At ChatPandas, we are committed to protecting the personal data of our customers and complying with the General Data Protection Regulation (GDPR). This policy outlines how we collect, use, and protect your personal data in accordance with the GDPR.
Data Controller and Data Protection Officer:
ChatPandas is the data controller responsible for collecting and processing your personal data. Our designated Data Protection Officer (DPO) ensures that we comply with GDPR requirements and can be contacted at [email protected]. Our DPO is responsible for overseeing data protection activities within our organization, including monitoring compliance with GDPR requirements, providing advice on data protection issues, and cooperating with data protection authorities.
They are also responsible for reviewing and updating our GDPR compliance policy as necessary to ensure that our data processing activities continue to comply with GDPR requirements. You can contact our DPO at any time if you have any questions or concerns about how we handle your personal data.
Types of Data Collected:
We collect and process personal data such as your name, email address, phone number, and payment information. We may also collect non-personal information such as IP addresses and device information. In addition to personal data, we may also collect special categories of personal data such as health information or biometric data if required by law or with your explicit consent. We only collect the minimum necessary data for the purpose of providing our services and do not process any data that is not relevant to our business activities.
Legal Basis for Processing Data:
We only collect and process personal data with a lawful basis, such as obtaining consent or fulfilling contractual obligations. We also ensure that the data collected is necessary for the purpose for which it was collected. Additionally, we may process personal data based on our legitimate interests, such as improving our services, detecting and preventing fraud, or ensuring network and information security. We always balance our legitimate interests with the rights and freedoms of the data subjects and take necessary measures to protect their privacy.
Data Subject Rights:
As a data subject, you have several rights under GDPR, including the right to access, rectify, erase, restrict, and object to the processing of your personal data. You can exercise these rights by contacting our DPO. You also have the right to receive your personal data in a structured, commonly used, and machine-readable format and to transmit that data to another controller. We aim to respond to any data subject requests within one month and will provide reasons if we cannot comply with your request. If you are not satisfied with our response, you have the right to file a complaint with the relevant supervisory authority.
Data Security Measures:
We implement appropriate technical and organizational measures to protect your personal data against accidental or unlawful destruction, loss, alteration, unauthorized disclosure or access. Some of the security measures we implement include using encryption, firewalls, access controls, and regular security audits. We also ensure that our employees and third-party providers who handle personal data are trained on data protection laws and confidentiality requirements. In case of a security breach, we have procedures in place to investigate and report the incident to the appropriate authorities and affected individuals.
Data Breach Notification:
In the event of a personal data breach, we will notify affected individuals and the relevant authorities within 72 hours of becoming aware of the breach. We have an incident response plan in place to promptly respond to and contain any data breach. We conduct regular training and awareness programs for our employees to ensure that they understand their responsibilities in protecting personal data and identifying and reporting any potential breaches. We also regularly review and update our security measures to ensure they are effective in preventing and detecting breaches.
Data Processing Agreements with Third-Party Providers:
We ensure that our third-party providers comply with GDPR requirements by entering into Data Processing Agreements (DPAs) with them. These DPAs set out the specific terms and conditions of the processing of personal data by the third-party provider on our behalf. We also ensure that our third- party providers implement appropriate technical and organizational measures to protect your personal data. We regularly review our relationships with third-party providers to ensure compliance with GDPR requirements.
International Data Transfers:
If we transfer your personal data outside the European Economic Area, we ensure that appropriate safeguards are in place to protect your data, such as Standard Contractual Clauses. We may also transfer personal data to countries that have been deemed to provide an adequate level of protection by the European Commission. If you have any questions or concerns about international data transfers, please contact our DPO.
Retention of Personal Data:
We retain your personal data only for as long as necessary to provide our services and comply with legal requirements. We periodically review our retention policies to ensure that we are not retaining personal data for longer than necessary.
In certain cases, we may be required to retain your personal data for a longer period to comply with legal obligations, resolve disputes, or enforce our agreements. Once we no longer need your personal data, we will securely delete or anonymize it to prevent unauthorized access or use.
Complaints and Dispute Resolution:
If you have a complaint or dispute related to our processing of your personal data, please contact our DPO. If we are unable to resolve the issue, you may also contact the relevant data protection authority. We take all complaints seriously and will investigate them thoroughly.
We will also take appropriate remedial measures to address any issues identified during the investigation. We are committed to resolving any complaints or disputes related to the processing of personal data in a fair and efficient manner.
Changes to the GDPR Compliance Policy:
We may update this policy from time to time. We will notify you of any changes by posting the updated policy on our website. Your continued use of our services after the policy change constitutes acceptance of the updated policy.
International Data Transfers:
We encourage you to review this policy periodically to stay informed about our data processing practices. If you have any questions or concerns about this policy or our GDPR compliance practices, please contact our DPO at [email protected].