GDPR Information

The General Data Protection Regulation (GDPR) is a European Union regulation that came into effect on May 25, 2018. The purpose of GDPR is to strengthen and unify data protection for all individuals within the European Union.

At LiteChat.io, we place the highest importance on the protection of privacy and personal data. This page contains information about how we comply with GDPR requirements and what rights you have regarding the processing of your personal data.

The controller of your personal data is:

NB DEV SP. Z O.O.
Ul. Śląska 22/16
42-200 Częstochowa
Poland

Tax ID (NIP): 5732932332
REGON: 520973361
KRS: 0000946503

If you have questions regarding the processing of your personal data, you can contact us:
- Email: privacy@litechat.io
- Phone: +48 515 262 852
- Contact form on our website

We have appointed a Data Protection Officer whom you can contact regarding matters related to the processing of your personal data and exercising your rights under GDPR.

Contact the Data Protection Officer:
- Email: dpo@litechat.io
- Correspondence address: Data Protection Officer, NB DEV SP. Z O.O., Ul. Śląska 22/16, 42-200 Częstochowa, Poland

Depending on the purpose and legal basis, we may process the following categories of personal data:

1. Account data: first name, last name, email address, password (stored in encrypted form), company data.

2. Payment data: transaction information, payment history (full payment card details are not stored by us, they are processed by external payment service providers).

3. Technical data: IP address, device and browser information, login data, usage statistics.

4. Communication data: content of messages and inquiries directed to us, content of conversations conducted through our live chat system.

5. Marketing data: marketing preferences, history of interactions with our marketing materials.

We process your personal data for the following purposes and on the following legal bases:

1. Performance of a contract (Art. 6(1)(b) GDPR):
- Providing LiteChat.io services
- Managing user accounts
- Processing payments
- Handling communication related to contract performance

2. Legitimate interest (Art. 6(1)(f) GDPR):
- Ensuring the security of services and systems
- Analyzing and improving service quality
- Direct marketing of our own products and services
- Pursuing or defending against claims

3. Legal obligation (Art. 6(1)(c) GDPR):
- Storing accounting and tax documentation
- Fulfilling obligations related to personal data protection
- Responding to requests from law enforcement and other public authorities

4. Consent (Art. 6(1)(a) GDPR):
- Marketing, including sending commercial information electronically
- Use of cookies and similar technologies
- Other purposes that will be clearly defined when collecting consent

Your personal data may be shared with the following categories of recipients:

1. Data processors acting on our behalf:
- Hosting and cloud service providers
- Payment service providers
- CRM and marketing system providers
- Analytical service providers
- Technical support service providers

2. Other controllers:
- Business partners (if necessary for service provision)
- Public authorities (in cases provided by law)

These entities process data based on an agreement with us and only according to our instructions. We exercise due diligence to ensure that all entities to whom we entrust the processing of personal data guarantee the application of appropriate protection measures.

Some of the entities to whom we transfer data may be located outside the European Economic Area (EEA). In such cases, we only transfer data when we provide appropriate safeguards, such as:

1. European Commission adequacy decision confirming an adequate level of protection in the recipient country

2. Standard Contractual Clauses approved by the European Commission

3. Binding Corporate Rules

4. Other appropriate safeguards provided for in the GDPR

You can obtain a copy of these safeguards by contacting us at privacy@litechat.io.

The retention period for your personal data depends on the purpose of processing:

1. Account data: for the duration of having an account in our service and for the limitation period for claims arising from the contract.

2. Payment data: for the period required by tax and accounting regulations (usually 5 years from the end of the calendar year in which the payment was made).

3. Marketing data: until withdrawal of consent or objection.

4. Communication data: for the period of handling the inquiry or complaint, and then for the limitation period for claims.

5. Technical and analytical data: for the period necessary to achieve the purposes, not longer than 2 years from collection.

After the retention period expires, data is permanently deleted or anonymized.

According to GDPR, you have the following rights in connection with the processing of your personal data:

1. Right of access (Art. 15 GDPR) - you have the right to obtain confirmation from us whether we process your personal data, and if so, you have the right to access this data.

2. Right to rectification (Art. 16 GDPR) - you have the right to request the rectification of inaccurate or completion of incomplete personal data.

3. Right to erasure (Art. 17 GDPR) - in certain circumstances, you have the right to request the deletion of your personal data (right to be forgotten).

4. Right to restriction of processing (Art. 18 GDPR) - in certain circumstances, you have the right to request the restriction of processing of your data.

5. Right to data portability (Art. 20 GDPR) - you have the right to receive your data in a structured, commonly used, machine-readable format and the right to transmit this data to another controller.

6. Right to object (Art. 21 GDPR) - you have the right to object at any time to the processing of your data, particularly to processing for direct marketing purposes.

7. Right not to be subject to automated decision-making (Art. 22 GDPR) - you have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you.

8. Right to withdraw consent - if processing is based on consent, you have the right to withdraw it at any time, without affecting the lawfulness of processing based on consent before its withdrawal.

To exercise these rights, contact us or our Data Protection Officer. We will make every effort to fulfill your request within 30 days of receipt.

You have the right to lodge a complaint with a supervisory authority if you believe that the processing of your personal data violates GDPR. In Poland, the supervisory authority is the President of the Office for Personal Data Protection (PUODO):

Urząd Ochrony Danych Osobowych
ul. Stawki 2
00-193 Warsaw
Phone: +48 22 531 03 00
Website: https://uodo.gov.pl

If you are located in another EU country, you can lodge a complaint with the supervisory authority in that country.

The security of your data is our priority. We have implemented appropriate technical and organizational measures to protect your personal data, including:

1. Encryption of data during transmission (SSL) and storage

2. Regular system and software updates

3. Access control and user authentication

4. Regular backups

5. Staff training in data protection

6. Security incident response procedures

7. Regular testing and evaluation of the effectiveness of security measures

Despite taking the above actions, please remember that no system connected to the Internet can guarantee 100% security.

As part of our services, we may use automated data processing to analyze user behavior and personalize content. However, such activities do not produce legal effects concerning you or similarly significantly affect you.

If in the future we introduce any forms of automated decision-making, including profiling, that will have significant effects on you, you will be informed about this, and such processing will be subject to appropriate safeguards in accordance with GDPR requirements.

We may update this information from time to time to reflect changes in our data processing practices, changes in the law, or for other significant reasons. We will inform you of any significant changes via our website or directly by email.

This information was last updated on April 27, 2025.