Service Data Privacy Statement
Bodsquare Limited ( “Bodsquare”, “we”, “us”, or “our”) provides a Software as a Service (SaaS) based “Conversation Cloud” that allows our customers to store, manipulate, analyze and transfer messages between their business systems and their customers on a variety of Bodsquare and third party provided messaging channels (the “Service“).
This Privacy Statement for Service Data represents an Agreement between Bodsquare and the Customer and governs the use of Service Data.
If there is any inconsistency between this Agreement and any negotiated Agreement between Bodsquare and the Customer, the terms of the negotiated agreement will prevail.
Agent: an individual who communicates within the Conversation Cloud on behalf of the Customer.
For example, a member of the Customer’s web support team, or a representative of a third party to whom support has been outsourced.
Chat Participants: Agents and Users who communicate within the Conversation Cloud.
Customer: a legal entity with whom Bodsquare has an agreement to provide the Services.
For clarity, a Customer may be a Controller or a Processor of Personal Data. Where a Customer is a Processor of Personal Data, Bodsquare shall process Personal Data as sub-processor on behalf of the Controller. Instructions from the Controller regarding the processing of Personal Data shall be given through the Processor.
User: an individual who communicates with a Customer or Agent within the Conversation Cloud.
For example, a member of the public on Facebook Messenger, a visitor to the Customer’s Website, the holder of an SMS number, or the user of a mobile app.
The following terms are used as defined in the EU General Data Protection Regulation (GDPR):
Controller: the natural or legal person, public authority, agency or another body which, alone or jointly with others, determines the purposes and means of the processing of personal data.
Personal Data: any information relating to an identified or identifiable natural person (“Data Subject“).
Processor: a natural or legal person, public authority, agency or another body that processes personal data on behalf of the controller.
Third-Party: a natural or legal person, public authority, agency or body other than the data subject, controller, processor and persons who, under the direct authority of the controller or processor, are authorized to process personal data.
Data We Process
This document is intended to supplement and clarify the Bodsquare Terms and Conditions with regard to Personal Data processed on behalf of our Customers during the provision of the Service (“Data Subject“).
Bodsquare may collect and process Personal Data about individuals for the purposes of account creation, billing, usage tracking, recruiting, and marketing.
These data types and processing activities are governed by this Statement and include data that is not related to an identified or identifiable natural person, including aggregated or de-identified data, is not Personal Data and is not addressed by this Statement.
Bodsquare Services are not directed to children under 16. If you learn that a child under 16 has provided us with Personal Data without consent, please contact us.
Bodsquare and each of its Representatives (as defined below) shall not access and use any Confidential Information (as defined below) as well as Service Data (as defined below) for any purpose other than solely and strictly for the performance of the Services by Bodsquare in accordance with such terms and conditions applicable thereto as stated in Bodsquare’s Terms and Conditions (“Permitted Purpose”).
Bodsquare may only disclose Confidential Information (as defined below) on a need-to-know basis to its Representatives who have a need to know such information solely and strictly for the Permitted Purpose and not any other purposes, provided that Bodsquare shall comply with and always be subject to clauses stated in this Statement.
In this Agreement, “Representatives” of a person, entity or organisation shall mean the directors, officers, employees, legal and financial advisers, accountants, consultants, affiliates, delegates, appointees, agents and/or representatives of such person, entity or organisation.
Bodsquare and its Representatives shall keep confidential, and shall not disclose to any person, any Confidential Information (as defined below) or any information or terms in connection with the Services without the prior written consent of customers.
Bodsquare and its Representatives shall not under any circumstances copy, reproduce, publish, use, or export the Confidential Information except solely and strictly for the Permitted Purpose and in accordance with this Statement.
In the event that Bodsquare or any of its Representatives is required by judicial process or is otherwise required by legal process to disclose any Confidential Information, then, to the extent permitted by law, Bodsquare or the said Representative (as the case may be) shall provide customers with written notice, prior to disclosing such Confidential Information, so that customers may seek an appropriate protective order.
If in the absence of a protective order, Bodsquare or the said Representative is nonetheless legally compelled to disclose such Confidential Information, Bodsquare or the said Representative (as the case may be) may furnish that portion of such Confidential Information that is legally required to be furnished and shall exercise all reasonable efforts to obtain assurance from the applicable court, agency or another person to whom disclosure is being made that confidential treatment will be accorded to such Confidential Information to the maximum extent possible as contemplated by this Statement.
For the purpose of this Agreement, “Confidential Information” shall include without limitation all records, communications and information (whether in writing or not, in whatever form or storage medium, and regardless of whether such information is identified as “confidential”) gathered or received or made available for the purpose of or otherwise in relation to the Services whether or not received prior to the making of this Agreement, but does not include information which:
Bodsquare can demonstrate was rightfully known to Bodsquare or was rightfully in its possession prior to the date of its disclosure and which was not disclosed to Bodsquare by customers under confidentiality obligations still binding on Bodsquare;
is or becomes generally available to the public other than through unauthorised disclosure by Bodsquare or any of its Representatives in violation of this Agreement or by some other wrongful act; or becomes available to Bodsquare from a source other than customers provided that such source is not prohibited from transmitting such Confidential Information to Bodsquare by a contractual, fiduciary or other obligation to customers.
For the purpose of this Agreement, the “Service Data” that Bodsquare may process include the following types of data:
User Profile Information
The Bodsquare API enables Agents to communicate with Users via multiple platforms such as social media (e.g., Facebook Messenger) SMS, and web apps (“Messaging Channels“). Each Channel transmits certain data about the User. Some examples include First Name, Last Name, Email Address, Phone Number, IP Address, Location, Avatar/Image, Username/Handle, Linked IDs, and others.
The types of Personal Data transmitted in the User profile depend on the data collected by the Controller, and the User’s privacy settings and preferences. The Controller may be the Messaging Channel (e.g. Facebook, WeChat or WhatsApp); or the Customer, when messages are received via connected channels (e.g. SMS, email), or web apps created using Bodsquare’s Software Development Kit.
Agent Profile Information
Customers may enable the configuration of profiles for their Agents, including details such as Name and Image.
The message content may be structured or unstructured, and may or may not contain Personal Data. Bodsquare handles all messages in the Conversation Cloud as Personal Data.
Bodsquare servers automatically record some information when Services are used, including information sent by browsers or mobile apps.
Bodsquare may collect information about the devices Services are being used on, including what type of device it is, operating system, device settings, application IDs, unique device identifiers, and crash.
Customer Personal Data
The customer has provided or may provide Bodsquare with access to the Customer Personal Data for the Permitted Purpose. Notwithstanding anything provided to the contrary in this Agreement, Bodsquare and its Representatives shall strictly comply with the provisions of this Clause 5 in connection with all Customer Personal Data provided or made available to any of them or to which any of them has access.
Bodsquare and its Representatives shall not use any Customer Personal Data for any purpose other than strictly for the Permitted Purpose in accordance with the terms of this Statement.
Bodsquare and its Representatives shall not disclose any Customer Personal Data to any third party without the prior written consent of customers and shall take all practicable steps to implement security measures to protect the Customer Personal Data from disclosure to other parties.
Bodsquare and its Representatives shall comply with all applicable laws, rules and regulations and all other obligations in relation to or applicable to the Customer Personal Data (including without limitation the Personal Data (Privacy) Ordinance of Hong Kong) and shall provide customers with such confirmation and information as may be reasonably required by customers to satisfy customers that Bodsquare and its Representatives have complied with such laws, rules, regulations, and obligations.
Purpose For Processing
Bodsquare processes the Personal Data types outlined above for the following purposes:
This policy is not intended to place any limits on what we do with data that is aggregated and/or de-identified. It is no longer associated with an identifiable user or Customer of the Services and is therefore not Personal Data.
How We Protect Data
With regards to the Service and Service Data, Bodsquare acts as a Processor on behalf of Customers. Customers have primary responsibility for interacting with Data Subjects, and the role of Bodsquare is generally limited to assisting Customers as needed.
Bodsquare processes Service Data only upon a Customer’s instruction and shall have a duty to respect the security and confidentiality of Personal Data, pursuant to the measures outlined in agreements with Customers and as required by applicable law.
Bodsquare maintains a managed privacy program to identify risks and implement preventative measures. Our Chief Privacy Officer, supported by a network of senior professionals throughout the business and development teams, is responsible for managing the privacy program.
The privacy program is and will be reviewed on a regular basis to provide for continued effectiveness.
Bodsquare takes security seriously. We take various steps to protect the information you provide to us from loss, misuse, and unauthorised access or disclosure. These steps take into account the sensitivity of the information we collect, process and store, and the current state of technology.
To learn more about current practices and policies regarding security and confidentiality of Customer Data and other information, please enquire us for our Security Notice, we keep that document updated as these practices evolve over time.
Transparency And Cooperation With Customers
Bodsquare undertakes to be transparent regarding its Personal Data processing activities and to provide Customers with reasonable cooperation to help facilitate their respective data protection obligations regarding Personal Data.
Data Breach Notification
In the event that Bodsquare becomes aware of any unauthorised access to or disclosure of Personal Data, Bodsquare will promptly notify affected Customers to the extent such notification is permitted by applicable law.
Upon a Customer’s request, and subject to appropriate confidentiality obligations, Bodsquare shall make available to the Customer (or such Customer’s independent, third-party auditor) information regarding Bodsquare and third-party sub-processors’ compliance with the data protection requirements set forth in our agreements.
Obligations Upon Termination
Upon termination of the Services, Bodsquare shall, at the request of the Customer, delete, render un-identifiable, or return all Personal Data to the Customer. Bodsquare will certify that it has done so unless legislation prevents it from returning or destroying the data. In that case, Bodsquare will protect the data in accordance with its commitments and will not actively process the personal data transferred anymore.
Sharing And Disclosure
There are times when information described in this privacy statement may be shared by Bodsquare. This section discusses how Bodsquare may share such information. Customers determine their own policies for sharing and disclosure.
Bodsquare reserves the right to disclose or use aggregate or de-identified information for any purpose. For example, we may share aggregated or de-identified information with our partners or others for business or research purposes like telling a prospective Bodsquare Customer the average number of messages sent within a day.
Sub-Processing By Third Parties
Bodsquare may retain third party sub-processors, and depending on the location of the third-party sub-processor, processing of Personal Data by such sub-processors may involve transfers of Personal Data. Such third-party sub-processors shall process Personal Data only in accordance with the Customer’s instructions.
As of the date hereof, these third party providers include technical operations such as database monitoring, data storage and hosting services and customer support software tools.
Such third-party sub-processors have entered into written agreements with Bodsquare in accordance with the applicable requirements.
Compliance With Laws
Bodsquare may share or disclose data to comply with legal or regulatory requirements and to respond to lawful requests, court orders and legal process.
Enforcing Our Rights, Preventing Fraud, And Safety
Bodsquare may share or disclose data to protect and defend the rights, property, or safety of us or third parties, including enforcing contracts or policies, or in connection with the investigation and preventing fraud.
Changes To Our Business Structure
Bodsquare may share or disclose data if we engage in a merger, acquisition, bankruptcy, dissolution, reorganization, sale of some or all of Bodsquare’s assets, financing, acquisition of all or a portion of our business, a similar transaction or proceeding, or steps in contemplation of such activities (e.g. due diligence).
Data Subject Rights
Bodsquare acts as a data processor on behalf of Customers. Customers have primary responsibility for interacting with Data Subjects, and the role of Bodsquare is generally limited to assisting Customers as needed.
Access, Correction, Amendment or Deletion Requests
Bodsquare shall promptly notify a Customer if Bodsquare receives a request from a Data Subject for access to, correction, amendment or deletion of that person’s Personal Data. Bodsquare shall not respond to any such Data Subject request without the Customer’s prior written consent except to confirm that the request relates to that Customer.
Bodsquare shall provide Customers with cooperation and assistance in a reasonable period of time and to the extent reasonably possible in relation to any request regarding Personal Data to the extent Customers do not have access to such Personal Data through their respective uses of the Services.
Handling Of Complaints
Data Subjects may lodge a complaint about the processing of their respective Personal Data by contacting the relevant Customer or the Bodsquare Privacy department at the email address [email protected]. Bodsquare shall promptly communicate the complaint to the Customer to whom the Personal Data relates.
Customers shall be responsible for responding to all Data Subject complaints forwarded by Bodsquare, except in cases where a Customer has disappeared factually or has ceased to exist in law or become insolvent. Where Bodsquare is aware of such a case, it undertakes to respond directly to Data Subjects’ complaints within thirty (30) days, including the consequences of the complaint and further actions Data Subjects may take if they are unsatisfied by the reply.
Regulatory Inquires and Complaints
Bodsquare shall, to the extent legally permitted, promptly notify a Customer if it receives an inquiry or complaint from a data protection authority in which that Customer is specifically named.
Upon a Customer’s request, Bodsquare shall provide the Customer with cooperation and assistance in relation to any regulatory enquiry or complaint involving Bodsquare’s processing of Personal Data.
Changes To This Statement
We reserve the right to change the statement as our product develops. If we do so, we will post any changes on this page. On the usage of the Services, after those changes are in effect, you are hereby in agreement with the revised policy.
This document was last updated on April 19, 2021.
You may contact us at [email protected] or at our mailing address below :