Turn your website into an AI chatbot in less than 60 seconds with our interactive demo. Show me!

Privacy policy

Privacy policy

Effective Date: January 2024

1. Introduction

Welcome to Gecko Engage (“we,” “us,” or “our”). This Privacy Policy is designed to help you understand how we collect, use, disclose, and safeguard your personal information when you use our services (“Services”). By accessing or using our Services, you agree to the terms of this Privacy Policy.

For the purpose of the Data Protection Act 2018 (the Act) and the UK General Data Protection Regulation (GDPR), Gecko Labs Limited is a company registered in England and Wales with company number 08167863 and its registered office at 86-90 4th Floor Paul Street, London, EC2A 4NE.

A customer refers to an individual or entity that has entered into a contractual relationship with Gecko Engage for the provision of goods or services. A customer may be a natural person, such as an individual consumer, or a legal entity, such as a company or organisation (“Customer”)

2. Information We Collect

Where Gecko Engage operates as the Data Controller, we may collect and process the following data about you which you submit via our website at www.geckoengage.com (“Website“) and/or in relation to the use of our GeckoEngage services (“Services“):

  • Customer Contact information (e.g., name, email address, phone number)
  • User credentials (e.g., username, password)
  • Customer details (e.g., name, address, email address)
  • Payment information (e.g. on payment of invoices)
  • Usage data (e.g. IP addresses, device information, browser type, pages viewed, date and time of your visit). This is statistical data about website users’ browsing actions, patterns and does not identify any individual.

Where a Customer provides any details relating to a third party, you must have obtained permission from the individuals whose data you provide us with before sharing that information with us.

Where you are using the Services of Gecko Engage directly, Gecko Engage acts as the Data Controller.

Where users of the Services are accessing via the Customer, the Customer acts as the Data Controller. Gecko Engage shall process data on behalf of the Customer.

Our website is not intended for individuals under the age of 16. We do not knowingly collect, use, or disclose personal information from children under this age threshold. If we become aware that we have inadvertently gathered information from a user under 16 years old, we will promptly take steps to delete such data from our records. Parents or legal guardians are encouraged to monitor their children’s online activities and use appropriate parental controls to help create a safe online environment. By using our website, you affirm that you are 16 years of age or older, and you understand and agree to comply with our policies. For any concerns regarding the privacy of minors or to report any potential violations, please contact us at privacy@geckoengage.com.

3. Cookies and Similar Technologies

We use cookies and similar technologies to enhance your experience, analyse trends, administer the website and gather demographic information about our user base. A cookie is a small file of letters and numbers that we put on your computer if you agree. The cookies we use are “analytical” cookies. They allow us to recognise and count the number of visitors and to see how visitors move around the site when they are using it. This helps us to improve the way our Website works, for example by ensuring that users are finding what they are looking for easily. You can change your website browser settings to reject cookies, although this may impair the functionality of our Website.

You can control and/or delete cookies as you wish. You can delete all cookies that are already on your device, and you can set most browsers to prevent them from being placed. If you do this, however, you may have to manually adjust some preferences every time you visit our site, and some features may not work as intended.

We may update our Cookie Policy from time to time. Please review this policy periodically for any changes. The date at the top of this page indicates when it was last updated.

4. How We Use Your Information

We use the collected information for the following purposes:

  • To ensure that content from the Website is presented in the most effective manner for you and for your computer.
  • To provide you with information, products or services that you request from us or which we feel may interest you, where you have consented to be contacted for such purposes.
  • To carry out our obligations arising from any contracts entered into between you and us.
  • To notify you about changes to the Website. To enable us to provide the Service and comply with our obligations under the Agreement we enter into with you to provide the Service.
  • If you are an existing customer, we will only contact you by electronic means (e-mail or SMS) with information about goods and services similar to those which were the subject of a previous sale to you.
  • If you are a new customer, and where we permit selected third parties to use your data, we (or they) will contact you by electronic means only if you have consented to this.

5. Disclosure of Your Information

We may disclose your personal information within Gecko for the purpose of the provision of our services. We may also share your information with third parties in the following circumstances:

  • With your consent
  • To comply with legal obligations
  • In connection with a merger, acquisition, or sale of all or a portion of our assets
  • To protect our rights, property, or safety, or that of our users or others

6. Legal basis of processing

We are committed to complying with relevant data protection laws. Data protection law requires us to meet at least one “legal ground” for processing, currently set out in Article 6 of the UK General Data Protection Regulation. The grounds applicable to the personal data to which this notice relates are as follows:

  • Where the processing is necessary for compliance with a legal obligation to which we are subject, that is the ground on which we are processing that data;
  • Where processing is necessary for the purposes of our legitimate interests or the legitimate interests of a third party, that is the ground on which we are processing that data, provided that your interests or fundamental rights and freedoms which require protection of your data do not override those legitimate interests (our legitimate interests comprise the management, marketing and promotion of our business and services);
  • If you have given your consent to our processing the data, that is the basis on which we are processing that data.
  • If more than one of the above grounds apply to the processing of data in question, the applicable ground will be the one that is set out first above. If one of the above grounds ceases to apply to the processing of data in question, but other grounds continue to apply, we will be entitled to continue processing pursuant to the next applicable ground.
  • Special categories of personal data – If you provide us with any special categories of personal data (that is to say information as to racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, physical or mental health, sex life or sexual orientation or genetic or biometric data) or personal data relating to criminal convictions and offences, it is a condition of us receiving that information that you expressly consent (and you hereby do) to us processing that personal data. Accordingly, if you do not want us to process any such categories of personal data, please do not provide it to us.

7. Security

We implement reasonable security measures to protect your information. We adhere to the ISO 27001 and SOC 2 security standards to ensure the confidentiality, integrity, and availability of your information. Our security measures include, but are not limited to:

  • Regular risk assessments
  • Information security policies and procedures
  • Access controls and authentication mechanisms
  • Encryption of sensitive data
  • Incident response and management protocols

While privacy laws may vary between jurisdictions, we are committed to protecting your information in accordance with appropriate lawful mechanisms and contractual terms requiring adequate data protection.

Your information may be transferred and processed outside of the UK. We adhere to applicable legal regulations including:

  • Complying with the UK GDPR for data transfers within the European Economic Area (EEA);
  • Implementing appropriate safeguards, such as Standard Contractual Clauses (SCCs), for transfers to countries without an adequacy decision;
  • Adhering to the privacy laws and regulations of specific countries or regions when transferring data to those locations

By using our Services, you consent to such transfers and adherence to relevant legal regulations.

A full list of our third party Service providers/Sub-processors can be found at our Gecko Trust Page.

By using our Services, you consent and agree with the Sub-processors we use. When we make changes to the list of sub-processors, we will provide you with an update via email.

You acknowledge and accept that countries outside the EEA may not provide the same level of adequate protection for the rights and freedoms of data subjects in relation to the processing of personal data. Where information is transferred outside the EEA, we will endeavour to implement appropriate safeguards.

Where a password is required to access certain parts of the Website or Service, you are responsible for keeping this password confidential. We ask you not to share a password with anyone. Unfortunately, the transmission of information via the internet is not completely secure. Although we will do our best to protect your personal data, we cannot guarantee the security of your data transmitted to the Website; any transmission is at your own risk. Once we have received your information, we will use strict procedures and security features to try to prevent unauthorised access.

8. Your Rights

Under data protection laws, you have various rights in relation to your personal data. Customer employees and students should contact the Customer in the first instance as their Data Controller.

The Data Controller is primarily responsible for ensuring you can exercise these rights and the Data Processor shall assist the Data Controller to effectively exercise your rights.

You have the right to ask us not to process your personal data for marketing purposes. We will usually inform you (before collecting your data) if we intend to use your data for such purposes or if we intend to disclose your information to any third party for such purposes.
You can exercise your right to prevent such processing by checking certain boxes on the forms we use to collect your data.

The Website may, from time to time, contain links to and from the websites of our partner networks, advertisers, and affiliates. If you follow a link to any of these websites, please note that these websites have their own privacy policies and that we do not accept any responsibility or liability for these policies. Please check these policies before you submit any personal data to these websites.

You have the ability to request access to information held about you. Any requests that are deemed to be excessive, repetitive or manifestly unfounded requests may incur additional administration fees in order to process such requests or refuse to act on such requests. Where we are required to provide a copy of the Personal Data, this will be provided in a mutually agreed format. Any further copies requested may be subject to reasonable fees.

Where you exercise any of your rights, we may notify third parties to whom such Personal Data has been disclosed of such request. However, such third parties may have the right to retain and continue to process such personal data in its own right.

You can exercise your rights at any time by contacting us using privacy@geckoengage.com. We will work to respond to a valid request within a 30 day period of receipt under GDPR and 45 days of receipt under CPPA/CPRA.

9. Retention

We will retain copies of your Personal Data in a form that permits identification only for as long as is necessary in connection with the purposes set out in this Policy, unless applicable law requires a longer retention period. To determine the appropriate retention period for Personal Data, we consider the amount, nature, and sensitivity of the Personal Data, potential risk of harm from unauthorised use or disclosure of your Personal Data, purposes for which we process your Personal Data and whether we can achieve those purposes through other means, and applicable legal requirements. We will retain Customers of our services Personal Data for so long as a Customer’s account remains in existence or as needed to provide our services, to comply with our legal obligations, to resolve disputes, and to enforce our agreements.

Where you require that we delete any personal data which has been provided by you or any third party end user of Service, we will comply with any written request to do so.

10. Updates to this Privacy Policy

We may update this Privacy Policy periodically. The effective date at the top of the policy indicates when it was last revised.

11. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy, please contact us at privacy@geckoengage.com.