Privacy Policy

Effective date: 12/01/2025

1. Who We Are

Assistly ("we", "us", "our") is committed to protecting personal data in accordance with the General Data Protection Regulation (GDPR) (EU) 2016/679. This policy explains how we collect, use, share, store, and protect personal data obtained in the course of our call centre operations and through use of our public website.

2. What Data We Collect

We may collect the following categories of personal data when interacting with customers or when you visit our website:

Contact information (e.g. name, telephone number, email address)
Call-related content (e.g. audio recordings, call transcripts, notes)
Customer identifiers (e.g. customer reference numbers, account details)
Additional information voluntarily provided (e.g. service preferences, feedback)
Website usage data (e.g. IP address, browser type, device information, general usage statistics)

3. Legal Basis for Processing

We process personal data under one or more of the following legal grounds:

Contractual necessity – to provide or support our services
Legitimate interests – including training, quality monitoring, and service improvement, and maintaining and improving our website and online services
Legal obligations – to comply with applicable laws and regulatory requests
Consent – where provided for specific purposes such as marketing communications, where consent is freely given

4. How We Use Your Data

Personal data is processed for the following purposes:

Handling and responding to enquiries, complaints, and service requests
Recording and monitoring calls for quality assurance, training, and fraud prevention
Communicating service updates, promotions, or surveys (subject to consent)
Complying with legal or regulatory obligations
Delivering and improving our customer services and online user experience

5. Sharing Your Data

We may disclose personal data to trusted third parties under strict contractual safeguards:

Authorised service providers (e.g. CRM systems, telecommunication platforms)
Governmental, regulatory, or law enforcement bodies where required by law
Group companies or affiliates where necessary to deliver contracted services
Meta Platforms, Inc. (Facebook/WhatsApp) for WhatsApp Business API functionality - see Section 11 below

6. Data Retention

We retain personal data only for as long as necessary to fulfil the purposes outlined in this policy or as legally required.

Call recordings and transcripts: retained for up to 30 days.
Customer account data: retained for the duration of the relationship plus [e.g. 24 months]

After retention periods expire, data is securely deleted or anonymised.

7. Data Security

We apply appropriate technical and organisational measures to ensure data security, including:

Encryption of data in storage and transmission
Access restrictions and multi-factor authentication protocols
Ongoing staff training on data protection and information security
Breach detection, response, and notification procedures

8. Your Rights

Under the GDPR, you have the right to:

Access your personal data
Rectify any inaccurate or incomplete data
Request deletion of data under certain circumstances
Restrict or object to processing activities

9. Complaints

If you are dissatisfied with how your data has been handled, you may contact our DPO:

Chayelle Wassertzug
info@assistly.group

10. Policy Updates

We may amend this privacy policy from time to time to reflect changes in legal or regulatory requirements. The version published on this website is always the most current.

11. WhatsApp Business API & Third-Party Messaging Platforms

Our platform integrates with the WhatsApp Business API provided by Meta Platforms, Inc. to enable business messaging capabilities. This section explains how data is handled when using WhatsApp through our platform.

11.1 Data We Collect via WhatsApp

When businesses use our WhatsApp integration, we collect and process:

WhatsApp phone numbers of business accounts connected to our platform
Message content exchanged between businesses and their customers
Message metadata (timestamps, delivery status, read receipts)
Media files shared in conversations (images, documents, audio)
WhatsApp Business Account (WABA) identifiers and profile information

11.2 How WhatsApp Data is Used

WhatsApp messaging data is used exclusively for:

Facilitating business-to-customer communications on behalf of connected businesses
Providing conversation history and message management features
Generating analytics and reports for business account holders
Quality assurance and customer service improvement
Compliance with legal and regulatory requirements

11.3 Data Sharing with Meta/WhatsApp

To enable WhatsApp messaging functionality, certain data is shared with Meta Platforms, Inc.:

Message content is transmitted through Meta's WhatsApp Cloud API infrastructure
Phone numbers are verified and processed by Meta for message delivery
Business profile information is registered with Meta's WhatsApp Business Platform

Meta's handling of this data is governed by their WhatsApp Business Data Processing Terms and Meta Privacy Policy.

11.4 WhatsApp Message Retention

WhatsApp messages and related data are retained as follows:

Active conversation messages: Retained for the duration of the business relationship
Message history: Retained for up to 24 months for compliance and business continuity
Media files: Retained for up to 90 days, then automatically deleted
Message metadata: Retained for up to 24 months for analytics purposes

Upon request, businesses may request deletion of their WhatsApp data in accordance with Section 8 of this policy.

11.5 Your Rights Regarding WhatsApp Data

End-users (customers) who communicate with businesses via WhatsApp through our platform have the right to:

Request information about what data has been collected from their conversations
Request deletion of their conversation data (subject to legal retention requirements)
Opt-out of receiving further WhatsApp messages from the business

To exercise these rights, contact the business directly or reach out to our DPO at the address provided in Section 9.