Privacy Policy
Last Updated: January 12, 2026
1. INTRODUCTION
EYREACT LTD ("we," "us," or "our") is committed to protecting your privacy and personal data. This Privacy Policy explains how we collect, use, process, and protect your information when you visit our website eyreact.com or use our services.
Data Controller: EYREACT LTD
Registration: United Kingdom Company
Contact: privacy@eyreact.com
Address: 19 Lake Court, Medway Drive, Royal Tunbridge Wells, TN12FH, Kent, United Kingdom
2. LEGAL BASIS FOR PROCESSING
We process your personal data under the following legal bases as defined by the General Data Protection Regulation (GDPR):
Legitimate Interest - For business development, marketing, and providing relevant compliance information
Consent - When you explicitly agree to receive marketing communications or complete assessments
Contractual Necessity - To provide services you've requested or fulfil agreements
Legal Obligation - To comply with applicable laws and regulations
3. INFORMATION WE COLLECT
3.1 Information You Provide Directly
- Name, email address, company name, job title
- Contact information (phone number, business address)
- Information submitted through forms, assessments, or surveys
- Communication preferences and marketing consent
3.2 Information Collected Automatically
- IP address, browser type, device information
- Website usage data, pages visited, time spent
- Cookies and similar tracking technologies
- Referral sources and marketing attribution
3.3 Third-Party Information
- Business contact information from publicly available sources
- Information from partner referrals and lead generation services
4. HOW WE USE YOUR INFORMATION
4.1 Primary Purposes
- Provide and improve our AI compliance services
- Respond to inquiries and support requests
- Send relevant compliance updates and regulatory information
- Conduct business development and lead qualification
4.2 Marketing and Communications
- Send newsletters, product updates, and educational content
- Invite you to webinars, events, and educational programs
- Share relevant AI Act compliance resources and guidance
4.3 EU AI Act Assessment Follow-Up
IMPORTANT NOTICE: If you complete our EU AI Act Assessment tool, you may be contacted by one of our compliance advisors to discuss your results and provide personalised guidance on AI Act compliance requirements. This contact is part of our legitimate business interest in providing relevant compliance services.
5. COOKIES AND TRACKING TECHNOLOGIES
We use cookies and similar technologies to:
- Remember your preferences and settings
- Analyse website performance and user behavior
- Provide personalised content and recommendations
- Enable third-party services (analytics, marketing)
Cookie Categories:
Strictly Necessary - Essential for website functionality
Performance - Analytics and usage statistics
Functional - Enhanced features and personalization
Marketing - Advertising and lead tracking
You can control cookie preferences through your browser settings or our cookie consent manager.
6. DATA SHARING AND THIRD PARTIES
6.1 Service Providers
We share data with trusted third-party service providers for:
- Website hosting and technical infrastructure
- Email marketing and communication platforms
- Analytics and performance monitoring
- Customer relationship management (CRM)
- Payment processing and subscription management
6.2 Business Partners
- Affiliate partners who refer qualified leads
- Integration partners for compliance tools and services
- Industry event organisers and co-marketing partners
6.3 Legal Requirements
We may disclose information when required by law, court order, or to protect our legal rights and interests.
7. INTERNATIONAL DATA TRANSFERS
Your data may be transferred to and processed in countries outside the European Economic Area (EEA). We ensure adequate protection through:
- EU Commission adequacy decisions
- Standard Contractual Clauses (SCCs)
- Appropriate safeguards and security measures
8. DATA RETENTION
We retain your personal data for as long as necessary to fulfill the purposes outlined in this policy:
- Active marketing contacts: Until you unsubscribe or withdraw consent
- Assessment data: 3 years or until you request deletion
- Website analytics: 26 months
- Legal compliance records: As required by applicable law
9. YOUR PRIVACY RIGHTS
Under GDPR and other applicable laws, you have the right to:
9.1 Access and Portability
Request a copy of your personal data we hold
Receive your data in a portable format
9.2 Correction and Completion
Correct inaccurate or incomplete information
Update your contact preferences
9.3 Deletion and Restriction
Request deletion of your personal data ("right to be forgotten")
Restrict processing under certain circumstances
9.4 Objection and Withdrawal
Object to direct marketing communications
Withdraw consent for data processing
Object to legitimate interest processing
To exercise your rights, contact us at privacy@eyreact.com with proper identification.
10. DATA SECURITY
We implement appropriate technical and organizational measures to protect your data:
- Encryption of data in transit and at rest
- Access controls and authentication systems
- Regular security audits and assessments
- Staff training on data protection requirements
11. CHILDREN'S PRIVACY
Our services are not intended for individuals under 16. We do not knowingly collect personal information from children under 16. If we become aware of such collection, we will take steps to delete the information promptly.
12. MARKETING COMMUNICATIONS
12.1 Consent and Opt-In
We only send marketing communications to individuals who have:
- Explicitly consented to receive our communications
- Provided business contact information for legitimate business purposes
- Engaged with our services or content
12.2 Unsubscribe Options
Every marketing email includes clear unsubscribe mechanisms. You can also:
- Update preferences through our preference center
- Contact us directly at privacy@eyreact.com
- Use the unsubscribe link in any communication
13. UPDATES TO THIS POLICY
We may update this Privacy Policy to reflect changes in our practices or applicable laws. Significant changes will be communicated through:
- Email notification to registered users
- Prominent notice on our website
- Updated "Last Modified" date
14. SUPERVISORY AUTHORITY
You have the right to lodge a complaint with your local data protection supervisory authority if you believe we have processed your personal data unlawfully.
UK Supervisory Authority:
Information Commissioner's Office (ICO)
Website: ico.org.uk
15. CONTACT INFORMATION
For questions about this Privacy Policy or our data practices:
Data Protection Officer: privacy@eyreact.com
General Inquiries: hello@eyreact.com
Website: eyreact.com
Mailing Address: EYREACT LTD, 19 Lake Court, Medway Drive, Tunbridge Wells, TN12FH, Kent, United Kingdom
This Privacy Policy is effective as of January 12, 2026, and applies to all users of our website and services.