Legal
GDPR Statement
Last updated: 15 January 2026 · Almanor Research Inc.
Almanor Research Inc. is committed to compliance with the General Data Protection Regulation (EU) 2016/679 ("GDPR") and its national implementations across EU member states, as well as the UK GDPR as retained in UK law following the UK's departure from the European Union.
1. Data controller
Almanor Research Inc., 333 West San Carlos Street, San Jose, CA 95110, USA is the data controller for personal data collected through almanorai.com and in connection with our services. For data protection enquiries, contact us at info@almanorai.com.
2. Scope
This statement applies to the personal data of individuals in the European Economic Area (EEA), the United Kingdom, and other jurisdictions where the GDPR or equivalent legislation applies. It supplements our Privacy Policy, which provides full detail on what data we collect, how we use it, and for how long we retain it.
3. Lawful bases for processing
We rely on the following lawful bases under Article 6 GDPR when processing personal data:
- Consent (Art. 6(1)(a)): Where you have given a clear, freely given, specific, informed, and unambiguous indication of your agreement to the processing — for example, by subscribing to marketing communications. You may withdraw consent at any time by contacting us.
- Performance of a contract (Art. 6(1)(b)): Where processing is necessary for the performance of a contract to which you are party, or to take steps at your request prior to entering into a contract — for example, responding to a demo request or delivering services.
- Legal obligation (Art. 6(1)(c)): Where processing is necessary to comply with a legal obligation to which we are subject, including tax, accounting, and regulatory requirements.
- Legitimate interests (Art. 6(1)(f)): Where processing is necessary for our legitimate interests (or those of a third party), provided those interests are not overridden by your rights and interests. Our legitimate interests include improving our website and services, communicating with prospective clients, and managing our business operations. We conduct legitimate interests assessments when relying on this basis.
4. Your rights under GDPR
As a data subject in the EEA or UK, you have the following rights. To exercise any of them, contact us at info@almanorai.com. We will respond within one month (which may be extended by a further two months in complex cases, with notice to you).
- Right of access (Art. 15): You have the right to obtain confirmation of whether we process personal data about you, and if so, to receive a copy of that data along with information about how it is used.
- Right to rectification (Art. 16): You have the right to request correction of inaccurate personal data and completion of incomplete personal data.
- Right to erasure / "right to be forgotten" (Art. 17): You have the right to request deletion of your personal data where it is no longer necessary for the purposes for which it was collected, where you withdraw consent (and there is no other lawful basis), where you object to processing and there are no overriding legitimate grounds, where processing is unlawful, or where erasure is required by legal obligation.
- Right to restriction of processing (Art. 18): You have the right to request that we restrict processing of your personal data where you contest its accuracy, processing is unlawful but you prefer restriction to erasure, we no longer need it but you require it for legal claims, or you have objected pending verification of our grounds.
- Right to data portability (Art. 20): Where processing is based on consent or contract and carried out by automated means, you have the right to receive your personal data in a structured, commonly used, machine-readable format and to transmit it to another controller.
- Right to object (Art. 21): You have the right to object at any time to processing based on legitimate interests, including profiling. You also have an absolute right to object to processing for direct marketing purposes. We will cease processing unless we can demonstrate compelling legitimate grounds that override your interests.
- Rights related to automated decision-making (Art. 22): You have the right not to be subject to a decision based solely on automated processing (including profiling) which produces legal or similarly significant effects. We do not currently make such decisions.
- Right to withdraw consent: Where processing is based on consent, you have the right to withdraw that consent at any time. Withdrawal does not affect the lawfulness of processing carried out before withdrawal.
5. Data transfers outside the EEA and UK
As a US-incorporated company, processing personal data within the United States, we rely on the following mechanisms to ensure an adequate level of protection for transfers of personal data from the EEA and UK:
- EU Standard Contractual Clauses (SCCs): For transfers from the EEA, we use the SCCs approved by the European Commission under Article 46(2)(c) GDPR, incorporating the clauses adopted by Commission Implementing Decision (EU) 2021/914.
- UK International Data Transfer Agreement (IDTA): For transfers from the United Kingdom, we use the IDTA approved by the UK Secretary of State under section 119A of the Data Protection Act 2018.
Where we engage sub-processors located outside the EEA, we ensure equivalent transfer mechanisms are in place. A copy of our transfer mechanisms is available on request.
6. Data protection principles
We process personal data in accordance with the principles set out in Article 5 GDPR:
- Lawfulness, fairness and transparency — we process data lawfully, fairly, and in a transparent manner
- Purpose limitation — we collect data for specified, explicit, and legitimate purposes and do not process it in a manner incompatible with those purposes
- Data minimisation — we collect only the data that is adequate, relevant, and limited to what is necessary
- Accuracy — we take reasonable steps to keep personal data accurate and up to date
- Storage limitation — we retain personal data for no longer than necessary for the purposes for which it is processed
- Integrity and confidentiality — we apply appropriate technical and organisational security measures
- Accountability — we are responsible for and able to demonstrate compliance with these principles
7. Supervisory authorities
You have the right to lodge a complaint with the data protection supervisory authority in your EU member state of habitual residence, place of work, or place of the alleged infringement. A complete list of EU national supervisory authorities is available at edpb.europa.eu.
For UK residents, the relevant supervisory authority is the Information Commissioner's Office (ICO): ico.org.uk, 0303 123 1113.
We encourage you to contact us directly in the first instance — we are committed to resolving data protection concerns promptly and transparently.
8. Contact
For all GDPR-related enquiries, requests to exercise your rights, or complaints, please contact us at info@almanorai.com. We will acknowledge your request within 72 hours and respond in full within one month.