Deletion of Personal Data
The system administrator defines the data retention time for each contact channel and for handled/expired outbound campaigns according to end of business purpose. After the retention time all data will be anonymized or deleted automatically. Alternatively, Data Protection Officer (DPO) can on a person's request destroy data related to a person.
Anonymizing contact data means that the contact event data will be modified so that the event can no longer be linked with a person. Anonymizing, instead of deleting the contact event, is done to ensure that the contact statistics will show correct numbers.
- Calls: call events are anonymized and any associated call recording is deleted.
- Handled e-mails: e-mail events are anonymized, and the e-mail subject and body are replaced with a {Anonymized by DPO} text. Associated attachments are deleted. This applies also for other e-mail type items, such as tasks, and action items.
- Chats: chat events are anonymized and the chat transcript is deleted. This applies also for other chat-type sub channels, such as SMS, and Facebook Messenger. Associated attachments are deleted.
- If there is a script linked with a contact item, the script freetext contents are deleted.
- Completed or expired outbound campaigns:
- When a retention time expires: the campaign and the corresponding call events are deleted.
- When deleting data on request: the customer data and call events are deleted in the campaign.
- Directory data and consent information: These items are not removed after retention times but only on request.
Retention Times
-
Retention times of personal data are defined in System Configurator
. -
Call recordings are deleted when the Retention Time for Calls expires, but they can also be deleted by defining the time in System Configurator . The earliest of these two options is used to determine when recordings are deleted.
-
All contact-related reporting data can be deleted (in addition to the anonymization done after the retention time) by defining the Reporting Database Server variable Reporting Data Retention Time in Years in Infrastructure Administrator.
Data Deletion on Request
The Data Protection Officer (DPO) can create the Personal Data Report and remove all personal data on request. For more information, see Generating Personal Data Report.
Blocking
Blocking refers to the identification of recorded stored personal data so as to restrict its further processing or use. In the contact center context blocking can be used, for example, in cases where the organization needs to keep contact related data and contents for longer time than otherwise defined in the data privacy policy. Although blocked data is not deleted, it should not appear in regular data searches..
In this case the DPO will use the Generate Personal Data Report tool to find the relevant personal data, and then collect and store the verified event data, event contents, including possible attachments and call recordings to a Sinch Contact Center external storage from where it will be deleted.
To block the data from operative usage (for example appearing in historical searches), the DPO needs to erase the corresponding data from Sinch Contact Center .