GDPR Policy

Platform

Resources

Support

Tutorial Videos

Product Roadmap

Apps & Downloads

Blog

GDPR POLICY
Last Updated: 7/6/22

Download our Security and Compliance Overview (PDF) here.

Alive5 complies with the General Data Protection Regulation (GDPR). Please contact privacy@alive5.com with any questions.

Data Processor - Alive5

Collects and stores a minimum of Personal Data necessary for the platform

Data Controller - Customer

The owner of the Personal Data that Alive5 stores.

How We Collect and Store Data

Alive5 adheres to the key principles of GDPR and only collects and stores data after customer authorization. Customers and their clients' information are stored in Alive5’s system for business needs only and NO customer data is sold to any third party. The Data subjects are Customers, Customer’s end-users (visitors), Customer’s employees and administrators, and Alive5 administrators. Alive5 systems maintain integrity and confidentiality of Customer data and also make sure that all data stored is lawful, fair and transparent. The personal data categories that Alive5 store are Name, Contact Information, IP Address*, and Cookies data**.

*Alive5 only uses an IP address to enrich data regarding location, type of device, and browser information.

**The only cookies that are used by Alive5 are for tracking website visitor activities on your site, such as whether they visited the home page vs a support page before engaging with the messaging widget. Alive5 will NOT and does NOT track users across domains or build profiles.

COMPLIANCE WITH GDPR

Lawfulness, fairness and transparency

Alive5 fulfills this control by collecting email addresses or additional personal data after taking consent via chat. This control is configured by our customers for their visitors.

Safeguards

Per Article 32 of the GDPR and the requirements of the Standard Contractual Clauses, we have in place appropriate technical and organizational measures to keep your data secure. All data is securely stored on Amazon Web Services.

Data Processing Agreements

Data Processing Agreements (DPAs) cover all vendors and subprocessors who process data on our behalf. More information about our vendors can be found in the Vendors section below.

Data Subject Requests

Processes are in place to honor data subject requests. Alive5 will export, correct, or delete contact data upon request by the Customer or visitors.

We are certified for International Data Transfers:

The EU-US Privacy Shield is a framework negotiated and agreed by the European Commission and U.S. Department of Commerce as a lawful way of transferring personal data.

To comply with EU data protection laws around international data transfer, we self-certified under the E.U.-U.S. Privacy Shield and the Swiss-U.S. Privacy Shield framework here.

We've appointed a Data Protection Officer

We’ve a dedicated Data Protection Officer to oversee and advise on our data management. Get in touch by emailing privacy@alive5.com.

Our Vendors

Amazon Web Services, Inc - Cloud Infrastructure

Bandwidth - SMS Delivery Services

Twilio, Inc. - SMS Delivery Services

TrackJS - Logging Services

Some important notes on vendors:

All of our third party vendors have strong security controls in place and all new vendors are assessed for their IT security and Personal Data security standards
All subcontractors have a Data Processing Agreement