Define the data that you save and how the user can access it
Please make sure that your users are aware what personal data of them
you stored in Cyclos. A good practice is to put this in a privacy
policy and in the registration agreements.
- Make sure to explain for all custom fields that you created in Cyclos what personal data you store in them and why you keep track of this.
- Make sure to explain for all user records that you created in Cyclos what personal data you store in them and why you keep track of this data.
- Explain that all payment data (transactions) will be kept and can never be deleted, because the bookkeeping should be correct.
- For security reasons Cyclos also tracks the ip address on each login and we may create a device fingerprint to prevent unauthorized access to a users his account. We only use cookies to track the user sessions and do not use cookies for any other reasons!
Please also explain how the user can access or request the data above.
The right of users to be forgotten
Currently Cyclos does not allow to remove individual user data
permanently in a single action. The reason for this is that
accountability and traceability are of the highest importance in a
payment system and payment institutions are often by law required to
keep customer data even after the customer has stopped using the
services. Cyclos allows admins to remove all
personal user data and history. In this case only the display name of
the user and the transactions will be kept, all other personal data will
be removed:
- Custom profile fields
- Phones
- Addresses
- Images
- Login history
- Profile history
Visibility control
It is also possible for the user to change
his privacy settings. In these settings the user can determine which
admins are allowed to view his personal data.