Data and privacy

Businesses must keep well informed of data protection regulations to avoid facing legal consequences or paying heavy fines. Nexway Monetize helps you to use the General Data Protection Regulation!

What is GDPR?
The General Data Protection Regulation (GDPR) is the primary legislation adopted by the European Union (EU) to regulate how companies protect EU citizens’ data.

The GDPR affects any organization or company that does online business with European residents and processes (accesses, collects, receives, stores) the personal data of individuals residing in the EU, regardless of the company’s location. These companies are required to take the necessary steps to comply with the regulations.

How does Nexway make you GDPR compliant?
Nexway Monetize is a GDPR-compliant solution, that ensures that you are on the right side of the law.

One of the main conditions of the GDPR is that EU residents have a say in how their data is collected, processed and stored and any organization or company that wants to process this data must have their express consent. At Nexway we have implemented some strategies to align with this condition and ensure that consent is properly handled:

• Appointment of a designated Data Protection Officer (DPO) to ensure that all regulations are followed and the shoppers/EU residents’ rights are upheld.
• Integration of clear and actionable consent management tools for your end-user into all points throughout the customer journey (cart, end-user portal, emails, etc.).
• Creation of a consent management service to help you manage your shoppers’ consent through APIs if needed.
• Integration of an “Unsubscribe” link in all emails, including marketing campaigns (customizable to fit customers’ brand)

Consent management
When you sign up to use Nexway Monetize, you sign a data transfer agreement which clearly states how consent is to be managed and the respective roles and responsibilities of you and us.

We collect and process personal data on your behalf and operate as a single source of truth regarding shoppers’ consent to use his data. We also give you the possibility to retrieve the consents of your customers and thus be your own single source of truth.

Shopper consent is mainly used for marketing campaigns. Nexway can handle these campaigns and any other shopper-related emails for you but you can also do this by yourself. In any case, before any emails that are not strictly related to a purchased service or product are sent to a shopper we need to know if they consented to receive emails. To make this consent information readily available to all the parties involved, we implemented the Consent Service.

Nexway Monetize Consent service

The Consent service is used to help manage consumer (shopper) consent. It collects and processes consent events to compute and provide consent status where it is required/needed. It collects events with user information from several sources that include the following:

• Shopping cart
The consent service is used each time a cart is validated during a purchase. When a shopper makes a purchase, they are prompted to consent to receive emails with offers as part of marketing campaigns. The response is then collected and sent to the Consent service.
• End-user account
The shopper can subscribe to or unsubscribe from receiving marketing emails in their user account.
• Emails
Shoppers can withdraw consent via an “Unsubscribe” link that is included in all emails they receive from Nexway.
• Customer Care
Shoppers inform their Customer Care representative of their desire to receive emails or withdraw their consent, who in turn updates the shoppers’ profile with this information.

After collecting events the Consent service computes shopper consent status. The consent service then makes the consent status available via API to the following:

• Nexway Center
You can consult the consent status of each shopper who purchased from your store.
• Nexway Customer (You)
You can request the consent status for individual shoppers or all the shoppers of your store via API.
• Marketing Campaign Managers
The tool or company that handles marketing campaigns on your behalf can get user consent information from the consent service via API to ensure that only shoppers that gave their consent are sent emails.

See below for examples of how to retrieve consent status and send consent information (events) to the Consent service.

Example
You want to retrieve the consent status of shoppers who uses your store

• For a particular shopper
via Nexway Center
An end-user profile is generated for each shopper that completes an order on a store. You can retrieve their consent status (along with other personal data) from this profile, which lets you know if they have consented to receive email offers or not.
via API
Make an API request with the following:
GET
https://api.nexway.store/consent-manager/consents?userEmail=john@doe.com&storeIds={storeId}

• For all the shoppers who use your store
via API
Make an API request with the following:
GET
https://api.staging.nexway.build/consent-manager/consents?storeIds={storeId}

Consent results
• “consentStatus”:{“newsletterOptin”:true}
means the shopper wants to receive email offers
• “consentStatus”:{“newsletterOptin”:false}
means the shopper does not want to receive email promotions, etc.

Example
You want to include an unsubscribe link in emails intended for the shopper John Doe
Integrate the following link into the email:
https://api.nexway.store/consent-manager/public/ui/unsubscribe.html?id={storeId}&userEmail=john@doe.com
where
• “Id” is the storeId of the store where the shopper made their purchase
• “userEmail” is the email address of the shopper

This link takes the shopper to a landing page that allows them to withdraw their consent from receiving emails.

Nexway will receive, by API, the new consent information if the user decides to unsubscribe from the mailing list.

Example
You want to send a new subscription status to Nexway
A shopper did not consent to receive emails during the purchasing experience but while activating a product license that you provide by email, they decide to subscribe to your mailing list using a link that you provide. Nexway does not have this new consent information. To ensure that Nexway has up-to-date information, send the consent information to us by API using the following:

POST
https://api.nexway.store/consent-manager/public/ui/subscribe.html?id={storeId}&userEmail=john@doe.com

Questions?
We are always happy to help you and answer your questions about coding and other topics, please consult all our documentation, contact your account manager or contact our sales team.

Cookie	Duration	Description
__cf_bm	30 minutes	This cookie, set by Cloudflare, is used to support Cloudflare Bot Management.
_GRECAPTCHA	5 months 27 days	Google Recaptcha service sets this cookie to identify bots to protect the website against malicious spam attacks.
cookielawinfo-checkbox-advertisement	1 year	Set by the GDPR Cookie Consent plugin, this cookie records the user consent for the cookies in the "Advertisement" category.
cookielawinfo-checkbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checkbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
CookieLawInfoConsent	1 year	CookieYes sets this cookie to record the default button state of the corresponding category and the status of CCPA. It works only in coordination with the primary cookie.
PHPSESSID	session	This cookie is native to PHP applications. The cookie stores and identifies a user's unique session ID to manage user sessions on the website. The cookie is a session cookie and will be deleted when all the browser windows are closed.
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.

Cookie	Duration	Description
_uetsid	1 day	Bing Ads sets this cookie to engage with a user that has previously visited the website.
_uetvid	1 year 24 days	Bing Ads sets this cookie to engage with a user that has previously visited the website.

Cookie	Duration	Description
_ga	1 year 1 month 4 days	Google Analytics sets this cookie to calculate visitor, session and campaign data and track site usage for the site's analytics report. The cookie stores information anonymously and assigns a randomly generated number to recognise unique visitors.
_ga_*	1 year 1 month 4 days	Google Analytics sets this cookie to store and count page views.
_omappvp	1 year 1 month 4 days	The _omappvp cookie is set to distinguish new and returning users and is used in conjunction with _omappvs cookie.
_omappvs	20 minutes	The _omappvs cookie, used in conjunction with the _omappvp cookies, is used to determine if the visitor has visited the website before, or if it is a new visitor.
CONSENT	2 years	YouTube sets this cookie via embedded YouTube videos and registers anonymous statistical data.
vuid	1 year 1 month 4 days	Vimeo installs this cookie to collect tracking information by setting a unique ID to embed videos on the website.

Cookie	Duration	Description
MUID	1 year 24 days	Bing sets this cookie to recognise unique web browsers visiting Microsoft sites. This cookie is used for advertising, site analytics, and other operations.
NID	6 months	Google sets the cookie for advertising purposes; to limit the number of times the user sees an ad, to unwanted mute ads, and to measure the effectiveness of ads.
VISITOR_INFO1_LIVE	5 months 27 days	YouTube sets this cookie to measure bandwidth, determining whether the user gets the new or old player interface.
YSC	session	Youtube sets this cookie to track the views of embedded videos on Youtube pages.
yt-remote-connected-devices	never	YouTube sets this cookie to store the user's video preferences using embedded YouTube videos.
yt-remote-device-id	never	YouTube sets this cookie to store the user's video preferences using embedded YouTube videos.
yt.innertube::nextId	never	YouTube sets this cookie to register a unique ID to store data on what videos from YouTube the user has seen.
yt.innertube::requests	never	YouTube sets this cookie to register a unique ID to store data on what videos from YouTube the user has seen.

Cookie	Duration	Description
_pk_id.5.5901	1 year 27 days	Description is currently not available.
_pk_ses.5.5901	30 minutes	Description is currently not available.
BITRIX_SM_kernel	4 hours	Description is currently not available.
BITRIX_SM_kernel_0	4 hours	Description is currently not available.
qmb	session	No description available.
VISITOR_PRIVACY_METADATA	5 months 27 days	Description is currently not available.

Data and privacy

Nexway Monetize Consent service

Related

Leave a Reply

Leave a Reply Cancel reply

LET’S STAY IN TOUCH

Solutions

About

Legal & privacy

Contact us