General Data Protection Regulation (GDPR)
updated over 1 year ago
What is the General Data Protection Regulation (GDPR)?
In case your company is based in the European Union (EU), or you process EU citizens’ personal data, you are under the jurisdiction of GDPR (the European Union’s new General Data Protection Regulation).
GDPR is a set of laws which regulates the processing of personally identifiable information (PII). The law applies to individuals, companies, and/or organizations who process or handle the PII of citizens of the EU. GDPR will replace the EU Data Protection Directive, and presents some important changes that all SegMate users should be aware of.
GDPR requires a freely given, and specific consent from your new and existing subscribers.
Under the GDPR you are required to update your own Terms of Service and Privacy Policies with, at a minimum, the following information. This information only pertains to SegMate. It is your responsibility to update your policies for additional 3rd party service you use in your business.
What Personal Data is being collected.
SegMate collects the following data once a user becomes a Subscriber.
- PSID (Page Scoped Identification)
- First name
- Last Name
- Locale (the language setting applied by the Facebook Users account)
- Profile/Avatar Image
How is Personal Data collected.
The data listed above is collected using the Facebook™ Messenger Platform API.
What does SegMate do with this information.
SegMate collects this information in order to allow its customers to send messages through a specific Fan pages Facebook Messenger. The information collected is used to identify a Facebook Messenger user in order to send a message to the correct user, personalize said messages, identify if the message receiver is Male or Female as well as their locale.
Exporting Subscriber Data
You must provide a mechanism for a Subscriber to contact you (e.g. a support email address) to request a copy of all the Personal Data you have collected.
We have developed an "Export" tool that will allow you to export a subscribers Personal Data should they request it from you.
Deleting Subscriber Data
You must provide a mechanism for a Subscriber to contact you (e.g. a support email address) to request the deletion of all the Personal Data you have collected.
We have developed an "Delete Subscriber" tool that will allow you to delete a subscribers Personal Data should they request it from you.
One of the most critical elements to building trust with your subscribers is to obtain their consent to process personal data, and to provide them with an explanation about the purposes of using it. Once GDPR goes into enforcement, storing and using somebody’s personally identifiable information and associated data without their consent is illegal.
If you’re under the jurisdiction of GDPR, we recommend reviewing your SegMate Bots to make sure they include personal data processing consent. Also, you’ll need to be able to prove you’ve obtained consent from existing subscribers to continue messaging them after May 25th.
We have implemented a special tag named "Consent GDPR" that will be available in all of your Fanpages. When this tag is applied to a subscriber, SegMate will update the subscribers record as given consent and the date and time consent was given. Please watch the tutorial video above to learn how to best use this feature.