Optimizely Campaign
Describes GDPR guidelines for Optimizely Campaign.
Consent
When using Optimizely Campaign, you should use the double opt-in method, where users are sent an email with an opt-in link. The user must click this link to be added to a recipient list, receive email newsletters, and so on. After that, the record is kept as an active recipient.
A recipient can withdraw their consent by unsubscribing to emails, such as clicking an unsubscribe link contained in the sent emails. This generates an unsubscribe event, and the recipient is no longer listed as active. See also Ask for consent.
Store data
PII data on campaign recipients are defined and supplied by you as an Optimizely customer. The data categories transmitted to the recipient records and stored are defined in the ADV-V. The data records are transmitted through import, HTTPS, the application frontend, SFTP, HTTP API, or SOAP API.
You can maintain a disallow list with addresses or address patterns. Recipient records that match an entry in the disallow list are never posted, regardless of their opt-ins or unsubscribe status.
Recipients can also decide whether action-based data, such as openings and clicks, should be stored. In this case, only the reference to the sent campaign is stored with the event.
Each time a message is sent through the channels available in Campaign, a message dispatch event is generated for each message and recipient. Each response to a message (such as a direct reply-to, an autoresponder, or a bounce) generates a response handling event in the application.
If you use the optional feature, Conversion Tracking, a cookie is set for recipients following a conversion tracking link from a newsletter. The tracking cookie tracks user actions even after the visitor has left the newsletter, for example, on the customer's shopping page. You define which values the post-click tracking cookie should store. See also Store data.
Fetch data
Optimizely Campaign is a service that Optimizely provides to its customers. In this case, as a customer, you are the data controller, and Optimizely the data processor. If one of your data subjects wants to access, port, update, or delete their data, Optimizely has a process for this, and you can contact the Managed Services team for details. See also Fetch and update data.
Delete data
Records of incomplete opt-in processes are automatically deleted after 30 days.
If you or one of your data subjects want to delete their PII data, Optimizely has a process. Contact Optimizely Support for more details. See also Delete data.
Updated 9 months ago