Privacy Policy

This Policy describes the principles of processing Personal Data that is submitted to Textmagic or that otherwise becomes available to Textmagic in connection with the use by the Clients and other users of the Website, Software, and Services. This Policy is an agreement between the Clients and Textmagic, which states how Personal Data submitted by the Clients is processed by Textmagic on behalf of the Clients. Please read this Policy carefully to understand the practices that Textmagic applies regarding processing of Personal Data. This Policy constitutes an integral part of the agreement entered into between the Clients and Textmagic. By viewing the Website and/or using the Software and Services, the Clients confirm that they have familiarized themselves with this Policy, understood it, and agree to its terms. Upon initial registration with Textmagic, the Clients (via their authorized representatives) also confirm the above-said by clicking on the “Create My Account” button, which declares the Client´s acceptance of and consent to the processing of Personal Data as described in this Policy. This Policy also constitutes a data processing agreement between the Clients (as controllers of Personal Data) and Textmagic (as processor of Personal Data) in the meaning of article 28 of GDPR (General Data Protection Regulation (EU) No 2016/679 of the European Parliament and Council). Textmagic shall be entitled to unilaterally review and amend this Policy from time to time. Therefore, Textmagic advises to periodically review the Policy in the case of any changes to it. Continued use of the Website, Software, and Services means the consent to any such changes. If the Client or other users do not agree with any or all terms of this Policy or any possible changes to it, then they should immediately close the Website and cease using the Software and Services. Textmagic has drafted this Policy in cooperation with its legal advisers in accordance with the requirements of GDPR. Textmagic does its best to ensure that the processing of Personal Data is in full compliance with applicable legal requirements.

1. Definitions

   1. Client(s) means legal persons, who register themselves on the Website and use it and the Software in accordance with the Terms and this Policy for the purpose of using the Services.
   2. Data Subjects means all natural persons, whose personal data is submitted to Textmagic by the Clients or by the natural persons directly in connection with using the Website, Software, and the Services
   3. GDPR means Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46/EC.
   4. Data Protection Laws means the GDPR, the UK GDPR, the UK Data Protection Act 2018, and to the extent applicable, the data protection or privacy laws of any other country.
   5. Policy means this privacy policy of Textmagic as amended from time to time.
   6. DPA means the data processing agreement between Textmagic and the Client incorporated into this Policy.
   7. EU Standard Contractual Clauses means (i) the standard contractual clauses adopted by the European Commission on 4th June 2021 for the transfer of Personal Data to third countries pursuant to the GDPR; or (ii) such other standard contractual clauses that are approved by the European Commission for controller to processor transfers of Personal Data to a third country which has not received an Adequacy Decision.
   8. Personal Data means any information relating to an identified or identifiable natural person (‘data subject’). An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier, or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
   9. Processing means any operation or set of operations that is performed on Personal Data or on sets of Personal Data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
   10. Controller means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data.
   11. Processor means a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller.
   12. Transfer means (i) a transfer of Personal Data from the Client to Textmagic; or (ii) an onward transfer of Personal Data from Textmagic to a subcontracted Processor or between two establishments of Textmagic.
   13. Restricted Transfer means a transfer of Personal Data to a country, a territory or specified sector within a country that: (i) is not subject to an Adequacy Decision; or (ii) is not subject to any derogations that would permit the transfer of the Personal Data to the country, territory or sector in accordance with the EU GDPR or UK GDPR (as applicable to the Personal Data transfer).
   14. Service(s) means the information services offering a capability for generating, acquiring, transforming, processing, retrieving, submitting and making available Content to recipients via third-party communications and information services. Services are rendered via a Website-based online platform or by using the Software and includes the option to use AI Services to enhance the Services.
   15. Software means web-based interface, mobile app, and other downloadable and integrable software developed and maintained by Textmagic for the purpose of provision of the Services.
   16. Textmagic means Textmagic Limited, a limited liability company registered in England and Wales under company number 05286521 with the registered office at Salisbury House, Station Road, Cambridge, Cambridgeshire, CB1 2LA and all its affiliates. TextMagic’s affiliates are registered in the European Union, therefore, European Union’s personal data protection laws shall be applied in addition to the UK’s, including the GDPR.
   17. Terms means the terms of service of Textmagic that establish the terms and conditions of using the Website, Software, and Services by the Clients and other users.
   18. Website means the website of Textmagic www.textmagic.com.

2. Personal Data that Textmagic Processes

   1. For the purpose of provision of the Website, Software, and the Services, Textmagic processes the Personal Data that the Clients provide about themselves (i.e. the Client’s workers, representatives) and their own clients, who are the recipients of the Content generated and made available by the Clients via the Services. The types of such data are not restricted and depend on the decision of the Clients on how they want to use the Services and generally include the name, contact telephone number, email address but may also include avatars, country, addresses, etc.
   2. Textmagic keeps the register of the Personal Data that it processes in accordance with this Policy.

3. Objectives of Processing of Personal Data

   1. Textmagic processes the Personal Data upon:
      1. Usage of the Software and Services by the Clients, including when they submit to Textmagic information about their clients (Textmagic is acting as Processor);
      2. Communication between Clients and/or Data Subjects and customer support of Textmagic in connection with the Website, Software, and Services (Textmagic is acting as Controller).
   2. Textmagic works closely with third parties (including, for example, business partners, communications service providers, information service providers such as email delivery providers, sub-contractors in technical, payment, and delivery services, advertising networks, analytics providers, search information providers, credit reference agencies, large language model providers) and may receive Personal Data from them or submit the Client’s Personal Data to them for the purposes of providing the Services and performing the contracts entered into with the Clients.
   3. Textmagic sends messages to the Clients by electronic means (e-mail or SMS) with information about improvements to the Website, Software and Services, new proposals, and developments (direct marketing). Textmagic sends such messages to the contact details provided by representatives of the Clients at the moment of registration or updated later. The Clients confirm hereby and guarantee that contact details provided by representatives of the Clients are at all times company details of the Clients, but not personal contact details of representatives and therefore Textmagic can use such contact details freely to send its marketing messages without any additional obstacles. The Clients may at any time unsubscribe from the newsletters by clicking on the corresponding specific link contained in each newsletter.

4. Legal Basis for Processing Personal Data

   1. Textmagic processes Personal Data in accordance with the laws of the location of Textmagic and its affiliates, where the processing of Personal Data is conducted.
   2. Textmagic processes Personal Data submitted to it by the Clients based on the contracts with the Clients for the purpose of using the Website, Software, and Services and to the extent that this data is provided by the Clients.
   3. In accordance with Article 4 (7) of GDPR the Clients are the Controllers of Personal Data that they submit to Textmagic for the purpose of using the Website, Software, and Services, including the data regarding clients of the Clients that the Clients submit to generate, acquire, transform, retrieve and make available to and from their clients as recipients. According to Article 4 (8) of GDPR Textmagic acts as the Processor on the Client’s behalf when processing the Personal Data submitted by the Client. Therefore, the Clients:
      1. Are fully responsible for the processing of Personal Data that they submit to Textmagic;
      2. Guarantee to Textmagic explicitly that the Clients in order to use the Website, Software and Services have all the necessary consents and/or other legal grounds from Data Subjects for lawful processing of Personal Data in accordance with this Policy;
      3. Confirm that they have obtained from the Data Subjects all the necessary consents for submitting Personal Data to Textmagic and processing of such data in accordance with the terms of this Policy;
      4. Have a full overview of Personal Data that they submit to Textmagic and guarantee that all such data that they submit is necessary for use by them of the Website, Software, and Services and is kept up-to-date;
      5. Oblige to inform Textmagic immediately of the expiry of legal grounds for the processing, modification, inaccuracy, or change to the Personal Data that the Clients submit to Textmagic.
   4. When using Services for direct marketing, the Clients are responsible for complying with all the legal requirements in connection with direct marketing and data subjects’ rights. Textmagic is only providing the platform for processing, generating and making available Content to recipients via third-party communications and information service providers, but the Clients are solely responsible for their Content processed while using the Services. The Clients understand that there are different legal rules for direct marketing in different countries. When the Services are used for direct marketing, the Clients must comply with all requirements for direct marketing of the country, where the receiver of the direct marketing Content is residing. For instance, in EU countries the Clients are obliged to include in the direct marketing Content the information on how the Data Subject can waive from direct marketing and there are also certain requirements for the content of commercial Content.
   5. Textmagic processes the personal data provided by the Client only to the extent necessary to provide the Services in accordance with the Terms and on documented instructions from the Client. Textmagic shall comply with all applicable Data Protection Laws in the processing of Client Personal Data and not process Client Personal Data other than on the relevant Client’s documented instructions. The Clients insert these instructions by using Services (e.g. inserting command to make available Content to Data Subjects) and by agreeing with the Policy and Terms. The instructions of the Clients for processing of Personal Data must always comply with the applicable Data Protection Laws and Textmagic reserves to itself the right to refuse to fulfill the instructions that are in the opinion of Textmagic unlawful. Textmagic shall promptly inform the Client, if in Textmagic’s opinion, any of the instructions regarding the processing of Client Personal Data, breach any applicable Data Protection Laws.
   6. Textmagic shall also take steps to ensure that any person acting under the authority of Textmagic who has access to Client Personal Data shall only process the Client Personal Data on the documented instructions of the Client.
   7. Textmagic shall act as data controller and itself determine the purposes of processing the Clients’ Personal Data only in the limited cases where Textmagic is processing Personal Data of the Client’s representatives or workers specifically for the purpose of administration and management of the contract with the Client, i.e. upon registering the Client’s user account on the Website, processing the Client’s payment for the Services, customer service communications with the Client etc. In such cases, where TextMagic is processing the Client’s Personal Data for the purpose of entering into or managing the contract with the Client, the legal basis for personal data processing is GDPR Article 6 (1)(b) – processing is necessary for the performance of a contract.

5. Data Subjects’ Rights

   1. Taking into account the nature of the processing, Textmagic shall assist the Clients with appropriate technical and organizational measures, insofar as this is possible, for the fulfillment of the Clients´ obligation to respond to requests for exercising of Data Subject’s rights laid down in GDPR, including the right of access to Personal Data by Data Subjects, right to rectification, right to be forgotten, right to restriction of processing, etc. Textmagic shall accept instructions for the fulfillment of the rights of Data Subjects only from the Clients. Should the Data Subjects approach Textmagic with the requests for the fulfillment of their rights, Textmagic shall inform the Clients and act according to instructions from the Clients. Obligation to delete the data of Data Subjects shall always remain with the Clients and Textmagic shall not undertake deletion for and on behalf of the Clients, unless otherwise explicitly stipulated in the Policy or Terms.
   2. Textmagic shall assist the Clients in ensuring compliance with the obligations of guarantying security of the processing of Personal Data as established by GDPR while taking into account the nature of processing and the information available to Textmagic.

6. Audit Rights

   1. Textmagic shall make available to the Clients all information necessary to demonstrate compliance with the obligations laid down in Article 28 of GDPR and allow for and contribute to audits, including inspections, conducted by the Clients or another auditor mandated by the Clients (all at the expense of the Clients). On-site audits and inspections must be agreed with Textmagic in advance, be conducted during normal working hours, and not unreasonably disturb the everyday activity and business of Textmagic. Right to audits and inspections does not extend to the facilities and premises of Third Parties.

7. Transfer of Personal Data to Third Parties

   1. In the course of providing the Services and access to the Website and Software, Textmagic uses different third-party service providers, to whom it may also transfer Personal Data (herein: Third Parties). By virtue of this clause, the Clients are duly informed and expressly authorize, totally or partially, to use the Third-Party service providers detailed in Annex III and transfer Personal Data to them, as it may be required for the purpose of providing the Services.
   2. Textmagic shall inform the Clients of any intended changes concerning the addition or replacement of Third-Party processors by publishing the changes on the Website in Annex II to this Policy. Textmagic shall not appoint or disclose Personal Data to any Third-Party service provider, unless required or authorised by the Client. Textmagic has the right to stop providing Services to the Clients, who object to the change concerning the addition or replacement of Third-Party processors.
   3. Textmagic has entered into individual service provision contracts with some of the Third-Party service providers. With others, the relationships are based on the general terms of service of these service providers. Prior to entering into relationships with Third-Party service providers, Textmagic makes its best efforts to guarantee that the terms of processing of Personal Data of the Third-Party service providers are in accordance with the principles of this Policy and applicable Data Protection Laws and, if applicable, the EU Standard Contractual Clauses. For this purpose, Textmagic shall carefully review the terms of processing of Personal Data by the Third-Party service providers. Furthermore, Textmagic carefully screens the ongoing relationships with Third-Party service providers and in case of their non-compliance shall immediately terminate relationships with them.
   4. Additionally, Textmagic may disclose/transfer Personal Data to Third Parties:
      1. Under applicable law, including laws outside the locations of Textmagic, its affiliates or Data Subjects;
      2. To comply with legal processes;
      3. To respond to requests from the public and government authorities including public and government authorities outside the locations of Textmagic and its affiliates;
      4. To enforce this Policy or Terms, to protect operations, the rights, privacy, safety, or property of Textmagic, and/or to pursue available remedies or limit the damages.
   5. Textmagic makes its best efforts to limit the amount of Personal Data that it transfers for processing to Third Parties as it is necessary for the provision of specific Services or to pursue specific goals.
   6. The Website and Software may contain links that redirect to other websites. For example, when accessing services of a third party such as PayPal when making a payment. This Policy does not apply to such third-party websites, which Textmagic does not operate, and Textmagic does not accept any responsibility or liability for these policies. Textmagic advises reviewing the privacy policies of those third parties.
   7. The Services include the option for the Clients to enhance the Services by using AI Services, which facilitate customer support conversations through the Textmagic Website and Software, thus aiding the Clients in increasing the efficiency of their customer support agents. These AI Services are powered by large language models (LLM) provided by Third-Party providers. By virtue of this clause, the Clients are duly informed and expressly agree that by using the AI Services, all information and Content (including Personal Data contained therein) disclosed via the AI Services is disclosed to and processed by the Third-Party LLM providers on the basis of the data processing policies and rules established by such Third-Party LLM providers. The Third-Party LLM providers are detailed in Annex III. Additional information about the use of AI Services and the relevant data processing policies of the Third-Party LLM providers are available in the Annex to the Terms available at https://www.textmagic.com/terms-of-service/#ai-services</a >

8. Transfer of Personal Data to Third Countries

   1. In connection with providing the Services, as well as some specific development works, troubleshooting of service issues, data storage or other necessary services, Textmagic may transfer Client Personal Data to Third-Party sub-processors, some of which may not be working or operating in the European Economic Area (hereinafter: Third Countries).
   2. Data protection levels in Third Countries might differ from the corresponding level of the European Economic Area, and some Third Countries might have a lower level of data protection.
   3. Textmagic shall apply appropriate safeguards when transferring Personal Data to Third Countries. In particular, Textmagic shall only transfer Personal Data to Third Countries if:
      1. the Third-Party sub-processor located in a Third Country is or agrees to be bound by the EU Standard Contractual Clauses under the MODULE THREE (processor to processor transfer);
      2. the transfer of Personal Data is to a country benefitting from an adequacy decision pursuant to Article 45 the GDPR;
      3. the Third Party otherwise ensures appropriate safeguards pursuant to Articles 46 or 47 the GDPR with respect to the processing in question;
      4. the transfer of Personal Data is necessary for the establishment, exercise or defence of legal claims in the context of specific administrative, regulatory or judicial proceedings; or
      5. the transfer of Personal Data is necessary in order to protect the vital interests of the Data Subject or of another natural person.
   4. The Client acknowledges that Restricted Transfers of Personal Data may be undertaken in connection with the Services from Textmagic (as data exporter) to Third-Party sub-processors (as data importers). Textmagic shall ensure that the EU Standard Contractual Clauses shall be applied to any such Restricted Transfers to legitimise and ensure the safety of the Restricted Transfer in accordance with applicable Data Protection Laws.
   5. Textmagic shall not carry out a Restricted Transfer (as data exporter) to a Third-Party sub-processor unless it obtains prior authorisation from the Client for such transfer. The Client hereby provides prior authorisation for Textmagic to carry out the Restricted Transfers to its Third-Party sub-processors as set out in Annex III to this Policy.
   6. In addition to the above, when transferring the Personal Data to the Third Countries, the measures detailed in Annex II shall be applied.

9. Safety Measures for Protection of Personal Data

   1. Textmagic shall implement appropriate technical and organisational measures to protect Personal Data, taking into account the state of the art, the costs of implementation and the nature, scope, context and purposes of Processing as well as the risk of varying likelihood and severity for the rights and freedoms of natural persons. This includes (but is not limited to) the following measures: (i) the pseudonymisation and encryption of Personal Data; (ii) the ability to ensure the on-going confidentiality, integrity, availability and resilience of processing systems and services; (iii) the ability to restore the availability and access to Personal Data in a timely manner in the event of a physical or technical incident; (iv) a process for regularly testing, assessing and evaluating the effectiveness of technical and organisational measures for ensuring the security of the processing of Personal Data. In assessing the appropriate level of security, account shall be taken in particular of the risks that are presented by the processing of Personal Data, in particular from accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to Personal Data processed.
   2. The technical and organisational measures detailed in Annex II shall be at all times adhered to by Textmagic as the minimum security standard. The Client acknowledges that the technical and organisational measures are subject to development and review and that Textmagic may use alternative suitable measures to those detailed in Annex II, provided that such measures are no less onerous than the measures contained in this Policy and Annex II.
   3. Textmagic shall ensure that all employees, agents, officers and contractors involved in the handling of Personal Data: (i) are aware of the confidential nature of the Personal Data and (ii) are contractually bound to keep the Personal Data confidential.

10. Personal Data Breach

    1. Textmagic shall notify the Client without undue delay upon becoming aware of a Personal Data breach affecting Personal Data of the Client, providing the Client with sufficient information to allow the Client to meet any obligations to report or inform Data Subjects of the Personal Data breach under applicable Data Protection Laws.
    2. Textmagic shall co-operate with the Client and take reasonable commercial steps as are directed by the Client to assist in the investigation, mitigation and remediation of each such Personal Data breach.

11. Retention Periods

    1. Textmagic shall preserve Personal Data as long as it is required for the use of the Website, Software and Services by the Clients, but no longer than applicable law permits preservation. The detailed retention periods and principles are provided in Annex I.
    2. The Clients confirm that they agree with the provided retention periods and guarantee to inform and obtain necessary approvals from their clients and representatives for application of such retention periods.

12. Data Protection Officer

    1. Textmagic has designated as the Data Protection Officer the attorney-at-law and partner from the law firm Eversheds Sutherland, Tambet Toomela, contact information: +372 6229990, e-mail [email protected]</a >

13. Contact Information

    1. Should the Clients have any questions regarding this Policy or the processing of Personal Data, they are welcome to contact Textmagic with all such requests, inquiries or any complaints via e-mail: [email protected]