What personal data we are allowed to collected or display
The Contentsquare solution is built for allowing the processing of very limited scope of personal data in order to get the value for our customers. We see Data Minimization as an important pillar in our organization and vision - process and expose only what is necessary.
For that purpose, in the Experience Monitoring solution, we allow different types of personal data to be collected, exposed, encrypted/hashed or completely blocked and prevented from processing.
Here are the following different types:
Personal Data that can be processed (without encryption/hash | Examples of personal Data that can be processed (only with encryption/hash) | Examples of sensitive or regulated data that cannot be processed |
Unique number cookie (ID / UID) IP address Online behavior data
|
Name Address Phone Number Email Address Job Title Client account number Order ID Booking ID *This list is not exhaustive |
Health data (including mental health, physical condition, provision of health care and treatment, disabilities, payment for the provision of health care, and other health or genetic information) Bank, financial account details and credit/debit cards Illegal behaviors and criminal record Drug or alcohol abuse Sexual behavior/orientation and sex life National ID number Passport / Visa number Drivers' license Social security number Passwords Payroll and benefits information Employee records (e.g., disciplinary actions, grievance information, leave of absence, tax, benefit or pension records, etc.) Racial or ethnic origin Political opinions Religious or philosophical beliefs Trade union membership Genetic and biometric Children *This list is not exhaustive |
Free text fields should be assessed as to the purpose of such a field and the chances of such a field containing a certain type of personal data. If such assessment deems such field as high risk of sensitive or regulated data, this field should not be allowed to be collected and processed by Contentsquare. For example:
- Free text fields in a “health screening” page in an insurance company website will most certainly contain health information and should not be collected or processed by Contentsquare.
- An open search free text field adjacent to a credit card input field on the payment page - there is a high risk of people typing in their credit card numbers into this open text field and therefore should not be allowed.
- A free text field labeled “Coupon Code” in a checkout page - risk of it containing sensitive or regulated data is very limited and therefore collection and processing of such data (with encryption/hash) will be acceptable.
For any concerns or questions on a specific field risk assessment - please consult your legal department.