Effective May 8, 2019
Botdoc’s core product and services help users create, complete, and show the validity of digital or electronic transactions. Botdoc is a secure transportation vehicle for sensitive data. As part of our Services, users want us to collect and record information that helps the users prove the validity of the transactions. This information includes the persons who are involved in the transactions and the devices those persons use.
Botdoc processes two broad categories of personal information when you use our products and services:
- Your personal information as a user or developer customer (or potential user or developer customer) of Botdoc – information that we refer to as Customer Account Data, and
- The personal information of your end users’ who use or interact with you or your application that you’ve built from Botdoc’s platform – this category contains both your Customer Usage Data (e.g., communications metadata) and your Customer Content (e.g., the contents of communications).
Botdoc processes these categories of personal information differently because the direct relationship we have with you, our customer, is different than the indirect relationship we have with your end users.
- HOW WE COLLECT AND PROCESS INFORMATION?
To provide and improve our Services and to support advertising and marketing, we collect information about visitors to our sites, users of our Services (Customer Account Data), the devices they use, and sometimes their locations.
When you visit our website or request more information about Botdoc, we collect information automatically using tracking technologies, like cookies, and through web forms where you type in your information. We collect this information to provide you with what you request through the web form, to learn more about who is interested in our products and services, and to improve navigation experience on our pages.
We collect certain information directly from you, such as when you fill out forms with a name or email address. We collect other information, usually about devices, browsers, or locations, automatically (without you typing it into a form). We may also collect information about you from other sources, such as if we purchase a list of contact information of people who may be interested in our Services.
You have choices about whether you visit our sites, install our apps, or provide information to us. However, if you do not provide us with certain information, you may not be able to use some parts of our Services.
Information You Share Directly: In some places on Botdoc’s public-facing website, you can fill out web forms to ask to be contacted by our Sales Team, sign up for a newsletter, or take a survey. The specific personal information requested on these forms will vary based on the purpose of the form. We will ask you for information necessary for us to provide you with what you request through the form (for example, we will ask you for your email address if you want to sign up for an email newsletter and for your phone number if you want a member of our Sales Team to call you). We may also ask you for additional information to help us understand you better as a customer like your Botdoc use case, your company name, or your role at your company. If you sign up to receive ongoing marketing communications from Botdoc, like a newsletter, you can always choose to opt-out of further communications through a preferences page which will be linked from any marketing email you receive from Botdoc. Or, you can contact our Support Team to communicate your choice to opt-out (see Sections 5 & 12 below).
Information We Collect Automatically: When you visit Botdoc website, including our web forms, we and our service providers acting on our behalf automatically collect certain information using tracking technologies like cookies, web beacons, and similar technologies. We use this information to understand how visitors to our websites are using them and which pages and features of the websites are most popular. This helps us understand how we can improve our websites and track performance of our advertisements.
What Customer Account Data We Processes When You Communicate with Our Sales or Customer Support Teams and Why
You may share personal information, like your contact information, with a member of our Sales or
Customer Support Team when you communicate with them. We keep a record of this interaction.
If you contact our Sales or Customer Support Teams, those teams keep a record of that communication, including your contact details and other information you share during the course of the communication. We store this information to help us keep track of the inquiries we receive from you and from customers generally, so we can improve our products and services and provide training to team members. This information also helps our teams manage our ongoing relationships with our customers. Because we store a record of these communications, please be thoughtful about what information you share with our Sales and Customer Support Teams. While we will take appropriate measures to protect any sensitive information you share with us, it is best to avoid sharing any personal or other sensitive information in these communications not necessary for these teams to assist you.
What Customer Account Data We Processes When You Sign Up for and Log Into a Botdoc Account and Why
When you sign up for a Botdoc account, we ask for certain information like your contact details and billing information so we can communicate with you and so you can pay for our products and services. We also collect some information automatically, like your IP address, when you log in to your account or when your software application built on Botdoc makes requests to our APIs. We use this to understand who is using our services and how, and to detect, prevent and investigate fraud, abuse, or security incidents.
Information You Share Directly: When you sign up for a Botdoc account, you’ll be asked to give us your name, email address, username and optionally, your company name, and to create a password. We collect this information so we know who you are, we can communicate with you about your account(s), and we can recognize you when you communicate with us through the account portal or otherwise.
We also use your email address to send you information about other Botdoc products, services or events in which we think you may be interested. You can opt out of further marketing communications through your marketing preferences page linked from any marketing email you receive from Botdoc. Or, you can contact our Support Team to communicate your choice to opt-out.
When you first sign up for an account, we also ask you for a mobile number so we can communicate a verification code to that mobile number and have you enter the code into our website. This helps us ensure you’re actually a human being. A Botdoc team member may also contact you at this number to help you with onboarding unless you tell us you don’t want us to contact you.
When you set up two-factor authentication for your account, we’ll ask you to enter a mobile number or email address to set up the process. You have the option to use that mobile number or email address as the method for us to communicate verification codes to you to verify that it is you logging into your account.
When you upgrade your trial account, we’ll ask you to provide our payment processor with your payment method information like a credit card and/or your billing address. Our payment processor, acting on our behalf, gathers this so we can bill you for your use of our products and services. Our payment processor will share your billing address with Botdoc.
For some products, we may also have to obtain a physical address from you, including proof of address or other identification information. For example, to get a phone number in certain countries, local law may require us to have a physical service address on file for you or your end user and/or proof of identity and physical service address. We may have to share your service or billing address with the telecommunications carrier from whom Botdoc obtained the phone number or with local government authorities upon their request.
Similarly, for some of our products, you may have to complete an application form providing details about your company and your intended use of the product, like when you are interested in getting a short code. We’ll use this information for the purpose for which it was gathered from you. We may also use it in connection with improving our own internal processes and services or training our team members.
Information We Generate or Collect Automatically. When you sign up for an account with Botdoc, we’ll automatically assign you and your account(s) unique IDs. Developer user will generate an API token for each of your accounts. API key requests that are generated are tied to your account email address and we keep a record of these credentials, so we know it is you making the requests when your application makes requests to our API using these credentials.
In addition, when you use our account portal, we collect your IP address and other data through tracking technologies like cookies, web beacons, and similar technologies. We use this information to understand how customers are using our platform, who those customers are (if they are a company and the IP address is associated with that company), what country they are logging in from (for analytics and export control purposes), and to help improve the navigation experience.
Note that we also collect the IP address of your devices or servers when you make requests to our APIs. When you use our APIs, we also collect and process the information contained in those interactions.
All information we collect when you sign up for a Botdoc account and interact with the Botdoc account portal or our products or services may be used to detect, prevent, or investigate security incidents, fraud, or abuse and misuse of our platform and services.
The information we automatically collect includes:
Device, Usage Information, and Transactional Data. We collect information about how you use our Services and the computers or other devices, such as mobile phones or tablets, you use to access our Services. Some examples include:
- IP address
- Precise geolocation information that you allow our apps to access (usually from your mobile device)
- Unique device identifiers and device attributes, like operating system and browser type
- Usage data, such as: web log data, referring and exit pages and URLs, platform type, number of clicks, domain names, landing pages, pages and content viewed and the order of those pages, the amount of time spent on particular pages, the date and time you used our Services, the frequency of your use of our Services, error logs, and other similar information
- Transactional data (non-content data about electronic transactions you start or review), such as: names and email addresses of end users, history of actions which we call audit logs and information about those individuals or their devices, such as name, email address, IP address, and authentication methods
Ads for Other Products & Services. Third parties whose products or services are marketed on our Services may place or read from Cookies on your computer or other device to collect information. They do this to (i) tailor and serve advertising based on information like past visits to our Services and other sites; and (ii) report the number of ads served and the responses to those ads;
For choices you have on cookies and related technologies, please see Section 5 of this Policy. For additional information about cookies and related technologies, please go to our Cookies Policy at https://botdoc.io/cookies
Information We Collect from Other Sources. We may collect information about you from others, such as:
- Third-Party Sources. Examples of third-party sources include marketers, partners, researchers, affiliates (like companies connected to Botdoc), and others where they are legally allowed to share your information with us. For example, if you register for our Services on another website, the website may provide your information to us.
- Other Customers. Other customers may give us your information. For example, if a customer wants to Request documentation or Send you documentation in our Services, he or she will give us your email address, mobile and name.
Other Customer Account Data We Collect and Why
We may collect information about you, as our customer, from publicly-available sources so we can understand our customer base better.
We may use publicly-available information about you through services like LinkedIn, or we may obtain information about your company from third party providers to help us understand our customer base better, such as your industry, the size of your company, and your company’s website URL.
Information We Collect from You. You provide us with information about yourself when you:
- Register or log in to your account
- Push or Fetch an electronic document
- Create or edit your user profile
- Contact customer support
- Comment on our blogs or in community forums
Examples of the information you provide are: name, email address, mailing address, phone number and billing information.
You also provide us with information about others when you use parts of our Services, such as when you:
- Start or participate in an electronic transaction, such as a push or fetch (requests)
- Add others as a user to an existing account
- Leave comments
How Botdoc Processes Your Personal Information
We, Botdoc, collect and process your personal information:
- When you visit our public facing website, botdoc.io, sign up for a free Botdoc account, or make a request to receive information about Botdoc or our products;
- When you contact Botdoc’s Sales Team or Customer Support Team; and
- When you sign up for a Botdoc paid account and use our products and services.
We call this personal information Customer Account Data.
Data protection (aka privacy) laws in certain jurisdictions, like the European Economic Area (EEA), differentiate between “controllers” and “processors” of personal information. A controller decides why and how to process personal information.A processor processes personal information on behalf of a controller based on the controller’s instructions. When Botdoc processes your Customer Account Data, the Botdoc entity with whom you are contracting is acting as a controller.
When our customers use our Services, we process and store certain information on their behalf as a data processor. For example, when a customer (or the customer’s Authorized Users) uploads or downloads files or other documents for review we act primarily as a data processor and process information on the customer’s behalf and in accordance with their instructions. In those instances, the customer as the data controller is responsible for most aspects of the processing of the information. If you have any questions or concerns about how information is processed in these cases, including how to exercise your rights as a data subject, we recommend contacting the relevant customer.
Broadly speaking, we use Customer Account Data to further our legitimate interests to:
- understand who our customers and potential customers are and their interests in Botdoc’s product and services
- manage our relationship with you and other customers
- carry out core business operations
- help detect, prevent, or investigate security incidents, fraud and other abuse and/or misuse of our products and services.
How Botdoc Processes Your End Users’ Personal Information
Your end users’ personal information typically shows up on Botdoc’s platform in a few different ways:
- Communications-related personal information about your end users, like your end users’ mobile numbers, email address, Name, or IP addresses, show up in our systems when you use or intend to use this information to contact your end user through use of our products and services.
- Your end users’ personal information may show up in “friendly names,” which are strings you provide, if you choose to include your end users’ personal information as part of a string.
- Your end users’ personal information may also be contained in the content of communications you (or your end users) push or pull using Botdoc’s products and services.
We call the information in the first two bullets above Customer Usage Data. The information in the third bullet is what we refer to as Customer Content.
As noted above, data protection (aka privacy) law in certain jurisdictions, like the EEA, differentiate between “controllers” and “processors” of personal information. When Botdoc processes Customer Content, we generally act as a processor. When we process Customer Usage Data, we act as a processor in many respects, but we may act as a controller in others. For example, we may need to use certain Customer Usage Data for the legitimate interests of billing, reconciling invoices with telecommunications carriers, and in the context of troubleshooting and detecting problems with the network.
What Customer Usage Data and Customer Content Botdoc Processes and Why
We use Customer Usage Data and Customer Content to provide services to you and to carry out necessary functions of our business as a communications service provider. We do not sell your end users’ personal information and we do not share your end users’ information with third parties for those third parties’ own business interests.
The particular end user personal information Botdoc processes when you, our customer, use our products and services and the reason Botdoc processes it depends on how you use our products and services and which Botdoc products and services you use.
In many cases, you can opt to store records of your communications (audit trail), or other activities, on Botdoc, which may include your end users’ personal information. You may also have the option to use additional features or tools within Botdoc’s products or services that allow you to do things such as audit Login Activity and/or Transactions Activity, including end user personal information, in your Botdoc account. In those cases, Botdoc will process this information to provide you with the service you request.
In addition, records containing end user personal information may, from time to time, also be used in debugging or troubleshooting or in connection with investigations of security incidents, as well as for the purposes of detecting and preventing spam or fraudulent activity and detecting and preventing network exploits and abuse.
- USE OF INFORMATION
In general, we collect, use and store or process your information to provide our Services, to fix and improve them, to develop new services, and to market our companies and their products and services. Here are some examples of how we use the information we process:
- Provide you with the services and products you request and collect payments
- Send you records of our relationship, including for purchases or other events
- Market features, products, or special events using email or mobile or send you marketing communications about third party products and services we think may be of interest to you
- Record details about what happens with electronic documents, such as who viewed, the devices used and when these events occur
- Choose and deliver content and tailored advertising
- Create and review data about our users and how they use our Services
- Test changes in our Services and develop new features and products
- Fix problems you may have with our Services, including answering support questions and resolving disputes
- Manage the Botdoc platform including support systems and security
- Prevent, investigate and respond to: fraud, unauthorized access to or use of our Services, breaches of terms and policies, or other wrongful behavior
- Meet legal retention periods
We normally collect or use information from you or others only where we have your consent to do so, where we need the information to perform a contract with you, or where the processing is in our legitimate interests and not overridden by your data protection interests or fundamental rights and freedoms. In some cases, we may have a legal obligation to collect or retain personal information or may need the personal information to protect your vital interests or those of another person. For example, when we:
- Use information to create and manage an account, we need it in order to provide relevant services.
- Gather and record data associated with use of a digital certificate, it is to comply with regulations.
- Use names and email addresses for email marketing purposes, we do so with your consent (which you can revoke at any time).
- Gather usage data and analyze it to improve our Services, we do so based on our legitimate interest in safeguarding and improving our Services.
- INFORMATION SHARING
We do not sell or allow your Customer Account Data to be used by third parties for their own marketing purposes. Further, we do not sell your end users’ personal information (whether contained in Customer Usage Data or Customer Content). And, we do not share it with third parties for their own marketing or other purposes.
We share information as follows:
- Service Providers. Botdoc engages certain third-party service providers to carry out certain data processing functions on our behalf. These providers are limited to only accessing or using this data to provide services to us and must provide reasonable assurances they will appropriately safeguard the data. These companies provide services like search technology, advertising, authentication systems, bill collection, fraud detection, and customer support.
- Aggregated or de–identified data. We might also share data with third parties if the data has been de-identified or aggregated in a way, so it cannot be used to identify you or your end users.
- Consent. We may share your information in other ways if you have asked us to do so or have given consent. For example, with your consent, we post user testimonials that may identify you.
Your information may also be shared as described below:
Other users. When you make a Request from others through your account, we share selected information with them via an electronic business card at completion of the Request. For example, if you send a Request to Pull information from another user, once that Request is completed the end user will see selected information (that you control) which could be your name, business name, mobile and email address.
When you Send or Push information to another user, we share that content with them.
Third Parties. When you make a payment to another user within our Services, we share your payment method details with the third-party payment processor.
- User-Generated Content. When you comment on our blogs or in our community forums, this information may also be read, collected, and used by others.
- Profile Information. When you create a Botdoc profile, end users can view your profile information only if you have selected the checkbox for electronic business card after all completed Requests.
Your Employer or Organization. When you create an account or user role with an email address assigned to you as an employee, contractor or member of an organization, such as firstname.lastname@example.org or email@example.com, that organization (if it is a Botdoc customer with certain features) can find your account and take certain actions that may affect your account.
- RETENTION OF INFORMATION
We keep your personal information for no longer than necessary for the purposes for which it is processed. The length of time for which we retain information depends on the purposes for which we collected and use it and/or as required to comply with applicable laws. Where there are technical limitations that prevent deletion or anonymization, we safeguard personal data and limit active use of it.
If you ask Botdoc to delete specific personal information from your Customer Account Data, we will honor this request unless deleting that information prevents us from carrying out necessary business functions, like billing for our services, or conducting required audits.
- YOUR CHOICES
This section describes many of the actions you can take to change or limit the collection or use of your information.
- You are not required to fill out a profile. If you do, you can access and review this information. If any information is inaccurate or incomplete, you can make changes in your account settings.
- Cookies and Other Related Technology. You can choose to decline cookies through your browser settings. However, if you decline cookies, you may not be able to use some parts of our Services.
To exercise choices for tailored advertising, please visit the following sites (please note that you may still receive advertising content, but it will not be tailored to you):
- Network Advertising Initiative’s Consumer Opt-Out Link
- Digital Advertising Alliance’s Consumer Opt-Out Link
- TRUSTe’s Advertising Choices
- To change how Google Analytics collects and uses your information, you may install the Google Analytics Opt-Out Browser by clicking Google Ads Settings page.
- For your mobile devices, please read your operating system’s instructions.
- We do recognize and respond to browser-initiated Do Not Track signals.
Device and Usage Information. If you do not want us to see your device location, you can turn off location sharing on your device, change your device privacy settings, or decline to share location on your browser.
Closing Your Account. If you wish to close your account, you may email us at the email address listed in Section 12 to close your account.
- HOW WE PROTECT YOUR INFORMATION
To keep your information safe, we use physical, electronic, and managerial tools. We apply these tools based on the sensitivity of the information we collect, use, and store, and the current state of technology.
All our sensitive data is stored in an encrypted and secure environment, separated from other data; all the data generated by your account will always be accessible by the account owner, and our employees don’t have access to payload nor the metadata generated on the transactions only when necessary for the product to function.
We are also proud to say that we are the only technology that is totally agnostic to the payload sent by your clients, we don’t know what’s being sent, and as soon as we delivery, the payload is overwritten and deleted.
In order to maintain our security compliances, we have regular security audits that are run daily and weekly and can be requested by our clients at any time.
All employees do go through a background check.
To protect the confidentiality of your account and protect from unauthorized use of your account, we recommend enabling two-factor authentication for your account. Similarly, if you provision an API Key, you should store your API Key in a secure location.
- Users From Outside the United States.
Transfers to the U.S. and Third Countries. If you are established in Switzerland or the European Economic Area (“EEA”), you understand and acknowledge that Botdoc may transfer your personal data outside of Switzerland and the EEA for processing and it shall only be done with adequate protections in place and in compliance with applicable laws and standards. For data transfers to the U.S. from the E.U. Botdoc complies with all applicable laws and standards in the U.S. & E.U (and as it may be amended over time) regarding the collection, use, retention and disclosure of personal information from the E.U. and E.E.A. to the U.S., and certifies its adherence to the law and these policy principles of notice, choice, onward transfer, security, data integrity, access, enforcement, and the applicable supplemental principles (see below paragraph for details). Upon your explicit written request, Botdoc may execute Standard Contractual Clauses approved by the European Commission for the benefit of the customer (“Customer SCCs”) in order to ensure adequate protection for the Personal Data in accordance with the requirements of the EU General Data Protection Regulation.
Disclosures & Accountability for Onward Transfers. Consistent with the Principles, Botdoc may transfer personal information to third parties, including transfers from one country to another. We will only disclose an individual’s non-public personal information to third parties under one or more of the following conditions:
- The disclosure is to a third-party providing services to Botdoc, or to the individual, in connection with the operation of our business, and as consistent with the purpose for which the personal information was collected. We maintain written contracts with these third parties and require that these third parties provide at least the same level of privacy protection and security as required by the Privacy Shield Principles. To the extent provided by the Principles, Botdoc remains responsible and liable under the Privacy Shield Principles if a third-party that it engages to process personal information on its behalf does so in a manner inconsistent with the Privacy Shield Principles, unless Botdoc proves that it is not responsible for the matter giving rise to the damage.
- With the individual’s permission to make the disclosure;
- Where required to the extent necessary to meet a legal obligation to which Botdoc is subject, including a lawful request by public authorities and national security or law enforcement obligations and applicable law, rule, order, or regulation.
- Where reasonably necessary for compliance or regulatory purposes, or for the establishment of legal claims.
- You can access and review information associated with your account at any time. You also can request the following information: how we collect and use your information and why; the categories of personal data involved; the categories of recipients of your personal data; how we received your personal data; and how long we use or store your personal data or the manner in which we determine relevant retention periods.
- You also have a right to correct your personal data. In certain situations, you can ask that we erase or stop using your information (and object to use of your personal data).
- You have a right to provide us with guidance on the use, storage, and deletion of your personal data after your death.
- You have a right to raise questions or complaints with your local data protection authority at any time.
If you wish to exercise these rights, please contact us at firstname.lastname@example.org
The Federal Trade Commission has jurisdiction over Botdoc’s compliance with the Privacy Shield and for more information on privacy shield please research at https://www.privacyshield.gov/
- Children’s Privacy.
We do not knowingly permit children (under the age of 13 in the US or 16, if you live in the EEA) to sign up for a Botdoc account. If we discover someone who is underage has signed up for a Botdoc account, we will take reasonable steps to promptly remove that person’s personal information from our records. If you believe a person who is underage has signed up for a Botdoc account, please contact us at email@example.com
- Your California Privacy Rights.
If you are a California resident, you may ask for a list of third parties that have received your information for direct marketing purposes during the previous calendar year. This list also contains the types of information shared. We provide this list at no cost. We do not share your information with third parties for their own marketing purposes.
- Legal Basis for Processing Personal Information (EEA only)
If you are from the EEA, our legal basis for collecting and using the personal information described above will depend on the personal information concerned and the specific context in which we collect it.
However, we will normally collect personal information from you only where we need the personal information to perform a contract with you, or where the processing is in our legitimate interests and not overridden by your data protection interests or fundamental rights and freedoms, or where we have your consent to do so. In some cases, we may also have a legal obligation to collect personal information from you or may otherwise need the personal information to protect your vital interests or those of another person such as in the case where we request personal information from you in the context of a government audit or in response to a request from law enforcement.
If you have questions about or need further information concerning the legal basis on which we collect and use your personal information, please contact us using the contact information provided in the introduction section of this privacy statement.
The Health Insurance Portability and Accountability Act of 1996 (HIPAA) requires that access to Protected Health Information (PHI) will be managed to safeguard the integrity, confidentiality, and availability of electronic PHI (ePHI) data. Each user is responsible for following applicable regulations when it comes to their creation, maintaining and transporting ePHI or PHI. Determining which security measure to implement is a decision that covered entities must make based on what is reasonable and appropriate for their specific organization, considering their own unique characteristics, as specified in 164.306(b) the Security Standards: General rules, Flexibility of approach. BotDoc does comply with all Security Rules related to HIPAA compliance and has documented all levels.
Certain information that may be provided to Botdoc by School Personnel that is directly related to a student and maintained by an Institution, may be considered an education record (“Education Record”) under the Family Educational Rights and Privacy Act (“FERPA”). Additionally, certain information, provided to Botdoc by School Personnel about a student, such as student name and grade level, may be considered directory information under FERPA (“Directory Information”) and thus not an Education Record. A school may not generally disclose personally identifiable information from an eligible student’s education records to a third party without written consent of the parent and/or eligible student or without meeting one of the exemptions set forth in FERPA (“FERPA Exemption(s)”), including the exemption for Directory Information (“Directory Information Exemption”) or disclosure to school officials with a legitimate educational interest (“School Official Exemption”).
As School Personnel or Institution providing Directory Information or any Education Record to Botdoc, you represent, warrant and covenant to Botdoc, as applicable, that your Institution has:
- (i) complied with the Directory Information Exemption, including, without limitation, informing parents and eligible students what information the Institution deems to be directory information and allowing parents and eligible students a reasonable amount of time to request that schools not disclose directory information about them; and/or
- (ii) complied with the School Official Exemption, including, without limitation, informing parents in their annual notification of FERPA rights that the Institution defines “school official” to include service providers and defines “legitimate educational interest” to include services such as the type provided by Botdoc; or
- (iii) obtained all necessary parental or eligible student written consent to share the Directory Information and Educational Records with Company, in each case, solely to enable Company’s operation of the Service.
Botdoc will not collect, maintain, use, or share student personal information beyond that needed for authorized educational/school purposes, or as authorized by the parent/student. ‘Educational/School purposes’ are services or functions that customarily take place at the direction of the educational institution/agency or their teacher/employee, for which the institutions or agency would otherwise use its own employees, and that aid in the administration or improvement of educational and school activities (e.g., instruction, administration, and development and improvement of products/services intended for educational/school use).
- How to Contact Us