GDPR

What is GDPR?

The General Data Protection Regulation (GDPR) is a regulation in EU law on data protection and privacy for all individuals within the European Union. GDPR also addresses the export of personal data outside the EU. It aims to give control to citizens and residents over their personal data and to simplify the regulatory environment for international business by unifying the regulation within the EU. We take the GDPR very seriously at Chatway and apply all the following changes and features to all of our users around the world. This article describes the GDPR compliance status of Chatway.

What Chatway did about it

• We learned and researched the GDPR requirements from the base.
• We planned the required changes within our software.
• We applied those changes with our development team.
• We also used Ecomply (GDPR task management tool) and created RPA as a data processor to make sure we went through every single requirement.
• We debugged and validated that all the changes work as planned. This article describes the GDPR compliance status of Chatway.

1. AWARENESS OF THE GDPR

All managers and employees responsible of software development, design and infrastructure maintenance of Poptin LTD (the company that operates the Chatway app), an Israeli limited company (and the owner company of Poptin inc.), are aware of the GDPR requirements.

Tests and code reviews are performed by our development team and Data Protection Officers before any code deployment to the platform. We always take data protection and privacy by design into consideration when developing a new feature, infastructure, integration or any processing activities. We also made sure our 3rd parties we use are GDPR compliant and aware, as mentioned below.

2. INFORMATION WE STORE ON OUR CUSTOMERS

When a user registers and opts-in, he/she needs to fill out their:

• Email
• First name
• Last name
  and approve our terms of service and privacy policy.

We also collect the country of the user to make sure he/she gets their account's interface in the right language.

A user can also fill out more information, also with his/her consent, such as:

• Phone number
• Invoice information (company name, address, VAT number)

Live Visitors feature Using our live visitor feature, website owners can view real-time data about visitors currently on their site. The information displayed includes:

• Name (if provided by the visitor)
• Email Address (if provided by the visitor)
• Phone (if provided by the visitor)
• Current URL the visitor is navigating
• Geographical Location
• Option to Initiate a Chat with the visitor

This feature is designed to enhance user engagement and support. Visitors have the option to disable tracking by toggling off the feature, ensuring their browsing activity is not monitored in real-time.

Website owners are responsible for obtaining necessary consents from their visitors for this data collection and ensuring compliance with applicable data protection laws.

E-commerce Integrations and GDPR Compliance Chatway’s integrations with WooCommerce and Shopify allow access to certain customer data (such as cart contents, orders, and coupon codes) to improve customer support experiences during live chats.When using these integrations, Chatway acts as a data processor and you, as the Chatway user and store owner, remain the data controller for any personal data processed via WooCommerce or Shopify. The processing of this data is based on legitimate interest in providing support services or consent, depending on how you inform and obtain permission from your visitors. Chatway only processes this data as necessary to provide our services and does not retain the data longer than required. You are responsible for ensuring GDPR compliance regarding your customers’ data, including providing proper notices and obtaining consent where necessary.

3. INFORMATION WE STORE ON OUR CUSTOMERS' END-USERS (VISITORS)

• We may collect and store information from your end-users (visitors) regarding their use of your website. Information such as: chat information, pages visited, links clicked, non-sensitive text entered, mouse movements, as well as information more commonly collected, such as his/her IP address, referring URL, operating system, device, browser (User agent), cookie information, and any other information from the visitor regarding his/her use of your website.
• If a visitor starts a conversation with you via live chat, we store that information for you.
• You can delete this information any time manually, delete it automatically every few months, or choose to not store it by default.
• We also collect the date stamp, timestamp, IP address of your end-users so you can easily demonstrate consent.
  – Chatway does NOT share your visitors’ information with 3rd party tools, unless you consent and integrate it from your side.
  – We DON’T use this data for advertising, analytics or any other revenue model.

4. INDIVIDUAL RIGHTS

• The right to be informed: we inform our users about the use that will be made of their data. Our users can request the full RPA report via email ([email protected]).
• The right of access: our users can access all their data from their dashboard.
• The right of rectification: our users can update their information anytime they need through their profile page.
• The right of erasure: Our users can delete their account themselves from the interface (if they are not on a paid plan), or send us a request to delete their account and all the information related to it via our live chat or by emailing us at [email protected]
• The right to restrict processing: We have processes in place to ensure that we respond to a request for restriction without undue delay and within one week of receipt. We have appropriate methods in place to indicate and restrict the processing of personal data on our systems.
• The right to data portability: Our users may contact us anytime if they wish to get an export of their data. We have processes in place to ensure that we respond to a request for data portability without undue delay and within one week of receipt.
• The right to object: Our users and their end-users may contact us anytime regarding this matter, and will take care of any legitimate request.
• The right not to be subject to automated decision-making including profiling: We only collect the minimum amount of data needed and we don’t do “profiling”.

5. UPDATED OUR TERMS OF SERVICE AND PRIVACY POLICY

You can read our updated terms of service and privacy policy by click on the following links:

6. DPA

Ask us for our DPA (Data Processing Agreement) and we will send it to you via email. You can email it back to us once you signed it to [email protected]

7. WE REVIEWED THE GDPR STATUS OF ALL THE 3RD PARTIES WE USE

We use platforms and tools like Stripe, Amazon Web Services, Google, Facebook, Elastic Email, CloudFlare, Profitwell

8. DATA BREACHES

A personal data breach refers to a breach of security that can lead to accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to, personal data transmitted, stored or otherwise processed.

Our duty is to keep our users’ information safe, and report certain types personal data breach to the relevant supervisory authority within 72 hours. We also understand we must inform affected individuals without undue delay.

We take our users’ personal data, business information and our system security very seriously. These are a few implemented procedures and methods that we take:

We use 2-Factor-Authentication on our sensitive accounts (eg. hosting provider, etc.) Isolated servers for the application and for sensitive data

Access to our server systems is allowed only from specific IP addresses Daily backups

Always adding more automatic security tests to monitor the system. And more

Data protection officer Name: Gal Dubinski
Address: Street 18 Jerusalem Blvd
Postal code: 7752311
City: Ashdod
Country: Israel
Telephone: +97235248444
Email: [email protected]

WHAT SHOULD YOU DO TO GO ALONG WITH THE GDPR?

• Be transparent
  Make it clear to the subscriber what information you collect
  Make it clear to the subscriber why you are collecting their information
  Make it clear what information you will send them and how often
• Add a checkbox if you want your subscribers to agree to your terms of service.
  Also, don’t create pre-ticked boxes or any other type of default consent.
• Delete leads from the platform if you don’t need them anymore or if you were asked to.
• Show your clients you have a DPA (data processing agreement) with Chatway by signing our DPA and emailing it back to us at [email protected]

9. Consent Checkbox in Widget side contact form

You can now add a consent checkbox to any Chatway widget form. This allows you to request explicit visitor agreement before submitting their personal details. Use this checkbox to ask visitors to accept your Terms & Conditions or Privacy Policy before starting a conversation.

• Fully customizable label and link to your privacy terms
• Optional setting-enable only if needed
• Useful for collecting GDPR-compliant consent directly on the chat widget

10. User Data Retention & Deletion Controls

We’ve introduced flexible data retention settings that let you control how long visitor data is stored.

From the Chatway dashboard, you can now:

• Automatically delete contact info and chat history for visitors who haven’t returned in the last 6, 9, or 12 months-or never delete them
• Permanently delete contact info or visitors or agents anytime
• Manage deleted agent data retention. Select when their data should be permanently removed from your system.

These tools help ensure you're only retaining data for as long as needed and respecting your visitors’ right to be forgotten.