Right of access by the individual
Applies to |
GDPR, CCPA |
---|
This Privacy Guide provides technical guidance on how your developers can choose to configure your Sitecore product implementation to support you with data privacy compliance. This guide does not provide exhaustive guidance, and should not be construed or used as legal advice about the content, interpretation, or application of any law or regulation. You, the customer, will always be in the best position to assess your own risks, and must seek your own legal counsel to understand the applicability of any law or regulation to your business, including how you process personal information. Your resulting implementation is based entirely on your own configuration choices.
The right of access concerns the individual’s right to access their personal information and obtain information about how their data is being processed. This topic describes how the Sitecore product facilitates the ability to access and update the individual’s personal information.
Accessing contact data
Within your Sitecore implementation, you can:
The organization is responsible for the following:
-
Implementing a process or an interface that allows individuals to access their contact data.
Accessing user data
Within your Sitecore implementation, you can:
-
Use the Security API to access and edit a user’s profile.
-
Allow members of your organization to respond to requests for data by using the User Manager interface to view an individual's personal information.
The organization is responsible for the following:
-
Implementing a process or an interface that allows individuals to access their user data.
Accessing customer data
Within your Sitecore implementation, you can:
-
Use the Commerce Service API to access customer and order data.
The organization is responsible for the following:
-
Implementing a process or an interface that allows individuals to access their customer data.
Accessing form submission data
By default, form submission data is stored in the Forms database. If a form submission is linked to an identifier such as a contact identifier or an email address, you can use SQL to access and update a specific individual’s personal information.
The organization is responsible for:
-
If relevant, implementing a process or an interface that allows individuals to access their form submission data. The following example assumes that you know which form field (represented by
FieldItemID
) contains sensitive data. Forms and form fields are created by business users. For more information, see Create a form.RequestResponseUSE [sample_Sitecore.ExperienceForms] GO SELECT [ID], [FormEntryID], [FieldItemID], [FieldName], [Value], [ValueType] FROM [dbo].[FieldData] WHERE [FieldItemID] = '7d00533b-1cf2-4597-aaa0-01e09a01b7cc' AND [Value] = 'youremail' GO
If you create a custom submit action that stores personal information in a third-party system such as a CRM, you are responsible for ensuring that individuals can access their data in that system.