We want you to feel comfortable when you are using ChatGPT for Excel and ChatGPT for Power Point (“our add-ins”) and its underlying functions and not have to worry about the security of your data. That is why data protection is an important part of our corporate philosophy.
In this Privacy Policy, you will find all the information about which Personal Information we collect and process and for what purpose. Equally, we will also inform you of your data protection rights and how you can assert them.
If you are using our add-ins, please also refer to our add-ins’s Privacy Policy and Cookie Policy.
General Principles
What is Personal Information?
Personal Information is “any information relating to an identified or identifiable natural person. This includes, for example, name or address data, telephone number, mobile number, or online identifiers such as your device id and your IP address.
What is processing?
“Processing” means any operation or set of operations which is performed upon Personal Information, whether or not by automatic means. The term is broad and covers virtually any handling of data.
Who is responsible for data processing?
The responsible party for data processing is Apps Do Wonders LLC, a Dallas based limited liability company (“Apps Do Wonders”, “we”, “us”, or “our”). If you have any questions or if you wish to exercise your rights, please contact us by email using [email protected] or our Contact Form if you have any questions.
What law applies?
Our use of your Personal Information is subject to the Texas Data Privacy and Security Act (“TDPSA”), and the EU’s General Data Protection Regulation (“GDPR”), and of course we process your Personal Information accordingly.
What are the Legal Bases for processing Personal Information
In accordance with the TDPSA and the GDPR, we have to have at least one of the following legal bases to process your Personal Information: a) you have given your consent, b) the data is necessary for the fulfillment of a contract / pre-contractual measures, c) the data is necessary for the fulfillment of a legal obligation, or d) the data is necessary to protect our legitimate interests, provided that your interests are not overridden.
How long and where will you keep my data?
We process and store your Personal Information only for the period of time required to achieve the respective processing purpose or for as long as a legal retention period exists (in particular commercial and tax law in accordance with Texas’ Commercial Law and Fiscal Code). Once the purpose has been achieved or the retention period has expired, the corresponding data is routinely deleted. In general, your data is saved and stored using the services of Amazon (AWS) S3 server in Amazon’s RDS Database.
What Personal Information do we process?
Downloading our add-ins
Our add-ins can be downloaded from Microsoft AppSource a service offered by Microsoft. Downloading it may require prior registration with Microsoft and/or installation of the respective Microsoft software.
Installing our add-ins
As far as we are aware, Microsoft collects and processes the following data: License check, network access, network connection, and location information. However, it cannot be ruled out that Microsoft also transmits the information to a server in a third country. We cannot influence which Personal Information Microsoft processes with your registration and the provision of downloads in Microsoft AppSource. The responsible party in this respect is solely Microsoft as the operator of Microsoft AppSource.
Device information
Microsoft may collects information from and about the device(s) you use to access our add-ins, including hardware and software information such as IP address, device ID and type, device-specific and add-ins settings and properties, crashes, advertising IDs (AAID), information about your wireless and mobile network connection such as your service provider and signal strength; information about device sensors.
Contacting us and contracting with us
You can contact us in various ways and data is always collected in the process. You provide us with most of the data that we process when you contact us such as your name, and email address. This data is collected and processed exclusively for the purpose of contacting you and processing your request and then deleted again, provided that there is no legal obligation to retain it.
We process the Personal Information that arises when you use our add-ins in order to provide our contractual services. In particular, this includes our support, correspondence with you, invoicing, fulfillment of our contractual, accounting and tax obligations. Accordingly, the data is processed on the basis of the fulfillment of our contractual obligations and our legal obligations.
Lastly, we process data in the context of administrative tasks as well as organization of our operations, financial accounting and compliance with legal obligations, such as archiving. In this regard, we process the same data that we process in the course of providing our contractual services. The purpose and our interest in the processing lies in the administration, financial accounting, office organization, archiving of data, i.e., tasks that serve the maintenance of our business activities, performance of our tasks and provision of our services.
The legal basis for processing the above is our legitimate interest, the provision or initiation of a contractual service and your consent.
Payment Data
If you take out a subscription, your payment data will be processed via our payment service provider Stripe. Payment data will solely be processed by Stripe and we have no access to any Payment Data you may submit. The legal basis for the provision of a payment system is the establishment and implementation of the user contract for the use of the service.
When using our add-ins
We recognize that you own your service data. We provide you complete control of your service data by providing you the ability to (i) access your service data, (ii) share your service data through supported third-party integrations, and (iii) request export or deletion of your service data.
We ensure that access by our employees to your data is only available on a need-to-know basis, restricted to specific individuals, and is logged and audited. We communicate our privacy and security guidelines to our employees and enforce privacy and protection safeguards strictly.
Further and if you are providing us with Personal Information relating to a third party, you agree a) that you have in place all necessary appropriate consents and b) that such third party has read this Privacy Policy. You agree to indemnify us in relation to all and any liabilities, penalties, fines, awards, or costs arising from your non-compliance with these requirements.
Support ticket
If you create a support ticket, we will request Personal Information and, where applicable, non-Personal Information in accordance with your request, this may include your name, email address and other order related data you voluntarily provide. The data provided is not shared with third parties and cannot read your data when it is entered. If you submit a support ticket, we process the data for the purpose of processing and handling your ticket.
Our employees will also have access to data that you knowingly share with us for technical support or to import data into our services. We communicate our privacy and security guidelines to our employees and enforce privacy safeguards strictly. The legal basis of the data processing is our obligation to fulfil the contract and/or our legitimate interest in processing your support ticket.
Data Sharing
In certain cases, it is necessary to transmit the processed Personal Information in the course of data processing. In this respect, there are different recipient bodies and categories of recipients.
Internal
If necessary, we transfer your Personal Information within Apps Do Wonders. Of course, we comply with the associated legal framework and ensure that your data is processed properly. Access to your Personal Information is only granted to authorized employees who need access to the data due to their job, e.g., to provide our services or to contact you in case of queries.
We may also share your Personal Information with our Business Partners for the purposes described in this Privacy Policy, including (but not limited to) conducting the services you request, or customizing our business to better meet your needs.
External bodies
Personal Information is transferred to our service providers in the following instances:
- in the context of fulfilling our contract with you,
- to use marketing services and to advertise our services online,
- to communicate with you,
- to provide our add-ins, and
- to state authorities and institutions as far as this is required or necessary.
International transfers
We may transfer your Personal Information to other companies as necessary for the purposes described in this Privacy Policy. In order to provide adequate protection for your Personal Information when it is transferred, we have contractual arrangements regarding such transfers. We take all reasonable technical and organizational measures to protect the Personal Information we transfer.
Security of your data
In order to protect the data stored with us in the best possible way against accidental or intentional manipulation, loss, destruction or access by unauthorized persons, we use appropriate technical and organizational security measures. The security levels are continuously reviewed in cooperation with security experts and adapted to new security standards.
Nevertheless, internet-based data transmissions can always have security gaps, so that absolute protection cannot be guaranteed. And databases or data sets that include Personal Information may be breached inadvertently or through wrongful intrusion. Upon becoming aware of a data breach, we will notify all affected individuals whose Personal Information may have been compromised as expeditiously as possible after which the breach was discovered.
Your Rights and Privileges
Privacy rights
Under the TDPSA, you can exercise the following rights:
- Right to know
- Right to rectification
- Right of deletion
- Right of non-discrimination
- Right to opt-out of sale
Under the GDPR, you can exercise the following rights:
- The right to access;
- The right to rectification;
- The right to erasure;
- The right to restrict processing;
- The right to object to processing;
- The right to data portability;
- The right to complaint to a supervisory authority
If you have any questions, please contact us.
Updating your information
If you believe that the information we hold about you is inaccurate or request its rectification, deletion, or object to its processing, please do so by contacting us.
Withdrawing your consent
You can withdraw consents you have given at any time by contacting us.
Access Request
In the event you want to make a Data Subject Access Request, please contact us. We will respond to requests regarding access and correction as soon as reasonably possible. Should we not be able to respond to your request within thirty (30) days, we will tell you why and when we will be able to respond to your request. If we are unable to provide you with any Personal Information or to make a correction requested by you, we will tell you why.
Complaint to a supervisory authority
You have the right to complain about our processing of Personal Information to a supervisory authority responsible for data protection. However, we would appreciate the opportunity to address your concerns before you contact any supervisory authority.
COPPA (Children Online Privacy Protection Act)
When it comes to the collection of Personal Information from children under the age of 13 years old, the Children’s Online Privacy Protection Act (COPPA) puts parents in control. The Federal Trade Commission, United States’ consumer protection agency, enforces the COPPA Rule, which spells out what operators of websites and online services must do to protect children’s privacy and safety online. We do not specifically market to children under the age of 13 years old.
CAN SPAM Act
The CAN-SPAM Act is a law that sets the rules for commercial email, establishes requirements for commercial messages, gives recipients the right to have emails stopped from being sent to them, and spells out tough penalties for violations. To be in accordance with CAN SPAM, we agree to the following: If at any time you would like to unsubscribe from receiving future emails, you can email us, and we will promptly remove you from ALL correspondence.
Controls For Do-Not-Track Features
Most web browsers and some mobile operating systems and mobile applications include a Do-Not-Track (‘DNT’) feature or setting you can activate to signal your privacy preference not to have data about your online browsing activities monitored and collected. At this stage no uniform technology standard for recognizing and implementing DNT signals has been finalized. As such, our website does not currently respond to DNT browser signals or any other mechanism that automatically communicates your choice not to be tracked online. If a standard for online tracking is adopted that we must follow in the future, we will inform you about that practice in a revised version of this policy.
What we do not do
- We do not use Automated decision-making including profiling; and
- We do not sell your Personal Information.
Does this policy change?
We may update our Privacy Policy from time to time. This might be for a number of reasons, such as to reflect a change in the law or to accommodate a change in our business practices and the way we use your Personal Information. We recommend that you check here periodically for any changes to our Privacy Policy. This Privacy Policy was last updated on Wednesday, 07th of December 2023.
Who should I contact for more information?
If you feel that the above is not sufficient or if you have any queries as regards the collection, processing or use of your Personal Information we are looking forward to hearing from you. We will make every effort to reply as soon as possible and take into consideration any suggestions from your end.