Definitions

• “Personal Data” refers to any data (whether true or not) about an individual who can be identified (i) from that data; or (ii) from that data and other information to which we have or are likely to have access to, including data in our records.
• “Service Data” refers to any data that is created or provided by you prior to using our Products and Services, including but not limited to usage data such as number of messages sent, number of active users, messaging history, log, dates, device type, browser type and version, operating systems, geographic location, IP address, referral source, time spent in our Websites, and other messaging metadata. The Personal Data owned by other people shared by you also counts.
• “Third Party” refers to any individual or entity outside of us and our affiliates, including but not limited to Third Parties that provide services and products that support the provision of our Products and Services

What information we collect

For the purpose of using our Products and Services, we may collect your Data and other information ( “Information” ) in a variety of ways.

1) PERSONAL DATA

Prior to visiting our Sites and using our Products and Services, we may collect Personal Data provided by you including, but not limited to, your full name, e-mail address, mailing address, phone number, website address or other information. We may also require your credit or debit card information when you choose to use any of our Product and Services (“Billing Information”). We may obtain your Personal Data from Third Parties and other authorized parties such as partners, vendors, agencies, and other integrated services.

These Data are fully controlled by you and will be used and shared upon your permission.

2) SERVICE DATA

For the purpose of Product and Services operations, we may automatically record some Service Data such as location, IP address, browser type and versions, duration, websites you have visited just before or after visiting our Website, device type, language, Flash version, page title, date and time of visit. We may also record the number of active users, number of agents, medias, e-mail address, messaging history, logs and other Service Data during the usage of Services.

Cookies

We send cookies, which make up a small amount of data, often including an anonymous unique identifier, to your browser to be able to identify who you are and personalize our Services for you. Cookies may be required to use most of our Products and Services. Most Internet browsers provide you the option of turning off the processing of cookies but this may result in the loss of functionality, restrict your use of our Website, Products and/or Services and/or delay or affect the way in which it operates.

How we use your data

Data and Information provided by you to us will be used for the following purposes:

• to provide technical assistance to you or to complete the tasks you requested for. For example, when you request for help from our Solution and Support team, we will use your Personal and Service Data to provide assistance which is tailored to your needs;
• to monitor, maintain and improve our Services;
• to manage billing and payments. Third Party payment gateways and Third Party credit card processing providers are involved in our billing and payment processes. These Third Parties are not allowed to store, retain or use Billing Information except for the sole purpose of credit card processing and is subject to confidentiality obligations restricting the disclosure of information collected to other Third Parties;
• to follow-up or communicate with you about your interest in using Qiscus when you contact us to request for more information, sign-up for our events or send in your enquiries and so on;
• to share with you useful content which may be of interest to you and to update you about our latest Products and Services (“Marketing”);
• to manage and administer your Qiscus account;
• to provide and administer our events community. We may provide blogs, community chat groups or even forums on our Website or Apps (collectively, “Community Platforms”). Any Personal Data you choose to submit in such Community Platforms may be read, collected, or used by others who visit these platforms, and may be used to send you unsolicited messages. It is not our responsibility to manage the Personal Data you decide to share with these Community Platforms;
• to link your Qiscus account to third-party accounts such as WhatsApp Business, Instagram, Google, Github, Facebook, Telegram, Instagram, LINE, e-mail, and so on;
• to produce training data derived from the Service Data for research, development and business analysis purposes;
• For other purposes that we believe to be necessary or appropriate: (a) under applicable law, including laws outside your country of residence; (b) to comply with legal processes; (c) to respond to requests from public and government authorities, including public and government authorities outside your country of residence; (d) to enforce our terms and conditions; (e) to protect our operations or those of any of our Affiliates; (f) to protect our rights, privacy, safety or property, and/or that of our Affiliates, you or others; and (g) to allow us to pursue available remedies or limit the damages that we may sustain.

Google OAuth

While using our Product and Services, you may be asked to grant authorization and share your data to Google OAuth (“Google OAuth”). You may need to give your consent to Google OAuth through OAuth Consent Screen on the Google API Console. We assure you that every data you provide to Google OAuth will only be used for the purpose of service provision.

NOTE
The use of the Service Data is also governed by the Service Agreement you enter into with us in connection with the services you subscribed to or are engaging with us. In the event of any conflict arising between this Privacy Policy and the Service Agreement, the Service Agreement supersedes.

Where is your data stored?

Your data may be stored in our main server in Singapore or other servers located in any other country, depending on decisions made by us, our storage providers or you. We use third-party vendors and hosting partners, for example, Amazon Web Services (“AWS”), Google Cloud Platform (“GCP”), and others, to provide the necessary software, storage, and related technology required to run our Products and Services. Only reputable vendors which have strict and world-class security standards are chosen to be our vendors.

For on-premise Services, you may choose your own server/hosting providers as well. In these circumstances, we do not hold responsibility over the data stored in these servers/hosting providers.

All intellectual property rights relating to Qiscus Products and Services are owned by Qiscus Pte Ltd and its Affiliates. You retain all rights to your data that you provide to us pursuant to your use of Qiscus.

Will we share the data we received?

The answer is: ‘Yes’. It is possible for us to share data provided by you for the following recipients and situations:

• Sharing the Data to Third Parties who are directly involved in the provision of our Products and Services solely as necessary for them to support us in providing our Products and Services. The Third Parties here include partners and vendors;
• Third-Party hosting and/or service providers to help store the messages or data exchanged through our Products and Services;
• Third-party services, platforms, and/or tools such as analytics tool providers to understand how users interact with our Website and third-party credit card processing providers or payment gateways;
• As required by law, it may also be necessary to share information in order to investigate, prevent, or take action regarding suspected or actual illegal activities, including, without limitation, fraud, situations involving potential threats to the physical safety of any person, or as otherwise permitted or required by law;
• Under special circumstances, we may disclose personally identifiable information to our professional advisers such as auditors and lawyers or to comply with any laws, rules, guidelines and regulations imposed by any governmental authority or international standard bodies such as ISO;
• To any business partner, investor, assignee or transferee (actual or prospective) to facilitate business asset transactions (which may extend to any merger, acquisition or asset sale) involving us, under a relevant confidentiality agreement.

NOTE
Other than the above scenarios, we strictly do not share, rent, sell or disclose your Personal and Service Data to anyone.

What options do you have?

We do not require you to provide Personal Data when browsing the site although some pages and content may include options for submitting your Personal Data in order for you to fully access and use these website features or functionalities. You can opt out of receiving marketing messages from us by unsubscribing through the unsubscribe or opt-out link via email. We will comply with your request as soon as reasonably practicable. Please note that if you opt-out of receiving marketing-related emails from us, we may still send you important administrative messages.

Accessing, correcting and deleting your information

You may access, correct or delete the Personal Data you have provided us by using the tools within the Products and/or Services (for example, editing your profile information on the Products and Services ) or by contacting [email protected] Changes you make to your information on our Products and Services will take immediate effect on your network but data will be retained in secure storage for a limited period afterward as part of our standard data backup process.

Children

It is hard for us to distinguish the age of users who access and use the Website. If a person, according to applicable laws, is classified as a minor and has provided us with Personal Data or Service Data without parental or guardian consent, the parent or guardian should contact us to remove the relevant Personal Data or Service Data and unsubscribe the minor.

If we learn that a user is under the age of 13 (thirteen), he/she may not register an account with us or use our Services and will take appropriate steps to remove the user’s information from the database and restrict the user from future access to our Products and Services.

Securing your data

As a company which prioritizes information security, we are strongly committed to apply Good Security Practice. Appropriate organizational, technical, and administrative measures to protect Personal Data are applied within our organization, including security controls to prevent unauthorized access to our systems.

For the purpose of privacy and security, your account is protected by a password. We strongly encourage you to prevent unauthorised access by taking precautionary measures such as implementing complex passwords and limiting access to your computer and browser by signing off after you have finished accessing your account.

Contact

While we take reasonable steps to maintain the security of your personal information, you should understand that there is always a level of risk assumed by sharing personal data online. If you have reason to believe that your interactions with our Websites, Products and Services are no longer secure, do immediately email us at [email protected]

Changes to this privacy policy

From time to time, we will update this Policy to reflect customer feedback, changes in our Products and Services, and to be consistent with applicable data privacy laws and regulations. When we post changes to this Privacy Policy, we will revise the “Last Updated” date at the bottom of the document. We will also notify you about changes in this Privacy Policy to ensure that you are aware of it.

However, we suggest that you frequently check the date of this policy whenever you access our Products and Services and review this Privacy Policy on a regular basis to keep yourself updated of any changes.