Home Legal Notices Privacy Policy
🛡️

Privacy Policy

Last Updated:

Privacy Policy

1. Introduction

352 Digital ("we," "our," or "us") is committed to protecting your privacy and ensuring the
security of your personal data. This Privacy Policy explains how we collect, use, disclose, and safeguard your
information when you visit our website and use our services.

This policy is designed to comply with the Luxembourg Data Protection Act of 1 August 2018, the General Data Protection
Regulation (GDPR) (EU) 2016/679, and other applicable data protection laws.

2. Data Controller

The data controller responsible for your personal data is:

352 Digital
Luxembourg (Grand Duchy of Luxembourg)

For any questions regarding this Privacy Policy or our data processing practices, please contact us at the address above.

3. Legal Basis for Processing

We process your personal data based on one or more of the following legal grounds:

  • Consent: You have given clear consent for us to process your personal data for specific purposes
  • Contract: Processing is necessary for the performance of a contract with you
  • Legal Obligation: Processing is necessary to comply with legal obligations under Luxembourg or EU law
  • Legitimate Interests: Processing is necessary for our legitimate interests or those of a third party,
    except where such interests are overridden by your data protection rights

4. Information We Collect

4.1 Information You Provide Directly

  • Account Information: Name, email address, and other contact details when you create an account
  • Payment Information: Billing details and payment card information (processed securely through third-party
    payment processors)
  • Communications: Information you provide when contacting us, subscribing to newsletters, or participating
    in surveys
  • User Content: AI prompts, materials, and other content you create or share on our platform

4.2 Information Collected Automatically

  • Usage Data: Information about how you interact with our services, including pages viewed, features used, and time spent
  • Device Information: IP address, browser type, operating system, device identifiers, and referring URLs
  • Cookies and Tracking Technologies: As detailed in our Cookie Policy (managed by Complianz)
  • Analytics Data: Aggregated data about user behaviour and service performance

4.3 Information from Third Parties

  • Authentication Services: Information from third-party login providers (if applicable)
  • Payment Processors: Transaction confirmation and payment status information

5. How We Use Your Information

We use your personal data for the following purposes:

5.1 Service Provision

  • Providing access to our AI prompt library and educational resources
  • Processing your orders and managing your account
  • Delivering content, products, and services you request
  • Authenticating users and preventing fraud

5.2 Communication

  • Sending service-related notifications and updates
  • Responding to your enquiries and support requests
  • Sending marketing communications (with your consent)
  • Providing information about new features, prompts, and educational content

5.3 Improvement and Development

  • Analysing usage patterns to improve our services
  • Developing new features and educational content
  • Conducting research and analytics
  • Testing and troubleshooting technical issues

5.4 Legal and Security

  • Complying with legal obligations and regulatory requirements
  • Protecting against fraud, abuse, and security threats
  • Enforcing our terms of service and policies
  • Defending our legal rights and interests

6. Data Retention

We retain your personal data only for as long as necessary to fulfil the purposes outlined in this Privacy Policy, unless a
longer retention period is required or permitted by law.

Specific Retention Periods:

  • Account Data: Retained while your account is active and for 3 years after account closure
  • Transaction Records: Retained for 10 years in compliance with Luxembourg accounting and tax laws
  • Marketing Communications: Retained until you withdraw consent or opt-out
  • Usage Data: Aggregated and anonymised after 24 months for analytical purposes
  • Legal Records: Retained as required by applicable laws and regulations

After the retention period expires, we will securely delete or anonymise your personal data.

7. Data Sharing and Disclosure

We do not sell your personal data. We may share your information with:

7.1 Service Providers

  • Payment Processors: To process transactions securely
  • Email Service Providers: To deliver communications (ListMonk for newsletter management)
  • Cloud Hosting Providers: To store and process data securely
  • Analytics Providers: To analyse service usage and performance

All service providers are contractually bound to protect your data and use it only for specified purposes.

7.2 Legal Requirements

We may disclose your information when required by law, including:

  • In response to valid legal processes (court orders, subpoenas)
  • To comply with Luxembourg or EU regulatory requirements
  • To protect our rights, property, or safety
  • To prevent fraud or illegal activities
  • In connection with the investigation of potential violations of our terms

7.3 Business Transfers

In the event of a merger, acquisition, or sale of assets, your personal data may be transferred to the acquiring entity,
subject to the same privacy protections.

8. International Data Transfers

Your data is primarily processed within the European Economic Area (EEA). If we transfer data outside the EEA, we ensure
appropriate safeguards are in place, including:

  • Standard Contractual Clauses: Approved by the European Commission
  • Adequacy Decisions: Transfers to countries with adequate data protection as determined by the EU
  • Your Explicit Consent: Where required by law

9. Your Rights Under GDPR

As a data subject under GDPR, you have the following rights:

9.1 Right of Access

You can request confirmation of whether we process your personal data and obtain a copy of that data.

9.2 Right to Rectification

You can request correction of inaccurate or incomplete personal data.

9.3 Right to Erasure ("Right to be Forgotten")

You can request deletion of your personal data in certain circumstances, including:

  • The data is no longer necessary for the purposes collected
  • You withdraw consent (where consent is the legal basis)
  • You object to processing and there are no overriding legitimate grounds
  • The data was unlawfully processed

9.4 Right to Restriction of Processing

You can request restriction of processing in certain situations, such as when you contest the accuracy of the data.

9.5 Right to Data Portability

You can request your personal data in a structured, commonly used, machine-readable format and transmit it to another controller.

9.6 Right to Object

You can object to processing based on legitimate interests or for direct marketing purposes.

9.7 Right to Withdraw Consent

Where processing is based on consent, you can withdraw that consent at any time.

9.8 Right to Lodge a Complaint

You have the right to lodge a complaint with the Luxembourg National Commission for Data Protection (CNPD):

Commission Nationale pour la Protection des Données (CNPD)
15, Boulevard du Jazz
L-4370 Belvaux
Luxembourg
Website: https://cnpd.public.lu

10. Exercising Your Rights

To exercise any of your rights, please contact us with your request. We will respond within one month, which may be extended
by two additional months for complex requests.

We may require proof of identity before processing your request to ensure data security.

11. Data Security

We implement appropriate technical and organisational measures to protect your personal data, including:

  • Encryption: Data encrypted in transit (SSL/TLS) and at rest
  • Access Controls: Restricted access to personal data on a need-to-know basis
  • Security Monitoring: Regular security assessments and monitoring for vulnerabilities
  • Secure Infrastructure: Use of reputable cloud service providers with robust security measures
  • Staff Training: Regular training on data protection and security practices
  • Incident Response: Procedures for detecting and responding to data breaches

In the event of a data breach that poses a risk to your rights and freedoms, we will notify you and the CNPD within 72 hours
as required by GDPR.

12. Children's Privacy

Our services are intended for educators and adult users. We do not knowingly collect personal data from children under 16 years
of age without parental consent. If we become aware that we have collected data from a child without proper consent, we will take
steps to delete that information.

13. Automated Decision-Making and Profiling

We do not use your personal data for automated decision-making or profiling that produces legal effects or similarly significant
effects on you.

We may use aggregated, anonymised data for analytics and to improve our AI prompt recommendations, but this does not constitute
profiling under GDPR.

14. Third-Party Links

Our website may contain links to third-party websites. We are not responsible for the privacy practices of these external sites.
We encourage you to review their privacy policies before providing any personal information.

15. Marketing Communications

With your consent, we may send you marketing communications about our services, new features, and educational content.

You can opt-out of marketing communications at any time by:

  • Clicking the "unsubscribe" link in any marketing email
  • Updating your communication preferences in your account settings
  • Contacting us directly

Please note that even if you opt-out of marketing, we may still send you essential service-related communications.

16. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other
factors.

We will notify you of significant changes by:

  • Posting the updated policy on our website
  • Updating the "Last Updated" date
  • Sending you an email notification (for material changes)

Your continued use of our services after changes are posted constitutes acceptance of the updated policy.

17. Contact Information

For questions, concerns, or requests regarding this Privacy Policy or our data protection practices, please contact us:

Email: [email protected]
Address: 352 Digital, Luxembourg (Grand Duchy of Luxembourg)

We are committed to working with you to resolve any privacy concerns in a timely and transparent manner.

18. Specific Information for Luxembourg Users

As a Luxembourg-based company, we adhere to the Luxembourg Data Protection Act and maintain our primary data processing operations
within Luxembourg and the EEA.

Luxembourg users have the additional right to contact the CNPD directly for any data protection concerns or to file complaints
regarding our data processing practices.

This Privacy Policy is governed by the laws of Luxembourg and complies with GDPR requirements.