Privacy and Data Protection Policy.

Effective Date: February 24th of 2026

Version: 2.0

 

ChemHazAI ("we," "our," "us") is committed to protecting your privacy and ensuring compliance with applicable data protection laws, including any relevant data protection regulations. This Privacy and Data Protection Policy outlines how we collect, use, share, and protect your personal data when you interact with our services, including our website, CRM services, and any other products or services provided by ChemHazAI.

 

1. Data Controller

ChemHazAI is the data controller responsible for the processing of personal data described in this policy. For privacy and security reasons, all official correspondence should be directed to our compliance department via email or to our designated EU Representative as listed in Section 1.1. 

1.1 European Union Representative: As ChemHazAI is a non-EU based entity providing services to corporate clients within the European Union, we have appointed a representative in the Union to act as a point of contact for data subjects and supervisory authorities, pursuant to Article 27 of the GDPR.

You may reach our EU Representative regarding any data protection inquiries at:

 

Entity: ChemHazAI (EU Privacy Dept.)
Address: Juhkentali 8, Tallinn 10132, Estonia
Email: eu-rep@chemhazai.com
 

Our representative is authorized to represent ChemHazAI regarding our obligations under the GDPR.

 

2. Data We Collect

We collect personal data exclusively in a Business-to-Business (B2B) context. This includes professional contact details (name, business email, job title) of representatives from our corporate clients and prospects. We do not knowingly collect personal data from individual consumers or minors:

 

  • Personal Identification Information: Name, email address, mailing address, phone number.

  • Professional Information: Company name, job title, industry.

  • Technical Data: IP address, browser type, operating system, device identifiers, and other technical data collected via cookies or similar technologies.

  • Usage Data: Information about how you interact with our services, such as website visits, product interactions, and preferences.

  • Communication Data: Correspondence through email, chat, or other communication channels.

 

3. Legal Basis for Data Processing
We process personal data under the following legal bases:

 

  • Consent: Where you have provided explicit consent for us to process your data (e.g., subscription to our newsletter or direct inquiries).

  • Contractual Necessity: When the processing is necessary to fulfill a contract or to take steps at your request prior to entering into a contract.

  • Legal Obligation: Where we are legally required to process the data (e.g., compliance with tax laws, data retention obligations).

  • Legitimate Interests: When processing is necessary for the purposes of legitimate interests pursued by ChemHazAI, except where such interests are overridden by your fundamental rights and freedoms.

 

4. How We Use Your Data
Your personal data will be used for the following purposes:

 

  • Provision of Services: To provide, operate, and maintain our services, including customer support.

  • CRM Management: manage our customer relationships and communications.

  • Marketing and Communication: To send you marketing communications, newsletters, and promotional offers, provided you have consented to receiving such communications.

  • Analytics and Performance Monitoring: To analyze traffic and user behavior on our website and improve our services.

  • Compliance: To comply with legal obligations and respond to lawful requests from public authorities.

 

5. Data Sharing and International Transfers
We may share your personal data with third-party service providers for business purposes, such as data hosting  or CRM services. These third-party providers are contractually obligated to protect your personal data and only process it on our behalf, following our instructions.

For international data transfers from the EEA to countries not deemed adequate by the European Commission (such as the United States), we rely on Standard Contractual Clauses (SCCs) approved by the European Commission. Additionally, we conduct Transfer Impact Assessments (TIAs) to ensure that the laws of the recipient country provide a level of protection essentially equivalent to that of the European Union. We implement supplementary technical measures, including encryption and strict access controls, to safeguard your data during transit and storage.

 

5.1 AI Infrastructure and Data Sub-processing: To provide our AI-driven services, we utilize specialized third-party infrastructure providers who act as sub-processors under strict confidentiality and data protection obligations. In accordance with our Data Protection Addendum (DPA) with these providers: 

  • Security Standards: Our infrastructure is managed under internationally recognized security frameworks, including ISO 27001, ensuring robust encryption and data resilience.
  • No Public Model Training: We have secured contractual guarantees that your professional data is not used to train third-party public AI models without your explicit authorization.
  • Authorized Sub-processors: We engage leading AI model providers (such as OpenAI, Anthropic, and AWS) who process data primarily in the United States and the European Union, subject to Standard Contractual Clauses (SCCs) to ensure a level of protection equivalent to EU standards.
  • Data Purpose: Personal data is processed solely for the purpose of delivering our services, including professional due diligence and organizational verification, and is never sold or used for third-party marketing.

 

6. Data Retention
We retain your personal data for as long as necessary to fulfill the purposes for which it was collected, to comply with legal obligations, or as otherwise permitted by applicable law. Specific retention periods vary depending on the nature of the data and the reason for its collection.

 

7. Your Rights
Under applicable data protection laws, you have the following rights regarding your personal data:

 

  • Right to Access: You may request information about the personal data we hold about you.

  • Right to Rectification: You may request the correction of inaccurate or incomplete data.

  • Right to Erasure: You may request the deletion of your personal data under certain circumstances.

  • Right to Object: You may object to the processing of your personal data based on legitimate interests.

  • Right to Data Portability: You may request a copy of your personal data in a structured, commonly used, and machine-readable format.

  • Right to Withdraw Consent: Where processing is based on consent, you have the right to withdraw that consent at any time.

 

United States State Privacy Rights: Depending on your state of residence (e.g., Florida, California, Virginia), you may have additional rights regarding your professional personal data, including:

  • Right to Opt-Out: The right to opt-out of the 'sale' or 'sharing' of your personal information (as defined by state law). Note: ChemHazAI does not sell your personal data.
  • Right to Limit Use of Sensitive Data: The right to limit the use of sensitive personal information.
  • Non-Discrimination: We will not discriminate against you for exercising any of your privacy rights.

 

To exercise any of these rights, please contact us at compliance@chemhazai.com or eu-rep@chemhazai.com for companies based on the European Union.

 

8. Data Security
We take the security of your personal data seriously and implement appropriate technical and organizational measures to protect it against unauthorized access, loss, or disclosure. These include encryption, access controls, and regular security audits.

While we strive to protect your data, no security system is completely foolproof. Therefore, we cannot guarantee the absolute security of your data, especially in cases of malicious actions by third parties.

 

9. Cookies and Tracking Technologies
Our website uses cookies and similar tracking technologies to enhance user experience, analyze performance, and deliver targeted advertisements. You can manage your cookie preferences through your browser settings.

For detailed information on how we use cookies, please refer to our Cookie Policy.

 

10. Children’s Privacy
Our services are not intended for individuals under the age of 18, and we do not knowingly collect personal data from children. If we become aware that we have inadvertently collected personal data from a child without parental consent, we will delete such data promptly.

 

11. Changes to this Policy
We may update this Privacy and Data Protection Policy from time to time to reflect changes in our practices or relevant legal requirements. Any updates will be posted on this page with the revised date. We encourage you to review this page periodically to stay informed of our data protection practices.

 

12. Contact Information
If you have any questions, concerns, or requests regarding this Privacy and Data Protection Policy or how we handle your personal data, please contact us at:

ChemHazAI
Email: compliance@chemhazai.com
 

By using our services, you acknowledge and agree to the terms outlined in this policy.