Cami Inc. (“Cami Inc.”, “Company”, “we”, “our” or “us”) and the Customer (“you”) executed our standard end-user license agreement (the “Agreement”), under which we will integrate Cami Inc’s pattern driven automation AI platform known as “Cami” with your services/systems (the “Systems”) in order to automate your customer support services and improve your clients’ experience (our “Service(s)”).
As a data controller, you are required to comply with applicable requirements under privacy and data protection laws, as well as to receive any required consents from your clients and other users of your Systems (collectively, the “End-User(s)”) for the collection, use, processing, transfer and/or disclosure of their information by the Company for the purpose of providing the Services, as further detailed below.
Which End-User Data we may collect?
“End-User Data” consists of the following types of information:
1.1. The first type of information is non-identifiable and anonymous information (“Non-personal Information”). Non-personal Information is any unconcealed information which does not enable identification of an individual End-User. Non-personal Information is available to us while End-Users are accessing or using your Systems. Non-personal Information which is being gathered by us may consist of technical information, behavioral non-personal information or aggregated information, and may contain, among other things:
technical data, e.g. type of operating system and configuration, screen resolution, screen density, logs of the Systems’ activities, e-mail traffic metadata, hashed communications, hashed information, technical features of the End-User’s use of your System, software version, hardware type, etc.; and
behavioral data, which may include usage patterns and other statistical data, the time that the End-User spent in your Systems and additional information of a similar nature (collectively, “Technical and Behavioral Information”);
furthermore, we collect network communication metadata, files metadata, process lists and general events metadata. We may also use third-party service providers as further detailed under Section 8 below, to obtain detailed analytics on the device and the End-Users’ behavior on your Systems.
1.2. The second type of information is individually identifiable information (“Personal Information”). This information identifies an individual and/or is of a private and/or sensitive nature, including:
1.2.1 End-Users’ Personal Information which is submitted voluntarily by End-Users through your Systems. Personal Information (such as full name, email address, telephone number, username, location, address, transcripts of conversations, etc.) that is submitted by End-Users upon submitting a customer support query or other request through your Systems, or while using your Systems (such as correspondence with you or your representatives, etc.).
1.2.2. End-Users’ Personal Information which is collected automatically via technology means:
Identifiers: We will access, collect, process, monitor and/or remotely store online identifiers of your End-Users, such as Internet Protocol (IP) address, AD-IDs or other unique identifiers, for the purpose of identifying and reporting abnormal activities.
Technical and Behavioral Information: To the extent that the Technical and Behavioral Information detailed above under Section 1.1 will be linked to or associated with a specific individual, then such information will be considered as Personal Information. It will be used for the purpose of identifying and reporting abnormal activities.
How does Cami Inc. Collect End-User Data?
Once our Services are integrated with your Systems, we will automatically receive the End-User Data. The End-User Data may be collected with the use of various tracking technologies. We may gather, collect and store the information either independently or through the help of our authorized third-party service providers, as detailed below.
Note that we will only have access to Personal Information that you will choose to make available to us. If you direct us to process less types of Personal Information, we will do so. Your preferences will be addressed upon the integration between our Services and your Systems, or at any other time requested by you.
What are the Purposes of the Collection of End-Users’ Data?
3.1. Non-personal Information is processed in order to:
Create statistical and other aggregate information and analysis with respect to your End-Users’ behavioral patterns on your Systems; and
Use the Non-personal Information for statistical, analytical and research purposes and for customization, developing and improvement of our Services.
3.2. Personal Information is processed in order to:
provide our Services, including replying to End-Users’ requests and queries automatically (live chat responses) based on pre-defined scenarios, as well as analyze repetitive scenarios in order to classify customer inquiries or requests, remembering an End-User’s typed-in information for subsequent visits, etc.;
provide your End-Users with customized advertisements, content and information;
monitor and analyze third-party marketing activities;
track your End-Users’ entries, submissions and status in any promotions or other activities on the Services;
reasonably assist you with reporting to data protection authorities, or otherwise complying with your obligations as the controller of the Personal Information;
conduct internal operations, including troubleshooting, data analysis, testing, research and statistical purposes, as well as improving the Services;
comply with our legal obligations, protect our rights and legitimate interests, as well as those of the End-Users; and
maintaining records for legal purposes and general administrative purposes.
Sharing Personal Information with Third Parties
4.1. Cami Inc. respects your End-Users’ privacy and will not rent or sell their Personal Information to any third party. Notwithstanding the foregoing, Personal Information may be shared by Cami Inc. with third parties in the following cases:
Your Service Providers: Per your request, we will share Personal Information with vendors, commercial software providers, consultants and/or data processer’s who perform services on your behalf.
4.2. For the avoidance of doubt, Cami Inc. may transfer and disclose Non-personal Information to third parties at its own discretion, including without limitation, for statistical, analytical and research purposes and for customization, developing and improvement of our Services.
Deletion or Modification of Personal Information
Since we have no direct relationship with your individual End-Users and we do not send communications to your End-Users, you hereby agree to handle all End-Users’ requests with respect to deletion and modifications of their Personal Information, or other requests to which they are entitled by law. For example, End-Users who seek access to their Personal Information, or who wish to correct, amend, delete inaccurate information or withdraw consent for further use of their Personal Information should direct their request to you.
If you are unable to fully handle such a request and only we possess the ability or power to solve your End-User’s request or issue, please forward that request to the email address specified in Section 10 below and provide us with the necessary instructions, and we will make reasonable efforts to solve the issue pursuant to any applicable privacy laws.
Unless you instruct us otherwise, we may retain your End-Users’ Personal Information until it is no longer required for the purposes for which such Personal Information was collected, or until the termination of the Agreement, all as permitted under any applicable privacy laws. Aggregated and/or anonymous data may remain on our servers indefinitely.
Location of your End-Users’ Data
The information collected from your Systems by Cami Inc., including your End-Users’ Data may be transferred to, and stored at, servers which may be located in countries outside of your and your End-Users’ jurisdiction and in a country that is not considered to offer an adequate level of protection under your and your End-Users’ local laws. It may also be processed by sub-contractors operating outside of your country.
Nevertheless, we will take appropriate measures to ensure that your End-Users’ Personal Information is processed and stored securely and in accordance with applicable privacy laws. These measures include putting in place data transfer agreements or ensuring that our third-party service providers comply with standard data transfer protection measures.
7.1. We take appropriate measures to maintain the security and integrity of our Service and the End-Users’ Data that we collect and prevent unauthorized access to them or use thereof through generally accepted industry standard technologies and internal procedures. Some of the security measures that we employ include, without limitation:
Personal Information collected by our Services is protected and encrypted by Secure Socket Layer (“SSL”) technology;
We apply data security measures such as AWS hardware security modules that have been validated under FIPS 140-2 (such as NIFI and ELASTIC);
We apply Amazon Guard Duty for management threat detection; and
We apply a separation of duty among our employees and an access control management, which prevents unauthorized personnel from accessing the End-Users’ Data, including Personal Information.
Regular penetration tests and automated vulnerability scans
7.2. Please note, however, that there are inherent risks in transmission of information over the Internet or other methods of electronic storage and we cannot guarantee that unauthorized access or use will never occur.
7.3. Cami Inc. will comply with applicable law in the event of any breach of the security, confidentiality, or integrity of your End-Users’ Personal Information and will inform you of such breach if required by applicable law.
7.4. TO THE EXTENT THAT Cami Inc. IMPLEMENTED THE REQUIRED SECURITY MEASURES UNDER APPLICABLE LAW, Cami Inc. SHALL NOT BE RESPONSIBLE OR LIABLE FOR AN UNAUTHORIZED ACCESS, HACKING, OTHER SECURITY INTRUSIONS, FAILURE TO STORE, OR THE THEFT, DELETION, CORRUPTION, DESTRUCTION, DAMAGE, OR LOSS OF ANY END-USERS’ DATA.
Third Party Service Providers
8.1. As stated above, in order to provide our Services and/or fulfill the purposes mentioned in Section 3 above, we may use third party service providers (such as hosting cloud services) in the course of collecting, storing and/or processing the End-User Data.
8.2. Such third parties service providers, include without limitation the following categories of service providers:
Cloud hosting services, including AWS, which servers are located in the U.S. (Amazon.com Inc. is Privacy Shield certified);
AI and translation services, including Google Dialogflow, which servers are located in the U.S. (Google LLC is Privacy Shield certified);
Authentication services, including Firebase which servers are located in the U.S. (Google LLC is Privacy Shield certified);
Forwarding Requests and Notification to Cami Inc.