1. WHAT IS GDPR?
The General Data Protection Regulation (GDPR) is a European privacy law which was enforced on May 25, 2018. The GDPR applies to all organizations established in the EU and to organizations, whether or not established in the EU, that process the personal data of EU data subjects in connection with either the offering of goods or services to data subjects in the EU or the monitoring of behavior that takes place within the EU. Personal data is any information relating to an identified or identifiable natural person.
2. SERVICES WE USE ARE GDPR COMPLIANT
We use the following services which are all GDPR Compliant.
1. Amazon AWS Services https://aws.amazon.com/blogs/security/all-aws-services-gdpr-ready/
2. Stripe Payment https://stripe.com/guides/general-data-protection-regulation
3. WHAT INFORMATION WE STORE OF USER?
- Stripe Payment Info
- Facebook Scoped ID
- First Name
- Last Name
- Profile Picture URL
- Locale Code
4. HOW WE USE THIS PERSONAL INFORMATION?
We use Bot users’ information to send them messages on behalf of BotPenguin’s customers and display users on BotPenguin Live Chat feature.
On behalf of BotPenguin customers we use their information to send email alerts about leads, etc and marketing materials and users can also unsubscribe or stop these emails. We also send emails when the user requests human help through the chatbot. We do not store any sort of credit card information and we use Stripe for the payroll which is GDPR compliant platform.
5. ALLOW USERS TO DELETE PERSONAL DATA?
We allow users to deactivate their account. Deactivation acts as soft delete and allows users to come back and restore their account in case they decide to do so. But if they want us to completely remove information they can contact us via email at (firstname.lastname@example.org) and we will completely delete the user’s information from our systems. We do not directly remove the user’s information because we have had several instances when users inadvertently deleted their information and their information became unrecoverable.
Bot users’ data is automatically deleted after 90 days. In case BotPenguin customers want to download the data they can download it in form on excel.
6. HOW TO MAKE YOUR BOT GDPR COMPLIANT?
It’s pretty simple.
Document a consent: Just add a Yes/No question to your current bot, using Multi Choice, asking them if they would be happy to receive email updates. For example: “Shall we send you the latest updates?” or “To serve you better, we will save the data that you input to us. Are you ok with this?”.
Giving your user the data: If your user requests you to share the data that you collected from them, you can share the email notification that you received from us. It contains everything we have collected about that particular user. Or you can goto the Inbox section and find this record, select it (tick in the first column) and download it.
Deleting the data of your user: If your users ask you to delete their data, then you can goto the Inbox section, find this record, select it (tick in the first column) and press the Delete button. The data will be deleted permanently and it cannot be retrieved.
7. SERVER LOGS:
We maintain the server logs received from facebook, for debugging issues and improving the performance for chatbots and our platform. We also store the IP Address of the Website on which the chatbot is attached, against a particular bot user, so we can check whether the user is online or not and we can show it on Live Chat Feature.