This Privacy Policy explains how Ascanio Entertainment Ltd ("Ascanio", "we", "us") collects, uses, and protects personal data when you interact with Senera, our workforce readiness and training platform, and with our wider business activities (including marketing, sales, and customer support).
Ascanio Entertainment Ltd is a private limited company registered in the Republic of Cyprus under registration number HE 349564, with registered office at 18 Elaion Street, Agia Varvara, 2560, Nicosia, Cyprus.
For any privacy question, contact: contact@senera.io.
Senera serves organisations that train and monitor the competency of their workforce. This means we play two different data-protection roles depending on whose personal data is being processed:
1.1 We are a data controller for personal data we collect directly about: prospective customers and customer contacts (administrators, billing contacts, signatories), visitors to our marketing website, and recipients of our marketing communications.
1.2 We are a data processor for personal data that our customers upload to or generate within the platform about their own Users (for example, employees of a customer organisation enrolled on a training programme). In this case, the customer is the data controller and we process the data on their instructions.
If you are a User of Senera enrolled by your employer, your employer is the controller of your personal data on the platform. Direct any privacy request to your employer in the first instance. You may also contact us, and we will support your employer in responding.
When our customers use the platform, they upload data and our platform generates additional data about Users, including: identifiers (names, email addresses, employee IDs), role, site, department, training assignments, progress, completion records, assessment results, content the User generates within the platform, and activity logs.
We process this data only on the customer's instructions for the purpose of operating the platform.
Payment information is collected and processed by our payment processor (Stripe). We do not see or store card details. We receive billing name, billing address, transaction outcomes, and subscription status.
| What we do | Legal basis (GDPR Art. 6) |
|---|---|
| Operate Senera, manage subscriptions, deliver support | Performance of a contract — Art. 6(1)(b) |
| Take payment, issue invoices, comply with tax record-keeping | Contract; legal obligation — Art. 6(1)(b), (c) |
| Maintain platform security, prevent fraud, debug issues | Legitimate interests — Art. 6(1)(f) |
| Sales outreach to prospects and follow-ups | Legitimate interests, with opt-out always available — Art. 6(1)(f) |
| Send product updates or marketing to customers | Legitimate interests; opt-out always available — Art. 6(1)(f) |
| Communicate with you about your account | Performance of a contract — Art. 6(1)(b) |
| Comply with regulatory or court obligations | Legal obligation — Art. 6(1)(c) |
We do not sell personal data. We do not share personal data with third parties for their own independent marketing purposes.
When we process Users' personal data on a customer's behalf, the lawful basis is the customer's responsibility as the data controller. Our processing is governed by the contract between us and the customer (the Terms of Use and, where requested, a Data Processing Agreement).
We share personal data only with carefully selected service providers ("sub-processors") who help us operate the platform and our business. Each is bound by a written agreement that restricts their use of personal data to providing their service to us.
| Sub-processor | Function |
|---|---|
| Stripe Payments Europe Ltd (Ireland / United States) | Payment processing, tax calculation, invoicing |
| Anthropic, PBC (United States) | AI model provider for content generation, assessments, and the in-app assistant |
| OpenAI, LLC (United States) | AI embeddings used to search across your organisation's uploaded documents |
| Microsoft Corporation (European Union) | Business email and productivity infrastructure |
| EU-based cloud infrastructure providers | Application hosting, database, file storage, and related platform infrastructure |
We may also disclose personal data to: professional advisors (lawyers, accountants, auditors) bound by confidentiality; competent public authorities where required by law; and an acquirer or successor in connection with a merger, acquisition, or sale of substantially all our assets.
Some of our sub-processors are based outside the European Economic Area (EEA), primarily in the United States. When personal data leaves the EEA, we rely on the Standard Contractual Clauses (SCCs) adopted by Commission Implementing Decision (EU) 2021/914, supplemented by additional safeguards (encryption in transit and at rest, access controls, contractual restrictions).
You may request a copy of the specific safeguards in place for a given transfer by contacting contact@senera.io.
Core Senera features use artificial intelligence, including: generating training content from organisational materials you upload, generating micro-assessments and quizzes, searching across organisational documents to answer User questions (RAG — retrieval-augmented generation), providing an in-app assistant to Users, and surfacing competency signals from observed activity.
Our current AI providers are: Anthropic, PBC (United States) for content generation, assessments, and the in-app assistant; and OpenAI, LLC (United States) for embeddings used in document search.
When a feature uses AI, the minimum data necessary is transmitted to the relevant provider. Depending on the feature, this may include excerpts from documents you have uploaded, User inputs (e.g. a question asked to the in-app assistant), and limited identifiers to maintain the context of an active session. We do not transmit card or bank details or authentication credentials.
Under our commercial agreements with our AI providers, they do not use your data — whether Customer Content or User input — to train their models.
The platform does not make solely-automated decisions about Users that produce legal effects or similarly significant effects. AI-generated outputs are signals, suggestions, or drafts that require human review before they are acted upon. Decisions about your workforce remain with your organisation.
If you deploy Senera in your organisation, applicable law (including the EU AI Act and the GDPR) may require you to inform your Users that AI is used in the platform. This obligation rests with you as the deployer. We will provide reasonable documentation to support that disclosure.
| Category | Retention period |
|---|---|
| Customer accounts and User records | Duration of subscription + 6 years (accounting and tax records) |
| Payment and invoicing records | 6 years from the end of the relevant financial year |
| Server access and security logs | 90 days |
| Email correspondence with customers | 6 years |
| Email correspondence with prospects | 24 months |
| Marketing contacts who opted in | Until opt-out, plus a short audit-trail period |
| Database backups | 30 days rolling |
| Records of legal acceptances | Duration of subscription + 6 years |
When a customer's subscription ends, we apply the retention rules in Section 3.4 of our Terms of Use: 30-day export window, then deletion from active systems within 60 days, subject to legal retention requirements.
If we hold personal data about you as a controller, you have the following rights under the GDPR:
To exercise any right, email contact@senera.io. We will respond within one month of receiving a verifiable request.
We do not make decisions about you that produce legal effects or similarly significant effects based solely on automated processing, including profiling. Senera uses AI to surface signals about workforce readiness and competency, but operational and employment decisions about Users remain with the customer organisation and require human review.
We apply administrative, technical, and physical safeguards proportionate to the risk and sensitivity of the data, including:
If a security incident affects your personal data, we will notify the relevant supervisory authority within 72 hours of becoming aware, where required, and notify affected individuals without undue delay where the breach is likely to result in a high risk to their rights and freedoms, as required by GDPR Articles 33 and 34.
Senera is intended for use by adult workers in industrial and operational environments. We do not knowingly collect personal data about children. If you believe we have inadvertently collected such data, contact contact@senera.io and we will delete it.
See our Cookies Policy for the cookies we use and why.
We may update this Privacy Policy occasionally. The "Last updated" date at the top reflects the current version. Material changes will be communicated to customer admin contacts by email at least 30 days in advance.
For privacy questions, requests, or complaints:
If you are not satisfied with our response, you have the right to complain to the Office of the Commissioner for Personal Data Protection of the Republic of Cyprus.