Recording a customer's request to be forgotten
Learn how to record a customer's request to be forgotten.
You must establish a process to allow a customer to request to be forgotten where required by EU law. Digital River will remove a customer's information in accordance with our data deletion process if you initiate a request to be forgotten on behalf of your customer.
requestToBeForgottenis a boolean parameter that indicates whether or not a customer asked to be forgotten.
When a customer asks to be forgotten, Digital River logs the request to remove personally identifiable information (PII) from our system. PII is any information that someone could use to uniquely identify, contact, or locate an individual.
If you receive a request to be forgotten from a customer, you can programmatically set
trueon the Customer resource. If you receive a request to be forgotten from a guest user who has placed an order and for whom you have not created a Customer resource, you can set
trueon the Order resource.
To record the customer's request to be forgotten from the Dashboard.
- 2.Click All orders.
- 3.Click an identifier link under the ID column.
- 4.Under Customer, click the Request removal of personal information link.
- 5.Click Confirm.
Update a Customer object for a specific customer that sets the
curl https://api.digitalriver.com/customers/5823594808 \
-u sk_test_db9682a2-b04a-4e94-8e11-35fe8ec0b324: \
"name": "John Smith",
"email": "[email protected]",
"organization": "Digital River"
Digital River will send a webhook to you that indicates we received the customer's request to be forgotten. When you receive the
customer.updatedwebhook with this change, send an email to the customer to confirm the change.
You can use the following text as a template when you send an email to a customer stating that you received and processed their request. Replace the variables with the appropriate information.
Subject: <%YOUR_SITE_NAME%> - Request for personal data removal has been received
Thank you for contacting <%YOUR_SITE_NAME%>. We have received your request to remove your personal data from our records.
Please note: This email message was sent from a notification-only address that cannot accept incoming emails. Please do not reply to this message.
<%YOUR_SITE_NAME%> Customer Service