On 25th May the GDPR will enter into force, and the new data protection rules will apply to chatbots just like any other online app.
It’s been more than a year since we started working with our lawyers in Heres in order to analyse and include all the necessary features to minimise the risks, all this while the software itself was being developed: this means that our technology implements data protection by default, because it was designed with data protection from the GDPR’s perspective in mind since the very first phases of the project.
Since we address business clients, this was an essential element for us: we didn’t limit ourselves to the technical aspects, but instead we acted to protect privacy on a contractual, informative and organizational level.
Heres acts as data processor. All the data belongs to the client, who is the data controller, and our contracts explain in detail the way data is managed. Communication to the final users about the purpose of data processing is clear and explicit in the short consent document, and detailed in the extended policy document.
Moreover, we work together with our clients as part of our project to integrate the confidential user agreements of their digital property.
We have implemented an encryption system that means pseudo-anonymisation of data in the conversations between users and the chatbot and prevents third parties from receiving the users’ personal data. The IP addresses are kept anonymous as well, erasing the last block before data saving.
Data Access and Cancellation
We have made access to the logs with all the processed information available for all our clients and made data cancellation simple in any moment.
Data Processor Compliance
Our providers are all GDPR compliant for what concerns hosting, NPL and analytics.
Our team follows strict internal procedures that we have defined together in order to increase the protection level for the data we exchange with our clients.