The General Data Protection Regulation (GDPR) is a regulation in European Union (EU) law about data protection and privacy for all individuals in the EU and companies operating in the EU. GDPR allows EU citizens and residents to request access to, and removal of, their personal data online.

GDPR guarantees several rights to consumers, including:

  • The right to be forgotten—Consumers have the right to request that their data be permanently deleted.
  • The right of access—Consumers have the right to request a copy of their data.
  • The right of data portability—Consumers should be able to transfer their data to other service providers.
  • The right of rectification—Consumers have the right to correct information about them that is incorrect.

Use these Bazaarvoice tools to manage consumers’ privacy-related requests:

  • Privacy API—Build automated processes to respond to consumer requests to retrieve or remove data.
  • Privacy app—Initiate data subject access requests and requests to remove personal data.

Both solutions provide human and machine-readable information for you to distribute to consumers, and allow for data portability. If consumers find any data they would like to correct, you can work with your support team to correct that information.

As always, consumers can restrict processing of their data through an opt-out request via our Privacy Policy .

Consumer data requests through the API

Use the Privacy API to make single and bulk requests for right to be forgotten and right of access requests directly. For more Privacy API information, refer to the documentation in the Bazaarvoice Developer portal.

Consumer data requests through the Bazaarvoice Portal

Use the Privacy app in the Bazaarvoice Portal to make individual data access or removal requests. To use the Privacy app, you must have a Bazaarvoice single sign-on (SSO) account with the Privacy Manager role.

  • If you are an account administrator and need the Privacy Manager role, contact Bazaarvoice Client Care and open a support case.
  • If you are a user and need the Privacy Manager role, you can request access from account administrators with that role. If you’re not sure who your account administrators are, you can view a list:

    1. Click the profile button at the top right of the Portal.
    2. Select Profile.
    3. Click View Administrators.
Tip: Not using Bazaarvoice SSO yet? Learn how.

Grant access to the Privacy app

If you’re an account administrator with the Privacy Manager role, follow these steps to grant Privacy app access to your users.

Caution: When adding the Privacy Manager role to a user account, do not remove the User role or any other roles already assigned to the account. If you remove the User role, then the user cannot log in to the Portal.
  1. Log in to the Portal.
  2. Click the Menu and select Users & Permissions under Administration.
  3. Under Manage users:

    • For each new BV SSO account, click Create new user, complete the profile, and add the Privacy Manager role.
    • For existing BV SSO accounts, use the filter to locate a user by name or email, edit the user account, and add the Privacy Manager role. Do not remove the User role.
    Note: If you want the user to access only the Privacy app, do not select any values under Solutions.
  4. Click Save. Bazaarvoice will send a verification email to the new user.

Make data access or removal requests

Follow these steps to make data access or removal requests:

  1. Log in to the Portal.
  2. Click the Menu and select Privacy under Administration.
  3. Select a Request Type. You can select Right of Access (Retrieve Consumer Data) or Right to be Forgotten (Remove Consumer Data).

    Note: You cannot retrieve and remove data in a single request. If a consumer asks to access and remove data, you must file two separate requests.
  4. Under Consumer ID, enter at least one of the following to identify the consumer for whom you’re submitting a request:

    • Consumer Email (recommended)—Consumer’s email address.
    • Contributor ID—Unique identifier you have assigned to an authenticated user of your site.
    Caution: The Contributor ID is not the same as the nickname. Contributor IDs may not be unique across all of your sites. This may result in the retrieval or deletion of data that belongs to multiple consumers. Please proceed with caution if you are entering a Contributor ID.
    • Social Media Type—Social media services that may have associated consumer data. Select one of the following types:

      • Facebook
      • Instagram
      • Twitter
      • YouTube (Channel ID or Username)
      • Vimeo
      • Flickr
      • Tumblr
      • Pinterest
    • Social Media ID—ID or username for a particular social media service.

    You can add more social media accounts by clicking + Add another, but you can only add one Social Media ID for each Social Media Type.

    To remove a Social Media Type and ID, click the button next to the account you want to remove.

    Tip: Hover over the associated help icon help tip to learn more about a Consumer ID.
  5. Under Client Sites, select the site or sites from which you want to access or remove a consumer’s data.

    • Select All Sites to search all properties for which you have administrative access.
    • Choose Select specific sites to individually select the site or sites to be included in your request. Remove sites from the list by clicking the X next to each site name.
    Caution: You cannot cancel a right of access request or right to be forgotten request once it has been submitted. Deleting a consumer’s data is an irreversible action.
  6. Review the form entries before clicking Submit Request. On submission, the app displays a success message and the pending request appears in the audit log under Submitted Requests.

    The audit log includes details about the request including the form fields you entered, date and time of submission, and completion status. Once a request to retrieve data has been completed, a link becomes available in the audit log to access the data download. Data is available for download for 30 days before expiring. Once data expires, that information is no longer available in the audit log.

    You will receive a confirmation email when a request is submitted and another when it has been completed. For Right of Access requests, you will need to return to the Privacy app to access the data download. Only one consumer can be entered into the form at a time. The form will reset on submission, enabling another request to be submitted.

Common questions

No. It is your responsibility to verify that the known identifiers provided to Bazaarvoice are correct and point to the correct consumer before making a request. Bazaarvoice trusts all requests from you on behalf of the consumer.

Bazaarvoice will make every attempt to provide all data associated with the identifier provided. If there is a case where the identifier links to one or more email addresses (other than the one provided) that Bazaarvoice has not previously confirmed to be related to this identifier, any data associated with those email addresses will not be included in the request. For example, the userid (Contributor ID) provided has two hosted authentication email addresses associated with different reviews. If the user never clicked the link sent to either email—and the identifier provided was not an email or does not match this email—the associated content is considered "not confirmed" and will not be included in the response.

No. Because we cannot send email to consumers who have unsubscribed, we must store that information. The right of access result is a compressed file containing multiple data records from our systems, including unsubscribe records if they exist. That data will be included in all future right of access requests.

If you are syndicating on Bazaarvoice’s network and submit a request for a user’s data to be removed from your site, we will pull the data from syndication partners as well. If you are syndicating with other providers outside of our network, including PowerReviews, you will need to contact those providers to pull content down from their sites. It is your responsibility as the owner of the native content to submit data removal and access requests on behalf of consumers.

No. Partner syndication is not included in right to be forgotten or right of access requests. If you syndicate with one of our third-party partners such as Google, Microsoft, or PowerReviews, you will need to contact those data processors directly to ensure the request is honored.

Yes. There are two ways to delete a consumer's data from Salesforce:

Delete data through the Salesforce Developer Console

Complete the following steps to delete data using an Anonymous Window in the Developer Console:

  1. Log in to your Salesforce Org.
  2. Open the Developer Console.
  3. From the Debug menu in the console, select Open Anonymous Window.
  4. Copy the following Apex code and paste it into the Anonymous Window.

    //Search all Email Addresses matching records:matching.
    String EmailAddressToDelete = 'testuser@bazaarvoice.com';
    List<BV2__Interaction__c> lstInteractions = [select id, BV2__bazaarvoice_setting__c, BV2__Author_Email_Address__c, BV2__Time__c, BV2__Product__c, BV2__Contact__c from BV2__Interaction__c where BV2__Author_Email_Address__c = ''];
    
    //Search related Cases to above list of Interactions.
    List<case> c = [select id, BV2__Original_Interaction__c from Case WHERE BV2__Original_Interaction__c IN: lstInteractions];
    
    List<BV2__Author__c> lstAuthorRel = new List<BV2__Author__c>();
    List<BV2__product__c> lstProduct = new List<BV2__product__c>();
    List<product_category__c> lstProductCategory = List<product_category__c>();
    List<Contact> lstContact = new List<Contact>();
    
    for (BV2__Interaction__c intr : lstInteractions)
    {
        lstAuthorRel.add( intr.BV2__Author__c);
        lstProduct.add( intr.BV2__Product__c);
        lstContact.add( intr.BV2__Contact__c);
    }
    
    //Search related Author to above list of Interactions.
    List<BV2__Author__c> lstAuthor = [select id, BV2__bazaarvoice_setting__c from BV2__Author__c where Id IN: lstAuthorRel];
    
    //Search related Product to above list of Interactions.
    List<BV2__product__c> lstProd = [select id,bazaarvoice_setting__c from product__c where Id IN: lstProduct];
        
    //Search related Product Category to above list of Interactions
    List<product_category__c> listProdCat = [select id,bazaarvoice_setting__c from product_category__c where Id IN: lstProductCategory];
    
    //Search related Photo to above list of Interactions.
    List<BV2__photo__c> lstPhotos = [select id, BV2__Interaction__c from BV2__photo__c WHERE BV2__Interaction__c IN: lstInteractions];
    
    //Search related Video to above list of Interactions.
    List<BV2__Video__c> lstVideo  = [select id, BV2__Interaction__c from BV2__Video__c WHERE BV2__Interaction__c IN: lstInteractions];
    
    //Search related Contacts to above list of Interactions
    List<contact> lstContacts = [select id from contact WHERE Id IN: lstContact];
    
    //Delete all the related records
    delete lstInteractions;
    delete c;
    delete lstAuthor;
    delete lstPhotos;
    delete lstVideo;
    delete lstProd;
    delete listProdCat;
    delete lstContacts;
  5. Click Execute at the bottom of the console.

Delete data through Salesforce Workbench

Complete the following steps to delete data using Salesforce Workbench:

  1. Open Salesforce Workbench .
  2. Select the appropriate Environment and API Version.
  3. Click Login with Salesforce, and log in using your credentials.
  4. From the Jump to: drop-down, select Apex Execute. Click Select.
  5. Copy the following Apex code and paste it into the text area field.

    //Search all Email Address matching records:matching
    //Search all Email Addresses matching records:matching.
    String EmailAddressToDelete = 'testuser@bazaarvoice.com';
    List<BV2__Interaction__c> lstInteractions = [select id, BV2__bazaarvoice_setting__c, BV2__Author_Email_Address__c, BV2__Time__c, BV2__Product__c, BV2__Contact__c from BV2__Interaction__c where BV2__Author_Email_Address__c = ''];
    
    //Search related Cases to above list of Interactions.
    List<case> c = [select id, BV2__Original_Interaction__c from Case WHERE BV2__Original_Interaction__c IN: lstInteractions];
    
    List<BV2__Author__c> lstAuthorRel = new List<BV2__Author__c>();
    List<BV2__product__c> lstProduct = new List<BV2__product__c>();
    List<product_category__c> lstProductCategory = List<product_category__c>();
    List<Contact> lstContact = new List<Contact>();
    
    for (BV2__Interaction__c intr : lstInteractions)
    {
        lstAuthorRel.add( intr.BV2__Author__c);
        lstProduct.add( intr.BV2__Product__c);
        lstContact.add( intr.BV2__Contact__c);
    }
    
    //Search related Author to above list of Interactions.
    List<BV2__Author__c> lstAuthor = [select id, BV2__bazaarvoice_setting__c from BV2__Author__c where Id IN: lstAuthorRel];
    
    //Search related Product to above list of Interactions.
    List<BV2__product__c> lstProd = [select id,bazaarvoice_setting__c from product__c where Id IN: lstProduct];
        
    //Search related Product Category to above list of Interactions
    List<product_category__c> listProdCat = [select id,bazaarvoice_setting__c from product_category__c where Id IN: lstProductCategory];
    
    //Search related Photo to above list of Interactions.
    List<BV2__photo__c> lstPhotos = [select id, BV2__Interaction__c from BV2__photo__c WHERE BV2__Interaction__c IN: lstInteractions];
    
    //Search related Video to above list of Interactions.
    List<BV2__Video__c> lstVideo  = [select id, BV2__Interaction__c from BV2__Video__c WHERE BV2__Interaction__c IN: lstInteractions];
    
    //Search related Contacts to above list of Interactions
    List<contact> lstContacts = [select id from contact WHERE Id IN: lstContact];
    
    //Delete all the related records
    delete lstInteractions;
    delete c;
    delete lstAuthor;
    delete lstPhotos;
    delete lstVideo;
    delete lstProd;
    delete listProdCat;
    delete lstContacts;
  6. Click Execute.

See our Privacy Policy for more information about how users can opt out of sending their analytics and tracking data across the Bazaarvoice Network.

If you have implemented BV Pixel and you want to provide a means for users to indicate that they do not want to share any of their personal data across your domain, you can use the doNotTrack() function. See the Bazaarvoice Developer portal for more information.

Learn more

For more information, refer to additional GDPR Frequently Asked Questions in the Bazaarvoice Support Community. You can also read this blog post about our approach to GDPR compliance.

Bazaarvoice has always taken protecting client and consumer information seriously. As part of our GDPR preparation, we reviewed and enhanced our internal data protection policies and procedures including data handling, product design, and vendor management. These policies ensure we consider the protection of subject data when addressing any processing of personal information both within our companies and within the processors we use in fulfilling our services.

Bazaarvoice’s appointed Data Protection Officer is Gracie Renbarger (gracie.renbarger@bazaarvoice.com). You can also send general queries or notifications to privacy@bazaarvoice.com.