5 November 2024 version

Privacy Notice

1. WHO ARE WE, AND HOW CAN YOU GET IN TOUCH WITH US?

1.1  Sherp (“Yalantis Limited”, “Yalantis”, “Sherp”, “we” or “us”) handle your personal data responsibly and with your privacy in mind and in accordance with current data protection legislation (including GDPR and other relevant regulations such as national laws and regulations).

1.2. Affiliates: Sherp, as a part of Yalantis Limited, may disclose your personal data to it’s affiliates, meaning an entity that controls, is controlled by, or is under common control with Yalantis Limited. Our affiliates may use the personal data we share in a manner totally consistent with this Privacy Notice.

1.3. This Privacy Notice explains which categories of personal data we collect and process, why they are processed, and which rights you do have. You also receive information on how you can assert your rights. You will always find the most recently updated version of this information on our website https://sherp.tech/ .

1.4. Contact us for any questions regarding our processing of your personal data, or if you wish to exercise any of your rights:


Yalantis Limited (HE 426115)

Email: privacy@sherp.tech

Postal address: Arch. Makariou ΙΙΙ, 95, 1st floor, Flat/Office 102, 1071 Nicosia, Cyprus

2. HOW WE PROCESS YOUR PERSONAL DATA 

2.1 We obtain your personal information from:

  • Directly from you
  • Browser

2.2 The Notice extends to

  1. Sherp Website: https://sherp.tech ,  Sherp’s presence on various platforms (LinkedIn, Twitter, Instagram, Facebook)

Sherp only collects and processes the personal data that is necessary with respect to the specific purposes set up in advance. 

2.3 Sherp Website: https://sherp.tech  and Sherp’s presence on various social media platforms (LinkedIn, Twitter, Instagram, Facebook, etc.)

Data  Purpose Legal ground Storage period
name

email

phone number

place of work or business name

business negotiations, to promote our services Consent 5 years after the last interaction
name, email for newsletter subscription to promote our services Consent  Until you withdraw consent
correspondence  business negotiations Consent 3 years
self-made profile of a potential customer business negotiations Legitimate interest 3 years
email-receipt reports business negotiations Consent 1 year
browser information of a visitor to enhance the quality of our products and solutions Legitimate interest/ Consent see details at Cookies Notice
IP address of the website form’s applicant to locate the country and city of the form’s applicant Legitimate interest/ Consent During submitting

Browser information

When you access our website www.sherp.tech, we may collect standard Internet log information including your IP address, browser type, and language, access times. Please note that when you visit our website, you automatically submit information about your activities, usage, etc. on our website to Sherp and third parties.

More detailed information on how we use cookies and other tracking technologies and how you can control these can be found in our Cookies Notice

3. HOW LONG DO WE SAVE THE PERSONAL DATA

3.1 Sherp retains personal data for as long as it is needed in relation to the purpose set for the processing and as indicated in this Notice. We are then obliged to delete them. 

4. HOW WE PROTECT YOUR PERSONAL DATA

4.1 We use a range of physical, electronic, and managerial measures to keep your personal data secure, accurate, and current. These measures include

  • education and training to relevant personnel so they are aware of our privacy obligations when handling personal data;
  • administrative and technical controls to restrict access to personal data on a ‘need to know’ basis;
  • technological security measures, including firewalls, encryption, and antivirus software; and
  • physical security measures, such as personnel security passes to access our premises.

4.2 Although we use appropriate security measures once we have received your personal data, data transmission over the internet (including by e-mail) is never completely secure. We endeavor to protect personal data, but we cannot guarantee the security of data transmitted to us or by us over the Internet.

5. WHO DO WE SHARE YOUR PERSONAL DATA WITH 

5.1 Sherp may share your personal data with certain third parties. When we share your personal data, we take all reasonable steps to ensure that your data is treated with adequate protection and in accordance with applicable law. 

Who do we share your personal data with?

Information about third parties and their data protection policies:

Type Name  Purpose of use
Analytics and tracking, marketing services, geolocation  Google

CrazyEgg

Microsoft Clarity

Leadfeeder

Pipedrive

To track and analyze a site user’s behavior

(for more details please see Cookies Notice)

To define the location of the website form’s applicant

To manage customer relations

Security services Palo Alto To secure data transfer
Email services Google

Yes ware

To communicate 
Social media services Facebook

LinkedIn

Instagram

Twitter

To communicate with the public, to promote services
File storage Google

Atlassian

Slack

To store data, to deliver software, to communicate
Communication services Telegram

Slack

Zoom

Sonetel

To communicate, to conduct the hiring qualification process, to conduct business negotiations 
Content hosting Youtube

Zoom

To communicate with the public, to promote services, to conduct the hiring qualification process
Subscription for newsletter services Reply.io To communicate directly with an audience
Web hosting AWS To host the website

5.2 We may disclose information about you to authorities if we are obliged to do so according to law and authority decisions.

6. YOUR RIGHTS 

Below is a list of the rights you have when Sherp processes personal data about you and you are always welcome to contact us via email privacy@sherp.tech if you wish to exercise any of these. 

6.1. The right to be informed about the collection and use of your personal data.

The right to be informed allows you to know what personal data is collected and processed by Sherp about you, why, how long it will be kept, and with whom Sherp will share the data.

6.2. Right to obtain access to the personal data held about you

You have a right of access that gives you the possibility to obtain a copy of your personal data, as well as other supplementary information. It may help you to understand how and why Sherp is using your data and check the lawfulness of the processing.

6.3. Right to ask for incorrect, inaccurate, or incomplete personal data to be corrected

The right to rectification allows you to ask Sherp to update any inaccurate or incomplete data it has on you.

6.4. Right to request that personal data be erased when they are no longer needed or if the processing is unlawful

You have the right to have personal data erased. This is also known as the ‘right to be forgotten’. There are situations where Sherp can decline the request. For instance, for reasons in compliance with legal obligations.

6.5. Right to request the restriction of the processing of your personal data in specific cases

You can request Sherp to limit the use of your personal data in certain situations:

  • If the data is inaccurate (during the verification process);
  • If the processing is unlawful, but you do not want the data to be erased and requests restriction (which is different from the right to be erased);
  • Sherp no longer needs data, but you want the data to be preserved, so the legal claim can be exercised;

Sherp also may limit the processing of your data if Sherp is taking measures to verify the data erasure request.

6.6 Right to receive your personal data in a machine-readable format and send them to another controller (‘data portability’)

You have the right to data portability, which gives you the right to receive your personal data processed by Sherp in a structured, commonly used, and machine-readable format. It also gives you the right to request that Sherp transmit those data directly to another controller.

6.7 Right to object to the processing of your personal data for marketing purposes or on grounds relating to your particular situation

You have the right to object to the processing of your personal data for marketing purposes at any time. You can also object to the processing of data on the grounds of legitimate interest.

6.8 Right regarding automated processing

You have the right not to be subject to automated decision-making if it is producing a legal effect that significantly affects you, or not to be subject to profiling. Profiling means evaluating certain personal aspects relating to an individual that analyze or predict aspects of behavior like performance at work, economic situation, health, personal preferences, interests, reliability, behavior, or location. 

In the case of automated decision-making, you also have the right to express your point of view and challenge the decision.

6.9 Right to withdraw your consent at any time

You have a specific right to withdraw consent. You have the right to withdraw your consent by writing us at privacy@sherp.tech

6.10 Right to lodge a complaint with a supervisory authority

You have the right to submit a complaint to the Office of the Commissioner for Personal Data Protection, which is the Cypriot supervisory authority for our personal data processing and can be reached using the following details:

Office of the Commissioner for Personal Data Protection 

Office address:

Iasonos 1, 1082 Nicosia, Cyprus

Postal address:

P.O.Box 23378, 1682 Nicosia, Cyprus

Tel: +357 22818456

Fax: +357 22304565

Email: commissioner@dataprotection.gov.cy   

Website: https://www.dataprotection.gov.cy     

Member: Ms. Irene Loizidou Nikolaidou – Commissioner for Personal Data Protection

You have also the right to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, place of work, or where violation of your rights has taken place.

7. TRANSFER OF PERSONAL DATA TO A THIRD COUNTRY

7.1 Sherp always strives to only process your personal data within the EU/EEA. However, it happens that our contractors/vendors have all or parts of their operations in countries outside the EU/EEA (so-called “third countries”), usually, it may be Ukraine or/and the USA. If the data is transferred outside the EU/EEA, we make sure that the data recipients are bound by data privacy responsibilities as stringent as those in force in the EU. To ensure this, we have or ensure the presence of an EU Commission Standard Contractual Clauses agreement or country adequacy decision in place with such data recipients.

8. AUTOMATED DECISIONS (PROFILING)

Sherp neither uses automated decision-making nor your personal data to automatically assess aspects of your personality (automated profiling).

9. VERIFICATION 

9.1 For certain personal data requests, we must first verify your identity before processing your request. To do so, we may ask you to provide us with your full name, contact information, and relationship to Sherp. Depending on your request, we may ask you to provide additional information. Once we receive this information, we will then review it and determine whether we are able to match it to the information Sherp maintains about you to verify your identity.

10. CHANGES TO OUR PERSONAL DATA NOTICE

Sherp Privacy Notice will be updated on an ongoing basis so that it is always up-to-date. Above you can always find the date of the last updated version of this Notice.