...
Warning | ||
---|---|---|
| ||
Since release Whymper V1, SAM (SecuTix Audience Management) filters out automatically all contacts that refuse explicitly marketing communication communications (except if the campaign contains only "operational" (and non-marketing) information directly related to contractual obligations towards the customers, for instance informing them about major changes affecting an event for which they ave purchased tickets). In order to be fully compliant with GDPR regulations, release Whymper V3 of SAM will filter out automatically all contacts that didn't did not give their explicit consent. As a result, as of mid-November 2018, , contacts who haven't have not provided any consent information (neither positive, nor negative) won't will not receive your marketing campaigns anymore. |
...
Several improvements have been brought to SecuTix during Whymper V2 regarding the new General Data Protection Regulation (GDPR). These improvements aim at:
- Improving the flexibility of the bulk contact anonymisation anonymization batch
- Improving the information provided to the operator and internet user with regard to the data privacy policy
Although some of these improvements have already been delivered as patches in the last months, we take the opportunity of the Whymper V2 release notes to provide you a global overview of all the new features provided since the last major delivery.
Improved batch facility for
...
anonymization/deletion of inactive contacts
Calculating the period of inactivity for a contact
The batch process calculates the period of inactivity by checking the date of the last transaction by a contact. This data is held in a special indicator (calculated directly by the batch process) called the GDPR recency. This recency covers:
- Option acquisition
- Option confirmation
- Reservations and sales made, either as a purchase contact or a cultural contact. Completing payment does not, therefore, modify the contact recency.
- Being added to the waiting list
- (as of since Whymper 1.7) explicit click on a SAM link
- (as of since Whymper 1.7) modification of contact criterion
- (as of since Whymper 1.7) modification of contact authorizations IF , if at least one authorization is still "yes, I authorize"
- If the contact has not carried out any of the above actions, the contact creation date is used.
- All those information are taken into account at the institution level (through all its organizations). Therefore, a contact will not be anonymized if there was an activity with another organization as the one running the batch.
...
- In order to maintain performance levels, the indicator is only recalculated if a contact is eligible for deletion or anonymisationanonymization, given the current value of the indicator and the chosen period of inactivity. It does not necessarily provide the complete contact recency.
- For example: A contact has purchased a ticket for a performance taking place on 15 June 2018. The initial batch process runs and sets the indicator to 15 June. A few weeks later, the contact purchases a ticket for a performance on 1 September 2018. Suppose Assuming the batch was executed on 1 the 1st of August after the purchase of the second ticket. The , the second batch process will not update the contact recency as it is too recent to be anonymisedanonymized.
- The batch anonymisation anonymization process only deals with individual contacts and relays and but not the structures themselves, nor contacts with another role (eg, e.g., supplier, guide, exhibitor, producer, partner, contractor).
Removing a prospect /
...
anonymizing a contact
- When a contact is anonymised (anonymized, either through the batch or manually by the operator), the country, town and post code of the address are kept. By this way, allowing the reports on the geographical origin of the customers can still provide to remain accurate information. The other address information are still deleted so that the identity of the anonymised anonymized contact cannot be recovered. When a prospect is removed, all address information are deleted.
- All beneficiary information (, except the country) , and all answers to questions of type Address or Email linked to tickets which end validity is older than the duration specified in the batch are removed,
- The IP address of all orders containing only tickets which end validity is older than the duration mentioned above is removed.
...
Warning |
---|
You can select the minimum period of inactivity. The batch process has a default setting of 36 months, which corresponds to the |
...
recommended 3-year period in France. The batch process also offers a simulation mode, which displays the list of contacts about to be |
...
anonymized/deleted. Since this batch process will have a considerable and irreversible impact on your contact database, we strongly recommend you run in simulation mode first in order to identify all affected contacts. No contact who is a debtor or creditor to your institution may be |
...
anonymized. These contacts will be included in the run-time log. They will be |
...
anonymized when the batch process runs and their transaction has been settled. |
How to use this new batch process
- If it does not yet exist, create a batch type "Deletion/anonymisation anonymization of inactive contacts"
- Schedule the following program "Deletion/anonymisation anonymization of inactive contacts". By default, the period of inactivity is initially set to 36 months and simulation mode is chosen.
Information for internet users
Contact creation on behalf
SecuTix allows internet users to create contacts and integrate them to their community, and buy tickets for a member of their community. If the internet user requests a login for the member of his community, the new community member will receive an email and will get all required information about data privacy policy. However, SecuTix cannot inform the new community member if no login is created for him. In order to comply with RGPD regulations in this specific case, a legal mention has been added to the "contact creation on behalf" page to urge the internet user ( creating the contact ) to inform the community member for which a contact has been created about the contact creation and his rights about regarding his personal data.
Data privacy policy summary explicitly shown to the internet user
The Ticket Shop ticketshop already provides a link to the data privacy policy that can be set-up configured in the parameters of the point of sales. A new point of sales parameter allows to display displaying directly a summary of this data privacy policy on the contact creation page. The internet user doesn't does not have to click on a link to view this summary.
Both data privacy policy links mentioned above are now also provided by the newsletter widget.
Information for operators
Creation/modification of order remarks
SecuTix already provides information to the operator when he enters a contact note or remark (, reminding the operator about the requirements on the remark content defined by the data privacy regulations). This principle has now been extended to order remarks.
Request buyer's consent when saving the credit card alias for further payments
A message is displayed to the operator to ensure he has requested the buyer's consent before saving the credit card alias for further payments.
Data privacy legal obligations when exporting data
The operator is informed about his legal obligations when exporting a report from the operation reporting tool or from SAM..
Information for administrators
The login (connection code) of an operator cannot be modified or removed when this operator leaves your company. As a result, it's important that the identity of the operator cannot be discovered from his login. To achieve this, a message is displayed to the administrator to recall this requirement. Note that the operator first name and last name may be (and should be) anonymised anonymized manually when the operator leaves your company.
...