Under GDPR your customers enjoy a number of rights including the right to erasure or deletion. In this article we will explain how Xtremepush can assist you in being compliant in regard to this right.
The right of erasure is not an absolute right to be forgotten. Individuals have a right to be forgotten and the data to be erased in certain circumstances. For example, a customer’s data should be erased when:
The personal data is no longer required in connection with the reason for which it was originally collected
The individual withdraws consent to the data being held
Where an individual objects to processing and there is no overriding legitimate reason for holding the data
The personal data was unlawfully processed or it has to be erased to comply with a legal obligation
The request for erasure can be refused if the data needs to be retained to comply with a legal obligation or to exercise defence of legal claims. For example, when the data of a closed customer must be kept for a time period at the request of the national authorities then the data can be kept for that period.
Data retention periods and legal grounds for processing should be established and documented ready for inclusion in privacy notices. So, if personal data is retained for a certain period of time after a customer’s account is closed, this should be included in the privacy notice made available to the customer.
Servicing a Request for Erasure
If you have to process a request from a customer to erase their data and that requires erasing their data on xtremepush then you can.
If you are not familiar with where user profile data can be found on the platform first read our user profile data guide to familiarise yourself with this part of the platform in the docs here:
To erase customer data navigate to App Data > User Profiles and use the search fields to find the user who has made the request using a Customer ID or email.
Once you have found the user record double check the data to ensure you have the correct user record.
Once you have confirmed you have the correct user then click the delete user icon (far right) to erase that users personal data from the system. Confirm that you want to continue to begin erasure.
When the erasure task is complete you will receive confirmation.
Can't see profiles?
Profile data is only visible for those authorised to access the App Data section. Most day to day activity does not require access to user profiles. Access to rectify data is reserved for certain user roles. All accounts come with multi-user access and the person(s) in your organisation responsible for administration of user access will be able to provide appropriate user access to users who need to have access to service customer data requests. For help with user access please contact your Administrator first and if you need further help submit a support ticket.