Data Privacy Guidelines for Data Integration

Owned by Sylvain Paillard
Last updated: Mar 14, 2022
2 min read

Boxalino is committed to provide the highest standards for the data processing of private customer information.

In these efforts, the following aspects are important to follow strictly in your integration of the Boxalino’s Data Integration Platform, JavaScript Tracker and Narrative API.

What we mean by Sensitive Non-Anonymized Data (SNAD):

Sensitive Non-Anonymized Data (SNAD) are data from which can be derived sensitive personal information about your customers.

SNAD include (but are not limited to):

  • First name

  • Middle name

  • Last name

  • E-mail address

  • Phone & Fax number

  • Date of birth

  • Street name and number

  • IP Address

  • Company name

  • VAT Number

Other data can be very sensitive and are to be treated with utmost security guidelines for private data processing, and do not belong to our definition of SNAD.

Examples of data which do not belong to our definition of SNAD:

  • Customer Account identifier*

  • Visitor identifier*

  • Session identifier*

  • Gender

  • Year of birth

  • Zip code

  • Municipality

  • State (Canton)

  • Country

  • product ratings

  • user generated content

  • order data: returned products (fully, partially cancelled or returned)

  • product data: product margin, price, competitors prices and stock

* only if it is not possible to extract any sensitive information out of the value

Exclude SNAD from Tracker Events

The information sent to the Boxalino JavaScript Tracker should not include any SNAD in the information tracked.

The JavaScript calls are done directly from the client (browser) of the customer and therefore do provide an IP address. Boxalino uses this IP address in real-time to extract information such as the region, country and weather, but does not keep the IP address in its data after processing it (except in short-term logs files which are rapidly deleted).

Exclude SNAD from API Requests

The information sent to the Boxalino Narrative API should not include any SNAD in the information tracked with the exception of the IP Address which should be exclusively provided in the request parameter name “User-Host” as documented here.

Similarly to the JavaScript tracker, Boxalino uses this IP address in real-time to extract information such as the region, country and weather, but does not keep the IP address in its data after processing it (except in short-term logs files which are rapidly deleted).

Only include SNAD in Data Feeds in specific fields

SNAD should be exported only in specific fields of the doc_user and doc_order data structures.

All the other data structures should not include any SNAD.

doc_user

The root level of doc_user, as well as each entry of the array “contacts” include the data-type CONTACT which includes the following SNAD fields:

  • firstname

  • middlename

  • lastname

  • date_of_birth

  • street

  • company

  • vat

  • street

  • additional_address_line

  • phone

  • email

  • mobile_phone

  • fax

No SNAD should be provided in any other places in the doc_user data.

doc_order

The doc_order data include SNAD in the following fields (from the root level) , as well as each entry of the array “contacts” include the data-type CONTACT (see SNAD fields of contacts above in doc_user).

  • email

No SNAD should be provided in any other places in the doc_order data.