Here’s what we do to help you comply.
The General Data Protection Regulation is a new set of laws aimed at enhancing the protection of EU citizens’ personal data and increasing the obligations of organisations to deal with that data in transparent and secure ways. GDPR applies not only to EU-based businesses, but also to any business that controls or processes data of EU citizens.
At iAdvize, we set up a dedicated team back in 2017 to work on improving our processes and our solution to help you comply with GDPR.
This page is a one-stop shop for iAdvize product updates that are GDPR-related.
Product Roadmap
|
Feature description
|
|
What it means
|
Delivery date
|
|
Visitor consent (opt-in) collection for chat, call and video
|
|
At the beginning of every conversation, we’ll ask for the visitor's consent (opt-in) for us to store conversation and preview its activity on the website.
We’ll add an option in the iAdvize Admin for you to activate that.
|
May, 25
|
|
Legal information displayed to visitors for them to give their consent (opt-in)
|
|
Within the chatbox, visitors will have easy access to all the legal information they need to give their consent:
It will be displayed when consent collection is activated.
|
May 25
|
|
Form in iAdvize admin for you to indicate your legal info
|
|
You’ll have access to a new form in the iAdvize admin for you to enter all your legal info that will be displayed in the chatbox.
Before that form is available, your account manager will gather the information and enter it into our database.
|
Q3 2018
|
|
Visitor consent (opt-in) collection for cobrowsing
|
|
At the beginning of every cobrowsing session, we’ll ask for the visitor consent.
|
Currently available
|
|
Visitors are able to stop (opt-out) a cobrowsing session
|
|
Whenever they want, during a cobrowsing session, visitors will be able to stop the session and come back to the chat.
|
Early June 2018
|
|
Consent/non-consent events logging
|
|
We’ll store every consent/non-consent events from visitors in a dedicated database, from which we’ll be able to extract information about your visitors if required.
|
May, 25
|
|
Visitors can access, update, download and delete their data
|
|
Visitors will have the right to obtain from the data controller, the access, modification, download or deletion of their personal data, by sending their request to the data controller (to the address displayed in the legal information notice). The data controller will then submit a “Personal Data” ticket to the iAdvize support team, in order to get all the information within 15 days of the request date.
|
May, 25
|
|
ibbü: community panel anonymisation when an expert leaves the community
|
|
The community panel contents (mentions, likes and posts) will be anonymised when an expert leaves the community (= their account is deleted).
|
May, 25
|
|
Consent/non-consent events in iAdvize Admin
|
|
Admins will have access to the complete log of consent/unconsent events in the iAdvize admin panel.
|
2018
|
FAQ
Does the GDPR apply to me?
The current EU legislation (the 1995 EU Data Protection Directive) governs entities within the EU. but the GDPR has a wider territorial scope as it also applies to non-EU businesses when they control or process the data of EU citizens. In other words, if your company is based in the EU or handle data of EU citizens, the GPDR applies to you.
What will happen to data collected before May, 25th 2018?
iAdvize will continue to store data collected 3 years before the application of the GDPR since we use them for features like the Smart Answers. It means that 3 years after the application of the GDPR, we won’t have any data collected prior to the GDPR (or even before if your data retention period is shorter). Any data older than 3 years we may have had on our servers will be deleted on May 25th.
When will you send us a Data Processing Agreement (“DPA”)?
iAdvize will send you a Data Processing Agreement by May 11th.
Where you data is being stored ?
For Chat conversations: data is hosted within the European Union, in accordance with the DPA signed with our service provider AWS.
For Call, Video and SMS: data is hosted in the US, in accordance with the DPA signed with Twilio.
For Social Networks (Facebook, Twitter, Instagram, Messenger and WhatsApp): data is hosted in Europe and in the US.
What about the data of my Users (agents, experts…)?
In case of the deletion of one of your agent or expert’s account, iAdvize will delete all the data we have about him/her, including in our backups.
We still keep their KPIs and conversations but without any personal data (anonymization of their name, email, profile picture, etc).
What is the data retention period?
By default, the data retention period is set to 3 years for the Chat and 12 months for the Call, Video and SMS. After that, the data is deleted. Keeping the data for 3 years enables us to provide you with an enterprise level of reporting and with features based on conversation analysis like the Smart Answers.
You can set a different data retention period if you need.
What are the security measures?
iAdvize has implemented appropriate technical and organisational measures as requested by GDPR to ensure data protection and a level of security, appropriate to the risks, including the confidentiality and the integrity of the data, and taking into account the Security and Privacy in the design process of new changes in the product (“Security by design” and “privacy by design” principles) as title of examples.
Do you have other ressources about GDPR?
- Listen to the iAdvize General Counsel Matthieu Huet talking about GDPR in this podcast
- The Irish Data Protection Commissioner's GDPR website
- Guidance from the German Federal Commissioner for Data Protections' on GDPR here
- EU Data Protection Supervisor here
- Find your Supervisory Authority here
- Full text of GDPR here
- Full text of GDPR in German here
- The EU’s GDPR website
- EU Data Protection authorities here
- European Commission's portal about 2018 reform of EU data protection rules here
Related articles : Request a deletion of personal datas