Privacy Requests

Overview

Foxtrot supports the collection, tracking, and fulfillment of customer privacy requests and preferences. Privacy requests are used for compliance with various jurisdiction's regulations including CCPA, CPRA, or GDPR. There are three types of privacy requests supported:

  • Data Deletion- The customer would like specific or all their data removed
  • Data Request- The customer requests to a report of their data
  • Do Not Sell- The customer requests to not have their data shared or sold to 3rd parties

Privacy Requests: List View

When a user navigates to the Privacy Requests, the user sees a list view of all open privacy requests.

  • The list view will default to a result view of Open requests
  • GID: is the unique ID of the privacy request
  • Email: is the email of the user submitting the privacy request. If the email is linked to a customer, there will be a link to the client user page for ease of fulfilling requests.
  • Status: indicates the status of the request: Open, Fulfilled, Closed w/o Action
  • Type: is the type of privacy request: Data Deletion, Data Request, Do Not Sell

Privacy Requests: Request Types

There are three types of requests customers can submit:

  • Data Deletion- The customer would like specific or all their data removed
  • Data Request- The customer requests a report of their data
  • Do Not Sell- The customer requests not having their data shared or sold to 3rd parties

All requests are submitted through the privacy request form, which is included on the privacy policy page. Note: Any user can submit a privacy request, however, data requests and deletion requests are only applicable to active customers so their identity must be verified through the following steps:

  1. Open the privacy request and confirm the requester is a customer by confirming:
    1. The submitted requester's email is linked to a client user account
    2. The submitted shipping address and phone number match the client user account
  2. If either check does not match, the request can be set to closed w/o action

Do Not Sell

Do Not Sell customer requests that are submitted by the privacy request form are automatically processed and marked as fulfilled so no additional action is needed from users.

Customers can also be manually configured as Do Not Sell by users if they submit an email or CS ticket. Steps:

  1. Navigate to the Privacy Request List View page
  2. Select Create Privacy Request in the top right corner
  3. Select Do Not Sell for the type of request and set the status to Fulfilled
  4. Input the customer's email and personal information
  5. Submit the request

The customer's privacy settings will be updated and their data will not be tracked and shared with 3rd parties.

Data Deletion

Once users confirm the requester is an active customer, the open Data Deletion requests will be processed monthly automatically and closed.

Data Request

Data Requests must manually be fulfilled by a CS agent or admin. To fulfill a data request:

  1. After confirming the requester is an active customer, open the privacy request
  2. Navigate to the client user by selecting view user above the email field
  3. Select the CCPA tab
  4. In the Data Download Requests section, select Create Report
  5. Three reports will be generated, download the data request report, and share with the customer
  6. Once shared, the report can be marked as Fulfilled