Does your website use third-party services? Get GDPR compliant in minutes.
Try FlowConsentFree plan · 10-min setup
Genesys Cloud CX Chat is an enterprise customer engagement live chat widget that connects website visitors with contact center agents through the Genesys Cloud platform.
Genesys Cloud CX Chat is a live messaging channel provided by Genesys Cloud Services LLC as part of its Cloud CX contact center platform. It is embedded into websites through a JavaScript widget that opens a real time channel between visitors and human agents or automated bots. Genesys is one of the largest contact center vendors worldwide and is widely deployed by banks, insurers, airlines, telecommunications operators and public sector bodies across the European Union.
The widget sets first party and third party cookies including session identifiers (gcb_session, gms_session), visitor identifiers and analytics cookies that record interaction quality and routing metadata. The widget collects IP address, browser fingerprint, page URL, language, the contents of the chat conversation and any structured data the operator chooses to push (such as customer ID or order number).
Loading the chat widget and storing non strictly necessary cookies requires prior informed consent under Art. 5(3) of the ePrivacy Directive and Art. 6(1)(a) GDPR. Once the visitor actively opens the chat, the conversation itself can be processed under Art. 6(1)(b) GDPR as a pre contractual measure or service request. Recording and quality monitoring require an additional legal basis (consent or legitimate interest with balancing test).
Get GDPR compliant in 10 minutes
Free plan available · No credit card required
Genesys is a US company. Even when EU customers select the Frankfurt region (apps.mypurecloud.de), support and engineering access may result in transfers to the United States. Genesys is self certified under the EU US Data Privacy Framework and offers Standard Contractual Clauses in its Data Processing Addendum. Operators must perform a Transfer Impact Assessment in light of the Schrems II ruling.
Because Genesys Cloud CX Chat is typically deployed at scale with conversation recording and integration with CRM systems, a DPIA under Art. 35 GDPR is recommended. The risk level is high when chats may contain health, financial or special category data.
Block the widget script until consent is given through a Consent Management Platform, configure the EU region, sign the Genesys DPA with SCCs, document retention periods for chat transcripts and recordings, inform visitors before they start a chat and offer an alternative contact channel for users who refuse consent.
Websites using Genesys Cloud CX Chat must obtain user consent under GDPR regulations.
DPIA considerations
A Data Protection Impact Assessment under Art. 35 GDPR is strongly recommended because Genesys Cloud CX Chat involves systematic monitoring of visitor interactions, transfers of personal data to the United States, processing of potentially sensitive chat content (including special categories of data when used in healthcare, finance or HR contexts) and recording of conversations for quality assurance. The DPIA should assess the necessity of recording, retention periods, agent access controls and the effectiveness of EU US DPF and SCC safeguards.
Sample consent text
We use Genesys Cloud CX Chat to provide live customer support. This service stores session cookies on your device and may transfer your chat content and IP address to Genesys servers in the United States under the EU US Data Privacy Framework. By clicking Accept, you consent to these cookies and the processing of your conversation.
Third-party domains contacted
apps.mypurecloud.comapps.mypurecloud.deapi.mypurecloud.comcdn.genesyscloud.comapps.mypurecloud.iegenesys.comCookies placed
| Name | Type | Duration | Purpose |
|---|---|---|---|
| gcb_session | first_party | session | Genesys chat browser session identifier used to maintain the live chat conversation between the visitor and the contact center agent. |
| gms_session | third_party | session | Genesys Messaging Service session token, required to authenticate the WebSocket connection with mypurecloud. |
| _genesys_visitor_id | first_party | 1 year | Persistent visitor identifier used to recognize returning users and to link successive chat sessions for routing and reporting. |
| gcb_region | first_party | 1 year | Stores the Genesys Cloud region (e.g. mypurecloud.de) selected for the visitor to ensure subsequent requests target the correct EU datacenter. |
| _ga | third_party | 2 years | Google Analytics cookie sometimes loaded together with Genesys widget when analytics integration is enabled by the operator. |
| _vis_opt_s | third_party | session | Visitor optimization cookie used by Genesys for A B testing of agent flows and bot conversations. |
Genesys Cloud CX Chat uses cookies for user preferences — inform visitors with a consent banner.
The widget sets session and visitor cookies such as gcb_session, gms_session and various analytics identifiers. Their lifetime ranges from session only to one year. Names and durations depend on configuration and Genesys release version.
Yes. Loading the Genesys widget triggers non strictly necessary cookies and connections to mypurecloud servers. Under Art. 5(3) ePrivacy and Art. 6(1)(a) GDPR, prior informed consent must be collected through a Consent Management Platform.
Cookie storage relies on consent (Art. 6(1)(a) GDPR). The conversation itself can rely on Art. 6(1)(b) GDPR (pre contractual measure or service request) once the user actively engages. Recording usually requires separate consent or a balanced legitimate interest.
Yes. Even when using the Frankfurt region, support, monitoring and engineering may access data from the US. Genesys is certified under the EU US DPF and offers SCCs in its DPA. A Transfer Impact Assessment per Schrems II is required.
A DPIA under Art. 35 GDPR is recommended, especially when conversations are recorded, when chat is used at scale or when sensitive data (health, finance, employment) may be exchanged.
Block the script until consent, select the EU region (apps.mypurecloud.de), sign the Genesys DPA with SCCs, document retention, train agents, publish a clear privacy notice and provide an alternative channel for users who refuse consent.
EU alternatives include Crisp (France), Userlike (Germany) and self hosted solutions such as Chatwoot or Rocket.Chat. They reduce or eliminate transfers to the United States.
List Genesys cookies with name, purpose, duration and provider. Mention Genesys Cloud Services LLC as joint controller or processor, the EU US DPF certification and the US transfer. Update at least annually and after any release that changes cookies.