Skip to main content
Last updated

June 19, 2024

Cookies

Purchase conversion statistics is Bambuser's feature which measures how much revenue a certain video brings. It does that via setting up cookies on viewer's browser once they first initiate the video (clicking on a CTA button). The conversion statistics gives a video a measurable "score" which can, among other things, be used to constantly improve your live stream videos.

There are currently a number of Cookies being set once viewers interact with the Bambuser Widget (Player, Calls Widget or Messenger). Each cookie has a different name, expiration date and purpose and may be set for only one of the products. A full description of each cookie is described in the table below.

NameExpiration dateProductDescription
_bamls_cuid1 year
  • One to Many
  • One to One
Unique identifier for a workspace. Used as a common denominator for all tracking performed by Bambuser to easily enable reporting in workspaces for the Customer.
_bamls_usid1 year
  • One to Many
  • One to One
Unique identifier for a user. Used to attribute Bambuser statistics to a single site user.
_bamls_seid30 min
  • One to Many
  • One to One
Unique identifier for a session in which a Bambuser video was watched. Used in tracking to attribute statistics to a single session.
_bamls_caid30 days
  • One to One
Unique identifier for the last Bambuser call that the user had on the Customer's website. Used to attribute Bambuser statistics to a specific customer interaction.
_bamls_shid30 days
  • One to Many
Unique identifier for a Bambuser video. Used to attribute statistics to a single video. This also - similar to source/medium in Google Analytics - enables attribution of purchases (that do not occur within the embedded stream) towards the video.
_bamls_lits30 days
  • One to Many
The timestamp for the last known interaction in a Bambuser video. This is used in conjunction with _bamls_shid to measure at what point in time after a user viewed a video, the actual purchase was made.
hero-session-* (* is replaced by your application ID)1 year
  • BamChat
Contains a unique visitor ID for anonymous users. Also contains a session ID when the user starts to actively use the product.
hero-state-* (* is replaced by your application ID)1 year
  • BamChat
Current messenger state to offer a consistent user experience across page loads (plugin opening state, etc)
hero-associate-dataUsually 30 days (depends on the attribution window configuration of the retailer)
  • BamChat
After an interaction with a store expert, this cookie contains the expert employee ID (or any identifier provided by the retailer) and is used to share attribution context with the website.
hero-user-id1 month
  • BamChat
User ID when the user starts to actively use the product.
hero-tracking:ID (ID is replaced by the Merchant application ID)1 year
  • BamChat
Provides the key functionality in the product of assisted shopping which allows the store expert to see the last shopping actions from the user
hero-experiment:ID (ID is replaced by the Merchant application ID)1 year
  • BamChat
When running an A/B, it helps keep track in which variant/bucket the user was assigned


note

Notice that all the cookies are video-related/call-related and do not process any personal data

Steps

  1. The viewer watches a video, participate in a call, or chat with an agent
  2. A subset of the above cookies will be written in the consumer's browser depending on what product they interacted with
  3. Consumer buy and completes the checkout
  4. If cookies exist (means the user has watched a video, had a call or used the chat in the last 30 days), some basic purchase data will be sent to Bambuser
  5. Purchases and revenue will be displayed inside the Bambuser Dashboard for the relevant workspace
note

If cookies are not set (end user opts-out on customer side), it will not affect their live shopping experience.

You can read about how to implement Conversion Tracking here.




Last updated

November 25, 2021

Sub-processors

The following sub-processors may Process the Personal Data:

Live

  • Company name: Amazon Web Services
  • Country of establishment: US
  • Country of processing: US, Ireland or Japan. Other regions may be available from time to time and presented to Customer. Region is automatically selected based on geographical location of the Host unless otherwise requested by Customer.
  • Type of processor: Cloud service provider

  • Company name: Google Cloud Platform
  • Country of establishment: US
  • Country of processing: US or EU (Belgium or the Netherlands, at Google’s option), at Customer’s option.
  • Type of processor: Cloud service provider

  • Company name: ServiceNow Nederland B.V.
  • Country of establishment: Netherlands
  • Country of processing: Ireland and the Netherlands
  • Type of processor: Customer support function

  • Only for customers using the dubbing features
  • Company Name: Sieve
  • Country of establishment: US
  • Country of processing: US
  • Nature of Processing: Sieve will be engaged to alter voices in videos and change the language of the voices. This involves the Processing of voice data (audio files) for the purposes of modification and translation.
  • Categories of Data Subjects: The categories of Data Subjects remain consistent with those outlined in the existing DPA, including but not limited to, individuals appearing in videos provided by the Data Controller.
  • Type of Personal Data Processed: Audio files containing voice data, which may include identifiable information such as voice characteristics.
  • Transfer mechanism: Standard Contractual Clauses

Video Consultation

  • Company name: Amazon Web Services
  • Country of establishment: US
  • Country of processing: US or Ireland, at Customer’s option
  • Type of processor: Cloud service provider

  • Company name: Google Cloud Platform
  • Country of establishment: US
  • Country of processing: US or EU (Belgium or the Netherlands, at Google’s option), at Customer’s option.
  • Type of processor: Cloud service provider

  • Company name: ServiceNow Nederland B.V.
  • Country of establishment: Netherlands
  • Country of processing: Ireland and the Netherlands
  • Type of processor: Customer support function

Bamchat

  • Company name: Amazon Web Services
  • Country of establishment: US
  • Country of processing: US or Ireland, at Customer’s option
  • Type of processor: Cloud service provider

  • Company name: MongoDB Atlas (formerly mLabs)
  • Country of establishment: Ireland
  • Country of processing: Ireland.
  • Type of processor: Database service provider

  • Company name: Twilio
  • Country of establishment: USA
  • Country of processing: USA
  • Type of processor: Messaging service
  • Transfer mechanism: SCC



Last updated

June 19, 2024

Supported browsers and operating systems:

Live

Dashboard Web

  • Chrome - Latest two major releases
  • Firefox - Latest two major releases
  • Safari - Latest two major releases
  • Edge Chromium - Latest two major releases
  • Opera - Latest two major releases

Broadcaster Apps

iOS
  • Latest two major releases
Android
  • Android 5.0 / API 21

Player

TBD

Video Consultation

Dashboard Web

  • Chrome - Latest two major releases
  • Firefox - Latest two major releases
  • Safari - Latest two major releases
  • Edge Chromium - Latest two major releases
  • Opera - Latest two major releases

Agent mobile apps

iOS
  • iOS 14 or later (iOS 14 was released Q4 2020)
Android
  • Android 5.0 / API 21

Calls Widget

  • Chrome 65 or later (Chrome 65 was released Q1 2018)
  • Microsoft Edge Chromium (any Edge after version 18)
  • Firefox 62 or later (Firefox 62 was released Q4 2018)
  • Safari 13 or later (iOS 13 was released Q4 2019)
  • Samsung Browser (latest available major releases of Samsung browsers run on Samsung phone released in past three years)
  • Opera Browser - latest two major releases.

Agent-Tool Web

  • Chrome - Latest two major releases.
  • Edge Chromium - Latest two major releases.
  • Safari - Latest two major releases.
Special cases:

Chrome on iOS only works when run on iOS 13.4 or later. The optional feature co-browsing depends on a Chrome extension and is therefore not supported in Agent-tool Safari.




Last updated

October 31, 2024

Prohibited markets

Bambuser will not deliver any service to the following markets (the list may be update from time to time at Bambuser's discretion)

  • Belarus
  • Cuba
  • Central African Republic
  • Iran
  • Iraq
  • Lebanon
  • Libya
  • Myanmar (Burma)
  • Nicaragua
  • North Korea
  • Russia
  • Venezuela
  • Somalia
  • Syria
  • Ukraine
  • Yemen
  • Zimbabwe



Last updated

December 9, 2021

Technical and Organizational Measures

This section contains a list of the technical and organizational measures which are applied by Bambuser. The measures are designed to:

  • Safeguard the security and confidentiality of Personal Data, by following the principles of privacy by design.
  • Protect against any anticipated threats or hazards to the security and integrity of Personal Data.
  • Protect against any actual unauthorized processing, loss, use, disclosure or acquisition of or access to any Personal Data.

Policies

The organization has comprehensive policies for information security that are approved by management, published and effectively communicated to all employees and relevant external parties.

Organizational Controls

  • All recruitments follow a screening process.
  • A security and awareness program is implemented where participitation is mandatory for all employees.
  • Employees and contract workers sign confidentiality agreements prior to commencing employment.
  • Bambuser’s comprehensive Staff handbook includes a discrimination policy and a equality policy.
  • Bambuser’s general recommendations regarding security measurement for personal devices are shared to all employees and consultants and is a part of the onboarding process. Employees and consultants are bound to follow policies by contract.
  • Regular internal security audits are conducted to verify the security practice.
  • Bambuser maintains internal data processing policies and procedures, process descriptions and regulations for programming.

Physical Security

  • Access control and visitor management systems are implemented for all visitors/guests at Bambuser’s Headquater.
  • Physical access reviews are performed periodically.
  • Clean desk, clear screen and follow me printing are implemented.
  • Fire alarm and fire-fighting systems implemented for employee safety.
  • Fire evacuation drills are conducted at specified frequencies.

Data security and confidentiaity

Bambuser have implemented security measures to protect data confidentiality, integrity, and availability throughout the data lifecycle, from creation until deletion.

Such measures is designed to implement confidentiality and integrity of processing systems and services and include requirements for the protection of data during transmission and storage. Based on a risk assessment Bambuser will undertake a level of security appropriate to the risk, including:

  • Full-disc encryption enabled on mobile devices.
  • Vendor-supplied updates installed automatically on mobile devices.
  • E-mails automatically scanned by anti-virus and anti-spam software.
  • An MDM tool installed on all Bambuser owned mobile devices.
  • All information applies encryption and protection in relation to classification.
  • All connectivity is encrypted with TLS 1.2 or higher.
  • Intrusion detection software is run continuously.
  • Pseudonymization and encryption of Personal Data where applicable.
  • Customer Data (including back-ups and archives) only be stored for as long as it serves the purposes for which the data was collected.
  • Information and documents are classified according to the information classification guidelines.

Data Access Management

Bambuser have implemented measures to provide security throughout the identity and access management lifecycle by ensuring access to data and systems are provisioned to the authorised people through correct channels. Measures includes:

  • Access to systems is provided on a ‘need to know’ and ‘need to access’ basis taking into account segregation of duties.
  • Proper controls implemented for requesting, approving, granting, modifying, and revoking user access to systems and applications are implemented.
  • All access to critical applications is reviewed at least annually.
  • All access requests need to be approved by a manager or the appointed asset owner.
  • All access requests are approved based on individual role-based access.
  • Multi-factor authentication enabled where available.
  • Passwords meet password complexity requirements as defined in a password policy.

Access Control to Personal Data.

Employees with access to personal data can only access the data that are necessary for the purpose of the activities under their responsibility. Access logs are in place and the responsibility for access control is assigned. Following measures are in place:

  • Obligation for employees to comply with the applicable Bambuser security policies and data protection policies.
  • Work instructions on handling personal data.
  • Identity authentication needed for access to Personal Data.
  • Only employees with a clear business need are allowed to access Personal Data located on servers, within applications or databases.

Change Management

  • Each change must be documented and the change should not be completed until tested, reviewed, and approved according to defined change management procedures.
  • Development follows the stipulated SDLC (Software development life cycle).
  • All changes are tracked with a version control system.
  • Automated scanning tools (SAST, DAST, and dependency scanning) are continuously used to find and resolve security problems.
  • All code changes must pass automated testing and peer review before being merged to the main code repository branch.

Information security incident management

  • Management responsibilities and procedures have been established to safeguard a quick, effective and orderly response to information security incidents, within defined timeframes in the GDPR.
  • A formal reporting procedure or guideline exists for users, to report security weaknesses in, or threats to, systems or services.
  • There is a procedure for assessing information security problems and issues and classifying them as information security incidents.
  • There are documented procedures in place for responding to information security incidents including reporting security incidents through appropriate management channels as quickly as possible.

Business Continuity and Disaster Recovery

Bambuser protects critical business processes from the effects of major failures of information systems or disasters and ensures their timely resumption in the event of an incident. These measures must include requirements for ensuring the ongoing availability and resilience of processing systems and services and for the ability to restore availability and access to data in a timely manner in the event of an incident.

Measures include:

  • Implementation of a disaster recovery program that focuses on making information systems resilient against failures and disasters.
  • Performance of data backups to enable resumption of system operations in an event of failure.
  • Replication of data across multiple data center regions.
  • Regular disaster recovery tests and, based on the learning from these tests, work to update and improve disaster recovery processes.

**Threat and Vulnerability Management **

Bambuser will maintain measures meant to identify, manage, mitigate and/or remediate vulnerabilities within the Bambuser environments. Security measures include:

  • Patch management
  • Anti-virus / anti-malware
  • Threat notification advisories
  • Vulnerability scanning
  • Periodic penetration testing

Network Security

Bambuser implemented measures to securely design, protect and manage the supporting cloud network infrastructure. Measures include:

  • Cloud security groups act as firewalls between different services. This setup will only allow explicitly declared communications to take place.
  • Web Application Firewalls in front of the internet-facing services.

Cloud providers

Bambuser uses the following cloud providers for its services:

Our sub-processors have provided adequate guarantees on the protection of personal data they process on our behalf.




Last updated

May 9, 2023

Service Level Agreement

This Service Level Agreement shall apply to the Bambuser Solution as from the first live video/call session. Any defect or error occurring prior to this date shall be remedied by Bambuser within a commercially reasonable time. Customer further acknowledge that this Service Level Agreement only applies to the availability of the Bambuser Solution

1 Service levels

1.1 Bambuser shall use commercially reasonable efforts to make the Bambuser Solution available 24/7/365.

Business incident support team is available Monday through Friday, CET, business hours (the “Incident Support Hours”). The Response Times set forth in the tables below applies within the Incident Support Hours. Other support cases not defined as incidents are managed by the Customer Success Manager (“CSM”). The availability of the CSM is Monday through Friday applicable business hours of the region that the Customer is domiciled.

1.2 Upon Bambuser's failure to uphold agreed availability during a calendar month, the Customer shall, as sole and exclusive remedy, be entitled to a one-time reduction of the monthly Subscription License Fee applicable for such month in accordance with the table below:

Availability in %> Service Level Credit (calculated on an aggregated level)
<99,805% of the monthly Subscription License Fee
<99,0010 % of the monthly Subscription License Fee
<98,0015% of the monthly Subscription License Fee
<97,0020 % of the monthly Subscription License Fee

1.3 To gain service level credits, the Customer must request such service level credit from Bambuser in writing via their designated account manager. Service level credits shall, unless otherwise agreed between the Parties, be settled against the next invoice or refunded by Bambuser, at Bambuser's discretion.

1.4 In order to receive service level credits, the Customer must notify Bambuser when the first occurrence of failure to uphold agreed availability becomes known to Customer, by immediately sending an email to support@bambuser.com. The Customer's notification must include the date and times of alleged unavailability.

1.5 Bambuser is not liable for any deviations from the agreed availability caused by any event outside Bambuser’s reasonable control, Customer's negligence or misuse of the Service, Customer's external communication solution including deficit internet access or a Force Majeure Event. Accordingly, Customer shall not be entitled to any services credit or other compensation from Bambuser.

1.6 Incident reporting and levels of Priority

All incidents must be reported to support@bambuser.com and include the following information where relevant:

- Org ID

- User ID

- Show ID

- Client's suspected level of Priority

- User Name

- Time when behavior was first noticed

- Website URL where the problem is occurring

- Device or Devices and their operating systems where the behavior is occurring

- Description of what is not functioning as expected and how to replicate the behavior

- Screenshots or video captures showing the problem

1.7 An incident shall be considered reported from the timestamp of the email sent to support@bambuser.com including sufficient information (as specified in Section 1.6 above) for the Bambuser staff to begin investigating the incident. Incidents with insufficient information will not be deemed as reported until such time as relevant details are provided, at which time they shall be considered reported from the timestamp on the email containing the necessary information.

1.8 After an incident has been reported it will be reviewed by Bambuser and a decision will be made as to the level of Priority of the incident as proposed by the Customer when it was reported. The incident reported will then be responded to within the response time stipulated in table below for the level of Priority that has been decided by Bambuser. Final decision on an incident's classification regarding priority level shall always reside with Bambuser.

1.9 The Bambuser Support team will endeavor to restore service within the time period specified by each level of priority. The Bambuser Support team will endeavor to resolve the underlying problem with the service within the time period specified by each level of priority.

Live

Priority LevelDescriptionExampleResponse Time (Minutes)Restoration of Service (Hours)
CriticalA serious incident where Bambuser Solution is unavailable or available but critical functionality or features cannot be utilized.- Video cannot be uploaded via app, RTMP or dashboard
- Videos will not play as either live or recorded
305
SignificantIncident not considered a Critical or Other incident.- The ability for the Customer to communicate with Live Video Participant is impacted and vice versa.
- Video or audio stream is unstable.
- Ability to chat is not working.
4511
OtherMinor incidents not affecting the performance or operation of the Bambuser Solution.- Esthetic issues
- Minor documentation error
60M

Video Consultation

Priority LevelDescriptionExampleResponse Time (Minutes)Restoration of Service (Hours)
CriticalA serious incident where Bambuser Solution is unavailable or available but critical functionality or features cannot be utilized.- Video cannot be uploaded via app, RTMP or dashboard
- Videos will not play as either live or recorded
305
SignificantIncident not considered a Critical or Other incident.- The ability for the Customer to communicate with Live Video Participant is impacted and vice versa.
- Video or audio stream is unstable.
4511
OtherMinor incidents not affecting the performance or operation of the Bambuser Solution.- Esthetic issues
- Minor documentation error
60M



Last updated

June 24, 2024

Technical Specification Live

General technical description of Live

Live is a cloud-based service that enables the Customer to broadcast live video streaming with an integrated shopping feature. Live is an in-house developed software dependent on third-party services by AWS and Google Cloud. These third-party services are distributed by Bambuser (embedded in Live) and are not to be used on a stand-alone basis by the Customer. Live is built partly using open source software and the Customer acknowledges that Bambuser is using industry standard open source products.

To achieve the optimal user experience, Live requires either (i) a commitment from the Customer to implement the necessary JavaScript code on the Customer's website (often less than 100 rows), and optionally (ii) set iframe policies allowing the Customer's site to be embedded on itself (i.e. using X-Frame-Options and/or Content-Security-Policy headers).

Bambuser Solution

Live Applications
Bambuser Player the embedded JavaScript library that creates the customized player on the Customer's website for the live video.
Bambuser App the application used to broadcast a live video
Bambuser Dashboard the web application where Customer can access their different workspaces to set up live videos and assign Hosts. The Customer can also add and remove users, add products to be displayed in the live videos, moderate the product display and moderate the chat function.

A Customer may choose to split up their operations and reporting into multiple workspaces which will be subject to additional fees. For example, the Customer can have a multiple workspaces for different brands or departments within the Customer's organization. Each workspace can have multiple Hosts and multiple live videos can be broadcasted simultaneously within a workspace. Reporting and analytics are available in the Bambuser Dashboard for each workspace.




Last updated

June 24, 2024

Technical Specification Video Consultation

General technical description of Video Consultation

Video Consultation is a cloud-based service that enables the Customer to interact with consumers via a one-to-one call (video/audio and chat) with interactive features such as, compare, highlight and add-to-cart.

Video Consultation can be used by a Customer to facilitate calls between a visitor on the Customer's website and an agent who can assist, educate or sell products to potential customers. Video Consultation also allows the Customer's agent to schedule consultations for consumers by distributing invite links. All products discussed in a call can be highlighted, compared with other products, added to the cart and purchased during or after the one-to-one experience. The products are inserted in the native cart/check out on the Customer's website and no transactions take place within Video Consultation.

Video Consultation is an in-house developed software dependent on third party services by AWS and Google Cloud. These third party services are distributed by Bambuser (embedded in Video Consultation) and are not to be used on a stand-alone basis by the Customer. Video Consultation is built partly using open source software and the Customer acknowledges that Bambuser is using industry standard open source products. Bambuser follows the applicable licenses such as MIT and Apache.

Bambuser Solution

Video Consultation Applications
Bambuser Agent Tool the web application/mobile app used by the Agent to handle incoming video calls, which includes booked consultations Web based Calls Widget with interactive features (for web, iOS & Android)
Bambuser Calls Widget the embedded java script library that creates the customized call UI on the Customer's website.
Bambuser Dashboard the web application where Customer can access their different workspaces to configure video calls and assign Agents. The Customer can also add and remove users, see and download analytics of calls, create themes and configure settings for the Calls Widget.

A Customer may choose to split up their operations and reporting into multiple workspaces which will be subject to additional fees. For example, the Customer can have a multiple workspaces for different brands or departments within the Customer's organization. Each workspace can have multiple Agents/Users, Queues and Services. Reporting and analytics are available in the Bambuser Dashboard for each workspace.




Last updated

June 19, 2024

Technical Specification Bamchat

General technical description of BamChat

BamChat is a cloud-based service that can be used by a Customer to facilitate text based messaging between a visitor on the Customer's website and an agent who can assist, educate or sell products to potential customers. Subject to Customer’s implementation and configuration, agents can use the catalog feature to share recommended products in the chat, or the video feature to convert the chat into a video call, or use the Contacts feature to stay in touch with a customer via SMS, email or WhatsApp after the chat experience. The checkout experience requires the native cart/check out of the Customer’s website and no transactions take place within BamChat.

BamChat is an in-house developed software dependent on third party services by AWS, Twilio and Google Cloud. These third party services are distributed by Bambuser (embedded in BamChat) and are not to be used on a stand-alone basis by the Customer.

Bambuser Solution

BamChat Applications
BamChat store app the web application/mobile app used by the Agent to handle incoming chat requests. This app is available on AppStore for iOS and Google Play for Android. The Customer manages the Authorized Users that can use this app in the Bambuser Dashboard (All Doors) app.
BamChat Messenger Widget the embedded java script library that creates the widget on the Customer's website where visitors can start a chat with Authorized Users of the BamChat store app.
Bambuser Dashboard (also referred as “All Doors”) provides access to analytics relating to overall and individual Authorized Users performance in using the BamChat software. The Bambuser Dashboard includes management and configuration tooling and is available at a specific URL to be provided by Bambuser. Accounts to the Bambuser Dashboard are set per nominated user. Login is via a username and password created by a user on first login after an account has been provisioned by Bambuser.



Last updated

June 24, 2024

Implementation Services And Onboarding For Live

note

This process applies for Customers’ purchasing the solution from Bambuser directly and not via a partner or reseller to Bambuser. Customers further acknowledge that detailed technical requirements are outlined in the Bambuser documentation.

Integration and implementation

A complete integration of the Bambuser Solution requires purpose-built JavaScript for administering the communication between the Bambuser Player and the Customer's on-site cart.

Implementation services constitute a best-effort endeavor, meaning that in certain cases assistance from the Customer's technology staff may be required.

Inter alia, the Customer is responsible for

(i) the whitelisting of the Bambuser servers to enable the functionality of critical features such as embed script, magic link login, product scraper, Dashboard backends, webhooks and image transformer of the Bambuser Solution. (In the event that the Bambuser Solution should be implemented on a website which is geo-protected, protected by a log in requirement or any other measure that restricts access, it shall be the responsibility of the Customer to grant access to Bambuser to test the integration.)

(ii) ensuring that the integration of the Bambuser code is not modified between the sharp test and the first live video.

Bambuser will for customers (with the exception for ignite, light and base tiers customer)

(i) Provide the Customer with a checklist and instructions for how to carry out a sharp test to ensure successful integration and use of the Bambuser Solution. After the sharp test, our integration specialists will perform a high-level quality check of Player behavior on your website and provide feedback to the Customer if anything needs to be adjusted before the first live video.

(ii) Bambuser will make available to Customer all necessary information and specifications required to enable Customer to meet its responsibilities specified in Customer Responsibilities.

Onboarding

When the Subscription Order is signed by the Parties, Bambuser will support the Customer in the integration and onboarding process with staff specially trained in these areas. In general terms, Bambuser's "Customer Success Staff" will handle the onboarding of the Customer including project management, Customer contact and staff training, while Bambuser's integration team will act as technical support to assist the Customer with coaching and knowledge sharing when integrating the Bambuser Solution with the Customer's e-commerce platform.

Bambuser will assign an account manager to the Customer's account who is appropriately qualified in the fields necessary to provide the Services. The account manager will be the main point of contact and will coordinate a successful launch for the Customer's brands, referred to as the "Onboarding". The Onboarding serves as the technical alignment streamlined with the Customer's integration where the Customer receives all user necessary details in order to successfully launch the live videos. The client manager will serve as the primary Customer contact for the duration of the Subscription Order. The account manager will host recurring meetings, follow up key KPI:s, and provide the Customer with suitable 'best practice' cases as well as suggestions for improvement.

Customer Responsibilities

The Customer is responsible for creating a promotional plan driving to each live video.

The Customer is responsible for creating their own look and feel (brand) of the Player through the theming and configuration capabilities in Bambuser Dashboard.

The Customer is required to autonomously design and upload for welcome pause and end screens (curtains).

The Customer is required to provide legal chat terms applicable for the live video participant/viewer per market reflecting the restrictions detailed in the Agreement.

The Customer is required to approve Bambuser Player wording for all additional languages.

The Customer is required to manage user access to the Bambuser Dashboard.

The Customer is required to schedule tests and live broadcasts using the Bambuser Dashboard.

The Customer is required to embed the Bambuser Player on a webpage pertaining to the Customer. The Bambuser Player contains cookies available here which will automatically be installed by the embedment. Whenever applicable, Customer shall obtain necessary consent from live video participant/viewer in relation to such Cookies. Customer shall also implement the Conversion Library Script and maintain the usage of it, as further instructed by Bambuser.

The Customer is responsible for the production of the Content for the broadcast.

The Customer is required to notify Bambuser within a reasonable time frame (minimum 48h) for Bambuser to perform Integration Check. (The Integration Check process involves the Bambuser Support team conducting a high-level review of Bambuser’s product functionality on the Customer’s website. However, since the Customer possesses a deeper understanding of the specific setup and nuances of their platform, Bambuser cannot guarantee the correctness of the integration.)

The Customer is responsible for providing Bambuser with a URL of the landing page where the Bambuser Solution is embedded on its website as well as a contact person and the contact details to that person during the live video so that Bambuser may proactively bring any issues to the Customers attention under monitoring.

For the purpose of broadcasting a live video, the Customer may only use the operating system on their devices that is not more than one (1) generation older/behind than the current version.

The Customer is responsible to ensure it has equipment (of appropriate specification and compatible with the Applications and the Service) and sufficient Internet connection to enable the Customer to connect to the Applications and benefit from the Services.

Supported browsers and operating system can be found here.




Last updated

June 24, 2024

Implementation Services And Onboarding For Video Consultation

note

This process applies for Customers’ purchasing the solution from Bambuser directly and not via a partner or reseller to Bambuser. Customers further acknowledge that detailed technical requirements are outlined in the Bambuser documentation.

Integration and implementation

A complete integration of Video Consultation requires purpose-built JavaScript for administering the communication between the Bambuser Calls Widget and the Customer's on-site cart.

Implementation services constitute a best-effort endeavor, meaning that in certain cases assistance from the Customer's technology staff may be required.

Inter alia, the Customer is responsible for

(i) the whitelisting of the Bambuser servers to enable the functionality of critical features such as embed script, magic link login, product scraper, Dashboard backends, webhooks and image transformer of the Bambuser Solution. (In the event that the Bambuser Solution should be implemented on a website which is geo-protected, protected by a log in requirement or any other measure that restricts access, it shall be the responsibility of the Customer to grant access to Bambuser to test the integration.)

(ii) ensuring that the integration of the Bambuser code is not modified between the sharp test and the first video call.

Bambuser will for customers (with the exception for ignite, light and base tiers customer)

(i) provide the Customer with a checklist and instructions for how to carry out a sharp test to ensure successful integration and use of the Bambuser Solution. After the sharp test, Bambuser's integration specialists will check that the integration is correct and provide feedback to the Customer if anything needs to be adjusted before the first video call.

(ii) monitor the call connections and call stability during the first day of launch and inform the Customer of any noticed irregularities such as network instabilities in Customer networks or error logs from integrations that the Customer may need to address for better stability and call quality. This can only be provided as long as the Customer inform Bambuser about their planned go live date at least 72 hours ahead of the launch date.

(iii) Provide the Customer with all necessary information and specifications required to enable Customer to meet its responsibilities specified in Customer responsibilities.

Onboarding

When the Agreement is signed by the Parties, Bambuser will support the Customer in the integration and onboarding process with staff specially trained in these areas. In general terms, Bambuser's "Customer Success Staff" will handle the onboarding of the Customer including project management, Customer contact and staff training, while Bambuser's integration team will act as technical support to assist the Customer with coaching and knowledge sharing when integrating Video Consultation with the Customer's e-commerce platform.

Bambuser will assign an account manager to the Customer's account who is appropriately qualified in the fields necessary to provide the Services. The account manager will be the main point of contact and will coordinate a successful launch for the Customer's brands, referred to as the "Onboarding". The Onboarding serves as the technical alignment streamlined with the Customer's integration where the Customer receives all user necessary details in order to successfully launch the video calls. The account manager will serve as the primary Customer contact for the duration of the Agreement. The account manager will Agent recurring meetings, follow up key KPI:s, and provide the Customer with suitable 'best practice' cases as well as suggestions for improvement.

Customer Responsibilities

The Customer is responsible for creating a promotional plan driving to each video call.

The Customer is responsible for creating their own look and feel (brand) of the Calls Widget through the theming and configuration capabilities in Bambuser Dashboard.

The Customer is required to provide legal chat terms applicable for the video call participant/viewer per market reflecting the restrictions detailed in the Agreement.

The Customer is required to provide legal chat terms applicable for the video call participant/viewer per market reflecting the restrictions detailed in the Agreement.

The Customer is required to approve player wording for all additional languages.

The Customer is required to manage user access to the Bambuser Dashboard.

The Customer is required to embed the Bambuser Calls Widget on a webpage pertaining to the Customer. The Bambuser Calls Widget contains cookies available here, which will automatically be installed by the embedment. Whenever applicable, Customer shall obtain necessary consent from video call Participant/viewer in relation to such Cookies. Customer shall also implement the Conversion Library Script and maintain the usage of it, as further instructed by Bambuser.

The Customer is responsible for the production of the Content for the broadcast.

The Customer is required to notify Bambuser within a reasonable time frame (minimum 48h) of every test and video call that require dedicated support or technical verification.

The customer is responsible for providing Bambuser with a URL of the landing page where Video Consultation is embedded on its website as well as a contact person and the contact details to that person during the video call so that Bambuser may proactively bring any issues to the Customers attention under monitoring.

The Customer is responsible to ensure it has equipment (of appropriate specification and compatible with the Applications and the Service) and sufficient Internet connection to enable the Customer to connect to the Applications and benefit from the Services.

Supported browsers and operating system can be found here.




Last updated

June 19, 2024

Implementation Services And Onboarding For BamChat

note

This process applies for Customers’ purchasing the solution from Bambuser directly and not via a partner or reseller to Bambuser. Customers further acknowledge that detailed technical requirements are outlined in the Bambuser documentation.

Integration and implementation

A complete integration of BamChat requires purpose-built JavaScript for administering the communication between the BamChat Messenger and the Customer's site functions like e-commerce cart.

Implementation services constitute a best-effort endeavor, meaning that in certain cases assistance from the Customer's technology staff may be required.

Inter alia, the Customer is responsible for

(i) the whitelisting of the Bambuser servers to enable the functionality of critical features of the Bambuser Solution. (In the event that the Bambuser Solution should be implemented on a website which is geo-protected, protected by a log in requirement or any other measure that restricts access, it shall be the responsibility of the Customer to grant access to Bambuser to verify and test the integration.)

(ii) ensuring that the integration of the Bambuser code is not modified between the sharp test and the first live chat

Bambuser will for customers (with the exception for ignite, light and base tiers customer)

(i) provide the Customer with a checklist and instructions for how to carry out a sharp test to ensure successful integration and use of the Bambuser Solution. After the sharp test, Bambuser's integration specialists will check that the integration is correct and provide feedback to the Customer if anything needs to be adjusted before the first video call.

(ii) Provide the Customer with all necessary information and specifications required to enable Customer to meet its responsibilities specified in Customer Responsibilities.

Onboarding

Onboarding process to be made available by Bambuser at Customer's request

Customer Responsibilities

The Customer is responsible to ensure it has equipment (of appropriate specification and compatible with the Applications and the Service) and sufficient Internet connection to enable the Customer to connect to the Applications and benefit from the Services.

The Customer is responsible for creating their own look and feel (brand) of the BamChat Messenger through the theming and configuration capabilities in Bambuser Dashboard and the additional capabilities of styling through code on the Customer’s site.

The Customer is required to provide legal chat terms applicable for the chat participant/viewer per market reflecting the restrictions detailed in the Agreement.

The Customer is responsible to configure custom wording for all additional languages through the Bambuser Dashboard (All Doors) self-service UI.

The Customer is required to provide a list of Authorized users that should have access to the Bambuser Dashboard (All Doors) application

The Customer is required to manage Authorized user access to the BamChat store app through the Bambuser Dashboard (All Doors).

The Customer is required to schedule tests and live broadcasts using the Bambuser Dashboard.

The Customer is required to embed the Bambuser Calls Widget on a webpage pertaining to the Customer. The Bambuser Calls Widget contains cookies available here, which will automatically be installed by the embedment. Whenever applicable, Customer shall obtain necessary consent from video call Participant/viewer in relation to such Cookies. Customer shall also implement the Conversion Library Script and maintain the usage of it, as further instructed by Bambuser.

The Customer is required to notify Bambuser within a reasonable time frame (minimum 48h) of every test and video call that require dedicated support or technical verification.

The customer is responsible for providing Bambuser with a URL of the landing page where Video Consultation is embedded on its website as well as a contact person and the contact details to that person during the video call so that Bambuser may proactively bring any issues to the Customers attention under monitoring.

Supported browsers and operating system can be found here.




DATA PROCESSING AGREEMENT

BACKGROUND AND PURPOSE

This Data Processing Agreement ("DPA") sets out the terms and conditions for the Processing of Personal Data within the scope of the Bambuser Solution and related support services where Bambuser acts as a Processor to Customer, acting as the Controller. Except as may be otherwise required under Data Protection Laws, Customer, on behalf of any other Controller (e.g., where applicable, companies within Customer's company group or other Controllers designated by Customer, in both cases subject to agreement between Customer and Bambuser), shall serve as a single point of contact for Bambuser with regard to all matters under this DPA and shall be responsible for the internal coordination, review and submission of instructions or requests to Bambuser as well as the onward distribution of any information, notifications and reports provided by Bambuser hereunder.

Unless otherwise stipulated, the provisions of the DPA shall take precedence over the provisions of the Agreement with respect to the subject matter hereof.

IT IS AGREED as follows:

1. DEFINITIONS

Without prejudice to any definition of a term set out in Data Protection Laws, any terms not defined herein shall be given the meaning provided in the Agreement. In this DPA, the following definitions apply:

Affiliateof an entity means any other entity that is: (i) directly or indirectly owning or controlling such entity; or (ii) under the same direct or indirect ownership or control as such entity; or (iii) directly or indirectly controlled by such entity; for so long as such ownership or control lasts. Ownership or control shall exist through direct or indirect ownership of fifty percent (50%) or more of the nominal value of the issued equity share capital or of fifty percent (50%) or more of the shares entitling the holders to vote for the election of the members of the board of directors or persons performing similar functions.
Agreementmeans the agreement to which this DPA is appended or applies, under which Bambuser provides services to the Customer.
Controllershall have the meaning defined in Data Protection Laws.
Processorshall have the meaning defined in Data Protection Laws.
Data Protection Lawsmeans any applicable UK, EU and EU member state national, or US (state or Federal) other national, data protection legislation as amended from time to time, including but not limited to: (a) the UK Data Protection Act 2018 ("2018 DPA"); (b) Regulation (EU) 2016/697 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC ("GDPR"); (c) any legislation supplementing or replacing the 2018 DPA, the GDPR or such other laws; and (d) any national legislation and court or government decisions applicable to the Processing of Personal Data and the instructions and binding orders of a Supervisory Authority.
Data Subject means an individual whose Personal Data is being Processed by Bambuser under this DPA and the Agreement.
Personal Datameans any information relating to an identified or identifiable natural person, as defined in any Data Protection Laws.
Personal Data Breachmeans a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to, Personal Data transmitted, stored or otherwise Processed by Processor or any and all incidents adversely impacting the integrity or security of information.
Processingor "Process" means any processing action or combination of actions concerning Personal Data, as defined in Data Protection Laws.
Standard Contractual Clausesmean the contractual clauses issued by the European Commission permitting the lawful transfer of Personal Data to international organizations and countries not part of the European Economic Area or European Union or not approved by the European Commission.
Supervisory Authoritymeans any competent supervisory authority under Data Protection Laws.

2. RESPONSIBILITIES

2.1 Both Parties will comply with all applicable requirements of the Data Protection Laws. This DPA is in addition to, and does not relieve, remove or replace, a Party's obligations or rights under the Data Protection Laws.

2.2 Both Parties will comply with all applicable requirements of the Data Protection Laws. With respect to California Consumer Privacy Act of 2018 ("CCPA"), Customer is defined as a "business" and Customer is engaging Bambuser as its "service provider" as defined in the CCPA. This DPA is in addition to, and does not relieve, remove or replace, a Party's obligations or rights under the Data Protection Laws.

2.3 Bambuser shall Process Personal Data with all due care and skill, diligence and prudence, in a workmanlike manner in accordance with high professional standards, and in compliance with applicable Data Protection Laws. Bambuser must not use the Personal Data for any other purposes than those specified in the Agreement, this DPA and Customer's documented instructions from time to time. Customer's written instructions for Processing are set out in Appendix 1.

2.4 More specifically, Bambuser shall:

  • a) Process the Personal Data only on documented instructions from Customer, unless required to deviate from such instructions in order to comply with applicable Data Protection Laws which Bambuser is subject to. In such a case, Bambuser shall inform Customer of that legal requirement before Processing, unless such Data Protection Laws prohibit such information on important grounds of public interest;

  • b) ensure that persons authorized to process the Personal Data have committed themselves to confidentiality or are under an appropriate statutory obligation of confidentiality;

  • c) assist Customer by appropriate technical and organizational measures, in so far as this is possible, for the fulfilment of Customer's obligation to respond to requests for exercising any Data Subject's rights under Data Protection Laws;

  • d) assist Customer in ensuring compliance with its legal obligations in respect of Personal Data, such as, with Customer's data security, data protection impact assessment and prior consulting obligations set out by Data Protection Laws;

  • e) make available to Customer all information necessary to demonstrate compliance with Bambuser's obligations set out in this DPA and in applicable Data Protection Laws, and allow for and contribute to audits, including inspections, conducted by Customer as set forth in this DPA; and

  • f) Process Personal Data only during the term of this DPA.

2.5 Bambuser shall implement technical, physical, and organizational measures to make sure a high level of security of the Personal Data that it is Processing and to protect Personal Data against unauthorized or unlawful Processing and against accidental loss, destruction, damage, alteration, or disclosure. Bambuser's security measures shall at all times meet the requirements of applicable Data Protection Laws.

2.6 Subject to the terms of the Agreement, Bambuser shall implement and maintain technical and organizational measures to secure conformity with applicable Data Protection Laws to which Bambuser is subjected, inter alia, measures for:

  • a) pseudonymization and/or encryption of Personal Data;

  • b) ensuring confidentiality, integrity, availability and resilience of systems and services processing Personal Data;

  • c) restoring availability and access to Personal Data in a timely manner in the event of a Personal Data Breach or other unexpected event interrupting Bambuser's processing of Personal Data;

  • d) regularly testing, assessing and evaluating the effectiveness, readiness and integrity of technical and organizational measures for ensuring the security of the Processing; and

  • e) conforming with current business practices, standards or recommendations concerning privacy protection and information safety.

2.7 A description of Bambuser's technical and organizational measures applicable upon the date of signing hereof is available at https://bambuser.com/docs/agreement-details/#technical-and-organizational-measure

2.8 Bambuser shall ensure that any person acting under the authority of Bambuser who has access to Personal Data shall not Process them except on documented instructions from Customer.

2.9 Customer (and/or, as the case may be, companies affiliated with Customer as may be agreed with Bambuser) is the Controller for all Personal Data which Customer (or persons on its behalf) shares with Bambuser for Processing under the Agreement and this DPA. In its capacity as Controller, Customer confirms (on its own part and, as applicable, on behalf of each other Controller) that: a) without prejudice to Bambuser's responsibilities as a Processor hereunder, Customer is solely responsible for any Personal Data provided or made accessible to Bambuser under this DPA and the means by which it has been acquired and collected as well as the accuracy, quality, legality and integrity thereof; b) Customer is entitled to provide access to the Personal Data to Bambuser for the purposes hereof and, consequently, that it has and will maintain a lawful basis for Bambuser's Processing of Personal Data for purposes of performance of the services under the Agreement and in accordance with this DPA; c) all instructions from Customer for the Processing of Personal Data hereunder shall comply with applicable Data Protection Laws, shall be reasonable and documented in writing, and shall relate to and be consistent with the services agreed to be provided by Bambuser under the Agreement, and Customer accepts that Bambuser disclaims any obligation or liability with regard to any instructions or requests being in violation of any of the aforesaid.

2.10 Customer is responsible for providing Bambuser with instructions for the Processing of Personal Data under this DPA. Bambuser shall only Process Customer's Personal Data in accordance with this DPA and Customer's instructions applicable from time to time. If Bambuser deems that instructions violate Data Protection Laws, Bambuser shall notify Customer thereof as soon as practicably possible. Bambuser shall for the avoidance of doubt not be obliged to perform a certain measure if, according to Bambuser's reasonable assessment, this would result in a breach of Data Protection Laws. Notwithstanding the foregoing, Bambuser shall not be obliged to perform any own investigations, surveys or assessments in order to establish whether instructions comply with Data Protection Laws or not. Bambuser reserves the right to charge Customer on a time and material basis for any work caused by Customer, and/or costs incurred, pursuant to the above or for other work or measures (including measures or work requested to be performed by Customer) not expressly covered in the DPA or which is in addition to Bambuser's standard business undertakings pertaining to its Processing of Personal Data.

3. TRANSFER OF PERSONAL DATA

3.1 Bambuser shall ensure that no Personal Data is transferred, released, assigned, disclosed or otherwise made available to any third party without Customer's consent.

3.2 Processing activities (including storage) shall take place on the location(s) detailed at https://bambuser.com/docs/agreement-details/#sub-processors and in accordance with Customer's instructions in the Subscription Order. Should the Customer not make such an instruction, the geographical location for that processing will be based on Customer's location.

3.3. If the Processing carried out by the Processor includes the transfer of Personal Data to a country outside of the EU/EEA not granted an adequacy decision, the Processor shall enter into a supplementary agreement containing the then current European Commission’s Standard Contractual Clauses (SCC), in so far as the SCC provides a lawful transfer mechanism.

3.4. In the cases mentioned above, the Processor must enter into a supplementary written agreement with the sub-processor containing the SCC, before the Processor transfers any Personal Data to the sub-processor.

4. SUB-PROCESSORS

4.1 The sub-processors engaged by Bambuser on the effective date of the Agreement are set out in https://bambuser.com/docs/agreement-details/#sub-processors. Bambuser is responsible for ensuring that all Processing of Personal Data performed by a sub-processor is governed by a written agreement with the sub-processor that corresponds to the requirements of this DPA and applicable Data Protection Laws, including but not limited to Article 28 of the GDPR. Customer acknowledges that appointment of sub-processors (as well as appointment of new sub-processors from time to time), is necessary in order for Bambuser to perform its services under the Agreement. Bambuser may only make changes to the sub-processors listed in https://bambuser.com/docs/agreement-details/#sub-processors in accordance with the below. In the event Bambuser adds or replaces a sub- processor Bambuser will provide Customer with thirty (30) days prior written notice. Customer shall have the right to object to the use of a specific sub-processor by written notice to Bambuser, without undue delay from the time Customer was notified of the use of that sub-processor. Such an objection shall be made in good faith and based on justifiable grounds. The Parties will in good faith discuss possible activities to mitigate the risks raised by such an objection. Customer acknowledges and accepts that its objection to a sub-processor may adversely affect Bambuser's ability to perform the services under the Agreement, therefore Bambuser shall be entitled to use such sub-processor despite Customer's objection as removal of such sub-processor would affect all Bambuser's customers. In the event the Parties are not able to reach an agreement in relation to such a sub-processor, Customer may terminate the Agreement with immediate effect and receive a refund of any prepaid, pro rata, fees for the remaining period of the agreement that Customer will not use the services.

5. DATA BREACH

5.1 In the event of a Personal Data Breach, Bambuser shall without undue delay submit a written notice to Customer including the following information;

  • a) a description of the nature of the Personal Data Breach including, the categories and approximate number of Data Subjects concerned, and the categories and approximate number of data records concerned;

  • b) name and contact details of the person responsible for Bambuser's data protection matters;

  • c) a description of likely consequences and/or realized consequences of the Personal Data Breach; and

  • d) a description of actions taken by Bambuser (and/or its sub-processors) to assess and address the Personal Data Breach; to mitigate its possible adverse effects; or to prevent the reoccurrence of the Personal Data Breach.

5.2 Where, and in so far as, it is not possible to provide the information requested in Section 5.1 at the same time, Bambuser may provide the requested information in phases without undue further delay. Furthermore, Bambuser shall document any Personal Data Breaches and upon Customer's request make the documentation available for Customer to ensure its compliance with applicable Data Protection Laws.

5.3 Bambuser shall take all the necessary steps to protect the Personal Data when made aware of a Personal Data Breach. Pursuant to the submission of a notice to Customer in accordance with Section 5.1, Bambuser shall, in consultation with Customer, take appropriate measures to secure the Personal Data and limit any possible detrimental effect to the Data Subjects. Bambuser shall cooperate with Customer, and with any third parties designated by Customer, to respond to the Personal Data Breach. The objective of the Personal Data Breach response will be to restore the confidentiality, integrity, and availability of the Personal Data Processed by Bambuser, to establish root causes and corrective actions, preserving evidence and to mitigate any damage caused to Data Subjects or Customer.

6. RECORDS

6.1 Bambuser shall maintain and update a record in an electronic form ("Record"), of all Personal Data Processing carried out under this DPA and the Agreement on behalf of Customer.

6.2 Bambuser shall provide Customer with the Record without undue delay as from the Customer's request.

6.3 In case of a request by Data Subjects or a Supervisory Authority concerning Processing of Personal Data under this DPA (including requests to block, delete, transfer, amend Personal Data or any other actions), Bambuser shall, without undue delay, inform Customer of all such requests and shall assist Customer in its response or other action concerning such request. Bambuser may only correct, delete, amend or block the Personal Data Processed on behalf of Customer when instructed to do so by Customer or required by Data Protection Laws.

6.4 Bambuser shall notify Customer of any changes in its activities that may materially affect the data protection, security or integrity of Customer's Personal Data Processed hereunder.

7. AUDITS

7.1 If Customer has reasonable grounds to suspect non-compliance with this DPA or Data Protection Laws on Bambuser's part, or if otherwise required under Data Protection Laws, Bambuser shall, upon Customer's written request, make all necessary information available to demonstrate compliance herewith and allow for audits, including inspections, to be performed by Customer or its appointed representative. Customer shall endeavor to perform such audit without causing significant disruption to Bambuser's regular operations (e.g. to perform any such measures under reasonable time, place and manner conditions, during regular business hours) and subject always to Bambuser's security policies. Customer will primarily rely on applicable existing audit reports or other available verification, if any, to confirm Bambuser's compliance and avoid unnecessary repetitive audits; unless required under Data Protection Laws, audits will not be made more than once in any twelve- month period. The audit shall not grant Customer access to trade secrets or proprietary information unless required in order to comply with Data Protection Laws (and Bambuser will never be obliged, with regard to any information request or audit, to provide access to prices, pricing structures or other commercial information). Customer shall notify, within a reasonable period of time (at least thirty (30) days), Bambuser in advance of such audit unless otherwise required by a Supervisory Authority. Customer and any persons conducting an audit must enter into adequate confidentiality undertakings prior to such audit and the audit must be conducted so as not to jeopardize the security of information belonging to other customers. In the event that Customer proposes to use a representative/third party auditor, then Bambuser may oppose such appointment only if such representative/auditor is a competitor of Bambuser or Bambuser has other justifiable grounds for objection. Notwithstanding the foregoing, Customer accepts that any requirements that Customer (itself or on behalf of any Controller referenced herein) may have with regard to the purposes of Processing Personal Data hereunder, or any requests for information, assistance or activities from Bambuser made by Customer or on its behalf hereunder, that extend beyond Bambuser's ordinary course of business, routines or policies, or what is otherwise commercially reasonable, shall be specifically agreed in writing and may be subject to additional fees and charges. Insofar as possible, Bambuser shall procure that Customer is similarly entitled to conduct audits in respect to sub- processors (or be provided with corresponding information from such sub-processors). Customer is however aware of and acknowledges that the scope of such audits/information may not correspond with the above and/or that conditions may apply.

8. TERM AND TERMINATION

8.1 This DPA shall automatically terminate upon any termination or expiration of the Agreement, provided no separate assignments for Processing of Personal Data independent of the Agreement have been concluded by and between the Parties in accordance with Appendix 1. The terms of the DPA will however continue to apply for as long as any Personal Data is Processed by Bambuser.

8.2 Upon termination of this DPA, or upon Customer's written request, Bambuser shall destroy or return, either to Customer or to a third party designated by Customer, all Personal Data, unless otherwise required by Data Protection Laws. Bambuser shall verify in writing to Customer that such destruction or return has taken place, and, upon written request, provide Customer with written statement confirming that such Personal Data, including all copies thereof, have been permanently destroyed.

9. LIMITATION OF LIABILITY

9.1 Subject to the below, the provisions on limitations of liability for Bambuser set out in the Agreement shall apply to this DPA.

9.2 The Parties shall cooperate and provide assistance in the event of an enforcement action or investigation by a Supervisory Authority with regards to activities conducted under this DPA, including promptly notifying the other Party of the threat and commencement of such measures. The Parties shall make all reasonable efforts to minimize the risk of damage incurred by the Parties due to such event.

9.3 WITHOUT PREJUDICE TO ANY EXPRESS RIGHT OR REMEDY AVAILABLE TO DATA SUBJECTS PROVIDED UNDER DATA PROTECTION LAWS, ANY LIABILITY FOR BAMBUSER ARISING OUT OF OR IN CONNECTION WITH THIS DPA (WHETHER IN CONTRACT, TORT OR OTHERWISE) IS, AS BETWEEN THE PARTIES, LIMITED TO DIRECT DAMAGES (EXCLUDING ANY INDIRECT, CONSEQUENTIAL, SPECIAL OR INCIDENTAL COST, LOSS OR DAMAGE OF ANY KIND) AND SUBJECT TO ANY APPLICABLE PROVISIONS ON LIMITATION OF LIABILITY CONTAINED IN THE AGREEMENT. CUSTOMER'S AND ANY OTHER CONTROLLER'S CLAIMS IN THE AGGREGATE, AND THE TOTAL AND AGGREGATE LIABILITY SHALL, IN ANY EVENT, FOR ANY CALENDAR YEAR BE CAPPED AT AN AMOUNT CORRESPONDING TO THE TOTAL FEES PAID BY CUSTOMER UNDER THE AGREEMENT FOR THE APPLICABLE SERVICES DURING TWELVE (12) MONTHS PRECEDING THE DATE OF THE OCCURRENCE OF THE CLAIM FORMING BASIS FOR LIABILITY. FOR CLARITY, ANY CLAIM, OR MULTIPLE INTERLINKED CLAIMS, SHALL BE SUBJECT TO THE LIABILITY CAP APPLICABLE AT THE DATE ON WHICH THE EVENT OR CIRCUMSTANCE FORMING THE BASIS FOR THE CLAIM(S) FIRST OCCURRED.

10. GOVERNING LAW AND DISPUTES

10.1 This DPA and its appendices shall be considered to be part of the Agreement and therefore governed and construed in accordance with the same laws as the Agreement. Disputes shall be resolved in accordance with the provisions on dispute resolution contained in the Agreement.




PII Processing information

Processing activities

Bambuser will Process Personal Data for the purpose of fulfilling its obligations under the Agreement.

Duration of Processing

The Personal Data shall be Processed during the term of the Agreement.

Categories of Data Subjects

The categories of Data Subjects:

  • Customer’s employees, consultants, agents, temporary and casual workers, business partners, suppliers and any other authorized third parties to Customer (in relation to Host, Agent and Authorized User)
  • Customer’s customers (prospective and existing) and other viewers and participants in live video/call (in relation to live video participant/viewer and video call participant/viewer)

Type of Personal Data

Bambuser will process the following types of personal data about the following categories of Data Subjects:

Live

Authorized Users
  • Picture (Optional)
  • Name
  • E-mail address
  • Ip-address (security logs)
Host
  • Name
  • Role / Title
  • Picture / video
  • Ip-address (security logs)
  • Other personal information shared in live video
Live video participant/viewer
  • Personal information shared in live video chat
  • User name when participating in chat
  • Ip-address (security logs)

Video Consultation


Authorized User
  • Picture (Optional)
  • Name
  • E-mail address
  • Chatlog (depending on setting)
Agent
  • Name
  • Role / Title
  • Picture / video
  • Other personal information shared in video call or chat
  • Call satisfactory data (optional)
Video call participant/viewer
  • Personal information shared in live video and in chat
  • Name
  • Email
  • Ip-address (security logs)
  • Any data shared in the booking. (optional)
  • Call satisfactory data (optional)
  • Any data shared to the agent from either the customer themself or from back-office systems depending on integration.

Bamchat

  • Identification data : Customer ID
  • Identification data only in the event of a Get Notified journey: name and email or cell/phone number from Customer's customer
  • Identification data upon a customer consent or active action: photos and videos during a chat session
  • Other: conversation history
  • The following Personal Data are collected only when a Customer's customer actively consents to be part of an Associate's Contacts
  • Identification data: First and last name, telephone number
  • The following information may be collected during Customer's customer navigation on Customer's website and only upon i) Customer's customer consenting to the use by Customer of cookies, through the Customer's OneTrust tool and ii) the Customer activating the Bamchat chatbox
  • Browsing and behavioral data through trackers, including Customer's products viewed, added or removed from basket, products purchased, IP address for location purposes, browser agent and last time the Customer's customer is online.

Special categories of Personal Data:

  • Video Consultation: Special categories of data might be saved if the booking contains such information

Notices

Notices regarding any Personal Data Breach, changes in Processing (including sub-processor changes) and other notifications under the DPA shall be made to the following contact (and/or as may be set out in the DPA):

If to Customer, email to be included in the Subscription Order.

If to Bambuser:

Security Coordinator security@bambuser.com



Change dateChanges madeUpdater
2024-10-31Removed Turkey from Prohibited marketspontus.kindblad@bambuser.com
2024-10-08Removed China from Prohibited marketspontus.kindblad@bambuser.com
2024-10-09Renamed "Calls" to "Video Consultation"irenej@bambuser.com
2024-10-08Added Sieve as a new subprocessor for customers using dubbing featurepontus.kindblad@bambuser.com
2024-07-08Renamed "One-to-Many" to "Live" and "One-to-One" to "Calls"nici@bambuser.com
2024-06-24Update technical specification and implementation services for one-to-one and one-to-many.marcus.larson@bambuser.com
2024-06-19Correction of naming for Workspace and Dashboardmarcus.larson@bambuser.com
2024-06-19Added Safari as supported browser in Agent tool.marcus.larson@bambuser.com
2024-06-19Updated Technical specification and implementation services for BamChat.marcus.larson@bambuser.com
2024-06-19Updated cookie descriptions to include BamChat cookies.marcus.larson@bambuser.com
2024-06-11Rename Dashboard to Workspaceirenej@bambuser.com
2024-05-28Added Technical Specification Bamchat.pontus.kindblad@bambuser.com
2024-05-27Added Bamchat PII processing data and subprocessorspontus.kindblad@bambuser.com
2024-02-09Stop support of the old iOS version for broadcast apppontus.kindblad@bambuser.com
2023-11-29Added SCC writing in DPA section 3.3 and 3.4pontus.kindblad@bambuser.com
2023-10-26Added DPA in documentpontus.kindblad@bambuser.com
2023-06-20Added Processing informationpontus.kindblad@bambuser.com
2023-02-14Changed the wording slightly in SLA to clarifypontus.kindblad@bambuser.com
2022-09-22Added sub-processorpontus.kindblad@bambuser.com
2021-12-09Moved Technical and Organizational Measures outside the contractpontus.kindblad@bambuser.com
2021-12-09Added SLA outside the contractpontus.kindblad@bambuser.com
2021-12-09Added Prohibited marketspontus.kindblad@bambuser.com
2021-12-09Added changedate for each sectionpontus.kindblad@bambuser.com
2021-12-09Added IMPLEMENTATION SERVICES AND ONBOARDING FOR ONE-TO-ONE.pontus.kindblad@bambuser.com
2021-12-09Added IMPLEMENTATION SERVICES AND ONBOARDING FOR ONE-TO-MANY.pontus.kindblad@bambuser.com
2021-12-09Added TECHNICAL SPECIFICATION ONE-TO-ONE.pontus.kindblad@bambuser.com
2021-12-09Added TECHNICAL SPECIFICATION ONE-TO-MANY.pontus.kindblad@bambuser.com