1.2. We are committed to safeguarding the privacy of our data-subjects ("you" or "User"); in this Policy we explain how your personal data, meaning any information relating to you as an identified or identifiable natural person, that we may hold about you, is collected, used, stored, disclosed, and removed (each and all referred to as "processing").
Under this Policy, we may use your personal data in order to:
(a) Identify the User;
(b) Provide the User with our Service;
(c) Inform the User about our new services and promotions;
(d) Support, protect and improve our Service;
(e) Protect our legitimate interests as well the Users’.
For more information please read the Section 2 of this Policy.
1.3. This Policy only applies to the information we process. It does not apply to the practices of companies that we don't own or control, or employees that we don't manage. Information available via our Service may contain links to third party applications or websites, and any information you provide to those sites will be covered by any privacy policies they may have.
Please be sure to read the privacy policies of any third-party applications and/or sites you visit. It is those sites' responsibility to protect any information you give them, so we can't be held liable for their wrongful use of your personally identifying information.
1.4. We may update this Policy from time to time and will notify you of changes to the Policy affecting your rights by email and/or by posting on our website at https://chatstep.info/privacy/.
2. Your Personal Data and How We Use It
In this Section 2 we set out:
(a) the general categories of data and types of personal data that we may process;
(b) the source of that personal data;
(c) the purposes for which we may process personal data; and
(d) the legal bases of the processing.
2.1. We may process your registration data.
Registration data may include: your full name, photo (your “avatar”), ID, username and email address, gender, date of birth, country, region and city of residence as well as your social network account data. The source of the data is you. Registration data is required in order for you to be able to access and use the Service. The legal bases for this processing are consent and the performance of a contract between you and us and/or taking steps, at your request, to enter into such a contract.
2.2. We may process your PC or software data.
All the personal data that is automatically sent by User’s installed software, including: the User’s IP-adress, cookies files content, personal data that is sent by browser or another software that allows you to access our Service, as well as date/time and your requested page URL, E-wallet ID, CSP name and exact date/time of the SMS-message sent and its content as well. If you buy products or services from us, we may collect your first and last name, partial credit card number and/or other payment information. The legal bases for this processing are consent and the performance of a contract between you and us and/or taking steps, at your request, to enter into such a contract.
We use our commercially reasonable efforts to make sure your credit card number and other payment information is kept strictly confidential by using only third-party billing services that are GDPR compliant and use industry-standard encryption technology to protect your credit card number from unauthorized use.
2.3. We may process your usage data.
Usage data is data about your use of the Service. Usage data is primarily non-personally-identifying information of the sort that web browsers, servers, and services like Google Analytics typically make available, such as the browser type, language preference, referring site, and the time of each visit. Other information that we might have access to includes how you use the Service (e.g. search queries), your approximate location, etc.
Usage data may include:
1) Data that we collect mainly for behaviour statistics, business intelligence and email campaigns ("analytics data"). We gather the Service traffic data with the help of Google Analytics.
2) Data that we collect mainly for technical, security and/or fraud prevention reasons or for tracking errors ("technical data").
The legal basis for this processing is our legitimate interests and/or by third-parties, namely to monitor the quality of the Service and improve the Service as well as to prevent, detect and investigate fraud, criminal activity or other misuse of the Service and to prevent security issues.
2.4. We may process your communication data.
Communication data is information contained in or relating to any communication that you send to us or generate through the use of our Service.
Communication data includes:
1) All your messages, requests and other communication with our Customer Support which may happen during the dispute review process or via support tickets, emails, or by means of any other communication tool; and
2) All your communications and file attachments or other data that you generate mainly by communicating to other Users.
Communication data may include email address, username, avatar, IP address, full name, audio and video files and in the case of manual ID verification: photo of the User’s personal ID, photo of the User and photo of the User’s utility bill or related document. Our system may also randomly take screenshots of your communications with other Users. The communication data may be processed for the purposes of communicating with you, record-keeping, in order to review and resolve disputes, prevent illegal and objectionable behavior, serve our customers better and improve our Service. The legal bases for this processing is our legitimate interests, namely the proper administration of our Service and business, prevention of illegal and/or immoral behaviour.
2.5. We may process your notification data.
Notification data is information that you provide to us for the purpose of subscribing to our email notifications, SMS notifications and/or newsletters. The notification data may include your email address, phone number, username and full name. The notification data may be processed for the purposes of sending you the relevant notifications and/or newsletters. The legal bases for this processing is consent. You can unsubscribe at any point by contacting us, unchecking a box in your Profile Settings or by clicking the unsubscribe link in the email.
2.6. We may process any of your personal data when necessary for the establishment, exercise or defence of legal claims, whether in court proceedings or outside the court procedure.
This may include using information for legal compliance, litigation or pre-litigation, security monitoring and investigation. You agree that your personal data may also be used as evidence that the Service was actually used by you in case a dispute arises between us and the User. The legal basis for this processing is our legitimate interests, namely the protection and assertion of our legal rights, your legal rights and the legal rights of others.
In addition to the specific purposes for which we may process your personal data set out in this Section 2, we may also process any of your personal data where such processing is necessary in order to protect your vital interests or the vital interests of another natural person.
The company does not determine the validity of the personal data provided by you, we assume that you provide the accurate personal data and keep it updated. Please try to avoid supplying any unnecessary personal data to us.
3. Information You Choose to Display Publicly via Our Service
3.1. Some Users may elect to publicly post personally identifying or sensitive information about themselves in their normal use of our Service. This could occur through use of optional profile fields, interactions in chats, or if a previously private interaction is made public. Information like that, which is voluntarily posted in publicly visible parts of our Service, is considered to be public, even if it would otherwise be considered to be personally identifying or sensitive. Voluntarily publicizing such information means that you lose any privacy rights you might normally have with regards to that information.
3.2. Please also remember that if you choose to provide personally identifiable information using certain public features of our Service, individuals reading such information may use or disclose it to other individuals or entities without our control and without your knowledge, and search engines may index that information. We therefore urge you to think carefully about including any specific information you may deem private in content that you create or information that you submit through our Service.
4. Providing Your Personal Data to Others
In this Section 4 we set out:
(a) Third parties’ access grounds to your personal data;
(b) External services ("processors") that we use for processing personal data on behalf of us;
(c) Types of personal data that processors may process;
(d) The reason for using them.
4.1. Expect as provided by law, the Company undertakes not to sell, rent, exchange or otherwise transfer personal data of Users to third parties without explicit consent of the Users.
4.2. We have the right to grant access to the User’s personal data to a third party under the following circumstances:
4.2.1. A User has expressed one’s explicit consent to transfer personal data to third parties;
4.2.2. The transfer of the personal data is required for User’s use of the Service. In these cases, we settle a claim with a third party to keep confidentiality of your personal data.
4.2.3. For processing payments, we use services provided by the following entity:
(a) Comewell Limited – located in the UK. The Registered Office of the Company is situated at: Office 3 Unit R1 Penfold Works, Imperial Way, Watford, WD24 4YY, United Kingdom.
4.3. For behaviour statistics, business intelligence and email campaigns we use the service by Google LLC ("Google Analytics"), a company located in the United States. Data that we may provide to Google Analytics may include your IP address and that data is used by Google Analytics to generate information about your usage of our Service.
4.4. In addition to the specific disclosures of personal data set out in this Section 4, we may also disclose your personal data:
(a) to our auditors, lawyers, accountants, consultants and other professional advisors insofar as it is reasonably necessary for the purposes of obtaining professional advice or managing legal disputes and risks;
(b) where such disclosure is necessary for compliance with a legal obligation to which we are subject, or in order to protect your vital interests and/or the vital interests of a third-party.
5. Links from other Websites
6. Protecting Children’s Privacy
6.1. Though our Service is not designed for use by anyone under the age of 18, we realize that a child of such age can make an attempt to access it. We do not knowingly collect personal data from the children under the age of 18, and we undertake all the possible measures in order to avoid the access to our Service of people of the mentioned above age limit. If you are a parent or guardian and believe that your child is using our Service, please contact us. Before removing any information, we may ask for a proof of identification to prevent malicious removal of the account details. If we discover that a child is using our Service, we will delete their information within a reasonable period of time. You acknowledge that we accept the ID information of our Users “AS IS” to verify their age – we do not bear any liability if such information is incorrect.
To learn more about our Retention Policy please read Section 9.
7. Unlawful Activity
7.1. We are entitled to investigate complaints or reported violations and to take any action we deem appropriate, including, but not limited to, reporting any suspected unlawful activity to law enforcement officials, regulators, or other third parties and disclosing any information necessary or appropriate to such persons or entities relating to your profile, email addresses, usage history, posted materials, IP addresses, and traffic information.
8. International Transfers of Your Personal Data
8.1. We store your information primarily within the European Economic Area. However, some features and requirements of the service, involve transferring your information to third-party service providers outside the European Economic Area. We have described all those service providers above in the Section 4. Where such service providers are not established in a country ensuring an adequate level of protection within the meaning of Regulation (EU) 2016/679, the transfers will be covered by the standard data protection clauses adopted by the European Commission or by another appropriate safeguard mechanism such as the Privacy Shield Framework.
9. Retaining and Deleting Personal Data
This Section 9 sets out our data retention and deletion policies, which are designed to help ensure that we comply with our legal obligations in relation to the User’s right to be forgotten.
9.1. Personal data that we process for any purpose or purposes shall not be kept for longer than is necessary for that purpose or those purposes.
9.2. Users may request the deletion of their account through our Service.
9.3. We will retain and delete your personal data as follows:
9.3.1. For all users who have deleted their account:
(a) Personally-identifiable analytics data is removed 30 days after account deletion.
(b) Your public profile will be hidden 30 days after you delete your account.
(c) Your communication data will be deleted 5 years after you delete your account. The screenshots that our system randomly takes in order for us to track and prevent illegal and objectionable User behaviour are being constantly overwritten and are stored for 90 days.
(d) Your registration data, account data, ID data, trade data and technical data will be deleted 5 years after you delete your account.
9.4. In some cases, it is not possible for us to specify in advance the periods for which your personal data will be retained. In such cases, we will determine the period of retention based on the period we need to access the data for the provision of services, receiving payment, resolving your customer support issue or other issues or for any other auditing or legal reasons.
9.5. Notwithstanding the other provisions of this Section 9, we may retain your personal data for a reasonable period of time where such retention is necessary for compliance with a legal obligation to which we are subject, or in order to protect your vital interests or the vital interests of another natural person.
10. Your Rights
In this Section 10, we have summarised the principal rights that you have under data protection law. Some of the rights are complex, might contain restrictions depending on the legal basis for processing the data and not all of the details have been included in our summaries. Accordingly, you should read the relevant laws and guidance from the regulatory authorities for a full explanation of these rights.
10.1. Your principal rights under data protection law are:
(a) the right to access;
You have the right to confirmation as to whether or not we process your personal data and, where we do, access to the personal data. Providing the rights and freedoms of others are not affected, we will supply to you a copy of your personal data. The first copy will be provided free of charge, but additional copies may be subject to a reasonable fee. You can ask for your personal data by contacting our Customer Support.
(b) the right to rectification;
You have the right to have any inaccurate personal data about you rectified and, taking into account the purposes of the processing, to have any incomplete personal data about you completed.
(c) the right to erasure;
You have the right to the erasure of your personal data. We have described our policy for retaining and deleting personal data above in Section 9.
(d) the right to object to processing;
You have the right to object to our processing of your personal data on grounds relating to your particular situation, but only to the extent that the legal basis for the processing is that the processing is necessary for: the performance of a task carried out in the public interest or in the exercise of any official authority vested in us; or the purposes of the legitimate interests pursued by us or by a third party. If you make such an objection, we will cease to process the personal information unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or the processing is for the establishment, exercise or defence of legal claims.
(e) the right to restriction;
You can request that your data no longer be processed in certain cases, for instance, when you exercise your right to object as described above, or when you contest the accuracy of your personal data processed by us.
(f) the right to data portability;
To the extent that the legal basis for our processing of your personal data is consent, and such processing is carried out by automated means, you have the right to receive your personal data from us in a structured, commonly used and machine-readable format. However, this right does not apply where it would adversely affect the rights and freedoms of others.
(g) the right to complain to a supervisory authority;
If you consider that our processing of your personal information infringes data protection laws, you have a legal right to lodge a complaint with a supervisory authority responsible for data protection. You may do so in the EU member state of your habitual residence, your place of work or the place of the alleged infringement.
(h) the right to withdraw consent.
To the extent that the legal basis for our processing of your personal information is consent, you have the right to withdraw that consent at any time. Withdrawal will not affect the lawfulness of processing before the withdrawal.
Without prejudice to the aforementioned, if we have reasonable doubts concerning the identity of a user exercising their rights referred to in Section 10.1 or if we otherwise due to security reasons deem it necessary, we may request the provision of additional information and otherwise use all reasonable measures necessary to confirm the identity of the user.
You may exercise any of your rights in relation to your personal data by contacting our Customer Support. Concerning "Right to erasure" users are also able to request the deletion of their account through our Service.
11.1. What are cookies?
Cookies may be either "persistent" cookies or "session" cookies: a persistent cookie will be stored by a web browser and will remain valid until its set expiry date, unless deleted by the user before the expiry date; a session cookie, on the other hand, will expire at the end of the user session, when the web browser is closed.
Cookies do not typically contain any information that personally identifies a user, but personal information that we store about you may be linked to the information stored in and obtained from cookies.
11.2. Cookies that we use
When you submit data through a form, cookies may be set to remember your user details for future correspondence. In order to provide you with a great experience, we provide the functionality to set your preferences for how the Service runs when you use it. In order to remember your preferences we need to set cookies so that this information can be called whenever you interact with a page that is affected by your preferences.
We run an affiliate programme and as a part of it affiliates advertise our Service. With the affiliate programme we use tracking cookies to track users who visit our site through one of our affiliate partner sites in order to credit them appropriately, and where applicable, allow our affiliate partners to provide you with a bonus for making a purchase.
11.3. Cookies used by our service providers
11.4. Managing cookies
You can prevent the setting of cookies by adjusting the settings on your browser (see your browser Help for how to do this). Disabling cookies will result in disabling most features of this Service. Therefore, it is recommended that you do not disable cookies.