If you are transacting data to European Union (EU) member states, it is required to be GDPR compliant. As Logicbroker processes and stores personally identifiable information, GDPR requires that in the event a EU user requests to have all personal data removed from your system you must proceed to do this in all connected systems. To handle these requests and remove all personal data in the logicbroker system, follow the information below.
How to remove personal data?
On every order processed and marked in the "Complete" (1000) status, there will be an option under MORE ACTIONS on the "Order Details" page, you will see a "Remove Personal Data" option. This button will provide a confirmation on the user's data to remove.
It is important to know that all customer identifiable information will be removed in the Address fields. This includes ShipToAddress, BillToAddress, MarkForAddress, RemitToAddress, OrderedByAddress. Specifically, the Company Name, First Name, Last Name, Address lines 1 and 2, and phone numbers.. Company Name will be changed to "Redacted per GDPR request" to identify the removal was processed. The only address info remaining would be the City, State, Zip and country values.
In addition, all attachments related to the document will be removed from our system. This includes the raw EDI, XML, CSV, and any other attachments associated with the creation/transmission of the document.
**IMPORTANT if customer data is stored as a custom field like an Extended Attribute (Key Value Pair) and doesn't match any data set in the address fields, we will not remove that information. Please verify and make note if any business rules or specific processes are run on your documents that have customer specific data in an Extended Attribute field the data will not be removed and it is recommended to disable that process for your EU locations. Contact firstname.lastname@example.org to help if you do have customer data in the extended attributes section of your documents.