Chad’s Compliance
Chad (“we” or “us” or “company”) has put in technical and organisational measures to safeguard personal data stored by our website or products. We have also updated the Terms of Service, Privacy Policy, and other supporting policies and guidelines showing our GDPR compliance. We ensure all personal data being collected and/or processed via our website, products or any other entities is clearly communicated to the relevant parties for transparency and accountability.
We have processes in place to rectify any errors or inaccuracies in the personal data of the data subjects either on our own accord or when specifically required by the data subject. This, however, must not conflict with the intellectual property of the organisation.
Where personal data of individuals in the EU/EEA, the United Kingdom, or Switzerland is transferred to and stored in the United States, Chad relies on Standard Contractual Clauses and, once its participation in the Data Privacy Framework is confirmed, on the EU-U.S. Data Privacy Framework (including the UK Extension and the Swiss-U.S. Data Privacy Framework). See our Privacy Policy for details.
Data Collection and Processing
Chad believes in honest and transparent communication with its users. We ensure that the knowledge of all the data collected or processed by us is made available to our users. Strict and best-practice measures are taken to ensure the security and lawful use of this data.
Chad has the following entities that may collect, display or use information of data subjects:
Data can be collected from these Chad entities via mediums like tracking pixels, UTM parameters, cookies or directly from the data subject using form submissions. Chad does this to take data-driven decision in improving its solutions and customer experience thereby adding more value to the user.
Where Chad processes personal data on behalf of its business customers (for example, their end-users’ support conversations), Chad acts as a processor and only on that customer’s instructions. Chad may anonymize such data and use the resulting anonymized data to evaluate and improve its Services; once anonymized, this data can no longer identify an individual and is no longer personal data.
Third Party Processors
Chad also uses several Third Party Tools/Services that collect and process user data. Here are the details:
Data Storage – Method and Location
Chad believes in a user’s right to know where their data is stored and processed. Here are the details:
Data Retention and Deletion
Chad retains personal data for as long as it is necessary to provide the Services and to fulfill the purposes described in this Policy, after which we delete or anonymize it. Because the same shopper may deal with more than one business that uses Chad, we treat two kinds of data differently.
A shared shopper record. When a shopper interacts with a business through the Services, we keep a single record of that shopper’s identity and profile — such as their name, contact details, addresses and order history — that may be shared across every business the shopper deals with. This lets each business’s assistant recognize a returning shopper and provide better service, and preserves the shopper’s own purchase and support history as a continuous record. We retain this record for as long as it remains necessary for at least one business to provide the Services to that shopper.
Per-business data. Each business’s own conversations, orders and related records are stored separately and associated with that business.
Retrieval and deletion. Following termination, and if the business asks, its Customer Data remains available to that business for retrieval for 45 days (see our Master Subscription Agreement). Termination alone does not trigger deletion of a shopper record that other businesses still rely on. If a business asks us in writing to delete its data, we delete that business’s conversations and its portion of any shared shopper record from our active production systems within 30 days, and from our backups within our standard backup rotation cycle (during which the data is isolated and put beyond use). Where the shopper record is still needed by another business, we delete only the requesting business’s portion and its associated conversations and retain the shared record for the remaining business(es); a shopper record that is no longer associated with any business is deleted in full. We may retain data where retention is required by law, for the establishment, exercise or defense of legal claims, or where an overriding legitimate interest applies.
Individuals may exercise their right to erasure through the routes in the “Contact us” section below. Because most shopper data is processed on behalf of a business (the controller), we act on verified erasure requests together with the relevant business, and honor them except where an exception above applies.
Privacy Policy
Click here for our Privacy Policy.
Contact us
If you have questions or complaints regarding our GDPR Policy or Privacy Policy:
- If you are located in the EU/EEA, please contact our EU Representative (details below).
- If you are located in the UK, please contact our UK Representative (details below).
Individuals located outside the EU/EEA and the UK are not covered by the GDPR, and we are unable to address GDPR-related questions or complaints from them.
EU/EEA & UK GDPR Representatives (Article 27)
If you are located in the EU or UK, and have questions or concerns regarding your personal data, you may contact our GDPR representative:
EU Representative:
Euverify Ltd (Ireland)
Unit 3D North Point House
North Point Business Park
New Mallow Road
Cork
T23 AT2P
Ireland
Email: gdpr@euverify.com
UK Representative:
Euverify Ltd (UK)
3rd Floor
86-90 Paul Street
London
EC2A 4NE
United Kingdom
Email: gdpr@euverify.com
To submit a Data Subject Access Request (DSAR), data deletion request, or any other GDPR-related inquiry, please use our secure portal.
This link allows you to verify our appointed representative and submit GDPR requests directly. Requests submitted through this portal are logged and tracked to ensure timely response and compliance.
These routes apply to personal data for which Chad is the controller. For personal data we process on behalf of a business customer (for example, that customer’s own end-users), the business customer is the controller; please direct your request to them, and we will assist them as their processor.