Loading...

Last updated: Jun 19 2018

Episerver Personalization

In this topic

Episerver Perform and Episerver Reach

Consent

For Episerver Perform, the Commerce system checks the “DNT” header on the request to check if tracking should be enabled when a data subject visits the website. If the "DNT" field is set to 1, the Commerce system will stop making the call to the Personalization tracking API.

Episerver Reach will automatically not work if Personalization tracking is disabled for a user.

Collecting data

From v1.4 of the integration APIs, no PII is collected by the Personalization system. A pseudonymized user ID is received in the tracking request and is used to identify the user in the Personalization system.

For clients using previous versions of the integration APIs, optionally, both IP address and email address will be tracked, if provided (email address is used to identify the user in the Personalization system).

Storing data

Tracked data is stored in Microsoft SQL Server and Cassandra databases in Episerver's production environment for a maximum of six months.

By default, the Personalization system stores the IP address and email address of end-users who engage with a client’s e-commerce website.

However, from v1.4 of the integration APIs, no PII is required and hence not stored by the Personalization databases. Instead, the client is required to provide a pseudonymized user ID in the tracking request which will be used to identify the user in the Personalization system instead of email address.

Using data

IP address and email address of end-users are used to show personalized recommendations from Episerver Perform and send personalized emails from Episerver Reach.

From v1.4 of the integration APIs, this is not applicable as Episerver Perform and Episerver Reach do not use PII.

For clients using previous versions of the integration APIs, email address will continue to be used by Episerver Reach to provide personalized recommendations via email.

Fetching data

From v1.4 of the integration APIs, no PII is required by the Personalization system - so any Subject Access Requests (SARs) that are raised will not be processed as we cannot identify an individual.

For clients using previous versions of the integration APIs, if a client or partner receives a SAR to provide all data that they hold about a subject, a support ticket needs to be raised by the client or the partner to the Managed Services team.

Deleting data

From v1.4 of the integration APIs, no PII is required by the Personalization system - so SARs that are raised will not be processed as we cannot identify an individual

For clients using previous versions of the integration APIs, if a client or partner receives a SAR to delete all data that they hold about a subject, then a support ticket needs to be raised by the client or the partner to the Managed Services team. 

Episerver Advance

Consent

For Episerver Advance, the CMS system checks the “DNT” header on the request to check if tracking should be enabled when a subject visits the website. If "DNT" field is set to 1, the CMS website will stop making the call to the Advance recommendations API.

Collecting data

User data for Advance is collected in Profile Store.

Storing data

User data for Episerver Advance is collected in Episerver Profile Store.

Using data

Episerver Advance does not use PII.

Fetching data

User data for Episerver Advance is stored in Episerver Profile Store, so SARs should be directed to the Managed Services team.

Deleting data

User data for Advance is stored in Profile Store, so SARs should be directed to the Managed Services team.

Episerver Profile Store and Episerver Insight

Consent

Episerver Profile Store checks the "DNT" header on the request to check if tracking should be made for a user or not. The DNT functionality is also overridable, which makes it possible for you to build your own "Do not track" implementation.

Collecting data

Episerver Profile Store collects the data that is sent into the system. There are static fields for Name and Email which can be set by the implementation that uses Profile Store tracking. Profile Store will not set these by itself.

Storing data

The stored data might be PII data, and we consider it to be PII data. The data is stored in Elastic Search.

All Episerver Profile Store customers get separate indices, and the data will be stored for a long time. There is no decision made for how long, but it will be stored for at least 2 years.

Using data

The data that is received using the Profile Store API should be used carefully. The data should be considered PII data, and therefore not stored in some other unsafe store.

Fetching data

A request should be made to the Managed Services team at Episerver. The data will then be deleted within 30 days using “one time secret”.

Deleting data

A request should be made to the Managed Services team at Episerver. The data will then be fetched and sent back within 30 days.


Do you have feedback on this documentation? Send an email to documentation@episerver.com. For development-related questions and discussions, refer to our Forums on https://world.episerver.com/forum/