our Website;
• users of the Platform (including free, trial, and paid users);
• customers and prospective customers;
• users invited to or authorised to access the Platform by a customer (e.g. employees, contractors, vendors, or third parties);
• recipients of our advisory or professional services;
• business partners, suppliers, and other professional contacts;
• applicants and candidates for employment.

The personal data we collect depends on how you interact with us.

We may collect:

• identifiers and contact details (e.g. name, email address, phone number) where you submit forms;
• technical and usage data (e.g. IP address, device information, browser type, operating system, referring URLs, pages viewed, timestamps);
• cookie and similar tracking data (see Section 10).

We may collect:

• Account information: name, business email address, job title, company name, username, password, authentication credentials;
• Profile information: information you choose to provide in your user profile;
• Usage and log data: activity logs, access times, feature usage, device and system information;
• Authentication data: single sign-on (SSO) identifiers and tokens where enabled;
• Customer content: information, data, or materials uploaded, submitted, or generated through use of the Platform;
• Support communications: communications with us via email, chat, ticketing systems, or calls.

We may collect:

• business contact details (name, role, company, business address, email, phone number);
• contractual, billing, and payment information;
• communications and records relating to our commercial relationship.

In the course of providing advisory or professional services, we may process personal data provided by or on behalf of customers, subject to applicable contracts and confidentiality obligations.

We may collect:

• contact details;
• CVs, employment history, qualifications, references;
• information generated during interviews and recruitment processes.

We collect personal data:

• directly from you (e.g. when you create an account, complete forms, communicate with us, or use the Services);
• from customers or authorised users who grant you access to the Platform;
• automatically through use of the Website or Platform (e.g. logs, cookies);
• from third parties such as service providers, integration partners, recruitment platforms, or publicly available sources, where permitted by law.

We process personal data only where permitted by applicable law, including on the following legal bases:

• Performance of a contract: to provide and operate the Services, manage accounts, deliver advisory and professional services, and provide customer support.
• Legitimate interests: to improve, secure, and develop our Services, communicate with business contacts, prevent fraud and misuse, ensure platform reliability, and manage our operations.
• Compliance with legal obligations: including accounting, tax, regulatory, security, and audit requirements.
• Consent: where required by law (for example, certain marketing communications, cookies, or optional features).

Specific purposes include:

• providing, operating, maintaining, and improving the Services and Platform;
• authenticating users, managing access controls, and monitoring for security incidents;
• providing advisory, professional, and support services;
• managing customer relationships, contracts, billing, and payments;
• product development, analytics, and research (using aggregated or de-identified data where possible);
• marketing and business development activities, subject to your preferences and applicable law;
• compliance with legal, regulatory, and contractual obligations, including audits such as SOC 2 and ISO 27001;
• establishing, exercising, or defending legal claims.

We may share personal data with the following categories of recipients, only where necessary and in accordance with applicable law:

• Affiliates: for internal administration, management, and compliance purposes.
• Service providers and sub-processors: including cloud hosting providers, analytics providers, customer support tools, communications services, security vendors, and payment processors, acting under contractual obligations consistent with this Privacy Policy and our Data Processing Addendum (DPA).
• Professional advisors: such as legal, accounting, audit, and insurance advisors.
• Customers: where an authorised user, contractor, or vendor interacting through the Platform on behalf of a customer.
• Authorities and regulators: where required to comply with legal obligations or to protect rights, safety, or security.
• Corporate transactions: in connection with mergers, acquisitions, restructuring, or similar events, subject to appropriate confidentiality and data protection safeguards.

We do not sell personal data and do not share personal data for targeted advertising purposes.

Your personal data may be transferred to, stored, and processed in countries outside of your country of residence, including the United Kingdom, the European Union, the United States, and other jurisdictions where we or our service providers operate.

Where required by applicable law (including UK GDPR, EU GDPR, and applicable Middle East data protection laws), we implement appropriate safeguards for cross-border transfers, such as Standard Contractual Clauses, contractual commitments, and technical and organisational security measures, to ensure an adequate level of protection for personal data.

We retain personal data only for as long as necessary to fulfil the purposes described in this Privacy Policy, comply with legal obligations, resolve disputes, and enforce our agreements. Retention periods vary depending on the nature of the data and the context of processing.

We implement appropriate technical and organisational measures designed to protect personal data against unauthorised access, loss, misuse, alteration, or disclosure. No system is completely secure, and we cannot guarantee absolute security.

We use cookies and similar technologies on the Website and Platform to operate functionality, analyse usage, and improve user experience.

Where required by law, we obtain your consent. You can manage cookie preferences through your browser settings and, where available, our cookie management tools.

You may opt out of marketing communications at any time by using the unsubscribe link or contacting us. You will continue to receive transactional and service-related communications necessary to manage your account and use the Services.

Depending on your location and applicable law, you may have the right to:

• be informed about how we process your personal data;
• access your personal data;
• correct or update inaccurate or incomplete data;
• request deletion of your personal data;
• restrict or object to certain processing activities;
• withdraw consent where processing is based on consent;
• request data portability;
• not be subject to decisions producing legal or similarly significant effects based solely on automated processing, unless permitted by law.

You also have the right to lodge a complaint with a supervisory authority, including the UK Information Commissioner's Office (ICO), an EU data protection authority, or your local data protection regulator.

To exercise your rights, please contact us at privacy@raico.io. Where we process personal data as a processor on behalf of a customer, requests should be directed to the relevant customer, and we will assist them as required by law.

Our Website and Services are not directed to children under 18, and we do not knowingly collect personal data from children.

Our Services may contain links to third-party websites or integrations. This Privacy Policy does not apply to those third parties, and we encourage you to review their privacy policies.

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or business operations.

When we make material changes, we will provide notice through the Website, Platform, or other appropriate means. The "Last updated" date at the top of this policy indicates when it was most recently revised.

Raico does not use personal data to make decisions that produce legal or similarly significant effects on individuals solely through automated processing, unless expressly agreed with the customer and permitted by applicable law. Where automated processing or AI-supported features are used, they operate under human oversight and in accordance with contractual, legal, and ethical requirements.

If you have any questions or concerns about this Privacy Policy or our data protection practices, please contact us at:

Raico Technology Ltd
12 Oliver Grove, Ebbsfleet Valley, Swanscombe, England, DA10 1FJ
Email: privacy@raico.io