Products and services privacy policy

Role

Sophus3 is a leading supplier of web site analysis and optimisation services. We act as a limited agent and data processor to each of our customers only for the purpose of providing such services. we also act as joint data controller together with each customer of our benchmarking service.

Services

Benchmarking – eDataXchange

Our customers this web analysis service to track user access to their website to evaluate user behaviour. Sophus3 operates a data processor and joint data controller together with each customer. The data processing takes place on the basis of website visitors’ consent (Art. 6 Para. 1 lit. a GDPR).

There are no cookies are stored on website visitors’ device. The service uses a digital fingerprint to generate a userID.

In web analytics, page views and website actions (e.g. clicking) are sequential, i.e. recorded one after the other. The resulting data sets are isolated. A unique session ID, which is saved together with the page views and actions, allows us to subsequently assign page views and actions to the same session. A unique user ID makes it possible to do this for the same user and across different websites and different visits. The data is used for analysis of user behaviour on our customer’s and other automotive websites.

The information stored on the Sophus3 servers cannot be directly related to individuals. A random number is assigned as a visitor ID. The IP address is encoded (hashed) and truncated (the last two octets are removed). A digital fingerprint (DF) is created. But it uses the shortened IP address. The DF itself is a hash value and therefore cannot be traced back.

No Geolocation data is being collected.

The data will be deleted after 12 months.

If website visitors have rejected the purpose of “Analytics” (or similarly named purposes) on our customer’s Cookie Consent Manager, then the Sophus3 service will not be implemented. In this case, no data is recorded.

LiveChatVideo

Our customers use the Sophus3 LiveChatVideo to open an additional communication channel with website users. Website users can start a chat or receive an invite to chat (Proactive Chat). Sophus3 operates a data processor while each of our customers is the data controller.

Live Chat uses the cookies listed below:

The service collects website visitor data even if visitors do not use the chat function. The following data is collected and processed:

Website Visitor Data (all website visitors)
(1) HTTPS headers
(2) IP address
(3) Visited pages, Dwell time, Button Clicks, Link Clicks, Downloads
(4) Device Types
(5) Location data
(6) Browser Data

Chat Data (chat users)
(7) Form data when starting a chat (username, email etc.)
(8) Chat transcript including all personal data shared in the chat
(9) Feedback and Ratings
(10) Chat operator notes
(1) Video feed recording, if Live Chat Video is activated
(12) System data (UserID, ChatIDs, timestamps, Chat history etc.)

The legal basis for the processing of users’ personal data in connection with Sophus3 LiveChatVideo is users’ consent. If users decide to not give consent the Service will not be implemented and remains inactive.

The storage period of the personal data processed within the framework of Sophus3 Live Chat is 3 days for Website Visitor Data, 90 days for Chat Data and 13 months for chat operator notes.

Active Engagement

Our customers use this service from Sophus3 to provide special website content based on user behaviour. Sophus3 operates a data processor while each of our customers is the data controller. This service uses cookies and a visitorID on the basis of website visitors’ consent.

The cookies are stored on website visitors’ device. They are used to store data which is saved only on website visitors’ device and not send to any server. The cookies contain information about the visit and a number of timestamps.

The visitorID is generated randomly and is being sent to Sophus3 servers. The visitorID is not stored in cookies.

The data with respect to the visit and most timestamps are deleted at the end of the browser session. One timestamp, which ensures that website visitors wont receive the same content multiple times, will be deleted after 20 days. Reporting data including the visitorID is deleted after 90 days.

Website visitors can revoke their consent at any time with effect for the future on our customer’s Cookie Consent Manager.

If website visitors have rejected the purpose of “Personalisation” (or similar) on our customer’s Cookie Consent Manager, then the Sophus3 personalisation service will not be implemented. In this case, no data is recorded.