Foreword
This document is a guide to responding to Data Subject Requests (DSRs) made under the General Data Protection Regulation (GDPR) where the data is held in your Certain database.
The GDPR grants specific rights to individuals.
The right of access to personal information.
The GDPR requires that an individual be able to obtain a copy of their data in a standard format.
Certain’s standard reporting tools allow you to quickly find and export the information held about any registrant or user.
You can email the exported data to the requester.
See “View” Requests below.
The right to be forgotten.
Under the GDPR, an individual can ask you to remove their personal data.
Certain provides the “Anonymize” feature to remove all their personally identifiable information.
See “Delete” (Forget me) Requests below.
The right to rectification.
Under the GDPR, an individual can ask you to rectify any incorrect personal information.
In Certain you can quickly find and edit an individual’s details, and email the updated details to them as confirmation.
See “Edit” Requests below.
Introduction
As mentioned in the foreword above, there are three types of requests you may receive from individuals who may have Personally-Identifying Information (PII) on file.
Requests to View their information.
Requests to Edit their information.
Requests to “Forget Me”; that is, to Delete their information.
The individuals concerned may be any of the following types:
Registrants.
Speakers.
CertainAPP users.
The steps are similar for each request type and individual type but are listed separately below. (The steps for Registrants and Speakers are identical..)
They all start with logging in to the Certain App, and navigating to the relevant account(s), as described next.
Logging In to Certain
1. Log in to Certain with your usual credentials.
Your user type must be at least “Registration and Support”. The higher levels include “Event Planner” and “Administrator”.
2. Note: To use the Profile Anonymization feature described on page 10, you must be an Administrator.
3. You are automatically logged in to your account.
4. Follow the steps listed below in that account and its active sub-accounts (if any) used for managing events.
5. To change accounts, click the account selector icon below the account name in the upper left corner, and select a sub-account.
Registrants’ and Speakers’ Information
A “Registrant” is usually an “attendee” at one or more events, although they may be an exhibitor, staff member, or other person registered for an event.
A “Speaker” is a speaker at an event where the Speaker and Session management module is used.
The following steps assume you have logged into the relevant account, as described above.
“View” Requests
To View a Registrant’s or Speaker’s Information
1. Open the registrant’s or speaker’s profile record.
2. Click the icon on the global navigation toolbar in the upper right corner of the screen.
3. Choose to Profiles.
4. The Profiles page opens.
5. Enter the registrant’s or speaker’s email address.
6. A list of matching records is displayed.
7. If your account is set to use unique email addresses, only one record is displayed.
8. Click the record to view the details.
A) Create a Profile Report 1. Create an account-level Profile Report, and include columns of interest. Note: You only need to do this once for an account. The same report will then be available for future use. 2. Click the icon in the top left corner of the screen. 3. Select Profiles in the list of options. 4. The Profiles page opens. Click Reports, the only menu choice at the top of the page. 5. The Profile Reports page opens. Click Create Report (in the upper right corner of the page). 6. The Report Setup page opens. 7. Give the report a name, and optionally a description, of your choice. 8. These are what you’ll see in the list of reports when you go to find and run the report in the future. 9. Recommended: Under the Visibility heading, select the All Accounts option. This will make the report available not only in the current account but also in any sub-accounts below it. 10. Under Report Type, select either the default “Profiles” or the more detailed “Profiles and Registrations”. A “Profiles” report includes name and address and other Personally Identifiable Information (PII). A “Profiles and Registrations” report also includes registration history across events. Note that you cannot change the report type after you have created the report. 11. Save the report. 12. Select Display in the left navigation panel. 13. Select a Report Format, such as the “Export to .CSV” selected in the screenshot below. 14. Select a Data Format, such as the default “Output data as stored” selected in the screenshot below. 15. Save the report again. 16. Click Columns in the left navigation panel, to select the data to include in the report. 17. Select the appropriate fields in Available Data Fields on the left and click » to move them into Selected Data Fields on the right. 18. Save the report again.
B) Run the Report for a Registrant 1. Select Filters in the left navigation panel. 2. At the end of the page, filter on the registrant’s or speaker’s email address. 3. Click Run Report (in the lower left corner of the page) to create the export file. 4. Download the report to share with the requester.
To Email a Registrant or Speaker Their Information An alternative to using a report is to email their profile details to an individual.
A) Create an Email Template 1. In an event, go to Promote > Communication > Email Templates > Registration. 2. Click Add New to add a new email template. 3. Give the email a self-explanatory name of your choice. This is what you’ll see when you go to select it for use in the later steps. 4. Select the option to make the report “Visible to All events in account”. 5. Add all the relevant Standard Profile Fields and Custom profile fields to the body of the email. 6. Do not include any event-level information. 7. Save the template.
B) Send the Email to the Profile 1. Locate the registrant’s profile record, as described under ‘View’ Request on page 3. 2. Click Email in the left navigation panel. 3. Select the email template, and click Select. 4. At the bottom of the page, click Preview. If satisfied with the result, click Send Email NOW. 5. The sending of the email will be included in the profile’s History, which you reach via the left navigation panel.
“Edit” Requests 1. Open the registrant’s or speaker’s profile record, as described under “View” Request above. 2. Confirm the correct record is displayed. 3. Click on the Contact Details header bar, or Contact in the left navigation panel. 4. Edit relevant information, and Save. 5. Click Questions in the left navigation panel. 6. Edit relevant answers to profile custom questions, and Save. 7. The edits will be included in the profile’s History log, as described above for emails. (Page 9.)
“Delete” (forget me) Requests Best Practice: Anonymize Profiles You can “anonymize” Profiles in an account, removing personally identifiable information, so that the individual remains anonymous. Note: An Administrator should follow this procedure; it’s not available to Event Builders or other users. In summary, you first identify the profile fields that hold personally identifiable information (PII), and configure replacement text. (Defaults are pre-set for both.) You can then select profiles, and anonymize them by clicking one button.
Detailed Steps 1. Go to User and Account Settings > Account Settings > Implementation > Privacy Compliance > Profile Anonymization 2. Under Anonymize Profile Fields, select the Standard and Custom Profile fields for this Account that you want to anonymize when you select individual profiles in step 6. Be sure to include all fields that could be deemed Personally Identifiable Information (PII). Note that many standard profile fields, such as name fields and email, are preselected and will always be anonymized. 3. The default anonymization string that will replace the values in the selected profile fields of an anonymized profile is "". You can change that to any text of your choice. 4. If you select Make Profile Inactive, then any profiles you anonymize (see step 8 below) will also be set to “inactive”, meaning they will be excluded from reports and searches. 5. Save your selections so that you can use them when anonymizing profiles, as explained next. 6. Under Anonymized Profiles Audit, for the Profile(s) to anonymize. In the field, type at least 3 characters of their Email or Phone, or type the complete Encoded Profile ID beginning with "0x". (See screenshot below.) 7. View the list of matching records, and click to view a profile's details to confirm you have the right record. 8. Select the check box(es) for the profile(s) you want to anonymize. 9. Click Anonymize to update the selected profile(s). The values of the fields selected in step 5 above are set to the Anonymization String, and if Make Profile Inactive was selected in step 4 then the anonymized records will no longer be returned in searches or reports. 10. Under Anonymized Profiles Audit Report you see a list of the anonymized profiles in the account. You can search for one by PkprofileId or Username; as shown in this screenshot.
Users’ Information
A “user” is anyone who is set up in CertainAPP with a user record.
To view another user’s details, edit or delete a user record, you must be logged in to Certain yourself as an Administrator. That is, your own user account must have a User Type of “Administrator”.
“View” Requests
For a User to View Their Own Information
1. Go to User Information and Account Settings > User Information.
2. The “My User Information” page opens.
3. View or edit the information as required.
For an Administrator to View Another User’s Information 1. As an Administrator, go to Account Settings > Administration > Users. 2. To search for the user, enter their email address in the Login ID field and click Search. 3. Click the user’s row in the results. That opens a page showing their details. 4. The only PII data is likely to be their name, email address (twice: as both Login Id and Email), and phone number. (See the screenshots below.)
“Edit” Requests
For a User to Edit Their Own Information
1. They should open their user record as described under “For a User to View Their Own Information,” above.
2. Edit fields as required, and Save.
For an Administrator to Edit Another User’s Information 1. Open the user’s record as described above under “For an Administrator to View Another User’s Information.” 2. Edit fields as required, and Save.
“Delete” (forget me) Requests
Best Practice: Anonymize Profiles
You can anonymize Profiles in an account, removing personally identifiable information, so that the individual remains anonymous.
Note: An Administrator should follow this procedure; it’s not available to Event Builders or other users.
Detailed steps 1. As an Administrator, open the user’s record as described above under “For an Administrator to View Another User’s Information.” 2. Clear the Active check box. 3. Clear out the Phone number, or replace it with anonymization text, such as “” or “anon”. 4. The other PII fields, Name and Email, are required fields, so instead of clearing them out, enter appropriate anonymization text. Note: the Email field must be in a valid email address format, such as “anon@certain.com”. 5. Save the changes. The user will no longer be able to log in to Certain.
[End of article content]