1. Who we are

Tyviso Global Limited is a partner marketing technology company. We operate a platform that delivers gift and reward experiences at key points in the customer journey — at checkout, post-purchase, and in retention programmes — through JavaScript tags embedded on our clients' websites.

We are registered in Ireland. Our registered address is: 1st Floor, The Liffey Trust Centre, 117–126 Sheriff Street Upper, Dublin, D01 YC43, Ireland.

We operate across the United Kingdom and the European Union. Where processing activities fall within scope, both the UK GDPR (as retained in UK law under the Data Protection Act 2018) and EU GDPR (Regulation 2016/679) apply to our operations. References to "GDPR" in this policy mean both frameworks unless stated otherwise.

For privacy queries: privacy@tyviso.com

2. Key definitions

3. Tyviso's role: controller and processor

3.1 When Tyviso is a Data Controller

Tyviso acts as a Data Controller in respect of:

• Visitors to tyviso.com
• Individuals who submit enquiries or book a demo via our website
• Client and partner contacts who hold accounts on the Tyviso platform
• Contacts in our sales and marketing communications

‍

For this processing, this policy applies in full.

3.2 When Tyviso is a Data Processor

When the Tyviso tag is active on a Client's website, Tyviso processes Consumer data on behalf of that Client. In this context:

• The Client is the Data Controller. They determine what data their customers provide and govern the overall relationship with those individuals.
• Tyviso is the Data Processor. We process Consumer data only to deliver the contracted service — displaying relevant partner offers and gifts at defined points in the customer journey.
• Our processing activities as Processor are governed by a Data Processing Agreement (DPA) with each Client, not by this policy.
• Consumers whose data is processed in this context should refer to the privacy policy of the relevant Client website.

‍

In either role, Tyviso does not sell Personal Data, does not pool Consumer data across Clients, and does not use Consumer data for its own advertising or profiling purposes.

4. Personal data we collect as Controller

4.1 Website visitors

• IP address and approximate location (country/region)
• Browser type and version
• Pages visited, time on page, referral source
• Cookie identifiers (see Section 7)

4.2 Enquiries and demo requests

• Name, business email address, company name
• Any information you choose to include in a free-text field

4.3 Client and partner platform users

• Name and business email address
• Login credentials (passwords are hashed; we cannot retrieve them)
• Platform activity and usage logs
• Billing and company information provided during onboarding

4.4 Sales and marketing contacts

• Name, business email, job title, company
• Communication preferences and interaction history

5. Lawful basis for processing

6. How we use your personal data

We use personal data only for the purposes for which it was collected. Specifically:

• To provide, maintain and improve the tyviso.com website and Platform
• To respond to enquiries and onboard new clients and partners
• To send communications you have requested, or that are necessary to deliver a contracted service
• To send marketing communications where we have the right to do so, and where you have not opted out
• To comply with legal and regulatory obligations
• To protect the security of the Platform and prevent fraud
• To evaluate potential business transactions (mergers, acquisitions) where relevant

‍

We do not use your personal data for automated decision-making that produces legal or similarly significant effects.

7. Cookies and tracking technologies

7.1 Types of cookies we use

We do not use cookies for advertising, retargeting or cross-site tracking.

7.2 Managing cookies

You can manage or withdraw cookie consent at any time via the cookie settings on our website. You can also instruct your browser to refuse cookies, though some parts of the site may not function correctly if you do.

8. Sharing your personal data

We do not sell personal data. We do not share personal data with third parties for their own marketing purposes. We may share personal data in the following limited circumstances:

• Service providers. We share data with trusted third parties who provide services on our behalf — including hosting, CRM, analytics and email delivery. These providers are contractually bound to process data only on our instructions and in accordance with applicable data protection law.
• Professional advisers. Lawyers, accountants, auditors and insurers where necessary to run our business.
• Legal and regulatory requirements. Where required by law, court order or a valid request from a competent authority.
• Business transfers. In the event of a merger, acquisition or sale of all or part of our business, personal data may be transferred as part of that transaction. We will provide notice in advance where required by law.

9. International data transfers

Tyviso is headquartered in Ireland and operates across the UK and EU. Some of our service providers are located outside these areas. Where personal data is transferred outside the UK or EEA, we ensure appropriate safeguards are in place. These include:

• Transfers to countries with an adequacy decision from the UK Information Commissioner's Office or the European Commission
• Standard Contractual Clauses (SCCs) approved by the European Commission or the UK ICO (International Data Transfer Agreements), as applicable

‍

You may request a copy of the relevant transfer mechanism by contacting us at privacy@tyviso.com.

10. Retention

We retain personal data for as long as necessary to fulfil the purpose for which it was collected, or as required by law. Our standard retention periods are:

When data is no longer required, it is securely deleted or anonymised.

11. Security

Tyviso is ISO 27001 certified. We maintain an information security management system that includes access controls, encryption, regular security testing and incident response procedures. Employees with access to personal data are trained on data protection obligations.

No method of electronic transmission or storage is completely secure. If you have reason to believe your interaction with us has been compromised, please contact privacy@tyviso.com immediately.

12. Your rights

Subject to applicable law, you have the following rights in relation to your personal data:

To exercise any of these rights, contact us at privacy@tyviso.com. We will respond within one month. We may ask you to verify your identity before processing a request.

If you are not satisfied with our response, you have the right to lodge a complaint with your supervisory authority. In Ireland, this is the Data Protection Commission (dataprotection.ie). In the United Kingdom, this is the Information Commissioner's Office (ico.org.uk).

13. Children

Our website and platform are directed at business professionals. We do not knowingly collect personal data from individuals under the age of 18. If you believe we have inadvertently collected data from a minor, please contact privacy@tyviso.com and we will delete it promptly.

14. Links to third-party websites

Our website may contain links to third-party sites. We are not responsible for their privacy practices. We recommend you review the privacy policy of any site you visit.

15. Changes to this policy

We may update this policy from time to time. Where we make material changes, we will notify you by email (if you have an account with us) or by a prominent notice on our website before the change takes effect. The "last updated" date at the top of this page reflects when the current version was published.

16. Contact us

For any questions about this policy, to exercise your rights, or to raise a concern:

• Email: privacy@tyviso.com
• Post: Tyviso Global Limited, 1st Floor, The Liffey Trust Centre, 117–126 Sheriff Street Upper, Dublin, D01 YC43, Ireland

‍