PRIVACY AND CONFIDENTIALITY POLICY - AI.RTON

1 - PRIVACY POLICY

AI.rton (hereinafter “we,” “our,” or “AI.rton”) respects your privacy and is committed to protecting your personal data. This Privacy Policy explains how we collect, use, store, and protect your personal information in accordance with the European Union's General Data Protection Regulation (GDPR).

Data Controller:

Company: AI.rton - Soluções AI

Email: raulmuta@airton.fun

Address: Anaxagora, Tavros, Athens. Date: 16/10/2025

2 - Data We Collect

2.1 - Data Provided Directly by You:

• Contact Information:

  • Full name

  • Email

  • Phone number/WhatsApp

  • Company name

  • Position/role

• Project Information:

  • Project description

  • Estimated budget

  • Desired deadlines

  • Business objectives

  • Content provided (texts, images, documents)

• Payment Information:

  • Billing information

  • Tax ID number

  • Billing address

  • Payment method (processed by secure third parties)

2.2 - Automatically Collected Data:

• Technical Data:

  • IP address

  • Browser type

  • Operating system

  • Pages visited

  • Time spent on site

  • Traffic source (Google, social media, etc.)

• Cookies:

  • Essential cookies (website functionality)

  • Analytical cookies (Google Analytics)

  • Marketing cookies (if consented to)

• Payment Information:

  • Billing information

  • Tax ID number

  • Billing address

  • Payment method (processed by secure third parties)

3 - How We Use Your Data

3.1 - Provision of Services:

• Create and develop websites, chatbots, or other contracted services

• Communicate about project progress

• Provide technical support

• Process payments

3.2 - Marketing and Communication:

• Send newsletters with tips and news (only if you consent)

• Inform about new services or offers

• Send relevant educational content

3.3 - Service Improvement:

• Analyze how the website is used

• Improve the user experience

• Develop new services

3.4 - Legal Compliance:

• Comply with legal obligations (tax, accounting)

• Respond to requests from competent authorities

4 - Data Sharing

4.1 - We Do Not Sell Your Data:

We never sell, rent, or share your personal data with third parties for marketing purposes.

4.2 - Necessary Sharing:

• Service Providers:

  • Hostinger (website hosting)

  • Google (Analytics, Gmail, Drive)

  • Stripe/PayPal (payment processing)

  • Mailchimp/Brevo (email marketing - only if you consent)

• All providers:

  • Are GDPR compliant

  • Sign data processing agreements

  • Only process data according to our instructions

• Legal Obligations:

  • Tax authorities (AT - Tax Authority)

  • Judicial authorities (by court order)

4.3 - Automatically Collected Data:

Some of our suppliers (Google, Stripe) are based outside the EU (USA). We guarantee that:

• There are adequate safeguards (Standard Contractual Clauses)

• Data is protected to the same level as in the EU

• You can obtain a copy of the safeguards by contacting

5 - Data Retention

We only keep your data for as long as necessary:

• Active customer data - During the contractual relationship + 1 year

• Completed project data - 5 years (legal tax obligation)

• Non-converted lead data - 2 years (then deleted)

• Newsletter data - Until you unsubscribe

6. Your Rights (GDPR)

• ✅ Right of Access - You can request a copy of all the data we hold about you.

• ✅ Right of Rectification - You can correct incorrect or incomplete data.

• ✅ Right to Erasure (“Right to be Forgotten”) - You can ask us to delete your data (unless we have a legal obligation to keep it).

• ✅ Right to Restriction of Processing - You can ask us to restrict the use of your data.

• ✅ Right to Portability - You can request your data in a structured, machine-readable format.

• ✅ Right to Object - You can object to the processing of your data for direct marketing purposes.

• ✅ Right to Withdraw Consent - You can withdraw your consent at any time (this does not affect the lawfulness of previous processing).

📧 How to Exercise Your Rights:

Email: raulmuta@airton.fun

Subject: “GDPR Request - [Type of Request]”

We will respond within 30 days.

7. Data Security

We implement technical and organizational measures to protect your data:

Technical Measures:

• ✅ SSL/TLS (HTTPS) encryption throughout the website

• ✅ Daily encrypted backups

• ✅ Firewalls and malware protection

• ✅ Restricted access via strong password and 2FA

• ✅ Servers in ISO 27001 certified data centers

Organizational Measures:

• ✅ Access to data only by authorized personnel

• ✅ Data protection training

• ✅ Confidentiality agreements with employees

• ✅ “Need-to-know” policy (minimum necessary access)

In Case of Data Breach:

• We notify the CNPD (National Data Protection Commission) within 72 hours

• We notify those affected if there is a high risk

• We investigate and correct the fault

8. Minors

Our services are aimed at companies and professionals. We do not intentionally collect data from minors under the age of 16.

If you become aware that we have collected data from a minor, please contact us immediately so that we can delete it.

9. Changes to This Policy

We may update this Privacy Policy from time to time. When we do so:

• We update the date at the top

• We notify you by email (if the changes are significant)

• We publish the new version on the website

• We recommend that you review this page periodically.

10. Contact and Complaints

Data Protection Officer (DPO):

• Email: raulmuta@airton.fun

• Phone: +30 69 5531 5138

Supervisory Authority:

• If you feel that your rights have not been respected, you can file a complaint with:

• CNPD - National Data Protection Commission

• Address: Av. D. Carlos I, 134, 1º, 1200-651 Lisbon

• Phone: +351 213 928 400

• Email: geral@cnpd.pt

• Website: www.cnpd.pt

Last update: October 2025