Introduction
Protecting your personal data is a top priority for us at Coala AI. We process your data solely in accordance with applicable legal regulations, particularly the General Data Protection Regulation (GDPR). This privacy policy aims to inform you about the type, scope, and purpose of personal data processing, as well as your rights as the data subject.
Scope
This data privacy policy applies to visitors of our website, individuals contacting us through electronic means, and users of our chatbot.
Data Controller
The responsible party for data processing under the GDPR is:
Coala AI GmbH
c/o BIBA – Bremer Institut für Produktion und Logistik GmbH
Hochschulring 20
28359 Bremen
Germany
s.wellsandt@coala-ai.de
Data, Purpose, and Legal Basis
The following table summarizes which data we collect, why we process it, and the legal grounds for processing it.
|
Data |
Purpose |
Legal Basis |
|
Contact details |
Marketing |
Your consent and Art. 6(1)(a) GDPR |
|
Inquiries submitted through our website or via email |
Support |
Our legitimate interest and Art. 6(1)(f) GDPR |
|
Usage analysis via cookies and analytics tools |
Efficient operation and optimization of our website |
Our legitimate interest and Art. 6(1)(f) GDPR |
|
Conversation data |
Providing the chatbot service for visitors; analyzing conversations to support sales, and website optimization |
Our legitimate interest and Art. 6(1)(f) GDPR |
Recipients of Personal Data
Your data will only be shared with third parties if:
- it is necessary to fulfill a contract,
- you have given explicit consent,
- we are legally obligated to do so,
- or we use third parties as service providers (e.g., hosting providers).
Data Collection on the website
Amazon Web Services EMEA (AWS) hosts the content of this website. When you visit our website, AWS may collect, store, and process personal data. They process data for us in the European Economic Area (EEA). For more information, please read their privacy policy: https://aws.amazon.com/de/blogs/security/new-global-aws-data-processing-addendum/
Google Ireland Limited may collect, store, and process personal data. Such data includes contact information stored via the Google Workspace service. For more information, please read their privacy policy: https://cloud.google.com/terms/data-processing-addendum
The website uses cookies and similar technologies. More information can be found in our Cookie Policy [link], where you can manage your preferences.
Chatbot on the website
We have integrated Coala AI GmbH’s WebAssist service into our website and systems. The main functions of WebAssist include natural language processing, conversation analysis, and the generation of suggestions for improvement, e.g., for the sales team and website administrators.
Particularly sensitive personal data is not required to use WebAssist. Visitors should not provide such data during conversations. Besides, the chatbot is not intended for personal, i.e., non-business, use. WebAssist’s data processing agreement [link] contains details, including the involved data controllers and processors.
Data Retention Duration
We will retain your personal data only as long as necessary to fulfill the purposes of the processing and as required by legal retention periods. Once these periods expire, your data will be deleted in compliance with legal regulations.
Rights as Data Subject
- Right of Access: You have the right to request access to the personal data we process about you.
- Right to Rectification: You have the right to request correction of inaccurate or incomplete personal data.
- Right to Restriction of Processing: You have the right to request the restriction of the processing of your data in certain situations.
- Right to Data Portability: You have the right to receive the data concerning you in a structured, commonly used, and machine-readable format.
- Right to Object: You have the right to object to the processing of your personal data at any time.
- Right to Withdraw Consent: You have the right to withdraw your consent to the processing of your personal data at any time.
- Right to Erasure (Right to be Forgotten): You may request the deletion of your data, unless legal retention obligations apply.
- Right to Lodge a Complaint: You also have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your residence or the location of the alleged infringement.
Data Security
We employ appropriate technical and organizational measures to protect your personal data from loss, misuse, or unauthorized access. These measures include, for instance, backups, encryption, access control, and security incident monitoring.