When using Episerver Campaign, you should use the double opt-in method. This is a method where users are sent an email with a so-called opt-in link. The user must click this link to be added to a recipient list and start receiving email newsletters etc. Thereafter, the record is kept as an active recipient.
A recipient can withdraw their consent by unsubscribing to emails, for example, through the unsubscribe link contained in the sent emails. This generates an unsubscribe event and the recipient is no longer listed as active.
PII data on campaign recipients are defined and supplied by you as our customer. The data categories, which are transmitted to the recipient records and stored, are defined in the ADV-V. The data records are transmitted via import, HTTPS, the application frontend, SFTP, HTTP API, or SOAP API.
You can maintain a blacklist with addresses or address patterns. Recipient records that match an entry in the blacklist are never posted, regardless of their opt-ins or unsubscribe status.
Recipients can also decide themselves if action-based data, such as openings and clicks, should be stored or not. In this case, only the reference to the sent campaign is stored with the event.
Each time a message is sent via the channels available in Campaign, a message dispatch event is generated for each message and recipient. Each response to a message, for example, by a direct reply-to, an autoresponder or a bounce, generates a response handling event in the application.
If you use the optional feature, Conversion Tracking, a cookie is set for recipients following a conversion tracking link from a newsletter. The tracking cookie tracks user actions even after the visitor has left the newsletter, for example, on the shopping page of the customer. You define which values the post-click tracking cookie should store.
Episerver Campaign is a service Episerver provides for its customer. In this case, you as a customer are the data controller and Episerver the data processor. If one of your data subjects wants to access, port, update or delete their data, we have a process for this, and you can contact us through the Managed Services team for more details.
Records of incomplete opt-in processes are automatically deleted after 30 days.
If you or one of your data subjects want to delete their PII data, we have a process for this. Contact us at the Managed Services team for more details.
Last updated: Jun 19, 2018