Describes GDPR guidelines for Optimizely Campaign.
When using Optimizely Campaign, you should use the double opt-in method, where users are sent an email with an opt-in link. The user must click this link to be added to a recipient list and start receiving email newsletters and so on. Thereafter, the record is kept as an active recipient.
A recipient can withdraw their consent by unsubscribing to emails, such as clicking an unsubscribe link contained in the sent emails. This generates an unsubscribe event and the recipient is no longer listed as active. See also Ask for consent.
PII data on campaign recipients are defined and supplied by you as an Optimizely customer. The data categories, which are transmitted to the recipient records and stored, are defined in the ADV-V. The data records are transmitted via import, HTTPS, the application frontend, SFTP, HTTP API, or SOAP API.
You can maintain a disallow list with addresses or address patterns. Recipient records that match an entry in the disallow list are never posted, regardless of their opt-ins or unsubscribe status.
Recipients can also decide themselves if action-based data, such as openings and clicks, should be stored or not. In this case, only the reference to the sent campaign is stored with the event.
Each time a message is sent through the channels available in Campaign, a message dispatch event is generated for each message and recipient. Each response to a message, (such as a direct reply-to, an autoresponder or a bounce), generates a response handling event in the application.
If you use the optional feature, Conversion Tracking, a cookie is set for recipients following a conversion tracking link from a newsletter. The tracking cookie tracks user actions even after the visitor has left the newsletter; for example, on the shopping page of the customer. You define which values the post-click tracking cookie should store. See also Store data.
Optimizely Campaign is a service Optimizely provides for its customer. In this case, you as a customer are the data controller and Optimizely the data processor. If one of your data subjects wants to access, port, update or delete their data, Optimizely has a process for this, and you can contact us through the Managed Services team for more details. See also Fetch and update data.
Records of incomplete opt-in processes are automatically deleted after 30 days.
If you or one of your data subjects want to delete their PII data, Optimizely has a process for this. Contact Optimizely support for more details. See also Delete data.
Updated 10 days ago