Privacy Policy

Last updated: 06 October 2025

Amio s.r.o.

Bartoškova 1411/20, Nusle (Praha 4), 140 00 Praha, Czech Republic

Contact: privacy@amio.io

This Privacy Policy explains how we collect, use, and protect personal data in connection with our website and services. It applies to all users worldwide. For residents of the European Economic Area (EEA), United Kingdom, and Switzerland, it also explains your rights under the General Data Protection Regulation (GDPR).

1. Roles

  • Amio as Controller: We act as a controller when we collect personal data via our website, accounts, communications, and recruitment activities.
  • Amio as Processor: We act as a processor when we process personal data on behalf of our customers through our chatbot services. Customers (Controllers) decide what data is collected and why.

2. What Data We Collect

We may collect and process the following categories of data:

  • Website & marketing data: contact details, form submissions, newsletter sign-ups, cookies and analytics data.
  • Client data: account details, billing and payment information, customer service interactions.
  • Potential client/lead data: details shared via sales, demos, or events.
  • Chatbot data (processor role): chat content, user inputs, identifiers (if configured by the Controller), and technical metadata (device/browser info).
  • Job applicant data: CVs, qualifications, past work experience.
  • Business partner data: contact and contractual information.

We do not knowingly collect data from children under 18.

3. Purposes of Processing

We process data to:

  • Deliver and improve our services.
  • Respond to inquiries and provide support.
  • Analyse service usage and website traffic.
  • Process payments and manage contracts.
  • Safeguard against fraud and misuse.
  • Comply with legal obligations.
  • Support recruitment and HR processes.
  • Assist Controllers in operating their chatbots.

We do not sell personal data.

4. Legal Bases (GDPR)

For data where Amio is Controller, we rely on:

  • Consent (e.g. newsletter sign-ups, cookies).
  • Contract performance (e.g. providing services).
  • Legitimate interest (e.g. marketing, fraud prevention, service improvement).
  • Legal obligations (e.g. tax, accounting).

For data where Amio is Processor, we process personal data strictly under our Customers’ instructions, based on their chosen legal basis.

5. Sharing and Sub-Processors

We may share personal data with:

  • Service providers and sub-processors (e.g. hosting, analytics, communication tools).
  • Payment providers (e.g. PayPal).
  • Professional advisors (legal, accounting).
  • Authorities, where required by law.

The current list of sub-processors is available at: https://www.amio.io/sub-processors.

All sub-processors are contractually bound to GDPR-equivalent standards.

6. International Data Transfers

Personal data may be transferred outside your home country. Where data is transferred from the EEA, UK, or Switzerland, Amio ensures:

  • Adequacy decisions by the European Commission, or
  • Appropriate safeguards, such as Standard Contractual Clauses (SCCs).

7. Security

We implement technical and organisational measures to protect personal data, including:

  • Encryption at rest and in transit.
  • Multi-factor authentication and access controls.
  • Logical tenant separation.
  • Monitoring and logging.
  • Regular backups and restore testing.
  • Staff confidentiality agreements and training.

While no system is completely secure, we take appropriate steps to minimise risks.

8. Data Retention

  • Chatbot data: retained for up to 90 days (unless otherwise requested by the Controller).
  • Website and marketing data: retained for up to 2 years.
  • Job applicant data: retained for recruitment purposes, deleted when no longer necessary.
  • Backups: retained within the same 90-day rolling window.

Data may be deleted earlier upon request or at contract termination.

9. Data Subject Rights (GDPR)

If you reside in the EEA, UK, or Switzerland, you have rights under GDPR:

  • Right of access (obtain a copy of your data).
  • Right to rectification (correct inaccurate data).
  • Right to erasure (request deletion, subject to legal obligations).
  • Right to restrict processing.
  • Right to object (including marketing).
  • Right to data portability.
  • Right to lodge a complaint with your Data Protection Authority.

For chatbot data, please direct requests to the relevant Controller (our Customer). Amio assists Controllers in fulfilling such requests.

10. Breach Management

In case of a personal data breach:

  • Amio will investigate and contain incidents without undue delay.
  • Controllers will be notified promptly with available details.
  • We will assist Controllers in meeting their 72-hour notification duty under GDPR.

11. Cookies and Tracking

We use cookies and similar technologies for:

  • Analytics and performance (e.g. Google Analytics).
  • Advertising and social media integrations.
  • Essential functionality.

You can manage preferences via our cookie banner or your browser settings.

12. AI Use (Processor context)

Amio may use AI services (e.g. Microsoft Azure OpenAI) to support chatbot responses, strictly under Controllers’ instructions.

  • Customer data is not used to train AI models.
  • Data is logically separated and secured.
  • AI sub-processors commit to GDPR-equivalent standards.

13. Changes to This Policy

We may update this Privacy Policy from time to time. The latest version will always be posted on our website with a new “Last updated” date. Significant changes may also be communicated by email or notice on our website.

14. Contact

For questions, requests, or complaints, contact us at: privacy@amio.io