Customer removal tool removes all personal data of an individual(s) collected by Nosto based on an email address in case you as a merchant receive a request to remove personal records of an individual. You can find the tool under Settings > Data Controls > Customer Removal Tool. Insert customer’s email(s) into the field provided and click Remove data.
In case you want to remove all personal data, you can choose remove all -option.
The tool will remove customer’s browsing and shopping data from Nosto if found. On the contrary, if an email address is not found, Nosto doesn’t have a record of the individual meaning that possible data is anonymous and deleting cookies from a browser fundamentally removes a possibility for Nosto to identify the individual. The tool is a removal tool and doesn’t blacklist a user, meaning if that they register or shop again on your site, Nosto will create a record of an individual again.
When an email is submitted to the removal tool, the following happens:
Nosto’s customer records with that email will immediately be anonymised so that the email and name information is cleared out. The customer record is attached to the end user’s browser via a cookie. The customer record is also marked as discontinued, so if the browser that has the related cookie comes back to the site, the customer record will not continue and instead a new blank customer and new cookie will be given to the end user.
Nosto’s information storing behavioral data related to the customer in our database will also be immediately anonymised by clearing of any identifiable information (email, first name, last name, ip-address, user-agent string from browser).
A process is scheduled to anonymise the same visit information during next 24 hours from our slower longer term storage.
It should be noted that:
Already sent emails are not removed (these are technically already in user's inbox)
Possible order data is not removed due to billing purposes, but personal data identifying a user is.
Product data is not removed, but personal data is.
In short, the personal data needed to identify a user and possible email are completely removed, respecting and according to GDPR article 17.