Under GDPR your customers enjoy a number of rights including the right to access. In this article we will explain how Xtremepush can assist you in being compliant in regard to this right.
Right of Access
Under the right of access, the customer can submit a subject access request to access the data held about them. The company holding the data can no longer charge a standard fee for such a request; however, under Article 12 a “reasonable fee” can be charged where the requests are “manifestly unfounded or excessive”, particularly if they are repetitive.
The institution holding the data may refuse to comply, but if they do, they must demonstrate why they feel the request is “manifestly unfounded” or excessive in character.
The data that is the subject of a subject access request should normally be provided within 1 month of the request being made; however, this timeline can be extended provided the individual is informed.
Right to Data Portability
Under the new GDPR, customers will have the right to receive personal data in a “structured, commonly used and machine readable format”.
If the data is not available for a customer to download immediately, then it should be made available to the customer within a month of receiving the request.
Servicing a Subject Access Request
If you have to process a request for data access from a customer and need to access their data from xtremepush then you can.
If you are not familiar with where your user profile data can be found on the platform first read our user profile data guide to familiarise yourself with this part of the platform in the docs here:
To service an access request navigate to App Data > User Profiles and use the search fields to find the user who has made the request using a Customer ID or email.
Once you have found the user record double check the data to ensure you have the correct user record.
Once you have confirmed you have the correct user then click the download icon and the users data will be packaged up for download. Once the task completes a zipped file with user data will be available.
When you download this you will see it contains a README and a number of CSVs with the data.
The README explains the content of the CSVs as shown below:
This package contains following files: - attributes.csv - user's attributes - devices.csv - user's registered devices - tags.csv - collected app usage information - events.csv - collected app events - sessions.csv - collected app sessions - locations.csv - visits to locations of interest - messages.csv - messages sent to user
You will find details on this data in the user profiles and device profiles sections if further explanation is needed. Some of the files may be blank if you are not using features such as tagging app/web behaviour, location services from the mobile SDK etc. Once you have retrieved the data you can re organise it and make arrangements to share it securely with the customer along with data retrieved from your own system.
Servicing a Data Portability Request
See above the customer data can be retrieved in CSV format which is a “structured, commonly used and machine readable format”.
Can't see profiles?
Profile data is only visible for those authorised to access the App Data section. Most day to day activity does not require access to user profiles. Access to rectify data is reserved for certain user roles. All accounts come with multi-user access and the person(s) in your organisation responsible for administration of user access will be able to provide appropriate user access to users who need to have access to service customer data requests. For help with user access please contact your Administrator first and if you need further help submit a support ticket.