BuyChat Privacy Statement

Last updated on 15 April 2024

Please contact us if you have any questions regarding this Privacy Statement or in general questions regarding your Personal Data. Your information will be used to provide the Services and in accordance with this Privacy Statement and the relevant BuyChat User Agreement.

1. Overview

This Privacy Statement aims to provide you with sufficient information regarding our use of your Personal Data when you visit our website, apply for, or use our services (collectively, the "Services"). We encourage you to read this Privacy Statement and to use it to help you make informed decisions.

Certain capitalized terms that are not otherwise defined in the Statement are explained in Section 17 ("Definitions") at the end of this statement.

2. Scope

Except as otherwise noted below, this Policy applies to the personal information that BuyChat processes related to:

users of our website where this Policy is posted, including https://www.buychat.me/privacy-full and the messenger services, and the services we provide through the website and the App (collectively, the "Services"). Our Services may contain links to third-party websites. Any access to and use of such linked websites is not governed by this Policy, but instead is governed by the privacy policies of those third-party websites. We are not responsible for the information practices of such third-party websites.
current, former and prospective customers
individuals who are subscribed to receive news, information and marketing communications from us related to the Services;
individuals who participate in contests, sweepstakes, surveys and research conducted by us related to the Services; and
individuals that communicate with us or otherwise engage with us related to our Services.

Not In Scope. This Policy does not apply to the personal information that we collect and process outside of the Services, about BuyChat employees and personnel, or about job applicants and candidates. Additionally, this Policy does not apply to vendors and partners of BuyChat.

Additional Notices. In some cases, additional or supplemental privacy notices (each an "additional notice") may be provided and will apply to certain personal information collected and processed by us. For example, we may provide an additional notice in order to provide more specific information about how we use and disclose personal information if you choose to take advantage of a particular partner promotion. The additional notice will control to the extent there is a conflict with this Policy, with respect to your personal information that it covers.

3. BuyChat's role as a data controller

In the European Economic Area (EEA), BuyChat (Europe) Buy Chat d.o.o. is the data controller for the Personal Data collected and processed in connection with Personal Data obtained when you visit our website, during the registration and application process, and throughout your continued use of the services.

Any reference made to "we", "ours", "us", "BuyChat" or "BuyChat Companies" included in this Privacy Statement means BuyChat (Europe) Buy Chat d.o.o. and the group of companies which each directly or indirectly controls, is controlled by, or are under common ownership.

Some of the third-parties that we share Personal Data with are independent data controllers. This means that we are not the ones that dictate how the data that we share will be processed. When your data is shared with independent data controllers, their data policies will apply. We encourage you to read their privacy policies and know your privacy rights before interacting with them.

For more information about how we protect your Personal Data when transferred outside of the EEA, UK and Switzerland, please see Section 8 ("International Transfers of Personal Data").

4. Non-Account Holders

Our Services may be accessed by individuals without a BuyChat account or profile. We will collect Personal Data from you even if you are a non-account holder when you use our Services, such as when you use our Services without a BuyChat account, use Unbranded Data Processing Services. We use the term "User" to apply to account and non-account holders. If you are a non-account holder, your Personal Data will be used to provide the Services and in accordance with this Privacy Statement and the relevant BuyChat User Agreement.

5. Categories of Personal Data We Collect about You

We collect the following categories of information about you to provide our Services, continually improve your user experience, manage and improve our business. The types of Personal Data we collect about you are described below.

Categories of Personal Data collected from you, including from your interactions with us and use of the Services:

Registration and Contact Information. Depending on the Services you choose, we will collect your name, mailing address, email, income, telephone number, tax ID, Payment Information, profession, employment or business information, and other information necessary to establish an account and use our Services.

Registration and account information. When you register for an account with us, we collect certain personal information from you, such as your birth month and year, phone number, gender, and zip code, as well as any personal information you submit to us through your account when using the Services, such as photographs of or electronic versions of receipts containing information related to products purchased, amount spent, or the metadata within the image submitted (please do not submit receipts that contain medical, pharmaceutical or other health information, or receipts containing the entire credit or debit card number). We also may request additional optional information from you, for example your race and ethnic origin; household income; household size; age of children living with you; and education; however, you are not required to provide us with this information to participate.

Surveys. You may choose to participate in optional surveys, and we will collect your responses for market research. Survey questions may ask about things such as purchases you have made and your opinions about products or services.

Sweepstakes, contests and promotions. If you participate in sweepstakes, contests and promotions that we offer, we will collect your name, age, phone number, and other registration information related to contests, sweepstakes and promotions. Your participation in such may be subject to separate terms and conditions or policies.

Identification and Signature Information. Depending on the Services you choose, we will collect information to verify your name, address, email, phone number, government-issued identification, age and biometric data as well as to create and issue your electronic signature.

Information about your imported contacts. If you choose to import your contact lists, we will collect Information you enter or import about your contacts, such as name, address, phone number, images, email address or usernames associated with the contacts you import or enter manually.

Information in your Account Profile. Information you choose to enter such as your username, email, mobile number, profile picture, preferred language, or personal description which may include sensitive Personal Data that reveals religious beliefs, political or philosophical views, disability, sexual orientation as well as biometric data. You can set your profile to "Private" at any time.

Information you provide when you contact us. Information you disclose when you respond to surveys, or contact our customer support teams, such as Services you have used, recorded conversations, chat conversations with us, email correspondence with us, account status, repayment history, voice identification. This may include information about others if you choose to share it with us.

Device Information. Information that can be automatically collected from any device used to access the Site or Services. Such information may include, but is not limited to, your device type; your device's network connections; your device's name; your device IP address; information about your device's web browser and internet connection you use to access the Site or Services; Geolocation Information; information about apps downloaded to your device; and biometric data.

Inferred data. We may derive inferences from your transactions and personal data when you use the Services. We do this, for example, to help keep your account secure and protect your use of the Services from fraud. We may draw inferences that reflect your behavior patterns and personal preferences, browsing and purchasing habits, and creditworthiness.

Personal Information Collected Automatically. We automatically collect personal information related to your use of our Services and interactions with us and others, including information we collect automatically (e.g., using cookies and pixel tags), as well as information we derive about you and your use of the Services. Such information includes:

Device information. We use cookies, log files, pixel tags and other tracking technologies to automatically collect information when users access or use our Services, such as IP address, the source that brought you to our App, device type, device ID, Internet service provider, operating system, language, and similar device and usage information.

Activities and usage. We also collect activity information related to your use of the Services, such as information about the links clicked, searches, features used, items viewed, time spent within the Services, and images uploaded.

Location information. We may collect or derive location information about you, such as through your IP address.

Categories of Personal Data collected from third parties, including from identity verification vendors, data brokers, vendors that help us with fraud detection, your bank, merchants or third party platforms you engage with using our Services:

Information from your connected third party accounts. If you choose to connect non-financial or financial account such as your personal email, social media, or bank or credit accounts, we will collect information consistent with the disclosed purpose for which it was linked. For example, if you choose to participate in Open Banking, we will collect account credentials, account balances, account transactions, and information about your financial standing from your linked accounts. You may change your mind about use of this feature and unlink your connected accounts at any time.

Transaction Information. Information about your order details and purchases, such as item description, quantity, price, currency, shipping address, online shopping cart information, seller and buyer information, and Payment Information. This includes information from your transactions where you use our Services without a BuyChat account.

Information related to legal requirements. Consistent with applicable law (et. anti-money laundering laws), this may include information from external sanction lists such as name, date of birth, place of birth, occupation, and the reason why the person is on the list in question.

Third party applications. Information from others from your use of third-party applications, such as the Apple App Store or Google Play Store, social networking sites, such as name, your social network ID, Location Information, email, device ID, browser ID, and profile picture. Your use of third-party applications is subject to the privacy notice and terms of service for such applications.

Other requests. We collect and maintain records of your requests, such as when you sign up for our mailing lists or otherwise request information from us.

Categories of Personal Data automatically collected about you, including through your access to our website or mobile app, from cookies and similar tracking technologies, and your devices:

Technical Usage Data. Information about response time for web pages, download errors and date and time when you used the service, such as your IP address, statistics regarding how pages are loaded or viewed, the websites you visited before coming to the Sites and other usage and browsing information collected through Cookies ("Technical Usage Data").

Information from your device. Information about your language settings, IP address, browser ID, device ID, cookie preferences, time zone, operating system, platform, screen resolution and similar information about your device settings, and data collected from cookies or other tracking technologies.

Location Information. Information from IP-based geolocation such as latitude and longitude data, and Global Positioning System (GPS) information when you give us permission through your device settings.

Inferred data. Inferences drawn to create a profile about you that may reflect behavior patterns and personal preferences, such as gender, income, browsing and purchasing habits, and creditworthiness.

6. Purposes of Use and Processing

Generally, we collect, use, disclose and otherwise process the personal information we collect for the following purposes:

Services and support. To provide and operate our Services, communicate with you about your use of the Services, provide troubleshooting and technical support, respond to your inquiries, fulfill your requests, and for similar service and support purposes.
Analytics and improvement. To better understand how users access and use the Services, and our other products and offerings, and for other research and analytical purposes, such as to evaluate and improve our Services and business operations, to develop services and features, and for internal quality control and training purposes.
Customization and personalization. To tailor content we may send or display on the Services, including to offer location customization and personalized help and instructions, and to otherwise personalize your experiences.
Marketing and advertising. For marketing and advertising purposes. For example, to send you information about our Services, such as offers, promotions, newsletters and other marketing content, as well as any other information that you sign up to receive. We also may use certain information we collect to manage and improve our advertising campaigns so that we can better reach customers and potential customers.
Rewards program. To offer you rewards in connection with your use of the Services.
Research and surveys. To administer surveys and questionnaires, such as for our market research business, which helps clients and commercial partners better understand consumer behavior.
Developing insights and enhancing data. We may combine personal information collected through the Services with other information that we or third parties collect about you in other contexts, such as market research, our communications with you, or your customer service records.
Security and protection of rights. To protect the Services and our business operations; to protect our rights or those of our stakeholders; to prevent and detect fraud, unauthorized activities and access, and other misuse; where we believe necessary to investigate, prevent or take action regarding illegal activities, suspected fraud, situations involving potential threats to the safety or legal rights of any person or third party, or violations of our Terms of Use.
Compliance and legal process. To comply with the law and our legal obligations, to respond to legal process and related to legal proceedings.
General business and operational support. To consider and implement mergers, acquisitions, reorganizations, bankruptcies, and other business transactions such as financings, and related to the administration of our general business, accounting, auditing, compliance, recordkeeping, and legal functions.

7. What Personal Data is used and for which Legal Basis?

We may process your Personal Data for a variety of reasons that are permitted under data protection laws applicable in the European Union (EU), United Kingdom (UK), and Switzerland, and in accordance with the lawful bases below:

We collect the following Personal Data we consider necessary to fulfil our pre-contractual and contractual obligations to you and without which you will not be able to use the Services.

Necessary categories of Personal Data include:

Registration and Contact Information
Identification and Signature Information
Payment Information
Information related to legal requirements
Information you provide when you contact us
Transaction information
Package Tracking
Service-specific Personal Data
Information from credit reporting agencies and financial institutions
Information from your connected financial accounts
Information from your use of the Services
Technical usage data
Device information
Location data

These activities include:

to provide our Services, to fulfil relevant agreements with you and to otherwise administer our business relationship with you.
to administer your payment for products and the customer relationship.
to assess your creditworthiness in connection with your application, confirm your identity and your contact information, and protect you and others from fraud.
to confirm your identity, also through the use of electronic signature, and verify your personal and contact details.
to prove that transactions have been executed.
to establish, exercise or defend a legal claim or collection procedures.
to comply with internal procedures.
to assess which payment options and services to offer you, for example by carrying out internal and external credit assessments.
for customer analysis, to administer our Services, and for internal operations, for example troubleshooting, data analysis, testing, research and statistical purposes.
to communicate with you in relation to our Services.
to comply with applicable EU and Member State laws, such as anti-money laundering and booking keeping laws and rules issued by our designated banks and relevant card networks.

We have a legitimate interest in ensuring that BuyChat remains a secure financial service and continuing to offer services that are innovative and of interest to you. We do this where our legitimate interests are not outweighed by your right not to have your data processed for this purpose.

These activities include:

to ensure that content is presented in the most effective way for you and your device.
to prevent misuse of our Services as part of our efforts to keep our platform safe and secure.
to determine your eligibility for and to communicate with you about Services for which you may qualify or that may be of interest to you, for example by carrying out internal credit assessments.
to carry out risk analysis, fraud prevention and risk management.
to improve our Services and for general business development purposes, for example improving risk models to minimize fraud, develop new products and features and explore new business opportunities.
To keep your Account and financial information up to date.
for marketing, product and customer analysis, including testing, for example to improve our product range and optimize our customer offerings.
to comply with applicable laws, such as anti-money laundering, bookkeeping laws, regulatory capital adequacy requirements, and rules issued by our designated banks and relevant card networks. For example, when we process Personal Data for know-your-customer ("KYC") requirements, to prevent, detect and investigate money laundering, terrorist financing and fraud. We also carry out sanction screening, report to tax authorities, police enforcement authorities, enforcement authorities, supervisory authorities where we are not compelled by EU and Member State law but where we have a good faith belief that sharing the information is necessary to comply with applicable law.
to facilitate your participation in competitions, offerings, and events.
to conduct financial risk management obligations such as credit performance and quality, insurance risks and compliance with capital adequacy requirements under applicable law.
to process information about your contacts to make it easy for you to find and connect them and improve payment accuracy. By providing us with information about your contacts you certify that you have permission to provide that information to BuyChat for the purposes described in this Privacy Statement.
to provide you with information, news, and marketing about our Services, including where we partner with others to offer similar services.
to associate information about you to identify your use of Services without a BuyChat account (e.g. Pay without a BuyChat account) or Unbranded Payment Services (e.g. such as Braintree) and to associate such transactions with your account, if you have one or later establish an account.
to remember your preferences for the next time you use the Services, such as which of your payment methods you prefer or whether you choose to receive digital receipts via email or text when you checkout.

We have a legal obligation under EU and Member State laws to conduct certain processing activities. We do this where it is necessary to comply with applicable laws.

These activities include:

to provide our Services and products.
to certify your identity, also for signature purposes, and verify your personal and contact details.
to establish, exercise or defend a legal claim or collection procedures.
to prevent misuse of our Services as part of our efforts to keep our platform safe and secure.
to carry out risk analysis, fraud prevention and risk management.
to comply with applicable laws, such as anti-money laundering and bookkeeping laws and regulatory capital adequacy requirements and rules issued by our designated banks and relevant card networks. For example, when we process Personal Data for know-your-customer ("KYC") requirements, to prevent, detect and investigate money laundering, terrorist financing and fraud. We also carry out sanction screening, report to tax authorities, police enforcement authorities, enforcement authorities, supervisory authorities.

We rely on your explicit and voluntary consent to process your Personal Data to participate in certain features that while not necessary for use of the Services may be of interest to you, such as syncing your contact list to your account, providing biometric data, targeted advertising, linking your email account for package tracking or connecting to a third-party platform. You may change your mind about use of these features at any time through your account settings. Note that withdrawing your consent will not affect the lawfulness of any processing we have conducted prior to your withdrawal. Please refer to Section 10 ("Your data protection rights") for more information on your right to withdraw your consent.

8. Do We Share Personal Data, and why?

We will share your Personal Data with third parties where there is a lawful basis to do so.

This includes:

With other BuyChat Companies, in order to provide you with the Services and for our own legitimate interests in conducting our business. These interests are described further in Section 5 ("What Personal Data is used and for which legal basis?"). The receiving BuyChat company will process your Personal Data in accordance with this Privacy Statement.
With authorities, to the extent we are under a legal obligation to do so. Such authorities include tax authorities, police authorities, enforcement authorities and supervisory authorities in relevant countries. We may also be required to provide competent authorities information about your use of our Services, for example revenue or tax authorities, which may include your name, address and information regarding card transactions processed by us on your behalf through our Services. The legal basis for complying with disclosure obligations under EU and Member States' law is legal obligation and where acting under non-EU and Member State law, on the basis of our legitimate interest to comply with relevant laws to deter illegal conduct.
With fraud prevention and identity verification agencies, for example to assist us in detecting activities suggestive of fraud. The legal basis for this processing is the legitimate interest of ourselves and our partners to deter fraudulent and illegal conduct.
With service providers that operate at our direction and on our behalf to perform services we outsource to them, such as marketing, IT development, maintenance, hosting and support and customer service operations. The legal basis for this processing is the performance of our contractual obligations to you.
Vendors and service providers. We may disclose personal information we collect to our service providers, processors and others who perform functions on our behalf; these may include IT service providers, campaign managers, analytics providers, consultants, auditors and legal counsel. For example, we use service providers to help us fulfill our contests and sweepstakes and to extract and process the purchase information from receipts.
Our affiliates. We may disclose personal information we collect to our corporate affiliates or subsidiaries, who will use and disclose this personal information in accordance with the principles of this Policy.
Data partners and business customers. We may disclose information that you provide through the Services to help our data partners and business customers to better understand consumer behavior. For example, we may combine and/or aggregate purchase information or survey responses that you allow us to collect with the responses of others to produce reports. We may also create aggregated reports based upon deidentified modeled information. "Modeled information" is data based upon demographic and behavioral characteristics (e.g., gender, age, and purchasing habits) to predict what people with similar or matching characteristics would buy. We may also provide your information, including your purchase information and your personal information, to commercial partners and other third parties, such as retailers or brands, for marketing research and analytics purposes (for example, to create modeled information).
Rewards program purposes. If you are a member of our rewards program, we may disclose your personal information to third parties that we work with to redeem your rewards or to bring you special offers.
In support of business transfers. If we or our affiliates are or may be acquired by, merged with, or invested in by another company, or if any of our assets are or may be transferred to another company, whether as part of a bankruptcy or insolvency proceeding or otherwise, we may transfer the information we have collected from you to the other company. We may also share certain personal data as necessary prior to the completion of such a transaction or corporate transactions such as financings or restructurings, to lenders, auditors, and third-party advisors, including attorneys and consultants, as part of due diligence or as necessary to plan for a transaction.
Compliance and legal obligations. We may also disclose personal information to third parties to comply with our legal and compliance obligations and to respond to legal process. For example, we may disclose information in response to subpoenas, court orders, and other lawful requests by regulators and law enforcement, including responding to national security or law enforcement disclosure requirements. This may include regulators, government entities, and law enforcement as required by law or legal process. In addition, it may include certain disclosures that we are required to make under applicable laws, such as the names of sweepstakes and contest winners.
Security and protection of rights. We may disclose personal information where we believe doing so is necessary to protect the Services, our rights and property, or the rights, property and safety of others. For example, we may disclose personal information in order to (i) prevent, detect, investigate and respond to fraud, unauthorized activities and access, illegal activities, and misuse of the Services, (ii) situations involving potential threats to the health, safety or legal rights of any person or third party, or (iii) enforce, and detect, investigate and take action in response to violations of, our Terms of Use. We may also disclose information, including personal information, related to litigation and other legal claims or proceedings in which we are involved, as well as for our internal accounting, auditing, compliance, recordkeeping, and legal functions.
With other Users in accordance with your Account Settings. You may display or make certain information available to other Users, such as your profile photo, first and last name, username, or city in accordance with your Account Settings. The legal basis for this processing is your consent. Please note that you can change your profile settings at any time and at no cost to you.
With partners and merchants, their service providers and others involved in a transaction, for example when you use the Services to initiate online purchases, pay other Users, or return goods we may share information about you and your Account with the other parties involved in processing your transactions. The legal basis for this processing is the performance of our contractual obligations to you and for our legitimate interests. Please note that Personal Data shared with partners and merchants (or their service providers) involved in a transaction is subject to the partners and merchants' own privacy policy and procedures.
With third parties that are independent data controllers, for example when we share Personal Data to credit reference agencies, acquirers and other financial institutions, or security products to prevent bots from accessing our Services. Please be aware that these parties' privacy notice applies to the processing of Personal Data that you share directly with them. For example, we use Google's reCAPTCHA to prevent misuse of our Services, when you access our mobile application. Google's Privacy Policy and Terms of Use apply to the processing of Personal Data you share with them.
With buyers or in connection with business transfer, for example if we sell business or assets, we may share your Personal Data to a buyer of those business or assets. If BuyChat or a significant portion of BuyChat's assets are acquired by a third party, Personal Data may also be shared. BuyChat has a legitimate interest in being able to carry out these transactions.

9. How long does BuyChat store your Personal Data?

We retain Personal Data for as long as needed or permitted in context of the purpose for which it was collected and consistent with applicable law.

The criteria used to determine our retention period is as follows:

Personal Data used for the ongoing relationship between you and BuyChat is stored for the duration of the relationship plus a period of 10 years
Personal Data in relation to a legal obligation to which we are subject is retained consistent with the applicable law, such as under applicable bankruptcy laws and AML obligations.
We retain Personal Data for the least amount of time necessary where retention is advisable in light of litigation, investigations, audit and compliance practices, or to protect against legal claims.

10. International Transfers of Personal Data

We operate in many countries, and we (or our service providers) may move your data and process it outside the country where you live. We use third-party service providers to process and store your information in the United States and other countries. These countries do not always afford an equivalent level of privacy protection. We have taken specific steps, in accordance with EU and UK data protection laws, to protect your Personal Data. For transfers of your Personal Data within BuyChat Companies, we rely on Binding Corporate Rules approved by competent Supervisory Authorities. Other transfers are based on standard contractual clauses, approved by the European Commission, to help ensure your information is afforded a high standard of protection and that your privacy rights are respected.

11. How Do We Use Cookies and Tracking Technologies?

When you interact with our Services, open email we send you, or visit a third-party website for which we provide Services, we and our partners use cookies and other tracking technologies such as pixel tags, web beacons, and widgets (collectively, "Cookies") to recognise you as a User, customise your online experiences and online content, including to serve you interest-based advertising, perform analytics; mitigate risk and prevent potential fraud, and promote trust and safety across our Sites and Services. Certain aspects and features of our Services and Sites are only available through the use of Cookies, so if you decline certain Cookies, your use of the Sites and Services may be limited or not possible.

We use Cookies or similar service to collect your device information, internet activity information, and inferences as described above.

Cookies. Cookies are alphanumeric identifiers that we transfer to your device's hard drive through your web browser for record-keeping purposes. Some cookies allow us to make it easier for you to navigate our Services, while others are used to enable a faster log-in process, support the security and performance of the Services, or allow us to track activity and usage data within Service.

Cookies help us to do the following:

Remember your information so you do not have to re-enter it
Track and understand how you use and interact with our online services and emails
Tailor our online services to your preferences
Measure how useful and effective our services and communications are to you
Otherwise manage and enhance our products and services

Pixel tags. Pixel tags (sometime called web beacons or clear GIFs) are tiny graphics with a unique identifier, similar in function to cookies. While cookies are stored locally on your device, pixel tags are embedded invisibly within web pages and online content. We may use these, in connection with our Services to, among other things, track the activities of users, help us manage content and compile usage statistics. We may also use these in HTML e-mails we send, to help us track e-mail response rates, identify when our e-mails are viewed, and track whether our e-mails are forwarded.

Local storage objects. Local storage is a web storage mechanism that allows us to store data on a browser that persists even after the browser window is closed. Local storage may be used by our web servers to cache certain information in order enable faster loading of pages and content when you return to our websites. You can clear data stored in local storage through your browser. Please consult your browser help menu for more information.

Third-Party Analytics and Tools. We may use third party tools, such as Firebase, which are operated by third party companies. These third-party analytics companies may collect usage data (using cookies, pixels and similar tools) about our Services in order to provide us with reports and metrics that help us to evaluate usage of our Services and improve performance and user experiences. You can also download the Google Analytics Opt-out Browser Add-on to prevent their data from being used by Google Analytics at https://tools.google.com/dlpage/gaoptout.

Custom Lists and Matching. We may share or make available certain participant list information (such as your name, email address and other contact information) with third parties for analytical and research purposes.

Managing Your Preferences. We make available ways for you to manage your preferences regarding cookies within our Services. These are browser and device specific, which means that you need to set the preference for each browser and device you use to access our Services; in addition, if you delete or block cookies, you may need to reapply these preferences.

Browser settings. If you wish to prevent cookies from tracking your activity on our website or visits across multiple websites, you can set your browser to block certain cookies or notify you when a cookie is set; you can also delete cookies. The Help portion of the toolbar on most browsers will tell you how to prevent your device from accepting new cookies, how to have the browser notify you when you receive a new cookie, or how to delete cookies. Visitors to our Services who disable cookies will be able to browse the Site, but some features may not function.

Do Not Track (DNT) is an optional browser setting that allows you to express your preferences regarding tracking by advertisers and other third parties. At this time our Sites are not designed to respond to DNT signals or similar mechanisms from browsers.

Please review our Statement on Cookies and Tracking Technologies to learn more about our use of Cookies.

12. Your Data Protection Rights

Under applicable data protection law, you have certain rights to control our collection and use of your Personal Data. Your rights include:

Access, rectification, deletion, objection, portability, and restriction of your information

We recognize the importance of your ability to control use of your Personal Data and provide several ways for you to exercise your rights to access (right to know), rectification (correction or update), deletion (erasure), objection, portability (transferring), and to restrict process in whole or in part.

If you have an Account you can exercise your data protection rights by accessing "Data and Privacy" from Account Settings in the BuyChat app. Even if you do not you have an Account (for example, where you use Payment without a BuyChat account), you can submit a request for access, modification, correction, or deletion of your information, for your Payment without a BuyChat account transactions. You can submit a request related to someone else's information, if you are their authorized agent, by contacting us. Please note that we may require you to provide additional information for verification.

Your right to object to the Automated Decisions and profiling

If you are not approved under the Automated Decisions described below, you will not have access to our services, such as our payment methods. BuyChat has several safety mechanisms to ensure the decisions are appropriate. These mechanisms include ongoing overviews of our decision models and random sampling in individual cases. If you have any concern about the outcome, you can contact us, and we will determine whether the procedure was performed appropriately.

You have the right to object to an Automated Decision with legal consequences or decisions which can otherwise significantly affect you (together with the relevant profiling) by contacting us. We will then review the decision, taking into account relevant additional circumstances.

Consent

Generally, if we use your Personal Data with your consent, you have the right to withdraw your consent at any time without affecting the lawfulness of processing based on consent before its withdrawal.

Withdrawing your consent will not affect the lawfulness of any processing we conducted prior to your withdrawal, nor will it affect processing of your Personal Data conducted in reliance on a lawful processing ground other than consent.

Right to object to Direct Marketing

If we use your Personal Data for direct marketing, you can always modify your permissions, object and opt out of future direct marketing messages using the unsubscribe link in electronic communications or through your Account Settings.

Right to object to Legitimate Interest processing

If we use your Personal Data to pursue our legitimate interests or those of a third-party, you have the right to object to our use for that purpose. See Section 5 ("What Personal Data is used and for which Legal Basis?")

How do you exercise your rights and how can you contact us or the data protection authority?

If you are unhappy with our processing of your Personal Data for any reason, you have the right to lodge a complaint with the supervisory authority for data protection in your country.
Our Data Protection Officer can be contacted online or by post at BuyChat (Europe) Buy Chat, Av. Dubrovnik 15, Zagreb, Croatia.
You may also seek a remedy through local courts if you believe your rights have been breached.
You may also lodge a complaint with our lead supervisory authority for data protection, Croatian Personal Data Protection Agency (AZOP) by post at Personal Data Protection Agency, Ulica grada Vukovara 54, Zagreb Croatia.
UK Representative can be contacted by post for any UK-specific data protection inquiries at Bird & Bird GDPR Representative UK, 12 New Fetter Lane, Holburn, London EC4A 1JP.

13. Specific information about automated decision-making and profiling

"Automated-decision making" is the process of making a decision by fully automated means without human involvement. In some cases these decisions could have a legal or similarly significant effect on you as an individual. "Profiling" means analysis of an individual's personality, behaviour, interest and habits to make predictions or decisions about them. Where authorised under EU or Member State law or where necessary for the entry into or performance of a contract, we may in some cases use automated decision-making or profiling for decisions. An example of our use of automated decision making is evaluation of your creditworthiness to assess your suitability for certain credit products.

We believe that by making such decisions automatically, BuyChat increases its objectivity and transparency in deciding which services to offer you. We deploy several safety mechanisms to ensure the decisions are appropriate. These mechanisms include ongoing overviews of our decision models and random sampling in individual cases. You can always ask for a manual decision-making process instead, express your opinion or contest decision making based solely on automated processing, including profiling, if such a decision would produce legal effects or otherwise similarly significantly affect you. You can find out more about how to object to these decisions in Section 10 ("Your data protection rights").

Contact our Data Protection Officer (DPO) Online if you require more information on our use of Automated-decision making or Profiling.

14. How Do We Protect Your Personal Data?

We maintain technical, physical, and administrative security measures designed to provide reasonable protection for your Personal Data against loss, misuse, unauthorised access, disclosure, and alteration. The security measures include firewalls, data encryption, physical access controls to our data centres, and information access authorisation controls. While we are dedicated to securing our systems and Services, you are responsible for securing and maintaining the privacy of your password(s) and Account/profile registration information and verifying that the Personal Data we maintain about you is accurate and current. We are not responsible for protecting any Personal Data that we share with a third-party based on an account connection that you have authorised.

15. Can Children Use Our Services?

We do not knowingly collect information, including Personal Data, from children under the age of 16 or other individuals who are not legally able to use our Sites and Services. If we obtain actual knowledge that we have collected Personal Data from someone not allowed to use our Services, we will promptly delete it, unless we are legally obligated to retain such data.

Please contact us if you believe that we have mistakenly or unintentionally collected information from someone not allowed to use our Services.

16. Updates to this Privacy Statement.

We revise this Privacy Statement from time to time to reflect changes to our business, Services, or applicable laws. If the revised version requires notice in accordance with applicable law, we will provide you with 30 days prior notice by posting notice of the change on the "Policy Updates" or "Privacy Statement" page of our website, otherwise the revised Privacy Statement will be effective as of the published effective date.

17. Definitions

Device Information: means data that can be automatically collected from any device used to access the Site or Services. Such information may include, but is not limited to, your device type; your device's network connections; your device's name; your device IP address; information about your device's web browser and internet connection you use to access the Site or Services; Geolocation Information; information about apps downloaded to your device; and biometric data.
Geolocation Information: means information that identifies, with precise specificity, your location by using, for instance, longitude and latitude coordinates obtained through your GPS, or your device settings.
Location Information: means information that identifies, with reasonable specificity, your approximate location by using, for instance, longitude and latitude coordinates obtained through GPS or Wi-Fi or cell site triangulation.
Partner: means the merchant or business that our Users transact with for the purpose of obtaining goods or services.
BuyChat Companies: means companies that are owned and operated by BuyChat or companies that cooperate in a franchise model, and process Personal Data in accordance with their terms of service and privacy policies.
Personal Data: means information that can be associated with an identified or directly or indirectly identifiable natural person. "Personal Data" can include, but is not limited to, name, postal address (including billing and shipping addresses), telephone number, email address, payment card number, other financial account information, account number, date of birth, government-issued credentials (e.g., driver's license number, national ID, passport number), and biometrics.
Processing: means any method or way that we handle Personal Data or sets of Personal Data, whether by automated means, such as by collection, recording, categorization, structuring, storage, adaptation or alteration, retrieval, and consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction of Personal Data.
Services: means any BuyChat branded or Unbranded Research Services, analysis data without a BuyChat account, data processing products and services, content, features, technologies, or functions, and all related websites, applications and services offered to you by BuyChat. Your use of the Services includes use of our Sites.
Sites: means the websites, mobile apps, official social media platforms, or other online properties through which BuyChat offers the Services and which has posted or linked to this Privacy Statement.
Unbranded Research Services: means you are interacting with and making data processing to our services using our WhatsApp or other messenger platform channel services that do not carry the BuyChat brand.
User: is any person who uses the Services as a consumer for personal or household use. For the purposes of this Notice, "User" includes "you" and "your".

18. Our Contact Information

Contact our Data Protection Officer (DPO) Online or offline at BuyChat (Europe) Buy Chat d.o.o. Av. Dubrovnik 15, Zagreb Croatia.