Customer Consent for Saving Personal Data
The capture of the customer consent for saving personal data varies depending on the contact channel.
Generally, when actively contacting an organization by calling in to a specific phone number, sending e-mail to a specific e-mail address, sending SMS to a specific number, or initiating a web chat from an organization’s web pages, a customer understands, and thus provides their consent, that his contact data and content will be handled and stored in the system. Note that WhatsApp has special rules for contacting customer. For more information, see the section WhatsApp Opt-In in the System Configurator document.
It is recommended, that organization informs the customer about collecting personal data in such an occasion. The methods we support, are described below.
The Data Protection Officer (DPO) can reset the consent database in case the organization renews its data privacy policy. In such occasion, it is recommended that the DPO exports the consent database and stores it per the organization’s data protection and privacy policy. For more information about how to manage consents, see the section Managing Customer Consents in the System Configurator document. You may also control consent and WhatsApp opt-in via a Restful interface.
Inbound Queue Calls and IVR Calls
It is possible to record the Welcome prompt for each phone queue. In the Welcome prompt the organization can inform customers about the service to which they have called and also about how the organization handles the personal data.
To define such a prompt, create an audio prompt with the type Welcome in .Call Recording
The organization should determine their policy for recording calls. In some industries, there is a legal obligation to record calls, whereas in other organizations the call recordings are needed to fulfill a contract. In these cases using call recording may happen without consent.
In other cases, it is recommended to get a customer’s consent prior to recording. It is possible to define and activate a consent IVR, where the customer can give their consent for call recording, or deny it.
This consent or non-consent information of a customer can be stored in database, and that information can later on be used for consent reporting as well as for fine-tuning the call handling flow in future calls. The Data Protection Officer can reset the consent information in case the organization renews its Data Privacy Policy, or in case the customer wants to withdraw their consent.
The consent information follows the customer’s call for the lifetime of the call, either enabling or disabling the call recording accordingly. This means that if the call is transferred to another queue with different consent behavior settings, the settings of the first queue are applied.
Consent configurations affect call recordings, and for emergency, or other legal or business cases, it is possble for agents to override this configuration and record a call without customer consent.
If consents are used, CDT-controlled local call recordings should not be enabled.
To use an IVR for asking a consent for recording a call, add the Consent IVR in and configure it in . For more information, see corresponding sections in System Configurator documentation.
Inbound Direct Calls
As there is a policy described for IVR and queue calls, it is not recommended to publish direct extension numbers for inbound customer service, but rather to manage all customer calls via queues and IVRs.
Technically, customer consent can be captured with direct inbound calls as well.
Inbound E-Mails
It is possible to define an automatic receipt message for each e-mail queue.
In the receipt message the organization can inform customers about the service to which they have sent the e-mail, and also about how the organization handles personal data. A good practice is to provide a link to the organization’s web page where the organization's data privacy statement is published.
To define an automatic receipt message, define an e-mail prompt with the type E-Mail Received Message in .Inbound Web and Social Chats
It is possible to define an automatic Welcome prompt for each chat queue.
In the Welcome prompt the organization can inform customers about the service to which they have initiated the chat and also about how the organization handles personal data. A good practice is to provide a link to a web page where the organization's data privacy statement is published.
Note that WhatsApp has special rules for contacting customer. For more information, see the section WhatsApp Opt-In in the System Configurator document.
To define such a prompt, create a chat prompt with the type Welcome in .Inbound SMS Messages
SMS message is a subtype of chat. It is possible to define an automatic Welcome prompt for each SMS (chat) queue.
In the Welcome prompt the organization can inform customers about the service to which they have sent the SMS and also about how the organization handles personal data. A good practice is to provide a link to a web page where the organization's data privacy statement is published..
To define such a prompt, create a chat prompt with the type Welcome in .Outbound Campaigns
We recommend that the organization ensures the customer’s consent for telemarketing activities prior to importing customer data to the system.
Inbound and Outbound WhatsApp Messages
The rules for WhatsApp opt-in are set by Meta and we recommend you get familiar with the guidance. For more information, see https://developers.facebook.com/docs/whatsapp/overview/getting-opt-in/. Sinch Contact Pro can store WhatsApp opt-in and Communication Panel works according to rules defined by Meta.