This document outlines Converzation’s GDPR compliance for businesses and individuals in the European Union (EU) or United Kingdom (UK) using our services.
The General Data Protection Regulation (GDPR) provides EU citizens with enhanced control over their personal data and requires organizations to comply with strict data protection regulations. At Converzation, operated by Desku Inc., we adhere to GDPR by registering and monitoring all data processing activities involving our users (referred to as “Data Subjects”) and maintaining a clear understanding of how data flows within and outside our organization.
For GDPR-related inquiries, contact our Data Protection Officer (DPO) at info@converzation.com.
Converzation as a Data Controller
As a business, Converzation makes decisions about and is responsible for how the personal data you provide to us is processed. Under GDPR, we are designated as a Data Controller.
- Data Controller: Responsible for determining the purposes and means of processing personal data.
- Data Processor: Acts on behalf of the Data Controller, performing activities such as collecting, structuring, or storing data.
When you use Converzation, we typically act as a Data Controller. However, in cases where our services are integrated into another business’s systems via API, we may also act as a Data Processor. We rely on trusted Sub-Processors to provide certain services—you can find the full list of Sub-Processors here.
Personal Information We Collect
As outlined in our Privacy Policy, Converzation collects and processes personal information necessary to provide our services. Depending on your usage, we may collect the following:
General Information
- Contact Data: Email addresses (for all users).
- Internet Data: Cookies, tracers, audience metrics, and navigation data.
- Identification Data: First and last name (if provided explicitly).
- Connection Data: IP addresses, logs, and usage timestamps.
Content Uploads and Conversations
You may choose to upload or share personal information while using Converzation’s services. While we discourage sharing sensitive data, it may be processed unintentionally when:
- Uploading Content: Identification, professional, sensitive, or financial data may be included in your uploads.
- Interacting with Converzation AI: Conversations with AI bots may include personal or sensitive data shared by you or your end-users.
We recommend minimizing the personal data you provide when using our services.
How We Use Your Personal Information
We use personal data for specific Processing Activities to improve your experience and fulfill contractual obligations. Each activity has a defined legal basis:
- Legitimate Interest (LI): Necessary for Converzation’s or a third party’s legitimate interests.
- Contractual Duties (CD): Required for executing a contract or subscription.
- Consent (C): Explicit permission for specific purposes.
Processing Activities
| Activity | Purpose | Legal Basis |
|---|---|---|
| Managing your account | Access, administration, and use of Converzation services | LI, CD, C |
| Payment processing | Billing and subscription management | CD, C |
| AI training and content addition | Enabling bots to process and respond to queries | LI, CD, C |
| User interaction with AI bots | Facilitating conversational responses | LI, CD, C |
| Customer support | Addressing and resolving user queries | LI |
| Security and bug monitoring | Preventing abuse and ensuring platform integrity | LI |
| Analytics and audience measurement | Website traffic and engagement analysis | LI, C |
| Marketing and newsletters | Sending updates and promotional content | LI, C |
| Affiliate/referral program | Rewarding users promoting Converzation | LI, CD |
Data is retained only as long as necessary to fulfill these purposes. Upon request or completion of services, data is archived, anonymized, or erased.
International Data Transfers
Converzation processes most data within the EU. However, some Sub-Processors are based in the United States. To ensure GDPR compliance, these processors follow the EU-US Data Privacy Framework and Standard Contractual Clauses (SCCs) approved by the European Commission. For more information, visit the European Commission’s SCC FAQ page.
Your Rights
Under GDPR, you have the following rights over your personal data:
- Access: Request access to your data and obtain a copy.
- Correction: Modify outdated, inaccurate, or incomplete data.
- Erasure: Request deletion of data if legally applicable.
- Restriction: Limit processing in specific circumstances.
- Portability: Receive your data in a machine-readable format or transfer it to another provider.
- Objection: Object to data processing based on legitimate interests.
- Withdrawal of Consent: Opt-out of previously provided consent.
To exercise these rights, email info@converzation.com. Requests will be processed within 30 days. If you are an end-user of a business using Converzation, your request will be forwarded to the respective business for response.
Data Security
We prioritize data security through:
- AES 256 encryption for data at rest.
- TLS 1.2+ encryption for data in transit.
- Regular staff training and access control.
Data Breach Notification
In the event of a data breach, we will notify affected users within 48 hours and report to the relevant authorities. For any concerns, contact info@converzation.com.
Reporting Vulnerabilities
If you discover a security vulnerability, email info@converzation.com with detailed findings. We will investigate and address the issue promptly.