Privacy & Cookie Statement – Compliment Bot
So you want to give someone that warm and fuzzy feeling but first want to know what we do with that data? Hurray! Like you, we from Chatlayer think that’s really wise and here we give you the information you are looking for.
First of all, please note that this statement is ONLY applicable on this chatbot. For all other things that we do, our normal privacy statement applies and that one you can find https://chatlayer.ai/privacy-policy/
Second of all, as you probably guess: this is a marketing tool to show a very light version of what we as a company can do. It just combines names with messages. It is NOT meant to be used for real messages exchange between people!
How it works: It combines messages with a name. Everybody that types in that name can see messages with that name. For example: your name is John Smith. When ask the bot to show you messages sent to you, the bot will collect all messages that have been sent to the bot for a “John Smith”. If you are Tim Apple, you can also request to see the messages for John Smith by just asking the bot to do so. The bot doesn’t guarantee that the correct person (e.g. John Smith, with a specific phone number or email address) will see that message, nor does the bot guarantee that only a person with that name will see the message. We have not programmed it to work in that manner (for our customers we of course do!!). We also urge you to not send any messages to the bot for people that may object to it. If you choose to put your name on the message, you can do so BUT we have also got the possibility to use the anonymous function.
So don’t put really long love statements in the bot, don’t tell it your deepest, darkest secrets (unless you want everybody to know about them 😉). Keep it positive and keep it general!
Below you find more details on how we process the personal data. Small summary:
- We only process (or use) the data to provide the service above.
- We do not sell personal data, nor are our providers allowed to do so.
- We will not approach you for marketing based on a message that you send.
- We only process the personal data until 72 hours after the end Valentine’s day (This year on a Sunday and if you send positive messages for colleagues, we want them to start the Monday in a positive manner!)
- We will of course respect all data subject rights (just read further below).
- We do us sub-processors to provide this service and do process personal data outside of the EU, if we have it. There are processes and agreements in place to protect the data, of course.
Happy valentine! Spread the positivity!
1 – GENERAL
We are Chatlayer and we think that the protection of your personal data is important. This statement offers you a description of how Chatlayer uses this data, as well as your rights associated with Chatlayer’s use of your data.
Chatlayer, with registered offices in Belgium, Oude Leeuwenrui 39, first floor, 2000 Antwerp and registered at the CBE with number 0691.917.430, and available via chatlayer.ai takes responsibility for the processing of your personal data on the Website as a “data controller”.
This Privacy Statement for the protection of your personal data is strictly compliant with the European Union Regulation of 2016 concerning the protection of individuals with regards to the processing of personal data, regarding the free movement of such data and repealing Directive 95/46/EC (“GDPR”).
If you have questions about this Privacy Statement, or the manner in which Chatlayer collects, uses or otherwise processes your personal information, please contact us by sending an email to the following e-mail address: firstname.lastname@example.org
2 – WHICH PERSONAL DATA DOES CHATLAYER COLLECTS?
Chatlayer may collect personal data that is provided by you or by third parties to the extent necessary for the operation of its services. Such information may consist of:
Use of the Bot on the website
Chatlayer may collect usage data and other data about your interactions with the Chatlayer website.
Use of the Bot in WhatsApp or Facebook
Necessary to perform the service requested by the user / to fulfil contractual obligations
When you contact Chatlayer via the contact form on the website or send us an emailChatlayer collects the information you provide to us.
You are not obligated to provide us with your personal data, however, the performance of several services may not be possible if you choose not to provide your personal data.
3 – HOW WILL MY PERSONAL DATA BE USED?
3.1 General Purpose
Chatlayer collects and processes your personal information in order to offer you a safe, comfortable, and personalized experience each time you visit the website or utilize our services.
The information we collect about you is primarily processed to help us ensure proper technical functioning and to improve the quality and content of our website and services – based on the lawful purposes of “consent” for the website, “legal obligations” and “contractual necessity” for services, or “legitimate interest” as allowed under GDPR.
3.2 Direct marketing or selling of your data
Chatlayer will NOT use your personal data for (direct) marketing and will not sell your data.
4 – Use of third parties and disclosure
Personal data will only be available to authorized employees holding a position that requires them to process personal data to perform their work. These employees will only be granted access in accordance with the principle of “least privilege”, meaning that our personnel will only have access to personal data that is strictly necessary for the purpose of the processing to perform their work. Please note that our DPO is part of the Sinch Group, so if you raise a question to her, we will also share that question with a person working at Sinch AB, established at Lindhagensgatan 74, 112 18 Stockholm, Sweden.
When required, Chatlayer may need to provide personal data to relevant authorities (e.g. social insurance agencies and the tax authority) in accordance with mandatory law, in order to fulfil legal obligations in the jurisdiction where we (in the future) employ our employees and/or when we get a request of an authority. We will only do this when we have a legal ground to do this and will ensure to take appropriate security measure to protect the personal data.
Companies engaged by Chatlayer
Your personal data may also be transferred to and processed by third party providers and suppliers which perform services for Chatlayer (also known as “data processors”), to enable these companies to perform the services requested by us.
Only personal data that is necessary to fulfil the purposes for which we engage these third parties will be provided. Our third-party suppliers must follow our instructions and have entered into a, by law required, written agreement. Our third-party providers must implement appropriate technical and organizational measures for the protection of the personal data and we regularly check whether they fulfill the requirements that we have given to these companies.
To be able to provide you with the bot, we us several data processors. One of the companies in this case is Formagrid, Inc. Services which may be requested include the provision of hosting, execution of the services offered, support, administration, and other related IT services. This company is always used, no matter if you choose the use the bot on the website, within Facebook Messenger or Whatsapp.
And yes, you can also use the bot within Facebook Messenger and Whatsapp. When you interact with our both there, we have something that is called an enterprise account through our supplier partnership with them. What they provide is for us to have the possibility to communicate with you through these channels. Normally they do not have access to the message itself because of the end-to-end encryption. However we do share meta-data with them (where should a message go, time, date etc.) to be able to reach you.
If you use these channels, it’s, of course, important for you to understand that you are communicating with us through a third-party app. One that you already have on your device, most likely. You have also already got an agreement with Facebook Messenger and Whatsapp and that agreement decide which information these apps can process. We do not have any control over that. That is between you and the app. If you are curious about this, read the terms and conditions and/or privacy statements.
4 – HOW LONG WILL WE HOLD YOUR PERSONAL DATA?
Chatlayer only processes the personal information for as long as necessary to keep this Bot live until the 16th of February. After that, the data will be deleted within 24 hours.
5 – YOUR RIGHTS AS A DATA SUBJECT
Right to access and rectification
You have the right to request access to the personal data relating to you. This includes the right to be informed whether personal data about you is being processed, what personal data is being processed, and for which purposes we use the personal data. You also have the right to request rectification or add personal data if you feel that the personal data that we are processing, is inaccurate or incomplete.
Right to erasure
You may also request that your personal data be erased if e.g. the personal data is no longer necessary for the purposes for which it was collected, the processing is unlawful, or the personal data has to be erased to enable us to comply with a legal requirement. There are other circumstances where your personal data can be erased; please contact us if you would like to find out whether your personal data can be erased (see below for contact details).
Please note that we may need to reject your request if the processing is permitted or even required according to law or any other relevant legal ground. We will of course block any information for purposes that are not covered by this. If so, we will of course inform you of this (and if possible, include the date that we can delete the information).
Right to object and blocking of data
You are also entitled to object to certain processing or request that the processing of the personal data be restricted or blocked if you believe the personal data may not be correct, if you believe the processing is unlawful, or if you believe that Sinch no longer needs the personal data for the purposes stated in this statement.
We would like to inform you in advance that there are however two situations that even if you object, we might need to continue processing:
- This when we may need continue this processing when we are permitted or even required to do so by law. This could for example be to enable us to fulfil legal requirements, administer the employment, fulfil legal obligations, or fulfil obligations under a contract with you.
- This is when we process of your information is based on a legitimate interest and we can demonstrate compelling and legitimate reasons for such processing that overrides your privacy interest or for the establishment, exercise, or defence of legal claims.
We will of course block any information for purposes that are not covered by this. If so, we will of course inform you of this.
Right to revoke
If you have provided us or a former employer (for example SAP, ACL or Chatlayer) with consent to process or transfer certain data, you have the right to withdraw your consent under the GDPR at any time. The withdrawal of consent shall not affect the legality of the processing carried out based on the consent until such withdrawal. You can contact our Data Protection Officer (DPO) via email@example.com if you want to revoke your consent.
Right to data portability
If you request access to personal data about you that you yourself have provided and if the personal data is being processed automatically with your consent or in accordance with a contract between you and Sinch, you may request that the data is provided in a structured, commonly used and machine readable format and you may also request that the personal data is transmitted to another controller, if this is technically feasible.
How do I make use of my rights?
You can use the same contact details if you should have any questions in relation to the processing of your personal data. If you want to send our DPO something by normal mail, you can use the following address: we will ensure that our DPO gets the message.
Chatlayer BVBA – Data Protection Officer
Oudeleeuwenrui 39, first floor
2000 Antwerp (Belgium)
Please note that we may contact you and ask you to confirm your identity to ensure that we do not disclose your personal data to any unauthorized person, and that we may ask you to specify your request before we perform any actions. Once we have confirmed your identity and understood exactly what you would like, we will handle your request in accordance with applicable law.
As we already explained in the introduction: this is not a tool that is supposed to be used for personal messaging. Everyone can see everything if they just try.
We do take the appropriate measures to keep your personal data secure when we use processors, Sinch uses a data processing agreement that fulfils the requirements set by the GDPR, in combination with appropriate technical and organizational measures for the protection of the personal data. If personal data needs to be transferred to a country that offers a lower level of protection for personal data than is required by applicable law (for example USA or India), we will conclude the European Standard Contractual Clauses (that were decided upon by the European Commission) and do regular follow-ups to see whether our requirements are fulfilled. Examples of other measures that we take are:
- All data transmitted from and to our website is encrypted (HTTPS/TLS)
- Internal data security policies (password policy, BYOD policy, teleworking policy…)
- All data is stored in secure datacentres
Chatlayer is not responsible or liable to you or any third party for the content or accuracy of any user content posted by you or any other user and Chatlayer expressly disclaims any and all liability in connection with user content to the fullest extent permitted by applicable law.
7 – COOKIES
If you are using the that is on the website, please note that the website Privacy and Cookie statement is also applicable. Information about cookies can be found here: https://chatlayer.ai/privacy-policy/
8 – APPLICABLE LAW AND JURISDICTION
This Privacy and Cookie Statement is managed, interpreted and executed in accordance with the laws of Belgium which exclusively applies to every potential dispute.
9 – QUESTIONS
You wanted to know? Now you know! We however imagine that you have a lot of questions. Questions, comments and requests regarding this Statement are welcomed and should be addressed to:
Oudeleeuwenrui 39, first floor
2000 Antwerp (Belgium)
10 – Right to file a complaint
If you raise a compliant to us via our contact form or email to DPO, we will of course do our utmost best to solve the problem.
However, if you have any complaints about the way Chatlayer collects, uses and/or processes your personal data, you have the right to file a complaint with the Belgian Data Protection Authority:
Data Protection Authority
Drukpersstraat 35, 1000 Brussels,
Tel +32(0)2 274 48 00, Fax +32 (0)2 274 48 35,
However, you are always free to contact your own Data Protection Supervisory Authority that is in your own EU country.
11 – Changes to this statement
Chatlayer reserves the right to change, modify and update this Privacy Statement from time to time by posting a revised version on our website. Therefore, we recommend you regularly consult this Statement, to make sure that you are aware of any changes.