Eldris.
Portal Login
Service Data Centre
Portal Login

Privacy Policy

Last Updated: 4 February 2026

1. Introduction

EldrisAi OÜ ("Eldris", "we", "us", or "our"), registered in Estonia (Registry Code: 3162734), operates the EU Responsible Person compliance platform at responsible.eldris.ai (the "Service").

We are committed to protecting your privacy and handling your personal data in accordance with the UK General Data Protection Regulation (UK GDPR), the EU General Data Protection Regulation (EU GDPR), and applicable Estonian data protection legislation.

This Privacy Policy explains how we collect, use, store, and protect your personal information when you use our Service.

2. Data Controller

The data controller responsible for your personal data is:

EldrisAi OÜ

Tallinn, Estonia

Registry Code: 3162734

Email: privacy@eldris.ai

3. Information We Collect

3.1 Information You Provide

  • Account Information: Name, email address, company name, VAT number, and billing address when you register for our Service.
  • Product Information: Product names, SKU codes, descriptions, category classifications, and compliance documentation required for EU Responsible Person appointment.
  • Payment Information: Payment card details are processed securely by our payment processor, Stripe. We do not store full card numbers on our servers.
  • Communications: Correspondence when you contact our support team or respond to surveys.

3.2 Information Collected Automatically

  • Usage Data: Pages visited, features used, date and time of access, and referring URLs.
  • Device Information: Browser type, operating system, device identifiers, and IP address.
  • Cookies: Essential, functional, and analytics cookies as described in our Cookie Policy.

4. How We Use Your Information

We process your personal data for the following purposes:

  • Service Delivery: To provide EU Responsible Person appointment services, generate compliance certificates, and manage your product portfolio.
  • Regulatory Compliance: To act as your EU Responsible Person and liaise with market surveillance authorities on your behalf.
  • Billing: To process payments and issue invoices.
  • Communication: To send service updates, compliance alerts, and respond to your enquiries.
  • Improvement: To analyse usage patterns and improve our Service.
  • Legal Obligations: To comply with applicable laws and regulatory requirements.

5. Legal Basis for Processing

We process your personal data based on:

  • Contract Performance: Processing necessary to fulfil our service agreement with you (GDPR Article 6(1)(b)).
  • Legal Obligation: Processing required to comply with EU product safety regulations and market surveillance requirements (GDPR Article 6(1)(c)).
  • Legitimate Interests: Processing for fraud prevention, security, and service improvement, where our interests do not override your fundamental rights (GDPR Article 6(1)(f)).
  • Consent: Where you have given explicit consent for specific processing activities (GDPR Article 6(1)(a)).

6. Data Sharing and Disclosure

We may share your personal data with:

  • Regulatory Authorities: EU market surveillance authorities when required as part of our EU Responsible Person duties.
  • Service Providers: Trusted third parties who assist in operating our Service (hosting, payment processing, analytics).
  • Legal Requirements: Law enforcement or regulatory bodies when required by law or to protect our legal rights.

We do not sell, rent, or trade your personal data to third parties for marketing purposes.

7. International Data Transfers

Your data is processed within the European Economic Area (EEA). Where data is transferred outside the EEA, we ensure appropriate safeguards are in place, including:

  • Transfers to countries with an adequacy decision from the EU Commission
  • Standard Contractual Clauses approved by the EU Commission
  • Binding Corporate Rules for intra-group transfers

8. Data Retention

We retain your personal data for:

  • Active Accounts: For the duration of your subscription plus 10 years (as required for EU Responsible Person record-keeping obligations under EU Regulation 2019/1020).
  • Closed Accounts: 10 years from date of account closure to comply with regulatory retention requirements.
  • Marketing Data: Until you unsubscribe or withdraw consent.

9. Your Rights

Under UK GDPR and EU GDPR, you have the right to:

  • Access: Request a copy of your personal data.
  • Rectification: Correct inaccurate or incomplete data.
  • Erasure: Request deletion of your data (subject to legal retention requirements).
  • Restriction: Request limitation of processing in certain circumstances.
  • Portability: Receive your data in a structured, machine-readable format.
  • Objection: Object to processing based on legitimate interests.
  • Withdraw Consent: Withdraw consent at any time where processing is based on consent.

To exercise your rights, contact us at privacy@eldris.ai.

10. Security

We implement appropriate technical and organisational measures to protect your personal data against unauthorised access, alteration, disclosure, or destruction. These include encryption in transit and at rest, access controls, regular security assessments, and staff training.

11. Complaints

If you are not satisfied with how we handle your personal data, you have the right to lodge a complaint with a supervisory authority:

  • Estonia: Andmekaitse Inspektsioon (AKI) – www.aki.ee
  • UK: Information Commissioner's Office (ICO) – ico.org.uk

12. Changes to This Policy

We may update this Privacy Policy periodically. Material changes will be communicated via email or through our platform. The "Last Updated" date at the top of this page indicates when this policy was last revised.

13. Contact Us

For questions about this Privacy Policy or our data practices, contact:

EldrisAi OÜ – Data Protection

Email: privacy@eldris.ai