The General Data Protection Regulation ("GDPR") is a regulation aimed at strengthening and unifying the data protection rights of all individuals residing in the European Union ("EU"). This law restricts how personal data of EU residents can be transferred, processed and stored, whether such activities take place within or outside of the EU. The GDPR took effect on May 25th, 2018.
Personal data is any information relating to a person (“Data Subject”) that can be used to directly or indirectly identify that person. Examples of personal data include: name, street address, IP address, and, in some cases, behavioral data.
The GDPR requirements are complex and Snaps is here to help ensure the experiences offered through our platform are compliant. In most cases, Snaps is considered the “data processer”, while our clients are considered the “data controller”. You can learn more about these concepts here.
Your Customer Success Manager will work with you to implement a user consent flow that will be present in the conversational experience for all users that are identified as having an EMEA locale. This means that all users who access the conversational experience in the geographic area regulated by GDPR can be presented with a consent flow that complies with GDPR regulations about their data.
Please see the following copy and visual examples for Snaps’ recommended consent message flow. The copy can be tailored to reflect your individual branding.
Snaps offers intent recognition for users requesting definition of, access to, or removal of the data stored about them. Users in the conversational experience who trigger this “Right to Data” intent will be provided instructions on how to proceed with their request. Once Snaps has received that request, your Customer Success Manager will ensure the user’s data is provided to the user or removed from the database. If the user reaches out to the brand directly about attaining or erasing their personal data, the brand should contact your Customer Success Manager, who will ensure the user’s data will be dealt with according to their request.
The Snaps platform is an ISO 27001 certified ISMS governed by formal security policies and procedures. Data is encrypted in transit and at rest. We take a least privilege approach to data access. Our system is 'designed by contract' with security as a primary consideration across all services, applications and development processes.
All Snaps servers and databases run a host intrusion detection system that provides proactive notification of potential breaches. Any data breach is communicated to our customers as quickly as possible (no more than 72 hours after Snaps has first learned of the issue).
Please contact your Snaps Customer Success Manager or firstname.lastname@example.org with any additional questions you may have.