General Data Protection Regulation (GDPR) and the the Privacy and Electronic Communications Directive 2002/58/EC (as updated by Directive 2009/136/EC, ePrivacy Directive) are the data protection and privacy laws of in the European Union (EU) and the European Economic Area (EEA).
Our number one priority is making JivoChat GDPR compliant for all customers which are using our service. In this case we prepared a small instruction that will help your website or e-commerce store to make live chat window GDPR and ePrivacy Directive compliant.
Remember, as an owner of website subject to GDPR and ePrivacy legislation you will have to inform your customers that you’ll gather their personal data.
To make it easier for you to comply with the law we have prepared a sample document that describes the principles of general data processing. There are two necessary steps you need to do:
Enable Personal Data processing notification
If you’re using JivoChat all-in-one business messenger on your website you can ask website visitors to leave their contact information during the chat or before chat begins. In case GDPR applies you might be required to inform your website visitors that you gather and process their data in the chat box. Let’s make it together:
1. Login on your JivoChat agent app using this link or you can access it from our application by clicking on Manage ->Channels.
2. Click on Settings under the channel name and then on the Personal data processing notification menu
3. Enable personal data processing notification checkbox
4. You will see the options to customize the texts and the link to the privacy terms and conditions of your website.
There are four extra settings available: — Checkbox Label — Text with the agreement for the processing of personal data — Link title — Link address
All changes will be saved automatically
IMPORTANT: keep in mind that these texts are only examples. Please contact your lawyer for advice on which information should be displayed on those fields.
Now you are all set! The new checkbox will be shown on your website before requesting personal data from customers.
Signing a DPA
Under Article 28 GDPR whenever a controller uses a processor, there must be a written contract (or other legal act) in place. The contract is important so that both parties understand their responsibilities and liabilities. Where one of the following applies:
(a) the processing is in the context of the activities of an establishment of Customer in the EEA; and/or (b) Customer is offering services to data subjects who are in the EEA,
Customers are required to sign JivoChat Data Processing agreement. To get your copy of Data Processing Agreement please contact us via email: firstname.lastname@example.org
The EU–U.S. Privacy Shield is a framework for regulating transatlantic exchanges of personal data for commercial purposes between the European Union and the United States. One of its purposes is to enable US companies to more easily receive personal data from EU entities under EU privacy laws meant to protect European Union citizens.
JivoChat’s Privacy Shield Status
JivoSite, Inc.‘s main purpose of user’s information and gathering personal data is safe and guaranteed service performance for users, improve functionality of services and products. User’s information and personal data collected by JivoSite, Inc. is used to complete registration and ensure user’s access to JivoChat application. While registering on our websites www.jivochat.com or www.jivochat.de, www.jivochat.nl, www.jivochat.es, www.jivochat.uk, www.jivochat.pt we request that you provide us such information as: name, company business name, website address, email-address and also some of the provided user’s information such as: IP-address, domain, browser type. We use the information you provide us in order to provide you with customer service, allow you to view chats, chat logs. We also may collect device information as device type, operation system type, application version in order to provide an optimized version of our JivoChat application for your device.
Everything we collect and process such data described above is totally anonymously.