Privacy Notice

Last updated: 09/02/2026

1. Data Controller and contact details

This Privacy Policy explains how Intelligent NLU GmbH (“Otera”, “we”, “us”, “our”) processes personal data in connection with:

  • the website https://otera.ai and related domains (the “Website”)
  • our marketing and sales activities
  • our relationships with customers, partners and job applicants.

Data Controller

Intelligent NLU GmbH
Grabenweg 72
6020 Innsbruck
Austria

Email: legal@otera.ai

For the purposes described in this Privacy Policy, Intelligent NLU GmbH is the controller within the meaning of Article 4(7) GDPR.

Data Protection Officer

We have appointed a Data Protection Officer. You can contact the DPO using the contact details above, addressed to “Data Protection Officer”, or by emailing dpo@otera.ai.

2. Scope of this Privacy Policy

This Privacy Policy applies to the following categories of data subjects:

  • visitors to our Website
  • representatives and contact persons of prospective and existing customers, suppliers and partners
  • participants in our online Academy, webinars and events
  • job applicants. 

Otera’s services are directed exclusively at businesses and their professional representatives.



The Website, platform and related services are not intended for, and we do not knowingly collect personal data from, individuals under the age of 16. References to data subjects in this Privacy Policy refer, unless otherwise stated, to individual representatives and contact persons acting in a professional capacity.

3. Categories of personal data, purposes and legal bases

3.1 Website visitors and marketing contacts

Categories of data

  • identification and contact data: name, business email address, phone number, company, job title, or similar details
  • communication data: content of your enquiries, support requests or feedback
  • marketing preferences: newsletter subscriptions, opt-in / opt-out records
  • technical and usage data: IP address, device identifiers, browser type and version, operating system, time and date of visits, referrer URL, pages viewed, clicks and other interaction data collected through cookies and similar technologies.

Purposes and legal bases

We process personal data of Website visitors and marketing contacts for the following purposes:

Operating, securing and improving the Website
We process technical and usage data to ensure the security, availability and proper functioning of the Website, to prevent misuse and to understand how the Website is used so we can improve it.
Legal basis: our legitimate interests (Article 6(1)(f) GDPR) in operating a secure and effective Website.

Responding to enquiries and demo requests
When you contact us or request a demo or information, we process your identification, contact and communication data to respond to your request and keep context of our exchanges.
Legal basis: taking steps at your request prior to entering into a contract (Article 6(1)(b) GDPR) and our legitimate interests (Article 6(1)(f) GDPR) in managing business communications.

Managing business relationships and contact history
We maintain records of our interactions with prospective and existing customers, partners and suppliers in order to ensure continuity, proper follow up and internal coordination between relevant teams.
Legal basis: our legitimate interests (Article 6(1)(f) GDPR) in managing and developing our business relationships.

Sending marketing communications
We use your contact details to send newsletters, event invitations and information about our services where you have consented to receive such communications or where permitted by applicable law and you have not objected. We also keep opt-in and opt-out records to demonstrate compliance with your choices.
Legal basis: your consent (Article 6(1)(a) GDPR) and, where permitted, our legitimate interests (Article 6(1)(f) GDPR) in promoting our services in a B2B context.

Measuring Website and marketing performance through analytics
With your consent, we use analytics tools and cookies to understand how visitors interact with the Website and how our marketing campaigns perform, so we can improve them.
Legal basis: your consent (Article 6(1)(a) GDPR) for non-essential cookies and analytics tools.

Where we rely on our legitimate interests as a legal basis, we have assessed that such interests are not overridden by your rights and freedoms.

You can withdraw your consent at any time with effect for the future, for example by using the unsubscribe link in our emails or adjusting your cookie preferences as described in Section 4.

3.2 Customers, partners and suppliers

We process personal data of representatives and contact persons of customers, partners and suppliers for the following purposes:

Initiating, performing and managing contractual relationships
We process identification, contact, contract and communication data to negotiate, conclude and perform contracts, provide account management and support, manage orders and invoicing, and maintain the operational relationship with our customers, partners and suppliers.
Legal basis: performance of a contract or taking steps prior to entering into a contract (Article 6(1)(b) GDPR).

Fulfilling legal and regulatory obligations
We process certain contract, billing and communication data to comply with obligations under applicable commercial, tax and corporate laws, including accounting, record keeping and audit requirements.
Legal basis: compliance with legal obligations (Article 6(1)(c) GDPR).

Managing business relationships and contact history
We maintain records of our interactions with representatives and contact persons to ensure continuity of the relationship, proper follow up, accurate record keeping, internal coordination between relevant teams, and evaluation of customer and partner satisfaction.
Legal basis: our legitimate interests (Article 6(1)(f) GDPR) in managing, documenting and developing our business relationships in a B2B context.

Where we rely on our legitimate interests as a legal basis, we have assessed that such interests are not overridden by your interests, rights and freedoms, taking into account the nature of the data, the context of the processing and your reasonable expectations.

3.3 Events, webinars and Academy participants

Purposes and legal bases

We process personal data of participants in our events, webinars and Academy for the following purposes:

Organizing and delivering the event or Academy content
We process identification, contact, registration and participation data to manage your registration, provide access to the event or Academy, track attendance and progress, issue certificates where applicable, and deliver the content you registered for.
Legal basis: your consent (Article 6(1)(a) GDPR) when registering for the event or Academy.

Following up and improving our content
We use participation and feedback data to send you related materials, improve the quality and relevance of our events and Academy content, measure participation and effectiveness, and ensure a consistent learning experience.
Legal basis: our legitimate interests (Article 6(1)(f) GDPR) in developing, improving and promoting our services, and your consent (Article 6(1)(a) GDPR) where required for follow up communications.

Where we rely on our legitimate interests as a legal basis, we have assessed that such interests are not overridden by your interests, rights and freedoms, taking into account the nature of the data, the context of the processing and your reasonable expectations.

3.4 Job applicants

Purposes and legal bases

We process personal data of job applicants for the following purposes:

Assessing your application and managing the recruitment process
We process identification, contact, application, interview and assessment data to evaluate your suitability for the role, conduct interviews, compare candidates, document the recruitment process, and communicate with you throughout the process.
Legal basis: taking steps at your request prior to entering into an employment contract (Article 6(1)(b) GDPR) and our legitimate interests (Article 6(1)(f) GDPR) in running an effective and fair recruitment process and selecting suitable candidates.

Complying with legal obligations
We process certain application and assessment data to comply with applicable legal obligations, such as equal treatment requirements, record keeping and potential reporting duties.
Legal basis: compliance with legal obligations (Article 6(1)(c) GDPR).

Keeping your application on file for future opportunities
Where we wish to retain your application for consideration in future roles, we will ask for your consent before doing so.
Legal basis: your consent (Article 6(1)(a) GDPR).

Where we rely on our legitimate interests as a legal basis, we have assessed that such interests are not overridden by your interests, rights and freedoms, taking into account the nature of the data, the context of the processing and your reasonable expectations.

3.5 Platform users (Otera as data processor)

When customers use the Otera platform, personal data of their employees, end-users or other individuals may be processed through our services. In those cases, Otera acts as a data processor on behalf of the customer, who is the data controller. Such processing is governed exclusively by the applicable Data Processing Agreement (DPA) and falls outside the scope of this Privacy Policy. Individuals whose personal data is processed through the platform should direct any privacy requests or enquiries to the relevant customer as data controller.

4. Cookies and similar technologies

We use cookies and similar technologies on our Website to ensure its proper functioning, security and performance, and, with your consent, to understand how visitors use the Website and how our marketing activities perform.

Strictly necessary cookies
Some cookies are essential for the operation, security and integrity of the Website, such as enabling core functionality, protecting against misuse, and remembering your cookie preferences. These cookies do not require your consent.
Legal basis: our legitimate interests (Article 6(1)(f) GDPR) in providing a secure and functional Website.

Analytics and marketing cookies
We use analytics and marketing cookies to understand how visitors interact with the Website, measure the effectiveness of our content and campaigns, and improve our services. These cookies are only used with your prior consent.
Legal basis: your consent (Article 6(1)(a) GDPR).

Your consent is collected through our cookie banner or settings when you first visit the Website. You can withdraw or modify your consent at any time by adjusting your cookie preferences through the banner or your browser settings.

Detailed information about the specific cookies we use, their purposes, providers and storage periods is available in our cookie settings and, where applicable, in our separate cookie notice.

5. How we share personal data

We do not sell your personal data.

We may share personal data with the following categories of recipients:

Service providers (processors) that support us in operating our business and delivering our Website, services, events and recruitment processes, such as:

  • hosting and cloud infrastructure providers
  • customer relationship management, marketing and sales tools
  • communication tools (for example email, video conferencing and chat)
  • event, webinar and Academy platforms
  • HR and recruitment platforms
  • AI and language model infrastructure providers

These providers act as processors on our behalf, are bound by data processing agreements, and may only process personal data in accordance with our instructions and appropriate technical and organizational measures.

Professional advisers acting as independent data controllers, such as lawyers, auditors and insurers, where access to personal data is necessary for the establishment, exercise or defense of legal claims, audits or compliance purposes.

Public authorities and courts, where we are legally required to disclose personal data to comply with applicable law or a binding request.

Successors in title, in connection with a merger, acquisition, restructuring or sale of all or part of our business, subject to appropriate confidentiality and data protection safeguards.

6. International data transfers

We primarily process personal data within the European Economic Area (EEA). However, some of our service providers and partners may be located outside the EEA, including in countries that may not provide an equivalent level of data protection.

Where personal data is transferred outside the EEA, we ensure that appropriate safeguards are in place in accordance with Chapter V GDPR, in particular:

  • an adequacy decision adopted by the European Commission under Article 45 GDPR, or
  • standard contractual clauses approved by the European Commission under Article 46(2)(c) or (d) GDPR, together with supplementary technical and organizational measures where required.

You may request further information about the safeguards applicable to specific transfers by contacting us using the details in Section 1. Copies may be provided with redactions where necessary to protect confidential information.

7. Retention periods

We retain personal data only for as long as necessary for the purposes described in this Privacy Policy and in accordance with applicable legal retention obligations. In particular:

Website and marketing data
We retain this data for as long as you interact with us and for a reasonable period thereafter, or until you withdraw your consent or object to the processing, unless a longer retention period is required or permitted by law.

Customer and partner data
We retain this data for the duration of the contractual relationship and thereafter for the applicable statutory limitation and retention periods, in particular under tax, commercial and corporate laws.

Job applicant data
We generally retain applicant data for up to 6 months after completion of the recruitment process, unless you have consented to a longer retention period or a longer period is required or permitted by law.

When personal data is no longer required for these purposes, we delete it or irreversibly anonymize it so that you can no longer be identified.

8. Security

We implement appropriate technical and organizational measures to protect personal data against accidental or unlawful destruction, loss, alteration, unauthorized disclosure or access.

These measures include, among others, access controls, encryption, network and infrastructure security, logging and monitoring, and regular testing, assessment and evaluation of the effectiveness of our security measures.

In the event of a personal data breach that is likely to result in a risk to your rights and freedoms, we will notify the competent supervisory authority without undue delay and, where feasible, within 72 hours of becoming aware of the breach, in accordance with Article 33 GDPR. Where the breach is likely to result in a high risk to your rights and freedoms, we will also notify affected data subjects directly without undue delay, unless an exception under Article 34(3) GDPR applies.

9. Your Rights

Under the GDPR, you have the following rights in relation to your personal data, subject to the conditions and limitations set out in Articles 15 to 22 GDPR:

Right of access
You have the right to obtain confirmation as to whether we process personal data about you and, if so, to access that data and receive information about how it is processed.

Right to rectification
You have the right to request the correction of inaccurate or incomplete personal data.

Right to erasure
You have the right to request the deletion of your personal data, for example where it is no longer necessary for the purposes for which it was collected or where you have withdrawn your consent and no other legal basis applies.

Right to restriction of processing
You have the right to request that we restrict the processing of your personal data in certain circumstances, for example while we verify the accuracy of the data or consider an objection.

Right to data portability
You have the right to receive personal data you have provided to us in a structured, commonly used and machine-readable format and to transmit it to another data controller where technically feasible.

Right to object
You have the right to object:

  • to processing based on our legitimate interests (Article 6(1)(f) GDPR) on grounds relating to your particular situation. In such cases, we will stop processing your personal data unless we demonstrate compelling legitimate grounds that override your interests, rights and freedoms, or where the processing is necessary for the establishment, exercise or defense of legal claims;
  • to the processing of your personal data for direct marketing purposes at any time, in which case we will stop such processing.

Right to withdraw consent
Where processing is based on your consent, you have the right to withdraw that consent at any time with effect for the future. This does not affect the lawfulness of processing carried out before the withdrawal.

Automated decision-making

In its capacity as a data controller, Otera does not carry out automated decision-making or profiling that produces legal or similarly significant effects on individuals within the meaning of Article 22 GDPR. Where Otera processes personal data as a data processor on behalf of customers, any automated processing carried out through the platform is governed by the applicable Data Processing Agreement and the instructions of the customer as data controller.

To exercise your rights, you may contact us using the details provided in Section 1. We may need to verify your identity before responding to your request.

You also have the right to lodge a complaint with a supervisory authority, in particular in the EU Member State of your habitual residence, place of work or place of the alleged infringement.

The competent supervisory authority for Austria is:

Österreichische Datenschutzbehörde
Barichgasse 40-42
1030 Vienna
Austria
Email: dsb@dsb.gv.at

10. Provision of personal data

In many cases, providing your personal data is voluntary. However:

  • if you do not provide certain data that we request in connection with a contract or service (for example, contact details for a demo or account registration), we may not be able to enter into or perform the contract or respond to your request;
  • where we collect data because we are legally required to do so, we will inform you at the point of collection.

11. Changes to this Privacy Policy

We may update this Privacy Policy from time to time, for example to reflect changes in our processing activities or legal requirements. The current version is always available at https://otera.ai/legal/privacy-policy. We will take appropriate measures to inform you of material changes (for example via the Website or by email, where appropriate).