GDPR data management¶
As of 25 May 2018, the European Union's General Data Protection Regulation (GDPR) will be the new primary law regulating how companies have to treat and protect the personal data of EU residents.
Retailers most likely store personal information about their visitors in their own systems. However, as Voyado Elevate manages behavioral data, it also makes a retailer's Voyado Elevate implementation a part of a retailer being overall compliant with the new legislation.
Voyado Elevate and GDPR¶
The two most notable points for retailers regarding GDPR compliance when using Voyado Elevate are the following:
- Never create and use customer keys based on personal information such as user names or email addresses.
- Plan for how to manage and use the GDPR API to export, download, and remove behavioral data.
Personal data¶
Voyado Elevate primarily stores personal data in the form of the customerKey
and the sessionKey
of visitors, where the keys can be associated with clicks and purchases. A sessionKey
can associate with multiple customerKey
values.
IP-addresses are not stored persistently in Voyado Elevate. An address is only stored temporarily in the memory of an active Elevate instance until a newer request from the same user agent is made, or if an instance is reset during an upgrade or reboot. A maximum of 1 000 IP-addresses are stored simultaneously. For internal troubleshooting purposes, a customerKey
and a sessionKey
can be connected to an IP-address during the temporary storage of the IP-address.
The customerKey
and sessionKey
data are stored for 1 year and are then automatically removed by Elevate. They can be removed earlier with the GDPR API and the Create remove customer job endpoint. The automatic removal time can be configured to run at shorter or longer intervals. For more information about configuring automatic removal times, contact Voyado Support.
GDPR API¶
The GDPR API is used to execute queries enabling functions supporting the Right to access, Right to portability, and the Right to be forgotten.
To be fully compliant with GDPR in regards to Voyado Elevate data, a retailer is likely to have to implement necessary functions for managing GDPR related requests from their visitors.
When executing queries with the GDPR API, an Api-Key
header is required for authentication.
Endpoints¶
Create export customer job¶
The create export customer data job must be performed before any customer data can be downloaded. It is recommended to perform an export and download before any customer data is removed. Export and removal can run concurrently but it is recommended to start the export first.
A customerKey
argument is supplied to start an export job of all available data related to the given key. Linked keys and their related data will also be included in the export job.
The create export customer job works with archived data only. The export job will start once the data from the job initiation date has been archived. Default time for archiving is 5 days. Exported data will be available for download for approximately a week from the time the customer data job status returns done
.
For more information about the endpoint, see the Create export customer data API specification
Job status¶
The job status can be performed to check the current status of an export customer job result or a create remove customer job.
A jid
argument is supplied to return the job status of the export or removal job queried. The jid
is also returned in the response.
For more information about the endpoint, see the Job status API specification
Export customer job result¶
The export customer job result downloads customer data and can only be performed on an export job with the job status done
. It is recommended to perform an export and download before any customer data is removed. Export and removal can run concurrently but it is recommended to start the export first.
A jid
argument is supplied to return the export job as a binary data stream in zip
format. The contents of the zip
-file is one or more text files of the JSON Lines format, i.e. not regular array-wrapped json
-files, or if no data could be found for the specified customer key, a file named empty.txt
.
Disclaimer
The format of the zip
-file content may change without notice.
Exported data will be available for download for approximately a week from the time the job status returns done
. The export customer job result will be removed once the download is completed.
For more information about the endpoint, see the Export customer job result API specification
Create remove customer job¶
The remove customer data job removes all available data in Voyado Elevate related to a visitor.
A customerKey
argument is supplied to start a removal job of all available data related to the given key. Linked keys and their related data will also be included in the removal job.
The remove customer data job works with archived data only. The removal job will start once the data from the job initiation date has been archived. Default time for archiving is 5 days. Export and removal can run concurrently but it is recommended to start the export first.
It is recommended to perform a Create export customer job and an Export customer job result before any customer data is removed.
All data is removed once the job status returns done
.
For more information about the endpoint, see the Create remove customer job result API specification
More information¶
Please see the official GPDR homepage for more information regarding the European Union’s General Data Protection Regulation.