How BotStar complies with GDPR

Information contained in this page should only be used for reference and internal purposes only. It is not legal advice. Please reach out to your legal counsel to receive tailored guidance on how the GDPR may impact your business. 

At BotStar, we put privacy, data protection and data security at the heart of everything. Thus, we have been working hard to ensure we fulfil all obligations of GDPR, and keep our service transparent when it comes to data processing.

What is GDPR?

The GDPR is an EU privacy law that went into effect May 25, 2018. It is designed to give individuals more control over how their data is collected, used, and protected online. It also forces organizations to follow new strict rules when it comes to using and securing personal data collected from EU citizens and residents.

The main point of GDPR is to protect data of EU citizens and residents. Thus, it applies to organizations that may have little to do with the EU, as long as you are handling such data, whether your organization is EU-based or not, you are exposed to this law..

What type of personal data we collect?

What information we collect are specified in our Privacy Policy here.

What BotStar has done to become GDPR Compliant?

Knowing that GDPR does apply outside Europe, and recognizing the fact that many of our users are affected by this data processing law, we have drawn a checklist and taken some actions to demonstrate we are GDPR Compliant and to clear out your concern.

Here are the main things we did:

  • We updated our Terms of services and Privacy Policy to add specific EU clauses.
  • We implement appropriate technical methods to protect user’s privacy rights, and to ensure we can address GDPR requirements with regards to storage, processing and control personal data. Customers can easily ask for a copy of their information, as well as to fix and adjust their Personal information.
  • We take data protection into account all the time by creating an internal security policy for our team members, pointing out who can access which type of data, for what purposes. We continuously train our employees to reflect the changes to be implemented for the GDPR.
  • Review and revise company’s business operations, where necessary, revise relationships with vendors to meet the requirements of the GDPR to ensure that those third parties receive and process personal data in a lawful way.
  • We put Data Processing Agreement in accordance with the GDPR available to sign upon your request.

Common Questions

1. What is Personal Information?

Any information relating to an identified or identifiable natural person (‘Data subject’). An identifiable person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as – name, email address or location, and also online identifiers like IP address, types of website cookies and other device identifiers. 

2. How can I ensure compliance if I am using 3rd party integrations (Zapier, Integromat, etc)?

If you elect to integrate a 3rd party service to pass your bot users’ data to, you need to ensure that the service has taken all the necessary measures to be compliant with GDPR. Since bot account owners (bot admins) have direct access to data and control how data gets in and out of BotStar, they would be bound by GDPR rules as either a controller or a processor of data. We recommend you to carefully read their Privacy Policy and Terms of Service before bounding in any other services. Talk to your legal counsel to evaluate your exposure to GDPR and any additional steps you need to take to be in compliance.

3. How do I handle user data deletion requests?

If your users ask you to delete their personal data, you can simply delete those users from the ‘Engage’ tab inside your bot. All of their data will be removed from our databasesFacebook page. If you’ve passed any of your users’ data to any 3rd party services (Zapier, Integromat, a CRM service, etc), you are responsible for ensuring that the user data is deleted from those services as well.

4. How do I get DPA?

If you would like to sign a Data Processing Agreement with us, please contact us at support@botstar.com with the title Request for DPA. In your email, please let us know your BotStar username, list the service to which you have subscribed, we will follow up with a copy of the Data Processing Agreement for you to sign.

Share this post

Share on facebook
Share on twitter
Share on linkedin
Share on print
Share on email