Privacy Policy

Last updated: 28 May 2025

1. Introduction

MBRYONICS Limited (“MBRYONICS”, “we”, “our”, or “us”) is a private company limited by shares incorporated in Ireland (company number 546589) with its registered office at Galway Business Park, Upper Newcastle Road, Dangan, Galway H91 RWF1, Ireland.

MBRYONICS designs and manufactures advanced optical and photonic systems— including free‑space optical communication terminals, photonic integrated circuits, ground stations, and related services— that enable high‑throughput data links for space and terrestrial networks. This Privacy Policy explains how we collect, use, disclose, and safeguard personal data when you interact with mbryonics.com (the “Website”), any related sub‑domains, our customer and supplier portals, career pages, or any other online services that link to this Policy (collectively, the “Services”).

Unless otherwise stated, MBRYONICS acts as Data Controller for personal data collected through the Services. Where we process personal data strictly on behalf of a customer (for example, when operating a secure customer portal), we do so as Data Processor in accordance with the customer’s instructions.

Children’s Privacy: Our Services are not directed at children under 16 and we do not knowingly collect their personal data. If you believe a child has provided us with personal data, please contact us immediately and we will delete such information.

2. Definitions

• Cookie Policy – the separate statement on the Website that describes how we use cookies and similar technologies.
• Data Controller / Processor / Subject / Processing – have the meanings set out in Regulation (EU) 2016/679 (the “GDPR”).
• CCPA – the California Consumer Privacy Act.
• CPRA – the California Privacy Rights Act, which amends and expands the CCPA.
• Personal Data – any information relating to an identified or identifiable natural person.
• Services – the Website and any digital products, portals, event registrations, newsletters, or other online resources provided by MBRYONICS.

3. Personal Data We Collect

3.1 Data You Provide Directly

We collect personal data that you voluntarily provide when you:

• complete a contact, demo, supplier, or partnership form (e.g. name, work email, phone, company, role, location, message content);
• apply for a job via our Careers portal or through a recruitment partner (e.g. résumé/CV, education and employment history, references, preferred salary, work‑permit status);
• sign up for newsletters, webinars, or events (e.g. name, email address, organisation);
• create or access an MBRYONICS customer or supplier account (e.g. username, multi‑factor‑authentication credentials, profile photo).

3.2 Data We Collect Automatically

When you visit or use the Services we automatically collect certain information from your device, including:

• Internet Protocol (IP) address and approximate geolocation;
• device identifiers (e.g. operating system, browser type, screen resolution);
• log data (pages viewed, referring/exit URLs, time‑stamp, clickstream);
• cookie and analytics data (see Section 4).

3.3 Data Collected to Improve Your Experience

We use a single analytics provider— Google Analytics 4 (“GA4”)— to understand how visitors engage with the Services, diagnose performance issues, and guide product improvements. GA4 collects aggregated statistics such as page views, referral sources, approximate geolocation, and device attributes (e.g. browser type, operating system). IP addresses are truncated before storage, and no personally identifiable information (such as names or email addresses) is transmitted to Google. For more information, please see the Google Analytics Privacy Policy.

Your Choices: You can opt out of Google Analytics cookies at any time via our Cookie Preferences centre, by installing the Google Analytics Opt‑out Browser Add‑on, or by adjusting your browser settings.

3.4 Additional Data for Candidates (Job Applicants)

We also collect additional information when you apply for a role with MBRYONICS(“Candidates“):

• Identity & Contact – name, postal address, email, telephone, nationality, and work‑permit or visa details.
• Professional & Application Data – résumé/CV, cover letter, education and employment history, skills, certifications, references, prior‑employer restrictions, desired salary, willingness to relocate, preferred start date, interview notes, assessment results, and any other information you choose to provide.
• Public Profile Data – information you make available on job‑search platforms (e.g. LinkedIn) or that reputable third‑party data providers lawfully supply.
• Referral Information – identity of the person referring you and updates we may share with them about your application status.
• Special‑Category Data – health or disability information you share so we can make reasonable accommodations, plus limited health data to protect workplace safety (where permitted by law).
• Background‑Check Data – criminal‑record or credit‑screening results, subject to applicable law and only after a conditional job offer.

4. Tracking Technologies and Cookies

We use the following categories of cookies:

You can control or delete cookies at any time. However, some Services may not function correctly without necessary cookies.

Analytics data retention: Event‑level data collected by GA4 is retained only for a limited period in accordance with Google Analytics’ default settings.

5. How We Use Personal Data

We process personal data to:

1. Provide and maintain the Services (e.g. create accounts, enable downloads, respond to queries);
2. Communicate with you, including sending technical notices, updates, security alerts, and administrative messages;
3. Process job and partnership applications (including verifying information, organising interviews and assessments, checking references, preparing offer letters, conducting background checks post‑offer, maintaining a talent pool, and communicating with referrers) and manage recruitment or business‑development activities;
4. Market our products and events, where you have consented or where we have a legitimate interest to do so;
5. Improve and develop the Website, products, and customer experience via analytics and feedback;
6. Detect, prevent, and respond to fraud, misuse, security incidents, and other harmful or illegal activity;
7. Comply with legal obligations, resolve disputes, and enforce our contracts and policies. We also do not make decisions producing legal or similarly significant effects based solely on automated processing of personal data.

6. Legal Bases for Processing

Under the GDPR we rely on one or more of the following lawful bases:

• Consent – where you have given clear consent (e.g. email marketing).
• Contract – processing is necessary to perform a contract with you or to take steps at your request before entering a contract (e.g. fulfilling an order, evaluating a job application).
• Legitimate Interests – for purposes such as improving the Services, safeguarding IT security, or managing business operations— provided that such interests are not overridden by your rights.
• Legal Obligation – where processing is required to comply with EU or Member‑State law (e.g. tax, accounting, export‑control).
• Vital Interests – where processing is necessary to protect the life or physical integrity of you or another person (e.g. health & safety during on‑site interviews).

Special‑category data: Where we process health or other special‑category data, we rely on Article 9(2)(b) GDPR (processing necessary for employment and social‑security obligations) and Article 9(2)(f) GDPR (establishment, exercise, or defence of legal claims), or obtain your explicit consent where required.

7. Disclosing Your Information

We share personal data only:

• with service providers that perform tasks on our behalf (e.g. cloud‑hosting, email delivery, analytics, applicant‑tracking). These partners may access personal data only to the extent necessary to perform their services and are bound by confidentiality and data‑protection obligations;
• with professional advisors (lawyers, accountants, auditors) where necessary to obtain advice or protect our interests;
• in connection with a business transaction (e.g. merger, acquisition, financing) subject to appropriate safeguards;
• when required to comply with law or valid legal process, or to protect the rights, property, or safety of MBRYONICS, our users, or others.

We do not sell or rent personal data to third parties for their own marketing purposes.

8. International Transfers

MBRYONICS is headquartered in Ireland but operates internationally. Where we transfer personal data outside the European Economic Area we do so on the basis of:

• an adequacy decision by the European Commission;
• Standard Contractual Clauses; or
• another lawful transfer mechanism under GDPR.

9. Data Retention

We retain personal data for as long as necessary to fulfil the purposes described in this Policy, unless a longer retention period is required or permitted by law (e.g. tax, accounting, litigation). If you apply for a position with MBRYONICS and are not hired, we typically retain your application materials for a limited period consistent with applicable law and our legitimate interests so we can consider you for future roles or comply with legal obligations, after which they are securely deleted or anonymised (unless you request earlier erasure, where permitted). Criteria used to determine retention include the nature of the data, contractual requirements, and whether you have requested deletion.

10. Your Rights

Subject to certain conditions, you have the right to:

• Access the personal data we hold about you;
• Rectify inaccurate or incomplete data;
• Erase personal data (“right to be forgotten”);
• Restrict or object to processing;
• Data portability – receive data in a structured, machine‑readable format;
• Withdraw consent at any time, where processing is based on consent;
• Lodge a complaint with the Irish Data Protection Commission (https://www.dataprotection.ie, 21 Fitzwilliam Square South, Dublin 2, D02 RD28, Ireland) or your local supervisory authority.

To exercise these rights, please email privacy@mbryonics.com or write to the address in Section 13. We may request proof of identity and may refuse certain requests where permitted by law. We aim to respond to all legitimate requests within the timeframe required by applicable law and will inform you if we need additional time, in line with Article 12 GDPR.

11. Disclosures for California Residents (CCPA/CPRA)

The following information supplements this Privacy Policy and applies solely to individuals who reside in California, including job applicants (“California Residents”). It explains our disclosures and rights under the California Consumer Privacy Act as amended by the California Privacy Rights Act (collectively, “CCPA/CPRA”). Terms defined in the CCPA/CPRA have the same meaning when used in this section.

11.1 Categories of Personal Information Collected

In the preceding 12 months we have collected the following categories of personal information for the business purposes described in Sections 3 and 5:

We do not collect sensitive personal information for the purpose of inferring characteristics and we do not use or disclose sensitive personal information for purposes other than those expressly permitted by the CPRA (Cal. Civ. Code § 1798.121).

11.2 Sharing Personal Information

MBRYONICS does not “sell” or “share” personal information as those terms are defined under the CCPA/CPRA, including for cross‑context behavioural advertising. We also have no actual knowledge of selling or sharing the personal information of consumers under 16 years of age.

11.3 California Privacy Rights

California Residents have the following rights, subject to certain exceptions:

• Right to Know / Access – request the categories and specific pieces of personal information we have collected about you.
• Right to Delete – request deletion of personal information we collected from you.
• Right to Correct – request correction of inaccurate personal information.
• Right to Opt Out of the sale or sharing of personal information (not applicable, as we do not sell/share).
• Right to Limit the use and disclosure of sensitive personal information (not applicable for reasons above).
• Right to No Retaliation for exercising CCPA/CPRA rights.

To exercise these rights, California Residents may:

• Email privacy@mbryonics.com with the subject line “California Privacy Request”; or
• Call our U.S. toll‑free line +1‑833‑627‑9646.

We will verify your identity using the information you provide and respond within the timeframe required under the CCPA/CPRA. You may designate an authorised agent to make a request on your behalf.

12. Security

We use technical and organisational measures proportionate to the risk to protect personal data, including encryption in transit and at rest, access‑control, and regular security assessments. No method of transmission over the Internet is completely secure; therefore, we cannot guarantee absolute security. If we become aware of a personal‑data breach that is likely to result in a risk to your rights and freedoms, we will notify the Irish Data Protection Commission and, where required, the affected individuals without undue delay.

13. Changes to This Policy

We may update this Policy from time to time. Any changes will be posted on this page and, where appropriate, notified to you by email or through the Services. Please review this Policy periodically for any updates.

14. Contact

Data Controller: MBRYONICS Limited
Galway Business Park, Upper Newcastle Road,
Dangan, Galway H91 RWF1, Ireland
Email: info@mbryonics.com
Phone: +353 91 374 884

Data Protection Officer: Anthony Molloy
Email: privacy@mbryonics.com

If you have any questions about this Privacy Policy or our privacy practices, please contact us using the details above.

© 2025 MBRYONICS Limited. All rights reserved.