What has Bazaarvoice done about GDPR?
Bazaarvoice made changes such as Privacy and Data Handling policy updates, reduced retention schedules, improved subject rights access requests, etc. Additionally, we have Data Processing Agreements for all clients who wish to execute them and for all vendors where needed.
What personal data is processed?
The scope of processing depends on the services we provide to you, but you can see a full breakdown within our Data Processing Agreement. Please request a copy from your CSD or from email@example.com if it has not already been provided.
Does Bazaarvoice use third parties to process data?
Yes, the Bazaarvoice platform is dependent on third party services. A list of our subcontractors, along with their functions, locations and other important information can be provided on request and there is a Portal page where e you have access to this information.
Where is the data stored?
This is dependent on your set-up, but by logging into the portal you will be able to see which subcontractors are relevant to you and where they host or otherwise process the data.
How long is the data stored?
Currently, the data is retained for the duration of your contract with Bazaarvoice or until we receive a request from you for deletion. Once we receive a deletion request, or when the contract ends, the data is deleted from the main database and can no longer be accessed. Data may reside in backups for up to one year, however if Bazaarvoice ever restores data from a backup we will take steps to ensure that data that was previously deleted does not remain in production systems.
How do you keep our data secure?
The technical and organisational measures that we have put in place are set out in our Data Processing Agreement. For a greater level of detail you can request a copy of our security white paper from your CSD.
What cookies does Bazaarvoice use and what happens if we deactivate them?
Bazaarvoice has prepared an overview of the cookies we use in connection with the services and will make this information available to our clients over the next week via our Knowledge Base.
We use the Bazaarvoice API, are there any technical requirements we need to consider?
As with the hosted services, our clients have complete of the end-user interface. Your legal advisors will be able to tell you what they consider is appropriate for your applications.
What happens if a consumer wants to access/rectify/delete their data?
Bazaarvoice has both a Privacy API and a Portal feature which can be used to send data deletion requests and subject access requests to the Bazaarvoice system.
- The API allows you to build automated processes into your systems to respond to these requests in a timely and convenient manner.
- The Bazaarvoice Portal features an area where authorized users can initiate data subject access requests and requests to delete personal data. This intuitive and easy to use interface allows clients who wish to manage these requests in a more hands-on manner the ability to do so.
Can we continue to send PIE emails?
As a service provider, Bazaarvoice does not make the decision as to whether or not the PIE emails are marketing or transactional but in general our clients do use PIE in a purely transactional way. Our best practice guidelines recommend that our clients do not use PIE emails for marketing purposes. If you have any doubts, check with your legal team for advice on what to avoid.
Do we need to change our website/submission form terms and conditions?
I have heard that we will need to update our contract with Bazaarvoice — how can we do that?
Our GDPR-compliant Data Processing Agreement covers all the requirements of the Regulation, including provisions for non-EU data transfers. Please request a copy from your CSD or from firstname.lastname@example.org if it has not already been provided.
Who is Bazaarvoice’s Data Protection Officer?
Bazaarvoice’s appointed Data Protection Officer/Representative is Christian Schmoll.
You can also send general queries or notifications to email@example.com