Contact Information
Name: Data Protection Officer
Address: 11445 E Via Linda, STE 2 #315, Scottsdale AZ 85259-2638, USA
Phone Number: +44 (0)7392 511 894
E-mail: dpo@lavenirai.com
The type of personal information we collect
We currently collect and process the following information:
- Personal identifiers (name, email address)
- Company (company providing the seat license to LavenirAI)
- Region (ex. US, Singapore)
- lesson modules (lessons, quizzes, etc)
- module name
- module ID
- start date+time
- end date+time
- completion (true/false or %)
- score (if applicable)
- negotiation modules
- negotiation name
- negotiation ID
- start date+time
- end date+time
- score
- conversation transcript
- generated feedback
- app sessions
- start date+time
- end date+time
How we get personal information we collect
Name, email, company, and region are used for authentication and identification of a user. We need this data to manage seat licenses, and ensure those who connect to the LavenirAI app are doing so with authorization. This secure login also protects the user’s individual data, and company’s company data.
Lesson modules and negotiation modules data is used for analytics in the Insights dashboard. For trainees, this data provides personal info like which training modules they still need to complete, previous negotiation scores and attempts, and overall app usage time. For team leads, this data is aggregated, so that the team lead can see organization-wide sessions, session time, total negotiations, negotiation time, and percentage of the training modules each trainee in their org has completed.
Certain organizations may also opt-in to having the team leads see further individualized training data, such as negotiation scores for each trainee (but that is not our default).
Negotiation transcripts and generated feedback are important for us to collect so that we can debug issues in the product, and work to improve the negotiations in the product.
3rd Parties
Our app relies on certain 3rd party services to function, and so we must pass certain data to third parties. Specifically, voice data from the app (only recorded during negotiations and other avatar interactions) is sent to either Google or OpenAI’s API for audio Text-to-Speech processing. That text is then sent to OpenAI’s API along with the previous conversation history. OpenAI does not use this data for AI training purposes (see their privacy policy: https://openai.com/enterprise-privacy). The data passed to the Google API is controlled by Google’s data policies (which are some of the best in the world).
Data Location and Security
By default, we store data in Amazon Web Services, Google Cloud, and MongoDB physically-managed cloud databases, in one or more of our service regions. Note, these service regions house our data infrastructure, but are designed to serve surrounding countries as well. Any data that is Personal Identifiable information (PII) for customers in the UK will be held only in UK based servers. Any data that is Personal Identifiable information (PII) for customers in the EU will be held only in UK or EU based servers.
Current Service Regions:
-United States of America
-United Kingdom
-Singapore
-South Africa (only used for companies that request this)
-Brazil (only used for companies that request this)
Data in these cloud services is only accessible to a limited number of senior software engineers in our core team, protected by private keys and passwords. Passwords are revoked or rotated whenever one of these engineers ceases work with our company. All keys are SSH-2 RSA with 2048 bit, and passwords are minimum 14 characters with random letters, numbers, and capitalization.
We keep names, email addresses, LinkedIn contacts for 13 months after expiration of contract, or after initial enquiry. We will then dispose your information by deleting it from our systems or anonymising the data.
Under the UK General Data Protection Regulation (UK GDPR), the lawful bases we rely on for processing this information are:
Your consent. You are able to remove your consent at any time. You can do this by contacting dpo@lavenirai.com
We have a contractual obligation.
We have a legal obligation.
We have a legitimate interest.
Your Data Protection Rights
Under data protection law, you have rights including:
Your right of access – You have the right to ask us for copies of your personal information.
Your right to rectification – You have the right to ask us to rectify personal information you think is inaccurate. You also have the right to ask us to complete information you think is incomplete.
Your right to erasure – You have the right to ask us to erase your personal information in certain circumstances.
Our right to restriction of processing – You have the right to ask us to restrict the processing of your personal information in certain circumstances.
Your right to object to processing – You have the the right to object to the processing of your personal information in certain circumstances.
Your right to data portability – You have the right to ask that we transfer the personal information you gave us to another organisation, or to you, in certain circumstances.
You are not required to pay any charge for exercising your rights. If you make a request, we have one month to respond to you.
Please contact us at dpo@lavenirai.com if you wish to make a request.
How to Complain
If you have any concerns about our use of your personal information, you can make a complaint to us at dpo@lavenirai.com
You can also complain to the ICO if you are unhappy with how we have used your data.
The ICO’s address:
Information Commissioner’s Office
Wycliffe House
Water Lane
Wilmslow
Cheshire
SK9 5AF
Helpline number: 0303 123 1113
ICO website: https://www.ico.org.uk