...
| Warning | ||
|---|---|---|
| ||
Since release Whymper V1, SAM (SecuTix Audience Management) filters out automatically all contacts that refuse explicitly marketing communications (except if the campaign contains only "operational" (and non-marketing) information directly related to contractual obligations towards the customers, for instance informing them about major changes affecting an event for which they ave have purchased tickets). In this case, you must select the campaign type called "Information directly related to a contact's purchase or reservation".
In order to be fully compliant with GDPR regulations, release Whymper V3 of SAM will filter out automatically all contacts that did not give their explicit consent. As a result, as of mid-November 2018, contacts who have not provided any consent information (neither positive, nor negative) will not receive your marketing campaigns anymore. |
...
- Improving the flexibility of the bulk contact anonymization batch
- Improving the information provided to the operator operators and internet user users with regard to the data privacy policy
...
Batch facility improvement for anonymization/deletion of inactive contacts
...
Contact inactivity period calculation
The batch process calculates the inactivity period of inactivity by checking the date of the last transaction by for a contact. This data is held in a special indicator (calculated directly by the batch process) called the GDPR recency. This recency covers:
...
The indicator then refers to the validity date of dated products and the order date of undated products.
CommentComments:
- In order to maintain performance levels, the indicator is only recalculated if a contact is eligible for deletion or anonymization, given the current value of the indicator and the chosen period of inactivity. It does not necessarily provide the complete contact recency.
For example: A contact has purchased a ticket for a performance taking place on 15 the 15th of June 2018. The initial batch process runs and sets the indicator to 15 the 15th of June. A few weeks later, the contact purchases a ticket for a performance on 1 1st of September 2018. Assuming the batch was executed on the 1st of August after the purchase of the second ticket, the second batch process will not update the contact recency as it is too recent to be anonymized. - The batch anonymization process only deals with individual contacts and relays but not the structures themselves, nor contacts with another role, e.g., supplier, guide, exhibitor, producer, partner, contractor.
...
- When a contact is anonymized, either through the a batch or manually by the an operator, the country, town and post code of the address are kept, allowing . Allowing the reports on the geographical origin of the customers to remain accurate. The other address information are still deleted so that the identity of the anonymized contact cannot be recovered. When a prospect is removed, all address information are deleted.
- All beneficiary information , (except the country, and all answers to questions of type Address or Email ) linked to tickets which end validity is older than the duration specified in the batch are removed.
- Answers to questions linked to tickets which end validity is older than the duration specified in the batch are removed,.
- The IP address of all orders containing only tickets which end validity is older than the duration mentioned above is removed.
...
How to use this new batch process
- If it does not yet exist, create Create a batch type "Deletion/anonymization of inactive contacts" (If it does not exist yet)
- Schedule the following program "Deletion/anonymization of inactive contacts". By default, the period of inactivity is initially set to 36 months and on a simulation mode is chosen.
Information for internet users
"Contact creation on behalf"
SecuTix allows internet users to create contacts and integrate them to their community, and . By performing this action the users will be allowed to buy tickets for a member of their community.
If the internet user requests a login for the any member of his community, the new community member will receive an email and will get all required information about data privacy policy. However, SecuTix cannot inform the new community member if no login is has been created for him. In order to comply with RGPD GDPR regulations in this specific case , a legal mention has been added to the "contact creation on behalf" page.
The purpose of legal mention is to urge the internet user creating , who created the contact, to inform the community member for which a contact has been created about the contact creation and his rights regarding his personal datanewly created about his rights regarding his personal data. The content of this legal mention is provided underneath:
When you share third party information (identity, contact details etc.) you undertake to have notified these third parties and, if necessary, obtained their consent for the processing of personal data when using our services and specifically with regard to achieving the purposes of management and monitoring of reservations and the ordering of tickets, creating and promoting communities, or managing our contact relations in general even carrying out communications and marketing activities for them. You also guarantee to us that you have brought to the attention of these third parties, the methods and characteristics relating to the processing of their data, the recipients of their data and the length of time their data will be kept etc. as well as details relating to their rights under the laws relating to the protection of personal data to which they are entitled and, in general, all the mandatory information which features in our "data protection policy", which you may read. |
|---|
Data privacy policy summary explicitly shown to the internet user
The ticketshop already provides a link now two links to the data privacy policy that can be configured set up in the parameters of the point of sales. A new point of sales parameter allows displaying directly a summary of this data privacy policy
- Confidentiality guarantee: This parameter already exists in the previous releases of SecuTix. It contains a URL to your complete data privacy policy. This URL is displayed as a link on the Ticket Shop. The internet user has to click on this link to display the complete data privacy policy.
- Data privacy policy summary explicitly shown to the contact: This is a new parameter provided in Whymper V2. It contains a URL to a summary of your data privacy policy. This summary is directly displayed on the contact creation page of the Ticket Shop. The internet user
...
- won't have to click on a link to view
...
- it.
Both SecuTix recommands to create both pages (complete data privacy policy links mentioned above are now also provided by the newsletter widgetand summary) and to enter the respective URLs in above parameters.
| Warning | ||
|---|---|---|
| ||
In order for the Ticket Shops to be fully compliant with the GDPR rules, above parameters (confidentiality guarantee and data privacy policy summary) will become mandatory in a future SecuTix release. |
Information for operators
...
SecuTix already provides information to the operator when he enters a contact note notes or remarkremarks, reminding alerting the operator about the requirements on the remark remarks content defined by the data privacy regulations. This principle has now been extended to order remarks.
...
The operator is informed about his legal obligations when exporting a report from the operation reporting tool or from SAM.
...
The login (connection code) of an operator cannot be modified or removed when this operator leaves your company. As a result, it's important that the identity of the operator cannot be discovered from his login. To achieve this, a message is displayed to the administrator to recall this requirement. Note that the operator first name and last name may be (and should be ) anonymized manually when the operator leaves your company.
...