Privacy Policy

1) Who we are
This website (the “Site”) is owned and operated by Vigh29 Holding Ltd (“Ephelia Group”, “we”, “us”, or “our”). We are the data controller of personal information processed via the Site.
Contact: privacy@epheliagroup.com • Postal address: Vigh29 Holding Ltd, 7 Manchester Square, London, United Kingdom
If Article 27 GDPR/UK GDPR applies, we will designate an EU and/or UK representative and update this Policy with their details.

2) Scope of this Policy
This Policy explains how we collect, use, disclose, and protect personal information when you visit or interact with the Site. It does not apply to third‑party websites, platforms, or services that we do not control. The Site is informational only; it does not provide user accounts, e‑commerce, or in‑product services.

3) Information we collect

• Information you provide directly:
  – Contact details and message content when you email us or submit a form (e.g., name, business details, email, phone, the content of your inquiry).
  – Event/meeting information if you ask to be contacted or schedule a call.

• Information collected automatically:
  – Device/usage data (e.g., IP address, browser type and version, language, time zone, referrer URL, pages viewed, links clicked, date/time, and general location inferred from IP).
  – Cookies and similar technologies used for site operations, analytics, and (where applicable) social media integrations or pixels. See our Cookie Policy for details and choices.

• Information from third parties:
  – Analytics providers (e.g., aggregated insights from tools like Google Analytics).
  – Social media platforms when you interact with plugins or embedded content (your interactions are also governed by the platform’s privacy policy).

We do not intentionally collect sensitive personal information via the Site, and we do not knowingly collect personal information from children (see Section 12).

4) Why we process your information (purposes & legal bases)
4.1 Purposes

• Operate, maintain, and secure the Site (including troubleshooting, fraud prevention, and debugging).

• Respond to inquiries and manage business communications.

• Analytics and performance measurement to understand usage and improve the Site.

• Legal compliance and to establish, exercise, or defend legal claims.
   

4.2 Legal bases (EU/EEA, UK, Switzerland)

• Legitimate interests: running a secure, reliable website; addressing queries; preventing abuse.

• Consent: non‑essential cookies/analytics/tracking where required (collected via the cookie banner).

• Legal obligations: where processing is necessary to comply with applicable laws.

(For Canada, New Zealand, and U.S. states, we rely on comparable principles (consent where required, legitimate business purposes, and compliance with law).)

5) Cookies & similar technologies
We use first‑ and third‑party cookies and similar technologies for site functionality, analytics, and (where implemented) social plugins/pixels. Your options to accept, reject, or customize non‑essential cookies are available through the Site’s cookie banner and settings at any time. For details, see our Cookie Policy.

6) How we share information
We share personal information only as needed and with appropriate safeguards:

• Service providers/Processors that host the Site, provide security, analytics, content delivery, email, or cookie consent tools (contractually restricted to use data only on our instructions).

• Social plugins/embedded content if you interact with them (the third party may collect information; see their privacy notices).

• Business transfers (e.g., merger, acquisition, or asset sale).

• Legal and compliance (to comply with law or protect rights, safety, or security).

We do not sell personal information. Where certain analytics or advertising technologies could be deemed a “share” for cross‑context behavioral advertising under some U.S. state laws, we will obtain consent (where required) and provide an opt‑out (see Section 11 and Annex A).

7) International transfers
We may transfer personal information to countries outside your own (including outside the EU/EEA, UK, or Switzerland). Where we do so, we implement appropriate safeguards such as Standard Contractual Clauses (SCCs), the UK International Data Transfer Addendum/Agreement, and, where applicable to participating vendors, frameworks like the EU‑U.S. Data Privacy Framework. You may contact us to request more information on these safeguards.

8) Data retention
We keep personal information only for as long as necessary to fulfill the purposes described above, including to comply with legal, accounting, or reporting requirements. Criteria include the nature of the data, the context of collection (e.g., inquiry vs. security logs), and applicable limitation periods. We may anonymize or aggregate data for statistical purposes.

9) Security
We implement technical and organizational measures designed to protect personal information (e.g., encryption in transit, access controls, logging, and vendor due diligence). However, no method of transmission or storage is completely secure; we cannot guarantee absolute security.

10) Your privacy rights
EU/EEA & UK (GDPR/UK GDPR)
You may have the right to access, rectify, erase, or restrict processing of your personal information; the right to data portability; and the right to object to processing based on our legitimate interests. Where processing is based on consent, you may withdraw it at any time (this does not affect processing before withdrawal). You also have the right to lodge a complaint with your local data protection authority (e.g., an EU DPA or the UK ICO).
Switzerland (revFADP)
You may have rights to access, rectification, deletion, and to object to processing in certain cases, and to lodge a complaint with the Federal Data Protection and Information Commissioner (FDPIC).
Canada (PIPEDA)
You may request access to and correction of your personal information and may challenge our compliance with PIPEDA. You can contact the Office of the Privacy Commissioner of Canada if concerns remain.
United States
Under California’s CCPA/CPRA (and similar state laws), residents may have the right to know/access categories and specific pieces of personal information, delete, correct, portability, and to opt out of “sale” or “sharing” of personal information and limit the use of sensitive personal information (which we do not intentionally collect via this Site). We do not sell personal information. If we “share” personal information for cross‑context behavioral advertising, you can opt out using the “Do Not Sell or Share My Personal Information” link (see Section 11). You will not be discriminated against for exercising your rights.
In Virginia, Colorado, Connecticut, Utah, and other states with privacy laws, you may also have the right to appeal a decision regarding your request (see Section 11).
New Zealand (Privacy Act 2020)
You may request access to and correction of your personal information and can raise concerns with the Office of the Privacy Commissioner.

11) Exercising your rights & choices

• Submit a request: Email us at privacy@epheliagroup.com with “Privacy Request” in the subject. We will verify your identity and respond within the time frames required by law. You may authorize an agent where permitted (we will require proof of authorization).

• Cookie & analytics choices: Use the Site’s cookie banner/settings to manage non‑essential cookies at any time.

• U.S. “Do Not Sell or Share” / Targeted advertising opt‑out: If applicable, use the “Do Not Sell or Share My Personal Information” link in the footer or contact us at [privacy@epheliagroup.com].

• Global Privacy Control (GPC): Where legally required, we treat a valid GPC signal as an opt‑out for the browser sending the signal.

• Appeal (U.S. states that provide this right): If we deny your request, you may appeal by replying to our decision email with “Appeal” in the subject. We will inform you of the outcome and your options to contact your state attorney general.
   

12) Children’s privacy
The Site is not directed to children and we do not knowingly collect personal information from children. If you believe a child has provided personal information to us, please contact privacy@epheliagroup.com so we can delete it. In the EU/EEA/UK/CH the Site is not intended for individuals under 16; in the U.S., not for children under 13.

13) Third‑party sites & social plugins
The Site may link to third‑party websites and may include social plugins or embedded content (e.g., from LinkedIn, X/Twitter, YouTube). We do not control these third parties. Their privacy policies govern your interactions with them. Review their terms and privacy notices before engaging.

14) Changes to this Policy
We may update this Policy from time to time. Changes take effect when posted here with an updated “Last updated” date. Material changes will be highlighted or otherwise communicated where appropriate.

15) How to contact us
Controller: Vigh29 Holding Ltd
Email: privacy@epheliagroup.com
Postal address: Vigh29 Holding Ltd, 7 Manchester Squale, London, United Kingdom
If applicable, details of our EU/UK representative will be posted here.