Chatloop™ Privacy Policy

Introduction

Welcome to the privacy Policy of Chatloop Ltd ("Chatloop")

Welcome to the Privacy Policy of Chatloop Ltd ("Chatloop"). Chatloop respects your privacy and is committed to protecting your personal data. This Privacy Policy outlines how we manage your personal data when you use our mobile application (the "App"), visit our website, or interact with our services embedded into client websites or apps within the Chatloop platform ("Chatloop platform"). It also explains your privacy rights and how the law protects you.

1. Important Information and Who We Are

1.1 Purpose of this Privacy Policy

This Privacy Policy provides details on how Chatloop collects and processes your personal data through your use of our services, including creating and hosting User-Generated Content (UGC) on websites and apps within the Chatloop platform, as well as your usage of the Chatloop App. This Privacy Policy also covers data collected via embedded services on client websites and apps, where Chatloop services are integrated to facilitate content creation and interaction. This Privacy Policy supplements other notices and privacy policies and is not intended to override them.

1.2 Controller

Chatloop Ltd is the controller responsible for your personal data ("Chatloop", "we", "us", or "our"). If you have any questions about this Privacy Policy, including requests to exercise your legal rights, please contact DPO@chatloop.com.

1.3 Your Duty to Inform Us of Changes

We regularly review our Privacy Policy. This version was last updated in [August 2024]. It is important that the personal data we hold about you is accurate and current. Please keep us informed of any changes to your personal data during your relationship with us.

1.4 Third-Party Links

Our platform may include links to third-party websites, plug-ins, and applications. Clicking on these links or enabling these connections may allow third parties to collect or share data about you. We do not control these third-party websites and are not responsible for their privacy practices. When you leave our App, Portal, or website, we encourage you to read the privacy policies of every website or application you visit.

2. The Data We Collect About You

2.1 Personal Data

Personal data refers to any information about an individual from which that person can be identified. It does not include data where the identity has been removed (anonymous data). We may collect, use, store, and transfer different kinds of personal data, including:

Data Types Chart
Type of Data Description
UGC Data Information you provide when you create content such as reviews, pictures, videos, comments, or ratings on websites and apps within the Chatloop platform, including via services embedded in client websites and apps. This also includes metadata associated with this content, such as timestamps and location data, if applicable.
Identity Data Includes first name, last name, username, and other identifiers you use when creating content or an account with Chatloop, including when using embedded services on client websites or apps.
Contact Data Includes email address and telephone numbers.
Profile Data Includes your username and password, content preferences, and feedback.
Technical Data Includes IP address, login data, browser type, operating system, time zone settings, and other technical information collected when you interact with the Chatloop platform, including when browsing or creating content on client websites and apps where Chatloop services are embedded.
Usage Data Includes information about how you use our App and services, including content creation and interaction patterns on the Chatloop platform and embedded services on client websites and apps.

We also collect, use, and share Aggregated Data, such as statistical or demographic data. While this data is derived from your personal data, it does not directly reveal your identity. However, if we combine or connect Aggregated Data with your personal data in a way that can directly or indirectly identify you, we treat the combined data as personal data.

2.2 Special Categories of Personal Data

We may also collect Special Categories of Personal Data about you, such as details about your race, ethnicity, religious or philosophical beliefs, sexual orientation, political opinions, trade union membership, information about your health, and genetic and biometric data, subject to your explicit consent. You have the right to withdraw this consent at any time by contacting us at DPO@chatloop.com.

2.3 Failure to Provide Personal Data

Where we need to collect personal data by law or under the terms of a contract we have with you, and you fail to provide that data when requested, we may not be able to perform the contract. For example, we may not be able to provide you with access to certain support services. In such cases, we may have to cancel the service you have with us, but we will notify you if this is the case at the time.

3. How Your Personal Data Is Collected

3.1 Data Collection Process

The collection of personal data through Chatloop’s embedded services on client websites and apps is conducted through various methods, ensuring that the data collected is necessary, lawful, and compliant with GDPR requirements.

Data Collection Methods Chart
Collection Method Details
Direct Interactions You may provide us with your Identity, Contact, UGC, and Profile Data by filling in forms, creating content, or interacting with our App or embedded services on client websites and apps. This includes personal data you provide when you create and submit UGC, create an account or log in, or provide feedback or contact us.
Automated Technologies We use cookies, server logs, and other technologies to collect Technical and Usage Data. This data helps us understand how you use the Chatloop platform and App, including services embedded in client websites and apps, and improve our services.
Third-Party Sources We may receive personal data about you from third parties, including social media platforms, if you have agreed to share your data with us. We may also collect data from clients who embed our services on their websites and apps, which could include your interactions with UGC on those platforms.

3.2 Use of Cookies and Similar Technologies

Chatloop uses cookies, web beacons, and similar technologies to collect data automatically when users interact with the Chatloop platform or embedded services on client websites and apps. These technologies help us analyse trends, track user movements, and gather demographic information to improve our services.

4. How We Use Your Personal Data

4.1 Purposes for Using Your Personal Data

We will only use your personal data when the law allows us to. The most common situations in which we use your personal data include:

Data Processing Purposes Chart
Purpose/Activity Type of Data Lawful Basis for Processing Legitimate Interests
To register you as a new user Identity Data, Contact Data Performance of a contract with you N/A
To manage your account, including enabling UGC creation Identity Data, Profile Data, UGC Data Performance of a contract with you N/A
To process and deliver your service requests Identity Data, Contact Data, Financial Data, Transaction Data Performance of a contract with you N/A
To manage our relationship with you, including notifications and updates Identity Data, Contact Data, Profile Data, Marketing and Communications Data Performance of a contract with you; Compliance with legal obligations; Legitimate interests Keeping records updated; understanding how users engage with our services
To administer and protect our network, App, and services Identity Data, Technical Data Legitimate interests Running our business, provision of administration and IT services, network security, fraud prevention
To deliver relevant content and advertisements Identity Data, Profile Data, Usage Data, Marketing and Communications Data Legitimate interests Understanding how users interact with our services to develop them, grow our business, and inform our marketing strategy
To use data analytics to improve our services Technical Data, Usage Data Legitimate interests Improving our services, App, user experience, and marketing strategies
To comply with legal requirements Identity Data, Contact Data, Financial Data, Transaction Data Compliance with a legal obligation N/A
To personalise your experience Identity Data, Profile Data, UGC Data Legitimate interests Providing a better user experience tailored to your preferences

4.2 Change of Purpose

We will only use your personal data for the purposes for which we collected it unless we reasonably consider that we need to use it for another reason that is compatible with the original purpose. If you wish to get an explanation of how the processing for the new purpose is compatible with the original purpose, please contact us.

If we need to use your personal data for an unrelated purpose, we will notify you and explain the legal basis which allows us to do so. Please note that we may process your personal data without your knowledge or consent, in compliance with the above rules, where this is required or permitted by law.

5. Client Data Handling Responsibilities

5.1 Responsibilities of Clients Embedding Chatloop Services

When Chatloop services are embedded into client websites and apps, the client is also responsible for handling user data. While Chatloop collects and processes personal data to enable user-generated content (UGC) and other interactions, clients must ensure that their use of this data complies with their own privacy policies and applicable laws.

5.2 User Awareness

Users are encouraged to review the privacy policies of the websites and apps where Chatloop services are embedded to understand how their data may be used by those third parties.

5.3 Liability Disclaimer

Chatloop disclaims any liability for the misuse or mishandling of user data by clients who embed Chatloop services.

6. Disclosures of Your Personal Data

6.1 Data Sharing Practices

We may share your personal data with the following parties for the purposes set out in Section 4 above:

Data Sharing Recipients Chart
Recipient Purpose for Sharing Types of Data Shared Additional Details
Service Providers To support our operations by providing services such as hosting, data analysis, IT infrastructure, and customer support. Identity Data, Contact Data, Technical Data, UGC Data, Financial Data Service providers are required to process data in accordance with our instructions and subject to confidentiality agreements.
Clients and Partners To enable the hosting, display, and management of UGC on their websites and apps. UGC Data, Identity Data Clients may use UGC in accordance with their own privacy policies; please review those policies for more details.
Analytics and Advertising Partners To analyse usage data, improve services, and deliver targeted advertisements based on user behaviour and preferences. Usage Data, Technical Data, Profile Data Data shared with these partners is often aggregated or anonymised; identifiable data is subject to strict privacy controls.
Legal and Regulatory Authorities To comply with legal obligations, enforce our rights, and respond to legal processes such as subpoenas or court orders. Identity Data, Contact Data, Financial Data, Transaction Data We will only disclose what is necessary to comply with legal requirements or protect our rights and users' safety.
Business Transfer Recipients In the event of a merger, acquisition, sale of assets, or other business transaction, your data may be transferred. All data types relevant to the transaction, such as Identity Data, Contact Data, Financial Data, UGC Data You will be notified of any significant changes to how your data is handled.
Affiliates and Subsidiaries To provide integrated services and shared resources within the Chatloop corporate group. Identity Data, Contact Data, Technical Data, UGC Data, Financial Data Data shared within the group is subject to the same level of protection and privacy practices outlined in this policy.
Other Third Parties With your prior consent, we may share your data for specific purposes not covered above. Any relevant data based on the specific purpose We will always seek your explicit consent before sharing your data with third parties not listed here.

6.2 Service Providers

We work with various service providers to support the operation of our App and services. These include, but are not limited to:

• Amazon Web Services: For cloud hosting and storage.
• Zendesk Inc.: For customer support services.
• Google Firebase: For app infrastructure and development.
• Google Analytics: For data analysis and user behaviour tracking.
• Zapier Inc.: For automation of workflows and data integration.
• Posthog: For product analytics and user interaction tracking.

These service providers act as data processors on our behalf, and we ensure they process your data according to our instructions, in compliance with applicable data protection laws, and subject to strict confidentiality agreements.

6.3 Clients and Partners

We share UGC and related data with our clients and partners who operate websites and apps within the Chatloop platform. This sharing enables the display and management of UGC on their platforms. Please review the privacy policies of these clients and partners to understand how they may use your data.

6.4 Analytics and Advertising Partners

To improve our services and deliver relevant content and advertisements, we work with analytics and advertising partners. These partners help us understand user behaviour and preferences, enabling us to tailor our services and marketing efforts. While much of this data is aggregated or anonymised, any identifiable data is protected by strict privacy controls.

6.5 Legal and Regulatory Authorities

We may disclose your personal data to legal and regulatory authorities when required to do so by law, to enforce our legal rights, or to comply with legal processes such as subpoenas or court orders. We will only disclose the minimum necessary data to comply with these legal obligations.

6.6 Business Transfers

In the event of a merger, acquisition, sale of assets, or any other business transaction involving a change of ownership, your personal data may be transferred to the new owners or involved parties. We will ensure that your data continues to be protected and that you are informed of any significant changes to how your data is handled.

6.7 Affiliates and Subsidiaries

We may share your personal data with our affiliates and subsidiaries to provide integrated services and shared resources. These entities are bound by the same data protection and privacy practices as Chatloop.

6.8 Other Third Parties

With your prior consent, we may share your data with other third parties for specific purposes not covered above. We will always seek your explicit consent before sharing your data in such cases.

6.9 Data Security and Confidentiality

All third parties with whom we share your data are required to respect the security and confidentiality of your personal data and to process it in accordance with the law. We do not allow our service providers or other third parties to use your personal data for their own purposes and only permit them to process your personal data for specified purposes and in accordance with our instructions.

7. International Transfers and Safeguards

7.1 Cross-Border Data Transfers

Some of our external third parties are based outside the UK, so their processing of your personal data will involve a transfer of data outside the UK. Whenever we transfer your personal data out of the UK, we ensure a similar degree of protection by implementing at least one of the following safeguards:

• We will only transfer your personal data to countries that have been deemed to provide an adequate level of protection for personal data by the UK government.

• Where a country does not have an adequate level of protection, we will ensure that a binding agreement is in place with that third party, complying with data protection laws.

7.2 User Rights in Cross-Border Transfers

Users have the right to request further information on the specific safeguards applied to their data when it is transferred outside their jurisdiction. Such requests can be made to DPO@chatloop.com.

8. Data Security and Breach Notification

8.1 Data Security Measures

Chatloop takes data security seriously and has implemented robust measures to protect personal data from unauthorised access, loss, or disclosure.

Technical and Organisational Measures: These include encryption, secure data storage, regular security audits, access controls, and staff training on data protection principles.

Security Certifications: Where applicable, Chatloop may hold certifications or adhere to recognised standards to demonstrate its commitment to data security.

8.2 Breach Notification Procedures

In the event of a data breach that poses a risk to the rights and freedoms of individuals, Chatloop will notify affected users and the relevant supervisory authorities in accordance with GDPR requirements.

Notification Timeline: Affected users will be notified without undue delay, typically within 72 hours of Chatloop becoming aware of the breach.

Content of Notification: The notification will include details about the nature of the breach, the data involved, the potential consequences, and the measures taken to mitigate the breach.

9. Data Retention and User Control

9.1 Retention of User-Generated Content

Chatloop retains UGC and associated personal data for as long as it is necessary to fulfil the purposes for which it was collected, including for the provision of services, compliance with legal obligations, and protection of Chatloop’s legitimate interests.

Retention Periods: Different types of data have specific retention periods based on their purpose. For example, UGC may be retained as long as it remains relevant to the services provided or for as long as necessary to comply with legal requirements.

9.2 User Control Over Data

Users have control over their data and can request its deletion or modification at any time.

Data Deletion: Users can request the deletion of their UGC and personal data by contacting customer support. Chatloop will comply with such requests unless the data is required to be retained for legal or contractual reasons.

Retention of Metadata: In some cases, metadata (such as anonymised data related to the interaction with the content) may be retained even after the deletion of UGC for analytics and service improvement purposes, but this data will not be identifiable to any specific user.

10. User Consent and Content Display

10.1 Explicit Consent for Data Collection and Display

Users must provide explicit consent before any data is collected, used, or displayed publicly on platforms where Chatloop is embedded. This includes consent for the collection of personal data, such as names, email addresses, and any content that users create or submit (e.g., reviews, comments, and ratings).

Public Display of Content: Users are informed that their UGC, including any associated personal data, may be displayed publicly on the website or app where Chatloop services are embedded. This includes the possibility that usernames, profile pictures, or other identifiers may be visible to other users and visitors.

Opt-In Mechanism: Consent is obtained through clear opt-in mechanisms, such as checkboxes during account creation or content submission. Users must actively choose to agree to the terms before their data is processed or displayed.

10.2 Withdrawal of Consent

Users have the right to withdraw their consent at any time. If consent is withdrawn, Chatloop and the client will cease processing the user's data for the purposes outlined. The user’s content may be removed from public display, and their account may be deactivated if necessary. Withdrawal of consent does not affect the lawfulness of processing based on consent before its withdrawal.

11. Data Anonymisation and Pseudonymisation

11.1 Anonymisation of User Data

Where feasible, Chatloop anonymises user data to enhance privacy. Anonymisation involves removing or altering information so that it can no longer be used to identify an individual. For example, Chatloop may display only a user’s first name or a pseudonym in public content, rather than their full name or personal identifiers.

• Anonymised Display: Anonymised data may be used for displaying reviews, comments, and other UGC to ensure that the user's identity is protected while still allowing their content to be publicly accessible.

11.2 Pseudonymisation for Internal Processing

For internal analytics and data processing purposes, Chatloop may apply pseudonymisation techniques. This means that personal data is processed in such a way that it can no longer be attributed to a specific individual without the use of additional information, which is kept separately and protected.

• Purpose of Pseudonymisation: Pseudonymisation helps reduce the risks associated with data processing and ensures compliance with GDPR's data protection principles, particularly in scenarios where data is shared with third parties for analysis or improvement of services.

12. Automated Decision-Making and Profiling

12.1 Automated Moderation Tools

Chatloop may use automated tools to moderate UGC. These tools can detect and remove content that violates community guidelines, is inappropriate, or breaches legal standards.

Chatloop may auto moderate content, site owners are responsible for approving all content before it will appear on their website. Chatloop is not liable for any inappropriate or undesired content made visible by the website owner on their website.

• User Notification: Users are informed that their content is subject to automated moderation. In cases where content is removed or flagged by automated systems, users have the right to request a review by a human moderator.

12.2 Profiling for Personalisation

If profiling is used to personalise content or services, Chatloop will inform users how this profiling works, what data is used, and how users can opt out of such practices.

Impact of Profiling: Users are informed about the potential impacts of profiling, including how it may affect the content they see or the services they receive. Users have the right to object to profiling practices.

13. Your Legal Rights

13.1 Rights to Access, Correct, and Port Data

Users have the right to access the personal data Chatloop holds about them. This includes the right to:

• Access Data: Request a copy of the personal data held about them.
• Correct Data: Request correction of any inaccurate or incomplete data.
Port Data: Request transfer of their data to another service provider in a structured, commonly used, machine-readable format.

13.2 Exercising User Rights

Users can exercise these rights by contacting Chatloop’s data protection officer (DPO) at DPO@chatloop.com. Chatloop will respond to such requests within one month, although this period may be extended by two further months if the request is complex or numerous.

13.3 Handling of Sensitive Content

If users upload sensitive content (such as health information or personal experiences), they are informed about how this content will be protected and their rights to control its dissemination.

14. Minors, Parental Consent, and Marketing Communications

14.1 Age Restrictions

Chatloop enforces strict age restrictions, requiring users to be at least 18 years and 1 month old to use its services, and we do not knowingly collect data from children. If Chatloop discovers that it has inadvertently collected data from a child under this age, the data will be deleted promptly.

14.2 Parental Controls and Consent

For websites owned by clients likely to attract minors, Chatloop may implement parental consent mechanisms. Parents or guardians may be required to verify their identity and provide consent for their child’s use of the service.

14.3 Marketing Communications

Users may receive marketing communications from Chatloop if they have opted in to such communications. Users can opt out at any time by following the unsubscribe instructions in the emails or by contacting Chatloop directly.Parental Consent for Minors: If minors are involved, additional parental consent may be required for marketing communications to be sent.

15. IP Ownership and User-Generated Content

15.1 Intellectual Property Rights

Users retain the ownership of the intellectual property rights to their UGC. However, by submitting content through Chatloop services, users grant Chatloop and its clients a non-exclusive, worldwide, royalty-free licence to use, display, distribute, and modify the content for the purposes of providing and improving services.

• Licence Scope: This licence includes the right to display the content on the websites and apps where Chatloop services are embedded, as well as in any marketing or promotional materials related to Chatloop’s services.

15.2 Responsibility for Copyright Adherence

Users are responsible for ensuring that any content they submit does not infringe on the intellectual property rights of third parties. Chatloop is not liable for any copyright violations committed by users

• User Warranties: By submitting content, users warrant that they have the necessary rights and permissions to grant the licence described above.

16. Changes to this Privacy Policy

16.1 Policy Updates

We may update this Privacy Policy from time to time. We will notify you of significant changes by posting the new policy on our website and/or App and updating the date at the top of the policy.

16.2 User Notification

If we make significant changes that affect how your personal data is handled, we will notify you directly through the contact information provided or through a prominent notice on our platform.

17. Contact Us

17.1 Contact Information

If you have any questions or concerns about this Privacy Policy or our data practices, please contact us at DPO@chatloop.com.

17.2 Supervisory Authority

You have the right to lodge a complaint with the Information Commissioner’s Office (ICO) if you believe that your data protection rights have been violated. However, we would appreciate the chance to address your concerns directly before you approach the ICO, so please contact us first.

18. Additional Information for European Economic Area Residents

18.1 GDPR Compliance

Chatloop complies with the General Data Protection Regulation (GDPR) for users residing in the European Economic Area (EEA). This includes adhering to data protection principles such as lawfulness, fairness, transparency, data minimisation, accuracy, storage limitation, integrity, and confidentiality.

18.2 Legal Basis for Processing

The legal bases for processing personal data under GDPR include consent, performance of a contract, compliance with legal obligations, protection of vital interests, and legitimate interests pursued by Chatloop or third parties.

18.3 Data Transfers

When transferring personal data outside the EEA, Chatloop ensures that appropriate safeguards, such as standard contractual clauses, are in place to protect the data.

18.4 Your Rights Under GDPR

EEA residents have additional rights under GDPR, including the right to data portability, the right to be forgotten, and the right to restrict or object to processing.

19. Data Portability and Accessibility

19.1 Data Portability

Users have the right to receive the personal data they have provided to Chatloop in a structured, commonly used, machine-readable format and have the right to transmit that data to another controller.

19.2 Data Access

Users have the right to access their personal data and to request a copy of the information that Chatloop holds about them. This request can be made by contacting DPO@chatloop.com.

20. Complaints and Dispute Resolution

20.1 Filing a Complaint

If you believe that Chatloop has not adhered to this Privacy Policy or violated your rights under applicable data protection laws, you have the right to file a complaint.

20.2 Dispute Resolution Process

Chatloop is committed to resolving any complaints about its data practices. Complaints can be filed by contacting DPO@chatloop.com. We aim to respond to and resolve complaints promptly.

21. Special Categories of Personal Data

21.1 Collection of Sensitive Data

Chatloop may collect special categories of personal data (sensitive data) only when absolutely necessary and with your explicit consent. This includes data related to race, religion, sexual orientation, and health.

21.2 Protection of Sensitive Data

Special categories of personal data are handled with the highest level of security and confidentiality. Chatloop ensures that appropriate safeguards are in place to protect this data from unauthorised access and misuse.

22. Automated Decision-Making and Profiling

22.1 Overview

Chatloop uses automated decision-making processes and profiling in certain instances, such as content moderation and personalisation of services.

22.2 User Rights

Users have the right to opt out of automated decision-making and profiling if it significantly affects them. Users can request a manual review of decisions made by automated processes.

22.3 Transparency

Chatloop provides transparency regarding the logic involved in automated decision-making and profiling, as well as the significance and potential consequences of such processing for the user.