Last updated: 10/08/2021 11:45 am
Tidio LLC (with its registered office in 160 Spear Street, #1000, San Francisco, CA 94105 U.S.A.), and Tidio Poland Sp. z o.o. with its registered office in [Wojska Polskiego 81, 70-481 Szczecin, Poland] (referred to “Tidio”, “us”, “we”, or “our”). Each of the Tidio companies participates in different areas of processing of personal data and perform a different function in the data processing activities. More information can be found in Who we are section.
Tidio is committed to protecting your privacy.
- who we are,
- personal data we collect about you, how it is used and why, including the legal basis for our processing,
- marketing communications and automated decision-making (including profiling),
- who we share your personal data with,
- how long we keep your personal data for,
- our policy on children’s personal data,
- your rights,
- how you can contact us.
You have the right to object to certain types of processing, including processing for direct marketing (which we do only with your consent). For more information, please see the section “Your rights”.
Who We Are
Founded in 2013, Tidio is a communication platform that allows businesses to communicate with their customers. Hundreds of thousands of merchants around the world use our service to improve their sales and customer satisfaction rates. Our platform includes features such as live chat, bots, integration with Messenger and email. Every tool for communicating with your clients is in one place, accessible through our dashboard and mobile app.
Tidio LLC (with its registered office in 160 Spear Street, #1000, San Francisco, CA 94105, USA):
- the controller of personal data collected via the tidio.com (including using cookie or similar technology),
- the controller of your personal data collected as a Tidio user (in connection with the purchase of Services, payments and billings – as a party of the contract for Services).
Tidio Poland (Tidio Poland Sp. z o.o., National Court Register number 0000725583, Tax Identification Number 5842770474 with its registered office at Wojska Polskiego 81, 70-481, Szczecin, POLAND):
- a processor of personal data processed as part of the Services (data entered into Tidio systems by Tidio users),
- controller of your personal data – to the extent that it is a party to the DPA agreement with Tidio user.
You can also contact our Data Protection Officer: Hubert Jackowski at [email protected]
Representative of Tidio LLC within EEA is: Tidio Poland (Tidio Poland Sp. z o.o., National Court Register number 0000725583, Tax Identification Number 5842770474 with its registered office at Wojska Polskiego 81, 70-481, Szczecin, POLAND.
Information You Provide
- Your Account Information. You may add information to your account, such as a profile name, profile picture and billing data indicated in Terms and Conditions.
- Your Messages. To improve performance, perform content analysis and deliver media messages more efficiently, we retain that content on our servers for a longer period of time. We reserve the right to contain the message history and your data. You can alter them at any time.
- Customer Support. You may provide us with information related to your use of our Services, including copies of your messages, and how to contact you so we can provide you customer support. For example, you may send us an email with information relating to our app performance or other issues
Automatically Collected Information
- Usage and Log Information. We collect service-related, diagnostic, and performance information. This includes information about your activity (such as how you use our Services, how you interact with others using our Services, and the like), log files, and diagnostic, crash, website, and performance logs and reports.
- Transactional Information. If you pay for our Services, we may receive information and confirmations, such as payment receipts, including from app stores or other third parties processing your payment.
- Device and Connection Information. We collect device-specific information when you install, access, or use our Services. This includes information such as hardware model, operating system information, browser information, IP address, mobile network information and device identifiers. Please be aware Tidio may have access to your geo-location data and process IP address of all devices you use our software on.
- Status Information. We collect information about your online and status message changes on our Services, such as whether you are online (your “online status”).
- Third-Party Providers. We work with third-party providers to help us operate, provide, improve, understand, customize, support, and market our Services. For example, we work with companies to distribute our apps, provide our infrastructure, delivery, and other systems, supply map and places information, process payments, help us understand how people use our Services, and market our Services. These providers may provide us information about you in certain circumstances; for example, app stores may provide us reports to help us diagnose and fix service issues.
- Third-Party Services. We allow you to use our Services in connection with third-party services. If you use our Services with such third-party services, we may receive information about you from them through a mobile carrier’s or device provider’s promotion of our Services. Please note that when you use third-party services, their own terms and privacy policies will govern your use of those services.
- Payment Data. Credit/debit card data and PayPal account data provided by the user are processed by professional companies that conduct non-cash transactions and only to the extent necessary to effect the payments. Tidio shall not store nor disclose any financial information provided by users to 3rd party entities. PayPal shall store your customer’s credit card account information during the entire period of your account subscription. Cardholder data is protected and encrypted during transit by PayPal.
- Sales Data. We collect information (including personal information) relating to you, including but not limited to business, financial and product information, and any information relating to your customer, including, but not limited to, order information, payment information, and account information. Please note that we (i) will only use such information for purpose of providing you our Services, (ii) will not communicate with your customers directly or indirectly, provided however that Tidio may contact your customers if the information is obtained from another source, such as from the customers themselves, (iii) will only store such information for as long as reasonably necessary to provide the Services to you to whom your data relates, (iv) will use industry-standard measures to protect against unauthorized access to, disclosure or use of such information.
We use all the information we have to help us operate, provide, improve, understand, customize, support, and market our Services.
- Safety and Security. We verify accounts and activity and promote safety and security on and off our Services, such as by investigating suspicious activity or violations of our Terms and Conditions, and to ensure our Services are being used legally.
- Marketing. Personal Data are processed for marketing purposes, for example presenting advertisement / discounts intended for all recipients.
- Profiling. We may automatically make decisions regarding your convenient and beneficial use of our Service. More info in the section Marketing communications and automated decision-making (including profiling) below.
- Agreements for Services. Personal Data are processed in order to conclude and implement the agreement for Services or to take action at the request of the future user before its conclusion.
- Claims and legal obligations. Personal Data may be processed for the purpose of pursuing claims and defense against claims, including third parties, as well as to fulfil legal obligations resulting from regulations, e.g. tax and accounting regulations.
Information You and We Share
You share your information as you use and communicate through our Services, and we share your information to help us operate, provide, improve, understand, customize, support, and market our Services.
- Account Information. Your profile name and photo, online status and status message, last seen status, and receipts may be available only for our employees, although you can configure your Services settings to manage certain information available to other users.
- Third-Party Providers. We work with third-party providers to help us operate, provide, improve, understand, customize, support, and market our Services. When we share information with third-party providers, we require them to use your information in accordance with our instructions and terms or with express permission from you.
- Third-Party Services. When you use third-party services that are integrated with our Services, they may receive information about what you share with them. For example, if you use a data backup service integrated with our Services (such as iCloud or Google Drive), they will receive information about what you share with them. If you interact with a third-party service linked through our Services, you may be providing information directly to such third party. Please note that when you use third-party services, their own terms and privacy policies will govern your use of those services.
Marketing Communications and Automated Decision-making (including Profiling)
In order to provide you with all of the benefits of our Service, we ask for your permission to send you information about the latest news, special events, offers, promotions and other benefits. We also ask for your permission to send you our newsletter. We will use your email address to contact you with this information.
You can choose to withdraw your permission at any time by clicking on the opt out link in newsletter marketing emails from us.
Automated decision-making, including profiling, may take place during your use of our Service, among other things in order to provide you basic rules (“Service onboarding”) and predict your behaviour (i.e., to enable you to take advantage of our benefits and support your use of our Service). These are the functionalities of the Service we provide to you. The purpose of these activities is for you to be able to use our Service in the best version, plan, and price for you. At the same time, our goal is to support your use of our Service in the most suitable model and form for you.
Your personal data, including data obtained based on your activity and the way you use our Service, will be processed by us in order to evaluate and analyze your activity and information about you. We will analyze and forecast aspects of your behavior and preferences as our client, including in an automated manner, to create your individual profile and present dedicated offers and functionalities (“profiling”). The legal basis for these processing activities is the performance of the contract concluded with you.
Certain decisions taken by Tidio at the stage of performance a contract may be based solely on automated processing of personal data, including on set of rules and algorithms used by Tidio for the purpose of providing you our Service with all the benefits and improving the Service. These decisions may produce legal effects concerning you or similarly significantly effect. If you don’t agree with an automated decision that our technology has made in relation to you, you can contact us and we will look into it for you (see the Contact us section). You have the right to obtain an explanation of automated decision, to contest it, to express your views, and to obtain human intervention in order to make a new decision.
Who We Share Your Personal Data With
For the purposes set out in the Information Collection section, we sometimes provide your personal data to other companies and certain services providers who perform certain business operation on our behalf.
These companies and service providers may participate in the processing of Personal Data to a limited extent, in particular those who support Tidio in the process of concluding and accounting contracts, providing services, contact with customers and marketing activities, for example entities providing IT and hosting services, ICT services, as well as providers of legal and advisory services.
In addition, we may share your personal data with other organisations, institutions or authorities in the following circumstances:
- if we are required by applicable law or a public authority to share information about you,
- if we need to share information about you in order to establish, exercise, defend or protect the right, property or safety of our business, our customers or others (this includes, in specific cases, exchanging information with other organisations for the purposes of fraud protection); and
- To successors in title or replacement operators of all or part of our respective businesses.
Assignment, Change of Control, and Transfer
Cookies and Other Similar Technologies
A cookie is a small text file that a website you visit asks your browser to store on your computer or mobile device.
About other technologies
We also use other technologies of this type (i.e., in the form of saving and reading information from local storage). Local storage is a separate part of the browser’s memory, used to store data saved by websites.
- provide Tidio for web and desktop and other Services that are web-based, improve your experiences, understand how our Services are being used, and customize our Services;
- understand which of our FAQs are most popular and to show you relevant content related to our Services;
- remember your choices, such as your language preferences, and otherwise to customize our Services for you;
- understand mobile versus desktop users of our web-based Services, or understand popularity and effectiveness of certain of our web pages,
- assess and analyze users’ activity and information; and
- present advertisements, offers, or promotions (discounts) regarding the products or services of Tidio.
How to control cookies and other technologies
You can follow the instructions provided by your browser or device (usually located under “Settings” or “Preferences”) to modify your cookie settings. Please note that if you set your browser or device to disable cookies, certain of our Services may not function properly. In order not to allow the operation of a local storage technology, it is necessary to disable the cooperation of the browser with this technology, which should be possible within the browser’s settings.
How long we keep your personal data
We retain your personal data for no longer than is necessary for the purposes for which the information is collected (see the Personal data we collect about you, how it is used and why, including the legal basis for our processing section for details of the relevant purposes). When determining the relevant retention periods, we will consider factors including:
- legal obligation(s) under the applicable law to retain data for a certain period of time (e.g., accounting obligations);
- statute of limitations under applicable law;
- (potential) disputes; and
- Guidelines issued by relevant national data protection regulators.
Otherwise, we securely erase your information once it is no longer needed for the purposes for which the information is collected.
We may employ third-party companies and individuals to facilitate our Services, to provide the Services on our behalf, to perform Services-related services, or to assist us in analyzing how our Services are used.
These third parties have access to your Personal Information only to perform these tasks on our behalf and are obligated not to disclose or use it for any other purpose.
Law and Protection
Our Global Operations
We may use your Personal Information to contact you with newsletters, marketing or promotional materials and other information that may be of interest to you. You may opt out of receiving any, or all, of these communications from us by following the unsubscribe link or instructions provided in any email we send.
The security of your Personal Information is important to us but remember that no method of transmission over the Internet, or method of electronic storage is 100% secure. While we strive to use commercially acceptable means to protect your Personal Information, we cannot guarantee its absolute security. As such we make no warranties as to the level of security afforded to your data, except that we will always act in accordance with the relevant EU and United States law, especially GDPR.
Your information, including Personal Information, may be transferred to—and maintained on—computers located outside of your state, province, country, or other governmental jurisdiction where the data protection laws may differ than those from your jurisdiction.
If you are located outside United States and choose to provide information to us, please note that we transfer the information, including Personal Information, to United States and process it there.
In the event that a dispute with Tidio LLC arises with regards to the international transfer of data, you agree that the federal courts of California shall have exclusive jurisdiction over the matter. In the event of a dispute with Tidio Poland arises with regards to the international transfer of data, courts of Szczecin, Poland have exclusive jurisdiction over the matter.
Transfer Outside EEA
Tidio LLC, a company based in the USA, is a party of the contract with you as a Tidio user and the controller of your data in this regard. Therefore, your personal data is processed outside the EEA. The basis for this processing is standard contractual clauses (“SCCs”) which are included in our Terms and Conditions. Data processing in the USA is also necessary for the performance of the contract concluded with Tidio LLC.
As a Tidio user you are also part of the agreement of entrusting the processing of personal data (“DPA”) concluded with Tidio Poland. A DPA is necessary for the provision of the Services in connection with the fact that the Services have been developed and are currently maintained by the polish company Tidio Poland. That is why Tidio Poland is a processor of personal data processed as part of the Services, entered into Tidio systems by Tidio users (end users’ data – individuals who interact with the Tidio user by way of the Tidio communication platform). Moreover, Tidio Poland, to the extent that it is a party to the DPA agreement, is also the controller of your personal data (as a party to the contract). When personal data is processed by Tidio Poland, personal data is processed primarily in the EEA.
In some cases, in particular when Tidio uses the services of third parties / partners who support Tidio in its business activities, the personal data may also be accessed or processed outside the EEA. When personal data we collect is processed outside the EEA we have obligations to ensure that personal data is only processed outside the EEA where the European Commission has decided that the territory in question ensures an adequate level of protection (known as a ‘whitelisted’ territory) or, in the absence of a decision by the European Commission, there are appropriate safeguards in place to protect your personal data. For example, if your personal data is accessed or processed from a territory outside the EEA which is not whitelisted, the appropriate safeguards may be provided by standard data protection clauses adopted by the European Commission (known as ‘standard contractual clauses).
Please ask us if you would like more information about the safeguards that are used to protect your personal data when it is processed outside the EEA or to obtain its copies (see the Contact Us section).
Links to Other Sites
Our Service may contain links to other websites operated by unrelated companies and persons (“Third-Party Website(s)”). These links are provided for your information only. The inclusion on the Service of any link to a Third-Party Website does not mean that we accept any responsibility for that Third-Party Website, its content or use, or the use of any features, products and/or services made available through that Third-Party Website.
We have no control over Third-Party Websites or any information or materials contained on them and have not investigated, monitored, or checked any Third-Party Websites for accuracy, completeness, or conformance with applicable laws and regulations. We are not responsible for any damages or caused as a result of your use of, or reliance on, Third-Party Websites or any information or materials contained on them. You access and use Third-Party Websites at your own risk.
Our Service does not address anyone under the age of 13 (“Children”).
We do not knowingly collect personally identifiable information from children under 13. If you are a parent or guardian and you are aware that your Children has provided us with Personal Information, please contact us here. If we become aware that we have collected Personal Information from children under age 13 without verification of parental consent, we take steps to remove that information from our servers.
By law, you have the following right with regard to your personal data. Further information and advice about your rights can be obtained from your national data protection regulator. If you wish to exercise any of your rights in relation to your personal data, please contact us here.
|Rights||What does it mean?|
|Right to rectification||You are entitled to have your personal data corrected if it’s inaccurate or incomplete.|
|Right to erasure||This is also known as ‘the right to be forgotten’ and, in simple terms, enables you to request the deletion or removal of your personal data where there’s no compelling reason for us to keep using it. This is not a general right to erasure; there are exceptions.|
|Right to restrict processing||You have rights to ‘block’ or suppress further use of your personal data. When processing is restricted, we can still store your personal data, but may not use it further. We keep lists of people who have asked for further use of their personal data to be ‘blocked’ to make sure the restriction is respected in future.|
|Right to data portability||You have rights to obtain and reuse your personal data for your own purposes across different services. For example, if you decide to switch to a new provider, this enables you to move, copy or transfer your personal data between our IT systems and theirs safely and securely, without affecting its usability.|
|Right to object to processing||You have the right to object to certain types of processing, including processing for direct marketing (which we do only with your consent).|
|Right to withdraw consent||If you have given your consent for direct marketing, you have the right to withdraw your consent at any time. The withdrawal does not affect the lawfulness of previous processing, but from the time you withdraw your consent we will not process any further personal data. As noted above, if you withdraw consent then we may not be able to provide you with all the benefits of the Tidio platform.|
|Right to lodge a complaint Right to explanation & human intervention||You have the right to lodge a complaint about the way we handle or process your personal data with your national data protection regulator. You have the right to obtain an explanation of automated decision, to contest it, to express your views and to obtain human intervention in order to make a new decision.|
We are required by law to act on requests and provide information free of charge, except where your requests are manifestly unfounded or excessive (in particular because of their repetitive nature) in which case we may charge a reasonable fee (taking into account the administrative costs of providing the information or communication or taking the action requested) or refuse to act on the requested.
Please consider your request responsibly before submitting it. We will respond to your request as soon as we can. Generally, this will be within one month from when we receive your request but if the request is going to take longer to deal with, we will let you know.
To find out how to submit a request, please see the Contact Us section.
Personal Data Details – Data Collection, Use, and Purpose, Including the Legal Basis for Our Processing
|Type of interaction with us||Types of personal data we collect||Purpose of processing (how and why we use your personal data)||Legal basis for processing||Controllers(s) of your personal data|
|Accessing and using our site||We collect cookies from your device when you visit our site.||Cookies enable our systems to recognize your device so that we can:|
– provide important features and functionality on our site,- improve the way our site works by providing you with personalized access and an enhanced site;
– monitor and analyze usage of our site to improve its performance;
– deliver online advertising that we believe is most relevant to you; and
– measure the effectiveness of our marketing communications.
– Facebook Pixel
– Google Tag Manager
|Creating an account||To create an account, you are required to provide personal data comprising an email address and password. Additionally, in order to better acquaint you with our service, enhance and fully personalise it according to your needs, we will use your personal data for onboarding.||You provide the personal data willingly, although it is required so that we can provide the service.||Performance of the contract mentioned in article 6, paragraph 1, point b) of GDPR constitutes the basis for processing your personal data. Additionally, it is in our justified interests to provide you with information that allows complete usage of our service’s feature.||Your personal data may be transferred between associated holding entities active within the Tidio companies. Data processing will be conducted through a marketing automation service.|
|Starting the tour||In order to enhance the experience of users during our “starting tour,” we collect the following personal data: name, website address, appearance, business type, business name, and country.||The data is collected in order to personalise the service according to your needs.||Performance of the contract mentioned in article 6, paragraph 1, point b) of GDPR constitutes the basis for processing your personal data.||Your personal data may be transferred between associated holding entities active within the Tidio companies.|
|Purchasing the service||A specified extent of our service is free of charge (freemium), but if you’d like to use certain features – payment is required. To finalise the payment process we collect the following essential data: Credit card number, CVC code, Card expiration date.||Performance of the contract, especially the finalisation of the payment procedure. You provide the personal data willingly, although it is required so that we can provide the service.||Performance of the contract mentioned in article 6, paragraph 1, point b) of GDPR constitutes the basis for processing your personal data.||Your personal data may be transferred between associated holding entities active within the Tidio companies. The personal data will be processed by applications that ensure the finalising of the payment process, such as Stripe, PayPal.|
|Issuing an invoice||If you wish to have an invoice issued, you will be required to provide the following personal data. Please note that we do not always need to issue an invoice; it is voluntary.||The data is collected in order to issue the invoice, they will not be used for any other purpose.||The extent of the personal data present on an invoice stems from applicable laws; the legal obligation mentioned in article 6, paragraph 1, point c) of GDPR constitutes the basis for this data processing.||Your personal data may be transferred between associated holding entities active within the Tidio companies. The personal data will be processed by applications that ensure the finalisation of issuing an invoice, such as QuickBooks.|
|Automated decision-making (including profiling)||Your personal data, including data obtained based on your activity and the way you use our Service will be processed by us in order to evaluate and analyze your activity and information about you.||The purpose of these activities is for you to be able to use our services in the best version, plan and price for you. At the same time, our goal is to support your use of our Service in the most suitable model and form for you.||Performance of the contract mentioned in article 6, paragraph 1, point b) of GDPR constitutes the basis for processing your personal data.||Your personal data may be transferred between associated holding entities active within the Tidio companies.|
Information and Notice for California Residents
Please also note that, in addition to the information in the sections above, when you use our Application, we and third parties may use tracking technologies to collect usage information based on your device for a variety of purposes, including serving you advertising, based on your having visited our services or your activities across time and third-party locations. Some browsers may enable you to turn on or off a so-called “Do Not Track” signal. Because there is no industry consensus on what these signals should mean and how they should operate, we do not look for or respond to “Do Not Track” signals.
We may additionally collect and use your PI for commercial purposes, such as for interest-based advertising.
Please note that we process your personal data to:
- provide services to you, including user support;
- manage requests and complaints received from users;
- maintain and improve our Application, including debugging;
- promote our Application Services to our users and others;
- ensure the quality of our Application and related products and Application Services, including developing new products and services;
- comply with applicable laws and regulations, including obligations to comply with governmental requests, court orders, regulatory guidelines, and similar compliance obligations; or
- make or defend legal claims.
CCPA Do Not Sell
- In 2020, we did not “sell” PI, and we will not sell your PI collected by us during a period in which we did not offer you the opportunity to opt out of the sale, unless we first obtain your affirmative consent to do so.
- We may disclose your PI for the following purposes, which are not sales: (i) if you direct us to share PI; (ii) to comply with your requests under the CCPA; (iii) disclosures among the Tidio companies; (iv) as part of a merger or asset sale; and (v) as otherwise required or permitted by applicable laws.
Consistent with the CCPA and our interest in the security of your PI, in response to a CCPA rights request from you, even if we are in possession of the following, we will not deliver to you a Social Security number; driver’s license number or other government-issued ID numbers; financial account number; any health or medical identification number; an account password; security questions or answers in response to your security questions; or unique biometric data generated from measurements or technical analysis of human characteristics. However, you may be able to access some of this information yourself through your account if available and if you have an active account with us.
CCPA Right-to-Know Categories Request – You have the right to send us a request, no more than twice in a twelve (12)-month period, for any of the following for the period that is twelve (12) months prior to the request date:
- The categories of PI we have collected about you.
- The categories of sources from which we collected your PI.
- The business or commercial purposes for our collecting your PI.
- The categories of third parties to whom we have disclosed your PI.
- A list of the categories of PI disclosed for a business purpose in the prior twelve (12) months and, for each, the categories of recipients, or that no disclosure occurred.
- A list of the categories of PI sold about you in the prior twelve (12) months and, for each, the categories of recipients, or that no sale occurred.
CCPA Specific Pieces of PI Request – You have the right to make or obtain a transportable copy, no more than twice in a twelve (12)-month period, of your PI that we have collected in the period that is twelve (12) months prior to the request date and are maintaining.
CCPA Deletion Request – You may request that we delete the PI that we have collected directly from you and are maintaining. However, we may have a basis for the retention of your PI under the CCPA. Our retention rights include (i) to complete transactions and services you have requested or that are reasonably anticipated; (ii) for security purposes; and (iii) for legitimate internal business purposes, including to maintain business records, to comply with law, to exercise or defend legal claims, and to cooperate with law enforcement. Note also that we are not required to delete your PI that we did not collect directly from you.
Making CCPA Requests
- To make a CCPA request, you or an Authorized Agent (as indicated below) may email us here, or write us at Tidio LLC, Ltd. 160 Spear Street, #1000, San Francisco, CA 94105, U.S.A. (Attn: CCPA Request).
- Authorized Agent Request – As permitted by the CCPA, any request submitted to us is subject to an identification and verification process, and confirmation of the agent’s authority, which may include attestation under penalty of perjury. Absent a power of attorney, we will also require the consumer to verify his or her own identity. We may verify identity based on matching information you provided with data we have maintained on you in our systems. This data could include email address, mailing address, or phone number.
Third-Party Marketing and Other California Privacy Rights
- We provide California residents with the option to opt in to sharing of “personal information,” as defined by California’s “Shine the Light” law, with third parties, other than our affiliates, for such third parties’ own direct marketing purposes. California residents may prospectively withdraw that consent, and/or request information about our compliance with the Shine the Light law, and obtain a disclosure of third parties we have shared information with in accordance with the law for those companies direct marketing purposes and the categories of information shared. To obtain such information, email us here, or write us at 160 Spear Street, #1000, San Francisco, CA 94105, U.S.A. (Attn: California Privacy Rights Request). Requests must include your name, street address, city, state, and ZIP code. Please note that we are only required to respond to one request per customer each year, and we are not required to respond to requests made by means other than through the provided email address or postal address. As these rights and your CCPA rights are not the same and exist under different laws, you must exercise your rights under each law separately.
- California Minors – As noted above, Tidio is intended for a general audience and not directed to children less than thirteen (13) years of age.