This article will help you understand how your sales and online ordering data is purged of customers' personally identifiable information (PII).
Redcat understands that according to Australian Privacy Principle 11 (APP 11.2) organisations are required to take reasonable steps to destroy or de-identify personal information when it is no longer required for the purpose for which it was collected.
Article 17 of the GDPR (General Data Protection Regulation) states that an individual has the right to have their personal data erased if the personal data is no longer necessary for the purpose an organisation originally collected it as a specific circumstance under which the right to be forgotten applies.
To this end, a daily scheduled job is applied to your Polygon Central database to remove any PII included with sales or online orders that do not relate specifically to loyalty members.
What data is removed?
Only data that comprises PII is removed:
- First names
- Last names
- Addresses
- Email addresses
- Phone numbers
The de-identification process only clears customer (guest) information attached to orders; all loyalty member data will remain intact, and members will still be linked to orders.
Orders are not removed from the database, only the customer PII is removed. Details such as items ordered, order total, delivery provider and any other information that does not contain personal information will be retained.
When is the data removed?
Commencing September 2023, existing databases will have a script run to perform the removal of PII from all historical records and thereafter, a daily automated task will run.
All new Polygon Central databases provisioned from September 2023 will include the daily automated task to remove customer PII data.
Retention Period
The default time period for retention of customer PII is 90 days. This is designed to allow sufficient time to locate and investigate or troubleshoot records if required.
The retention period is configurable, so as to cater for the specific needs or legislative requirements of individual businesses, and to line up with any specific data collection and privacy policies.
Each day, as records containing customer PII fall outside the retention period, that data will be removed from those records by the daily automated task.
Please discuss with your Redcat contact if you need the retention period adjusted from the default of 90 days.
Article Change Log
Date | Record of Changes | Author |
August 2023 |
First publication of this article. |
STB |
August 2023 |
Updated rollout start date from late August 2023 to September 2023. |
STB |
August 2023 |
Reference to GDPR Article 17 added. |
STB |