Customer Consent for Saving Personal Data

The capture of the customer consent for saving personal data varies depending on the contact channel.

Generally, when actively contacting an organization by calling in to a specific phone number, sending e-mail to a specific e-mail address, sending SMS to a specific number, or initiating a web chat from an organization’s web pages, a customer understands, and thus provides his consent, that his contact data and content will be handled and stored in the system.

It is recommended, that organization informs the customer about collecting personal data in such an occasion. The methods we support, are described below.

The Data Protection Officer (DPO) can reset the consent database in case the organization renews its data privacy policy. In such occasion, it is recommended that the DPO exports the consent database and stores it per the organization’s data protection and privacy policy. For more information about how to manage consents, see System Configurator documentation Managing Customer Consents Managing Customer Consents.

Inbound Queue Calls and IVR Calls

It is possible to record the Welcome prompt for each phone queue. In the Welcome prompt the organization can inform customers about the service to which they have called and also about how the organization handles the personal data.

To define such a prompt, create an audio prompt with the type Welcome in System Configurator > Queue Management > Prompt Management.

Call Recording

The organization should determine their policy for recording calls. In some industries, there is a legal obligation to record calls, whereas in other organizations the call recordings are needed to fulfill a contract. In these cases using call recording may happen without consent.

In other cases, it is recommended to get a customer’s consent prior to recording. It is possible to define and activate a consent IVR, where the customer can give their consent for call recording, or deny it (as of 1711).

This consent or non-consent information of a customer can be stored in database, and that information can later on be used for consent reporting as well as for fine-tuning the call handling flow in future calls. The Data Protection Officer can reset the consent information in case the organization renews its Data Privacy Policy, or in case the customer wants to withdraw their consent.

The consent information follows the customer’s call for the lifetime of the call, either enabling or disabling the call recording accordingly. This means that if the call is transferred to another queue with different consent behavior settings, the settings of the first queue are applied.

Consent configurations affect call recordings, and for emergency, or other legal or business cases, it is possble for agents to override this configuration and record a call without customer consent.

If consents are used, CDT-controlled local call recordings should not be enabled.

To use an IVR for asking a consent for recording a call, add the Consent IVR in System Configurator > IVR Management and configure it in System Configurator > System Services > Recording. For more information, see corresponding sections in System Configurator documentation.

Inbound Direct Calls

As there is a policy described for IVR and queue calls, it is not recommended to publish direct extension numbers for inbound customer service, but rather to manage all customer calls via queues and IVRs.

Technically, customer consent can be captured with direct inbound calls as well.

Inbound E-Mails

It is possible to define an automatic receipt message for each e-mail queue.

In the receipt message the organization can inform customers about the service to which they have sent the e-mail, and also about how the organization handles personal data. A good practice is to provide a link to the organization’s web page where the organization's data privacy statement is published.

To define an automatic receipt message, define an e-mail prompt with the type E-Mail Received Message in System Configurator > Queue Management > Prompt Management.

Inbound Web Chats

It is possible to define an automatic Welcome prompt for each chat queue.

In the Welcome prompt the organization can inform customers about the service to which they have initiated the chat and also about how the organization handles personal data. A good practice is to provide a link to a web page where the organization's data privacy statement is published..

To define such a prompt, create a chat prompt with the type Welcome in System Configurator > Queue Management > Prompt Management.

Inbound SMS Messages

SMS message is a subtype of chat. It is possible to define an automatic Welcome prompt for each SMS (chat) queue.

In the Welcome prompt the organization can inform customers about the service to which they have sent the SMS and also about how the organization handles personal data. A good practice is to provide a link to a web page where the organization's data privacy statement is published..

To define such a prompt, create a chat prompt with the type Welcome in System Configurator > Queue Management > Prompt Management.

Outbound Campaigns

We recommend that the organization ensures the customer’s consent for telemarketing activities prior to importing customer data to the system.