How can I ensure my company is compliant with the General Data Protection Regulation (GDPR) while using The Sift Digital Trust & Safety Platform?
Your legal and compliance teams are the only ones who should address your company’s compliance with the GDPR. Here are some things that you can share with them:
- If your company receives a rights request, you can contact us to process that request by emailing email@example.com. Please note we process batches on a weekly basis.
- If requested, we are able to execute a Data Protection Addendum (DPA) with you. Please contact firstname.lastname@example.org or your contact at Sift to put one in place.
How does GDPR impact my use of Sift?
There are three ways in which you may notice GDPR affecting your experience:
- When searching in the console for an end user who has been removed due to an honored rights request, you will see a message that says This user has been deleted for compliance reasons.
- When searching in the console for an Order ID or Email Address connected to an end user who has exercised a rights request, your search will return no result.
- When an API request is sent for end users that have submitted a successful right to object request, Sift will respond with HTTP error code 451*. More info on this below.
What should I do if my customer contacts me with a Rights Request?
If you would like to submit a rights request to our Privacy Team, contact email@example.com with that request. Please note that you are responsible for verifying the identity of the data subject (i.e. the end user) before submitting the request to Sift.
Can my customers contact Sift directly to process a rights request?
Yes, Sift data subjects (i.e. your customers) can email firstname.lastname@example.org to have these requests processed under the GDPR.
*What is a 451 error?
When an API request is sent for an end user that submitted a successful right to object request, Sift will respond with a 4XX class HTTP error. The specific HTTP error code will be 451. Because it’s a 4XX class error, developers should not retry the request.
Here’s an example of what the response from Sift will look like:
"error_message": "Unavailable For Legal Reasons: End User Has Opted Out of Data Processing",