Loading
Salesforce now sends email only from verified domains. Read More
Data Protection and Privacy
Table of Contents
Filter by (0)Add
Select Filters

          No results
          No results
          Here are some search tips

          Check the spelling of your keywords.
          Use more general search terms.
          Select fewer filters to broaden your search.

            Search all of Salesforce Help
            Search all of Salesforce Help
            Consent Management for Marketing Cloud Engagement

            You are here:

            1. Salesforce Help
            2. Docs
            3. Data Protection and Privacy

            Consent Management for Marketing Cloud Engagement

            Honor and respect your customers’ wishes when they request only specific forms of contact from your company or opt-out of certain types of data-sharing. We provide details to help you determine the best way to comply with the data protection and privacy regulations that apply to your company.

            Many data protection and privacy regulations require you and your company to honor people’s requests about how you use their data. Customers can also request that you restrict tracking and analytical processing using their data. These functions can occur when deciding what content to deliver to customers or using that data to predict future behavior. We’ve listed a few of the regulations that are important to many companies collecting and processing their customers’ data.If you have customers or users who request specific methods of contact from your company, review these common requests and the procedures related to them.

            Common Customer Request Actions to Consider Things to Consider
            • Email Studio users need to obtain consent for contacts receiving marketing communications.
            • MobileConnect users need to obtain consent for contacts receiving marketing communications, including double opt-in best practices and compliance with local regulations.
            • MobilePush users need to obtain consent for contacts receiving push notifications. Consent is not required to send inbox or in-app messages to contacts.
            • GroupConnect users need to obtain consent for contacts receiving marketing communications.
            • Audience Studio users need to obtain consent for contacts receiving marketing communications.
            • Use profile and preference center functionality for Email Studio to capture consent and opt-in confirmation for your marketing messaging activities. These consent mechanisms also govern access to email data used in Einstein Engagement Frequency and Send Time Optimization.
            • MobileConnect, MobilePush, and GroupConnect users should use your website or messages to notify subscribers of privacy changes and reestablish consent.
            • Review consent management information for Audience Studio.
            • Collection of compliance requests takes place outside of Marketing Cloud Engagement functionality. Determine the best process for your business to receive and store this information as part of your data protection and privacy regulation review.
            • Make sure your consent language corresponds to your privacy notices and policies. Provide explicit information about the data you collect.
            • Consent must be specific, informed, and unambiguous. Collect positive consent and avoid automatically selected checkboxes.
            • The process for obtaining consent regarding messaging to children is stricter.
            • Contacts must be able to withdraw consent at any time.
            • Contacts must freely give consent, and you cannot base usage of your website on provision of consent.
            • Consent to use data must be specific for each purpose for which you use data.
            I do not want Marketing Cloud Engagement to track my messaging and online behavior.
            • Create a mechanism for receiving a Do Not Track request, such as a preference center.
            • Use the DoNotTrack preference attribute to suppress subscriber-level events, such as opens, clicks, and replies.
            • This process does not affect messages or tracking sent before the Do Not Track request.
            • Review any ENS subscriptions that contain engagement events.
            • This process permits continued sending to contacts with the DoNotTrack preference attribute enabled.
            • You cannot track related behavioral interactions.
            • This function applies only to Email Studio and as a preference attribute.
            • Messages sent to contacts with the DoNotTrack preference attribute enabled do not appear in tracking reports and can cause incomplete or inaccurate reporting.
            • The Do Not Track feature stops your account from receiving open and link tracking data for a data subject for any sends after the request date. Sends from before the request date continue to return this data. We plan to stop reception of this data for all sends in a future release.
            • Contact records receive a value for the DoNoTrack attribute upon creation of the record. Any import after that creation does not overwrite that value. Any change requires a specific update in Marketing Cloud Engagement or via an API call.
            • The Do Not Track process doesn’t stop subscriber data events from emitting to your Event Notification Service Callback if you’re subscribed to events that contain subscriber data. Events can be emitted from before and after the Do Not Track request if the subscriber continues to engage with Marketing Cloud Engagement content with tracking. Users should carefully opt-in and understand the implications to using the ENS engagement events.
            One of my customers in California asked me to delete her information. How do I delete their personal data from the contact record? Contact Delete in Contact Builder
            • Deleting a contact in MobilePush and MobileConnect also deletes opt-out preferences associated with the contact.
            • Identify whether you track this customer in other Salesforce Clouds, and consider removing his contact data from them.
            What data fields do Marketing Cloud Engagement Einstein features process? Learn about Marketing Cloud Engagement Einstein Data sets vary by feature, but Marketing Cloud Engagement Einstein processes data as needed for generating outputs of any specific feature. For example, to generate recommendations, Send Time Optimization and Engagement Frequency features look at email engagement data.
            How do opt-out and rights request tools in Marketing Cloud Engagement affect Marketing Cloud Engagement Einstein features? Data Deletion for Marketing Cloud Engagement Marketing Cloud Engagement Einstein features process a rolling 90-day window of data.
            A customer in California requested that I restrict his information. If I restrict or delete that contact in Marketing Cloud Engagement, is his information also removed from Advertising Studio segments? Data Deletion for Marketing Cloud Engagement To fully address a contact's rights request, consider any actions to take on social network platforms for which you've sent audience segments.
            My customer in California wants to know what information we disclose to social network partners when I transfer an audience segment from Advertising Studio. Where do I find this information? Get Started with Advertising Audiences Review social network partners' privacy statements and compliance tools, as well as customer's privacy statement. Advertising Studio sends data to Facebook and Twitter and presents information to the data subject. These social media services act as the data controller.
            What data fields do you collect in Marketing Cloud Engagement for statistical data based on clicks and opens?

            Review the column to the right for detailed information about what information is collected by Marketing Cloud Engagement application.

            Some data that may be collected by click or open in Marketing Cloud Engagement for statistics includes:

            • IP Address
            • Country
            • Region
            • City
            • Postal Code
            • Latitude
            • Longitude
            • Metro Code
            • Area Code
            • Application used to click to open an email
            • The deivce’s operating system used to open an email
            • Whether a mobile device is used to open an email
            • General Data Protection Regulation (GDPR), European Union
            • California Consumer Privacy Act (CCPA), United States
            • Telephone Consumer Protection Act (TCPA), United States
            • Canada’s Anti-Spam Law (CASL)

            • Personal Information Protection Act (PIPA), Japan

            Marketing Cloud Engagement collects different information based on the apps you use.

            App Data Collected
            Advertising Studio Advertising Studio sends data to Facebook and Twitter and presents information to the data subject. These social media services act as the data controller.
            Audience Studio
            • Three email pixels contained in Audience Studio content capture the hashed email address, the subscriber or contact ID value, and media content. Audience Studio uses this data for audience creation or segmentation.
            • A web tracking pixel obtained during login to a web site identifies a person. This function treats each different browser as an independent login and identifier.
            Email Studio
            • An open pixel determines when an email recipient opens a Marketing Cloud Engagement email. Marketing Cloud Engagement uses this data for email job statistics and reporting.
            • Marketing Cloud Engagement uses link tracking to log information about which links the email recipient clicks. Marketing Cloud Engagement uses this link tracking data for email job statistics and reporting.
            Marketing Cloud Engagement Einstein Platform
            • Einstein imports email templates, standard data tables such as data views, some user agent data, and the members_ subscriber list. Email content is not imported.
            • Einstein imports personalization strings, but not the data called by those strings.
            • Einstein does not import custom object data or data stored in custom data extensions.
            GroupConnect The LINE messaging service acts as the data controller. Collect consent for messaging using the LINE service.
            MobileConnect MobileConnect does not collect this kind of behavioral information.
            MobilePush
            • MobilePush records the geographic location of a device when the customer mobile app is used.
            • MobilePush records a message receipt that reports back on the messages the data subject received through the customer mobile app.
            • MobilePush tracks how many times the customer mobile app is opened, how long it is used, and other app usage statistics.
            • Your app must use the latest version of the MobilePush SDK to implement Do Not Track functionality.
            • If a data subject makes a data compliance request via Marketing Cloud Engagement, we send a silent push to the customer app to indicate the applicable change. The SDK also makes the customer app check in daily for data compliance changes. If Marketing Cloud Engagement sends the silent push and the device does not process it before the next check-in, the device may not comply with regulations until then.
            • Mobile app developers can consult the Android and iOS data protection and privacy documents for MobilePush SDK.
            Personalization Builder
            • Web & Mobile Analytics records the sites from which web site users come.
            • Web Recommendations uses a web tracking pixel to track web site user behavior. This information only includes links to the web site user browsing the web site if that web site user logged into that site. Web Recommendations uses the data to provide more relevant recommendations for purchase. If the web site user does not log into the site, then the data is collected and returned anonymously.
            • Personalization Builder apps use an in-app interface to deal with Do Not Track and Do Not Profile requests from data subjects. This action prevents Marketing Cloud Engagement from collecting tracking or profiling information on a data subject.
            • You can make Do Not Track and Do Not Profile preferences available in a customer profile center.

            Data protection and privacy compliance can require you to encrypt all data during transit. We recommend taking these steps to ensure compliance.

            • To help ensure TLS compliance, use the latest version of your browser and HTTPS addresses to connect to Marketing Cloud Engagement.
            • Use OAuth access token authentication for REST and SOAP API calls.
            • Follow our API security best practices.
            • Use SSL certificates for all landing pages.

            See Also

             
            Loading
            Salesforce Help | Article