Privacy Policy

Chat70 Messenger Bot Solutions | Effective Date: January 1, 2025

Welcome to Chat70. We are committed to protecting the privacy and security of the data we process on behalf of our clients through our Messenger Chatbot services. As a company based in Milan, Italy, we adhere strictly to the General Data Protection Regulation (GDPR) and other applicable European laws.

1. Information Collection and Processing

We act primarily as a **Data Processor** for the data collected by the Messenger bots we deploy for our clients. The types of data collected are typically:

  • Messenger User ID (PSID): A unique, platform-specific ID used to identify the user for conversation continuity.
  • Public Profile Information: User's name, profile picture URL, and locale/timezone, provided by the Messenger platform upon first interaction.
  • Conversation History: All messages, attachments, and buttons clicked during interaction with the bot.
  • Transactional Data: Records of purchases, bookings, or data submissions made via the bot.

2. Purpose of Data Use

The data we collect is solely used to provide, maintain, and improve the Chatbot service for our clients, including:

  • Facilitating continuous, context-aware conversations.
  • Fulfilling customer requests, orders, and inquiries.
  • Training and optimizing the Chatbot's natural language understanding (NLU) models.
  • Generating aggregated, anonymized reports on bot performance and user intent for the client.

3. Data Sharing and Transfers

We do not sell, rent, or trade personal data. We only share data with:

  • Our Client (The Data Controller): The data collected belongs to our client, and it is shared with them for their business purposes.
  • Sub-Processors: Third-party services (e.g., EU-based cloud hosting providers) necessary for the operation of the service, all of whom are contractually bound to GDPR compliance.
  • Legal Obligation: When legally required by European or Italian authorities.

4. Data Security and GDPR Compliance

Security is paramount. We implement technical and organizational measures to ensure data protection:

  • Data encryption (at rest and in transit via TLS/SSL).
  • Strict access controls and pseudonymization where possible.
  • Regular security audits and updates to ensure compliance with the latest GDPR standards.

5. Data Subject Rights (GDPR)

Under GDPR, users interacting with the bot (Data Subjects) have rights regarding their personal data, including the right to access, rectification, erasure ('right to be forgotten'), and restriction of processing. To exercise these rights, the user should direct their request to **our client**, the Data Controller.

We will fully cooperate with our clients to facilitate the exercise of these rights.

6. Contact Information

For any questions or concerns regarding this Privacy Policy or our data handling practices, please contact us:

Chat70 (Data Processor)

Address: Via Montenapoleone, 20121 Milano MI, Italia

Email: privacy@chat70.it