PRIVACY AND COOKIES POLICY 

Shimmr AI Ltd ("we", “us”, or “our”) is committed to protecting and respecting your privacy. This Privacy and Cookies Policy (“Policy”) sets out the basis on which the personal data collected from you, or that you provide to us will be processed by us. Please read the following carefully to understand our views and practices regarding your personal data and how we will treat it. 

For the purpose of the General Data Protection Regulation (GDPR), the UK General Data Protection Regulation and the UK Data Protection Act 2018 (together abbreviated here as “UK GDPR”), the data controller is Shimmr AI Ltd, registered in England and Wales with registered office at 5a Bear Lane, Southwark, London, England SE1 0UH (Company Number 14391431). The definitions of controller, processor (and processing), data subject, personal data and personal data breach are as set out in the UK GDPR. 

1. YOUR PERSONAL DATA 

1. when we act as a data controller (section 1.2) and when we act as a data processor (section 1.3); 
2. the general categories of personal data that we collect and process; 
3. the purposes for which we process such personal data; and 
4. the legal bases of the processing. 

1. notification data: information that you provide to us when subscribing to our email notifications and/or newsletters. Notification data is processed for the purposes of sending you the relevant notifications and/or newsletters and making suggestions and recommendations about our own or similar products and/or services that may be of interest to you. The legal basis for this processing is our legitimate interests, namely communications with our website visitors to develop and grow our business. 
2. communication data: information contained in or relating to any communication that you send to us. Communication data may include the communication content and metadata associated with the communication. Communication data is processed for the purposes of communicating with you and record-keeping. The legal bases for this processing are our legitimate interests, namely communications with our subscribers and the proper administration of our website and business and performance of a contract. 
3. contact data: information including your contact details i.e. name, email address and payment information. Contact data is processed for the purposes of registering you for a demo or as a user, to manage payment of our charges and fees, and to collect / recover any money owed to us. The legal bases for this processing are performance of a contract and our legitimate interests, namely, proper administration of our business and debt recovery. 
4. usage data: information may include your IP address, browser type and version, operating system, referral source, length of visit, page views and website navigation paths, as well as information about the timing, frequency and pattern of your service use. The source of the usage data is our analytics tracking system which uses cookies. This usage data may be processed for the purposes of analysing your use of our website and services. We are only able to do this if you accept the relevant cookies via the cookie controls available on the banner you see when you open our website. 
5. survey data: we may ask you to complete surveys or questionnaires that we use for research and business development purposes, although you do not have to respond to them. The legal basis for processing is our legitimate interests, namely, to develop and grow our business. 

1. personal data of publishers’ staff including their name, email address and contact details to provide the publisher with our services. The legal basis for this processing is for the performance of our contract with the publisher. 
2. personal data of authors including their name and any personal details contained in their novels in order to provide the publisher with our services. The legal basis for this processing is for the performance of our contract with the publisher. 

We use artificial intelligence (AI) models to create continuously self-optimising advertising campaigns for books, with advertisements deployed into media channels to drive e-commerce sales of those books. The AI models will analyse the content in digital copies of books and any personal data in the books (such as author’s name, foreword, dedication notes, author’s biography) in order to create the advertising campaign. Our legal basis for processing this personal data is the performance of a contract. To find out more about how we create our advertisement campaigns using AI, visit https://shimmr.ai/what-were-up-to on our website. 

Before you provide us with personal data about another person, you shall ensure you have a legal basis for our use of their personal data and that they are notified accordingly. 

1.4 Change of purpose:  

We will only use your personal data for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose. If you then wish to get an explanation as to how the processing for the new purpose is compatible with the original purpose, please contact us.  

If we need to use your personal data for an unrelated purpose, we will notify you and we will explain the legal basis which allows us to do so. 

 Please note that we may collect and process your personal data without your knowledge or consent, in compliance with the above rules, where this is required by law. 

In addition to the above uses we may use your information, to notify you about products or services which may be of interest to you. Where we do this, we will contact you by electronic means (e-mail) only if you have consented to such communication.  If you do not want us to use your data in this way, please either (i) unsubscribe from our electronic communications using the method indicated in the relevant communication; or (ii) inform us at any time by contacting us at the contact details set out below. 

1. in the event that we sell or buy any business or assets, in which case we may disclose your personal data to the prospective seller or buyer of such business or assets; or  
   
2. if we or substantially all of our assets are acquired by a third party, in which case personal data held by us about our customers will be one of the transferred assets; or  
3. if we are under a duty to disclose or share your personal data in order to comply with any legal obligation, or in order to enforce or apply our Terms and Conditions; or  
4. to protect our rights, property, or safety or that of our affiliated entities and our users and any third party we interact with to provide the website; or 
5. to our professional advisers, where needed.
   
   

 3.2 Where we are acting as a processor for publishers, we may need to share personal data with trusted third party service providers. The publisher hereby authorises us to engage third party service providers. We will enter into the relevant contracts with such third party service providers in compliance with the UK GDPR and we will notify the publisher in the event we intent to add or remove a third party service provider.  

3.3 Other than as set out above and save insofar as is necessary in order for us to carry out our obligations arising from any contracts entered into between the publisher and us, we will not share personal data with third parties unless we have procured the individual’s express consent to do so. 

Security 

We take appropriate measures to ensure that any personal data are kept secure, including implementing security measures to try our best to prevent personal data from being accidentally lost, or used or accessed in an unauthorised way. We limit access to your personal data to those who have a genuine business need to know it. Those processing your information will do so only in an authorised manner and are subject to a duty of confidentiality.  

Where we have given you (or where you have chosen) a password which enables you to access certain parts of the website and/or our platform, you are responsible for keeping this password confidential.  

We also have procedures in place to deal with any suspected data security breach. We will notify you and any applicable regulator of a suspected data security breach where we are legally required to do so. 

Unfortunately, the transmission of information via the internet is not completely secure. Although we will do our best to protect your personal data, we cannot guarantee the security of your data transmitted to the website; any transmission is at your own risk. Once we have received your information, we will use strict procedures and security features to try to prevent unauthorised access. 

The website may, from time to time, contain links to and from the websites of our partner networks, advertisers and affiliates. If you follow a link to any of these websites, please note that these websites have their own privacy policies and terms of use and that we do not accept any responsibility or liability for these policies and terms of use. Please check these policies before you submit any personal data to these websites. 

Keeping your personal data up to date 

If your personal details change you may update them by accessing the relevant page on your dashboard or by contacting us using the contact details below. If you have any questions about how we use data collected which relates to you, please contact us by sending a request by email to the contact details below. 

If you contact us, we will endeavour to update your personal data within seven (7) working days of any new or updated personal data being provided to us, in order to ensure that the personal data we hold about you is as accurate and up to date as possible. 

Data retention policy 

• We may store personal data that you have provided us for as long as it is reasonably necessary taking into consideration our need to provide you with the services for which you have signed up, to resolve any disputes, enforce our rights and/or respond to queries. 

• We will hold your personal data for as long as reasonably necessary after the end of your Agreement with us, but no longer than the period we are required to retain this information by applicable UK law (currently 6 years). 

• We will hold waitlist and notification data for as long as you are interested in hearing about our products and services.  

If you have any questions about our data retention policy, please contact us. 

Where we store your personal data 

We use cloud-based servers to store your data. We also make use of artificial intelligence (AI) and third-party service providers to deliver our services (see section 3.2 above). The data that we collect from you may be transferred to and stored at a destination outside the United Kingdom and/or the European Economic Area ("EEA"). It may also be processed by staff operating outside the United Kingdom and/or EEA who work for us or for one of our suppliers. Such staff maybe engaged in, among other things, the fulfilment of your orders, the processing of your payment details and the provision of support services.  

 In the event we transfer your personal data to a country without an adequacy decision from the United Kingdom, any such transfer will be subject to the international data transfer agreement approved by the United Kingdom’s Information Commissioner’s Office and any other appropriate safeguards which may be applicable to such transfers. 

If you would like further information, please contact us (see ‘Contact’ below). 

5. YOUR RIGHTS 

Under the UK GDPR you have a number of important rights free of charge. In summary, those include rights to: 

• access to your personal data and to certain other supplementary information that this Policy is already designed to address 
• require us to correct any mistakes in your information which we hold 
• require the erasure of personal data concerning you in certain situations 
• receive the personal data concerning you which you have provided to us, in a structured, commonly used and machine-readable format and have the right to transmit those data to a third party in certain situations 
• object at any time to processing of personal data concerning you for direct marketing 

• object to decisions being taken by automated means which produce legal effects concerning you or similarly significantly affect you 
• object in certain other situations to our continued processing of your personal data 
• otherwise restrict our processing of your personal data in certain circumstances 
• claim compensation for damages caused by our breach of any data protection laws. 

For further information on each of those rights, including the circumstances in which they apply, see the Guidance from the UK Information Commissioner’s Office (ICO) on individuals rights under the UK GDPR. 

If you would like to exercise any of those rights, please: 

• email or write to us (see ‘Contact’ below); 
• let us have enough information to identify you (e.g. registration number (if any), organisation name, user name);  
• let us have proof of your identity and address (a copy of your driving licence or passport and a recent utility or credit card bill); and 

• let us know the information to which your request relates, including any registration or reference numbers, if you have them. 

You will not have to pay a fee to access your personal data (or to exercise any of the other rights). However, we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive. Alternatively, we could refuse to comply with your request in these circumstances. 

We may collect information about you including where available your IP address, operating system and browser type, for systems administration. This is statistical data about our users’ browsing actions and patterns and does not identify any individual. We may, however, use such information in conjunction with the data we have about you in order to track your usage of our services. 

A cookie is a small file of letters and numbers that we store on your browser or the hard drive of your computer if you agree. Cookies contain information that is transferred to your computer's hard drive. 

The cookies we use include: 

• Analytical cookies: they allow us to recognise and count the number of visitors and to see how visitors move around the website when they are using it. This helps us to improve the way our website works, for example, by ensuring that users are finding what they are looking for easily. 
• Strictly necessary cookies: these are cookies that are required for the operation of our website.  
• Functionality cookies: these are used to recognise you when you return to our website. This enables us to personalise our content for you, greet you by name and remember your preferences. 

Please note that the website may include links to third parties’ websites who may also use cookies, over which we have no control. 

Cookies which are strictly necessary for the core functionality of the website are enabled by default and set automatically at the point you access the website.  

Any cookies which are not strictly necessary for the functioning of the website will not be set unless you expressly consent to them through the cookie banner by clicking “accept”. 

You may block cookies by changing your preferences or activating the setting on your browser that allows you to refuse the setting of all or some cookies. However, if you use your browser settings to block all cookies (including essential cookies) you may not be able to access all or parts of the website. Except for essential cookies, all cookies will expire after the period set out in the table above. 

We hope that we can resolve any query or concern you raise about our use of your information.  

The  UK GDPR also gives you the right to lodge a complaint with the Information Commissioner who may be contacted at https://ico.org.uk/make-a-complaint/ or telephone: 0303 123 1113. 

We reserve the right to modify this Policy at any time. Any changes we may make to our Policy in the future will be notified and made available to you using the website. Your continued use of our services and the website shall be deemed your acceptance of the varied Policy. 

All questions, comments and requests regarding this Privacy Policy should be addressed to Shimmr AI Ltd either by email or writing to us at our registered address below:  

Email – privacy@shimmr.ai  

Address -  5a Bear Lane, Southwark, London, England SE1 0UH