GDPR Compliance
Your privacy rights under the General Data Protection Regulation
1 Introduction
The General Data Protection Regulation (GDPR) is a comprehensive data protection law that applies to organizations processing personal data of individuals in the European Union (EU) and European Economic Area (EEA).
At Assistica AI, we are committed to protecting your privacy and ensuring that your personal data is handled in accordance with the GDPR and other applicable data protection laws.
2 Your Rights Under GDPR
As a data subject, you have the following rights:
Right to Access
You can request a copy of all personal data we hold about you.
Right to Rectification
You can request correction of inaccurate or incomplete personal data.
Right to Erasure
You can request deletion of your personal data ("right to be forgotten").
Right to Restriction
You can request limitation of processing of your personal data.
Right to Portability
You can receive your data in a structured, machine-readable format.
Right to Object
You can object to processing based on legitimate interests or direct marketing.
3 Data We Collect
We collect and process the following categories of personal data:
- Identity Data: Name, username, email address
- Contact Data: Email address, phone number
- Technical Data: IP address, browser type, device information
- Usage Data: Information about how you use our website and services
- Communication Data: Chat messages and support conversations
4 Legal Basis for Processing
We process your personal data based on the following legal grounds:
- Consent: Where you have given explicit consent for specific purposes
- Contract: Where processing is necessary to fulfill our contract with you
- Legal Obligation: Where we must comply with legal requirements
- Legitimate Interests: Where processing is necessary for our legitimate business interests, provided your rights don't override these interests
5 Data Retention
We retain your personal data only for as long as necessary to fulfill the purposes for which it was collected, including:
- Active account data: Retained while your account is active
- Conversation history: Retained for 2 years after last activity
- Analytics data: Retained for 1 year
- Legal/compliance records: Retained as required by law
Upon account deletion, we will delete or anonymize your personal data within 30 days, unless retention is required for legal purposes.
6 International Transfers
Your personal data may be transferred to and processed in countries outside the EU/EEA. When we transfer data internationally, we ensure appropriate safeguards are in place:
- Standard Contractual Clauses approved by the European Commission
- Data processing agreements with all third-party processors
- Technical and organizational security measures
7 Data Security
We implement appropriate technical and organizational measures to protect your personal data, including:
- Encryption of data in transit and at rest
- Access controls and authentication mechanisms
- Regular security assessments and audits
- Employee training on data protection
- Incident response procedures
8 Exercising Your Rights
To exercise any of your GDPR rights, you can:
- Email us at: privacy@chatapp.com
- Use the data export feature in your account settings
- Submit a request through our contact form
We will respond to your request within 30 days. If we need more time, we will inform you of the reason and extension period.
9 Data Protection Officer
For any questions or concerns about our data protection practices, you can contact us at:
- Email: dpo@chatapp.com
10 Supervisory Authority
If you believe we have not adequately addressed your concerns, you have the right to lodge a complaint with your local data protection supervisory authority.