Privacy Policy for MS Teams

Last updated and effective: 5 August, 2020

  1. Introduction, Overview

This Privacy Policy applies to our CHATBOT product, CHEQ and describes our practices regarding the collection, use and disclosure of the information we collect from and about you and what choices you have with respect to the information when you use CHEQ. CHEQ is developed and owned by our COMPANY, Talk-A-Bot Limited Liability Company, an entity that acts as the controller or processor of your information.

Our COMPANY aims with this Privacy Policy to present what there is to know about data processing, data protecting and the principles our COMPANY is committed to, and those legislative and other requirements that are complied towards the involved persons in the data processing in this brief, transparent and easily accessible form.

To make easier to understand this policy we organized it into sections and CAPITALIZED a few terms that are used more than once for simplicity.

It is our priority aim to protect the personal data and respect the right of informational self-determination of the data subjects and their private sector, therefore, on the one hand our privacy practices are designed to provide a high level of protection for not only your personal data but all information which is shared with us and on the other hand we handle the personal data confidentially and take all security, technical and organizational measures that guarantee the safety of such data.

  1. Definitions

CHATBOT and/or CHATBOT SOLUTION means a conversational program with an artificial intelligence conducting a one-to-one dialogue via auditory or extual methods and are accessed via messaging apps, or via individual organizations’ apps and Website / Services / Applications (web widgets). Such programs are often designed to convincingly simulate how a human would behave as a conversational partner. CHATBOTS are typically used in dialog systems for various practical purposes including customer service or information acquisition and can be classified into usage categories (such as such as communication, customer support, education, entertainment, HR, marketing, news, shopping).

CHEQ means a special CHATBOT SOLUTION and CHATBOT product tailor made primarily for supporting the communication of internal circles (such as B2B communication, employee communication) developed by our COMPANY and being accessible for the END USERS as a communication tool. CHEQ simulates a conversation between the END USER and the CUSTOMER, this way the CUSTOMER is providing information and services to the END USER.

CHATBOT framework means the past, present and future content of a software and the related functionality, technology, product and service developed by our COMPANY, including but not limited to the design and structure, texts, images, photographs, illustrations, compilations, graphic material, broadcasts, advertising slogans, databases, proprietary information, all elements of the Chatbot Solution protected by copyright or other right (including source and object codes) and all other material that can be linked to our Company and our CHATBOT products, the arrangement, choice and sequence of the elements within the chatbot solution, the main characteristics of the design, all trademarks, protected services, company name, logos, domain names, patents and all intellectual products which are protected by copyright and proprietary rights and are the property of our COMPANY.

Talk-A-Bot means our COMPANY, an innovative start-up chatbot service provider, the sole owner and operator of its developed Chatbot Solutions; Talk-A-Bot Limited Liability Company (seat: Pusztaszeri road 5., 2nd floor 1, Budapest H-1025; Company Registration No.: 01-09-286391; Tax No.: 25735967-2-41; Website: https://talkabot.net/; E-mail: info@talkabot.net).

User means all individuals who interacts with our CHATBOTS directly or indirectly. There are two types of Users, defined as here below: End User and Admin User.

END USER means the employees/clients/subscribers/partners of our Customers – based on the given list by our Customers on the administration surface –, namely each natural person or legal entity, unincorporated other organization, who are associated to our Customers in any kind of relationship and use CHEQ, register to use CHEQ – with the registration DATA provided by our Customers, and use the functions of CHEQ, and as part of that they provide – at their option – their data.

ADMIN USER means those end users who receive additional function and access on the administration surface of CHEQ, meaning draft the content of the messages, oversees admin tasks as regards CHEQ, update the list of the end users, communicate on behalf of our Customers and provide information towards the end users via CHEQ.

Customer means those entities who orders CHEQ together with the related support and enter into a contract with our Company, define the admin users and the functions of CHEQ, invites its END USERS to set up accounts and use CHEQ within their internal communication.

Platform means the interface environment, collaboration platform where users can use CHEQ, for example Microsoft Teams.

DATA means all Information or Content sent, uploaded, posted, transmitted or otherwise made available for the purpose of operating CHEQ, including messages, files, comments, custom texts written by Users, profile information, username, metadata and token data, avatar, country, language, contact information, phone number, e-mail address, individual ID, internal ID, position, workplace given by our Customers and/or Users.

Content means the entire CHEQ and all of the information, text, graphics, images, music, software, audio, video, works of authorship of any kind, and information or other materials that are posted, generated, provided or otherwise made available.

GDPR means the REGULATION (EU) 2016/679 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation).

GDPR FLOW means the opening and introduction steps together with the applicable privacy policy and all information about how the personal data is managed and controlled while using CHEQ. In principal our Customers determine the purposes and means of the processing of personal data. Users are provided the relevant privacy policy when start using CHEQ; from time to time Users will be informed about any updates as for the relevant privacy policy.

CONTROLLER means an entity which, alone or jointly with others, determines the purposes and means of the processing of personal data.

PROCESSOR means an entity which processes personal data on behalf of the controller.

Process, Processed, and Processing refer to any means any operation or set of operations that can be performed on Personal Data. This includes, for example, collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure and destruction.

  1. Scope of this Privacy Policy

This Privacy Policy applies to CHEQ and the associated online workplace productivity tools, platform, mobile and desktop applications, the related Website / Services / Applications and other interactions userS may have when using CHEQ.

This Privacy Policy does not apply to any kind of third-party products, services, applications or software that integrate with CHEQ (hereinafter referred to as: Third Party Products and Services). We kindly ask you to also study the privacy policy of these ones.

We would like to draw the attention that our Company is not responsible for the practices employed by Website / Services / Applications linked to from within the Platforms, nor the information or content contained therein. Please remember that when you use a link to go from the Platform to another Website / Services / Applications, our Privacy Policy is no longer in effect and your activities on that third-party Website / Services / Applications is subject to such third-party Website / Services / Applications’ own rules and policies.

  1. Identifying the Data Controller and Processor

In general, our Customer is the Data Controller and our Company is considered the Data Processor for all information submitted by Users to CHEQ related to CustomerS.

Our Company and our Customers enter into a Chatbot Service Agreement in which agreement the subscription, delivery, access and use of the services is governed, including the instructions of the relevant Customer how the processing of any DATA sent through CHEQ, and in general how CHEQ is provided for Users.

Our Company in order to provide a high-quality service claims the services of the third-party suppliers, data (sub-) processors, in certain cases also considered as individual data controllers. Our data processors are under obligation of secrecy and contractual guarantee for preserving the personal data gained during the performance of their assignment, and they process the personal data solely for the purpose and according to the instructions defined in the contract obtained between them. In case we change the range of our partners, the modifications will be transcribed in this Policy.

Additionally, there are external service providers, to whom – either directly or indirectly – in order to provide services personal services are transferred or could be transferred, as well as these external service providers could transfer personal data.

External service providers are considered as individual data controllers and hereby they define the aim and framework of the data controlling individually in accordance with their own privacy policy, they are responsible for their own data controlling.

  1. How We Use Information and Personal Data

Our Company cooperates in good faith and according to the requirements of transparency and righteousness with data subjects during data controlling. Our Company controls only those data provided in the law or provided by data subjects, for the data controlling purposes listed in the following. Bearing in mind the purpose of data controlling, we do not control any DATA more than unjustifiable. Our Company does not verify the provided personal data, solely the provider is responsible for their adequacy.

Our primary goal is to improve the user experience while maintaining the confidentiality and privacy of responses, also to improve upon and make sure our services and messaging are relevant for all our users, while also ensuring that personal information of all userS is respected and protected.

We use the information we collect or receive as follows:

  • In general, CHEQ related data: For the purpose of the operation of CHEQ and providing its services. The aim is the identification of end users registered on the Platform; providing information for the end users ensuring the communication between our Customers and the users. The scope of the controlled personal data means DATA strictly necessary for the operation of CHEQ and made available based on the standard settings of the Platform chosen by Customer and in particular depends on the DATA provided by the Customers active directory.
  • Account Information: We need to use your account information to run and manage your account, to fulfill our contractual responsibility to deliver the services to you, and contact you about your service or account. We occasionally send you service-related announcements, technical and other administrative emails, messages and other types of communications.
  • Contact Information. We use contact information to respond to your requests, concerns, comments and questions and inquiries or send you information about our services. In case you consent, we send you information about current and future service offerings, new product features, promotional communications or other news about our COMPANY and our products. These are marketing messages so you can control whether you receive them and you can indicate a preference to opt-out of marketing communications at any time.
  • Content: We do our best to provide, update, maintain, improve and protect our products, services, service offerings, Website / Services / Applications and business. This includes internal analysis of aggregate usage patterns, investigate and help prevent or address service errors, security or technical issues, analyze and monitor usage, trends and other activities. We are about to develop and provide search, learning and productivity tools and additional features, including to improve search functionality by using content to help determine and rank the relevance of content, channels, make suggestions based on historical use and predictive models, identify organizational trends and insights, to customize or create new productivity features and products.
  • Legal uses. To respond to legal requests or prevent fraud, we may need to use and disclose information or DATA we hold about you.

The duration of data processing means the period until data subject has withdrawn his/her consent (for example deactivate USER account), until the user is related to our Customer; and the Customer is related to our Company. In addition, as were about to minimize the data processing period of personal data, in case the User does not use CHEQ within one year from the last activity, the personal data of CHEQ conversations are anonymized (ID is separated from the User). The latest after five years of the last activity all DATA of the CHEQ conversation is deleted. Processor stores and uses beyond the referenced one-year storage time the DATA collected during the usage of CHEQ in an anonymized manner which means the End User is no longer identifiable, noting that after five years the whole chat stream is deleted.

  1. Information and Types of Personal Data We Collect and Receive

The operation of CHEQ is constituted as a chat one-to-one conversation. When Users are establishing contact with CHEQ they get access to the related informative about data processing. In the absence of consent, CHEQ notes that data subject does not wish to communicate with CHEQ. Upon consent, DATA necessary for identifying the USER as well as the conversation is processed. In more details:

  • Account, Registration information: You need a CHEQ account so that you can use CHEQ, certain information is provided by the CUSTOMER (such as company e-mail address, USER domain and tenant ID and/or similar account details associated and provided by to the CUSTOMER) and certain ones are directly form the USERS (such as received and sent messages, DATA and notifications provided in the CHATBOT). In more details these DATA means the following ones: app user ID – identification generated for CHEQ, as well as any other DATA provided by End User (text, button usage, picture) in CHEQ interaction; data given by Customer for identification purpose; End User profile – business account – created for CHEQ which is in the possession of the customer, as Data Controller in certain cases. In case of admin user, beside the above referred DATA, the following ones: the cloud-based error monitoring that helps our software teams discover, triage, and prioritize errors in real-time are covering the following DATA properties: access to client’s environment, admin useR’s credentials, admin user’s IP address and web browser data (version, type), operation system of admin user’s computer (type, version). The scope of processed DATA may vary with the all-time functions.
  • DATA and CONTENT: USERS can send, upload, post, transmit or otherwise make available information while using CHEQ, including messages, files, comments, custom texts, profile information, username, metadata and token data, avatar, country, language, contact information, phone number, e-mail address, individual ID, internal ID, position, workplace given by our CUSTOMERS and/or USERS
  • Account settings: USERS can set various preferences and personal details, for example, default language, time zone and communication preferences (e.g. opting in or out of receiving marketing communications).
  • Location information: We may receive information primarily from USERS and our CustomerS. We may, for example, use a business address submitted by your employer, or identify your location based on IP address received from your browser (IP address is transmitted to identify the location but not stored) or device to determine approximate location.
  • Log data: as with most Website / Services / Applications and technology services delivered over the Internet, our servers automatically collect information when you access or use our Website / Services / Applications or Services and record it in log files. This log data may include the Internet Protocol (IP) address, the address of the web page visited before using the Website / Services / Applications, browser type and settings, the date and time the Services were used, information about browser configuration and plugins, language preferences and cookie data.

If you are a Customer, we may also collect your billing information, including billing details, a name, address, email address and financial information corresponding to your selected method of payment. We handle

In case DATA is no longer reasonably associated with an identified or identifiable natural person, our COMPANY may use it for any business purpose.

Our COMPANY aims to minimize the scope of requested and used DATA only to those ones which is required and appropriate for our CHATBOTS functional operating. We warn Users not to provide sensitive, private, and confidential personal information, such as credit card numbers or passwords unless they are specifically necessary for the legitimate function of the CHATBOT. We request our Customers to inform Users about how their DATA is used and provide public and easy access to the applicable privacy policy which explaines clearly how the CHATBOT collects, uses, processes and stores Data, and what control Users have over their Data. This is what GDPR Flow is for. A few additional information – on how we collect and use DATA relating to our Website / Services / Applications and CHATBOT SOLUTIONS – are defined in the policies available at the website of our COMPANY. Please have a look at them here.

  1. How We Share and Disclose Information

Customers determine their own policies and practices for the sharing and disclosure of information. Our Company does not control how they or any other third parties choose to share or disclose Information. Our Company will solely share and disclose DATA in accordance with a Customer’s instructions, and in compliance with applicable law and legal process.

In addition, our Company does not transfer the processed personal data to any third party, beside the Processors and External service providers indicated here.

Customers, their Admin Users, other Customer representatives and personnel may be able to access, modify or restrict access to Data. This may include, for example, your employer using Service features to export logs of workspace activity, or accessing or modifying your profile details. In case you are an ADMIN USER and/or you are using an email address on a domain owned by your employer or organization linked to your individual account, your related CUSTOMER will be able to view your account data, change your passwords, suspend, transfer or terminate your account or restrict your settings in accordance with your internal policies.

We may share information with third parties when we have consent to do so. The DATA subjects are entitled to withdraw their consent at any time. The withdrawal of consent does not affect the legality of processing based on consent prior the withdrawal.

If we receive a request for information, we may disclose DATA if we reasonably believe disclosure is in accordance with or required by any applicable law, regulation or legal process.

We also may share information or DATA in order to (i) meet any applicable law, regulation, legal process or enforceable governmental request; (ii) enforce applicable policies, including investigation of potential violations; (iii) detect, prevent, or otherwise address fraud, security or technical issues; (iv) protect against harm to the rights, property or safety of our users and/or as required or permitted by law; (v) facilitate a sale, merger or change in control of all or any part of our COMPANY or business or in preparation for any of these events.

  1. Purposes and Legal Bases for Processing Personal Data

To manage our services, the personal data is controlled and processed by our COMPANY for the following limited purposes:

  • to enforce our agreements where applicable;
  • to prevent potentially illegal activities;
  • to screen for and prevent undesirable or abusive activity,
  • providing the use of CHEQ;
  • identification of USERS;
  • providing information for the USERS regarding the functioning of CHEQ (for example messages of technical nature, information related to the modification, etc.);
  • solving operational problems;
  • ensuring the communication between our CUSTOMERS and the USERS;
  • the usage of DATA for cumulated, anonymised and statistical purpose, creation of surveys, statistics and estimates;
  • increasing efficiency, improving operation and development of CHEQ;

To the extent those laws apply, the legal grounds for Processing Personal Data are as follows:

  • To honor our contractual commitments to an individual: Some of our Processing of Personal Data is to meet our contractual obligations to the individuals to whom the Personal Data relate, or to take steps at their request in anticipation of entering into a contract with them.
  • Consent: Where required by law, and in some other cases, we handle Personal Data on the basis of consent. For example, some of our direct marketing activities happen on the basis of opt-in consent, such as sending marketing emails to individuals who have requested them.
  • Legitimate interests: In many cases, we handle Personal Data on the ground that it furthers our legitimate interests, such as they are not overridden by the interests or fundamental rights and freedoms of the affected individuals. Our COMPANY may also Process Personal Data for the same legitimate interests of our Customers and business partners.
  • Legal compliance: We need to use and disclose Personal Data in certain ways to comply with our legal obligations.
  1. Security

The security of your information is important to us. Our COMPANY use commercially reasonable and industry-standard physical, managerial, and technical safeguards to preserve the integrity and security of your information. our COMPANY protect the personal data with appropriate technical and other measures, also ensure the protection and availability of the data, as well as protect them against being accessed unauthorized, modified, damaged and published and unauthorized used unauthorized.

Taking into account such aim our COMPANY take the measures – concerning the safety of data processing –  as prescribed in GDPR regulation Article 32, that is to say, taking into account the state of the art, the costs of implementation and the nature, scope, context and purposes of processing as well as the risk of varying likelihood and severity for the rights and freedoms of natural persons, we shall implement appropriate technical and organizational measures to ensure a level of security appropriate to the risk, including inter alia as appropriate:

  1. pseudonymization and encryption of personal data;
  2. the ability to ensure the ongoing confidentiality, integrity, availability and resilience of processing systems and services and systems used for the processing of personal data;
  • the ability to restore the availability and access to personal data in a timely manner in the event of a physical or technical incident;
  1. a process for regularly testing, assessing and evaluating the effectiveness of technical and organizational measures for ensuring the security of the processing;
  2. in assessing the appropriate level of security account shall be taken in particular of the risks that are presented by processing, in particular from accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to personal data transmitted, stored or otherwise processed;
  3. steps to ensure that any natural person acting under the authority of the controller or the processor who has access to personal data does not process them except on instructions from the controller, unless he or she is required to do so by Union or Member State law.

However, as data transmission via internet cannot be regarded as fully safe, we cannot guarantee that any DATA will remain secure. Given the nature of communications and information processing technology, we cannot guarantee that Information, during transmission through the Internet or while stored on our systems or otherwise in our care, will be absolutely safe from intrusion by others.

  1. Data Retention

We will retain DATA in accordance with a Customer’s instructions and as required by applicable law.

In addition, we may retain Data and other information pertaining to you for as long as necessary to fulfill the purposes set forth in this Privacy Policy and for the period of time needed for our Company to pursue legitimate business interests, conduct audits, comply with (and demonstrate compliance with) legal obligations, resolve disputes and enforce our agreements.

Customer may be able to customize its retention settings and apply other customized settings. Customer may also apply different settings to messages, files or other types of Data. The deletion of Data and other use of CHEQ by Customer may result in the deletion and/or de-identification of certain associated other information.

  1. International Data Transfers

We may transfer, store, and process your information in countries other than your own. Whenever we this data, we take steps to protect it.

We use Cloud-based storage provided by Microsoft Azure in European data storage.

DATA required to enable linking between your accounts in Microsoft Teams is transferred, collected and stored on Microsoft Azure infrastructure.

  1. Age Limitations, Safety of Minors

To the extent prohibited by applicable law, our services are not intended for and may not be used by minors. ‘Minors’ are individuals under the age of majority where USERS live or reside. If we become aware that we have collected personal information from a minor without verification of parental consent, we take steps to remove that information.

  1. Your Rights and Choices (Including Direct Marketing Opt Out), Rights and judicial remedy

Data subjects about data controlling are entitled to

  1. a) ask for information,
  2. b) ask for the rectification, modification and supplementation of their personal data,
  3. c) object to the data controlling and to ask for the deletion their DATA (with the exception of the statutory data controlling),
  4. d) seek judicial remedy,
  5. e) issue a claim or to initiate a procedure at your local data protection supervisory authority, which is in Hungary (https://naih.hu/panaszuegyintezes-rendje.html). Supervisory Authority: National Agency for Data Protection (Seat: Szilágyi Erzsébet avenue 22/c, Budapest, H-1125; Postal address: Mailbox 5., Budapest, H-1530; Telephone: +36 (1) 391-1400; Fax: +36 (1) 391-1410; E-mail: ugyfelszolgalat@naih.hu; Website: https://naih.hu/).

However, we kindly ask you to contact our Company before turning to supervisory authority or court with your complaint – in order to consult and solve the arisen problem as quickly as possible – since our Company undertakes the task of providing information at the request of the data subjects about their controlled and processed data, about their sources, about the purpose and basis of processing, about the duration of processing, and in case it is not possible, about the factors of defining that period of time, about the name, address and the processing related activity of our processors, about the circumstances, effects of personal data breach and the measures taken to control them and prevent them from happening, as well as about the legal basis and the addressed of transmission in case of personal data transmission. We shall provide information regarding these types of inquiries as soon as possible, up to a maximum time defined in statutory provisions.

Beside the above USERS have the right to

  • review, correct, update and delete certain User information by logging in to the relevant portions of the Platform;
  • unsubscribe from marketing emails by clicking the unsubscribe link they contain;
  • request access to information, as well as to seek to update, delete or correct this information.
  • as for personalized marketing: USERS can opt-out from direct marketing in your account and we provide opt-out options in all direct marketing emails. Finally, if you do not wish to see personalized marketing content on the web related to our service you can clear the cookies in your browser settings.

Many of the rights described here are subject to significant limitations and exceptions, such as objections to the Processing of Personal Data, and withdrawals of consent, typically will not have retroactive effect.

We will take reasonable steps to verify your identity and we will respond to your request to exercise these rights within a reasonable time.

In case of objecting to data processing, our Company shall examine the objection. We will give a written report about the decision of our COMPANY. In case of justified opposition, we shall terminate the processing and delete the concerned data. In this case as well, we shall inform those to whom the DATA involved in objection have been formerly transmitted and those who are obliged to take measures to enforce the right to object.

  1. Changes to this Privacy Policy

Our COMPANY may change this Privacy Policy from time to time to reflect necessary changes in the law, including data protection law, regulations, industry standards and our DATA handling practices or the features of our business. We will publish and make available for you the updated Privacy Policy and encourage you to review our Privacy Policy to stay informed. Changes to this Privacy Policy are effective when they are posted on this page. In case of material changes that alter your privacy rights, our COMPANY will provide additional notice, such as through CHEQ. If you disagree with the changes to this Privacy Policy, you should deactivate your CHEQ account. Should you wish to request the removal of your Personal Data under the control of the Customer related to you, please contact your related Customer.

This Privacy Policy is constantly available on the home page of our Company’s website, at https://cheqbot.com/privacy-policy-teams noting that our COMPANY reserves the right to modification.

  1. Contact Information

Please feel free to contact our Company if you have any questions about this Privacy Policy or our practices, or if you would like to send us requests or complaints relating to Personal Data.

You may reach us via the following contact details:

Talk-A-Bot Kft.

Seat: Pusztaszeri road 5., 2nd floor No. 1, Budapest H-1025

Website: https://talkabot.net/

E-mail: info@talkabot.net

Represented by: Ákos Gyula Deliága, Gergely Ákos Kalydi managing director, each individually

Based on Article 37 of GDPR our company is not obliged to designate a data protection officer, however we do accept your data protection related questions at the following e-mail: dpo@talkabot.net