Last Updated: August 2020
Your privacy is important to us. This privacy statement explains our collection, use, and disclosure of personal information. This privacy statement applies to Chatlio LLC dba Roomlio dba Roomlio and to our controlled affiliates and subsidiaries (“Roomlio”). References to our “products” in this statement include our websites, apps, software, and services. This statement applies to our products that display or reference this statement, but it does not apply to any products that display or reference a different privacy statement.
PERSONAL INFORMATION WE COLLECT
We collect and process personal information about you with your consent and/or as necessary to perform our contractual obligations, provide our services, meet our legal obligations, protect the security of our systems, or fulfill other legitimate interests.
Information you provide directly. If you are a customer or partner of Roomlio, we typically collect the personal information necessary to carry out our relationship with you, such as your name and contact information. We collect billing and payment information where appropriate, and retain only the last four digits of the credit card, as well as authorization or validation tokens. As a Roomlio customer, you may also choose to provide additional information about your own customers (“visitors”) using our API.
Information we collect automatically. When you visit our website, as further described in the Cookies and Similar Technologies section below, or when you use our products, some information is collected automatically. For example, our web servers automatically log your computer's operating system, Internet Protocol (IP) address, access times, browser type and language, the website you visited before our site, and your activity on our website. We also collect information about your visitors necessary to provide the Roomlio service, such as visitor IP address, user agent, current page information. We may derive additional information about you and your visitors from the information provided, such as a location based on IP address.
Third-party sources. We also obtain information from third-party data sources. Additionally, we may obtain data from other sources such as:
- Data brokers from which we purchase demographic data to supplement the data we collect;
- Applications and services, such as social networks, that make users’ information available to others;
- Service providers that help us determine your device’s location based on its IP address to customize certain products to your location;
- Partners with which we offer co-branded services or engage in joint marketing activities; and
- Publicly-available sources, such as open government databases or other data in the public domain.
We protect data obtained from third parties according to the practices described in this statement, plus any additional restrictions imposed by the source of the data.
When you are asked to provide personal information, you may decline. But if you choose not to provide information that is necessary to enter into a contract or for certain services or features to function correctly, you will not be able to take full advantage of our offerings.
COOKIES AND SIMILAR TECHNOLOGIES
Our web pages may contain electronic images known as web beacons (also called single-pixel gifs) that we use to help deliver cookies on our websites, count users who have visited those websites, and gather usage and performance data. We also include web beacons in our email messages or newsletters to determine whether you open and act on them.
Our websites may include web beacons and cookies from third-party service providers. In some cases, that is because we have hired the third party to provide services on our behalf, such as site analytics. In other cases, it is because our web pages contain content or ads from third parties, such as videos, news content, or ads delivered by other ad networks. Because your browser connects to those third parties' web servers to retrieve that content, those third parties are able to set or read their own cookies on your device and may collect information about your online activities across websites or online services.
The third-party analytics providers we use include: Customer.io (https://customer.io/gdpr.html). Many third-party analytics providers allow you to opt-out from their collection or use. For more information, click on the links above.
OUR USE OF PERSONAL INFORMATION
We use each of the categories of personal information collected through our products for the business purposes described in this privacy statement or otherwise disclosed to you. For example, we use personal information to:
- allow you to support your visitors via chat and email including custom data you provide via our API and data we collect about the visitor’s browser, location and current page;
- login to our dashboard and configure Roomlio, update billing, add users or run reports;
- provide and deliver our products, including securing, troubleshooting, improving, and personalizing those products;
- operate our business, such as improving our internal operations, securing our systems, and detecting fraudulent or illegal activity;
- understand you and your preferences to enhance your experience and enjoyment using our Services;
- provide customer support and respond to your questions;
- send you information, including confirmations, invoices, technical notices, updates, security alerts, and support and administrative messages;
- communicate with you about new products, offers, promotions, rewards, contests, upcoming events, and other about our products and those of our selected partners (see the Choice and Control section of this privacy statement for how to change your preferences for promotional communications); and
- display advertising to you (see the Cookies section of this privacy statement for information about your advertising choices)
In carrying out these purposes, we combine data we collect from different sources to give you a more seamless, consistent and personalized experience.
OUR SHARING OF PERSONAL INFORMATION
We share personal information with your consent or as necessary to complete your transactions or provide the products you have requested or authorized. For example, when you provide payment data to make a purchase, we will share that data with banks and other entities as necessary for payment processing, fraud prevention, credit risk reduction, or other related financial services.
In addition, we also share personal information with vendors or agents working on our behalf for the purposes described in this statement. For example, companies we've hired to provide customer service support or assist in protecting and securing our systems and services may need access to personal information to provide those functions. In such cases, these companies must abide by our data privacy and security requirements and are not allowed to use personal information they receive from us for any other purpose. We may also disclose personal information as part of a corporate transaction such as a merger, transfer, divestiture, or sale of all or a portion of our business or assets.
Finally, we will access, transfer, disclose, and preserve personal information when we have a good faith belief that doing so is necessary to:
- comply with applicable law or respond to valid legal process, including from law enforcement or other government agencies;
- protect our customers, for example to prevent spam or attempts to defraud users of our products, or to help prevent the loss of life or serious injury of anyone;
- operate and maintain the security of our products, including to prevent or stop an attack on our computer systems or networks; or
- protect our rights or property, including enforcing the terms governing the use of the products.
CHOICE AND CONTROL OF PERSONAL INFORMATION
Access, correction, and deletion. If you wish to request access to, or correction or deletion of, personal information about you that we hold, contact us at email@example.com. However, to the extent permitted by applicable law, we reserve the right to decline requests that are unreasonable, excessive, or prohibited by law, could adversely affect the privacy or other rights of another person, or where we are unable to authenticate you as the person to whom the data relates. If you are a visitor to the website or service of a Roomlio customer, you should first contact them to request access to, or correction or deletion of, any such personal information.
Communications preferences. You can choose whether you wish to receive promotional communications from us by email, SMS, physical mail, and telephone. If you receive promotional email, in-app messages, chat messages or SMS messages from us and would like to stop, you can do so by following the directions in that message. These choices do not apply to mandatory service communications that are part of certain of our products, or to surveys or other informational communications that may have their own unsubscribe method.
Cookie controls. Most web browsers are set to accept cookies by default. If you prefer, you can set your browser to delete or reject cookies. If you choose to delete or reject cookies, this could affect certain features or services of our website. See the Cookies section of this privacy statement for more details.
Advertising and analytics. Our third-party analytics and advertising partners typically provide options to opt-out of certain information collection or use. See the Cookies section of this privacy statement for more details.
Do Not Track. Some browsers have incorporated "Do Not Track" (DNT) features that can send a signal to the websites you visit indicating you do not wish to be tracked. Because there is not a common understanding of how to interpret the DNT signal, our websites do not currently respond to browser DNT signals. Instead, you can use the range of other tools to control data collection and use, including the cookie controls and advertising controls described above.
EUROPEAN DATA PROTECTION RIGHTS
If the processing of personal information about you is subject to European Union data protection law, you have certain rights with respect to that data:
- You can request access to, and rectification or erasure of, personal information;
- If any automated processing of personal information is based on your consent or a contract with you, you have a right to transfer or receive a copy of your personal information in a usable and portable format;
- If the processing of personal information is based on your consent, you can withdraw consent at any time for future processing;
- You can to object to, or obtain a restriction of, the processing of personal information under certain circumstances; and
- For residents of France, you can send us specific instructions regarding the use of your data after your death.
To make such requests, contact us at firstname.lastname@example.org or review https://roomlio.com/legal/eu-privacy-summary/ for more details on contact options. When we are processing data on behalf of another party that is the “data controller,” you should direct your request to that party. You also have the right to lodge a complaint with a supervisory authority, but we encourage you to first contact us with any questions or concerns.
CALIFORNIA PRIVACY RIGHTS
If you are a California resident and the processing of personal information about you is subject to the California Consumer Privacy Act (“CCPA”), you have certain rights with respect to that information.
You have a right to request access to or deletion of the personal information we have collected about you, and to receive additional information about our collection, use, disclosure, or sale of such personal information. To provide or delete specific pieces of personal information we will need to verify your identity to the degree of certainty required by law.
To make requests, please contact us at email@example.com or by using the contact information provided at the bottom of this policy. When we are processing visitor’s data as a service provider to a business that is a Roomlio customer, you should direct your request to that business. You may designate, in writing or through a power of attorney, an authorized agent to make requests on your behalf to exercise your rights under the CCPA. Before accepting such a request from an agent, we will require the agent to provide proof you have authorized it to act on your behalf, and we may need you to verify your identity directly with us.
You also have a right to opt-out from sales of personal information. However, we do not sell personal information and have not done so in the past 12 months. Finally, you have a right to not be discriminated against for exercising these rights set out in the CCPA.
RETENTION OF PERSONAL INFORMATION
We retain personal information for as long as necessary to provide the products and fulfill the transactions you have requested, or for other essential purposes such as complying with our legal obligations, resolving disputes, and enforcing our agreements. Because these needs can vary for different data types, actual retention periods can vary significantly based on criteria such as user expectations or consent, the sensitivity of the data, the availability of automated controls that enable users to delete data, and our legal or contractual obligations. For example, to meet our legal compliance obligations, we maintain minimal account information for 7 years. This includes the email of the user who signed up for Roomlio, and the billing information including invoices at our payment processor. For all other data we delete as soon as practicable. For example, we purge all web access logs in no more than 90 days, including records of visitors who did not start a chat conversation.
LOCATION OF PERSONAL INFORMATION
The personal information we collect may be stored and processed in your country or region, or in any other country where we or our affiliates, subsidiaries, or service providers maintain facilities. Currently, we primarily use data centers in the United States of America. The storage location(s) are chosen in order to operate efficiently, to improve performance, and to create redundancies in order to protect the data in the event of an outage or other problem. We take steps designed to ensure that the data we collect under this statement is processed according to the provisions of this statement and applicable law wherever the data is located.
We transfer personal information from the European Economic Area and Switzerland to other countries, some of which have not been determined by the European Commission to have an adequate level of data protection. When we do so, we use a variety of legal mechanisms, including contracts, to help ensure your rights and protections. To learn more about the European Commission’s decisions on the adequacy of personal information protections, please visit: https://ec.europa.eu/info/law/law-topic/data-protection/data-transfers-outside-eu/adequacy-protection-personal-data-non-eu-countries_en.
We are subject to the investigatory and enforcement powers of the U.S. Federal Trade Commission. If third-party agents process personal data on our behalf in a manner inconsistent with the Privacy Shield Principles, we remain liable unless we prove we are not responsible for the event giving rise to any damages. If you have a question or complaint related to our complaince with the Privacy Shield Principles, please contact us as indicated at the bottom of this privacy statement. For any complaints related to the Privacy Shield that cannot be resolved with us directly, you may refer the unresolved matter to an independent dispute resolution mechanism, the BBB EU PRIVACY SHIELD, operated by the Council of Better Business Bureaus, at https://www.bbb.org/EU-privacy-shield/for-eu-consumers/. The services of Council of Better Business Bureaus are provided at no cost to you. Finally, as a last resort and under limited circumstances, a binding arbitration option is available to address certain residual complaints under the Privacy Shield not resolved by other means.
SECURITY OF PERSONAL INFORMATION
We take reasonable and appropriate steps to help protect personal information from unauthorized access, use, disclosure, alteration, and destruction. All traffic and data is encrypted in transit and we leverage Amazon AWS for hosting Roomlio infrastructure. Access to internal systems are tightly controlled and only those people that require access are given access. Services only expose the ports that are necessary. We monitor logs for abuse and misuse. All backups are encrypted and purged after a short amount of time.
CHANGES TO THIS PRIVACY STATEMENT
We will update this privacy statement when necessary to reflect changes in our products, how we use personal information, or the applicable law. When we post changes to the statement, we will change the "Last Updated" date at the top of the statement. If we make material changes to the statement, we will provide notice or obtain consent regarding such changes as may be required by law.
HOW TO CONTACT US
If you have a privacy concern, complaint, or a question for Chatlio LLC dba Roomlio or our data protection officer, please contact us at firstname.lastname@example.org.
Our address is 1329 N 47TH ST #31231, Seattle, WA 98103 United States. Telephone: +1 206-438-3846