GDPR rights of the data subject

The General Data Protection Regulation (GDPR) is a regulation in European Union (EU) law on data protection and privacy for all individuals within the EU and companies operating in the EU. GDPR allows EU citizens and residents to request access to and removal of their personal data online.

GDPR requires you to provide several rights to consumers, including the following:

The right to be forgotten (RTBF):

  • Consumers have the right to request that their data be permanently deleted.

The right of access (ROA):

  • Consumers have the right to request a copy of their data.

The right of data portability:

  • Consumers should be able to transfer their data to other service providers.

The right of rectification:

  • Consumers have a right to correct information about them that is incorrect.

Bazaarvoice provides tools to manage your site visitors' requests to have their data returned or removed. The Privacy API allows you to build automated processes to respond to these requests in a timely and convenient manner. In the Privacy app, authorized users can initiate data subject access requests and requests to delete personal data. This interface provides clients who wish to manage these requests in a more hands-on manner the ability to do so.

Both the API and Privacy app solutions provide human and machine-readable information for you to distribute to consumers and allow for data portability. If the consumer finds any data they would like to correct, you can work with your support team to correct that information.

As always, consumers can restrict processing of their data through an opt-out request via our Privacy Policy .

Consumer data requests via API

You can use the Privacy API to make single and bulk requests for RTBF and ROA directly. For more Privacy API information, refer to the documentation in the Bazaarvoice Developer portal.

Consumer data requests via My Bazaarvoice

The Privacy app in your Bazaarvoice portal allows you to make individual data access or removal requests.

Follow these steps to submit data access or removal requests:

  1. Log in to My Bazaarvoice .

    Note: You will need a Bazaarvoice single sign-on account (SSO) with either the Account Administrator or Privacy Manager role in order to access the Privacy app. Account Administrators can grant either role to their users in My Bazaarvoice. Complete these steps to grant access to the Privacy app for new users:

    Need to find out who your Account Administrators are? Click the button in the top-right of the My Bazaarvoice portal. Select Profile to see a list of Account Administrators for your sites.

    Not using Bazaarvoice SSO yet? Click here to learn how.

  2. Select Menu » Privacy (under Administration).
  3. Select a Request Type. You can select either "Right of Access (Retrieve Consumer Data)" or "Right to be Forgotten (Remove Consumer Data)."

    Note: There is no option to both retrieve and remove data. If a consumer asks to access and remove their data, you would need to file two separate requests, one for each action.
  4. Under Consumer ID, enter at least one of the following to identify the consumer for whom you're submitting a request:

    Consumer Email—Consumer’s email address.

    Contributor ID—Unique identifier you have assigned to an authenticated user of your site.

    Caution: Contributor IDs may not be unique across all of your sites. This may result in the retrieval or deletion of data that belongs to multiple consumers. Please proceed with caution if you are entering a Contributor ID.

    Social Media Type—Social media services that may have associated consumer data.

    Social Media ID—ID or username for a particular social media service.

    Select one of the following Social Media Types:

    • Facebook
    • Instagram
    • Twitter
    • YouTube (Channel ID or Username)
    • Vimeo
    • Flickr
    • Tumblr
    • Pinterest

    You can add additional social media accounts by clicking + Add another, but you can only add one Social Media ID for each Social Media Type. To remove a Social Media Type and ID, click the button next to the account you want to remove.

    Tip: Hover over the next to each Consumer ID to learn more about it.
  5. Under Client Sites, select the site or sites from which you want to access or remove a consumer's data.

    • Select "All Sites" to search all properties for which you have administrative access.
    • Choose "Select specific sites" to individually select the site or sites to be included in your request. You can remove sites from the list by clicking the X next to each site name.
    Caution: You cannot cancel an ROA or RTBF request once it has been submitted, and deleting a consumer’s data is an irreversible action.
  6. Review the form entries before clicking Submit Request. On submission, a success message is displayed and the pending request is displayed in the audit log under "Submitted Requests."

    The audit log includes details about the request including the form fields you entered, date and time of submission, and completion status. Once a request to retrieve data has been completed, a link becomes available in the audit log to access the data download. Data is available for download for 30 days before expiring. Once data expires, that information is no longer available in the audit log.

    You will receive a confirmation email when a request is submitted and another when it has been completed. For Right of Access requests, you will need to return to the Bazaarvoice app to access the data download. Only one consumer can be entered into the form at a time. The form will reset on submission to allow another request to be submitted.

FAQs

The following frequently asked questions can help you understand GDPR data requests:

Learn more

For more information, refer to additional GDPR Frequently Asked Questions in the Bazaarvoice Support Community. You can also read this blog post about our approach to GDPR compliance.

Bazaarvoice has always taken protecting client and consumer information seriously. As part of our GDPR preparation, we reviewed and further enhanced our internal data protection policies and procedures including data handling, product design, and vendor management. These policies ensure we consider the protection of subject data when addressing any processing of personal information both within our companies and within the processors we use in fulfilling our services.

Bazaarvoice's appointed Data Protection Officers are Angela Boswell (angela.boswell@bazaarvoice.com) for the EU and Nicholas Campbell (nick.campbell@bazaarvoice.com) for the US. You can also send general queries or notifications to privacy@bazaarvoice.com.