ACTIVE_Privacy Policy

Expertflow Privacy Policy / Data Protection Policy - Compliance with GDPR

This document describes Expertflow’s privacy and how it complies with https://www.eugdpr.org/ and ISO 27001 . It was last updated on August 28 2018.

Customers / Website Visitors

Expertflow collects personal information about its customers either offline (business cards,...) or from visitors to the Expertflow webpages under expertflow.com. It explains what user data we collect from you, through our interactions with you and how we process and use that data. We are committed to protect your data as we do not allow publishing it or sharing it with the third-parties, and to use personal information only in the way described herein. This applies to the website, online shop, forum, ticketing tool and online documentation, all running under the expertflow.com domains.

Collection, processing and use of data on expertflow.com

On our webpages, you may be asked to provide certain information. It may include some basic personal information like email address, Name and optionally, phone number(s), your business requirements or challenges to address or some primary information about your existing contact center setup. We can retain personal data provided by you, process it on your behalf, to provide targeted products and services from Expertflow to you.  On our blog, you may be required to register or to post a comment. 

No personal data be shared with third parties other than for legal enforcement or obligations, resolve disputes, and enforce our agreements with you.

Use of Google Analytics, Adwords, Tags and online Marketing tools

We use Google Analytics, Adwords, Tags, cookies and similar technologies on our website, and might use tracking code in our emails to help ourselves understand user behavior on our website, conversion tracking and website traffic analysis. We also use online CRM or ticketing tools to process personal information. We either ensure that we host this information on our own servers, or verify that all softwares that treat personal information comply with GDPR.

Newsletter Subscription

You need to consent explicitly to our newsletter. If you do so, we will use your email address to inform you about our products, services or news. You can always revoke your consent by unsubscribing to the newsletters or any email information you are getting from us on your emails. Outside of newsletter subscriptions, we will send you personal 1:1 direct emails if we think a product or service might be relevant for your particular situation.

Legal Notice on changes

Information provided on our website is subject to constant modification. The changes made over time may also impact our privacy policy. Care has been taken to update the policy consistently with the modifications in the web content.

Reference statements, sharing during projects

Expertflow asks its clients consent explicitly before we mentioning them as a reference. During ongoing projects, it might be required to share information of you with third parties in order to deliver a project. We keep this information sharing strictly related to the particular project and task at hand.

Binding Corporate Rules (BCR)

Expertflow has majority-owned subsidiaries outside of the EU that are bound by Binding Corporate Rules to Expertflow LLC Switzerland. Employees from such subsidiaries might be accessing data from Expertflow's web pages. Switzerland's data protection is deemed equivalent to the EU GDPR. Expertflow applies the stricter regulations of either EU GDPR or Swiss Data privacy lawys in case there are ambiguities.

GDPR compliance of Expertflow software

This chapter describes how Expertflow software is designed to comply with GDPR. The only software that Expertflow provides that stores customer information is currently CIM (client interaction management). It stores and manages customer information as configured by the client. The link between an (identified) customer (such as name, first name, address, phone number, email,...), and any associated information (phone numbers, QA scores, list, interactions,…) is done via keys. The only object that allows the identification of a customer is the customer object itself. It is also possible to keep a customer object bare of any identifying information, and to store identifying information in a third-party system (for example a CRM). Expertflow provides PCI-DSS compliant API’s that allow retrieval and storage of any information related to that particular customer. Expertflow ensures that you can access/ view/ modify customer-specific information in machine-readable format. Expertflow itself does not store any information about it’s client’s customers, and any hosting that might be done is under the responsibility of the client.

Cloud software

Expertflow's cloud/ SaaS software may contain PII information, if clients using our SaaS store such information. It is the responsibility of clients using the SaaS to ensure that such PII is used in a GDRP- compliant way.

Access to all cloud data is encrypted wherever possible with role-based security keys, meaning that Expertflow does not intentionally have access to to PII on our client's customers. Expertflow has direct access on PII about users of the software.

GDPR – Client’s customer information and system access

Expertflow does not store or edit directly any information about it’s client(or partner)’s customers. Expertflow clients need to ensure that no remote connection that is provided to Expertflow engineers provides access to customer informations. Expertflow will aim to highlight any breach in this, so that Expertflow employees will have no access to the client’s customer information..

Expertflow employee data privacy

In sensitive environments and for example to provide VPN access, our clients or state regulations require a personal security background check of Expertflow employees.

Previously to share such information, Expertflow requires a written statement that all such personal data will only be stored for the duration during which access is required, and only for the purpose of securing access. It will not be shared with persons or organisations not relevant for security enforcement, and kept only for the period during which access is requred and one year afterwards, after which the data will be deleted. This data is protected under EU GDPR equivalency, including penalties.

 
 

Contact for privacy concerns

For questions and queries on our privacy statement, processing, access and use of private information, correction, blocking or revocation of any granted consent to us, please contact us at ExpertFlow LLC, Jägerweg 18, 3014 Bern, Switzerland, +41 796385801, privacy@expertflow.com