Data Processing Agremeement
The term of this DPA shall follow the term of the Agreement. Terms not otherwise defined herein shall have the meaning as set forth in the Agreement.
User refers to any person using chatpointment in any way.
Service Provider refers to a chatpointment User that is in charge of or part of a business or organisation that uses chatpointment's services to offer online booking for their clients.
Client refers to a User that communicates with a Service Provider and/or our chatbot.
Data Controller means Service Provider.
Data Processor means chatpointment.
Subprocessor means any entity which provides processing services to chatpointment.
Personal Data is information Users provide to one of Our Services or websites or one of our partners or other third parties that we have the access to and that can be used to identify and contact you.
Data subject matter & nature of processing: chatpointment processes instant messages sent by Clients to Service Providers. These messages contain personal data (name, phone number, email address, gender) and are required by the Service Provider to schedule an appointment. chatpointment stores the processed data in a calendar controlled by the Service Provider on behalf of the Service Provider. chatpointment must be granted read and write access to this calendar in order to provide its services.
Duration of processing: Personal data will be processed as long as Service Providers make use of chatpointment's Services.
Types of personal data: Personal data processed by chatpointment for the purposes of appointment booking are name, phone number, email address, gender. This data is provided by Clients through Messenger or accessed by chatpointment through publicly shared information on a Client's Facebook profile.
Categories of Data Subjects: Data subjects whose personal data is processed are Clients communicating with Service Providers on Messenger and who thereby use chatpointment's Services in order to obtain services from a Service Provider.
A Service Provider acts as a Data Controller and shall be responsible for complying with the statutory requirements relating to data protection and privacy of the personal data of Clients under his or her control. A Service Provider shall grant chatpointment secure access to data under the Service Provider's control in order for chatpointment to provide its processing services as instructed by the Service Provider.
Comply with instructions: The parties acknowledge and agree that the Service Provider is the Controller of Client's personal data and chatpointment is the Processor of that data. Processor shall collect, process and use personal data only within the scope of Controller’s instructions.
Confidentiality: The Processor ensures that personnel authorized to access personal data is subject to confidentiality obligations.
Security: The Processor ensures that only authorized personnel has access to personal data. This access is on a need-to-know basis and necessary to provide the operation of Our Services. The processor ensures adequate protection of data during storage and transfer, for instance by securing access to data at rest and encrypting data while in transport.
Data subject Requests: The data processor will assist the data controller in dealing with requests from data subjects. If a request is made with the Processor, the Controller shall be informed and Data Subjects will be advised to submit their request to the Controller. Controller shall be solely responsible for responding to any Data Subjects' requests.
Personal Data Breaches: The Processor will notify the controller promptly of any personal data breaches.
The processor is allowed to engage sub-processors in order to provide its Services. The Controller explicitly authorizes the processor to engage the sub-processors listed below.