GDPR

The fulfillmenttools platform is GDPR-compliant.

All customer-related data that was needed for the fulfillment process (like names, addresses, and contact details) is anonymized once all evolved entities are operationally in a final state. The exact date for anonymization is configurable via API. The field retentionTime defines how many days after creation, operationally finished processes are anonymized. The default value is 30 days after the process is operationally finished.

Furthermore, anonymized entities are deleted after a configured period (default deletionTimeAfterRetention 180 days).

This deletion functionality only deletes operational data. The anonymized is still stored for analytics.

Auditing is in place to track changes to entities (e.g., pick job, order, etc.). The audit entries contain the date, the affected entity, the operation (e.g., canceling an order, closing a pick job), and the username and the user ID of the user who performed the operation. GDPR configuration contains the attribute actorAnonymization. If it is missing or set to true, the username and user ID are stored anonymized in the audit entry. If set to false, the data is written without being anonymized. The default value is true.

Please visit the Developer Docs for more information on how to change the GDPR configuration via the GDPR REST API.

Last updated 3 days ago