Privacy Policy Notice for
Emrys
Business Suite

We collect information that you provide directly to us when setting up and using your Account:

• Account Information: Name, email address, phone number, business name, and business address.
• Financial Information: While the platform is currently free, if and when billing is implemented, we will collect payment details (processed securely via third-party payment gateways).
• Automatically Collected Information: When you access the Platform, we automatically collect device information, IP addresses, browser types, and usage data (e.g., login times, features used) to ensure system stability and improve our Services.

We use the collected information for the following purposes:

• To create, maintain, and secure your Account.
• To provide, operate, and improve the Emrys Business Suite.
• To communicate with you regarding updates, security alerts, and administrative notices.
• To notify you of any future changes to our pricing or Terms and Conditions.
• To analyze platform usage and optimise user experience.

We do not sell your personal information. We may share your information only in the following circumstances:

• Service Providers: With trusted third-party vendors who assist us in operating our platform (e.g., cloud hosting providers, customer support tools) under strict confidentiality agreements.
• Legal Obligations: If required to do so by law, or in response to valid requests by public authorities (e.g., a court or government agency).
• Business Transfers: In connection with any merger, sale of company assets, financing, or acquisition of all or a portion of our business.

We implement industry-standard administrative, technical, and physical security measures to protect your personal information from unauthorised access, alteration, disclosure, or destruction. However, no method of transmission over the internet or electronic storage is 100% secure, and we cannot guarantee absolute security.

Depending on your jurisdiction, you may have the right to access, correct, update, or request deletion of your personal information. You can manage most of your data directly within your Account settings or by contacting our support team.

Depending on your jurisdiction, you may have the right to access, correct, update, or request deletion of your personal information. You can manage most of your data directly within your Account settings or by contacting our support team.

• "Applicable Data Protection Laws" means all applicable local, national, and international privacy and data protection laws (e.g., GDPR, Ghana Data Protection Act 2012, etc.).
• "Controller" means the entity that determines the purposes and means of processing Personal Data (The Client).
• "Processor" means the entity that processes Personal Data on behalf of the Controller (Emrys).
• "Personal Data" means any information relating to an identified or identifiable natural person that is processed by Emrys on behalf of the Client within the Platform.

In the context of the Client's use of the Emrys Business Suite to manage their retail, restaurant, or beauty & wellness operations, the Client is the Data Controller and Emrys is the Data Processor. Emrys will only process Personal Data in accordance with the Client's documented instructions (which includes providing the Services as outlined in the T&Cs).

• Subject Matter: The processing of Personal Data submitted by the Client to the Platform.
• Nature & Purpose: To provide ERP services, including inventory management, CRM, appointment scheduling, POS integration, and staff management.
• Types of Data: Customer names, contact details, appointment histories, staff schedules, and related operational data inputted by the Client.

Emrys agrees to:

• Process Personal Data strictly for the purpose of providing the Services.
• Ensure that personnel authorised to process Personal Data are bound by strict confidentiality obligations.
• Implement appropriate technical and organisational measures to ensure a level of security appropriate to the risk, protecting against unauthorised or unlawful processing and accidental loss, destruction, or damage.
• Notify the Client without undue delay after becoming aware of a Personal Data breach affecting the Client's data.
• Assist the Client, insofar as possible, in fulfilling the Client's obligations to respond to data subject requests (e.g., requests to delete or access data).

The Client grants Emrys general authorisation to engage third-party sub-processors (e.g., cloud hosting providers like AWS or Google Cloud) to assist in providing the Services. Emrys will ensure any sub-processor is bound by data protection obligations no less protective than those in this DPA.

Upon termination of the Client's Account, Emrys will, at the choice of the Client, delete or return all Personal Data to the Client, and delete existing copies unless Applicable Data Protection Laws require the continued storage of the Personal Data. Emrys will provide a thirty (30) day window post-termination for the Client to export their data before permanent deletion occurs.