Privacy Requests Other Functions
This Ongoing Management Guide provides the steps required to manage and fulfill Privacy Requests (GDPR/CCPA compliance) within the TRIFFT Cockpit.
| Topic / function | Privacy Requests |
|---|---|
| Audience | DPO / Legal / CRM Lead / Project Admin |
| Goal | Ensure legal compliance regarding member data rights (Access and Deletion) |
Other functions covered
- Right to Access (SAR): Generating a comprehensive export of all data held on a specific member.
- Right to be Forgotten (Anonymization): Securely removing PII while maintaining anonymized transaction records for financial integrity.
- Identity Verification: Confirming the requester is the actual owner of the account before processing.
- Compliance Logging: Maintaining a permanent audit trail of all privacy actions for regulatory review.
Action description (Example: Processing a Data Deletion Request)
- Navigate to Privacy Module: Log in to the TRIFFT Cockpit and go to Support Center > Privacy Requests.
- Initiate New Request: Click Add New Request and enter the member's email address or unique Member ID.
- Verify Identity: Ensure the request has come through an authenticated channel (e.g., the member's registered email) to prevent unauthorized data exposure.
- Select Request Type: Choose Anonymize (to delete personal data) or Export (to generate a data report).
- Review Impact: Acknowledge that anonymization is irreversible—the member will lose all points, rewards, and tier status.
- Execute Request: Confirm the action. The system will now strip PII (Name, Email, Phone, Birthday) from the profile and replace it with a system-generated ID.
- Sync External Deletion: Ensure the member is also removed or suppressed in connected integrations like Klaviyo, Bloomreach, or Shopify.
- Complete & Close: Once the background process is finished, the request status will move to Completed. Send a final confirmation to the member if required by your policy.
Ongoing management checklist
- SLA Monitoring: Review the Privacy Request dashboard weekly to ensure no requests exceed the 30-day (GDPR) or relevant regional fulfillment window.
- Integration Suppression: Verify that "Anonymized" members are automatically unsubscribed from marketing flows in Klaviyo or Bloomreach.
- Audit Trail Integrity: Confirm that the log of privacy requests remains immutable and accessible for potential legal audits.
- Data Minimization: Periodically review Member Attributes to ensure the project is only collecting data necessary for the loyalty program's function.
- T&C Alignment: Ensure the link to your Privacy Policy on the "Back" of the Digital Wallet pass or in the Web Portal is always current.
Updated 3 months ago
Did this page help you?
