Privacy Policy

We have updated this privacy policy to include a notice of the possibility of Selma.ai using LinkedIn Insight Tag for website recording. This policy is effective from 26 February 2019.

 

Selma.ai is committed to protecting and respecting your privacy.

 

This policy explains how we use any personal information that you provide to us through our website, application, or through direct contact with our sales, support or customer success representatives. It will also explain to you how we use any personal information provided to us through our customers and used by them as part of our service to them. Finally, this policy will explain to you the conditions under which we may disclose your information to others, how we keep it safe and secure, and your rights and choices in relation to your information. Please read it carefully. We may change this policy in the future and will post any changes on this page, so please check back frequently.

 

For the purposes of data protection law, Selma.ai acts as either the controller or the processor of your personal information, depending on the type of processing we are performing. It will be made clear in the following sections which of these roles we are fulfilling for which usages of your personal information.

 

Any questions regarding this policy or our privacy practices should be sent by email to gdpr@selma.ai or by writing to Data Protection Officer, Selma.ai nv, Emiel Banningstraat 41-47, 2000 Antwerp, Belgium.

 

Selma.ai nv is registered in Belgium with the company number: 0667 991 785.

 

Who are we?

Selma.ai nv is an Antwerp, Belgium based company providing advanced analytics and machine learning based insights to companies who wish to reduce their spam and increase the effectiveness of their retention marketing.

In this policy, ‘Selma.ai’, ‘we’, ‘us’, or ‘our’ means Selma.ai (company number BE0667 991 785). Registered address is Emiel Banningstraat 41-47, 2000 Antwerp, Belgium.

Our Data Protection Officer is Stewart Southern. You can contact him at gdpr@selma.ai or by writing to the address above, marking the envelope ‘Data Protection Officer’.

 

Information we may collect about you

If you are a customer of Selma.ai, if you are submitting information to us directly via our website, application, or in person to a representative, or if we are collecting information about you via public sources, then we will be operating as a controller for the purposes of data protection law.

 

What information do we collect about you?

As a controller, we may collect and process the following information about you:

  • your name and contact details (including email address and telephone number);
  • your company and function at that company;
  • information about your activities on our website, and about the device used to access it, for example your IP address, geographical location, browser, or device type;
  • information about your interactions with emails we have sent you, and about the device used to read these emails, for example your IP address, geographical location or device type;
  • transcripts or recordings of support or sales conversations with representatives, including via email, live chat, or by phone;
  • public information, for example public social media accounts, corporate website, and public governmental records.

Data protection laws recognize certain categories of personal information as sensitive and therefore require greater protection, for example information about your health, ethnicity and religion. Selma.ai usually does not collect these kinds of information. In the event that we do collect this information, we will make it clear to you why we are collecting this type of information, what it will be used for, and any special measures we will go to to protect it at the time of collection.

 

How do we collect information from you?

We may collect this information from you when you perform one of these activities:

  • when registering for an account;
  • when requesting a demo;
  • when downloading promotional material from us;
  • when entering a competition operated by us;
  • when reporting a problem with our services;
  • when communicating directly with a representative;
  • when entering into a contract with us for the supply of services.

We will always inform you of the purpose of collecting information from you at the time we collect it and will make available to you this privacy policy.

We may also process information about you from public sources prior to contacting you, such as when we are generating sales leads. When we do this, we will always inform you of how we process this information about you, the purpose of that processing, and the legal basis for the processing at the earlier possible opportunity. We will also inform you of the existence of this privacy policy and seek from you your permission to continue processing your information, if necessary.

 

How do we use your personal information and how long do we keep it for?

As a controller, we use personal information we collect from you for the following purposes:

  • Providing and personalizing our services to you
  • Fulfilling your requests
  • Service improvement
  • Marketing, sales, and advertising
 

Lawful processing

Data protection law requires us to rely on one or more lawful grounds to process your personal information. We will always use one of the following grounds:

  • Specific consent
  • Performance of a contract
  • Legitimate interest
  • Legal obligation
 

Your choices

You have the choice as to whether or not you receive marketing or sales information from us. You can withdraw your consent at any time by making a rights request, or in the example of email by unsubscribing from the link at the bottom of our emails.

We will not use your personal information for marketing or sales purposes if you have indicated to us that you do not want us to do so. However, we may still contact you for other purposes, such as to manage your account or fulfill a specific request from you.

Your rights

Under Belgian data protection law when we are operating as a controller you have certain rights over the personal information we hold about you.

Here is a summary of your relevant rights:

  • Right to access
  • Right to rectification
  • Right to erasure
  • Right to restriction of processing
  • Right to data portability
  • Right to Object
 

If you want to exercise any of your rights as described above, please email us at gdpr@selma.ai or write to Data Protection Officer, Selma.ai, Emiel Banningstraat 41-47, 2000 Antwerp, Belgium. In the case of email, we will treat your email address as your identifier and use the existence of access to the email address as proof of identity. If you wish us to use another identifier, such as your name, address, or telephone number, we will require proof of identity before we can process your request.

For all rights requests, we will respond to you within one month of your request being made. We may, as part of that response, ask for a further two months extension to complete your request. We will complete your request in a maximum of three months after your request.

In addition to these rights, you have the right to lodge a complaint with the supervisory authority which oversees our usage of your personal data and our compliance with data protection law. In the case of Selma.ai, this is the Belgian Data Protection Authority.

There are exceptions which apply to a number of these rights, and not all rights are applicable in all circumstances. If you wish to have more information about the details of your rights, we recommend you consult Belgium’s Data Protection Authority.

 

Information about you which may be provided to us by our customers

If one of our customers has gathered information about you and is legally entitled to share that information with us then we may have access to that information. If this is the case then we will, for the purposes of data protection law, be operating as a processor.

What information is provided to us?

As a processor, we may be provided with the following information about you by our customer:

  • transaction data detailing your transaction history with the controller. This may include goods and services purchased, quantities, prices, time and location of purchase and methods of payment;
  • engagement data detailing your interactions with the controllers emails, websites, applications, or physical premises. This may include the time, location, method and type of the interaction and what was interacted with;
  • personal information about you, such as your email address, telephone number, name, gender preference, date of birth, address and country of residence, the language you prefer to speak, and whether you represent an individual, a company, a re-seller of services, the government, or something else. We will also receive an affirmation from the controller that they have a legal basis for sharing your information with us. Our applications and services will reject any data which does not contain this affirmation, although your information may still be stored in a raw encrypted form on our servers for a period of time.

What do we use information provided to us for?

As a processor, we use personal information provided to us only with the direct instruction of our customers. We may provide the following kinds of processing service to our customers:

  • analysis of your information for the purpose of providing more effective marketing messages to you via segmentation;
  • analysis of your information for the purpose of providing insight to our customers into their business;
  • analysis of your information for the purpose of building a profile of your likes, dislikes and habits. This profile will be used to provide more effective marketing messages to you based on a prediction of your future behaviors. This profile will not be used outside of this context or for making any decisions which could significantly affect you.

How long do we keep your personal information for?

As a processor, we will retain your personal information according to the instructions of our customers, but no longer than the length of the contract with that customer. We may, with the permission and oversight of our customer, keep your information in an anonymized or aggregated form after the termination of our contract with them.

 

Who has access to your information?

Whether operating as a controller or a processor of your personal information, the following applies.

We do not sell or sell access to your personal information to third parties.

We do not share your information with third parties for their marketing purposes.  However, when a customer of ours, with your consent,  provided your information to us as part of our service offering, we share the information resulting from our service with that particular customer (and that customer only).

Further, we may disclose your information to third parties to achieve the purposes laid out in this policy. We may do this for any of the following reasons:

  • with service providers, to help us run our business and perform services you requests or services our customers request as your data controller. This can include cloud service providers, software tooling for our business, or other tooling or services;
  • analytics and search engine providers, to help us improve and optimize our service. In general these data will not be directly identified.

Additionally, we may also share personal information with third parties in the event that Selma.ai (or substantially all of it’s assets) is acquired by another entity, or if we’re required to do so by law.

In all cases when we share information with a third party, we will ensure a robust and legally binding Data Processing Agreement is in place with that third party prior to transferring your personal information to them.

When, for the purposes of data protection law, Selma.ai is operating as a processor of your personal information, we will disclose the concrete list of third parties we share your information to with our customer, your controller, and they will approve of this list prior to transferring your information to us. In the event that we change or add a processor then we will provide our customers, your controller, with notification of this change 14 days prior to the change coming into effect and allow them the possibility to object to the change.

 

Keeping your information safe

When your personal information is given to us, we take steps to ensure that technical and organizational measures are in place to protect it.

When we transmit your personal information across the internet, we protect it with SSL encryption. We do this both for data we transmit to and from web-browsers and when we are moving data between our services and those of third parties. We also require third parties to communicate your information with us via SSL encrypted channels.

When your personal information is at ‘rest’ upon our servers, we encrypt it using various state of the art encryption technologies.

When your personal information is in use by our services or applications, we control access to it via fine-grained permissions and secure authentication and authorization technologies.

Your information security is an important part of our business and engineering processes. We consider your privacy at all stages of design, implementation and operation of our services and applications.

When we process your information into profiles or histories of you, we endeavour to separate identifiable and identified information into different parts of our services. This helps to limit the possibilities of misuse of your information, or, in the event of a data breach, to limit the ability of your information being linked back to you.

 

Transferring your information outside of the EEA

As part of the services we offer to you, or to our customers when they have asked us to process your data on their behalf, the information you provide us may be transferred outside of the European Economic Area (“EEA”). This may occur if our servers are located outside of the EEA or if we contract a third party located outside of the EEA.

In the event that we transfer your personal data outside of the EEA, and in line with data protection law, we will only do so if the third party is approved via one or more of the following mechanisms:

  • an adequacy decision from the European Commission has decided that the third party country to whom we are transferring data offers a sufficient level of protection for your information;
  • the third party and Selma.ai have entered into a data protection agreement following European Commission approved standard procedural clauses;
  • the third party is based in the United States of American (“USA”) and is a part of the European Commission approved, USA operated, EU-US Privacy Shield.

In general, Selma.ai will prefere service providers who operate their businesses within the EU, and will prefer servers hosted inside the EU for those services based elsewhere.

 

Website recording

  • Google Analytics
  • LinkedIn Insight Tag
  • Hubspot Tag
  • Hotjar
 

Use of ‘cookies’

Like many websites, Selma.ai uses ‘cookies’ and similar technologies in the operation of our website and application. ‘Cookies’ are small pieces of information sent to you by an organization and stored on your hard drive. They can allow that website to recognize you when you visit them. This information helps us to deliver a more personalized service to you.

 

Review of this policy

We keep this policy under regular review. This policy was last reviewed in February 2019.