Privacy Policy for Websheet
PRIVACY POLICY
- INTRODUCTION
Pursuant to Article 13 of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (the “GDPR”), we are obligated to inform you about our processing of your personal data. We invite you to read the following information that carries out this obligation.
- DATA CONTROLLER
The controller of your personal data is Websheet spółka z ograniczoną odpowiedzialnością with its registered seat in Skarbimierzyce 1, 72-002 Dołuje, Poland, entered into the register of entrepreneurs under the KRS no.: 0001052489, REGON: 526092621, NIP: 8513297937 (the “Controller”, “we”, “us”, “our”).
- CONTACT
You can contact the Controller on any matter concerning your personal data by writing to the address of our registered office or using the e-mail address: support@www.emailto.ai.
- SCOPE OF PROCESSING
The Controller shall process personal data for the following purposes:
- Operating and maintaining the https://www.emailto.ai/ website (the “Platform”), including detecting, preventing and investigating potential attacks or other malicious activity directed at the Platform (Article 6 (1)(f) of GDPR).
- Offering the Websheet AI software (the “Software”) and managing the provision of services to users (Article 6 (1)(b) of GDPR and Article 6 (1)(c) of GDPR, with regards to the Controller’s tax, fiscal and other legal obligations).
- Complying with the Controller’s legal obligations arising, in particular, from regulations on information protection and security, anti-money laundering and countering the financing of terrorism, or tax and accounting regulations, including for the maintenance of tax and accounting records (Article 6 (1)(c) of GDPR).
- Asserting or defending against claims related to you purchase of the Software and our provision of services related thereto (Article 6 (1)(f) of GDPR).
- Archival and evidentiary purposes for safeguarding information in the event of a legal need to use it (Article 6(1)(f) of GDPR).
- Communicating with our users with regards to our provision of services or other related to their use of the Software (Article 6 (1)(f) of GDPR).
- Preventing fraud, criminal activity or misuses of the Software, protection of the security of our IT systems, architecture, and networks (Article 6 (1)(f) of GDPR).
- Improving the Software or developing new software or services (Article 6 (1)(f) of GDPR).
In connection with the above purposes, we may process the following categories of personal data:
- data we acquire in connection to the user granting us access to his Google Sheets, in order to integrate them with the Software;
- full name and/or company name;
- email address;
- phone number;
- other preferred communication data
- tax ID or other identification data;
- payment information;
- information about usage of the Software;
- billing data;
- IP address;
- type and device ID;
- browser type and version;
- statistical data, connected to the use of the Software.
- DATA RECIPIENTS
We may transfer your personal data to the following entities:
- subcontractors, i.e., entities whose services we use for processing personal data, such as entities providing accounting services, payment processors, legal services, services related to the disposal or archiving of records, IT services, including hosting and server maintenance services, and software providers;
- advisors and consultants we use on an ongoing basis in order to provide services;
- equity linked entities.
Furthermore, due to the nature of the Software, some of your data may be transferred to Google LLC and OpenAI LLC. You may review documents describing how those entities handle personal data here:
- https://policies.google.com/privacy?hl=en
- https://openai.com/policies/privacy-policy
Websheet uses and transfers information received from Google APIs in compliance with Google API Services User Data Policy, including the Limited Use requirements. You may learn more here:
By providing us access to your Google Spreadsheet, Forms, and User Info, we allow our users to use ChatGPT inside the spreadsheet or on embed websites.
Used Websheet AI Scopes:
- .../auth/spreadsheets - It allows access to all spreadsheets stored on your google drive. We use it to get the latest spreadsheet data in which the plugin was Launched. We use installable triggers to detect changes on the Spreadsheet. We use this scope to send part of your spreadsheet data to openAI, to fullfill the services.
- .../auth/userinfo.profile - This scope allows us to see your personal info, including any personal info you've made publicly available. We use it to create a user profile. Also, ensure that you can use our plugin in the Spreadsheet.
- .../auth/forms - View and manage your forms in Google Drive. This scope is required with our Form Generator Function, which helps convert data inside a sheet into a Google Form which is connected to the Spreadsheet in which the plugin is being used. When there is no such Form, it will create a new one.
- .../auth/script.container.ui - This Scope allows to display and run third-party web content in prompts and sidebars inside Google applications. We use this scope in our Editor and Sidebar. It is used to generate UI and present your your results.
- .../auth/spreadsheets - See, edit, create and delete all your Google Sheets spreadsheets. We use this scope to view and edit spreadsheet data for Spreadsheets in which the Plugin was launched.
- .../auth/script.external_reques - This Scope allows to connect to external services. We use it for managing user data and reporting bugs. This scope will enable us to make requests to our Servers from the Plugin and Spreadsheet. We use such requests for example to connect with OpenAI.
- .../auth/script.scriptapp - Allow this application to run when you are not present. This scope we use to add and remove onChange triggers to the Spreadsheet. This way, we get notified that a change occurred inside the Spreadsheet.
- Used Websheet Editor Scopes:
- .../auth/spreadsheets - It allows access to all spreadsheets stored on your google drive. We use it to get the latest spreadsheet data in which the Plugin was Launched. We use installable triggers to detect changes on the Spreadsheet. The Spreadsheet is then downloaded to and processed on our Server, which allows us to serve it back to the end user as a Website.
We also use this scope inside the Editor to improve the expirience of using our Editor.
- .../auth/userinfo.profile - This scope allows us to See your personal info, including any personal info you've made publicly available. We use it to create a user profile. Also, ensure that you can use our Plugin in the Spreadsheet.
- .../auth/forms - View and manage your forms in Google Drive. This scope is required with our Form Generator Function, which helps convert data inside a sheet into a Google Form which is connected to the Spreadsheet in which the Plugin is being used. When there is no such Form, it will create a new one.
- .../auth/script.container.ui - This Scope allows to display and run third-party web content in prompts and sidebars inside Google applications. We use this scope in our Editor and Sidebar. It is used to generate UI and present your website inside our Spreadsheet Dialogs for better editing.
- .../auth/spreadsheets - See, edit, create and delete all your Google Sheets spreadsheets. We use this scope to view and edit spreadsheet data for Spreadsheets in which the Plugin was launched.
- .../auth/script.external_reques - This Scope allows to connect to external services. We use it for managing user data and reporting bugs. This scope will enable us to make requests to our Servers from the Plugin and Spreadsheet. We use such requests to update information relevant to your website as well as to get relevant information regarding your website.
- .../auth/script.scriptapp - Allow this application to run when you are not present. This scope we use to add and remove onChange triggers to the Spreadsheet. This way, we get notified that a change occurred inside the Spreadsheet.
- TRANSFERS TO THIRD COUNTRIES AND INTERNATIONAL ORGANIZATIONS
We may transfer your personal data outside of the EEA. We will take appropriate measures to ensure that your personal data receives an adequate level of data protection upon its transfer. When personal data that was collected within the EEA is transferred outside the EEA, we will take necessary steps in order to ensure that sufficient safeguards are provided during the transferring of such personal data, such as implementing standard contractual clauses as approved by the European Union into the data processing agreements we may conclude with third country data recipients.
- DATA RETENTION
The personal data retention period depends on the purpose of its processing:
- if the processing is done for the purpose of providing services to our clients, then the data will be kept for the expiration of the statute of limitations for claims, unless specific legislation requires us to keep it for a longer period of time;
- if the processing is done for the purpose of complying with the Controller's legal obligations, then the data will be kept for the time prescribed by law;
- if the processing is done on the basis of legitimate interest, then the data will be kept until you object to its further processing or if we ourselves decide that the data has become obsolete or our legitimate interest in its processing has been exhausted.
- YOUR RIGHTS
GDPR grants you the following rights with respect to your personal data:
- Right to withdraw consent. If we process personal data on the basis of the consent you have given us, you have the right to withdraw it. We will stop processing your personal data if there is no other basis for processing. The withdrawal of consent does not affect the processing of your personal data carried out before such withdrawal.
- Right to access data. You can request information at any time about what personal data we process and what we use it for. In accordance with Article 15(1) of GDPR, this information will include, at a minimum:
- the purposes of the processing;
- the categories of personal data involved in the processing;
- information about the recipients or categories of recipients to whom the personal data have been or will be disclosed, in particular recipients in third countries or international organizations;
- to the extent possible, the intended period of storage of the personal data, and where this is not possible, the criteria for determining this period;
- information about the right to request the Controller to rectify, erase or restrict the processing of your personal data and to object to such processing;
- information about the right to lodge a complaint with a supervisory authority;
- if the personal data was not collected from you - any available information about its source;
- information about automated decision-making, including profiling as referred to in Article 22 (1) and (4) of GDPR and, at least in these cases, relevant information about the principles of decision-making, as well as the significance and anticipated consequences of such processing for you.
- Right to rectify your personal data. If your personal data is inaccurate (e.g. erroneous or incomplete), you may at any time request that it be corrected or completed (taking into account the purposes of processing).
- Right to be forgotten. You have the right to request the deletion of your personal data if:
- our processing of your personal data is no longer necessary to achieve the purposes referred to above;
- we process personal data on the basis of your consent and you choose to withdraw such consent, where there is no other basis for processing your personal data;
- you have exercised your right to object to the processing of your personal data, however, only if we process your personal data (i) in order for us or another person to pursue a legitimate interest and (ii) your rights and freedoms will override such interest;
- we process your personal data unlawfully;
- our obligation to delete your personal data arises from a legal obligation to which we are subject to.
If the personal data you request to be deleted has been made public by us, we will take reasonable measures, taking into account the available technology and the cost of carrying out such measures, to inform other controllers that you wish your personal data to be deleted, copied or replicated.
Your right to request deletion of your personal data may not apply to you if we are processing your personal data for the performance of a legal obligation owed to us, performance of a contract, or for the establish, assert or defend claims.
- Right to restriction of processing. You may request that we restrict our processing of your personal data if:
- you believe that the personal data we process is incorrect (for a period of time to verify the accuracy of the data);
- our processing of your personal data is unlawful, but you do not want us to delete it;
- we no longer need your personal data, but you need it to establish, assert or defend your claims;
- you have exercised your right to object to our processing of your personal data, but only if we are processing your personal data (i) in order for us or another person to pursue a legitimate interest and (ii) your rights and freedoms will override such interest.
- Right to data portability. You have the right to receive, in a structured, commonly used, machine-readable format, the personal data that you have provided to us and to send this personal data to another controller without hindrance from us, if you have provided us with this personal data and if the processing is based on consent (Article 6 (1)(a) GDPR) or based on contract (Article 6 (1)(b) GDPR) and if the processing is carried out by automated means.
- Right to object. You have the right to object to the processing of your personal data on the basis of our or a third party's legitimate interest. If you indicate to us a specific situation that you believe justifies us ceasing to process your personal data, we will comply with such a request unless we demonstrate that the grounds for our processing of your personal data override your rights or that your data is necessary for us to establish, assert or defend claims.
- Right to file a complaint to the Supervisory Authority. If you believe that we have violated any of your rights in connection with the processing of your personal data, you may file a complaint with the President of the Office for Personal Data, headquartered in Warsaw, Stawki 2, 00-194 Warsaw. Detailed information on how to file a complaint can be found here: https://uodo.gov.pl/pl/83/155.
- AUTOMATED DECISION MAKING
We will not use any of your personal data for the purpose of profiling or making any automated decisions.
- COOKIES
To enhance the user experience and functionality of the Platform, we may use cookies or other online identifiers. Cookies are small text files that are stored on your computer, phone, tablet, or other device you use when visiting the Platform. Cookies help us manage the Platform and cause it to remember how you use it.
When you visit the Platform it sends cookies to your web browser, where they are automatically stored and then sent back to the server that created them. These mechanisms identify the operating system used on your device, the time zone from which the connection is made, screen size and resolution, etc. These mechanisms are designed to adapt the appearance, size and other parameters of the website to a particular device. This information is not used to identify a specific person. Through this communication and device recognition, cookies enhance the user experience of the Platform and allow us to collect statistical data related to its operation.
In addition to cookies, we use the information contained in system logs (e.g. IP address) resulting from the general rules of connection carried out on the Internet. This information is used for technical purposes related to the administration of our servers. Besides, IP addresses are used to collect general, statistical demographic information (e.g. about the region from which the connection is made).
In managing the Platform, we use our own cookies as well as those from other websites. The Platform generally uses two types of cookies:
- "session" cookies - temporary files that are stored on the device you are using until you leave the Platform or turn off your web browser;
- "permanent" cookies - files stored on the device you are using for the time specified in their parameters or until you delete them from your device yourself; closing your browser has no effect on their continued storage.
Among the above types, the following categories of cookies located on the Platform, the following can be distinguished:
- cookies necessary for the operation of the site - they are necessary to allow you to properly navigate the Platform. Without them, it would be impossible to activate some of the Platform’s functions. In addition, they help us to secure it and are responsible for its intended functionality.
- statistical and analytical files - they identify the number of users who visit the Platform, where they come to the Platform from etc. Thanks to them, we can determine which parts of our Platform are the most popular, which parts do not display properly, and on which parts error messages may appear.
You can block the automatic acceptance or delete stored cookies in the settings of your web browser. Note, however, that such action may adversely affect the operation or some of the functionality of other websites.
In the links below you will find a description of how you can change the cookies in the most popular browsers:
Some of the cookie preference management mechanisms may not have the intended effect if your web browser does not accept cookies. If you change the device or browser you are using, as well as if you completely delete the cookies stored in your browser, you may need to repeat the steps described in this section.
In addition, the above tools (websites) are not the property of the Controller, nor are we involved in their development, so we do not assume any responsibility for their content, nor are we able to guarantee their correct operation and achievement of expected results.
Last revisited: August 2023