Data handling

Page actionsInformation on cookie usage, server-side data processing, personal data removal policies, and security measures for user activity tracking and data storage.

The Crownpeak Product Discovery activities SDK uses persistent cookies (or browser local storage) to store a user's session ID or a boolean representing user's opt-out choice. The session ID is either provided or generated by the SDK. When generated, it will be represented by a UUID.

The cookie persists until the user clears their browser cache.

Server side data processing

Collected data

Data points

Purpose

Data processor

Session ID and the anonymized logged in user ID (email, username, user ID)

Cookie matching feature and calculation of user journeys

Crownpeak

User traits (you decide what exact information is being sent)

Enables the use of personalization algorithms

Crownpeak

Users IP addresses

Operational monitoring (capability to implement active protection and to do post-mortem security reports in case of attacks or breaches)

Crownpeak

Personal data removal policies

Activity events data

User information is anonymized and impossible to retro-match to an individual user. All users activity data will be stored on the Crownpeak platform as long as the client contract dictates the access to services.

Operational data

The policy for operational logging is as follows:

Online log analysis sub-system (ELK): Rolling window of 2 months
Backup of logs: Retained for 2 years with regular monthly purging

Security measures

Segregation: Strict access controls to ensure proper separation of sensitive data
Changing Security Settings: Only privileged administrators with dedicated and trained teams can modify security settings
Encryption: Applied to logging storage to protect data integrity
Secure Communication: All communication over the internet uses secure transport protocols (HTTPS/SSH)

Place of processing

User data (IDs, traits, IPs) is stored and processed in the EU. Activity events are stored and processed in the EU and the same region as FHR or XO.

FAS/XO region

User data (IDs, traits, IPs)

Activity data

US + EU

AP + EU

PreviousBest practice NextAcronyms and abbreviations

Last updated 3 months ago

Browser cookie

The cookie persists until the user clears their browser cache.

Server side data processing

Collected data

Data points

Purpose

Data processor

Session ID and the anonymized logged in user ID (email, username, user ID)

Cookie matching feature and calculation of user journeys

Crownpeak

User traits (you decide what exact information is being sent)

Enables the use of personalization algorithms

Crownpeak

Users IP addresses

Operational monitoring (capability to implement active protection and to do post-mortem security reports in case of attacks or breaches)

Crownpeak

Personal data removal policies

Activity events data

Operational data

The policy for operational logging is as follows:

Online log analysis sub-system (ELK): Rolling window of 2 months

Backup of logs: Retained for 2 years with regular monthly purging

Security measures

Segregation: Strict access controls to ensure proper separation of sensitive data

Changing Security Settings: Only privileged administrators with dedicated and trained teams can modify security settings

Encryption: Applied to logging storage to protect data integrity

Secure Communication: All communication over the internet uses secure transport protocols (HTTPS/SSH)

Place of processing

User data (IDs, traits, IPs) is stored and processed in the EU. Activity events are stored and processed in the EU and the same region as FHR or XO.

FAS/XO region

User data (IDs, traits, IPs)

Activity data

US + EU

AP + EU