Articles 16 and 17 of the GDPR outline the right to erasure, also known as the right to be forgotten. All users have the right to be erased if any of the following criteria apply:
- Where your personal data is no longer necessary in relation to the purpose for which it was collected or processed;
- Where you withdraw your consent to the processing and there is no other lawful basis for processing the data;
- Where you object to the processing and there is no overriding legitimate grounds for continuing the processing (See point 6 below).
- Where you object to the processing and your personal data is being processed for direct marketing purposes (See point 6 below);
- Where your personal data has been unlawfully processed;
- Where your personal data have to be erased in order to comply with a legal obligation;
- Where your personal data has been collected in relation to the offer of information society
services to a child.
It is the right of the data controller to erase user data for any user based on a request that meets any of the above criteria. Pulsate has a number of tools to enable this, however, it remains the obligation of the data controller to ensure that user data is erased and to determine whether any of the above criteria has been met.
There are a number of methods that can be utilised in Pulsate erase a user and all of their data:
- Delete a user and their data in the Pulsate CMS
- Send an API call to Pulsate to delete a user and their data via the Pulsate Delete User endpoint
Please note that when a user is deleted in Pulsate, all historic data for that user will be deleted including campaign data, segment data, user messages and geofence and beacon data as well as all events and custom attributes for that user. This may result in some campaign or segment statistics being altered as the previous user data for a deleted individual will be erased.
To manually delete a user using the Pulsate CMS, go to that user's profile page and click the settings cog and press Delete.
When you press Delete, you will be asked to confirm this action before it is completed.
To confirm that you wish the user to be deleted, click Delete User.
When a user is deleted from Pulsate, that user will be blocked form all future Pulsate sessions and all future inbox requests for that user will also be blocked. If we have been sent an alias for a user, we will block start session and get inbox requests for that user on all current and future devices that use that alias. If no alias is present, the user will be blocked based on their device GUID.
To delete a user and their data using the Pulsate API, please see our documentation here.
When a user and their data is deleted it may take Pulsate some time to delete all of the user data for an individual and, depending on how many concurrent delete requests are underway, the user deletion may be placed in a queue to ensure that our system is not placed under unnecessary strain.
When a delete action is completed, Pulsate will automatically send an email to the admin that instituted the delete action confirming that all user data for that individual has been deleted. That email will act as a confirmation that the delete action has been successfully completed.