We understand that staying on top of new laws and regulations regarding personally identifiable information (PII) is dificult and can be quite confusing!
Here is a summary of what DataCandy offers to allow our clients to adhere to the Canadian privacy laws: CASL - Canadian Anti-Spam Legislation & Quebec's Law 25.
DataCandy Member Portal
Mandatory check boxes
When new members sign up via the portal they are prompted to check boxes to:
Give their consent to receive communications.
To agree to your program terms and conditions (if applicable)
To agree to the privacy policy.
By default, your member portal links to the Paystone privacy policy. However, if you wish to link it to yours, please contact DataCandy.
Note that, since November 15th 2023, it is mandatory for members to check this box/accept the privacy policy in order to register via our portal.
Protection of Children's Personal Data
This functionality restricts profile creation and online data collection for members that are underage. Members will be asked to indicate their birthdate in the member portal registration form to validate their age before they register.
By default, the age limit has been set to 14 years old for most of our clients.
In order to activate this, the "birthdate" field must be a mandatory field upon registration.
Note that, on November 15th 2023, member profile data for children below 14 years old was erased from our system. Cards, transactions, rewards, points and punch balance data was not erased as it is not Personal Identifiable Information (PII).
Privacy Policy
When a member has already accepted the privacy policy, you can force them to accept a newer version. If you were to update your privacy policy on the portal this fuunctionality can be used to get member members to accept it again.
DataCandy Platform
Member Profile Anonymization
This functionality automatically anonymizes the profile data of members who have been inactive for a specific period of months.
This has been set to 24 months by default, for most of our clients.
It is important to note that once a profile is anonymized it is irreversible.
Gift Card Order Data Anonymization
This functionality automatically anonymizes all PII data that has been collected during the purchasing of digital or physical gift card online.
This has been set to 24 months by default, for most of our clients.
It is important to note that once the data is anonymized it is irreversible.
Lights-Out - "Member Nurturing" Email
This will automatically ask members to opt-in to receive communications before their "implied consent" expires, after 2 years.
Target lists created in the DataCandy backoffice (DC PRO only)
They can be used to filter out members who have not given communication consent to exclude them when sending a campaign.
DataCandy API Suite
We have adjusted our APIs in order to help integrators and 3rd party systems to remain compliant when sending information to DataCandy:
Delete a profile: We offer the ability to integrators to request the deletion of a profile in DataCandy. This touches only the member porfile information. Cards, transactions, rewards, points and punch balance data are not impacted.
Enforce the privacy policy acceptance: We offer ability to refuse any loyalty profile creation or updates unless the privacy policy has been accepted and sent to DataCandy by the integrator.