ChatGo Terms of Service, Privacy Policy and Data Processing Agreement

Last amended May 19, 2024.

These Terms of Service, alongside our Privacy Policy, govern your use of the ChatGo website and services. In some cases, you may use third party services, which have additional terms. Please review these Terms of Service and Privacy Policy, as your consent is the only way to receive our services.

In brief, human-readable language, our services governed under these terms are the customer management services and the registration to our services.

Our liability for the services is limited, and our services are provided on an AS-IS basis. We cannot ensure that the results from the services shall be optimal or warrant that they would be satisfactory. We do not warrant for response times and provide responses to support services via email on a timely basis.

Registration, Accepting These Terms.

When enrolling into the service, you represent and warrant that you are over 18 years of age, or if you are a corporation, you obtained all required permits from the authorized signatory.

Signup. You may sign up using your email address. We may also use your email address for sending newsletters and updates, as we explain in the privacy policy. We may send you an email to verify your ownership of the account.

Accepting These Terms. You are required to accept and provide your consent to these terms before using the services, before submitting your personal data and when making any use of our website or app. 

Without your acceptance of these terms we may not be able to provide you with the services governed under these terms.

Prohibited Users and Sales

We do not allow people who are sanctioned by The Office of Foreign Assets Control of the United States as well as nationals of proscribed states to register and use our services. We also do not allow members of terror organizations and unlawful militias to register and use our services.

Moreover, if you are engaged in any sale of illegal material, including but not limited to, child pornography, drugs and prescription medication, weapons and firearms, hacked or stolen content, intellectual property infringing materials, materials meant to assist in market manipulation or the sale of content which is meant to promote any of this, we prohibit you from registering or using our services.

If you are engaged in obtaining donations, we may allow you to use our services only if you qualify for donations under law. You cannot use our services to collect illegal donations or to bypass campaign finance laws.

Non-Business Registrant

Our paid-tier of services is limited to business and persons engaged in business. Therefore, the applicable consumer protection laws shall not apply on our relationship if you are using the paid-tier of our services. The use by individuals for personal, domestic or familial use of the services is prohibited.

Third Party Credentials and Tokens

Registration and use of the service is dependent on you having the applicable certificates with the services we connect to, i.e Facebook, WhatsApp or other chat services. Should your relationship with the applicable service be revoked, we will not be able to provide you with the services. Moreover, in the event that such third parties amend or alter the way they provide the services, we may terminate the service if such amendment prevents us from providing you the services.

API Usage and Keys

While we exercise best efforts to safeguard your tokens and keys to use via the third party API, we cannot ensure that they will not be leaked, or that we will not suffer a data breach or hack. You are aware that in such an event, you are solely responsible to notify the third parties of the compromised token or key and to replace it, and that we will not be responsible for any payment made or damage you suffered due to such an event.

Payment

We may charge fees for our services, as we may state from time to time in our website and may amend these fees at any time. These may include a subscription, premium services, addons or transactional costs. 

Payment shall either be made in advance, by prepayment of the applicable package, or billed on a recurring service.

Refunds

We offer refunds according to law. Nothing in this section may limit your legal right for a refund.

Our policy is that we offer refunds only as long as the service was not used. “Not used” means that you did not enter your API key in your plugin or did not finish setting up your account.

We do not provide refunds for services which were already provided in part, or which were unused after initialization.

However, we may refuse to provide a refund, or provide a refund even outside the scope of our guidelines in case we believe such action is in place. Refunds may be provided by future credit or via cash refunds using PayPal or other payment services.

Third Party Payments

The payment issued to us is not in lieu of the payment to the third party applications. Meaning, that if you are using WhatsApp to communicate, it is your sole responsibility to pay WhatsApp for your use of the services and the fees and payments made to us do not replace it.

Services

We provide content management services and chat services through our web interface and app. 

These services include the ability to contact your customers, engage with them or otherwise manage your business. These services may include the following services, however, we may deprecate any service at any time or amend their functionality. 

Chat Management

We may allow you to manage chats and to contact your customers or other persons via API to a third party messaging platform such as WhatsApp.

Import Chats

We may allow you to import existing chats from WhatsApp or other messaging software. In such an event, the chat is imported but may not be serviceable, meaning you are not able to contact that contact via the imported chat.

Newsletter

We may allow you to send newsletters via our service to your contacts and to manage such newsletters according to pre-approved templates.

Public Messages

We may allow you to make some of your messages public using an open link. In that event the contents of the message or chat would be visible to any person with the link, including search engines.

Reports

We may generate reports to allow you to better understand your interactions with customers.

Automation for Messages

We may provide you with automation services such as automated responses or chat bots.

Third Party Integration Addons

We may allow third party addons to allow webhooks and other API services, such as the integration of third party chat bots or other automation services.

Employee Integration

We may allow you to create sub-accounts for your employees or agents. Each of these persons should accept our terms of service separately.

Integrate MesserGo Bot

We may allow you to integrate the MesserGo bot, if you have a MesserGo account.

Blacklist Management

We may allow you to have a tier-based blocking system where you can select whether to block a certain contact from newsletters, from everything or from specific activities.

Client Privacy

It is your sole responsibility to ensure that you have a valid privacy policy that identifies us as a processor and that makes the person on the other end of the chat aware that their data is being processed by us for the provision of services to you. Our documentation, including these terms, does not replace such documents.

Acceptable Use Policy

This is a non-exhaustive list of things we consider as unacceptable, and we may also find that other actions are, as well. Any unacceptable use would trigger immediate blocking of your account and termination in the case such unacceptable use is not fixed within due time.

• Don’t allow others to use your account or license, by means of sale, license, lease assign, transfer, pledge, or any other activity that may be considered as sharing or conveying ownership in your account.
• Don’t copy or scrape our website or service, and don’t replicate its functionality. Meaning, don’t imitate our API calls to servers, don’t use an Iframe to reproduce our Services, don’t use a subdomain to redirect to our website. 
• Don’t use our website or Services to conduct any illegal activity, or transmit any transmit or upload any viruses, spyware or other harmful, infringing, illegal, disruptive or destructive content or files.
• Don’t scrape our website without our permission, don’t use automated tools to submit queries or posts, and don’t mine personal information from our website.
• Don’t make extensive API or web calls in a manner that interrupts our hosting or web-server.
• Don’t reverse engineer or decompile our services, or perform any activity that might reveal sensitive information.
• Don’t try to guess usernames or passwords, or otherwise circumvent or attempt to penetrate or circumvent any technical restrictions or limitations in the Services or website.
• Don’t resell our Services; meaning don’t offer others access to your access through replicating its functionalities.
• Don’t remove our legal notices or names from the Services.
• Do not use stolen or hacked credentials in our accounts.

Moreover, do not do any of the following in chats with your customers:

• Do not ask for credit card numbers or other payment information, as they are stored in plain text.
• Do not ask for any personally identifiable information without the other party’s consent.
• Do not use the service to send spam to others, where spam is interpreted in the broadest definition possible, including unsolicited or unwanted messages or any content meant to disturb a person.

Support & SLA

We shall make efforts to keep the service available at all times. However, downtimes and disruptions may occur all the time. Our obligation is only to attempt to fix errors and flaws in the service after they were reported, and according to this Service Level obligation (the “SLA”).

The SLA does not cover any flaw caused due to hacking of your services, injected code or other action that caused your services to be unavailable.

Critical Flaw. 

A Critical Flaw shall be defined as a flaw adhering one or more of the following conditions: (i) it results in a total failure of the website or systems; (ii) it creates a situation that does not allow enabling at least one substantial feature of services; or (iii) it may cause substantial financial damage. 

Response to a Critical Flaw shall commence within 8 hours of reporting about it, and we shall make best efforts that within 12 hours the Platform shall be restored to its operational state and fixed within 24 hours.

Major Flaw

A Major Flaw shall be defined as a flaw adhering one of more of the following conditions: (i) it impairs systems the service interacts with severely or their material functionality; (ii) it creates a substantial flaw in the ability to provide the your services; or  (iii) it causes a system restart that impairs the services or the operation of certain features of the system, more than once a day.

Response to a Major Flaw shall commence within 12 hours of reporting it, and we shall take best effort that within 48 hours the service shall return to its operational state and be fixed within 6 days.

Minor Flaw

A Minor Flaw shall be deemed as any other flaw. 

Response to a Minor Flaw shall commence within 4 business days of reporting it, and we shall take best efforts that within 12 business days the Platform shall be fixed.

Exclusions

The SLA specifically exclude the following services, which shall be separately billed if requested: (i) instruction of any kind relating to the use of the services; (ii) general consulting and assistance in the operation of the services which do not relate to a flaw; (iii) phone support; (iv) fixing bugs that were created due to misuse of the services; (v) fixing flaws resulting from attaching third party components to the software or the environment it was installed on; (vi) fixing flaws resulting from external elements such as power outages, hardware malfunction, weather conditions, Force majeure; (vii) backing up your data.

Support

Our support services are dependent on the support package you purchased. We provide support during regular business days and hours (Sunday to Thursday, 08:00-18:00) via our ticketing service, and excluding Jewish Holidays.

Our support is based on the severity factor of your error, based on our specifications in the purchase order you executed with us, and according to the response and resolution times defined in such specifications.

Export Data

We may allow you to obtain a data export in a human or machine readable format. However, we cannot undertake that such export shall be machine readable by any other service.

Hosting, Storage and Traffic Caps

We provide limited hosting and storage for the content you uploaded to the services, and may provide caps on these according to our sole discretion. We may remove content or block access if we believe that your use of our services is abusive and may block or stop excessive use of our services.

Backups

We schedule regular backups of our services on our server. However, we cannot ensure that you may recover from such backups or that such recovery shall include all your data.

Warranty

We supply the services on an “as-is” and “as-available” basis. Your use of the services is at your own risk and under your liability. We make no warranty that (i) the services will meet your requirements and (ii) the services will be uninterrupted, timely, secure, or error-free and (iii) the results that may be obtained from the use of the services will be accurate or reliable and (iv) the quality of any products, services, information, or other material purchased or obtained through the service will meet your expectations, or (v) any errors in the service will be corrected.

Liability

For no case and for no reason shall we be held liable for any damage, direct or indirect, consequential, exemplary, physical or special, to you, any other user or any third party due to its misperformance of duties herein. We provide Service on an AS-IS basis and shall not be held liable, to the extent permitted by law, by any case of misconduct, negligence, gross negligence, malice or any other mean, to any damages or loss of property, including loss of your funds, damages to property, reputation and business reputation, user account information including login information, loss of profit, loss of good name, all resulting from the use or inability to use services. 

Indemnity

You hereby warrant and agree to hold us harmless and to indemnify us for any damage, loss, expense, legal expense or cost incurred as a result of your use of the services in direct violation of these terms of service, including any false representation. 

Terminating The Service

We shall have the right to terminate your use of the service or to terminate the service at any time and by providing a one day prior notice.

Moreover we may terminate your use of the service at any time and without prior written notice in any case where you breached these terms and such breach may cause us irreparable harm. 

We may suspend the services or any of its functionality, or disable features, if we believe that some fraud or error occurred. 

Availability

We might disable the service from time to time for scheduled backups, maintenance or upgrades. In some extreme cases, where urgent maintenance is required, we may disable the service immediately and without notice.

Amending These Terms

We may amend these terms from time to time, provided that you shall be informed through electronic communication on such an amendment and shall be granted the option to terminate your agreements with us by providing a prior written notice.

Governing Laws, Jurisdiction, No Class Action

The laws of the state of Israel shall exclusively govern these terms of service. The parties agree to the exclusive jurisdiction of the courts of Tel-Aviv.

You undertake to initiate only suits on your behalf and not to file any class action lawsuit against us.

ChatGo Privacy Policy

Last amended May 19, 2024

Who Are We?

MeserGO Ltd. is the legal entity operating the service. It is located at 49 Hairus St., Hadid, Israel

Your Acknowledgment of this Policy

You are not legally required to provide us with any personal data. This means that if you provide us with data, you are doing so out of your own volition and consent; we cannot force you to provide any personal data, but without your personal data we cannot provide you with the services.

You have the right to withdraw from this consent at any time, and in such a case request that we either cease processing your personal data, or that we delete whatever personal data is no longer required to retain under law. Such removal of data may also prevent you from receiving updates and support.

Which Personal Data Do We Collect About You?

We collect your personal contact data (name, email, phone number, tokens) as well as your payment information and use of our services. We also store your contact list.

Which Permissions Does Our App Need?

Our app needs access to your contact persons, your audio and microphone, camera, files and text messages.

What types of data do we collect?

Non-Personally Identifiable Data. The first type is non-personally-identifiable data and statistical information. Non-personally identifiable data that is being gathered consists of technical information and behavioral information that does not pertain to a specific individual (“Non-Personal Data”). 

This includes your device type, browser type and version, IP data, screen size and resolution, language and other technical data. While it is not specifically personally identifiable, it may be reverse-engineered to be identifiable and therefore is considered personal data.

Usage Data. Usage data may include your interactions performed in the service and your activities on the services and additional information of a similar nature, such as the pages you viewed and the content you submitted or reviewed using the service. 

Personally Identifiable Data. The other type of data we collect is individually identifiable data. To put it simply, this data identifies an individual or is of a private and/or sensitive nature, such as your contact information, including: (i) Personal Data that is provided by you voluntarily, such as your username, email address, profile picture, social accounts and other data you filled when signing up or using our services; and (ii) Personal Data we learn from your use of the services; including your IP address, payment type and similar information.

How Do We Collect Personal Data?

Personal data is collected from your use of the services and by your contact with us. We collect data through the forms and submissions made through the services and through interactions with our app.

What Are The Purposes of the Collection and Processing of Data?

The purposes of collecting and processing the data are to provide you with the services, which means we use your data to provide you with the services and provide you with support.

Moreover, we may use the personal data to improve the services. This means that we use aggregated understandings of how our users interact with our services to obtain insights that lead to the improvement of future versions, bug reports, and feature requests. We may create look-alike audiences and share our customer lists with advertising services that may provide us with such services, all under confidentiality obligations..

We may also use your email address and phone number to send you information relating to our services and promotional material.

How Can We Contact You?

If you registered to our newsletter, or if signed up to our services, we may contact you with periodic updates and promotional emails relating to the service and the products or services we offer. 

You may opt out of these at any time, but not from transactional emails, such as updates on payments.

Moreover, if you showed interest in one of our products or services, we may contact you in relation to such product or service.

Your Personal Data Rights

Right of Access and Rectification

You have the right to know what personal data we collect about you and to ensure that such data is accurate and relevant for the purposes for which we collected it. You can receive a copy of your personal data, and to rectify such personal data if it is not accurate, complete, or updated. However, we may first ask you to provide us with certain credentials to permit us to identify you before rectifying, deleting, or reviewing.

Right to Delete Personal Data or Restrict Processing

Right to Withdraw Consent

You have the right to withdraw your consent to the processing of your personal data. Exercising this right will not affect the lawfulness of processing your personal data based on your consent before its withdrawal. Please note that in most cases, withdrawal of your consent would most likely cause us to delete your personal data rather than cease processing. 

You have the right to delete your personal data or restrict its processing by ourselves and third parties. We may postpone or deny your request if your personal data is in current use for the purposes for which it was collected or for other legitimate purposes such as compliance with legal obligations.

Right of Data Portability

Where technically feasible, you have the right to ask to transfer your personal data in accordance with your right to data portability. In order to apply for this, please contact us at [email protected]

The Right to Lodge a Complaint

You also have the right to lodge a complaint with a data protection supervisory authority regarding the processing of your personal data.

Your California Privacy Rights and Do Not Track Notices

We do not convey your personal data to third parties for direct marketing purposes. 

However, if we did, then the California Civil Code Section 1798.83 permits our customers who are California residents to request certain information regarding its disclosure of personal data to third parties for their direct marketing purposes.

To make such a request, please send an email to [email protected], and we will let you know that none of your personal data was shared. We are only required to respond to one request per customer each calendar year.

Your Brazilian LGPD Rights

Notwithstanding anything in this privacy policy, you may exercise your LGPD rights, including your rights for (i) confirmation of the existence of the processing; (ii) access to the data; (iii) correction of incomplete, inaccurate or out-of-date data; (iv) anonymization, blocking or deletion of unnecessary or excessive data or data processed in noncompliance with the provisions of the LGPD; (v) portability of the data to another service or product provider, by means of an express request and subject to commercial and industrial secrecy, pursuant to the regulation of the controlling agency; (vi) deletion of personal data processed with your consent, except in the situations provided in Art. 16 of this the LGPD; (vii) information about public and private entities with which the controller has shared data; (viii) information about the possibility of denying consent and the consequences of such denial; (ix) revocation of consent as provided in §5 of Art. 8 of the LGPD.

We respond to “Do Not Track” signals

If you do not wish your browser to allow us to use trackers, please use your browser’s “Do Not Track” option.

Exercising Your Rights

We acknowledge you have the right to access and change the Personal Data we collect and process. If you wish to access or to correct, amend, or delete Personal Data, please send us an email to [email protected]. We will respond within a reasonable timeframe, but in any event, no later than permitted by applicable law. 

Additionally, please note that in order to ensure you have as much control over your Personal Data and other information as possible, you may modify certain parts of your information by yourself in the service.

Sharing Personal Data with Third Parties

We respect your privacy and will not disclose, share, rent, or sell your Personal Data to any third party.

The sharing of your Personal Data is made upon your specific, explicit, request. This includes sending personal data if you are a user which performs a purchase with our merchants, or sending merchant data to payment providers.

Moreover, in order to operate the service, we need to share your personal data with third parties, which are our hosting companies, payment providers, license gateways and support staff.

Our subprocessors are:

• Facebook, Meta, WhatsApp, for the provision of the messaging services.
• Star Communications, for hosting.
• PayPlus, Isracard and PayPal for Payments.
• Shamir for SMS authentication.

• How Long do we keep information
• Cookies
• Deleting information
• Client and customer requests
• Government Requests

Location of Your Data

The personal data collected from you, as detailed in this Privacy Policy, may be transferred to, and stored at, servers that may be located in countries outside of your jurisdiction and in a country that is not considered to offer an adequate level of protection under your local laws. 

It may also be processed by us and our suppliers, service providers or partners’ staff operating outside your country.

We are committed to protecting your Personal Data and will take appropriate steps to ensure that your Personal Data is processed and stored securely and in accordance with applicable privacy laws, as detailed in this Privacy Policy. Such steps include putting in place data transfer agreements or ensuring our third-party service providers comply with our data transfer protection measures.

We will ensure the confidentiality, integrity and availability of your Personal Data by Transferring your personal data only to (i) countries approved by the European Commission as having adequate data protection laws; (ii) entities that executed standard contracts that have been approved by the European Commission and which provide an adequate level of high-quality protection, with the recipients of your Personal Data; and (iii) Transferring your Personal Data to organizations that are Privacy Shield Scheme certified, as approved by the European Commission.

By submitting your personal data through the service, you acknowledge, and agree, in a jurisdiction where such consent is required, to such transfer, storing and/or processing of personal data.

Cookies

We use both first party and third party cookies. A cookie is a small file placed on your computer meant to authenticate or verify your session with us. However, a cookie may have some identifying features. You may opt out from cookies by clicking the “opt out” button there.

Minors / Children

The service is intended for users over the age of eighteen, or children over sixteen who obtained parental consent. 

Therefore, we do not intend and do not knowingly collect Personal Data from children under the age of sixteen (16) and do not wish to do so. If you wish for us to provision services relating to children, please contact us directly and we may create a separate service for you in relation to that. Such service may incur additional charges.

We reserve the right to request proof of age at any stage so that we can verify that minors under the age of sixteen (16) are not using the service. 

If we learn that we collected Personal Data from minors under the age of thirteen (13) we will delete that data as quickly as possible. 

If you have reasons to suspect that we collected Personal Data from minors under the age of sixteen (16), please notify us at [email protected], and we will delete that personal data as quickly as possible.

Security

We take appropriate measures to maintain the security and integrity of our service and prevent unauthorized access to it or use thereof through generally accepted industry standard technologies and internal procedures.

Please note, however, that there are inherent risks in transmission of information over the Internet or other methods of electronic storage, and we cannot guarantee that unauthorized access or use will never occur.

We will comply with applicable law in the event of any breach of the security, confidentiality, or integrity of your Personal Data and will inform you of such breach if required by applicable law.

To the extent that we implement the required security measures under applicable law, we shall not be responsible or liable for unauthorized access, hacking, or other security intrusions or failure to store or the theft, deletion, corruption, destruction, damage, or loss of any data or information included in the personal data.

Data Retention

We will retain the Personal Data for as long as we believe that it is accurate and can be relied upon. Personal Data that is no longer required for the purpose for which it was initially collected will be deleted unless we have a valid justification to retain it that is permitted under applicable law, such as to resolve disputes or comply with our legal obligations.

Data Breach Notification

We comply with local authorities in data breach notifications. In any case where a severe data breach occurred, we will also notify data subjects after such breach, and cooperate with the legal authorities to reduce the exposure of personal data.

Complaints and Arbitration

If you feel or believe that your personal data rights were harmed in any way, you may contact our data protection officer at [email protected] and lodge a complaint. Such complaints shall include how and why you believe your personal data rights were harmed, and the required evidence. Our data protection officer will respond to most complaints within 14 days and shall offer the required remedies.

We will resolve all complaints according to applicable regulations. We also agree to resolve all complaints and deal with disputes with the local data protection authorities.

This section does not limit your right to lodge a complaint with your respective data protection authority.

Merger, Transfer of Ownership

We may, in the future, merge, sell our operation or transfer the operation of the service to a third party. In such an event, the data would be used in accordance with the then relevant privacy policy, where no change shall have retroactive effect. 

Updates to the Privacy Policy

We reserve the right to amend this Privacy Policy at any time; we will provide you with updates on any change, and such updates shall not have a retroactive effect

Data Processing Agreement

ChatGo takes the security of your data very seriously. As part of our effort, we process personal data in accordance with the General Data Protection Regulation (“GDPR”), the EU/US Privacy Shield principles (“Privacy Shield”), the laws of the US governing the handling of various types of personal data, and industry standards.

This Data Processing Agreement (“Agreement“) forms part of the Contract for Services (“Principal Agreement“) between Messer Go Ltd (the “Processor”) and yourself, the entity listed in the registration form for the Data Processor’s services (“You”) (together as the “Parties”)

WHEREAS You act as a Data Controller; and

WHEREAS You wish to subcontract certain Services, which imply the processing of personal data, to the Data Processor; and 

WHEREAS The Parties seek to implement a data processing agreement that complies with the requirements of the current legal framework in relation to data processing and with the Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation); and

WHEREAS The Parties wish to lay down their rights and obligations.

IT IS AGREED AS FOLLOWS:

1. 1. Definitions and Interpretation. Unless otherwise defined herein, capitalized terms and expressions used in this Agreement shall have the following meaning:
      1. “Agreement” means this Data Processing Agreement and all Schedules;
      2. “Personal Data” means any Personal Data Processed by a Contracted Processor on behalf of yourself pursuant to or in connection with the Principal Agreement;
      3. “Contracted Processor” means a Subprocessor;
      4. “Data Protection Laws” means EU Data Protection Laws and, to the extent applicable, the data protection or privacy laws of any other country;
      5. “EEA” means the European Economic Area;
      6. “EU Data Protection Laws” means EU Directive 95/46/EC, as transposed into domestic legislation of each Member State and as amended, replaced or superseded from time to time, including by the GDPR and laws implementing or supplementing the GDPR;
      7. “GDPR” means EU General Data Protection Regulation 2016/679;
      8. “Data Transfer” means:
         1. a transfer of Personal Data from yourself to a Contracted Processor; or
         2. an onward transfer of Personal Data from a Contracted Processor to a Subcontracted Processor, or between two establishments of a Contracted Processor, in each case, where such transfer would be prohibited by Data Protection Laws (or by the terms of data transfer agreements put in place to address the data transfer restrictions of Data Protection Laws);
      9.  “Services” means the online store services you provide.
      10. “Subprocessor” means any person appointed by or on behalf of Processor to process Personal Data on behalf of yourself in connection with the Agreement.
      11. The terms, “Commission”, “Controller”, “Data Subject”, “Member State”, “Personal Data”, “Personal Data Breach”, “Processing” and “Supervisory Authority” shall have the same meaning as in the GDPR, and their cognate terms shall be construed accordingly.

• Processing of Personal Data.

1. 1. 1. Processor shall:
         1. comply with all applicable Data Protection Laws in the Processing of Personal Data; and
         2. not Process Personal Data other than on the relevant your documented instructions.
      2. You instruct the Processor to process Personal Data.

• Processor Personnel

1. 1. 1. Processor shall take reasonable steps to ensure the reliability of any employee, agent or contractor of any Contracted Processor who may have access to Personal Data, ensuring in each case that access is strictly limited to those individuals who need to know / access the relevant Personal Data, as strictly necessary for the purposes of the Principal Agreement, and to comply with Applicable Laws in the context of that individual’s duties to the Contracted Processor, ensuring that all such individuals are subject to confidentiality undertakings or professional or statutory obligations of confidentiality.

•  Security

• Taking into account the state of the art, the costs of implementation and the nature, scope, context and purposes of Processing as well as the risk of varying likelihood and severity for the rights and freedoms of natural persons, Processor shall in relation to Personal Data implement appropriate technical and organizational measures to ensure a level of security appropriate to that risk, including, as appropriate, the measures referred to in Article 32(1) of the GDPR.

1. 1. 1. In assessing the appropriate level of security, Processor shall take account in particular of the risks that are presented by Processing, in particular from a Personal Data Breach.

• Subprocessing

• Processor shall not appoint (or disclose any Personal Data to) any Subprocessor unless required or authorized by yourself.

• Data Subject Rights

• Taking into account the nature of the Processing, Processor shall assist youby implementing appropriate technical and organisational measures, insofar as this is possible, for the fulfilment of your obligations, as reasonably understood by you to respond to requests to exercise Data Subject rights under the Data Protection Laws.

1. 1. 1. Processor shall:
         1. promptly notify you if it receives a request from a Data Subject under any Data Protection Law in respect of Personal Data; and
         2. ensure that it does not respond to that request except on the documented your instructions or as required by Applicable Laws to which the Processor is subject, in which case Processor shall to the extent permitted by Applicable Laws inform you of that legal requirement before the Contracted Processor responds to the request.

• Personal Data Breach

1. 1. 1.  Processor shall notify you without undue delay upon Processor becoming aware of a Personal Data Breach affecting Personal Data, providing you with sufficient information to allow you to meet any obligations to report or inform Data Subjects of the Personal Data Breach under the Data Protection Laws.
      2. Processor shall co-operate with you and take reasonable commercial steps as are directed by yourself to assist in the investigation, mitigation and remediation of each such Personal Data Breach.
   2. Data Protection Impact Assessment and Prior Consultation.
      1. Processor shall provide you reasonable assistance in relation to any data protection impact assessments, and prior consultations with Supervising Authorities or other competent data privacy authorities, which you reasonably consider to be required by article 35 or 36 of the GDPR or equivalent provisions of any other Data Protection Law, in each case solely in relation to Processing of Personal Data by, and taking into account the nature of the Processing and information available to, the Contracted Processors.

• Deletion or return of Personal Data

1. 1. 1. Subject to this section 9 Processor shall promptly and in any event within 10 business days of the date of cessation of any Services involving the Processing of Personal Data (the “Cessation Date”), delete and procure the deletion of all copies of those Personal Data.

• Audit rights

1. 1. 1.  Subject to this section 10, Processor shall make available to you on request all information necessary to demonstrate compliance with this Agreement, and shall allow for and contribute to audits, including inspections, by yourself or an auditor mandated by you in relation to the Processing of Personal Data by the Contracted Processors.
      2. Your information and audit rights only arise under section 10.1 to the extent that the Agreement does not otherwise give them information and audit rights meeting the relevant requirements of Data Protection Law.

• Data Transfer

1. 1. 1. The Processor may not transfer or authorize the transfer of Data to countries outside the EU and/or the European Economic Area (EEA) without your prior written consent. If personal data processed under this Agreement is transferred from a country within the European Economic Area to a country outside the European Economic Area, the Parties shall ensure that the personal data are adequately protected. To achieve this, the Parties shall, unless agreed otherwise, rely on EU approved standard contractual clauses for the transfer of personal data.

• General Terms

1. 1. 1. Confidentiality. Each Party must keep this Agreement and information it receives about the other Party and its business in connection with this Agreement (“Confidential Information”) confidential and must not use or disclose that Confidential Information without the prior written consent of the other Party except to the extent that:
         1. disclosure is required by law;
         2. the relevant information is already in the public domain.
      2. Notices. All notices and communications given under this Agreement must be in writing and will be delivered personally, sent by post or sent by email to the address or email address set out in the heading of this Agreement at such other address as notified from time to time by the Parties changing address.

• Governing Law and Jurisdiction

• This Agreement is governed by the laws of Ireland.

1. 1. Any dispute arising in connection with this Agreement, which the Parties will not be able to resolve amicably, will be submitted to the exclusive jurisdiction of the courts of Dublin.

ELECTRONICALLY SIGNED 

Incorporation of the Standard Contractual Clauses.

The parties hereby incorporate the EU Standard Contractual Clauses of 2021, with the following choices and references.

In respect to section 7, “Docking”, the parties agree that Docking is an option to the SCC.

Module Two is selected; as ChatGo is the Processor and you are the Controller. However, if other activities shall apply, the relevant module shall be incorporated.

In respect to section 9, Option 2, a general written authorization for sub-processors is agreed to be undertaken between the parties.

In respect to section 11, complaints may be lodged with the relevant authority.

In respect to section 17 and 18, the governing law shall be Ireland.

In respect to the APPENDIX, the following shall be incorporated: The Data Importer and Exporter details are as stated in this DPA.

The Categories of Data Subject are your end-users and customers.

The Categories of Personal Data transferred are as required and specified in ChatGo’s privacy policy.

The frequency of the transfer is upon demand.

The nature of processing is as stated in the Privacy Policy and Data Processing Agreement.

The purpose of processing is as stated in the Privacy Policy and Data Processing Agreement.

The period of processing is as stated in the Privacy Policy and Data Processing Agreement

The sub-processors are as stated in the Privacy Policy and Data Processing Agreement.

The supervisory authority is the Irish data protection committee.

The Sub-processors are as stated in the Privacy Policy.

In respect to ANNEX II, The technical and organizational measures to ensure the security of the data are as stated in the Privacy Policy