The General Data Protection Regulation (GDPR) is a regulation that intends to strengthen data protection for all individuals within the European Union (EU). The GDPR aims primarily to give control back to citizens and residents over their personal data.
The main goal of XMPie’s GDPR solution is to provide you the tools, mechanisms and guidelines to allow your organization to comply with the various GDPR requirements.
For detailed information about how XMPie handles GDPR, see GDPR Guidelines for XMPie Products.
For detailed information about GDPR, refer to http://www.eugdpr.org.
When applying GDPR, uStore no longer saves personal information of recipients after it is no longer necessary. For example, once a campaign has terminated it is no longer needed to hold this information. Personal data is therefore saved for a fixed period of time for the purpose for which it was collected, and then deleted.
uStore assists you in being GDPR compliant by providing you the means to automatically delete your recipient lists and personal information according to GDPR regulations, as follows:
Storefront
· The shopper has a 30-day period from uploading a recipient list until it is automatically deleted from the Storefront.
· The shopper and approver(s) are required to confirm that the recipient list(s) used in the order are GDPR compliant.
· Anonymous (non-registered) Storefront users are deleted after 30 days, as well as their orders.
· Instances of XM Campaign products are deleted when the recipient list expires.
· Uploaded files (of both Composite products and File Attachment property) are automatically deleted and replaced with dummy files, 30 days after initiation of the product order.
· Generated proofs files are deleted as part of the automatic deletion process.
Back Office
· Once the order has arrived in the Back Office, the administrator has an additional 30-day period to fulfill the order before the recipient list is automatically deleted.
· Once the order has arrived in the Back Office, uploaded files (of both Composite products and File Attachment property) remain for 30 days before being deleted and replaced with dummy files.
· The production output is deleted 30 days after it was created.
· Proof files are deleted and replaced with dummy files, 30 days after being generated.
· When deleting a user:
– All of the user’s non-submitted orders are deleted.
– Orders that have been submitted are kept permanently.
– Personal information, such as images uploaded by the user and customization values, are deleted.
– User details are deleted only if there are no submitted orders.
· The proof uses the recipient list data as long as it is available. Otherwise it uses the sample recipient list.
· The administrator can download an XML with user data upon request. The XML contains user information and order data.
· The instance of a live XM campaign ("Campaign in Progress" queue) is not deleted. In such a case there is a tool in Circle to delete an individual recipient.
· If the XM campaign is not live, the instance is deleted when the recipient list expires.
If you wish your stores to be GDPR compliant, proceed as follows:
1. In the Global Configurations table, set the GDPR keys:
– GdprRLExpirationDays_Storefront
– GdprRLExpirationDays_Backoffice
– GdprRLExpirationNotificationDays
Once these keys are set in the Configuration table, each new store that you create will automatically be GDPR compliant.
2. Each store must be individually defined as GDPR. This is done in the store's Advanced tab.
3. Retrieve user information: You can download an XML file containing user details, including personal information, such as name, email, phone number, billing and shipping addresses, and order details. This is done in the User Setup window.