Request or delete records for EU General Data Protection Regulation (GDPR) or California Consumer Privacy Act (CCPA)

Request or delete records – General Data Protection Regulation (GDPR) or California Consumer Privacy Act (CCPA)

This article describes how NCT No Code Technologies’ can help you respond to an EU or California data subject’s request for access, rectification, erasure, or portability of their personal data. Please read this article carefully to understand how we can help you respond to such requests for the data NCT No Code Technologies’ is processing on your behalf, and the implications for your organization.

Please keep in mind that:

• Data cannot be recovered once it has been deleted. Read this article carefully to understand the implications for your account.
• Data exports may contain information that your company considers confidential, such as the change history for a particular project. It is your responsibility to review this information before providing it to the requestor.
• This process covers information that NCT No Code Technologies’ processes on behalf of its customers as part of its online SaaS services. If you would like to file a request related to personal data that NCT No Code Technologies’ controls, you should email privacy@nocodetechnologies.com. Please review our privacy policy for more information about this type of data and your options.

It is your responsibility to review this information before providing it to the requestor.

Your access and deletion obligations

Under the EU’s General Data Protection Regulation (GDPR), each EU citizen has a right of access to their personal data. Upon request, you (as the data controller) have an obligation, with certain exceptions, to inform the individual (often referred to as data subjects under GDPR) where their personal data is being held and for what purposes. In addition, each EU citizen has a right to erasure (sometimes known as the right to be forgotten). Upon request, you have an obligation, with certain exceptions, to delete the personal data of a data subject.

The California Consumer Privacy Act (CCPA) provides similar access and deletion rights to California residents.

To make the process easy for our customers, NCT No Code Technologies’ offers two options for customers who receive a request to begin the deletion or access process:

• A UI that is easy to use for a small number of access or deletion requests.
• An email form that can be submitted for access or deletion requests to NCT No Code Technologies’.

Note

You may only make a request if you hold a collaborator role of Administrator on your company’s NCT No Code Technologies’ account.

Submit a GDPR or CCPA access or deletion request via email

You can submit a GDPR or CCPA access or deletion request directly from the NCT application or via email

Request type: You can submit two types of requests:

• Delete: Removes all data within an account that is associated to the identifier defined in the identifier field
• Access: Finds all data stored in NCT No Code Technologies’ systems associated to the identifier defined in the identifier field and exports it for you to access.

• Data type: Any access or deletion request will apply to one of two data types:
  • User data: End users (also known as end customer) who are added to the accounts of our customers. A user can be an end customer on multiple accounts.
  • Visitor data: Individuals who visit or use our customers’ websites, apps, and other digital products. NCT No Code Technologies’ stores visitor data to calculate experiment results and to tailor content.
• Identifier type: User data is identified by the email address used to create the end user account. If you selected Visitor, the form will display these options for personal identifier types:
  • ID: Any ID used to identify targeting records in NCT No Code Technologies’.
  • Email Address: The email address of a user.
  • NCT No Code Technologies End User ID: An NCT No Code Technologies-generated ID.
  • Other: Any other identifier that was uploaded to NCT No Code Technologies’.
• Identifier: The identifier value you would like us to use when searching. If you selected User in the previous step, the identifier will be the email address for the user.

If you use or list attributes, please submit the primary keys used to identify records in data sources and list attributes. We need these keys to identify relevant records in these data sources; they cannot be searched using other identifiers. You may submit these keys using either the ID Other data type.

Please note that under our current terms, personal email addresses and similar personally identifiable information should not be uploaded.

Confirm data deletion

Where we receive a data deletion request, we search the records for the identifiers you provide and overwrite any matching data. When the request is completed, you can get the status of your request in the UI or via an email report.

Note that we may retain some User Data in Change History logs and for other security purposes to ensure you have an audit trail of significant changes that may have been made to your account.

Disclaimer

This document is for informational purposes only and does not constitute legal advice. Readers should always seek legal advice before taking any action with respect to the matters discussed herein.