Last modified: June 5, 2023

1. Introduction

At Quickchat, we are committed to safeguarding the privacy and personal data of our customers and users of the Quickchat application. We recognize the importance of complying with the General Data Protection Regulation (GDPR) and take appropriate measures to ensure the security and confidentiality of the data we collect, process, store, and transmit.

2. Data Collection and Processing

1. Quickchat obtains information and data for providing services to their clients either directly from the client or from the users of the Quickchat application.
2. Data is obtained on a daily basis, ensuring the smooth functioning of our services.

3. Data Processing Procedures

1. We perform various processes against the data, including collection, recording, organization, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure, or destruction.

4. Data Retention and Deletion:

1. The data retention period extends no longer than until the withdrawal of consent or the expiry of the limitation period for claims arising from contractual agreements.
2. We have procedures in place to ensure the secure deletion of information in accordance with GDPR requirements.

5. Data Storage and Security

1. The specific location of data storage is not provided in this statement. Enterprise clients can select a geographic location of a dedicated server as part of the services provided by Quickchat.
2. We implement appropriate network perimeter IT security protection measures, such as firewalls, intrusion prevention systems (IPS), email/web filtering, DMZ, VLANs, and electronic backups, to safeguard against unauthorized access or use of our applications hosted on our cloud servers provided by DigitalOcean (read more: https://www.digitalocean.com/security).
3. We maintain internal IT systems security protection measures, including antivirus software and restricted access to personal data for authorized personnel only.

6. Vendor Compliance and Policies

1. Our vendor's business procedures relating to the services offered are compliant with GDPR.
2. The vendor has not performed a Data Privacy compliance assessment or audit, but they adhere to GDPR regulations.
3. The vendor maintains a written and formal organization-wide Data Privacy Policy.
4. The vendor also has a written and formal organization-wide Information Security Policy.
5. We conclude data processing agreement on the conditions compliant with the requirements of GDPR regulations with our vendors.

7. Data Subject Rights and Data Breach Management

1. We have established procedures for handling data subject rights requests in accordance with GDPR provisions.
2. Our procedures include notifying the Data Controller in case requests involve data subject information that is part of the proposed services.
3. We have specific written procedures to handle data breach or information security incidents, ensuring identification, investigation, mitigation, and reporting to the Data Controller within a 24-hour timeframe. There were no incidents reported in the last 12 months.

8. Data Transfer and Privacy Measures

1. Data transfer with customers, service providers, and third parties occurs via email or and via a dedicated API connection.
2. We regulate the aspects of transfer of personal data through electronic transfer, data transport, and control mechanisms.

9. Data Protection Management and Compliance

1. We implement a data protection management process that includes regular testing, assessment, and evaluation of data security measures.
2. Responsibilities for data protection and information security are defined within the organization, and the management level is regularly informed about the status of data protection and possible risks.
3. We ensure data protection by design and default by implementing privacy-friendly pre-settings and processing only necessary personal data.
4. We have order or contract control measures in place to ensure that sub-processors (sub-contractors) process data in accordance with the controller's instructions.

Quickchat's commitment to GDPR compliance and protecting personal data is of utmost importance. We regularly review and update our practices to align with changes in legislation, industry best practices, and our commitment to data protection and privacy.

‍