GDPR

Meeting the access obligation

Each EU citizen has a right of access. On request, you have an obligation, as a data controller under GDPR, to inform an end user or agent (often referred to as "data subjects" under GDPR) where their personal data is being held and for what purposes.

If a data subject requests a copy of their personal data, you can export the data from GRAVTY as described in Meeting the data portability obligation.

Meeting the correction obligation

Each EU citizen has a right to rectification, or the right to have inaccuracies in their personal data corrected. On request, you have an obligation, as a data controller under GDPR, to provide the data subject with their personal data and fix inaccuracies or add missing information.

Both agents and administrators can access and update member and user data in GRAVTY. Members can also access and update some of their personal data if data controller has exposed this functionality using GRAVTY API like for example a website or mobile application meant for members.

The following topics describe how to access and update user data:

If a member or users requests their personal data, you can export the data from GRAVTY as described in Meeting the data portability obligation.

Updating personal data with UI

To update an member's personal data as an user (agent or administrator)

  1. Login to GRAVTY UI
  2. Navigate to a member's section in GRAVTY UI.
  3. Search and find the correct member
  4. Click on the member's name to navigate to member details.
  5. Update whatever information that needs to be updated in member summary section by clicking on appropriate attribute and doing update in place.

To update an user's personal data as an user (agent or administrator)

  1. Login to GRAVTY UI
  2. Navigate to a user management section in GRAVTY UI.
  3. Search and find the correct user
  4. Click on the user's name to navigate to user details.
  5. Update whatever information that needs to be updated in user details popup section by clicking on appropriate attribute and doing update in place.

Updating personal data with the API

Users (Administrators or agents) can use the Member API to update the personal data of members. When an user makes the API request, the member records returned have the attributes described in JSON Format for User Requests. The api is documented at this link.

Meeting the erasure obligation

Each EU citizen has a right to erasure, or the right to be forgotten or deleted. On request, you have an obligation, as a data controller under GDPR, to delete the personal data of a data subject.

Deleting members

If you get a request from a data subject to delete the member but not delete all of the historical data associated and PII associated with member do the following.

To delete a member

  1. Login into GRAVTY UI as user (agent or administrator)
  2. Navigate to members section.
  3. Search and find the correct member
  4. Click on the member's name to navigate to member details.
  5. Click on Create Bit. Choose Service as Bit Category and Bit Type as Membership Change. Set Membership Stage to Cancelled.
  6. Submit the Create Bit to delete the member.

Permanently deleting a member

If you get a request from a data subject to delete the member and all of the historical data associated member including PII do the following. GRAVTY uses pseudonymization to accomplish this.

To permanently delete a member

  1. Login into GRAVTY UI as user (agent or administrator)
  2. Navigate to members section.
  3. Search and find the correct member
  4. Click on the member's name to navigate to member details.
  5. Click on Create Bit. Choose Service as Bit Category and Bit Type as Membership Change. Set Membership Stage to Deleted.
  6. Submit the Create Bit to delete the member.

Deleting members with the API

You can use the Members API to delete a member. The documentation for this is listed here

Limitations of Deleting Members

Meeting the data portability obligation

Each EU citizen has a right to data portability. On request, you have an obligation, as a data controller under GDPR, to provide a data subject with their personal data or to transmit the data to another organization.

Exporting member data

You can use the user login in GRAVTY UI to export member data to a csv file.

To export member data to a downloadable file

  1. Login to GRAVTY UI
  2. Navigate to a member's section in GRAVTY UI.
  3. Search and find the correct member
  4. Click on the member's name to navigate to member details.
  5. Click on download button to download a csv of member's data

Exporting member data with the API

You can use the Members API to export JSON data about the member. The documentation for this is listed here

Meeting the objection obligation

Each EU citizen has a right of objection, or the right to object to direct marketing. You have an obligation, as a data controller under GDPR, to stop processing personal data for direct marketing purposes when you receive an objection from a data subject.

If you get an objection from a data subject about the notifications sent by GRAVTY, you can stop all notifications by suspending the member in GRAVTY UI. A member is no longer able to sign in and such a member cannot use the Loyalty Program.

To suspend a member

  1. Login into GRAVTY UI as user (agent or administrator)
  2. Navigate to members section.
  3. Search and find the correct member
  4. Click on the member's name to navigate to member details.
  5. Click on Create Bit. Choose Service as Bit Category and Bit Type as Membership Change. Set Membership Stage to Suspended.
  6. Submit the Create Bit to suspend the member.