Optimizely Community API
Describes GDPR guidelines for Optimizely Community API.
Collect data
If your application uses Optimizely Community API (formerly Social), you should ensure that consent is given before accepting user-generated content or allowing participation in digital communities. Clearly state the purpose and guidelines of your community features, and only collect PII data appropriate to that community's purpose. Avoid the collection of data that may be deemed sensitive. See also Collect data.
Store data
Optimizely Community API stores only the content submitted to it by your application. Communication between your application and Optimizely Community API, including content transfer, occurs through HTTPS.
Avoid storing PII with Community API content whenever possible. Optimizely Community API uses "references" to identify users, such as the author or a comment or the contributor of a rating. This is helpful because it lets you consolidate and segregate PII data from your content. The content refers to a user but does not require you to embed their data.
When storing content with Optimizely Community API that may contain PII, you should do so in a manner that can be retrieved or removed later. Requests for access or requests to be forgotten by your users mean you must identify their contributions. The Optimizely Community API's modeling and querying features let you structure content most appropriately to support your application in this regard.
In some cases, the content generated by one user may intentionally or inadvertently contain the PII data of another. Such content can be challenging to identify and remove. Consider implementing a stringent moderation policy for accepting content, which lets administrators prevent this kind of content from being stored.
See also Store data.
Fetch data
The Optimizely Community API's content modeling capabilities let applications structure content appropriately for them. Consider structuring content so your application can identify and retrieve it. The API's querying capabilities let you define powerful queries to retrieve content, even if they are represented using custom models. Your application should use these tools to implement the export capabilities necessary to honor a Subject Access Request (SAR).
See also Fetch and update data.
Delete data
The Optimizely Community API and its content modeling capabilities let applications properly structure content. Consider structuring content so that it can be identified and deleted. Consider the Optimizely Community API features you use to store content, as some forms of content may be better suited to facilitate removal.
Also, the content generated by one user may intentionally or inadvertently contain the PII data of another. Such content can be challenging to identify and remove. Consider implementing a stringent moderation policy for accepting content, which lets administrators prevent this kind of content from being stored.
See also Delete data.
Updated 8 months ago