Privacy Policy

When using Ltd’s ("us", "we", or "our") Services (“Services”), we receive and process information as described in this privacy policy. We automatically collect and store certain information as described below. Please take the time to carefully read this Privacy Policy.

This Privacy Policy is also intended to serve as a Data Processing Agreement between us and those Customers with whom we do not have a separate DPA in place.



1. Data Processing


The data collected by the Services is split into two categories:


Customer Data is data processed by us on behalf of the Customer using the Services. Customer data contains personal data, such as full ip addresses and the contents of chat conversations. Most of this data is provided by the visitor themselves during a chat conversation. The purpose of the processing of this data is the provision of customer engagement and analytics tools on the Customer website. The Customer Data is owned by the Customer. In regard to Customer Data the Customer is the data controller and giosg the data processor in the meaning of the EU data protection legislation.


The Customer Data categories are fully listed in the table below.


Benchmark Data is anonymous analytics data which we collect from the use of the Services for our own purposes. We use it across giosg Services to provide better Service. Benchmark data is stored and handled separately from Customer Data. It does not contain personal data, nor is it ever combined, analyzed or stored together with personal data. Benchmark Data is proprietary to us. The Benchmark data categories are listed in the table below.


The Benchmark data is used for the following purposes:


  • Use of benchmark data is limited to the following:
  • Improving the quality of our Services
  • Keeping our Services and integrations safe and secure
  • Troubleshooting and testing
  • Data analysis (e.g. industry benchmarking) and research purposes
  • Trend detection
  • User profiling
  • Content ranking and recommendations


Customer Data

  Giosg Benchmark Data*

1. Web Analytics Data (per visitor)

  • Customer-specific cookie identifier (CID)
  • IP address
  • Visited URLs
  • Referrer URL
  • Timestamp
  • Operating system
  • Device Browser


2. Chat operator data (registered user)

  • Name
  • Phone number
  • Email address
  • Additional user-provided information
  • Time online
  • Profile picture, if uploaded


3. Chat related data

  • Content of the conversations
  • Operator of each chat
  • References to web analytics data
  • Blacklisted users (per cookie/IP address)


4. Additional data provided by

  • Customer Data provided through the API

1. Web Analytics Data (per visitor)

  • Generic cookie identifier (GID)
  • Visited URLs
  • Referrer URL
  • Timestamp
  • Operating system
  • Device type
  • Browser type


*Anonymous data used by giosg for troubleshooting, Service improvements, statistics and trend detection. Benchmark data is stored and processed separately from Customer Data.



2. Cookies


Our Services use cookies, including unique cookie identifiers, as well as  similar local storage technologies such as browser web storage and application data caches.


Cookies are used for tracking visitors and their browsing patterns. Cookies allow us to identify, profile and track computers which are used to visit our website or those websites which use giosg Services. By accessing our website or websites which use giosg Services, you accept the use of cookies and tracking, as well as the collection of benchmark data for the purposes stated above.


Most browsers accept cookies automatically. However, you can change the settings of your browser to erase cookies or prevent them. In that case, we cannot guarantee that our website or Services will be able to provide you with the intended user experience.



Third Party Cookies


On our own website we also use third party cookies from the following Service providers to help us analyze trends and for tracking purposes, and to gather general information about our visitor base:



DoubleClick collects data on visitor responses to advertising and the effectiveness of advertising. 


Facebook collects data and analytics regarding traffic flows to/from Facebook and displays ads.


Google Analytics collects data and analytics regarding the visitor base and traffic of the website.


Google Adwords is used for showing ads in connection with google search results.


HubSpot is used for email tracking and analytics of website traffic and visitor data.


Hotjar tracks the cursor movements and keypresses of the visitor and associated visitor analytics.


Linkedin Marketing Solutions collects data and analytics regarding traffic flows to/from Linkedin and displays ads.




3. Visitor Consents


When using the giosg Service on any website, the Customer is responsible for acquiring all applicable consents (regarding for example the processing of personal data and cookies) from the website visitors as necessary for the delivery of the Service.



4. Servers and Data Storage


All Data is physically stored within the European Union. The servers are provided through credible subcontracters. 



5. Duration of Data Processing


Unless otherwise agreed, we store Customer Data for 5 years.


A custom chat data deletion tool can be activated for the manager user account, allowing for the Customer to schedule the deletion time of chats themselves.



6. Technical and Organizational Measures


We hereby confirm that we have the appropriate technical and organizational measures in place to meet the data processing requirements of the General Data Protection Regulation. Our security guidelines are based on ISO27001.


We have appointed a Data Protection Officer.


The Services are TLS protected. At rest-data encryption, IP access controls and high-security password controls are provided as a separate security tool.



7. Sub-Processors


Credible third-party subcontractors may be engaged in the data processing process for data storage purposes (rented servers). 


We will provide Customers with a written notice before engaging subprocessors for other purposes.



8. Confidentiality


We confirm that all persons we have authorised to process personal data of the Customer are bound with a written undertaking of confidentiality.



9. Data Breach Notices


In case we become aware of a data security breach affecting personal data we will report this to the Customer within a time frame of 48 hours. In such case we will coordinate and assist the Customer in minimising any damage and provide the Customer with the required information about the breach.



10. Data Subject Rights


We are committed to assisting our Customers with their responsibilities regarding the data subject rights. Our contact for this type of requests is


In cases where such assistance causes us a substantial amount of work, we reserve the right to invoice such work in accordance with our standard hourly fees.



11. Right to Audit


Our Customers are welcome to perform data protection/security audits on us as long as they compensate for all costs involved.


For audits causing us a substantial amount of work, we reserve the right to invoice such work in accordance with our standard hourly fees.



12. Contact


For questions regarding privacy, please contact:



(Policy last modified: January 2018)