1. Data Controller
In accordance with Regulation (EU) 2016/679, the General Data Protection Regulation (GDPR), and Organic Law 3/2018 on the Protection of Personal Data and the guarantee of digital rights (LOPDGDD), we inform you that the data controller responsible for processing personal data is:
VIEWVALUE, LLC Registered address: 848 Brickell Ave, Suite 950, Miami, FL 33131, United States Contact email: info@viewvalue.io Website: https://eph4.ai
2. Scope of Application
This Privacy Policy applies to:
- Visitors to the website https://eph4.ai
- Individuals who request information, contact, or demonstrations
- Users who access and use the Eph4 platform
- Personal data that may be contained in documents that users choose to process through the service
3. Categories of Personal Data Processed
The following categories of personal data may be processed through the website and the Eph4 platform:
- Identification and contact data (name, email address, company or organization)
- Technical and browsing data (IP address, session identifiers, logs, device type, browser)
- Metadata derived from service usage
- Personal data that may be included in documents that the user voluntarily chooses to analyze, summarize, or process through the platform. Eph4 does not intentionally request or require personal data in connection with the use of the platform; however, such data may be present in documents uploaded by users, who act as data controllers for such data. Under no circumstances is the personal data of data subjects, nor the information provided by users that may contain such data, used for training, retraining, validation, or improvement of artificial intelligence models.
4. Purposes of Processing
Personal data is processed for the following purposes:
- Managing requests for information, contact, or service demonstrations
- Enabling access to and use of the Eph4 SaaS platform
- Processing documents for analysis, reading, and summarization using artificial intelligence technologies
- Ensuring service security, preventing misuse, and maintaining technical traceability
- Complying with applicable legal obligations
5. Legal Basis for Processing
The legal bases that legitimize the processing of personal data are:
- The performance of a contract or the implementation of pre-contractual measures (Art. 6.1.b GDPR)
- The consent of the data subject, when required (Art. 6.1.a GDPR)
- The legitimate interest of the controller in ensuring the security and proper functioning of the service (Art. 6.1.f GDPR)
- Compliance with legal obligations (Art. 6.1.c GDPR)
6. Data Recipients
Personal data may be processed by third-party technology providers acting as data processors, including, among others, cloud infrastructure providers, database and storage providers, and artificial intelligence service providers.
Technology providers are selected according to strict criteria of security, confidentiality, and regulatory compliance, and they sign the corresponding data processing agreements in accordance with the provisions of Article 28 of Regulation (EU) 2016/679 (GDPR).
7. International Data Transfers
The use of certain technology providers may involve international data transfers, particularly to the United States.
Such transfers are carried out in accordance with the safeguards provided for in the GDPR, such as adequacy decisions by the European Commission, where applicable, or through the execution of Standard Contractual Clauses (SCCs) approved by the European Commission, together with the adoption of additional technical and organizational measures designed to ensure an adequate level of data protection.
8. Retention Periods
Personal data will be retained:
- As long as the contractual relationship or active access to the service is maintained
- For the time necessary to fulfill the purposes for which they were collected
- For the legally required periods to comply with legal obligations
Documents processed through the platform are retained only during the periods defined by the type of service contracted and are securely deleted once such periods have elapsed.
9. Rights of Data Subjects
The holder of personal data has the right to:
- Obtain confirmation as to whether or not the Controller is processing personal data concerning them
- Access their personal data, as well as request the rectification of inaccurate data or, where appropriate, request its deletion when, among other reasons, the data is no longer necessary for the purposes for which it was collected
- In certain circumstances, data subjects may request the restriction of the processing of their data, in which case the Controller will only retain them for the exercise or defense of claims
- In certain circumstances and for reasons related to their particular situation, data subjects may object to the processing of their data
- In certain circumstances, under the right to data portability, data subjects shall have the right to receive their personal data in a structured, commonly used, and machine-readable format and to transmit it to another controller
The data subject may exercise their rights:
- By sending a written request to info@viewvalue.io with the reference “Data Protection”
Additionally, if you believe that your rights have not been properly addressed, you may file a complaint with the Spanish Data Protection Agency (www.aepd.es).
10. Security Measures
Eph4 implements appropriate technical and organizational measures to ensure the confidentiality, integrity, and availability of personal data, including access controls, encryption, environment segmentation, and secure deletion of information.
11. Updates to the Privacy Policy
This Privacy Policy may be updated at any time to adapt to regulatory changes or functional modifications to the service. The current version will always be the one published on the website.