30-Day Guarantee - Zero risk

Legal

GDPR and Data Protection

Contaktly is designed to support customers operating under UK GDPR and EU GDPR requirements. Here is how we handle data protection in practice.

Contaktly is designed to support customers operating under UK GDPR and EU GDPR requirements.

We act as a data processor, meaning we process personal data on your behalf. You, as the customer, remain the data controller and determine how and why that data is collected.

What This Means in Practice

When using Contaktly:

You control what data is collected through your website and chatbot
You decide how that data is used (e.g. qualification, follow-up, outreach)
We process that data solely to provide the Contaktly service

We do not use your customer data for our own marketing or commercial purposes.

Types of Personal Data Processed

Depending on how you configure Contaktly, this may include:

Names
Email addresses
Phone numbers
Company information
Conversation content between visitors and the chatbot

All data is processed strictly within the scope of providing the service.

Lawful Basis and Consent

As the data controller, you are responsible for ensuring you have a lawful basis for processing personal data.

This typically includes:

Obtaining consent through your website (e.g. cookie banners, chat disclosures)
Providing appropriate privacy notices to visitors

Contaktly can be configured to support these requirements, but responsibility remains with the website owner.

Data Subject Rights

We support our customers in responding to data subject requests, including:

Access to personal data
Rectification of inaccurate data
Erasure ("right to be forgotten")
Restriction of processing
Data portability

If required, we can assist in locating and deleting user data within the platform.

Data Retention and Deletion

You remain in control of how long data is stored.

Contaktly allows you to:

Delete individual conversations or contacts
Remove data upon request
Request full account data deletion

We do not retain personal data longer than necessary to provide the service.

Data Processing Agreements

We can provide a Data Processing Agreement (DPA) upon request.

This outlines:

Roles and responsibilities
Security measures
Data handling practices
Sub-processors

To request a DPA, please contact: privacy@contaktly.com

International Data Transfers

Where data is processed outside of the UK or EU, we ensure appropriate safeguards are in place, such as:

Standard Contractual Clauses (SCCs)
Use of trusted infrastructure providers with compliant frameworks

Sub-Processors

We rely on carefully selected third-party providers (e.g. hosting, messaging infrastructure) to deliver the service.

These providers are:

Security-reviewed
Bound by data protection obligations
Limited to processing data only as required

Our Commitment

We build Contaktly with privacy in mind.

That means:

Minimising the data we collect
Limiting access internally
Ensuring data is only used to deliver the service
Continuously improving our practices

If you have any questions about data protection or would like to request a DPA, please contact privacy@contaktly.com