GDPR Overview

Terms and Conditions is a key part of GDPR and Affino has evolved the T&Cs functionality allowing you to assign different T&Cs on Registration, Checkout and Dynamic Forms. Affino also locks the Terms and Conditions text once a user agrees to it. Terms and Conditions text can only be created or modified when no users have agreed to it.

You can create T&Cs on the Terms and Conditions Profile control screen:

Control > Settings > Terms and Conditions Profile

Here are some key fields, with a help text, that you'll need set up in order to create a Terms and Conditions Profile:

• Name - Enter the Name that you wish to call this Terms and Conditions Profile.
• Terms and Conditions Text - Enter the text that you wish to DisplayEnter the text that you wish to Display.
• Live - Tick this box to publish this Terms And Condition Live to your website.

After you have successfully created your T&Cs, you need to assign it to your registration profile, checkout and dynamic forms.

Registration Profile

You can assign T&Cs to your registration channel on the Registration Profile control screen:

Control > Security > Registration Profile

Edit a Registration Profile and pick the relevant T&Cs in the Terms and Conditions field.

Note - after you have assigned a T&Cs on your Registration Profile, users who haven't agreed to the T&Cs will be diverted to their Edit Profile with an Agree to Terms and Condition message in order to continue. Affino will not allow any user to continue browsing on your site before they have agreed to the Terms and Conditions. These can be users who were imported through a mass import or 3rd party platform integration.

Checkout

You can assign T&Cs to your checkout channel on the Store Profile control screen:
Control > Commerce> Store Profiles

Edit your Store Profile and pick the relevant T&Cs in the Terms and Conditions field.

Dynamic Forms

You can assign T&Cs to any dynamic form on the Dynamic Forms control screen:
Control > Social> Dynamic Forms

Edit a Dynamic Form and pick the relevant T&Cs in the Terms and Conditions field.

Note - this will display an Agree to Terms and Conditions checkbox at the bottom of the form and link to the Terms and Conditions. If selected, the field will be required on the form.

The language on the Password Reset Profile needs to be changed as Affino now sends out a password reset link as opposed to a randomly generated password. It is also possible to force the passwords to be reset (important for GDPR insurance), and you may want to set up an SMS Provider Profile and account with TXT Local for SMS password resets.

You can change the language of your messaging on your Password Reset Profile:

Control > Security > Password Reset Profile

Note - new placeholders have been added to the email message notification and it is essential to include [_Reset_Link_] as this will send the Password Reset Link.

We are now introducing SMS as a new way to send password reset notifications.

If you would like to set this up, firstly, you will need to sign up with textlocal.com before you can create an SMS Provider Profile. Currently, Affino only supports TXT Local as default.

After you have successfully set up an account with TXT Local, you can proceed and create an SMS Provider Profile here:

Control > Security > SMS Provider Profiles

Here are some of the key fields, with a help text, that you'll need to set up in order to create an SMS Provider Profile:

• Name - Enter the Name you wish to call this SMS Provider Profile.
• Description - Enter a brief description of the profile or any additional information which outlines the purpose of the profile.
• Username - Enter your Username given to you by your SMS provider, in this case, TXT Local.
• Password - Enter the login password given to you by your SMS provider.
• Test Mobile Number - Enter a test mobile number for sending out a test SMS message. If no mobile number is entered then no test will be sent. The number must start with the international prefix.

After you have successfully set up an SMS Provider Profile, you will need to assign it to your current Password Reset Profile. Go to your active Password Reset Profile, hit edit, then select your new SMS Provider Profile.

You can do the above on the following screen:

Control > Security > Password Reset Profiles

Here is the key field, with a help text, that you need to look out for in the Password Reset Profile:

• SMS Provider Profile - Select the SMS Provider Profile used to send out the email verification code.

After this is done, this will be reflected on your Password Reminder channel. Users will see two options, Send Email and Send SMS to request a password reset link. Please bear in mind, only users with a Mobile number will be able to request an SMS password reset link. If the user does not have a mobile number on their profile, an email notification will be sent out to them notifying that it was not possible to send an SMS password reset.

Note - if an SMS Password Reset is in place, it is recommended to include Mobile field on your Registration profile.

- You will need to advise users to include an international prefix on their mobile number.

- it is also recommended to create an SMS password reset conversion event which triggers every time a user makes a password reset via SMS. You can also create a separate conversion event for password reset via email. If you previously had the Update Password Conversion Event, this needs to be replaced with Password Reset via Email Conversion Event.

The new My Preference Centre allows users to manage their preferences through the Member Channel. To set this up, first, you need to create a My Preference Profile and configure users preferences centre based on groups (Marketing | Law etc) with the different medium of communication (Phone, Mail, Email and SMS)

You can create a My Preferences Profile on the following control screen:

Control > Security > My Preferences Profile

Here are some of the key fields, with a help text, that you'll need to set up in order to create this profile:

• Name - Add a name to your preferences profile.
• Show Cookie Settings - With the introduction of Cookie Settings, you can display the Cookie Settings modal dialogue. Note that without this users may not be able to change their cookie settings, i.e. to turn them on or off after the initial acceptance.
• Group Name - Enter a name for the group of preferences (e.g. Marketing Information).
• Description - Add a description which best describes this group.
• Preference 1 - Enter the preference for users to sign up to (e.g. events marketing).
• Description - Add a description which best describes this preference.
• Marketing preference - Select if this is a marketing preference. When Unsubscribe From All Messages check box is selected on User Security, it will disable this preference so users are no longer sent any marketing messages.
• Preference Types - Select the Contact options displayed to users for this preference.

Note - ensure that the marketing preferences are clearly identified and tagged as marketing as this will be reflected on their Preferences Center screen through the Members channel and on the User Security control screen.

You can assign permissions associated with specific mailing lists. This is helpful in case a user deselects the associated preference, therefore, they will be automatically unsubscribed from the mailing list.

You can do this on the Mailing List control screen:

Control > Promote > Mailing List

Here is the key field, with a help text, that you need to look out for in the Mailing List:

• Preferences - select the preferences this mailing list is associated to. If a user deselects the associated preference on their profile, they will be automatically unsubscribed from this mailing list.

When the My Preferences Profile is ready, include the My Preferences Profile on your active User Profile. After this is done, this will be reflected on the Member Channel, please make sure you have a Member Channel set in Affino.

You can add the My Preferences Profile to the User Profile here:

Control > Security > User Profiles

Here is the key field, with a help text, that you need to look out for in the User Profile:

• My Preferences Profile - Select the Preferences Profile for managing user's contact preferences.

Note - As you will be using the Member Channel to display users Preference Profile but want to secure the Member Listing screen, you can do this via the new Member Listing Security Clearance on the Public Profile (Control > Security > Public Profiles)

You can make a mass import into Affino in case you already have your users' permissions stored on a 3rd party platforms or a different source.

You can do this through the User Preference Import control screen:

Control > Security > User Preference Import

Here are some of the key fields, with a help text, that you'll need set up in order to run an import:

• Document - It is recommended to use the sample file available on the help panel. When updating or deleting, the primary key for the User is (in descending order): UserCode, ExternalID and Email.
• Zone - Select the zone for which you wish to import user details.
• Batch reference - Enter a memorable reference. It is easier for you to manage which batch, in future, would like to delete or add more users preferences to this batch.

You can run an export of user's preferences based on an individual or account level. This can be useful if you need to push preferences data to 3rd party platforms.

You can do this through the User Preference Export control screen:

Control > Security > User Preference Export

Here are some of the key fields, with a help text, that you'll need set up in order to run an export:

• Contact - Select to export preferences for a single user.
• Account - Select to export preferences for users which belongs to an account.

Permission statements are used to log users' consent in subscribing to specific forums, mailing list, content subscriptions or whenever they download a document from your site. Once a user has agreed to a Permission, this will be recorded, with a timestamp, against the contact record, which can be found under the new Permissions tab on the Contact control screen.

Update: We have introduced Multi-preference Permission type. This is to be used on Media Items. You can now include preferences communication such as Telephone, SMS, Mail and Email, on your Permission statements. This is useful if you host third-party documents, such as white papers, and need to ask for consent if they wished to be contacted via these channels.

For Forums, Content Subscription and Mailing Lists, use Email-only Permission type.

You can create Permissions in the Permissions control screen:

Control > Security > Permissions

Here are some of the key fields, with a help text, that you'll need set up in order to create permissions:

• Name - Enter a name for this permission.
• Permission Statement - Enter the permission statement shown to users that they need to agree to. This could be assigned to Mailing Lists, Content Subscriptions, Forums and when a user downloads a media item.
• Skip Permission on Downloads - Select to display a Skip button for users to not give consent but still download the document media item.

Multi-preference Permission Type

• Preference Types - Select each preference to be displayed along with the permission statement on media downloads. This is only available for use with lead generation, e.g. when a user downloads a sponsored white paper.

NOTE - once a user has agreed with the statement, you won’t be able to modify the permission statement text.

- once the permission statement is saved, Affino will generate a Permission Code for you to use universally across Affino and 3rd party platforms.

After you have successfully created your permission statements, you need to assign the permissions to each forum, content subscription profile and mailing list. Note that whilst the mailing list permissions should be distinct to each mailing list, the forum and content subscription permissions can be the same across all of them as they all act in the same way in Affino.

Forum

You can assign permissions to forums on the Forums control screen:

Control > Social > Forums

Edit a Forums and pick the relevant permission in the Permission field.

Content Subscription

You can assign permissions to content subscription on the Content Subscription Profile control screen:
Control > Settings > Content Subscription Profiles

Edit a Content Subscription Profile and pick the relevant permission in the Permission field.

Mailing list

You can assign permissions to mailing lists on the Mailing List control screen:
Control > Promote > Mailing Lists

Edit a Maling List and pick the relevant permission in the Permission field.

Media Items *

You can assign permissions to documents media items on the Media Items control screen:
Control > Media > Media Items

Edit a Media Item and pick the relevant permission in the Permission field.

*Note - Only Multi-preference type can be associated. This is only available for documents type.

One of the key things is to keep a record of who has agreed to a permission, especially if you have a lead generation set up for a sponsor. Additionally, from being able to view who has agreed to a Permission via the Contact control center screen, you can also populate a contact list with these users which allows you to do much more such as targetting message campaigns, export, etc.

In order to do this, when you are in the process of creating/updating a contact list, you will see a Permission field which let you associate it with the contact list.

You can create Permissions in the Contact Lists control screen:

Control > Social > Contact Lists

Here is the key field, with a help text:

• Permission - Select the permission statement from which to create this contact list. When a user agrees to a permission statement, they will be automatically added to this contact list.

You can make a mass import into Affino in case you already have your users' permissions stored on a 3rd party platforms or a different source.

You can do this through the User Permission Import control screen:

Control > Security > User Permission Import

Here are some of the key fields, with a help text, that you'll need set up in order to run an import:

• Document - It is recommended to use the sample file available on the help panel. When updating or deleting, the primary key for the User is (in descending order): UserCode, ExternalID and Email.
• Zone - Select the zone for which you wish to import user details.
• Batch reference - Enter a memorable reference. It is easier for you to manage which batch, in future, would like to delete or add more users preferences to this batch.

You can run an export of user's preferences based on an individual or account level. This can be useful if you need to push preferences data to 3rd party platforms.

You can do this through the User Permissions Export control screen:

Control > Security > User Permissions Export

Here are some of the key fields, with a help text, that you'll need set up in order to run an export:

• Contact - Select to export preferences for a single user.
• Account - Select to export preferences for users which belongs to an account.

We have an updated in-depth Cookie Policy Overview guide which includes how to set up a Cookie Settings panel, include Cookie script via Design Script, Integration Script and Google Tag Manager. Click here to read the guide.

Affino does not track guest users, we want to make sure that is explicit on the cookie bar and in the cookie policy. It is recommended that the Consent Bar Text is updated to: 'By continuing to browse this site you are agreeing to the use of cookies. Browsing is anonymised until you sign up. Click for more info.' Click for more info should be a link to your Cookie Policy page. You will also want to update your cookie policy accordingly.

You will need to update your Cookie Policy to be GDPR compliant. You can see Affino’s here.

This is a list of cookies that Affino uses to deliver a better experience to you and your users:

• JSESSIONID: session cookie, http only
• VISITOR: permanent cookie, http only, not secure
• VISITORLOGIN: session cookie, js and http , not secure
• USER: Permanent cookie, http only, not secure
• USERSECURE: permanent cookie, http only, secure
• AWSALBCORS: is a Strictly Necessary AWS cookie for maintaining sessions across a load balancer
• AWSALB: is a Strictly Necessary AWS cookie for maintaining sessions across a load balancer

If the Zone's Store Profile has Stripe as a Payment Method, the following cookies are included:

• __stripe_mid 
• __stripe_sid

At this point you should subscribe to mailing lists, accept terms and conditions, subscribe to forums etc. and update your preferences in the preference centre to see how it all looks on your Contact > Permissions tab in the CRM.

Under the permissions tab, you can also view a contact log subscription history based on content subscription, mailing list and forums. Each log will tell you what action was done, either subscribed or unsubscribed, with a timestamp, permission name and statement.

On your Registration Profile, if you have Opt Out turned on, it is recommended to turn this off and allowing users to opt-in to your mailing list voluntarily.

Control > Security > Registration Profile

Here is the key field, with a help text, that you need to look out for:

• Opt Out - Select to have Mailing Lists pre-ticked, where Users need to untick boxes to opt out of Mailing List.

You need to allow users to request their right to be forgotten and this can be done by setting up a dynamic form and ensure that this is accessible in the relevant places in the site navigation. Please remember to associate the dynamic form with a key member/team in order to action it accordingly.

This can be done by archiving the user via the User Security screen.

Here's how affino.com has done this: www.affino.com/permissions-forms?cl=50

To archive a contact you go to the User Security and edit and then select the Archive option. At this point you'll be shown all the elements which will be removed and which will be placed in the Secure Enclave, and only accessible through an archive search in the User Security centre.

You can find the Archive button in the User Security control screen:

Control > Security > User Security

Here is the key field, with a help text, that you need to look out for in the Archive confirmation screen:

• Archive notes - You can add notes against the user record. If the user gets un-archived, these notes are kept for reference.

You need to allow users to request their personal data and this can be done by setting up a dynamic form and ensure that this is accessible in the relevant places in the site navigation. Please remember to associate the dynamic form with a key member/team in order to action it accordingly.

Here's how affino.com has done this: www.affino.com/permissions-forms?cl=53

You can export individual user data by going to the User Security and click Export User Data which can be found below Unsubscribe From All Marketing or through the User Export control screen.

You can search for an individual through the User Security control screen, click on the name (not the edit button) then Export User Data:

Control > Security > User Security

Alternatively, you can run an export and apply additional filters such as Zone:

Control > Security > User Export

Here is the key field, with a help text, that you need to look out for in the User Export control screen:

• Contact - Select to export data for a single Contact.

Just like The Right to be Forgotten, you need to allow users to request their right to not be profiled and this can be done by setting up a dynamic form and ensure that this is accessible in the relevant places in the site navigation. Please remember to associate the dynamic form with a key member/team in order to action it accordingly.

This can be done by suspending profiling on the User Security screen.

Here's how affino.com has done this: www.affino.com/permissions-forms?cl=51

It is now possible to suspend Affino from profiling user’s behaviour. This will only suspend profiling on the display side. If the user has control centre access, Affino will keep profiling the user on the control side.

Go to the User Security control screen, edit and tick Suspend Profiling:

Control > Security > User Security

Note - that disabling profiling on users might affect their engagement with the site and in effect break their user experience and user journeys, especially if you are relying on conversion events to trigger/activate parts of their user journey, so they should be advised accordingly and you might not want to offer the diminished service.

You can configure a User Auto Archive which determines a rule of how long a user is considered as inactive and automatically archiving them. You can also set a time period when an archived user is to be deleted from the system. The rule is to be determined by the Activity extension period set on here.

You can set this up in the following screen:

Control > Security > User Auto Archive

Here are some of the key fields, with a help text, that you will need:

• [ ] Auto Archive - Select to enable auto archiving of inactive users, set across all zones.
• [ ] Exclude Security Groups - Select the Security Groups to be excluded from being auto archived. This should include your staff groups that you don't want to be auto archived.
• Activity Extension - Enter the period to extend the contact record before it is auto archived and add note to describe the reason for extending it for this period. Here's a list of activities which can be used to set a rule: Registration | Login | Purchase | Mailing List Subscription | Message Open | Forum Subscription | Forum Read / Post | Content Subscription | Media Download | Comment | Fill In Dynamic / Online Form | Permission | Event Attendance| Unarchived
• Deletion Period Type - Use the drop-down menu to select Deletion Period Type, from Days, Months and Years.
• Deletion Period Number - Enter Deletion Period Number with reference to the above Deletion Period Type before a user record is deleted after it has been auto archived.
• Deletion Notification Days - Enter the number of days to send a notification to user before their record is deleted. If left blank, no notification will be sent.
• Sender - Filter to users who are in the Main Account.
• Deletion Email Subject - Enter the subject for the deletion notification.
• Deletion Email Body - Enter the message sent to users to notify them their contact record will be deleted due to inactivity, You can use the following placeholders: [_Recipient_First_Name_], [_Recipient_Last_Name_].

Note - Affino maintains an audit trail for the reasons the record has been extended, along with the duration, e.g. Purchase, record extended by 7 years; or Subscribed, record extended by 3 years. Initially there are 14 types of activities which extend the record expiry, and we will be adding more as they arise. Conversion Events now also have an Extension Period action and can extend user records by a period depending on the activity. Once the profile is in place you can be certain that the records are automatically being retained exactly as long as you want.

There is a new Auto Archive Analysis screen (Control > Analyse > User Auto Archive Analysis) which gives you insight into the volume of users being archived and removed on a day to day basis by the auto archiving. It shows you the number archived and deleted over the previous week, month and year. It further shows you how many users it anticipates archiving over the coming week and month.

Ensure you have a Data Breach Policy in place and make sure you have effective reporting workflows in place. You can see Affino’s here.

We strongly advise you to read our revised Privacy Policy which includes all the references to GDPR and ICO as well as address details, ICO number, all the points for updating preferences and the numerous points with regards to our privacy commitments.

You will need to update your Privacy Policy to be GDPR compliant. You can see Affino’s here.