GDPR Compliance
Towasal's approach to GDPR, lawful bases, and EU data rights.
EU representative: Towasal BV
DPA available on request
We act as a processor for chat content and a controller for account/billing data. Our Data Processing Addendum (DPA) mirrors the commitments below.
1. Lawful bases
We process personal data under the following lawful bases:
- Performance of a contract: to deliver chatbot automation, orders, and analytics described on the pricing page.
- Legitimate interest: to secure the platform, prevent abuse, and improve reliability.
- Consent: for optional marketing emails or beta programs.
2. Data subject rights
We help you answer shopper requests for access, correction, deletion, portability, and objection.
Admins can self-serve exports from Settings → Data Controls, or email dpo@towasal.io for assisted requests. We respond within 30 days.
3. International transfers
Primary data centers operate in the EU with failover in the Middle East. When data leaves the EEA we rely on updated SCCs and supplementary safeguards (encryption, access controls).
Our subprocessors list and DPA are available at dpa.towasal.io.
4. Contact
EU Representative: Towasal BV, Keizersgracht 391, 1016EJ Amsterdam.
Data Protection Officer: dpo@towasal.io.
