SCEYT PRIVACY POLICY

Last update: 4 February 2021

THIS PRIVACY POLICY EXPLAINS IN DETAIL HOW WE COLLECT, USE, AND DISCLOSE YOUR PERSONAL DATA WHEN YOU USE SCEYT. IT ALSO INFORMS YOU WHAT CHOICES YOU HAVE WITH RESPECT TO YOUR PERSONAL DATA. PLEASE READ THIS PRIVACY POLICY CAREFULLY BEFORE SUBMITTING ANY PERSONAL DATA TO US.

1. GENERAL INFORMATION

1.1 About this Privacy Policy. This Sceyt privacy policy (the “Privacy Policy”) is drafted to govern the processing of personal data collected from individual users (“you”,“your”, and “client”) through the Communications-Platform-as-a-Service product ‘Sceyt’, the website https://sceyt.com, and the related services (collectively, “SCEYT”). The Privacy Policy does not cover any third-party websites, applications or software that integrate with SCEYT or any other third-party products and services that are linked to from SCEYT.

1.2 About SCEYT. SCEYT is a Communications-Platform-as-a-Service for chat and messaging services. Through SCEYT, we provide infrastructure and relevant tools to you that allow integrating multipurpose chat and messaging solutions into your existing software applications. SCEYT is not a final chat software product and we do not provide final chat software solutions.

1.3 Data controller. SCEYT is owned and operated by Sceyt LLC having a registered business address at Gai ave 26, 34, Yerevan, Armenia, and the company registration number 282.110.1159264 (“we”, “us”, or “our”). We act as a data controller with regard to the personal data collected by you through SCEYT directly (for example, when you complete our forms, sign up, or contact us). As a data controller, we make decisions about the types of personal data that we need to collect and the purposes for which your personal data is used.

1.4 Data processor. In certain instances, we may act as a data processor with regard to personal data processed by us through the chats developed by using SCEYT (the“End-Users’ Data”). We do not own, control, or make decisions about the End-Users’ Data; such data is processed only in accordance with the instructions provided by our respective clients. To ensure that the End Users’ Data is processed in accordance with the strictest data protection standards, we offer a data processing agreement to be concluded with our clients (please contact us at legal@sceyt.com for more information).

1.5 Minors. SCEYT is not intended for use by persons under the age of 18. We do not knowingly collect minors’ personal data. If you become aware that a minor has provided us with his or her personal data and you are a parent or a legal guardian of that minor, please contact us immediately and we will remove the minor’s personal data from our systems.

1.6 Term of the Privacy Policy. This Privacy Policy enters into force on the effective date indicated at the top of the Privacy Policy and remains valid until terminated or updated by us.

1.7 Amendments. The Privacy Policy may be changed from time to time to address the changes in SCEYT, applicable laws, regulations, or industry standards. The amended version of the Privacy Policy will be posted on this page and, if we have your email address, we will send you a notice about all the changes implemented by us. We encourage you to review our Privacy Policy to stay informed. For significant material changes in the Privacy Policy or, where required by the applicable law, we may seek your consent.

2. WHAT DATA DO WE COLLECT?

2.1 Collection of personal data. We comply with data minimisation principles. Thus, we collect only a minimal amount of personal data that is necessary for ensuring the quality and accessibility of SCEYT. We use your personal data for limited, specified and legitimate purposes explicitly mentioned in this Privacy Policy. In short, we use it only for the purposes of providing you with the requested services, maintaining and improving SCEYT, conducting research about SCEYT and our business activities, replying to your enquiries, and pursuing our legitimate business interests. We do not repurpose your personal data. It means that we do not use it for any purposes that are different from the purposes for which your personal data was provided.

Your user account. When you register your user account, we collect your first name, last name, company name, email address, and IP address. We use such data to register and maintain your user account, provide you with the requested services, identify your country, contact you, if necessary (for example, send you administrative and support emails), conduct analytics, and maintain our business records. The legal bases on which we rely are (i) performing a contract with you and (ii) pursuing our legitimate business interests (i.e., administering our business).

Your payments. When you make a payment, our payment processor Paddle will ask you to submit your payment details that are necessary for processing your payments. The details that you need to submit depend on the payment method that you choose: if you choose to pay by PayPal, you will be asked to provide your PayPal details; if you pay by a credit card - your full name, credit card number, security code, expiration date, and billing address). We do not collect or store your payment details - all payment transactions are carried out by Paddle. We have access to the following information only: your PayPal username, credit card type, last 4 digits of your card, and the expiration date. We use such data to issue invoices and maintain our business records. The legal bases on which we rely are (i) performing a contract with you and (ii) pursuing our legitimate business interests (i.e., administering our business).

Your enquiries. When you contact us by email or by using our ‘Contact’ functionality, we collect your name, email address, and any information that you decide to include in your message. We use such data to respond to your enquiries and provide you with the requested information. The legal bases on which we rely are (I) ’pursuing our legitimate business interests’ (i.e., to grow and promote our business) and (II) ‘your consent’ (for optional personal data).

Our newsletter. When you subscribe to our newsletter, we collect your email address. We use your email address to send you information about our new services, special offers, and other marketing materials that may be of interest to you. The legal basis on which we rely is ‘your consent’.

Your IP address. When you browse SCEYT, we or our third-party analytics service providers (as explained below) collect your IP address. We use your IP address to analyse the technical aspects of your use of SCEYT, prevent fraud and abuse, and ensure the security of SCEYT. The legal basis on which we rely is ‘pursuing our legitimate business interests’ (i.e., to analyse and protect SCEYT).

Cookies. When you browse SCEYT, we collect cookie-related data. For more information on our cookie usage policies, please refer to our Cookie Policy.

2.2 Sensitive data.We do not collect or use any special categories of personal data (“sensitive data”) from you, unless you decide, at your own discretion, to provide such data to us. Sensitive data is information that relates to your health, religious and political beliefs, racial origins, membership of a professional or trade association, or sexual orientation.

2.3 Refusal to provide personal data. If you refuse to provide us with your personal data when we ask to, we may not be able to perform the requested operation and you may not be able to use the full functionality of SCEYT, receive our services, or get our response. Please contact us immediately if you think that any personal data that we collect is excessive or not necessary for the intended purpose.

2.4 Collection of non-personal data. When you browse SCEYT or your end users use the chat solution developed by you through SCEYT, we automatically collect certain technical non-personal data that does not allow us to identify natural persons in any manner. The non-personal data includes the following information:

Device type;

Operating system;

Activity on SCEYT; and

Other online behaviour.

2.5 Purposes of non-personal data. We use the non-personal data mentioned above for the following purposes:

To perform our contractual obligations;

To maintain our business records;

To analyse what kind of users use SCEYT;

To examine the relevance, popularity, and engagement rate of the content available on SCEYT;

To investigate and help prevent security issues and abuse; and

To develop and provide additional features to SCEYT.

2.6 Your feedback. If you contact us, we may keep records of any questions, complaints, recommendations, or compliments made by you and the response. Where possible, we will de-identify your personal data (i.e., we will remove all personal data that is not necessary for keeping such records).

2.7 Aggregated and de-identified data. In case your non-personal data is combined with certain elements of your personal data in a way that allows us to identify you, we will handle such aggregated data as personal data. If your personal data is aggregated or de-identified in a way that it can no longer be associated with an identified or identifiable natural person, it will not be considered personal data and we may use it for any business purpose.

2.8 Service-related notices.If necessary, we will send you important informational messages, such as confirmation receipts, payment information, technical or administrative emails, and other administrative updates. Please note that such messages are sent on an “if-needed” basis and they do not fall within the scope of commercial communication that may require your prior consent. You cannot opt-out from service-related notices.

3. HOW LONG DO WE STORE YOUR DATA?

3.1 Storage of personal data. We store your personal data in our systems only for as long as such personal data is required for the purposes described in this Privacy Policy or until you request us to update or delete your personal data (as explained in section 6), whichever comes first. After your personal data is no longer necessary for its purposes and there is no other legal basis for storing it, we will immediately securely delete your personal data from our systems. We do not store any personal data longer than necessary.

3.2 Deletion of your user account. When you request us to delete your user account, we will provide you with an opportunity to change your mind within 30 days from the date of your request. Within that period, we will keep all information and data associated with your user account, including your personal data, in our systems. If you do not restore your user account within 30 days, we will securely delete all data from our systems.

3.3 Storage of non-personal data. We retain non-personal data pertaining to you for as long as necessary for the purposes described in this Privacy Policy. This may include storing non-personal data for the period of time needed for us to fulfil our contractual obligations, pursue our legitimate business interests, conduct audits, comply with (and demonstrate compliance with) legal obligations, resolve disputes and enforce our agreements.

3.4 Storage as required by law. In instances when we are obliged by law to store your personal data for a certain period of time (for example, for accountancy or business record purposes), we will store your personal data for the time period stipulated by the applicable law and delete the personal data as soon as the required retention period expires.

4. HOW DO WE DISCLOSE YOUR DATA?

4.1 Disclosure to data processors. When we need to cooperate with third parties to ensure your access to SCEYT or provide you with the requested services, we may disclose your personal data to our data processors, if strictly necessary. We do not sell your personal data to third parties and do not intend to do so in the future. The disclosure of your personal data is limited to the situations when it is required for the following purposes:

Ensuring the proper operation of SCEYT;

Ensuring the delivery of services requested by you;

Responding to your enquiries;

Pursuing our legitimate business interests;

Enforcing our rights, preventing fraud, and security purposes;

Carrying out our contractual obligations;

Law enforcement purposes; or

If you provide your prior consent to such a disclosure.

4.2 List of data processors. We choose our data processors carefully and make sure that they ensure an adequate level of protection of personal data that is consistent with this Privacy Policy and the applicable data protection laws. The data processors that will have access to your personal data are:

Our hosting service provider Amazon Web Services located in the United States;

Our payment processor Paddle located in the United Kingdom;

Our marketing service provider Hubspot located in the United States;

Our analytics service providers Google Analytics located in the United States; and

Our independent contractors and consultants.

4.3 International transfers. If you reside in a country belonging to the European Economic Area (EEA), we may need to transfer your personal data outside the EEA for the reasons mentioned above. In case it is necessary to make such a transfer, we will make sure that the country in which our data processor is located guarantees an adequate level of protection for your personal data or we conclude an agreement with it that ensures such protection (e.g., a data processing agreement based pre-approved standard contractual clauses).

4.4 Disclosure of non-personal data. Your non-personal data may be disclosed to third parties for any purpose. For example, we may share it with prospects or partners for business or research purposes, for improving SCEYT, or developing new products and services.

4.5 Legal requests. If requested by a public authority, we will disclose information about the users of SCEYT to the extent necessary for pursuing a public interest objective, such as national security or law enforcement.

4.6 Successors. In case our business is sold partly or fully, we will provide your personal data to a purchaser or successor entity and request the successor to handle your personal data in line with this Privacy Policy.

5. HOW DO WE PROTECT YOUR DATA?

5.1 Security measures. We implement technical and organisational information security measures that protect your personal data from loss, misuse, unauthorised access and disclosure. The security measures taken by us include secured networks, encryption, strong passwords, limited access to your personal data by our staff, and anonymisation of personal data (when possible).

5.2 Security breaches. Although we put our best efforts to protect the personal data that we process, given the nature of communication and information processing technology and the Internet, we cannot be liable for any unlawful destruction, loss, use, copying, modification, leakage, and falsification of your personal data caused by circumstances that are beyond our reasonable control. In case a serious breach occurs, we will take reasonable measures to mitigate the breach, as required by the applicable law. Our liability for any security breach will be limited to the highest extent permitted by the applicable law.

6. HOW CAN YOU MANAGE YOUR PERSONAL DATA?

6.1 The list of your rights. You have the right to control how we process your personal data. Subject to any exemptions provided by law, you have the following rights:

Right of access: you can get a copy of your personal data that we store in our systems and a list of purposes for which your personal data is processed;

Right to rectification: you can rectify inaccurate personal data that we hold about you;

Right to erasure (‘right to be forgotten’): you can ask us to erase your personal data from our systems;

Right to restriction: you can ask us to restrict the processing of your personal data;

Right to data portability: you can ask us to provide you with a copy of your personal data in a structured, commonly used and machine-readable format and move that personal data to another processor;

Right to object: you can ask us to stop processing your personal data;

Right to withdraw consent: you have the right to withdraw your consent, if you have provided one; or

Right to complaint: you can submit your complaint regarding our processing of your personal data.

6.1 The list of your rights. 6.2 How to exercise your rights? If you would like to exercise any of your legitimate rights, please contact us by email at legal@sceyt.com and explain in detail your request. In order to verify the legitimacy of your request, we may ask you to provide us with an identifying piece of information, so that we can identify you in our system. We will answer your request within a reasonable time frame but no later than 30 days.

6.1 The list of your rights. 6.3 Complaints. If you would like to launch a complaint about the way in which we handle your personal data, we kindly ask you to contact us first and express your concerns. After you contact us, we will investigate your complaint and provide you with our response as soon as possible (no later than 2 weeks). If you are not satisfied with the outcome of your complaint, you have the right to lodge a complaint with your local data protection authority.

6.1 The list of your rights. 6.4 Requests regarding the End-Users’ Data. When we act in the capacity of a data processor with regard to the End-User’s Data, we do not accommodate requests related to the access, rectification, deletion, or other rights with regard to the End-User’s Data. The persons that would like to exercise their rights with regard to the personal data processed through the chats created by using SCEYT or submitted through SCEYT by our clients should contact the respective data controller (for example, in case there is a use of a chat solution - the chat provider) with regard to that personal data. In case we receive a request related to the service data directly from a data subject, we do not take action and inform the respective data controller without undue delay.

7. CONTACT

If you have any questions about this Privacy Policy or our data protection practices, please contact us by using the following contact details:

Email: legal@sceyt.com

Postal address: Sceyt LLC, Gai ave 26, 34, Yerevan, Armenia