Introduction
This Privacy Policy explains how Ombrulla collects, uses, discloses, stores, and protects personal data when you visit our website, contact us, request a demo, use our online forms, communicate with us, or engage with our products and services.
In this Policy, "Ombrulla", "we", "us", and "our" refer to Ombrulla and its affiliated entities, regional offices, and authorised representatives. "You" refers to website visitors, business contacts, customers, prospects, suppliers, partners, and other individuals whose personal data we process.
Ombrulla provides industrial AI and IoT solutions, including AI visual inspection, predictive maintenance, asset performance management, connected-worker safety, infrastructure inspection, mobile AI inspection, people analytics, IoT monitoring, digital twin, and custom AI solutions. Because some deployments may involve operational data, images, video, sensor data, worker-safety alerts, or site-level analytics, this Policy also explains how we handle such information where it relates to an identifiable individual.
Please read this Policy carefully. By using our website or submitting information to us, you acknowledge that you have read and understood this Policy. Where applicable law requires consent, we will request your consent separately.
Who Is Responsible for Your Personal Data?
For personal data collected through the Ombrulla website, contact forms, marketing communications, demo requests, supplier communications, and general business interactions, Ombrulla is usually the data controller or data fiduciary.
For personal data processed through customer deployments, Ombrulla may act as a data processor, service provider, or technology vendor on behalf of the customer. In those cases, the customer determines the purpose and means of processing, and Ombrulla processes the data under the customer contract, statement of work, data processing agreement, and applicable instructions.
If you are an employee, contractor, visitor, customer, or end user of an Ombrulla customer and your data is processed through an Ombrulla deployment, please also review the privacy notice provided by that customer. We may direct your request to the relevant customer where they are responsible for responding.
Personal Data We Collect
The categories of personal data we collect depend on how you interact with us and which services are used.
Information You Provide Directly
- •Contact details, such as first name, last name, business email address, phone number, company name, job title, country, and location.
- •Enquiry information, such as message content, project requirements, industry, use case, deployment needs, and preferred contact method.
- •Demo, meeting, and sales information, such as meeting preferences, notes, communications, and follow-up records.
- •Customer, partner, and supplier information, such as contract details, billing contacts, purchase records, support requests, and business correspondence.
- •Recruitment information, if you apply for a role or send us a profile, such as CV/resume, work experience, qualifications, portfolio, references, and interview notes.
- •Any other information you choose to share with us.
Website, Device, and Usage Data
- •IP address, device identifiers, browser type and version, operating system, time zone, pages viewed, links clicked, referring URLs, session activity, timestamps, and diagnostic logs.
- •Cookie and similar tracking information, including preferences, analytics, performance, security, and marketing-related identifiers where enabled.
- •Form analytics and communication data, such as whether a form was submitted successfully or whether a message was opened, where applicable.
Operational, AI, IoT, Image, Video, and Sensor Data
Depending on the customer project, configuration, and contract, Ombrulla solutions may process operational or industrial data. Some of this data may be personal data if it identifies or can reasonably be linked to an individual. This may include:
- •Camera, CCTV, drone, mobile, or uploaded images and video used for visual inspection, infrastructure inspection, workplace safety, quality control, people analytics, or incident review.
- •Worker-safety data, such as location within a site, access-zone events, proximity alerts, lone-worker check-ins, emergency alerts, exposure alerts, fall-detection events, or incident logs, where such features are configured.
- •IoT, sensor, asset, and machine data, such as temperature, vibration, current, pressure, equipment status, telemetry, alarm events, maintenance records, and performance logs. This is usually operational data, but it may become personal data where linked to a named operator, technician, user account, or worker event.
- • User account and access data for customer portals or dashboards, such as name, business email, role, permissions, activity logs, and support interactions.
- •AI-generated outputs, such as defect classifications, asset-risk scores, incident alerts, occupancy estimates, object/person counts, detection logs, confidence scores, annotations, and audit trails.
Sensitive or Special Category Data
Ombrulla does not intentionally collect sensitive personal data through the public website. In specific customer deployments, certain data may be sensitive or special category data under applicable law, for example biometric identifiers, health and safety exposure events, injury-related incident records, or precise worker location data. We process such data only where configured by the customer, permitted by applicable law, and governed by appropriate contractual, technical, and organisational controls.
How We Collect Personal Data
- •Directly from you when you complete a form, request a demo, contact us, attend a meeting, subscribe to updates, apply for a role, or communicate with us.
- •Automatically when you use our website, emails, dashboards, portals, products, or services.
- •From customers, partners, suppliers, and authorised representatives where they provide information for a project, support request, contract, or deployment.
- •From devices, cameras, sensors, systems, logs, customer platforms, and integrated tools where Ombrulla solutions are deployed.
- •From publicly available sources and business databases where permitted by law for legitimate B2B sales, marketing, security, compliance, or due-diligence purposes.
How We Use Personal Data
We use personal data for the following purposes:
- •To operate, maintain, secure, and improve our website, products, platforms, dashboards, and services.
- •To respond to enquiries, demo requests, support requests, proposals, and communications.
- •To assess customer requirements, prepare solution designs, conduct pilots, implement deployments, provide support, and manage customer relationships.
- •To deliver AI, IoT, visual inspection, predictive maintenance, workplace safety, infrastructure inspection, people analytics, and related solutions under customer contracts.
- •To configure, test, monitor, troubleshoot, and improve models, alerts, workflows, integrations, dashboards, and reports, subject to applicable contracts and permissions.
- •To send service communications, meeting confirmations, product updates, commercial communications, and relevant industry insights where permitted by law.
- •To manage contracts, billing, payments, procurement, supplier onboarding, and business records.
- •To evaluate job applications and manage recruitment processes.
- •To detect, prevent, and investigate security incidents, misuse, fraud, unlawful activity, service abuse, technical issues, or policy violations.
- •To comply with legal obligations, regulatory requirements, audits, tax, accounting, litigation, and lawful requests from authorities.
- •To protect the rights, safety, property, and legitimate interests of Ombrulla, our customers, users, workers, visitors, and the public.
Legal Bases for Processing
Where applicable privacy laws require a legal basis, we rely on one or more of the following:
- •Consent, where you have given consent, for example for certain marketing communications or non-essential cookies.
- •Contract or pre-contract steps, where processing is necessary to respond to your request, provide a proposal, deliver services, manage a customer account, or perform a contract.
- •Legitimate interests, such as improving our services, securing systems, responding to business enquiries, conducting B2B marketing, preventing fraud, managing business relationships, and developing products, provided those interests are not overridden by your rights.
- •Legal obligations, where processing is required for compliance, tax, accounting, employment, regulatory, safety, or legal purposes.
- •Vital interests or safety-related interests, where processing is necessary to protect someone's life, health, or safety, for example in certain emergency, worker-safety, or incident-response contexts.
- •Customer instructions, where Ombrulla acts as a processor or service provider on behalf of a customer.
AI, Automated Analysis, and Human Review
Ombrulla solutions may use machine learning, computer vision, statistical analysis, rules engines, and automated workflows to detect defects, identify asset-risk patterns, flag safety events, count objects or people, classify image/video content, generate alerts, or recommend operational actions.
Unless a customer specifically configures a workflow and has a lawful basis to do so, Ombrulla does not intend for its systems to make decisions about individuals that produce legal or similarly significant effects without appropriate human review. Customers remain responsible for deciding how AI outputs are used in their workplace, operations, safety, maintenance, quality, or compliance processes.
AI outputs may be probabilistic and should be reviewed in context, especially where the output could affect safety, employment, access control, incident investigation, compliance, or other important decisions.
Cookies and Similar Technologies
We use cookies and similar technologies such as pixels, tags, scripts, local storage, and analytics tools to operate the website, improve performance, understand usage, secure our services, remember preferences, and support marketing where permitted.
Cookies may include:
- •Strictly necessary cookies required for website functionality, security, form submission, and basic operation.
- •Preference cookies used to remember choices such as region, language, or settings.
- •Analytics and performance cookies used to understand how visitors use the website and improve user experience.
- •Marketing cookies used to measure campaigns or show relevant content, only where enabled and permitted.
Marketing Communications
We may send business-related communications, product updates, newsletters, event invitations, case studies, or industry insights where permitted by law. You may opt out of marketing communications at any time by using the unsubscribe link in our emails or contacting us. We may still send non-marketing communications, such as service, support, security, contract, or legal notices.
How We Share Personal Data
We do not sell personal data. We may share personal data where necessary and lawful with:
- •Ombrulla group companies, regional offices, authorised representatives, employees, contractors, and consultants who need access for legitimate business purposes.
- •Customers, where Ombrulla processes data as part of a customer deployment, report, dashboard, integration, or support activity.
- •Service providers and subprocessors, such as hosting providers, cloud infrastructure, analytics tools, CRM systems, communication tools, email providers, security tools, ticketing systems, professional advisers, and payment or billing providers.
- •Technology partners and integration providers where required for a project and authorised by the customer or contract.
- •Professional advisers, auditors, insurers, legal counsel, accountants, and consultants.
- •Government, law enforcement, regulators, courts, or other authorities where required by law or necessary to protect rights, safety, or security.
- •Parties involved in a business transaction, such as a merger, acquisition, financing, restructuring, due diligence exercise, or sale of assets, subject to appropriate confidentiality safeguards.
International Data Transfers
Ombrulla operates globally and may process or transfer personal data across countries, including the United Kingdom, United States, Germany, India, customer locations, and other locations where our customers, partners, service providers, or infrastructure are based.
Where personal data is transferred internationally, we use appropriate safeguards where required by applicable law. These may include contractual protections, data processing agreements, standard contractual clauses or equivalent mechanisms, access controls, encryption where appropriate, transfer assessments, and vendor due diligence.
Data Security
We use reasonable technical and organisational measures designed to protect personal data against unauthorised access, loss, misuse, alteration, disclosure, or destruction. These measures may include access controls, role-based permissions, authentication controls, encryption where appropriate, network and application security, monitoring, logging, backups, vulnerability management, vendor controls, staff confidentiality obligations, and incident response procedures.
No method of transmission or storage is completely secure. We cannot guarantee absolute security, but we work to maintain safeguards appropriate to the nature of the data, the risk, the technology used, and the relevant legal requirements.
Data Retention
We keep personal data only for as long as reasonably necessary for the purposes described in this Policy, unless a longer retention period is required or permitted by law, contract, audit, tax, accounting, security, dispute resolution, or legitimate business requirements.
Retention periods may vary depending on the data category and context. For example:
- •Website enquiry and lead data may be retained while the business relationship or sales opportunity remains active and for a reasonable period afterwards.
- •Customer contract, billing, procurement, and project records may be retained for the contract term and a legally required or commercially reasonable period afterwards.
- •Support tickets, logs, and security records may be retained for troubleshooting, audit, security, and compliance purposes.
- •Operational data, images, video, sensor records, worker-safety events, AI outputs, and customer deployment data are retained according to the customer contract, configuration, and applicable legal requirements.
- •Recruitment data may be retained for the recruitment process and, where permitted, for future opportunities or legal compliance.
Your Privacy Rights
Depending on where you are located and which law applies, you may have rights in relation to your personal data, including the right to:
- •Access or receive information about the personal data we hold about you.
- •Request correction of inaccurate or incomplete personal data.
- •Request deletion or erasure of personal data where applicable.
- •Object to or restrict certain processing activities.
- •Withdraw consent where processing is based on consent.
- •Request data portability where applicable.
- •Opt out of marketing communications.
- •Request review of certain automated decisions where applicable.
- •Nominate another person, raise a grievance, or exercise other rights available under applicable laws, including India's data protection laws where applicable.
- •Complain to a relevant data protection authority or supervisory authority.
Customer Deployment Data
Where Ombrulla provides technology to a customer, the customer is generally responsible for determining what data is collected, which individuals are covered, where devices are installed, how long data is retained, who can access outputs, and how alerts or reports are used. Customer deployment data may be governed by a separate contract, data processing agreement, project documentation, information security schedule, or customer privacy notice.
Customers using Ombrulla solutions should ensure that appropriate privacy notices, employee notices, site notices, signage, consent flows where required, workplace policies, works council or labour approvals, DPIAs or equivalent risk assessments, and lawful bases are in place before deploying camera, worker-safety, facial recognition, biometric, geolocation, people-counting, or monitoring features.
Third-Party Links and Integrations
Our website and services may contain links to third-party websites, tools, platforms, calendars, social media pages, embedded content, maps, or integrations. We are not responsible for the privacy practices, content, or security of third-party services. Please review the privacy policies of those third parties before providing information to them.
Children's Privacy
Ombrulla's website, products, and services are intended for business and industrial use and are not directed to children. We do not knowingly collect personal data from children through our public website. If you believe a child has provided personal data to us, please contact us so that we can take appropriate steps.
If a customer deployment may involve children or minors, the customer is responsible for ensuring that appropriate legal bases, parental or guardian permissions, notices, safeguards, and contractual controls are in place before any processing occurs.
Data Accuracy
We take reasonable steps to keep personal data accurate and up to date where necessary for the purposes for which it is processed. You can help us by informing us if your contact details or other information changes.
Changes to This Privacy Policy
We may update this Privacy Policy from time to time to reflect changes in our business, services, technologies, legal requirements, or privacy practices. The updated version will be posted on our website with a revised "Last updated" date. If changes are material, we may provide additional notice where required by law.
Contact Us
If you have questions about this Privacy Policy, want to exercise your privacy rights, or wish to raise a privacy concern, please contact us:
Email: info@ombrulla.com
Website contact form: https://ombrulla.com/contact
India office: Prestige Cube, 26 Laskar Hosur Road, Adugodi, Bangalore 560030, India
United Kingdom office: 134 Westbury Rise, Essex, London, UK CM17 9NT