Last updated: 9 January, 2019
Tidio LLC(with its registered office in 180 Steuart St,CA 94119, San Francisco), a California corporation together with its directly and indirectly wholly owned affiliates i.e.:
- Tidio Ltd with its registered office in [220C Blythe Road, W14 0HH, London] and
- Tidio Poland Sp. z o.o. with its registered office in [Podhalańska 15B, 80-322, Gdańsk].
(collectively “Tidio Group”,“Tidio”,”us”, “we”, or “our”) operate the www.tidio.com website (the “Services”).
Tidio is committed to protecting your privacy.
- who we are,
- personal data we collect about you, how is is used and why, including the legal basis for our processing,
- marketing communications and automated decision-making (including profiling),
- who we share your personal data with,
- how long we keep your personal data for,
- our policy on children’s personal data,
- your rights,
- how you can contact us.
You have the right to object to certain types of processing, including processing for direct marketing (which we do only with your consent). For more information, please see the section “Your rights”.
Who we are
Founded in 2013, Tidio is a communication platform that allows businesses to communicate with their customers. Hundreds of thousands of merchants around the world use our service to improve their sales and customer satisfaction rates. Our platform includes features such as live chat, bots, integration with Messenger and email. Every tool for communicating with your clients is in one place, accessible through our dashboard and mobile app.
Information You Provide
- Your Account Information. You may add information to your account, such as a profile name, profile picture and billing data indicated in Terms and Conditions.
- Your Messages. To improve performance, perform content analysis and deliver media messages more efficiently, we retain that content on our servers for a longer period of time. We reserve the right to contain the message history and your data. You can alter them at any time.
- Customer Support. You may provide us with information related to your use of our Services, including copies of your messages, and how to contact you so we can provide you customer support. For example, you may send us an email with information relating to our app performance or other issues.
Automatically Collected Information
- Usage and Log Information. We collect service-related, diagnostic, and performance information. This includes information about your activity (such as how you use our Services, how you interact with others using our Services, and the like), log files, and diagnostic, crash, website, and performance logs and reports.
- Transactional Information. If you pay for our Services, we may receive information and confirmations, such as payment receipts, including from app stores or other third parties processing your payment.
- Device and Connection Information. We collect device-specific information when you install, access, or use our Services. This includes information such as hardware model, operating system information, browser information, IP address, mobile network information and device identifiers. Please be aware Tidio may have access to your geo-location data and process IP address of all devices you use our software on.
- Status Information. We collect information about your online and status message changes on our Services, such as whether you are online (your “online status”).
- Third-Party Providers. We work with third-party providers to help us operate, provide, improve, understand, customize, support, and market our Services. For example, we work with companies to distribute our apps, provide our infrastructure, delivery, and other systems, supply map and places information, process payments, help us understand how people use our Services, and market our Services. These providers may provide us information about you in certain circumstances; for example, app stores may provide us reports to help us diagnose and fix service issues.
- Third-Party Services. We allow you to use our Services in connection with third-party services. If you use our Services with such third-party services, we may receive information about you from them through a mobile carrier’s or device provider’s promotion of our Services. Please note that when you use third-party services, their own terms and privacy policies will govern your use of those services.
- Payment Data . Credit/debit card data and PayPal account data provided by the user are processed by professional companies that conduct non-cash transactions and only to the extent necessary to effect the payments. Tidio shall not store nor disclose any financial information provided by users to 3rd party entities. PayPal shall store your customer’s credit card account information during the entire period of your account subscription. Cardholder data is protected and encrypted during transit by PayPal.
We use all the information we have to help us operate, provide, improve, understand, customize, support, and market our Services.
- Safety and Security. We verify accounts and activity, and promote safety and security on and off our Services, such as by investigating suspicious activity or violations of our Terms and Conditions, and to ensure our Services are being used legally.
Information You And We Share
You share your information as you use and communicate through our Services, and we share your information to help us operate, provide, improve, understand, customize, support, and market our Services.
- Account Information. Your profile name and photo, online status and status message, last seen status, and receipts may be available only for our employees, although you can configure your Services settings to manage certain information available to other users.
- Third-Party Providers. We work with third-party providers to help us operate, provide, improve, understand, customize, support, and market our Services. When we share information with third-party providers, we require them to use your information in accordance with our instructions and terms or with express permission from you.
- Third-Party Services. When you use third-party services that are integrated with our Services, they may receive information about what you share with them. For example, if you use a data backup service integrated with our Services (such as iCloud or Google Drive), they will receive information about what you share with them. If you interact with a third-party service linked through our Services, you may be providing information directly to such third party. Please note that when you use third-party services, their own terms and privacy policies will govern your use of those services.
Marketing communications and automated decision-making (including profiling)
In order to provide you with all of the benefits of the our Service, we ask for your permission to send you information about the latest news, special events, offers, promotions and other benefits. We also ask for your permission to send you our newsletter. We will use your email address to contact you with this information.
You can choose to withdraw your permission at any time by clicking on the opt out link in newsletter marketing emails from us.
If you don’t agree with an automated decision that our technology has made in relation to you, you can contact us and we will look into it for you (see the section “Contact us”).
Who we share your personal data with
For t h e purposes set out in the section “Information Collection” , we sometimes provide your personal data to other companies and certain services providers who perform certain business operation on our behalf. This includes:
- Stripe, Inc.
- Amazon Web Services, Inc.
- Mailgun Technologies, Inc.
- OVH HOSTING INC.
- Tidio Ltd.
- Tidio LLC.
In some cases, the personal data we collect from you may also be accessed or processed outside the EEA. Such destination may not have laws which protect information to the same extent as in the EEA. We have obligations to ensure that your personal data is only accessed or processed from territories outside the EEA where the European Commission has decided that the territory in question ensures an adequate level of protection (known as a ‘whitelisted’ territory) or, in the absence of a decision by the European Commission, there are appropriate safeguards in place to protect your personal data. For example, if your personal data is accessed or processed from a territory outside the EEA which is not whitelisted, the appropriate safeguards may be provided by standard data protection clauses adopted by the European Commission (known as ‘model clauses’).
Please ask us if you would like more information about the safeguards that are used to protect your personal data when it is processed outside the EEA (see the section “Contact us”).
In addition, we may share your personal data with other organisations in the following circumstances:
- if we are required by applicable law or a public authority to share information about you,
- if we need to share information about you in order to establish, exercise, defend or protect the right, property or safety of our business, our customers or others (this includes, in specific cases, exchanging information with other organisations for the purposes of fraud protection; and
- To successors in title or replacement operators of all or part of our respective businesses.
Assignment, Change Of Control And Transfer
A cookie is a small text file that a website you visit asks your browser to store on your computer or mobile device.
- to provide Tidio for web and desktop and other Services that are web-based, improve your experiences, understand how our Services are being used, and customize our Services;
- to understand which of our FAQs are most popular and to show you relevant content related to our Services;
- to remember your choices, such as your language preferences, and otherwise to customize our Services for you; and
- understand mobile versus desktop users of our web-based Services, or understand popularity and effectiveness of certain of our web pages.
How to control cookies
You can follow the instructions provided by your browser or device (usually located under „Settings“ or „Preferences“) to modify your cookie settings. Please note that if you set your browser or device to disable cookies, certain of our Services may not function properly.
How long we keep your personal data for
We retain your personal data for no longer than is necessary for the purposes for which the information is collected (see the section „Personal data we collect about you, how it is used and why, including the legal basis for our processing“ for details of the relevant purposes). When determining the relevant retention periods, we will take into account factors including:
- legal obligation(s) under the applicable law to retain data for a certain period of time, for example, accounting obligations;
- statute of limitations under applicable law,
- (potential) disputes; and
- Guidelines issued by relevant national data protection regulators.
Otherwise, we securely erase your information once this is no longer needed for the purposes for which the information is collected.
We may employ third party companies and individuals to facilitate our Services, to provide the Services on our behalf, to perform Services-related services or to assist us in analyzing how our Services is used.
These third parties have access to your Personal Information only to perform these tasks on our behalf and are obligated not to disclose or use it for any other purpose.
Law And Protection
Our Global Operations
We may use your Personal Information to contact you with newsletters, marketing or promotional materials and other information that may be of interest to you. You may opt out of receiving any, or all, of these communications from us by following the unsubscribe link or instructions provided in any email we send.
The security of your Personal Information is important to us, but remember that no method of transmission over the Internet, or method of electronic storage is 100% secure. While we strive to use commercially acceptable means to protect your Personal Information, we cannot guarantee its absolute security. As such we make no warranties as to the level of security afforded to your data, except that we will always act in accordance with the relevant United States law..
Your information, including Personal Information, may be transferred to — and maintained on — computers located outside of your state, province, country or other governmental jurisdiction where the data protection laws may differ than those from your jurisdiction.
If you are located outside United States and choose to provide information to us, please note that we transfer the information, including Personal Information, to United States and process it there.
In the event that a dispute arises with regards to the international transfer of data, you agree that the courts of California shall have exclusive jurisdiction over the matter.
Links To Other Sites
Our Service may contain links to other websites operated by unrelated companies and persons (“Third Party Website”). These links are provided for your information only. The inclusion on the Service of any link to a Third Party Website does not mean that we accept any responsibility for that Third Party Website, its content or use, or the use of any features, products and/or services made available through that Third Party Website.
We have no control over Third Party Websites or any information or materials contained on them and have not investigated, monitored or checked any Third Party Websites for accuracy, completeness or conformance with applicable laws and regulations. We are not responsible for any damages or caused as a result of your use of, or reliance on, Third Party Websites or any information or materials contained on them. You acces and use Third Party Websites at your own risk.
Our Service does not address anyone under the age of 13 (“Children”).
We do not knowingly collect personally identifiable information from children under 13. If you are a parent or guardian and you are aware that your Children has provided us with Personal Information, please contact us at [email protected] If we become aware that we have collected Personal Information from a children under age 13 without verification of parental consent, we take steps to remove that information from our servers.
By law, you have the following right with regard to your personal data. Further information and advice about your rights can be obtained from your national data protection regulator. If you wish to exercise any of your rights in relation to your personal data, please contact us at [email protected] .
|Rights||What does it mean?|
|Right to rectification||You are entitled to have your personal data corrected if it’s inaccurate or incomplete.|
|Right to erasure||This is also known as ‘the right to be forgotten’ and, in simple terms, enables you to request the deletion or removal of your personal data where there’s no compelling reason for us to keep using it. This is not a general right to erasure; there are exceptions.|
|Right to restrict processing||You have rights to ‘block’ or suppress further use of your personal data. When processing is restricted, we can still store your personal data, but may not use it further. We keep lists of people who have asked for further use of their personal data to be ‘blocked’ to make sure the restriction is respected in future.|
|Right to data portability||You have rights to obtain and reuse your personal data for your own purposes across different services. For example, if you decide to switch to a new provider, this enables you to move, copy or transfer your personal data between our IT systems and theirs safely and securely, without affecting its usability.|
|Right to object to processing||You have the right to object to certain types of processing, including processing for direct marketing (which we do only with your consent).|
|Right to withdraw consent||If you have given your consent for direct marketing, you have the right to withdraw your consent at any time. The withdrawal does not affect the lawfulness of previous processing, but from the time you withdraw your consent we will not process any further personal data. As noted above, if you withdraw consent then we may not be able to provide you with all the benefits of the Tidio.|
|Right to lodge a complaint||You have the right to lodge a complaint about the way we handle or process your personal data with your national data protection regulator.|
We are required by law to act on requests and provide information free of charge, except where your requests are manifestly unfounded or excessive (in particular because of their repetitive nature) in which case we may charge a reasonable fee (taking into account the administrative costs of providing the information or communication or taking the action requested) or refuse to act on the requested.
Please consider your request responsibly before submitting it. We will respond to your request as soon as we can. Generally, this will be within one month from when we receive your request but if the request is going to take longer to deal with, we will let you know.
To find out how to submit a request, please see the section “Contact us”.
EU-U.S. and Swiss-U.S. Privacy Shield
In compliance with the Privacy Shield Principles, Tidio LLC commits to resolve complaints about our collection or use of your personal information. European Union and Swiss individuals with inquiries or complaints regarding our Privacy Shield policy should first contact Tidio LLC at [email protected]
Tidio LLC has further committed to refer unresolved Privacy Shield complaints to UODO (the Personal Data Protection Office), an alternative dispute resolution provider located in Poland. If you do not receive timely acknowledgement of your complaint from us, or if we have not addressed your complaint to your satisfaction, please contact UODO DESiWM via phone: +48 22 531 04 51, e-mail: [email protected], or visit https://www.uodo.gov.pl/pl/p/kontakt for more information or to file a complaint. The services of UODO are provided at no cost to you, however, additional charges for the international call may apply.
In the context of an onward transfer, Tidio LLC has responsibility for the processing of personal information it receives under the Privacy Shield and subsequently transfers to a third party acting as an agent on its behalf. Tidio LLC shall remain liable under the Principles if its agent processes such personal information in a manner inconsistent with the Principles, unless Tidio LLC proves that it is not responsible for the event giving rise to the damage.
An individual has the possibility, under certain conditions, to invoke binding arbitration for complaints regarding Privacy Shield compliance not resolved by any of the other Privacy Shield mechanisms. More details are available in the link below:
The Federal Trade Commission has jurisdiction over Tidio LLC’s compliance with the Privacy Shield.
Tidio cooperates with EU data protection authorities (DPAs) and the Swiss Federal Data Protection and Information Commissioner (FDPIC). We comply with the advice given by such authorities with regard to data transferred from the EU and Switzerland.
Details of your personal data that we collect, how they are used and why, including the legal basis for our processing
|Type of interaction with us||Types of personal data we collect||Purpose of processing (how and why we use your personal data)||Legal basis for processing||Controllers(s) of your personal data|
|Creating an account||To create an account it’s required to provide personal data comprising an email address and password. Additionally, in order to better acquaint you with our service, enhance and fully personalise it according to your needs, we will use your personal data for onboarding.||You provide the personal data willingly, although it is required so that we can provide the service.||Performance of the contract mentioned in article 6, paragraph 1, point b) of GDPR constitutes the basis for processing your personal data. Additionally, it is in our justified interests to provide you with information that allows complete usage of our service’s feature.||You personal data may be transferred between associated holding entities active within the Tidio group. Data processing will be conducted through a marketing automation service.|
|Starting the tour||In order to enhance the experience of users during our “starting tour,” we collect the following personal data: name, website address, appearance, business type, business name, and country.||The data is collected in order to personalise the service according to your needs.||Performance of the contract mentioned in article 6, paragraph 1, point b) of GDPR constitutes the basis for processing your personal data.||You personal data may be transferred between associated holding entities active within the Tidio group.|
|Purchasing the service||A specified extent of our service is free of charge (freemium), but if you’d like to use certain features – payment is required. To finalise the payment process we collect the following essential data:Credit card number,CVC code,Card expiration date.||Performance of the contract, especially the finalisation of the payment procedure. You provide the personal data willingly, although it is required so that we can provide the service.||Performance of the contract mentioned in article 6, paragraph 1, point b) of GDPR constitutes the basis for processing your personal data.||You personal data may be transferred between associated holding entities active within the Tidio group. The personal data will be processed by applications that ensure the finalising of the payment process, such as Stripe, PayPal.|
|Issuing an invoice||If you wish to have an invoice issued, you will be required to provide the following personal data. Please note that we do not always need to issue an invoice; it is voluntary.||The data is collected in order to issue the invoice, they will not be used for any other purpose.||The extent of the personal data present on an invoice stems from applicable laws; the legal obligation mentioned in article 6, paragraph 1, point c) of GDPR constitutes the basis for this data processing.||You personal data may be transferred between associated holding entities active within the Tidio group. The personal data will be processed by applications that ensure the finalisation of issuing an invoice, such as QuickBooks.|