Privacy Policy
Effective Date: September 12, 2025
Amberlo Limited (“We”, “Our”, “Us”) are committed to protecting and respecting your privacy. Where we process personal data on behalf of a Subscriber (e.g., a law firm using our platform), Amberlo Limited acts as the data processor under Article 28 GDPR. In all other cases (e.g., website, sales, billing), Amberlo Limited acts as a data controller.
This policy sets out the basis on which any personal data we collect from you, that you provide to us, or that is provided to us by a subscriber to our services (under the brand name ‘Amberlo’), will be processed by us. We process personal data on the basis of the legal grounds set out in the GDPR. Where processing requires consent (e.g., non-essential cookies/marketing), we will request it in advance, and you can withdraw it at any time.
Controller, Contacts and Supervisory Authority
Controller: Amberlo Limited, Ground Floor, 8–9 Marino Mart, Fairview, Clontarf, Dublin 3, Ireland; email: [email protected]
Supervisory authority: You have the right to lodge a complaint with a supervisory authority, in particular at your habitual residence or at the place of our establishment.
What Data We Process, Purposes, Legal Bases, and Retention
We may collect and process the following data about you. For each category of data, we identify the purpose of processing, the lawful basis under Article 6 of the GDPR, and the retention period, as set out below:
(1) Account registration and service delivery: name, contact details, account credentials. (a) Lawful basis: performance of contract (Art. 6(1)(b)). (b) Retention: for the duration of the account; hereafter, deletion or archiving as required by commercial/tax laws.
(2) Billing and payment: billing address, payment details. (a) Lawful basis: performance of contract and legal obligation (Art. 6(1)(b), (c)). (b) Retention: statutory retention per applicable law.
(3) Marketing communications: name, email, marketing preferences. (a) Lawful basis: consent (Art. 6(1)(a)) or legitimate interests (Art. 6(1)(f)). (b) Retention: until consent is withdrawn or 2 years after last engagement.
(4) Analytics and usage data: IP address, device/browser, usage logs. (a) Lawful basis: legitimate interests (Art. 6(1)(f)). Our legitimate interest is to monitor and improve the performance, functionality, and security of our service. We have conducted a balancing test to ensure that our interests do not override your rights and freedoms. (b) Retention: 12 months, or anonymised for longer.
(5) Support and communications: support tickets, correspondence. (a) Lawful basis: performance of contract (Art. 6(1)(b)). (b) Retention: 3 years after last interaction.
Sources of Data
Information you provide: You may provide data by filling in forms on www.amberlo.io or by phone/email.
Information from others. We may receive data from Subscribers designating you as a user and from service providers we use (e.g., hosting, support, analytics).
Where we use marketing/advertising partners, they are listed in the Cookie/Tool list and used only with your consent. We do not use credit reference agencies unless expressly required for a specific contract, in which case we will inform you separately.
Cookies and Other Tracking Technologies
To operate and optimise our website and services, Amberlo Limited, along with our trusted marketing, affiliate, and analytics partners, utilises various tracking technologies. These technologies include cookies, beacons, tags, scripts, pixels, Local Storage (such as HTML5), and server log files. We use them to analyse trends, administer the site, track user movements around the site, and gather demographic information about our user base as a whole.
We categorise these technologies based on their purpose and use them as follows:
(1) Strictly Necessary Technologies
These technologies are essential for the operation of our website and services. They enable core functionalities such as security, session management, and ensuring content is presented effectively for you and your device. We use cookies and Local Storage (LSs) like HTML5 to store content information and preferences necessary for the site to function. The use of these technologies does not require your prior consent.
(2) Analytics and Performance Technologies
With your explicit consent, we use technologies to collect and analyse information about how you interact with our website and services. This includes:
(a) Log Files: Like most websites, we automatically gather certain information and store it in log files. This information may include your Internet Protocol (IP) address, browser type, Internet Service Provider (ISP), referring/exit pages, operating system, and date/time stamps.
(b) Usage Analysis: We use these technologies to analyse trends, monitor site performance, and understand user navigation. We may combine this automatically collected log information with other data we hold about you to improve the services we offer, as well as for our marketing, analytics, or site functionality. We may receive reports from our analytics partners based on the use of these technologies on both an individual and an aggregated basis.
(3) Marketing and Behavioural Targeting Technologies
We partner with third-party advertising networks to manage our advertising on other sites. With your explicit consent, these partners may use technologies such as cookies and LSs to gather information about your activities on our site and other websites. This information is used to provide you with advertising that is tailored to your browsing activities and interests. A full list of our marketing and advertising partners is available in our consent management tool.
Your Control and Consent Management
The provision of personal data for analytics and marketing purposes is not contractually required. You are not obliged to provide it.
(1) Consent Tool: We use the “Real Cookie Banner” as our consent management tool. You can manage your preferences or withdraw your consent for any non-essential technologies at any time through this tool.
(2) Accountability: We log your consent decisions in order to comply with our accountability obligations under Article 5(2) of the GDPR. If you do not provide personal data within the consent tool, we will be unable to manage your consents effectively.
(3) Browser Settings: In addition to our consent tool, various browsers may offer their own management tools for removing Local Storage objects like HTML5 LSOs.
Disclosure of Your Information
We may share your personal information with
(1) Group companies and service providers/sub-processors (hosting, support, email, analytics, payment) bound by Article 28 agreements and technical and organisational measures;
(2) Credit reference agencies for the purpose of assessing your credit score, where this is a condition of us entering into a contract with you.
In certain situations, Amberlo Limited may be required to disclose personal data in response to lawful requests by public authorities, including to meet national security or law enforcement requirements. We may disclose your personal information to third parties:
(1) In the event that we sell or buy any business or assets, we may disclose your personal data to the prospective seller or buyer of such business or assets.
(2) If Amberlo Limited or substantially all of its assets are acquired by a third party, in which case personal data held by it about its customers will be one of the transferred assets.
(3) If we are under a duty to disclose or share your personal data in order to comply with any legal obligation, or in order to enforce or apply our terms and conditions of service (www.amberlo.io/terms-of-service) and other agreements; or to protect the rights, property, or safety of Amberlo Limited, our customers, or others. This includes exchanging information with other companies and organisations for the purposes of fraud protection and credit risk reduction.
(4) If Amberlo Limited is involved in a merger, acquisition, or sale of all or a portion of its assets, you will be notified via email and/or a prominent notice on our website of any change in ownership or use of your personal information, as well as any choices you may have regarding your personal information. In the event of such a transaction, we will ensure that your personal data continues to be processed in accordance with this Privacy Policy and applicable data protection laws, and we will inform you of any material changes to the purposes or legal bases for processing your data.
Some of our pages utilise framing techniques to serve content to/from our partners while preserving the look and feel of our site. Please be aware that you are providing your personal information to these third parties and not to www.amberlo.io.
International Data Transfers
All personal data we collect from you is stored on secure servers located within the European Union (EU). However, certain service providers or sub-processors engaged by Us may be located or process data outside the European Economic Area (EEA). Where such transfers occur, we shall ensure that they are conducted in full compliance with Chapter V of the GDPR. We will only transfer personal data to a third country where the European Commission has issued an adequacy decision, or where appropriate safeguards are in place, such as the use of Standard Contractual Clauses (SCCs) approved by the European Commission, supplemented by a Transfer Impact Assessment (TIA) and additional measures where necessary. A list of our sub-processors and the legal basis for any international transfers can be provided upon request at [email protected].
Referral Service
On our App website (app.amberlo.io), which is for Subscribers to our service and their users only, we offer a referral service. You can choose to provide us with the names and email addresses of individuals who you feel would be interested in learning more about our products and services in exchange for rewards. We send a preliminary email to each address provided to us in this way, inviting the contact to visit our website. We continue to store the contact details in order to track the success of our referral service, but no further communication with that individual will take place unless they contact us expressing interest in our products and services. The preliminary email allows the individual to request that their contact details be removed from our database, and they may also contact us at any time at [email protected] to make the same request.
Your Rights as a Data Subject
Pursuant to the General Data Protection Regulation (GDPR), you have the following rights concerning your personal data. You may exercise these rights at any time by contacting us at [email protected].
(1) The Right of Access (Art. 15 GDPR): You have the right to obtain confirmation as to whether or not personal data concerning you is being processed, and, where that is the case, access to the personal data.
(2) The Right to Rectification (Art. 16 GDPR): You have the right to obtain the rectification of inaccurate personal data concerning you without undue delay.
(3) The Right to Erasure (‘Right to be Forgotten’) (Art. 17 GDPR): You have the right to obtain the erasure of your personal data without undue delay where certain grounds apply.
(4) The Right to Restriction of Processing (Art. 18 GDPR): You have the right to obtain restriction of processing where certain conditions apply.
(5) The Right to Data Portability (Art. 20 GDPR): You have the right to receive the personal data concerning you, which you have provided to us, in a structured, commonly used and machine-readable format and have the right to transmit that data to another controller.
(6) The Right to Object (Art. 21 GDPR): You have the right to object, on grounds relating to your particular situation, at any time to processing of personal data concerning you which is based on legitimate interests (Art. 6(1)(f) GDPR).
(7) The Right to Withdraw Consent (Art. 7(3) GDPR): Where processing is based on your consent, you have the right to withdraw your consent at any time. The withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal.
The Right to Lodge a Complaint (Art. 77 GDPR): You have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, place of work or place of the alleged infringement. Our lead supervisory authority is the Data Protection Commission (DPC) of Ireland.”
Opt-out Preferences
If you wish to subscribe to our newsletter(s), we will use your name and email address to send the newsletter to you. Out of respect for your privacy, you may choose to stop receiving our newsletter or marketing emails by following the unsubscribe instructions included in these emails, accessing the email preferences in your account settings page, or contacting us at [email protected].
Where We Store Your Personal Data
The data that we collect from you will be stored at a destination within the European Union. We will take all steps reasonably necessary to ensure that your data is treated securely and in accordance with this privacy policy.
All information you provide to us is stored on secure servers in a controlled environment with limited access. Any transactions will be encrypted using SSL technology. Where we have given you (or where you have chosen) a password which enables you to access certain parts of our site, you are responsible for keeping this password confidential. We ask you not to share a password with anyone.
While no transmission of information via the internet is completely secure, we take reasonable measures to protect your personal data, we cannot guarantee the security of your data transmitted to our site; any transmission is at your own risk. Once we have received your information, we will use strict procedures and security features to try to prevent unauthorised access.
Blogs and Social Media
Our website includes social media features, such as the Facebook Like button – and widgets such as the Share button. These features may collect your IP address, which page you are visiting on our site, and may set a cookie to enable the feature to function properly. Social media features and widgets are hosted on our site or by a third party, and your interactions with these features are governed by the privacy policy of the company providing them.
Our website includes publicly accessible blogs or community forums. Any information you provide in these areas may be read, collected and used by others who access them. This includes information posted on our public social media accounts. To request the removal of your personal information from our blog or community forum, contact us at [email protected]. In some cases, we may not be able to remove your personal information, in which case we will let you know if we are unable to do so and why.
Your Google Data
Amberlo Limited is not affiliated with Google. However, we provide integrations with a number of Google products and services using the Google APIs. We cannot access your data in these services unless you or your G Suite Admin explicitly authorise access. We use access to your data and Google services in the following ways:
(1) Google Account (read-only) – We allow you to authorise synchronisation of your Google Calendar with the Amberlo calendar using your Google Account or G Suite Account. We do NOT have access to, and do NOT store your Google password. We do access your name and email address to identify you within the service. To modify any of your Google Account information, please use the means provided by Google.
(2) Google Calendar (read/write) – We allow integration with Google Calendar by providing 2-way synchronisation of your meetings with due dates and reminders between Google Calendar and your Amberlo account. You can choose to synchronise any existing Google calendar or create a new one.
(3) Google Contacts (read-only) – Amberlo searches and displays your Google Contacts so that you can easily assign or share tasks with others.
(4) Gmail (read-only) – Amberlo allows you to create notes and tasks out of emails and attaches a copy of the email to the task or note for easy reference later.
Testimonials
With consent, we may display personal testimonials of satisfied customers on our site, along with other endorsements. If you wish to update or delete your testimonial, you can contact us at [email protected].
Our Policy Toward Children
The Service is not directed at individuals under the age of 13. We do not knowingly collect personal information from children under 13. If you become aware that a child has provided us with personal information, please contact us at [email protected]. If we become aware that a child under 13 has provided us with personal information, we will take steps to delete such information.
Changes to Our Privacy Policy
Any material changes we may make to our privacy policy in the future will be posted on this page prior to the change becoming effective and, where appropriate, notified to you by e-mail. Please check back frequently to see any updates or changes to our privacy policy.
Contact
Questions, comments, and requests regarding this Privacy Policy are welcome and should be addressed to [email protected].
