Privacy Policy

Effective May 8, 2019

At Botdoc, privacy is a priority. This Privacy Policy sets out how Botdoc collects and uses information from customers and other individuals who access or use our website, our mobile applications, our product platform, our API Platform and/or any of our other sites, products, or services that link to this Privacy Policy (the “Services”). By using our Services, you understand that we will collect and use your information as described in this Privacy Policy (collectively “you”).

When this policy mentions “we,” “us,” or “our,” it refers to the controller of your information, Botdoc and refers to the reader as “you” or “user.”  We recommend that you read this Privacy Policy in full to ensure you are fully informed.

If you or your organization has an individual agreement with us, that agreement may have privacy terms that also apply to the information you provide to us under that agreement.  Please review the terms in that agreement because they may be different or more restrictive than the terms in this Privacy Policy.

This Privacy Policy does not apply to any third-party websites and apps that you may use, including any that are linked to in our Services. You should review the terms and policies for third-party websites and apps before clicking on any links.

Botdoc’s core product and services help users create, complete, and show the validity of digital or electronic transactions.  Botdoc is a secure transportation vehicle for sensitive data.  As part of our Services, users want us to collect and record information that helps the users prove the validity of the transactions. This information includes the persons who are involved in the transactions and the devices those persons use.

Botdoc processes two broad categories of personal information when you use our products and services:

  • Your personal information as a user or developer customer (or potential user or developer customer) of Botdoc – information that we refer to as Customer Account Data, and
  • The personal information of your end users’ who use or interact with you or your application that you’ve built from Botdoc’s platform – this category contains both your Customer Usage Data (e.g., communications metadata) and your Customer Content (e.g., the contents of communications).

Botdoc processes these categories of personal information differently because the direct relationship we have with you, our customer, is different than the indirect relationship we have with your end users.

  1. HOW WE COLLECT AND PROCESS INFORMATION?

To provide and improve our Services and to support advertising and marketing, we collect information about visitors to our sites, users of our Services (Customer Account Data), the devices they use, and sometimes their locations.

When you visit our website or request more information about Botdoc, we collect information automatically using tracking technologies, like cookies, and through web forms where you type in your information. We collect this information to provide you with what you request through the web form, to learn more about who is interested in our products and services, and to improve navigation experience on our pages.

We collect certain information directly from you, such as when you fill out forms with a name or email address. We collect other information, usually about devices, browsers, or locations, automatically (without you typing it into a form). We may also collect information about you from other sources, such as if we purchase a list of contact information of people who may be interested in our Services.

You have choices about whether you visit our sites, install our apps, or provide information to us. However, if you do not provide us with certain information, you may not be able to use some parts of our Services.

Information You Share Directly: In some places on Botdoc’s public-facing website, you can fill out web forms to ask to be contacted by our Sales Team, sign up for a newsletter, or take a survey. The specific personal information requested on these forms will vary based on the purpose of the form. We will ask you for information necessary for us to provide you with what you request through the form (for example, we will ask you for your email address if you want to sign up for an email newsletter and for your phone number if you want a member of our Sales Team to call you). We may also ask you for additional information to help us understand you better as a customer like your Botdoc use case, your company name, or your role at your company. If you sign up to receive ongoing marketing communications from Botdoc, like a newsletter, you can always choose to opt-out of further communications through a preferences page which will be linked from any marketing email you receive from Botdoc. Or, you can contact our Support Team to communicate your choice to opt-out (see Sections 5 & 12 below).

Information We Collect Automatically: When you visit Botdoc website, including our web forms, we and our service providers acting on our behalf automatically collect certain information using tracking technologies like cookies, web beacons, and similar technologies. We use this information to understand how visitors to our websites are using them and which pages and features of the websites are most popular. This helps us understand how we can improve our websites and track performance of our advertisements.

What Customer Account Data We Processes When You Communicate with Our Sales or Customer Support Teams and Why

You may share personal information, like your contact information, with a member of our Sales or

Customer Support Team when you communicate with them. We keep a record of this interaction.

If you contact our Sales or Customer Support Teams, those teams keep a record of that communication, including your contact details and other information you share during the course of the communication. We store this information to help us keep track of the inquiries we receive from you and from customers generally, so we can improve our products and services and provide training to team members. This information also helps our teams manage our ongoing relationships with our customers. Because we store a record of these communications, please be thoughtful about what information you share with our Sales and Customer Support Teams. While we will take appropriate measures to protect any sensitive information you share with us, it is best to avoid sharing any personal or other sensitive information in these communications not necessary for these teams to assist you.

What Customer Account Data We Processes When You Sign Up for and Log Into a Botdoc Account and Why

When you sign up for a Botdoc account, we ask for certain information like your contact details and billing information so we can communicate with you and so you can pay for our products and services. We also collect some information automatically, like your IP address, when you log in to your account or when your software application built on Botdoc makes requests to our APIs. We use this to understand who is using our services and how, and to detect, prevent and investigate fraud, abuse, or security incidents.

Information You Share Directly: When you sign up for a Botdoc account, you’ll be asked to give us your name, email address, username and optionally, your company name, and to create a password. We collect this information so we know who you are, we can communicate with you about your account(s), and we can recognize you when you communicate with us through the account portal or otherwise.

We also use your email address to send you information about other Botdoc products, services or events in which we think you may be interested. You can opt out of further marketing communications through your marketing preferences page linked from any marketing email you receive from Botdoc. Or, you can contact our Support Team to communicate your choice to opt-out.

When you first sign up for an account, we also ask you for a mobile number so we can communicate a verification code to that mobile number and have you enter the code into our website. This helps us ensure you’re actually a human being. A Botdoc team member may also contact you at this number to help you with onboarding unless you tell us you don’t want us to contact you.

When you set up two-factor authentication for your account, we’ll ask you to enter a mobile number or email address to set up the process. You have the option to use that mobile number or email address as the method for us to communicate verification codes to you to verify that it is you logging into your account.

When you upgrade your trial account, we’ll ask you to provide our payment processor with your payment method information like a credit card and/or your billing address. Our payment processor, acting on our behalf, gathers this so we can bill you for your use of our products and services. Our payment processor will share your billing address with Botdoc.

For some products, we may also have to obtain a physical address from you, including proof of address or other identification information. For example, to get a phone number in certain countries, local law may require us to have a physical service address on file for you or your end user and/or proof of identity and physical service address.  We may have to share your service or billing address with the telecommunications carrier from whom Botdoc obtained the phone number or with local government authorities upon their request.

Similarly, for some of our products, you may have to complete an application form providing details about your company and your intended use of the product, like when you are interested in getting a short code. We’ll use this information for the purpose for which it was gathered from you. We may also use it in connection with improving our own internal processes and services or training our team members.

Information We Generate or Collect Automatically. When you sign up for an account with Botdoc, we’ll automatically assign you and your account(s) unique IDs.   Developer user will generate an API token for each of your accounts. API key requests that are generated are tied to your account email address and we keep a record of these credentials, so we know it is you making the requests when your application makes requests to our API using these credentials.

In addition, when you use our account portal, we collect your IP address and other data through tracking technologies like cookies, web beacons, and similar technologies. We use this information to understand how customers are using our platform, who those customers are (if they are a company and the IP address is associated with that company), what country they are logging in from (for analytics and export control purposes), and to help improve the navigation experience.

Note that we also collect the IP address of your devices or servers when you make requests to our APIs. When you use our APIs, we also collect and process the information contained in those interactions.

All information we collect when you sign up for a Botdoc account and interact with the Botdoc account portal or our products or services may be used to detect, prevent, or investigate security incidents, fraud, or abuse and misuse of our platform and services.

We automatically collect information from you and your devices when you use our Services, even when you visit our sites or apps without logging in. For choices you may have on what information we automatically collect, please see Section ­­5 of this Privacy Policy.

The information we automatically collect includes:

Device, Usage Information, and Transactional Data. We collect information about how you use our Services and the computers or other devices, such as mobile phones or tablets, you use to access our Services. Some examples include:

  • IP address
  • Precise geolocation information that you allow our apps to access (usually from your mobile device)
  • Unique device identifiers and device attributes, like operating system and browser type
  • Usage data, such as: web log data, referring and exit pages and URLs, platform type, number of clicks, domain names, landing pages, pages and content viewed and the order of those pages, the amount of time spent on particular pages, the date and time you used our Services, the frequency of your use of our Services, error logs, and other similar information
  • Transactional data (non-content data about electronic transactions you start or review), such as: names and email addresses of end users, history of actions which we call audit logs and information about those individuals or their devices, such as name, email address, IP address, and authentication methods

Cookies and Related Technologies. We may use cookies, which are text files containing small amounts of information that are downloaded on your device (“Cookies”), or related technologies, such as web beacons, local shared objects and tracking pixels to store or collect information. We also allow others to use Cookies within the Services as described below. Cookies can store your preferences, your username, and help tailor advertisements.

Analytics. We use services like Google Analytics. They use Cookies to gather usage data and help us learn how people use our Services, such as the pages they visit and for how long and the website or page they were on before coming to a Botdoc website.

Tailored Advertising

Ads for Other Products & Services. Third parties whose products or services are marketed on our Services may place or read from Cookies on your computer or other device to collect information. They do this to (i) tailor and serve advertising based on information like past visits to our Services and other sites; and (ii) report the number of ads served and the responses to those ads;

Ads for our Products and Services. We may also use services, like Google, AdRoll, and Appnexus, to serve tailored ads about our products and Services to you on our Services and elsewhere. We allow these third parties to use and access their own cookies on your computer or other device(s) you use to access our Services. We do not have access to these cookies or related technologies, and this Privacy Policy does not govern the use of those cookies and related technologies.

For choices you have on cookies and related technologies, please see Section 5 of this Policy.  For additional information about cookies and related technologies, please go to our Cookies Policy at https://botdoc.io/cookies

Information We Collect from Other Sources. We may collect information about you from others, such as:

  • Third-Party Sources. Examples of third-party sources include marketers, partners, researchers, affiliates (like companies connected to Botdoc), and others where they are legally allowed to share your information with us. For example, if you register for our Services on another website, the website may provide your information to us.
  • Other Customers. Other customers may give us your information. For example, if a customer wants to Request documentation or Send you documentation in our Services, he or she will give us your email address, mobile and name.
  • Combining Information from Different Sources. We may combine the information we receive from other sources with information we collect from you (or your device) and use it as described in this Privacy Policy.

Other Customer Account Data We Collect and Why

We may collect information about you, as our customer, from publicly-available sources so we can understand our customer base better.

We may use publicly-available information about you through services like LinkedIn, or we may obtain information about your company from third party providers to help us understand our customer base better, such as your industry, the size of your company, and your company’s website URL.

Information We Collect from You.  You provide us with information about yourself when you:

  • Register or log in to your account
  • Push or Fetch an electronic document
  • Create or edit your user profile
  • Contact customer support
  • Comment on our blogs or in community forums

Examples of the information you provide are: name, email address, mailing address, phone number and billing information.

You also provide us with information about others when you use parts of our Services, such as when you:

  • Start or participate in an electronic transaction, such as a push or fetch (requests)
  • Add others as a user to an existing account
  • Leave comments

 How Botdoc Processes Your Personal Information

We, Botdoc, collect and process your personal information:

  • When you visit our public facing website, botdoc.io, sign up for a free Botdoc account, or make a request to receive information about Botdoc or our products;
  • When you contact Botdoc’s Sales Team or Customer Support Team; and
  • When you sign up for a Botdoc paid account and use our products and services.

We call this personal information Customer Account Data.

Data protection (aka privacy) laws in certain jurisdictions, like the European Economic Area (EEA), differentiate between “controllers” and “processors” of personal information. A controller decides why and how to process personal information.A processor processes personal information on behalf of a controller based on the controller’s instructions. When Botdoc processes your Customer Account Data, the Botdoc entity with whom you are contracting is acting as a controller.

When our customers use our Services, we process and store certain information on their behalf as a data processor. For example, when a customer (or the customer’s Authorized Users) uploads or downloads files or other documents for review we act primarily as a data processor and process information on the customer’s behalf and in accordance with their instructions. In those instances, the customer as the data controller is responsible for most aspects of the processing of the information. If you have any questions or concerns about how information is processed in these cases, including how to exercise your rights as a data subject, we recommend contacting the relevant customer.

Broadly speaking, we use Customer Account Data to further our legitimate interests to:

  • understand who our customers and potential customers are and their interests in Botdoc’s product and services
  • manage our relationship with you and other customers
  • carry out core business operations
  • help detect, prevent, or investigate security incidents, fraud and other abuse and/or misuse of our products and services.

How Botdoc Processes Your End Users’ Personal Information

Your end users’ personal information typically shows up on Botdoc’s platform in a few different ways:

  • Communications-related personal information about your end users, like your end users’ mobile numbers, email address, Name, or IP addresses, show up in our systems when you use or intend to use this information to contact your end user through use of our products and services.
  • Your end users’ personal information may show up in “friendly names,” which are strings you provide, if you choose to include your end users’ personal information as part of a string.
  • Your end users’ personal information may also be contained in the content of communications you (or your end users) push or pull using Botdoc’s products and services.

We call the information in the first two bullets above Customer Usage Data. The information in the third bullet is what we refer to as Customer Content.

As noted above, data protection (aka privacy) law in certain jurisdictions, like the EEA, differentiate between “controllers” and “processors” of personal information. When Botdoc processes Customer Content, we generally act as a processor. When we process Customer Usage Data, we act as a processor in many respects, but we may act as a controller in others. For example, we may need to use certain Customer Usage Data for the legitimate interests of billing, reconciling invoices with telecommunications carriers, and in the context of troubleshooting and detecting problems with the network.

What Customer Usage Data and Customer Content Botdoc Processes and Why

We use Customer Usage Data and Customer Content to provide services to you and to carry out necessary functions of our business as a communications service provider. We do not sell your end users’ personal information and we do not share your end users’ information with third parties for those third parties’ own business interests.

The particular end user personal information Botdoc processes when you, our customer, use our products and services and the reason Botdoc processes it depends on how you use our products and services and which Botdoc products and services you use.

In many cases, you can opt to store records of your communications (audit trail), or other activities, on Botdoc, which may include your end users’ personal information. You may also have the option to use additional features or tools within Botdoc’s products or services that allow you to do things such as audit Login Activity and/or Transactions Activity, including end user personal information, in your Botdoc account. In those cases, Botdoc will process this information to provide you with the service you request.

In addition, records containing end user personal information may, from time to time, also be used in debugging or troubleshooting or in connection with investigations of security incidents, as well as for the purposes of detecting and preventing spam or fraudulent activity and detecting and preventing network exploits and abuse.

  1. USE OF INFORMATION

In general, we collect, use and store or process your information to provide our Services, to fix and improve them, to develop new services, and to market our companies and their products and services. Here are some examples of how we use the information we process:

  • Provide you with the services and products you request and collect payments
  • Send you records of our relationship, including for purchases or other events
  • Market features, products, or special events using email or mobile or send you marketing communications about third party products and services we think may be of interest to you
  • Record details about what happens with electronic documents, such as who viewed, the devices used and when these events occur
  • Choose and deliver content and tailored advertising
  • Create and review data about our users and how they use our Services
  • Test changes in our Services and develop new features and products
  • Fix problems you may have with our Services, including answering support questions and resolving disputes
  • Manage the Botdoc platform including support systems and security
  • Prevent, investigate and respond to: fraud, unauthorized access to or use of our Services, breaches of terms and policies, or other wrongful behavior
  • Meet legal retention periods

Lawful Basis for Processing Your Information. If European data protection law applies and Botdoc acts as a controller, our lawful basis for collecting and using the information described in this Privacy Policy will depend on the information concerned and the specific context in which we collect or use it.

We normally collect or use information from you or others only where we have your consent to do so, where we need the information to perform a contract with you, or where the processing is in our legitimate interests and not overridden by your data protection interests or fundamental rights and freedoms. In some cases, we may have a legal obligation to collect or retain personal information or may need the personal information to protect your vital interests or those of another person. For example, when we:

  • Use information to create and manage an account, we need it in order to provide relevant services.
  • Gather and record data associated with use of a digital certificate, it is to comply with regulations.
  • Use names and email addresses for email marketing purposes, we do so with your consent (which you can revoke at any time).
  • Gather usage data and analyze it to improve our Services, we do so based on our legitimate interest in safeguarding and improving our Services.

If you have questions about or need further information concerning the lawful basis on which we collect and use your personal information, please contact us using the contact details provided in Section ­­12 of this Privacy Policy.

  1. INFORMATION SHARING

We do not sell or allow your Customer Account Data to be used by third parties for their own marketing purposes. Further, we do not sell your end users’ personal information (whether contained in Customer Usage Data or Customer Content). And, we do not share it with third parties for their own marketing or other purposes.

We share information as follows:

  • Service Providers. Botdoc engages certain third-party service providers to carry out certain data processing functions on our behalf. These providers are limited to only accessing or using this data to provide services to us and must provide reasonable assurances they will appropriately safeguard the data.  These companies provide services like search technology, advertising, authentication systems, bill collection, fraud detection, and customer support.
  • Affiliates/Resellers. Over time, Botdoc may grow and reorganize. We may share your personal information with affiliates such as a subsidiary, joint venture partners or other companies that we control or that are under common control with us, in which case we will require those companies to agree to use your personal information in a way that is consistent with this Privacy Policy.
  • Safety, Security, and Compliance with Law. We may share your information to follow applicable law, or to respond to legal process (like a subpoena). We also may share your information when there are threats to the physical safety of any person, violations of this Privacy Policy or other agreements, or to protect the legal rights of third parties, including our employees, users, or the public.
  • Business Transactions. We may share your information during a corporate transaction like a merger, reorganization or sale of our assets. If a corporate transaction occurs, personal information that we have collected from users would be one of the assets transferred to or acquired by that third party. This Privacy Policy will continue to apply to your information, and any acquirer would only be able to handle your personal information as per this policy (unless you give consent to a new policy). We will provide you with notice of a corporate transaction within thirty (30) days following the completion of such a transaction, by posting on our homepage, and by email to your email address that you provided to us. If you do not consent to the use of your personal information by such a successor company, you may request its deletion from the company.
  • Aggregated or deidentified data. We might also share data with third parties if the data has been de-identified or aggregated in a way, so it cannot be used to identify you or your end users.
  • Consent. We may share your information in other ways if you have asked us to do so or have given consent. For example, with your consent, we post user testimonials that may identify you.

Your information may also be shared as described below:

Other users. When you make a Request from others through your account, we share selected information with them via an electronic business card at completion of the Request. For example, if you send a Request to Pull information from another user, once that Request is completed the end user will see selected information (that you control) which could be your name, business name, mobile and email address.

When you Send or Push information to another user, we share that content with them.

Third Parties. When you make a payment to another user within our Services, we share your payment method details with the third-party payment processor.

Public Information.

  • User-Generated Content. When you comment on our blogs or in our community forums, this information may also be read, collected, and used by others.
  • Profile Information. When you create a Botdoc profile, end users can view your profile information only if you have selected the checkbox for electronic business card after all completed Requests.

Your Employer or Organization. When you create an account or user role with an email address assigned to you as an employee, contractor or member of an organization, such as yourname@youremployer.com or yourname@nonprofit.org, that organization (if it is a Botdoc customer with certain features) can find your account and take certain actions that may affect your account.

  1. RETENTION OF INFORMATION

We keep your personal information for no longer than necessary for the purposes for which it is processed. The length of time for which we retain information depends on the purposes for which we collected and use it and/or as required to comply with applicable laws. Where there are technical limitations that prevent deletion or anonymization, we safeguard personal data and limit active use of it.

If you ask Botdoc to delete specific personal information from your Customer Account Data, we will honor this request unless deleting that information prevents us from carrying out necessary business functions, like billing for our services, or conducting required audits.

  1. YOUR CHOICES

This section describes many of the actions you can take to change or limit the collection or use of your information.

  • You are not required to fill out a profile. If you do, you can access and review this information. If any information is inaccurate or incomplete, you can make changes in your account settings.
  • Marketing Messages. You can opt out of email marketing messages we send. You can opt out of these messages by clicking on the “unsubscribe” link in the email message. Please note that we may send you one message to confirm you want to opt out. If you are a registered user of our Services, or if you have engaged in transactions with us, we may continue to send transactional or relationship messages (e.g., account notifications) after you opt out of marketing messages. To opt out of other direct marketing from us, please contact us using the email in Section 12 of this Privacy Policy.
  • Cookies and Other Related Technology. You can choose to decline cookies through your browser settings. However, if you decline cookies, you may not be able to use some parts of our Services.

To exercise choices for tailored advertising, please visit the following sites (please note that you may still receive advertising content, but it will not be tailored to you):

Device and Usage Information. If you do not want us to see your device location, you can turn off location sharing on your device, change your device privacy settings, or decline to share location on your browser.

Closing Your Account. If you wish to close your account, you may email us at the email address listed in Section 12 to close your account.

Complaints. We are committed to resolving valid complaints about your privacy and our collection or use of your personal data. For questions or complaints regarding our data use practices or Privacy Policy, please contact us using the email address listed in Section 12 of this Privacy Policy.

  1. HOW WE PROTECT YOUR INFORMATION

To keep your information safe, we use physical, electronic, and managerial tools. We apply these tools based on the sensitivity of the information we collect, use, and store, and the current state of technology.

All our sensitive data is stored in an encrypted and secure environment, separated from other data; all the data generated by your account will always be accessible by the account owner, and our employees don’t have access to payload nor the metadata generated on the transactions only when necessary for the product to function.

We are also proud to say that we are the only technology that is totally agnostic to the payload sent by your clients, we don’t know what’s being sent, and as soon as we delivery, the payload is overwritten and deleted.

In order to maintain our security compliances, we have regular security audits that are run daily and weekly and can be requested by our clients at any time.

All employees do go through a background check.

Although we take steps to prevent unauthorized access to or use of personal information, the Internet and our Services are not 100% secure. For this reason, we are not able to guarantee that information we collect or store will always be protected from unauthorized access, or that it will only be used as described in this Privacy Policy.

To protect the confidentiality of your account and protect from unauthorized use of your account, we recommend enabling two-factor authentication for your account.   Similarly, if you provision an API Key, you should store your API Key in a secure location.

  1.  Users From Outside the United States. 

By using the Services, you acknowledge that your information will be processed as descried in this Privacy Policy and consent to having your information transferred to our affiliates and facilities in the United States or elsewhere, and to the facilities of those third parties with whom we share it as described in this Privacy Policy.  Botdoc employs appropriate safeguards for cross-border transfers of personal data, as required by applicable local law, including the EU-U.S. Privacy and Swiss – U.S. Privacy Shield Frameworks (see below)

Transfers to the U.S. and Third Countries. If you are established in Switzerland or the European Economic Area (“EEA”), you understand and acknowledge that Botdoc may transfer your personal data outside of Switzerland and the EEA for processing and it shall only be done with adequate protections in place and in compliance with applicable laws and standards. For data transfers to the U.S. from the E.U. Botdoc complies with all applicable laws and standards in the U.S. & E.U (and as it may be amended over time) regarding the collection, use, retention and disclosure of personal information from the E.U. and E.E.A. to the U.S., and certifies its adherence to the law and these policy principles of notice, choice, onward transfer, security, data integrity, access, enforcement, and the applicable supplemental principles (see below paragraph for details).   Upon your explicit written request, Botdoc may execute Standard Contractual Clauses approved by the European Commission for the benefit of the customer (“Customer SCCs”) in order to ensure adequate protection for the Personal Data in accordance with the requirements of the EU General Data Protection Regulation.

Disclosures & Accountability for Onward Transfers.  Consistent with the Principles, Botdoc may transfer personal information to third parties, including transfers from one country to another.  We will only disclose an individual’s non-public personal information to third parties under one or more of the following conditions:

  • The disclosure is to a third-party providing services to Botdoc, or to the individual, in connection with the operation of our business, and as consistent with the purpose for which the personal information was collected. We maintain written contracts with these third parties and require that these third parties provide at least the same level of privacy protection and security as required by the Privacy Shield Principles. To the extent provided by the Principles, Botdoc remains responsible and liable under the Privacy Shield Principles if a third-party that it engages to process personal information on its behalf does so in a manner inconsistent with the Privacy Shield Principles, unless Botdoc proves that it is not responsible for the matter giving rise to the damage.
  • With the individual’s permission to make the disclosure;
  • Where required to the extent necessary to meet a legal obligation to which Botdoc is subject, including a lawful request by public authorities and national security or law enforcement obligations and applicable law, rule, order, or regulation.
  • Where reasonably necessary for compliance or regulatory purposes, or for the establishment of legal claims.

Other Rights

  • You can access and review information associated with your account at any time. You also can request the following information: how we collect and use your information and why; the categories of personal data involved; the categories of recipients of your personal data; how we received your personal data; and how long we use or store your personal data or the manner in which we determine relevant retention periods.
  • You also have a right to correct your personal data. In certain situations, you can ask that we erase or stop using your information (and object to use of your personal data).
  • Where we rely on your consent to process your personal data, you have the right to decline consent and/or if provided, to withdraw consent at any time. This will not affect the lawfulness of processing prior to the withdrawal of your consent. At any time, you can request that we stop using your information for direct marketing purposes. See Section 5 of our Privacy Policy for more information on your choices.
  • You have a right to provide us with guidance on the use, storage, and deletion of your personal data after your death.
  • You have a right to raise questions or complaints with your local data protection authority at any time.

If you wish to exercise these rights, please contact us at privacy@botdoc.io

Botdoc complies with the EU-U.S. Privacy Shield Framework and Swiss-U.S. Privacy Shield Framework as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of personal information transferred from the European Union and Switzerland to the United States.  Botdoc has certified to the Department of Commerce that it adheres to the Privacy Shield Principles of both Frameworks, and any reference to “Privacy Shield Principles” shall include such Principles under both the EU and Swiss Frameworks.  If there is any conflict between the terms in this privacy policy and the Privacy Shield Principles, the Privacy Shield Principles shall govern.  For further information about the requirements for compliance with the Privacy Shield, and further detail about the Privacy Shield Principles, please visit https://www.privacyshield.gov/

In compliance with the Privacy Shield Principles, Botdoc commits to resolve complaints about our collection or use of your personal information.  EU and Swiss individuals with inquiries or complaints regarding our Privacy Shield policy should first contact us if you have any complaint or concern regarding your PII (personal data) under this Privacy Policy, or arising under the Privacy Policy please contact us at privacy@botdoc.io (see section 14 below). We suggest that you put in the subject line of any email or communication “Privacy Policy” or “Privacy Complaint.”  We will respond within 30 days.

If you do not receive timely acknowledgment by us of your complaint, or if your complaint is not satisfactorily addressed by us, please contact our U.S.-based third-party dispute resolution provider JAMS (free of charge) at https://www.jamsadr.com/eu-us-privacy-shield.  If you still believe that your complaint or dispute has not been resolved, you can invoke binding arbitration as a last resort (if permitted with respect to your complaint), by providing notice to us in the manner indicated in Annex I to the EU – U.S. Privacy Shield Principles, available online, and following the procedures set forth in such Annex.  The location of the arbitration will be in the United States. You may choose video or telephone participation, which will be provided at no cost to you. In-person participation will not be required.  To the maximum extent permitted by applicable law, you will not be entitled to recover attorneys’ or arbitration fees, even if you would otherwise be entitled to them. In addition, EU citizens have the right to initiate a private cause of action.  Finally, with respect to any PII transferred from Switzerland to the U.S., the Swiss Federal Data Protection and Information Commissioner’s authority shall substitute for the EU Data Protection Authority, and Botdoc agrees to cooperate with such Swiss Commissioner in this context. Botdoc commits to follow up in its verification that the attestations and assertions made in this Privacy Policy are true, and to remedy any problems that may arise if we fail to comply with the Privacy Shield Principles.

Mediation: You also agree that, in the event any dispute or claim arising out of or relating to your use of the Site or the Services or this Privacy Policy that does not relate to your PII (personal data), or that is not covered by the previous paragraph, you and Botdoc will attempt in good faith to negotiate a written resolution of the matter directly between the parties. You agree that if the matter remains unresolved for forty-five (45) days after notification (via certified mail or personal delivery) that a dispute exists, all parties shall join in mediation services in Denver, Colorado with a mutually agreed mediator in an attempt to resolve the dispute. Should you file any arbitration claims, or any administrative or legal actions without first having attempted to resolve the matter by mediation, then you agree that to the maximum extent permitted by applicable law, you will not be entitled to recover attorneys’ fees, even if you would otherwise be entitled to them.

The Federal Trade Commission has jurisdiction over Botdoc’s compliance with the Privacy Shield and for more information on privacy shield please research at https://www.privacyshield.gov/

  1. Children’s Privacy.

We do not knowingly permit children (under the age of 13 in the US or 16, if you live in the EEA) to sign up for a Botdoc account. If we discover someone who is underage has signed up for a Botdoc account, we will take reasonable steps to promptly remove that person’s personal information from our records. If you believe a person who is underage has signed up for a Botdoc account, please contact us at privacy@botdoc.io

  1. Your California Privacy Rights.

If you are a California resident, you may ask for a list of third parties that have received your information for direct marketing purposes during the previous calendar year. This list also contains the types of information shared. We provide this list at no cost. We do not share your information with third parties for their own marketing purposes.

  1. Changes to this Privacy Policy.

We may change our Privacy Policy from time to time. If we make changes we’ll revise the “Effective” date at the top of this statement, and will provide additional notice such as on the Botdoc website homepage, account portal sign-in page, or via the email address we have on file for you.   We will provide a prominent statement stating the changes are in effect and your continued use of our website or services is your consent to the new privacy policy following the change(s).  We will comply with applicable law with respect to any changes we make to this notice and seek your consent to any material changes if this is required by applicable law.

  1. Legal Basis for Processing Personal Information (EEA only)

If you are from the EEA, our legal basis for collecting and using the personal information described above will depend on the personal information concerned and the specific context in which we collect it.

However, we will normally collect personal information from you only where we need the personal information to perform a contract with you, or where the processing is in our legitimate interests and not overridden by your data protection interests or fundamental rights and freedoms, or where we have your consent to do so. In some cases, we may also have a legal obligation to collect personal information from you or may otherwise need the personal information to protect your vital interests or those of another person such as in the case where we request personal information from you in the context of a government audit or in response to a request from law enforcement.

If you have questions about or need further information concerning the legal basis on which we collect and use your personal information, please contact us using the contact information provided in the introduction section of this privacy statement.

HIPAA

The Health Insurance Portability and Accountability Act of 1996 (HIPAA) requires that access to Protected Health Information (PHI) will be managed to safeguard the integrity, confidentiality, and availability of electronic PHI (ePHI) data.  Each user is responsible for following applicable regulations when it comes to their creation, maintaining and transporting ePHI or PHI.  Determining which security measure to implement is a decision that covered entities must make based on what is reasonable and appropriate for their specific organization, considering their own unique characteristics, as specified in 164.306(b) the Security Standards: General rules, Flexibility of approach.  BotDoc does comply with all Security Rules related to HIPAA compliance and has documented all levels.

FERPA

Certain information that may be provided to Botdoc by School Personnel that is directly related to a student and maintained by an Institution, may be considered an education record (“Education Record”) under the Family Educational Rights and Privacy Act (“FERPA”). Additionally, certain information, provided to Botdoc by School Personnel about a student, such as student name and grade level, may be considered directory information under FERPA (“Directory Information”) and thus not an Education Record. A school may not generally disclose personally identifiable information from an eligible student’s education records to a third party without written consent of the parent and/or eligible student or without meeting one of the exemptions set forth in FERPA (“FERPA Exemption(s)”), including the exemption for Directory Information (“Directory Information Exemption”) or disclosure to school officials with a legitimate educational interest (“School Official Exemption”).

As School Personnel or Institution providing Directory Information or any Education Record to Botdoc, you represent, warrant and covenant to Botdoc, as applicable, that your Institution has:

  • (i) complied with the Directory Information Exemption, including, without limitation, informing parents and eligible students what information the Institution deems to be directory information and allowing parents and eligible students a reasonable amount of time to request that schools not disclose directory information about them; and/or
  • (ii) complied with the School Official Exemption, including, without limitation, informing parents in their annual notification of FERPA rights that the Institution defines “school official” to include service providers and defines “legitimate educational interest” to include services such as the type provided by Botdoc; or
  • (iii) obtained all necessary parental or eligible student written consent to share the Directory Information and Educational Records with Company, in each case, solely to enable Company’s operation of the Service.
  • (iv) student data should only be shared with third parties that are consistent with the same privacy policy or pledge principles that pledge members adhere to.

Botdoc will never share Education Records with third parties except (i) as directed by a Botdoc user (i.e., teacher sharing with another teacher or parent); or (ii) to our service providers that are necessary for us to provide the Service, as stated in this Privacy Policy. Education Records are never used or disclosed for third party advertising or any kind of first- or third-party behaviorally-targeted advertising to students or parents. Additionally, information collected directly from a student using Botdoc is never used or disclosed for third party advertising, or any kind of first- or third-party behaviorally-targeted advertising, and personal information collected from a student is never sold or rented to anyone. This section shall not be construed (i) to prohibit Botdoc from marketing or advertising directly to parents so long as the marketing or advertising did not result from the use of Educational Records to provide behaviorally targeted advertising or (ii) to limit the ability of Botdoc to use student information or Educational Records for adaptive learning or customized student learning purposes. (Botdoc does not create or keep student profiles for non-educational purposes)

Botdoc will not collect, maintain, use, or share student personal information beyond that needed for authorized educational/school purposes, or as authorized by the parent/student. ‘Educational/School purposes’ are services or functions that customarily take place at the direction of the educational institution/agency or their teacher/employee, for which the institutions or agency would otherwise use its own employees, and that aid in the administration or improvement of educational and school activities (e.g., instruction, administration, and development and improvement of products/services intended for educational/school use).

  1. How to Contact Us

If there are any questions, any disputes relating to our data protection practices or suggestions regarding our Privacy Policy, you may contact us at privacy@botdoc.io or via postal mail at Botdoc, Attention: Privacy Team,  15954 Jackson Creek Parkway, Ste B572, Monument, CO 80132

 

Menu

Read More