Saywhatt Service Privacy Policy
December 2024
Introduction
Welcome to Saywhatt Generative AI live chat system, a web and virtual sales/sales assistant for online stores and merchants (“Client”) (the “Service”).
This Privacy Policy (“Policy”) explains how information about you is collected and used by the Service, which is developed by Saywhatt Online Ltd. (“Saywhatt” or “we”, “us”, “our”), and operated on behalf of the Client who uses our Service and with whom you interact.
The Service is not directed to users under the age of 18. We do not knowingly collect information or data from children under the age of 18 or knowingly allow minors under the age 18 to use the Service.
This Policy may be amended from time to time. We will post any change to this Policy on our Service at a reasonable time in advance of the effective date of the change, and we will also make efforts to proactively notify you by email of the changes if we have your email address.
Contact us
If you have any questions, comments or concerns regarding this Policy or our processing of your personal information, please contact the Client directly. You may also contact us at support@saywhatt.com.
What we collect and why
Scenario
Purposes
Categories of information processed
Email address (if provided), Phone number (if provided), the text you type into the chat (such as items in which you are interested in purchasing), or your voice if you choose to talk with the chat. Please use discretion when providing your information to the Service. Text you type into the chat, or your voice provided to the Service will be shared with the Client.
When you choose to use our Service on the Client website
Providing you with the functionality of the Service on behalf of the Client, contacting you regarding administrative issues related to the Service, this Policy, support and maintenance.
When you provide us access to your device components
Wi-Fi/internet connectivity - to operate the Service;
Microphone and speaker – to engage (talk) with the Service.
Internet/3G access, Wi-Fi, Microphone, Audio/Speaker settings.
Subscribing to the Client newsletters
Allowing you to subscribe to the Client newsletter.
The contact information you choose to provide, such as your email address or phone number.
When you request customer support for products offered on the Client website
Providing you with the functionality of the Service you requested, such as submitting questions regarding the Client’s products.
The contact information you choose to provide, such as your email address or phone number, the subject of your customer support request and the text of your request.
Analytics about your use of the Service or feedback you provide directly to the Service, on behalf of and for the Client and in accordance with its preferences
For security and monitoring purposes, to analyze the Service usage to evaluate and improve its performance, so the Client can personalize, develop and improve its business.
Statistic and analytic information about your use of the Service and/or the Client's website, including: IP address, time and date of access, type of browser used, language, links clicked, actions taken while using the Service, information about your computer or mobile device, your operating system and your browser and feedback you provide.
You have the right to review the personal information we collect and process about you on the Client behalf and request its correction (according to Sections 13 and 14 of the Protection of Privacy Law, 5741 – 1981). You are not legally obligated to provide us with the above information, but if you do not, we may not be able to handle or respond to your inquiry, to send you the Client’s newsletter, or fulfill your request to use some of our Service functionalities.
Methods and sources for collecting your personal information
We collect the personal information from several sources:
-
When you choose to use our chat Service on the Client website;
-
When provided to us directly through our contact form or email on our website;
-
From our service providers helping us to operate the Service;
-
Through the device you use to access our Service, including through Internal analytics services.
Sharing your personal information
We will not share your information with third parties, except in the events listed below or when you provide us or the Client with your explicit and informed consent.
Scenario
Purposes
Third parties involved
We will share your information with the Client when you use the Service on the Client site
Fulfilling our role as a service provider, when you choose to use the Service on the Client Platform .
The Client with whom you choose to use our service with, subject to its own privacy practices and terms, not ours.
We will share your information with our service providers who assist us with the internal operations of the Service on behalf of the Client. These companies are authorized to use your personal information in this context only as necessary to provide these services to us and not for their own promotional purposes
Operating the Service and our business.
GCP, Open AI
Subject to the following additional Policies:
https://cloud.google.com/terms/cloud-privacy-notice
If you abused your rights to use the Service or violated any applicable law
Responding to, handling, and mitigating suspected violations of law in connection with our business.
Competent authorities, legal counsels, and advisors.
If a judicial, governmental, or regulatory authority requires to disclose your information
Complying with a binding request from a competent authority.
Competent authorities.
Analytics about your use of the Service or feedback you provide directly to the Service, on behalf of and for the Client and in accordance with its preferences
For security and monitoring purposes, to analyze the Service usage to evaluate and improve its performance, so the Client can personalize, develop and improve its business.
Statistic and analytic information about your use of the Service and/or the Client's website, including: IP address, time and date of access, type of browser used, language, links clicked, actions taken while using the Service, information about your computer or mobile device, your operating system and your browser and feedback you provide.
Data retention and security
We retain your information for 1 Year, and thereafter as needed for record-keeping matters
We will retain your information for 1 Year. Thereafter, we will still retain your personal information as necessary to comply with our legal obligations, resolve disputes, establish, and defend legal claims and enforce our agreements.
We implement measures to secure your information
We implement measures to reduce the risks of damage, loss of information and unauthorized access or use of information. However, these measures do not provide absolute information security. Therefore, although efforts are made to secure your personal information, there is no guarantee that it will be immune from information security risks.
Additional information for individuals in the EU or UK
Processor, GDPR and UK representatives
Saywhatt is a data Processor for the personal information described in this Policy. Saywhatt process such personal information on the Client Behalf, which is the data Controller that determines the purposes and means of processing your data. You can review the Client's contact information in the Client’s own policy.
International data transfers
To facilitate the processing of your information through the Service and our service providers, we will transfer your information to countries outside the EU or the UK. We do so to countries which are recognized by the European commission as having adequate protection for personal data, or under the terms of a data transfer agreement which contains standard data protection contract clauses with adequate safeguards determined by the EU Commission and UK Information Commissioner’s Office.
Legal basis for processing your personal data
Purpose or Scenario
Using our Service on the Client website
When you provide us access to your device components
Subscribing to the Client newsletters
Analytics about your use of the Service or feedback you provide directly to the Service, on behalf of and for the Client and in accordance with its preferences
Responding to, handling, and mitigating suspected violations of law in connection
Legal Basis
Our legitimate interest in facilitating your request, while providing the Service to you on behalf of the Client.
Our legitimate interest in facilitating your request and our legitimate interest in the operation of the Service on behalf of the Client.
Our legitimate interest in facilitating your request and consent to receive newsletter from the Client.
For security and monitoring purposes, to analyze the Service usage to evaluate and improve its performance, so the Client can personalize, develop and improve its business.
Legitimate interests in defending and enforcing against violations and breaches
Complying with a binding request from a competent authority
Legitimate interests in complying with mandatory legal requirements imposed on us
Enabling a structural change in the operation of the Service and our business
Legitimate interests in business continuity
Data subject rights
If you are in the EU or the UK, you have the following rights under the GDPR:
Right to Access and receive a copy of your personal information that we process.
Right to Rectify inaccurate personal information we have concerning you and to have incomplete personal information completed.
Right to Data Portability, that is, to receive the personal information that you provided to us, in a structured, commonly used, and machine-readable format. You have the right to transmit this data to another person or entity. Where technically feasible, you have the right to have your personal information transmitted directly from us to the person or entity you designate.
Right to Object to our processing of your personal information based on our legitimate interest. However, we may override the objection if we demonstrate compelling legitimate grounds, or if we need to process such personal information for the establishment, exercise, or defense of legal claims.
Right to Restrict us from processing your personal information (except for storing it): (a) if you contest the accuracy of the personal information (in which case the restriction applies only for a period enabling us to determine the accuracy of the personal information); (b) if the processing is unlawful and you prefer to restrict the processing of the personal information rather than requiring the deletion of such data by us; (c) if we no longer need the personal information for the purposes outlined in this Policy, but you require the personal information to establish, exercise or defend legal claims; or (d) if you object to our processing based on our legitimate interest (in which case the restriction applies only for the period enabling us to determine whether our legitimate grounds for processing override yours).
Right to be Forgotten. Under certain circumstances, such as when you object to our processing of your personal information based on our legitimate interest and there are no overriding legitimate grounds for the processing, you have the right to ask us to erase your personal information. However, notwithstanding such a request, we may still process your personal information if it is necessary to comply with our legal obligations, or for the establishment, exercise, or defense of legal claims. If you wish to exercise any of these rights, please contact us through the channels listed in this Policy.
When you contact us, we reserve the right to ask for reasonable evidence to verify your identity before we provide you with information. Where we are not able to provide you with information that you have asked for, we will explain the reason.
Subject to applicable law, you have the right to lodge a complaint with your local data protection authority. If you are in the EU, then according to Article 77 of the GDPR, you can lodge a complaint to the supervisory authority, in the Member State of your residence, place of work or place of alleged infringement of the GDPR. For a list of supervisory authorities in the EU, click here.
If you are in the UK, you can lodge a complaint to the Information Commissioner’s Office (ICO) pursuant to the instructions provided here.
Additional information for individuals in California
If you are an individual residing in California and would like to exercise any of your rights pursuant to the privacy law in California (CPRA), please note that we are merely a Service Provider, acting on behalf of the Client (which would be considered the Business). Therefore, please contact the Client to exercise any of your rights.