AMIRA
How we collect, use, share, and protect personal information when you use the AMIRA platform and the concierge services we operate for businesses.
AMIRA provides an AI customer concierge that businesses use to answer enquiries, capture leads, and assist their customers across channels such as a website chat widget and WhatsApp. This policy explains how we handle personal information.
It applies to our marketing website (amirahsr.org), our platform and administration console (platform.amirahsr.org), the AMIRA chat widget wherever it is embedded, our WhatsApp and messaging integrations, and any related services, together "the Services".
We have written this policy to meet the requirements of several laws at once: the Protection of Personal Information Act, 2013 (POPIA) in South Africa, the UK General Data Protection Regulation and Data Protection Act 2018 in the United Kingdom, the EU General Data Protection Regulation (GDPR) in the European Economic Area, and United States privacy laws including the California Consumer Privacy Act as amended by the California Privacy Rights Act (together the CCPA). Where a specific law gives you additional rights, those rights are set out in Section 13.
The Services are operated by Shimshon Gavriel Fisher, a sole proprietor trading as Amira Human Software Resources, of 131 Lyndhurst Road, Johannesburg, 2192, South Africa ("AMIRA", "we", "us", "our").
For all privacy questions and requests, contact us:
For the purposes of POPIA, our Information Officer is Shimshon Gavriel Fisher, reachable at the email above.
We have not appointed a representative in the European Economic Area or the United Kingdom at this time. Where the law requires us to appoint one, we will do so and update this policy. Until then, please contact us directly using the details above for any matter relating to your personal information.
The same data laws can treat us differently depending on whose information is involved. AMIRA acts in two distinct capacities.
For information about our business clients and the people who run their accounts, our website visitors, prospects we contact, and applicants, we decide why and how that information is used. We are the controller (or, under POPIA, the responsible party).
For the conversations and personal information of a client's own customers and end users, handled when we run the concierge on that client's behalf, the client decides the purposes. We act as a processor (an operator under POPIA) under that client's instructions.
Where AMIRA acts only as a processor, the relevant business client's own privacy notice governs that processing, and end users should direct rights requests to that business in the first instance. We will assist our clients in responding. This policy still explains our practices so end users understand how AMIRA, as the technology provider, handles their information.
When a business signs up for or administers the Services, we collect account and contact details such as name, business name, work email, phone number, role, login credentials, configuration choices, and billing information needed to process payments.
When an end user interacts with an AMIRA concierge through a chat widget or a messaging channel such as WhatsApp, we process, on behalf of the relevant client:
End users should share only what is needed for their enquiry and should avoid sending sensitive information (such as health, financial account, or identity-document details) through a chat unless specifically asked and necessary.
When you use our website or the widget, we and our service providers may automatically collect technical information such as IP address, approximate location derived from it, device and browser type, pages viewed, referring URLs, and timestamps, as well as diagnostic logs used to keep the Services secure and reliable. We use cookies and similar technologies for this, as described in Section 8.
We use personal information for the purposes below. For individuals protected by the GDPR or UK GDPR, the table also states our lawful basis. Under POPIA, our processing is justified on equivalent grounds, principally consent, performance of a contract, our legitimate interests, or compliance with law.
| Purpose | Legal basis (GDPR / UK GDPR) |
|---|---|
| Providing and operating the concierge and the platform for our clients | Performance of a contract; legitimate interests in delivering the Services |
| Generating responses to end-user enquiries using AI (see Section 7) | Performance of our client's contract with the end user; legitimate interests |
| Capturing and forwarding leads and enquiries to the relevant client | Legitimate interests; performance of a contract |
| Account management, billing, and support | Performance of a contract; legal obligation |
| Securing the Services, preventing abuse, and debugging | Legitimate interests; legal obligation |
| Improving and maintaining the Services | Legitimate interests |
| Marketing our own Services to businesses and prospects | Consent where required; otherwise legitimate interests |
| Complying with law and enforcing our terms | Legal obligation; legitimate interests |
Where we rely on legitimate interests, we have weighed those interests against your rights. Where we rely on consent, you may withdraw it at any time without affecting processing already carried out.
The AMIRA concierge uses artificial intelligence to understand enquiries and generate replies. To do this, message content is sent to our AI provider for processing and then discarded by that provider in line with their terms; it is not used to train their models. We tell you plainly that you are interacting with an automated assistant.
The concierge answers questions, shares information a business has approved, and captures enquiries. It does not make decisions that produce legal effects or similarly significant effects about you on a solely automated basis. Outcomes that matter, such as whether a business takes you on as a customer, fulfils an order, or makes an appointment, involve a human at the business. You can ask to speak with a person at the relevant business at any time.
AMIRA operates across borders. Our platform and stored data are hosted in the European Union (Germany), our team accesses the Services from South Africa, and some sub-processors are located in the United States. This means personal information may be transferred to and processed in countries other than your own, including countries that may not provide the same level of legal protection.
When we transfer personal information internationally, we rely on appropriate safeguards, such as the European Commission's and the UK's Standard Contractual Clauses, adequacy decisions where they apply, and the data-transfer terms in our agreements with sub-processors. For transfers governed by POPIA, we ensure recipients are bound by comparable protections. You may request more detail about the safeguards we use by contacting us.
We keep personal information only for as long as needed for the purposes set out in this policy, then delete or anonymise it.
Where AMIRA acts as a processor, retention follows the instructions of the business client and our agreement with them.
We take reasonable and appropriate technical and organisational measures to protect personal information against loss, misuse, and unauthorised access. These include encryption in transit, access controls and least-privilege access, network and server hardening, secured infrastructure, and regular updates. No method of transmission or storage is completely secure, so we cannot guarantee absolute security, but we work to protect your information and to respond promptly to any incident, including notifying affected people and regulators where the law requires.
Your rights depend on where you are. We honour the rights that apply to you. Because we often act as a processor for a business client, we may need to forward your request to that client, who is responsible for deciding how to respond; we will help them do so.
You have the right to access your personal data; to have inaccurate data corrected; to have data erased; to restrict or object to processing; to data portability; and to withdraw consent where we rely on it. You also have the right to lodge a complaint with a supervisory authority (see Section 17).
You have the right to be told what personal information we hold and to request access to it; to ask us to correct or delete information that is inaccurate, irrelevant, excessive, or unlawfully held; to object to processing on reasonable grounds; and to complain to the Information Regulator (see Section 17).
If you are a California resident, you have the right to know what personal information we collect, use, and disclose; to access and delete your personal information; to correct inaccurate information; and to be free from discrimination for exercising your rights. We do not sell or share personal information as those terms are defined under California law, and we do not use sensitive personal information beyond the purposes permitted. Residents of other US states with comparable laws have similar rights, which we extend where applicable.
Contact us using the details in Section 2. We will verify your identity before acting, respond within the timeframes required by the applicable law, and will not charge a fee unless the law allows. You may use an authorised agent where the law permits. If your request concerns a concierge run for a specific business, please tell us which business so we can route it correctly.
The Services are intended for businesses and adults. We do not knowingly collect personal information from children below the age set by applicable law without appropriate consent. If you believe a child has provided personal information through an AMIRA concierge, contact us and we will take appropriate steps to delete it.
The Services and the websites where the widget appears may link to third-party sites and services we do not control. This policy does not cover those third parties. Please review their own privacy notices.
We may update this policy from time to time to reflect changes in the Services, our practices, or the law. When we do, we will revise the "Last updated" date above and, where changes are significant, take additional steps to notify you. Please review this page periodically.
For any question or to exercise your rights, contact us at shimshon@amirahsr.org or by post at 131 Lyndhurst Road, Johannesburg, 2192, South Africa.
We ask that you contact us first so we can address your concern. You also have the right to complain to a supervisory authority: