SERVICE DATA PRIVACY STATEMENT (“PRIVACY”)
Travis Group Limited (“Travis”, “SleekFlow”, “we”, “us”, or “our”) provides a Software as a Service (SaaS) based “Conversation Cloud” that allows our customers to store, manipulate, analyze and transfer messages between their business systems and their customers on a variety of SleekFlow-provided and third party messaging channels (the “Service“).
1. Agent: an individual who communicates within the Conversation Cloud on behalf of the Customer
1. For example, a member of the Customer’s web support team, or a representative of a third party to whom support has been outsourced
2. Chat Participants: Agents and Users who communicate within the Conversation Cloud
3. Customer: a legal entity with whom SleekFlow has an agreement to provide the Services
1. For clarity, a Customer may be a Controller or a Processor of Personal Data. Where a Customer is a Processor of Personal Data, SleekFlow shall process Personal Data as sub-processor on behalf of the Controller. Instructions from the Controller regarding the processing Personal Data shall be given through the Processor.
4. User: an individual who communicates with a Customer or Agent within the Conversation Cloud
1. For example, a member of the public on Facebook Messenger, a visitor to the Customer’s Website, the holder of an SMS number, or the user of a mobile app
The following terms are used as defined in the EU General Data Protection Regulation (GDPR):
1. Controller: the natural or legal person, public authority, agency or another body which, alone or jointly with others, determines the purposes and means of the processing of personal data
2. Personal Data: any information relating to an identified or identifiable natural person (“Data Subject“)
3. Processor: a natural or legal person, public authority, agency or another body which processes personal data on behalf of the controller
4. Third-Party: a natural or legal person, public authority, agency or body other than the data subject, controller, processor and persons who, under the direct authority of the controller or processor, are authorized to process personal data
3. Data We Process
SleekFlow Services are not directed to children under 16. If you learn that a child under 16 has provided us with Personal Data without consent, please contact us.
4. Types of Service Data
SleekFlow may process the following types of Service Data on behalf of Customers:
4.1. User Profile Information
The SleekFlow API enables Agents to communicate with Users via multiple platforms such as social media (e.g., Facebook Messenger) SMS, and web apps (“Messaging Channels“). Each Channel transmits certain data about the User. Some examples include First Name, Last Name, Email Address, Phone Number, IP Address, Location, Avatar/Image, Username/Handle, Linked IDs, and others.
The types of Personal Data transmitted in the User profile depend on the data collected by the Controller, and the User’s privacy settings and preferences. The Controller may be the Messaging Channel (e.g. Facebook, WeChat or WhatsApp); or the Customer, when messages are received via [technology platform] (e.g. SMS, email), or web apps created using SleekFlow’s Software Development Kit.
4.2. Agent Profile Information
Customers may enable the configuration of profiles for their Agents, including details such as Name and Image.
4.3. Message Content
The message content may be structured or unstructured, and may or may not contain Personal Data. SleekFlow handles all messages in the Conversation Cloud as Personal Data.
SleekFlow servers automatically record some information when Services are used, including information sent by browsers or mobile apps.
SleekFlow may collect information about the devices Services are being used on, including what type of device it is, operating system, device settings, application IDs, unique device identifiers, and crash data.
5. Purposes for Processing
SleekFlow processes the Personal Data types outlined above for the following purposes:
1. To provide and enhance our product and service offerings
2. To provide insights and statistics on an aggregated basis to help our Customers measure their performance, better understand their customers and improve their product and service offerings
3. To respond to customer requests for support or assistance
This policy is not intended to place any limits on what we do with data that is aggregated and/or de-identified. It is no longer associated with an identifiable user or Customer of the Services and is therefore not Personal Data.
6. How We Protect Data
With regard to the Service and Service Data, SleekFlow acts as a Processor on behalf of Customers. Customers have primary responsibility for interacting with Data Subjects, and the role of SleekFlow is generally limited to assisting Customers as needed. SleekFlow processes Service Data only upon a Customer’s instruction and shall have a duty to respect the security and confidentiality of Personal Data, pursuant to the measures outlined in agreements with Customers and as required by applicable law.
7. Privacy Program
SleekFlow maintains a managed privacy program to identify risks and implement preventative measures. Our Chief Privacy Officer, supported by a network of senior professionals throughout the business and development teams, is responsible for managing the privacy program. The privacy program is and will be reviewed on a regular basis to provide for continued effectiveness.
8. Information Security
SleekFlow takes security seriously. We take various steps to protect the information you provide to us from loss, misuse, and unauthorised access or disclosure. These steps take into account the sensitivity of the information we collect, process and store, and the current state of technology.
To learn more about current practices and policies regarding security and confidentiality of Customer Data and other information, please enquire us for our Security Notice, we keep that document updated as these practices evolve over time.
13. Transparency and Cooperation with Customers
SleekFlow undertakes to be transparent regarding its Personal Data processing activities and to provide Customers with reasonable cooperation to help facilitate their respective data protection obligations regarding Personal Data.
14. Data Breach Notification
In the event that SleekFlow becomes aware of any unauthorised access to or disclosure of Personal Data, SleekFlow will promptly notify affected Customers to the extent such notification is permitted by applicable law.
15. Customer Audits
Upon a Customer’s request, and subject to appropriate confidentiality obligations, SleekFlow shall make available to the Customer (or such Customer’s independent, third-party auditor) information regarding SleekFlow and third-party sub-processors’ compliance with the data protection requirements set forth in our agreements.
16. Obligations Upon Termination
Upon termination of the Services, SleekFlow shall, at the request of the Customer, delete, render un-identifiable, or return all Personal Data to the Customer. SleekFlow will certify that it has done so unless legislation prevents it from returning or destroying the data. In that case, SleekFlow will protect the data in accordance with its commitments and will not actively process the personal data transferred anymore.
17. Sharing and Disclosure
There are times when information described in this privacy statement may be shared by SleekFlow. This section discusses how SleekFlow may share such information. Customers determine their own policies for sharing and disclosure.
SleekFlow reserves the right to disclose or use aggregate or de-identified information for any purpose. For example, we may share aggregated or de-identified information with our partners or others for business or research purposes like telling a prospective SleekFlow Customer the average number of messages sent within a day.
18. Sub-processing by Third Parties
SleekFlow may retain third party sub-processors, and depending on the location of the third-party sub-processor, processing of Personal Data by such sub-processors may involve transfers of Personal Data. Such third-party sub-processors shall process Personal Data only in accordance with the Customer’s instructions.
As of the date hereof, these third party providers include technical operations such as database monitoring, data storage and hosting services and customer support software tools.
Such third-party sub-processors have entered into written agreements with SleekFlow in accordance with the applicable requirements.
19. Compliance with Laws
SleekFlow may share or disclose data to comply with legal or regulatory requirements and to respond to lawful requests, court orders and legal process.
20. Enforcing Our Rights, Preventing Fraud, and Safety
SleekFlow may share or disclose data to protect and defend the rights, property, or safety of us or third parties, including enforcing contracts or policies, or in connection with the investigation and preventing fraud.
22. Changes to our Business Structure
SleekFlow may share or disclose data if we engage in a merger, acquisition, bankruptcy, dissolution, reorganization, sale of some or all of SleekFlow’s assets, financing, acquisition of all or a portion of our business, a similar transaction or proceeding, or steps in contemplation of such activities (e.g. due diligence).
23. Data Subject Rights
SleekFlow acts as a data processor on behalf of Customers. Customers have primary responsibility for interacting with Data Subjects, and the role of SleekFlow is generally limited to assisting Customers as needed.
24. Access, Correction, Amendment or Deletion Requests
SleekFlow shall promptly notify a Customer if SleekFlow receives a request from a Data Subject for access to, correction, amendment or deletion of that person’s Personal Data. SleekFlow shall not respond to any such Data Subject request without the Customer’s prior written consent except to confirm that the request relates to that Customer.
SleekFlow shall provide Customers with cooperation and assistance in a reasonable period of time and to the extent reasonably possible in relation to any request regarding Personal Data to the extent Customers do not have access to such Personal Data through their respective uses of the Services.
25. Handling of Complaints
Data Subjects may lodge a complaint about the processing of their respective Personal Data by contacting the relevant Customer or the SleekFlow Privacy department at the email address firstname.lastname@example.org. SleekFlow shall promptly communicate the complaint to the Customer to whom the Personal Data relates.
Customers shall be responsible for responding to all Data Subject complaints forwarded by SleekFlow, except in cases where a Customer has disappeared factually or has ceased to exist in law or become insolvent. Where SleekFlow is aware of such a case, it undertakes to respond directly to Data Subjects’ complaints within thirty (30) days, including the consequences of the complaint and further actions Data Subjects may take if they are unsatisfied by the reply.
26. Regulatory Inquiries and Complaints
SleekFlow shall, to the extent legally permitted, promptly notify a Customer if it receives an inquiry or complaint from a data protection authority in which that Customer is specifically named. Upon a Customer’s request, SleekFlow shall provide the Customer with cooperation and assistance in relation to any regulatory enquiry or complaint involving SleekFlow’s processing of Personal Data.
27. Changes to this Statement
We reserve the right to change the statement as our product develops. If we do so, we will post any changes on this page. On the usage of the Services, after those changes are in effect, you are hereby in agreement to the revised policy.
This document was last updated on January 2020.
28. Contacting SleekFlow
You may contact us at email@example.com or at our mailing address below :
Travis Group Limited
Rm 9, Entrepreneurship Centre, L3 Cyberport 3, IT Street, 100 Cyberport Road, Pok Fu Lam, Hong Kong