Stream.io INC Privacy Statement

Stream.io, Inc. (“us,” “we,” or Stream”) is committed to respecting the privacy rights of our customers (“Customers”) and their end users (“End Users”), as well as other users of the Stream newsfeed and responsive chat services available through our API (collectively, the “Service”) and the Stream websites, including (www.getstream.io) and any successor sites (collectively, “Websites” and each individually, a “Website”).

The purpose of this privacy statement (“Privacy Statement”) is to inform you about how we process your personal data when you use our Service and our Websites and to and to demonstrate our commitment to fair information practices and the protection of privacy.

This Privacy Statement may be changed over time. The most up-to-date Privacy Statement is published on our website. The last modifications to this Privacy Statement were made on August 9th 2022.

This Privacy Statement is applicable to the processing of personal data for which Stream acts as a controller. More specifically, to the processing performed by Stream with regards to all personal data of its customers, suppliers, business partners, applicants and other individuals. This Privacy Statement does not address the processing of personal data of employees in the context of their employment relationship with Stream. Neither does it address the processing of personal data Stream processes on behalf of our controllers (e.g. other parties or customers), for which Stream acts as a processor.

This Privacy Statement indicates what personal data is collected and used (processed) by Stream and for what purpose, and to which persons or entities the data will or may be provided.

Lawfulness of the processing is one of the main principles relating to the processing of your personal information. Your personal data is only processed for the purposes for which you have provided it for.

At Stream we apply the following legal bases for the processing of personal data:

• Processing is necessary for the performance of a contract
• Legitimate interest
• Processing is necessary for compliance with a legal obligation
• Consent

Depending on your relationship with us and how you interact with us we may use your personal data for the following purposes:

When you do business with us

(a) For the conclusion and execution of agreements When you have purchased a product or service from us as a customer, online through our web shop, we process your personal data for administrative purposes such as sending invoices and making payments. We also use your personal data in order to deliver or receive and administer our or your products or services.

For this purpose, we process your contact details, name and address information, payment information (through a PCI DSS compliant sub-processor) and order history.

(b) For relationship management and marketing We use the information stored in our customer database to send you suitable offers and newsletters, as well as to provide customer services, perform account management. We also use your personal data for the development, execution and analysis of market surveys and marketing strategies.

For this purpose, we process your contact details, name and address information, payment information and order history.

When you use our websites

(a) To deliver you our website’s functionalities and for their technical and functional management If you use our website, we process technical data to offer you our website functionalities and to allow our Website's administrators to manage and improve our Website's performance. Further, we process your personal data to allow you to save your data (such as preferences and products) to your saved items and to allow you to share these with others using the sharing options you have configured on your device. Stream also uses cookies to ensure you can retrieve information from our websites quickly and easily, refer to our Cookie Statement for more information.

For this purpose, we process the personal data and the technical data from your device such as its IP address, the internet browser you use, the pages you have visited on our Websites and your click- and surf behaviour

(b) If you open a Stream account with us, to administer the account and to ensure confidentiality and security of your purchases When you choose to register with us, you have to provide personal data to create an account and start using the services. These personal data enable us to administer your account and enable us to ensure the confidentiality and to maintain the security of your purchases.

For this purpose, we process your contact details, login details, order history, IP address and device information (such as user agent), Other "Optional Information" can be added to your account based on your own preferences.

(c) To allow you to connect with us (e.g. via social media) We are active on social media platforms like Facebook, Twitter, LinkedIn, Instagram. When you contact us via social media, we process your personal data in order to answer your questions and to respond to your messages.

In addition, when you visit a "Contact Sales" page on our website, you can contact us through a variety of communication channels. We provide you with our email address, for you to send us your feedback and suggested improvements, as well as our website, trade website, Twitter and Facebook details. When you click one of the corresponding icons we will refer you to the website or app of the applicable external party, whether this is your email provider or a social media platform.

For this purpose, we process your social media channel and the contact details that are provided therein. In addition, when you click one of the buttons displayed, the relevant third party might place cookies on your device. To read more about cookies, please visit our Cookie Declaration page.

Finally we will process your data should you choose to open a support request, either via the website or by contacting us via email and/or Slack.

When you interact with Stream (online or offline)

(a) To ask questions If you get in touch with us via legal@getstream.io or via the contact form on the Stream website, we will use your personal data in order to reply to and answer your question.

For this purpose, we process contact details, name, your correspondence with us your question and all other personal data which are necessary to answer your question.

(b) To comply with the law In some cases, we process your personal data to comply with laws and regulations. This could, for example, be the case where tax or business conduct related obligations apply. In order to comply with relevant laws and regulations, we may need to disclose your personal data to government institutions or supervisory authorities.

For this purpose, we process your contact details, personal details, payment information, order history and tax details.

(c) For the development and improvement of products and/or services We process your personal data in order to assess, analyse and improve our products and (customer) services. We use aggregated personal data to analyse customer behaviour and to adjust our products and services accordingly. When you use a website, enter or search data through this Website, we also process your personal data to compile analytics reports. We use aggregated personal data to analyse customer behaviour and to adjust our products and services accordingly, to ensure that it is relevant to our customers. This means that we analyse how often you read our newsletters, how often you visit our Website, which pages you click on and what goods you purchase through our Website. We may purchase supplementary data from public sources to complement our database for the above purposes.

For this purpose, we process your contact details, personal details, payment and credit information, and correspondence with us. In addition, we process the personal data you entered into a Website or that were generated by the functionalities you used in a Website and the technical data from your device.

If you choose to participate in our surveys, we may ask you to provide us with your email. We may also use the personal data that you have provided in the survey for this purpose.

When you apply for a job at Stream

(a) To inform you and communicate with you with regard to your employment or job application If you have shown interest in a position at Stream, we store your personal data in our recruitment database. We use the data in this database to communicate with you and to determine whether your qualifications and profile meet the requirements of the specific vacancy. We may invite you for recruitment activities, such as interviews, or inform you about new vacancies which may be relevant to you.

For this purpose, we process your contact details, personal details and curriculum vitae.

(b) To assess and evaluate you during the recruitment procedure As part of our recruitment procedure, we may perform assessments to assess your skills and knowledge based on the vacancy you applied for. We may also, in line with applicable law, conduct a background screening in order to evaluate whether you are eligible for a role at Stream. For this purpose, we process your contact details, personal detail and background screening information.

(c) To enter into an employment contract for services with you If we offer you a position at Stream, we will process your personal data to prepare and process an employment agreement. We use your personal data for the drafting and execution of your employment agreement. We will then also store your personal data in our HR database. Note that once you are offered a position at Stream our Employee Privacy Notice will apply to the processing of your personal data as an employee.

Personal data related to recruitment will be deleted 4 weeks after the recruitment period has ended. You can give Stream to consent to retain your personal data for longer, up to 6 months after the recruitment period has ended.

As a global organisation, personal data we collect may be transferred internationally throughout our organization. Your personal data may be exchanged with other entities of Stream. We exchange your data for administrative purposes and so that we can have a complete overview of your contacts and contracts within Stream. We may also exchange your data in order to offer you a complete package of services and products.

Our employees are authorised to access personal data only to the extent necessary to serve the applicable purpose and to perform their jobs.

Our employees are authorised to access personal data only to the extent necessary to serve the applicable purpose and to perform their jobs.

Note: the above applies exclusively to the data Stream processes as a Data Controller and not as a Data Processor.

Access to your personal data by third parties

The following entities may have access to your personal data:

1. Other Stream Entities: We might share personal data with our other Stream's legal entities in order to support the services we are delivering.
2. Processors: When Stream engages a third party to process your personal data on behalf of Stream, following Streams instructions, this party acts as a data processor. When Stream engages a data processor, we have appropriate safeguards in place in accordance with applicable data protection laws, including a data protection agreement. For example, Stream engages a processor to process payments.
3. Third Parties: The following third parties have access to your personal data, where relevant, for the provisioning of their products or services to us: banks, insurance companies, governmental institutions (if required). Note that Stream has never received any requests from governments so far.

Measures and data transfers

When third parties are given access to your personal data Stream will take the required contractual, technical and organisational measures to ensure that your personal data are only processed to the extent necessary. The third parties will only process your personal data in accordance with applicable law.

If your personal data are transferred to a recipient in a country that does not provide an adequate level of protection for personal data, Stream will take measures to ensure that your personal data are adequately protected, such as entering into EU Standard Contractual Clauses with these recipients.

In other cases, your personal data will not be supplied to third parties, except where required by law.

Stream has taken adequate safeguards to ensure the confidentiality and security of your personal data. We have implemented appropriate technical, physical and organisational measures to protect personal data against accidental or unlawful destruction or accidental loss, damage, alteration, unauthorised disclosure or access as well as all other forms of unlawful processing (including, but not limited to, unnecessary collection) or further processing. Examples are IT security policies, staff training and secure servers. For more information see our webpage on Security

We process your personal data to the extent necessary for the performance of our obligations and as long as necessary to achieve the purposes for which we collected your personal data. When it is no longer necessary to keep your personal data we remove it from our systems or take steps to ensure that your personal data is anonymized meaning that we cannot identify you anymore.

Right to access

You have the right to get an overview of your personal information that we process.

Right to restrict processing

You have the right to request that we restrict or stop the processing of your personal information held by us for a certain period of time, or for an indefinite period. Under certain circumstances, it may not be possible for us to accept your request; for example, when the processing is necessary to comply with a legal obligation, or if we can demonstrate compelling legitimate grounds otherwise.

Right to rectification

If your personal information is inaccurate or incomplete, you have the right to ask Stream to rectify or complete your personal information.

Right to erasure

You have the right to request that we delete your personal information to the extent permitted by the applicable law. In certain circumstances, it may not be possible for Stream to accept your request; for example, when the processing is necessary to comply with a legal obligation.

Right to data portability

You have the right to ask us to transfer your personal information directly to you. This applies to certain personal information if processed by automated means and with your consent or based on a contract you have with us. On your request, and where technically feasible, we will transfer your personal information to another party of your choice.

Right to object

You have the right to object to the processing of your personal information. The reasons for an objection should relate to your particular situation and be related to processing based on the legitimate interest condition. Stream will then no longer process the personal information unless we can demonstrate compelling reasons otherwise. In certain circumstances, such as in the context of direct marketing, you have the unconditional right to object.

Withdrawal of consent

You have the right to withdraw your consent to the processing of your personal information at any time; for example, after you consented to us keeping you informed about our Services, you have the right to withdraw your consent at any time.

How can I exercise these rights?

As a registered user of the Website, you can modify or delete some of the personal data you have included in your profile by logging in and accessing your account. Upon your request, Stream will use commercially reasonable efforts to delete your account and the personal data in your profile. We will respond to your request to access within 30 days. We may withhold information where the search for that information would require disproportionate effort or have a disproportionate effect to, for example, the cost of providing the information, the time it would take to retrieve the data, or how difficult it may be to obtain the information requested. To exercise your rights under these provisions, please contact us at the “Contact” details below. When we receive your requests, we may ask you to verify your identity before we can act on your request. You can also contact us at privacy@getstream.io.

We also collect information through the use of cookies. Cookies are small files of information which save and retrieve information about your visit to this website – for example, how you entered our site, how you navigated through the site, and what information was of interest to you.

Read more about how we use cookies in our Cookie Statement.

If you have any further questions about the way we process your personal data, please contact our Data Protection Officer (DPO) / Privacy Officer through privacy@getstream.io.

You have the right to lodge a complaint with your local data protection supervisory authority. Please contact your local data protection supervisory authority through the contact details on their website.