Loading...
Area: Episerver Product Recommendations, Episerver Visitor Intelligence, Episerver Profile Store
Applies to versions: Not applicable

Episerver Personalization

Recommendations [hide]

In this topic

Episerver Product Recommendations and Episerver Email Product Recommendations

Consent

For Episerver Product Recommendations (formerly Episerver Perform), Episerver Commerce checks the do not track (DNT) header on the request to enable tracking when a data subject visits the website. If the DNT field is set to 1, the Commerce system stops making the call to the Personalization tracking API.

If you disable tracking for a user, Episerver Email Content Recommendations returns the latest content instead of personalized content for all users.

Collecting data

From v1.4 of the integration APIs, no personally identifiable information (PII) is collected by the Personalization system. A pseudonymized user ID is received in the tracking request and is used to identify the user in the Personalization system.

For clients using previous versions of the integration APIs, optionally, both IP address and email address is tracked, if provided (email address is used to identify the user in the Personalization system).

Storing data

Microsoft SQL Server and Cassandra databases stores tracked data in Episerver's production environment for a maximum of six months.

By default, the Personalization system stores the IP address and email address of end-users who engage with a client’s e-commerce website.

However, from v1.4 of the integration APIs, no PII is required and hence Personalization databases does not store PII. Instead, the client is required to provide a pseudonymized user ID in the tracking request which is used to identify the user in the Personalization system instead of email address.

Using data

IP address and email address of end-users are used to show personalized recommendations from Episerver Product Recommendations and send personalized emails from Episerver Email Product Recommendations.

From v1.4 of the integration APIs, this does not apply because Episerver Product Recommendations and Episerver Email Product Recommendations do not use PII.

For clients using previous versions of the integration APIs, an email address is used by Episerver Email Product Recommendations to provide personalized recommendations via email.

Fetching data

From v1.4 of the integration APIs, no PII is required by the Personalization system - so any subject access requests (SARs) that are raised are not processed because Episerver cannot identify an individual.

For clients using previous versions of the integration APIs, if a client or partner receives a SAR to provide data that they hold about a subject, a support ticket needs to be raised by the client or the partner to the Managed Services team.

Deleting data

From v1.4 of the integration APIs, no PII is required by the Personalization system - so SARs that are raised are not processed because Episerver cannot identify an individual

For clients using previous versions of the integration APIs, if a client or partner receives a SAR to delete all data that they hold about a subject, then a support ticket needs to be raised by the client or the partner to the Managed Services team.

Episerver Content Recommendations

Note: Episerver Content Recommendations does not support do not track (DNT) at this time.

Consent

For Episerver Content Recommendations, it is your responsibility to handle consent and whether you should enable tracking when a data subject visits the website. You can turn off tracking from the configuration perspective, but doing so affects tracking for all users.

Note: If you disable tracking for a user, Episerver Email Content Recommendations returns the latest content instead of personalized content for all users.

Collecting data

A pseudonymized user ID (UUID) is received as a cookie value with the IP address in the tracking request. Only the UUID is used to identify the user in the Personalization system. The IP address is used only for filtering IPs or IP ranges (such as a customer's corporate firewall IP). However, a client/partner implementation can send other user identifiers (such as anonymized or plain text email address) to the tracking system.

Storing data

MySQL Server and ElasticSearch databases store tracked user data in Episerver's production environment.

  • Active user data is stored indefinitely for user profile/model building purposes.
  • Inactive user data is deleted after 12 months.

Using data

The anonymized cookie/UUID value shows personalized (mostly web) recommendations from Episerver Content Recommendations and sends personalized emails from Episerver Email Content Recommendations.

Fetching data

If you receive a subject access request (SAR) to provide all data that you hold about a subject, file a support ticket with Episerver Managed Services. You can also fetch the data through the Content Recommendations API endpoint by using the visitor's UUID.

Deleting data

If you receive a SAR to delete all data that they hold about a subject, file a support ticket with Episerver Managed Services. You can also  delete the data through the Content Recommendations API endpoint by using the visitor's UUID.

Episerver Profile Store

Consent

Episerver Profile Store checks the DNT header on the request to track a user. You can override the DNT functionality, so you can build your own do not track implementation.

Collecting data

Episerver Profile Store collects the data that is sent into the system. There are static fields for Name and Email that you can set by the implementation that uses Profile Store tracking. Profile Store does not set these by itself.

Storing data

Episerver treats stored data as PII data and stores it in Elastic Search.

Episerver Profile Store customers get separate indexes, and the data is stored for at least 2 years.

Using data

Data received using the Profile Store API should be treated as PII data and not stored in another (possibly unsafe) store.

Fetching data

To fetch data, contact the Managed Services team at Episerver. The data is fetched and sent back within 30 days.

Deleting data

To delete data, contact the Managed Services team at Episerver. The data is deleted within 30 days using a one-time secret.

Do you find this information helpful? Please log in to provide feedback.

Last updated: Jun 19, 2018

Recommendations [hide]