Welcome to the privacy Policy of Chatloop Ltd ("Chatloop")
Welcome to the Privacy Policy of Chatloop Ltd ("Chatloop"). Chatloop respects your privacy and is committed to protecting your personal data. This Privacy Policy outlines how we manage your personal data when you use our mobile application (the "App"), visit our website, or interact with our services embedded into client websites or apps within the Chatloop platform ("Chatloop platform"). It also explains your privacy rights and how the law protects you.
1.1 Purpose of this Privacy Policy
This Privacy Policy provides details on how Chatloop collects and processes your personal data through your use of our services, including creating and hosting User-Generated Content (UGC) on websites and apps within the Chatloop platform, as well as your usage of the Chatloop App. This Privacy Policy also covers data collected via embedded services on client websites and apps, where Chatloop services are integrated to facilitate content creation and interaction. This Privacy Policy supplements other notices and privacy policies and is not intended to override them.
1.2 Controller
Chatloop Ltd is the controller responsible for your personal data ("Chatloop", "we", "us", or "our"). If you have any questions about this Privacy Policy, including requests to exercise your legal rights, please contact DPO@chatloop.com.
1.3 Your Duty to Inform Us of Changes
We regularly review our Privacy Policy. This version was last updated in [August 2024]. It is important that the personal data we hold about you is accurate and current. Please keep us informed of any changes to your personal data during your relationship with us.
1.4 Third-Party Links
Our platform may include links to third-party websites, plug-ins, and applications. Clicking on these links or enabling these connections may allow third parties to collect or share data about you. We do not control these third-party websites and are not responsible for their privacy practices. When you leave our App, Portal, or website, we encourage you to read the privacy policies of every website or application you visit.
2.1 Personal Data
Personal data refers to any information about an individual from which that person can be identified. It does not include data where the identity has been removed (anonymous data). We may collect, use, store, and transfer different kinds of personal data, including:
We also collect, use, and share Aggregated Data, such as statistical or demographic data. While this data is derived from your personal data, it does not directly reveal your identity. However, if we combine or connect Aggregated Data with your personal data in a way that can directly or indirectly identify you, we treat the combined data as personal data.
2.2 Special Categories of Personal Data
We may also collect Special Categories of Personal Data about you, such as details about your race, ethnicity, religious or philosophical beliefs, sexual orientation, political opinions, trade union membership, information about your health, and genetic and biometric data, subject to your explicit consent. You have the right to withdraw this consent at any time by contacting us at DPO@chatloop.com.
2.3 Failure to Provide Personal Data
Where we need to collect personal data by law or under the terms of a contract we have with you, and you fail to provide that data when requested, we may not be able to perform the contract. For example, we may not be able to provide you with access to certain support services. In such cases, we may have to cancel the service you have with us, but we will notify you if this is the case at the time.
3.1 Data Collection Process
The collection of personal data through Chatloop’s embedded services on client websites and apps is conducted through various methods, ensuring that the data collected is necessary, lawful, and compliant with GDPR requirements.
3.2 Use of Cookies and Similar Technologies
Chatloop uses cookies, web beacons, and similar technologies to collect data automatically when users interact with the Chatloop platform or embedded services on client websites and apps. These technologies help us analyse trends, track user movements, and gather demographic information to improve our services.
4.1 Purposes for Using Your Personal Data
We will only use your personal data when the law allows us to. The most common situations in which we use your personal data include:
4.2 Change of Purpose
We will only use your personal data for the purposes for which we collected it unless we reasonably consider that we need to use it for another reason that is compatible with the original purpose. If you wish to get an explanation of how the processing for the new purpose is compatible with the original purpose, please contact us.
If we need to use your personal data for an unrelated purpose, we will notify you and explain the legal basis which allows us to do so. Please note that we may process your personal data without your knowledge or consent, in compliance with the above rules, where this is required or permitted by law.
5.1 Responsibilities of Clients Embedding Chatloop Services
When Chatloop services are embedded into client websites and apps, the client is also responsible for handling user data. While Chatloop collects and processes personal data to enable user-generated content (UGC) and other interactions, clients must ensure that their use of this data complies with their own privacy policies and applicable laws.
5.2 User Awareness
Users are encouraged to review the privacy policies of the websites and apps where Chatloop services are embedded to understand how their data may be used by those third parties.
5.3 Liability Disclaimer
Chatloop disclaims any liability for the misuse or mishandling of user data by clients who embed Chatloop services.
6.1 Data Sharing Practices
We may share your personal data with the following parties for the purposes set out in Section 4 above:
6.2 Service Providers
We work with various service providers to support the operation of our App and services. These include, but are not limited to:
• Amazon Web Services: For cloud hosting and storage.
• Zendesk Inc.: For customer support services.
• Google Firebase: For app infrastructure and development.
• Google Analytics: For data analysis and user behaviour tracking.
• Zapier Inc.: For automation of workflows and data integration.
• Posthog: For product analytics and user interaction tracking.
These service providers act as data processors on our behalf, and we ensure they process your data according to our instructions, in compliance with applicable data protection laws, and subject to strict confidentiality agreements.
6.3 Clients and Partners
We share UGC and related data with our clients and partners who operate websites and apps within the Chatloop platform. This sharing enables the display and management of UGC on their platforms. Please review the privacy policies of these clients and partners to understand how they may use your data.
6.4 Analytics and Advertising Partners
To improve our services and deliver relevant content and advertisements, we work with analytics and advertising partners. These partners help us understand user behaviour and preferences, enabling us to tailor our services and marketing efforts. While much of this data is aggregated or anonymised, any identifiable data is protected by strict privacy controls.
6.5 Legal and Regulatory Authorities
We may disclose your personal data to legal and regulatory authorities when required to do so by law, to enforce our legal rights, or to comply with legal processes such as subpoenas or court orders. We will only disclose the minimum necessary data to comply with these legal obligations.
6.6 Business Transfers
In the event of a merger, acquisition, sale of assets, or any other business transaction involving a change of ownership, your personal data may be transferred to the new owners or involved parties. We will ensure that your data continues to be protected and that you are informed of any significant changes to how your data is handled.
6.7 Affiliates and Subsidiaries
We may share your personal data with our affiliates and subsidiaries to provide integrated services and shared resources. These entities are bound by the same data protection and privacy practices as Chatloop.
6.8 Other Third Parties
With your prior consent, we may share your data with other third parties for specific purposes not covered above. We will always seek your explicit consent before sharing your data in such cases.
6.9 Data Security and Confidentiality
All third parties with whom we share your data are required to respect the security and confidentiality of your personal data and to process it in accordance with the law. We do not allow our service providers or other third parties to use your personal data for their own purposes and only permit them to process your personal data for specified purposes and in accordance with our instructions.
7.1 Cross-Border Data Transfers
Some of our external third parties are based outside the UK, so their processing of your personal data will involve a transfer of data outside the UK. Whenever we transfer your personal data out of the UK, we ensure a similar degree of protection by implementing at least one of the following safeguards:
• We will only transfer your personal data to countries that have been deemed to provide an adequate level of protection for personal data by the UK government.
• Where a country does not have an adequate level of protection, we will ensure that a binding agreement is in place with that third party, complying with data protection laws.
7.2 User Rights in Cross-Border Transfers
Users have the right to request further information on the specific safeguards applied to their data when it is transferred outside their jurisdiction. Such requests can be made to DPO@chatloop.com.
8.1 Data Security Measures
Chatloop takes data security seriously and has implemented robust measures to protect personal data from unauthorised access, loss, or disclosure.
• Technical and Organisational Measures: These include encryption, secure data storage, regular security audits, access controls, and staff training on data protection principles.
• Security Certifications: Where applicable, Chatloop may hold certifications or adhere to recognised standards to demonstrate its commitment to data security.
8.2 Breach Notification Procedures
In the event of a data breach that poses a risk to the rights and freedoms of individuals, Chatloop will notify affected users and the relevant supervisory authorities in accordance with GDPR requirements.
• Notification Timeline: Affected users will be notified without undue delay, typically within 72 hours of Chatloop becoming aware of the breach.
• Content of Notification: The notification will include details about the nature of the breach, the data involved, the potential consequences, and the measures taken to mitigate the breach.
9.1 Retention of User-Generated Content
Chatloop retains UGC and associated personal data for as long as it is necessary to fulfil the purposes for which it was collected, including for the provision of services, compliance with legal obligations, and protection of Chatloop’s legitimate interests.
• Retention Periods: Different types of data have specific retention periods based on their purpose. For example, UGC may be retained as long as it remains relevant to the services provided or for as long as necessary to comply with legal requirements.
9.2 User Control Over Data
Users have control over their data and can request its deletion or modification at any time.
• Data Deletion: Users can request the deletion of their UGC and personal data by contacting customer support. Chatloop will comply with such requests unless the data is required to be retained for legal or contractual reasons.
• Retention of Metadata: In some cases, metadata (such as anonymised data related to the interaction with the content) may be retained even after the deletion of UGC for analytics and service improvement purposes, but this data will not be identifiable to any specific user.
10.1 Explicit Consent for Data Collection and Display
Users must provide explicit consent before any data is collected, used, or displayed publicly on platforms where Chatloop is embedded. This includes consent for the collection of personal data, such as names, email addresses, and any content that users create or submit (e.g., reviews, comments, and ratings).
• Public Display of Content: Users are informed that their UGC, including any associated personal data, may be displayed publicly on the website or app where Chatloop services are embedded. This includes the possibility that usernames, profile pictures, or other identifiers may be visible to other users and visitors.
• Opt-In Mechanism: Consent is obtained through clear opt-in mechanisms, such as checkboxes during account creation or content submission. Users must actively choose to agree to the terms before their data is processed or displayed.
10.2 Withdrawal of Consent
Users have the right to withdraw their consent at any time. If consent is withdrawn, Chatloop and the client will cease processing the user's data for the purposes outlined. The user’s content may be removed from public display, and their account may be deactivated if necessary. Withdrawal of consent does not affect the lawfulness of processing based on consent before its withdrawal.
11.1 Anonymisation of User Data
Where feasible, Chatloop anonymises user data to enhance privacy. Anonymisation involves removing or altering information so that it can no longer be used to identify an individual. For example, Chatloop may display only a user’s first name or a pseudonym in public content, rather than their full name or personal identifiers.
• Anonymised Display: Anonymised data may be used for displaying reviews, comments, and other UGC to ensure that the user's identity is protected while still allowing their content to be publicly accessible.
11.2 Pseudonymisation for Internal Processing
For internal analytics and data processing purposes, Chatloop may apply pseudonymisation techniques. This means that personal data is processed in such a way that it can no longer be attributed to a specific individual without the use of additional information, which is kept separately and protected.
• Purpose of Pseudonymisation: Pseudonymisation helps reduce the risks associated with data processing and ensures compliance with GDPR's data protection principles, particularly in scenarios where data is shared with third parties for analysis or improvement of services.
12.1 Automated Moderation Tools
Chatloop may use automated tools to moderate UGC. These tools can detect and remove content that violates community guidelines, is inappropriate, or breaches legal standards.
Chatloop may auto moderate content, site owners are responsible for approving all content before it will appear on their website. Chatloop is not liable for any inappropriate or undesired content made visible by the website owner on their website.
• User Notification: Users are informed that their content is subject to automated moderation. In cases where content is removed or flagged by automated systems, users have the right to request a review by a human moderator.
12.2 Profiling for Personalisation
If profiling is used to personalise content or services, Chatloop will inform users how this profiling works, what data is used, and how users can opt out of such practices.
• Impact of Profiling: Users are informed about the potential impacts of profiling, including how it may affect the content they see or the services they receive. Users have the right to object to profiling practices.
13.1 Rights to Access, Correct, and Port Data
Users have the right to access the personal data Chatloop holds about them. This includes the right to:
• Access Data: Request a copy of the personal data held about them.
• Correct Data: Request correction of any inaccurate or incomplete data.
• Port Data: Request transfer of their data to another service provider in a structured, commonly used, machine-readable format.
13.2 Exercising User Rights
Users can exercise these rights by contacting Chatloop’s data protection officer (DPO) at DPO@chatloop.com. Chatloop will respond to such requests within one month, although this period may be extended by two further months if the request is complex or numerous.
13.3 Handling of Sensitive Content
If users upload sensitive content (such as health information or personal experiences), they are informed about how this content will be protected and their rights to control its dissemination.
14.1 Age Restrictions
Chatloop enforces strict age restrictions, requiring users to be at least 18 years and 1 month old to use its services, and we do not knowingly collect data from children. If Chatloop discovers that it has inadvertently collected data from a child under this age, the data will be deleted promptly.
14.2 Parental Controls and Consent
For websites owned by clients likely to attract minors, Chatloop may implement parental consent mechanisms. Parents or guardians may be required to verify their identity and provide consent for their child’s use of the service.
14.3 Marketing Communications
Users may receive marketing communications from Chatloop if they have opted in to such communications. Users can opt out at any time by following the unsubscribe instructions in the emails or by contacting Chatloop directly.Parental Consent for Minors: If minors are involved, additional parental consent may be required for marketing communications to be sent.
15.1 Intellectual Property Rights
Users retain the ownership of the intellectual property rights to their UGC. However, by submitting content through Chatloop services, users grant Chatloop and its clients a non-exclusive, worldwide, royalty-free licence to use, display, distribute, and modify the content for the purposes of providing and improving services.
• Licence Scope: This licence includes the right to display the content on the websites and apps where Chatloop services are embedded, as well as in any marketing or promotional materials related to Chatloop’s services.
15.2 Responsibility for Copyright Adherence
Users are responsible for ensuring that any content they submit does not infringe on the intellectual property rights of third parties. Chatloop is not liable for any copyright violations committed by users
• User Warranties: By submitting content, users warrant that they have the necessary rights and permissions to grant the licence described above.
16.1 Policy Updates
We may update this Privacy Policy from time to time. We will notify you of significant changes by posting the new policy on our website and/or App and updating the date at the top of the policy.
16.2 User Notification
If we make significant changes that affect how your personal data is handled, we will notify you directly through the contact information provided or through a prominent notice on our platform.
17.1 Contact Information
If you have any questions or concerns about this Privacy Policy or our data practices, please contact us at DPO@chatloop.com.
17.2 Supervisory Authority
You have the right to lodge a complaint with the Information Commissioner’s Office (ICO) if you believe that your data protection rights have been violated. However, we would appreciate the chance to address your concerns directly before you approach the ICO, so please contact us first.
18.1 GDPR Compliance
Chatloop complies with the General Data Protection Regulation (GDPR) for users residing in the European Economic Area (EEA). This includes adhering to data protection principles such as lawfulness, fairness, transparency, data minimisation, accuracy, storage limitation, integrity, and confidentiality.
18.2 Legal Basis for Processing
The legal bases for processing personal data under GDPR include consent, performance of a contract, compliance with legal obligations, protection of vital interests, and legitimate interests pursued by Chatloop or third parties.
18.3 Data Transfers
When transferring personal data outside the EEA, Chatloop ensures that appropriate safeguards, such as standard contractual clauses, are in place to protect the data.
18.4 Your Rights Under GDPR
EEA residents have additional rights under GDPR, including the right to data portability, the right to be forgotten, and the right to restrict or object to processing.
19.1 Data Portability
Users have the right to receive the personal data they have provided to Chatloop in a structured, commonly used, machine-readable format and have the right to transmit that data to another controller.
19.2 Data Access
Users have the right to access their personal data and to request a copy of the information that Chatloop holds about them. This request can be made by contacting DPO@chatloop.com.
20.1 Filing a Complaint
If you believe that Chatloop has not adhered to this Privacy Policy or violated your rights under applicable data protection laws, you have the right to file a complaint.
20.2 Dispute Resolution Process
Chatloop is committed to resolving any complaints about its data practices. Complaints can be filed by contacting DPO@chatloop.com. We aim to respond to and resolve complaints promptly.
21.1 Collection of Sensitive Data
Chatloop may collect special categories of personal data (sensitive data) only when absolutely necessary and with your explicit consent. This includes data related to race, religion, sexual orientation, and health.
21.2 Protection of Sensitive Data
Special categories of personal data are handled with the highest level of security and confidentiality. Chatloop ensures that appropriate safeguards are in place to protect this data from unauthorised access and misuse.
22.1 Overview
Chatloop uses automated decision-making processes and profiling in certain instances, such as content moderation and personalisation of services.
22.2 User Rights
Users have the right to opt out of automated decision-making and profiling if it significantly affects them. Users can request a manual review of decisions made by automated processes.
22.3 Transparency
Chatloop provides transparency regarding the logic involved in automated decision-making and profiling, as well as the significance and potential consequences of such processing for the user.
