GDPR Compliance

1. Introduction

This GDPR Compliance Notice explains how CatechismAI ("we", "our", or "us") processes personal data in accordance with the European Union's General Data Protection Regulation (GDPR) for users accessing our Catholic chat service from the European Economic Area (EEA), United Kingdom, and Switzerland.

The GDPR enhances and unifies data protection for individuals within the EU. While CatechismAI is based in the United States, we are committed to ensuring that our data processing activities comply with GDPR requirements for users in the EU who use our Catholic chat service.

This notice supplements our main Privacy Policy and provides specific information about our GDPR compliance measures. If there is any conflict between this GDPR Compliance Notice and our Privacy Policy, this GDPR Compliance Notice will prevail for users subject to the GDPR.

1.1 Data Controller

CatechismAI operates as a data controller for the personal data we collect through our Catholic chat service and website. This means we determine the purposes and means of processing your personal data when you interact with our Catholic chatbot and educational platform.

As a data controller, we are responsible for implementing appropriate technical and organizational measures to ensure the security of your personal data and to demonstrate GDPR compliance throughout your Catholic chat experience.

Our Commitment: CatechismAI is dedicated to protecting your privacy while you learn about Catholic teaching through our Catholic chat service. We process only the minimum data necessary to provide you with accurate answers to your questions about the faith.

2. Lawful Basis for Processing

Under the GDPR, we must have a valid lawful basis to process your personal data when you use our Catholic chat service. We rely on the following lawful bases:

2.1 Consent

When you create an account to save your Catholic chat conversations or opt-in to receive updates about our Catholic teaching resources, we process your personal data based on your consent. You have the right to withdraw your consent at any time by contacting us at privacy@catechismai.com or by adjusting your preferences in your account settings.

2.2 Contract

We process your personal data when it is necessary for the performance of a contract with you (such as our Terms of Service) or to take steps at your request before entering into a contract. This includes:

Creating and managing your Catholic chat account
Providing access to our Catholic chatbot and catechism database
Saving your favorite catechism paragraphs and chat history
Providing personalized Catholic teaching recommendations
Providing customer support for our Catholic chat service

2.3 Legitimate Interests

We process some personal data based on our legitimate interests, provided they are not overridden by your interests or fundamental rights and freedoms. Our legitimate interests include:

Improving and personalizing our Catholic chat service
Ensuring the security and integrity of our Catholic teaching platform
Analyzing usage patterns to enhance the Catholic chat experience
Training our AI to provide more accurate responses about Catholic teaching
Detecting and preventing abuse of our Catholic chat service
Communicating with existing users about Catholic chat improvements

You have the right to object to processing based on legitimate interests by contacting us at privacy@catechismai.com.

2.4 Legal Obligation

We may process your personal data when necessary to comply with a legal obligation, such as responding to valid legal requests from public authorities or maintaining records required by law.

For each type of processing activity in our Catholic chat service, we maintain records of the specific lawful basis we rely on. If you have questions about the lawful basis for processing specific categories of data, please contact our Data Protection Officer.

3. EU Data Subject Rights

Under the GDPR, individuals in the EU have enhanced rights regarding their personal data when using our Catholic chat service. If you are located in the EU, you have the following rights:

3.1 Right to Access

You have the right to obtain confirmation that your personal data is being processed in our Catholic chat service and to receive a copy of the personal data we hold about you, along with information about how we use it.

3.2 Right to Rectification

You have the right to have inaccurate personal data corrected and incomplete data completed. You can update most of your information directly through your Catholic chat account settings.

3.3 Right to Erasure (Right to be Forgotten)

You have the right to request the deletion of your personal data in certain circumstances, such as when it is no longer necessary for the purposes of providing our Catholic chat service or when you withdraw consent. This includes your Catholic chat history, saved favorites, and account information.

3.4 Right to Restriction of Processing

You have the right to request that we restrict the processing of your personal data in certain situations, such as when you contest the accuracy of your data or when the processing is unlawful but you oppose erasure.

3.5 Right to Data Portability

You have the right to receive your personal data (including your Catholic chat conversations and saved catechism favorites) in a structured, commonly used, and machine-readable format, and to transmit that data to another service provider without hindrance.

3.6 Right to Object

You have the right to object to the processing of your personal data based on legitimate interests, direct marketing, or for research and statistical purposes. You can object to our use of your Catholic chat data for service improvements at any time.

3.7 Rights Related to Automated Decision Making

You have the right not to be subject to a decision based solely on automated processing (including profiling) that produces legal or similarly significant effects on you. While our Catholic chat service involves AI-powered automated processing to provide answers about Catholic teaching, these responses do not produce legal or similarly significant effects as defined under the GDPR.

3.8 How to Exercise Your Rights

To exercise any of these rights regarding your Catholic chat data, please contact our Data Protection Officer at privacy@catechismai.com or submit a request through our GDPR Request Form below. We will respond to your request within one month, which may be extended by up to two additional months when necessary, taking into account the complexity and number of requests.

There may be circumstances where we cannot fully satisfy your request, such as when it would adversely affect the rights of others or when we are legally permitted to handle the request differently. If we decline to fully act on your request regarding your Catholic chat data, we will explain our reasons for the decision.

4. Data Transfers

CatechismAI is based in the United States, and our primary data storage servers for the Catholic chat service are located in the US. When you use our Catholic chat service from the EU, your personal data is transferred to and processed in the United States and potentially other countries outside the EU.

4.1 Transfer Safeguards

To ensure adequate protection for international data transfers under the GDPR when you use our Catholic chat service, we implement the following safeguards:

Standard Contractual Clauses (SCCs): We incorporate the European Commission's approved Standard Contractual Clauses into our agreements with third-party service providers who process EU Catholic chat user data outside the EU.
Technical and Organizational Measures: We implement appropriate security measures to protect your Catholic chat data during transfer and storage, including encryption, access controls, and regular security assessments.
Data Minimization: We transfer only the personal data necessary for providing the Catholic chat service and responding to your questions about Catholic teaching.

4.2 Third-Party Transfers

When we share your personal data with third-party service providers for our Catholic chat service, we ensure they provide sufficient guarantees to implement appropriate technical and organizational measures to meet GDPR requirements and protect your rights. Our major service providers include:

Cloud hosting providers (for Catholic chat data storage)
AI service providers (for Catholic chatbot responses)
Analytics providers (to improve Catholic chat functionality)
Email service providers (for Catholic teaching updates)

We maintain a list of all third parties who process personal data on our behalf for the Catholic chat service, including information about the types of data processed, the location of processing, and the safeguards in place for international transfers.

Your Catholic Chat Data is Protected: All transfers of your Catholic chat conversations and personal information are secured with industry-standard encryption and contractual protections to ensure GDPR compliance.

5. Data Breach Notification

In the event of a personal data breach affecting our Catholic chat service that is likely to result in a risk to the rights and freedoms of individuals, we will:

5.1 Notification to Supervisory Authority

We will notify the relevant EU supervisory authority without undue delay and, where feasible, not later than 72 hours after becoming aware of the breach affecting Catholic chat user data. The notification will include:

The nature of the personal data breach in our Catholic chat service
Categories and approximate number of Catholic chat users concerned
Categories and approximate number of personal data records concerned
Name and contact details of our Data Protection Officer
Likely consequences of the breach on Catholic chat users
Measures taken or proposed to address the breach

5.2 Notification to Affected Individuals

When a breach affecting your Catholic chat data is likely to result in a high risk to your rights and freedoms, we will also notify you directly without undue delay. The notification will describe in clear and plain language the nature of the breach and include at minimum:

Contact details of our Data Protection Officer
Description of the likely consequences of the breach
Description of the measures taken or proposed to address the breach
Recommendations for individuals to mitigate potential adverse effects

5.3 Documentation

We maintain a record of all personal data breaches affecting our Catholic chat service, including the facts surrounding the breach, its effects, and the remedial action taken. This documentation allows supervisory authorities to verify our compliance with the GDPR's breach notification requirements.

6. Data Protection by Design

We implement data protection by design and by default into our Catholic chat service and platform. This means we integrate data protection into our processing activities from the earliest stages of design and include safeguards to protect data subject rights.

6.1 Technical and Organizational Measures

We implement appropriate technical and organizational measures in our Catholic chat service to ensure a level of security appropriate to the risk, including:

Encryption of personal data including Catholic chat conversations
Ability to ensure ongoing confidentiality, integrity, availability, and resilience of Catholic chat processing systems
Process for regularly testing, assessing, and evaluating the effectiveness of security measures
Measures to restore availability and access to Catholic chat data in the event of a physical or technical incident
Pseudonymization of Catholic chat data where appropriate

6.2 Data Protection Impact Assessments

We conduct Data Protection Impact Assessments (DPIAs) for processing activities in our Catholic chat service that are likely to result in high risk to individuals, particularly when implementing new technologies or when processing data on a large scale.

6.3 Records of Processing Activities

We maintain records of our Catholic chat processing activities, including:

Purposes of processing (providing Catholic chat responses, saving favorites, etc.)
Categories of data subjects (Catholic chat users) and personal data
Categories of recipients of Catholic chat data
Information about international transfers
Envisaged time limits for erasure of Catholic chat data
Description of security measures protecting Catholic chat users

7. Data Protection Officer

While not legally required to do so under the GDPR for our scale of operations, we have voluntarily appointed a Data Protection Officer (DPO) to oversee our data protection strategy and ensure GDPR compliance for our Catholic chat service.

7.1 DPO Responsibilities

Our DPO's responsibilities include:

Informing and advising us and our employees about GDPR obligations for our Catholic chat service
Monitoring compliance with the GDPR and other data protection laws
Providing advice on Data Protection Impact Assessments for Catholic chat features
Cooperating with supervisory authorities
Acting as a contact point for Catholic chat users and supervisory authorities

7.2 Contact Information

You can contact our Data Protection Officer regarding your Catholic chat data at:

Email: privacy@catechismai.com
Subject Line: GDPR Request - Catholic Chat Data

Our Data Protection Officer is available to answer any questions you have about how we process your Catholic chat data and how we comply with GDPR requirements.

8. How to Submit GDPR Requests

If you wish to exercise your rights under the GDPR regarding your Catholic chat data, you can do so by completing the form below, emailing our Data Protection Officer, or using the contact information provided above.

We aim to respond to all GDPR requests within one month. However, in some cases, we may need to extend this period by up to two additional months, taking into account the complexity and number of requests. We will inform you of any such extension within one month of receipt of your request, together with the reasons for the delay.

Response Time: We take your data rights seriously. Most GDPR requests regarding Catholic chat data are processed within 1-2 weeks, though complex requests may take longer.

Table of Contents