These terms and conditions ("Terms") establish the agreement ("Agreement") between Bulletin.Chat and the entity or person requesting to use and accessing the Service (as defined below).
Bulletin.Chat provides a "software as a service" platform for providing and managing a communication "bot" to manage conversations between Customers and their recipients/End-Users, via the channels indicated on our website (and chosen by our Customer), being for the moment Facebook and Telegram.
Please review these Terms carefully. By accepting them, you confirm you have read, understood and accepted the Agreement for yourself or the entity you represent.
"Bulletin.Chat " (also the "Company" or "we") is Chatbots S.L., domiciled at Carrer Verdi 327 in Barcelona and with CIF/VAT: B-66996984 and Email: email@example.com
"You" means the person or entity whom you represent, creating an account with us and using the Bulletin.Chat Services under these Terms, for yourself or on behalf of your Customer (if different).
The following terms shall have the meanings specified below:
In no event, except as required by mandatorily applicable law, will Bulletin.chat be liable for indirect damages of any type. For direct damages, our maximum liability is the amount received from Customer as fees hereunder during the previous 12 months.
This Annex regulates the processing of any personal data by Bulletin.Chat ("the Company", or "we/us") during the course of provision of our Services (as set out in the Bulletin.Chat Terms of Service above) and is effective as of the date of opening a Customer Account. All agreements between the Parties hereto are collectively referred to herein as "the Agreement."
With respect to provisions regarding processing of Personal Data, in the event of a conflict between the Agreement and this Privacy Annex, the provisions of this Annex shall prevail.
For the purpose of this Annex, the following terms shall take the meaning set out herein:
This Annex regulates the processing of personal data by Bulletin.Chat under the Agreement for and on behalf of Customer, with respect to data under the responsibility of Customer. The duration of such processing shall be for the period during which the Parties perform their applicable obligations under the Agreement. The purposes, the type of personal data and categories of data subjects are as described below and in additional addenda in the case of extending any personal data processing.
Each Party shall comply with all applicable laws relating to privacy and data protection, including the EU General Data Protection Regulation (2016/679) on and from 25 May 2018, the EU Privacy and Electronic Communications Directive (2002/58/EC) as implemented in each jurisdiction, and any amending or replacement legislation from time to time (collectively and individually, "Data Protection Laws").
In accordance with Data Protection Laws, the processing the Personal Data of the individuals mentioned in the Agreement, being identification data (name, surname, position, email address and telephone) of both the Customer's signatory and its technical or commercial contact persons and Authorised Users, is necessary for the execution of the Agreement and for the invoicing of the contracted services, and more generally to manage our contractual and commercial relationship with the Customer and its Customers, and to inform them promptly about any aspect related to the services provided or that can be performed by the Company in the future. Including
We also collect other information provided by Customer while using our Services. Some of the provided Customers information such as: your IP address, domain, browser type, operating system type etc. may be automatically acquired when a user visits our websites.
Such Personal Data will not be shared with any third party, however they may be processed within our third party service provider platforms, currently Amazon Web Services Ireland, under contract clauses that provide adequate safeguards for data processing.
Although the consent of the aforementioned persons is not necessary for this processing, Customer agrees to inform them of the possibility of exercising their rights of access, rectification, cancellation and opposition, limitation and restriction of treatment in the terms established by the current legislation, by writing to the following address: firstname.lastname@example.org. They may, if they so wish, also file a complaint, if any, with the Spanish Agency for Data Protection.
Customer declares that the data of the aforementioned persons are correct and updated, and undertakes to communicate the provisions of this clause to the aforementioned persons. The Customer agrees and warrants that the processing, including the transfer of its Personal Data has been and will continue to be carried out in accordance with the relevant provisions of the applicable Data Protection Laws (and, where applicable, has been notified to the relevant authorities of the Member State where the Company is established or has its representative) and does not violate the relevant provisions of that State.
Retention of Copies. The Company may retain this Personal Data to the extent required by applicable European Union law or the law of an EU Member State and only to the extent and for such period as required by such laws and always provided that the Company shall ensure the confidentiality of all such Customer Personal Data and shall ensure that such Personal Data is only processed as necessary for the purpose(s) specified in such law requiring its storage and for no other purpose.
The Customer agrees that after the termination or expiration of the Agreement its data may be stored as a backup for the time needed to secure (establish, investigate or defend) Customer's and Company's claims that may arise due to the performance of the Services (for the time it takes for the claims to be barred).
During the provision of its services under the Agreement, Bulletin.Chat may access certain personal data under the responsibility of the Customer, in particular (but without limitation), the data set out below ("End User Personal Data") relating to the indicated persons ("Data Subjects"). Under applicable privacy regulations, the Customer is responsible for its data and is what is known under privacy regulation as the Data Controller. The Customer appoints Bulletin.Chat as a Data Processor, to process End User Personal Data on Customer's behalf, for the purpose of providing the Service.
As established in the GDPR, the Customer as Data Controller shall:
As established in the GDPR, Bulletin.Chat, as Data Processor, shall:
If a Data Subject addresses a request or exercises any of the rights established in the General Data Protection Regulation, the Controller and / or the Processor must provide the information requested and perform any required actions, without delay and, at the latest, within one month from receiving the request, which may be extended for a further two months if necessary, taking into account the complexity of the application and the number of applications.
Similarly, but in the event that the Data Controller and / or the Processor do/es not proceed with the request of the Data Subject, he/she shall inform the latter without delay, and no later than one month after receipt of the request, shall provide the Data Subject with the reasons why he/she/they has/ve not acted and inform the Data Subject of his right to file a complaint before a competent authority and to file a judicial appeal. The response to the Data Subject's request shall be made in the same format as that used by the person concerned, unless he/she requests that it be done otherwise.
As Data Processor, Bulletin.Chat may provide access to a subcontractor processor to End User Personal Data if we reasonably consider such access and processing necessary to the performance of the Services. In the event of such access and before the access takes place, the Company shall ensure that an agreement with the third party is in place which is sufficient to require it to treat personal data in accordance with the applicable provisions of this Agreement and applicable. The Customer authorises Bulletin.Chat to subcontract such processing in its name, with prior notification to Customer. The Customer expressly authorises the subcontracting of the services indicated above (AWS Ireland) for the processing of any personal data by Bulletin.Chat on behalf of the Customer within the scope of the Services.
International transfers of End User Personal Data may only be performed if the requirements of Data Protection Laws and regulations that regulate them, are met. Customer acknowledges that in the course of subcontracting indicated above, the Customer systems and data may be hosted by Company outside the EEA or territories with adequate safeguards approved by the European Commission (as set out in the corresponding Service Description, including details of third party service providers), and authorises such international transfers unless expressly prohibited or otherwise indicated on a SoW or Order Form. In the event of subcontractors outside the EEA, the Company guarantees the data is shared under agreements that provide adequate safeguards as provided by law. If a party carries out an international transfer of data without the other party's consent, the latter shall be exempted from any liability that may arise as a result of or in connection with such transfer.
Insofar as there exists an instruction from a competent supervisory authority, a development of a national legislation or a delegated act, in the event of a security breach of the End User Personal Data, the Data Controller and/or Data Processor shall notify the competent supervisory authority of such breach without undue delay, and if possible, no later than 48 hours after it happened.
In the event of termination, resolution or expiration of the Agreement, the Data Processor shall not keep the End User Personal Data unless otherwise legally required to do so. Otherwise, upon termination, resolution or expiration, or when no longer legally required to keep the data, the Data Processor shall destroy or return to the Data Controller all End User Personal Data and any copies of it, as well as any support or other document containing any End User Personal Data.
In accordance with the provisions set out in herein and in the GDPR, the Data Processor shall process the category of Data Subjects and type of End User Personal Data instructed by the Data Controller set out hereunder:
|Category of Data Subject||Type of Data|
|Customer authorised users of Customer IT systems||Identification, Professional contact, IP address|
|Customer's clients and other end-users connecting with the Service||Identification, personal or professional contact data, socio-economic, financial, behavioural, (as per narratives created by the Customer)|
Provision of Bulletin.Chat Services under the Agreement.