BotTools's Data Processing Addendum
Last updated: November 15, 2020
If you are using BotTools as a user and have agreed to our terms of service, you do not need to sign an additional Data Processing Addendum. As of November 15th 2020, our user terms of service include a provision to ensure compliance with GDPR.
BotTools's role in GDPR compliance
It's important to note that BotTools is acting both as a Data Controller and as a Data Processor within the realm of GDPR compliance:
As a Data Controller, you're responsible for safeguarding the data of your customers as they interact directly with services integrated with BotTools.
As a Data Processor, BotTools is responsible for safeguarding the data of our partners' and customers' users as it flows through our system.
Customers' and partners' roles in GDPR compliance
As a BotTools customer or partner, you are a Data Controller and BotTools is acting as your Data Processor for your users. In this respect, you must take the following steps:
- Ensure your Terms of Service and/or Privacy Policy are up to date.
- If you have customers in the EU or need to be GDPR compliant, your agreement to our terms of service will be sufficient as it contains relevant addendum.
- If you have customers in the EU or need to be GDPR compliant, you may additionally request to sign BotTools's Data Processing Addendum. This is valid for both customers and partners
- Perform your own research, modeling, vendor audit, and strategy steps at your company to ensure you understand GDPR as it applies to your business.
- Be thinking about how you’ll handle consent. You should configure your tools to not work with users' data without proper consent.
- Watch for updates from BotTools related to product functionality or privacy and TOS changes.
Customers' and partners' roles in GDPR compliance
Each of BotTools's vendors and sub-processors will have an executed Data Processing Addendum to ensure compliance under the EU GDPR requirements. An audited minimum relevant set of data is shared with each vendor (for example, BotTools does not send server logs to Workable):
- AWS: the bulk of user data is hosted in AWS.
- Digitore24: payment data is maintained in Digistore24