Moxie's Support for Data Subject Requests Under European Union’s General Data Protection Regulation (GDPR) and Consumer Requests Under the California Consumer Privacy Act (CCPA)
Moxie takes privacy seriously. Beyond our standard security policies and procedures, we support compliance with the European Union’s General Data Protection Regulation (GDPR) which became enforceable May 25th, 2018 and the California Consumer Privacy Act (CCPA) scheduled to become effective on January 1, 2020. This article describes how Moxie can assist our Moxie cloud services customers’ with GDPR and CCPA compliance with respect to data subject and consumer rights to access, correct, object, and delete personal data stored and processed by Moxie application services.
This article uses the following defined terms:
Moxie: means the Moxie entity with whom a Moxie Customer contracts to receive Moxie application services.
Moxie Customer: means you, our business customer who has purchased a subscription to one or more Moxie application services.
Visitor: means a third party with whom a Moxie Customer engages using Moxie application services (either via the internet or a mobile application) such as Concierge, Chat, Email or Knowledge. Qualifying Visitors under the GDPR and CCPA may be “data subjects” and “consumers”, respectively, for the purposes of such regulations.
Below are shared key shared concepts between GDRP and CCPA and the ways in which Moxie supports compliance with each concept. The descriptions are intended to be high-level descriptions only and are not complete or exhaustive. Moxie Customers should consult with their own counsel and experts to determine which types of personal data and information the Moxie Customers process and store using Moxie application services and what GDPR and CCPA require to such activities.
Access: Visitors can request Moxie Customers provide access to the Visitors’ personal data processed and stored by the Moxie application services as well as obtain the names of any third-parties with whom Moxie shares such data. Moxie Customers have access to the personal data stored by the Moxie Customers in the Moxie application services via the administrator and agent functions of the Moxie applications. Moxie Customers can therefore respond to access requests using the Moxie applications and should not require Moxie assistance to respond to such requests.
Correction: Visitors have the right to request Moxie Customers correct inaccurate or incomplete personal data stored by the Moxie application services. Moxie does not expect correction requests to be applicable to the application services since stored Visitor personal data generally will be in emails and chat transcripts which are automatically generated. Requests for corrections, however, can be discussed with Moxie via Moxie support for the application services..
Objection: If a Visitor objects to data processing activities, the Moxie Customer has to end such activities and should instruct the Visitor not to use the Moxie application services available from Customer. Moxie Customers are responsible for these actions and submitting associated deletion requests to Moxie with respect to any personal data of the Visitors stored in Moxie application services.
Deletion: Visitors may request that Moxie Customers delete Visitors’ personal data stored by the Moxie application services. If a Moxie Customer receives such a request, it is required to open a Support ticket with Moxie with the required information as outlined below. The Support ticket will be used to facilitate the deletion request.
A VISITOR’S request to a MOXIE CUSTOMER for deletion will require Moxie assistance. Moxie will use commercially reasonable efforts to respond within one business week of receiving a deletion requests from a MOXIE CUSTOMER, including the estimated timeframe and cost for executing the request.
The following is a list of MOXIE applications and the deletion process:
Application |
Who can delete | Additional Information |
---|---|---|
Chat |
MOXIE |
Both Chat Transcript and pre-chat questionnaire data requires Moxie to delete the data. Moxie Customer must provide Moxie with a list of Chat session IDs, including personal data to be deleted. Moxie will delete/redact the content of the chat transcript and pre-chat questionnaire.* |
N/A |
Moxie's Concierge application does not currently store or contain personal information. |
|
|
MOXIE |
Deleting emails and any Secure Message Portal data requires Moxie to delete/redact the data. Moxie Customer must provide Moxie with a list of email message IDs, including personal data to be deleted. MOXIE will delete/redact the content of the emails.* |
Knowledgebase |
MOXIE |
Moxie's KB may contain the Visitor's email address, name and IP Address if the Visitor provided that information via a user profile login. For logged in Visitors, the KB collects the Portal that was accessed, the article content that was accessed (and when) and the IP address. Deleting this information requires MOXIE to delete the data. MOXIE CUSTOMER must provide MOXIE with a list of email addresses for a deletion request. |
* The following link will download a sample file format for submitting Chat and Email IDs: InputFormatsampleGDPRCCPAorPCIRedaction.csv. Data redaction requests from Moxie Customers will be fulfilled up to a maximum of one request per month unless a separate premium response service has been purchased from Moxie. We will attempt to perform the redaction within 30 days.
If your organization requires more frequent, recurring redactions or requires expedited redactions with an expected SLA, a Moxie offers an optional Data Redaction Service to enable data redaction. Please review this document DS_Data_Redaction_Services-Dec_2019.pdf and contact your Moxie representative.
This Article is provided as guidance only. Each MOXIE CUSTOMER is responsible for ensuring that its own review and response to any VISITOR request with respect to personal data is handled in accordance with GDPR, CCPA and other applicable law. MOXIE encourages you to consult with your own privacy experts and counsel in responding to any such request.
The article How to find personal information or identifiers for how to find personal information or identifiers for GDPR and CCPA may be of assistance in responding to Data Subject Requests for Access.
The information in this Article is subject to update and change without notice. CUSTOMERS are encouraged to consult the current version of this Article and alternate resources made available by Moxie prior to the processing of each VISITOR request.
If you have additional questions, please contact Moxie at support@gomoxie.com or your Moxie representative.
|
||
Chat |
||
Phone |
North America/APAC |
1-877-373-7848 |
Phone |
Mainland Europe/UK |
+44 870 904 1121 |