If you have a privacy concern, complaint, or question, please contact Goapp's Data Protection Officer via privacy@goapp.co.id. For more information about contacting Goapp, including our affiliates, see the How to contact us section of this Privacy Statement.

At Goapp, we do everything in our power to protect your data and give you full control over your personal data on our platform. Our aim is that you always feel informed and empowered with respect to safeguarding your own privacy, and the privacy of your customers. As a Cloud based Customer Experience Platform, we process personal data in order to deliver our services. This Privacy Statement applies to all affiliated entities of Goapp, unless a separate statement has been set forth, and contains information about what data we collect, why we collect it, and how we handle that data.

Goapp is a cloud based omin-channel communication, commerce and retention platform that allows businesses to create and manage customer experience on any channels they love such as email, chat, social media, marketplace and web/mobile app.

This Privacy Statement is designed to enable you, as well as the recipients of the communications you may send over Goapp's platform, to make informed decisions about personal data when you make use of our communications services.

We only ask for personal data when we need it for the purposes of making use of the services of Goapp or to provide you with relevant information. Whether you sign up to our newsletter, accept the general terms and conditions, or sign an order form, you provide your personal data to us for a particular purpose. You always have the opportunity to explicitly agree to the collection, use, disclosure, and sharing of the information you've provided. That applies even when you're browsing our website, where you can manage your cookie preferences. You can review your personal data and change your settings at all times.

Since customers integrate our products in their own software applications, we don't interact with their end-users directly. When customers do share end-user information with us, we always handle that data in accordance with the applicable data protection regulations, including GDPR. We don't use that data for any purposes other than those specifically issued by the customer who provides the data, the general terms and conditions of Goapp and this privacy statement.

Throughout this document you'll encounter the mention of several roles and responsibilities. Here's a quick explanation of the different roles, responsibilities, and systems of governance that play an integral part in ensuring your data is protected.

The controller determines the purpose (why) and means (how) of personal data sharing (e.g. to receive important information or sending invoices) and remains ultimately responsible for the correct handling of the subject's data. The controller is often the company that an individual (or data subject) provides their personal data to directly.

The processor is the company that provides part of the service of the controller, and needs specific personal data in control of the controller in order to do so. To give an example: when one of our customers sends a campaign through our platform, we need personal data such as a phone number to fulfil the service. The processor only processes personal data according to the instructions of the controller.

Depending on your relationship with Goapp, we can be both controller and processor. If you have any questions about these terms or more general inquiries about how we handle identifiable data, you can always contact us at privacy@goapp.co.id

Just as keeping your data safe is our priority, so is protecting your rights and freedoms as an individual. All the personal data we process is lawfully obtained and with a legal basis. The purpose of the information we collect is so we can enable you to use our services and continue to conduct and expand our day-to-day business. Personal data can also help us to improve our products and to fit the needs of our customers, such as product and experience personalization of our Inbox and OmniChannel Chat Widget products. All processing of personal data serves a particular purpose - of which you will be informed - and will only be used to fulfill that purpose.

We process personal data based on a limited set of legal bases:

1. Explicit consent from the data subject (e.g. ticking a box on our website when you want to download product information)
2. Performance of a contract (including negotiating and signing a contract to receive a Goapp service)
3. Compliance with legal obligations which requires us to do so (such as preventing misuse or our services, cooperating with formal disclosure requests and storing financial data for the duration required)
4. Legitimate interest of Goapp (for example, direct marketing to existing customers of Goapp)

The specific legal bases which permit us to process your personal data may differ where you receive Goapp services outside the European Economic Area (EEA) and our services are governed by non-EU privacy requirements.

We collect personal data for specific purposes, and we'll always tell you what those are when we collect it. We'll use the collected data for the specified purpose alone, as long as our relationship stays the same. If our relationship changes, we may need more information. For example, if you fill out a form to request more information about one of our products, we'll use your contact data to send the requested product information to you. If you then decide to become a customer, we'll need additional information including your billing address for the purpose of providing you with the services you are interested in.

Here's the list of the purposes for which we'll request or use your data:‍

1. Sharing relevant information about our products and services,
2. Creating an account that's connected to your person and company,
3. Verifying your identity
4. Provision of the services
5. Finance and billing
6. Analysing usage of our products and services
7. Providing Customer Support to potential or existing customers
8. Detecting and combating fraudulent or unlawful activity
9. Training and quality improvement
10. Expanding business through our marketing and sales channels
11. Fulfil financial obligations such as paying taxes and ensuring invoices are paid
12. Keeping your account secure

You will always have the choice to provide personal data on our domain or not. Please keep in mind that declining to provide personal data might prevent you from using a certain product or service. We will tell you the implications of not providing the information asked for when you choose not to do so.

The exact type of data we collect depends on the related product or service. Applying your privacy settings on our website, signing up for a newsletter, downloading marketing materials, or using any of our products and services all require you to leave appropriate details, specific to that purpose. We never collect more data than we need and may ask for additional data at the appropriate time.

You will always remain to have a choice when it comes to the Goapp products and services you use and the data you share. When we ask you to provide personal data, you can decline. Many of our products require some personal data to provide you with a service. If you choose not to provide data required to provide you with a product or feature, you cannot use that product or feature.

Goapp's personal data processing activities include three main categories when you use our products and services:

1. Customer account data (or potential customer data) - your personal data as an account holder on behalf of your company.
2. End-user data - the personal data of the intended recipients of the communication services you as a customer make use of. The category end-user data consists of both communication traffic data (all data related to the communication; e.g. metadata) including customer content of the communications.
3. Website visitor data - when visiting our website you will be asked to (re)set your cookie preferences. Based on your preferences personal data may be collected. When you would like to be contacted by our Sales or Customer Support teams, subscribe for a newsletter or download product information you only share information with us that is relevant to the request made. Additionally, when logging in to your customer environment via the website Goapp collects data related to the usage of the dashboard and platform.

Depending on our relationship the personal data shared by you can include:

Customer account and potential customer information

Full name, Address, Email address, Financial information, Account ID, Gender, Job title, LinkedIn account, IP address, Signature, Usage data of services, dashboard and website, Customer support call recordings, Communication traffic data.

Communication body, Traffic data, Location related information, Phone number sender and recipient, Email address sender and recipient, Website visitor data.

Cookie preferences, IP addresses, Location related information, Pages visited, Browser and device information, How we collect and use data, To be thorough, we've listed how we collect personal data and how that data will be used. The information below is not exhaustive and may be updated in accordance to new legislation, or because further clarification is needed based on a new product or service.

Goapp uses the data that you share with us, or that we receive via third party providers such as Google, Twitter and Facebook, depending on yours and your end-user's privacy settings, to provide you with the best experience of our brand, the services and people connected to them. Most notably, we use data to:

1. enable you to use our products and services, publicly facing websites and contact our Customer Support team.
2. personalize your experience of our products and services, and make recommendations. improve and (further) develop products, which includes analyzing usage data. operate our business
3. More detailed information on the purposes we fulfil can be found under 'Why we collect personal data'.

Personal data is predominantly shared with us by you as a (potential) customer or website visitor; additionally, as a customer making use of our communication products you share information of end-users with us to enable the transmission of the communications services. In some cases additional information related to the business you work for, your position and the industry it operates in will be gathered via online sources or enrichment providers to be able to address your business needs best.

Customers and third party social media. Goapp may receive information from third party social media providers as instructed by you, the customer, or the end-user. Depending on the end-users' privacy settings as well as on your settings as a customer, a third party social media tool can compliment a customer's profile of the end-user at Goapp. When a customer connects to a social media page, they would have the option to share or not to share the information with Goapp, depending on the platform.

When browsing our website based on your cookie preference, we automatically collect data by placing cookies and trusted tracking technologies on your browser. The information we collect helps us maintain and improve our website and business. It usually includes your IP address, browser type, the pages you've visited and in what order, and whether you're a new or recurring visitor.

We use this data to ensure that the website works correctly and store any preferences you may have. It also helps us show relevant advertisements, generate and review data, and generate reports on our website user base and usage patterns.

When filling out a form on our website, you directly interact with us. When you 'Talk to Sales', 'Suggest an Integration', 'Talk to Support' through our live chat window, send us an email, or subscribe to our newsletter, we use the data you provide.

When you sign up on our website, we ask for some personal data like your email address, company, name, and the content of your inquiries. The particular fields to fill in may differ per form, we'll never ask you for irrelevant information, and we'll always use the data for the purpose you submitted it for.

If you're already a customer, we'll use the data collected from your account. That gives us relevant insight into how you're using our platform and our products, what your business needs are, past support issues, and so on. Pulling this information allows us to tailor our assistance, product offers and provide the best possible assistance support via our support, tech and sales teams.

When creating a free trial account, you'll need to fill out some personal data. The information we ask for is limited to what we need to provide you with the trial account. If you sign up by linking a third party account, you allow that third party to share the basic profile information needed to create a personal account with Goapp.

We always ask you to authenticate yourself by verifying the email address and phone number that you have provided upon signup. All you have to do next is log in with your username and password and you're ready to get started. Activating your account by confirming your email address and phone number proves to us that you created the account and that you're human. It also makes sure you have a valid phone number to test our services with if you like to. Your number is used to send test messages, allows our support team to contact you, and allows for two-factor authentication on your account.

When buying credits or subscribing to a plan, we need more information than just your name and password. In order to start billing, we need information including your company details, billing address and preferred payment method(s). You're assigned an Account ID automatically that's used to process your orders, assign invoices, and track API requests.

If you integrate our APIs into your software application, you'll be given an authentication token that allows us to identify you when you send API requests.

Your credentials will help us to improve our internal processes and services. We keep account credentials on record to identify the account that assigns the API commands, and to make sure the account manager and our support team can store and access relevant information about your account on a strict need-to-know basis.

Sometimes, we're legally required to collect additional information depending on the service. For instance, if you want to operate in Luxembourg, Canada, Denmark, Malaysia, or the United States, you need specific approval, which can be requested through your account portal. To complete the request, we require details like the purpose of your campaign and a template or example of communications that you would send via Goapp. We then share all required information with local authorities of the country you specified to complete the procedure.

When using our products and services, we collect the commands your application communicates to Goapp. This includes your IP addresses, information on your usage, and routing information.

In order to develop our business, we make use of third parties that supply us with information collected from publicly available sources and data enrichment providers. The information we collect is based on personas created by automated processes. The purpose of enriching profiles is to assess that only relevant leads and customers are processed and the additional information helps to address the specific needs, based on type of industry, company scale and is done so on the basis of the company's legitimate interest. In order to make sure we only approach the right audience, we only retain information that will help us reach out to people and companies that would benefit from the use of our services and products. If you no longer want to be contacted by our sales team, you can always object by contacting your account manager or Goapp's support team via support@goapp.co.id.

The categories of personal data below are involved. As you will see most of them are business related; nevertheless, even in a business relationship some information might be considered personal data; company name, company description and website, company (estimated) revenue and employee range, company industry, employment role and title, seniority, full name, phone number.

The information will not be retained longer than is necessary to fulfill the purpose, or if an objection is made by you that will take away the legal basis of consent or legitimate interest. The retention period may vary between a couple of weeks for leads, up to the duration of the services for existing customers.

The source of the information is Clearbit and the categories of recipients will be solely Goapp internal teams working with our CRM provider Salesforce. For more information on these companies please see the section Approved Processors.

Rest assured that all third parties involved in Goapp's day-to-day business will have to comply with the appropriate cross-border transfer mechanisms.

Whether we fulfil the role of controller, processor, or even as a mere conduit, we always make sure that the parties we work with adhere to similar data protection and security standards as we agreed upon with you. Goapp engages three categories of recipients:

Third party service and technology providers as well as (tele)communications services providers working on our behalf to provide you with products and services Goapp group entities Government authorities, when required to do so by law Here's who we share information with and why:

(Tele)Communications Services Providers

Telecom operators, aggregators and other communications service providers for proper routing and connectivity. We reach people's smartphones through telecom operators and other communication service providers. In order to make sure the message you send will reach the intended recipient, independent of their location, we make use of a global network of telecom providers. When it comes to the contents of electronic communications transmitted by communication providers, these operators, aggregators and service providers qualify neither as controllers nor as processors under the EU's GDPR insofar as they act as mere conduits in transmitting the content. If they process content data for their own purposes (e.g. undertaking their own filtering or data retention activities), they act as controllers.

Third party service and technology providers who perform necessary actions on our behalf. We can share personal data with third party service providers, like our payment processor and hosting providers. We never share information without prior vetting, due contracts or for specific purposes that can be fulfilled in-house. An overview of third party service providers can be found under Approved Processors.‍

Payment Service Provider and financial information ‍Payment Service Providers (PSPs) of Goapp provide our customers with two ancillary services, besides the regular provision of payment services: Saved Payment Methods, and Auto Recharge. Stripe, Mollie and Adyen are the PSPs collecting, processing and storing the payments requests of our customers and are doing so as controllers in their own right.

Saved Payment Methods allows our customers to save the financial information of a specific payment method on a consent basis for their own convenience. The information necessary to provide the service differs depending on the selected payment method (credit card, iDeal or Paypal) but for a credit card consists of the last four digits of a credit card number, the expiration date, and the name of the cardholder. For iDeal the IBAN/ BIC number and account name, and for PayPal the account email address.

With Auto Recharge Goapp and its Payment Service Providers enable our customers to automatically top up their account balance if it falls below a minimum threshold. This ancillary service is enabled by means of a toggle button, by which you provide your consent to use the required information to automatically recharge the credits on your balance. Goapp requests extra authentication from its customers by means of an email that requires you to complete an extra authentication, when the bank or PSP requires it for these transactions.

For both of these ancillary payment services you can withdraw your consent at any time on the customer finance settings page, here.

Targeted Advertising

‍We don't sell any information to or from third parties for advertising or marketing purposes. We use direct marketing ourselves through Google Adwords, LinkedIn and Facebook. Find out more on how to manage your advertising preferences by checking out our Cookie Preference Center, or by visiting the advertising settings in your browser.

We won't share your information with third parties without your permission, except when we're required to by law and in accordance with Goapp's Disclosure Requests Policy.

Part of the policy requires Goapp to only respond to government requests when we are legally obliged to do so. Accordingly, the request needs to 1. be sent from a government agency, 2. be issued where we are subject to the respective jurisdiction, 3. be an enforceable subpoena, search warrant, court order or similar official instrument compelling us to disclose the information requested, and 4. state the categories of records sought and specific time period.

As a global cloud based enterprise, the usage of our services often involves the transfer of personal data, both within and outside the European Economic Area (EEA). We always take care to ensure our partners outside the EEA, and within the EU for that matter, have sufficient guarantees and safeguards in place to properly treat and protect your data in line with our data protection and (information) security standards.

Among others we make sure data transferred outside the EEA will only be done with the appropriate cross border transfer mechanisms in place. We always make sure we contractually agree on data protection to protect the rights and freedoms of all individuals, inside and outside the EU, and ensure compliance with our data protection standards and, when applicable, the other data protection regulations.

We do everything in our power to keep your data safe. We invest in state-of-the-art technology and thorough security screenings of our infrastructure and employees to minimise security risks. Moreover, Goapp is ISO/IEC 27001:2013 certified, the globally recognised information security standards for Information Security Management Systems. All our hosting providers are ISO/IEC 27001:2013 compliant as well.

Since all our accounts are password-, and optionally two-factor authentication, -protected the only person with access to your account should be you. If your login information is stolen or used without your permission, it's imperative you notify us immediately so we can secure your account. You can do so by sending an email to security@goapp.co.id with the subject 'Urgent: account credentials'.

If you want to know more about the measures we take to keep your data secure, check out our Security statement. It contains information about the industry standard, administrative, technical, physical, and organizational safeguards designed to prevent unauthorized access and use of personal data.

How long we keep personal data depends on its nature and the purpose for which it was obtained. We retain personal data to fulfil contractual or legal obligations which may vary depending on the geographical location you are residing in, the service is procured or the communications services are terminated.

Personal data related to SMS and Voice communications services, such as leasing telephone numbers, email addresses, location related information, and message body, all have a default retention period of six months to fulfil our European obligations to actively prevent misuse of our services and when formally requested disclose information to further a criminal investigation. In other regions this period can be extended up to two years. Alternatively, personal data for these and other services, features and products can be retained for a longer duration only if instructed by the customer for the provision of the services, such as in the event such communication channels are used in the context of Inbox or the OMC. Unless instructed otherwise, we solely retain end-user communication data, including recipients' phone numbers and/or email addresses, for the purpose of preventing misuse of the Goapp services for the period of six months.

We provide all of our customers with ancillary services which, among others, include the possibility of maintaining the online address book Contacts for your convenience, and insights in the communication usage and transmission history, specific to your account and for the duration of the services. In relation to these ancillary services, customer ensures that any end-user (communication recipient) personal data, such as phone numbers, email addresses, etc, are solely controlled by you as a controller and any data protection rights exercised by your end-users must be executed by you as a customer. We will neither access nor delete any such personal data on behalf of you as a controller and it is your responsibility as a customer to ensure compliance with your obligations towards the end-users whose personal data you control.

We keep information for marketing and sales purposes up to 12 months, or when applicable, for the duration of the service to you as a customer.

Additionally, we are under an obligation to demonstrate compliance with the applicable national and EU financial and tax laws and regulations. To do so, data related to a customer's account such as name, email address, (company) address, (company) bank details and position within the company will be kept for a period up to 10 years.

Proof that consent has been given to the processing of personal data, where applicable, will be retained for five years.

If you would like to review, amend, transfer or request to delete personal data during the default retention period, you can use dedicated features to do so. Specific requests can be submitted through easily accessible forms on our dashboard. Please note that we are not always in a position to follow up on an erasure request in the case that it conflicts with one of our legal retention obligations. In addition, Goapp has to be able to demonstrate that legitimate requests have been fulfilled. This confirmation email must be retained for five years due to the possibility to impose civil penalties on companies based on the Dutch General Administrative Law Act.

After the required retention period expires, we might keep data in a non-identifiable form for archival, statistical and/or other legitimate purposes. None of it will be able to identify an individual.

Even though we collect your data to conduct business, your data stays your own. You stay in control of your, and the recipients' of your communications, personal data and can at any time choose what you want us to do with it. You can: change your cookie settings as a website visitor, withdraw consent to our processing of your data when this applies, control and review your data, and object to and restrict the processing of data if you deem that necessary.

Change your cookie settings. When you visit our website for the first time, you can either allow us to place all the cookies we use on your browser, decide to accept specific ones or deny all our cookies. You can always change your preferences both in your browser settings and in the cookie settings on our website. Within our cookie settings, we outline each cookie type in use on our site and provide an explanation of the implications of accepting it.

Withdraw consent to our processing of your data. If for whatever reason you no longer want us to use your personal data, and you have provided that data to us on a consent basis, you're free to change your mind. We will always comply with your request, unless we're legally required to keep your data. Which basically means that if there is any legal obligation, for example our responsibility to demonstrate we have acted upon a withdrawal of consent request, we must keep information that includes personal data in order to do so.

You can always view, amend, delete, and transfer the personal data you control. As a Goapp customer, if you want to exercise control over your or your end-users' personal data, you must do so on your online account. We provide all of our customers with reasonable assistance to fulfill your obligations as a data controller towards the recipients of the communications you have sent over our platform. In order to verify your identity, or the genuinity of the request you make on behalf of the end-user whose data you control, we have made technical and organizational measures available that allow you to fulfil these obligations via your online account. Unfortunately requests sent by you as a customer via email are therefore not considered as a valid means to exercise these rights and as a result we are not in a position to process such requests. For the avoidance of doubt, you as a customer acting as a controller are responsible for processing any requests or complaints on behalf of your end-users whose personal data you control.

If you are not a customer and therefore don't use the dashboard or have access to the API, you can exercise your rights by sending a request to privacy@goapp.co.id, our support staff, or via written request addressed to our headquarters in Amsterdam.

We'll process your request as soon as possible with a maximum of one month after receiving it. If a request is complicated or we get too many requests to process at a given time period, our response time can be increased by two months. You'll be informed when such an extension period applies. When you choose to delete your personal data, we hold the right to hold onto anonymised and aggregated data. If we do so, nothing will be able to identify you as a person in any way. If we're required to retain your information for legal reasons, we will let you know in response to your request.

When your personal data is being processed to fulfill a legitimate interest to us, such as direct marketing to existing customers, you're able to object and unsubscribe. You can always exercise your right to restrict processing, and we'll make sure to process your data in the way you specify. We will assess each request on a case-by-case basis according to the rules set out by the applicable data protection laws, often the GDPR. If we override your request, we need to demonstrate that we have compelling grounds to do so, or that there's a legal claim which allows us to retain personal data. If you don't agree with how we've handled your request, you can file a complaint with the Data Protection Supervisory Authority of The Netherlands, the authority related to the member state you live or work in, or the country in which the suspected infringement has taken place.

Specifically for California based data subjects (consumers), data subjects shall not be discriminated because of the exercise of their rights under the CCPA.

We place small data files, called cookies, or similar technologies on your browser. A cookie is a small text file saved on your computer or mobile device when you visit a website.

In the cookie banner and in this notice we will explain in clear and plain language the relevant details about their use. This includes: where they are hosted, the lifespan of the cookie, and their purpose. This list is subject to change and it may not include all such providers at any given time.

The Goapp website uses four types of cookies; strictly necessary, performance, functional and marketing cookies. These include first and third party cookies: first party cookies are set and controlled by Goapp, while third party cookies are set and controlled by a third party tool or service.

The duration of a cookie varies: session cookies disappear from your computer or browser when you logout of your account or close your browser, while persistent cookies are stored even after you've closed the page. The retention period for these cookies is specified below.

With the exception of strictly necessary cookies, cookies will only be placed on your device and/or browser after you confirm or update your preferences through the cookie banner.

If you decide to not allow opt-in cookies on this site, the site may not function as designed. For example, you may face issues logging in or retaining set preferences, such as the language the website displays.

Our services and products are not directed to children under the age of 18. We never knowingly collect and/or process any personal data from children under this age directly. If we discover we've received personal data from a child without parental or legal consent, we will immediately take reasonable steps to delete that information as quickly as possible. If you believe we have any information from or about a child, please contact us at privacy@goapp.co.id with the subject: 'Children'.

Our online services and communications may embed hyperlinks to websites that are not owned or controlled by Goapp. We're not responsible for the privacy practices, policies, notices or content that are not on our website or domain, even if we've embedded a link to them. We encourage you to read and understand the privacy practices, policies, notices, and content of any linked sites that you visit.

This statement might be subject to changes. We reserve the right to change, update, modify, or remove any part of this Privacy Statement at any time. If any modifications substantially affects your rights under this statement, we will send you an email where possible. You can always decide to continue to use our services or not in accordance with the new terms.

If you have any dispute with us relating to our privacy practices, please contact our legal team at privacy@goapp.co.id with the subject: 'Dispute'. If we can't reach an understanding via email, please refer to the Terms, which describes how disputes will be resolved between us. Please be sure to review the Terms before you use any of our products and services.

An overview of the third-parties used for the processing of personal data can be found here. In addition, the Help Center page contains a 'subscribe' button that allows you to subscribe to notifications of changes to our use of third-party (sub)processors.

If you have any questions left regarding the processing of your personal data when you use our website and services, or have any feedback or suggestions to make this policy better, please don't not hesitate to contact us.

If you're not satisfied with our reply, you may refer your complaint to the relevant regulator in your jurisdiction.

You can reach our Data Protection Officer at privacy@goapp.co.id