Deletion of Personal Data
System administrator can define the data retention time for each channel and for handled/expired outbound campaigns on both system and queue level. After the retention time, all data will be anonymized or deleted automatically. Alternatively, Data Protection Officer (DPO) can, on the person's request, destroy data related to a person.
Anonymizing conversation data means that the conversation event data will be modified so that the event can no longer be linked to a person. Anonymizing, instead of deleting the conversation event, is done to ensure that the conversation statistics will show correct numbers.
The following list describes how different types of information are anonymized or deleted:
- Call events are anonymized and any associated call recording is deleted.
- Handled e-mails conversations are anonymized, and the e-mail subject and body are replaced with text {Anonymized by DPO}. Possible attachments are deleted. This applies also for other e-mail type items, such as tasks, and action items.
- Chats events are anonymized and the chat transcript is deleted. This applies also for other chat-type sub channels, such as SMS, and social channels. Possible attachments are deleted.
- If there is a script linked with a conversation, the script freetext contents are deleted.
- If internal notes have been added to a conversation, the notes are replaced with text {Anonymized by DPO}.
- If attached data (CAD) has been added to a conversation, the data is replaced with text {Anonymized by DPO}.
- Completed or expired outbound campaigns:
- When a retention time expires, the campaign and the corresponding call events are deleted.
- When deleting data on request, the customer data and call events are deleted in the campaign.
- Directory data and consent information are not removed after retention times but only on request.
Retention Times
-
Retention times of personal data are defined in System Configurator
. - Queue-specific retention times are defined in System Configurator .
-
Call recordings are deleted when the Retention Time for Calls expires, but they can also be deleted by defining the time in System Configurator . The earliest of these two options is used to determine when recordings are deleted.
-
All conversation-related reporting data can be deleted (in addition to the anonymization done after the retention time) by defining the Reporting Database Server variable Reporting Data Retention Time in Years in Infrastructure Administrator.
Data Deletion on Request
The Data Protection Officer (DPO) can create the Personal Data Report and remove all personal data on request. For more information, see Generating Personal Data Report.
Blocking
Blocking refers to the identification of recorded stored personal data so as to restrict its further processing or use. In the contact center context blocking can be used, for example, in cases where the organization needs to keep conversation-related data and contents for longer time than otherwise defined in the data privacy policy. While this data shall not be erased, it may be necessary to block it from appearing in any regular data searches.
In this case, the DPO will use the Generate Personal Data Report tool to find the relevant personal data, and then collect and store the verified event data (meaning event contents including possible attachments and call recordings) in a storage that is external to Sinch Contact Pro . The DPO will subsequently delete the data from Sinch Contact Pro .
To block the data from operative usage (for example appearing in historical searches), the DPO needs to erase the corresponding data from Sinch Contact Pro .