Privacy
A Lumis respects and cares about personal data. Therefore, we recommend that users of LumisXP follow some tips on how to handle their clients' personal data.
A person has full rights over their personal data. Thus, to use this data, it is necessary for the data owner to have consented to such use. Therefore, personal data cannot be used without consent.
Additionally, the collection of personal data should be limited to what is necessary for processing this data. There should be no excessive collection of unnecessary data.
Users have the right to free access to their stored personal data. Therefore, they can request a copy of the data whenever they wish. They can also ask for their data to be anonymized or deleted.
Users with login must have accepted the privacy terms of the solution, as their login data is stored.
Furthermore, all points of the General Data Protection Law (LGPD) must be met in the construction and operation of the solution applied in LumisXP. It is crucial that product operators understand the legal obligations and use the tool together with their processes to meet all legal requirements.
To assist in the handling of personal data, LumisXP provides a range of tools that should be used as auxiliary tools for defined processes to comply with the LGPD.
Registration of Privacy Terms
Service aimed at assisting in the registration of privacy terms and purpose of collecting and processing personal data and obtaining consent from users.
Users with Login
Users with login must have accepted the privacy terms of the solution before their account was created, as their login data is stored. LumisXP assumes that any user with login has consented to have their registration data stored, as otherwise they should not exist. For users with login, the consent obtained from the aforementioned privacy term service refers only to whether information about their activities can be maintained identifying them or if it should be anonymized or discarded according to the settings mentioned below.
Privacy Settings
New privacy settings have been added to the environment settings. In these settings, environment administrators can define the behaviors of LumisXP regarding user privacy.
Settings for Monitoring Fields and User Attributes That Identify Users
In order to comply with data protection laws, LumisXP administrators must configure which user attributes and monitoring fields identify users. For example, there may be a user attribute called CPF that stores the user's CPF. Since a person can be identified by their CPF, this attribute should be marked as an identifying attribute of the user. Similarly, if there’s any monitoring field that can identify the user who performed the event, that field should be marked as a user-identifying field.
These settings for monitoring fields and user attributes that identify users are used to inform LumisXP which values may or may not be filled in the user registration and/or the event data collected by the monitoring framework regarding users who have not given consent for the privacy term registered in the monitoring area's corresponding Privacy Term Registration Service. If the user has consented, there are no restrictions for storing identifying data, and that will be done.
If there is a need to correct data for all users (because a monitoring field or user attribute has now been configured as data identifying the user, for example), the Anonymize all users without consent button can be used, present both in the monitoring field configuration page and in the user attributes configuration page.
It is important to note that changing these settings only affects future data. To adjust already existing data, it is necessary for the Anonymize all users without consent button to be activated, present both in the monitoring field configuration page and in the user attributes configuration page.
It is important to note that once data has been anonymized, it cannot be recovered.
Integration of the Privacy Term Registration Service with the Modes of Data Analysis and User Segmentation
The modes of Data Analysis and User Segmentation are integrated with the Privacy Term Registration Service so that the presented data is automatically filtered by the appropriate purposes for processing data (according to the instances of the Privacy Term Registration Service associated with the Customer Experience service instance). This way, those analyzing the data will only have access to the data of users who consented to the purposes of data processing.
Actions on Users in User Segmentation
In User Segmentation, it is possible to perform the following actions on a user:
- Download Summary Data
- This action allows downloading the summary data of the user.
- Download Complete Data
- This action allows downloading the complete data of the user.
- Anonymize Data
- This action anonymizes the user's event data.
- Delete Activity History
- This action deletes the user's activity history.
- Delete User (only available if the user does not have login)
- This action allows deleting the user. This action is only available for users who do not have login. If the user has login, their deletion must be done using the Users area in settings or the User Manager Service or the local User Manager in Portal Studio, depending on the situation.
Data Access Audit
LumisXP has a log API to generate audit entries for access to personal data.
This API is already integrated into LumisXP functionalities and is accessible by solution developers to be used for auditing access to personal data.
Our cookies
LumisXP uses cookies to implement certain functionalities. Below are our cookies and a description of each:
| Name | Category | Description | HttpOnly (in default configuration) | Enabled (in default configuration) |
|---|---|---|---|---|
| lumAA | Essential | Used by the automatic administration of LumisXP to store the scope of administration that the publisher last accessed. | No | Yes |
| lumClientId | User Experience Management | Used to uniquely identify the browser being used. Used for user experience management. | No | Yes |
| lumDataPreviewMode | Essential | Used to identify when a publisher is previewing a content that is not yet published. | No | Yes |
| lumIsLoggedUser | Not used by default | Indicates whether the current user is authenticated in LumisXP. | No | Yes |
| lumMonUid | Essential | Identifies the monitored user accessing LumisXP at the moment. | No | Yes |
| lumPrivacyTermRejected<serviceInstanceId> | Essential |
Dynamic cookie of the Privacy Term service
(the <serviceInstanceId> part of the name varies according to the service instance using it)
that lasts a session and indicates that the current user did not accept the registered privacy term in the service instance
and, thus, prevents asking again (during the session). |
No | Yes |
| lumRequestedPage | Essential | Stores, in an encrypted manner, the page that the current user tried to access when redirected to the login page. | Yes | Yes |
| lumSICE | Essential | Used by the User Experience Manager of LumisXP to store the scope of management that the publisher used last. | No | Yes |
| lumSafeRenderMode | Essential | Used by LumisXP to indicate that a safe rendering should be performed (to fix any issues that may prevent normal rendering) in the Portal Studio. | No | Yes |
| lumUserAppId | Essential | Used when LumisXP is accessed by one of its mobile applications to identify the application being used. | No | Yes |
| lumUserAppVersion | Essential | Used when LumisXP is accessed by one of its mobile applications to identify the version of the application being used. | No | Yes |
| lumUserEmail | Not used by default | Used to store the current user's email. | Yes | No |
| lumUserId | Not used by default | Used to store the current user's identifier. | Yes | No |
| lumUserLocale | Essential | Used to store the current user's browsing language. | No | Yes |
| lumUserLogin | Not used by default | Used to store the current user's login. | Yes | No |
| lumUserName | Essential | Used to store the current user's name. Also used by the native login service to display the current user's name. | No | Yes |
| lumUserSessionId | Essential | Used to store the identifier of the current user's session. | Yes | Yes |
However, it is worth noting that other cookies may be used by the application server used.
Stored Data
This section will only address sensitive data that LumisXP is capable of controlling. That said, LumisXP will not handle sensitive data that has been stored in the content registration of services by the Publisher, in this case, the management of that sensitive data is the responsibility of the Publisher.
Database
| Table Name | Description |
|---|---|
| lum_monuser | Stores user data. |
| lum_user |
Stores data of users with login, as mentioned previously, all user data provided will be saved,
regardless of whether the user has explicitly consented to any privacy term.
It has a link to the lum_monuser table.
|
| lum_ptuserconsent |
Stores the user's consent information, it has a link to the lum_monuser table and stores the user's IP.
|
| lum_userattrvalue & lum_monuserattrvalue |
Stores the values of filled user attributes,
the storage rule depends on whether the attribute is registered as identifiable or not.
It has links to the lum_user and lum_monuser tables.
|
| lum_easuspendedflow |
Stores Data collected from an event when an action Waiting in automation flow from the Experience Automation mode is executed.
This data represents the same data that will be sent to the index lumisportal-*-mon_{event identifier}.
When waking up the flow, this data will be automatically removed from the database.
|
Elasticsearch
| Index Name | Description |
|---|---|
| lumisportal-*-lumis_portal_monitor_user | Reflects the data that has been stored in the database in the tables mentioned earlier. |
| lumisportal-*-mon_{event identifier} | Stores monitoring data collected by LumisXP, all native and custom events share the same behavior in data collection. To check which monitoring fields identify the user, it is necessary to access in Configuration Mode the administration of monitoring fields |
```