Last updated August 23, 2023
This privacy notice for Assista Inc (‘Assista’, 'Company', 'we', 'us', or 'our'), describes how and why we might collect, store, use, and/or share ('process') your personal data when you use our Assista chat Platform, website or any other Assista app ('Services'), such as when you:
Questions or concerns? Reading this privacy notice will help you understand your privacy rights and choices. If you do not agree with our policies and practices, please do not use our Services. If you still have any questions or concerns, please contact us at email@example.com.
Who are we? Assista Inc is a company registered in Delaware, United States of America. For the purposes of data protection compliance, Assista Inc has appointed Digital Amorph Services SRL, a company registered in Romania, as representative in the EEA for EEA customers.
SUMMARY OF KEY POINTS
This summary provides key points from our privacy notice, but you can find out more details about any of these topics by clicking the link following each key point or by using our table of contents below to find the section you are looking for. You can also click here to go directly to our table of contents.
Do we process personal data? When you visit, use, or navigate our Services, we may process personal data depending on how you interact with Assista Inc and the Services, the choices you make, and the products and features you use.
Why do we process your personal data? We may process your personal data to provide, improve, and administer our Services, communicate with you, for security and fraud prevention, and to comply with the law. We may also process your information for other purposes with your consent. We process your information only when we have a valid legal reason to do so.
In what situations and with which parties do we share personal information? Your personal data may be shared with other entities or persons with whom we are in contractual relations, such as suppliers, IT service providers or online payment service providers. This allows us to provide our services.
How do we keep your information safe? We have organisational and technical processes and procedures in place to protect your personal information. However, no electronic transmission over the internet or information storage technology can be guaranteed to be 100% secure, so we cannot promise or guarantee that hackers, cybercriminals, or other unauthorised third parties will not be able to defeat our security and improperly collect, access, steal, or modify your information. Click here to learn more.
What are your rights? Depending on where you are located geographically, the applicable privacy law may mean you have certain rights regarding your personal information. Generally, you have the right of access, the right to rectification, the right to erasure, the right to restrict processing, the right to data portability, the right to object and the right not to be subject to a decision based solely on automated decisions. Click here to learn more.
How do you exercise your rights? The easiest way to exercise your rights is by filling out our data subject request form available here, or by contacting us by email at firstname.lastname@example.org We will consider and act upon any request in accordance with applicable data protection laws.
TABLE OF CONTENTS
1. WHAT PERSONAL DATA DO WE COLLECT?
Personal data collected directly from you:
When you decide to contact us using our contact form, you provide us with your name, e-mail, phone number. This information will be used to reach out to you and answer your inquiry.
We also collect your email when you decide to sign up or log in on the Assista Chat Platform.
We may collect data necessary to process your payment if you make purchases, such as your credit/debit card number, and the security code associated with your payment instrument, your billing address. All payment data is stored by Stripe. You may find their privacy notice link(s) here: https://stripe.com/en-gb-ro/privacy.
Uploads on the platform:
You may upload your files and documents (“Your Uploads”), on the Assista Chat Platform, subject to size and file type parameters. The personal data contained on these files may vary. Our Services allow you to upload your own documents in order to have better interactions with our chat bot. To make that possible, we store and process Your Uploads. This also includes information such as the size of the file, the time it was uploaded and usage activity. It is your choice whether you want to upload sensitive information on the platform.
Personal data collected indirectly:
Navigation data. We automatically collect certain information when you visit, use, or navigate the Services. This information does not reveal your specific identity (like your name or contact information) but may include device and usage information, such as your IP address, browser and device characteristics, operating system, language preferences, referring URLs, device name, country, location, information about how and when you use our Services, and other technical information. This information is primarily needed to maintain the security and operation of our Services, and for our internal analytics and reporting purposes.
Your IP address is a number that is automatically assigned to your computer, a unique string of characters that identifies each computer using the Internet Protocol to communicate over a network. An IP address is identified and logged automatically in our servers whenever a user visits our website, along with the time of the visit and the pages visited. Collecting IP addresses is standard practice and is done automatically by most online service providers. We use IP addresses for purposes such as calculating Service usage levels, diagnosing server problems, and administering the Service. We may also derive your approximate location from your IP address.
Personal data collected from third-parties
In Short: If you choose to register or log in to our Services using a social media account, we may have access to certain information about you.
On our Platform you can create an account and log in to through the following Third-party Social Media Services:
If you choose to register in this way, we will collect the personal data provided to us by the social media platform, according to their own Privacy Policies, allowing you to log in. The profile information we receive may vary depending on the social media provider concerned, but will often include your name, email address, and profile picture, as well as other information you choose to share from a social media platform.
We will use the information we receive only for the purposes that are described in this privacy notice or that are otherwise made clear to you on the relevant Services. Please note that we do not control, and are not responsible for, other uses of your personal information by your third-party social media provider. We recommend that you review their privacy notice to understand how they collect, use, and share your personal information, and how you can set your privacy preferences on their sites and apps.
2. WHY DO WE PROCESS YOUR INFORMATION?
In Short: We process your information to provide, improve, and administer our Services, communicate with you, for security and fraud prevention, and to comply with law. We may also process your information for other purposes with your consent.
We process your personal information for a variety of reasons, depending on how you interact with our Services, including:
3. WHAT LEGAL BASES DO WE RELY ON TO PROCESS YOUR INFORMATION?
In Short: We only process your personal information when we believe it is necessary and we have a valid legal reason (i.e. legal basis) to do so under applicable law, like with your consent, to comply with laws, to provide you with services to enter into or fulfil our contractual obligations, to protect your rights, or to fulfil our legitimate business interests.
If you are located in the EU or UK, this section applies to you.
The General Data Protection Regulation (GDPR) and UK GDPR require us to explain the valid legal bases we rely on in order to process your personal information. As such, we may rely on the following legal bases to process your personal information:
In legal terms, we are generally the 'data controller' under European data protection laws of the personal information described in this privacy notice, since we determine the means and/or purposes of the data processing we perform. This privacy notice does not apply to the personal information we process as a 'data processor' on behalf of our customers. In those situations, the customer that we provide services to and with whom we have entered into a data processing agreement is the 'data controller' responsible for your personal information, and we merely process your information on their behalf in accordance with your instructions. If you want to know more about our customers' privacy practices, you should read their privacy policies and direct any questions you have to them.
4. WHEN AND WITH WHOM DO WE SHARE YOUR PERSONAL INFORMATION?
In Short: We may share information in specific situations described in this section and/or with the following third parties.
WE DO NOT SELL YOUR PERSONAL DATA.
Where applicable, we may transmit or provide access to certain personal data of yours to various categories of suppliers, personnel, or other companies with which we may develop partnerships necessary for the conduct of our business, but only if there is a good reason and sufficient technical and organizational measures have been taken to secure the same level of protection by such third parties.
We may also disclose certain personal data to public authorities, if we have a legal obligation or if it is necessary to defend a legitimate interest.
We ensure that access to your data by third parties under private law is made in accordance with the legal provisions on data protection and confidentiality of information, based on contracts concluded with them. Therefore, all data is transmitted with appropriate safeguards, by encrypting the transmitted files.
We may need to share your personal information in the following situations and with the following categories of suppliers:
Most Web browsers automatically accept cookies, but you can usually modify your browser setting to decline cookies if you prefer. If you choose to decline cookies, you may not be able to sign in or use other interactive features of our website and services that depend on cookies.
6. FOR HOW LONG DO WE KEEP YOUR INFORMATION?
In Short: We keep your information for as long as necessary to fulfil the purposes outlined in this privacy notice unless otherwise required by law.
We will only keep your personal information for as long as it is necessary for the purposes set out in this privacy notice, unless a longer retention period is required or permitted by law (such as tax, accounting, or other legal requirements). No purpose in this notice will require us to keep your personal information for longer than the period of time in which users have an account with us.
When we have no ongoing legitimate business need to process your personal information, we will either delete or anonymise such information, or, if this is not possible (for example, because your personal information has been stored in backup archives), then we will securely store your personal information and isolate it from any further processing until deletion is possible.
7. HOW DO WE KEEP YOUR INFORMATION SAFE?
In Short: We aim to protect your personal information through a system of organisational and technical security measures.
We have implemented appropriate and reasonable technical and organisational security measures designed to protect the security of any personal information we process. However, despite our safeguards and efforts to secure your information, no electronic transmission over the Internet or information storage technology can be guaranteed to be 100% secure, so we cannot promise or guarantee that hackers, cybercriminals, or other unauthorised third parties will not be able to defeat our security and improperly collect, access, steal, or modify your information. Although we will do our best to protect your personal information, transmission of personal information to and from our Services is at your own risk. You should only access the Services within a secure environment.
8. DO WE COLLECT INFORMATION FROM MINORS?
In Short: We do not knowingly collect data from or market to children under 18 years of age.
We do not knowingly solicit data from or market to children under 18 years of age. By using the Services, you represent that you are at least 18 or that you are the parent or guardian of such a minor and consent to such minor dependent’s use of the Services. If we learn that personal information from users less than 18 years of age has been collected, we will deactivate the account and take reasonable measures to promptly delete such data from our records. If you become aware of any data we may have collected from children under age 18, please contact us at email@example.com.
9. IN WHAT COUNTRIES DO WE TRANSFER YOUR PERSONAL DATA?
We currently store and process your personal data in the United States. However, given the geographic scope of our business, we may transfer certain of your personal data to partners or suppliers in other countries,
We take all measures to ensure that any international transfer of personal data is carefully managed in order to protect your rights and interests, and we allow such transfers only when absolutely necessary, applying the principle of minimization. Data transfers will always be protected by contractual commitments and, where appropriate, by other guarantees of a technical or organizational nature. To find out more about the countries where we transfer your data, you can contact us at any time.
Despite the measures taken to protect your personal data, we do not take responsibility for vulnerabilities in systems that are not under our control. We remind you that the transmission of information via the Internet is not completely secure, there is a risk that the data will be viewed and used by unauthorized third parties regardless of our intervention.
10. WHAT ARE YOUR PRIVACY RIGHTS?
You have the following rights as a data subject:
You can ask us to confirm whether we process your personal data, as well as to provide you with a copy of it and to present to you the data we have, what we use it for, to whom we disclose it, if we transfer it abroad, how we protect it, how long we keep it, what rights you have, how you can file a complaint, where we got your data from, to the extent that the information has not already been provided to you in this page.
You may ask us to rectify or complete your inaccurate or incomplete personal data. It is possible to check the accuracy of the data before rectifying it.
You can ask us to delete your personal data, but only if:
• they are no longer necessary for the purposes for which they were collected;
• you have withdrawn your consent (if the data processing was based solely on your consent);
• they were processed illegally;
• exercise a legal right to oppose;
• we have a legal obligation in this regard. We are not required to comply with your request to delete personal data in any circumstance. The most likely situations in which we could deny your request are:
• for compliance with a legal obligation;
• for establishment, exercising or the defense of a right in court.
Restricting data processing
You can request that we restrict the processing of personal data only if:
• their accuracy is challenge and we need to verify their accuracy;
• they are no longer needed for the purposes for which they were collected, but you need them to establish, exercise or defense of a right in court;
• processing is illegal, but you do not want the data to be deleted;
• you have exercised your right to object, and the verification of our rights prevails is ongoing. We may continue to use your personal data following a request for restriction if we have your consent, or to ascertain, exercise or ensure the defense of a right in court or to protect the rights of Assista or another natural or legal person.
You can ask us to provide you with personal data in a structured, commonly used and automatically readable format, or you can request that it be ported directly to another data controller, provided that the processing is based on your consent or on the conclusion or execution of a contract with you and to be done by automatic means, as well as to make the porting technically possible.
Right to oppose data processing
You may object to the processing of your data at any time if you believe that your fundamental rights and freedoms prevail over our legitimate commercial interest.
You may request that you not be subject to a decision based solely on automatic processing when that decision:
• produces legal effects on you;
• it affects you in a similar way and to a significant extent. This right will not apply where the decision was reached by following automated decision-making:
• we are required to enter into or enter into a contract with you;
• is authorized by law and there are adequate guarantees for your rights and freedoms;
• is based on your explicit consent.
You have the right to submit a complaint regarding the processing of your personal data and we assure you that we will make every effort to resolve any issues in a reasonable and peaceful way. You may contact us by email at firstname.lastname@example.org. We promise to respond to any valid requests within a maximum of 30 days, unless this is particularly complicated or if you have made multiple requests, in which case we will respond within a maximum of 60 days, with the information your properly.
To request to review, update, or delete your personal information, please submit a request form by clicking here.
Additionally, you can also submit your request by post.
However, please note that given the global reach of our app, we strongly recommend that you contact us by email. We cannot guarantee the arrival on time by post. If you, however, choose to submit a request through the mail, we recommend that you mail your request with confirmation of receipt.
We will consider and act upon any request in accordance with applicable data protection laws. If you are located in the EEA or UK and you believe we are unlawfully processing your personal information, you also have the right to complain to your local data protection supervisory authority. You can find their contact details here: https://ec.europa.eu/justice/data-protection/bodies/authorities/index_en.htm.
If you are located in Switzerland, the contact details for the data protection authorities are available here: https://www.edoeb.admin.ch/edoeb/en/home.html.
Opting out of marketing and promotional communications: You can unsubscribe from our marketing and promotional communications at any time by clicking on the unsubscribe link in the emails that we send, or by contacting us using the details provided in the section 'HOW CAN YOU CONTACT US ABOUT THIS NOTICE?' below. You will then be removed from the marketing lists. However, we may still communicate with you — for example, to send you service-related messages that are necessary for the administration and use of your account, to respond to service requests, or for other non-marketing purposes.
If you would at any time like to review or change the information in your account or terminate your account, you can:
Upon your request to terminate your account, we will deactivate or delete your account and information from our active databases. However, we may retain some information in our files to prevent fraud, troubleshoot problems, assist with any investigations, enforce our legal terms and/or comply with applicable legal requirements.
Cookies and similar technologies: Most Web browsers are set to accept cookies by default. If you prefer, you can usually choose to set your browser to remove cookies and to reject cookies. If you choose to remove cookies or reject cookies, this could affect certain features or services of our Services. To opt out of interest-based advertising by advertisers on our Services visit http://www.aboutads.info/choices/.
If you have questions or comments about your privacy rights, you may email us at email@example.com.
11. CONTROLS FOR DO-NOT-TRACK FEATURES
Most web browsers and some mobile operating systems and mobile applications include a Do-Not-Track ('DNT') feature or setting you can activate to signal your privacy preference not to have data about your online browsing activities monitored and collected. At this stage no uniform technology standard for recognising and implementing DNT signals has been finalised. As such, we do not currently respond to DNT browser signals or any other mechanism that automatically communicates your choice not to be tracked online. If a standard for online tracking is adopted that we must follow in the future, we will inform you about that practice in a revised version of this privacy notice.
12. LINKS TO OTHER WEBSITES
13. APPLICABLE LAW
By visiting the Website and thus expressly accepting this Privacy Statement and the conditions therein, you agree that any dispute or claim relating to this Privacy Statement and the processing of Personal Data shall be governed by the laws of the state Delaware and of the United States of America. Any legal action or procedure relating to this website must be filed only in a federal or state court with jurisdiction over the matter, located in Delaware.
14. DO WE MAKE UPDATES TO THIS NOTICE?
In Short: Yes, we will update this notice as necessary to stay compliant with relevant laws.
We reserve the right to update this privacy notice from time to time. The updated version will be indicated by an updated 'Revised' date and the updated version will be effective as soon as it is accessible. If we make material changes to this privacy notice, we may notify you either by prominently posting a notice of such changes or by directly sending you a notification. We encourage you to review this privacy notice frequently to be informed of how we are protecting your information.
15. HOW CAN YOU CONTACT US ABOUT THIS NOTICE?
We are always open to find out your thoughts and views and to provide you with any additional information you may need regarding the processing of your data. If you have any questions about the content of this document or wish to exercise your rights, please do not hesitate to contact us by email at firstname.lastname@example.org or by post at 27 Grindeanu Constanta, Constanța 900046, Romania.
SUMMARY: HOW CAN YOU ENFORCE YOUR PRIVACY RIGHTS?
To enforce your privacy rights please submit a request by contacting us at email@example.com.