We have made some updates to our privacy policy which will come into effect on the effective date specified. These changes include modifications related to "workspace tracking and statistics data".
GPR.chat ('us', 'we', or 'our') operates the GPR.chat Website (https://chat.gepur.org),
GPR.chat Services, including the Marketplace and associated GPR Apps, GPR´s
Our policy includes three appendices, each addressing distinct aspects of our privacy framework:
Appendix 1: Specific details about privacy in our cloud offerings.
Appendix 2: Privacy regulations framework, including applicable legal requirements that may pertain to your company or jurisdiction.
Appendix 3: Provisions related to the privacy of GPR.chat.
Please note that other services may have additional privacy policies, which can be found in the Appendices of this document.
This page informs you of our policies regarding the collection, use, and disclosure of personal data when you use our Services and the choices you have associated with that data.
We use your data to provide and improve the Services. By using the Service, you agree to the collection and use of information in accordance with this policy. Unless otherwise defined in this Privacy Policy, terms used in this Privacy Policy have the same meanings as in our Customer Terms of Service.
Services means the website (https://chat.gepur.org), GPR.Chat Open Server (https://chat.gepur.org), GPR.Chat Sotfware and Marketplace, incl. associated GPR.Chat Apps, push notification gateways, and the GPR.Chat mobile applications operated by GPR.Chat
Personal Data means data about a living individual who can be identified from those data (or from those and other information either in our possession or likely to come into our possession).
Usage Data means the data collected automatically either generated by the use of the Service or from the Service infrastructure itself (for example, the duration of a page visit).
Cookies are small pieces of data stored on your device (computer or mobile device), they are files with a small amount of data, which may include an anonymous unique identifier. Cookies are sent to your browser from a website and stored on your device.
Data Controller means the natural or legal person who (either alone or jointly or in common with other persons) determines the purposes for which and the manner in which any personal information is, or is to be, processed. For the purpose of this Privacy Policy, we are a Data Controller of your Personal Data.
Data Processors (or Service Providers) means any natural or legal person who processes the data on behalf of the Data Controller. We may use the services of various Service Providers in order to process your data more effectively.
Data Subject (or User) Data Subject is any living individual who is using our Service and is the subject of Personal Data.
Tracking technologies also used are beacons, tags, and scripts to collect and track information and to improve and analyze our Service.
In connection with our operations and during the lifecycle of business relationships with our Customers, we collect various types of personal data, meaning any information that identifies or allows us to identify you.
Personal Data
While using our Service, we may ask you to provide us with certain personally identifiable information that can be used to contact or identify you ("Personal Data"). Personally identifiable information may include but is not limited to
Account Data
Some Services may allow or require that you register for a personalized account. Account data may include, in addition, your account name, authentication information, registration date, contact information, payment information, and any other information associated with your account.
Usage Data
We may also collect information that your browser sends whenever you visit our Service or when you access the Service, including by or through a mobile device ("Usage Data").
This Usage Data may include information such as your computer's Internet Protocol address (e.g., IP address), browser type, browser version, the pages of our Service that you visit, the time and date of your visit, the time spent on those pages, unique device identifiers and other diagnostic data.
When you access the Services by or through a mobile device, this Usage Data may include information such as the type of mobile device you use, the IP address of your mobile device, your mobile operating system, the app version, the type of mobile Internet browser you use, unique device identifiers and other diagnostic data
Location Data
We may use and store information about your location if you give us permission to do so (“Location Data”). We use this data to provide features of our Service (only to allow you to share your location with another user via Rocket.Chat if it was enabled by the administrator).
You can enable or disable location services when you use our Service at any time through your device settings.
App Data
Apps Provided By Rocket.Chat
When you use the Marketplace, you may choose to install Apps provided by Rocket.Chat. These Apps process data from your instance of GPR.Chat and, therefore, nonpersonal data, such as software version, amount of users, and similar. Depending on the purpose and your actual usage of the App (e.g., enabling certain features), Personal Data may however be processed. E.g., you enable an integration, which processes your users' information. The description of the App will make the types of personal data sufficiently clear, as well as any potential deviations from this policy.
For Third-Party Apps on the Marketplace, the Vendor will provide you with a specific privacy policy that governs his Third-Party App.
Tracking & Cookies Data
Tracking & Cookies Data
We use cookies and similar tracking technologies to track the activity on our Service and hold certain information.
You can instruct your browser to refuse all cookies or to indicate when a cookie is being sent. However, if you do not accept cookies, you may not be able to use some portions of our Service.
Examples of Cookies we use:
Workspace Tracking and Statistics Data
GPR.Chat workspaces are set up to automatically send anonymous and non-personal usage tracking data to GPR.Chat This is done to help us understand how customers use our Services, ensure compliance with the terms of use limits, and for billing purposes if the Customer's contract is based on consumption of our Services.
The information shared is the same data displayed on the administration panel's "info" page, which is described in
For example, the tracking statistics sharing will transmit the total number of channels, but not the actual channel names, to preserve your workspace's privacy. Depending on the services and plans purchased, disabling this tracking statistics collection may be possible.
For further details on how we secure your data, please refer to the "How do we secure your data" section. Additionally, information about our Cloud Infrastructure and Subprocessors can be found in our Subprocessors section.
We collect and use your personal data to the extent necessary to carry out our operations, provide our services, and comply with any regulatory obligations in our activities.
These purposes are defined in more detail below:
In accordance with the applicable regulations, we may only use your personal data for at least one of the following reasons:
To comply with legal and regulatory obligations.
We collect and use your personal data to comply with various legal and regulatory obligations, such as
To fulfill our legitimate interests.
We also use your personal data to fulfill our legitimate interests, which include the following:
Based on your consent.
if certain personal data processing requires your consent (e.g., cookies), we will inform you of this, including details of the specific processing activity, and request your consent to such processing. You may request to revoke your consent at any time.
GPR.Chat will retain your Personal Data only for as long as is necessary for the purposes set out in this Privacy Policy. We will retain and use your Personal Data to the extent necessary to comply with our legal obligations (for example, if we are required to retain your data to comply with applicable laws), resolve disputes, and enforce our legal agreements and policies.
GPR.Chat will also retain Usage Data for internal analysis purposes. Usage Data is generally retained for a shorter period of time, except when this data is used to strengthen the security or to improve the functionality of our Service, or we are legally obligated to retain this data for longer time periods.
When your personal data no longer needs to be retained for any of the purposes stipulated in this privacy policy, we may delete or anonymize your personal data. Anonymized data - i.e. data that can no longer be associated with you as an individual - may be further used for research and statistical purposes, in which case we may use this information indefinitely without further notice to you.
Your information, including Personal Data, may be transferred to — and maintained on — computers located outside of your state, province, country, or other governmental jurisdiction where the data protection laws may differ from those from your jurisdiction.
If you are located outside the United States and choose to provide information to us, please note that we transfer the data, including Personal Data, to the United States or other jurisdictions deemed not to have an adequate level of data protection deemed by the competent authorities of your residence. GPR.Chat Technologies Corp. will take all steps reasonably necessary to ensure that your data is treated securely and in accordance with this Privacy Policy, and no transfer of your Personal Data will take place to an organization or a country unless there are adequate controls in place including the security of your data and other personal information.
To access privacy agreements relevant to your jurisdiction and obtain information about privacy policies specific to your jurisdiction or company industry
Disclosure of Data
Business Transaction
If GPR.Chat Technologies Corp. is involved in a merger, acquisition, or asset sale; your Personal Data may be transferred. We will provide notice before your Personal Data is transferred and becomes subject to a different Privacy Policy.
In rare circumstances, we may be required to disclose user-uploaded content and other Personal Data in response to a valid request from law enforcement authorities. We will only comply with such requests if they are made in accordance with applicable laws, regulations, and our internal guidelines for disclosure.
For more information regarding Law Enforcement Disclosure,
GPR.Chat Technologies Corp. may disclose your Personal Data in the good faith belief that such action is necessary to:
Sharing data with third-party service providers ("subprocessors")
We may employ third-party companies and individuals to facilitate our Service ("Service Providers"), to provide the Service on our behalf, to perform Service-related services, or to assist us in analyzing how our Service is used.
These third parties have access to your Personal Data only to perform these tasks on our behalf and are obligated not to disclose or use it for any other purpose
The ways in which we share your Personal Data include the following:
We execute contracts with our third parties to ensure they fulfill their data protection obligations.
A list of our third-party processors may be found
Analytics
We may use third-party Service Providers to monitor and analyze the use of our
Google Analytics
Firebase
Links to Other Sites
Our Service may contain links to other sites that are not operated by us. If you click on a third-party link, you will be directed to that third-party's site. When using such third-party websites, we recommend that you read the relevant sites' terms and privacy policies.
We have no control over and assume no responsibility for the content, privacy policies, or practices of any third-party sites or services. This privacy policy is valid only for GPR.Chat branded domains, owned and managed by GPR.Chat Technologies Corp., as the owner and operator of the Pexip service.
In accordance with applicable regulations and where applicable, you have the following rights:
If the processing is based on your consent, you may also withdraw your consent at any time (without affecting the lawfulness of processing based on consent before its withdrawal). If you have previously consented to receive promotional email communications from us, you can use the unsubscribe function at the bottom of our emails to unsubscribe from our emails at any time (“withdraw your consent”).
If you have an active GPR.Chat account, it’s not possible to opt out of basic emails since we need to communicate basic information, where relevant, to users in order to continue delivery of the account.
To exercise any of the rights listed above, please use our Data Request Form, a simplified form that ensures efficient request management and security. Alternatively, you can send an email to privacy@rocket.chat.
The request will be processed and completed in compliance with our privacy policy, terms of service, our business relationship, and any data privacy laws applicable in your country.
We are committed to working with you to obtain a fair resolution of any complaint or concern about privacy. If you believe that we have not been able to assist with your complaint or concern, and you are located in the EEA or other applicable jurisdictions, you have the right to lodge a complaint with the competent supervisory authority.
Ensuring the security of the data you entrust to us is one of our most important responsibilities. We apply appropriate technical and organizational measures to keep your personal data secure. We use physical, administrative, and technical security measures to reduce the risk of loss, misuse, or unauthorized access, disclosure, or modification of your personal data.
Your data can only be accessed by persons for whom it is necessary in relation to their work.
We may outsource our processing of personal data to external service providers. In such events, we enter into appropriate agreements with the providers to ensure that your personal data is processed per this Privacy Policy and any applicable laws. We also have received internationally recognized security certifications.
Although we do our best, given the nature of communications and information processing technology, we cannot guarantee that Information during transmission through the Internet or while stored on our systems or otherwise in our care will be absolutely safe from intrusion by others.
For more information regarding our security practices, please refer to our comprehensive Security Policy and Security and Compliance Guides.
Our Services are only available to Users above the legal age of 13 years or any higher age required by the applicable regulations in your jurisdiction.
Users under the legal age should discontinue using our services. If you are from a country subject to GDPR, you must be 16 years old or above unless your country has enacted a regulation specifying a lower minimum age.
Individuals from LGDP-regulated countries must be 18 years of age or older unless parental consent has been obtained.
We do not knowingly collect personally identifiable information from anyone under the legal age. If you are a parent or guardian and you are aware that your child has provided us with Personal Data, please contact us. If we become aware that we have collected Personal Data from children without verification of parental consent, we take steps to remove that information from our servers.
Please note that the customer is responsible for managing user-generated data and workspace control, including compliance with data handling for minors in their jurisdiction.
As our business grows and our services and products evolve, this privacy notice may change, or other privacy notices may be written and posted specifically to address new offerings or to keep pace with data privacy laws.
When changes are substantial, we will first ensure to make you aware of any forthcoming changes by attempting to contact you directly via email, or via our user interfaces, or indirectly through your authorized partner, which is reselling the GPR.Chat services or products., Changes to this Privacy Policy will become effective once they are posted on this page, and we will also update the "effective date" at the top of this Privacy Policy.
There are two classifications for GPR.Chat self-hosted workspaces: registered and non-registered. Registered workspaces have access to a wide range of features and services, and registered workspaces are eligible for our "starter" or paid plans (dependent on user counts and functionality requirements). Note that non-registered workspaces operate independently without formal registration and no data collection by GPR.Chat. Non-registered workspaces are only available via the Free and Open Source Software (FOSS) self-build deployment path;
Contact us
If you have any questions about this Privacy Policy, please contact us:
Specific Provisions to our Cloud Offerings
For our Cloud Offerings, we act as a Data Processor for our Customers, who are the Data Controllers of the instances they have licensed and administer. As a User, you will be bound by the Data Controller´s policies. For these instances, please direct your data privacy questions to the Data Controller.
Regarding some of our Cloud Products, Customers have certain options to select the processing location of data and configure the instance's privacy-relevant settings. If you are the Customer of one of these instances, you can contact us and get more information on where your instance is running.
We generally offer two regions:
Other regions may be added over time.
The amount of Personal Data we process with our Cloud Offerings is limited to what the Customer and his users enter into the Service. In the Cloud offering, we will not process the personalized cookie or analytics data described above. The purposes of processing the data are strictly limited to providing and improving the Service in accordance with the Data Controller´s instructions. We never access workspace data (i.e. the actual content the customer is entering in his instance) unless the customer asks us to in the form of a support request, we are bound by a valid law enforcement request or to protect our own interests, such as investigating potential abuse of the service.
Once your usage of our cloud offering ceases, we will remove all your data, including backups, after a short grace period - or immediately if you tell us to.
Privacy Regulations Framework
Our Privacy Regulations Framework Appendix is an integral part of our Privacy Policy, which outlines the specific legal requirements that govern your privacy.
As part of our commitment to privacy and transparency, we provide this appendix to explain how we handle your data according to relevant regulations. We encourage you to read these clauses carefully to understand how your data is managed in compliance with the law.
If you have any questions or concerns
Specific Provisions to California Consumer Privacy Act “CCPA”
This section provides additional details about the personal information we collect about California consumers and the rights afforded to them under the California Consumer Privacy Act or “CCPA.”
We do not provide services, or other items of value, as consideration for your, or your end users’, personal information protected by the CCPA.
You are responsible for ensuring your compliance with the requirements of the CCPA in your use of the Services we provide to you and your own processing of personal information.
Here are a few things that Rocket. Chat will NOT do with personal information in the scope of acting as a service provider, as defined by CCPA:
Subject to certain limitations, the CCPA provides California consumers the right to request to know more details about the categories or specific pieces of personal information we collect (including how we use and disclose this personal information), to delete their personal information, to opt out of any “sales” that may be occurring, and to not be discriminated against for exercising these rights.
California consumers can exercise their CCPA rights by completing a data subject request form found here. We will verify your request using the email associated with your account.
Specific Provisions to California Online Privacy Protection Act “CalOPPA”
We do not support Do Not Track ("DNT") signals. Do Not Track is a preference you can set in your web browser to inform websites that you do not want to be tracked.
You can enable or disable Do Not Track by visiting your web browser's Preferences or Settings page.
Specific Provisions to Lei Geral de Proteção de Dados “LGPD”
GPR.Chat only processes, stores, and collects data according to this Privacy Policy, which covers the main LGPD requirements. For a dedicated section about the DPO appointment letter and Frequently asked questions about LGDP compliance at GPR.Chat, please refer to the Privacy Center, where we have a dedicated page for LGPD Compliance.
Specific Provisions for General Data Protection Regulation “GDPR)” and Other Applicable Regulations
Where required, we provide the option to sign Standard Contractual Clauses approved by the European Commission to ensure sufficient data protection or other relevant mechanisms based on the Customer's requirements or applicable agreements in the customer's jurisdiction. For additional details, please visit the Privacy Center.
Specific Provisions to GPR.Chat Open Server
“GPR.Chat Open Server (https://chat.gepur.org)” is a dedicated workspace for GPR.Chat admins, users, contributors, partners, and employees to collaborate and improve the experience of running a GPR.Chat workspace.
Data Collected on the Open Server
In addition to the data collected mentioned in the Privacy Policy, please note that any content uploaded by Users to the GPR.Chat Open Server (chat.gepur.org) will also be stored. This includes images, files, documents, and other user-generated data.
Rest assured that we securely store all uploaded content in our cloud-hosted infrastructure.
Data Retention on the Open Server
GPR.Chat reserves the right to delete inactive accounts, channels, discussions, and associated content on the Open Server. GPR.Chat may deem an account, channel, or discussion inactive based on various criteria, including, but not limited to, the account creation date, the last time there was a valid log-in and the date of the last contribution. If we plan to delete your account, we will provide advance notice by sending a message to the email address registered to your account. GPR.Chat encourages you to utilize your account on occasion to avoid the risk of being deemed inactive.
Account Deletion on the Open Server
If you wish to delete your account at GPR.Chat Open Server, you can do so by logging in to your account, clicking on the account, then selecting 'profile', and finally clicking on 'excluding my account'. Please note that once you delete your account, this action cannot be undone.