Data Protection and Privacy
Learn about the guidance and tools in Nimble AMS and Salesforce that help your association comply with various data protection and privacy regulations.
Data protection and privacy regulations can require your association to keep constituents’ personal data secure and private. There are many regulations that may affect how your association collects and processes constituents’ data, here are a few:
- General Data Protection Regulation (GDPR), European Union
- Privacy Act, Australia
- Personal Information Protection Act (PIPA), Japan
- Personal Information Protection and Electronic Documents Act (PIPEDA), Canada
Assessing Your Role
As you begin assessing what your association should do to comply with data protection and privacy regulations, it is important that you learn about the regulations, and seek council where needed. Here are a few resources to get you started:
- Get to Know EU Privacy Law Trailhead (external)
- Accelerate your journey to GDPR readiness with Salesforce (external)
Understanding Your Responsibilities
In the world of data protection and privacy regulations, like the GDPR, your association is known as the "data owner" and Nimble AMS and Salesforce together are known as the "data processor". Each has certain responsibilities to ensure your constituents' data is secure and private. Various regulations can include principles that are similar to one another. So we give you guidance on some of the common privacy principles.
Consent
Your constituent's data is their own, and you should ask for their consent to use it. Consent should be explicitly requested from constituents, and they should be given very clear options to consent, or not.
You may need to request consent for multiple different uses of constituent data, both short term and long term. For example: You might have a general consent request for gathering, storing, and acting on constituent's contact information, but a different consent to use their social media information as part of an upcoming social media promotion using a third-party service. As another example: You are most likely using web cookies to provide a rich experience for your constituents; you will need their consent for this as well.
Additionally, consent should be given on a continual basis, as you continue to house and work with constituent's data. For this reason, constituents should be prompted regularly to consent to ensure they are continually aware of how you use their data.
You should determine what consent options you should track—and when—based on your association's needs. These are just a few examples to serve as a guide.
Fairness and Transparency
As part of asking constituents to consent, you should provide a privacy policy that clearly states, without legal jargon:
- How you track them (with web cookies and otherwise)
- What you will do with their data
- How they can update their data
- How they can request a copy of their data
- How they can ask to be forgotten if they no longer want their data to be identifiable.
You should also review and document how you use constituent data. For example: To what third party solutions do you send data? Do you have copies of constituent data in an external database? Does your Support department keep constituent records in a different system?
Data Access
Constituents can request that you disallow access to—and modification of—their data. For example: You might use a field on a record or an automation to ensure that their data is not further processed by any party. Constituents can also, in certain cases, object to the processing of their data. For example: If the processing of constituent data is for direct marketing purposes.
Data Updates, Exports, and Anonymization
Constituents should be able to easily update any of their data to ensure it is accurate. Constituents can also request a copy of their data in case they want to take their data elsewhere, or just see what data you have collected from them. Finally, constituents can ask your association to forget them altogether. This could mean manually deleting some, or all, of their data from Nimble AMS, but more likely, anonymizing their data so needed financial information is retained, but cannot be used to identify the constituent.
Implementing Privacy Solutions
Depending on the data protection and privacy regulation(s) to which your association complies, you may need to implement some of these solutions provided in part within Nimble AMS.
Consent Management
When complying to data protection and privacy regulations, it is important to make your privacy policy accessible to your constituents. You should give them a clear action to give consent for you to use their data by agreeing to the terms, or not giving their consent by not agreeing. Constituents can give consent in two ways: they can agree to terms within Community Hub, or they can contact your association to give their consent verbally, which staff can set on their account.
Provided with Nimble AMS is an example of one way to manage consent from your constituents. In this example, when consent is given, Nimble AMS notes the date of the last consent, so you can track the last consent date and prompt constituents for consent on a continued basis in accordance with data protection and privacy regulations. When consent is not given, constituents are requesting to be forgotten, and a task is added to their account so your staff can anonymize their personally identifiable information. In this case, all of the constituent's personally identifiable information should be anonymized.
Learn more about how staff Set Consent Preferences. Also, see the provided examples of how you might set up:
- Configure Consent Tracking for All Accounts in Community Hub
- Configure Consent Tracking During Account Creation in Community Hub
- Configure Consent Tracking for Minors in Community Hub
- Configure My Privacy Settings in Community Hub
It is essential that you understand what your association needs to do to comply with data protection and privacy regulations. Your compliance may require you to configure an alternate method(s) for gathering consent, or require that you collect varying types of consent. In this case, you can create custom fields on the Contact object to track unique consent cases, and create a unique consent experience in Community Hub.
Cookie Management
When complying to data protection and privacy regulations, you should inform your constituents when you use web cookies, as they can be used to identify and track them. It is important that you inform your constituents how cookies are used within their experience with your association.
Like many web applications, Community Hub uses functional cookies to provide a personalized and interactive experience for constituents. We use session-based cookies to maintain constituents' web sessions in Community Hub and to pass data from page to page. For example, when constituents add someone to their affiliation roster, they are taken to the roster page, and a success message displays letting them know it was a success. Additionally, a Google Analytics™ tracking cookie allows us to collect information on how Community Hub is used to better understand how we can improve your constituents' experience.
In addition, to standard Community Hub cookies, your association may use additional cookies for user tracking or analytics, such as Google Analytics.
Also, because Community Hub is built on Salesforce Communities, additional required and functional cookies are used for your constituents' experience. Learn more about Salesforce Cookies.
Web Cookie Alert
As part of Data Protection And Privacy, s can enable a web cookie alert that displays at the bottom of every Community Hub page. This alert notifies constituents that your association uses cookies, and displays a link to your privacy policy where they can learn more about how you use web cookies.
Alternatively, you might use your CMS to display a cookie alert message in Community Hub.
Data Anonymization
At any time, constituents can request to be forgotten.
Processing
When constituents can request to be forgotten, a task is created and related to their account with a due date to help you ensure you anonymize constituent data within the appropriate period of time in accordance with data protection and privacy regulations. We recommend you create a report that includes activities and accounts to track and respond to anonymization requests within the appropriate period of time. See an example of how you might set up Configure a Forget Me Request Card in Community Hub and learn more about how staff can View an Anonymization Request.
When a constituent requests to be forgotten, staff with the proper permissions can anonymize their account to ensure all personally identifiable data is removed, while maintaining important historical and financial records in your org. To anonymize constituent accounts, staff must be assigned the Data Protection And Privacy Admin permission set.
Validation
When anonymizing an individual, their records are validated to ensure there are no conflicts that would prevent their account from being anonymized. By default, Nimble AMS validates whether:
- The individual has a committee membership
- The individual has an order with a balance
- The individual has a membership
- The individual has a cart in an open batch
- The individual has a transaction in an open batch
- The individual is the only manager for a company
- The individual is the company primary contact
- The individual is registered for an event that starts within 30 days or took place in the past 30 days
You can Disable an Anonymization Validation to meet your business processes and you can add custom validations specific to your association through development effort.
Anonymization
Once the account has been validated, Nimble AMS anonymizes a standard list of fields that contain personally identifiable information. Along with the List of Fields Anonymized by Default, your administrator can add your custom account fields to ensure that all personally identifiable data is anonymized in the process. Additionally, there may be some List of Additional Fields that Can Be Anonymized, depending on your association's needs. During anonymization, values in current fields are anonymized in different ways depending on the type of the field, and all field history is deleted. Learn more about how staff can Anonymize an Individual.
When adding new field(s) to the Account that contain personally identifiable information on individuals, you should add the field(s) to the list of personally identifiable information to ensure the contained information is anonymized when a request to be forgotten is processed. Learn how to Add a Field to Anonymize.
Data Copy Export
At any time, constituents can request a copy of their data. When they request a copy of their data, a task is created and related to their account with a due date to help you ensure you deliver constituents' data within the appropriate period of time in accordance with data protection and privacy regulations. We recommend you create a report that includes activities and accounts to track and respond to data copy requests within the appropriate period of time. Learn more about how staff can View a Data Export Request. Also, see the provided example of how you might set up Configure a Data Copy Request Card in Community Hub.
There are a few different options available to you for exporting constituent data:
- Salesforce Data Loader (external)
- Salesforce Platform APIs (external)
- One or more joined reports (external)
When creating a joined report to export a data copy, you can select several report types that relate a constituent's account with related objects containing their personal data, like Account with Memberships and Membership Types, Account with Registrations, and Account with Merchandise. Depending on the number of related objects you are exporting, you may need to create more than one joined report. When you have your report(s) set up, you can filter each report type by the ID of the constituent's account and use the Printable View to export the report(s) as an .xls file which you can share with them.
Privacy Policy
As you assess how your association will comply with data protection and privacy regulations, you should ensure your privacy policy includes information on the ways you collect and use constituents' data. This might include, but is not limited to, information about:
- Constituents' ability to:
- Update their data
- Set their consent preferences
- Request to be forgotten and data anonymization
- Request a copy of their data
- How web cookies are used, both standard Community Hub cookies and custom cookies
- Third-party services you use, and how they use constituents' data
- As an example, if you use Social Sign On, constituent information is not sent to the third-party, but the third party passes back the constituent's email, first name, and last name.
- As an example, if you use Social Sign On, constituent information is not sent to the third-party, but the third party passes back the constituent's email, first name, and last name.
We recommend you make your privacy policy available to constituents from anywhere in Community Hub. To do this, you can Change the Footer Text to include the link to your privacy policy on every page.
Third-Party Integrations
If your association uses a third-party system(s) to enhance your constituents' experience, you may be sharing your constituents' data with the third-party. Depending on which data protection and privacy regulation(s) you are complying with, you may be required to notify the third-party of a consent change by a constituent so the third-party can update, anonymize, or export the data they have stored. You may also be required to communicate with the third-party within a certain time period.
There are a few different ways you might interact with a third-party to handle these types of consent changes depending on the type of integration you have and the relationship with the third-party:
- If you have an API based integration—like in the case of Nimble Fuse—you could work with the third-party to update the integration callout(s) to notify the third-party of the consent change.
- You could set up a process that sends notification to the third-party when constituents' change their consent preferences telling them to manually update or anonymize the data they have for the constituent
- You could set up a process which creates a task for staff to manually process the change in the third-party system. Learn more about Lightning Process Builder (external)
Things to Keep in Mind
- Though Salesforce and Nimble AMS give administrators tools to keep constituents’ personal data secure and private, it is up to your association to determine how you will comply with data protection and privacy regulations, like the GDPR.
- With the Spring '18 release, Salesforce added the Individual object which is related to a constituent's account and is intended to includes consent tracking fields related to data protection and privacy matters. At this time, the Individual object is inaccessible to those with community licenses, that is, your constituents. We are working with Salesforce around the limitation, and plan to use the Individual object as soon as it is made available.
- Anonymizing individuals is only available in Lightning Experience. Learn more.
- You will be able to anonymize individuals and use consent specific fields in Staff View, but if you are using Self Service, you will need to create custom means for consent management, cookie notifications, and links to your privacy policy.
- Though you should share with constituents what you do with web cookies and attain their consent to use them, you are not required to share what you do with actual, edible, cookies. We recommend you assess the edible cookies at your association and decide how best—if at all—to share them. As your data processor, we can assure you that sharing all types of cookies is a best practice, and should be done often.