This guide describes how certain features and functionality in Zendesk Chat created in Support and in Zendesk Message can assist with your obligations under privacy law.
To learn more about meeting your obligations in other Zendesk products, see Complying with Privacy and Data Protection Law in Zendesk products.
A Zendesk Chat account can be created in Zendesk Support or can exist as a standalone account. For Chat accounts created in Zendesk Support, see Complying with Privacy and Data Protection Law in Zendesk Chat. If you are using web, mobile, or social messaging, please follow the processes outlined in Complying with Privacy and Data Protection Law in Zendesk Support. In standalone Chat accounts, both agents and end users are managed in Chat.
In this guide, users can be End-Users or Agents as the terms are defined in the Main Serviced Agreement.
Topics covered in this article:
Meeting an access obligation
Individuals from certain regions have a right of access. On request, you may have an obligation to inform an end user or agent where their personal data is being held and for what purposes.
If you receive a request for access to personal data, you can export data as described in Meeting a data portability obligation below.
Meeting a correction obligation
Individuals from certain regions have a right to rectification, or the right to have inaccuracies in their personal data corrected. On request, you may have an obligation to provide the individual with their personal data and fix inaccuracies or add missing information.
To update the personal data of end users and agents, see the following topics in this guide:
You must be an admin to update end users and agents.
Updating end users
To update the personal data of an end user
- From the dashboard, select History and perform a search for the chats involving the end user.
- Select each chat in the results, click the User Info tab, and make your updates.
- Repeat step 2 for each chat involving the end user.
Updating agents
- In the dashboard, select Settings > Agent.
Meeting an erasure or deletion obligation
Individuals from certain regions have a right to erasure, or the right to be forgotten or deleted. On request, you may have an obligation to delete the personal data of an individual.
The workflow for deleting the personal data of a end user or agent in standalone Chat accounts is as follows:
- Delete chats.
- Delete the user from the account.
The order of operations is important because user data might be needed to find chats or messages containing personal data.
To delete chats
See the following topics in the article for Zendesk Chat:
To delete an agent
See the following topic in this guide:
Deleting agents
To delete one or more agents
- Go to your dashboard and select Settings > Agents.
- Select the check box next to one or more agents.
- Select the Actions drop-down menu at the top of the list and choose Delete selected.
- Click Delete on the window that appears to confirm.
The agent is soft deleted, meaning the agent profile is no longer accessible in the user interface. It still exists in the data store. The system keeps the name to display in chat transcripts. You can remove the name by deleting the chat.
Meeting a data portability obligation
Individuals from certain regions have a right to data portability. On request, you may have an obligation to provide an individual with their personal data or to transmit the data to another organization.
The following topics describe how to export personal data from Chat:
Exporting visitors with the Chat API
To export end users
GET /api/v2/visitors/{visitor_id}
See Get a Visitor in the Chat API docs.
You can get the visitor id from chat records. See Chats in the developer docs.
Exporting agents with the Chat API
To export agents
GET /api/v2/agentsGET /api/v2/agents/{agent_id}GET /api/v2/agents/email/{email_id}
See Get All Agents, Get Agent by ID, and Get Agent by Email ID in the Chat API docs.
Meeting the objection obligation
Individuals from certain regions have a right of objection, or the right to object to direct marketing. You may have an obligation to stop processing personal data for direct marketing purposes when you receive an objection from an individual.
Meeting a consent or disclosure obligation
Disclosure or notification obligations within the Zendesk widgets can be met in a number of different ways:
- Users of Zendesk messaging in the Web Widget may include a default messaging response or provide a link to your company’s privacy notice.
- Users of bot-enhanced messaging in the Web Widget may use bot builder to include custom messages at any stage in the conversation, including at the transfer step before a conversation is handed off from the bot to an agent (which is when transcript creation begins).
- Users of bot-enhanced messaging in the Web Widget may include the name of “bot” in their selection of the name of the bot. Users may also include a pre-chat introduction.
- Users of live chat in Web Widget (Classic) or the legacy chat widget may enable a pre-chat form or configure the concierge or chat badge accordingly.
- If you wish to control the launching of a widget itself on the basis of your cookie tool, our In-Product Cookie Policy here includes instructions on how to control each of Zendesk’s web chat widgets by this method. This article explains how to install a cookie bot into a Zendesk help center.
See Nofitying end users of legal terms in Zendesk's web-based widgets for more information.
Disclaimer
This document is for informational purposes only and does not constitute legal advice. Readers should always seek legal advice before taking any action with respect to the matters discussed herein.