In April 2016, the European Union General Data Protection Regulation (GDPR) was adopted by EU Parliament and since May 25, 2018, it has fundamentally changed the way in which data is handled across every vertical including healthcare and banking. It applies to any organization that interacts with EU residents - whether that is offering goods or services to them or monitoring their behavior. GDPR includes strict guidelines which must be followed because penalties for non-compliance include fines of up to 4% of annual global turnover or nearly $23M (€20M).



This article details the process of servicing GDPR Right of Access, Right to Rectification, and Right to be Forgotten requests on the Evergage platform. For an outline of the security and privacy features Evergage has put in place to protect customer data, please see the References section below.




Delete or Modify User Data in Evergage Using the Evergage UI

Edit Individual User Data (Right to Rectification)

  1. Log into Evergage with Editor or higher permissions

  2. Use the dropdown at the top left on the blue bar to select the production data set associated with that visitor
  3. At the left, navigate to User Segments > All Users

    Alternatively, if you know that the user is a member of another segment, navigate to User Segments > User Segments then locate the desired segment


  4. In the filter by keyword field, begin typing the user ID or email address for the individual until you locate the user record
  5. To edit user data, highlight the user and click 
    1. On the Overview tab of the user's Unified Customer Profile, locate the detail or attribute you want to change
    2. Left click the attribute to activate the editor
    3. Make the change
    4. Click  to save changes

Delete Individual User Data (Right to Be Forgotten)

  1. Log into Evergage with Administrator permissions

  2. Use the dropdown at the top left on the blue bar to select the production data set associated with that visitor
  3. At the left, navigate to User Segments > All Users

    Alternatively, if you know that the user is a member of another segment, navigate to User Segments > User Segments then locate the desired segment


  4. In the filter by keyword field, begin typing the user ID or email address for the individual until you locate the user record
  5. To delete all user data, highlight the user and click




The following sections of this article are intended for developers only since they require the use of code and make assumptions about a baseline level of knowledge beyond the expertise of the average business user. If you need assistance completing requests or information not covered in this article, please contact Evergage Support.


API Key Access

The Evergage REST API utilizes API tokens to authorize all data changes. API Keys can be generated from the Evergage UI by an Account Administrator. Refer to the API Tokens article for more information on generating a new API key to utilize the applicable GDPR-related APIs in the Evergage platform. You can use an API to export individual user data to fulfill Right of Access requests.

  1. Log into the Evergage platform as an Administrator
  2. Select the production dataset associated with the visitor
  3. Navigate to Security -> API Tokens 
  4. Click Create Token
  5. Select the options needed
  6. Click OK
  7. Once created, the API token will be available for use with your API calls. To use the API token, add a parameter named "_at" to the request with the value of the token which you can access by double clicking the token on the API Tokens list screen.


Export or Delete User Information by API

The table below provides information about the API endpoints you will need to use to be able to export and delete user information.



GoalAPI EndpointContent TypeDescriptionExample
Identify if a user is identified in Evergage by ID / AnonIDGET /api/dataset/{dataset}/user/{userId}application/jsonFind and export a user by User ID (if named) or anonIdSame as "Export all users" below.
Identify if user(s) is identified in Evergage by Id / AnonId (if data from cookies)GET /api/dataset/{dataset}/users.csvtext/csvExport all users

"1395f816af5abffb",,,"1395f816af5abffb","0.09823906421661377","0.11476967483758926","Sun Apr 09 12:18:30 UTC 2017","Sat Oct 27 02:35:20 UTC 2018","[At Risk of Churn - Greater than 25%, Originating Referrer is Google, Purchase History - Frequent Buyer, From Search, Feature - Wishlist No, Click Add to Cart_All Time, Purchase Value - AOV Is $100 Or More, Purchase History - Last 30 Days, Tester, 1 Returning Visitors, Favorite Shoes, Lead Gen - Non subscribers, More Than 10 Actions in Past Week, Favorite Price - $50-75, More than 5 purchases, Visitors not from Somerville, MA, Visited at least 10 times, Favorite, LTV - High LTV users, Company, Favorite Gender - Womens, 1 Female Existing Customers, Repeat Buyer_within a year, Visited Homepage, Checkout & Purchase in last 30 days, Purchased once in past 10 days (live), Came from Search, Viewed 2 or more items, High Value Customer, bought multiple products, purchase_Last 30 days, Visited on or before 6/1/2017, Retail Segments, AMB demo visits recency, Purchased Once in past 10 Days, Highly Engaged Visitor, Testeroo (Last 90 Days), Returning Visitors, Returning Visitors - Training, Has Originating Referrer, Purchase > 100, purchase_all time, Purchase History - Within Last 10 days, Add to Cart_Last 15, Female Affine Shoppers, Have Not Seen Homepage, Made a purchase]","12","Sat Jun 23 02:39:08 UTC 2018",,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,"0",,,,,,,,,,,,,,,,,,,,,,,,,,"5856936.0"


Identify if user(s) is identified in Evergage by Id / AnonId (if data from cookies)GET /api/dataset/{dataset}/users.jsonapplication/jsonExport all users


{
	userSummary: {_id: "622bb783f91f82c0",…},
	anonAliases: ["622bb783f91f82c0"],
	anonMergeTimes: [1541189046207],
	anonymous: true,
	attributes: [{name: "oneSignalClickthroughRate", value: 0, updated: 1541190782448}]
	displayName: null,
	engagement: {score: 121, date: 1541116800000},
	firstActivity: 1480014079580,
	lastActivity: 1541190778395,
	location: {deviceProvided: false, longlat: [-92.3241, 35.2193], timeZone: "America/Chicago",…},
	namedUserId: "622bb783f91f82c0",
	orderHistory: [,…],
	originatingReferrer: {medium: "SEARCH", source: "Google", domain: "google.com", 	subdomainReversed: "com.google.www",…},
	pageLocale: null,
	segmentMembership: [{id: "1PPOO", joined: 1536114160926}, {id: "2Hh5C", joined: 1527014815907},…],
	updated: 1541190838077,
	visitHistory: [{start: 1480014079580, lastEventTime: 1480014699812, visitIndex: 1,
	_id: "622bb783f91f82c0",
...
}


Remove a user from EvergagePOST /api/dataset/{dataset}/users/deletetext/csvDelete a user by userId
name
tom@example.com
dick@example.com
harry@example.com


Delete User Data with an API

Below is a sample block of code that can be used with an API to delete a user from Evergage. The API you create must have the option Can access API selected for the required access. See the section on API Key Access above for more information.


export ACCOUNT='demo' # your account identifier
export DATASET='demo' # a dataset within the account
export API_TOKEN='AAAAAAAA-BBBB-CCCC-1111-222222222222' # Find/Generate the correct value in Manage Users > API Tokens
export CSV_FILE='users.csv'
 
$ echo -e "name\ntom@example.com\ndick@example.com\nharry@example.com" > ${CSV_FILE}

$ curl --form "file=@${CSV_FILE}" "https://${ACCOUNT}.evergage.com/api/dataset/${DATASET}/users/delete?_at=${API_TOKEN}"
Deleted 3 users (3 requested)

$ curl --form "file=@${CSV_FILE}" "https://${ACCOUNT}.evergage.com/api/dataset/${DATASET}/users/delete?_at=${API_TOKEN}"
Deleted 0 users (3 requested)


References

  1. https://www.evergage.com/security/ - This page outlines the security and privacy features Evergage has put in place to protect customer data
  2. https://www.evergage.com/blog/evergage-working-clients-enable-gdpr-compliance/ - This article gives an overview of how Evergage works with clients to enable GDPR compliance
  3. https://www.evergage.com/privacy-policy/ - This page describes the Evergage Privacy Policy and how Evergage collects and uses information for evergage.com and in connection with the online service provided to Evergage customers, partners, and other third parties.
  4. https://gdpr-info.eu/art-15-gdpr/ - This page is Article 15 of the GDPR: Right of access by the data subject
    https://gdpr-info.eu/art-16-gdpr/ - This page is Article 16 of the GDPR: Right to rectification
  5. https://gdpr-info.eu/art-17-gdpr/ - This page is Article 17 of the GDPR: Right to erasure (‘right to be forgotten’)