Everything you need to know about LiveAgent’s GDPR compliance
LiveAgent is committed to privacy, security, compliance and transparency. This approach includes supporting our customers’ compliance with EU data protection requirements, including those set out in the General Data Protection Regulation (GDPR), which became enforceable on May 25th, 2018.
The General Data Protection Regulation (GDPR) (Regulation (EU) 2016/679) is a regulation by which the European Parliament, the Council of the European Union and the European Commission intend to strengthen and unify data protection for all individuals within the European Union (EU).
One way in which the personal data of an EU citizen could be collected when using LiveAgent is when you build a database of contacts, their information, and business dealings with them (i.e. a CRM system). Not all customers will be “data subjects”, as data subjects are only individuals. Some of your customers may be businesses or government organizations, which the GDPR does not apply to.
Yes, LiveAgent is fully GDPR compliant as of May 2018.
Two-factor authentication
2-Step Verification adds more security to your LiveAgent account. When you have 2-Factor Authentication enabled, any attempt to log into your account must be accompanied by the code that you generated in Google Authenticator app. 2-Step Verification can help keep unknown people out, even if they have your password.
HTTPS Encryption
All LiveAgent hosted accounts run over a secure connection using the HTTPS protocol. Hyper Text Transfer Protocol Secure (HTTPS) is the secure version of HTTP, the protocol over which data is sent between your browser and the website that you are connected to. It means all communication between your browser and LiveAgent is encrypted, including your chat and email communication.
Secure credential storage
We follow latest best practices to store and protect user login credentials and passwords in the cloud.
IP & network restrictions
Your LiveAgent Agent panel can be configured to only allow access from specific IP address ranges.
API Security
LiveAgent REST API is restricted to accredited users based on username and password or username and API tokens.
SPAM filtering
LiveAgent has an intelligent built in SPAM filter that learns and improves its filtering capabilities continuously.
LiveAgent provides customers the option to delete Service Data that may contain personal data, such as profiles, tickets, images, and attachments, in active LiveAgent accounts. Within the LiveAgent, Administrators and Agents (collectively described as “Users”) have profiles with hierarchical privileges, as described here.
Agent Profile Deletion
LiveAgent currently supports the deletion of Agent profile information as described here. Admins and Owner can delete profiles of all Users, including Agents. They can delete Agents in Configuration>Agents>Delete Agent. LiveAgent retains Account Owner information in order to continue to provide its service. When an account is terminated, LiveAgent follows its Data Deletion Policy for remaining profile information.
End-User Profile Deletion
LiveAgent currently supports the deletion of End-User profile information as described here. Owner, Administrators and Agents can delete End-User profiles. Following this deletion action, the End-User profile is removed from the User Interface and the End-User identity is deleted from the system, along with OAuth Tokens, Sessions and Saved Searches.
Ticket Deletion
Tickets can be deleted by following the steps outlined here. This article also addresses how to permanently delete tickets.
Customer Portal Profile Deletion
Customers can delete their profiles from a Customer Portal by following steps described here (Customer Portal profile deletion is the same process as End user profile deletion).
Consent Acceptance for Providing Live Support via Live Chat
One of the requirements of GDPR is your obligation to inform your customers that you and/or a 3rd party processor will gather their personal data. When providing customer service via live chat, we suggest to place a consent acceptance in your pre-chat form.
LiveAgent application allows you to delete all sensitive data about your customers upon their request directly in LiveAgent application by deleting all tickets and contact data related to your customer.
Additionally every LiveAgent account owner has full control over his account and can request to be deleted any time by mail to our support@liveagent.com. Liveagent cloud has also automatic procedures for deleting suspended accounts to make sure we don’t store permanently your data after you decide to stop using our services.
In case trial account is not upgraded to paid plan within 14 days or billing of already upgraded account is failing more than 7 days, account is suspended. Suspended account doesn’t allow user logins or access data either by account owner or his customers.
In case account owner doesn’t request to unsuspend his account by email or chat, within next 60 days is account terminated (domain stops to be active, we remove account configuration from cloud, but we keep data in storage).
Terminated accounts are deleted automatically from our cloud within next 30 days. From this point we don’t have any active data in LiveAgent cloud, we store for another 30 days just cold backup of database. Once backup expires, we don’t store any data from your account anymore.
Contact us at info@liveagent.com.
Call center security checklist
Call center security is a serious issue that should not be taken lightly. Follow this call center security checklist to stay protected.
Our website uses cookies. By continuing we assume your permission to deploy cookies as detailed in our privacy and cookies policy.