Nomenclature
- Data Subject: End Users
- Data Controller: Plumb5 Customers
- Data Processor: Plumb5
Contractual Obligations
- Data Processing Agreement (DPA)
- All customers of Plumb5 have to sign the DPA. To account for this, on login each user will have
to go through our Terms of Service, Privacy
Policy, and accept the same.
Data Subject Rights
Right to Erase
- 1. What is it?
- This right allows end users to delete all information about them from Plumb5 servers.
- 2. Plumb5 Implementation
- Data Controllers can use this Rest API of their respective accounts to delete all data of the
mentioned profiles from the Plumb5 servers by calling one of the 2 unique profile identifiers:
- Email Address
- Phone Number
- Curl
-X POST --header 'Content-Type: application/json'--header 'Accept: application/json' -d '{ \
"ApiKey": "{your Plumb5 API key}", \
"AccountId": {your Plumb5 Account ID or AdsID}, \
"EmailId": "String", \
"PhoneNumber": "string" \
}' 'https:/{your plumb5 Domain}/API/Contact/DeleteContact'
- 3. Access Control
- Only Admin users have the right to erase user information.
- 4. Implications
-
Customer will have to stop sending Future data of the profile thus suppressed
- Once the user hits delete for a profile, all data coming from any device associated to
the user will also have to be stopped.
-
Unreachable on Marketing Channels
- Since the data of the user is deleted, there is no way to reach out to the user on
marketing communication channels. Data controllers will have to opt the users out of ALL
marketing channels.
-
Platform Implications
- You will not be able to view the profile page of the said user post delete.
- You cannot roll back erase, once called. There is no way to get the information back,
once the delete function is invoked.
- The delete happens immediately and cannot be rolled back.
- Funnels, cohorts, pivots and other analytics will be impacted as the numbers may show
some data inconsistency for a small period due to data deletion.
- Users cannot download the profile information of the said user from anywhere on the
dashboard.
- 5. Default state
- Profile will be erased only on explicitly calling it via API by the Super Admin.
Right to Modify/Rectify
- 1. What is it?
- This right allows users to modify/rectify any profile data stored about them
- 2. Plumb5 Implementation
- API: Plumb5 has provided this API which allows Data Controllers to upload profile
information of their users. Hence, if a Data Subject requests for a profile change, the Data
controller can upload the profile data of the user via the API
- .CSV Profile upload: Under the settings section of your dashboard, we allow users to
upload user profiles via a csv file. You will find it under
Contacts-->Contacts
Imports-->Start an Import
- 3. Access Control
- Only Admin users have the right to erase user information.
- 4. Implications
- The old profile information will be overridden with the new profile for the given user
identifier. If the user identifier is not found, a new profile will be created
- 5. Default State
- Profile will be erased only on explicitly calling it via API or via Import Contacts by the
Super Admin
Right to Access
- 1. What is it?
- This right allows users to access data which has been captured about them by the Data Processors
- 2. Plumb5 Implementation
- Platform Download: This allows Data Controllers to download data about their specific
users as a csv file
- API Download: This API allows users download data about specific users via identities
Right to Data Suppress (Opt Out)
- 1. What is it?
- This right allows users to opt out of sharing any data with Data Processors.
- 2. Plumb5 Implementation
- Plumb5 Web Script & Mobile SDK allows you to hook an opt out flag to the CTA on your app or
Website.
- If the opt out flag is set to disable, we will continue collecting data of the said user from
the said device.
- If the opt out flag is set to enable, our SDK or Script will stop sending any data from the said
device onto our servers. Data is blocked at the SDK or Script level itself.
- 4. Implication
- All analytics data like funnels, flows, cohorts, etc. will not contain these users’ data.
- Campaigns will not be sent to these users (even though they qualify) as the data is stale.
- To validate the state of the optout, we will provide the flag as a profile variable on the
profile page of each user.
Opt In
- If the user who has opted out, chooses to opt back in, all data will be appended to the same
profile if identified as an existing user.
- The user will be treated as the same user (we will not create a new profile for the user).
FAQs
- What is GDPR?
- General Data Protection Regulation (GDPR) came into regulation primarily to give more rights and
power to the citizens of EU to control their personal data and information they share with
businesses they deal with.
- To elaborate a little more - in the current situation users of your app are the data subject,
your app/business is the data controller while Plumb5 acts as a data processor.
-
As a data processor - our SDK or Script captures only two data points about the user
- Machine ID of the device - We use this to create a hashed Plumb5 ID in order to
identify devices.
- Location - using a reverse IP lookup powered by db-ip.com, Plumb5 is able to
capture the city level location of the user.
- Is GDPR applicable to me?
-
Under the GDPR, it is the location of the individual whose personal data is being processed that
determines whether the concerned firm should comply. This means that the GDPR will apply to all
organisations, whether within the EU or outside of it, that offer their product or service to
individuals in the EU when their data is being collected. In addition, it is also recommended
under the GDPR that your marketing communications be on a default opt out.
That said, your legal/compliance teams will be in a better position to answer if your
app/business falls under the purview of GDPR regulations.
- GDPR doesn't apply to me. What next?
- If GDPR doesn't apply to you, then life continues as usual - with regards to profile creation.
You can simply allow Plumb5 to track the device and location.
- GDPR applies to me. What next?
- What your legal/compliance team needs to find out is if the allowing Plumb5 to track the above
two data points (MachineID & Location) are included in the purview of your GDPR compliance.
Last Modified: 1st January 2021