1. Data Processing
The data collected by the Services is split into two categories:
Customer Data is data processed by us on behalf of the Customer using the Services. Customer data contains personal data, such as full ip addresses and the contents of chat conversations. Most of this data is provided by the visitor themselves during a chat conversation. The purpose of the processing of this data is the provision of customer engagement and analytics tools on the Customer website. The Customer Data is owned by the Customer. In regard to Customer Data the Customer is the data controller and giosg the data processor in the meaning of the EU data protection legislation.
The Customer Data categories are fully listed in the table below.
1. Web Analytics Data (per visitor)
2. Chat operator data (registered user)
3. Chat related data
4. Additional data provided by
Most browsers accept cookies automatically. However, you can change the settings of your browser to erase cookies or prevent them. In that case, we cannot guarantee that our website or Services will be able to provide you with the intended user experience.
Third Party Cookies
On our own website we also use third party cookies from the following Service providers to help us analyze trends and for tracking purposes, and to gather general information about our visitor base:
DoubleClick collects data on visitor responses to advertising and the effectiveness of advertising.
Facebook collects data and analytics regarding traffic flows to/from Facebook and displays ads.
Google Analytics collects data and analytics regarding the visitor base and traffic of the website.
Google Adwords is used for showing ads in connection with google search results.
HubSpot is used for email tracking and analytics of website traffic and visitor data.
Hotjar tracks the cursor movements and keypresses of the visitor and associated visitor analytics.
Linkedin Marketing Solutions collects data and analytics regarding traffic flows to/from Linkedin and displays ads.
3. Visitor Consents
When using the giosg Service on any website, the Customer is responsible for acquiring all applicable consents (regarding for example the processing of personal data and cookies) from the website visitors as necessary for the delivery of the Service.
4. Servers and Data Storage
All Data is physically stored within the European Union. The servers are provided through credible subcontracters.
5. Duration of Data Processing
Unless otherwise agreed, we store Customer Data for 5 years.
A custom chat data deletion tool can be activated for the manager user account, allowing for the Customer to schedule the deletion time of chats themselves.
6. Technical and Organizational Measures
We hereby confirm that we have the appropriate technical and organizational measures in place to meet the data processing requirements of the General Data Protection Regulation. Giosg is ISO27001 certified.
We have appointed a Data Protection Officer.
The Services are TLS protected. At rest-data encryption, IP access controls and high-security password controls are provided as a separate security tool.
Credible third-party subcontractors may be engaged in the data processing process for data storage purposes (rented servers).
We will provide Customers with a written notice before engaging subprocessors for other purposes.
We confirm that all persons we have authorised to process personal data of the Customer are bound with a written undertaking of confidentiality.
9. Data Breach Notices
In case we become aware of a data security breach affecting personal data we will report this to the Customer within a time frame of 48 hours. In such case we will coordinate and assist the Customer in minimising any damage and provide the Customer with the required information about the breach.
10. Data Subject Rights
We are committed to assisting our Customers with their responsibilities regarding the data subject rights. Our contact for this type of requests is email@example.com
In cases where such assistance causes us a substantial amount of work, we reserve the right to invoice such work in accordance with our standard hourly fees.
11. Right to Audit
Our Customers are welcome to perform data protection/security audits on us as long as they compensate for all costs involved.
For audits causing us a substantial amount of work, we reserve the right to invoice such work in accordance with our standard hourly fees.
For questions regarding privacy, please contact: firstname.lastname@example.org.
(Policy last modified: November 2021)