Privacy Notice
This Privacy Notice explains how Thomas & Le Consulting Limited ("ezra", "we", "us", or "our") collects, uses, and protects personal data in connection with the website at ezralaw.ai (the "Site"). It is issued in accordance with the EU General Data Protection Regulation (Regulation (EU) 2016/679, "GDPR") as applied in Malta, and the UK GDPR where applicable.
1 · Data controller
The data controller responsible for your personal data is:
2 · What personal data we collect
We collect only the minimum personal data necessary to operate the Site and respond to you:
- Contact data — if you email us (for example at [email protected] to request early access), we receive your name, email address, and any information you choose to include in your message.
- Technical data — our hosting provider and network infrastructure automatically record basic technical information when you visit the Site, including your IP address, user agent, referring URL, and timestamps. This is used for security, troubleshooting, and to ensure the Site is available.
- Cookies — the Site does not set advertising or tracking cookies. We do not use third-party analytics on this public Site. A strictly necessary session cookie may be set by our content delivery network (Cloudflare) for security purposes; see section 6.
3 · Why we use your personal data, and our lawful basis
- To respond to you (contact data) — lawful basis: our legitimate interests in answering enquiries and operating our business, or the taking of steps prior to entering into a contract where you request one.
- To keep you informed about early access (contact data) — lawful basis: consent, where you have asked us to follow up with product updates. You can withdraw consent at any time by emailing us.
- To operate and secure the Site (technical data) — lawful basis: our legitimate interests in keeping the Site available, preventing abuse, and protecting our systems.
- To comply with law — lawful basis: legal obligation, where we are required to retain or disclose information by applicable law.
4 · Who we share your personal data with
We do not sell your personal data. We share personal data only with trusted service providers who process it on our behalf under written contracts, including:
- Infrastructure and hosting — Hetzner Online GmbH (Germany), which hosts the server on which the Site runs.
- Content delivery and security — Cloudflare, Inc., which provides DNS, CDN, and DDoS protection for the Site.
- Email — the email provider we use to receive and send mail at the ezralaw.ai domain.
- Professional advisors and regulators — where required (for example, auditors, lawyers, or in response to a lawful request from a competent authority).
5 · International transfers
Our primary hosting is located in the European Union (Germany). Some of our service providers are based outside the European Economic Area (EEA) — for example, Cloudflare, Inc. in the United States. Where personal data is transferred outside the EEA, we rely on appropriate safeguards recognised under the GDPR, such as the European Commission's Standard Contractual Clauses or an adequacy decision.
6 · Cookies and similar technologies
The Site itself does not set analytics, advertising, or profiling cookies. Our content delivery network (Cloudflare) may set a strictly necessary security cookie (e.g. __cf_bm) to distinguish legitimate visitors from automated traffic. This cookie is used solely for security and does not identify you. You can block cookies via your browser settings, though parts of the Site may not function correctly if you do.
7 · How long we keep your personal data
- Email correspondence — retained for up to 24 months after the last interaction, unless a longer period is required to comply with law or to establish, exercise or defend legal claims.
- Server and security logs — retained for up to 30 days, and longer only where needed to investigate an incident.
8 · Your rights
Under the GDPR, you have the right to:
- access the personal data we hold about you;
- request correction of inaccurate or incomplete personal data;
- request erasure of your personal data in certain circumstances;
- restrict or object to our processing of your personal data;
- receive your personal data in a portable format where processing is based on consent or contract;
- withdraw consent at any time, where our processing is based on consent;
- lodge a complaint with a supervisory authority.
To exercise any of these rights, contact us at [email protected]. We will respond within the time limits required by law (usually one month).
9 · Supervisory authority
If you are unhappy with how we handle your personal data, you have the right to complain to the Office of the Information and Data Protection Commissioner in Malta:
You may also complain to the supervisory authority in the EU member state where you live or work.
10 · Security
We use appropriate technical and organisational measures to protect personal data against unauthorised access, loss, alteration, or disclosure. These include TLS encryption for the Site, restricted administrative access over a private network, and least-privilege access controls for our service providers. No transmission over the internet is, however, ever completely secure.
11 · Children
The Site is not directed to children under 16, and we do not knowingly collect personal data from them. If you believe a child has provided us with personal data, please contact us and we will delete it.
12 · Changes to this notice
We may update this Privacy Notice from time to time. The current version will always be available at ezralaw.ai/privacy with the date of last update shown above. Material changes will be highlighted on the Site or communicated directly where appropriate.
13 · Contact
Questions about this Privacy Notice or how we handle personal data can be sent to [email protected].