Privacy Policy
I am Kanbu, an AI assistant that efficiently responds to customer inquiries with the maximum level of automation. If you decide to use me, or if you wish to communicate in another way with my creator, personal data will be processed. In this document, I would like to explain how we handle your personal data, what we do with it, and who the recipients of the personal data are.
At the outset, a few basic pieces of information:
Who is my creator?
Kanbu.ai, s.r.o., with its registered office at Purkyňova 649/127, Medlánky, 612 00 Brno, Company ID: 22583131, registered in the Commercial Register maintained by the Regional Court in Brno under file no. C 143394. In GDPR terms, this entity is the so-called controller of personal data and hereinafter in this document we will refer to it as “we”.
Where can you contact us?
At the email address info@kanbu.ai.
In this document, we explain how we handle personal data as controllers of personal data, i.e., in cases where we use your personal data for our own purposes. If you are interested in how the Chatbot itself works with personal data, please see our data processing terms here:
https://kanbu.ai/assets/attachments/Kanbu_cz_data%20protection.pdf.
All information is also available on the website: https://kanbu.ai/.
A. AND WHAT DO I PROCESS?
These are basic personal data that you probably expect to be processed. For better clarity, we have divided them into the following categories:
● Identification data – first name, surname, or another identification detail that we request from you.
● Email.
● Telephone number.
● Billing data – address, Company ID, VAT ID, date of birth, company name, simply the necessary data for invoicing.
● Our mutual communication – did you send us a message on the website? Yes, the text of this message is also personal data, because we record it in connection with you as the data subject.
● Other information related to the contractual relationship – relationships require information. If we exchange any other relevant information between us, this will also be processed. This may include information about pricing plans, resolution of incidents and other activities related to the contractual relationship and SLA (we do not anticipate these), etc.
● Data from cookies, i.e., data obtained from cookies and similar technologies that we use on the website.
B. PURPOSES OF PERSONAL DATA PROCESSING
B.1 CONTRACTUAL RELATIONSHIP
If we conclude a contract together, approve the terms and we provide you with our services and the Chatbot, we will process personal data precisely for this purpose. This includes making the product available and using other services that we have agreed on in the contract. The contractual relationship may also include sending information related to the concluded contract (changes to terms, information on performance, information on the status of the contractual relationship, etc.) to your email.
For this purpose, we process your Identification data, Email, Telephone number, Billing data, and Other information related to the contractual relationship.
The legal basis for this processing is the necessity for the performance of the contractual relationship.
The data are processed for the duration of the contractual relationship.
B.2 PROTECTION OF OUR RIGHTS AND LEGAL INTERESTS
We may process your data for the purpose of protecting our rights and legal interests.
For this purpose, we process your Identification data, Email, Telephone number, Billing data, and Other information related to the contractual relationship. If necessary, Our mutual communication may also be processed for this purpose.
The legal basis for this processing is our legitimate interest in protecting our rights. The data are processed for the period necessary to protect our rights, especially with regard to limitation periods. Thus, it will generally be a period of 10 years. The scope of stored data may vary.
B.3 FULFILMENT OF LEGAL OBLIGATIONS
We must fulfil legal obligations. For example, in the area of accounting and taxes. Therefore, we record, archive, store and share necessary information with public authorities. For example, we must store issued invoices. In some cases, these may be requested by the Tax Authority.
For this purpose, we process mainly your Identification data, Billing data and Other information related to the contractual relationship.
The legal basis for this processing is the fulfilment of our legal obligations.
The data are processed for the period stipulated by legal regulations. In the area of accounting and taxes, this is mainly a period of 5–10 years.
B.4 ANALYSIS OF WEBSITE TRAFFIC (ANALYTICS)
On the website, we also process personal data in connection with cookies. These allow us to perform certain basic analytical activities, find out what kind of users visit our website, and how the website is used.
With your consent, we may process Cookie data for this purpose, which enable us to carry out more detailed analyses of portal visits (analytical cookies). Specifically, this concerns Google Analytics by Google and Microsoft Clarity by Microsoft. The legal basis for processing is your consent, which you have granted via the cookie banner. Personal data are processed until you withdraw your consent, but in any case no longer than the storage period of cookies in the browser, which is typically 13 months.
B.5 BASIC MARKETING ACTIVITY (MARKETING)
In addition to analytical cookies, we also have certain tools that help us with marketing. These serve to store some of your preferences and activities. We may then use this information for better ad targeting.
With your consent, we may process Cookie data for this purpose, which help us with such marketing targeting. Specifically, this concerns the Facebook pixel by Meta. The legal basis for processing is your consent, which you have granted via the cookie banner. Personal data are processed until you withdraw your consent, but in any case no longer than the storage period of cookies in the browser, which is typically 13 months.
C. SHARING OF PERSONAL DATA
From the above, you have surely understood that we do not carry out processing alone. We may use the services of third parties for this purpose. Or sharing may be required by law. Below you will find an overview of these recipients:
● Storage provider.
● Accounting service provider.
● Persons cooperating on the basis of cooperation agreements or other arrangements.
● Company providing invoicing and accounting administration.
● Company providing email distribution.
● Google, Microsoft and Meta in connection with analytical and marketing cookies.
If we share your personal data with controllers and processors in third countries (outside the EEA), we do so only where there is a decision of the European Commission that a specific country outside the EEA ensures an adequate level of data protection, including cases where controllers or processors have adopted additional safeguards such as Binding Corporate Rules (BCR) or Standard Contractual Clauses (SCC).
D. YOUR RIGHTS IN CONNECTION WITH PROCESSING AND THE POSSIBILITY OF EXERCISING THEM
Your rights are listed below. All rights may be exercised via the contact email address provided at the beginning of this document.
Right of access
You have the right to obtain confirmation from us as to whether or not we process your personal data.
If we process your personal data, you also have the right to request access to information about the purpose and scope of processing, recipients of the data, duration of processing, the right to rectification, erasure, restriction of processing and objection to processing, the right to lodge a complaint with a supervisory authority and information about the sources of personal data (this information is already provided in this document).
You may also request a copy of the processed personal data. The first copy is provided free of charge; additional copies may be subject to a fee. The scope of provided data may be limited so as not to infringe the rights and freedoms of others.
Right to withdraw consent
You have the right to withdraw your consent to the processing of personal data at any time. Withdrawal of consent does not affect the lawfulness of processing prior to such withdrawal and does not lead to the termination of processing of personal data that has already been anonymized.
Right to rectification
You have the right to request correction of inaccurate personal data concerning you. Depending on the purpose of processing, you may also have the right to have incomplete personal data completed, including by providing a supplementary statement.
Right to erasure (right to be forgotten)
You have the right to request the erasure of your personal data where:
● your personal data are no longer necessary for the purposes for which they were collected or processed;
● you withdraw consent on which the processing was based and there is no other legal ground for processing;
● you object to processing and there are no overriding legitimate grounds for processing, or you object to processing for direct marketing purposes;
● personal data are processed unlawfully.
However, this right cannot be exercised where processing is necessary for compliance with our legal obligations or tasks carried out in the public interest, or for the establishment, exercise or defence of legal claims.
Right to restriction of processing
You have the right to request restriction of processing of your personal data where:
● you contest the accuracy of your personal data; in such case, you may request restriction until the accuracy is verified;
● processing is unlawful and instead of erasure you request restriction;
● we no longer need the data for the purposes for which they were collected or processed, but you require them for the establishment, exercise or defence of legal claims;
● you have objected to processing; in such case, you may request restriction until it is verified whether our legitimate interests override yours.
Right to data portability
You have the right to obtain a copy of your personal data that we process automatically based on your consent or for the performance of a contract. These data will be provided in a commonly used and machine-readable format to you or to a controller designated by you, where technically feasible. The scope of provided data may be limited so as not to infringe the rights and freedoms of others.
Right to object
You have the right to object to processing of your personal data that we process based on our legitimate interest. We will cease processing unless there are overriding legitimate grounds or the processing is necessary for the establishment, exercise or defence of legal claims, or if you object to processing for direct marketing purposes.
E. RIGHT TO LODGE A COMPLAINT
In addition to exercising your rights with our company, you may also lodge a complaint with the competent supervisory authority, which is the Office for Personal Data Protection, located at Pplk. Sochora 27, 170 00 Prague 7.
