In GDPR terminology you as the customer to Sitoo is the data controller and Sitoo is the data processor for personal data processed within the context of the provision of the Service and Professional Services under the Main Agreement. This means that it is the Controller that is primarily responsible for registering and deleting data in the Sitoo POS and Unified Commerce Platform.
The instructions below can be used when performing Data Subject Access Requests (DSAR/SAR) in line with a customer request of erasure(‘ right to be forgotten’) of its personal data. Adopted the instructions below can be used for access requests and rectifications of personal data as well.
Delete Customer in Contacts
If you have ever used Sitoo as a database for your customers, these have been stored in Sitoo BackOffice under "Contacts". A user can be deleted there by opening it for editing and pressing "Delete".
Delete Customer information on order
Customer information is also stored orders in cases where you have chosen to link the purchase to a customer. The customer information can be deleted by editing the order and deleting the desired customer information.
Clear Customer log data on orders
In the back office page for viewing/editing an order there is a function for clearing Customer information. This function is accessed by adding the query parameter "clearlog" with a value of "true".
When that has been done a link will be shown for order log entries that have data that can be cleared. When clearing the data, it will be replaced with a text "<DELETED"> and a new log entry will be added with the date of the log that was deleted together with the email of the user that did it.
Note! This operation cannot be reversed, and it requires admin privileges.