Effective: July 28, 2018
Personal Data We Collect
Personal data we get from Slack
When you install Meeting Bot to your Slack workspace, we collect personal data from users within the workspace. Examples of this type of data are:
- User access token (granted during install and required for fetching user profile information).
- User profile information (E.g. names and email to determine calendar availability create meeting invites, timezone to display content in the user's timezone).
- General team and user info (E.g. team name, user names).
- Conversation text in a channel (direct or group channel) where Meeting Bot is present.
We do not collect or store conversation data or attachments from Slack channels that the bot is not invited to.
Personal data we get from your calendar
In order to provide our Service we ask you to grant us access to your Google, Exchange or Office 365 account (your "Calendar Provider"). We retrieve data from your Calendar Provider for the purpose of providing our Services. Examples of this type of data are:
- User name, identifier, email address (in order to uniquely identify and book meetings for a user).
- Access tokens (OAuth tokens in order to access Calendar Provider APIs).
- Meeting details (subject, description, attendee information for the purpose of viewing/editing meetings).
- Services metadata: When an user interacts with our Services, metadata is generated that provides additional context about the user's interactions. For example, we log the conversation history with Meeting Bot.
- Server log data: As with most websites and technology services delivered over the Internet, our servers automatically collect information when you access or use our Website or Services and record it in log files. This log data may include the Internet Protocol (IP) address, the address of the web page visited before using the Website or Services, browser type and settings, the date and time the Services were used, information about browser configuration and plugins, language preferences and cookie data.
- Device information: We collect information about devices accessing the Services, including type of device, what operating system is used, device settings, application IDs, unique device identifiers and crash data. Whether we collect some or all of this information often depends on the type of device used and its settings.
- Location information: We receive information from you and other third-parties that helps us approximate your location. We may, for example, use an IP address received from your browser or device to determine approximate location. We may also collect location information from devices in accordance with the consent process provided by your device.
- Additional information provided to us: We may receive information when submitted to our Website or if you participate in a focus group, contest, activity or event, apply for a job, request support, interact with our social media accounts or otherwise communicate with us.
How We Use Personal Data
How we use the information we collect depends in part on how you use our Service and any preferences you have communicated to us. Below are the specific purposes for which we use the information we collect about you.
- To provide the Services and personalize your experience: We use information about you to provide the Services to you, including to process transactions with you, authenticate you when you log in, provide customer support, and operate and maintain the Services.
- As required by applicable law, legal process or regulation.
- To communicate with you by responding to your requests, comments and questions: If you contact us, we may use your information to respond.
- For research and development: We are always looking for ways to make our Services smarter, faster, secure, integrated and useful to you. We use collective learnings about how people use our Services and feedback provided directly to us to troubleshoot and to identify trends, usage, activity patterns and areas for integration and improvement of the Services.
- To send emails and other communications: We may send you service, technical and other administrative emails, messages and other types of communications. We may also contact you to inform you about changes in our Services, our Services offerings, and important Services-related notices, such as security and fraud notices. These communications are considered part of the Services and you may not opt out of them. In addition, we sometimes send emails about new product features, promotional communications or other news about Slack. These are marketing messages so you can control whether you receive them.
- For billing, account management and other administrative matters: We may need to contact you for invoicing, account management and similar reasons and we use account data to administer accounts and keep track of billing and payments.
- To investigate and help prevent security issues and abuse.
Legal bases for processing (for EEA users): If you are an individual in the European Economic Area (EEA), we collect and process information about you only where we have legal bases for doing so under applicable EU laws. The legal bases depend on the Services you use and how you use them. This means we collect and use your information only where:
- We need it to provide you the Services, including to operate the Services, provide customer support and personalized features and to protect the safety and security of the Services;
- It satisfies a legitimate interest (which is not overridden by your data protection interests), such as for research and development, to market and promote the Services and to protect our legal rights and interests;
- You give us consent to do so for a specific purpose; or
- We need to process your data to comply with a legal obligation.
If you have consented to our use of information about you for a specific purpose, you have the right to change your mind at any time, but this will not affect any processing that has already taken place. Where we are using your information because we or a third party (e.g. your employer) have a legitimate interest to do so, you have the right to object to that use though, in some cases, this may mean no longer using the Services.
How We Disclose Personal Data
We not sell or rent Personal Data to marketers or unaffiliated third parties. We share your Personal Data as outlined below.
- Third-Party service providers: We work with third-party service providers to provide website and application development, hosting, maintenance, backup, storage, virtual infrastructure, payment processing, analysis and other services for us, which may require them to access or use information about you. If a service provider needs to access information about you to perform services on our behalf, they do so under instruction from us, including abiding by policies and procedures designed to protect your information.
- Aggregated or De-identified Data: We may disclose or use aggregated or de-identified Other Information for any purpose. For example, we may share aggregated or de-identified information with prospects or partners for business or research purposes.
- Complying with Laws: If we receive a request for information, we may disclose information if we reasonably believe disclosure is in accordance with or required by any applicable law, regulation or legal process.
- Enforcing our rights and preventing fraud: To protect and defend the rights, property or safety of Slack or third parties, including enforcing contracts or policies, or in connection with investigating and preventing fraud or security issues.
- With Explicit Consent: We may share information with third parties when we have explicit consent from you to do so.
We we retain your Personal Data as long as we are providing the Services to you. We retain Personal Data after we cease providing Services to you, even if you uninstalled or close your account with us, to the extent necessary to comply with our legal and regulatory obligations, and for the purpose of fraud monitoring, detection and prevention. We also retain Personal Data to comply with our tax, accounting, and financial reporting obligations, where we are required to retain the data by our contractual commitments to our financial partners. Where we retain data, we do so in accordance with any limitation periods and records retention obligations that are imposed by applicable law.
To the extent prohibited by applicable law, We do not allow use of our Services and Websites by anyone younger than 16 years old. If you learn that anyone younger than 16 has unlawfully provided us with personal data, please contact us and we will takes steps to delete such information.
Depending on your location and subject to applicable law, you may have the following rights with regard to the Personal Data we control about you:
- The right to request confirmation of whether we process Personal Data relating to you, and if so, to request a copy of that Personal Data;
- The right to request that we rectify or update your Personal Data that is inaccurate, incomplete or outdated;
- The right to request that we erase your Personal Data in certain circumstances provided by law;
- The right to request that we restrict the use of your Personal Data in certain circumstances, such as while we consider another request that you have submitted (including a request that we make an update to your Personal Data); and
- The right to request that we export, where technically feasible, your Personal Data that we hold in order to provide Services to you.
Where the processing of your Personal Data is based on your previously given consent, you have the right to withdraw your consent at any time. You may also have the right to object to the processing of your Personal Data on grounds relating to your particular situation.
You can file an inquiry or request by emailing us at: firstname.lastname@example.org
Data Protection Authority
Subject to applicable law, you also have the right to (i) restrict our use of data that constitutes your Personal Data and (ii) lodge a complaint with your local data protection authority.
To support delivery of our services, we may engage and use data processors with access to Personal Data (each, a "Sub-processor").
|Entity Name||Activities||Entity Country|
|Amazon Web Services, Inc.||Service provider for infrastructure, data processing applications and analytics.||United States|
|Google Inc.||Service provider for infrastructure, data processing applications and analytics.||United States|
|Stripe Inc.||Payment processing and billing service provider.||United States|
Our business needs may change from time to time. For example, we may deprecate a Sub-processor to consolidate and minimize our use of Sub-processors. Similarly, we may add a Sub-processor if we believe that doing so will enhance our ability to deliver our Services. We will periodically update this page to reflect additions and removals to our list of Sub-processors.
You may contact us by sending an email to email@example.com