Privacy and Personal Data Protection Policy
Hi, users! Welcome!
Rayls Group (referred to as " Rayls" or “us”), is the controller and responsible for processing your Personal Data.
Rayls' contact details are as follows:
Designation: Rayls
Postal address: 103 South Church Street, P.O. Box 472, George Town, Grand Cayman KY1-1106, Cayman Islands
E-mail address: info@rayls.com
This Policy is designed to explain to you how your data is processed, stored and used by us when you use the "Landing Page", available at www.rayls.com ("Website") and our infrastructure, which is only available to registered individuals. We recommend that you read this Policy carefully.
Some of the provisions of this Policy may apply only to the infrastructure and not to the Landing Page and the other way around. The Landing Page only collects personal data when you contact us using the functionality provided (“Contact”) and/ or when you subscribe to the newsletter. It does not collect any other personal data from you other than the one collected through the form made available therein.
Please also note that our Website may include links to third-party websites, plug-ins and applications. Clicking on these links or enabling these connections may allow third parties to collect or share data about you. We do not control these third-party websites and are not responsible for their privacy statements. When you leave our Website, we recommend that you read the privacy policy of each website you visit.
What concepts should you know about this topic?
We are aware that some of the terms used in this Policy may be difficult to understand. For this reason, we have prepared a glossary to make them easier to read:
▪ Competent Authority: entity responsible for ensuring, implementing and enforcing data protection laws in its jurisdiction (e.g. supervisory authorities on data protection of European Union countries, under the General Data Protection Regulation (“GDPR”) and the supervisory authority in the UK (Information Commissioner’s Office).
▪ Controller: a natural or legal person, public authority, agency or other body which determines the purposes (what for) and means (how) of the processing of personal data. Basically, the controller makes the main decisions regarding the Processing of Personal Data – that is, Rayls.
▪ Personal Data: any information relating to an identified or identifiable natural person (“Data Subject”).
▪ Sensitive Personal Data: Personal data concerning racial or ethnic origin, religious or philosophical beliefs, political opinions, trade union membership, data concerning health, sex life or sexual orientation, genetic data and biometric data, for the purpose of uniquely identifying a natural person.
▪ IP (or Internet Protocol): Unique identification for each computer connected to a network.
▪ Data Subject(s): natural person whose Personal Data is being Processed, including users and visitors to our website and customers.
▪ Processing: any operation we carry out with your Personal Data, whether or not by automated means, including collection, production, reception, classification, use, access, reproduction, transmission, distribution, processing, archiving, storage, deletion, evaluation or control of the information, modification, communication, transfer, dissemination or extraction.
▪ International data transfer: transfer of Personal Data to a country or international organization outside the European Economic Area or the UK.
What types of Personal Data are processed?
The form and purpose of Personal Data Processing activities vary according to the context for which your information was collected.
We may process different types of Personal Data about you, which we group together as follows:
| Identification data | Full name, customer ID, verification data, last access, username or similar identifier, banking data. |
|---|---|
| Employer details | Any information related to the company that the data subject represents. |
| Technical data | Internet protocol (IP) address, login data, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and other technologies on the devices the user uses to access the website. |
| Marketing and communications data | These include preferences for the marketing you receive from us and from third parties, and communication preferences.[PC1] |
The provision of certain personal data (namely, your e-mail) is necessary to enter into a contract with you and/or to fulfil legal obligations. Therefore, if you do not provide such essential information, we would not be able to provide you with our product.
We will not ask for or process sensitive personal data, namely data relating to your religious or philosophical beliefs, political opinions, sex life or sexual orientation.
How do we collect your Personal Data?
We use different methods to collect data from and about you, including through:
Direct interactions. You may provide us with your Personal Data by filling in forms or by communicating with us by post, phone, email or any other means. This includes information you provide when:
▪ Requests further details about our product;
▪ Contract our service or subscribe to our posts;
▪ Requests marketing notifications to be sent to you;
▪ Contact us via the reporting channel; or
▪ Send us your feedback, ask for support or contact us.
Automated technologies or interactions. As you engage with our Website, we automatically collect technical data about your device, browsing actions and patterns. We collect this data using cookies, server logs and other similar technologies. For more information on the use of cookies and similar technologies, please consult our Cookie Policy[PC2] .
Through Third Parties. Rayls may also collect Personal Data through client companies, business partners, suppliers, service providers or other companies in our corporate group.
You vouch for the veracity and accuracy of the personal data and information you provide. Rayls shall not be liable in the event of false data, inaccuracy or omission of Personal Data, and it is your responsibility to provide such data accurately and to update it whenever needed.
For what purposes do we process your Personal Data?
Your Personal Data is processed with the following lawful basis and for the referred purposes:
¾ Execution of a contract to which you are a party or for pre-contractual steps at your request:
▪ Registering you as a new customer;
▪ Processing and delivering our product;
▪ Managing our relationship with you, including replying to your requests, taking on suggestions and complaints, providing customer service and support.
¾ Compliance with legal or regulatory obligations:
▪ Evaluating and monitoring security risks to Rayls' website and infrastructure, improving and developing new security tools, including in compliance with anti-money laundering and anti-terrorist financing guidelines;
▪ Complying with the legal and regulatory obligations we are required to fulfill.
¾ Consent:
▪ Sending relevant information on our activities and product through our newsletter;
▪ Providing a demonstration of our product.
¾ Legitimate interests pursued by Rayls or third parties:
| Purpose | Legitimate Interest | Examples |
|---|---|---|
| Prevention of fraud or illegal activity | Ensuring that our product is being used in accordance with the Law | We conduct regular audits and continuous employee training on legal and regulatory standards. |
| Management of Rayls' business and website | Ensuring that the business and Rayls' website works properly | Troubleshooting, data analysis, testing, system maintenance, support, reporting and data hosting |
| Improvement of product | Developing and improving the product that we provide to our clients | analyzing data to improve our website, products, marketing, customer relations and experiences |
| Litigation management | Protecting Rayls' rights in contracts and judicial, administrative or arbitration proceedings | We conduct risk assessments related to potential litigation, ensure compliance with applicable laws and regulations, and retain qualified legal counsel to represent and consult with. |
Rayls processes the data necessary to fulfil its legitimate interests or those of third parties. Whenever Rayls processes data based on legitimate interests, it carries out a prior analysis of the processing to ensure that the rights and interests of the data subjects do not prevail over such legitimate interests. For more information on this balancing exercise, please reach Rayls through the contacts referred to below.
Do we share your Personal Data?
We may need to share your Personal Data with other companies in the Rayls Group, service providers, business partners, suppliers or with bodies and entities of the Public Administration.
We will only share your Personal Data when necessary for:
▪ Provision and operation of our product;
▪ Protecting rights in contracts, judicial, administrative or arbitration proceedings; or
▪ Compliance with a legal or regulatory obligation, a court order or a request from administrative authorities that have the legal authority to request it.
We require our business partners, service providers and suppliers to process your Personal Data in accordance with applicable data protection laws. We do not allow our service providers to use your Personal Data for their own purposes, and we only allow them to Process your Personal Data for specific purposes and in accordance with our instructions.
Does Rayls transfer personal data internationally?
As part of our activities, we may perform operations involving the International Transfer of your Personal Data. We are committed to providing appropriate protection for your personal data by ensuring that at least one of the following safeguards is implemented:
· We will only transfer your personal data to countries which are deemed to provide an adequate level of protection for personal data, according to an Adequacy Decision adopted by the European Commission or UK Adequacy Regulations.
· Whenever there is no Adequacy Decision or UK Adequacy Regulation, we contractually ensure that these entities comply with all legal obligations on data protection, namely by using the standard contractual clauses for the transfer of personal data to third countries approved by the European Commission or the UK international data transfer agreement or the UK addendum to the EU standard contractual clauses, as applicable.
For more information on the International Transfers we perform, please contact us through any one of the channels referred to below.
What about the automatic collection and use of cookies?
From time to time, Rayls may use cookies to enable you to browse effectively, store your preferences and improve your user experience. Find out more about how to change or block cookies in our Cookie Policy[PC3] .
What security measures we take to protect your Personal Data?
We take information security seriously and make effort to protect your Personal Data, preventing incidents such as unauthorized access. We have adopted a number of technical and administrative measures including (i) login and password access controls; (ii) data encryption methods; (iii) storage of access logs; and (iv) data backups.
Our security procedures are regularly optimized as new techniques become available.
However, we recommend that you also take action to ensure that your device used to access our Website remains secure, such as: using antivirus and firewall software; using the most up-to-date version of your operating system, browser or software; and not sharing access data (login and password) with third parties.
How long will your Personal Data be stored?
We keep your Personal Data for the length of time needed for us to perform our legitimate purposes. This means that once the purpose has been fulfilled, your data will be anonymized or deleted.
You can also object to the processing or ask for the deletion of your data. In these cases, we will analyze your request and, if we believe that the request is justified, we will delete the Personal Data from our databases. If you revoke your consent for the processing of your Personal Data, we will also delete the Personal Data from our databases.
However, in some cases, it may be necessary to keep the Personal Data stored in order to protect Rayls' interests in any process and/or to comply with any legal or regulatory obligation. In these cases, we will only keep your data as long as necessary to protect our interests or for the retention period set out in the “Applicable Laws" to which Rayls is subject to (namely, laws and regulations on tax and the prevention and fight against money laundering and terrorist financing).
What are your rights?
As a Data Subject you have a number of rights in relation to your Personal Data:
▪ The right to access: you have the right to obtain confirmation on whether we process your Personal Data and to access and obtain information on the Personal Data concerning you and on the processing activities we perform. This includes the right to obtain a copy of your Personal Data;
▪ The right to rectification: you have the right to rectify incomplete, incorrect or outdated data;
▪ The right to be forgotten: in certain cases provided in the Applicable Laws, you have the right to request the deletion of your data (for example, if the processing of data is illicit or no longer necessary for the purposes for which the data was collected). In some specific cases, Rayls may have valid grounds to retain your data, even when you request for its deletion (for example, for compliance with a legal obligation or for the defense of Rayls or third parties in legal proceedings).
▪ The right to portability: in some cases, you have the right to receive the Personal Data you have provided to Rayls in a structured, commonly used and machine-readable format, and the right to transmit this data to another data controller;
▪ The right to restriction of processing: you have the right to restrict processing of data when (i) you contest the accuracy of the personal data and for a period enabling Rayls to verify its accuracy, (ii) the processing is unlawful and you oppose the erasure of the personal data; (iii) Rayls no longer needs the personal data, but such data is required by you for the purposes of establishing, exercising or defending a right in legal proceedings; (iv) you object to the processing and during the period of evaluation of the request by Rayls;
▪ Right to withdraw consent: you have the right to withdraw the consent you have given for data processing at any time;
▪ Right to object: you have the right to object to data processing based on Rayls or third parties’ legitimate interests. There may be circumstances in which we are legally entitled to refuse your request.
To exercise any of these rights, please contact Rayls on the channels referred to in the Website.
We may need to request specific information to confirm your identity, as a security measure to ensure that your Personal Data is not disclosed to anyone. We may also contact you to request further information in relation to your request to speed up our response.
We will respond to all requests within 1 (one) month. In more complex cases or when you present several requests, we may need to 2 (two) months to respond to your request. In this case, we will let you know that we will need this extra time.
You also have the right to lodge a complaint with a Competent Authority regarding matters relating to the exercise of your rights and the protection of your personal data:
o In the EU, you can lodge complaints with any Supervisory Authority. Find the Supervisory Authorities here.
o In the UK, it is the Information Commissioner's Office. Find out on their website how to report a concern.
How do I get in touch with Rayls?
If you have any questions or would like further information about this Privacy Policy, including any requests about your rights, please contact us:
¾ Through email: privacy@rayls.com;
¾ Through our website: Contact Us
When can this Notice be changed?
This Privacy Policy is subject to being updated in the event of changes to the Processing of Personal Data. We therefore recommend that you revisit this Policy frequently so that you are aware of anything new we bring here!
Last updated: June 08th, 2025.
[PC1]We need to validate this with the details of the project in the initial phase.
[PC2]Include link to it.
[PC3]Include link.