This document describes Expertflow’s privacy and how it complies with EUGDPR and ISO 27001. It was last updated on September 29th, 2022.
Protecting your privacy or the handling and processing of personal data in connection with your visit to our Internet pages is very important to us, and we want you to feel comfortable and secure. We process personal data in accordance with the country’s data protection laws in which the responsible entity is based. This policy applies only to the web presence of ExpertFlow LLC ( hereafter referred to as EF) and not to websites to which links may be provided.
Customers / Website Visitors
Expertflow collects personal information about its customers offline (business cards) or from visitors to the Expertflow webpages under expertflow.com. It explains what user data we collect through our interactions with you and how we process and use that data. We are committed to protecting your data as we do not allow publishing it or sharing it with third parties and only using personal information in the way described herein. This applies to the website, online shop, forum, ticketing tool, and online documentation, all running under the expertflow.com domains.
Collection, processing, and use of data on expertflow.com
On our web pages, you may be asked to provide certain information. It may include basic personal information like email address, name and phone number(s), your business requirements or challenges to address, or some primary information about your existing contact center setup. We can retain your personal data and process it on your behalf, to provide you with targeted products and services from Expertflow. On our blog, you may be required to register or to post a comment.
No personal data will be shared with third parties other than for legal enforcement or obligations, resolving disputes, and enforcing our agreements with you.
Use of Google Analytics, Adwords, Tags and online Marketing tools
We use Google Analytics, Adwords, Tags, Digital Marketing solutions cookies, and similar technologies on our website. We might use tracking code in our emails to help us understand user behavior on our website, conversion tracking, and website traffic analysis and limit spam. We also use online CRM or ticketing tools to process personal information. We either ensure that we host this information on our servers or verify that all software that treats personal information complies with GDPR.
The marketing tools described above may insert cookies in your browser after allowing it to do so. You can, at any point in time, use the “Unsubscribe” at the bottom right of every website page to remove/ disable them.
You need to consent explicitly to our newsletter. If you do so, we will use your email address to inform you about our products, services, or news. You can always revoke your consent by unsubscribing to the newsletters or any email information you are getting from us on your emails. Outside of newsletter subscriptions, we will send you personal 1:1 direct emails if we think a product or service might be relevant to your particular situation.
Legal Notice on changes
Reference Statements, Sharing during Projects
Expertflow asks its clients’ consent explicitly before we mention them as a reference. During ongoing projects, you might be required to share information about yourself with third parties to deliver a project. We keep this information sharing strictly related to the particular project and task at hand.
Binding Corporate Rules (BCR)
Expertflow has majority-owned subsidiaries outside of the EU that Binding Corporate Rules bind to Expertflow LLC Switzerland. Employees from such subsidiaries might be accessing data from Expertflow's web pages. Switzerland's data protection is deemed equivalent to the EU GDPR. Expertflow applies the stricter regulations of either EU GDPR or Swiss Data privacy laws in case of ambiguities.
GDPR - Compliance of Expertflow Software
This chapter describes how Expertflow software is designed to comply with GDPR. The only software that Expertflow provides stores customer information is CIM (client interaction management). It stores and manages customer information as configured by the client. The link between an (identified) customer (such as name, first name, address, phone number, email) and any associated information (phone numbers, QA scores, list, interactions,…) is done via keys. The only object that identifies a customer is the customer object itself. It is also possible to keep a customer object bare of any identifying information and to store identifying information in a third-party system (for example, a CRM). Expertflow provides PCI-DSS compliant APIs that allow retrieval and storage of any information related to that particular customer. Expertflow ensures you can access/ view/ modify customer-specific information in a machine-readable format. Expertflow does not store any information about its client’s customers, and any hosting that might be done is under the client’s responsibility.
Expertflow's cloud/ SaaS software may contain PII information if clients using our SaaS store such information. It is the responsibility of clients using the SaaS to ensure that such PII is used in a GDRP- compliant way.
Access to all cloud data is encrypted wherever possible with role-based security keys, meaning that Expertflow does not intentionally have access to PII on our client's customers. Expertflow has direct access to PII about users of the software.
GDPR - Client’s Customer Information and System Access
Expertflow does not store or edit directly any information about its client (or partner)’s customers. Expertflow clients need to ensure that no remote connection provided to Expertflow engineers provides access to customer information. Expertflow will aim to highlight any breach so that Expertflow employees will have no access to the client’s customer information.
Expertflow Employee Data Privacy
In sensitive environments, for example, to provide VPN access, our clients or state regulations require a personal security background check of Expertflow employees.
Previously to share such information, Expertflow requires a written statement that all such personal data will only be stored for the duration during which access is required and only to secure access. It will not be shared with persons or organizations not relevant for security enforcement and will be kept only for the period during which access is required and one year afterward, after which the data will be deleted. This data is protected under EU GDPR equivalency, including penalties.
Collection and Processing of Personal Data
Visiting the Expertflow website is generally possible without us requiring personal data from you or setting cookies.
However, visiting websites results in servers storing various access data in an electronic log (so-called "log file") by default. This data includes, e.g., the type of web browser, the operating system used, the domain name of your Internet service provider, the IP address of your access, the website from which you visit us, and the date and duration of the visit. As a rule, this information does not allow any conclusions to be drawn about you, for example, the data collected during a visit to our website is only recorded anonymously by Expertflow and, if necessary, evaluated for statistical purposes, which only serve to optimize the web pages. Under no circumstances will data be passed on to third parties.
Our website may contain links to websites of other providers not covered by this policy, e.g., websites with content, information, and services of third parties over which EF has no control. The purpose and scope of the data collection and the further processing and use of your data are the responsibility of the respective operators. We ask you to refer to their data protection notices for more details and point out that we exclude any liability and responsibility for the data protection provisions of these third-party websites.
Why does Expertflow Collect, Store, or Process Data?
We collect, store and process data from you on an ad hoc basis, which you generate or enter when using our website or when communicating with us so that we can optimally coordinate our communication with you or our services for you and process your messages or requests. The basis for this is the contact information you provide to us, which may include your personal contact information such as name, email address, phone number, etc., and the corresponding message content.
In the case of merely informational use of the website, for example, if you do not register or otherwise transmit information to us, we only collect the personal data your browser transmits to our server. If you wish to view our website, we collect the following data, which is technically necessary for us to display our website to you and to ensure stability and security,
- IP address
- Date and time of the request
- Time zone difference to Greenwich Mean Time (GMT)
- Content of the request (specific page)
- Access status/HTTP status code
- Amount of data transferred in each case
- The website from which the request comes
- Operating system and its interface
- Language and version of the browser software
Use and Disclosure of Personal Data and Purpose Limitation
All personal data collected by EF will be collected, processed, and used following the applicable regulations for protecting personal data only for contract execution, protecting our legitimate business interests, and processing your messages or requests.
EF maintains current technical measures to ensure data security, particularly to protect your data against risks during data transmissions and against third parties gaining knowledge. These measures are adapted to the current state of the art.
Declaration of Agreement
By using our web pages, you agree that the personal data voluntarily submitted by you may be stored by us and processed and used in accordance with this policy.
Cookies from Third Parties
Cookies from third parties, e.g., Google Analytics, Google Maps, YouTube, Mautic etc., may be used on our website with your consent.
Use of Google Analytics
Our website uses Google Analytics, a web analytics service provided by Google, Inc. ("Google"). Google Analytics uses "cookies", text files placed in your browser, to help the website analyze how users use the site.
The information generated by a cookie about your use of this website is usually transmitted to a Google server and stored there. IP anonymization is activated on this website. In that case, your IP address will be truncated beforehand by Google within the European Union member states or in other contracting states to the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be transmitted to a Google server and shortened there. On behalf of the operator of this website, Google will use this information to evaluate your use of the website, compile reports on website activity, and provide other services relating to website activity and internet usage to the website operator.
Third-party Provider Information
Use of YouTube
Use of Facebook
Our website contains the plug-in of the social network Facebook. This is the button with the Facebook logo.
All data processing operations in this context are not done by us but by Facebook. It is unknown exactly which data processing operations Facebook carries out when and after a user calls up a fan page. Therefore, we can only provide the following information, which is based on the currently achievable state of knowledge:
When you are logged into Facebook, Facebook collects data regarding your actions, interactions, and movements within its social network, which the company Facebook Inc. uses to optimize its direct marketing profile personalized for each user for its business purposes and links it to your profile and your registration data provided there and other information provided within the social network by you or by others. For the purpose and scope of data collection by Facebook and for the further processing and use of your data there, as well as your rights in this regard and the settings options you must protect your privacy, we refer you to the data protection information of Facebook, over which we have no influence: Privacy.
Even if you are not logged in to Facebook, Facebook Inc. stores and uses data on the operating system used, the browser version, the IP address, and the place of origin derived from it.
In addition, Facebook can recognize you as a non-logged-in or non-registered user via cookies and use the statistical data obtained from the page view when you next log in or register with Facebook for the first time to create a profile.
Use of Twitter
"Tailored Target Groups" and "Conversion Tracking" of Twitter offer the possibility to target existing users and customers who have visited the internet offer of EF with relevant campaigns. This is done by Twitter storing anonymized user data with the help of a website tag. For this purpose, a cookie from Twitter can be placed in the browser when a user visits our website. EF adheres to Twitter's conversion tracking and tailored audience policies when using this.
Users who wish to opt-out of interest-based advertising from Twitter may do so, for example, through an appropriate opt-out mechanism set by Twitter. Likewise, you can change your privacy settings on Twitter accordingly.
Use of Google Apps
Our website uses Google Apps login for quick SSO login using your existing Google account, wherein no signup and email address verification is required to enable our online shop experience. This is the button with the Google logo on our my-account page or the popup page you see when you request product pricing.
All data processing operations in this context are not carried out by us but by Google’s single sign-on.
Facebook Page Privacy Statement
This privacy statement applies to the treatment of personally identifiable information obtained from you in connection with the Experflow Facebook Page, where we’ve integrated our application- EFHybridChatPageConnector. This is an internal application developed by Expertflow for its internal use to read, analyze and respond to comments posted on its Facebook page. By using or otherwise accessing the Expertflow Facebook Page, you acknowledge that you accept the practices and policies outlined in this Privacy Statement.
What Personal Information does Expertflow Collect?
We collect the following types of information from our Facebook page visitors:
- Personal Information Collected Automatically:
We receive and store comments that you post on our Facebook page. Our chatbot analyzes these comments to detect intents and carry out the necessary actions. Apart from the comment, we may receive your name and Facebook user ID. This information remains within our secured servers and is not shared with any other party.
How does Expertflow use the collected personal information?
Experflow uses the information described in this Privacy Statement (section: 1) internally to:
- Design and develop AI bots -to improve its products and services delivery to its customers.
Will Expertflow share any of the personal information it receives?
Expertflow does not share any information received from you with its partners or any other third party. The information is used only for internal purposes – within Expertflow secure networks to improve its products and service delivery.
Can children use our application?
The services available through the Expertflow Facebook page are not for children but for businesses that deal with contact centers, public utility, government or banking sectors. Expertflow does not post information related to children or collect any information about children.
How long does the data remain stored?
We adhere to the principles of data avoidance and data economy. If applicable, we, therefore, only store your data for as long as is necessary to achieve the purposes stated at the beginning or as stipulated by the storage periods provided by the legislator. After the respective purpose has ceased or these periods have expired, the corresponding data is routinely deleted per the statutory provisions.
Regarding your rights to information, correction, blocking, deletion, and objection, you have the right to obtain information about your data stored by EF at any time. You also have the right to correct, block or delete your personal data unless the data storage is required by law or to fulfill contractual relationships. You can make changes or revoke consent by notifying us accordingly with effect in the future.
The data you enter in the contact form will be used exclusively for correspondence with you. Your data will not be passed on to third parties.
Changes to our Data Protection Declaration
We reserve the right to occasionally adapt this data protection declaration so that it always complies with the current legal requirements or to implement changes to our services in the data protection declaration, e.g., when introducing new services. The data protection declaration specified in each case for your renewed visit is valid. Your rights to information, correction, blocking, deletion and objection remain unaffected by such a change.
For questions and queries about EF data protection, processing, access and use of private information, correction, blocking or revocation of any granted consent to us, please contact us at ExpertFlow LLC, Jägerweg 18, 3014 Bern, Switzerland, +41 796385801, firstname.lastname@example.org