Effective Date: February 19, 2019
The GDPR (General Data Protection Regulation) is an important piece of legislation that is designed to strengthen and unify data protection laws for all individuals within the European Union. The regulation became effective and enforceable on the 25th May 2018. Per article 25 of the GDPR commitment, privacy by design has been a core principle from day 1.
Qualified is fully committed to compliance with the GDPR. This page provides a high level summary. Please contact our Chief Privacy Officer at [email protected] directly with any questions.
Qualified, as a Data Processor, collects and stores a minimum of Personal Data only as instructed by our Customer, the Data Controller, for the purposes of delivering the Qualified Services.
This page will cover:
Scope: Qualified collects, processes and stores Personal Data about people who chat with the Customer via Qualified.
Qualified does not sell any Contact Data collected on behalf of the Customer or market Qualified Services to the Customer’s site visitors.
Categories of Data Subjects:
a. Customer’s end-user customers or prospects
b. Customer’s employees or other authorized users or administrators of Qualified
c. Name
d. Contact information (company, business email address and phone number)
e. IP Address*
f. Cookie Data**
g. Photographs (we will use photographs of Customer employees if the Customer is routing the chats to them after bot qualification)
*Qualified will only use the IP address for data enrichment, i.e. to determine if it is associated with a business and then give you additional information re: that business such as industry and number of employees).
**Qualified will only use cookies to track the activities of your site visitors within your site, e.g. whether they visited a particular product page or the pricing page before engaging with the messaging widget. Qualified will NOT track users across domains or build profiles.
Collecting Consents
You can configure Qualified to collect consents via chat prior to collecting email address or additional personal data. Qualified is able to read the consent flag passed from your Consent Management Platform (CMP) and act accordingly.
Appropriate Safeguards
Per Article 32 of the GDPR, we have in place appropriate technical and organizational measures to keep your data secure. All data is securely stored in Amazon Web Services. Please visit the AWS Security Page for additional information on AWS Cloud Security.
Contracts
We have in place the appropriate Data Processing Agreements (DPAs) with all vendors and sub-processors that process data on our behalf. Check out the Sub-processor section below for more information on how we vet and contract with our sub-processors.
Honoring Data Subject Rights
We have processes in place to honor data subject requests. Qualified will export, correct, or delete Contact Data upon request by the Customer. If we receive a request directly from a Data Subject, we will work with the Customer to honor the request.
Some important notes on Subprocessors:
Our current List of Subprocessors can be found here