GDPR
GDPR
Puzzel provides a range of services to help customers comply with GDPR. We offer standard user support for the services but is unable to provide advice or guide our customers on GDPR-related matters concerning their operations, information management, and storage. That responsibility lies with you as the customer and should be addressed with legal expertise.
The framework for deletion/anonymization contains the rules that govern the actual removal process in the database.
For example, an existing customer justifies ongoing processing, while a prospect with whom you have no relationship does not justify an extended processing period.
If a customer record matches multiple rules, the longest retention period for the customer record will apply.
For a customer record to be finally deleted, you as the administrator must approve the removal of the specific customer records or enable Automatic Approval. Approving removal is managed in the 'Approval for Deletion' service. Here, you also have the opportunity to view more details about the customer records you are approving for deletion.
During the deletion process, certain underlying information will also be anonymized. This includes, for example, notes and comment fields on customers and contacts. You control which customer record fields and form fields should be anonymized according to the GDPR framework.
Add GDPR rules
Navigate to GDPR > Deletion rules to add rules.
- Set a name
- Choose Automatic approval or not
- Set a period for each relevant outcome
- Standard rule, all customers will be hit by this rule
- Is current outcome, count days since Outcome registered.
- Exists in history = the outcome is active and is current or exists earlier in history. Booking start time is the time when the meeting started
- Event start time = the time when the callback-event started or were performed.
Important note! If multiple rules apply to a customer, the longest period or latest date will be the valid one.
- If standard rule says 3 months AND Order-rule says 6 months, then a customer with no order will live for 3 months from import. A customer with order will live for 6 months from order date.
Approve deletion
There is a specific service for approving the deletion of customers. This must be used unless 'Automatic approval' is enabled.
Project
Once you have created your GDPR rules, go to the project configuration and select your rules.
- You can use the same GDPR rules for multiple projects.
Good to know
- Statistics and reporting in general are not affected by GDPR, although some attributes like booking-subject will be anonymized.
- There is a short "grace period" from the deletion date until the data is actually anonymized.
- For some more general entities like import and export files there are standard rules deleting files after 180 days.
- Entities linked to customers, like customer attributes, order, bookings, calls and recordings are deleted or anonymized based on the customer.
- For GDPR in CRM-projects, please see CRM documentation.