Foreword

This document is a guide to responding to Data Subject Requests (DSRs) made under the General Data
Protection Regulation (GDPR) where the data is held in your Certain database.
It covers the rights granted to individuals under the GDPR:

* The right of access to personal information
The GDPR requires that an individual be able to obtain a copy of their data in a standard format. With
Certain’s standard reporting tools, you can quickly find and export the information held about any registrant or user, and email it to them.
See “View” Requests below.

* The right to be forgotten
Under the GDPR, an individual can ask you to remove their personal data. You can use the “Anonymize”
feature in Certain to remove all their personally identifiable information,
See “Delete” (Forget me) Requests below.

* The right to rectification
Under the GDPR, an individual can ask you to rectify any incorrect personal information held about them. In Certain you can quickly find and edit an individual’s details, and email the updated details to them as
confirmation.
See “Edit” Requests below.

Foreword
Introduction
Logging In to Certain
Registrants’ and Speakers’ Information
“View” Requests
“Edit” Requests
“Delete” (forget me) Requests
Users’ Information
“View” Requests
“Edit” Requests
“Delete” (forget me) Requests

Introduction

As mentioned in the foreword above, there are three types of requests you may receive from individuals
who may have Personally-Identifying Information (PII) on file:
Requests to View their information
Requests to Edit their information
Requests to “Forget Me”; that is, to Delete their information

The individuals concerned may be any of the following types:
Registrants
Speakers
CertainAPP users

The steps are similar for each request type and individual type but are listed separately below. (The steps
for Registrants and Speakers are identical..)
They all start with logging in to the Certain App, and navigating to the relevant account(s), as described next.

Logging In to Certain

1. Log in to Certain with your usual credentials.
Your user type must be at least “Registration and Support’. The higher levels include “Event
Planner” and “Administrator”.

Note: To use the Profile Anonymization feature described on page 10, you must be an
Administrator.

2. You are automatically logged in to your account.

3. Follow the steps listed below in that account and its active sub-accounts (if any) used for managing
events.
To change accounts, click the account selector icon below the account name in the upper left
corner, and select a sub-account.

Registrants’ and Speakers’ Information

A “Registrant” is usually an “attendee” at one or more events, although they may be an exhibitor, staff
member, or other person registered for an event.
A “Speaker” is a speaker at an event where the Speaker and Session management module is used.
The following steps assume you have logged into the relevant account, as described above.

“View” Requests

To View a Registrant’s or Speaker’s Information
1. Search for the registrant’s or speaker’s profile record.
a. Click the Search icon on the global navigation toolbar in the upper right corner of the screen.

b. Choose to search Profiles.

c. The Search for Profiles page opens.

d. Search for the registrant using their Email address.
e. A list of matching records is displayed. If your account is set to use unique email addresses, only
one record is displayed.
f. Click the record to view the details.

To Export a Registrant’s Information
A) Create a Profile Report
1. Create an account-level Profile Report, and include columns of interest.
Note: You only need to do this once for an account. The same report will then be available for future use.
a. Click the menu icon in the top left corner of the screen.
b. Select Profiles in the list of options.

c. The Search Profiles page opens. Click Reports, the only menu choice at the top of the page.

d. The Profile Reports page opens. Click Create Report(in the upper right corner of the page).

e. The Report Setup page opens.

f. Give the report a name, and optionally a description, of your choice.
These are what you’ll see in the list of reports when you go to find and run the report in the future.

g. Recommended: Under the Visibility heading, select the All Accounts option.
This will make the report available not only in the current account but also in any sub-accounts
below it.

h. Under Report Type, select one of the two options:
the default “Profiles”, or the more detailed “Profiles and Registrations”.

* A “Profiles” report includes name and address and other Personally Identifiable
Information (PII).
* A “Profiles and Registrations” report also include registration history across events.
Note that you cannot change the report type after you have created the report.

i. Save the report.

2. Select Display in the left navigation panel.

a. Select a Report Format, such as the “Export to .CSV” selected in the screenshot below.
b. Select a Data Format, such as the default “Output data as stored” selected in the screenshot
below.

c. Save the report again.

3. Click Columns in the left navigation panel, to select the data to include in the report.

a. Select the appropriate fields in Available Data Fields on the left and click » to move them into
Selected Data Fields on the right.
b. Save the report again.

B) Run the Report for a Registrant
1. Select Filters in the left navigation panel.
2. At the end of the page, filter on the registrant’s or speaker’s email address.

3. Click Run Report (in the lower left corner of the page) to create the export file.
4. Download the report to share with the requester.

To Email a Registrant or Speaker Their Information

An alternative to using a report is to email their profile details to an individual.

A) Create an Email Template
1. In an event, go to Promote > Communication > Email Templates > Registration.
2. Click Add New to add a new email template.
3. Give the email a self-explanatory name of your choice. This is what you’ll see when you go to select it for use in the later steps.
4. Select the option to make the report “Visible to All events in account”.

5. Add all the relevant Standard Profile Fields and Custom profile fields to the body of the email.
6. Do not include any event-level information.
7. Save the template.

B) Send the Email to the Profile
1. Search for the registrant’s profile record, as described under ‘“View” Request’ on page 3.
2. Click Email in the left navigation panel.

3. Select the email template, and click Select.

4. At the bottom of the page, click Preview. If satisfied with the result, click Send Email NOW.

5. The sending of the email will be included in the profile’s History, which you reach via the left
navigation panel.

“Edit” Requests

1. Search for the registrant’s or speaker’s profile record, as described under “View” Request” above.

2. Confirm the correct record is displayed,
3. Click on the Contact Details header bar, or Contact in the left navigation panel.
4. Edit relevant information, and Save.
5. Click Questions in the left navigation panel.
6. Edit relevant answers to profile custom questions, and Save.
7. The edits will be included in the profile’s History log, as described above for emails. (Page 9.)

“Delete” (forget me) Requests

Best Practice: Anonymize Profiles
You can “anonymize” Profiles in an account, removing personally identifiable information, so that
the individual remains anonymous.

Note: An Administrator should follow this procedure; it’s not available to Event Builders or other users.

In summary, you first identify the profile fields that hold personally identifiable information (PII), and
configure replacement text. (Defaults are pre-set for both.) You can then select profiles, and anonymize
them by clicking one button.

Detailed Steps
1. Go to User and Account Settings > Account Settings > Implementation >
Privacy Compliance > Profile Anonymization
2. Under Anonymize Profile Fields, select the Standard and Custom Profile fields for this Account that you want to anonymize when you select individual profiles in step 6.
Be sure to include all fields that could be deemed Personally Identifiable Information (PII).

Note that many standard profile fields, such as name fields and email, are preselected and will always be anonymized.

3. The default anonymization string that will replace the values in the selected profile fields of an
anonymized profile is "******". You can change that to any text of your choice.

4. If you select Make Profile Inactive, then any profiles you anonymize (see step 8 below) will also be set to "inactive", meaning they will be excluded from reports and searches.
5. Save your selections so that you can use them when anonymizing profiles, as explained next.
6. Under Profile Anonymization, search for the Profile(s) to anonymize.
In the Search field, type at least 3 characters of their Email or Phone, or type the complete Encoded Profile ID beginning with "0x". (See screenshot below.)

7. View the list of matching records, and click to view a profile's details to confirm you have the
right record.
8. Select the check box(es) for the profile(s) you want to anonymize.
9. Click Anonymize to update the selected profile(s).
The values of the fields selected in step 5 above are set to the Anonymization String, and if Make
Profile Inactive was selected in step 4 then the anonymized records will no longer be returned in
searches or reports.
10. Under Anonymized Profiles Audit Report you see a list of the anonymized profiles in the account.
You can search for one by PkprofileId or Username; as n this screenshot.

Users’ Information

A “user” is anyone who is set up in CertainAPP with a user record.
To view another user’s details, edit or delete a user record, you must be logged in to Certain yourself as an Administrator. That is, your own user account must have a User Type of “Administrator”.