Chatvisor's compliance with the General Data Processing Regulation (GDPR)

May 1, 2018

On May 25th the General Data Processing Regulation (GDPR) will become effective in the European Union. Its purpose is to give EU citizens more control regarding their personal data in the internet.

The next pages shall express how Chatvisor handles and implements the topic in terms of Messenger Marketing.

1 GDPR rights for EU citizens

Due to the GDPR, EU citizens receive more extensive, clear formulated rights to control their personal data.

  • Right to be informed
  • Right of access
  • Right to rectification
  • Right to object
  • Right to erasure (“the right to be forgotten”)
  • Right to data portability
  • Right to restrict processing
  • Rights regarding automated decision-making and/or profiling

Companies use Chatvisor to keep their customers and community updated about news like information to their products, events or classic news. To give users a better experience by sending more relevant information, personal data will be processed and saved from the point the user subscribes to the Messenger news. For that reason, Chatvisor needs to be and therefore is GDPR compliant.

2 Data controllers and data processors

The GDPR differentiates between data controller and data processors. A data controller determines the purposes and means of the processing of personal data. Such companies, including those that use application performance monitoring, must ensure that personal data is collected and used in accordance with regulations. A data processor processes personal data on behalf of a data controller. Dynatrace, for example, processes personal data for its customers in the course of providing application performance monitoring. Data processors must ensure that stored personal data is protected.

3 User Experience Monitoring (UEM) and personal data

The recording of personal data is acceptable under GDPR as long as the data collection is proportionate. A data controller must …

  • … record minimal personal data and process it safely.
  • … adhere to obligations that ensure rights, such as the right to information and the right to be forgotten.

3.1 When does Chatvisor receive data?

Chatvisor extends Facebook Pages and the associated Messenger Channel of a certain company by adding a newsletter- and community management system. Is Chatvisor connected with a Facebook Page, then the platform receives a message or notification from Facebook, in case a person or Facebook User interacts with the Facebook Page. The interaction through the user can be committing a “Like” to a post, commenting a post or sending a message in Messenger. In case of these interactions, Facebook will push data to Chatvisor (name, surname, profile picture). The data will only be processed when there’s an existing opt-in by the user.

Personal data will only be processed, when an active agreement through the user happened. (this can take place while subscribing to the Messenger News)

3.2 How agrees the user to data processing?

Always then, when the user has the option to subscribe to some companies news in Facebook Messenger, he’ll also receive an understandable message which informs him about the upcoming data processing. By subscribing the Messenger Newsletter, he accepts the processing of his personal data.

3.3 Which data does Chatvisor collect?

Due to the subscription, Chatvisor additionally to name, surname, profile picture receives the user’s gender and language. From this exact point on, the system will also record user activity – e. g. user clicks certain article in chat or “likes” a certain posting on the connected Facebook Page.

3.4 What use has the collected data?

Name and surname will be used to personalize messages and together with profile picture make up for identification purposes. Gender and language are useful targeting options, which allow to send more relevant information. The system recognizes the user language automatically and answers in the respective language. Out of the information the the user’s activity, our platform learns the user’s interests, which again allows to send more helpful and relevant news.

3.5 Un-/subscribe from Messenger News

Subscribing and unsubscribing must be equally easy. Within chat the user subscribes to a certain category by clicking the subscribe button. He’ll get the option to unsubscribe at the end of every newsletter message – here always the button “Manage subscriptions” is added.

The user also can use the Messenger menu and click the “Manage subscriptions” button there. Furthermore, there can be used a specific keyword which ends the subscription and future newsletters.

4 How specifically ensures Chatvisor GDPR compliancy

In “Settings > General > ‚Make your bot GDPR ready‘ ” companies have the option to turn their Chatvisor installation GDPR compliant. When activating, personal data – like explained above – will be processed only then, when there’s an existing opt-in from the user.

This is how Chatvisor implements the individual citizen rights:

4.1 Right to be informed

The data processing begins when the user agrees to it. Before the user agrees or subscribes in Messenger, he’ll be informed by a notification message, which explains in a comprehensible way, that by subscribing he agrees to the upcoming data processing.

4.2 Right of access

On request the Chatvisor GmbH can provide detailed information to the processed personal data at any time. Currently we’re working on an automated solution directly in Messenger where the user can request all that.

4.3 Right of rectification

We receive all data from Facebook, in case their wrong or not up to date, Facebook in its central role is the contact organization to correct and update user data.

4.4 Right of erasure („the right to be forgotten”)

The user has the chance to delete all his personal data at any time by texting “delete data” or using the “delete data” button in the Messenger Menu.

4.5 Right to object

The user has the option to cancel all further data processing by unsubscribing from the Messenger news.

4.6 Right to data portability

Data portability is not possible with Chatvisor. This is because we see no interest of the user that will want him to transfer the collected data somewhere else.

4.7 Right to restrict processing

Due to unsubscribing from the Messenger subscription, the user has the option to cancel automatic data processing.

4.8 Data protection

Chatvisor saves all collected data especially careful. By securing state-of-the-art encrypting methods we assure maximum data protection. The data never leaves the European Union and is stored in Germany at the Contabo GmbH.

Author: Mathias Holzinger

For future tips on how to integrate Messenger Marketing into your marketing-mix (and much more), just subscribe our Messenger news:

Start a campaign and get valuable insights for your marketing!