Pandria Privacy Notice

Last edited: October 2024

We care deeply about your privacy. Pandria respects your privacy regarding any information we collect from you across our websites or services.

Most of your experience with Pandria happens within chat platforms (such as Slack, Google Chat, Microsoft Teams). We collect and store only the minimum amount of personal data needed to run our service effectively and gather analytics to improve it. This means we maintain only essential user and team information required for our bot to function properly.

We process personal data in accordance with Data Protection Legislation, which for this privacy policy means: the European General Data Protection Regulation (GDPR) and any national implementing laws, regulations and secondary legislation, as amended or updated from time to time, applicable to Pandria's business.

Throughout this policy, any reference to "you" refers to the underlying data subjects.

1. Personal data we collect

Log data

When you visit our website, our servers may automatically log the standard data provided by your web browser. It may include your computer’s Internet Protocol (IP) address, your browser type and version, the pages you visit within our domain, the time and date of your visit, the time spent on each page, and other details.

Personal data

Personal data means any information about an individual from which that person can be identified. It does not include data where the identity has been removed (anonymous data).

We may ask for, or receive from a chat platform after an approval, personal data, such as your:

• Name (first name and last name);
• Email-address (business account);
• The data you provide during the conversation;
• Other documents that might be shared with you or you share with us.

Retention Policy

Data that is required for the functioning of the app is stored as long as you continue to use our services. We don’t keep personal data for longer than is necessary. While we retain personal data we will protect it within commercially acceptable means to prevent loss and theft, as well as unauthorised access, disclosure, copying, use or modification. We have an internal retention policy. If you have any questions about how long we keep your personal data in more detail, please contact us.

Business data

Business data refers to data that accumulates over the normal course of operation on our platform. This may include transaction records, stored files, user profiles, analytics data and other metrics, as well as other types of information, created or generated, as users interact with our services.

We may receive information about you through a chat platform. We are also working closely with third parties (including, for example, business partners, HR software suppliers used by your company) and may receive information about you from them (business email address and your name).

We may also process aggregated data such as statistical data for any purpose. Aggregated data may be derived from your personal data but is not considered personal data as this data does not directly or indirectly reveal your identity. For example, we may aggregate your usage data to calculate the percentage of users accessing a specific feature.

However, if we combine or connect aggregated data with your personal data so that it can directly or indirectly identify you, we treat the combined data as personal data which will be used in accordance with this privacy notice.

We do not collect any special categories of personal data about you (this includes details about your race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, information about your health and genetic and biometric data). Nor do we collect any information about criminal convictions and offences.

2. Confidentiality and Ownership of Content and Personal Data

All content and personal data that you provide to us or that is collected through Pandria is confidential and will be used only for the purpose of providing you with Pandria's services. We will not sell, lease, or share your personal data with any third parties without your consent, except as required by law or as otherwise stated in this Privacy Notice.

You retain ownership of all content that you submit to Pandria. We will not use your content for any purpose other than to provide you with Pandria's services, without your consent.

3. Legal bases for processing

We will process your personal data lawfully, fairly and in a transparent manner. We process your personal data only where we have legal bases for doing so.

These legal bases depend on the services you use and how you use them, meaning we collect and use your personal data only where:

1. it satisfies a legitimate interest of us (which is not overridden by your data protection interests) such as for research and development, or for example to protect our legal rights and interests;
2. it’s necessary for the performance of a contract to which you are a party or to take steps at your request before entering into such a contract (for example, when we provide a service you request from us);
3. or we need to process your data to comply with a legal obligation;
4. if necessary, we may retain your personal data for our compliance with a legal obligation or in order to protect your vital interests or the vital interests of another natural person;
5. you give us consent to do so for a specific purpose. When you consent to our use of your personal data for a specific purpose, you have the right to change your mind at any time (but this will not affect any processing that has already taken place).

4. Processing of personal data

Age limitations: Use of the Pandria service is not permitted for children under the age of 16. If you are aware of anyone under the age of 16 having provided us with its personal data, please contact us so that we can take steps to delete such personal data.

We may process your personal data for the following purposes, and personal data will not be further processed in a manner that is incompatible with these purposes:

i) to provide you with our services
ii) to provide you with the platform’s core features
iii) to contact and communicate with you
iv) for improving our services
v) for internal record keeping and administrative purposes
vi) if applicable to process any transactional or ongoing payments

In addition, if you don't want us to use your personal data for any of the other reasons set out in this privacy notice, you can let us know at any time by contacting us via email at privacy@pandria.com , and we will delete your data from our systems if appropriate and as far as possible. However, you acknowledge this will limit our ability to provide any service to you.

Generally we do not rely on consent as a legal basis for processing your personal data other than in relation to our marketing communications. You have the right to withdraw consent to marketing at any time, and we will either delete your data from our systems or move your data to our "unsubscribe list". However, you acknowledge this will limit our ability to provide the best possible service to you. This does not mean you will not receive any message anymore, we might still need to send you a service update or other communication outside of marketing.

Pandria is an app for chat platforms and integrates tightly with them. Almost all data that Pandria collects originates from the chat platform. As such, you may find it useful to review the relevant chat platform policies including:

• Slack's privacy policy
• Google Chat's privacy policy
• Microsoft Team's privacy policy

By design, Pandria does not grant Data Controllers (our customers) access to the personal data associated with end users in the chat platform workspace: no one in your organisation can view any messages in any of your channels or conversations unless you actively consent for data to be shared. . In addition to user metadata mentioned above, Pandria only receives data when you or another user on your workspace actively engages or interacts with Pandria. This could be in the form of authoring a message or reply.

5. Disclosure of personal data to third parties

We may disclose personal data to third party service providers for the purpose of enabling them to provide their services, including (without limitation) IT service providers, data storage, web-hosting and server providers, professional advisors and payment systems operators. These parties qualify as our data processors and we have the necessary agreements in place with the parties.

Pandria does not display any personal data, and does not share any personal data with advertisers or other third parties not being a data processor.

6. International transfers

The personal data we collect is stored and processed in the European Union, or where we or our partners, affiliates and third-party providers maintain facilities.

We will ensure that any transfer of personal data from countries in the European Economic Area (EEA) to countries outside the EEA will be protected by appropriate safeguards, for example by using standard data protection clauses approved by the European Commission, or the use of binding corporate rules or other legally accepted means.

7. Your rights and controlling your personal data.

Information from third parties:

If we receive personal data about you from a third party, we will protect it as set out in this privacy notice. If you are a third party providing personal information about somebody else, you represent and warrant that you have such person’s consent to provide this information.

Under the GDPR you have rights in relation to your personal data:

Restrict

You may choose to restrict the processing of your personal data. If you have previously agreed to us using your personal information for direct marketing purposes, you may change your mind at any time by contacting us using the details below. If you ask us to restrict or limit how we process your personal data, we will let you know how the restriction affects your use of our website or products and services.

Access and data portability

You may request details of the personal data that we process about you. You may request a copy of the personal data we process about you. Where possible, we will provide this data in CSV format or other easily readable machine format. You may request that we erase the personal data we process about you at any time. Please bear in mind though that this request cannot always be fully executed. You may also request that we transfer specific personal data to another third party.

Correction

If you believe that any personal data we process of you is inaccurate, out of date, incomplete, irrelevant or misleading, please contact us via email using privacy@pandria.com. We will take reasonable steps to correct any information found to be inaccurate, incomplete, misleading or out of date.

Complaints

If you believe that we have breached a relevant data protection law and wish to make a complaint, please contact us using the details below and provide us with full details of the alleged breach. We will promptly investigate your complaint and respond to you, in writing, setting out the outcome of our investigation and the steps we will take to deal with your complaint. If you are of the opinion that we have not handled your complaint properly, you also have the right to contact a regulatory body or data protection authority in relation to your complaint.

Unsubscribe

To unsubscribe from marketing communications, please contact opt-out using the opt-out facilities provided in the communication.

Automatic deletion

Your user account (including an email address Pandria may store directly) is automatically deleted within 24 months of inactivity.

Requests for Individual's Data Deletion:

If you wish to delete the personal data we process, please send us a request via email at privacy@pandria.com.

8. Cookies and comparable technologies

We rely on “cookies” for certain functionality of the Pandria service. A cookie is a small piece of data that our website stores on your computer, and accesses each time you visit, so we can understand how you use our service. Please refer to our Cookie Policy for more information.

9. Business transfers

If we or our assets are acquired; or in the unlikely event that we go out of business or enter bankruptcy, we would include data among the assets transferred to any parties who acquire us. You acknowledge that such transfers may occur, and that any parties who acquire us may continue to use your personal data according to this notice.

10. Limits of our policy

Our website may link to external sites that are not operated by us. Please be aware that we have no control over the content and policies of those sites, and cannot accept responsibility or liability for their respective privacy practices. Similarly, Pandria is an app for chat platforms and as such, you may find it useful to review the relevant privacy for your chat platform:

• Slack's privacy policy
• Google Chat's privacy policy
• Microsoft Team's privacy policy

11. Changes to this Privacy Notice

At our discretion, we may change our privacy notice to reflect our current acceptable practices. We will take reasonable steps to let users know about changes via our service.

Pandria's Data Protection Contact: privacy@pandria.com