Privacy Notice

Effective Date: 06 May 2025

This privacy notice (“Privacy Notice”) sets out how Pactio Technologies Limited (“Pactio”, “us”, “our” and “we”) collects and processes your personal data.

Your privacy is a priority for us, and we are committed to protecting your personal data. We process your personal data when you access https://pactio.io, https://rowanlabs.ai, or their sub-domains (the “Websites”), use our associated software services (the “Services”), or have other business interactions with our team. 

Pactio is the developer of the Rowan Excel Add-in (the “Add-in”) available via the Microsoft Store. The Add-in is included within the scope of Pactio’s Services per this policy.

We recommend reading this Privacy Notice in full to understand how we handle your personal data.

  1. Important Information & Who We Are

Controller

This Privacy Notice applies to personal data which Pactio processes as a controller when you visit our Websites, use our Services, or interact with us. 

"Personal data" refers to any information about an individual from which that person can be identified (excluding anonymised data).

Changes to This Privacy Policy

We keep this Privacy Notice under regular review. Changes will be posted on the Website and dated accordingly. Significant changes may be highlighted separately.

You may request historical versions by emailing dataprotection@pactio.io.

Your duty to inform us of changes

Please let us know if your personal data changes during your relationship with us.

Other privacy notices

Additional privacy notices may apply in specific cases. This Privacy Notice supplements those notices.

Contact details

If you have any questions about this policy or our privacy practices, contact us at:

Email: dataprotection@pactio.io

Mailing Address: Pactio Technologies Limited, Hamilton House, 1 Temple Avenue, EC4Y 0HA

You have the right to lodge a complaint with the Information Commissioner’s Office (ICO) (www.ico.org.uk), though we encourage you to contact us first.

EU data subjects

For EU data subjects, our representative is Rickert Rechtsanwaltsgesellschaft mbH.

Contact them by emailing art-27-rep-pactio@rickert.law or writing to:

Rickert Rechtsanwaltsgesellschaft mbH (Pactio), Colmantstraße 15, 53115 Bonn, Germany.

  1. Data we collect about you

We may collect:

  1. Identity data (e.g., full name)

  2. Contact data (e.g., email, telephone number)

  3. Marketing and communications data (e.g., preferences)

  4. Profile data (e.g., user ID, password, feedback)

  5. Technical data (e.g., IP address, browser type)

  6. Usage data (e.g., how you interact with our Website and Services)

We do not ordinarily collect special categories of personal data or data about criminal convictions.

  1. How we collect your personal data

We collect data through:

  • Direct interactions (e.g., account creation, feedback, use of our Services)

  • Automated technologies (e.g., cookies – see our Cookie Notice)

You may choose to share data with us when using our Add-in:

  • You may input or select data from your spreadsheet

  • You may submit prompts to the AI assistant

  • You may upload supplementary files to be analysed by the AI assistant

  1. How we use your data

We use your data only when legally permitted under the General Data Protection Regulation (GDPR), primarily based on:

  • Consent

  • Contract

  • Legitimate interests (e.g., operating and improving our Services)

  • Compliance with legal obligations

Your data is not used to train any models.

  1. What we do with your personal data

We process your data for purposes such as:

  • Registering you as a new user

    • Data: Identity, contact, and profile data

    • Legal basis: Consent

  • Operating, delivering, and protecting the Website and Services

    • Data: Identity, contact, and technical data

    • Legal basis: Contract

  • Improving our Services

    • Data: Technical and usage data

    • Legal basis: Legitimate interests

  • Managing our relationship with you

    • Data: Identity, contact, marketing and communications, and profile data

    • Legal basis: Consent and legal compliance

If we change the purpose for using your data, we will explain the basis to you.

  1. How we protect your personal data

We implement technical and organisational measures to safeguard your data. Only those with a business need-to-know have access. 

Procedures are in place to handle potential breaches.

  1. How long we keep your personal data

We retain your data only as long as necessary for the purposes outlined, considering factors like:

  • The amount and sensitivity of the data

  • The risk of harm

  • Legal, regulatory, and tax requirements

Regarding the data input by users via the Add-in: 

  • We do not retain this data

  • This data is not used to train any models

  1. How we share your personal data

We may share data with:

  • Service providers (e.g., IT services)

  • Professional advisers (e.g., legal, insurance)

  • Regulators and authorities (e.g., HMRC)

Specifically, we use a trusted service provider to deliver AI responses. This provider:

  • Does not use your inputs to train models

  • Complies with relevant data protection regulations

  • Logs prompts and responses for a limited period of time, solely for the purpose of detecting violations of their prohibited use policy and any required legal or regulatory disclosures. 

Please refer to Gemini API Terms of Service for further information on how they process your data.

When sharing data, we ensure appropriate safeguards and obligations are in place.

  1. International data transfers

If any data is processed by third-party services outside your jurisdiction, it is done under appropriate safeguards such as Standard Contractual Clauses.

  1.  Your legal rights (for users in the EU, UK, and California)

Depending on your location, you may have the right to:

  • Request access to your personal data

  • Request correction or erasure of your data

  • Request data transfer

  • Restrict or object to processing

  • Withdraw consent where processing relies on consent

  • Lodge a complaint with a supervisory authority

Requests are generally handled within one month. We may require identity verification for security purposes.

  1. Third-party links

Our Websites may contain links to third-party websites. We are not responsible for their privacy practices. Please review their privacy notices before providing any personal data.

  1. Children's privacy

Our Websites and Services are intended for adults (18+).

We do not knowingly collect data from children under 18. If you believe we have, please contact us