Therefore, use formulations such as: “May we have your shoe size, so that we can only make offers that are still available in your size?” and “May we use your location data to show you our nearest branch?” You should also state how long you plan to use this data for this specific purpose.
Consent should be as easy to withdraw as it was to give. As an organization, you should be able to demonstrate obtaining consent, so the date and source should be stored.
Tip:
Keep an exact record of what question you asked to get consent, when you asked that question. So through which source and what the answer was.
You do not need to ask for consent to use data that you need to fulfill contractual obligations. For example, as an online retailer you need a name and address to send a package. You do not need to ask for consent for this. You do need it if you are going to use the address to send a birthday gift to the same person. This is called extending the cause .
Also read: Cookies: do you choose the law or your business model?
3. Profiling
For many marketers it is a bitter pill: you are on your guatemala phone country code way to one-on-one personalized customer journeys , and the GDPR puts a stop to that. Because building profiles, enriching them and predicting behavior based on personal data – without the unsuspecting consumer noticing – is no longer possible.
No-go's: Making offers based on predicted behavior, based on data you have about a person. For example: a booking site may not offer more expensive or luxurious hotel rooms based on the posh neighborhood where the potential customer lives. And an online retailer may not pre-select and offer products based on the age of the consumer, if that age is known to them.
If you do want to engage in profiling, it is important to ask for permission and involve the consumer step by step in the process.
An example of an exception:
Profiling is permitted if you anonymize the personal data.