How do I respect privacy laws when using my chatbot?
Gobot has taken privacy by design to the next level. At Gobot we take both you and your customers privacy very seriously.
HOW DOES GOBOT PROTECT MY PRIVACY?
HOW CAN I USE MY WEBSITE BOT TO COLLECT LEAD PERSONAL DATA IN A MANNER COMPLIANT WITH PRIVACY LAWS INCLUDING GDPR?
Have you asked yourself whether your existing lead generation tools, popups, polls, survey, forms and landing pages are GDPR compliant?
This section details how you can use Gobot to facilitate your compliance with privacy laws, including but not limited to, Europe's privacy regulation GDPR. Complying with global privacy laws can be very complex and costly if you get it wrong. Gobot is the tool you have been waiting for!
Certain privacy laws, such as GDPR, may require that you only hold onto personal data your bot collects for a period reasonably necessary to accomplish the purpose for which the data was collected for in the first place.
Gobot not only allows you to control what data you collect, it allows you to control to what extent collected data is actually stored and how long. Gobot provides multiple levels of privacy controls. Under Settings you can control the global retention settings across all of your bots. You can adjust the retention setting on a region by region basis if you so chose, given the variation of privacy laws globally. You can tailor each of your bots' retention settings by accessing the Retention tab under the Bot Settings page. Any settings in this tab will trump global or default retention settings. Click here for more detail about Gobot's retention settings.
Certain privacy laws, including GDPR, may require that whenever a data subject, e.g., your customer or website visitor, is about to submit their personal information, the data controller, e.g., your company, has to make sure the data subject has given their consent. The GDPR steps up the standard for disclosures when obtaining consent, as it needs to be “freely given, specific, informed and unambiguous,” with controllers using “clear and plain” legal language that is “clearly distinguishable from other matters”. Further, GDPR requires the data subject to signal agreement by "a statement or a clear affirmative action."
Essentially, if you are going to comply with GDPR, your customer cannot be forced into consent, or be unaware that they are consenting to processing of their personal data. They must also know exactly what they are consenting to and they must be informed in advance of their right to withdraw that consent. Obtaining consent requires a positive indication of agreement – it cannot be inferred from silence or pre-ticked boxes. This means that informing the user during the opt in is important.
Gobot provides the flexibility you need to seek consent and, if necessary, process withdrawn consent. With Gobot, how you script your bots is up to you. To play it safe, however, we suggest that when interacting with European citizens your bots be drafted to seek consent such that what you get is “freely given, specific, informed and unambiguous.” In other words, make sure to have your bots ask for permission to use the information you collect in a specific and very clear way. Also, allow your visitors and customers to respond in a very specific and clear way, e.g., using specific and well thought out multiple choice options that avoid subjective responses.
Finally, if your customer or visitor opts to withdraw consent as to email, Gobot’s emails include an optional opt-out button you can use for European citizens.
Of course, consent is not real unless your visitor is provided with sufficient notice. As detailed below, Gobot makes providing notice in the context of a chat with a bot a breeze.
Gobot makes it very easy for you to provide the notice required under various privacy laws, including GDPR. When collecting personal data, consider including notice in your bot script clarifying exactly how long you will hold onto the data, what you will use it for, who you will share it with, how the visitor can seek to opt out later, whether the visitor’s data will be used to make automated decisions, the relevant legal bases for processing, and means to communicate with you. Gobot’s notice functionality makes it super easy for you to provide the required notices in a clear and trackable manner without bloating your chat script with legalese! Click here for more detail about Gobot's notice functionality.
Under certain privacy law regimes, including GDPR, website owners using Gobot (controllers) may also be audited and called upon to provide evidence that their processes are compliant and followed in each case. Gobot’s consent log and transcript feature facilitates compliance in this regard. If you are ever questioned as to whether a particular visitor or customer provided consent to use of their personal data, e.g., email address, you can point the customer or authorities to your Gobot consent log, which clearly documents the consent provided. The log references the bot transcript showing exactly the authorization you requested and the notice your provided, and importantly, the consent your visitor or customer responded with. Click here for more detail regarding Gobot's consent log functionality.
Right to be forgotten:
GDPR also grants European citizens the “right to be forgotten,” which requires that controllers delete all personal data stored about the citizen. Gobot makes it easy to delete all information you have about a particular contact with the press of a button. In Contacts mode, simply click the Delete button in the upper right hand corner of the screen after selecting the contact you wish to delete.
Note that even if you delete a contact, information related to such deleted contact may still be saved in your consent log so you can establish consent if ever questions later by authorities.
Note further that you may also need to manually delete all personal data you may have shared with third parties via an integration.
Right to data portability:
GDPR also grants European citizens the “right to data portability,” which allows data subjects to demand a copy of their personal data in a common format. Gobot makes it easy to print a report including personal data Gobot has collected from a particular contact. In Contacts mode, simply click the Export button in the upper right hand corner of the screen after selecting the contact data you wish to export.
This website is not intended to provide legal advice. You should not rely on this website for such, nor as a recommendation as to a particular legal understanding. Our goal is to provide background information to help you understand how Gobot has addressed some important legal points. This information is not the same as legal advice where a lawyer applies the law to your particular circumstance. Therefore, we suggest that you consult a lawyer to seek assistance in the interpretation of this information including its accuracy.
Copyright 2018, Gobot LLC, All rights reserved.