Service Data Privacy Statement

Last Updated June 17, 2019

1. Introduction

Sendbee, Inc. ("Sendbee", "we", "us", or "our") provides a Software as a Service (SaaS) based "Customer Service Software" that allows our customers to store, manipulate, analyze and transfer messages between Sendbee and their business systems and their customers on a variety of Sendbee-provided and third party messaging channels (the "Service"). This document is intended to supplement and clarify the Sendbee Privacy Policy with regard to Personal Data processed on behalf of our Customers during provision of the Service ("Service Data"). This Privacy Statement for Service Data represents an Agreement between Sendbee and the Customer and governs the use of Service Data. If there is any inconsistency between this Agreement and any negotiated Agreement between Sendbee and the Customer, the terms of the negotiated agreement will prevail.

2. Definitions

  • a. Agent: an individual who communicates within the Customer Service Software on behalf of the Customer
  • i. For example, a member of the Customer’s web support team, or a representative of a third party to whom support has been outsourced
  • b. Chat Participants: Agents and Users who communicate within the Customer Service Software
  • c. Customer: a legal entity with whom Sendbee has an agreement to provide the Services
  • i. For clarity, a Customer may be a Controller or a Processor of Personal Data. Where a Customer is a Processor of Personal Data, Sendbee shall process Personal Data as sub-processor on behalf of the Controller. Instructions from the Controller regarding the processing Personal Data shall be given through the Processor.
  • d. User: an individual who communicates with a Customer or Agent within the Customer Service Software
  • i. For example, a member of the public on WhatsApp messenger, a visitor to the Customer’s Website, or the user of a mobile app

  • The following terms are used as defined in the EU General Data Protection Regulation (GDPR):
  • a. Controller: the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data
  • b. Personal Data: any information relating to an identified or identifiable natural person ("Data Subject")
  • c. Processor: a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller
  • d. Third Party: a natural or legal person, public authority, agency or body other than the data subject, controller, processor and persons who, under the direct authority of the controller or processor, are authorized to process personal data

3. Data We Process

This document is intended to supplement and clarify the Sendbee Privacy Policy with regard to Personal Data processed on behalf of our Customers during provision of the Service ("Data Subject") Sendbee may collect and process Personal Data about individuals for the purposes of account creation, billing, usage tracking, recruiting, and marketing. These data types and processing activities are governed instead by the Sendbee Privacy Policy. Data that is not related to an identified or identifiable natural person, including aggregated or de-identified data, is not Personal Data and is not addressed by this document. Sendbee Services are not directed to children under 16. If you learn that a child under 16 has provided us with Personal Data without consent, please contact us.

4. Types of Service Data

Sendbee may process the following types of Service Data on behalf of Customers:

User Profile Information

    The Sendbee API, wep application or mobile application enables Agents to communicate with Users via multiple platforms such as social media (e.g., WhatsApp Messenger), email, SMS, and web apps ("Messaging Channels"). Each Channel transmits certain data about the User. Some examples include: First Name, Last Name, Email Address, Phone Number, IP Address, Location, Avatar/Image, Username/Handle, Linked IDs, and others. The types of Personal Data transmitted in the User profile depend on the data collected by the Controller, and the User’s privacy settings and preferences. The Controller may be the Messaging Channel (e.g. WhatsApp Business API); or the Customer, when messages are received via [technology platform] (e.g. SMS, email), or web apps created using Sendbee’s Software Development Kit.

    Agent Profile Information
    Customers may enable the configuration of profiles for their Agents, including details such as Name and Image.

    Message Content
    Message content may be structured or unstructured, and may or may not contain Personal Data. Sendbee handles all messages in the Customer Service Software as Personal Data.

    Metadata
    Sendbee servers automatically record some information when Services are used, including information sent by browsers or mobile apps. Sendbee may collect information about the devices Services are being used on, including what type of device it is, operating system, device settings, application IDs, unique device identifiers, and crash data.

    5. Purposes for Processing

    Sendbee processes the Personal Data types outlined above for the following purposes:

    • a. To provide and enhance our product and service offerings
    • b. To provide insights and statistics on an aggregated basis to help our Customers measure their performance, better understand their customers and improve their product and service offerings
    • c. To respond to Customer requests for support or assistance
    • This policy is not intended to place any limits on what we do with data that is aggregated and/or de-identified. It is no longer associated with an identifiable user or Customer of the Services and is therefore not Personal Data.

    6. How We Protect Data

    With regard to the Service and Service Data, Sendbee acts as a Processor on behalf of Customers. Customers have primary responsibility for interacting with Data Subjects, and the role of Sendbee is generally limited to assisting Customers as needed. Sendbee processes Service Data only upon a Customer’s instruction and shall have a duty to respect the security and confidentiality of Personal Data, pursuant to the measures outlined in agreements with Customers and as required by applicable law.

    Privacy Program
    Sendbee maintains a managed privacy program to identify risks and implement preventative measures. The privacy program is and will be reviewed on a regular basis to provide for continued effectiveness. Personal Data collected and processed by Sendbee is governed by the Sendbee Data Privacy Policy. Employees with access to Personal Data are trained on the Policy and their responsibility to protect the data, and they are bound by confidentiality agreements. Sendbee has implemented a Privacy by Design (PbD) approach, and our development team receives specific training related to their job responsibilities.

    Information Security
    Sendbee takes security seriously. We take various steps to protect information you provide to us from loss, misuse, and unauthorized access or disclosure. These steps take into account the sensitivity of the information we collect, process and store, and the current state of technology.

    7. Transparency and Cooperation with Customers

    Sendbee undertakes to be transparent regarding its Personal Data processing activities and to provide Customers with reasonable cooperation to help facilitate their respective data protection obligations regarding Personal Data.

    Data Breach Notification
    In the event that Sendbee becomes aware of any unauthorized access to or disclosure of Personal Data, Sendbee will promptly notify affected Customers to the extent such notification is permitted by applicable law.

    Customer Audits
    Upon a Customer’s request, and subject to appropriate confidentiality obligations, Sendbee shall make available to the Customer (or such Customer’s independent, third-party auditor) information regarding Sendbee and third-party sub-processors’ compliance with the data protection requirements set forth in our agreements.

    Obligations Upon Termination
    Upon termination of the Services, Sendbee shall, at the request of the Customer, delete, render un-identifiable, or return all Personal Data to the Customer. Sendbee will certify that it has done so, unless legislation prevents it from returning or destroying the data. In that case, Sendbee will protect the data in accordance with its commitments and will not actively process the personal data transferred anymore.

    8. Sharing and Disclosure

    There are times when information described in this privacy statement may be shared by Sendbee. This section discusses how Sendbee may share such information. Customers determine their own policies for the sharing and disclosure. Sendbee reserves the right to disclose or use aggregate or de-identified information for any purpose. For example, we may share aggregated or de-identified information with our partners or others for business or research purposes like telling a prospective Sendbee Customer the average number of messages sent within a day.

    Sub-processing by Third Parties
    Sendbee may retain third party sub-processors, and depending on the location of the third-party sub-processor, processing of Personal Data by such sub-processors may involve transfers of Personal Data. Such third-party sub-processors shall process Personal Data only in accordance with the Customer’s instructions. As of the date hereof, these third party providers include technical operations such as database monitoring, data storage and hosting services and customer support software tools. Such third-party sub-processors have entered into written agreements with Sendbee in accordance with the applicable requirements.

    Compliance with Laws
    Sendbee may share or disclosed data to comply with legal or regulatory requirements and to respond to lawful requests, court orders and legal process.

    Enforcing Our Rights, Preventing Fraud, and Safety
    Sendbee may share or disclose data to protect and defend the rights, property, or safety of us or third parties, including enforcing contracts or policies, or in connection with investigation and preventing fraud.

    Changes to our Business Structure
    Sendbee may share or disclose data if we engage in a merger, acquisition, bankruptcy, dissolution, reorganization, sale of some or all of Sendbee’s assets, financing, acquisition of all or a portion of our business, a similar transaction or proceeding, or steps in contemplation of such activities (e.g. due diligence).

    9. Data Subject Rights

    Sendbee shall promptly notify a Customer if Sendbee receives a request from a Data Subject for access to, correction, amendment or deletion of that person’s Personal Data. Sendbee shall not respond to any such Data Subject request without the Customer’s prior written consent except to confirm that the request relates to that Customer. Senbdee shall provide Customers with cooperation and assistance in a reasonable period of time and to the extent reasonably possible in relation to any request regarding Personal Data to the extent Customers do not have access to such Personal Data through their respective uses of the Services.

    Handling of Complaints
    Data Subjects may lodge a complaint about processing of their respective Personal Data by contacting the relevant Customer or the Sendbee Privacy department at the email address privacy@sendbee.io Sendbee shall promptly communicate the complaint to the Customer to whom the Personal Data relates. Customers shall be responsible for responding to all Data Subject complaints forwarded by Senbdee, except in cases where a Customer has disappeared factually or has ceased to exist in law or become insolvent. Where Sendbee is aware of such a case, it undertakes to respond directly to Data Subjects’ complaints within thirty (30) days, including the consequences of the complaint and further actions Data Subjects may take if they are unsatisfied by the reply.

    Regulatory Inquiries and Complaints
    Sendbee shall, to the extent legally permitted, promptly notify a Customer if it receives an inquiry or complaint from a data protection authority in which that Customer is specifically named. Upon a Customer’s request, Sendbee shall provide the Customer with cooperation and assistance in relation to any regulatory inquiry or complaint involving Sendbee’s processing of Personal Data.

    10. Changes to this Statement

    We may change this statement from time to time, and if we do we will post any changes on this page. If you continue to use the Services after those changes are in effect, you agree to the revised policy. This document was last updated in June 2019.

    11. Contacting Sendbee

    Please feel free to contact us if you have any questions about Sendbee’s Privacy commitments or practices. You may contact us at privacy@sendbee.io.