How HelpCrunch Becomes GDPR-Compliant And Helps You Do The Same

Data protection and transparency have always been at the core of our values at HelpCrunch. It’s what we’ve always believed in, and the GDPR law became yet another step to implementing better security and trust for our tools and services.

For the past couple of months, we’ve been preparing our software for the GDPR (some of us even worked on it till 5AM this week *winks at our CPO Pavel*). And today, we are happy to announce that HelpCrunch is GDPR-compliant. Which is cool, because it makes your data even more secure with us than before.

“But wait, what on earth is the GDPR?” – some of you may wonder. I got you from here. In a second, we’ll talk about every single detail you should know about the GDPR at this point and, specifically, why you should care about it.

What is the GDPR?

The GDPR, or General Data Protection Regulation, is the new law that grants data security and privacy for all EU citizens.

We all want to protect our private information from breaches and illegal usage, and that’s what the GDPR aims to provide. Basically, people get to have the full control over their personal data that third-party companies may have about them.

Here’s how it’ll work in real-life. For instance, companies won’t be able to gather any of your personal information without your consent. And I mean, ANY. Not your name, emails, nothing.

Another common example is the right to require organizations to show what information they have on you and how they use it.

In fact, there’s much more to it. But the basic idea is the protection of people’s personal data.

Whom does the GDPR concern?

It’s important to note that the new regulation will touch not only EU citizens. It also applies to you if:

  • If your organization is doing business on the territory of the EU;
  • If your organization has servers based on the territory of the EU;
  • If your organization collects and processes any personal data of the EU citizens.

So, what I’m saying here is that you most probably should care about the new regulation and should prepare your organization for it. The good news is, if you’re a HelpCrunch user, we did everything possible on our end to make it easier for you, so keep reading.

How HelpCrunch has prepared for the GDPR

As I’ve already mentioned, our team has been working hard to implement major changes in our system to be fully compliant with the new regulation. We’re aware how important it is, so we want you to feel safe using our service.

In a nutshell, we made tons of changes to make sure you get the fullest control over your personal data and are able to give the same opportunities to your customers.

Our internal changes at HelpCrunch:

We did an in-depth analysis of all of the HelpCrunch’ areas that may be touched by the GDPR, then invited lawyers for cooperation, compiled a list of required changes and legal requirements, drank tons of coffee and got the job done.

Don’t hesitate to contact us in case you have any questions or want more details about any of the below information. (See? Transparency is in the air.)

So yeah, here’s a basic list of the GDPR-related changes we’ve done at HelpCrunch.

  • Terms of Use and Privacy Policy

HelpCrunch has updated our Terms of Use and Privacy Policy documents and added the GDPR related sections to them. The new sections explain specifically how we collect and use your personal information, so you can always read about it in our documentation.

  • Vendors

We’re looking into our vendors and our legal arrangements with them. We’re in the process of reviewing and entering into GDPR-ready Data Processing Agreements (DPA) with our vendors to ensure your data and the data of your users are protected.

  • Data storage and security facilities

First of all, our employees sign NDA’s with HelpCrunch and are legally obliged to keep your secrets safe.

We keep all our data on the territory of the EU. You can be sure that it’s secured with the TLS encryption (HTTPS) and backed up every day. While the payments information is not stored on our servers as it’s kept on Stripe.

We secure your passwords by employing salted hashing algorithms and don’t use open sources for storage. Our uptime is 99,8% meaning that our systems are active almost without a break.

The HelpCrunch team does regular pentests of our own services as well as of companies that use our tools. We have established a precise procedure for incident responses, which includes escalation procedures, rapid mitigation, and post-mortem.

We also provide an option of permission levels. You can set such permissions for particular teammates to include app settings, billing, user data, the ability to send or edit messages.

Note!
Data Processing Agreements

We’re updating our Data Processing Agreement (DPA). So if you want to sign it with HelpCrunch or request any details about it, just email us at dpa@helpcrunch.com and we’ll get back to you right away.

What HelpCrunch implements for our users

As a software company, we provide customer support services. Needless to say, we use our own tools to make it of the highest possible quality.

First of all, your consent to process your personal data is our bread and butter. You won’t be able to start a chat with us unless you accept our Privacy Policy in the pre-chat form. A law is a law.

Under the new law, we’ve added a number of new functionalities to our own customer support to be fully GDPR-compliant. In other words, whenever you chat with our customer support team via live chat, you can be sure we respect and provide the following rights:

1. Right to be informed

The key concept of the GDPR is that no one can collect your personal data without your consent. And to give your consent, you must have a full picture of how it will be used. That’s your right to be informed.

HelpCrunch discloses all the details about collection and usage of our customers’ personal data in our Privacy Policy. If you want us to send it right to you, just request it via chat or email us at info@helpcrunch.com.

2. Right of access

The right of access grants that if requested, a company should provide you with a copy of any of your personal information that they have. And they should also clarify you how they use it.

You can export all the personal information that HelpCrunch has about you from the “My account” section at any moment. If you also want to receive full chat transcripts, chat with us and we’ll send them your way.

3. Right to rectification

Under the GDPR, any EU citizen can demand to correct any of the errors in their personal data or complete it is necessary. So if you need to change any of your personal data or add corrections, chat with us and we’ll change it within no longer than 30 days.

4. Right to erasure (right to be forgotten)

Not only that, but we can also delete completely all of your personal information that we have. And we will do it immediately at your request. Also, if you cancel your account at HelpCrunch, all your personal information will be automatically and permanently deleted in 6 months.

5. Right to restrict processing

You can cancel your account at HelpCrunch and we will stop processing and using your data immediately. You can fully restore it though within 6 months – just log in into your account and renew the subscription. All the canceled accounts will be completely and permanently deleted after 6 months.

6. Right to data portability

The right of data portability grants that you can obtain your personal data from a company and reuse it as you want. Upon a request, HelpCrunch can export your data in a convenient format (CSV, JSON or XML) and send it to you.)

7. Right to object

The GDPR gives individuals the right to object to the processing of their personal data in certain circumstances. Individuals have an absolute right to stop their data being used for direct marketing. You can always unsubscribe from our emails in the “My Account” section. Chat with us if you want to make us stop processing any other information.

Note!

Under the new regulation, companies can’t store anyone’s personal information for as long as they want anymore. HelpCrunch automatically suspends all inactive accounts (expired trials, suspended and canceled accounts) and deletes them completely and permanently after – 6 months.

Long story short, HelpCrunch will stay transparent about how we gather any personal data and will comply with the new regulation. In case you have any GDPR-related questions or want to file a request, just email gdpr@helpcrunch.com. For general questions use info@helpcrunch.com. And we are always more than happy to talk to you via chat.

How HelpCrunch helps you become GDPR-compliant

We’ve also added a number of new features into our tool to ensure that when you use it at your website, you’re staying 100% GDPR-compliant, too.

1. Getting your customers’ consent to process their personal data

To obtain and process any of your customers’ personal data, you need to get their consent. That’s why we’ve added a new checkbox to a pre-chat form, where you can request users to agree with your Privacy Policy before starting a conversation.

You can set a pre-chat form yourself. Just go to Settings -> Website Widgets -> [Your_Widget_name] -> Widget Customization and check a corresponding field.

2. Right of access

Your customer can request a transcript of their customer support chats with you. We grant this right and will send a complete transcript of all the conversations with a given person immediately.

Also, you can download all the personal information about a customer right from a chat in a CSV format and send it to them. If you choose the “email transcript” opting, we will send the full chat history including all conversations with a given customer.

3. Right to be forgotten

If you press the “delete chat” button, it will remove their personal information from your database completely and permanently. You can do it at any time and immediately.

4. Right to be forgotten for your employees

The GDPR will concern not only your customers but also your employees. HelpCrunch takes care of people who work with our tool – of your customer support agents. After leaving a job at your company, they can request a total removal of their personal information from your database. You can do it in Settings -> Agents -> Delete Agent.

This action will delete all the info about an agent, including their photo and a full name. Their chats with clients and first name will stay. However, we can remove them too, if you file a corresponding request to us.

5. Right to object

You can unsubscribe anyone from your HelpCrunch mailing list. By unsubscribing a client, they will be removed from all your auto and manual messages campaigns, which includes both email and chat notifications.

6. Right to rectification

You can manually edit any information that a user provided in a pre-chat form. Just click the corresponding field in a user’s profile and change customer’s name, email, company, phone.

It’s important to note that all the anonymous chats (those without users’ name, email, phone, company) are automatically removed for you after 9 months. For authenticated users you can choose the time of removal yourself and set it up in Settings -> Messages and Email:

Bottom line

As helpful as these features are, you still have to look through your own services and documentation to make sure you’re complying with the new law.

First of all, your Terms of Use and Privacy Policy should clearly render to your users that you are using a third-party sub-processor to process their personal data. You should explain to your clients what rights they have under the GDPR and be ready to exercise them.

If you have any questions about the new regulation or changes at HelpCrunch, feel free to chat with us and we will gladly answer them.

Now, have you prepared your company for the GDPR? 🙂

Tags: .

Share article

3 comments

  1. Prospecting web chat solutions. Intercom does a terrible job at getting consent for cookies. The issue with web chat services from cloud is first what you mention above and second they flood the browser with cookies. GDPR says only necessary cookies are to be set by default (so the functional chat widget cookies to retain the session are OK). But then no analytics, no preferences and no marketing cookies are allowes unless and until the visitor consents for those.

    So a centralized cookie consent management must exist and displayed at first visit at least. Can you provide such tools that as soon as my visitors already consent with some and not other cookies per purpose I can instruct the chat widget to behave accordingly?

Leave a Reply

Your email address will not be published. Required fields are marked *