We collect only the data necessary for the agreed-upon purposes and ensure that data collection methods comply with relevant laws and regulations. Mainly, ensuring that the data received has consent for its intended use.

• All data is encrypted at rest using industry-standard encryption algorithms.
• Data is stored in secure, access-controlled environments. We use a cloud service (GCP) with robust security certifications which also requires users to have 2FA (two-factor authentication) set up and enabled.
• Data access is limited to authorised personnel through granular identity and access control management (IAM) and role-based access control (RBAC).
• All staff are trained on how to handle and manage sensitive data.
• Data will not be shared with any external third-party parties, unless previously agreed with the brand and a data transfer agreement has been put in place.
• We maintain records of data protection activities, including data collection, access logs, incident reports, and training records.
• We have data retention policies to ensure data is kept only as long as necessary and disposed of securely when no longer needed.

• We have an internal incident response plan which we maintain and use to address data breaches and security incidents.
• We take immediate action to contain and mitigate any data breaches including notifying affected parties and relevant authorities as required by law.
• We document and report all incidents in accordance with legal and contractual requirements.

Individuals have the following rights concerning their personal data:

• Right of Access: You can request a copy of the personal data we hold about you.
• Right to Rectification: If any data we hold is inaccurate or incomplete, you can request corrections.
• Right to Erasure: In certain circumstances, you can request that we delete your personal data.
• Right to Restrict Processing: You can ask us to limit how we use your data in certain situations.
• Right to Data Portability: You can request that your data be transferred to another organisation.
• Right to Object: You have the right to object to the processing of your data for direct marketing purposes.
• Right to Withdraw Consent: Where we rely on your consent for data processing, you can withdraw this consent at any time.

If you wish to exercise any of these rights, please contact team@tryamt.com

If we transfer personal data outside the European Economic Area (EEA) or to regions with differing privacy laws, we ensure that appropriate safeguards are in place. These safeguards may include:

• The use of Standard Contractual Clauses approved by the European Commission.
• Transfers to countries that have been deemed to provide an adequate level of data protection by relevant authorities.

We will always ensure that your data is protected, regardless of where it is processed.

We may update this privacy policy from time time to reflect changes in our data protection practices or legal requirements. Any significant changes will be communicated via email or through prominent notices on our website. Please check back periodically to ensure you are aware of any updates.