Privacy management

Adobe Campaign offers a set of tools to help you comply with Privacy regulations (including GDPR, CCPA, PDPA, LGPD).

  • This section presents general information on what Privacy management is and the features provided by Adobe Campaign to manage the Right to Access and Right to be Forgotten.

  • It also contains information on important features to manage Privacy (Consent, Retention and Roles), as well as best practices to help you with your Privacy compliance when using Adobe Campaign.

Regulations on privacy management

Adobe Campaign’s capabilities help you comply with the following regulations:

  • GDPR (General Data Protection Regulation) is the European Union’s (EU) privacy law that harmonizes and modernizes data protection requirements for EU’s countries.
  • CCPA (California Consumer Privacy Act) provides California residents new rights in regards to their personal information and imposes data protection responsibilities on certain entities whom conduct business in California.
  • PDPA (Personal Data Protection Act) is the new privacy law that harmonizes and modernizes data protection requirements for Thailand.
  • LGPD (Lei Geral de Proteção de Dados) will be effective early 2021 for all companies collecting or processing personal data in Brazil.

All of these regulations apply to Adobe Campaign customers who hold data for Data Subjects residing in the respective regions or countries mentioned above (EU, California, Thailand, Brazil).

NOTE

For more on personal data and on the different entities that manage data (Data Controller, Data Processor and Data Subject), see Personal data and Personas.

Right to Access and Right to be Forgotten

In order to help you facilitate your Privacy readiness, Adobe Campaign allows you to handle Access and Delete requests.

  • The Right to Access is the right for the Data Subject to obtain from the Data Controller confirmation as to whether or not personal data concerning them is being processed, where and for what purpose. The Data Controller shall provide a copy of the personal data, free of charge, in an electronic format.

  • Also known as Data Erasure, the Right to be Forgotten (delete request) entitles the Data Subject to have the Data Controller erase his/her personal data, cease further dissemination of the data, and potentially have third parties halt processing of the data.

To learn how you can create Access and Delete requests and how Adobe Campaign processes them, refer to the implementation steps.

In addition to the most recent Right to Access and Right to be Forgotten capabilities, Adobe Campaign offers other important features that are essential to Privacy:

  • Consent management: subscription functionality for preference management
  • Data retention: data retention periods on all standard log tables, additional retention periods can be set up with workflows
  • Rights management: data access managed by named right

Consent signifies agreement by the Data Subject to the processing of personal data relating to a Data Subject. Obtaining any necessary consent for that processing is the responsibility of the Data Controller. While Adobe Campaign may provide some features to help a customer manage consent related to the service, Adobe is not responsible for consent. Customers should work with their own legal departments to determine their own processes and practices for any necessary consent.

The features to help manage some aspects of consent have been core to Adobe Campaign since the beginning. Through the subscription management process, customers can track which recipients have opted-in to which type of subscriptions whether it be newsletters, daily or weekly promotions, or any other type of marketing program.

For more on Consent management, refer to the detailed documentation.

In addition to the Consent Management tools provided by Adobe Campaign, you have the possibility to track whether a consumer has opted-out for the sale of Personal Information. Refer to this section.

Data retention

Regarding retention, built-in log tables in Campaign have pre-set retention periods on them, generally limiting their data storage to six months or less.

The following are the default retention values for built-in tables. Be aware that the retention configuration is set by Adobe technical administrators during implementation and values may vary for each implementation, based on customer requirements.

  • Consolidated tracking: 1 year
  • Delivery logs: 6 months
  • Tracking logs: 1 year
  • Deleted deliveries: 1 week
  • Import rejects: 6 months
  • Visitor profiles: 1 month
  • Offer propositions: 1 year
  • Events: 1 month
  • Statistics of event processing: 1 year
  • Archived events: 1 year
  • Pipeline events ignored: 1 month

And similar to delete, using standard workflow functionality, it is possible to set up retention periods for any custom table.

Reach out to the Adobe consultants or technical administrators to learn more about retention or if you need to set retention for custom tables.

Rights management

Adobe Campaign provides you the ability to manage the rights assigned to the various Campaign operators via different pre-built or custom roles.

One benefit is this allows you to manage who within your company can access different types of data. For example, you might have different marketers covering different geos and each marketer can only access data from their geo.

Similarly, this functionality also allows you to configure different capabilities for each user, such as limiting who can send deliveries, or more relevant for Privacy management, who can modify or export data.

For more on access management, refer to the detailed documentation.

On this page