Privacy guidelines
The privacy of all Cyclos users is very important to us! So if you run your own Cyclos instance or if you are an administrator of an Cyclos instance we ask you to respect the privacy of your users and implement the rules stated in the General Data Protection Regulation (GDPR) if you have users from Europe. To help you with your privacy we have some useful tips for you below:
Define the data that you save and how the user can access it
Please make sure that your users are aware what personal data of them you stored in Cyclos. A good practice is to put this in a privacy policy and in the registration agreements.
- Make sure to explain for all custom fields that you created in Cyclos what personal data you store in them and why you keep track of this.
- Make sure to explain for all user records that you created in Cyclos what personal data you store in them and why you keep track of this data.
- Explain that all payment data (transactions) will be kept and can never be deleted, because the bookkeeping should be correct.
- For security reasons Cyclos also tracks the ip address on each login and we may create a device fingerprint to prevent unauthorized access to a users his account. We only use cookies to track the user sessions and do not use cookies for any other reasons!
Please also explain how the user can access or request the data above.
Removing private user data
When a user is purged all private data and history is removed. The transactions won't be removed (otherwise the system would get inconsistent) but the private data in the transactions are.
It is possible to purge multiple users by batch (bulk action) by changing the status of the selected users to 'Purged'.
The following data is removed on purge user:
- Custom profile fields
- Phones
- Addresses
- Images
- Login history
- Profile history
- Operators
- Contacts
- Documents
- Records
- Messages
- Advertisements (simple and web-shop)
- Advertisements favorites
- Advertisements interests
- Transaction feedback's
- References
User privacy control
The privacy control feature is added for compliance with regulations such as GDPR. Privacy control in Cyclos allows users to specify what personal data can be accessed by specific departments. There can be mandatory privacy groups that the user cannot unselect.
An administrator can define 'privacy groups' (in: Menu: System - User configuration - Privacy control). These groups are much like categories (e.g. marketing, accounting, auditing) that can be selected in admin group permissions and broker product (option: View privacy-controlled profile fields). In the configuration the admin can define which profile fields are enabled for privacy groups (User data - Privacy-controlled profile fields).
The admin of a privacy group can only see personal data of users that have allowed access to the privacy group the admin is part of. Be aware that on top of the privacy control the admin group must also have (at least) view permissions of the user fields (in: admin group permissions: Profile fields of other users).
Note: The field privacy settings in the user profile are not part of the privacy group feature. The privacy fields setting allows users to hide specific fields to other users.