We are French, European and we have evolved within a strict regulatory framework relative to privacy and personal data protection. We didn’t wait for the entry into force of the new EU regulation to address this crucial issue ; From our point of view, offering a service that is not fully compliant with EU legislation is simply not an option.
The service that we offer deals necessarily with personal data. By placing privacy at the heart of our product’s conception, we provide our clients and end users with sufficient guarantees from the very beginning and all along our relationship.
ItsAlive relies on a network of legal experts working closely with our engineers in order to carry out an audit of the service’s global functioning and to undertake the necessary corrective measures. Every update of the tool is reviewed, from the first steps to the practical implementation.
Itsalive is edited by Saastory S.A.S., a French simplified joint stock company whose main office is located at 43 Rue Beaubourg, 75003 Paris, France, registered under the number 815 265 574.
Data collected and purposes of processing
The “data controller” is the legal person that determines the purposes, conditions and means of the processing of personal data.
The “data processor” is the legal person that processes personal data on behalf of the controller.
We collect data about our customers, the itsAlive users, (hereinafter the "Users") as well as about people interacting with our customers’ chatbots on Facebook Messenger (hereinafter the "End-Users").
With regards to Itsalive Users, we are data controller .
We collect personal information that you provide to us during the subscription and/or use of our service such as the User’s name and email address. The data that we collect is used to :
- manage our relationship with you - such as for billing purposes,
- provide a personalized service - such as for authentication purposes during sign up/sign in,
- improve the experience and interaction with you - such as for sending information about the changes in our platform .
With regards to End-Users, we are data processor .
We collect on behalf of our customer (the Itsalive User) :
- personal information of the End-User - such as, but not limited to, the name, profile avatar, PSID (Facebook ID), and other information associated with the Facebook Messenger account,
- information that our users (chatbot admin) decided relevant for the chatbot purpose and that the end-user provides when communicating with the chatbot such as the “quick replies” or specific information,
- information related to the interaction between the End-User and the chatbot - such as, but not limited to, the session start time, the session duration, the date of the first/last message etc.
The main purpose of collecting such information is to offer you an optimal, efficient and personalized experience while using our services. By collecting such information we are able to :
- optimize the End-User’s interactions with the chatbot,
- resolve any potential problem or dysfunctioning that may occur,
- customize the chatbot messages,
- provide the User with analytics preview .
The messages sent by the End-Users to the chatbot are not stored, except for the unanswered messages which are used to improve the chatbot. Unanswered messages are NOT connected to a user.
The Users (chatbot creators/our customers) may be able to collect the End-User’s conversation history with the chatbot but also information contained in his public social media profile as well as other information the End-User provides while interacting with the chatbot.
Pursuant to French and European applicable laws, you have the right to:
- access your personal data to ensure that personal information is up-to-date, accurate and complete
- require us to update, correct or complete any inaccurate or incomplete personal data, for legitimate purposes
- oppose to or demand the limitation of the processing of your personal data
- receive, upon request, all your personal data in a structured and standard format
- give instructions regarding the further processing of your personal data after your death.
To exercise any of the above rights, please contact us at firstname.lastname@example.org
Global privacy practices
We have implemented appropriate measures to put in place suitable technical and organisational precautions to ensure a level of security and integrity of personal data appropriate to the risk.
Thus, Itsalive undertakes to take all pertinent precautions in order to preserve the security of the data and, in particular, to protect them against any accidental or unlawful destruction, accidental loss, corruption, unauthorized circulation or access, as well as against any other form of unlawful processing or disclosure to unauthorized persons.
Third party disclosure
We do not share, sell or transfer any personal data of our Users or End-Users with third parties for commercial purposes.
We may share your personal data with partner companies so that we obtain the necessary assistance and support in the context of carrying out our services for ex. data hosting service provider, online payment processing services etc. We make sure all third parties we work with are GDPR compliant and when necessary Privacy Shield certified.
We can disclose your personal data to competent authorities to the extent strictly required by the law.
Personal Data Breach
We will notify Users without undue delay upon discovery of a breach affecting personal data. In such event, we will provide our customers with information to assist them to meet any obligations to inform data subjects or data protection authorities of the personal data breach under the data protection laws. We will assist our customers in the investigation, mitigation and remediation of each personal data breach.
Data Protection Officer
We have appointed Arbi Jaupi as our new Data Protection Officer. His role is to oversee and advise on our data management. To get in touch : email@example.com
Our specific commitment as Data Controller (free users and clients)
Data retention ItsAlive users
Collected data will be retained for a period appropriate to the purpose for which it was collected and is, by default, destroyed at the end of a 36 months period following the last interaction (36 months after User’s last connection if the User doesn’t have a chatbot or 36month after User’s last interaction with the chatbot if the User has one chatbot or more).
Our specific commitment as Data Processor (end-users of chatbots)
Data retention of end-users
Collected data will be retained for a period appropriate to the purpose for which it was collected and is, by default, destroyed at the end of a 24 months period following the last interaction (24 months after User’s last connection if the User doesn’t have a chatbot or 24month after User’s last interaction with the chatbot if the User has one chatbot or more).
Assistance and advices
We will answer shortly to any inquiries sent by Users related to the personal data we process, including any request related to the exercise of End-Users rights. We will cooperate with Users to assist them in any investigation they may require to ensure their compliance with relevant EU and French legislation regarding data protection.
The tool’s compliance does not exempt the Users from their responsibility with regards to the use of the tool. The latter are fully and solely responsible for the use that may be made. It belongs to the Users to ensure the use of the bot they administrate is GDPR compliant. We provide a series of tips and guidelines to help them in their efforts to become compliant.
Our legal team is mobilized to facilitate exchanges with the compliance teams of our customers.
By refusing to accept cookies you may not be able to use some of the features and functionalities on our site.