Privacy Policy
Last Updated: January 4, 2025
Team Landi ("Team Landi," "we," "us," or "our") is committed to protecting your organization's privacy. This Privacy Policy explains how we collect, use, and safeguard business-related information when you or your authorized representatives interact with our website, Services, or otherwise communicate with us in a B2B (business-to-business) context.
Separate Agreement
Additional privacy and data handling terms may be defined in a separate Data Processing Agreement or Master Service Agreement, especially if you require specific compliance clauses. If there is a conflict, those separate terms shall govern.
1. Key Points Summary
On-Premises Data: AIBOX processes your organization's data on your premises, and Team Landi does not access that data unless you explicitly provide access for support.
Minimal Business Data: We primarily collect business contact and account information via our website or support channels.
Regulatory Compliance: We adhere to GDPR and Bulgarian data protection laws.
Your Rights: Your organization retains control over its data and may exercise certain rights (e.g., access, deletion) depending on your jurisdiction.
Security: We employ enterprise-grade security measures to protect the limited data we process.
2. Scope and Applicability
2.1 Covered Activities
This Policy covers how we handle business data when you or your authorized representatives:
Visit our website (www.teamlandi.com)
Submit contact forms or inquiries (e.g., via HubSpot)
Create and manage corporate accounts
Engage in support communications
Receive marketing or technical updates from us
2.2 Excluded Activities
This Policy does not cover:
Data you process within AIBOX's on-premises environment (we have no access to your operational data).
Third-party websites or services.
External APIs or integrations used independently.
3. Information We Collect
3.1 Business Information You Provide
Contact Forms: Business representative name, corporate email, company name, and inquiry details.
Account Information: Corporate login credentials, billing details, support requests, and technical contacts.
3.2 Automatic Collection
Technical Data: IP addresses, browser types, device information, usage patterns.
Cookies and Analytics: Session data, preference settings, performance metrics.
3.3 Third-Party Processing
We use enterprise service providers to process certain business data:
HubSpot (contact management; data may be processed in EU/US).
Payment processors (EU-based or otherwise noted in your separate contract).
Analytics tools (EU-based or with appropriate safeguards).
All such providers are bound by Data Processing Agreements (DPAs) or comparable legal instruments ensuring compliance with GDPR or equivalent standards.
4. How We Use Your Information
4.1 Primary Business Uses
Responding to business inquiries.
Processing orders (hardware and subscription).
Providing technical support and troubleshooting.
Managing user accounts and permissions.
Improving our Services (internal analytics, feature enhancements).
4.2 Business Marketing
With appropriate consent or legitimate interest (as permitted by GDPR or local law), we may send:
Product updates or patch notes.
Technical announcements or instructions.
Event invitations (e.g., webinars, trade shows).
Industry insights or newsletters.
You can opt out of marketing communications at any time by contacting us or clicking an unsubscribe link.
4.3 Analytics
We analyze how businesses interact with our website and support channels to enhance user experience and optimize service performance.
5. Legal Basis for Processing
5.1 Contract Performance
When you create an account or place an order, processing is necessary to fulfill our contractual obligations.
5.2 Legitimate Interests
Business relationship management: Keeping track of your account details to provide a stable B2B relationship.
Security and fraud prevention: Monitoring unusual activity to protect data.
Service improvement: Adjusting features based on aggregated usage patterns.
5.3 Legal Obligations
Tax and regulatory compliance: Fulfilling any legal requirements under Bulgarian, EU, or other applicable laws.
5.4 Consent (If Required)
For specific marketing communications or optional features, we may rely on your consent. You can withdraw this consent at any time.
6. Data Retention
6.1 Business Data Retention Periods
Active Accounts: Retained throughout the business relationship plus a reasonable period (e.g., 2 years) after it ends.
Marketing Data: Retained until you opt out or withdraw consent, plus a brief administrative period (e.g., 6 months).
Support Records: Typically retained for 3 years from the date a support ticket is closed.
Security Logs: Up to 5 years to manage security incidents and fraud prevention.
6.2 Extended Retention
We may retain data longer if required by law, legal processes, or legitimate business needs (e.g., security audits, disputes).
6.3 Data Deletion
At the end of retention periods, we securely delete or anonymize data unless further retention is legally required.
7. Data Sharing and International Transfers
7.1 Service Providers
We may share data with:
HubSpot (EU/US) for contact forms or CRM.
Payment processors (EU-based) for invoice and transaction handling.
Cloud or analytics providers (EU-based or with SCCs/DPAs in place).
7.2 International Transfers
We primarily use EU-based processing.
If data is transferred outside the EEA (e.g., to the US), we rely on Standard Contractual Clauses (SCCs) and other safeguards (e.g., encryption, minimized data).
7.3 Legal Requirements
We may disclose data if:
Legally compelled (e.g., court order).
Necessary to protect our rights or prevent fraud.
In response to valid governmental or regulatory requests.
8. Your Organization's Rights
8.1 GDPR Rights (EU/EEA Organizations)
Authorized representatives of an EU/EEA-based organization may request:
Access to business-related data.
Correction of inaccuracies.
Deletion of data (where applicable).
Restriction of processing.
Data portability (in structured, machine-readable format).
Objection to certain processing activities.
8.2 Additional Rights by Region
If your organization is located outside the EU/EEA, local laws may grant additional or differing rights. We will comply with such requirements to the extent legally required.
8.3 Exercising Rights
An authorized representative may contact us at privacy@teamlandi.com. We aim to respond within 30 days, subject to applicable law.
9. Security Measures
9.1 Enterprise Technical Safeguards
Encryption in transit and at rest (where feasible).
Role-based access controls and password policies.
Intrusion detection and regular security audits.
Incident response procedures for data breaches.
9.2 Organizational Measures
Staff training on security and data handling.
Access management for authorized personnel.
Business continuity and backup protocols.
10. Organizational Requirements
10.1 Your Responsibilities
Managing internal user access: ensuring only authorized personnel interact with our systems.
Implementing your own security measures (e.g., physical security around on-premises hardware).
Complying with applicable data protection laws for any personal data you control.
10.2 Breach Notification
If we detect a security incident that affects your business data, we will inform your designated contact(s) without undue delay and provide relevant information about the nature and scope of the incident.
11. Cookie Management
11.1 Cookie Types
We may use:
Essential cookies (required for core functionality).
Functional cookies (optional).
Analytics cookies (optional).
Marketing cookies (optional).
11.2 Cookie Control
You can configure your browser settings or use our cookie preference center to accept/reject non-essential cookies.
Disabling certain cookies may affect website functionality or user experience.
11.3 Do Not Track
We honor Do Not Track (DNT) signals when technically feasible.
12. Changes to Privacy Policy
We may update this Privacy Policy from time to time. Any material changes will be communicated (e.g., email to your designated contact) 30 days before taking effect. Your continued use of our Services after that period indicates acceptance of the updated Policy.
13. Contact Information
For privacy inquiries or requests:
Email: privacy@teamlandi.com
Address: Garitage Park Sofia, Building 9, Bulgaria
If you have concerns about data protection or believe we have infringed any of your rights, you may also contact the Commission for Personal Data Protection in Bulgaria or, if in the EU/EEA, your local supervisory authority.
14. Supervisory Authority
Commission for Personal Data Protection (Bulgaria)
If you are in the EU/EEA, you have the right to lodge a complaint with your local data protection authority.
15. Additional Information
15.1 Privacy Shield & SCCs
We rely primarily on Standard Contractual Clauses and maintain updated measures for international data transfers.
15.2 Data Protection Officer (DPO)
Email: dpo@teamlandi.com
Address: Garitage Park Sofia, Building 9, Bulgaria
15.3 Updates
We may revise non-material aspects without prior notice, but material changes will be subject to a 30-day notice period.
16. Language and Precedence
This Privacy Policy is available in English and Bulgarian. In the event of any discrepancy, the English version prevails. Local translations (if any) are provided for convenience only.