Overview

Contexxt.ai GmbH (“us”, “we”, or “our”) operates C.AI Adoption Analytics and the Microsoft Teams Bot service C.AI Adoption Bot (the “Service”, “Application”, “Platform” or “Website”). 

Contexxt.ai GmbH is committed to protecting the privacy and security of the personal information of our customers, employees and third parties. 

This Privacy Notice highlights how Contexxt.ai GmbH uses the information collected through its websites, apps, services and technology solutions. 

We use your data to provide and improve the Service. We collect information when you register, sign in and use our sites and services. We also may get information from other companies. We collect this information in a variety of ways, including from web forms, technologies like cookies, web logging and software on your computer or other device. 

We use information submitted through our websites or collected through email or hard copy surveys to analyze the characteristics of our customers and improve our services. 

If you request information about Contexxt.ai GmbH products and services, we will collect your name, email address, phone number, and additional company information. We use this information to contact you about your request, and to follow up with you about the products and services in which you have expressed an interest. We will also send information to you regarding upcoming events, webinars, and relevant privacy related news and alerts. You may unsubscribe from these communications at any time by clicking on the unsubscribe link provided in the email. 

Contexxt.ai GmbH receives and processes information (in paper and electronic form) in accordance with its clients’ instructions for the purpose of providing services to its customers. At Contexxt.ai GmbH, we recognize the importance of privacy to our customers and we strive to safeguard any personal information we receive and may need to use in support of our customers. 

By using the Service, you agree to the collection and use of information in accordance with this policy. Unless otherwise defined in this Privacy Policy, terms used in this Privacy Policy have the same meanings as in our Terms of Use, accessible from https://contexxt.ai/terms-of-use/?lang=en. 

We respect each individual’s right to personal privacy. We will collect and use information we receive directly from you only in the ways disclosed in this Privacy Policy. 

Definitions

1. Service 

Service is the Contexxt.ai GmbH SPHER CTX and Microsoft Teams app service for Microsoft Teams operated by Contexxt.ai GmbH. 

2. Personal Data 

Personal Data means data about a living individual who can be identified from those data (or from those and other information either in our possession or likely to come into our possession). 

3. Usage Data 

Usage Data is data collected automatically either generated using the Service or from the Service infrastructure itself (for example, the duration of a page visit). 

4. Data Controller 

Data Controller means the natural or legal person who (either alone or jointly or in common with other persons) determines the purposes for which and the way any personal information are, or are to be, processed. 

For the purpose of this Privacy Policy, we are a Data Controller of your Personal Data. 

5. Data Processors (or Service Providers)  

Data Processor (or Service Provider) means any natural or legal person who processes the data on behalf of the Data Controller. 

We may use the services of various Service Providers in order to process your data more effectively. 

6. Data Subject (or User) 

Data Subject is any living individual who is using our Service and is the subject of Personal Data. 

7. Cookies 

Cookies are small pieces of data stored on your device (computer or mobile device). 

Your Data Protection Rights Under General Data Protection Regulation (GDPR)

If you are a resident of the European Economic Area (EEA), you have certain data protection rights. Contexxt.ai GmbH aims to take reasonable steps to allow you to correct, amend, delete, or limit the use of your Personal Data. 

Accessing and Updating your Personal Information 

To review and update your personally identifying information to ensure it is accurate, or if you want it to be removed from our systems, please contact us vial email: info@contexxt.ai. 

In certain circumstances, you have the following data protection rights: 

• The right to be informed. You have the right to be informed about how and why your personal data is being processed. Grounds for processing is usually explained when asking for the consent from you. You have a right to be informed after giving the consent as well, meaning that the company should be able to provide you with concise, intelligible, easily accessible, free of charge and clearly written information about the processing. 
• The right to access, update or to delete the information we have on you. Whenever made possible, you can access, update or request deletion of your Personal Data directly within your account settings section. If you are unable to perform these actions yourself, please contact us to assist you. 
• Right to erasure. As outlined in Article 17, the GDPR, you have the right to be forgotten under specific circumstances, e.g. if the personal data is no longer necessary for the purpose the company originally collected or processed it. 

• The right of rectification. You have the right to have your information rectified if that information is inaccurate or incomplete. 
• The right to object. You have the right to object to our processing of your Personal Data. 
• The right of restriction. You have the right to request that we restrict the processing of your personal information. 
• The right to data portability. You have the right to be provided with a copy of the information we have on you in a structured, machine-readable and commonly used format. 
• The right to withdraw consent. You also have the right to withdraw your consent at any time where contexxt.ai Software relied on your consent to process your personal information. 

• Rights in relation to automated decision-making. You have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you. 

Please note that we may ask you to verify your identity before responding to such requests. 

Contexxt.ai GmbH will make commercially reasonable efforts to provide you reasonable access to any of your personal information we maintain within 30 days of your access request. We provide this access so you can review, make corrections, or request deletion of your data. If we cannot honor your request within the 30-day period, we will tell you when we will be able to provide access. In the unlikely event that we cannot provide you access to this information, we will explain why we cannot do so. 

You have the right to complain to a Data Protection Authority about our collection and use of your Personal Data. For more information, please contact your local data protection authority in the European Economic Area (EEA). 

For more information on how to contact the EU Data Protection Authorities, click here (http://ec.europa.eu/justice/dataprotection/article-29/structure/data-protectionauthorities/index_en.htm) 

Information Collection and Use 

We collect several different types of information for various purposes to provide and improve our Service to you. 

Types of Data Collected 

1. Personal Data 

While using our Service, we may ask you to provide us with certain personally identifiable information that can be used to contact or identify you (“Personal Data”). Personally identifiable information may include, but is not limited to: 

• Email address 
• First name and last name 
• Company information, including company name, address, billing information (e.g., P.O. number, bank wire information, credit card number), and company size 

• Cookies and Usage Data 

If you purchased one of Contexxt.ai’s technical solutions you may have the option to add additional users to your account. We will ask for the name and email address of the additional users you want to add. This information is used by Contexxt.ai GmbH to provide the requested service. 

In the course of using Contexxt.ai’s technical solutions or services, you may provide business information related to your company. Business information may include copies of your company’s policies and process documents, responses to assessment questionnaires and evidence to support those responses. This is information is stored on Contexxt.ai’s systems, and is used to provide contracted services in accordance with the applicable terms and conditions of agreements between contexxt.ai and your company. 

We may use your Personal Data to contact you with newsletters, marketing or promotional materials and other information that may be of interest to you. You may opt out of receiving any, or all, of these communications from us by following the unsubscribe link or instructions provided in any email we send or by contacting us. 

2. Usage Data 

We may also collect information on how the Service is accessed and used (“Usage Data”). This Usage Data may include information such as your computer’s Internet Protocol address (e.g. IP address), browser type, browser version, the pages of our Service that you visit, the time and date of your visit, the time spent on those pages, unique device identifiers and other diagnostic data. 

3. Microsoft Bot Framework 

Our Service (EMMA Bot for Microsoft Teams) is enabled by Microsoft Bot Framework. The Microsoft Bot Framework is a set of web-services that enable intelligent services and connections using conversation channels you authorize. As a service provider, Microsoft will transmit content you provide to our bot/service in order to enable the service. For more information about Microsoft privacy policies please see their privacy statement here: http://go.microsoft.com/fwlink/?LinkId=521839. In addition, your interactions with this bot/service are also subject to the conversational channel’s applicable terms of use, privacy and data collection policies. To report abuse when using a bot that uses the Microsoft Bot Framework to Microsoft, please visit the Microsoft Bot Framework website at https://www.botframework.com and use the “Report Abuse” link in the menu to contact Microsoft. 

You can find further Frequently Asked Questions (FAQ’s) about our Bot Service, accessible from https://contexxt.ai/sphere/faq-zu-emma/. 

4. Payment Data 

Payment Data is the information that you provide when you make purchases. This may include your payment instrument number (e.g., credit card, PayPal), your name and billing address, and the security code associated with your payment instrument (e.g., the CSV or CVV). 

Payment Data is used to complete your transaction, as well as for the detection and prevention of fraud. In support of these uses, Contexxt.ai GmbH may share your Payment Data with banks and other entities that process payment transactions or other financial services, and for fraud prevention and credit risk reduction. 

When you provide Payment Data to us, we may store that data to help you complete future transactions. 

You may remove the payment instrument information associated with your organizational account by contacting us. After you close your account or remove a payment instrument, however, Contexxt.ai GmbH may retain your payment instrument data for as long as reasonably necessary to complete your existing transaction, to comply with Contexxt.ai’s legal and reporting requirements, and for the detection and prevention of fraud. 

Payment data, which will be provided when buying our services in the Microsoft Commercial Market place or Office Store, will be used from Microsoft to complete your transaction. Your information are processed and protected in line with Microsoft Privacy Policy, accessible from http://go.microsoft.com/fwlink/?LinkId=521839. 

5. Tracking & Cookies Data 

We use cookies and similar tracking technologies to track the activity on our Service and hold certain information. 

Cookies are files with small amounts of data which may include an anonymous unique identifier. Cookies are sent to your browser from a website and stored on your device. Tracking technologies also used are beacons, tags, and scripts to collect and track information and to improve and analyze our Service.  

You can instruct your browser to refuse all cookies or to indicate when a cookie is being sent. However, if you do not accept cookies, you may not be able to use some portions of our Service. 

Examples of Cookies we use: 

• Session Cookies to operate our Service 
• Preference Cookies to remember your preferences and various settings 
• Security Cookies for security purposes 

Legal Basis for Processing Personal Data Under General Data Protection Regulation (GDPR) 

If you are from the European Economic Area (EEA), Contexxt.ai GmbH legal basis for collecting and using the personal information described in this Privacy Policy depends on the Personal Data we collect and the specific context in which we collect it. 

Contexxt.ai GmbH may process your Personal Data because: 

• We need to perform a contract with you 
• You have given us permission to do so 
• The processing is in our legitimate interests and it’s not overridden by your rights 

• For payment processing purposes 
• To comply with the law 

Use of Data 

Contexxt.ai GmbH uses the collected data for various purposes: 

• To provide and maintain our Service 

• To notify you about changes to our Service 
• To allow you to participate in interactive features of our Service when you choose to do so 
• To provide customer support 
• To gather analysis or valuable information so that we can improve our Service 
• To monitor the usage of our Service 

• To detect, prevent and address technical issues 
• To provide you with news, special offers and general information about other goods, services and events which we offer that are similar to those that you have already purchased or enquired about unless you have opted not to receive such information 

Transfer of Data 

Your information, including Personal Data, may be transferred to — and maintained on — computers located outside of your state, province, country or other governmental jurisdiction where the data protection laws may differ than those from your jurisdiction. 

Your consent to this Privacy Policy followed by your submission of such information represents your agreement to that transfer. 

Contexxt.ai GmbH will take all steps reasonably necessary to ensure that your data is treated securely and in accordance with this Privacy Policy and no transfer of your Personal Data will take place to an organization or a country unless there are adequate controls in place including the security of your data and other personal information. 

Except as described in this privacy statement, we won’t disclose your personal information to a third party without your consent. Contexts and situations where we may disclose your personal data without your consent are: 

• Within Contexxt.ai GmbH affiliates and subsidiaries 
• As part of a merger or sale of a business 

• With vendors and agents of Contexxt.ai GmbH 
• When required by law or to respond to legal process or lawful requests, including from law enforcement or other government agencies or other public authorities, including to meet national security or law enforcement requirements 
• When required to combat fraud or protect our interests 
• To protect life and safety 

Retention of Data 

Contexxt.ai GmbH will retain your personal data only for as long as is necessary for the purposes set out in this Privacy Policy. We will retain and use your Personal Data to the extent necessary to comply with our legal obligations (for example, if we are required to retain your data to comply with applicable laws), resolve disputes, and enforce our legal agreements and policies. When the purpose of retaining personal data is no longer applicable, e.g. a contract is cancelled, we’ll proceed with deleting your personal data latest within 30 days. 

Contexxt.ai GmbH will also retain Usage Data for internal analysis purposes. Usage Data is generally retained for a shorter period, except when this data is used to strengthen the security or to improve the functionality of our Service, or we are legally obligated to retain this data for longer time periods. 

Security of Data 

Contexxt.ai GmbH is committed to protecting the security of your personal information. We use a variety of security technologies and procedures to help protect your personal information from unauthorized access, use or disclosure. For example, we store the personal information you provide on computer systems that have limited access and are in controlled facilities. When we transmit highly confidential information (such as a credit card number or password) over the Internet, we protect it through the use of encryption, such as the Transport Layer Security (TLS) or Secure Socket Layer (SSL) protocols. 

If a password is used to help protect your accounts and personal information, it is your responsibility to keep your password confidential. Do not share it. If you are sharing a computer, you should always log out before leaving a site or service to protect access to your information from subsequent users. 

Disclosure of Data 

1. Disclosure for Law Enforcement  

Under certain circumstances, Contexxt.ai GmbH may be required to disclose your Personal Data if required to do so by law or in response to valid requests by public authorities (e.g. a court or a government agency). 

2. Legal Requirements 

Contexxt.ai GmbH may disclose your Personal Data in the good faith belief that such action is necessary to: 

• Comply with a legal obligation 
• Protect and defend the rights or property of contexxt.ai Software 
• Prevent or investigate possible wrongdoing in connection with the Service 
• Protect the personal safety of users of the Service or the public 

• Protect against legal liability 

Disclosure of Data 

We do not support Do Not Track (“DNT”). Do Not Track is a preference you can set in your web browser to inform websites that you do not want to be tracked. 

You can enable or disable Do Not Track by visiting the Preferences or Settings page of your web browser. 

Service Providers 

We do not employ third party companies and individuals. 

Children’s Privacy 

Our Service does not address anyone under the age of 18 (“Children”). 

We do not knowingly collect personally identifiable information from anyone under the age of 18. If you are a parent or guardian and you are aware that your child has provided us with Personal Data, please contact us vial email: info@contexxt.ai. Parents can change or revoke the consent choices previously made, and review, edit or request the deletion of their children’s personal information by using the contact form on the web site. If we become aware that we have collected Personal Data from children without verification of parental consent, we take steps to remove that information from our servers. 

Changes to This Privacy Policy 

We may update our Privacy Policy from time to time. We will notify you of any changes by posting the new Privacy Policy on this page. 

We will let you know via email and/or a prominent notice on our Service, prior to the change becoming effective and update the “effective date” at the top of this Privacy Policy. 

You are advised to review this Privacy Policy periodically for any changes. Changes to this Privacy Policy are effective when they are posted on this page. 

Links to Other Websites 

Our Service may contain links to other websites that are not operated by us. If you click on a third–party link, you will be directed to that third party’s website. We strongly advise you to review the Privacy Policy of every website you visit. 

We have no control over and assume no responsibility for the content, privacy policies or practices of any third–party websites or services. 

Customer Support 

To find more information about our service and its features, or if you need assistance with your account, or if you have any questions about these Terms, please contact us at info@contexxt.ai. 

Federal Commissioner for Data Protection 

Dr. Ralf C. Güstel 

Gem.DataSecure GmbH Wirtschaftsprüfungsgesellschaft 

Weidestrasse 134 

22083 Hamburg 

datenschutz@gem-gruppe.de 

www.gem-gruppe.de 

Regulatory Authority 

Hamburg 

Der Hamburgische Beauftragte für Datenschutz und Informationsfreiheit 

Ludwig-Erhard-Str. 22, 7. OG 

20459 Hamburg 

Tel.: 040 / 428 54 – 4040 

Fax: 040 / 428 54 – 4000 

E-Mail: mailbox@datenschutz.hamburg.de