Guides and tutorials

GDPR compliant chatbot

BY Maciej Ciołek
5 days ago
Chatbotize - Chatbot

European Union delivered new regulations know generally as GDPR. Those regulations introduce certain obligations on owners of IT systems that process personal data. In this article, we will explain what duties and how to meet them by building chatbots.

Obligation to instruct the user

The basic duty of IT systems (or chatbots) is to instruct the user about the processing of personal data. Chatbot processes personal data, because it is, for example, first name, last name or any message written by the user. Along with the instruction, you must provide the user with a document that talks about the policy of processing personal data, known as the Privacy Policy. The user does not have to give his consent, all you need to do is display the message and allow it to go further, for example by displaying the "next" button.

Electronic service regulations

Chatbot is an electronic service which, according to the law, should have its own regulations. Users using the bot should have these terms and conditions presented for review at the start of the conversation. Here, as in the case of instruction, there is no explicit consent required - just display this information and document.

Acquiring marketing consents

If in your bocie you are going to contact users in order to present them a commercial / marketing offer, you should legally agree marketing. Here the situation looks different than in previous cases and the display of information is not enough. According to the regulations, the user has the right to always give the explicit consent, i.e. answer "Yes" or "No" to the consent given and, moreover, his choice can not be selected by default.

Acquiring consent for profiling

The user leaves a lot of information about himself during interaction with the chatbot. In time, we learn what she likes, what her budget is, how many children she has or where she wants to go on holiday. In other words, we are building a customer profile. There is nothing wrong in building the profile and we can do it until we use this information, for example to adjust the content. This process is called profiling, which according to GDPR we should get approval. Similarly to marketing consent, the user must deliberately express consent by clicking e.g. "Yes" or "No".

How Chatbotize supports GDPR

On the Chatbotize platform there is a "GDPR Support" plugin that allows you to:

  • display the GDPR instruction
  • view the terms of service
  • collect consent for marketing
  • collect consents for profiling

RODO instruction and service regulations are always displayed at the beginning of the conversation, while marketing consent is sent 4 hours after the user's last contact with the bot, and consent to profiling after 8 hours from the last user's contact with the bot.

The type of collected data depends on the configuration of the plugin, as presented in the next paragraph.

How to configure GDPR plugin?

Start by installing the GDPR Support plugin. The plugin consists of 3 independent parts: Instruction (instruction of the GDP and regulations), Marketing (collection of consents for marketing), Profiling (collection of permits for profiling).

Chatbotize provides exemplary content of the privacy policy documents and chatbot regulations. If you are a customer, please contact us to get access to them.

Instruction Configuration

  1. In the Instruction tab, start by enabling the process by moving "Process enabled" to the enabled position.
  2. In "Welcome message" enter a welcome message, for example

"Hi, I have prepared many attractions for you!"

  1. In the field "Privacy Policy text" inform the user in a nice way about the obligation of the GDP, e.g.

"Due to new regulations, to be able to talk to you, I want to inform you that I process your personal information. on this topic."

  1. In the "Button caption" field, enter the name of the document about the privacy policy, e.g. "Privacy Notice"
  2. In the "Document URL" field, insert a link to the document with the privacy policy
  3. In the "Chatbot Regulation text" field, place a text informing about the regulations of the service, e.g.:

"Below are the Regulations. Please read these documents. You can also find them in the chatbot settings at any time."

  1. In the following fields, place the name of the document, eg "Chatbot Regulations" and a link to this document
  2. At the very end, in the field "Move forward message", post content encouraging to continue the conversation with the bot, e.g.:

"This is all, click below to continue" and the content of the button, e.g. "Next!"

Marketing Consent Configuration

  1. In the Marketing tab, start by enabling the process by moving "Process enabled" to the enabled position.
  2. In the "Welcome message" field, enter polite content that encourages your consent, e.g.:

"To let you receive notifications, I need your consent. If you agree, I will send you interesting information about the offer, competitions, promotions, etc. For more information, please Information about Privacy."

  1. In the next fields, place the privacy policy link as in the case of Instruction.
  2. In the "Text" field, post the full text of the consent, e.g.

"I agree to receive commercial information regarding the offer from ... in the chatbot, including the processing of my personal data for this purpose."

  1. At the very end, configure the content of consent buttons, e.g. "Yes" and "No".

Profiling Consent Configuration

  1. In the Profiling tab, start by enabling the process by moving "Process enabled" to the enabled position.
  2. In the "Welcome message" field, enter polite content that encourages consent, e.g.:

"Chatbot, with whom you speak, uses technology to personalize content. I need your consent to be able to send you personalized offers, promotions, etc. For more information, please Information about Privacy."

  1. In the next fields, place the privacy policy link as in the case of Instruction.
  2. In the "Text" field, post the full text of the consent, e.g.:

"I agree to profiling, ie the processing of my personal data by ... involving automatic analysis of my chatbot interactions in order to present content tailored to my preferences."

  1. At the very end, configure the content of consent buttons, e.g. "Yes" and "No".