Protecting customer information is of the highest priority to us. Haptik’s platform, data privacy policies & processes comply with the various provisions of GDPR, PDPA, and all other renowned privacy compliances
Commitment to GDPR
To earn our customer’s trust, Haptik demonstrates strong commitment towards privacy, security, compliance and transparency. This includes compliance with General Data Protection Regulations according to EU data protection requirements.
What is the GDPR?
The General Data Protection Regulation (GDPR) is a privacy law in the EU that came into effect on May 25, 2018. The GDPR sets out a number of regulations and principles that organizations must adhere to collect, store, and transfer personal data of EU individuals.
Privacy by design
Every feature, process at Haptik is defined keeping the user's privacy in mind. Whether it’s for our customer or their end-users, Haptik ensures utmost privacy and maintains end-end data protection and security cycles.
Our Secure Development Life cycle caters to all privacy requirements and ensures every product manager and engineering manager considers data collection, storage and retrieval of the feature being built or improved.
Stringent Go-Live Process
Go-Live process refers to the process of deploying an integration/Intelligent Virtual Assistant (IVA) in the production environment.
Our Information-security driven Go-live process ensures that users and their data are safely purged and masked as per the configuration in Haptik platform. Haptik follows extra diligence in case of Privacy & Data Protection features, consent requirement in chat, requirement of medical information, privacy notice/note etc.
Usage and protection of personal Data
Haptik customers that collect and store personal data are considered data controllers under the GDPR. Data controllers bear the primary responsibility for ensuring that their processing of personal data is compliant with the GDPR. Haptik is the Data processor -party that processes personal data on behalf of the data controller.
Haptik may use personal information in a variety of ways across our products and organization. We use this information to support our customers in customer engagement and customer acquisition efforts, and to optimize customer website experiences on client websites.All the data we store and the process is only used for the purpose of improving our customer’s virtual assistants.
International data transfers
Our deployments today span across US, India & Singapore. Our first approach is to onboard customers to the region they & and their customers are in. If not, then we make sure we are able to do international data transfers with the controls we have in place:
Individual’s privacy rights and consent
Whether it's our end users or our customers or customer’s end users, with Haptik every individual has their own privacy rights. Consent being critical, is built into our systems and capabilities that enables us and customers to use it the way they want to comply.
We have appointed DPO (Data Protection Officer) to handle day-to-day data privacy-related processes, complaints and make sure user data is stored & handled in the most secure fashion. Internal audits to external audits, all are managed by our DPO.
Stringent Access Control
Access control is taken very seriously at Haptik and we only provide access on a need-to-know basis. From our platform to internal tools, all have RBAC enabled and privilege access is restricted.
Detailed analysis & DPIA: We commit to carrying out Data Protection Impact Assessments to ensure proper treatment of data, in consultation with regulators where appropriate
Staff training: Monthly/Quarterly/Yearly training for our employees on how to handle data, and maintain its confidentiality, integrity, and availability. On new employee training, this is part of their first sessions with Infosec and Human Resource teams.
Quarterly GDPR, PDPA & Privacy Internal Audit: Infosec teams and other business teams do internal audits for Privacy and try to find as many gaps as possible so that we can improve the security posture.