Right to be informed
Applies to |
GDPR, CCPA |
---|
This Privacy Guide provides technical guidance on how your developers can choose to configure your Sitecore product implementation to support you with data privacy compliance. This guide does not provide exhaustive guidance, and should not be construed or used as legal advice about the content, interpretation, or application of any law or regulation. You, the customer, will always be in the best position to assess your own risks, and must seek your own legal counsel to understand the applicability of any law or regulation to your business, including how you process personal information. Your resulting implementation is based entirely on your own configuration choices.
The right to be informed concerns the individual’s right to fair processing of information. In the context of a website, fairness means handling an individual's personal information in ways that they would reasonably expect. This is typically accomplished through a privacy notice or cookie consent banner. This topic describes how the Sitecore product facilitates adding a privacy notice or cookie consent banner to your website.
For more information about storing and acting on customer consent see:
Within your Sitecore implementation, you can:
-
Use the layout engine to implement a custom rendering to display a privacy notice or cookie consent banner on a Sitecore website. You control the rendering logic.
-
Customize and extend the basic privacy notice available with Sitecore Experience Accelerator (SXA).
The organization is responsible for the following:
-
Implementing a privacy notice or cookie consent banner that complies with privacy laws, including active opt-in. This includes websites that use the Federated Experience Manager.
NoteSitecore 10.0 and later provides API calls and configuration options that make it easier to enforce explicit consent for tracking a contact's activity on your websites.
-
Storing customer consent choices.
-
Acting on an individual's choice to opt out of certain processing activities.
-
Ensuring that all processing - including personalization and tracking - is disabled until consent is given.
If you are creating a form that captures personal information, you can use a Checkbox element to request consent for collection and processing of that data. To comply with privacy guidelines, the Field Importance setting for the check box must be set to Mandatory and the Checked setting must be set to No.