Service Data Privacy Statement


1. Introduction

Travis Group Limited (“Travis”, “SleekFlow”, “we”,
“us”, or “our”) provides a Software as a Service (SaaS) based “Conversation
Cloud” that allows our customers to store, manipulate, analyze and transfer
messages between their business systems and their customers on a variety of SleekFlow-provided
and third party messaging channels (the “Service“).

This document is intended to supplement and clarify
the SleekFlow Privacy Policy with regard to Personal Data processed on behalf of
our Customers during the provision of the Service (“Service Data“). This
Privacy Statement for Service Data represents an Agreement between SleekFlow
and the Customer and governs the use of Service Data. If there is any
inconsistency between this Agreement and any negotiated Agreement between SleekFlow
and the Customer, the terms of the negotiated agreement will prevail.

2. Definitions

1.     Agent: an individual who communicates within the
Conversation Cloud on behalf of the Customer

1.     For example, a member of the Customer’s web support
team, or a representative of a third party to whom support has been outsourced

2.     Chat Participants: Agents and Users who communicate
within the Conversation Cloud

3.     Customer: a legal entity with whom SleekFlow has an
agreement to provide the Services

1.     For clarity, a Customer may be a Controller or a
Processor of Personal Data. Where a Customer is a Processor of Personal Data, SleekFlow
shall process Personal Data as sub-processor on behalf of the Controller.
Instructions from the Controller regarding the processing Personal Data shall
be given through the Processor.

4.     User: an individual who communicates with a Customer
or Agent within the Conversation Cloud

1.     For example, a member of the public on Facebook
Messenger, a visitor to the Customer’s Website, the holder of an SMS number, or
the user of a mobile app

The following terms are used as defined in the EU
General Data Protection Regulation (GDPR):

1.     Controller: the natural or legal person, public
authority, agency or another body which, alone or jointly with others,
determines the purposes and means of the processing of personal data

2.     Personal Data: any information relating to an
identified or identifiable natural person (“Data Subject“)

3.     Processor: a natural or legal person, public
authority, agency or another body which processes personal data on behalf of
the controller

4.     Third-Party: a natural or legal person, public
authority, agency or body other than the data subject, controller, processor
and persons who, under the direct authority of the controller or processor, are
authorized to process personal data

3. Data We Process

This document is intended to supplement and clarify
the SleekFlow Privacy Policy with regard to Personal Data processed on behalf
of our Customers during the provision of the Service (“Data Subject“)

SleekFlow may collect and process Personal Data about
individuals for the purposes of account creation, billing, usage tracking,
recruiting, and marketing. These data types and processing activities are
governed instead by the SleekFlow Privacy Policy. Data that is not related to
an identified or identifiable natural person, including aggregated or
de-identified data, is not Personal Data and is not addressed by this document.

SleekFlow Services are not directed to children under
16. If you learn that a child under 16 has provided us with Personal Data
without consent, please contact us.

4. Types of Service Data

SleekFlow may process the following types of Service
Data on behalf of Customers:

4.1. User Profile Information

The SleekFlow API enables Agents to communicate with
Users via multiple platforms such as social media (e.g., Facebook Messenger) SMS,
and web apps (“Messaging Channels“). Each Channel transmits certain data about
the User. Some examples include First Name, Last Name, Email Address, Phone
Number, IP Address, Location, Avatar/Image, Username/Handle, Linked IDs, and

The types of Personal Data transmitted in the User
profile depend on the data collected by the Controller, and the User’s privacy
settings and preferences. The Controller may be the Messaging Channel (e.g.
Facebook, WeChat or WhatsApp); or the Customer, when messages are received via
[technology platform] (e.g. SMS, email), or web apps created using SleekFlow’s Software
Development Kit.

4.2. Agent Profile Information

Customers may enable the configuration of profiles for
their Agents, including details such as Name and Image.

4.3. Message Content

The message content may be structured or unstructured,
and may or may not contain Personal Data. SleekFlow handles all messages in the
Conversation Cloud as Personal Data.

4.4. Metadata

SleekFlow servers automatically record some
information when Services are used, including information sent by browsers or
mobile apps.

SleekFlow may collect information about the devices
Services are being used on, including what type of device it is, operating
system, device settings, application IDs, unique device identifiers, and crash


5. Purposes for Processing

SleekFlow processes the Personal Data types outlined
above for the following purposes:

1.     To provide and enhance our product and service

2.     To provide insights and statistics on an aggregated
basis to help our Customers measure their performance, better understand their
customers and improve their product and service offerings

3.     To respond to customer requests for support or

This policy is not intended to place any limits on
what we do with data that is aggregated and/or de-identified. It is no longer
associated with an identifiable user or Customer of the Services and is
therefore not Personal Data.


6. How We Protect Data

With regard to the Service and Service Data, SleekFlow
acts as a Processor on behalf of Customers. Customers have primary
responsibility for interacting with Data Subjects, and the role of SleekFlow is
generally limited to assisting Customers as needed. SleekFlow processes Service
Data only upon a Customer’s instruction and shall have a duty to respect the
security and confidentiality of Personal Data, pursuant to the measures
outlined in agreements with Customers and as required by applicable law.


7. Privacy Program

SleekFlow maintains a managed privacy program to
identify risks and implement preventative measures. Our Chief Privacy Officer,
supported by a network of senior professionals throughout the business and
development teams, is responsible for managing the privacy program. The privacy
program is and will be reviewed on a regular basis to provide for continued

Personal Data collected and processed by SleekFlow is
governed by the SleekFlow Data Privacy Policy. Employees with access to
Personal Data are trained on the Policy and their responsibility to protect the
data, and they are bound by confidentiality agreements. SleekFlow has
implemented a Privacy by Design (PbD) approach, and our development team receives
specific training related to their job responsibilities.


8. Information Security

SleekFlow takes security seriously. We take various
steps to protect the information you provide to us from loss, misuse, and
unauthorised access or disclosure. These steps take into account the
sensitivity of the information we collect, process and store, and the current
state of technology.

To learn more about current practices and policies
regarding security and confidentiality of Customer Data and other information,
please enquire us for our Security Notice, we keep that document updated as
these practices evolve over time.

13. Transparency and Cooperation with Customers

SleekFlow undertakes to be transparent regarding its
Personal Data processing activities and to provide Customers with reasonable
cooperation to help facilitate their respective data protection obligations
regarding Personal Data.

14. Data Breach Notification

In the event that SleekFlow becomes aware of any
unauthorised access to or disclosure of Personal Data, SleekFlow will promptly
notify affected Customers to the extent such notification is permitted by
applicable law.

15. Customer Audits

Upon a Customer’s request, and subject to appropriate
confidentiality obligations, SleekFlow shall make available to the Customer (or
such Customer’s independent, third-party auditor) information regarding SleekFlow
and third-party sub-processors’ compliance with the data protection
requirements set forth in our agreements.

16. Obligations Upon Termination

Upon termination of the Services, SleekFlow shall, at
the request of the Customer, delete, render un-identifiable, or return all
Personal Data to the Customer. SleekFlow will certify that it has done so
unless legislation prevents it from returning or destroying the data. In that
case, SleekFlow will protect the data in accordance with its commitments and
will not actively process the personal data transferred anymore.

17. Sharing and Disclosure

There are times when information described in this
privacy statement may be shared by SleekFlow. This section discusses how SleekFlow
may share such information. Customers determine their own policies for sharing
and disclosure.

SleekFlow reserves the right to disclose or use
aggregate or de-identified information for any purpose. For example, we may
share aggregated or de-identified information with our partners or others for
business or research purposes like telling a prospective SleekFlow Customer the
average number of messages sent within a day.

18. Sub-processing by Third Parties

SleekFlow may retain third party sub-processors, and
depending on the location of the third-party sub-processor, processing of
Personal Data by such sub-processors may involve transfers of Personal Data.
Such third-party sub-processors shall process Personal Data only in accordance
with the Customer’s instructions.

As of the date hereof, these third party providers
include technical operations such as database monitoring, data storage and
hosting services and customer support software tools.

Such third-party sub-processors have entered into
written agreements with SleekFlow in accordance with the applicable


19. Compliance with Laws

SleekFlow may share or disclose data to comply with
legal or regulatory requirements and to respond to lawful requests, court
orders and legal process.


20. Enforcing Our Rights, Preventing Fraud, and Safety

SleekFlow may share or disclose data to protect and
defend the rights, property, or safety of us or third parties, including
enforcing contracts or policies, or in connection with the investigation and
preventing fraud.


22. Changes to our Business Structure

SleekFlow may share or disclose data if we engage in a
merger, acquisition, bankruptcy, dissolution, reorganization, sale of some or
all of SleekFlow’s assets, financing, acquisition of all or a portion of our
business, a similar transaction or proceeding, or steps in contemplation of
such activities (e.g. due diligence).

23. Data Subject Rights

SleekFlow acts as a data processor on behalf of
Customers. Customers have primary responsibility for interacting with Data
Subjects, and the role of SleekFlow is generally limited to assisting Customers
as needed.

24. Access, Correction, Amendment or Deletion Requests

SleekFlow shall promptly notify a Customer if SleekFlow
receives a request from a Data Subject for access to, correction, amendment or
deletion of that person’s Personal Data. SleekFlow shall not respond to any
such Data Subject request without the Customer’s prior written consent except
to confirm that the request relates to that Customer.

SleekFlow shall provide Customers with cooperation and
assistance in a reasonable period of time and to the extent reasonably possible
in relation to any request regarding Personal Data to the extent Customers do
not have access to such Personal Data through their respective uses of the

25. Handling of Complaints

Data Subjects may lodge a complaint about the
processing of their respective Personal Data by contacting the relevant
Customer or the SleekFlow Privacy department at the email address support@sleekflow.io.
SleekFlow shall promptly communicate the complaint to the Customer to whom the
Personal Data relates.

Customers shall be responsible for responding to all
Data Subject complaints forwarded by SleekFlow, except in cases where a
Customer has disappeared factually or has ceased to exist in law or become
insolvent. Where SleekFlow is aware of such a case, it undertakes to respond
directly to Data Subjects’ complaints within thirty (30) days, including the
consequences of the complaint and further actions Data Subjects may take if
they are unsatisfied by the reply.

26. Regulatory Inquiries and Complaints

SleekFlow shall, to the extent legally permitted,
promptly notify a Customer if it receives an inquiry or complaint from a data
protection authority in which that Customer is specifically named. Upon a
Customer’s request, SleekFlow shall provide the Customer with cooperation and
assistance in relation to any regulatory enquiry or complaint involving SleekFlow’s
processing of Personal Data.

27. Changes to this Statement

We reserve the right to change the statement as our
product develops. If we do so, we will post any changes on this page. On the
usage of the Services, after those changes are in effect, you are hereby in
agreement to the revised policy.

This document was last updated on January 2020.

28. Contacting SleekFlow

Feel free to contact regarding doubts in terms of Use
and integration of our product for your company.

You may contact us at hi@sleekflow.io or
at our mailing address below :

Travis Group Limited

Room 2, SmartSpace 3F, 9/F, Cyberport 3, Island South, Hong Kong