Privacy Policy

Last updated: 26.10.24

This Privacy Policy describes how IsarTech Consulting ("ITC," "we," "us," or "our"), collects, uses, and shares personal information when you visit our website, use our management accounts, or access our SaaS product. This policy is designed to ensure compliance with the General Data Protection Regulation (GDPR) and applies to our website visitors, users of dedicated management accounts, and end-users interacting with our SaaS product through integrations within clients’ online shops or apps.

1. Controller Information

The data controller for processing your personal data is:
La Rosee IT Consulting (IsarTech Consulting - ITC)
Address: Holzerhof 1, 85368 Wang
Email: privacy@isartech.io

2. Data Collection and Usage

Website Visitors

When visiting our website, isartech.io, we collect the following data to provide a functional and optimized experience:

  • Cookies: Our website host, Squarespace, uses cookies to enable the site's core functionality and enhance the user experience. For detailed information on cookies used, please refer to Squarespace’s cookie policy for client sites.

  • Contact Form Information: If you contact us through our website, we collect the following personal information: name, email address, company name, company website, and phone number. This information is collected through Squarespace and may be transferred via Zapier for efficient data processing and handling.

  • Analytics: Squarespace collects analytical data such as browser type, network, device information, IP address, and interactions with our website (e.g., page visits, clicks, scrolling, searches) to help us understand and improve the user experience.

Management Accounts

We provide dedicated management accounts for clients to access and test our SaaS product. During registration, we collect:

  • Sign-up Information: We collect your email address and password when you create an account directly on our platform. We also offer login via Google or GitHub, which provides us with your email address and secure authentication, enabling streamlined access to the account.

Conversational Shopping Assistant (SaaS Product accessed via APIs and SDKs)

Our SaaS product, specifically the Conversational Shopping Assistant, is embedded within our clients' online shops or apps via our SDKs and APIs. End-users interact directly with the Assistant to receive personalized shopping recommendations and discover products.

For this service, we collect:

  • Anonymized Chat Histories: We process anonymized chat interactions to enable conversational product discovery and personalize recommendations for end-users. These chat histories do not contain any identifying information unless a user voluntarily submits such data, contrary to our intended use as outlined in our Terms of Service. End-users should not input personal information, such as names, addresses, or payment information, as it is unnecessary for product discovery. Any personal information input in error may be processed by third-party services as part of the anonymized data workflow. Anonymized inputs through the chat are sent to and processed by our large language model host OpenAI to enable the conversational interaction.

3. Legal Basis for Processing

We process personal data as follows:

  • Legitimate Interest (Art. 6(1)(f) GDPR): Data processing is necessary for the functioning of our website, management accounts, and SaaS Product (the Conversational Shopping Assistant) to provide an efficient and secure experience. These legitimate interests include improving website functionality and processing user input in order to facilitate a conversational response.

  • Contractual Necessity (Art. 6(1)(b) GDPR): We collect data to fulfill our contractual obligations to clients by delivering the SaaS product and related services.

  • Consent (Art. 6(1)(a) GDPR): Where applicable, consent is obtained, for example, for cookies used for analytics purposes.

4. Data Sharing

To operate our services efficiently, we may share data with the following third parties:

  • Squarespace: Squarespace hosts our website and provides cookie and analytics data.

  • Zapier: Squarespace uses Zapier to port contact form submissions, ensuring secure data handling.

  • Google/GitHub (if using social login): These services provide secure authentication to log into management accounts.

  • OpenAI: OpenAI processes anonymized chat data through our Conversational Shopping Assistant to provide contextual product recommendations and enhance user interaction.

We ensure that all third-party service providers comply with GDPR or equivalent data protection standards through data processing agreements. We do not sell or rent your personal data to third parties.

5. Data Retention

We retain personal data only for as long as necessary to fulfill the purposes outlined in this policy or to comply with legal obligations. Anonymized data may be retained for system improvement.

6. Data Subject Rights

Under GDPR, you have the following rights:

  • Right of Access: Request a copy of the personal data we hold about you.

  • Right to Rectification: Request correction of any inaccurate or incomplete data.

  • Right to Erasure: Request deletion of personal data under certain circumstances.

  • Right to Restriction of Processing: Request restricted data processing under specific conditions.

  • Right to Data Portability: Request transfer of data to another service provider.

  • Right to Object: Object to data processing based on legitimate interests or direct marketing.

To exercise these rights, please contact us at privacy@isartech.io. We will respond to your request promptly and in compliance with GDPR.

7. Data Security

We implement technical and organizational measures to ensure a high level of security for your data. Access to personal data is restricted to authorized personnel, and we continuously review security measures to adapt to technological developments.

8. Data Breach Notification

In the event of a data breach that affects your personal data, we will promptly inform you and take all necessary steps to mitigate the breach in accordance with GDPR Article 33. Notification will be given in cases where the breach poses a high risk to your rights and freedoms.

9. Automated Decision-Making and Profiling

The Conversational Shopping Assistant may utilize automated processes to suggest products based on user input. This does not include automated decision-making with legal or similarly significant effects on users, as defined in GDPR Article 22.

10. International Data Transfers

Our servers are based in the EU, and we strive to keep all data processing within the EU. In cases where data transfer outside the EU is necessary, we ensure compliance with GDPR through appropriate safeguards.

11. Supervisory Authority Contact Information

If you believe that our processing of your personal data infringes upon your rights under GDPR, you have the right to lodge a complaint with the supervisory authority for data protection in Austria or your local data protection authority.

12. Changes to This Privacy Policy

We reserve the right to update this Privacy Policy. Any significant changes will be communicated to you by email or via an in-service notice. Continued use of our services after such notification constitutes acceptance of the updated policy.

13. Contact Us

For questions about this Privacy Policy or to exercise your data subject rights, please contact us at privacy@isartech.io