Policies & GDPR
Data security at the forefront
With data security at the forefront of everything we do, Click4Assistance strives to set the highest standard.
Security by design
The software includes multiple security features that ensure organisations have complete control over access to functionality and data. The comprehensive permissions area allows administrators to define which modules are available to users and control granular permissions for viewing, storing, and deleting data. Managers can monitor users’ actions with full audit trails.
Client access to ‘Experiences’ can be secured with single sign-on (Active Directory or Azure integration). Alternatively, administrators may enforce strong passwords, password expiry, and lockout if a password is entered incorrectly. IP and time-based restrictions can also restrict users.
To protect data actively transmitted between networks and/or devices, Click4Assistance uses HTTPS/TLS on SHA-256 bit encryption for secure connections and encryption of data at rest.
Trusted by 1000's of companies
Providing Chat Solutions since 2004
Offering a resilient & reliable service to all our customers
Your data resides in & will never leave the UK
We can be reached via Chat, Phone & Email
Focussed on needs of UK industries and organisations
Providing Chat Solutions since 2004
Offering a resilient & reliable service to all our customers
Your data resides in & will never leave the UK
We can be reached via Chat, Phone & Email
Focussed on needs of UK industries and organisations
Internal security
Working within the ISO27001:2022 framework with BSI accreditation, Click4Assistance operates numerous controls, including a clean desk policy, strong passwords, administrative restrictions, and many other stringent rules to ensure data security.
During recruitment, applications are referenced, and DBS checked, and security training is delivered to all staff during their induction and at regular intervals throughout their employment at Click4Assistance. All client data is considered highly sensitive, so access is restricted to key technical staff. Database access requires unmemorable, complex password entry, and passwords are changed regularly and can only be retrieved with director approval.
Development and infrastructure
Security protocols are embedded into all operations, including product development, infrastructure, and the physical environment. Security-aware software development with agile methodologies occurs under strict change control processes, which require rigorous testing regimes and multiple sign-offs to OWASP standards before release.
Servers are located in London, UK, within a data centre that complies with various standards, including ISO9001, ISO27001 and ISO22301. With Biometric access control, 24/7 CCTV and security guards, every precaution is taken to protect data.
Web chat software & GDPR
Who does GDPR affect?
The GDPR applies to ‘controllers’ and ‘processors’ of data. As a live chat software provider, Click4Assistance is a data processor. Our customers maintain ownership of their data and are the data controllers. Both controllers and processors are responsible for ensuring the security and appropriate handling of data. When collecting and processing data from an individual, they are referred to as a data subject.
What do we need to do?
Under the right to be informed, online visitors should fully understand how their data is processed and why the organisation requires it. The easiest way to provide this information is to include a clear and concise statement regarding your organisation’s data processing within your privacy policy; this should also contain how a data subject can withdraw consent. As part of your GDPR audit, you will likely have to alter your privacy policy to include this information. You should also include information regarding the data that may be collected using your web chat software solution.
Why do we need consent?
Where you use people’s data in ways they would reasonably expect and with minimal privacy impact, or where there is a compelling justification for the processing, ‘legitimate interests’ is the lawful basis for processing. Therefore, if you are collecting data during a chat for that enquiry or interaction, you would unlikely need formal consent. However, if you intend to share or use the data for marketing purposes, you may need formal consent from the data subject. Achieve this by adding a check box to the pre-chat form or receiving a statement of consent during the chat. Access to services such as chat should not rely on giving consent without good reason.
How does Click4Assistance ensure compliance?
Developed and hosted within the UK on Click4Assistance-owned servers, any data processed or stored is never transferred outside the UK. Working with police forces, local authorities, and NHS organisations, security by design is intrinsic to the solution and represented within our security policies. The flexibility of customisation allows check boxes and additional information (including links to privacy policies) to be easily included within the visitor-facing windows. Functionality within the software also enables compliance with the rights and regulations required. Below, we touch on some of the rights and how these are easily fulfilled within the software.
- Right to be informed – As discussed above, this can be addressed in the privacy policy, and a link to the policy can be included within the chat window.
- Right to access/to data portability – Consumers can request their personal data and supplementary information. Administrators (permissions allowing) can search stored data within the software using various filters to identify the relevant record and export it in readable formats (PDF, Excel, CSV) or email it directly to the data subject.
- Right to erasure/to be forgotten – An individual can request that their data be deleted. Administrators can search stored data using a variety of filters to identify and delete records (permissions allow).
This information has been designed to provide an overview of some of the key aspects of GDPR. Please get in touch with our team by phone or email or start a chat if you have any questions or require further information.
Industry-specific solutions
With 20 years of experience, we’ve delivered live chat solutions for various industries, including 25% of UK universities and numerous public services, charities, and insurance companies. Click below to explore examples tailored to your sector.
