The General Data Protection Regulation (GDPR) is the key European standard with regard to the protection of personal data. It strengthens and harmonises data protection for individuals in the European Union. It will come into force on 25 May 2018.

Click this page General Data Protection Regulation for an outline of your role and that of SecuTix in respect of the GDPR. The information below describes the new features that will help you carry out your role more easily. In previous versions, SecuTix had already provided features to take into account the previous European directive on data protection and the stipulations imposed by national authorities responsible for implementing it. Whymper V1 introduces additional features.


The requirement to obtain the contact's consent before storing a photograph

When operators store a photograph in a contact file, a message will be displayed reminding them to obtain the contact's consent to do so.

Entering comments about contacts

From the contact file, operators can:

  • Create a new note relating to the contact. There may be several notes produced for a single contact.
  • Enter or modify a contact comment. There is only one comment per contact.

When a note is created, SecuTix displays information and a link to further recommendations on entering free text. This process has been extended to include contact comments. As a result, when an operator saves a modified comment, the following message will be displayed:


By clicking on a link, they can display the following recommendations:

Visitor acceptance of your data protection policy

SecuTix allows you to create a separate URL, displaying your data protection policy in the Ticket Shop. In order to reinforce this practice, a message is displayed whenever an operator creates a point of sale without specifying a separate URL.

When a specific URL is defined:

  • Visitors must confirm acceptance of your data protection policy when creating their account.
  • Visitors may browse the policy:
    • From the account creation or modification page
    • From the order completion page

Bulk anonymisation/deletion of inactive contacts

Current situation (before Whymper V1)

SecuTix already has a contact anonymisation/deletion feature. Specifically:

  • Prospects (contacts who have never bought or benefited from a ticket) are deleted.
  • Contacts who have bought or benefited from a ticket are anonymised. This operation cannot be reversed. Operators are no longer able to view the history of this contact nor to access it for any reason whatsoever. Only SecuTix support personnel may recover information about this contact from logs. After the log information is deleted (this information is kept for a year), the information about this contact is irretrievably deleted. It may no longer be accessed, even by support.
  • Beneficiaries (the first name and surname of a ticket holder are taken without creating an actual contact) are also anonymised.

New batch facility for anonymisation/deletion of inactive contacts

SecuTix Whymper V1 now offers a batch process for bulk anonymisation of inactive contacts. You can select the minimum period of inactivity. The batch process has a default setting of 36 months, which corresponds to the normally recommended 3-year period. The batch process also offers a simulation mode, which displays the list of contacts about to be anonymised/deleted. Since this batch process will have a considerable and irreversible impact on your contact database, we strongly recommend you run in simulation mode first in order to identify all affected contacts. No contact who is a debtor or creditor to your institution may be anonymised. These contacts will be included in the run-time log. They will be anonymised when the batch process runs and their transaction has been settled.

Calculating the period of inactivity for a contact

The batch process calculates the period of inactivity by checking the date of the last transaction by a contact. This data is held in a special indicator (calculated directly by the batch process) called the GDPR recency. This recency covers:

  • Option acquisition
  • Option confirmation
  • Reservations and sales made, either as a purchase contact or a cultural contact. Completing payment does not, therefore, modify the contact recency.
  • Being added to the waiting list
  • (as of Whymper 1.7) explicit click on a SAM link
  • (as of Whymper 1.7) modification of contact criterion
  • (as of Whymper 1.7) modification of contact authorizations IF at least one authorization is still "yes, I authorize"
  • If the contact has not carried out any of the above actions, the contact creation date is used.
  • All those information are taken into account at the institution level (through all its organizations). Therefore, a contact will not be anonymized if there was an activity with another organization as the one running the batch.

The indicator then refers to the validity date of dated products and the order date of undated products.

Comment:

  • In order to maintain performance levels, the indicator is only recalculated if a contact is eligible for deletion or anonymisation, given the current value of the indicator and the chosen period of inactivity. It does not necessarily provide the complete contact recency.
  • For example: A contact has purchased a ticket for a performance taking place on 15 June 2018. The initial batch process runs and sets the indicator to 15 June. A few weeks later, the contact purchases a ticket for a performance on 1 September 2018. Suppose the batch was executed on 1 August after the purchase of the second ticket. The second batch process will not update the contact recency as it is too recent to be anonymised.
  • The batch anonymisation process only deals with individual contacts and relays and not the structures themselves nor contacts with another role (eg, supplier, guide, exhibitor, producer, partner, contractor)

How to use this new batch process

  • If it does not yet exist, create a batch type "Deletion/anonymisation of inactive contacts"
  • Schedule the following function "Deletion/anonymisation of inactive contacts". By default, the period of inactivity is initially set to 36 months and simulation mode is chosen.
  • If you don't find the mentioned batch type or function in the dropdowns, please ask our service team to activate these options

A contact's right to access their own data

At any time, contacts may ask to see a summary of the information held about them. Although we have received very few requests of this kind, our BI interface will feature two domains that will collate contact information (basic information about the contact, contact criteria values and indicators etc.), which will make this kind of request easy to fulfil.

Marketing campaign targets (SAM – SecuTix Audience Management)

Our marketing tool (SAM) makes it possible to remove all contacts who have opted out of receiving marketing communications and those who have not given their explicit consent. SecuTix Whymper V1 goes even further by introducing a more specific, automatic filtering mechanism.

  • All contacts who have opted out of receiving marketing communications in general or who have opted out via the communications channel planned for your campaign will be automatically excluded from the campaign target list.
  • There is one exception: Contacts are not filtered out from campaigns of the new type entitled "Information directly related to a contact purchase or reservation". This type of campaign should only be used to provide information which is directly related to contractual obligations, (e.g. announcing the cancellation or postponement of a performance). Under no circumstances should it be used for a marketing campaign.
  • Contacts who have not given their explicit consent (but have not opted out either) are not yet automatically filtered out. However, they can be explicitly filtered out when setting up the target group.

SecuTix urges you to:

  • Use your best operational endeavours to minimise the number of contacts who have neither given their express agreement nor confirmed their wish to opt out.
  • Specifically remove all contacts who have not given their explicit consent. SecuTix intends to widen the scope of automatic filtering in this contact category in a later version.


Marketing campaign "Explicit Consent Renewal"

Thanks to SAM, you can easily setup a marketing campaing targetted to contacts who will soon be anonymized.

Simply follow those steps:

  1. on your website, create a page (let's name it "consent renewal page") saying, for example, "Thank you for your continued interest! Data Privacy is of high concern to us and we'll only contact you if you accept to and with relevant information..."
  2. execute the Contact Anonymisation Batch IN SIMULATION MODE, with a delay of XX months (eg, 24)
  3. create a SAM Target filtering on contact indicator "GDPR Recency" and set a date (format "YYYYMMDD") XX months in the past (it corresponds to last activity of this contact), eg in this example, 3 years ago from today:
     
  4. create a SAM campaing with a text similar to "Hello <firstname>, we've not seen you from a long time, if you want to continue hearing from us, simply click this <link>" with <link> pointing to your "consent renewal page" (created at step 1)
  5. then, when the contact will click on the link, SAM will track this click and as exposed above, this action will be taken care in the GDPR recency indicator and is considered as an activity


© SecuTix 2023 - Login