Privacy policy

Your personal data controller is Craftware Limited, 21 Alverstone Gardens, SE9 2BZ London. Company number: 09184242.

If you have any doubts or need more information related to the processing of your data, please email us at contact@chatomiser.com In case we need to use your details for an unrelated new purpose we will let you know and explain the legal grounds for processing.

We may collect data about you by providing the data directly to us (for example by filling in forms on our website or by sending us emails). We may automatically collect certain data from you as you use our website by using cookies and similar technologies. Please see our cookies policy for more details about this.

Where we are required to collect personal data by law, or under the terms of the contract between us and you do not provide us with that data when requested, we may not be able to perform the contract (for example, to deliver goods or services to you). If you don’t provide us with the requested data, we may have to cancel a product or service you have ordered but if we do, we will notify you at the time.

We will only use your personal data for a purpose it was collected for or a reasonably compatible purpose if necessary.

Your personal data is processed to:

• provide functionality of the website and facilitate the use of our services (art. 6(1) (b) and (f) of the GDPR); details on the use of cookies at the end of this policy,
• implementation and contracts with customers or contractors (art. 6(1)(b) of the GDPR if you are party to the contract, or art. 6(1)(f) of the GDPR if you are its representative or employee),
• if applicable - payment processing, billing, accounting, and financial reporting (art. 6(1)(c) and (f) of the GDPR),
• implementation of obligations resulting from law (art. 6(1)(c) of the GDPR),
• in controller’s legitimate interests, namely the marketing of its products and services (art. 6(1)(f) of the GDPR),
• for the purposes indicated in the consent to the processing of personal data - if such consents were given (art. 6(1)(a) of the GDPR).

We also process personal data in connection with the implementation of other legitimate interests of the controller, according to art. 6(1)(f) of the GDPR:

• for the establishment, exercise or defence of legal claims,
• for statistical purposes related to the improvement of work efficiency, quality of provided services and adapting them to recipients.

We may collect and process the following types of data:

• personal data
• communication data
• customer data
• user data
• technical data
• marketing data
• additional data

Communication data includes any communication that you send to us whether that be through the contact form on our website, through email, text, social media messaging, social media posting or any other communication that you send us.

We process communication data for the purposes of communicating with you, for record keeping and for the establishment, pursuance or defence of legal claims. Our lawful ground for this processing is our legitimate interests which in this case are to reply to communications sent to us, to keep records and to establish, pursue or defend legal claims.

Customer data includes data relating to any purchases of goods and/or services such as your name, title, billing address, delivery address email address, phone number, contact details, purchase details and your card details.

We process customer data to supply the goods and/or services you have purchased and to keep records of such transactions. Our lawful ground for this processing is the performance of a contract between you and us and/or taking steps at your request to enter into such a contract.

User data includes data about how you use our website and any online services together with any data that you post for publication on our website or through other online services.

We process user data to operate our website and ensure relevant content is provided to you, to ensure the security of our website, to maintain backups of our website and/or databases and to enable publication and administration of our website, other online services and business. Our lawful ground for this processing is our legitimate interests which in this case are to enable us to properly administer our website and our business.

Technical data includes data about your use of our website and online services such as your IP address, your login data, details about your browser, length of visit to pages on our website, page views and navigation paths, details about the number of times you use our website, time zone settings and other technology on the devices you use to access our website. The source of this data is from our analytics tracking system.

We process technical data to analyse your use of our website and other online services, to administer and protect our business and website, to deliver relevant website content and advertisements to you and to understand the effectiveness of our advertising. Our lawful ground for this processing is our legitimate interests which in this case are to enable us to properly administer our website and our business and to grow our business and to decide our marketing strategy.

Marketing data includes data about your preferences in receiving marketing from us and our third parties and your communication preferences.

We process marketing data to enable you to partake in our promotions such as competitions, prize draws and free giveaways, to deliver relevant website content and advertisements to you and measure or understand the effectiveness of this advertising. Our lawful ground for this processing is our legitimate interests which in this case are to study how customers use our products/services, to develop them, to grow our business and to decide our marketing strategy.

Sensitive data refers to data that includes details about your race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, information about your health and genetic and biometric data, and any information about criminal convictions and other offences.

We do not collect any sensitive data.

In principle, we process the data provided by you. If you did not provide us with your data, their source is an entity that had your consent to disclose it to the controller, or another valid legal basis. In this case, the obtained personal data includes the data necessary to conduct a given type of marketing activities (typically, these are first name, surname, e-mail address, telephone number and / or mailing address).

We may receive additional data from the following third parties:

• analytics providers such as Google based outside the EU
• advertising networks such as Facebook based outside the EU
• search information providers such as Google based outside the EU
• providers of technical, payment and delivery services, such as data brokers or aggregators
• publicly available sources such as Companies House and the Electoral Register based inside the EU

In principle, your personal data will be processed in the United Kingdom. Taking into account the services provided by the controller's subcontractors in the implementation of support for ICT services and IT infrastructure, the controller may commission specific IT activities or tasks to recognized subcontractors operating outside the UK, which may result in the transfer of your data outside the UK.

Recipient states from outside the UK, covered by GDPR art. 45 decision, ensure an adequate level of personal data protection in accordance with the UK standards. In the case of recipients in the territory of countries not covered by GDPR art. 45 decision, in order to ensure an adequate level of data protection, the controller concludes contracts with the recipients of your personal data, based on standard contractual clauses in accordance with art. 46(2)(c) of the GDPR.

A copy of the standard contractual clauses can be obtained from the controller by contacting the contact details provided above. The method of securing your data used by the Controller complies with the principles provided for in Chapter V of the GDPR. You can request further information about the security measures applied in this regard, obtain a copy of these security features and information on where they are made available.

The recipients of your personal data may be:

• Suppliers, subcontractors.
• Banks and payment processing providers.
• Companies carrying out marketing activities.
• Companies that provide services or provide IT solutions.
• Companies that provide services or provide IT solutions.
• Companies archiving and shredding documents (in the case of paper documents related to the implementation of processing purposes).
• Companies providing courier and postal services (in the case of correspondence related to the implementation of processing purposes).

Your personal data will be stored until you withdraw your consent or file an objection, i.e. show us in any way that you do not want to stay in touch with us and receive information about our activities.

After the consent is withdrawn or an objection is raised, personal data may be stored for the purpose of demonstrating the correctness of compliance with the legal obligations incumbent on the controller or until the expiry of the limitation period for claims, depending on which period is longer.

In the case of concluding an agreement with the controller, personal data will be processed by the duration of the contract and after its completion the expiry of limitation periods for filing legal claims.

In situations provided for by law, you enjoy the rights to:

• access your data and receive a copy of it,
• to rectify (amend) your data,
• to delete personal data,
• to restrict data processing,
• to data portability – if the legal basis for their processing is consent (art. 6 (1) (a) or art. 9 (2)(a) of the GDPR) or a contract (art. 6 (1) (b) of the GDPR),
• the right to withdraw consent to data processing when it is the basis for data processing (art. 6 (1)(a) of the GDPR),
• the right to object to the processing of your personal data – if the legal basis for the processing is a legitimate interest (art. 6(1)(f) of the GDPR).

If you believe that the processing of your personal data violates the provisions of the GDPR, you also have the right to lodge a complaint with the supervisory authority.

Providing personal data is voluntary, but necessary for us to achieve the purposes of processing, described in this policy.

Your data will not be subject to automated decision making producing legal effects or a similarly significant impact.