Since release Whymper V1, SAM (SecuTix Audience Management) filters out automatically all contacts that refuse explicitly marketing communications (except if the campaign contains only "operational" (and non-marketing) information directly related to contractual obligations towards the customers, for instance informing them about major changes affecting an event for which they have purchased tickets). In this case, you must select the campaign type called "Information directly related to a contact's purchase or reservation". In order to be fully compliant with GDPR regulations, release Whymper V3 of SAM will filter out automatically all contacts that did not give their explicit consent. As a result, as of mid-November 2018, contacts who have not provided any consent information (neither positive, nor negative) will not receive your marketing campaigns anymore. |
Several improvements have been brought to SecuTix during Whymper V2 regarding the new General Data Protection Regulation (GDPR). These improvements aim at:
The batch process calculates the inactivity period by checking the date of the last transaction for a contact. This data is held in a special indicator (calculated directly by the batch process) called the GDPR recency. This recency covers:
The indicator then refers to the validity date of dated products and the order date of undated products.
Comments:
You can select the minimum period of inactivity. The batch process has a default setting of 36 months, which corresponds to the recommended 3-year period in France. The batch process also offers a simulation mode, which displays the list of contacts about to be anonymized/deleted. Since this batch process will have a considerable and irreversible impact on your contact database, we strongly recommend you run in simulation mode first in order to identify all affected contacts. No contact who is a debtor or creditor to your institution may be anonymized. These contacts will be included in the run-time log. They will be anonymized when the batch process runs and their transaction has been settled. |
SecuTix allows internet users to create contacts and integrate them to their community. By performing this action the users will be allowed to buy tickets for a member of their community.
If the internet user requests a login for any member of his community, the new community member will receive an email and all required information about data privacy policy. However, SecuTix cannot inform the new community member if no login has been created for him. In order to comply with GDPR regulations , a legal mention has been added to the "contact creation on behalf" page.
The purpose of legal mention is to urge the internet user, who created the contact, to inform the community member newly created about his rights regarding his personal data. The content of this legal mention is provided underneath:
When you share third party information (identity, contact details etc.) you undertake to have notified these third parties and, if necessary, obtained their consent for the processing of personal data when using our services and specifically with regard to achieving the purposes of management and monitoring of reservations and the ordering of tickets, creating and promoting communities, or managing our contact relations in general even carrying out communications and marketing activities for them. You also guarantee to us that you have brought to the attention of these third parties, the methods and characteristics relating to the processing of their data, the recipients of their data and the length of time their data will be kept etc. as well as details relating to their rights under the laws relating to the protection of personal data to which they are entitled and, in general, all the mandatory information which features in our "data protection policy", which you may read. |
---|
The ticketshop provides now two links to the data privacy policy that can be set up in the parameters of the point of sales
SecuTix recommands to create both pages (complete data privacy policy and summary) and to enter the respective URLs in above parameters.
In order for the Ticket Shops to be fully compliant with the GDPR rules, above parameters (confidentiality guarantee and data privacy policy summary) will become mandatory in a future SecuTix release. |
SecuTix already provides information to the operator when he enters a contact notes or remarks, alerting the operator about the requirements on the remarks content defined by the data privacy regulations. This principle has now been extended to order remarks.
A message is displayed to the operator to ensure he has requested the buyer's consent before saving the credit card alias for further payments.
The operator is informed about his legal obligations when exporting a report from the reporting tool or from SAM.
The login (connection code) of an operator cannot be modified or removed when this operator leaves your company. As a result, it's important that the identity of the operator cannot be discovered from his login. To achieve this, a message is displayed to the administrator to recall this requirement. Note that the operator first name and last name should be anonymized manually when the operator leaves your company.