Privacy Requests Other Functions

This Ongoing Management Guide provides the steps required to manage and fulfill Privacy Requests (GDPR/CCPA compliance) within the TRIFFT Cockpit.

Topic / functionPrivacy Requests
AudienceDPO / Legal / CRM Lead / Project Admin
GoalEnsure legal compliance regarding member data rights (Access and Deletion)

Other functions covered

  • Right to Access (SAR): Generating a comprehensive export of all data held on a specific member.
  • Right to be Forgotten (Anonymization): Securely removing PII while maintaining anonymized transaction records for financial integrity.
  • Identity Verification: Confirming the requester is the actual owner of the account before processing.
  • Compliance Logging: Maintaining a permanent audit trail of all privacy actions for regulatory review.

Action description (Example: Processing a Data Deletion Request)

  1. Navigate to Privacy Module: Log in to the TRIFFT Cockpit and go to Support Center > Privacy Requests.
  2. Initiate New Request: Click Add New Request and enter the member's email address or unique Member ID.
  3. Verify Identity: Ensure the request has come through an authenticated channel (e.g., the member's registered email) to prevent unauthorized data exposure.
  4. Select Request Type: Choose Anonymize (to delete personal data) or Export (to generate a data report).
  5. Review Impact: Acknowledge that anonymization is irreversible—the member will lose all points, rewards, and tier status.
  6. Execute Request: Confirm the action. The system will now strip PII (Name, Email, Phone, Birthday) from the profile and replace it with a system-generated ID.
  7. Sync External Deletion: Ensure the member is also removed or suppressed in connected integrations like Klaviyo, Bloomreach, or Shopify.
  8. Complete & Close: Once the background process is finished, the request status will move to Completed. Send a final confirmation to the member if required by your policy.

Ongoing management checklist

  • SLA Monitoring: Review the Privacy Request dashboard weekly to ensure no requests exceed the 30-day (GDPR) or relevant regional fulfillment window.
  • Integration Suppression: Verify that "Anonymized" members are automatically unsubscribed from marketing flows in Klaviyo or Bloomreach.
  • Audit Trail Integrity: Confirm that the log of privacy requests remains immutable and accessible for potential legal audits.
  • Data Minimization: Periodically review Member Attributes to ensure the project is only collecting data necessary for the loyalty program's function.
  • T&C Alignment: Ensure the link to your Privacy Policy on the "Back" of the Digital Wallet pass or in the Web Portal is always current.


Did this page help you?