Delete guest data
If a guest wants your organization to forget their data, this can be facilitated through the use of the Sitecore CDP Batch API. The following are two scenarios in which a guest requests that their data is erased or forgotten.
Forget a guest who is the contact on an order
A contact on an order is the owner of the order. In this example, Jane Doe wants to exercise her right to be forgotten. Jane has three orders in Sitecore CDP, which she purchased with her credit card. In this scenario, Jane is the contact on the order. Jane is fully identified because she provided enough Personally Identifiable Information (PII) when she purchased the orders.
There are not any orders in Sitecore CDP for which Jane is only a consumer on the order but is not the contact (owner) of the order.
To facilitate Jane's request to be forgotten, do one of the following:
-
Delete a guest in the Sitecore CDP application.
-
Use Batch API and follow the guest delete procedure to delete a guest. You must use the gdpr_delete mode.
After you complete the guest deletion, the guest is deleted from Sitecore CDP. You can no longer locate the guest by searching for their profile. Using the example of Jane Doe, the following is deleted from Sitecore CDP:
-
Jane Doe's guest profile
-
Jane Doe's orders
-
Jane Doe's order items
-
Jane Doe's sessions
-
Jane Doe's events
As the data controller, it's your responsibility to ensure that none of your systems send any of Jane's personal data to Sitecore CDP.
Forget a guest who is a consumer but not the contact on the order
There are certain guests in Sitecore CDP who might be the consumer on at least one order, but have other orders in which they are only a consumer and not the contact.
In this example, Joe Bloggs wants to exercise his right to be forgotten. In the past, Joe's wife, Melissa Bloggs, has purchased flights for Joe and herself, using her credit card. For this reason, Joe is listed as a consumer on an order when the family went on holiday to Orlando. A consumer on an order is someone who is listed as traveling or consuming a product or service.
Joe has also flown to London several times by himself for business, using his own credit card. For this reason, Joe is listed as the contact as well as the consumer on four orders when he flew to London for business.
To facilitate Joe's right to be forgotten, do one of the following:
-
Delete a guest in the Sitecore CDP application.
-
Follow the guest delete procedure to delete a guest. You must use the gdpr_delete mode.
After you complete the guest delete procedure using the Batch API, the guest profile with the name Joe Bloggs is permanently deleted from Sitecore CDP. In this example, the following is deleted from Sitecore CDP:
-
Joe Bloggs' original guest profile
-
Joe Bloggs' orders
-
Joe Bloggs' order items
-
Joe Bloggs' sessions
-
Joe Bloggs' events
Because Joe is a consumer on an order for which he is not also the contact, the following occurs:
-
Sitecore CDP creates a new guest profile to replace Joe's original guest profile. The new guest profile has a guest type of Traveller.
-
The new guest profile has a first name of GDPR_Delete and a last name of GDPR_Delete and does not contain any personally identifiable information (PII).
-
The purpose for creating the new guest profile is to maintain the referential integrity of Sitecore CDP. This means that if a user is looking at orders in Melissa Blogg's guest profile, they can see that there is a consumer on an order with a first name of GDPR_Delete and a last name of GDPR_Delete but with no PII.
-
Similar to any other guest profile, you can search for the GDPR Delete guest profile, but it does not contain any PII.
As the data controller, it is your responsibility to ensure that none of your systems send any of Joe's PII to Sitecore CDP.