Privacy and Consent privacy-and-consent
General recommendations general-recommendations
۶Ƶ Campaign is a powerful tool for collecting and processing extremely large amounts of data, including personal information and sensitive data. This is why privacy needs to be managed carefully.
-
Always make responsible and ethical use of personal information.
-
Refrain from sending unsolicited email, push notifications and SMS messages (“spam”). ۶Ƶ strongly believes in the principles of permission marketing in fostering customer lifetime value and loyalty, and therefore strictly forbids the use of ۶Ƶ Campaign in sending unsolicited messages.
Privacy regulations privacy-regulations
To correctly handle privacy and manage personal data, work within the legislations applicable to the region(s) where you operate. These regulations include:
- (European General Data Protection Regulation)
- (UK’s implementation of GDPR)
- (US law setting the rules and requirements for commercial email)
- (California Consumer Privacy Act)
- (Thailand Personal Data Protection Act)
۶Ƶ Experience Cloud privacy experience-cloud-privacy
۶Ƶ Campaign is part of the ۶Ƶ Experience Cloud solutions. The way privacy is handled in Campaign obeys the ۶Ƶ Experience Cloud general principles, such as the following:
-
What information is collected when using ۶Ƶ Experience Cloud
As a company using ۶Ƶ Experience Cloud solutions, you choose what information to collect and send to your ۶Ƶ Experience Cloud account. Examples of the types of information that may be collected include web browsing activity, IP addresses, location information from mobile devices, campaign success rates, items purchased or placed in shopping cart, etc.
note note NOTE As for all ۶Ƶ products, Campaign collects information about app and website users. For more on this, see the . -
How ۶Ƶ Experience Cloud is used to collect information
- ۶Ƶ Experience Cloud solutions use cookies and similar technologies, such as web beacons (also known as tags or pixels), to enable you to collect information. For more on cookies and tracking capabilities with ۶Ƶ Campaign, see this section.
- You may also use ۶Ƶ Experience Cloud technologies within your mobile apps. For more on sending mobile deliveries with Campaign, see this page.
-
You users’ privacy choices about your use of ۶Ƶ Experience Cloud
۶Ƶ asks you to provide your customers privacy policies describing:
- Your privacy practices in connection with ۶Ƶ Experience Cloud
- How users can set their preferences for the collection or use of their information in connection with ۶Ƶ Experience Cloud
note note NOTE As for all ۶Ƶ products, Campaign users can opt-out sharing information collected about them through apps and websites. For more on this, see the .
For further details on the ۶Ƶ Experience Cloud privacy, see .
Personal Data and Personas personal-data
When managing Privacy, it is important to define what data should be handled with care and by whom.
- Personal Data is information that can directly or indirectly identify a living individual.
- Sensitive Personal Data is information related to an individual’s race, political views, religious beliefs, criminal background, genetic information, health data, sexual preference, biometric information, as well as trade union membership.
The main legislations refer to the different entities that manage data as follows:
- A Data Controller is the authority that determines the means and purpose of collecting, using, and sharing personal data.
- A Data Processor is any individual or party that collects, uses, or shares personal data as directed by the Data Controller.
- A Data Subject is any living individual whose personal data is being collected, used or shared, and who can be identified, directly or indirectly, by reference to that personal data.
Therefore, as a company collecting and sharing personal data, you are the Data Controller, your clients are the Data Subjects and ۶Ƶ Campaign acts as a Data Processor when handling their personal data as directed by you. Note that it is your responsibility as a Data Controller to handle the relationship with the Data Subjects such as when managing privacy requests.
When integrating Campaign with other Experience Cloud solutions where audiences can be transferred from one system to another, ۶Ƶ Analytics, Audience Manager or People core service, or with other solutions such as Microsoft Dynamics 365, you need to pay extra care to personal data protection.
Data acquisition data-acquisition
۶Ƶ Campaign enables you to collect data, including personal and sensitive information. It is therefore essential that you receive and monitor consent from your recipients.
- Always have recipients agree to receive communications. To do this, keep honoring opt-out requests as quickly as possible and verify consent through a double opt-in process. For more on this, see Managing opt-in and opt-out in Campaign and Setting up a double opt-in process.
- Do not import fraudulent lists and use traps to check that your client file is not being used fraudulently. For more on this, see Using traps.
- Through consent and rights management, you can track your recipients’ preferences as well as manage who within your organization can access which data. For more on this, see this section.
- Facilitate and manage Privacy requests from your recipients. For more on this, see this section.
Privacy management privacy-management
Privacy management refer to all the processes and tools that can help you comply with Privacy regulations (GDPR, CCPA, etc.). Get an overview of what privacy management is on this page.
۶Ƶ Campaign provides you with various sets of features dedicated to privacy management:
- Consent management, data Retention and user Roles. See this section.
- Privacy requests (Right to Access and Right to be Forgotten). See this section.
- Opt-out for the Sale of Personal Information (CCPA-specific). See this section.
The main Privacy capabilities in Campaign and an example of the personas involved are presented in this section.
Consent, Retention and Roles consent
Originally, ۶Ƶ Campaign offers important features that are essential to Privacy:
- Consent management: Through the subscription management process, you can manage your recipients’ preferences and track which recipients have opted-in to which type of subscriptions. For more on this, see Subscriptions and Landing pages.
- Data retention: All built-in standard log tables have pre-set retention periods, generally limiting their data storage to 6 months or less. Additional retention periods can be set up with workflows. For more on this, reach out to the ۶Ƶ consultants or technical administrators.
- Rights management: ۶Ƶ Campaign provides you with the ability to manage the rights assigned to the various Campaign operators via different pre-built or custom roles. This allows you to manage who within your company can access, modify or export different types of data. For more on this, see About access management.
For more on these features and how to manage them in ۶Ƶ Campaign, see this page.
Privacy requests privacy-requests
۶Ƶ Campaign provides additional capabilities to help you facilitate your readiness as a Data Controller for certain Privacy requests:
-
The Right to Access is the right for the Data Subject to obtain from the Data Controller confirmation as to whether or not personal data concerning them is being processed, where and why.
-
The Right to be Forgotten (delete request) entitles the Data Subject to have the Data Controller erase their personal data.
The Access and Delete requests are presented on this page. The implementation steps to create these requests are detailed on this page. Tutorials are also available here.
Tracking capabilities tracking-capabilities
Thanks to its tracking functionalities, ۶Ƶ Campaign enables you to track the behavior of your delivery recipients using session cookies and permanent cookies. For more on tracking, see this page.
You can also add tracked links in your messages in order to measure the impact of your delivery and recipient behavior in the Tracking indicators built-in report, or create your own dedicated reports.