PRIVACY POLICY

First Level

Please read this Privacy Policy (hereinafter, “Privacy Policy”) carefully. It is intended for users of the website https://aionai.io/ (hereinafter, the “Site”) and is prepared in accordance with Article 13 of the General Data Protection Regulation No. 2016/679 (hereinafter, also “GDPR”) and, where applicable, in accordance with U.S. data protection legislation, including the California Consumer Privacy Act (hereinafter, also, “CCPA”) and other applicable state laws. This Privacy Policy provides you with all the details regarding the processing of your personal data (hereinafter, also, “Data”) and its use.

Please note that this Privacy Policy applies only to the processing of Data carried out on the Site and not to the processing performed on other websites, even if accessible through links within the Site itself. Additionally, this Policy refers exclusively to the use of the Site.

The protection and privacy of your personal information is our priority. Please read the following carefully to understand our vision and practices regarding your personal data and how we process it.

For additional information on the topic you’re interested in, please select the relevant item below.

Data Controller
European Representative of the Data Controller
Data Protection Officer
Personal Data Processing
Third-Party Websites – General
Purpose of Data Processing, Legal Basis, and Retention Period
Authorized Personnel for Data Processing
Recipients of Personal Data
Transfer of Personal Data to Non-EU Countries
User Rights
Privacy Policy Updates

Second Level

To access the second level, click on the second-level link. Each link opens a text box.

Data Controller

My AION Inc.
Address: 257 Old Churchmans Road, DE. 19720
Email address: privacy@aionai.io

European Representative of the Data Controller

DTSOCIALIZE Ltd.
Address: Kathleen Court Trip il Kappucini, Flat 1 – Zabbar – MALTA
Email address: office@dtsmail.tech

Data Protection Officer

The Data Controller has appointed a Data Protection Officer (DPO) who can be contacted at the email address: dpo@aionai.io

Personal Data Processing

Technical Data
This category of Data includes IP addresses or domain names of computers used by users connecting to the Site, URI (Uniform Resource Identifier) addresses of requested resources, request timestamps, methods used for submitting requests to the server, file sizes of responses received, numerical codes indicating server response statuses (such as success, error, etc.), and other parameters related to the user’s operating system and computing environment. This Data is used solely for statistical purposes (and is therefore anonymous), to monitor the proper functioning of the Site, and is deleted immediately after processing. The Data may also be used to investigate potential computer crimes affecting the Site. Otherwise, web contact data is not retained for more than 14 days.

Cookies
The Site collects Data using cookies or similar technologies. For more information, please refer to the Site’s “Cookie Policy.
Users residing in the United States can manage their cookie preferences in accordance with applicable U.S. regulations.

Third-Party Websites – General

My Aion may allow links to other websites or internet resources operated by third parties. For information on privacy protection and the handling of personal data by these external sites (including social networks, if applicable), please consult their respective privacy policies. The Company assumes no responsibility for the processing of personal data by these third-party websites or pages.
Purpose of Data Processing
Legal Basis for Processing Personal Data
Data Retention Period

Contacts Section

Article 6(1)(b) of the GDPR: “Performance of a contract to which the data subject is a party or implementation of pre-contractual measures taken at the request of the data subject.”
Personal data will be retained for a period not exceeding 12 months from the time of their collection.

Compliance with Legal Obligations

Article 6(1)(c) of the GDPR: “Processing is necessary for compliance with a legal obligation to which the controller is subject.”
Personal data will be retained for the period strictly necessary to allow the Data Controller to fulfill the legal obligations to which they are subject.
Assessment, Exercise, and Defense of Legal Rights

Article 6(1)(f) of the GDPR: “Processing is necessary for the purposes of the legitimate interests pursued by the controller.”

Personal data will be retained for the strictly necessary period of the litigation, until the exhaustion of the deadlines for appeals and legal actions.

Once the above retention periods have expired, user’s personal data will be destroyed, deleted, or anonymized, subject to technical deletion and backup procedures.

Authorized Personnel for Data Processing

Personal data will be processed only by employees and collaborators of the Company and its European representative who are expressly authorized by the Company.

Recipients of Personal Data

The user’s personal data may be disclosed to and processed by third parties acting as data controllers, such as, by way of example, public authorities, supervisory authorities, regulatory bodies, law enforcement agencies, and generally public or private entities (such as legal advisors, accountants, auditors) where necessary for the exercise or protection of our rights, as well as to comply with legal obligations.
Data may be processed, on behalf of the data controller, by third parties acting as data processors, to whom appropriate operational instructions are given. These include service providers (such as IT developers and programmers, IT service providers, etc.). These data processors have been selected from professionals who ensure the implementation of appropriate technical and organizational measures, ensuring that processing is always carried out in compliance with applicable regulations and guaranteeing the protection of the rights of data subjects.
The updated list of data processors is available by sending a written request to the data controller or an email to privacy@aionai.io.

Transfer of Personal Data Outside the EU or EEA

The Company is based in the United States.
For purposes related to the provision of services, technical maintenance, or business collaboration, personal data may also be transferred to third countries other than the United States or the European Union, such as the United Arab Emirates.
The Company ensures that any and all transfers outside the EU, EEA, or the United States are carried out in a manner that guarantees the full and effective protection of users’ rights and freedoms. To this end, if the European Commission or the relevant U.S. authorities have not issued any adequacy decision regarding the third country to which the data is transferred, the Company will implement appropriate safeguards in accordance with Articles 46 et seq. of the GDPR and applicable U.S. regulations, such as standard contractual clauses or equivalent instruments, accompanied by impact assessments and due diligence procedures.
The Company ensures that any and all transfers outside the EU or EEA will be carried out in a manner that guarantees the full and effective protection of the user’s rights and freedoms. To this end, if the European Commission has not issued an adequacy decision regarding the non-EU/EEA country to which the data is transferred, the Company will implement appropriate safeguards pursuant to Articles 46 and following of the GDPR. This includes conducting due diligence checks with all importers of personal data to assess and verify that they have implemented adequate safeguards to protect the data.

Evidence of the safeguard measures taken by the Society can be obtained by sending an e-mail to privacy@aionai.io

Processing of Data of Users Residing in the United States and Other Third Countries

If the user resides in the United States, including but not limited to the states of California, Colorado, Virginia, Connecticut, and Utah, the processing of personal data may also be subject to U.S. data protection laws, such as the California Consumer Privacy Act (CCPA), the California Privacy Rights Act (CPRA), the Colorado Privacy Act (CPA), the Virginia Consumer Data Protection Act (VCDPA), the Connecticut Data Privacy Act (CTDPA), the Utah Consumer Privacy Act (UCPA), and similar regulations.
Furthermore, if the user resides in third countries outside the European Union and the United States, such as the United Arab Emirates, data processing will still be carried out in accordance with the principles of transparency, lawfulness, and proportionality established by the GDPR, by adopting appropriate safeguards for international data transfers.
In compliance with these regulations, My AION Inc. is committed to ensuring transparency and the protection of personal data for U.S. users.
Users residing in such countries may exercise their rights by writing to privacy@myaion.ai, specifying their jurisdiction and the nature of the request.

User Rights

Users can obtain access to their personal data and a copy thereof, as well as request the deletion, rectification of inaccurate or incomplete data, or restriction of the processing of their personal data pursuant to Article 18 of the GDPR.

Users also have the right to object at any time to the processing of their personal data based on their particular situation. The right to object to the processing of personal data for direct marketing purposes is absolute and can be exercised at any time (Article 21 of the GDPR).

If the processing of personal data is based on consent, users have the right to withdraw it at any time (Article 7 of the GDPR).

If the conditions for the right to data portability are met pursuant to Article 20 of the GDPR, users have the right to receive their personal data that they have provided to us in a structured, commonly used, and machine-readable format and, where technically feasible, to the secure transmission of their personal data to another data controller.

To protect users’ rights and personal data, users may decide to file a complaint with the competent supervisory authority at any time (in particular, in the EU Member State where they reside or usually work, or in the State where an alleged data breach has occurred).

Users can exercise their rights by writing to the Data Controller by mail at the address indicated above or by email at the following email address: dpo@aionai.io, specifying if they are residing in the United States.
It is understood that if the request is made electronically, the information will be provided in a commonly used electronic format.

Privacy Policy Updates

This Privacy Policy is constantly updated. For this reason, we indicate the date of the last update at the top of this Privacy Policy. If users have already provided their personal data to the Company, they will be informed of any substantial changes through appropriate means to ensure full transparency of the processing and full and adequate protection of their rights.
However, we encourage users to regularly consult the Privacy Policy to stay informed about its updates.