This privacy policy (the "Policy") describes how MOA Technologies AB, org.nr. 559513-6630, (the "Company", "we", "us" or "our") collects, uses, stores and protects personal data in connection with the provision of the AskMOA service (the "Service") through the website www.askmoa.ai (the "Website"). The Policy supplements and should be read together with the General Terms and Conditions (the "Terms") for the Service.
1. DEFINITIONS
Definitions in this Policy shall have the same meanings as in the Terms, unless expressly stated otherwise. The following definitions apply to this Policy:
"Personal data" means any information that can be directly or indirectly attributed to an identified or identifiable natural person (the "Data Subject"). Examples include name, email address, IP address, and user ID.
"Processing" means any operation or set of operations on personal data, whether or not performed by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
"Data Controller" means the person who, alone or jointly with others, determines the purposes and means of the processing of personal data.
2. APPLICABILITY AND ROLES
2.1 This Policy applies to all processing of personal data carried out by the Company in connection with the provision and use of the Service via the Website.
2.2 The Company acts as the data controller for the personal data collected directly from Users and Customers when registering a user account and for other processing where the Company determines the purpose and means, for example for administration, invoicing and improvement of the Service.
2.3 The Company acts as a data processor for the Customer for the personal data that the Customer or the User uploads, imports or otherwise processes within the framework of the Service (Customer Data, according to Terms 5.1 and 5.6), including data processed via AI products (see Terms 6.3) and data from external sources that the Customer chooses to import. Such processing is governed by the Data Processing Agreement (PUBA) available on the Website and entered into between the Company and the Customer (see Terms and Conditions p. 7.1).
3. COLLECTION OF PERSONAL DATA
3.1 Data we collect as a data controller:
Registration data: When you register an account for the Service, we collect data such as company name, company registration number, and name and email address of contact persons/Users (in accordance with Terms 3.2). *
Payment Information: For paying Customers, we may collect billing information. However, payment details such as credit card numbers are normally handled by a third-party payment service provider.
Usage Data: We may collect information about how You use the Service, such as login data, what features are used, and technical information about Your device and connection. This data is used in aggregated and anonymized form to improve the Service (according to Terms 5.4).
Communication data: If you contact us (e.g. for support), we may store the correspondence.
Cookies: We may use cookies on the Website to improve the user experience and for analytics purposes. Please see our separate Cookie Policy for more information.
3.2 Data we process as a data processor:
Customer Data: Any data, including any personal data, that Customer or User uploads, inputs into the chat function, imports from external sources (e.g. via web scraping) or otherwise provides the Service for processing (in accordance with the Terms). The customer is the data controller of this data.
4. PURPOSE AND LAWFUL BASIS FOR PROCESSING (AS A CONTROLLER)
We process your personal data for the following purposes and on the basis of the following lawful bases (according to GDPR Article 6):
a) Provide and administer the Service: To create and manage your user account, provide you with access to the Service and its features, and manage subscriptions and billing. Legal basis: Performance of contract (the Terms).
b) Support and communication: To be able to respond to your requests, provide support, and communicate important information about the Service. Legal basis: Performance of contract and Legitimate interest (to provide good service).
c) Improvement of the Service: To analyze usage patterns (in aggregated and anonymized form) in order to improve the functionality, performance, and user-friendliness of the Service. Legal basis: Legitimate interest (to develop and improve our Service). (Cf. Terms and Conditions p. 5.4)
d) Security: To protect the Service, prevent fraud and ensure compliance with the Terms. Legal basis: Legitimate interest (to protect our business and our users)
and Legal obligation.
e) Compliance with law: To comply with legal obligations, such as the Accounting Act or to respond to requests from authorities. Legal basis: Legal obligation.
f) Marketing: To inform you about updates or new features to the Service, or to send other marketing that we think may be of interest (if you have consented to it or if permitted by law, e.g. to existing customers for similar services). Legal Basis: Legitimate Interest or Consent.
5. SHARING OF PERSONAL DATA
5.1 Subcontractors (Data Processors) We may engage subcontractors to process personal data on our behalf (see Terms and Conditions p. 6.3). We enter into data processing agreements with these and ensure that they meet the requirements of the GDPR. 5.2 Authorities We may need to share personal data with authorities if required to do so by law or by decision of an authority.
5.3 Other We do not share your personal data with third parties in cases other than those described above, unless we have your consent or are required to do so by law.
6. TRANSFER TO THIRD COUNTRIES
6.1 Some of our subcontractors (e.g. OpenAI) may be established outside the EU/EEA. When transferring personal data to countries outside the EU/EEA, we ensure that there is a legal basis for the transfer and that appropriate safeguards are taken, such as the European Commission's Standard Contractual Clauses (SCCs) supplemented with the necessary technical and organisational safeguards, or that the transfer takes place to a country with an adequate level of protection as determined by the European Commission.
5. CUSTOMER DATA
5.1. You have the option to upload Customer Data via the Service. You remain responsible at all times for all Customer Data uploaded or published via Your user account. Customer retains all rights, title and interest in and to Customer Data. Users retain the right to their personal data in accordance with applicable data protection legislation.
5.2. By uploading content to the Service, you warrant that you have the right to upload and publish the content and that it does not violate applicable law.
5.3. If You publish content that the Company deems to be indecent, offensive or offensive, the Company may remove such content and/or terminate Your account.
5.4. The Company will only process Customer Data in accordance with Your instructions (in accordance with this Agreement and any applicable Personal Data Processing Agreement, “ PUBA ”), for the purpose of providing, maintaining and protecting the Service and to comply with legal obligations. The Company’s roles as data controller and data processor are further described in Section 7 and in the Personal Data Processing Agreement. The Company may process usage data relating to Customers’ and Users’ use of the Service in strictly aggregated and anonymized form in order to analyze, improve and develop the performance, functionality and security of the Service. Such aggregated and anonymized data does not constitute personal data and cannot be used to identify individual Customers or Users.
5.5. The Company will implement appropriate technical and organizational measures to protect Customer Data in accordance with applicable data protection regulations in all jurisdictions where the Service is provided, to the extent required.
5.6. The Customer is solely responsible for ensuring that the collection and processing of data from external sources, including but not limited to data collected through web scraping and imported into the Service, is in accordance with applicable law and any terms of use of the external source. The Company acts only as a data processor for such data as instructed by the Customer and in accordance with the Data Processor Agreement.
6. AI PRODUCTS
6.1. We offer AI Products as part of the Service. The terms in this section govern your use of the AI Products within the Service. They do not apply to any third-party products or third-party websites powered by artificial intelligence, machine learning or similar technologies.
6.2. You retain all rights You may have to use and exploit the output generated by the AI Products. We retain all ownership rights to the AI Products, including but not limited to any algorithms or models and aggregated results developed through the AI Products. This means that You may use Your output for any lawful purpose, including commercial purposes such as sale or publication.
6.3. Some AI Products are provided with the help of subcontractors, currently OpenAI (see https://openai.com/policies/). You agree that in order to enable Your use of these AI Products, Your input data, including Customer Data that You choose to use in the AI Products, may be shared with and processed by such subcontractors. The processing by the subcontractor takes place according to the Company's instructions and in accordance with the Personal Data Processing Agreement entered into between the Company and the Customer. The Company is responsible for the processing by the subcontractor in its capacity as a personal data processor. Output data from the AI Products is not shared with the subcontractors for purposes other than what is necessary to provide the functionality to You, unless otherwise expressly stated or required by mandatory law.
7. SAFETY
7.1 We take appropriate technical and organisational security measures to protect your personal data against accidental or unlawful destruction, loss, alteration, unauthorised disclosure or unauthorised access. This includes measures such as access control, encryption, and regular security audits. (cf. conditions 5.5)
8. STORAGE TIME
8.1. We will retain your personal data only for as long as is necessary for the purposes for which it was collected, or for as long as required by law. For accounting documents, the storage period is 7 years according to the Accounting Act. Account information is saved as long as the account is active plus 2 months after closure. Support tickets are stored for 24 months. When the data is no longer needed, it is securely deleted or anonymised.
8.2 For Customer Data that we process as a data processor, the storage and deletion instructions set out in the Data Processing Agreement between us and the Customer apply.
9. YOUR RIGHTS AS A DATA SUBJECT
9.1 You have the following rights in relation to your personal data that we process as a data controller:
a) Right of access (Register extract): The right to receive information about what personal data we process about you and to receive a copy of it.
b) Right to rectification: The right to have inaccurate or incomplete personal data rectified.
c) Right to erasure ("Right to be forgotten"): The right to have your personal data erased under certain circumstances.
d) Right to restriction: The right to demand in certain circumstances that the processing of your personal data be restricted.
e) Right to object: Right to object to processing based on our legitimate interest. In the event of an objection to direct marketing, we will immediately cease this processing.
f) Right to data portability: The right, under certain circumstances, to receive the personal data you have provided to us in a structured, commonly used and machine-readable format and to transmit it to another data controller.
g) Right to withdraw consent: If the processing is based on your consent, you have the right to withdraw it at any time.
h) Right to lodge a complaint: The right to lodge a complaint with the Swedish Authority for Privacy Protection (IMY) if you believe that our processing violates the GDPR.
9.2 To exercise your rights, please contact us using the contact details set out below. We may request additional information to confirm your identity.
9.3 For personal data where we act as a data processor (Customer Data), you should primarily turn to the data controller (the Customer) to exercise your rights. We will assist the Customer in accordance with the Data Processing Agreement.
10. CHANGES TO THE POLICY
10.1. We may update this Policy from time to time. The latest version is always available on the Website (www.askmoa.ai). In the event of material changes, we will notify you by email or via the Service. (cf. conditions 16.2)
11. Contact
If you have any questions about this Policy or our processing of personal data, please contact MOA Technologies AB via:
Website: askmoa.ai E-post: privacy@askmoa.ai