Back
Updated as of 8 July 2024
This Privacy Statement is applicable to the processing of personal data in the context of:
For interactions or engagements with Prosus, please refer to the Prosus Privacy Statement available at www.prosus.com/privacy.
Use of Toqan is also subject, as applicable, to the Toqan Services Agreement, or other terms governing the use of Toqan in your organization, as well as the Toqan Fair Use Policy.
MIH AI BV, a company of the Prosus Group, is the controller responsible for processing of personal data, unless your use of Toqan is the subject of a data processing agreement between your employer and MIH AI BV. In such case, you may be bound by the provisions of an applicable privacy statement of such company and the use of Toqan shall be governed by the terms of the data processing agreement. This Privacy Statement provides you with the information on what personal data we may collect, for which purposes and under which legal grounds, as well as whom may have access to your personal data.
We collect your personal data:
3.1. For the technical and functional management of the Toqan Website.
I. What does this purpose entail?
When you visit the Toqan Website, our website administrators process technical data linked to the use of the Toqan Website to enable us to deliver its functionalities. This enables our Website’s administrators to better manage the website; for instance by resolving technical difficulties or by improving the accessibility of certain parts of the Website. This way, we ensure that you can (continue to) find the information on the Toqan Website in a quick and simple manner. We also use cookies to support these technical aspects of our Website (for more information please consult our Cookie Notice). Please note that we do not sell or otherwise monetize your personal data collected as part of your visit to the Toqan Website.
II. On what legal ground do we process this personal data?
We process your personal data on the basis of our legitimate interest to provide you information on Toqan through our website in the most efficient and seamless manner.
III. Which personal data do we process for this purpose?
We process technical data like the IP-address of the device you use to access this website, the webpages you visit, the internet browser you use, previous/next visited Websites, the duration of a session and your country when landing on the Toqan Website.
IV. For what period do we retain your personal data for this purpose?
We retain technical data for different periods of time depending on which cookie is used. Please refer to our Cookie Notice for information on the different cookies and their corresponding retention periods.
3.2. To operate, maintain and improve Toqan.
I. What does this purpose entail?
When you use Toqan, we process your personal data for the following purposes:
Your personal data will not be used for training any of the underlying large language models (LLM’s) incorporated into the product. Further, we will not process your personal data in the context of Toqan for any personalized advertising.
II. On what legal ground do we process personal data for this purpose?
We process your personal data whilst using Toqan either (i) for the performance of the Toqan Services Agreement (performance of a contract) to the extent the processing is indispensable to enable your access and use of Toqan; (ii) based on our legitimate interest to improve Toqan; (iii) to comply with applicable legal obligations and/or enforceable governmental requests. In case we process your personal data based on our legitimate interest, we have conducted a legitimate interests assessment to ensure that our legitimate interest is not overridden by your interests or rights and freedoms.
III. Which personal data do we process for this purpose?
We process the following categories of personal data in the context of your use of Toqan:
IV. For what period do we retain your personal data for this purpose?
Your data will be retained for a period of 18 months from the date of their creation or receipt, unless a longer retention period has been agreed contractually or is mandated by law, regulation, or is necessary for operational purposes. Please note that you can set retention periods for data that is retained in the communication tool used to access Toqan (such as Slack).
3.3 To protect Toqan Website from fraud and to enforce Toqan Website Terms of Use
I. What does this purpose entail?
We process your personal data to monitor whether your visits to the Toqan Website comply with the Terms of Use.
II. On what legal ground do we process this personal data?
We process your personal data based on our legitimate interest to protect the Toqan Website.
III. Which personal data do we process for this purpose?
We process technical data such as the IP-address of the device you use to access the websites, the webpages you visit, the internet browser you use, previous/next visited websites, the duration of a session and the country when landing on the Toqan Website.
IV. For what period do we retain your personal data for this purpose?
We retain technical data for different time periods depending on which cookie is used. Please see our Cookie Notice for the different cookies and corresponding retention periods.
3.4 To manage our relationship with Toqan customers
I. What does this purpose entail?
We process personal data to manage our relationship with Toqan customers and to complete due diligence processes when required. This purpose only relates to designated representatives of Toqan customers only.
II. On what legal ground do we process this personal data?
We process personal data to comply with applicable legal obligations with regard to the due diligence process. If you are a representative of a Toqan customer, your personal data is required for the performance of a contract with us.
III. Which personal data do we process for this purpose?
We may process your contact details, such as your (business) e-mail address, department, company/home address and your (business) phone number. We may also process Information from trade registers and other public/private sources regarding your business activity.
IV. For what period do we retain your personal data for this purpose?
For Personal Data that we collect and process for these purposes, we will typically retain such Personal Data for as long as it is necessary to comply with our obligations with regard to customer due diligence and tax and accounting requirements.
3.5 To organize events and other engagements with you
I. What does this purpose entail?
We process your personal data to enable your attendance in events that we organize or co-organize with regard to Toqan or other tools/projects such as hackathons and conferences.
II. On what legal ground do we process this personal data?
We process your personal data based on our legitimate interest to organize or co-organize events related to our activities. For events that may involve the collection of special categories of data (for instance regarding your dietary restrictions), we shall collect such information only with your consent.
III. Which personal data do we process for this purpose?
Depending on the nature of the event we may collect your name, gender, (business) e-mail, business contact details, affiliation and position. If the organization of the event requires such data, we may collect information about your dietary preferences and/or restrictions as well as information regarding your disability only if this required to enable your attendance in the event.
IV. For what period do we retain your personal data for this purpose?
If your participation in the event is part of your continuous engagement with us, we shall retain your contact information and the details of your participation in the event. Otherwise, we will remove the information upon completion of the event, or if you withdraw your consent.
4.1 Access to your personal data within Prosus Group
As a global company, data we collect may be transferred internationally (also outside the European Economic Area). Your personal data may be exchanged with the parent company of MIH AI BV, i.e., the Prosus Group. Such international transfers shall take place in accordance with applicable data privacy requirements, particularly in conformity with the European Commission Standard Contractual Clauses (SCCs) (for more information on SCCs please read here), when data is transferred to a jurisdiction which does not have an adequate level of data protection as mandated under the GDPR. You may request access to our SCCs, by contacting us at privacy@prosus.com.
Employees in the group are authorized to access your personal data only to the extent necessary to serve the applicable purposes we describe above and to perform their jobs.
4.2 Access to your personal data by our suppliers
If the nature of services provided by our suppliers requires access to your personal data, we will take the appropriate contractual, technical and organizational measures, in line with our SOC 2 Type I commitments, to ensure that your personal data is securely processed only to the extent that this processing is necessary for the provision of such services.
If such third parties act under our instructions (as data processors), we enter into an agreement with such a data processor and include obligations to ensure that your personal data is processed by the data processor solely to provide products or services to us.
In particular, the following categories of third parties may have access to your personal data:
In the context of use of Toqan:
In the context of Toqan Website:
If your personal data needs to be transferred internationally to a recipient in a country that does not provide an adequate level of protection for personal data under the terms of the European Union General Data Protection Regulation (GDPR), we will take appropriate measures to ensure that your personal data remains adequately protected, in particular through entering into the European Commission Standard Contractual Clauses (SCCs) (for more information on SCCs please read here). You may request access to our SCCs, by contacting us at privacy@prosus.com.
4.3. Access to your personal data by other third parties
We may share your personal data if it is required by applicable law or agreement, legal process or a binding governmental request, or where the disclosure is otherwise appropriate due to safety or similar concerns.
This also includes sharing data with others in connection with, or during negotiations of, any merger, sale of company assets, consolidation or restructuring, financing, or acquisition of all or a portion of our business by or into another company.
Toqan is now SOC2 Type I and ISO270001 compliant. We have taken adequate safeguards to ensure the confidentiality and security of your personal data. We have implemented appropriate technical, physical and organizational measures to protect personal data against accidental or unlawful destruction or accidental loss, damage, alteration, unauthorized disclosure or access as well as all other forms of unlawful processing (including, but not limited to, unnecessary collection) or further processing.
The Toqan Website uses cookies. A cookie is a small text file that we send to your internet browser which enables us to recognize your browser when you return. Cookies can collect data on the use of the website such as which pages are visited and the duration of a user session. Cookie Notice.
Under applicable data protection and privacy laws, you may have rights to:
Access your personal data
You may ask us whether we process any personal data that relates to you. If this is the case, you may ask us to provide you with a copy of the personal data we process of you insofar as required by applicable data protection laws.
Correct and erase your personal data
You may request us to correct any inaccurate personal data we process about you. Also, you may ask us to erase the personal data that relates to you if it is no longer necessary for the purposes for which we processed them, if you have withdrawn your consent and we do not have another legal ground for processing your personal data, if your personal data have been unlawfully processed, or if your personal data must be erased following applicable EU or EU member state laws.
Object to processing your personal data
You may object to our processing of your personal data based on our legitimate interest. We will then no longer process your personal data for this purpose, unless we have an overriding legitimate interest to do so. You may also ask us to erase your personal data, unless there is an overriding legitimate interest for the processing.
Data portability
Where applicable, you may request the receipt or transmission to another organization in a machine-readable form, of the personal information that you have provided to us.
Lodge a complaint with the appropriate Data Protection authority
If you feel that we do not comply with the applicable data protection and privacy laws, you have the right to lodge a complaint with your local supervisory authority. In the Netherlands this would be the Autoriteit Persoonsgegevens.
How to exercise your data protection rights
If you would like to exercise any of your data protection rights, please contact us at privacy@prosus.com. Your request should contain a description of the personal data you want to access to and/or other right you want to exercise. You will need to provide us with information that allows us to authenticate your identity, as appropriate.
Should you have any questions regarding the processing of your personal data, or if you want to exercise any of your individual rights, please send us an email at privacy@prosus.com.
This Privacy Statement may be changed over time. The most up-to-date Privacy Statement is published on our website, so we invite you to visit our Privacy Portal to read about how your personal data is processed. This Privacy Statement was last changed 8 July 2024.