Algonomy/RichRelevance Digital Experience Platform e-Privacy Policy and Process

Overview

The Algonomy/RichRelevance Digital Experience platform provides comprehensive tools and features to enable customers to manage compliance with EU ePrivacy and GDPR regulations concerning the privacy of their shoppers. The responsibility for configuring appropriate consent collection mechanisms from shoppers rests with our customers.

Privacy and Consent Management

  • It is our recommendation that unless a shopper has provided explicit cookie consent, neither the user ID nor the RCS cookie should be passed to the platform.

  • When a shopper does not provide consent, by default the platform uses a session ID to offer personalization. However, customers have the discretion to configure whether to pass a consistent session ID or not. Based on this configuration, the platform can be customized to provide minimal personalization or no personalization at all.

  • By passing the `privm=t` parameter (private mode) on requests, the platform ensures that it does not store any user profile information used for personalization for that shopper.

  • In cases where a shopper withdraws or redacts previously granted consent, customers can invoke the opt-out endpoint to remove all stored user profile information related to that shopper from the platform.

Privacy Touch Points

  1. The Profile Command API allows an organization to Opt Out on behalf their users.

  2. And each individual request to the DXP can be anonymized by enabling private mode on the request.

    • For client-side JavaScript integrations:

      R3_COMMON.setPrivateMode();

    • For server side recsForPlacement calls, add a query string parameter:

      privm=t

      Using private mode has the same impact as not passing the user ID on the request.

    For more information on JavaScript implementation, see JSON Integration.

Access to User Profile Data

The RichRelevance dashboard provides a method to access an individual's user profile. By entering the user id the profile data is presented from the User Profile Service for that user. The user profile data can be exported to a CSV file.

Session and User ID Handling

  • The platform does not store or process any personally identifiable information (PII) of shoppers. Instead, it relies on anonymized user IDs provided by customers to enable personalization.

  • The lifecycle and management of these user IDs are fully controlled by the customer.

  • Session IDs used for short-term personalization are short-lived, with browsers typically resetting session IDs every 30 minutes. Customers also retain control over session ID lifecycles and can adjust them according to their privacy and business needs.

Data Confidentiality and Security

  • Our platform implements strict confidentiality and security measures to protect shopper data including encryption of data in transit and at rest, role-based access controls, regular security audits, and comprehensive audit logging of all data access and processing activities.

  • Customers bear the responsibility for ensuring consent compliance and managing user data rights as mandated by relevant EU laws.

Compliance and Governance

  • We continuously update our platform capabilities to align with evolving privacy regulations and best practices.

  • Customers are encouraged to review their privacy workflows regularly and seek legal counsel to ensure full regulatory compliance.