We at MSGHero have put a lot of resources into making sure we are compliant with the GDPR. This post will outline the exact steps we have taken and how we’re making it easy for you to comply. Our data processing agreement is available for you to sign inside of your MSGHero account under “Settings” -> GDPR.
What is GDPR?
The General Data Protection Regulation (GDPR) is to come into force on 25 May, 2018. It primarily addresses the process of obtaining and managing user data, giving EU residents more control over their privacy on the web.
Since some of our customers use our platform to create bots in the EU, or have EU subscribers of their bots, we need to be compliant with GDPR and are happy to announce we are now fully compliant.
Before going any further, we must insert a disclaimer that this post must not serve as legal advice. The following information on this page is the explanation of our interpretation on the GDPR. We’ve done a lot of research on GDPR but due to the vast nature of applications of the new changes a lot is open to interpretation. The following information serves as our interpretation of the facts and our compliance (both technical and organizational) to the GDPR. Therefore the following information should not be relied upon as legal advice under any circumstances and any clarifications about compliance specific to your organization should be sought out by a legal professional. MSGHero makes no warranties, expressed or implied, and hereby disclaims and negates all other warranties, including without limitation, implied warranties or conditions of the information on this page. Any information on this page may change without notice.
What Does GDPR Mean for MSGHero?
Despite the fact that we are not based in the EU, we have customers and bot subscribers located in the EU and therefore we understand that many of our customers and bot users will be expecting to be affected and will be expecting us to comply with the new rules and regulations in order to continue using the MSGHero service.
The regulation is a very long document overseeing a large range of data protection issues, but there are two main parts of it that will affect MSGHero:
- User consent
- User rights to manage or delete their data
If you’re running a MSGHero bot in the EU, or if you have bot users in the EU, you’ll need to ensure that you make it explicitly clear that a user is subscribing to your bot through one of our growth tools.
Here’s how you can modify your existing bot to ensure you are compliant:
– Start by going through your existing Messenger bot flow and make sure any data collection points are clearly labelled so the prospect understands not only that you’re going to be collecting their data, but what they are going to be receiving from your broadcasts (what they are subscribing for).
– Make sure you do not have any automated subscriber triggers WITHOUT consent (the user must be aware they are subscribing to your Messenger bot).
– Your bot users need to have the option to withdraw their consent and it should be made explicitly clear how they can do so.
– Asking for different things, such as asking them to subscribe, and then asking for their email, must be consented to separately. You’ll need separate consent for different things.
A practical way to do this, is to state in your “Welcome Message” that when they click “Get Started” they are subscribing to your Messenger bot.
We have implemented a feature that allows you to see how a specific subscriber consented to opting in via the “Analytics” section inside of MSGHero.
If you were then to collect their email, you’d need to explicitly state that you are going to collect their email for whatever purpose you will use it for.
Users’ Rights to Manage or Delete Their Data
This is where MSGHero provides some practical (rather cool) tools to help you make sure you are compliant and do so in an automated, easy way.
Now that GDPR is in effect, your bot users should have more control over their data and you should have more control over your accounts. Here is how MSGHero has tackled this to make your life easier.
MSGHero’s GDPR-Compliant Main Menu
If you navigate to “Main Menu” inside MSGHero (Create -> Main Menu), you’ll notice a new checkbox called “Insert GDPR Compliant Menu Item”.
This will automatically add a menu item to your Messenger bot’s main menu for you. The sub-menu items will be the following:
- View My Data
- Delete My Data
Here’s how that will look to your bot users.
If they select “View My Data”, the bot will automatically send them the data you have on them, as shown below.
Manual Features for Requests
We have also implemented ways for you to handle your subscribers yourself, in the case that they request to be deleted from your bot. Of course, they can use the automated main menu I explained above, however we wanted to go the extra mile and give you the option to do this manually too.
If you go to “Analytics” in the top menu and select your Facebook page, then scroll down to “Subscribers” you’ll notice you have the option to manually unsubscribe a subscriber as well as the option to delete them entirely.
Your GDPR Options
We understand you might want to view the data we have on you, edit that data or even remove the data we have on you as our customer.
We have taken steps to approach this too.
View your data
If you’d like to view your data we have on you, please submit a support ticket via https://msghero.com/help/ and we’ll get back to you within 24 hours.
Alternatively, you can hover over your profile in the top right corner and click “Profile”. Here, you’ll be able to view your customer account data as well as under “Billing” for your subscription data.
Edit your data
If you wish to edit your data we currently have on you, you can go to you can hover over your profile in the top right corner and click “Profile”. Here, you’ll be able to view your customer account data as well as under “Billing” for your subscription data.
Delete your data
Another option you have, if you want to be removed, is to do the following in order:
- Go to Facebook app settings: https://www.facebook.com/settings?tab=business_tools
- Locate the “MSGHero” app and select the checkbox next to it and click on “Remove” in the top right corner.
This will revoke the permissions for us to use your Facebook account data and it will also delete any campaigns you currently have running with us.
If you’d like to unsubscribe from any of our Messenger bot messages or emails, you have the right to do that too. For emails, we always include an “unsubscribe” link at the bottom. For Messenger messages, simply respond to any of our messages with the keyword “Unsubscribe”.
Alternatively, please submit a support ticket via https://msghero.com/help/ and we’ll get back to you within 24 hours.
We’ll continue improving features related to GDPR as suggested by you, our community.
We’re here to help you be compliant with the GDPR while using our services. If you have any question, please don’t hesitate to contact our support desk: https://msghero.com/help/