Skip to main content
All CollectionsRegulations and privacy
Integration of Personally Identifiable Information (PII)
Integration of Personally Identifiable Information (PII)
Updated over 7 months ago

This article is to help your Data Protection Officer understand how Fresh Relevance integrates with your organisation’s other processors, and how this affects identification and consent.

This is a brief summary of a large topic, if you are new to privacy law we advise you seek legal and protection advice first.

Your organisation is the controller that makes the decisions about using personal data. And Fresh Relevance is one of your data processors, or sub-processors, that carries out your instructions, just like your ecommerce system and your email system (ESP).


Possible integrations involving personal data

Component

Action

PII data transferred

Website Script

Cookie tms_VisitorID

You must install a 1-line tracking script on all pages of your website, for example, by pasting it into your page content, or using a tag manager. The script uses the tms_VisitorID first-party cookie to identify the current visitor, it then establishes a secure websocket connection to pass back the data to the Fresh Relevance server.

This tracking script works by calling the main Fresh Relevance script as necessary. This passes back data about user actions, for example, products seen or carted, and form data entered. It passes back product data, so Fresh Relevance keeps updated with the current information about your products. It also loads SmartBlocks into Slots as necessary.

Ecommerce Platform

Import Purchases and Other Activity

Some major ecommerce platforms integrate directly using their API, for example, Shopify, Magento, and View Storefront. You still need the Website Script to handle dynamic content, but it does much less in these cases.

Purchase Complete Image (or Goal Achieved Image)

Load

Some shoppers click away immediately after they have finished buying. This doesn't allow time for script to run. So, to ensure that that every single purchase is registered and buyers aren't sent cart abandon emails by mistake, you must include a tracking pixel on the purchase confirmation page of your website.

You merge the customer's email address, or numeric email ID, into the query collection, to pass back identity. This image doesn't have indicate a real purchase; if yours is not an ecommerce site, it could be any major goal achieved.

Triggered Emails

Send

When Fresh Relevance sends a triggered email, it processes business rules that you create to decide which trigger to run and which email to send. It loads some of the recipient's personal data into your choice of ESP - you define field mappings to choose which fields are loaded - and uses the ESP to send them an email.

Identity is usually passed to the ESP using email address, but some ESPs allow a numeric email ID as an alternative, and you could potentially configure Fresh Relevance to not store email address.

Triggered Emails

GDPR Consent

Provided you follow these ICO guidelines, you don't need consent to send triggered emails.

"Sender must meet all three of the following criteria: 
1. it obtained the contact details in the course of a sale or negotiations for a sale [e.g. from your cart page or a registration page that's clearly related to buying];
2. the marketing is for similar products or services [the email markets relevant products and doesn't include marketing for unrelated third-parties such as charities];
3. it provided a simple means of opting out at time of collection [this does not have to be an extra checkbox on your subscribe form - you could put an unsubscribe link anywhere easy to find, e.g. on your privacy page] and provides one in each subsequent communication."

But you must get specific consent to send newsletters and other bulk marketing emails.

Although you may not legally have to check consent to satisfy GDPR, we provide means to check before sending triggers if you want to, and most importantly you should not send emails to anyone who has unsubscribed. There are three alternative methods of checking:

  1. In Fresh Relevance marketing rules, check the Person permission fields - perm, email_exclusion, do_not_process or explicitPermission.

  2. If you've setup a permission check list in your ESP, define this in the Fresh Relevance channel settings.

  3. Rely on your ESP's built-in subscribe/unsubscribe mechanism, because many ESPs automatically block sends to email addresses that have unsubscribed.

Email Personalization

Slots and SmartBlocks

Paste the email version of a Slot into your email and it populates with personal content at open time. The email Slot is a chunk of HTML with image tags that load real-time images formatted by Fresh Relevance at open time. Identity is passed in the query collection of each image tag URL, using a merge code for the email address or numeric email ID. (Learn more)

Email Personalization

Cart Layout

Typically, the main part of a cart or browse abandon email is stored and formatted in your current ESP - including the header, footer and most of the body copy.

You set this up in your ESP, and then configure a Trigger in Fresh Relevance to send that email for the appropriate type of abandonment, price drop or back-in-stock. The part of the email which shows the recipient's shopping cart (for cart abandonment emails) or the product list layout (for other triggered emails) is formatted in Fresh Relevance and merged into the final email by your ESP at send time.

One subtlety is that, for transactional ESPs such as SendGrid, we can store the entire email in Fresh Relevance. The email and cart layout can optionally include Slots too, which can be formatted at open time, send time, or send time within a cart layout.

Web Personalization

Slots and SmartBlocks

Either drag-and-drop a Slot onto your website using our Site Editor, or copy-and-paste the web version of the Slot into the HTML of your website.

Identity is passed by the tracking script, using the tms_VisitorID cookie. It loads SmartBlock HTML from Fresh Relevance into the Slot. This HTML can do anything - it can for example include JavaScript.

Email and Web Personalization

GDPR Consent

You don't need GDPR consent to do web or email personalization, providing in the case of bulk emails that you have consent to send the emails. Personalization, such as showing people relevant offers and product recommendations, is best done as a legitimate interest because people expect it, it has minimal privacy impact, and it benefits both you and the shopper.

Triggered SMS

Send

When Fresh Relevance sends a triggered SMS, it processes business rules that you create to decide which trigger to run and which SMS to send. It loads some of the recipient's personal data into your choice of messaging provider. There is no field mapping, so this is is usually only the mobile number plus anything you merge into the message body, and uses the messaging provider to send them an SMS. Identity is passed to the messaging provider using the mobile number.

Triggered SMS

GDPR Consent

Under GDPR, SMS is treated in a similar way to email in the UK. Other territories differ, for example:

  • In France, SMS must be opt-in only.

  • In USA, governed by TCPA, must be opt-in only.

You should take specific advice for other countries.

Provided you follow these ICO guidelines, you don't need consent to send triggered SMS.

"Sender must meet all three of the following criteria: 
1. it obtained the contact details in the course of a sale or negotiations for a sale [e.g. from your cart page or a registration page that's clearly related to buying];
2. the marketing is for similar products or services [the SMS markets relevant products and doesn't include marketing for unrelated third-parties such as charities];
3. it provided a simple means of opting out at time of collection [this does not have to be an extra checkbox on your subscribe form - you could put an unsubscribe link anywhere easy to find, e.g. on your privacy page] and provides one in each subsequent communication."

But you must get specific consent to send newsletters and other bulk marketing SMS.

Although you may not legally have to check consent to satisfy GDPR, we provide means to check before sending triggers if you want to, and most importantly you should not send SMS to anyone who has unsubscribed.

There are three alternative methods of checking:

  1. In Fresh Relevance marketing rules, check the Person permission fields - medium.sms.perm, do_not_process.

  2. If you've setup a permission check list in your messaging provider, define this in the Fresh Relevance channel settings.

  3. Rely on your SMS provider's built-in subscribe/unsubscribe mechanism, because many messaging providers automatically block sends to mobile numbers that have unsubscribed.

Lots of resources are available online, for example, see more information for:


Other integrations involving PII (Optional)

Component

Action

PII data transferred (Optional)

Email

Identify More Visitors

You can optionally pass identity in click-through link URLs from your marketing emails to your website, which increases the effectiveness of your marketing. To do this, add email address or numeric email ID into the query collection, and Fresh Relevance recognises persons immediately they arrive at your website.

FTP

Import Person Data

Files can be retrieved from a secure FTP server, which can be provided by you, or can be arranged by us, and loaded to the Fresh Relevance Person database.
See above for the Person permission fields that can pass Consent.

Firehose

Export Data to Other Systems

Fresh Relevance can export real-time ecommerce data via FTP for your third-party system: ESP, CRM, or Analytics Package such as FastStats.

Offline Transactions

Import Purchases

Fresh Relevance can load purchase data from a file which you place on an SFTP server. Identity is passed as email address.

Web Integration

HTML API

The HTML API allows you to pass any information from your web page to Fresh Relevance. It's based around inserting a single hidden HTML tag in your HTML. This is optional but can be useful for advanced integration. Identity could be passed using the tms_VisitorID cookie.

Web Integration

Javascript API

You can add custom JavaScript to your web pages to pass data to Fresh Relevance. For example, you can raise custom signals from your site using JavaScript to start custom trigger programs. This allows the system to respond to specified actions of your customer on your site, for example, if they ordered a brochure or viewed a particular page. Identity could be passed using the tms_VisitorID cookie.

Web Integration

Raising Custom Signals

You can raise custom signals from your site using JavaScript to start custom trigger programs. This allows the system to respond to specified actions of your customer on your site, for example, ordered a brochure or viewed a particular page. You can pass data through to the signal, which is available all the way through to email send time, so it can be merged into an email. Identity could be passed using the tms_VisitorID cookie.

Server‑to‑Server

Integration API

The Integration API allows your systems to retrieve data from Fresh Relevance, and to load data. This is optional, but can be useful for more advanced integration. The Integration API is a REST interface which can be used from most programming and scripting languages.

Did this answer your question?