Skip to main content

Types of processing

Abstract

Guide to disable Sitecore processing for users who have opted out or invoked their right to restriction of processing.

Warning

This Privacy Guide provides technical guidance on how your developers can choose to configure your Sitecore product implementation to support you with data privacy compliance. This guide does not provide exhaustive guidance, and should not be construed or used as legal advice about the content, interpretation, or application of any law or regulation. You, the customer, will always be in the best position to assess your own risks, and must seek your own legal counsel to understand the applicability of any law or regulation to your business, including how you process personal information. Your resulting implementation is based entirely on your own configuration choices.

This topic lists the types of processing that happens in the platform and describes the options for disabling processing for individuals who opt out or invoke their right to restriction of processing. The following features of the Experience Platform access or handle personal information in the context of marketing activities:

Refer to the Data flows and processing documentation for descriptions of all processing activities, including checkout.

Individuals can opt out of processing or invoke the right to restriction of processing. The Sitecore platform provides the following functionality:

  • The Email Experience Manager excludes contacts from email campaigns if any of the following conditions is true:

    • The DoNotMarket property on the ConsentInformation facet is set to true.

    • The ConsentRevoked property on the ConsentInformation facet is set to true.

    • The contact’s email address is on the suppression list.

    • The contact belongs to the global opt-out list.

  • Sitecore 10.0 and later provides API calls and configuration options that make it easier to enforce explicit consent for tracking a contact's activity on your websites.

The organization is responsible for the following:

  • Implementing processes or interfaces that allow customers to opt out of processing. See Right to object.

  • Storing an individual's consent choices as it relates to processing. See Right to object.

  • Disabling processing for individuals who have revoked consent.