GDPR

From Genesys Documentation
Revision as of 11:07, October 22, 2018 by DannaShirley (talk | contribs)
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to: navigation, search
This topic is part of the manual Genesys Predictive Engagement Administrator's Guide for version Current of Genesys Predictive Engagement.


Altocloud is compliant with GDPR.

Altocloud and GDPR

For the purposes of GDPR compliance, Altocloud is a Data Processor on behalf of our customers. Our customers are the Data Controllers of the personally identifiable data they collect from their end customers, the Data Subjects. This article describes how to adhere to GDPR consent requirements, should consent be necessary. To determine whether you need to obtain your end-customers' consent to collect their personally identifiable data, consult your legal advisor.

Important
Be sure you understand the steps you need to take before you collect, process, or store your end-customers' personally identifiable data.

Altocloud collects data about visitors' activities on business websites. We use machine learning and AI to analyze customer-generated events (page views, searches, form-fills, and chat) to determine the probability of a specific customer achieving a specific outcome. An outcome is an event the business wants to maximize or minimize. Example outcomes are making a purchase, signing up for a webinar, or filling a complex form online. For information about how Altocloud uses cookies to track visitor activity on websites, see How Altocloud uses cookies to identify visitors in the [[ATC/Current/Developers/Tracking_code|]] article.

Important
Altocloud does not pass end-customer data to any advertising or re-targeting companies. Altocloud passes end-customer data to business-integrated tools such as Salesforce, Marketo, and so on only when one of our business customers configures that behavior for their organization.

Businesses use end-customer data that Altocloud collects for three primary purposes:

  • Customer support - proactive or AI-driven engagement via chat and callback offers
  • Sales engagement - proactive or AI engagement via chat, callbacks, and content offers
  • Marketing - proactive or AI; for example, sign-up for an event or webinar via content offer

You may have additional legitimate bases for collecting, storing, and processing end-customer data. Customer support or sales engagement use cases are typically legitimate. Marketing use cases do not typically qualify as applicable, legitimate interests for collecting personally identifiable data. Consult the appropriate legal sources to determine the applicable bases for collecting personally identifiable data as per your business model.

Implement consent for tracking visitors on your website

Work with your legal counsel to determine whether you need explicit consent to track visitors on your website. If you need explicit consent, see Obtain consent in the [[ATC/Current/Developers/Tracking_code|]] article.

Important
Be sure to state on your user interface why you require consent.

The ac('init',...) function starts Altocloud's tracking on your website. Call this function only after you receive explicit consent.

Implement consent for form-fill data on your website

Work with your legal counsel to determine whether you need explicit consent to collect form data. To obtain consent for collecting personally identifiable data via a form submit action, include a checkbox with a label such as the following on your website:

  • I agree or disagree to allow the business to use this data for purpose.

Also:

  • Enable the form's Submit button only after the visitor has selected the checkbox.
  • When the visitor clicks the Submit button, call the ac('record',...) function to pass the visitor's data to Altocloud.
  • Whenever you call ac('identify',...), consider whether you need to obtain consent.

For more information about these functions, see [[ATC/Current/Developers/Tracking_code|]].

Important
If you require consent to be GDPR-compliant, obtain that consent before passing any personally identifiable data to Altocloud.

Implement a chat consent

Using the Genesys Altocloud Chat functionality provides a way to interact with visitors on the site but also stores the message history, including any PII data provided during the interaction. If you collect PII via a pre-chat survey or during chat conversations, existing Action Maps then based on your business and legal assessment of the purpose for which the data will be used, you may need to enable the "Consent for Chat " option.

To add a "Consent" checkbox to existing or new chat action Maps:

  1. Go to Journey Shaping-> Action Maps menu
  2. Select the Action Map you would like to edit
  3. Scroll down to the Design menu
  4. Select the Chat Window option
  5. Tick the "Add consent message for EU GDPR compliance" option
  6. Enter the text for the Consent in in the input field "Consent Message Text"

Suggested text for this consent is:

  • I agree to allow Business name to store and process the contents of this chat for the purposes of purpose.
Important
Where Chat consent is enabled, visitors will not be able to start the interaction unless the consent checkbox is checked. If checked, the consent will be captured in the message history when submitted.

Make a "Right to be forgotten" request

As a Data Controller, you can make a "right to be forgotten" request on behalf of a visitor. To do this, send an email to DataPrivacy@Genesys.com. Be sure to provide the following identifying parameters for the visitor. These parameters are the primary keys by which Altocloud recognizes unique visitors:

  • Email address
  • Phone number
  • Cookie ID
  • Business-specific ID that has been passed to Altocloud with other customer data
Important

It is your responsibility as the Data Controller to:

  • Confirm the visitor's identity before submitting a "right to be forgotten" request on their behalf to Altocloud.
  • Provide the identifying parameters of the visitor who is requesting to be forgotten.

Notes:

  • All identities related to these parameters will be subject to deletion.
  • After Altocloud deletes visitor data, it cannot be recovered.

Altocloud honors "Right to be forgotten" requests within 28 days. Altocloud sends a confirmation to the Data Control when data has been deleted.

Make a "Right of access" request

As a Data Controller, you can make a "right of access" request. To do this, the designated representative from your organization should send email to DataPrivacy@Genesys.com. The email should contain the identifying parameters for the visitor. These parameters are the primary keys by which Altocloud recognizes unique visitors:

  • Email address
  • Phone number
  • Cookie ID
  • Business-specific ID that has been passed to Altocloud with other customer data
Important

It is your responsibility as the Data Controller to:

  • Confirm the visitor's identity before submitting a "right of access" request on their behalf to Altocloud.
  • Provide the identifying parameters of the visitor whose data is to be provided.

Note:

  • Altocloud will provide all data related to the identities having these parameters.

Altocloud honors "Right of access" requests within 28 days. Altocloud sends your designated representative the data in JSON format.

Stop tracking

For information on how to stop tracking if a visitor revokes consent, see Stop tracking if a visitor revokes consent in the [[ATC/Current/Developers/Tracking_code|]] article.

Retrieved from "https://all.docs.genesys.com/ATC/Current/AdminGuide/GDPR (2025-06-18 20:10:26)"
Comments or questions about this documentation? Contact us for support!