Velaro Privacy Policy

This privacy policy sets out how Velaro uses and protects any information that you provide Velaro when you visit Velaro websites or use Velaro products.

Velaro is committed to ensuring that your privacy is protected. Should we ask you to provide certain information by which you can be identified when using Velaro websites or products, then you can be assured that it will only be used in accordance with this privacy statement. Velaro may change this policy from time to time by updating this page. You should check this page occasionally to ensure that you agree with any changes. This policy is effective as of 6/1/22.

What we collect

When you visit our website, we may collect:

• Name and job title.
• Contact information including email address.
• Demographic information such as location, preferences, and interests.
• Other information relevant to customer support, surveys, or other offers.

When you use our products, we may collect:

• User identification information, such as name and contact data.
• Engagement information, such as survey data, chat transcripts and message history.
• Automatic information, such as IP address and computing device details.

The data collected by the Velaro chat products is dependent on each customer’s configuration of their Velaro account and guaranteed by fully executed data processing and transfer agreements with Velaro. See the GDPR Addendum below for compliance with the EU General Data Protection Regulation (GDPR) rules.

What we do with the information we gather

We require this information to understand your needs and provide you with a better service, and for the following reasons:

• To facilitate the goals of the brands using our products.
• For internal record keeping and billing.
• We may use the information to improve our products and services.
• We may periodically send promotional email about new products, special offers or other information which we think you may find interesting using the contact information which you have provided.
• Occasionally, we may also use your information to contact you for market research purposes. We may contact you by email, phone, fax, or mail.
• We may use the information to customize our website or products per your interests and preferences.
• We may provide your information to our third-party partners for marketing or promotional purposes.
• We will never sell your information, unless at one point you subscribed to our free service (excludes trial periods).

Security

Velaro is committed to ensuring that your information is secure. To prevent unauthorized access or disclosure we have put in place suitable physical, electronic, and managerial procedures to safeguard and secure the information we collect online. Please refer Velaro Security and Infrastructure for details about Velaro platform security and compliance.

How we use cookies

A cookie is a small file which asks permission to be placed on your computer’s hard drive. Once you agree, the file is added, and the cookie helps analyze web traffic or lets you know when you visit a site. Cookies allow web applications to respond to you as an individual. The web application can tailor its operations to your needs, likes and dislikes by gathering and remembering information about your preferences.

On the Velaro website, we use traffic log cookies to identify which pages are being used. This helps us analyze data about web page traffic and improve our website to tailor it to customer needs. We use this information for statistical analysis purposes and then the data is removed from the system. Overall, cookies help us provide you with a better website, by enabling us to monitor which pages you find useful and which you do not. Cookies also enable us to improve the performance of our messaging products by capturing your preferences. A cookie in no way gives us access to your computer or any information about you, other than the data you choose to share with us.

The Velaro live chat platform uses cookies to track the account, chat window state, visitor ID, engagement ID, queue status, and stage of the chat. Cookies are not associated with any personal information and are only used to track the transaction status of the visitor.

Types of cookies that we store: we only store first-party cookies. Strictly necessary cookies: these cookies are strictly necessary to provide you with services available through our websites. Performance and analytical cookies: these cookies are used to enhance the performance and functionality of our Websites but are non-essential to their use. However, without these cookies, certain functionality may become unavailable.  We may track anonymized data through google analytics products to provide better service to you.

You can choose to accept or decline cookies. Most web browsers automatically accept cookies, but you can usually modify your browser setting to decline cookies if you prefer. This may prevent you from taking full advantage of our websites and products.

Upon voluntarily submitting any personally identifiable information on this website you will be asked to agree to our terms of service and privacy statement. You will be agreeing to the use of 1st party cookies that may associate your personally identifiable information.

‍

‍

Links to other websites

Our website or products may contain links to enable you to visit other websites or third-party applications easily. However, once you have used these links to leave our site, you should note that we do not have any control over other websites or applications. Therefore, we cannot be responsible for the protection and privacy of any information which you provide whilst visiting such sites and applications and they are not governed by this privacy statement. You should exercise caution and look at the privacy statement applicable to the website or application in question.

Controlling your personal information

You may choose to restrict the collection or use of your personal information in the following ways:

When using our website:

• If you have previously agreed to us using your personal information for direct marketing purposes, you may change your mind at any time by writing to or emailing us at support@velaro.com.
• You have a right to access the personal information that we maintain about you, and to correct, amend, or delete that information where it is inaccurate, or has been processed in violation of the Privacy Shield Principles, except where the burden or expense of providing access would be disproportionate to the risks to the individual’s privacy in the case in question, or where the rights of persons other than the individual would be violated. You may do so simply by emailing us at support@velaro.com.

When using our messaging products:

• When you submit information and send messages during an engagement session with a brand using one of our messaging products, this data will be encrypted and securely archived. If you do not wish for your information to be archived, you may opt not to submit information.
• Your information may be stored by brands that use Velaro products; in this case, your information is subject to the privacy policy of that brand.
• You have a right to access the application data that we maintain about you and may do so simply by emailing us at support@velaro.com.
• If you are subject to EU GDPR regulation, refer to the GDPR Addendum below for details on the control of personal information.

We will not sell, distribute or lease your personal information to third parties unless we have your permission (as a paying customer) or you use our free service, where applicable by law. We may use your personal information to send you promotional information about third parties which we think you may find interesting if you tell us that you wish this to happen. We will provide an individual opt-out or opt-in choice before we share your data with third parties other than our agents, or before we use it for a purpose other than which it was originally collected or subsequently authorized.

Addendum 1: Compliance with the European Union General Data Protection Regulation (GDPR)

Velaro Live Chat Version 10 and above complies with the EU General Data Protection Regulation (GDPR) rules as set forth by the European Commission.

Privacy Role Definitions

• The Velaro Live Chat product is a “Processor” of Velaro customer data.

• Each Velaro Customer is a “Controller” of their visitors’ data

Why Does Velaro Process Data?

Velaro processes visitor data to enable chat features and provide context to chat engagements.

Consent

Velaro customers subject to GDPR compliance must gain consent from their visitors prior to a chat engagement. Visitors give direct consent for the controller to export their engagement data for processing, and for Velaro to import it back to the agent and for display to the visitor.

Velaro live chat is an application that is installed on Controller websites. It is the responsibility of the Controller to assert an acknowledgment of consent agreement from visitors to process live chat data.

The Controller will need to present and gain agreement from their visitors requesting chat engagements to enable cookie opt-in permissions as required by GDPR rules.

The Controller may need to update their website cookie policy to specify the function of Velaro cookies on their website. Customer website cookie opt-in preferences can be connected to the Velaro platform so website visitors who opt-out of website cookies also do not have a Velaro cookie placed.

Access & Portability

The visitors of the Controller can access the data captured during their chat by having the chat transcript emailed to them. The Controller can configure Velaro settings to have data records offloaded to a secure site.

Warnings

Velaro has a process in place that will inform customers if there has been a data breach. Data is securely encrypted on rest and in-transit, and is housed in the Microsoft Azure cloud. Azure alert procedures are in place. Security processes are in place to restrict access and protect credentials. Contact Velaro support for details on the Microsoft Azure Cloud Hosting environment security and compliance.

Erase Data

A visitor transcript can be deleted at any time in Velaro by a Controller user with the appropriate permissions. Additionally, Controller administrators can enable an automated data transcript purge  feature in Velaro to schedule the deletion of visitor transcript records by age.

Controller administrators can enable the Compliance Mode feature in Velaro to fully offload all private chat transcript visitor information. Compliance Mode also requires the configuration of a secure server hosted by the Controller to house visitor records. Compliance mode ensures EU GDPR and US HIPAA BAA compliance as no personal information is stored by the Processor.

Marketing

Velaro does not use the data of their customers or their customer’s visitors without their consent.

Sensitive Data

Velaro does not collect sensitive data.

Controllers are responsible for the consent, configuration, and management of any sensitive data that is collected by the Velaro Chat platform based on the Data Processing Agreement and/or Data Transfer Agreement in place with Velaro that guarantees EU GDPR compliance.

Data Transfer

Velaro is primarily hosted on Microsoft Azure locations in North America. Localized hosting arrangements and privacy agreements are exclusive to individual customers and are the responsibility of the Controller.

Controllers that require compliance with GDPR may execute a data transfer agreement with Velaro. This, combined with a privacy policy acceptance statement in the visitor pre-chat survey allows Velaro customers to enable their visitors to their brand to consent to the export of their data outside of the

Data Protection Officer

Derrick Harris. Velaro Incorporated. 1234 North La Brea Avenue, Suite 508 West Hollywood, California 90038, USA. Address inquiries to support@velaro.com

Records

Velaro keeps the chat engagement transaction records (non-personal) for all customers unless otherwise agreed.

Record Contents

Following is the content of records kept by Velaro:

• Name and contact details of Velaro customers, for account management.
• The reason for data processing specific to the Velaro customer’s business goals and industry, for account management.
• Description of categories of data subjects and personal data, for customized visitor engagements.
• Identity and categorization of organizations receiving the data, as required by customer agreements.
• Transfer of data to another country or organization parameters, as specified by customer agreements.
• Time limit for removal of data, as configured in each Velaro customer account settings by the customer account administrator.
• Description of security measures used when processing data, as specified in the Velaro Privacy Policy and customer agreements.

Addendum 2: Compliance with the California Consumer Privacy Act (CCPA)

Velaro Live Chat complies with the Compliance with the California Consumer Privacy Act of 2018 (CCPA).

Velaro is both a “business” and a “service provider” under the CCPA. The information in this Addendum applies to information collected in the role of “business” when Velaro interacts directly with you as a customer.

When Velaro acts as a service provider, Velaro provides services to another business that interacts directly with you as a customer, and this business controls what data is collected and how it is used. For more information about how your data is processed by another business that uses Velaro as a service provider, please contact that company directly.

Disclosure of business data collection practices

Velaro provides full disclosure of its data collection practices in the general privacy policy. See the sections “What we Collect” and “What we do with the information we gather”.

Velaro does not sell personal information. Velaro never provides access or discloses personal information to third parties for monetary or other considerations.

Categories of business data collected

Velaro may collect the following categories of personal information as defined by the CCPA:

• Identifiers, such as name, email address, and company affiliation
• Commercial information, such as internet activity and geolocation
• Professional or employment information: in the case of customer account contacts and business roles.

Requests to receive or delete personal information

California residents may request a copy of their personal information collected by Velaro for the purposes of the Velaro business. Please use this form to submit your inquiry.

Alternatively, you may email your inquiry to support@velaro.com.

‍