Privacy Policy

OPT1MUM PTY LTD trading as ImbaChat provides to its customers ready to use chat messaging plugins for websites or mobile applications. These services are part of ImbaChat and can be accessed at imbachat.com (“our Website”) or you may subscribe to ImbaChat services either through cloud based SaaS model or by downloading the Self-hosted version. For more information, reference is made to our Terms of Service. This Privacy Policy describes ImbaChat’s policies and procedures on the collection, use and disclosure of your personal data when you use our services or our Website (collectively “the Services”). We will not use or share your information with anyone except as described in this Privacy Policy. Please note that this Privacy Policy does not apply to the data ImbaChat processes on behalf of our customers in our capacity as a processor. If you have any question on this, please contact us – see our contact details below.

Personal Data type	Why we use it	Legal Basis	Who we share it with
Contact details: Email address, Name, Country	So you can create an account and we can provide you with the Services, including support when you have questions.	We need this info to offer the Services to you, it is part of our contract with you.	We use selected third parties to help us provide you with the fastest and most efficient support.
	We may send you marketing messages when you register an account with us.	We rely on your consent and our legitimate interest. When you register to our Services and our newsletter, we will send you relevant messages related to our Services but you can choose not to receive them at any time. We will ask for your specific consent to send you any other type of marketing messages.	We use selected third parties who help us carry out this task, on our behalf.
	Storing your information.	We need to store the information you give to us in order to run the infrastructure and provide you with the Services. It is part of our contract with you.	We use third parties specialized in cloud storage to ensure your data is safely stored.
Payment information Payment card details and the address your card is registered to.	To receive your payment in exchange of our Services.	We need this information to offer the Services to you, it is part of our contract with you.	We use third party payment platforms to provide a very secure payment process for you.

Cookies

A cookie is a small text file that is placed on your computer, mobile phone, or other devices when you visit a website.

We use essential operational cookies because they are necessary to allow us to operate the ImbaChat Services as you have requested. We use cookies to personalize your experience on the ImbaChat Website, to assist you in using the ImbaChat Services (such as saving time by not having to reenter your name each time you use the ImbaChat Services).

We also use cookies to allow us to statistically monitor how you are using the ImbaChat Services so that we can improve our offerings, and to target certain advertisements to your browser which may be of interest to you or to determine the popularity of certain content. We will only use these cookies if you consent to it: when you visit our Website, a banner appears asking you whether you allow us to use these cookies. Many web browsers also allow you to manage your preferences. You can set your browser to refuse cookies or delete certain cookies.

How Long Do We Keep Your Personal Data

We will only retain your personal information for as long as necessary to fulfill the purposes described above i.e. for as long as you have a ImbaChat account and/or have subscribed to our Services.

We may also retain your data longer in accordance with any limitation periods and records retention obligations that are imposed by applicable laws.

If you have elected to receive marketing communications from us, we retain information about your marketing preferences for a reasonable period of time from the date you last expressed interest in our content, products, or services.

We retain information derived from cookies and other tracking technologies for no more than 13 months from the date such information was created.

International Data Transfers

We will only retain your personal information for as long as necessary to fulfill the purposes described above i.e. for as long as you have a ImbaChat account and/or have subscribed to our Services.

We may also retain your data longer in accordance with any limitation periods and records retention obligations that are imposed by applicable laws.

We retain information derived from cookies and other tracking technologies for no more than 13 months from the date such information was created.

Your Rights

You have the right::

To be told about how your data is processed
To access your data
To stop or restrict certain processes
To correct incorrect info
To ask us to delete certain info
To port data (i.e. to ask us to provide you with your data in in an easy-to-read manner t and to transfer it to another data controller)
To access info about profiling or automated decision making
To object to how we are handling your personal data
To ask us to delete certain info

If you have a complaint about our use or processing of your personal information, you have a right to lodge a complaint with a national Data Protection Authority. Each European Union member nation has established its own Data Protection Authority; you can find out about the Data Protection Authority in your country here.

How We Protect Your Information

We use a variety of security technologies and procedures to help protect your personal information from unauthorized access, use or disclosure. We secure the personal information you provide on computer servers in a controlled, secure environment, protected from unauthorized access, use or disclosure. All personal information is protected using appropriate physical, technical and organizational measures.We use a variety of security technologies and procedures to help protect your personal information from unauthorized access, use or disclosure. We secure the personal information you provide on computer servers in a controlled, secure environment, protected from unauthorized access, use or disclosure. All personal information is protected using appropriate physical, technical and organizational measures.

GDPR Compliance Statement

ImbaChat are committed to ensuring protection of all personal information that we hold, and to provide and to protect all such data. We recognise our obligations in updating and expanding this program to meet the requirements of GDPR.

ImbaChat are dedicated to safeguarding the personal information under our control and in maintaining a system that meets our obligations under the new regulations. Our practice is summarised below.

How We Prepared for GDPR

ImbaChat already have a consistent level of data protection and security across our organisation, but we have introduced new measures to ensure compliancy.

Information Audit — We carried out an audit of information previously held and ensured that it was compliant with the new regulations.
Policies and Procedures — we have revised data protection policies and procedures to meet the requirements and standards of the GDPR and any relevant data protection laws, including:
- Data Protection - our main policy and procedure document for data protection has been revised to meet the standards and requirements of the GDPR. Accountability and governance measures are in place to ensure that we understand and adequately disseminate and evidence our obligations and responsibilities; with a dedicated focus on privacy and the rights of individuals.
- Data Retention and Erasure - we have updated our retention policy and schedule to ensure that we meet the "data minimisation" and "storage limitation" principles and that personal information is stored, archived and destroyed in accordance with our obligations. We have procedures in place to meet the new "Right to Erasure" obligation.
- Data Breaches - our procedures ensure that we have safeguards in place to identify, assess, investigate and report any personal data breach as early as possible. Our procedures have been explained all employees.
- International Data Transfers and Third-Party Disclosures – where ImbaChat stores or transfers personal information outside the EU, we have robust procedures in place to secure the integrity of the data. Our procedures include a continual review of the countries with sufficient adequacy decisions, as well as binding rules, or standard data protection clauses for those countries without.
- Subject Access Request (SAR) - we have revised our SAR procedures to accommodate the revised 30-day timeframe for providing the requested information and for making this provision free of charge.
Privacy Notice/Policy - we have revised our Privacy Notice(s) to comply with the GDPR, ensuring that all individuals whose personal information we process have been informed of why we need it, how it is used, what their rights are, who the information is disclosed to and what safeguarding measures are in place to protect their information.
Obtaining Consent - we have revised our consent mechanisms for obtaining personal data, ensuring that individuals understand what they are providing, why and how we use it and giving clear, defined ways to consent to us processing their information
Data Protection Impact Assessments (DPIA) - where we process personal information that is considered high risk, we have developed stringent procedures for carrying out impact assessments that comply fully with the GDPR's Article 35 requirements. We have implemented documentation processes that record each assessment, allow us to rate the risk posed by the processing activity and implement mitigating measures to reduce the risk posed to the data subject(s).
Processor Agreements - where we use any third-party to process personal information on our behalf (ie Payroll, Recruitment, Hosting, etc), we have drafted compliant Processor Agreements and due diligence procedures for ensuring that they meet and understand their/our GDPR obligations.

Data Subject Rights

We provide easy-to-access information via our website of an individual’s right to access any personal information that ImbaChat processes about them and to request information about:

what personal data we hold about them
the purposes of the processing
the categories of personal data concerned
the recipients to whom the personal data has/will be disclosed
how long we intend to store your personal data for
if we did not collect the data directly from them, information about the source
the right to have incomplete or inaccurate data about them corrected or completed and the process for requesting this
the right to request erasure of personal data (where applicable) or to restrict processing in accordance with data protection laws, as well as to object to any direct marketing from us and to be informed about any automated decision-making that we use
the right to lodge a complaint or seek judicial remedy and who to contact in such instances

Changes to Our Privacy Policy

If we change our Privacy Policy, we will post those changes on this page to keep you aware of what information we collect, how we use it and under what circumstances we may disclose it. If there is a significant change, we will notify you.

Information Security and Technical and Organisational Measures

ImbaChat takes the privacy and security of individuals and their personal information very seriously and take every reasonable measure to protect and secure the personal data that we process. We have robust information security policies and procedures in place to protect personal information from unauthorised access, alteration, disclosure or destruction.

GDPR Roles and Employees

ImbaChat have designated insert DPO as our Data Protection Officer (DPO) and have appointed a data privacy team to develop and implement our roadmap for complying with the new data protection Regulation. The team are responsible for promoting awareness of the GDPR across the organisation, assessing our GDPR compliance, identifying any gap areas and implementing the new policies, procedures and measures.

ImbaChat understands that continuous employee awareness and understanding is vital to the continued compliance of the GDPR and have involved our employees in our preparation plans. If you have any questions about our GDPR compliance policies, please contact [email protected].

Contact Us

2111/1 brushbox st, Sydney Olympic Park NSW 2127, Australia
Telephone: + 61 416 103 106
Email: [email protected]