GDPR Statement - Talkative

Talkative is familiar with European data privacy (including Data Protection Directive 95/46/EC) and is prepared for the EU General Data Protection Regulation (GDPR).

Talkative has customers and end users in the EU, and is thus affected by GDPR, both as a controller (for customer data, e.g. business information, email correspondence) and a data processor (for our customers' end user data, e.g. web chat transcripts).

Talkative has followed the ICO's guidance on GDPR and worked with lawyers and GDPR experts to prepare for these updated regulations. Actions taken include updates to our web chat log retentention policy, updates to our Privacy Policy, further information security training for employees and more. GDPR is a positive step for consumers, organisations and service providers. This statement lists why Talkative is GDPR compliant, and gives you an overview of why using Talkative will allow your organisation to remain GDPR compliant.

Processors Obligations

As per Article 28, Talkative has several obligations as a Data Processor.

Talkative will:

  • only act on the documented instructions of the controller (unless required by law to act without such instructions).
  • ensure that staff processing the data are subject to a duty of confidence.
  • not use a sub-processor without consent from the controller.
  • take appropriate measures to ensure the security of processing (Article 32 GDPR).
  • assist the data controller in providing the subject access and allowing data subjects to exercise their rights under the GDPR (Articles 15-22 GDPR).
  • assist the data controller in meeting its GDPR obligations in relation to the security of processing (Article 32 GDPR), the notification of personal data breaches (Article 33 GDPR) and data protection impact assessments (Article 35 GDPR).
  • delete or return all personal data to the controller as requested at the end of the contract.
  • submit to audits and inspections, provide the controller with whatever information it needs to ensure that they are both meeting their Article 28 obligations, and tell the controller immediately if asked to do something infringing the GDPR or other data protection law of the EU or a member state.

Data Security

Talkative maintains rigorous organisational and technical security measures in how end user data is handled, including any personal information located therein and in how the Talkative services assist you in safeguarding data. We continue to evaluate industry standard practices with respect to data privacy and information security and strive to continuously meet or exceed those standards. Talkative employees follow Information Security Training provided by Hut Six Security. More info here: https://support.talkative.uk/security/data-centre-security

Modifying Talkative UI

If end user data is being used in a way that the individual would reasonably expect and has a minimal privacy impact, or where there is a compelling justification for the processing (Legitimate Interests) such as gathering data during a chat for the purposes of that enquiry or interaction, you are not required to gain formal consent. If the data will be shared or used for marketing purposes you will need formal consent from the end user. We suggest receiving a statement of consent during the chat, or adding a checkbox to the pre-chat form, however access to chat should not be restricted on the grounds of gaining consent without good reason. "By clicking on the chat button below, you agree to XYZ's Privacy Policy and acknowledge that the chat transcript will be stored."

Storing Data

Talkative stores summarised information for up to 6 months as default. If an agreement is in place this duration can be changed based on your organisation’s requirements.

Individual rights

End users can request that their data is deleted under the right to be forgotten. Talkative interaction logs can be removed in this case. Account holders and supervisors within your organisation can filter to find any information regarding the end user and remove it permanently. Alternatively, authorised Talkative admin staff can also delete data upon request. End users can request their personal data either via your organisation or from this page. Reports containing the end user's details and interaction information can be sent directly from within the interaction logs page to the end user.

Considerations for organisations using Talkative

If your organisation is based in the EU or your customers are EU citizens, you need to two things:

  • Ensure your Terms of Service and Privacy Policy clearly communicate to your users how you use Talkative. If you collect personal data of your users and process them via the Talkative application, you should inform your users about their rights under GDPR. We recommend that your policies and internal documentation are readily available for your users and up to date.

  • If your organisation is located in the EU, or if your country’s law requires it from your organisation, you can sign a Data Processing Agreement with Talkative.

For any further information, please email dataprotection@talkative.uk with your query.

Last updated on 10th Dec 2018