Privacy Policy

Updated on October 30, 2023

The privacy of your Personal Data is important to us. This Policy provides an overview of how your Personal Data is Processed by TextMagic during the provision of the Services. Please read this Policy carefully to understand the practices that TextMagic applies regarding Processing of Personal Data.

By using Touchpoint and the Services, the Clients and Data Subjects confirm that they have familiarized themselves with this Policy and understood it.

TextMagic shall be entitled to unilaterally review and amend this Policy from time to time. Therefore, TextMagic advises you to periodically review the Policy in case of any changes to it. If a Client or Data Subject does not agree with any or all terms of this Policy or any possible changes to it, then it should immediately close the Website and cease using Touchpoint and the Services.

TextMagic has drafted this Policy in cooperation with its legal advisers in accordance with the requirements of the General Data Protection Regulation (GDPR). TextMagic does its best to ensure that the Processing of Personal Data is in full compliance with applicable legal requirements.

1. General Definitions

„TextMagic“, „we“ or „us“	TextMagic Limited, a limited liability company registered in England and Wales under company number 05286521 with the registered office at Salisbury House, Station Road, Cambridge, Cambridgeshire CB1 2LA), and its affiliated legal entities
Touchpoint	the software-as-a-service (SaaS) customer service platform, available at touchpoint.com, that enables clients to perform actions related to managing customer service operations  Touchpoint’s features and functionalities assist clients in connecting with their leads, prospects and customers via email, SMS, live chat, voice calls and social media channels, facilitates ticket and contact management, and enables workflow automation in a single interface.
Website	the website of Touchpoint, available at touchpoint.com
Services	any Touchpoint services provided by us via the Website
Client	any legal entity (an entity other than a natural person) who wishes to use Touchpoint and has therefore registered a Client Account on the Website and uses it and the Services in accordance with the Terms of Service
Content	any messages, comments, videos, audio clips, music, data, text, photographs, software, scripts, graphics or any other content generated, provided or otherwise submitted to TextMagic by the Clients and the Data Subjects in the course of using Touchpoint, the Website and the Services
Data Subject	an identified or identifiable natural person  Within the meaning of this Policy, the term “Data Subject” refers to any representative, employee, worker (including current and former personnel) or director and any other Data Subject authorized by the Client to access Touchpoint, who has registered a User Account on the Website and uses it and the Services according to the Terms of Service, and whose Personal Data is made available to TextMagic in connection with the Data Subject’s use of Touchpoint, the Website and the Services.
GDPR	regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data
Personal Data	any information relating to an identified or identifiable natural person An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person. Personal Data Processed by TextMagic is described in detail under Clause 4.2 of this Policy.
Processing	any operation or set of operations that is performed on Personal Data or on sets of Personal Data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction
Controller	a person who, alone or jointly with others, determines the purposes and means of the Processing of Personal Data
Processor	a person who Processes Personal Data on behalf of the Controller
Pseudonymization	the Processing of Personal Data in such a manner that the Personal Data can no longer be attributed to a specific Data Subject without the use of additional information, provided that such additional information is kept separately and is subject to technical and organisational measures to ensure that the Personal Data are not attributed to an identified or identifiable natural person
Policy	this Touchpoint privacy policy as amended from time to time
Terms of Service	the terms of service for the use of Touchpoint available at https://www.touchpoint.com/terms-of-service/, including all terms, policies and guidelines incorporated by reference into the Terms of Service, which establish the terms and conditions of using Touchpoint, the Website and the Services by the Clients and the Data Subjects
Data Processing Agreement or “DPA”	the data processing agreement that is entered into between TextMagic and the Client in addition to the Terms of Service for the purposes of providing the Services

Capitalized terms used but not defined in this Policy shall have the meaning as defined in Touchpoint Terms of Service.

2. Objectives of Processing of Personal Data

2.1 For the purpose of providing and enabling the use of Touchpoint, the Website and Services, TextMagic Processes the Personal Data that the Client and its authorized users provide about the Data Subjects upon using the Services.

2.2 The types of Personal Data Processed are not restricted and depend on the decision of the Clients and users on how they want to use the Services and generally include the name, emails, contact telephone number, but may also include avatars, country, addresses, etc. The categories of Personal Data Processed by TextMagic under this Policy are described in detail in Clause 4.2 below.

2.3 This Policy regulates the Personal Data Processing activities that are solely performed by TextMagic with regard to the categories of Data Subjects specified in this Policy, in particular the authorized representatives, employees and users who have registered a User Account and/or are personally using the Touchpoint and the Services via the Website.

2.4 While using the Services, the Client and authorized users may provide TextMagic with Personal Data of other categories of third-party Data Subjects, such as the Client’s customers, leads, prospects, contacts and other natural persons who are not users of Touchpoint, with the purpose to communicate with such Data Subjects via the Services. The Personal Data of such Data Subjects provided by the Client shall be Processed by TextMagic in the course of providing the Services to enable the Client and its authorized users to engage these Data Subjects via Touchpoint and the Services. The terms and conditions applicable to the Processing activities of such Data Subjects’ Personal Data by the parties are set out in the Data Processing Agreement. For the avoidance of doubt, this Policy does not regulate the data protection rules applicable to TextMagic’s Processing activities related to such third-party Data Subjects whose Personal Data is provided to TextMagic by the Client.

3. Controller of Data Subjects’ Personal Data

3.1 TextMagic, as the owner and operator of Touchpoint and the Website and provider of the Services, is considered to be a Controller in relation to any Data Subject’s Personal Data collected and Processed via the Website and Services.

3.2 Taking into consideration that the Client is able to perform Personal Data Processing activities in its Touchpoint account (including all user accounts in the Client’s organization), including add, change and delete the Personal Data of Data Subjects, each Client is also considered to be a Controller in relation to any Personal Data in their Touchpoint accounts.

3.3 TextMagic and the Client shall enter into a separate Data Processing Agreement, which further regulates TextMagic’s data Processing activities with regard to the Processing of third-party Data Subjects. Under this DPA, which enables the Client to give TextMagic instructions on the Processing of Personal Data of third-party Data Subjects, the Client shall be considered the Controller and TextMagic shall be considered the Processor.

3.4 This Policy regulates the Personal Data Processing activities that are solely performed by TextMagic. This Policy does not establish the Personal Data Processing rules that are applicable for the Processing activities carried out by the Client. Each Client shall be solely liable for the fulfillment of the obligations set forth in the GDPR, including the obligation to provide information to the Data Subjects. 

3.5 For avoidance of doubt, TextMagic shall not be liable in any case for any violation of the GDPR by the Client.

4. Personal Data Processing Purposes and Legal Ground

4.1 We Process Data Subjects’ Personal Data on the following legal grounds: 

4.1.1 Processing is necessary for the performance of the agreement (GDPR Article 6(1)(b)).

4.1.2 Processing is necessary for compliance with a legal obligation to which we are subject (GDPR Article 6(1)(c)).

4.1.3 Processing is necessary for the purposes of the legitimate interests pursued by us (GDPR Article 6(1)(f)).

4.1.4 The Data Subject has granted a consent to the Processing of their Personal Data (GDPR Article 6(1)(a)).

4.2 The categories of Personal Data, the Processing purposes and the legal ground for the Processing activity are described more specifically in the schedule below. 

CATEGORIES OF PERSONAL DATA	PURPOSE	LEGAL GROUND	RETENTION PERIOD
Personal Details – full name (surname and given name); Touchpoint user account data – name, email address, password, other details provided by the Data Subject in their user profile;	(a) to enter into the Terms of Service with the Data Subject; (b) to enable the Data Subject to sign up for a user account on the Website, including to process their registration application; (c) to allow the Data Subject to use their user account on the Website; (d) to provide Touchpoint Services stipulated in the Terms of Service to the Data Subject;	Necessary for the performance of the contract	Personal Data may be Processed during the course of the contractual relationship and for 3 years thereafter
Contact data – phone number, email address	(a) to contact the Data Subject for administrative communications and to handle the Data Subject’s complaints; (b) to inform the Data Subject about improvements to Touchpoint, the Website and Services, new proposals and developments	Necessary for the performance of the contract	Personal Data may be Processed during the course of the contractual relationship and for 3 years thereafter
Billing and subscription data – data regarding the Data Subject’s Touchpoint suite subscription, contact data of recipient, billing address;	to enable the Client and the Data Subject to access and use Touchpoint and the Services;	Necessary for the performance of the contract	Personal Data may be Processed during the course of the contractual relationship and for 3 years thereafter
Payment data – payment method, bank details, credit card information, PayPal account information;	to process the Client’s and the Data Subject’s payments for the Services;	Necessary for the performance of the contract	Personal Data may be Processed during the course of the contractual relationship and 3 years thereafter
Access rights data – data regarding the Data Subject’s rights in Touchpoint, i.e. what the Data Subject’s user account is allowed to access, use and change via Touchpoint	to provide the Services to the Data Subject and the Client;	Necessary for the performance of the contract	Personal Data may be Processed during the course of the contractual relationship and for 3 years thereafter
Correspondence data – the Data Subject’s correspondence and any other interactions with customers or other Data Subjects via their Touchpoint account and the Services;  Customer history – data about current and past interactions, tickets and communications with the Client’s customers; Content data – data regarding any messages, videos, audio clips, music, data, text, photographs, software or any other content generated, provided or otherwise submitted to TextMagic by the Data Subject while using Touchpoint;	to provide the Services to the Data Subject and the Client;	Necessary for the performance of the contract	Personal Data may be Processed during the course of the contractual relationship and for 3 years thereafter
Support data – communication between TextMagic and the Data Subject (inquiries submitted via the Website or email), complaints of the Data Subject;	(a) to provide the Services to the Data Subject and the Client; (b) to address technical or legal issues related to the Service provided or share updates and notifications about the Service;	Necessary for the performance of the contract	Personal Data may be Processed during the course of the contractual relationship and for 3 years thereafter
Contact data – email address	to send promotional information related to Touchpoint and the Services	Consent	Personal Data may be Processed until the given consent is revoked
Device data – information regarding the device on which the Data Subject is using Touchpoint, including the device’s model, name or any other identifier and the IP address;	to manage, analyze and improve the Service;	Legitimate interest	Personal Data may be Processed during the course of the contractual relationship; thereafter, Personal Data may be Processed only if it is Pseudonymized
Preference data – the Data Subject’s preferences on Touchpoint and the Website;	to personalize the Services and the content provided to the Data Subject;	Legitimate interest	Personal Data may be Processed during the course of the contractual relationship; thereafter, Personal Data may be Processed only if it is Pseudonymized
Usage data – data about the Data Subject’s interaction on Touchpoint and the Website;	to manage, analyze and improve the Services;	Legitimate interest	Personal Data may be Processed during the course of the contractual relationship; thereafter, Personal Data may be Processed only if it is Pseudonymized
Website data – anonymized data collected automatically while visiting the Website from browser logs, including login information, browser type and version, operating system and platform, IP address, browser and session information, cookies and the requested pages	(a) to improve the Website and the Services and also to understand trends, including: (b) to monitor patterns of usage, such as login dates and volumes of data so as to understand how the Website and the Services are used; (c) for security reasons, including identification and authentication; (d) for statistical and analytical purposes; (e) to monitor and prevent fraud and abuse.	Legitimate interest	Personal Data may be Processed during the course of the contractual relationship; thereafter, Personal Data may be Processed only if it is Pseudonymized

5. Sources of Personal Data Collection

We Process mainly the Personal Data that is submitted to us directly by the Data Subject via their use of Touchpoint and the Services. We may, however, also Process Personal Data that we receive from the Client who has authorized the Data Subject to access and use Touchpoint and the Services.

TextMagic works closely with third parties (including, for example, business partners; subcontractors in technical, payment and delivery services; advertising networks; analytics providers; search information providers; credit reference agencies) and may receive Personal Data from them.

The Personal Data collected from the Client and third parties shall be combined with the Personal Data collected directly from the Data Subject and that combined information shall be treated as set forth in this Policy.

6. Automated Decision Making

Automated decision-making refers to a decision that is taken solely on the basis of automated Processing of Data Subjects’ Personal Data. This means Processing using, for example, software code or an algorithm that does not require human intervention.

We do not Process the Data Subject’s Personal Data within the scope of exclusively automated Processing for the purpose of making decisions that have direct legal effect on the Data Subject, or that significantly affects the Data Subject in a similar way, without human intervention.

Our automated Processing of Data Subjects’ data is necessary in order to carry out the tasks outlined in the Terms of Service and to enable the Data Subjects to use the Services. If the Data Subject does not agree to the automated Processing of their Personal Data, then the Data Subject cannot accept this Policy. In this case, it will be impossible for us to provide the Data Subject with our Services or for the Data Subject to become a user of Touchpoint, the Website or the Services.

7. Transfer of the Personal Data

TextMagic transfers the Data Subject’s Personal Data intra-group in between its group companies for the purposes of providing Services and fulfilling contracts concluded with Data Subjects. All group companies of TextMagic either are located in the European Union (EU) or have been granted an adequacy decision by the EU; therefore, all group companies are legally bound by the Personal Data protection rules and principles laid down in the GDPR. We ensure that all Personal Data Processing activities performed within the TextMagic group shall adhere to the same Personal Data protection standards as set out in the GDPR and this Policy.

We may also transfer the Data Subject’s Personal Data to third parties, such as: 

(a) legal and regulatory authorities;

(b) server hosts who host our servers;

(c) communication service providers who facilitate emails and other communication between us and the Data Subject;

(d) customer support and customer management service providers;

(e) marketing service providers; 

(f) other parties involved with the provision of TextMagic’s Services (accountants, auditors, lawyers, IT systems suppliers and support or any other outsourcing providers).

We have taken steps to ensure that these data recipients protect the confidentiality and security of Personal Data and to ensure that Personal Data is Processed only for the provision of the Services and in compliance with applicable law.

8. Security

We will take appropriate legal, organizational and technical measures to protect Personal Data consistent with applicable privacy and data security laws. Security measures shall be applied in order to protect Personal Data from involuntary or unauthorized Processing, disclosure or destruction. 

Upon transferring Personal Data to third parties, we will apply the following safeguards:

• We will make sure that the third party undertakes to implement appropriate technical and organizational measures ensuring the Processing of the Data Subject’s Personal Data in accordance with this Policy and applicable law.
  
• We will make sure that (a) the third party is established in a jurisdiction which the European Commission has recognized as ensuring an adequate level of Personal Data protection or (b) the Processing of the Data Subject’s Personal Data is subject to other appropriate safeguards stipulated in the GDPR.
  
• We will enter into a Data Processing Agreement with the relevant third party, if necessary.

9. Integrity and retention of the Personal Data

We will retain Personal Data for the period required or permitted by applicable law, but no longer than is reasonably necessary in order to achieve the purposes for which the Personal Data was collected.

We will take reasonable steps to ensure that the Personal Data we Process is reliable for its intended use, accurate and complete as necessary to carry out the purposes described herein.

10. The Data Subject’s Rights Regarding the Processing of Personal Data

The Data Subject has the following rights in relation to the Processing of their Personal Data:

11. Right to Amend this Policy

We are entitled to unilaterally amend this Policy from time to time. Upon amending the Policy, we will notify the Data Subject about the updated terms by email. If the new terms refer to Processing of the Data Subject’s Personal Data for any new purpose that requires the Data Subject’s consent, then we will not Process the Data Subject’s Personal Data for such new purpose before we have received the respective consent.

12. Contact Information

Should the Data Subject have any questions regarding this Policy or the Processing of their Personal Data, they are welcome to contact us with requests, inquiries or any complaints via email at [email protected].