Effective January 10, 2024
This Privacy Policy (“Policy”) covers the Personal Information that Velaro, Inc. (“Velaro”, “we” or “us”) collects, uses, protects, and handles that you provide when you visit Velaro websites or use Velaro products that post a link to this Policy.
Please note that this Policy does not cover handling of Personal Information when Velaro is processing Personal information on behalf of our customer or clients (e.g., Personal Information submitted by individuals for processing while providing a service to our customers or clients). Our customers will typically act as Controllers for any Personal Information related to them or Personal Information that third parties upload to our applications in connection with the use of our products. This Policy applies solely to Velaro's practices and does not govern the privacy policies of any customers or clients that may use Velaro's products. Each customer or client utilizing Velaro's software is responsible for establishing and maintaining their own privacy policy regarding the use of the software and the information they collect. Velaro's Privacy Policy focuses on Velaro's handling of Personal Information collected through its websites and products, and it does not extend to the privacy practices of other entities.
This Policy informs you about how we collect, use, disclosure and store Personal Information in our role as a Controller of Personal Information when you (a) interact or use our websites or products, including when you download materials from our resources page, request a demonstration, or ask us to contact you; or (b) provide your Personal Information for the purposes of providing products, and managing our relationship with you in any manner, such as setting up an account or collecting your Personal Information to process an invoice for accounting purposes.
Personal information means information that, either in isolation or in combination with other information, enables you to be directly or indirectly identified (“Personal Information” or “Personal Data”). Data controller or a business (“Controller”) is a party that sets out the purposes and means of processing Personal Information. Data processor or a service provider/contractor/third party (“Processor” or “Third Party”) is a party that processes Personal Information on the Controller’s behalf. Velaro is committed to ensuring that your privacy is protected. Should we ask you to provide certain information by which you can be identified when using Velaro websites or products, then you can be assured that it will only be used in accordance with this Privacy Policy. Velaro may change this Policy from time to time by updating this page. You should check this page occasionally to ensure that you agree with any changes.
When you visit our website, we may collect information that you choose to provide us, such as:
When you use our products, we may collect that you provide directly to us, such as:
The data collected by the Velaro chat products is dependent on each customer’s configuration of their Velaro account and is governed by fully executed data processing and transfer agreements with Velaro. See the GDPR Addendum below for compliance with the EU General Data Protection Regulation (“GDPR”) rules.
We require certain Personal Information to understand your needs and provide you with a better service, and for the following reasons:
We store your Personal Information for different time periods depending on the category of Personal Information and the nature of relationship that you have with us. We determine how long we need Personal Information on a case-by-case basis, but our goal is to keep your Personal Information for as short period as possible to achieve the purpose for which Personal Information is collected. We consider the following criteria when we are making decisions on how long we will retain your Personal Information:
Velaro is committed to ensuring that your Personal Information is secure. We use appropriate technical, organizational, and administrative security measures to protect any Personal Information we store from loss, misuse, and unauthorized access, disclosure, alteration, and destruction. Please refer to Velaro Security and Infrastructure for details about Velaro platform security and compliance.
No company or service can guarantee complete security. Unauthorized entry or use, hardware or software failure, and other factors may compromise the security of user’s Personal Information at any time. Among other practices, your account is protected by a password for your privacy and security. You must prevent unauthorized access to your account and Personal Information by selecting and protecting your password appropriately and limiting access to your computer or device and browser by signing off after you have finished accessing your account.
A cookie is a small file which asks permission to be placed on your computer’s hard drive. Once you agree, the file is added, and the cookie helps analyze web traffic or lets you know when you visit a site. Cookies allow web applications to respond to you as an individual. The web application can tailor its operations to your needs, likes and dislikes by gathering and remembering information about your preferences.
On the Velaro website, we use traffic log cookies to identify which pages are being used. This helps us analyze data about web page traffic and improve our website to tailor it to customer needs. We use this information for statistical analysis purposes and then the data is removed from the system. Overall, cookies help us provide you with a better website, by enabling us to monitor which pages you find useful and which you do not. Cookies also enable us to improve the performance of our messaging products by capturing your preferences. A cookie in no way gives us access to your computer or any information about you, other than the data you choose to share with us.
The Velaro live chat platform uses cookies to track the account, chat window state, visitor ID, engagement ID, queue status, and stage of the chat. Cookies are not associated with any Personal Information and are only used to track the transaction status of the visitor.
Types of cookies that we store: we only store first-party cookies. Strictly necessary cookies: these cookies are strictly necessary to provide you with services available through our websites. Performance and analytical cookies: these cookies are used to enhance the performance and functionality of our Websites but are non-essential to their use. However, without these cookies, certain functionality may become unavailable. We may track anonymized data through Google Analytics products to provide better service to you.
You can choose to accept or decline cookies. Some web browsers automatically accept cookies, but you can usually modify your browser setting to decline cookies if you prefer. This may prevent you from taking full advantage of our website, products and Services.
Upon voluntarily submitting any Personal Information on our website you will be asked to agree to our terms of service and this Privacy Policy. You will be agreeing to the use of first party cookies that may associate your Personal Information.
You may have certain rights relating to your Personal Information, depending on your location and subject to local applicable laws. These rights may include, subject to any exceptions or limitations:
If you would like to access, review, update, correct, and delete any Personal Information we hold about you, or exercise any other privacy rights available to you, including the right to request a copy of standard contractual clauses if located within the European Economic Area ("EEA"), you can complete a privacy rights request form at support@velaro.com. Our privacy team will review your verifiable privacy rights request (“Privacy Rights Request”) and respond to you as quickly as possible. If we are unable to comply with your request due to an exception or limitation, we will explain this in writing. If we need more time, we will inform you of the reason and extension period in writing.
If you would like an authorized agent to make a Privacy Rights Request on your behalf, the agent may do so by filling out a Privacy Rights Request form at support@velaro.com. We will ask for written, signed permission that the agent has been authorized to act on their behalf. Once written authorization is provided, we will review your Privacy Rights Request and respond to you as quickly as possible. We will respond directly to the email address provided by the authorized agent regarding the fulfillment of the Privacy Rights Request.
Velaro does not collect or use any sensitive categories of Personal Information and does not discriminate against you for exercising your privacy rights. We remind you that you have a right to lodge a complaint with a supervisory authority should you feel unsatisfied with our treatment of your Personal Information.
For your convenience, our website or products may contain links to enable you to visit other websites or third-party applications easily. However, once you have used these links to leave our site, you should note that we do not have any control over other websites or applications. Therefore, we are not responsible for, and this Policy does not apply to, the protection and privacy of any information which you provide whilst visiting such sites and applications, or the privacy practices of any such linked websites or applications. We do not endorse any of these linked websites or applications, or the services or products described or offered on such websites. You should exercise caution and we encourage you to seek out and read the privacy policies applicable to the website or application in question in order to understand how the Personal Information about you is used and protected.
You may choose to restrict the collection or use of your Personal Information in the following ways:
When using our website:
When using our messaging products:
We will not sell, distribute or lease your Personal Information to third parties unless we have your permission (as a paying customer) or you use our free service, where applicable by law. We may use your Personal Information to send you promotional information about third parties which we think you may find interesting if you tell us that you wish this to happen. We will provide an individual opt-out or opt-in choice before we share your Personal Data with third parties other than our agents, or before we use it for a purpose other than which it was originally collected or subsequently authorized. As noted above, we may provide your information to certain third-party partners solely for marketing or promotional purposes. Our liability in cases of onward transfers to such third-party partners is set forth in our contracts with such third-party partners.
Velaro operates globally. Therefore, Personal Information of individuals who visit our websites and/or who use our products or otherwise interact with us may be transferred and accessed from around the world, such as from countries where Velaro or Processors operate. We will protect your Personal Information in accordance with this Policy wherever it is processed. Velaro does not voluntarily or actively transfer or disclose our customers’ Personal Information to the government or law enforcement authorities (“Authorities”) and/or otherwise grant any Authorities access to your Personal Information. In the event of a request from the Authority, we have procedures and controls in place to make sure that any such request is assessed appropriately.
Operating globally, Velaro may transfer Personal Information from the EEA, EU, UK or Switzerland to the United States (“US”) and other countries, including Personal Information we receive from individuals residing in the EEA, EU, UK or Switzerland who visit our website and/or who may use our products or Services or otherwise interact with us. Please note that the term Personal Information used in this Policy is equivalent to the term “personal data” under applicable EEA, EU, UK and Swiss data protection laws for individuals located in the EEA, EU, UK or Switzerland.
When Velaro engages in such transfers of Personal Information, it relies on:
Velaro complies with the EU-US Data Privacy program Framework (“EU-US DPF”) and the UK Extension to the EU-US DPF, and the Swiss-US Data Privacy Framework (“Swiss-US DPF), as set forth by the US Department of Commerce. Velaro has certified to the US Department of Commerce that it adheres to the EU-US Data Privacy Framework Program Principles (“EU-US DPF Principles”) with regard to the processing of personal data received from the European Union and the United Kingdom in reliance on the EU-US DPF and the UK Extension of the EU-US DPF. Velaro has certified to the US Department of Commerce that it adheres to the EU-US Data Privacy Framework Program Principles (“EU-US DPF Principles”) with regard to the processing of personal data received from the European Union in reliance on the EU-US DPF. Velaro has certified to the US Department of Commerce that it adheres to the Swiss-US Data Privacy Framework Program Principles (“Swiss-US DPF Principles”) with regard to the processing of personal data received from Switzerland in reliance on the Swiss-US DPF. If there is any conflict between the terms in this Policy and the EU-US DPF Principles and/or the Swiss-US DPF Principles, the Principles shall govern. To learn more about the Data Privacy Framework (“DPF”) program, and to view our certification, please visit www.dataprivacyframework.gov.
Velaro performs transfer impact assessments (“TIA”) and continually monitors the circumstances surrounding such transfers to ensure that these maintain, in practice, a level of protection that is essentially equivalent to the one guaranteed by the EEA and UK data protection laws.
In compliance with the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF and the Swiss-U.S. DPF, Velaro commits to refer unresolved complaints concerning our handling of personal data received in reliance on the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF and the Swiss-U.S. DPF to JAMS, an alternative dispute resolution provider based in the United States. We will investigate and attempt to resolve any complaints or disputes regarding processing of Personal Information within 45 days of receiving your privacy complaint. If you do not receive timely acknowledgment of your DPF Principles-related complaint from us, or if we have not addressed your DPF Principles-related complaint to your satisfaction, please visit Data Privacy Framework for more information or to file a complaint. The services of JAMS are provided at no cost to you.
If your DPF complaint cannot be resolved through the above channels, under certain conditions, you may invoke binding arbitration for some residual claims not resolved by other redress mechanisms. See Arbitration Procedures. Velaro is subject to the jurisdiction of the US Federal Trade Commission for the purposes of DPF enforcement.
Velaro also complies with the European Union General Data Protection Regulation (“GDPR”) rules. For compliance with the EU GDPR rules, please see the GDPR Addendum below.
Under the California Privacy Rights Act (“CPRA”) and Virginia Commonwealth Data Protection Act (“CDPA”), residents of California and Virginia have certain rights regarding the Personal Information that businesses collect and process about them. This includes the rights to request access or deletion of your Personal Information, as well as the right to direct a business to stop selling or sharing your Personal Information.
We are required to detail the categories of Personal Information that we that we collect and/or share for the purposes described in the section “What do we do with the Personal Information we gather” of this Policy.
We collect and in the past twelve months have collected the following categories of Personal Information for our business purposes:
While Velaro does not sell Personal Information in exchange for any monetary consideration, we do share Personal Information for other benefits as defined by Cal. Civ. Code 1798.140(ad)(2). We have shared in the preceding twelve months Personal Information as necessary for specific “business purposes,” as defined by Cal. Civ. Code 1798.140(e) and specified in the section “What do we do with the Personal Information we gather”. This includes sharing personal identifiers, commercial information, and internet or other electronic network activity with payment processing providers, customer relationship management, consulting, email, product feedback, helpdesk services, advertising networks, and website analytics companies. You have a right to direct us not to sell or share your Personal Information. Velaro does not sell or share the Personal Information of consumers who are under 16 years of age.
For more information on how to exercise your rights, including the list of privacy rights that may be available to you, please see section “How you can exercise your privacy rights” of this Policy. If you would like to access, review, update, correct, delete any Personal Information we hold about you, or exercise any other privacy rights available to you, including the right to opt out from selling or sharing your Personal Information, you can complete a Privacy Right Request form, or send your request to support@velaro.com.
We endeavor to respond to a Privacy Rights Request within the required timeframes. If we need more time, we will inform you of the reason and extension period in writing. If you submit your Privacy Rights Request electronically through our request form, we will deliver our written response to the verified email associated with the request. If you did not submit the request with us via the online webform, we will deliver our written response by mail or electronically, at your option. We do not charge a fee to process or respond to your verifiable consumer request unless it is excessive, repetitive, or manifestly unfounded. If we determine that the request warrants a fee, we will tell you why we made that decision and provide you with a cost estimate before completing your request.
Velaro may disclose Personal Information in response to lawful requests by public authorities, including to meet national security or law enforcement requirements.
If we do not take action on your Privacy Rights Request within the 45 days response period, or in the event of an extension, within the maximum 90-day response period, we will inform you in writing of the reasons for not taking action, as well as provide an explanation of any rights you have to appeal the decision.
You have the right to appeal a refusal to take action on a Privacy Rights Request within a reasonable period of time after your receipt of our decision. Within 60 days of receipt of an appeal, we will inform you in writing of any action taken or not taken in response to the appeal, including a written explanation of the reasons for the decisions. If the appeal is denied, you will be provided with a method through which you may contact Attorney General of Virginia if you are a Virginia resident or Attorney General of Connecticut if you are a Connecticut resident to submit a complaint.
Privacy regulations in the United States, such as the laws of California and Delaware, require Velaro to indicate whether it honors your browser’s “Do Not Track” settings concerning targeted advertising. We adhere to the standards set out in this Policy and does not monitor or respond to Do Not Track browser requests.
We do not knowingly collect or solicit Personal Information from anyone under the age of 18. If you are under 18, please do not attempt to register for the services or send any Personal Information about yourself to us. If we learn that we have collected Personal Information from a minor under 18, we will delete that information as quickly as possible. If you believe that a minor under 18 may have provided us their Personal Information, please contact us at support@velaro.com.
We are constantly trying to improve our websites and products, so we may need to change this Policy from time to time. We will alert you about material changes by, for example, placing a notice on our websites and/or sending you an email (if you have registered your email with us) when we are required to do so by applicable law. You can see when this Policy was last updated by checking the date at the top of this page. You are responsible for periodically reviewing this Policy.
If you have questions, requests, or concerns regarding your privacy and rights, please let us know c/o Data Protection Officer, Derrick Harris, dharris@velaro.com or support@velaro.com. Velaro, Inc. 1234 N. La Brea Avenue, West Hollywood, CA 90038 USA. (800) 983-5276.
Velaro Live Chat Version 10 and above complies with the EU General Data Protection Regulation (“GDPR”) rules as set forth by the European Commission.
The Velaro Live Chat product is a “Processor” of Velaro customer data.
Each Velaro Customer is a “Controller” of their visitors’ data.
Velaro processes visitor data to enable chat features and provide context to chat engagements.
Velaro customers subject to GDPR compliance must gain consent from their visitors prior to a chat engagement. Visitors give direct consent for the controller to export their engagement data for processing, and for Velaro to import it back to the agent and for display to the visitor.
Velaro live chat is an application that is installed on Controller websites. It is the responsibility of the Controller to assert an acknowledgment of consent agreement from visitors to process live chat data.
The Controller will need to present and gain agreement from their visitors requesting chat engagements to enable cookie opt-in permissions as required by GDPR rules.
The Controller may need to update their website cookie policy to specify the function of Velaro cookies on their website. Customer website cookie opt-in preferences can be connected to the Velaro platform so website visitors who opt-out of website cookies also do not have a Velaro cookie placed.
The visitors of the Controller can access the data captured during their chat by having the chat transcript emailed to them. The Controller can configure Velaro settings to have data records offloaded to a secure site.
Velaro has a process in place that will inform customers if there has been a data breach. Data is securely encrypted on rest and in-transit, and is housed in the Microsoft Azure cloud. Azure alert procedures are in place. Security processes are in place to restrict access and protect credentials. Contact Velaro support for details on the Microsoft Azure Cloud Hosting environment security and compliance.
A visitor transcript can be deleted at any time in Velaro by a Controller user with the appropriate permissions. Additionally, Controller administrators can enable an automated data transcript purge feature in Velaro to schedule the deletion of visitor transcript records by age.
Controller administrators can enable the Compliance Mode feature in Velaro to fully offload all private chat transcript visitor information. Compliance Mode also requires the configuration of a secure server hosted by the Controller to house visitor records. Compliance mode ensures EU GDPR and US HIPAA BAA compliance as no personal information is stored by the Processor.
Velaro does not use the data of their customers or their customer’s visitors without their consent.
Velaro does not collect sensitive data.
Controllers are responsible for the consent, configuration, and management of any sensitive data that is collected by the Velaro Chat platform based on the Data Processing Agreement and/or Data Transfer Agreement in place with Velaro that guarantees EU GDPR compliance.
Velaro is primarily hosted on Microsoft Azure locations in North America. Localized hosting arrangements and privacy agreements are exclusive to individual customers and are the responsibility of the Controller.
Controllers that require compliance with GDPR may execute a data transfer agreement with Velaro. This, combined with a privacy policy acceptance statement in the visitor pre-chat survey allows Velaro customers to enable their visitors to their brand to consent to the export of their data outside of the EuropeanEconomic Area (EEA), in accordance with GDPR requirements.
Upon termination or expiration of this Agreement, and upon written request, the Processor shall securely return or erase all personal data, as determined by the choice of the Controller, subject to any legal requirements to preserve records due to statutory retention periods. The Processor shall retain personal data only for the duration necessary for processing purposes, after which it will be securely erased unless otherwise required by statutory retention periods. Data exports requested by the Controller may be subject to reasonable processing fees unless legally required otherwise.
Derrick Harris. Address inquiries to support@velaro.com.
Velaro keeps the chat engagement transaction records (non-personal) for all customers unless otherwise agreed.
Following is the content of records kept by Velaro:
This appendix forms part of the Velaro Online Software License Agreement and is incorporated as Appendix 2. Updates to this appendix will be communicated to the Controller in accordance with Section 5(3) of the Agreement. Specific regions or jurisdictions where subprocessors operate are listed to provide clarity and ensure compliance with the Controller’s requirements.
Velaro Live Chat complies with the Compliance with the California Consumer Privacy Act of 2018, as amended (“CCPA”).
Velaro is both a “business” and a “service provider” under the CCPA. The information in this Addendum applies to information collected in the role of “business” when Velaro interacts directly with you as a customer.
When Velaro acts as a service provider, Velaro provides services to another business that interacts directly with you as a customer, and this business controls what data is collected and how it is used. For more information about how your data is processed by another business that uses Velaro as a service provider, please contact that company directly.
Velaro provides full disclosure of its data collection practices in the general privacy policy. See the sections “What we Collect” and “What we do with the information we gather”.
Velaro does not sell personal information. Velaro never provides access or discloses personal information to third parties for monetary or other considerations.
Velaro may collect the following categories of Personal Information as defined by the CCPA:
California residents may request a copy of their Personal Information collected by Velaro for the purposes of the Velaro business. Please use this form to submit your inquiry. Alternatively, you may email your inquiry to support@velaro.com.
