1. Data Processing
The data collected by the Services is split into two categories:
Customer Data is data processed by us on behalf of the Customer using the Services. Customer data contains personal data, such as full ip addresses and the contents of chat conversations. Most of this data is provided by the visitor themselves during a chat conversation. The purpose of the processing of this data is the provision of customer engagement and analytics tools on the Customer website. The Customer Data is owned by the Customer. In regard to Customer Data the Customer is the data controller and giosg the data processor in the meaning of the EU data protection legislation.
The Customer Data categories are fully listed in the table below.
Benchmark Data is anonymous analytics data which we collect from the use of the Services for our own purposes. We use it across giosg Services to provide better Service. Benchmark data is stored and handled separately from Customer Data. It does not contain personal data, nor is it ever combined, analyzed or stored together with personal data. Benchmark Data is proprietary to us. The Benchmark data categories are listed in the table below.
The Benchmark data is used for the following purposes:
- Use of benchmark data is limited to the following:
- Improving the quality of our Services
- Keeping our Services and integrations safe and secure
- Troubleshooting and testing
- Data analysis (e.g. industry benchmarking) and research purposes
- Trend detection
- User profiling
- Content ranking and recommendations
|Customer Data||Giosg Benchmark Data*|
1. Web Analytics Data (per visitor)
2. Chat operator data (registered user)
4. Additional data provided by Customer
1. Web Analytics Data (per visitor)
*Anonymous data used by giosg for troubleshooting, Service improvements, statistics and trend detection. Benchmark data is stored and processed separately from Customer Data.
Most browsers accept cookies automatically. However, you can change the settings of your browser to erase cookies or prevent them. In that case, we cannot guarantee that our website or Services will be able to provide you with the intended user experience.
Third Party Cookies
On our own website we also use third party cookies from the following Service providers to help us analyze trends and for tracking purposes, and to gather general information about our visitor base:
DoubleClick collects data on visitor responses to advertising and the effectiveness of advertising.
Facebook collects data and analytics regarding traffic flows to/from Facebook and displays ads.
Google Analytics collects data and analytics regarding the visitor base and traffic of the website.
Google Adwords is used for showing ads in connection with google search results.
HubSpot is used for email tracking and analytics of website traffic and visitor data.
Hotjar tracks the cursor movements and keypresses of the visitor and associated visitor analytics.
Linkedin Marketing Solutions collects data and analytics regarding traffic flows to/from Linkedin and displays ads.
3. Visitor Consents
When using the giosg Service on any website, the Customer is responsible for acquiring all applicable consents (regarding for example the processing of personal data and cookies) from the website visitors as necessary for the delivery of the Service.
4. Servers and Data Storage
All Data is physically stored within the European Union. The servers are provided through credible subcontracters.
5. Duration of Data Processing
Unless otherwise agreed, we store Customer Data for 5 years.
A custom chat data deletion tool can be activated for the manager user account, allowing for the Customer to schedule the deletion time of chats themselves.
6. Technical and Organizational Measures
We hereby confirm that we have the appropriate technical and organizational measures in place to meet the data processing requirements of the General Data Protection Regulation. Our security guidelines are based on ISO27001.
We have appointed a Data Protection Officer.
The Services are TLS protected. At rest-data encryption, ip access controls and high security password controls are provided as a separate security tool.
Credible third party subcontractors may be engaged in the data processing process for data storage purposes (rented servers).
We will provide Customers with a written notice before engaging subprocessors for other purposes.
We confirm that all persons we have authorised to process personal data of the Customer are bound with a written undertaking of confidentiality.
9. Data Breach Notices
In case we become aware of a data security breach affecting personal data we will report this to the Customer within a time frame of 48 hours. In such case we will coordinate and assist the Customer in minimising any damage and provide the Customer with the required information about the breach.
10. Data Subject Rights
We are committed to assisting our Customers with their responsibilities regarding the data subject rights. Our contact for this type of requests is firstname.lastname@example.org
In cases where such assistance causes us a substantial amount of work, we reserve the right to invoice such work in accordance with our standard hourly fees.
11. Right to Audit
Our Customers are welcome to perform data protection/security audits on us as long as they compensate for all costs involved.
For audits causing us a substantial amount of work, we reserve the right to invoice such work in accordance with our standard hourly fees.
For questions regarding privacy please contact: email@example.com
Policy last modified: January 2018