What happens if the service is interrupted?
In the event of a disruption, multi-stage automatisms intervene to restore the functionality of the system. If these mechanisms fail, an alarm message is forwarded to the next stage, which coordinates further measures.
Since the Usercentrics CMP runs via different services varying consequences can be expected depending on the type of system failure. For better visualization, we have outlined the possible scenarios:
How is data collected from various customers then separated from each other?
The customer-specific Settings ID is used to logically separate data from different customers in the databases. Data from different categories is stored in separate databases with individual access keys.
Is there a concise, system and component representation, for a better understanding of the software solution?
How is the data transmitted and which encryption methods are employed?
The data transfer is carried out using HTTPS encryption (TLS 1.3). Data in idle mode is encrypted using AES256, with different codes used for each respective data packet.
How does authentication for the customer take place when logging on to the cloud solution?
Authentication is always performed via user name and password. An additional two-factor authentication can be developed upon customer request. There are two variants for the login authentication: A Federated Login via Google or via the Auth0 authentication service.
Who has access to the solution/data? By which measures is the access protected?
Access to customer data is managed by the customer him/herself. In addition, a restricted group of users receives administrative permission from Usercentrics, e.g. in order to be able to assist with support requests.
When is the data deleted?
Data is deleted after a retention period of 1 year (latest status). Regardless of this period, a customer can request the deletion of the stored data at any time. Encrypted backup files in backups, however, remain unaffected by the above mentioned time frame in in order not to endanger the data integrity.
How does the customer retrieve the data?
Upon request of the customer, a data export can be arranged. In order to do so, the data is exported to Google Buckets (Google Cloud Storage). After verifying if the person is authorised to access the data, a link is generated specifically in order to download this data.
Where does the processing of data occur?
The processing and storage of customer and user consent data takes place in the Google Cloud. The processing entities are located in Frankfurt and the storage entities in Belgium. This includes the backups of the data, which also lie in the Google Cloud and within the EU.
Who owns the data?
The owner of the data is always the customer as the commissioning party (data controller). For processing according to the customer’s specifications, an order processing contract is always drawn up with Usercentrics (data processor)
Which data is processed or stored on account of the Consent Management Platform?
We process two types of data:
Customer data = settings and login data
User Data = Consent Data (Consent ID, Consent Number, Time of Consent, Type of Consent (implicit or explicit), Opt-in or Opt-out, Banner Language, Customer Setting, Customer Setting Version, Template and Template Version) and Device Data (HTTP Agent, HTTP Referrer and Device ID)
Service & Support
For technical questions, please contact our support team.