Privacy Policy

Privacy Policy

This Privacy Policy explains, at a general level, how personal data may be handled in connection with the MyChair Operational Suite.

1. Personal Data We May Process

Depending on the deployed modules and configuration, MyChair may process information such as user identity data, login details, role information, contact details, audit logs, operational actions, and other business-related records associated with platform use.

2. Purpose of Processing

Personal data may be processed for purposes including account management, authentication, authorisation, auditability, operational workflow support, support delivery, product security, service improvement, and compliance with legal or contractual obligations.

3. Legal Basis

Where applicable, personal data may be processed on the basis of contractual necessity, legitimate interest, legal obligation, or user/customer authorisation. The exact basis may depend on the deployment and relationship with the customer.

4. Customer-Controlled Data

Where MyChair is used by an organisation, much of the data processed within the platform may be controlled by that customer organisation. In such cases, the customer may act as controller for certain personal data, while 3 Inventors may act in a processor or service-provider role according to the applicable agreement.

5. Security Measures

Reasonable technical and organisational measures are used to help protect data against unauthorised access, loss, misuse, and disclosure. However, no system should be understood as absolutely risk-free.

6. Data Sharing

Personal data may be shared only where necessary for support, hosting, infrastructure, legal compliance, authorised integrations, or service delivery, and only within the boundaries of the applicable contractual and legal framework.

7. Retention

Data retention depends on the customer agreement, operational requirements, legal obligations, and platform configuration. Retention and deletion practices should be reviewed in context with implementation and support planning.

8. User Rights

Where applicable law grants access, correction, deletion, restriction, portability, objection, or complaint rights, requests may be made through the relevant customer or service contact channel. Some requests may need to be handled by the customer organisation acting as controller.

9. International Transfers

If data is stored, hosted, or supported across jurisdictions, appropriate safeguards should be considered according to the applicable legal and contractual framework.

10. Policy Changes

This Privacy Policy may be updated to reflect operational, legal, contractual, or security changes.