What is GDPR
General Data Protection Regulation (GDPR) is a new EU privacy data protection policy that was enacted as of May 25th, 2018.
The new policy defines more clearly what a user’s rights are when it comes to the storage, usage and management of their personal data and data rules for all companies operating in the EU, wherever they are based. For more details.
If you already know your rights, feel free to reach out to us with any requests through in app chat. Otherwise, keep reading to learn more.
Key Terminology
Data Controller
“A controller is the entity that determines the purposes, conditions and means of the processing of personal data”
In this instance chata.ai is a Data Controller.
Data Processor
“[A] processor is an entity which processes personal data on behalf of the controller”
chata.ai uses many Data Processors which can be found in the table below.
Data Subject
“A natural person whose personal data is processed by a controller or processor.”
In this instance you are the Data Subject.
Data Subject Rights
The details on each of your rights can be found here in the regulation. chata.ai’s compliance to each of the rights are explained in the sections below.
Right to be Informed
chata.ai will send a message via email to all registered customers and controllers of any breach within 72 hours of first becoming aware of the breach.
Right to Access
Our Terms of Service lay out the data that chata.ai collects on Data Subjects. By accepting these Terms you give consent to chata.ai processing your personal data. To access your personal data please send a message through our in-app help.
Right to Rectification
Your personal data can be seen and modified via the profile page of chata.ai’s web application. Any changes to data not found on this page but received as part of the Right to Access process may be changed by sending a message through our in-app help.
Right to Erasure
To be forgotten please send a message through our in-app help.
Right to Restrict Portability
All data accessed via the Right to Access section above is allowed to be transmitted to another controller.
Right to Object
You may object to our usage of your personal data by sending a message through our in-app help.
Rights related to automated decision making including profiling
chata.ai does not automatically make decision or profile users based on their personal information.
In App Help
All messages regarding GPDR compliance sent through our in-app help will create a support ticket to process your request. An appropriate response will be sent within 1 month from the receipt of the request.
Chata’s Data
Chata collects data personal data from two primary sources. These are the following:
- The Advisory Studio application
- All integrations
Advisory Studio by Chata Application Data
The Advisory Studio application stores the following personal data:
- Organization Names
- Project Names
- Email Addresses
- Full Name
- Phone Number
- Ip Address
- Location information including the following:
- Country
- Region
- City
- Zip Code
- Time Zone
- Longitude
- Latitude
Data Type | How we obtain it | Usage of the data |
Organization Name | Entered on signup | To display to user to uniquely identify organizations |
Project Name | Either entered on integration connection or retrieved from the integration | To display to the user to unique identify projects |
Email Addresses | Entered on signup | To send notifications about application activity, billing receipts and marketing material |
Full Name | Entered on signup | To personalize email communication and to identify to other users your personal content (comments, reports, etc.) |
Ip Address | Collected automatically by signing up | To obtain location data |
Location Data | Collected automatically by signing up | To fill initial billing information including tax percentage and currency. |
Chata Integration’s Data
Integration’s data is stored by Chata is used in two cases: to be displayed when relevant questions are asked and to populate project names. For more details on what each integration collects please visit their respective websites.
Security
Chata stores data securely using state of the art database technologies. Data is sent and received exclusively over SSL protected requests. Your data is backed up nightly and is available for you to access through a natural language question when required.
Data Protection Officer
Chata does not have a Data Protection Officer as it does not meet any of the two possible requirements for appointing one. These are the following:
- a public authority or body (except for courts acting in their judicial capacity);
- core activities require large scale, regular and systematic monitoring of individuals (for example, online behaviour tracking); or core activities consist of large scale processing of special categories of data or data relating to criminal convictions and offences.
Sub-Processors
Entity | Function | Country | GDPR Compliant |
Google Cloud Platform | Cloud Service | US | yes |
Zendesk Inc. | Cloud based customer service | US | yes |
Sendgrid | Cloud Based email notification | US | yes |
MongoDB Atlas | Cloud data storage Service | US | yes |
Hubspot | Cloud based CRM and Marketing automation | US | yes |
Calendly | Cloud based scheduling software | US | yes |
Chart Mogul | Cloud based subscription analytics | Germany | yes |
Google Analytics | Google service | US | yes |
Twilio | Cloud based communication platform | US | yes |
Contacting Us
If there are any questions regarding this privacy policy, you may contact us using the information below.
Chata
Suite 2100,
333-7th Ave SW
Calgary, Alberta T2P 2Z1
Canada
support@chata.ai