Privacy Policy

When using Ltd’s ("us", "we", or "our") Services (“Services”), we receive and process information as described in this privacy policy. We automatically collect and store certain information as described below. Please take the time to carefully read this Privacy Policy.

This Privacy Policy is also intended to serve as a Data Processing Agreement between us and those Customers with whom we do not have a separate DPA in place.



1. Data Processing


The data collected by the Services is split into two categories:


Customer Data is data processed by us on behalf of the Customer using the Services. Customer data contains personal data, such as full ip addresses and the contents of chat conversations. Most of this data is provided by the visitor themselves during a chat conversation. The purpose of the processing of this data is the provision of customer engagement and analytics tools on the Customer website. The Customer Data is owned by the Customer. In regard to Customer Data the Customer is the data controller and giosg the data processor in the meaning of the EU data protection legislation.


The Customer Data categories are fully listed in the table below.



Customer Data

1. Web Analytics Data (per visitor)

  • Customer-specific cookie identifier (CID)
  • IP address
  • Visited URLs
  • Referrer URL
  • Timestamp
  • Operating system
  • Device Browser


2. Chat operator data (registered user)

  • Name
  • Phone number
  • Email address
  • Additional user-provided information
  • Time online
  • Profile picture, if uploaded


3. Chat related data

  • Content of the conversations
  • Operator of each chat
  • References to web analytics data
  • Blacklisted users (per cookie/IP address)


4. Additional data provided by

  • Customer Data provided through the API



2. Cookies


Our Services use cookies, including unique cookie identifiers, as well as  similar local storage technologies such as browser web storage and application data caches.


Cookies are used for tracking visitors and their browsing patterns. Cookies allow us to identify, profile and track computers which are used to visit our website or those websites which use giosg Services. By accessing our website or websites which use giosg Services, you accept the use of cookies and tracking.


Most browsers accept cookies automatically. However, you can change the settings of your browser to erase cookies or prevent them. In that case, we cannot guarantee that our website or Services will be able to provide you with the intended user experience.



Third Party Cookies


On our own website we also use third party cookies from the following Service providers to help us analyze trends and for tracking purposes, and to gather general information about our visitor base:



DoubleClick collects data on visitor responses to advertising and the effectiveness of advertising. 


Facebook collects data and analytics regarding traffic flows to/from Facebook and displays ads.


Google Analytics collects data and analytics regarding the visitor base and traffic of the website.


Google Adwords is used for showing ads in connection with google search results.


HubSpot is used for email tracking and analytics of website traffic and visitor data.


Hotjar tracks the cursor movements and keypresses of the visitor and associated visitor analytics.


Linkedin Marketing Solutions collects data and analytics regarding traffic flows to/from Linkedin and displays ads.




3. Visitor Consents


When using the giosg Service on any website, the Customer is responsible for acquiring all applicable consents (regarding for example the processing of personal data and cookies) from the website visitors as necessary for the delivery of the Service.



4. Servers and Data Storage


All Data is physically stored within the European Union. The servers are provided through credible subcontracters. 



5. Duration of Data Processing


Unless otherwise agreed, we store Customer Data for 5 years.


A custom chat data deletion tool can be activated for the manager user account, allowing for the Customer to schedule the deletion time of chats themselves.



6. Technical and Organizational Measures


We hereby confirm that we have the appropriate technical and organizational measures in place to meet the data processing requirements of the General Data Protection Regulation. Giosg is ISO27001 certified.


We have appointed a Data Protection Officer.


The Services are TLS protected. At rest-data encryption, IP access controls and high-security password controls are provided as a separate security tool.



7. Sub-Processors


Credible third-party subcontractors may be engaged in the data processing process for data storage purposes (rented servers). 


We will provide Customers with a written notice before engaging subprocessors for other purposes.



8. Confidentiality


We confirm that all persons we have authorised to process personal data of the Customer are bound with a written undertaking of confidentiality.



9. Data Breach Notices


In case we become aware of a data security breach affecting personal data we will report this to the Customer within a time frame of 48 hours. In such case we will coordinate and assist the Customer in minimising any damage and provide the Customer with the required information about the breach.



10. Data Subject Rights


We are committed to assisting our Customers with their responsibilities regarding the data subject rights. Our contact for this type of requests is


In cases where such assistance causes us a substantial amount of work, we reserve the right to invoice such work in accordance with our standard hourly fees.



11. Right to Audit


Our Customers are welcome to perform data protection/security audits on us as long as they compensate for all costs involved.


For audits causing us a substantial amount of work, we reserve the right to invoice such work in accordance with our standard hourly fees.



12. Contact


For questions regarding privacy, please contact:



(Policy last modified: November 2021)