Velaro is committed to ensuring that your privacy is protected. Should we ask you to provide certain information by which you can be identified when using Velaro websites or products, then you can be assured that it will only be used in accordance with this privacy statement. Velaro may change this policy from time to time by updating this page. You should check this page occasionally to ensure that you agree with any changes. This policy is effective as of 5/25/2018.
What we collect
When you visit our website, we may collect:
- Name and job title.
- Contact information including email address.
- Demographic information such as location, preferences and interests.
- Other information relevant to customer support, surveys or other offers.
When you use our products, we may collect:
- User identification information, such as name and contact data.
- Engagement information, such as survey data, chat transcripts and message history.
- Automatic information, such as IP address and computing device details.
The data collected by the Velaro chat product is dependent on each customer’s configuration of their Velaro account, and guaranteed by fully executed Data Processing Agreements with Velaro. See the GDPR Addendum below for compliance with the EU General Data Protection Regulation (GDPR) rules.
What we do with the information we gather
We require this information to understand your needs and provide you with a better service, and for the following reasons:
- To facilitate the goals of the brands using our products.
- For internal record keeping and billing.
- We may use the information to improve our products and services.
- We may periodically send promotional email about new products, special offers or other information which we think you may find interesting using the contact information which you have provided.
- Occasionally, we may also use your information to contact you for market research purposes. We may contact you by email, phone, fax or mail.
- We may use the information to customize our website or products per your interests and preferences.
- We may provide your information to our third-party partners for marketing or promotional purposes.
- We will never sell your information, unless at one point you subscribed to our free service (excludes trial periods).
We are committed to ensuring that your information is secure. To prevent unauthorized access or disclosure we have put in place suitable physical, electronic and managerial procedures to safeguard and secure the information we collect online.
A cookie is a small file which asks permission to be placed on your computer’s hard drive. Once you agree, the file is added and the cookie helps analyze web traffic or lets you know when you visit a site. Cookies allow web applications to respond to you as an individual. The web application can tailor its operations to your needs, likes and dislikes by gathering and remembering information about your preferences.
On the Velaro website, we use traffic log cookies to identify which pages are being used. This helps us analyze data about web page traffic and improve our website to tailor it to customer needs. We use this information for statistical analysis purposes and then the data is removed from the system. Overall, cookies help us provide you with a better website, by enabling us to monitor which pages you find useful and which you do not. Cookies also enable us to improve the performance of our messaging products by capturing your preferences. A cookie in no way gives us access to your computer or any information about you, other than the data you choose to share with us.
You can choose to accept or decline cookies. Most web browsers automatically accept cookies, but you can usually modify your browser setting to decline cookies if you prefer. This may prevent you from taking full advantage of our websites and products.
Links to other websites
Our website or products may contain links to enable you to visit other websites or third party applications easily. However, once you have used these links to leave our site, you should note that we do not have any control over other websites or applications. Therefore, we cannot be responsible for the protection and privacy of any information which you provide whilst visiting such sites and applications and they are not governed by this privacy statement. You should exercise caution and look at the privacy statement applicable to the website or application in question.
Controlling your personal information
You may choose to restrict the collection or use of your personal information in the following ways:
When using our website:
- If you have previously agreed to us using your personal information for direct marketing purposes, you may change your mind at any time by writing to or emailing us at firstname.lastname@example.org.
- You have a right to access the personal information that we maintain about you, and to correct, amend, or delete that information where it is inaccurate, or has been processed in violation of the Privacy Shield Principles, except where the burden or expense of providing access would be disproportionate to the risks to the individual’s privacy in the case in question, or where the rights of persons other than the individual would be violated. You may do so simply by emailing us at email@example.com.
When using our messaging products:
- When you submit information, and send messages during an engagement session with a brand using one of our messaging products, this data will be encrypted and securely archived. If you do not wish for your information to be archived, you may opt not to submit information.
- You have a right to access the application data that we maintain about you, and may do so simply by emailing us at firstname.lastname@example.org.
- If you are an EU resident subject to EU GDPR regulation, refer to the GDPR Addendum below for details on controlling your personal information.
We will not sell, distribute or lease your personal information to third parties unless we have your permission (as a paying customer) or you use our free service, where applicable by law. We may use your personal information to send you promotional information about third parties which we think you may find interesting if you tell us that you wish this to happen. We will provide an individual opt-out or opt-in choice before we share your data with third parties other than our agents, or before we use it for a purpose other than which it was originally collected or subsequently authorized.
Velaro is subject to the investigatory and enforcement powers of the Federal Trade Commission (FTC). We also may be required to disclose an individual’s personal information in response to a lawful request by public authorities, including to meet national security or law enforcement requirements. In cases of onward transfer to third parties of data of EU or Swiss individuals received pursuant to the Privacy Shield Principles, Velaro is potentially liable.
Privacy Shield Frameworks
To learn more about the Privacy Shield program, and to view our certification page, please visit https://www.privacyshield.gov/
8 Market Place, Suite 300
Baltimore Maryland 21202
Velaro has further committed to refer unresolved privacy complaints under the Privacy Shield to an independent dispute resolution mechanism, the BBB EU PRIVACY SHIELD, operated by the Council of Better Business Bureaus. If you do not receive timely acknowledgment of your complaint, or if your complaint is not satisfactorily addressed by Velaro, please visit the BBB EU PRIVACY SHIELD web site at http://www.bbb.org/EU-privacy-shield/for-eu-consumers/ for more information and to file a complaint.
Please note that if your complaint is not resolved through these channels, under limited circumstances, a binding arbitration option may be available before a Privacy Shield Panel.
Addendum: Compliance with the European Union General Data Protection Regulation (GDPR)
Velaro Live Chat Version 10 and above complies with the EU General Data Protection Regulation (GDPR) rules as set forth by the European Commission.
Privacy Role Definitions
- The Velaro Live Chat product is a “Processor” of Velaro customer data.
- Each Velaro Customer is a “Controller” of their visitors’ data
Why Does Velaro Process Data?
- Velaro is a Processor of the visitor data of the Controller to enable chat features and provide context to chat engagements.
- Velaro live chat is an application that is installed on Controller websites. It is the responsibility of the Controller to assert an acknowledgment of consent agreement from visitors to process live chat data.
- The Controller will need to present and gain agreement from their customers to enable cookie opt-in permissions as required by GDPR rules.
Access & Portability
- The visitors of the Controller can access the data captured during their chat by having the chat transcript emailed to them.
- The Controller can configure Velaro settings to have data records offloaded to a secure site.
- Velaro has a process in place that will inform customers if there has been a data breach.
- Data is securely encrypted on rest and in-transit, and is housed in the Microsoft Azure cloud. Azure alert procedures are in place.
- Security processes are in place to restrict access and protect credentials.
- A visitor transcript can be deleted at any time in Velaro by a Controller user with the appropriate permissions.
- Controller administrators can enable an Erase feature in Velaro to schedule the deletion of visitor transcript records by age.
- Controller administrators can enable a Compliance Mode feature in Velaro to fully offload all private chat transcript visitor information. Compliance Mode also requires the configuration of a secure server hosted by the Controller to house visitor records. Compliance mode ensures EU GDPR and US HIPAA BAA compliance as no personal information is stored by the Processor.
- Velaro does not use the data of their customers or their customer’s visitors without their consent.
- Velaro does not collect sensitive data.
- Controllers are responsible for the consent, configuration, and management of any sensitive data that is collected by the Velaro Chat platform based on the Data Processing Agreement in place with Velaro that guarantees EU GDPR compliance.
Data Transfer Out of EU
- Velaro is primarily hosted on Microsoft Azure locations in North America. Localized hosting arrangements and privacy agreements are exclusive to individual customers and are the responsibility of the Controller.
- Velaro leverages a third-party auditor as Data Protection Officer to confirm GDPR compliance.
- Velaro keeps the chat engagement transaction records (non-personal) for all customers unless otherwise agreed.
Following is the content of records kept by Velaro:
- Name and contact details of Velaro customers, for account management.
- The reason for data processing specific to the Velaro customer’s business goals and industry, for account management.
- Description of categories of data subjects and personal data, for customized visitor engagements.
- Identity and categorization of organizations receiving the data, as required by customer agreements.
- Transfer of data to another country or organization parameters, as specified by customer agreements.
- Time limit for removal of data, as configured in each Velaro customer account settings by the customer account administrator.