So... you've got a data request from Personified

If you're reading this, a data request has been made on behalf of an individual (customer) by Personified to your company.

As the DPO, Compliance Advisor or Data Controller (whatever you may be), you've probably got questions. We've answered key questions below.

What is Personified? 

Personified is an Artificial Intelligence recommendation engine that personalises digital ordering experiences for individual customers digitally.

 

To do this, (1) we enable individual customers to gather and combine their customer data shared across various digital platforms they have interacted with using their rights layed out in Article 20 GDPR. We store it securely at Personified - this data can be viewed by the customer.

 

(2) The gathered data is analysed by our AI (Artificial Intelligence) to derive their preferences and when they (the individual) signs in at our partnered digital ordering platforms (via Personified's SSO), their experience is highly personalised with relevant product, search, content and discount recommendations. We do not expose the full data to the digital ordering platform, recommendations are made via API requests.

What is a Data Portability Request? 

Under GDPR law, individuals have the right to demand the transfer of their data from one data controller to another. The individual named in the corresponding email we sent to you has asked us to receive the data from you. We agreed and offered to inform your company.

Do we have to respond?

Yes. The request is legally grounded in Article 20 GDPR

How long do we have to respond?

Your company must provide the requested information without undue delay and in any event within 30 days of receipt of the request. Under certain circumstances you are allowed to turn down the request or extend the deadline to 90 days. Please get in touch with a certified GDPR lawyer to ensure your actions are in line with the law.

Can I charge Personified or the Customer?

You must answer this request without cost.

How do I make sure that I’m not passing data to an unauthorised person?

Personified verified that the applicant has access to the given email address and mobile number using established methods. For this we've sent the customer a confirmation link to their email address and an OTP to their mobile phone number. Please check them against your database. If you can’t find a match you still need to inform us about the outcome.

How should the data be presented? 

Article 20 (1) GDPR requires transmission in a “structured, commonly used and machine-readable format”. To meet this requirement, we suggest using one of the following formats:

txt, rtf, excell, csv, html, xml, open doc. Please also include an intelligible description of all variables.

How shall I protect the data during transmission?

As Article 20 (1) GDPR stipulates the need to transmit “data to another controller without hindrance from the controller”. Therefore, please refrain from encrypting the data to be sent to us, securing it with a password or making access difficult in any other way. If you choose to send the data via email in response to our requests, you take the risk of data being lost or stolen during transmission. We can support you by providing a dedicated webpage where you can safely upload the files. Feel free to message us if you are interested in this solution.

What happens if the request is not answered?

If your organisation does not answer the request within the stated period, the data subject has the right to take legal action against you and to lodge a complaint with the responsible supervisory authority which may be supported by Personified.

Does Personified sell customer data?

No. We do not sell customer data.