General Data Protection Regulation is almost here! Making LiveChat GDPR compliant is our number one priority, but we also understand that you will have to make some adjustments to your website or e-commerce store as well. That is why we prepared a short article that will help you make your chat window GDPR compliant. Remember that we’re in this together!
- Processing your customers’ data
- The right to access your data
- The right to be forgotten
- Signing a DPA
- What’s next?
Processing your customers’ data
You should remember that with GDPR, you are obliged to inform your customers that you and/or a third-party processor will gather their personal data. There are two ways to do so:
- If you run an e-commerce store where your customers can make a purchase, you can modify the agreement between you and your customer so that it will include the information about the data processing that occurs during a chat.
- If you are not using LiveChat for sales purposes, you should still inform your website visitors that you gather and process their data during a chat. To properly inform your customers and provide them with the legal consent, you can facilitate our pre-chat survey feature. Below we will provide you with the instructions on how to do so, together with ready-made examples of data protection consents.
To include the data processing consent, first add a new Multiple choice list field to your Pre-chat survey.
As a question, paste one of the consents available below and type I agree as the available answer.
Don’t forget to mark your new field as required! After that, click on Save Changes button to apply your Data Consent to the Pre-chat survey.
And here are the ready-made examples of data protection consents and clauses that we’ve prepared for you:
1. [Data controller notice]
I understand/acknowledge that the controller of my personal data is [your company name] with its registered office in [your business address]. I understand/acknowledge that my personal data shall be processed and transmitted in accordance with the General Data Protection Regulation (GDPR).
2. [Data controller notice]
I understand/acknowledge that the controller of my personal data is [your company name] with its registered office in [your business address]. I understand/acknowledge that my personal data shall be processed and transmitted in accordance with the Regulation (EU) 2016⁄679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46/EC (The General Data Protection Regulation - GDPR).
3. [Data processing consent, purpose, retention period, revocation]
I agree for my personal data, provided via chat, to be processed by [your company name] for the purposes of providing support via chat. I agree for my personal data to be processed for the time [e.g. needed to carry out the service]. I understand that the consent may be revoked by sending an email at: [your business email/your data protection officer’s email].
4. [Data processing consent, purpose, retention period]
I agree for my personal data, provided via chat, to be processed by [your company name], for the purpose of [specify the purpose of the processing], for the time of [specify the time of processing].
5. [Sensitive data processing consent]
I agree for my sensitive personal data, provided via chat, to be processed by [your company name] in accordance with the GDPR for the purposes of [specify your purpose of the processing of sensitive personal data]. I understand that the consent to the processing my sensitive data may be revoked by sending an email at: [your business email/your data protection officer’s email].
6. [The data subject’s rights notice]
I acknowledge that I have been informed about the rights I have, in particular the right to access my personal data, to rectify and delete them, the right to limit the processing, transferring, and to demand the temporary or permanent suspension of the processing, as well as withdrawal of consent for processing and filing a complaint to the supervisory body.
7. [Consent for entrusting the data]
I agree to transfer my personal data by the data controller to affiliated companies and other entities whose services are used by the data controller while doing business.
The right to access your data
With GDPR it is now much easier for your customers to access all of their data gathered in various services – LiveChat included. If a customer would like to receive the transcript of a conversation and/or a ticket that he created with the use of your LiveChat, you can provide him with all the necessary information with just a few easy steps. To do that, go to the Archives section of your LiveChat and pick the desired conversation.
Now click on Send to email button, available at the right side of your chat transcript.
All that is left is to provide your customer’s email and confirm the process by once again clicking on the Send to email button.
When it comes to tickets, each of them is automatically forwarded to your customer’s email. However, in case that they would delete it or simply like to receive it again, simply go to the Tickets section of your LiveChat. From there, choose the desired topic.
Now you can resend a whole content of a ticket by simply typing a message and hitting Submit or send a ticket to another email address, adding it as another person.
But that’s not all: the same rule applies to you as well! From now on, if you’d like to retrieve chats that you had with our support team, you can simply send us an email at firstname.lastname@example.org, asking to retrieve all the data that we gathered at LiveChat.
The right to be forgotten
Another one of GDPR’s regulations is the right to be forgotten. At LiveChat, we can delete all of your personal data, based on your request sent to our email@example.com email address. But what about your own customers?
Your customer may want to request a deletion of a chat conversation and/or a ticket, based on various reasons like personal information being shared via chat. If you ever face such a request, don’t worry: we prepared an internal procedure that will allow you to remove the mentioned conversation or a ticket from your LiveChat license. What’s more, we’ll take care of the hard part for you.
All you have to do is to tag a chat or a ticket that you would like for us to remove. You can create a separate tag and name it Delete, so that you will use it only when such request will arise.
After tagging a conversation or a ticket, send us an email at firstname.lastname@example.org, asking us to remove all the transcripts on your license, marked with a specified tag.
After receiving an email, we will remove all of the tagged conversations as soon as possible. Also, after fulfilling your request, one of our Support Heroes will send you an email confirmation that the process has been taken care of.
Signing a DPA
However, if you are located in the EU or your country’s law requires it from you, you can sign a Data Processing Agreement with us. To do that, write us an email at email@example.com, and we will provide you with a DPA that you’ll be able to both review and sign.
If you’d like to learn more about what steps we take to become GDPR compliant and what we’ve already accomplished, don’t hesitate to visit our official General Data Protection guide. Also, as our Support Heroes are available 24⁄7, feel free to start a chat with us - we will be more than happy to provide you with any additional information that you may require!