Privacy Policy

We at ( GmbH in foundation) are committed to protecting your privacy. This Privacy Policy applies to the information collected on our website by acting as a controller. In this policy, we describe how we collect, receive, use, store, share, transfer, and process your personal information in relation to your use of our website, services and our newsletter we send out to you.

This Privacy Policy does apply to the data our software solution processes on behalf of our clients (Client Data) in our capacity as a platform provider ( Software) that you may access using the “Login” function on our website.

You are free to decide, if you want to visit the websites without submitting personal information about yourself. When you want to contact us regarding any services or content of, we request that you provide Personal Information about yourself.

On top of this privacy policy our terms of service apply to the data our conversational commerce (cCom) software solution processes on behalf of our clients (client data) in our capacity as a platform provider ( that you may access using the “log in” function on our website. Your use of services or products is covered under our terms of service as well as this privacy policy.

1. Name and contact details of the controller

This privacy policy applies to data processing by: (hereinafter: Chatarmin or or GmbH in foundation)
Kaiserstraße 89
1070 Wien

2. Processing of data

In the following, we inform you about our data processing in relation to our site, its purposes and legal basis, the collected data the respective storage period and, if applicable, specific objection and removal options.

a) Log files

When you visit, the browser used on your terminal device automatically sends information to the server of our website. This information is temporarily stored in a so-called log file.

Type of Data

The following information is collected without your intervention:

  • IP address of the computer/mobile device,
  • unique device identifier,
  • used browser type/version,
  • location information,
  • date and time of access,
  • name and URL of the retrieved file,
  • website from which access is made (referrer URL), and
  • the browser used and, if applicable, the operating system of your computer as well as the name of your access provider.


The data mentioned will be processed by us for the following purposes:

  • ensuring a smooth connection of the website,
  • to ensure a comfortable use of our website, and
  • evaluation of system safety and stability.

Legal Basis

The legal basis for the data processing is Art. 6 para. 1 sentence 1 lit. f GDPR. Our legitimate interest follows from the above listed purposes for data processing.

Storage Period

The data will be deleted as soon as they are no longer necessary for the purpose for which they were collected. In the case of the collection of data for the provision of the website, this is the case when the respective session is ended. In the case of storage of the data in log files, this is the case after seven days at the latest. Storage beyond this period is possible. In this case, the IP addresses are anonymized by deleting the last eight bits, so that an identification of you is no longer possible.

3. Disclosure

Your personal data will not be transferred to third parties for purposes other than those listed below. We will only pass on your personal data to third parties if:

  • You have given your express consent in accordance with Art. 6 para. 1 sentence 1 lit. a GDPR,
  • the disclosure pursuant to Art. 6 para. 1 sentence 1 lit. f GDPR is necessary for the assertion, exercise or defence of legal claims and there is no reason to assume that you have an overriding legitimate interest in not disclosing your data,
  • in the event that there is a legal obligation to pass on data pursuant to Art. 6 para. 1 sentence 1 lit. c GDPR, and
  • this is legally permissible and required for the execution of contractual relationships with you pursuant to Art. 6 para. 1 sentence 1 lit. b GDPR.

4. Transfer to third countries

As a company working on a global scale, we share the data we process with recipients (service providers or other third parties) who may be located outside the EEA. To the extent that no statutory level of security comparable to the European data protection laws exists in such countries, we will adopt appropriate measures to ensure that your personal data will be adequately protected in these countries. In particular, we may apply the standard contractual clauses published by the European Commission. In case we transfer data to the USA, you should be aware that the European Court of Justice (CJEU) evaluated the applicable data protection level providing less protection than the applicable data protection in the EU („Schrems II“ C-311/18). This assessment is based on the US authorities’ intelligence activities concerning the personal data transferred to the United States. According to the CJEU, surveillance programmes cannot be regarded as limited to what is strictly necessary and data subjects have no right to an effective remedy actionable in the courts against the US authorities. Considering these circumstances, we regular monitor the legal requirements of data transfers to the US. In addition, we conduct assessments regarding the risks of the access by US authorities to the personal data we send to the USA and the need to provide additional safeguards. You may contact our data protection officer for further information, and, in particular, request inspection of the standard contractual contracts concluded.

5. Right of objection

If your personal data are processed on the basis of legitimate interests pursuant to Art. 6 para. 1 sentence 1 lit. f GDPR, you have the right, pursuant to Art. 21 GDPR, to object to the processing of your personal data if there are reasons for doing so which arise from your particular situation or if the objection is directed against direct advertising. In the latter case, you have a general right of objection, which is implemented by us without stating a particular situation.

If you would like to make use of your right of revocation or objection, simply send an e-mail to We will delete your full set of collected personal data - if not already fully anonymized - respectively.

6. Further rights of data subjects

You have the right:

  • to request information about your personal data processed by us in accordance with Art. 15 GDPR. In particular, you may request information on the processing purposes, the category of personal data, the categories of recipients to whom your data have been or will be disclosed, the planned storage period, the existence of a right of rectification, deletion, restriction of processing or objection, the existence of a right of complaint, the origin of your data, unless it has been collected from us, as well as the existence of an automated decision-making process including profiling and, if applicable, meaningful information on its details;
  • in accordance with Art. 16 GDPR, to immediately request the correction of incorrect or incomplete personal data stored by us;
  • to demand the deletion of your personal data stored by us in accordance with Art. 17 DSGVO, unless the processing is necessary for the exercise of the right to freedom of expression and information, for the fulfilment of a legal obligation, for reasons of public interest or for the assertion, exercise or defence of legal claims;
  • to demand the restriction of the processing of your personal data in accordance with Art. 18 GDPR if the correctness of the data is disputed by you, the processing is unlawful but you refuse its deletion and we no longer need the data but you need it to assert, exercise or defend legal claims or you have lodged an objection against the processing in accordance with Art. 21 DSGVO;
  • in accordance with Art. 20 GDPR, to receive your personal data which you have provided to us in a structured, common and machine-readable format or to request the transfer to another responsible person;
  • in accordance with Art. 7 para. 3 GDPR, to revoke your consent once given to us at any time. The consequence of this is that we may no longer continue the data processing based on this consent in the future, and
  • to complain to a supervisory authority pursuant to Art. 77 GDPR. As a rule, you can contact the supervisory authority of your usual place of residence or place of work or at our company headquarters. In the latter case, you can contact our Lead Data Protection Authority:

7. Actuality and changes to this Privacy Policy

This Privacy Policy is currently valid as of 10th of February 2023. Due to the further development of our website and offers about it or due to changed legal or official requirements, it may be necessary to change this privacy policy.

In the case of requesting a demonstration of any services or products related to, we might request some personal information about yourself, including but not limited to: your surname, last name, email address and telephone number. If we do use any cookies, you will be asked to give expressed consent upon visiting our services. You will be able to access a cookie manager and cookie policy in that instance. will in no case ever sell your personal information to any third party.

Voluntarily giving consent to receive communication from might lead to the usage of your personal information for marketing purposes.

8. The role of WhatsApp as a service provider

In any case user interaction with WhatsApp is possible or required, your usage of WhatsApp will be solely governed with WhatsApp:

WhatsApp Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Irland. Please refer to the respective privacy policy:

Upon starting a chat with our - or one of our clients’ - WhatsApp Business Platform Accounts (WhatsApp Business Account), you will be directed to WhatsApp and have the possibility to chat with the respective WhatsApp business account.

This data is end-to-end encrypted as covered under the WhatsApp’s business sub-processors’ server infrastructures, as per the WhatsApp help center. Be aware WhatsApp only uses aggregated and anonymized data for statistical and product development purposes as per the WhatsApp Business Terms of Service. This anonymized and already end-to-end encrypted data is stored in one of WhatsApp Sub-Processors List.

No other third parties will gain access to your data, or your users’ data.

Be aware any of the data stored, collected or aggregated by will be hosted on servers within the DACH region or EU, respectively.

Learn more about the WhatsApp Business Platform Data usage here in the WhatsApp Data Processing Terms as well as the WhatsApp Business Data Transfer Addendum.

Respective of the above mentioned WhatsApp legal documentation, we collect WhatsApp phone numbers and usernames through your - or your clients’ - WhatsApp user profile. We use this and other information you provide to recognize you, respond to you, manage your preferences and contact you through WhatsApp after receiving your approval to do so.

Feel free to withdraw your consent at any time. Simply contact in this instance.

Additions to this privacy policy, that might be of your interest, are the Chatarmin Terms of Service as well as the GDPR-compliance statement of our CEO and founder Johannes Mansbart.