Privacy Policy

Last updated: 06 October 2025

Amio s.r.o.

Bartoškova 1411/20, Nusle (Praha 4), 140 00 Praha, Czech Republic

1. Introduction

This Privacy Policy explains how Amio s.r.o. (“Amio”, “we”, “us”, or “our”) collects, uses, and protects personal data in connection with our website and services. It applies to all users worldwide.

For residents of the European Economic Area (EEA), United Kingdom, and Switzerland, this Policy also explains your rights under the General Data Protection Regulation (GDPR).

For details about data processing performed on behalf of our customers, please refer to our Data Processing Agreement (DPA).

2. Roles

Amio as Controller: We act as a data controller when we collect personal data through our website, accounts, communications, and recruitment activities.
Amio as Processor: We act as a data processor when processing personal data on behalf of our customers via our chatbot services. In these cases, our customers (the controllers) determine what data is collected and for what purposes.

3. Data We Collect

We may collect and process the following categories of personal data:

Website & marketing data: contact details, form submissions, newsletter sign-ups, cookies, and analytics data.
Client data: account information, billing and payment details, and customer support interactions.
Potential client/lead data: details shared during sales calls, demos, or events.
Chatbot data (processor role): chat content, user inputs, identifiers (if configured by the Controller), and technical metadata (device, browser info).
Job applicant data: CVs, qualifications, work experience, and application details.
Business partner data: contact and contractual information.

We do not knowingly collect data from children under 18.

4. Purposes of Processing

We process personal data to:

Deliver, maintain, and improve our services.
Respond to inquiries and provide support.
Analyse service usage and website traffic.
Manage billing, payments, and contracts.
Prevent fraud and misuse.
Fulfill legal and regulatory obligations.
Support recruitment and HR processes.
Assist Controllers in operating their chatbots.

We do not sell personal data.

5. Legal Bases (GDPR)

When Amio acts as Controller, we rely on the following legal bases:

Consent: e.g. newsletter sign-ups or cookies.
Contract performance: providing services to customers.
Legitimate interest: e.g. marketing, product improvement, fraud prevention.
Legal obligations: e.g. tax and accounting compliance.

When Amio acts as Processor, we process data solely under our customers’ instructions, based on their chosen legal basis as defined in the DPA.

6. Sharing and Sub-Processors

We may share personal data with:

Service providers and sub-processors (e.g. hosting, analytics, communication tools).
Payment providers (e.g. PayPal).
Professional advisors (e.g. legal and accounting firms).
Authorities, when required by law.

The current list of sub-processors is available at: https://www.amio.io/sub-processors.

All sub-processors are contractually bound to GDPR-equivalent standards and undergo periodic reviews for security and compliance.

7. International Data Transfers

Your personal data may be transferred to countries outside your home jurisdiction.

For transfers from the EEA, UK, or Switzerland, Amio ensures appropriate safeguards, such as:

Adequacy decisions by the European Commission, or
Standard Contractual Clauses (SCCs) approved by the European Commission.

8. Security Measures

We implement appropriate technical and organisational measures to protect personal data, including:

Encryption at rest and in transit.
Multi-factor authentication and access controls.
Logical tenant separation.
Continuous monitoring and logging.
Regular backups and restore testing.
Employee confidentiality agreements and training.

While no system can be 100% secure, we take all reasonable steps to minimize risks of unauthorized access or misuse.

9. Data Retention

Chatbot data: retained for up to 90 days (unless otherwise instructed by the Controller).
Website & marketing data: up to 2 years.
Job applicant data: retained for recruitment purposes and deleted when no longer necessary.
Backups: maintained on a 90-day rolling basis.

Data may be deleted earlier upon request or contract termination.

10. Data Subject Rights (GDPR)

If you are located in the EEA, UK, or Switzerland, you have the following rights:

Right of access – obtain a copy of your data.
Right to rectification – correct inaccurate data.
Right to erasure – request deletion (subject to legal obligations).
Right to restrict processing.
Right to object – including to marketing activities.
Right to data portability.
Right to lodge a complaint with your Data Protection Authority.

For chatbot data, please direct your request to the relevant Controller (our customer). Amio assists Controllers in fulfilling such requests.

11. Data Breach Management

In the event of a personal data breach:

Amio will investigate and contain the incident without undue delay.
Affected Controllers will be notified promptly with available details.
We will assist Controllers in meeting their 72-hour notification duty under GDPR.

12. Cookies and Tracking

We use cookies and similar technologies for:

Analytics and performance (e.g. Google Analytics).
Advertising and social media integrations.
Essential website functionality.

You can manage your preferences at any time via our cookie banner or browser settings.

13. AI Use (Processor Context)

Amio may use AI services (e.g. Microsoft Azure OpenAI) to support chatbot responses, strictly under Controllers’ instructions.

Customer data is not used to train AI models.
Data is logically separated and secured.
AI sub-processors adhere to GDPR-equivalent standards.

14. Changes to This Policy

We may update this Privacy Policy periodically. The latest version will always be available on our website with an updated “Last updated” date.

For significant changes, we may notify users via email or a notice on our website.

15. Contact

If you have any questions, requests, or complaints regarding this Policy, contact us at: privacy@amio.io