SwiftChat User Data Processing Terms

1. User Data Access and Privacy

a. Usage of our Business Services gives you access to certain personal information of Users which they have provided to us. Such Users are governed in general by SwiftChat Terms of Service and Privacy Policy.

b. Such data and personal information of the Users becomes part of your organization when a User specifically opts in to receive Messages and Conversations from your Merchant Bots integrated with SwiftChat.

c. More details on the opt in process is provided  here under the SwiftChat API Integration Terms.

d. Once a User decides to opt-in to receive Messages and Conversations from your Merchant Bot, they become your Customer and the information shared by them to you is governed as per your privacy policy and we become the data processors on your behalf and we process the Personal Information in that User data as per this SwiftChat User Data Processing Terms.

e. You are responsible for and must secure all necessary notices, permissions, and consents to collect, use, and share Customer’s data, including maintaining a published privacy policy, and otherwise complying with applicable law.

f. All the data inputted by a Customer while interacting with the Merchant Bot post the opt-in will belong to you. However, for the proper utilization of the solutions provided by us, we will use the all such data to the extent necessary to (a) provide the Business Services to you as required under the Business Terms and (b) in aggregated and anonymized form for providing and optimizing our Business Services; performing analytics through its internal system or using third party analytics to provide better value added Business Services you and for our internal business purposes.

2. Terms and Conditions in relation to maintaining User Data Access and Processing

a. “ Personal Information” means any information relating to an identified or identifiable natural person (“ User”) who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, an online identifier or to one or more factors specific to that natural person. More details about the information collected by us is referred in the ‘Information we collect’ section in the SwiftChat Privacy Policy available here. Personal Information will also refer to additional Personal Information being collected by you while your Merchant Bot interacts with the Customers post their opt-in.

b. “ Controller” means the natural or legal person, public authority, agency or other body which determines the purposes and means of the processing of Personal Information.

c. Personal Information Breach” means a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, Personal Information
transmitted, stored or otherwise Processed under these Data Processing Terms.

d. Processor” means a natural or legal person which processes Personal Information on behalf of the Controller. For the purposes of this document, Processor here refers to ConveGenius which is processing Personal Information on behalf of Company collected under the SwiftChat Business Terms of Service and SwiftChat API Integration Terms.

e. Your responsibilities as a Data Controller for the purpose of these Business Terms

i. All opt-in requests and access to Personal Information must accurately represent the identity of the Merchant Bot that seeks access to User (or Customer as applicable) data.
ii. You must provide clear and accurate information explaining the types of data being accessed for any User (or Customer as applicable) through SwiftChat. In addition, if you plan to access or use a type of Personal Information that was not originally disclosed in your privacy policy, you must update your privacy policy and prompt the User to consent to any changes before you may access that data.
iii. Be transparent about the Personal Information you capture with clear and prominent privacy disclosures. Your privacy policy and in-product privacy notifications must thoroughly disclose the manner in which your application accesses, uses, stores, or shares User (or Customer as applicable) Data and Personal Information.
iv. Only request access to the minimal, technically feasible scope of access that is necessary to implement existing features or services in your Merchant Bot and limit access to the minimum amount of Personal Information needed. Don't attempt to "future proof" your access to User data by requesting access to information that might benefit services or features that have not yet been implemented.
v. Be up front with Users (or Customer as applicable) so that they can make an informed decision to grant authorization. You must disclose all user data that you access, use, store, delete, or share, as well as any actions you take on a user's behalf.
vi. Be honest and transparent with Users (or Customer as applicable) when you explain the purpose for which your Merchant Bot requests Personal Information. If your Merchant Bot requests Personal Information for one reason but the User (or Customer as applicable) data and Personal Information will also be utilized for a secondary purpose, you must notify such Users of both use cases.
vii. You are solely responsible for determining the purposes and means of processing such Personal Information under these Terms, including that such processing according to your instructions will not place us in breach of applicable data protection legislations.
viii. All the access to User (or Customer as applicable) Data and Personal Information shall strictly be done in accordance with our Content Policy and Child Protection Policy.

f. Our responsibilities as a Data Processor

i. We will process Personal Information in accordance with the applicable data protection legislations. We will use all commercially appropriate technical and organizational measures to protect the User Data (or Customer as applicable) and Personal Information from unauthorized access, processing, loss, or disclosure.
ii. Will notify you without undue delay of the discovery by us of any Personal Information Breach.
iii. Taking into account the nature of the Processing and the information available to us, we will assist you in your role as a Controller, by appropriate technical and organisational measures, insofar as this is possible, in fulfilling any obligations under data privacy law applicable to you as a Controller to respond to requests from Users regarding the exercise of their Personal Information rights.
iv. To the extent required by data privacy law applicable to you as the Controller, the Processor agrees to support your obligations as a Controller, in particular regarding the security of the Processing or regarding Personal Information Breaches, by providing you with reasonable assistance, taking into account the nature of the Processing and the information available to WhatsApp.
v. Upon your request, we will make available to you all information and provide all assistance that is reasonably necessary to demonstrate our compliance with its legal obligations under these Terms.
vi. We will ensure that any person authorised to process Personal Information under these Terms is bound by appropriate obligations of confidentiality.
vii. We may subcontract our processing obligations under this document to a sub-processor, only by way of written agreement that shall impose obligations on the sub-processor that are no less rigorous than the obligations imposed upon us by this document.
viii. Upon termination of the Business Terms, we will cease processing Personal Information apart from what we require from Users as per applicability of our SwiftChat Privacy Policy and shall delete it within the time period set forth in the Business Terms unless applicable law requires further storage or to the extent that we have a right or obligation to use the Personal Information independent of the Business Terms.