Difference between revisions of "ATC/Current/AdminGuide/GDPR"
From Genesys Documentation
DannaShirley (talk | contribs) (Published) |
DannaShirley (talk | contribs) (Published) |
||
| Line 4: | Line 4: | ||
|Context=Learn how to use {{MINTYDOCSPRODUCT}} in a GDPR-compliant way. | |Context=Learn how to use {{MINTYDOCSPRODUCT}} in a GDPR-compliant way. | ||
}} | }} | ||
| − | == | + | ==GDPR compliance== |
| + | As part of the PureCloud platform, Altocloud complies with GDPR regulations. For complete information information about PureCloud and GDPR, see [https://help.mypurecloud.com/articles/purecloud-and-gdpr-compliance/ PureCloud and GDPR compliance]. | ||
| + | |||
| + | PureCloud provides a [https://developer.mypurecloud.com/api/rest/v2/generaldataprotectionregulation/index.html GDPR API]. The GDPR API as the preferred self-service solution for PureCloud customers to respond to GDPR requests. The GDPR API enables responses to data subject requests to access, rectify, or delete their personal data in PureCloud. | ||
| + | |||
| + | ==Altocloud considerations== | ||
For the purposes of GDPR compliance, Genesys is a data processor on behalf of customers who use the {{MINTYDOCSPRODUCT}} product. You, our customers, are the data controllers of the personal data you collect from your end customers, the data subjects. This article describes how to adhere to GDPR consent requirements, should you identify consent as the most appropriate lawful basis for processing personal data. Note that there is no ‘right’ or ‘wrong’ lawful basis for processing personal data; the GDPR requires that data controllers consider the most appropriate lawful basis. A helpful link for what to consider when determining the most appropriate lawful basis can be found {{#Widget:ExtLink|link=https://ico.org.uk/for-organisations/resources-and-support/lawful-basis-interactive-guidance-tool/|displaytext=here.}} | For the purposes of GDPR compliance, Genesys is a data processor on behalf of customers who use the {{MINTYDOCSPRODUCT}} product. You, our customers, are the data controllers of the personal data you collect from your end customers, the data subjects. This article describes how to adhere to GDPR consent requirements, should you identify consent as the most appropriate lawful basis for processing personal data. Note that there is no ‘right’ or ‘wrong’ lawful basis for processing personal data; the GDPR requires that data controllers consider the most appropriate lawful basis. A helpful link for what to consider when determining the most appropriate lawful basis can be found {{#Widget:ExtLink|link=https://ico.org.uk/for-organisations/resources-and-support/lawful-basis-interactive-guidance-tool/|displaytext=here.}} | ||
{{NoteFormat|Be sure you understand the steps you need to take '''before''' you collect, process, or store your end-customers' personal data.|1}} | {{NoteFormat|Be sure you understand the steps you need to take '''before''' you collect, process, or store your end-customers' personal data.|1}} | ||
| − | {{MINTYDOCSPRODUCT}} collects data about visitors' activities on business websites. It uses machine learning and AI to analyze customer-generated events (page views, searches, form-fills, and chats) to determine the probability of a specific customer achieving a specific outcome. An outcome is an event the business wants to maximize or minimize. Example outcomes are making a purchase, signing up for a webinar, or filling out a complex form online. For information about how {{MINTYDOCSPRODUCT}} uses cookies to track visitor activity on websites, see {{ | + | {{MINTYDOCSPRODUCT}} collects data about visitors' activities on business websites. It uses machine learning and AI to analyze customer-generated events (page views, searches, form-fills, and chats) to determine the probability of a specific customer achieving a specific outcome. An outcome is an event the business wants to maximize or minimize. Example outcomes are making a purchase, signing up for a webinar, or filling out a complex form online. For information about how {{MINTYDOCSPRODUCT}} uses cookies to track visitor activity on websites, see {{Link-SomewhereInThisVersion|manual=SDK|topic=Cookie_usage}}. |
Businesses use end-customer data that {{MINTYDOCSPRODUCT}} collects for three primary purposes: | Businesses use end-customer data that {{MINTYDOCSPRODUCT}} collects for three primary purposes: | ||
| − | * Customer support - proactive or AI-driven engagement via chat and callback offers; | + | |
| − | * Sales engagement - proactive or AI engagement via chat, callbacks, and content offers; | + | *Customer support - proactive or AI-driven engagement via chat and callback offers; |
| − | * Marketing - proactive or AI; for example, sign-up for an event or webinar via content offer. | + | *Sales engagement - proactive or AI engagement via chat, callbacks, and content offers; |
| + | *Marketing - proactive or AI; for example, sign-up for an event or webinar via content offer. | ||
If you are still unsure as to whether you should obtain the data subject's consent to process their personal data, you may wish to consult your legal advisor. | If you are still unsure as to whether you should obtain the data subject's consent to process their personal data, you may wish to consult your legal advisor. | ||
{{NoteFormat|Genesys does not pass end customer personal data processed through {{MINTYDOCSPRODUCT}} to any advertising or re-targeting companies. End-customer personal data processed through {{MINTYDOCSPRODUCT}} may be shared with business-integrated tools such as Salesforce and Marketo. This will happen '''only''' when one of our business customers configures that behavior for their organization. |1}} | {{NoteFormat|Genesys does not pass end customer personal data processed through {{MINTYDOCSPRODUCT}} to any advertising or re-targeting companies. End-customer personal data processed through {{MINTYDOCSPRODUCT}} may be shared with business-integrated tools such as Salesforce and Marketo. This will happen '''only''' when one of our business customers configures that behavior for their organization. |1}} | ||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
==Conditions for consent== | ==Conditions for consent== | ||
If you have identified consent as the most appropriate lawful basis for processing end customer personal data, then the following conditions should be met when obtaining consent: | If you have identified consent as the most appropriate lawful basis for processing end customer personal data, then the following conditions should be met when obtaining consent: | ||
| − | * You must be able to demonstrate that the data subject has consented to processing of his or her personal data. That means you should maintain a record or audit trail of consent being given. | + | *You must be able to demonstrate that the data subject has consented to processing of his or her personal data. That means you should maintain a record or audit trail of consent being given. |
| − | * If the data subject's consent is given in the context of a written declaration which also concerns other matters, the request for consent shall be presented in a manner which is clearly distinguishable from the other matters, in an intelligible and easily accessible form, using clear and plain language. | + | *If the data subject's consent is given in the context of a written declaration which also concerns other matters, the request for consent shall be presented in a manner which is clearly distinguishable from the other matters, in an intelligible and easily accessible form, using clear and plain language. |
| − | * The data subject shall have the right to withdraw his or her consent at any time. The withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal. Prior to giving consent, the data subject shall be informed thereof. It shall be as easy to withdraw as to give consent. | + | *The data subject shall have the right to withdraw his or her consent at any time. The withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal. Prior to giving consent, the data subject shall be informed thereof. It shall be as easy to withdraw as to give consent. |
| − | * When assessing whether consent is freely given, utmost account shall be taken of whether, among other things, the performance of a contract, including the provision of a service, is conditional on consent to the processing of personal data that is not necessary for the performance of that contract. | + | *When assessing whether consent is freely given, utmost account shall be taken of whether, among other things, the performance of a contract, including the provision of a service, is conditional on consent to the processing of personal data that is not necessary for the performance of that contract. |
If you have identified consent as the most appropriate lawful basis for processing end customer personal data, then you should consider what consent has been given before calling the following functions. | If you have identified consent as the most appropriate lawful basis for processing end customer personal data, then you should consider what consent has been given before calling the following functions. | ||
| Line 43: | Line 44: | ||
The <tt>ac('identify',...),</tt> function is used to identify end-users. | The <tt>ac('identify',...),</tt> function is used to identify end-users. | ||
| − | For more information about these functions and others where consent may need to be considered, see | + | For more information about these functions and others where consent may need to be considered, see {{Link-SomewhereInThisVersion|manual=AdminGuide|topic=About_tracking}}. |
| − | {{ | ||
{{NoteFormat|If you require consent to be GDPR-compliant, obtain that consent before passing any personally identifiable data to {{MINTYDOCSPRODUCT}}.|1}} | {{NoteFormat|If you require consent to be GDPR-compliant, obtain that consent before passing any personally identifiable data to {{MINTYDOCSPRODUCT}}.|1}} | ||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
==Stop tracking== | ==Stop tracking== | ||
| − | For information on how to stop tracking if a visitor revokes consent, see | + | For information on how to stop tracking if a visitor revokes consent, see {{Link-SomewhereInThisVersion|manual=SDK|topic=Web_tracking_API|anchor=StopTracking|display text=Stop tracking if a customer revokes consent}}. |
[[Category:V:ATC:Draft]] | [[Category:V:ATC:Draft]] | ||
Revision as of 16:02, December 10, 2019
This topic is part of the manual Genesys Predictive Engagement Administrator's Guide for version Current of Genesys Predictive Engagement.
Learn how to use Genesys Predictive Engagement in a GDPR-compliant way.
GDPR compliance
As part of the PureCloud platform, Altocloud complies with GDPR regulations. For complete information information about PureCloud and GDPR, see PureCloud and GDPR compliance.
PureCloud provides a GDPR API. The GDPR API as the preferred self-service solution for PureCloud customers to respond to GDPR requests. The GDPR API enables responses to data subject requests to access, rectify, or delete their personal data in PureCloud.
Altocloud considerations
For the purposes of GDPR compliance, Genesys is a data processor on behalf of customers who use the Genesys Predictive Engagement product. You, our customers, are the data controllers of the personal data you collect from your end customers, the data subjects. This article describes how to adhere to GDPR consent requirements, should you identify consent as the most appropriate lawful basis for processing personal data. Note that there is no ‘right’ or ‘wrong’ lawful basis for processing personal data; the GDPR requires that data controllers consider the most appropriate lawful basis. A helpful link for what to consider when determining the most appropriate lawful basis can be found here.
Important
Be sure you understand the steps you need to take before you collect, process, or store your end-customers' personal data.Genesys Predictive Engagement collects data about visitors' activities on business websites. It uses machine learning and AI to analyze customer-generated events (page views, searches, form-fills, and chats) to determine the probability of a specific customer achieving a specific outcome. An outcome is an event the business wants to maximize or minimize. Example outcomes are making a purchase, signing up for a webinar, or filling out a complex form online. For information about how Genesys Predictive Engagement uses cookies to track visitor activity on websites, see Cookies.
Businesses use end-customer data that Genesys Predictive Engagement collects for three primary purposes:
- Customer support - proactive or AI-driven engagement via chat and callback offers;
- Sales engagement - proactive or AI engagement via chat, callbacks, and content offers;
- Marketing - proactive or AI; for example, sign-up for an event or webinar via content offer.
If you are still unsure as to whether you should obtain the data subject's consent to process their personal data, you may wish to consult your legal advisor.
Important
Genesys does not pass end customer personal data processed through Genesys Predictive Engagement to any advertising or re-targeting companies. End-customer personal data processed through Genesys Predictive Engagement may be shared with business-integrated tools such as Salesforce and Marketo. This will happen only when one of our business customers configures that behavior for their organization. Conditions for consent
If you have identified consent as the most appropriate lawful basis for processing end customer personal data, then the following conditions should be met when obtaining consent:
- You must be able to demonstrate that the data subject has consented to processing of his or her personal data. That means you should maintain a record or audit trail of consent being given.
- If the data subject's consent is given in the context of a written declaration which also concerns other matters, the request for consent shall be presented in a manner which is clearly distinguishable from the other matters, in an intelligible and easily accessible form, using clear and plain language.
- The data subject shall have the right to withdraw his or her consent at any time. The withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal. Prior to giving consent, the data subject shall be informed thereof. It shall be as easy to withdraw as to give consent.
- When assessing whether consent is freely given, utmost account shall be taken of whether, among other things, the performance of a contract, including the provision of a service, is conditional on consent to the processing of personal data that is not necessary for the performance of that contract.
If you have identified consent as the most appropriate lawful basis for processing end customer personal data, then you should consider what consent has been given before calling the following functions.
The ac('init',...) function starts Genesys Predictive Engagement tracking on your website.
The ac('record',...) function allows Genesys Predictive Engagement tracking of custom user actions on your website.
The ac('identify',...), function is used to identify end-users.
For more information about these functions and others where consent may need to be considered, see [[ATC/Current/AdminGuide/About_tracking|]].
Important
If you require consent to be GDPR-compliant, obtain that consent before passing any personally identifiable data to Genesys Predictive Engagement.Stop tracking
For information on how to stop tracking if a visitor revokes consent, see Stop tracking if a customer revokes consent.
Comments or questions about this documentation? Contact us for support!