GDPR Compliance
What’s on this page?
Tulip is committed to protecting consumer data and providing our retail partners with transparency and control of their customer data so that compliance with regulations like the General Data Protection Regulation is straightforward.
Communication Opt-In
Consumers within the EU/EEA must now formally opt-in to receive marketing communications from a retailer. This new opt-in process consists of two parts:
- The retailer must invite the customer to receive further communication.
- The customer must be able to specify the specific ways in which the retailer can communicate with them. Communication methods can include email, text message, phone, or mail. The customer’s response is stored as a communication status that becomes part of their customer record.
GDPR also enforces that retailers capture a proof of customer consent to receive communication and maintain an audit trail of when, where and how the consent was communicated by the customer.
Tulip Clienteling helps customers to be GDPR Compliant by enabling retailers to capture their customers' communication preferences as well as capturing their consent within the application which can then provide an audit trail into the customers' communication opt in activities.
Customer Opt-In using Tulip Clienteling
On a Tulip-enabled device, the communications opt-in process required for the GDPR can happen in person in-store.
New Customer
If a customer record for the customer does not exist with the retailer, the associate can create a new customer record by handing over their device to the customer to fill out their information, or by sending them a link to the customer capture form which the customer can open on a device of their choice.
For more information, see Customer Capture.
Updating Opt-In Preferences for Existing Customers
A store associate taps on a customer’s profile to access an opt-in consent form. The store associate then passes the device to the customer to enable them to specify their opt-in preferences. The customer also provides a signature which as a digital proof of their consent. An updated date-stamped record is created within the customer profile (Notes) in order to comply with GDPR regulations.
Note:
Tulip does not provide out-of-the-box capability for customers to remotely access the Tulip opt-in consent form and update their opt-in preferences. Some retailers may provide a way for customers to update opt-in preferences via their e-Commerce webpage which can then sync with their CRM, and in turn with Tulip.
Communication Opt Out using SMS
Customers can opt-out of Tulip-initiated Clienteling text message communication at any time by replying with STOP
.
When the customer’s response is received, Tulip automatically updates the opt-in status on the customer profile to prevent the customer from receiving future Clienteling text messages.
Customer Delete
The GDPR gives rights to EU/EEA customer (known in the regulation as data subjects) to manage the personal data that has been collected by a retail organization (known in the regulation as a data controller).
These rights include:
- obtaining copies of it
- requesting changes to it
- restricting the processing of it
- deleting it (which is also known as ‘the right to be forgotten’)
- receiving it in an electronic format so it can be moved to another data controller.
Tulip provides out of the box functionality to support customer information deletion requests.
In cases where a customer requests that their data be deleted (either verbally or in writing), all of the customer’s information must be hashed from Tulip systems within 30 days of the request being made. This is a one-way encryption of personally identifiable information that cannot be decrypted to recover the original information. Any data that is not needed for metrics or transactional information is deleted. The one-way encryption uses a consistent salt for the entire deletion to ensure that data is encrypted in a way that preserves relational data integrity.
Manage Deletion Requests
Retailers can use Tulip self-serve tools to fulfill data subject requests to delete customer data. Tulip provides corporate office with the ability to select customer records and initiate the fulfillment method specified by and configured for the retailer.
Beyond the customer’s profile information, additional referential data is also affected including (but not limited to): associated analytic data, past order data, Client Book associations, relevant customer follow-up tasks, all customer communication history, customer activity logs, and customer notes.
Available Configurations
Retailers can configure this feature in the following ways:
Field | Configurable Elements |
---|---|
Customer Delete | Configure the customer deletion method (Delete, Mask, or Hash) |