Our priority is to make LiveChat GDPR compliant. That is why we have prepared this short article to assist you in ensuring that your chat window is also GDPR compliant. It is important to remember that we are working together towards this goal.
Processing your customers’ data
With GDPR in place, you are required to notify your customers about the collection of their personal data by either yourself or a third-party processor. There exist two approaches for accomplishing this.
- If you run an e-commerce store where your customers can make a purchase, you can modify the agreement between you and your customer so that it will include the information about the data processing that occurs during a chat.
- If you are not using LiveChat for sales purposes, you should still inform your website visitors that you gather and process their data during a chat. You can use our pre-chat form feature to do just that. Below we provide instructions on how to use the pre-chat form to make your chat widget GDPR compliant, as well as ready-made examples of data protection consents.
Please be aware that the information contained in this article, including the data protection consents and clauses, are meant to serve as general examples and should not be considered legal advice. We provide tips and clauses for your consideration, but we do not have knowledge of your specific business or data processing practices. Therefore, it is important that you consult with your legal advisor before taking any actions, including relying on the content of this article. It is vital that you ensure that any agreement, consent, or other legal basis aligns with your business agenda, taking into account the specific data you process, the purpose of processing, and the duration for which you retain it.
Please be aware that the information presented in this article, including the data protection consents and clauses, are merely general examples and should not be taken as legal advice. We provide tips and clauses for consideration, but we cannot provide advice tailored to your specific business and data processing practices. Therefore, it is important that you consult with a legal advisor to ensure that any agreement, consent, or legal basis aligns with your business agenda, including the type of data you process, its purpose, and the duration of its retention.
To incorporate the data processing consent into your pre-chat form, follow these steps: access the LiveChat app, navigate to Settings, then go to Forms, and finally select Pre-chat form.
You can include a link to your full privacy policy in the pre-chat form.
Even if the pre-chat form is enabled, manually inviting customers to chat will not result in the form being displayed.
Here are the data protection clauses already prepared as examples.
- [Data processing consent notice]
I agree that the controller of my personal data is [your company name] with its registered office in [your business address]. I agree that my personal data shall be processed by the data controller in accordance with the General Data Protection Regulation (GDPR).- [Data processing consent, purpose, retention period]
I agree for my personal data, provided via chat, to be processed by [your company name], for the purpose of [specify the purpose of the processing], for the time of [specify the time of processing].
The right to access your data
With the implementation of GDPR, it has become simpler for your customers to obtain their data collected from different services, including LiveChat. If a customer requests the transcript of a conversation or a ticket they have created using LiveChat, you can easily provide it to them by following a few simple steps. To do so, navigate to the Archives section within your LiveChat application and select the preferred conversation.
When it comes to tickets, they are automatically sent to your customer’s email. However, if your customer asks for it to be resent, you can do so from the Tickets section of your LiveChat app.
In addition, the same rule also applies to you. If you wish to obtain the conversations you had with our support team, you can easily do so by sending an email to support@livechat.com and requesting to retrieve all the data we collected from LiveChat.
To ensure proper verification, please send the information retrieval request from the email address used to log in to the LiveChat app. Once we receive the request, we will send a verification code to the email address linked to your LiveChat account. Upon receiving the code from you, we will proceed to send over the requested information.
To ensure the same meaning, please make sure to send the information retrieval request from the email address used for logging in to the LiveChat app. After receiving the code back from you, we will send a verification code to the email address associated with your LiveChat account, and then provide the information.
3 Ways to Make Your Live Chat Widget Legal
Are you here because you are uncertain about the legal soundness of the recently installed web chat service? Or perhaps you are contemplating the addition of live chat to your website, but lack knowledge about the applicable laws and regulations.
No need to worry. We have a few methods that can help you ensure your live chat is legal.
Include a privacy policy.
To ensure easy accessibility, your web chat window should contain a link to your privacy policy. Even if it is already present in the footer, it is advisable to include it in your live chat widget as well.
While many individuals do not read privacy policies, they are mandatory as per legal requirements, comparable to terms and conditions agreements.
A privacy policy that is legally sound should contain, using clear and simple language, the following characteristics:
An overview of the personal data collected by your site and its storage methods.
What is the duration for which you keep web chat logs?
Data can be collected through various means such as text messages, emails, and so on.
The process of using or transmitting data to third parties for purposes of marketing.
Users have the right to request and erase their data through an access and erasure clause.
The address and contact information of your company.
The content of your privacy policy will depend on the products and services your company provides.
In order to comply with the General Data Protection Regulation (GDPR), companies need to make sure that their privacy policy and practices meet the requirements, especially if they have visitors from the European Union (EU).
HIPAA compliance
If you work in the medical field, it is necessary for your web chat widget to adhere to the requirements of the Health Insurance Portability and Accountability Act (HIPAA).
These regulations both protect patient privacy and enable the transmission of confidential health information among “covered entities”.
Covered entities encompass healthcare professionals, insurance agencies, legal entities, and accounting firms, among others. In essence, any business involved in receiving or transmitting confidential health data for service provision falls under this category.
At the very minimum, a live chat service should encompass all the necessary requirements to comply with HIPAA regulations.
Encryption at the level of enterprises.
The process of confirming a person’s identity remains the same, without any additional details added or any information removed.
ZyraTalk’s web chat platform is fully HIPAA compliant due to our servicing of the healthcare industry.
Require users to opt in
User consent is one of the essential requirements outlined in the GDPR law. In order for their personal data to be processed and stored, customers and site visitors are necessary to actively opt in or grant the site permission.
If you are collecting personal data through a web chat widget, such as names and email addresses, you should also include a checkbox in the chat window if your users need to complete a brief form.
I hereby acknowledge that I have read and understood the privacy policy. In addition, I consent to and agree to be bound by the terms of use. Please note that the privacy policy can be found at [policy link].
