Privacy Policy
Introduction
This Privacy Policy outlines our commitment to safeguarding the personal data processed by our WhatsApp Business Platform API application. Our primary objective is to maintain the privacy and security of the data while enabling advanced communication between businesses and their clients.
Data Collection
Our application collects various types of data to facilitate its functionality. The data collected includes business phone numbers, client numbers and names, message content, catalog contents, and images uploaded to the gallery. Business phone numbers are acquired either through the embedded Facebook sign-in process or directly from user input. Client numbers and names are gathered through Excel imports or manual user input. Message content is collected as outgoing messages are inputted by users, while incoming messages are collected via a webhook when a client sends a message. Catalog contents are obtained either from user input or through a synchronization process that imports catalogs from Meta using an API. Images stored in the gallery are uploaded by the user.
Purpose of Data Collection
The personal data collected by our application is used for several key purposes. Primarily, it enables communication between businesses and their clients. Additionally, the data is used for analytical purposes to improve service delivery and for marketing activities. Our app ensures that the data collected is used solely for the benefit of the users and is not utilized for any other purpose.
Data Usage
We take data usage and access very seriously. Users within the application do not have access to the data of other users unless they share the same business ID. In such cases, they will have access to the same catalogs. We do not use any data collected for our own purposes. Instead, the data is used exclusively to display relevant information to the users, enabling them to benefit from their interactions within the app.
Legal Basis for Processing Personal Data under the General Data Protection Regulation (GDPR)
If you are from the European Economic Area (EEA), PC Globalco SAL legal basis for collecting and using the personal information described in this Privacy Policy depends on the Personal Data we collect and the specific context in which we collect it.
PC Globalco SAL may process your Personal Data because:
- We need to perform a contract with you
- You have given us permission to do so
- The processing is in our legitimate interests and it is not overridden by your rights
- For payment processing purposes
- To comply with the law
Data Storage
The personal data collected by our application is stored on third-party servers that are not owned by us. We implement robust security measures, including the encryption of account passwords, to ensure the security of the data stored in our system.
Data Retention
PC Globalco SAL will retain your Personal Data only for as long as is
necessary for the purposes set out in this Privacy Policy. We will retain and use your Personal
Data to the extent necessary to comply with our legal obligations (for example, if we are
required to retain your data to comply with applicable laws), resolve disputes and enforce our
legal agreements and policies.
PC Globalco SAL will also retain Usage Data for internal analysis
purposes. Usage Data is generally retained for a shorter period of time, except when this data
is used to strengthen the security or to improve the functionality of our Service, or we are
legally obligated to retain this data for longer periods.
Data Sharing
Your information, including Personal Data, may be transferred to — and maintained on — computers
located outside of your state, province, country or other governmental jurisdiction where the
data protection laws may differ from those of your jurisdiction.
If you are located outside Cyprus and choose to provide information to us, please note that we
transfer the data, including Personal Data, to Cyprus and process it there.
Your consent to this Privacy Policy followed by your submission of such information represents
your agreement to that transfer.
PC Globalco SAL will take all the steps reasonably necessary to ensure
that your data is treated securely and in accordance with this Privacy Policy and no transfer of
your Personal Data will take place to an organization or a country unless there are adequate
controls in place including the security of your data and other personal information.
Requesting Data Deletion
You have the right to request the deletion of your personal data that we have collected and stored. If you wish to delete your data from our systems, you can submit a request through our designated channels. Upon receiving your request, we will take appropriate measures to delete your data, subject to legal obligations and our data retention policies. Please note that certain data may need to be retained for legitimate business purposes or to comply with legal requirements. To initiate a data deletion request, please contact us at social@pcglobalco.com. We will process your request within a reasonable timeframe and confirm the deletion or provide further information if any data cannot be deleted.
User Rights
We respect the rights of our users regarding their personal data. Upon registration, users are required to agree to our privacy policy, which outlines how their data will be handled. However, we do not currently offer users the ability to download their data from the application. We are committed to ensuring that our users' rights are respected and protected.
Security Measures
We have implemented several security measures to protect the personal data processed by our application. These measures include the encryption of passwords, token-based authentication, and the use of UUIDs instead of IDs in the database to enhance security. We continuously monitor and update our security practices to ensure that they meet the highest standards.
Your Data Protection Rights under the General Data Protection Regulation (GDPR)
If you are a resident of the European Economic Area (EEA), you have certain data protection
rights. PC Globalco SAL aims to take reasonable steps to allow you to
correct, amend, delete or limit the use of your Personal Data.
If you wish to be informed about what Personal Data we hold about you and if you want it to be
removed from our systems, please contact us.
In certain circumstances, you have the following data protection rights:
- The right to access, update or delete the information we have on you.Whenever made possible, you can access, update or request deletion of your Personal Data directly within your account settings section. If you are unable to perform these actions yourself, please contact us to assist you.
- The right of rectification. You have the right to have your information rectified if that information is inaccurate or incomplete.
- The right to object. You have the right to object to our processing of your Personal Data.
- The right of restriction. You have the right to request that we restrict the processing of your personal information.
- The right to data portability. You have the right to be provided with a copy of the information we have on you in a structured, machine-readable and commonly used format.
- The right to withdraw consent. You also have the right to withdraw your consent at any time where PC Globalco SAL relied on your consent to process your personal information.
Incident Response
In the event of a data breach or security incident, our dedicated team is prepared to take immediate action to mitigate any potential damage and protect user data. We have established procedures for responding to incidents and will promptly inform affected users as required by applicable laws.
International Data Transfers
Our application facilitates international data transfers as part of its core functionality. When a business within our app needs to communicate with a client via WhatsApp, the data is transferred to WhatsApp through the API, and WhatsApp then delivers the message to the client. This process ensures that communication is seamless and efficient, even across international borders.
Payments
We may provide paid products and/or services within the Service. In that case, we use third-party services for payment processing (e.g. payment processors).
We will not store or collect your payment card details. That information is provided directly to our third-party payment processors whose use of your personal information is governed by their Privacy Policy. These payment processors adhere to the standards set by PCI-DSS as managed by the PCI Security Standards Council, which is a joint effort of brands like Visa, MasterCard, American Express and Discover. PCI-DSS requirements help ensure the secure handling of payment information.
The payment processor we work with is Stripe. their privacy policy can be viewed at https://stripe.com/us/privacy
Training and Awareness
To ensure that our team is well-equipped to handle personal data responsibly, we conduct data protection training every three months. This training ensures that our team is aware of the latest data protection practices and is prepared to implement them effectively.
Policy Review and Updates
We recognize the importance of keeping our Data Protection Policy up to date with the latest legal requirements and industry standards. As such, we review and update this policy every three months. Any significant changes to our data protection practices will be communicated to our users promptly.
Contact US
If you have any questions or suggestions about our Privacy Policy, do not hesitate to contact us at social@pcglobalco.com