Privacy Policy
HorizonFlow Platform
Last updated: 20 January 2026
1. Introduction
This Privacy Policy explains how Konnekt-able Technologies Ltd (“Company”, “we”, “us”, “our”) collects, uses, discloses, and otherwise processes personal data in connection with the HorizonFlow platform (the “Platform”) and related services (the “Services”).
This Privacy Policy is drafted in accordance with Regulation (EU) 2016/679 (GDPR) and applies to Users acting in a professional or institutional capacity.
2. Identity of the Data Controller
- Legal Name:
- Konnekt-able Technologies Ltd
- Registered Seat:
- FDW House Blackthorn Business Park, Coes Road, Dundalk, Louth, Ireland
- Contact Email:
- [email protected]
For personal data processed on behalf of Users, the Company acts as processor in accordance with the Data Processing Agreement (Annex 1 to the Terms of Service).
3. Scope of This Privacy Policy
This Privacy Policy applies to:
- visitors to the Platform;
- registered Users;
- representatives and collaborators of User organizations.
It does not cover personal data processed exclusively within User-uploaded content, where the User acts as controller and the Company as processor (see Section 10 below).
4. Categories of Personal Data We Process
4.1 Account and Contact Data
- name
- professional email address
- organization name
- role/title
- login credentials
4.2 Usage and Technical Data
- IP address
- device and browser information
- access logs
- timestamps
- platform usage metrics
4.3 Communications
- support requests
- system notifications
- correspondence with the Company
4.4 Payment and Billing Data
- billing contact details
- transaction metadata (payment details are processed by independent payment providers)
5. Purposes and Legal Bases of Processing
| Purpose | Legal Basis (GDPR Art. 6) |
|---|---|
| Account creation & access | Contract performance (6(1)(b)) |
| Platform operation & security | Legitimate interests (6(1)(f)) |
| Communications & support | Contract performance / legitimate interests |
| Legal compliance | Legal obligation (6(1)(c)) |
| Analytics & performance | Legitimate interests |
| Billing & payments | Contract performance |
6. Use of Artificial Intelligence
Certain features of the Platform use AI-assisted processing to support drafting, structuring, or optimization of content.
- AI outputs are assistive and non-autonomous.
- No automated decision-making with legal or similarly significant effects takes place.
- Users remain fully responsible for all outputs.
AI processing is conducted in accordance with:
- GDPR transparency requirements;
- the AI Act;
- the Terms of Service.
7. Data Retention
Personal data is retained only for as long as necessary to fulfil the purposes described above, unless a longer retention period is required by law, as follows:
| Category of Personal Data | Purpose of Processing | Retention Period |
|---|---|---|
| Account and Registration Data (name, email, organization, role) | User account creation, authentication, platform access | Retained for the duration of the User account. Deleted or anonymized within a reasonable period following account termination, unless retention is required by law. |
| Authentication Data (hashed passwords, security tokens) | Account security and access control | Retained for the duration of the account. Security credentials are invalidated immediately upon account termination. |
| Usage and Technical Data (IP address, logs, timestamps, device data) | Platform security, performance monitoring, troubleshooting | Retained for a limited period, typically up to 12 months, unless required for security investigations or legal compliance. |
| Support and Communications Data (support tickets, correspondence) | User support, issue resolution, service improvement | Retained for up to 24 months after resolution of the request, unless a longer retention is required for legal claims or compliance. |
| Billing and Transaction Data (invoices, payment metadata) | Billing, accounting, tax compliance | Retained for the period required under applicable tax and accounting laws (typically 6–10 years, depending statutory provisions). |
| User Content containing Personal Data (e.g. names, CVs, proposal-related content uploaded by Users) | Provision of the Services on behalf of the User | Retained for the duration of the User’s use of the Platform. Deleted or returned in accordance with the Data Processing Agreement upon termination, unless retention is required by law. |
| Legal and Compliance Data (audit logs, legal correspondence) | Compliance with legal obligations, dispute resolution | Retained for as long as necessary to comply with legal obligations or to establish, exercise, or defend legal claims. |
| Aggregated or Anonymized Data | Analytics, service improvement | May be retained indefinitely, as it no longer constitutes personal data. |
8. Data Sharing and Recipients
Personal data may be disclosed to:
- authorized personnel of the Company;
- IT, hosting, and infrastructure providers;
- communication and support service providers;
- competent public authorities where required by law.
A current list of subprocessors is available at: ………………………………….
9. International Data Transfers
Personal data is primarily processed within the EEA.
Where data is transferred outside the EEA, the Company ensures appropriate safeguards in accordance with Chapter V GDPR, including Standard Contractual Clauses where applicable.
10. Processing on Behalf of Users
Where Users upload personal data relating to third parties (e.g. project partners, researchers, contact persons), the Company processes such data solely on behalf of the User as processor.
Such processing is governed by the Data Processing Agreement (Annex 1) to the Terms of Service.
11. Security Measures
The Company implements appropriate technical and organizational measures, including:
- access controls and authentication;
- encryption in transit;
- logical data segregation;
- backup and recovery mechanisms;
- incident response procedures.
12. Data Subject Rights
Data subjects have the right to:
- access their personal data;
- rectification;
- erasure;
- restriction of processing;
- data portability;
- object to processing;
- lodge a complaint with a supervisory authority.
Requests may be submitted to: [email protected]
13. Cookies and Tracking Technologies
The Platform uses cookies and similar technologies as described in the Cookie Policy.
14. Changes to This Privacy Policy
The Company may update this Privacy Policy from time to time. Material changes will be communicated through the Platform.
15. Contact and Complaints
For privacy-related inquiries: [email protected]
Supervisory authority: The Irish Data Protection Commission (or the authority of the User’s habitual residence, where applicable).