Privacy Request Center
The Privacy Request Center (PRC) is your central hub for your customers to exercise their privacy rights and build trust with your brand.
Our self-service portal makes it easy to customize how you receive access, deletion, rectification, and other types of Data Subject requests (DSRs) for processing within our platform.
The Privacy Request Center is a hosted form on your domain (ours is hosted on preferences.datagrail.io) which allows Data Subjects to easily submit privacy requests to your organization.
Geolocation
The Privacy Request Center dynamically offers Data Subjects the relevant privacy rights in their country/region based on the location reported by the browser (i.e. if the detected location is France, GDPR request options will auto-populate).
The Privacy Request Center can also support translating the form based on the Data Subjects detected location.
The Data Subject can always change their location if they feel their rights are more applicable to a different region, such as those traveling but making a privacy request in their home state. In the Request Manager portal, Privacy Managers will be able to see the location that was selected, as well as if it differed from their detected location.
The privacy rights offered in different countries and states are governed by the Privacy Request Policies configured for your account.
Submitting a Request
Once the privacy right to be exercised is selected, the Data Subject will be prompted to enter the necessary details needed to process the request. Each request type includes various fields by default to ensure the correct information is received to process the request.
Before submitting the request, the Data Subject must complete a CAPTCHA, to reduce spam and fraud during the intake process.
DataGrail additionally offers an Authorized Agent workflow for institutions or other people to make requests on behalf of Data Subjects.
The text and fields in this form are configurable. Learn more about the standard configuration options here
Customization
DataGrail provides robust customization options on the Privacy Request Center to ensure it matches the look and feel of your brand and collects all information needed to process a request.
DataGrail User Roles
Only the following User Role will have access to the Customization selection:
- Super Admin
Customization Hierarchy
Customizations in the Privacy Request Center can be applied globally or at the policy level.
Use the All Policies customization option to apply your changes to all Privacy Request Policies in your account.
Use a Single-Policy customization option to apply your changes to only a particular Privacy Request Policy (e.g. CPRA, GDPR).
If an All Policies and Single-Policy customization exist together, the All Policies customization will only be applied in locations outside of the policy covered by the Single-Policy customization.
Customizing Text Content
All customizations are managed within the Customizations tab of the Settings page. You will see an All Policies customization when your account is created, which includes DataGrail's default language.
- Navigate to the Settings tab.
- Select the Customization tab under Request Manager.
- Select New Customization.
- Select the specific Policy to begin making edits.
- Click on the component you would like to edit.
Adding Custom Questions
For each policy, you can add additional questions or sections to the intake form to help privacy managers or internal admins process requests. The questions can have string (text) responses.
Responses to custom questions will be visible in Request Manager portal. The responses can also be submitted to Direct Contact integrations, to help internal admins process a request.
- To create a custom question on a draft policy view of the Privacy Request Center, navigate to the Intake Form tab.
- Select Add New Section.
- Set the title of the section and begin adding questions. You can add as many custom questions within the section as necessary.
- Save the section. You can edit the section as long as the policy you are working on is in draft mode. Click on the section again to open the drawer and make changes as needed.
Once a question has been created, its name cannot be changed. If you would like to update it, you must remove the question entirely and create a new one.
Phone Number
To collect phone number on the intake form, select the Phone Number (Primary Identifier) Question section. The answer to this question on the intake form will be automatically linked to the Phone Number Identifier and the Phone Number will be automatically verified through the Phone Number Verification process.
The following fields are customizable on the phone number question:
- Question Label: This is the title of the section and defaults to "Phone Number"
- Select Validation For This Question: Whether or not this question is required
The resulting Phone Number field on the intake form will look as such:
If the phone number question is marked as optional, the phone number will only be verified if the Data Subject chooses to provide it.
Data Subject Relationship Options
Each request type includes a Relationship to [Company Name] question on the form by default. The label for this question can be modified within the Privacy Request Center customizations. The relationship options can be edited by contacting support@datagrail.io. Answers to this question can be used as conditions in a workflow.
Previewing Changes
The customization preview will display ALL possible components available for customization, but what is shown to a consumer on the intake form depends on the configuration of the request policy and the requester's location.
Publishing Customizations
To make your changes live, select the Publish Changes button, review the changes, and select Publish Changes again.
Exit out of the editor at any time to save your changes and leave the customization as an unpublished draft. Once published, the updates will be available immediately to Data Subjects.
Updating a Customization
Only one unpublished draft and published customization can exist for a given policy at a time. Unpublishing a customization can be accomplished by publishing a version for the same policy (or "All Policies").
Archived customizations can be found at the bottom of the Customizations Page.
Customizing Policies with No Rights Configured
DataGrail allows for request policies to be created without any privacy rights. This signals to Data Subjects that the region or locations associated with the request policy cannot submit a request from this location.
To customize this page, create a customization for the given Privacy Request Policy with no rights, and select the component containing the warning.
To edit the warning message, click into the text box. The image can be toggled on or off and the error messages can be edited or removed.
Translations
DataGrail can automatically translate and localize your Privacy Request Center experience in 20 different languages, ensuring that Data Subjects can confidently exercise their privacy rights.
On all intake forms with localization enabled, DataGrail sets the datagrail_intake_form_locale_code cookie to store the language preference set by the user.
Enabling Translations
Translations can be enabled by taking the following steps in the DataGrail app:
-
From the left menu, select Settings and then Customization.
-
Select the Enable Translations button on the top of the page.
- Select all desired languages you would like to support on your Privacy Request Center. The selected languages will be made available for translation on your policy-specific customizations.
Publishing Translations
Translations on the Privacy Request Center rely on an English customization that is used as the basis for localized versions.
- Select New Customization and create a new draft customization for the policy you would like to enable translations for.
- Adjust the text in the English version to your liking.
- The translated version of the English text can be previewed using the language dropdown in the top right. If you've never previewed the Privacy Request Center in this language before, it may take a few seconds to create the translation.
- When you publish changes, DataGrail will automatically translate the Privacy Request Center for all of the selected languages in Enabling Translations.
You do not need to generate previews for all language options to generate the complete set of translations. If you enable additional languages later, you will need to create and publish a new draft.
Data Subject Experience
Data Subjects visiting your Privacy Request Center will be served the appropriate translation based on the language defined in their browser settings.
In order to see a translated Privacy Request Center, the specific language must be enabled and a published All Policies customization or a policy-specific customization for the Data Subject location must exist.
Here's an example of someone visiting the Privacy Request Center that has French selected as their browser language:
If a Data Subject changes their selected language using the drop down in the corner, DataGrail will save this preference (as a browser cookie) for future visits to your Privacy Request Center.
Disclaimer: The information contained in this message does not constitute as legal advice. We would advise seeking professional counsel before acting on or interpreting any material.