Privacy Policy

This Policy describes the principles of processing Personal Data that is submitted to BullStop or that otherwise becomes available to BullStop in connection with the use by the Users and other users of the Website, Software, and Services.

This Policy is an agreement between the Users and BullStop, which states how Personal Data submitted by the Users is processed by BullStop on behalf of the Users.

Please read this Policy carefully to understand the practices that BullStop applies regarding processing of Personal Data.

This Policy constitutes an integral part of the agreement entered into between the Users and BullStop. By viewing the Website and/or using the Software and Services, the Users confirm that they have familiarized themselves with this Policy, understood it, and agree to its terms. Upon initial registration with BullStop, the Users (via their authorized representatives) also confirm the above-said by clicking on the "Sign Up" link, which declares the User's acceptance of and consent to the processing of Personal Data as described in this Policy.

This Policy also constitutes an agreement between the Users (as controllers of Personal Data) and BullStop (as processor of Personal Data) in the meaning of article 28 of GDPR (General Data Protection Regulation (EU) No 2016/679 of the European Parliament and Council).

BullStop shall be entitled to unilaterally review and amend this Policy from time to time. Therefore, BullStop advises to periodically review the Policy in the case of any changes to it. Continued use of the Website, Software, and Services means the consent to any such changes.

If the User or other users do not agree with any or all terms of this Policy or any possible changes to it, then they should immediately close the Website and cease using the Software and Services.

BullStop has drafted this Policy in cooperation with its legal advisers in accordance with the requirements of GDPR. BullStop does its best to ensure that the processing of Personal Data is in full compliance with applicable legal requirements.

1. Definitions

1. User(s) means legal persons, who register themselves on the Website and use it and the Software in accordance with the Terms and this Policy for the purpose of using the Services.
2. Data Subjects means all natural persons, whose personal data is submitted to BullStop in connection with using the Website, Software, and the Services, including recipients of the Services (Users of the Users).
3. GDPR means Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46/EC.
4. Policy means this privacy policy of BullStop as amended from time to time.
5. Personal data means any information relating to an identified or identifiable natural person ('data subject'). An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier, or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
6. Processing means any operation or set of operations that is performed on Personal Data or on sets of Personal Data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
7. Service(s) means offensive content detection within text messages, tweets, posts, comments, and direct messages sent and received by Users on social media platforms (including but not limited to Twitter, Facebook, Instagram, YouTube and TikTok) and SMS text services. The service also includes the deletion of messages, tweets, posts, comments, direct messages containing such offensive content and the blocking (where possible) of the sender as directed by Users in the software configuration screens. Service is rendered via a Website or by using the Software.
8. Software means web-based interface, mobile app, and other downloadable and integrable software developed and maintained by BullStop for the purpose of provision of the Services.
9. BullStop means BullStop Limited, a limited liability company registered in England and Wales under company number 14002463 with the registered office at Harvest Fields Way, Sutton Coldfield, UK, who is processing personal data mainly in the United Kingdom and the European Union in accordance with this Policy and applicable law and all its affiliates. Therefore, United Kingdom and European Union's personal data protection laws shall be applied, including the GDPR.
10. Terms means the terms of service of BullStop that establish the terms and conditions of using the Website, Software, and Services by the Users and other users.
11. Website means the websites of BullStop www.bullstop.io and www.bullstop.ai

2. Personal Data that BullStop Processes. Objectives of Processing of Personal Data

1. For the purpose of provision of the Website, Software, and the Services, BullStop processes the Personal Data that the Users provide about their own Users, who are the recipients of the Services. The types of such data are not restricted and depend on the decision of the Users on how they want to use the Services and generally include the name, contact telephone number, but may also include e-mails, avatars, country, addresses, details of their mobile phone and social media contacts etc.
2. BullStop keeps the register of the Personal Data that it processes in accordance with this Policy.
3. The following types of personal data are processed by BullStop. These data and the permissions requested by the app to process them are critical core functionality and facilitates the app's main purpose. Without them, BullStop is rendered useless.
• BullStop collects, read and write users' SMS, SMS Log and Call Log to allow the app analyse the SMS and their history for offensive content and to make a determination on if the sender(s) are being abusive;
li>BullStop collects, read and write users' MMS Logand Call Log to allow the app analyse the MMS and their history for offensive content and to make a determination on if the sender(s) are being abusive;
• BullStop collects, read and write users' private/direct messages (DMs) for any supported social media platform (e.g. Twitter) that the user authorised BullStop to access. This is done to allow the app to analyse these messages for offensive content;
• BullStop collects, read and write users' stored phone contact list. This is done and required to facilitate BullStop's ability to automatically block contacts sending offensive contents to the user and to also allow the user manage their phone contacts through BullStop;
• BullStop collects, read and write users' social media contacts including friends and followers. This is done and required to facilitate BullStop's ability to automatically block contacts sending offensive contents to the user and to also allow the user manage their social media contacts through BullStop;
4. BullStop processes the Personal Data upon:
   • usage of the Software and Services by the Users, including when they submit to BullStop information about their Users;
   • communication between Users and/or Data Subjects with customer support of BullStop in connection with the Website, Software, and Services.
5. BullStop works closely with third parties (including, for example, business partners, sub-contractors in technical, payment, and delivery services, advertising networks, analytics providers, search information providers, credit reference agencies) and may receive Personal Data from them.
6. BullStop sends messages to the Users by electronic means (e-mail, mobile notifications or SMS) with information about improvements to the Website, Software and Services, new proposals, and developments (direct marketing). BullStop sends such messages to the contact details provided by the User and/or their representatives at the moment of registration or updated later. The User confirm hereby and guarantee that contact details provided by them or their representatives are at all times details of the Users, but not personal contact details of representatives and therefore BullStop can use such contact details freely to send its marketing messages without any additional obstacles. The Users may at any time unsubscribe from the newsletters by clicking on the corresponding specific link contained in each newsletter.

3. Legal Basis for Processing Personal Data

1. BullStop processes Personal Data in accordance with the laws of the location of BullStop and its affiliates, where the processing of Personal Data is conducted.
2. BullStop processes Personal Data submitted to it by the Users based on the contracts with the Users for the purpose of using the Website, Software, and Services and to the extent that this data is provided by the Users.
3. In accordance with Article 4 (7) of GDPR the Users are the controllers of Personal Data that they submit to BullStop for the purpose of using the Website, Software, and Services, including the data regarding Users of the Users that the Users submit to send and receive SMSs to and from their Users as recipients. According to Article 4 (8) of GDPR BullStop acts as the processor on the User's behalf when processing the Personal Data submitted by the Users. Therefore, the Users:
• are fully responsible for the processing of Personal Data that they submit to BullStop;
• guarantee to BullStop explicitly that the Users in order to use the Website, Software and Services have all the necessary consents and/or other legal grounds from Data Subjects for lawful processing of Personal Data in accordance with this Policy;
• confirm that they have obtained from the Data Subjects all the necessary consents for submitting Personal Data to BullStop and processing of such data in accordance with the terms of this Policy;
• have a full overview of Personal Data that they submit to BullStop and guarantee that all such data that they submit is necessary for use by them of the Website, Software, and Services and is kept up-to-date;
• oblige to inform BullStop immediately of the expiry of legal grounds for the processing, modification, inaccuracy, or change to the Personal Data that the Users submit to BullStop.
4. BullStop processes the personal data only on documented instructions from the Users. The Users insert these instructions by using Services and by agreeing with the Policy and Terms. The instructions of the Users for processing of Personal Data must always comply with the applicable laws and BullStop reserves to itself the right to refuse to fulfil the instructions that are in the opinion of BullStop unlawful.
5. Taking into account the nature of the processing, BullStop shall assist the Users with appropriate technical and organizational measures, insofar as this is possible, for the fulfilment of the Users' obligation to respond to requests for exercising of Data Subject's rights laid down in GDPR, including the right of access to Personal Data by Data Subjects, right to rectification, right to be forgotten, right to restriction of processing, etc. BullStop shall accept instructions for the fulfilment of the rights of Data Subjects only from the Users. Should the Data Subjects approach BullStop with the requests for the fulfilment of their rights, BullStop shall inform the Users and act according to instructions from the Users. Obligation to delete the data of Data Subjects shall always remain with the Users and BullStop shall not undertake deletion for and on behalf of the Users, unless otherwise explicitly stipulated in the Policy or Terms.
6. BullStop shall assist the Users in ensuring compliance with the obligations of guarantying security of the processing of Personal Data as established by GDPR while taking into account the nature of processing and the information available to BullStop. Inter alia BullStop undertakes the obligations detailed in Annex II.
7. BullStop shall make available to the Users all information necessary to demonstrate compliance with the obligations laid down in Article 28 of GDPR and allow for and contribute to audits, including inspections, conducted by the Users or another auditor mandated by the Users (all at the expense of the Users). On-site audits and inspections must be agreed with BullStop in advance, be conducted during normal working hours, and not unreasonably disturb the everyday activity and business of BullStop. Right to audits and inspections does not extend to the facilities and premises of Third Parties.

4. Transfer of Personal Data to Third Parties

1. In the course of providing the Services and access to the Website and Software, BullStop uses different third-party service providers, to whom it may also transfer Personal Data (herein: Third Parties). By virtue of this clause, the Users are duly informed and expressly authorize, totally or partially, to use the corresponding Third-Party service providers and provide Personal Data to them, as it may be required. These service providers are detailed in Annex III.
2. BullStop shall inform the Users of any intended changes concerning the addition or replacement of Third-Party processors and give the Users the opportunity to object to such changes. BullStop has the right to stop providing Services to the Users, who object to the change concerning the addition or replacement of processors.
3. BullStop has entered into individual service provision contracts with some of the service providers. With others, the relationships are based on the general terms of service of these service providers. Prior to entering into relationships with third-party service providers, BullStop makes its best efforts to guarantee that the terms of processing of Personal Data of its partners are in accordance with the principles of this Policy and applicable laws. For this purpose, BullStop shall carefully review the terms of processing of Personal Data by its partners. Furthermore, BullStop carefully screens the ongoing relationships with Third-Party service providers and in case of their non-compliance shall immediately terminate relationships with them.
4. Additionally, BullStop may disclose/transfer Personal Data:
• under applicable law, including laws outside the locations of BullStop, its affiliates or Data Subjects;
• to comply with legal processes;
• to respond to requests from the public and government authorities including public and government authorities outside the locations of BullStop and its affiliates;
• to enforce this Policy or Terms, to protect operations, the rights, privacy, safety, or property of BullStop, and/or to pursue available remedies or limit the damages.
5. BullStop makes its best efforts to limit the amount of Personal Data that it transfers for processing to Third Parties as it is necessary for the provision of specific services or to pursue specific goals.
6. The Website and Software may contain links that redirect to other websites. For example, when accessing services of a third party such as PayPal when making a payment. This Policy does not apply to such third-party websites, which BullStop does not operate, and BullStop does not accept any responsibility or liability for these policies. BullStop advises reviewing the privacy policies of those third parties.

5. Transfer of Personal Data to Third Countries

1. In connection with some specific development works, troubleshooting of service issues, data storage or other necessary services, BullStop may transfer Personal Data to BullStop's contractors, some of which may not be working or operating in the European Economic Area, herein: Third Countries).
2. Data protection levels in Third Countries might differ from the corresponding level of the European Economic Area, and some Third Countries might have a lower level of data protection.
3. BullStop shall apply appropriate safeguards when transferring Personal Data to the Third Countries and when transferring the Personal Data to the Third Countries, the measures detailed in Annex II shall be applied.
4. Some of the Third Party providers of BullStop are also located in the United States of America. Some of them, but not all are certified by the EU-US Privacy Shield Program agreed to by the U.S. Department of Commerce and the European Union with respect to Personal Data. For additional information regarding the EU-US Privacy Shield Program, see the U.S. Dept. of Commerce website at www.privacyshield.gov. Transfer of Personal Data by BullStop to those service providers, who are not certified by the EU-US Privacy Shield, is subject to the explicit consent for the transfer of Personal Data to the Third Countries, as stated above.
5. BullStop shall apply appropriate safeguards when transferring Personal Data to the Third Countries.

6. Safety Measures for Protection of Personal Data

1. BullStop takes the appropriate legal, organizational, and technical measures to protect Personal Data consistent with applicable privacy and data security laws. Security measures shall be applied to protect Personal Data from involuntary or unauthorized processing, disclosure, or destruction and are detailed in Annex II.

7. Retention Periods

1. BullStop shall preserve the Personal Data as long as it is required for the use of the Website, Software and Services by the Users, but no longer then applicable law permits preservation. The details are provided in the Annex I.
2. The Users confirm that they agree with the provided above retention periods and guarantee to inform and obtain necessary approvals from their Users and representatives for application of such retention periods.

8. Data Protection Officer

1. BullStop designated data protection officer can be contacted at data@bullstop.io. Users can also email this address to request for their data to be completely removed.

9. Contact Information

1. Should the Users have any questions regarding this Policy or the processing of Personal Data, they are welcome to contact BullStop with all such requests, inquiries or any complaints via e-mail: support@bullstop.io.

ANNEX I : DESCRIPTION OF TRANSFER

Categories of data subjects whose personal data is transferred
Users of the service

Categories of personal data transferred
Contact details, location details, details of the chosen characteristics, contacts' details and messages sent and received by Users on social media and messaging platforms (including SMS and MMS) the Users connect to BullStop

Sensitive data transferred (if applicable) and applied restrictions or safeguards that fully take into consideration the nature of the data and the risks involved, such as for instance strict purpose limitations, access restrictions (including access only for staff having followed specialized training), keeping a record of access to the data, restrictions for onward transfers or additional security measures.
Not applicable.

The frequency of the transfer (e.g. whether the data is transferred on a one-off or continuous basis).
On continuous basis.

Nature of the processing
Processing in order to provide services to the Users of the Users

Purpose(s) of the data transfer and further processing
To provide the Service to the Users

The period for which the personal data will be retained, or, if that is not possible, the criteria used to determine that period BullStop shall delete the Personal Data submitted by the Users according to the following principles:

1. Personal contact data provided by the Users and messages of the Users shall be removed within 60+60 days after the User has filed a claim to delete such data;
2. Log files with the activities of the Users on the Website shall be preserved for a maximum of 1 year and audit log files shall be preserved for 2 years;
3. In case of closing an account, the Users must accept the deletion of contacts and messages.
4. Contacts will be deleted after 60+60 days and messages after 60+60 days since the User has given acceptance for closing an account or BullStop has decided to close the User's account.

ANNEX II : TECHNICAL AND ORGANISATIONAL MEASURES INCLUDING TECHNICAL AND ORGANISATIONAL MEASURES TO ENSURE THE SECURITY OF THE DATA

Description of the technical and organizational measures implemented to ensure an appropriate level of security, taking into account the nature, scope, context, and purpose of the processing, and the risks to the rights and freedoms of natural persons.

1. BullStop stores all Personal Data on secured servers. The security measures include:
• Access to the servers is protected with individual accounts, usernames, and passwords for each authorized person (employees/subcontractors);
• BullStop is keeping track and a log of all activities on the servers;
• BullStop can immediately close access to the servers to any authorized persons;
• Access to the servers is restricted in terms of (a) persons, who have access to it, (b) information, to which authorized persons have access according to the essence of their working duties, (c) actions that authorized persons can perform with Personal Data stored on the servers;
• BullStop keeps reviewing, who of the authorized persons are actually required to have access to Personal Data and, if access is not required, will withdraw the right of access.
2. In addition, BullStop shall:
• periodically monitor its internal processes and the technical and organizational measures to ensure that the processing of Personal Data is in accordance with the applicable law. BullStop shall also monitor the processing of Personal Data conducted by Third Parties as much as possible;
• notify the Users in the most expedient time possible under the circumstances and without unreasonable delay and, where feasible, not later than 72 hours after having become aware of any accidental, unauthorized, or unlawful destruction, loss, alteration, or disclosure of, or access to, Personal Data (herein: Security Breach). In consultation with the Users, BullStop shall take appropriate measures to secure the data and limit any possible detrimental effect on the Data Subjects;
• cooperate with the Users and provide them with information and assistance, where reasonably possible, in connection with Security Breaches, including in communication with supervisory authorities and Data Subjects;
• cooperate and assist the Users in conducting processing impact assessments, if applicable.
3. Access for the Users to the personal areas on the Website is protected with individual usernames and passwords. The Users are responsible for keeping passwords confidential. The Users are obliged not to share passwords with anyone. In case of suspicion of unauthorized access to personal cabinets of the Users and/or Personal Data, the Users are obliged to immediately inform BullStop thereof.
4. BullStop shall ensure that all its employees, contractors, agents, suppliers and consultants, who have access to the Personal Data are fully aware of and abide by their legal duties and responsibilities.
5. Employees and other contractors of BullStop are obliged by binding agreements not to disclose or make available for use to anyone other than BullStop during their agreement with BullStop and eternally after its termination any Personal Data that they may have access to during their agreements with BullStop.
6. BullStop has door locks and/or door access cards in offices from where Personal Data can be accessed.

ANNEX III : LIST OF SUB-PROCESSORS

The controller has authorized the use of the following sub-processors(where applicable links to the sub-processors privacy policy are provided):

1. Server service providers including Amazon Web Services (https://aws.amazon.com/privacy/) and Microsoft Azure (https://privacy.microsoft.com/en-gb/privacystatement);
2. Identity management providers including OKTA (https://www.okta.com/uk/privacy-policy/)
3. Website, Software, and Services development services, including software development, analytical data processing such as Firebase (https://firebase.google.com/support/privacy), PHP and JavaScript errors tracking;
4. Providers of safety measures, including fraud protection, protection, and encryption of BullStop traffic, email domain authority detection tool;
5. E-mail service providers;
6. SMS and MMS sending/receiving service providers;
7. Communication service providers;
8. Bookkeeping and payment service providers;
9. Customer support service providers;
10. Data processing service providers.