Last updated: 02/06/2023 3:00 pm
I. Who we are. How we collect your personal data.
Tidio LLC with registered office at 149 New Montgomery Street (San Francisco, CA 94105 U.S.A.) and Tidio Poland Sp. z o.o. with its registered office in Szczecin, 81 Wojska Polskiego Street (70-481, Szczecin, Poland) are the joint controllers of your personal data processed in connection with use of our Services and other functionalities via this website (together referred to as “Controller” or “Tidio”).
Tidio provides a communication platform that allows businesses to communicate with their customers. Hundreds of thousands of merchants around the world use our service to improve their sales and customer satisfaction rates. Our platform includes features such as live chat, bots, integration with Messenger and email. Every tool for communicating with your clients is in one place, accessible through our dashboard and mobile app
We may collect and process your personal data when we interact with you. We process all personal data that you provide on the Website or that we collect about you when you use our Services as Controller in accordance with the GDPR. Personal data includes any information by which we can identify you as a specific person, such as your name, last name, email address or billing information, but also any other information related to you.
We are committed to safeguarding the privacy of your personal data. We will use your personal data in compliance with all applicable laws and regulations relating to data protection and privacy, including:
- Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (“General Data Protection Regulation” or “GDPR”);
- California Consumer Privacy Act (together with related amendments and regulations, the “CCPA”), describe in section “Information and Notice for California Residents”;
- Nevada applicable law, describe in section “Nevada Residents”;
II. Contact us
You can also contact our Data Protection Officer: Hubert Jackowski via e-mail: email@example.com
III. What are the purposes and grounds for our processing of personal data?
We may process your personal data for the following purposes:
- If you have access to and use our Services, according to our Terms & Conditions (https://www.tidio.com/terms/ ), we will process your personal data in order to:
- A. perform an agreement for the provision of Services by electronic means, related to the purchase of the Services (GDPR legal basis – Article 6(1) (b) of the GDPR);
- legal obligations to which the Controller is subject (GDPR legal basis – Article 6(1)(c) of the GDPR read together with the Accounting Act, in case of issuing and storing invoices and accounting documents);
- pursue our legitimate interest in a proper provision of Services (GDPR legal basis -Article 6(1) of the GDPR), such as:
- taking steps to set up and properly maintain your account;
- improving, fixing, customizing, personalizing the service according to your needs;
- ensure data safe and security;
- pursuing claims and defense against claims, including third parties.
- If you have entered into a contract with us via either a contact form (chat) or e-mail, we will process your personal data in order to:
- pursue our legitimate interest in response to your enquiry or contact and resolve the issue presented (GDPR legal basis Article 6(1) (f) of the GDPR)
- take steps to enter into a agreement with you (purchasing the Services), including preparing and presenting an offer to you (which will vary depending on the scope of the matter) with point (b) of Article 6(1) of the GDPR as the legal basis for processing, also
- If you receive from us information about latest news, special events, offers and other benefits or you subscribe to our newsletter, we will process your personal data on the basis of our legitimate interest (Article 6 (1) (f) of the GDPR). Remember that you can always revoke your consent (unsubscribe from our newsletter). If you wish to unsubscribe to do so, you cans also contact us at the following address firstname.lastname@example.org
If we are required by applicable law provisions, we may also collect consents from you to send you marketing materials.
- If you follow our social media profiles we will process your personal data in order to pursue our legitimate interest (Art 6(1) (f) GDPR), such as:
- responding to private messages you send us;
- conducting conversations via the comments under individual posts;
- sharing our posts with you as a follower of our profile;
- marketing, consisting of informing you about our services and ourselves through our profile posts;
- via statistics, presented to us by social media entities, such as Facebook Ireland Ltd., LinkedIn Ireland Unlimited Company, Twitter Inc., including data about the display of our posts, their reach, number of interactions, the demographics of our followers; the data presented to us by Social media entities are statistics, created on the basis of observations by that company of your behaviour on our profile.
- If you apply for a job, we will process your personal data in order to:
- carrying out the recruitment process in which you are taking part, with point (GDPR legal basis -Article 6(1)(b) and point (c) of Article 6(1) (c) of the GDPR to the extent of legal obligations to which the Controller is subject),
- processing of other your data you voluntary send us or processing for the purposes of future recruitment if you consented to it, (GDPR legal basis- Article 6(1)(a) of the GDPR);
The provision of your personal data is voluntary, but may be necessary in order to pursue the aforementioned purposes. However, due to the rules applied by Social media, we will see your name (or nickname) or photo if you write to us or comment on our post.
IV. What types of data can we process?
We may collect and process different forms of personal data depending on the functionalities you use:
- If you have access and use our Services, we will process your:
- identification data such as your name, email address,
- financial data necessary for the processing of invoices and, also
- other data you may provide while using these Services, in particular data relating to the conclusion and performance of contract with you.
- automatically collected information i.e.:
- usage and log information, this includes information about your activity, log files, and diagnostic, crash, website, and performance logs and reports;
- transaction information;
- devices and connection information, this includes information such as hardware model, operating system information, browser information, IP address, mobile network information and device identifiers;
- status information, i.e. information about your online and status message changes on our Services, such as whether you are online;
- sales data, relating to you, including but not limited to business, financial and product information, and any information relating to your customer, including, but not limited to, order information, payment information, and account information;
- If you wish to contact us, we will process your identification data such as your name, email address and any other data you may provide using our contact form (chat) or via e-mail contact.
- We will also process your email address if you subscribe to our newsletter or otherwise consent to the marketing of our services.
- As part of your activity on our social media profiles, we may process your personal data that you post on your profile and other data related to our use of social media functionality.
- If you apply for a job, we may process your personal data indicated in the Labour Code or in other specific laws, processed on the basis of legal provisions.
V. Your right to object.
- You are entitled to object at any time to the processing of your personal data on the basis of legitimate interest. In such case, we will cease to process your data for these purposes, unless there are legitimate grounds that prevent the cessation of processing or the processing may be necessary for the potential establishment, exercise or defence of legal claims.
- You are entitled to object at any time to the processing of your personal data for direct marketing purposes, mentioned in Section III, point (3).
VI. How long do we keep your personal data?
Depending on the purposes and grounds, as described in Section III. above, your personal data will be processed for the time it takes to :
- service and process your account in our Services, but no longer than until the account is deleted, except in the case of violation of the Terms by you, resulting in the assertion of claims. In that case, your personal data will be processed for the time necessary to assert claims, but no longer than the period of limitations for claims under generally applicable law.
- provide services (duration of the agreement), but if the processing is necessary to fulfill a legal obligation by Tidio, your personal data will be processed for a period of time resulting from generally applicable laws, in particular tax law and accounting regulations. If the processing is necessary for purposes arising from legitimate interests pursued by the Data Controller or by a third party, your personal data will be processed for no longer than necessary for the purposes for which the data are processed or until you object to the processing of your personal data.
- resolve your case. Depending on the type of case, your data could also be processed for the time needed to improve performance and the time needed to establish that we have resolved the case correctly, i.e. for the period of limitations for claims.
- provide our marketing activities (newsletter), until you object to the processing of your data for this purpose, or revoke your consent to send messages to your email address. Your revocation of consent does not affect the lawfulness of processing prior to the withdrawal of that consent. You can unsubscribe/ withdraw consent by clicking on the opt out link in newsletter, marketing e-mails from us.
- interact with you via our social media profiles if you choose to comment on our posts or follow us. Remember that you can always delete your comments under our posts, stop following us or cancel your social media account.
- until the end of the recruitment process, in case of consented to the processing of your data for future recruitment purposes, your data will be processed for a period of 48 months, but no longer than until you withdraw your consent to the processing of your data.
VII. Data recipients.
We could provide your personal data to other companies and certain services providers who perform certain business operation on our behalf. These companies and service providers may participate in the processing of Personal Data to the extent necessary to perform services for Tidio. Depending on your activities as described in Section III, recipients of your data may be:
- Service hosting providers;
- Website hosting providers;
- Subjects involved in storing data for us;
- Entities providing ICT services;
- Social media providers such as Facebook Ireland Ltd., LinkedIn Ireland Unlimited Company, Twitter Inc.,
Personal data may also be disclosed to other entities that support our operations, i.e.
- servicers of IT systems,
- law firms, auditors;
- third-party companies and individuals who facilitate our Services, to provide the Services on our behalf, to perform Services-related services, or to assist us in analyzing how our Services are used, or
- entities to which the Data controller is obliged to transfer data under the provisions of law.
VIII. Your rights as a data subject.
By law, you have the following right with regard to your personal data. Further information and advice about your rights can be obtained from your national data protection regulator. If you wish to exercise any of your rights in relation to your personal data, please contact us here.
- Right to be informed
- Right do access
- Right to rectification
You are entitled to have your personal data corrected if it’s inaccurate or incomplete.
- Right to erasure
This is also known as ‘the right to be forgotten’ and, in simple terms, enables you to request the deletion or removal of your personal data where there’s no compelling reason for us to keep using it. This is not a general right to erasure; there are exceptions.
- Right to restrict processing
You have rights to ‘block’ or suppress further use of your personal data. When processing is restricted, we can still store your personal data, but may not use it further. We keep lists of people who have asked for further use of their personal data to be ‘blocked’ to make sure the restriction is respected in future.
- Right to data portability
You have rights to obtain and reuse your personal data for your own purposes across different services. For example, if you decide to switch to a new provider, this enables you to move, copy or transfer your personal data between our IT systems and theirs safely and securely, without affecting its usability.
- Right to object to processing
You have the right to object to certain types of processing, including processing for direct marketing (which we do only with your consent).
- Right to withdraw consent
If you have given your consent for direct marketing, you have the right to withdraw your consent at any time. The withdrawal does not affect the lawfulness of previous processing, but from the time you withdraw your consent we will not process any further personal data. As noted above, if you withdraw consent then we may not be able to provide you with all the benefits of the Tidio platform.
- Right to lodge a complaint Right to explanation & human intervention
You have the right to lodge a complaint about the way we handle or process your personal data with your national data protection regulator. You have the right to obtain an explanation of automated decision, to contest it, to express your views and to obtain human intervention in order to make a new decision.
We are required by law to act on requests and provide information free of charge, except where your requests are manifestly unfounded or excessive (in particular because of their repetitive nature) in which case we may charge a reasonable fee (taking into account the administrative costs of providing the information or communication or taking the action requested) or refuse to act on the requested.
Please consider your request responsibly before submitting it. We will respond to your request as soon as we can. Generally, this will be within one month from when we receive your request but if the request is going to take longer to deal with, we will let you know.To find out how to submit a request, please see the Contact Us section.
IX. Information on data transfers outside of the EEA.
We mainly process the data you submit within the EEA and the servers located there. Note, however, that TIDIO LLC, as the entity entering into the Agreement with you, is a U.S.-based entity, and therefore some of your data may be processed in the U.S.
When Tidio uses the services of third parties / partners who support Tidio in its business activities, your personal data may be processed outside the EEA, including to countries that have not been recognized by the European Commission as providing an adequate level of personal data protection. However, any such case is done in accordance with the rules provided by the GDPR.
Please ask us if you would like more information about the safeguards that are used to protect your personal data when it is processed outside the EEA (see the Contact Us, Section II.).
In the event that a dispute with Tidio LLC arises with regards to the international transfer of data, you agree that the federal courts of California shall have exclusive jurisdiction over the matter. In the event of a dispute with Tidio Poland arises with regards to the international transfer of data, courts of Szczecin, Poland have exclusive jurisdiction over the matter.
X. Automated decision, including profiling.
Except for the cookie-based advertising profiling described below, automated decision-making, including profiling, may take place during your use of our Service, among other things in order to provide you basic rules (“Service onboarding”) and predict your behaviour (i.e., to enable you to take advantage of our benefits and support your use of our Service). The purpose of these activities is for you to be able to use our Service in the best version, plan, and price for you. At the same time, our goal is to support your use of our Service in the most suitable model and form for you.
Your personal data, including data obtained based on your activity and the way you use our Service, will be processed by us in order to evaluate and analyze your activity and information about you. We will analyze and forecast aspects of your behavior and preferences as our client, including in an automated manner, to create your individual profile and present dedicated offers and functionalities (“profiling”).
Certain decisions taken by Tidio at the stage of performance a contract may be based solely on automated processing of personal data, including on set of rules and algorithms used by Tidio for the purpose of providing you our Service with all the benefits and improving the Service. These decisions may produce legal effects concerning you or similarly significantly effect.
Remember, If you don’t agree with an automated decision that our technology has made in relation to you, you can contact us and we will look into it for you.
You have the right to obtain an explanation of automated decision, to contest it, to express your views, and to obtain human intervention in order to make a new decision.
XI. Security of your personal data.
We are committed to ensuring that your privacy is protected, since the security of your privacy, including your personal data, is a priority to us. We take every precaution to ensure that personal data provided by website users is protected from loss, destruction, disclosure, unauthorised access or misuse.
The security of your Personal Information is important to us but remember that no method of transmission over the Internet, or method of electronic storage is 100% secure. While we strive to use commercially acceptable means to protect your Personal Information, we cannot guarantee its absolute security. As such we make no warranties as to the level of security afforded to your data, except that we will always act in accordance with the relevant EU and United States law.
- provide Tidio for web and desktop and other Services that are web-based, improve your experiences, understand how our Services are being used, and customize our Services;
- understand which of our FAQs are most popular and to show you relevant content related to our Services;
- remember your choices, such as your language preferences, and otherwise to customize our Services for you;
- understand mobile versus desktop users of our web-based Services, or understand popularity and effectiveness of certain of our web pages,
- assess and analyze users’ activity and information; and
- present advertisements, offers, or promotions (discounts) regarding the products or services of Tidio.
- Cookies used by us include:
- Necessary cookies – Necessary to use our website’s features and Services. Necessary cookies help make a website usable by enabling basic functions like page navigation and access to secure areas of the website. If you block these cookies, we cannot guarantee access to the associated Services, nor guarantee website performance during your visit.
- Preferences cookies – Functional cookies allow our website to remember your choices, such as customizations you make to website pages during your visit.
- Statistics cookies – These help us understand how you use our website. For example, they collect information on which pages on our website you select most frequently, which features you use and which sites you have visited previously. We use this information to improve our website and provide a better user experience.
They also allow us to provide related entities and third parties authorised to post links on our website with feedback about users visiting their websites. This information may be used by such third parties to improve their websites or services. Analytical cookies are also used to support website layout and functionality testing.
- Marketing cookies – Marketing cookies are used to track visitors across websites. The intention is to display ads that are relevant and engaging for the individual user and thereby more valuable for publishers and third party advertisers:
- Unclassified cookies – Unclassified cookies are cookies that we are in the process of classifying, together with the providers of individual cookies.
- How to delete cookies?
You can configure your web browser to prevent cookies from being stored on your computer, phone or tablet.
You can delete cookies after we have stored them. To do this, you can use: the relevant functions of your browser, programs for this purpose or the relevant tools available within your operating system.
The following links contain information on how to delete cookies in the most popular web browsers:
- Opera: https://help.opera.com/en/latest/web-preferences/,
- Internet Explorer:https://support.microsoft.com/en-us/topic/how-to-delete-cookie-files-in-internet-explorer-bca9446f-d873-78de-77ba-d42645fa52fc
- Chrome: https://support.google.com/chrome/answer/95647?hl=en&co=GENIE.Platform%3DAndroid
- Safari: https://support.apple.com/en-us/HT201265
- The effect of changing your browser settings on your use of the Website.
Changing the configuration of your web browser to one that prevents or restricts the storage of cookies may result in restrictions on the functionality of the website. Deleting cookies in the middle of providing a service may lead to similar consequences. This means that some of our services will not be available without cookies, for example, you will not be able to use the contact form.
XIII. Information and Notice for California Residents
Information and Notice for California Residents
Do Not Track
Please also note that, in addition to the information in the sections above, when you use our Application, we and third parties may use tracking technologies to collect usage information based on your device for a variety of purposes, including serving you advertising, based on your having visited our services or your activities across time and third-party locations. Some browsers may enable you to turn on or off a so-called “Do Not Track” signal. Because there is no industry consensus on what these signals should mean and how they should operate, we do not look for or respond to “Do Not Track” signals.
Tidio does not collect or process sensitive personal data (SPI). We ask that the users of our services not share this data with us.
Use of your Personal Data
We may additionally collect and use your PI for commercial purposes, such as for interest-based advertising, provided you have not opted-out.
Please note that we process your personal data to:
- provide services to you, including user support;
- manage requests and complaints received from users;
- maintain and improve our Application, including debugging;
- promote our Application Services to our users and others;
- ensure the quality of our Application and related products and Application Services, including developing new products and services;
- comply with applicable laws and regulations, including obligations to comply with governmental requests, court orders, regulatory guidelines, and similar compliance obligations; or
- make or defend legal claims.
CCPA Do Not Sell or Share
- In the previous calendar year, we did not “sell” PI, and we will not sell your PI collected by us during a period in which we did not offer you the opportunity to opt out of the sale, unless we first obtain your affirmative consent to do so.
- We may share your data with our third-party analytics providers. If you wish us not to share your PI, please follow the link on our webpage titled: ““DO NOT SELL OR SHARE MY PERSONAL INFORMATION.”
- We may disclose your PI for the following purposes, which are not sales: (i) if you direct us to share PI; (ii) to comply with your requests under the CCPA; (iii) disclosures among the Tidio companies; (iv) as part of a merger or asset sale; and (v) as otherwise required or permitted by applicable laws.
Consistent with the CCPA and our interest in the security of your PI, in response to a CCPA rights request from you, even if we are in possession of the following, we will not deliver to you a Social Security number; driver’s license number or other government-issued ID numbers; financial account number; any health or medical identification number; genetic data; race or ethnic data; sex act or sexual orientation data; an account password; security questions or answers in response to your security questions; your precise geolocation; or unique biometric data generated from measurements or technical analysis of human characteristics. However, you may be able to access some of this information yourself through your account if available and if you have an active account with us.
Automated Decision Making
CCPA Right-to-Know and Access Categories Request – You have the right to send us a request, no more than twice in a twelve (12)-month period, for any of the following for the period that is twelve (12) months prior to the request date:
- The categories of PI we have collected about you.
- The categories of sources from which we collected your PI.
- The business or commercial purposes for our collecting your PI.
- The categories of third parties to whom we have disclosed your PI.
- A list of the categories of PI disclosed for a business purpose in the prior twelve (12) months and, for each, the categories of recipients, or that no disclosure occurred.
- A list of the categories of PI sold about you in the prior twelve (12) months and, for each, the categories of recipients, or that no sale occurred.
CCPA Specific Pieces of PI Request – You have the right to make or obtain a transportable copy, no more than twice in a twelve (12)-month period, of your PI that we have collected in the period that is twelve (12) months prior to the request date and are maintaining.
CCPA Correction Request – You may request that we correct the PI that we have collected directly from you and are maintaining by sending us a CCPA Request for correction through the channels set forth below.
CCPA Deletion Request – You may request that we delete the PI that we have collected directly from you and are maintaining and to direct those parties with whom we have shared your data to do the same. However, we may have a basis for the retention of your PI under the CCPA. Our retention rights include (i) to complete transactions and services you have requested or that are reasonably anticipated; (ii) for security purposes; and (iii) for legitimate internal business purposes, including to maintain business records, to comply with law, to exercise or defend legal claims, and to cooperate with law enforcement. Note also that we are not required to delete your PI that we did not collect directly from you.
Making CCPA Requests
- To make a CCPA request, you or an Authorized Agent (as indicated below) may email us here, or write us at Tidio LLC, 149 New Montgomery Street (San Francisco, CA 94105 U.S.A.) (Attn: CCPA Request).
- Authorized Agent Request – As permitted by the CCPA, any request submitted to us is subject to an identification and verification process, and confirmation of the agent’s authority, which may include attestation under penalty of perjury. Absent a power of attorney, we will also require the consumer to verify his or her own identity. We may verify identity based on matching information you provided with data we have maintained on you in our systems. This data could include email address, mailing address, or phone number.
Third-Party Marketing and Other California Privacy Rights
- We provide California residents with the option to opt in to sharing of “personal information,” as defined by California’s “Shine the Light” law, with third parties, other than our affiliates, for such third parties’ own direct marketing purposes. California residents may prospectively withdraw that consent, and/or request information about our compliance with the Shine the Light law, and obtain a disclosure of third parties we have shared information with in accordance with the law for those companies direct marketing purposes and the categories of information shared. To obtain such information, email us here, or write us at 149 New Montgomery St 4th Floor, San Francisco, CA 94105 USA (Attn: California Privacy Rights Request). Requests must include your name, street address, city, state, and ZIP code. Please note that we are only required to respond to one request per customer each year, and we are not required to respond to requests made by means other than through the provided email address or postal address. As these rights and your CCPA rights are not the same and exist under different laws, you must exercise your rights under each law separately.
- California Minors – As noted above, Tidio is intended for a general audience and not directed to children less than thirteen (13) years of age.
XIV. Nevada Residents
XV. Links to Other Sites
Our Service may contain links to other websites operated by unrelated companies and persons (“Third-Party Website(s)”). These links are provided for your information only. The inclusion on the Service of any link to a Third-Party Website does not mean that we accept any responsibility for that Third-Party Website, its content or use, or the use of any features, products and/or services made available through that Third-Party Website.
We have no control over Third-Party Websites or any information or materials contained on them and have not investigated, monitored, or checked any Third-Party Websites for accuracy, completeness, or conformance with applicable laws and regulations. We are not responsible for any damages or caused as a result of your use of, or reliance on, Third-Party Websites or any information or materials contained on them. You access and use Third-Party Websites at your own risk.
XVI. Children’s Privacy
Our Service does not address anyone under the age of 13 (“Children”).
We do not knowingly collect personally identifiable information from children under 13. If you are a parent or guardian and you are aware that your Children has provided us with Personal Information, please contact us here. If we become aware that we have collected Personal Information from children under age 13 without verification of parental consent, we take steps to remove that information from our servers.