Privacy Policy

This Privacy Policy governs how Bitskout Inc (hereinafter „Bitskout/us/we/our”) gathers and uses personal data. We always aim to protect the privacy of our Users and other data subjects (together herein after “you”). Please read this Privacy Policy as it contains important information about the processing of your personal data. If you do not wish for your personal data to be processed as described in the Privacy Policy, you must not use our Service nor Website.

​

This Privacy Policy applies to our online activities i.e., processing in connection to our Website and to our processing of personal data when offering our Service.

If you have additional questions or require more information about our Privacy Policy, do not hesitate to contact us at contact@bitskout.com.

​

DEFINITIONS

 

Definitions are terms often used in the Privacy Policy. Definitions are defined in this Section of the Privacy Policy or in the text of the Privacy Policy.

1. Personal data protection terms have the same meaning as defined here or in the General Data Protection Regulation (2016/679) (“GDPR”).

2. Terms that are not defined in the Privacy Policy nor the GDPR are defined in our Terms and Conditions (link at the bottom of the Website).

3. Cookies mean data files stored in the Visitor’s device upon visitation of the Website according to the selection made. More information about the use of Cookies by us can be found via the Cookie solution used for our Website and from Cookie Policy available on our Website.

4. Contract means a contract entered into between us and a User or any other data subject. Term Contract also covers term Terms and Conditions.

5. Data subject means a natural person regarding whom we have information or information that can be used to identify a natural person.

6. personal data means any information relating to an identified or identifiable natural person i.e., data subject.

7. Privacy Policy means this text, which sets out our principles of personal data processing.

8. Service(s) means services offered by us, incl. via our Website.

9. Usage Data means data about usage of our Service and Website i.e., data about usage of our Service and Website incl. technical data about device used, information about browser used, IP address, the pages of our Service visited, the time and date of the visit, the time spent on those pages, unique device identifiers and other diagnostic data.

10. User means the individual using our Service.

11. Visitor is a person visiting our Website.

12. Website means our website accessible via https://www.bitskout.com/ and all its subdomains
     

GENERAL INFORMATION AND CONTACT DETAILS

Here you will find when the Privacy Policy applies, information about who we are, and how to contact us.

1. About us. We are a private limited company Bitskout Inc, registered at 2261 Market Street, Suite 5812, San Francisco, CA, 94114, email contact@bitskout.com. We are a company offering ready-made intelligent automations for different projects. We are the controller of your personal data when you visit our Website, register as a User.  We are processors of personal data of our Users’ clients, employees or other, when offering our Service.

2. Contacts. You can contact us in matters related to personal data processing by e-mailing us at info@bitskout.com.

3. About the Privacy Policy. The Privacy Policy applies to personal data processing done by us.  We have the right to unilaterally amend this Privacy Policy. We will notify the data subject of all important material changes on the Website or otherwise.

4. About the Controller-Processor statuses. We offer our Service to our clients and by doing so we may need to process personal data of our clients’ clients’. We do not define the purpose of the processing of personal data nor decide what personal data is processed by our clients. We are processors when providing our Service. It is our clients who are responsible for obtaining the necessary legal grounds for the processing.

5. Other links/apps etc. Please note that the links on our Website may lead to media that is governed by privacy terms of the respective service providers’, and not by this Privacy Policy. We are not responsible for anything on those other websites.

 

PRINCIPLES OF PERSONAL DATA PROCESSING

Here you will find the key principles that we are always guided by when processing your personal data.

1. Compliance and aim. Our aim is to process personal data in a responsible manner where we are able to demonstrate the compliance of personal data processing with the purposes set and the applicable regulations.

2. The principles. All our processes, guidelines, actions, and activities related to personal data processing are based on the following principles: lawfulness, fairness, transparency, purposefulness, minimisation, accuracy, storage limitation, integrity, confidentiality, and data protection by default and by design.

 

Information we process

Here you can find categories of personal data we process.

1. Types of data. In general, we process the following types of personal data:

   1. Personal data inserted or given to us or to our clients by the data subject (e.g., name, contact information etc.);

   2. Personal data resulting from standard communication between us and the data subject (e.g., when you contact us by email);

   3. Personal data resulting from the usage of our Service and personal data resulting from the usage of our clients’ services.

   4. Personal data obtained from third parties (if any);

   5. Personal data generated and combined by us or our clients (e.g., data about the usage of their services etc.).

2. Categories of Data Subjects. Generally, we may process personal data of the following data subjects’:

   1. our Users (if natural person) and

   2. our client’s representatives;

   3. representatives of our cooperation partners;

   4. our employees or contractors;

   5. Website Visitors;

   6. our client’s clients.

3. Data we process as Controller. As Controller we process among other the following personal data:

   1. About Visitors – data gathered from use of Website incl., by Cookies (if enabled);

   2. Our client’s representatives (or clients if natural persons) – name, work contacts, position, communications with us, Usage Data;

   3. About Users – name, email address, phone no, address, Cookies data, Usage Data, location data (if enabled); excluding data inserted into our Service by our Users (i.e. our clients’ clients’ personal data; for our clients’ clients’ personal data – our clients are the controllers).Contact us if you need more precise information on your personal data processing. Please note that in case where we are the processor, we redirect you to your data controller if you have provided us with necessary information.

4. Data we process as a Processor. We act as a data processor when you use our services to extract information from your sources such as files or emails. The purpose of data extraction is to convert an unstructured format to a structured format which later can be saved into another tool. As a processor, we process the following personal data that can be a part of a document:

   1. Names, email addresses, positions, and phone numbers of your clients, providers, counterparties and partners;

   2. About companies – names, registration IDs, bank details, addresses and phone numbers

 

 

GENERAL PURPOSES, GROUNDS FOR, AND ACTIVITIES OF PROCESSING

Here you will find information about the purposes and grounds for processing of your personal data.

1. Consent. Based on consent, we process personal data precisely within the limits, to the extent and for the purposes for which the data subject has given their consent. The data subject’s consent must be freely given, specific, informed, and unambiguous, for example, by ticking the box on the Website. Please note that you have the right to withdraw your consent at any time.

2. Entry into and performance of a Contract. Upon entering into and performing a Contract, we may process personal data for the following purposes:

   1. taking steps prior to entering into a Contract, which are necessary for entering into a Contract or which the data subject requests;

   2. identifying you to the extent necessary for entering into and performing a Contract or taking steps to enable usage of our Service;

   3. performing the obligations assumed (e.g., billing);

   4. communicating with you, incl. sending information and reminders about the performance of the Contract or about the usage of the Service;

   5. protection of rights and claims;

   6. to detect, prevent and address technical issues;

   7. to provide customer support;

   8. to provide and maintain our Service, incl. monitor usage of our Service and Webiste;

   9. to notify you about changes to our Service or to give you other Contract/Service related notice.

 

Please note that exact purpose and grounds may also be defined in the Terms and Conditions and/or Contract.

1. Legal obligation. We process personal data to comply with a legal obligation in accordance with and to the extent provided by law.

2. Legitimate interest. Our legitimate interest means our interest in managing or directing our activities and enabling us to offer the best possible Service. In case we are using legitimate interest, we have previously assessed our and your interests. You have the right to see conducted assessment connected to processing of your personal data. We may process your personal data (except special categories of personal data) based on legitimate interest for the following purposes:

   1. managing and analysing a client database and Service (if not covered with the Contract) to improve the availability, functions and quality of Service, e.g., using a CRM or analytics solutions to enable the foregoing;

   2. development of our Service and Website;

   3. ensuring a better client/User experience, to provide higher quality Service; we may monitor the usage of our Service and Website, analyse identifiers and personal data collected when our Website, Service, our social media pages and other sales channels are used, and we may collect statistics about clients, Users and Visitors;

   4. organizing campaigns, incl. organising personalised and targeted campaigns. The terms and conditions of campaigns are set out separately;

   5. sending offers/information to the client/User or potential client if the respective person has previously purchased or shown interest in a similar product, and if such processing is allowed in respective jurisdiction. In this case, the person is always guaranteed to have a simple opportunity to resign from the communication, and we have considered our and the (potential) client’s interests;

   6. conducting satisfaction surveys and measuring the effectiveness of marketing activities performed;

   7. making recordings and logging; we may record messages and orders given both in our premises and using means of communication (e-mail, phone etc.) as well as information and other activities we have performed. If necessary, we use these recordings to prove orders or other activities;

   8. technical and cyber security reasons, for example measures for combating piracy and ensuring the security of the Website as well as for making and storing back-up copies and preventing/repairing technical issues ;

   9. processing for organisational purposes, foremost for management and processing of personal data for internal management purposes (but also audits and other potential supervision), including for processing the personal data of clients or employees, and disclosure of personal data within our group companies (subsidiaries, affiliates);

   10. establishing, exercising or defending legal claims, incl. assigning claims to, for example, collection service providers, or using legal advisors;

   11. If you have given us information about not sending you a certain type of information – retaining the information about such prohibition.

3. New purpose. Where personal data is processed for a new purpose other than that for which the personal data are originally collected or it is not based on the data subject’s consent, we carefully assess the permissibility of such new processing. We will, in order to ascertain whether processing for a new purpose is compatible with the purpose for which the personal data are initially collected, take into account, inter alia:

   1. any link between the purposes for which the personal data are collected and the purposes of the intended further processing;

   2. the context in which the personal data are collected, in particular regarding the relationship between the data subject and us;

   3. the nature of the personal data, in particular, whether special categories of personal data are processed or whether personal data related to criminal convictions and offenses are processed;

   4. the possible consequences of the intended further processing for data subjects;

   5. the existence of appropriate safeguards, which may include encryption or pseudonymization.

 

 

TRANSFER AND AUTHORISED PROCESSING OF PERSONAL DATA

Here you will find information about the transfer and authorised processing of personal data.

1. Usage of cooperation partners. We cooperate with persons to whom we may transmit data, including personal data, concerning the data subjects within the context and for the purpose of that cooperation. We may have different type of controller-processor-sub-processor relationships with those cooperation partners. When transferring personal data to third parties (generally our cooperation partners), we comply with the applicable data protection requirements.

2. Requirements for the usage of cooperation partners. Such third parties may include, among other, advertising and marketing partners, payment service providers (see clause 10.3), customer satisfaction survey companies, advisers, IT partners, i.e., service providers for various technical services, provided that:

   1. the respective purpose and processing are lawful;

   2. personal data is processed pursuant to the instructions of the controller and on the basis of a valid contract.

3. We are using the following co-operation partners with their respective GDPR addendums:

   1. Amazon Web Services – Amazon GDPR Addendum

   2. Google Inc. Cloud – Google GDPR Addendum

   3. Microsoft Services – GDPR addendum

   4. Veryfi Inc. – GDPR addendum

   5. OpenAI – GDPR addendum

4. Other transfers. In other cases, we transmit your personal data to third parties provided that we have your consent, a legal obligation, or there is an exception in the event that the transfer is necessary to protect your vital interests.

5. Other disclosures. We may disclose personal data also on the following cases:

   1. For Law Enforcement. Under certain circumstances, we may be required to disclose your personal data if required to do so by law or in response to valid requests by public authorities. We always assess the lawfulness of information requests before disclosing any personal data.

   2. For business transactions. If we or our subsidiaries are involved in a merger, acquisition or asset sale, your personal data may be transferred.

 

 

STORAGE AND SECURITY OF PROCESSING PERSONAL DATA

Here you will find a description of how we protect your personal data and for how long we store personal data.

1. Storage. When storing personal data, we comply with the purpose of processing, limitation periods for potential claims in the event of filing claims, and storage periods provided for in the law. We store personal data as long as need depending on the purpose of the processing. Client/User data is generally retained, for the duration of the period of validity of the Contract. Certain personal data is stored depending on the requirement deriving from applicable law e.g., 7 years accounting data, 10 years data of employment contracts. Personal data for which the storage period has expired are destroyed or made anonymous.

2. Security measures. We have established guidelines and rules of procedure on how to ensure the security of personal data through the use of both organizational and technical measures. Among others, we do the following to ensure security and confidentiality:

   1. We have access-level management system in use;

   2. We process the personal data transferred to us only for the purpose and to the extent necessary for providing the Website and/or Services; and other purposes laid out in this Privacy Policy;

   3. we use software solutions that help ensure a level of security that meets the market standard.

The security of your data is important to us and we take all reasonable steps to ensure the security of personal data. However, remember that no method of transmission over the Internet or method of electronic storage is 100% secure. Meaning, while we use commercially acceptable means to protect your personal data, we cannot guarantee its absolute security.

1. Incident. In the event of any incident involving personal data, we do our best to mitigate the consequences and alleviate the relevant risks in the future. We will follow notice requirements of the GDPR.           

 

GDPR Data Protection Rights

Here you can read about your rights in connection to your personal data. These rights are applicable if you are a resident of EEA.

1. We would like to make sure you are fully aware of all of your data protection rights. Every data subject is entitled to the following rights (under certain preconditions):

   1. The right to access – you have the right to access and to request copies of your personal data.

   2. The right to rectification – you have the right to request that we correct any information that is inaccurate.

   3. The right to erasure – you have the right to request that we erase your personal data, under certain conditions.

   4. The right to restrict processing – you have the right to request that we restrict the processing of your personal data, under certain conditions.

   5. The right to object to processing – you have the right to object to our processing of your personal data, under certain conditions.

   6. The right to data portability – you have the right to request that we transfer the data that we have collected to another organization, or directly to you, under certain conditions.

   7. The right to file a complaint – you have the right to file a complaint with us or supervisory authority or court if you think that your rights in connection to personal data have been infringed. We kindly ask you to contact us first for finding a solution.

   8. Responses and additional information. If you make a request, we have one month to respond to you. If you would like to exercise any of these rights or need more information on your rights, please contact us. Please note, that we may need to identify you before granting you any of the rights connected to your personal data.
       

Children's Information

1. We do not knowingly collect any personal data from children under the age of 18. If we find out that we have obtained data of children, we will delete such data immediately or seek approval from legal guardian or parent. In case where we are a processor all grounds for processing derive from our client.

​

​

Other information relevant to processing of personal data

Usage of AI models

1. We are using AI models to provide services to you in a timely, accurate, and responsible way.

2. As we process and extract information from your files and emails, we use AI to help us do that by utilizing optical character recognition(“OCR”) to read the files and large language models to clean and structure the output.

3. User personal data and the contents of your documents are never used as a source of training for any of our AI models, our providers' AI models, or subprocessors unless you explicitly ask us to do so.

4. If you explicitly ask us to create a special template for your special use case, then we will ask you to confirm in written form via email that you agree to use your data to create that template.

5. For OCR, we use the following models:

   1. Google Document AI – to extract text, key values, and tables from your documents;

   2. Microsoft Azure Document Intelligence – to extract text, key values, and tables from your documents;

   3. Amazon Textract – to extract text, key values, and tables from your documents;

 

Large Language Model usage is related to cleaning up the OCR output and converting it into a structured format. Cleaning up the OCR output means updating the output produced by OCR into a readable and structured form adding missing items like mobile phone country codes or converting the name of the state on the address to a double letter form. We use the following models to do that:

1. OpenAI GPT APIs – to convert addresses, phone numbers, emails, and company names into a correct structured form;

2. Amazon Bedrock (Meta Llama) – to convert addresses, phone numbers, emails, and company names into a correct structure form;

3. Microsoft Azure OpenAI APIs - to convert addresses, phone numbers, emails, and company names into a correct structure form;

4. Your personal data, and document contents are never used to train our own and 3rd party AI models.

 

Analytics. We may use third-party service providers to monitor and analyze the use of our Service. For example, we use the following services/service providers:

1. Google Analytics. Google Analytics is a web analytics service offered by Google that tracks and reports website traffic. Google uses the data collected to track and monitor the use of our Service. This data is shared with other Google services. Google may use the collected data to contextualise and personalise the ads of its own advertising network. For more information on the privacy practices of Google, please visit the Google Privacy Terms web page: https://policies.google.com/privacy?hl=en. We also encourage you to review the Google's policy for safeguarding your data: https://support.google.com/analytics/answer/6004245.

2. Segment.io. Segment.io is a web traffic analysis tool. You can read the Privacy Policy for Segment.io here: https://segment.com/legal/privacy/.

 

CI/CD tools. We may use third-party service providers to automate the development process of our Service. For example, we use the following services/service providers:

1. GitHub. GitHub is provided by GitHub, Inc. GitHub is a development platform to host and review code, manage projects, and build software. For more information on what data GitHub collects for what purpose and how the protection of the data is ensured, please visit GitHub Privacy Policy page: https://help.github.com/en/articles/github-privacy-statement.

2. Payments. We may provide paid products and/or services within Service. In that case, we use third-party services for payment processing (e.g., payment processors). We will not store or collect your payment card details. That information is provided directly to our third-party payment processors whose use of your personal information is governed by their Privacy Policy. These payment processors adhere to the standards set by PCI-DSS as managed by the PCI Security Standards Council, which is a joint effort of brands like Visa, Mastercard, American Express and Discover. PCI-DSS requirements help ensure the secure handling of payment information. The payment processors we work with are:

   1. PayPal or Braintree: Their Privacy Policy can be viewed at https://www.paypal.com/webapps/mpp/ua/privacy-full

   2. Paddle Inc: Their Privacy Policy can be viewed at: https://www.paddle.com/legal/privacy

   3. Stripe: Their Privacy Policy can be viewed at: https://stripe.com/us/privacy

 

Your Data Protection Rights under the California Privacy Protection Act (CalOPPA)

1. CalOPPA is the first state law in the nation to require commercial websites and online services to post a privacy policy. The law’s reach stretches well beyond California to require a person or company in the United States (and conceivable the world) that operates websites collecting personally identifiable information from California consumers to post a conspicuous privacy policy on its website stating exactly the information being collected and those individuals with whom it is being shared, and to comply with this policy. – See more at: https://consumercal.org/about-cfc/cfc-education-foundation/california-online-privacy-protection-act-caloppa-3/

2. According to CalOPPA we agree to the following:

   1. Users can visit our site anonymously;

   2. our Privacy Policy link includes the word “Privacy”, and can easily be found on the page specified above on the home page of our Website;

   3.  Users will be notified of any privacy policy changes on our Privacy Policy Page;

   4.  Users are able to change their personal information by emailing us at contact@bitskout.com.

 

 

 

The latest changes and entry into force of the Privacy Policy:

01.09.2024

​