What is GDPR?
It’s a law related to processing personal data of citizens of the European Union (EU) and the European Economic Area (EEA).
Why is LiveSession bound by the GDPR?
Our services are available to customers from all over the world, including the EU and the EEA.
Our tool records the user’s activity on a website or in an app. This recording is called session replay.
What is a session replay? How is it related to personal data?
A session replay is a reconstruction of the user’s journey on a website or within a web application. It consists of mouse and keyboard movements, scrolls, taps, and clicks. Watching a session replay feels like sitting next to the user and watching them interact with your website.
When you use LiveSession on your website, you allow the service to process user data. There are two main ways of processing data, passive and active.
Passive processing is related to session replays stored on Google Cloud. As our client, you’re the only person who can access this data.
Active processing involves the data you send us intentionally, such as company details, email addresses, and the names of your employees. You need to share this information to use our service.
Is it possible to use LiveSession without recording any personal data?
Yes, it’s possible. Here’s how it works:
Passively processed data is anonymous by default. This applies to forms on your website, too. If you’d like to identify recorded users, you can do it with our custom properties feature. By default, we do not record any inputs that can be potentially sensitive.
On the other hand, if personal data is included in the static content of your website, you need to anonymize it yourself. Otherwise, it will be recorded.
LiveSession provides the session recording tool and protects your privacy. We’re also here to help you exercise rights related to personal data.
What are the user rights provided by GDPR?
Here are some of the user rights under the GDPR that you need to consider:
- The right to amend, access and receive copies of personal data.
The user can ask you to send a copy of their personal data. You can download a file with this data from your account.
- The right to erase data.
The user can ask you to delete their personal data. It’s also known as the right to be forgotten. You can erase the user’s data very easily.
- Limitations on data processing.
- The right to object to the processing of personal data.
- The right to withdraw consent for processing data
The user can ask you to limit the processing of their data.
You can decide what kind of data you are recording. Passively obtained data is always anonymous by default. You can anonymize other kinds of data manually.
What’s more, the user can also object to processing their data at any time without providing a reason. This does not affect the legality of the previous processing.
- The right to data portability
If requested, it’s possible to move the user’s personal data to another place.
To exercise these rights, please get in touch with LiveSession at: firstname.lastname@example.org
The GDPR requires us to answer within 30 days. We’ll do our best to reply as soon as possible.