Customer removal tool removes all personal data of an individual(s) collected by Nosto based on an email address in case you as a merchant receive a request to remove personal records of an individual. You can find the tool under Settings > Data Controls > Customer Removal Tool. Insert customer’s email(s) into the field provided and click Remove data.
In case you want to remove all personal data, you can choose remove all -option.
The tool will remove customer’s browsing and shopping data from Nosto if found. On the contrary, if an email address is not found, Nosto doesn’t have a record of the individual meaning that possible data is anonymous and deleting cookies from a browser fundamentally removes a possibility for Nosto to identify the individual. The tool is a removal tool and doesn’t blacklist a user, meaning if that they register or shop again on your site, Nosto will create a record of an individual again.
When an email is submitted to the removal tool, the following happens:
- Nosto’s customer records with that email will immediately be anonymised so that the email and name information is cleared out. The customer record is attached to the end user’s browser via a cookie. The customer record is also marked as discontinued, so if the browser that has the related cookie comes back to the site, the customer record will not continue and instead a new blank customer and new cookie will be given to the end user.
- Nosto’s information storing behavioral data related to the customer in our database will also be immediately anonymised by clearing of any identifiable information (email, first name, last name, ip-address, user-agent string from browser).
- A process is scheduled to anonymise the same visit information during next 24 hours from our slower longer term storage.
It should be noted that:
- Already sent emails are not removed (these are technically already in user's inbox)
- Possible order data is not removed due to billing purposes, but personal data identifying a user is.
- Product data is not removed, but personal data is.
In short, the personal data needed to identify a user and possible email are completely removed, respecting and according to GDPR article 17.