Browsee and GDPR

The content below is being supplied solely for informative purposes. This information is not intended to be a substitute for legal counsel. To determine precisely how the GDPR may or may not apply to you, you should consult with legal and other expert counsel in careful detail. You have probably already heard a lot about the General Data Protection Regulation if you have arrived here (GDPR). There is already a tonne of excellent literature available that describes the GDPR in great depth. Here, the intersection of the GDPR, your business, and your use of Browsee session replay will receive the majority of our attention.

What is GDPR?

The GDPR's primary goal is to offer EU people more control over their personal data. It controls, among other things, how individuals and organisations can collect, use, store, and delete the personal information of EU citizens. Indeed, the concepts in the GDPR aren't so novel. When the EU enacted the Data Protection Directive in the middle of the 1990s, many of the ideas in the GDPR were first introduced.
With GDPR, people have stronger control on how their personal data is being collected as well as used.

What does it require?

GDPR is still evolving and hence the requirements keep on updating. We will update this page as the policy evolves. Some of the key points are:

  • Clear about what makes the personal data
  • Having clarity about how personal data is used with user's consent or via lawful process
  • Giving user's right to see what data is being collected, how the data is used, keeping their data secure and right to delete all their data if requested.



What is Personal Data?

Personal data consists of any PII i.e. personal identifiable information that can be used either on its own or appended with any other data to identify a person.
Any sensitive personal data like SSNs, health information or any other sensitive details should not be captured by a session recording tool. Browsee gives you multiple privacy settings where you can control what data should be recorded and what not. Please check our privacy control settings here.

What is Session Recording?

Session recording is the reproduction of all the user activity that s/he is doing on your website. You can exactly see where the users are facing an issue or where they are able to navigate properly. It is just like watching a video of user's interaction on your website. For this purpose, we record information like mouse movements, clicks, scroll, events, DOM, page visits, etc. A more detailed list of collected information can be checked here.
The session recordings are used extensively by product, support, technology and marketing teams to improve the product and optimize the landing pages.



How personal data can be captured by Browsee?

There are two ways to collect personal data within Browsee:

  • Actively - You can choose to use our APIs to send PII data like name, email etc to Browsee. This information can then be used by you for further analysis and searches. You can avoid using these APIs.
  • Passively - There is a possibility that some of the input fields get recorded as a user types in the those fields simple because we are recording the page. You can actively choose to ignore these fields with multiple privacy settings available in Browsee. Learn more about them here.

Browsee with respect to the GDPR?

Browsee is a processor of data that you send to us about your users. Your data is never accessed or used by Browsee under any circumstances. It is advisable to add Browsee link to your privacy policy as mentioned here.

You can also ask for user consent. For example, if you use Browsee on your support team, you could explain that you use Browsee session replay to provide faster and better support to your customers and aid your engineering team in solving bugs and improving their user experience. We believe that being more descriptive about how you’re using data to ultimately help your customers will improve the likelihood that they grant consent.

For data collected through our recording service or APIs, we delete all data within 1 month of collection by default. You can also request us to delete any user specific data at support@heroteck.com.



Is it necessary to get user consent?

No, not always. The GDPR primarily addresses personal data and establishes an EU citizen's rights over their own data. Recording a session for session replay or session playback is acceptable as long as it is an unnamed session that cannot be linked to a specific person. But, as mentioned above, if you are recording forms or pages where personal data is inputted or shown on your website or application, it is possible to capture personal or sensitive data passively. When you begin recording, it is crucial that you audit your own website to make sure any sensitive form fields or items are removed.


How will Browsee handle requests around my user's personal data?

With Browsee, you can honor your user requests regarding the handling of their data. Browsee will help you with the undermentioned options:

  1. Right to Data Portability. Your users have the right to a "portable" copy of their Personal Information that you have submitted to us. Generally, this means they have a right to request that we move, copy or transmit your Personal Information stored on our servers or information technology environment to another service provider's servers or information technology environment.

  2. Right to Access Data. Your users have the right to request that we disclose certain information to you about our collection, use and disclosure of their Personal Information over the past twelve (12) months. Any disclosures we provide will only cover the 12- month period preceding the receipt of your request.  The response we provide will also explain the reasons we cannot comply with a request, if applicable.

  3. Right to Object. Under the GDPR, users have the right to prohibit certain data uses. As mentioned above, you may need to get explicit consent from EU citizens regarding the data you capture and how you plan to use it. We already covered how you might send personal data into your Browsee account (actively via our Identify API or an integration, or passively by capturing pages on which personal data is inputted or displayed). It is already possible to choose not to actively or passively send any personal data into Browsee simply by not using our Identify API and by excluding all elements (like form fields or confirmation pages) that might have personal information typed into or displayed on them. You’ll be able to set more granular rules about what data is passed into Browsee by default and what data can be passed into Browsee when consent is present.

  4. Right to Delete Data. Your users have the right to request that we delete any of their Personal Information that we collected from you and retained, subject to certain exceptions. Once we receive and confirm your verifiable consumer request, we will delete (and direct our service providers to delete) your Personal Information from our records, unless an exception applies.

Does Browsee offer DPA?

Yes, you can request a copy of DPA by emailing at support@heroteck.com which can then be signed mutually.

Last updated on: 1st May, 2021.

If you have any doubts or questions, please feel free to reach Heroteck at contact@heroteck.com.

G-120, Sarita Vihar, Delhi-110076, India