Ana Khlystova
Jun 17, 2022 | 8 min read

Data protection and transparency have always been at the core of our values at HelpCrunch. It’s what we’ve always believed in, and the GDPR law became yet another step to implementing better security and trust for our tools and services.

Just like many other businesses today, HelpCrunch is, sure thing, GDPR-compliant. This is cool, because it makes your data even more secure with us than before.

But wait, what on earth is the GDPR?” – some of you may wonder. I got you from here. In a second, we’ll talk about every single detail you should know about the GDPR at this point and, specifically, why you should care about it

What is the GDPR?

The GDPR, or General Data Protection Regulation, is the new law that grants data security and privacy to all EU citizens. The regulation was put in force on May 25, 2018.

We all want to protect our private information from breaches and illegal usage, and that’s what the GDPR aims to provide. Basically, people get to have full control over the personal data that third-party companies may have about them.

Here’s how it’ll work in real-life. For instance, companies won’t be able to gather any of your personal information without your consent. And I mean, ANY. Not your name, emails, nothing.

Another common example is the right to require organizations to show what information they have on you and how they use it.

In fact, there’s much more to it. But the basic idea is the protection of people’s personal data.

Whom does the GDPR concern?

It’s important to note that the GDPR compliance refers not only to EU citizens. It also applies to you if:

  • Your organization is doing business on the territory of the EU;
  • Your organization has servers based on the territory of the EU;
  • Your organization collects and processes any personal data of the EU citizens.

So, what I’m saying here is that you most probably should care about the new regulation and prepare your organization for it. The good news is, if you’re looking for a GDPR-compliant live chat, which HelpCrunch definitely is, we did everything possible on our end to make it easier for you, so keep reading.

How HelpCrunch has prepared for the GDPR

Our team has been working hard all this time to implement major changes in our system to be fully compliant with the new regulation. We’re aware of how important it is, so we want you to feel safe using our service.

How HelpCrunch complies with the rule inside the product 

We did an in-depth analysis so that all the HelpCrunch areas are GDPR-compliant, cooperated with lawyers, compiled a list of required changes and legal requirements, drank tons of coffee, and got the job done.

Don’t hesitate to write us in the chat in case you have any questions or want more details about any of the below information. 

So yeah, here’s a basic list of the GDPR-related changes done at HelpCrunch.

  • Terms of Use and Privacy Policy

HelpCrunch has specific Terms of Use and Privacy Policy documents which were updated in June 2018. We also added the GDPR-related sections to them. The new paragraphs explain specifically how we collect and use your personal information, so you can always read about it in our documentation.

  • Vendors

We’re looking into our vendors and legal arrangements with them. As of now, we’ve already entered GDPR-ready Data Processing Agreements (DPA) with our vendors to ensure your data and the data of your users are protected.

Note! If you want to sign the DPA with HelpCrunch or request any details about it, just email us at dpa@helpcrunch.com, and we’ll get back to you right away.

  • Data storage and security facilities

First, our employees sign NDA’s with HelpCrunch and are legally obliged to keep your secrets safe.

We keep all our data on the territory of the EU. You can be sure that it’s secured with the TLS encryption (HTTPS) and backed up every day. While the payment information is not stored on our servers as it’s kept in Stripe. 

As HelpCrunch is a GDPR-compliant business, your passwords are secured by employing salted hashing algorithms. We don’t use open sources for storage. Our uptime is 99% meaning that our systems are active almost without a break.

The HelpCrunch team does regular pentests of our own services as well as of companies that use our tools. We have established a precise procedure for incident responses, which includes escalation procedures, rapid mitigation, and postmortem.

We also provide an option of permission levels. You can set such permissions for particular teammates to include app settings, billing, user data, and the ability to send or edit messages.

What HelpCrunch implements for its users

As a software company, we provide customer support services. Needless to say, we use our own tools to make it of the highest possible quality.

First, your consent to process your personal data is our bread and butter. You won’t be able to start a chat with us unless you accept our Privacy Policy in the pre-chat form. Law is law.

Under the law, we provide a number of new functionalities to our own customer support so that it is GDPR-compliant. In other words, whenever you chat with our customer support team via live chat, you can be sure we respect and provide the following rights:

1. Right to be informed

The key concept of the GDPR is that no one can collect your personal data without your consent. And to give your consent, you must have a full picture of how it will be used. That’s your right to be informed.

HelpCrunch discloses all the details about the collection and usage of our customer’s personal data in our Privacy Policy. If you want us to send it right to you, just request it via chat or email us at info@helpcrunch.com.

2. Right of access

The right of access grants that, if requested, a company should provide you with a copy of the personal information that they have. And they should also clarify to you how they use it. 

You can export all the personal information that HelpCrunch has about you from the “Account preferences” → “Export profile” at any moment. If you also want to receive full chat transcripts, chat with us, and we’ll send them your way.

3. Right to rectification

GDPR compliance implies that any EU citizen can demand to correct any of the errors in their personal data or complete it if necessary. So if you need to change any of your personal data or add corrections, chat with us, and we’ll change it within no longer than 30 days.

4. Right to erasure (right to be forgotten)

Not only that, but we can also delete completely all of your personal information that we have. And we will do it immediately at your request. Also, if you cancel your account at HelpCrunch, all your personal information will be automatically and permanently deleted in 6 months.

5. Right to restrict processing

Given that HelpCrunch is GDPR-compliant, you can cancel your account in our service, and we will stop processing your data immediately. It is possible to fully restore it though within 6 months – just log in to your account and renew the subscription. All the canceled accounts will be completely and permanently deleted after 6 months.

6. Right to data portability

The right of data portability grants that you can obtain your personal data from a company and reuse it as you want. Upon a request, HelpCrunch can export your data in a convenient format (CSV, JSON, or XML) and send it to you.

7. Right to object

The GDPR gives individuals the right to object to the processing of their personal data in certain circumstances. Individuals have an absolute right to stop their data from being used for direct marketing. You can always subscribe or unsubscribe from our emails in the “Notification settings” → “Insights” section by ticking the box: 

Long story short, HelpCrunch will stay transparent about how we gather any personal data and will comply with the regulation. In case you have any GDPR-related questions or want to file a request, just email gdpr@helpcrunch.com. For general questions, use info@helpcrunch.com. We are always more than happy to talk to you via chat.

How HelpCrunch helps you become GDPR-compliant

You may be sure that the HelpCrunch chat is GDPR-compliant. Here are the number of features that justify it:

1. Getting your customers’ consent to process their personal data

To obtain and process any of your customers’ personal data, you need to get their consent. That’s why we have the checkbox in a pre-chat form of the chat widget, where you can request users to agree with your Privacy Policy before starting a conversation.

Set a pre-chat form yourself. Just go to Settings → Website Widgets → Your Widget name → Widget Customization and check a corresponding field.

2. Right of access

Your customer can request a transcript of their customer support chats with you. We grant this right and will send a complete transcript of all the conversations with a given person immediately.

Also, you can download all the personal information about a customer right from a chat in a CSV format and send it to them. If you choose the “Email transcript” option, we will send their full chat history to a customer.

3. Right to be forgotten

If you press the “Delete chat” button, it will remove their personal information from your database completely and permanently. You can do it at any time and immediately.

4. Right to be forgotten for your employees

The GDPR will concern not only your customers but also your employees. HelpCrunch takes care of people who work with our tool – your customer support agents. After leaving a job at your company, they can request a total removal of their personal information from your database. You can do it in Settings → Team members → Delete.

This action will delete all the info about an agent, including their photo and a full name. Their chats with clients and first names will stay. However, we can remove them too, if you file a corresponding request to us.

5. Right to object

You can unsubscribe anyone from your HelpCrunch mailing list. By unsubscribing a client, they will be removed from all your auto and manual messages campaigns, which includes both email and chat notifications.

6. Right to rectification

You can manually edit any information that a user provided in a pre-chat form. Just click the corresponding field in a user’s profile and change the customer’s name, email, company, and phone.

It’s important to note that all the anonymous chats (those without username, email, phone, or company) are automatically removed for you after 9 months. For authenticated users, you can choose the time of removal and set it up in Settings → Automations → General:

Bottom line

As helpful as these features are, you still have to look through your own services and documentation to make sure you don’t shrug off GDPR compliance.

Your Terms of Use and Privacy Policy should clearly render to your users that you are using a third-party sub-processor to process their personal data. You should explain to your clients what rights they have under the GDPR and be ready to exercise them.

If you have any questions about the new regulation or changes at HelpCrunch, feel free to chat with us, and we will gladly answer them.

Now, is your company GDPR-compliant? 🙂

Read Also

3 comments

  1. Prospecting web chat solutions. Intercom does a terrible job at getting consent for cookies. The issue with web chat services from cloud is first what you mention above and second they flood the browser with cookies. GDPR says only necessary cookies are to be set by default (so the functional chat widget cookies to retain the session are OK). But then no analytics, no preferences and no marketing cookies are allowes unless and until the visitor consents for those.

    So a centralized cookie consent management must exist and displayed at first visit at least. Can you provide such tools that as soon as my visitors already consent with some and not other cookies per purpose I can instruct the chat widget to behave accordingly?

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.