Consent and the right to object
Applies to |
GDPR, CCPA |
---|
This Privacy Guide provides technical guidance on how your developers can choose to configure your Sitecore product implementation to support you on your data privacy compliance journey. This guide does not provide exhaustive guidance, and should not be construed or used as legal advice about the content, interpretation, or application of any law or regulation. You, the customer, will always be in the best position to assess your own risks, and must seek your own legal counsel to understand the applicability of any law or regulation to your business, including how you process personal information. Your resulting implementation is based entirely on your own configuration choices.
The right to object concerns the individual’s right to object to processing, direct marketing, and automated profiling. This topic describes how the Sitecore product supports the individual’s ability to give and revoke consent, including:
-
Existing interfaces and API calls for opting in/out of processing.
-
Options for storing consent choices.
For information about processing, see Types of processing.
Opt-in and opt-out
The Sitecore product provides the following functionality by default:
-
The Email Experience Manager supports double opt-in.
-
The Email Experience Manager API supports unsubscribing from one or all mailing lists.
-
Every email sent by the Email Experience Manager includes links to unsubscribe from the context email or all emails.
The organization is responsible for:
-
Implementing interfaces (such as cookie consent banners) or processes that allow contacts to update consent choices.
-
Supporting active opt-in for all other forms of processing, including web tracking.
-
See Right to be informed for information about implementing privacy notices.
-
See Types of processing for a list of processing activities.
-
-
Implementing active opt-in on websites that use the Federated Experience Manager.
-
Requesting consent for any additional collection or processing of personal information, including any data collected using forms.
-
Implementing an interface or process that allows individuals to revoke consent at any time.
Storing consent
The Sitecore product provides the following functionality by default:
-
The
ConsentInformation
facet:-
ConsentRevoked
: Gets or sets a value indicating whether the contact has revoked their consent to be contacted by the organization in any form. -
DoNotMarket
: Gets or sets a value indicating whether the contact has globally unsubscribed from all marketing lists. This does not include system messages such as order confirmation or “your password is about to expire”.
-
-
Email Experience Manager global opt-out list.
-
Email Experience Manager suppression list (available for customers that use the Email Cloud Service)
The organization is responsible for:
-
If necessary, implementing additional contact facets that store consent choices for specific types of processing.
-
Storing consent for personal information collected via custom Forms - for example, by including a consent check box on each form.
-
Persisting consent choices for individuals who do not want to be tracked or stored at all - for example, by storing a value in session or issuing a cookie.
Disabling processing
See Types of processing for an overview of processing activities in the platform and the options available for disabling processing.