Privacy Statement

Last Updated: November 14, 2024

1. Introduction

Welcome to ChatHBR, our management consulting chatbot service. This Privacy Statement outlines our commitment to protecting your privacy and handling your data with transparency and accountability. It explains how we collect, use, disclose, and safeguard your personal information when you engage with our service.

2. Information We Collect

We collect personal information in two main ways: information you provide to us directly, and information automatically collected through your use of our services.

2.1. Information You Provide
  • Chat Content: All conversations, business queries, and information shared during consultations.
  • Account Information: Registration details including your name, business role, and company information (if applicable).
  • Contact Information: Email address, phone number, and other contact details you provide.
  • Business Context: Industry information, business challenges, and specific scenarios you describe.
  • Feedback and Survey Responses: Any feedback, ratings, or survey responses you submit.
2.2. Automatically Collected Information
  • Device Information: Type of device, operating system, and device identifiers.
  • Usage Data: IP address, browser type and version, time zone setting, browser plug-in types.
  • Technical Data: Interaction metrics, error logs, chatbot performance data.
  • Session Information: Session duration, feature usage patterns, conversation flow data.

3. How We Use Your Information

We process your information for the following primary purposes:

3.1. Primary Purposes
  • To deliver and enhance our consulting services.
  • To personalize your chatbot experience.
  • To improve conversation quality and accuracy.
  • To generate business insights and recommendations.
  • To provide technical support and issue resolution.
3.2. Legal Basis for Processing

We process your data based on the following legal grounds:

  • Legitimate Interests: To improve our services and maintain security.
  • User Consent: For optional features and marketing communications.
  • Contractual Necessity: To fulfill our service obligations.
  • Legal Obligations: To comply with applicable laws and regulations.

4. Data Storage and Security

We implement robust security measures to protect your data, including:

  • Industry-standard encryption protocols for data in transit and at rest.
  • Multi-factor authentication and access controls.
  • Regular security audits and vulnerability assessments.
  • Automated threat detection and prevention systems.
  • Secure backup procedures with encryption.
  • Ongoing security training for personnel.

5. Data Sharing and Disclosure

5.1. We May Share Data With:
  • Service Providers: Cloud hosting, analytics, and maintenance providers.
  • Analytics Partners: For service optimization and performance analysis.
  • Legal Authorities: When required by valid legal process.
  • Business Partners: Only with your explicit consent.
5.2. We Do Not:
  • Sell your personal information to third parties.
  • Share your chat content without your permission.
  • Use your business information for competitive purposes.

6. Your Rights and Choices

You have the right to manage and control your personal data, including:

  • Access: Request a copy of your personal data (exportable in common formats).
  • Correction: Correct inaccurate or incomplete information.
  • Deletion: Request the deletion of your data ("right to be forgotten").
  • Restriction: Restrict or object to certain data processing activities.
  • Withdrawal of Consent: Withdraw your consent at any time.
  • Data Portability: Request your data in a portable format.

To exercise these rights, please contact our Privacy Team at info@chathbr.com.

7. Data Retention

We retain your information based on the following criteria:

  • Active account status.
  • Legal and regulatory requirements.
  • Business necessity.
  • Data type and sensitivity.
  • User preferences.

8. Children's Privacy

Our service is intended for users aged 16 and older. We do not knowingly collect or process data from individuals under 16. If we discover that we have inadvertently collected data from a child under 16, we will delete it promptly.

9. International Data Transfers

When transferring data internationally, we ensure that adequate protection is in place through:

  • Standard Contractual Clauses (SCCs)
  • Data Processing Agreements
  • Privacy Shield certification (where applicable)
  • Regional data storage options (where applicable)

10. Cookie Policy

We use cookies for various purposes, including service functionality and performance optimization. Specifically, we use cookies for:

  • Essential service functionality.
  • Session management.
  • Storing user preferences.
  • Analytics and performance optimization.

You can manage your cookie preferences through:

  • Our cookie preference center.
  • Your browser settings.
  • Third-party opt-out tools.

11. Changes to This Privacy Statement

We may update this Privacy Statement to reflect changes in our services, respond to regulatory requirements, or improve clarity. We will notify you of material changes via:

  • Website announcements.
  • Email notifications.
  • In-app notifications.
  • Updated "Last Updated" date.

12. Contact Information

If you have any questions or concerns about this Privacy Statement, please contact our Privacy Team at:

13. Governing Law

This Privacy Statement is governed by the laws of Victoria, Australia.

14. Additional Rights and Compliance

14.1. GDPR Compliance (For EU/EEA Users)

For users in the EU/EEA, we ensure the following:

  • Clear legal bases for data processing.
  • Access to your data subject rights.
  • Timely breach notifications.
  • Data Protection Impact Assessments (DPIAs).
  • Appointment of a Data Protection Officer (DPO).
  • The right to lodge complaints with supervisory authorities.
14.2. California Privacy Rights (For California Residents)

California residents have additional rights under the California Consumer Privacy Act (CCPA) and the California Privacy Rights Act (CPRA), including:

  • The right to know what personal information is collected.
  • The right to request deletion of personal information.
  • The right to correct inaccurate personal information.
  • The right to opt-out of data sharing.
  • The right to limit the use of sensitive personal information.
  • The right to non-discrimination for exercising these rights.