GDPR Consent Document for CustomCraftBot Service
-
Introduction:
-
This document serves as the General Data Protection Regulation (GDPR) consent form for 'CustomCraftBot', a service provided by Custom Craft Bot, LLC, hereinafter referred to as 'the Company'. Throughout this document, the terms 'we', 'us', and 'our' refer to the Company operating as CustomCraftBot.
-
It details the policies and practices concerning the collection, handling, storage, and protection of personal data of the users of our services, in compliance with the GDPR for the benefit of residents of the European Union.
-
-
Data Collection and Usage:
-
User API keys and authentication credentials required for connecting to social media platforms are used solely for the purpose of establishing a session and are not stored by CustomCraftBot. These credentials are processed transiently and securely.
-
Business-specific information, such as company names, descriptions, and keywords, is collected to personalize content summaries and enhance the relevance of the services we provide. This data is stored securely and used exclusively for creating tailored content and managing your subscription.
-
Text data gathered from our selected sources, including web scraping or video transcripts, is stored temporarily. This data is essential for the improvement of our algorithms and enhancing service effectiveness. Specific details on the types of data collected and the storage duration will be provided upon request.
-
User account data, including contact addresses, names, and billing details, is collected and stored as necessary for the provision of access to our services and for billing purposes. This data is stored securely in compliance with GDPR and will only be used for the stated purposes.
-
All personal data is processed and stored with stringent security measures in place to prevent unauthorized access and ensure data integrity.
-
-
Data Storage:
-
All personal data collected by CustomCraftBot is securely stored on the Google Cloud Platform, specifically in the US-Central region. This data is used exclusively for reporting, platform improvement purposes, and the effective management of user services.
-
Personal data is retained for the duration of the user's relationship with CustomCraftBot. Upon termination of the user's account or at the user's request, personal data will be deleted from our systems unless we are required by law or necessary operational needs to retain it for longer periods. Specific retention periods for different types of data can be provided upon request.
-
Given that our data storage and processing facilities are located in the United States, we comply with applicable US privacy laws and standards. For EU residents, we ensure that data transfers comply with the EU-US Privacy Shield Framework or any applicable mechanisms that meet GDPR requirements, such as Standard Contractual Clauses (SCCs).
-
-
User Rights:
-
Right to Access: Users have the right to request a copy of the personal data that we hold about them. To make this request, please contact us at ai@customcraftbot.com.
-
Right to Rectification: If you believe that any personal data we are holding is incorrect or incomplete, you have the right to request that we correct or complete it. Please contact us at ai@customcraftbot.com.
-
Right to Erasure (or "Right to be Forgotten"): Users can request the deletion of their data where there is no compelling reason for its continued processing. Contact us at ai@customcraftbot.com to request this.
-
Right to Restrict Processing: Users have the right to request that we restrict the processing of their personal data under certain circumstances. Please send your request to ai@customcraftbot.com.
-
Right to Data Portability: Users have the right to request that we transfer their data to another organization, or directly to them, in a structured, commonly used, and machine-readable format. For such requests, contact ai@customcraftbot.com.
-
Right to Object: Users have the right to object to our processing of their personal data based on their particular situation. This includes the right to object to profiling based on these provisions. To exercise this right, please contact ai@customcraftbot.com.
-
Right to Complain: Users have the right to lodge a complaint with a supervisory authority in their country of residence or the place of the alleged infringement if they feel that their personal data has been processed in a way that does not comply with the GDPR.
-
-
Data Protection Measures:
-
Data security is paramount at CustomCraftBot. We employ advanced encryption technologies to protect data both at rest and in transit. Specifically, data at rest is encrypted using industry-standard AES-256 encryption, while data in transit is secured using TLS (Transport Layer Security) protocols to ensure that data is transmitted securely over the internet.
-
We conduct regular security audits in collaboration with independent cybersecurity experts. These audits help us identify and rectify potential vulnerabilities promptly, ensuring that our security measures meet or exceed industry standards.
-
Our security team is committed to implementing continuous improvement practices for our security measures. This includes monitoring for new threats and updating our defenses in response to emerging challenges.
-
-
Data Breaches:
-
CustomCraftBot is committed to the security of your data and to transparency in the event of a breach. If any breach occurs that might compromise your personal data or privacy, we will notify all affected users within 72 hours of first becoming aware of the breach.
-
Our notification will include details of what information has been compromised, how the breach occurred, and what actions CustomCraftBot has taken to address the breach. Additionally, we will provide guidance on steps you can take to protect yourself from any potential harm resulting from the breach.
-
We have robust breach detection, investigation, and internal reporting procedures in place, which allow us to respond swiftly and effectively to identify and mitigate any potential threats to your data.
-
In the case of high-risk breaches, we will also communicate the occurrence to the relevant supervisory authority without undue delay, as per GDPR requirements.
-
-
Contact Information:
-
For any inquiries or requests regarding the processing of your data, please contact our Data Protection Officer (DPO) at:
-
Email: ai@customcraftbot.com
-
Phone: +1 (727) 616-0991
-
Postal Address: 7901 4TH ST N, STE 300, St Petersburg, FL 33702
-
You can also use the contact form on our website for less urgent queries: ContactForm
-
-
Third-party Sharing:
-
CustomCraftBot commits to not sharing your personal data with third parties for marketing purposes. Any sharing of data with third parties is strictly limited to the following scenarios:
-
Service Providers: We engage certain trusted third parties to perform functions and provide services to our company, including hosting and maintenance, error monitoring, debugging, performance monitoring, billing, customer relationship management, database storage and management, and direct marketing campaigns. We will only share your personal data with these third parties to the extent necessary to perform these functions and subject to confidentiality obligations consistent with this privacy policy.
-
Legal Requirements: We may disclose your personal data if required to do so by law or in the good faith belief that such action is necessary to comply with a legal obligation, protect and defend our rights or property, act in urgent circumstances to protect the personal safety of users of the Service or the public, or protect against legal liability.
-
Business Transfers: In the event that CustomCraftBot is involved in a merger, acquisition, reorganization, or sale of assets, your personal data may be transferred as part of that deal. We will notify you (for example, via a message to the email address associated with your account) of any such deal and outline your choices in that event.
-
-
Changes to the Policy:
-
CustomCraftBot reserves the right to update or modify this GDPR policy at any time. Significant changes to the policy will be communicated to our users through an email notification to the address associated with their account and/or a prominent notice on our website at least 30 days prior to the changes taking effect.
-
We encourage users to review the updated policy to stay informed. Your continued use of the service after any changes or revisions to this policy will indicate your agreement with the terms of the revised policy.
-
-
Consent:
-
To use CustomCraftBot, users must actively confirm their consent by ticking an unprechecked checkbox that states they have read and agree to the terms outlined in this GDPR consent document. This checkbox will be clearly visible as part of the registration and login processes.
-
Users may withdraw their consent at any time. To withdraw consent, users should contact us via the methods provided in the Contact Information section of this document. Upon receiving a withdrawal request, we will cease processing the user's data for the purposes consented to unless there are other legal grounds for processing.
-
-
Automated Decision-Making and Profiling:
-
CustomCraftBot does not use automated decision-making or profiling that results in legal effects or similarly significant effects for users. Should this change in the future, users will be informed accordingly and provided with details about the logic involved, as well as the significance and the envisaged consequences of such processing for the user.
-
-
International Data Transfers:
-
Personal data collected by CustomCraftBot may be stored and processed in any country where we or our service providers maintain facilities, including outside the European Union. This includes instances where your data may be processed on servers located in various countries on a temporary or permanent basis.
-
We ensure all data transfers across borders are conducted in compliance with GDPR requirements. We transfer personal data only to countries that the European Commission has determined to provide an adequate level of data protection, or we use specific contractual agreements approved by the European Commission that afford personal data the same protection it has in Europe.
-
Additionally, when data is processed by our service providers in the Google Cloud Platform (GCP), we adhere to the strict guidelines and frameworks that govern data transfer, such as Standard Contractual Clauses (SCCs) and any other relevant legal mechanisms applicable to international data transfers.
-
-
Specific Consents:
-
For certain types of data processing activities, such as receiving marketing communications, we require your explicit consent. You will be provided with an option to opt-in for such activities separately, and you can withdraw your consent at any time by contacting us as specified in the Contact Information section.
-
If we intend to process your personal data for a purpose that was not initially specified when the data was collected, we will seek your explicit consent before proceeding with that new purpose.
-
In cases where we need to process sensitive personal data, such as data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, or data concerning health, we will seek your explicit consent before processing this data, except where otherwise permitted by law.
-