Russian Data Privacy

Introduction

Russian Data Privacy is available only if the Data Privacy Module and its Russian Data Privacy sub-module are enabled for the account on the Implementation > Products page. Reach out to help@certain.com to have this enabled.

“Data protection laws apply to all acts of data processing, including collection, recording, systematization, accumulation, storage, alteration (update, modification), retrieval, use, transfer (dissemination, provision, access), depersonalization, blocking, deletion or destruction of data.”

“Electronic (automated) and manual (non-automated) records of personal data will be subject to the data protection legislation.”

Russian Data Privacy is currently provided only to enable the following scenario:

1. The registrant registers for an event, via a form or SSO. 2. One or more fields on their profile are checked for compliance. 3. If the fields comply, the data is first sent to a third-party via a web service. 4. The data is saved temporarily elsewhere, such as in a specific country, by that service. 5. The data is passed back to Certain for storage on Certain’s servers.

> Note: Each section on this page has its own Save button.

Privacy Configurations

Privacy Configurations defines the configuration details used for the Russian Data Privacy scenario.

• Policy – The technical type of privacy policy. Example: "RDP"
• Config Name – (Required) The name of the configuration, as set by Certain for your system.
• Start Date – (Required) The date the configuration comes into effect.
• End Date – (Required) The end of the "in effect" period.
• Service Auth Type – (Required) Select the authorization type: either "OAuth2" or "Basic Auth".
• Service URL – (Required) The URL provided by the third-party supplier for access to its web service.

Credentials for access to the third party supplier's app are displayed if Service Auth type = "OAuth2":

• Client ID – (Required)
• Client Secret – (Required)
• Token URL – (Required)
• Resource – (Required)

Credentials for access to the third party supplier's app are displayed if Service Auth type = "Basic Auth":

• Username – (Required) Username for access to the third party supplier's app.
• Password – (Required) The password matching that username.
• Wait Message – (Required) Enter the message to be displayed to attendees while the web service is making the request.

> Note: For future use. Not in use at present.

• Service Error Messaging – (Required) Enter the error message to be shown if the web service is down or unsuccessful.

Technical note: "Unsuccessful" here means this message is returned if the external webservice returns anything other than an HTTP 200 (OK) response

• Capture External ID Key – (Required) Provided by the third-party supplier.

Event Trigger

Event Trigger specifies the field and value(s) that this post will watch.

• Trigger Field – (Required) Select a Certain field for the policy to watch.

Those available include Standard Profile Enumerated Fields, specifically Country.

• Trigger Values – (Required) These are the values that the policy will watch, and invoke the web service based on its evaluation.

Field Mappings

Field Mappings maps Certain profile fields to target fields in the third-party app.

> Note: You must map at least First Name, Last Name and Email in Certain to the equivalent Target Fields.

• Certain Field – (Required) Select a Certain field to map. Those available include:
• Standard Profile fields
• Static Profile fields
• Custom Profile fields
• Static fields
• Target Field – (Required) Enter the name of the matching field from the third-party app.

For example, if Certain Field = "First Name", then Target Field might be "firstname".

• Add field mapping – Adds a row in which you can map another pair of fields.

Policy Compliance Audit

Policy Compliance Audit lists non-compliant records.

Only non-compliant records are listed.

Records are compliant when: 1. The profile has gone through either of two entry points, SSO or Form, and 2. Trigger Field is one of those selected in Trigger Values defined under Trigger Fields above.

The table lists these fields for each record:

• Audit Date Time – When the compliance audit was run.
• Profile Date Created – When the Profile was created via a registration form.
• Correlation Id – Unique ID and associated records, generated by Certain.
• External Id – A unique ID generated by the third party app, and associated with the records in their database.
• Non Compliance Reason – Generated message for non-compliant records.