Updated on October 30, 2023
The privacy of your Personal Data is important to us. This Policy provides an overview of how your Personal Data is Processed by TextMagic during the provision of the Services. Please read this Policy carefully to understand the practices that TextMagic applies regarding Processing of Personal Data.
By using Touchpoint and the Services, the Clients and Data Subjects confirm that they have familiarized themselves with this Policy and understood it.
TextMagic shall be entitled to unilaterally review and amend this Policy from time to time. Therefore, TextMagic advises you to periodically review the Policy in case of any changes to it. If a Client or Data Subject does not agree with any or all terms of this Policy or any possible changes to it, then it should immediately close the Website and cease using Touchpoint and the Services.
TextMagic has drafted this Policy in cooperation with its legal advisers in accordance with the requirements of the General Data Protection Regulation (GDPR). TextMagic does its best to ensure that the Processing of Personal Data is in full compliance with applicable legal requirements.
1. General Definitions
Capitalized terms used but not defined in this Policy shall have the meaning as defined in Touchpoint Terms of Service.
2. Objectives of Processing of Personal Data
2.1 For the purpose of providing and enabling the use of Touchpoint, the Website and Services, TextMagic Processes the Personal Data that the Client and its authorized users provide about the Data Subjects upon using the Services.
2.2 The types of Personal Data Processed are not restricted and depend on the decision of the Clients and users on how they want to use the Services and generally include the name, emails, contact telephone number, but may also include avatars, country, addresses, etc. The categories of Personal Data Processed by TextMagic under this Policy are described in detail in Clause 4.2 below.
2.3 This Policy regulates the Personal Data Processing activities that are solely performed by TextMagic with regard to the categories of Data Subjects specified in this Policy, in particular the authorized representatives, employees and users who have registered a User Account and/or are personally using the Touchpoint and the Services via the Website.
2.4 While using the Services, the Client and authorized users may provide TextMagic with Personal Data of other categories of third-party Data Subjects, such as the Client’s customers, leads, prospects, contacts and other natural persons who are not users of Touchpoint, with the purpose to communicate with such Data Subjects via the Services. The Personal Data of such Data Subjects provided by the Client shall be Processed by TextMagic in the course of providing the Services to enable the Client and its authorized users to engage these Data Subjects via Touchpoint and the Services. The terms and conditions applicable to the Processing activities of such Data Subjects’ Personal Data by the parties are set out in the Data Processing Agreement. For the avoidance of doubt, this Policy does not regulate the data protection rules applicable to TextMagic’s Processing activities related to such third-party Data Subjects whose Personal Data is provided to TextMagic by the Client.
3. Controller of Data Subjects’ Personal Data
3.1 TextMagic, as the owner and operator of Touchpoint and the Website and provider of the Services, is considered to be a Controller in relation to any Data Subject’s Personal Data collected and Processed via the Website and Services.
3.2 Taking into consideration that the Client is able to perform Personal Data Processing activities in its Touchpoint account (including all user accounts in the Client’s organization), including add, change and delete the Personal Data of Data Subjects, each Client is also considered to be a Controller in relation to any Personal Data in their Touchpoint accounts.
3.3 TextMagic and the Client shall enter into a separate Data Processing Agreement, which further regulates TextMagic’s data Processing activities with regard to the Processing of third-party Data Subjects. Under this DPA, which enables the Client to give TextMagic instructions on the Processing of Personal Data of third-party Data Subjects, the Client shall be considered the Controller and TextMagic shall be considered the Processor.
3.4 This Policy regulates the Personal Data Processing activities that are solely performed by TextMagic. This Policy does not establish the Personal Data Processing rules that are applicable for the Processing activities carried out by the Client. Each Client shall be solely liable for the fulfillment of the obligations set forth in the GDPR, including the obligation to provide information to the Data Subjects.
3.5 For avoidance of doubt, TextMagic shall not be liable in any case for any violation of the GDPR by the Client.
4. Personal Data Processing Purposes and Legal Ground
4.1 We Process Data Subjects’ Personal Data on the following legal grounds:
4.1.1 Processing is necessary for the performance of the agreement (GDPR Article 6(1)(b)).
4.1.2 Processing is necessary for compliance with a legal obligation to which we are subject (GDPR Article 6(1)(c)).
4.1.3 Processing is necessary for the purposes of the legitimate interests pursued by us (GDPR Article 6(1)(f)).
4.1.4 The Data Subject has granted a consent to the Processing of their Personal Data (GDPR Article 6(1)(a)).
4.2 The categories of Personal Data, the Processing purposes and the legal ground for the Processing activity are described more specifically in the schedule below.
5. Sources of Personal Data Collection
We Process mainly the Personal Data that is submitted to us directly by the Data Subject via their use of Touchpoint and the Services. We may, however, also Process Personal Data that we receive from the Client who has authorized the Data Subject to access and use Touchpoint and the Services.
TextMagic works closely with third parties (including, for example, business partners; subcontractors in technical, payment and delivery services; advertising networks; analytics providers; search information providers; credit reference agencies) and may receive Personal Data from them.
The Personal Data collected from the Client and third parties shall be combined with the Personal Data collected directly from the Data Subject and that combined information shall be treated as set forth in this Policy.
6. Automated Decision Making
Automated decision-making refers to a decision that is taken solely on the basis of automated Processing of Data Subjects’ Personal Data. This means Processing using, for example, software code or an algorithm that does not require human intervention.
We do not Process the Data Subject’s Personal Data within the scope of exclusively automated Processing for the purpose of making decisions that have direct legal effect on the Data Subject, or that significantly affects the Data Subject in a similar way, without human intervention.
Our automated Processing of Data Subjects’ data is necessary in order to carry out the tasks outlined in the Terms of Service and to enable the Data Subjects to use the Services. If the Data Subject does not agree to the automated Processing of their Personal Data, then the Data Subject cannot accept this Policy. In this case, it will be impossible for us to provide the Data Subject with our Services or for the Data Subject to become a user of Touchpoint, the Website or the Services.
7. Transfer of the Personal Data
TextMagic transfers the Data Subject’s Personal Data intra-group in between its group companies for the purposes of providing Services and fulfilling contracts concluded with Data Subjects. All group companies of TextMagic either are located in the European Union (EU) or have been granted an adequacy decision by the EU; therefore, all group companies are legally bound by the Personal Data protection rules and principles laid down in the GDPR. We ensure that all Personal Data Processing activities performed within the TextMagic group shall adhere to the same Personal Data protection standards as set out in the GDPR and this Policy.
We may also transfer the Data Subject’s Personal Data to third parties, such as:
(a) legal and regulatory authorities;
(b) server hosts who host our servers;
(c) communication service providers who facilitate emails and other communication between us and the Data Subject;
(d) customer support and customer management service providers;
(e) marketing service providers;
(f) other parties involved with the provision of TextMagic’s Services (accountants, auditors, lawyers, IT systems suppliers and support or any other outsourcing providers).
We have taken steps to ensure that these data recipients protect the confidentiality and security of Personal Data and to ensure that Personal Data is Processed only for the provision of the Services and in compliance with applicable law.
We will take appropriate legal, organizational and technical measures to protect Personal Data consistent with applicable privacy and data security laws. Security measures shall be applied in order to protect Personal Data from involuntary or unauthorized Processing, disclosure or destruction.
Upon transferring Personal Data to third parties, we will apply the following safeguards:
9. Integrity and retention of the Personal Data
We will retain Personal Data for the period required or permitted by applicable law, but no longer than is reasonably necessary in order to achieve the purposes for which the Personal Data was collected.
We will take reasonable steps to ensure that the Personal Data we Process is reliable for its intended use, accurate and complete as necessary to carry out the purposes described herein.
10. The Data Subject’s Rights Regarding the Processing of Personal Data
The Data Subject has the following rights in relation to the Processing of their Personal Data:
(a) Request information – all data protection–related information that the Data Subject has the right to receive is provided in this Policy. The valid version of the Policy is at all times available on the Website.
(b) Right to access – the Data Subject has the right to ask us to provide a copy of the Data Subject’s Personal Data that we Process.
(c) Right to Rectification – the Data Subject has the right to ask us to rectify Personal Data in case the data is incorrect or incomplete.
(d) Right to Erasure – the Data Subject has the right to ask us to erase Personal Data, unless we are obliged to continue Processing the Data Subject’s Personal Data under law or under a contract between the Data Subject and us, or in case we have other lawful grounds for the continued Processing of Personal Data.
(e) Right to Restriction – the Data Subject has the right to ask us to restrict the Processing of their Personal Data in case the data is incorrect or incomplete or in case the Personal Data is being Processed unlawfully.
(f) Right to Data Portability – the Data Subject has the right to ask us to provide the Data Subject or, in case it is technically feasible, a third party their Personal Data, which the Data Subject has provided to us and which is being Processed in accordance with the Data Subject’s consent or a contract between the Data Subject and us.
(g) Right to Object – the Data Subject has the right to object to us Processing their Personal Data if they have reason to believe that we have no lawful grounds for Processing the Personal Data.
(h) Right to withdraw Consent for the Processing of Personal Data – the Data Subject is entitled to withdraw the consent granted for the Processing of Personal Data at any time. Withdrawal does not affect the lawfulness of the Processing conducted before the withdrawal.
(i) Right to File Complaints – the Data Subject has the right to file complaints regarding the Processing of their Personal Data.
In order to exercise any rights referred herein, the Data Subject is required to submit a written application to us (contact details can be found under Section 12). We have the right to decline this application by justifying the reasons for the refusal.
According to Article 12(3) of the GDPR, we are obligated to respond to the application within 1 month. However, we will make best efforts to respond to the Data Subject’s request within 1 week.
11. Right to Amend this Policy
We are entitled to unilaterally amend this Policy from time to time. Upon amending the Policy, we will notify the Data Subject about the updated terms by email. If the new terms refer to Processing of the Data Subject’s Personal Data for any new purpose that requires the Data Subject’s consent, then we will not Process the Data Subject’s Personal Data for such new purpose before we have received the respective consent.
12. Contact Information
Should the Data Subject have any questions regarding this Policy or the Processing of their Personal Data, they are welcome to contact us with requests, inquiries or any complaints via email at [email protected].