Information about how Apifon protects your privacy and handles user accounts
Updated: May 29, 2019
Effective Date: June 13, 2019
Apifon is a company construed under the laws of Greece, located in the city of Thessaloniki providing messaging automation Platforms that help businesses to communicate effectively with their customers, grow revenue and improve customer experience. Our cloud Platforms enable communication through multiple channels: SMS, Viber, Email and other chat apps.
Every time you use our Services at the Platforms, you provide us with your Data, as this is described below. The term Data refers both to the Personal Data of yours as well as of your end users. Therefore, appreciating the fact that you trust us with your Data, we would like to inform you that we perform actions of Personal Data Processing such as collection, storage and use of your Personal Data.
Here in Apifon we take every possible action to protect your Data while we give you full control over it on our Platforms. More specifically, your Data is being processed in accordance with the Greek laws as well as the legislation of the E.U. regarding the Personal Data protection, such as the General Data Protection Regulation (EU) 2016/679 (known as the GDPR). In addition, we have a Data Protection Program in place in order to ensure the effective and secure processing of your Data. For further information regarding the processing of your Data feel free to contact Apifon’s Data Protection Officer (see below for contact details).
Apifon’s role as data controller and/or data processor
Depending on your relationship with Apifon, we can be either Controller or Processor of your Data and as a result have specific responsibilities according to the GDPR:
Controller is the entity that an individual (or else data subject) provides their Personal Data to. The Controller has the responsibility of deciding why and how (the “purposes” and “means”) this Personal Data is processed. Apifon constitutes a Controller in regard with your Personal Data
Processor is the entity that processes Personal Data on behalf of the Controller. The Processor has the obligation to process Personal Data only according to the instructions of the Controller. Apifon constitutes a Processor in regard with your end users’ Personal Data that you provide us with in the framework of the provision of the Services by Apifon.
When do we collect your personal data?
We collect and process your Personal Data:
- when you browse either our website or our Platforms, we automatically collect your Data by placing cookies and trusted tracking technologies on your browser;
- when you contact our Sales Team or our Support Team;
- when you request to receive newsletters, product or services information and other material;
- when you sign up for an account and use our products and services;
- when you buy credits or subscribe to a plan, we need more information than just your name and password;
- when you send a campaign, we collect information about the device and applications your end user uses to access the content of communication sent by you as well as about how the end user interacts with the content sent through our Services.
Which personal data do we process?
The Personal Data we collect, according to the aforementioned, include:
- contact details;
- account credentials;
- financial data;
- usage data;
- location data.
Apifon does not collect nor processes any Personal Data that is not necessary for the provision of the Services and the purposes described below.
For which purposes do we process your Personal Data?
We process your Data in order to provide you with the Services properly. More specifically, the need for the processing of your Data is for us to:
- manage our relationship with you;
- send you informational and promotional content in accordance with your marketing preferences;
- provide the requested services to you;
- inform you about updates and platform maintenance;
- process and answer your questions or requests;
- create effective onboarding experience while using our Platforms;
- develop and improve our products, services, communication methods as well as the functionality of our websites;
- detect, prevent, or investigate security incidents, fraud and other abuse and/or misuse of our products and services
- carry out core business operations such as accounting and filing taxes.
Whenever we process your Data for the abovementioned purposes, we ensure that we always keep your Personal Data rights in high regard and take account of these rights. Moreover, we process your Personal Data following the requirements of GDPR on an appropriate legal basis, including:
- processing your Personal Data to execute the Agreement between you and Apifon
- processing your Personal Data with your consent
- processing based on the legitimate interests of Apifon
- processing your Personal Data as necessary to comply with and fulfill our legal obligations.
Either as Personal Data Controller or Processor, we always make sure that the entities we work with in order to provide you with the Services comply with the GDPR as well as any other Personal Data protection legislation in force and that they offer adequate standards for the processing and the protection of your Data.
Apifon does not sell nor allows your Data to be used in any way by third parties for their own marketing purposes. We may share your Data with third parties only in the situations mentioned below.
- With telecom operators and other communications service providers for purposes of proper routing and connectivity. In order to make sure that your communication reaches the intended recipient, independent of their location, we make use of a global network of telecom providers.
- With third-party service providers. Apifon engages third-party service providers, like our hosting providers, our helpdesk and our CRM, to carry out certain data processing functions on our behalf. These providers have limited access to and make use only of your Data that is necessary for them to provide their services to us. In addition, by entering into legally binding agreements with Apifon they provide reasonable assurances that they shall appropriately process and safeguard the Data.
- With Apifon Company Family: In order to do business with our offices worldwide, we might need to share personal data with our branches abroad.
- For purposes of compliance with legal obligations and law enforcement requests. In certain situations, we might be required to disclose your or your end users’ personal information in response to lawful requests by public authorities, including our obligation to meet national security or law enforcement requirements. More specifically, we may disclose personal information to respond to witness summons, court orders, to exercise our legal rights or defend against legal claims. We may also share such information if we believe it is necessary in order to investigate, prevent, or take action regarding illegal activities, suspected fraud, situations involving potential threats to the physical safety of any person, or as otherwise required by law.
Your Data is hosted and maintained in servers located within the European Union as well as in servers located in countries implementing adequate standards of Personal Data protection equal to the standards imposed by the GDPR. Below you can find a table showing the entities Apifon collaborates with for the provision of the Services.
PartnersApifon being either the Controller or the Processor of the Personal DataLocation
HubspotPersonal Data ControllerIreland, USA
KayakoPersonal Data ControllerEU, USA
Microsoft AzurePersonal Data Controller and ProcessorNetherlands, Ireland
Amazon Web ServicesPersonal Data Controller and ProcessorIreland, Frankfurt
Telecommunication Service ProvidersPersonal Data ProcessorGlobal
How long do we keep it?
Your Data retention period depends on the nature of the Data and the purpose for which it is obtained and processed. In case you have entered into a more specific Agreement with Apifon, your Data shall be retained for the period the Agreement is in force, unless a longer retention period is required or permitted by the law. However, even in the event Apifon has a legal obligation to retain your Data for a longer period of time, your Data is at all times kept confidential and processed in accordance with the Personal Data protection legislation in force.
According to the Hellenic Authority for Communication Security and Privacy as well as the articles 5 and 6 of the Greek law N.3917/2011, we have a legal obligation to keep logs (i.e. telephone numbers, message body, sender id, timestamp, emails, email addresses etc.) about your communication sent through our Services, for a default period of 12 months.
What are your rights?
You are entitled, in accordance with the GDPR, to request access to, rectification of, or erasure of your Data. Therefore, if at any point you believe the information we possess about you is incorrect, you can request to have it corrected or even deleted, under the provisions of the GDPR.
What is more, in certain cases you have the right to request the restriction of the processing of your Data as well as to object to it being processed.
You are also entitled to data portability, that is to say you can receive back the Data you have provided us with and pass it on to another Personal Data Controller.
We shall respond to your requests without delay, at the latest within one month upon receiving your request. However, depending on how complicated a request is as well as on the amount of requests to be answered by Apifon at a given time period, our response time may be up to three months. In that case you will be notified respectively.
For further information as well as in case you wish to raise a complaint regarding the processing of your Data, you can always contact our Data Protection Officer, who shall investigate the matter, at firstname.lastname@example.org.
Last but not least, you are entitled to file a complaint with the corresponding data protection supervisory authority in your country of residence.
Dispute Resolution and Governing Law
- The present Privacy Notice as well as all of its future modifications are governed by and interpreted according to the Greek law and the laws of the European Union.
- In case any dispute regarding the processing of your Data arises, you should in any case contact us to the contact details below so as to resolve it by out-of-court means. However, in case the aforementioned dispute remains unresolved despite our efforts for out-of-court resolution, the courts of Thessaloniki, Greece shall be competent.
If you have any questions about the processing of personal data by Apifon, feel free to contact us at:
27, Georgikis Scholis str. 57001, Thessaloniki, Greece
+30 2392 500 377