Personal data in Xperience

Copy to clipboard

This page provides information about personal data stored in Kentico Xperience, as well as the flow of this data and its purpose. You can use the information when analyzing the GDPR compliance of your websites.

Disclaimers

  • This page only covers the built-in Xperience functionality. You also need to check any customized functionality for personal data handling.
  • This page is provided for informational purposes only and should not be relied upon as legal advice. You can use the information to identify personal data and its flow in the system, and take appropriate measures. However, we recommend consulting with a legally qualified professional to verify that your project complies with the GDPR.

The following is a list of the most important entities in Xperience that hold personal data. For every entity, the page displays up to three sets of data organized into tables. The first table contains a list of data considered as personal according to the GDPR Article 4, Paragraph 1, the corresponding database columns, as well as the purpose of the data. The second table contains a list of sources, describing the flow of personal data in the system. The third table contains information about other entities with personal data that contain a reference to the given entity. The data includes entities, database fields, purposes and sources that might under various conditions manipulate with personal information of natural persons (in the default Xperience functionality). Depending on your usage of features and configuration, parts of the information may not apply to your Xperience project.

Table of contents

Accounts

Database table: OM_Account

Accounts are an on-line marketing entity representing organizations, companies, etc. They allow marketers to categorize contacts based on their affiliations.

Note: Account data can be considered as personal only in cases where the account represents a natural person, not an entire organization (for example individual contractors).

Accounts – Stored personal data

Data

Column names

Purpose / Description

Address

AccountAddress1
AccountAddress2
AccountCity
AccountZIP

  • User interface

    • Displayed in the Contact management application
    • Displayed by the My accounts dashboard widget

Contact information

AccountEmail
AccountFax
AccountPhone

  • User interface

    • Displayed in the Contact management application
    • Displayed by the My accounts dashboard widget

Name

AccountName

  • User interface

    • Displayed in the Contact management application
    • Displayed by the My accounts dashboard widget
    • Displayed in various administration interface locations to identify accounts

  • May be used for contact segmentation and automated marketing (assigning entire accounts to Contact groups, account actions within Marketing automation)

  • Salesforce – the account name may be used to set the company name when replicating contacts to Salesforce leads

System data

AccountCreated
AccountLastModified
AccountGUID
AccountID
  • AccountID and AccountGUID – used as identifiers within the system
  • AccountCreated and AccountLastModified – timestamps used by the system

References to other entities

AccountOwnerUserID
AccountPrimaryContactID
AccountSecondaryContactID
AccountSubsidiaryOfID
AccountCountryID
AccountStateID
  • AccountOwnerUserID – user responsible for managing the account
  • AccountPrimaryContactID and AccountSecondaryContactID – significant contacts set for the account
  • AccountSubsidiaryOfID – a different account of which the given account is a subsidiary
  • AccountCountryID – country of the account’s address
  • AccountStateID – (federated) state of the account’s address within the given country

Accounts – Personal data sources

Source

Data flow

Account editing
  • Users with access to the administration interface manually create or edit accounts in the Contact management application.
  • Users who are assigned as account owners can edit the data of accounts using the My accounts dashboard widget.

Accounts – References from entities containing personal data

Entity (Database table)

Column name

Description

Contact-account relationships (OM_AccountContact)

AccountID

Binding table containing relationships between accounts and the assigned contacts.

> Back to table of contents

Activities

Database table: OM_Activity

Activities are an on-line marketing entity which represents actions done on the live site by visitors (contacts). The system logs activities of various types, therefore activity records can contain different data based on the activity type. The type of each activity is determined by the value of the ActivityType column in the OM_Activity table.

Activities – Stored personal data

Activity personal data purpose

All activity data collected for contacts can be viewed by users of the administration interface in the activity log (in the Contact management application or displayed on dashboards using the Activities widget). Each activity may contain different data based on its type. For example, user registration activities contain a username in their title, but most other activities do not.

The data of logged activities is also used by the system when evaluating on-line marketing conditions, macro rules and methods (for example for automation process triggers or in scoring rules).

Data

Column names

Description

Referring URL

ActivityURLReferrer
  • The URL referrer of the web request during which the activity occurred (for example may contain the URL of a site from which a visitor arrived)

Title

ActivityTitle
  • The activity title contains personal data for the following activity types:
    • User login (userlogin) – the full name and email address of the authenticated user
    • User registration (userregistration) – the full name and email address of the registered user

URL

ActivityURL
  • The URL where the activity occurred contains personal data for the following activity types:
    • Opened marketing email (newsletteropen) – a tracking link which includes the email address of the recipient
    • Opted out from all marketing emails (newsletterunsubscriptionfromall) – an unsubscription link which includes the email address of the recipient
    • Unsubscription from a single email feed (newsletterunsubscription) – an unsubscription link which includes the email address of the recipient

References to other entities

ActivityContactID
ActivityItemID
ActivityItemDetailID

  • ActivityContactID – the contact who performed the activity (for all activity types)

  • ActivityItemID – contains references to objects related to the activity. The type of the object is determined by the activity type:

    • Clicked link in marketing email (newsletterclickthrough) – the email feed related to the email where the link was clicked
    • Form submission (bizformsubmit) – the form for which the data record was submitted
    • Opened marketing email (newsletteropen) – the email feed related to the opened email
    • Opted out from all marketing emails (newsletterunsubscriptionfromall) – the email feed issue where the unsubscription link was clicked
    • Purchase (purchase) – the created order
    • Subscription to a newsletter (newslettersubscription) – the newsletter (email feed) for which the subscription was added
    • Unsubscription from a single email feed (newsletterunsubscription) – the email feed for which the unsubscription occurred
    • User login (userlogin) – the user who signed in to the website
    • User registration (userregistration) – the registered user

  • ActivityItemDetailID – contains references to additional objects related to the activity. The type of the object is determined by the activity type:

    • Clicked link in marketing email (newsletterclickthrough) – the email feed issue where the link was clicked
    • Form submission (bizformsubmit) – the specific form data record that was submitted
    • Opened marketing email (newsletteropen) – the email feed issue that was opened
    • Subscription to a newsletter (newslettersubscription) – the added newsletter subscription
    • Unsubscription from a single email feed (newsletterunsubscription) – the email feed issue where the unsubscription link was clicked

Activities – Personal data sources

Source

Data flow

User and visitor actions
  • The system logs new activities when users or website visitors perform any of the monitored actions. Activity data is loaded from various types of related entities.

Manual editing
  • Users with access to the administration interface can manually edit the Title and URL values of logged activities in the Contact management application or using the Activities dashboard widget.

> Back to table of contents

Contacts

Database table: OM_Contact

Contacts are an on-line marketing entity representing website visitors and users. During the first visit of the website, an anonymous contact is created and linked to the current session. If further information is provided by the visitor through various sources, the system updates the contact and adds the information.

Contacts aggregate information about page visitors. This information is further processed by the system and can be used to deduce conclusions, such as marketing prospectiveness, about visitors and customers.

All of the data acquired by contacts may be viewed in the Contact management application.

Contacts – Stored personal data

Data

Column names

Purpose / Description

Address

ContactAddress1
ContactCity
ContactZIP

Campaign name

ContactCampaign

Email address

ContactEmail

Name

ContactFirstName
ContactLastName
ContactMiddleName
  • User interface – displayed in various locations in the administration interface to identify contacts
  • Contact profiling and personalized marketing (Lead scoring, Personas, Marketing automation)
  • Form controls
    • Contact selector form control
      • Selecting a contact’s name from a list of all contact names
  • Salesforce
    • Mapping to Salesforce data
    • Contact export to the third-party Salesforce organization
  • Newsletters

    • Identification of contacts during contact merging and update

    • Propagating data to the Newsletter subscriber entity

      • Building subscriber names
  • Building reports

Natural personal data

ContactBirthday
ContactGender

Occupational information

ContactCompanyName
ContactJobTitle
  • User interface – displayed in various administration interface locations that contain detailed contact information
  • Contact profiling and personalized marketing (Lead scoring, Personas)
  • Salesforce
    • Mapping to Salesforce data
    • Contact export to a third-party Salesforce organization
  • ContactCompanyName – used to build reports

Phone numbers

ContactMobilePhone
ContactBusinessPhone
  • User interface – displayed in various administration interface locations that contain detailed contact information
  • Contact profiling and personalized marketing (Lead scoring, Personas)
  • ContactBusinessPhone
    • Displayed in notification emails
    • Building reports

System data

ContactCreated
ContactLastModified
ContactGUID
ContactID
  • ContactID – used as a unique identifier within the system
  • ContactCreated and ContactLastModified – timestamps used by the system
  • ContactGUID – used as a unique identifier in the following features:

References to other entities

ContactStatusID
ContactCountryID
ContactStateID
ContactPersonaID
ContactOwnerUserID
ContactSalesForceLeadID
  • ContactStatusID – marketing status of the contact
  • ContactCountryID – country of the contact’s address
  • ContactStateID – (federated) state of the contact within the given country
  • ContactPersonaID – persona to which the contact is assigned
  • ContactOwnerUserID – user responsible for managing the contact
  • ContactSalesForceLeadID – identifier of a third-party Salesforce entity matching the contact

Contacts – Personal data sources

Source

Data flow

Related tables

Campaigns
  • When a contact is created within the context of a specific campaign, the campaign’s name is saved into the contact’s data.

Contact editing
  • Users with access to the administration interface manually create or edit contacts in the Contact management application.

Contact import

Customers
  • When a customer is created or updated, the system transmits data to contact fields according to mapping configuration.
  • Update of account details and processing of information obtained from the purchase order creates user relationships and updates the contact’s properties.
  • Billing or shipping addresses used in a customer’s orders are saved into the address fields of the corresponding contact.

COM_Customer

Forms

Separate database table generated for each form.

Geolocation
  • If enabled, the Geolocation feature can update the contact’s properties based on the visitor’s IP address.

Personas
  • Updates of personas or contact scores trigger a re-evaluation of personas and assign contacts to the corresponding personas.

Subscribers
  • When a subscriber is created or updated, the system transmits data to contact fields according to mapping configuration.
  • Subscription to newsletters saves the given first name and last name into the contact.
  • Subscription to newsletters without double opt-in and access to approval pages updates the contact’s properties.

Newsletter_Subscriber

Users
  • When a user is created or updated, the system transmits data to contact fields according to mapping configuration.
  • Retrieval of contact information from the login or register activity, submission of forms in the My profile application creates user relationships and updates the contact’s properties.

CMS_User

Contacts – References from entities containing personal data

Entity (Database table)

Column name

Description

Accounts (OM_Account)

AccountPrimaryContactID
AccountSecondaryContactID

Primary and secondary contacts set for accounts.

Activities (OM_Activity)

ActivityContactID

The contact who performed the given activity.

Contact membership relationships (OM_Membership)

ContactID

The contact related to a user/customer. The table contains records representing relationships between contacts and users/customers.

Contact-account relationships (OM_AccountContact)

ContactID

Binding table containing relationships between accounts and the assigned contacts. The optional role of the contact in the account is stored in the ContactRoleID column, which references a role from the OM_ContactRole database table.

Marketing automation states (CMS_AutomationState)

StateObjectID

The contact related to the given state of a marketing automation process. The type of the referenced object is stored in the StateObjectType column (the value is om.contact for contacts).

Queued marketing emails (Newsletter_Emails)

EmailContactID

The contact who is the email recipient.

Shopping carts (COM_ShoppingCart)

ShoppingCartContactID

The contact related to the shopping cart. The system uses the reference to track abandoned shopping carts.

> Back to table of contents

Contact scores

Database table: OM_Score

Scoring is an on-line marketing feature that evaluates each contact based on their profile information and activity on the website. Score definitions can store an email address, which is used to send notification emails when a contact reaches a specified score value.

Contact scores – Stored personal data

Data

Column names

Purpose / Description

Email address

ScoreNotificationEmail
  • Email engine – the system sends notification emails to the given address when a contact reaches a certain score value (specified in the ScoreEmailAtScore column)
  • User interface – displayed in the Scoring application

System data

ScoreID
ScoreGUID
ScoreLastModified
  • ScoreID and ScoreGUID – identifiers used within the system
  • ScoreLastModified – timestamp used by the system

Contact scores – Personal data sources

Source

Data flow

Score editing
  • Users with access to the administration interface manually edit notification address values for scores in the Scoring application.

> Back to table of contents

E-commerce – Customers

Database table: COM_Customer

Customers are an e-commerce entity representing users who make purchases on the website. Every completed order is linked with a specific customer. Customers can either be anonymous (created for one specific order) or registered (linked with a user account).

Customer data is required to process orders and payments, and maintain e-commerce records.

Note: For registered customers, the system automatically synchronizes name, email address and phone number data with the corresponding user account. The synchronization works in both directions whenever changes occur for the related entity.

Customers – Stored personal data

Data

Column names

Purpose / Description

Company information

CustomerCompany
CustomerOrganizationID
CustomerTaxRegistrationID
  • User interface – displayed as part of customer information in various administration interface locations:
    • Customers application
    • Orders application
    • Contact management application
    • Orders dashboard widget
    • Customer selection dialogs
  • Used to set the AddressPersonalName field for the customer’s company addresses
  • Used to prefill customer values during checkout for existing customers
  • Displayed in E-commerce reports
  • CustomerTaxRegistrationID – used to exempt customers from tax (for tax classes that have the Zero tax if tax ID is supplied flag enabled)

Email address

CustomerEmail
  • Email engine – sending e-commerce email notifications to customers
  • User interface – displayed as part of customer information in various administration interface locations:
    • Customers application
    • Orders application
    • Contact management application
    • Orders dashboard widget
    • Customer selection dialogs
  • Saved into the email address field of related users and contacts representing customers (according to mapping configuration)
  • Saved into the username field of new user objects when registering customers, if a separate username value is not set
  • Used to validate the uniqueness of email addresses when registering customers
  • Sent to third-party payment gateways when performing payment transactions
  • Used to prefill customer values during checkout for existing customers
  • Displayed in E-commerce reports

Fax

CustomerFax
  • Not displayed or processed by default.

Name

CustomerFirstName
CustomerLastName
  • User interface – displayed as part of customer information in various administration interface locations:
    • Customers application
    • Orders application
    • Contact management application
    • Orders dashboard widget
    • Customer selection dialogs
  • Saved into the name fields of related users and contacts representing customers (according to mapping configuration)
  • Used to set the AddressPersonalName field for the customer’s billing and shipping addresses
  • Sent to third-party payment gateways when performing payment transactions
  • Displayed in E-commerce reports

Phone number

CustomerPhone
  • User interface – displayed when editing customers in the Customers application
  • Saved into the phone number field of related users and contacts representing customers (according to mapping configuration)
  • Prefilled as the default phone value for the customer’s addresses
  • Sent to third-party payment gateways when performing payment transactions
  • Displayed in E-commerce reports

System data

CustomerID
CustomerGUID
CustomerCreated
CustomerLastModified
  • CustomerID and CustomerGUID – used as identifiers within the system
  • CustomerCreated and CustomerLastModified – timestamps used by the system

References to other entities

CustomerUserID
CustomerSiteID
  • CustomerUserID – the user related to the customer (for registered customers)
  • CustomerSiteID – the site on which the customer was created (only for anonymous customers)

Customers – Personal data sources

Source

Data flow

Related tables

Order checkout
  • Customers submit data when checking out orders on the live site. For new customers, the system creates the customer object when the visitor inputs valid data into the customer form and moves to the next checkout step.

Customer editing
  • Users with access to the administration interface manually edit customer data in the Customers application.
  • Users with access to the administration interface can add new customers while manually creating orders in the Orders application.

Users
  • When the name, email address and phone number data of a user account is modified, the system automatically transfers the values to all customer objects associated with the given user.

CMS_User
CMS_UserSettings

Customers – References from entities containing personal data

Entity (Database table)

Column names

Description

Contact membership relationships (OM_Membership)

RelatedID

The customer related to a given contact. The table contains records representing relationships between contacts and users/customers.

Records representing customer relationships have the value of the MemberType column set to 1.

Customer addresses (COM_Address)

AddressCustomerID

The customer related to the address.

Customer credit events (COM_CustomerCreditHistory)

EventCustomerID

The customer for which the customer credit record was logged.

Orders (COM_Order)

OrderCustomerID

The customer who created the order.

Shopping carts (COM_ShoppingCart)

ShoppingCartCustomerID

The customer who created the shopping cart.

> Back to table of contents

E-commerce – Customer addresses

Database table: COM_Address

The system stores various types of addresses (billing, shipping or company) for Customers who make purchases on the website. The addresses are required to process orders and payments, deliver order shipments, and maintain e-commerce records.

Customer addresses – Stored personal data

Data

Column names

Purpose / Description

Address

AddressCity
AddressLine1
AddressLine2
AddressName
AddressZip
  • Used to process e-commerce orders (billing, shipping and company addresses). Automatically saved into the address values of created orders.
  • Billing addresses are sent to third-party payment gateways when performing payment transactions.
  • Billing address values are saved into the address fields of contacts representing customers.
  • User interface – displayed in the Customers application under the Addresses tab.

Name

AddressPersonalName
  • Labels addresses with the customer’s name for easier identification
  • User interface – displayed in the Customers application under the Addresses tab

Phone number

AddressPhone
  • Saved into the mobile phone field of contacts representing customers.
  • User interface – displayed in the Customers application under the Addresses tab

System data

AddressID
AddressGUID
AddressLastModified
  • AddressID and AddressGUID – used as identifiers within the system
  • AddressLastModified – timestamp used by the system

References to other entities

AddressCustomerID
AddressCountryID
AddressStateID
  • AddressCustomerID – the customer related to the address
  • AddressCountryID – country of the customer address
  • AddressStateID – (federated) state within the given country

Customer addresses – Personal data sources

Source

Data flow

Order checkout
  • Customers submit billing/shipping address data when checking out orders.
  • The AddressName value is a summary, automatically composed from the other address data fields.
  • When creating addresses, the customer’s name is saved into the AddressPersonalName field.

Address editing
  • Users with access to the administration interface manually edit customer addresses in the Customers application.
  • Customers edit their address data on the live site.

Customer addresses – References from entities containing personal data

Entity (Database table)

Column names

Description

Shopping carts (COM_ShoppingCart)

ShoppingCartBillingAddressID
ShoppingCartShippingAddressID
ShoppingCartCompanyAddressID

The billing, shipping and company addresses specified for the given shopping cart. The billing address is always required for completed shopping carts, the shipping and company addresses are optional.

> Back to table of contents

E-commerce – Orders

Database table: COM_Order

Orders represent purchases that customers make on e-commerce websites. Typically, customers create orders on the live site by going through a checkout process. Users with access to the administration interface can also edit or create orders in the Orders application.

Order data is required to process orders and payments, generate invoices, and maintain e-commerce records.

The order entity can be used to obtain information about the products purchased by specific customers (when combined with the data of the related order items).

Orders – Stored personal data

Data

Column names

Purpose / Description

Date and time

OrderDate
  • The date and time when the customer placed the order
  • Used by the system when recalculating existing orders (for example to evaluate discount validity)
  • User interface – displayed in the Orders application and by the Orders dashboard widget

Invoice

OrderInvoice
  • Stores the full HTML code of the invoice for the order. May contain personal data of the related customer.
  • User interface – displayed in the Orders application

Payment data

OrderPaymentResult

User input

OrderNote
  • Stores the text of notes that customers add to their purchase during the checkout process
  • Can be included in e-commerce email notifications
  • May be sent to third-party payment gateways when performing payment transactions
  • User interface – displayed in the Orders application and by the Orders dashboard widget

Tracking number

OrderTrackingNumber
  • User interface – displayed in the Orders application and by the Orders dashboard widget
  • Can be displayed on the live site

System data

OrderID
OrderGUID
OrderLastModified
  • OrderID and OrderGUID – used as identifiers within the system. The OrderID value is used to generate invoice numbers by default.
  • OrderLastModified – timestamp used by the system

References to other entities

OrderCustomerID
OrderCreatedByUserID
  • OrderCustomerID – the customer who created the order
  • OrderCreatedByUserID – the user who created the order (for registered customers)

Orders – Personal data sources

Source

Data flow

Related tables

Invoice template
  • The system generates the invoice for orders according to a template defined in the Store configuration or Multistore configuration application (when creating new orders or if an administrator re-generates an invoice in the Orders application).

Order editing
  • Users with access to the administration interface manually edit or create orders in the Orders application.

Payment options
  • The system’s payment gateways set the payment data for orders when processing payments.

Shopping carts
  • When a customer completes checkout on the live site, the system automatically creates a new order based on the customer’s shopping cart. Transfers information, such as the order note.

COM_ShoppingCart

Orders – References from entities containing personal data

Entity (Database table)

Column names

Description

Activities (OM_Activity)

ActivityItemID

The object related to the logged activity is an order for activities of the Purchase type – i.e., when the value of the ActivityType column is purchase .

Order items (COM_OrderItem)

OrderItemOrderID

The order containing the given order item (product).

Order status changes (COM_OrderStatusUser)

OrderID

The order whose status was changed.

The COM_OrderStatusUser table tracks changes in statuses for orders. The ChangedByUserID column of this table can be used to connect the order with a user (the administrator who performed the order status change).

Customer credit events (COM_CustomerCreditHistory)

EventName

The text values stored in the EventName column of customer credit records may contain the ID of the related order.

> Back to table of contents

E-commerce – Order items

Database table: COM_OrderItem

Every order item represents one or more units of a given product within an Order created by a customer. Order items can either be standard products, product variants, or product options that were purchased together with another product.

Order item data is required to process orders and payments, generate invoices, and maintain e-commerce records.

Order items do not directly contain any personal data, but can be used to obtain information about the products purchased by specific customers (when combined with the data of the related order).

Order items – Stored personal data

Data

Column names

Purpose / Description

References to other entities

OrderItemSKUID
OrderItemOrderID

  • Each item stores a reference to the related product and order

  • Processed by the system when calculating and evaluating orders (total prices, shipping, discounts, etc.)

  • Used to display the products contained within orders:

  • Order items are sent to certain third-party payment gateways when performing payment transactions

Order items – Personal data sources

Source

Data flow

Related tables

Order editing
  • Users with access to the administration interface can add, remove or update order items in the Orders application (only for orders that have not been paid yet).

Shopping cart items
  • When a customer completes checkout on the live site, the system automatically creates order items for the new order based on the customer’s shopping cart.

COM_ShoppingCartSKU

> Back to table of contents

E-commerce – Order addresses

Database table: COM_OrderAddress

The system stores various types of addresses (billing, shipping or company) for Orders. The addresses are required to process orders and payments, generate invoices, deliver order shipments, and maintain e-commerce records.

Order addresses – Stored personal data

Data

Column names

Purpose / Description

Address

AddressCity
AddressLine1
AddressLine2
AddressZip
  • Used to process orders (billing, shipping and company addresses)
  • Billing addresses are sent to third-party payment gateways when performing payment transactions
  • User interface – displayed in the Orders application when editing orders on the Shipping and Billing tabs
  • Displayed in order invoices ande-commerce email notifications (by default)

Name

AddressPersonalName
  • Labels addresses with the customer’s name for easier identification
  • User interface – displayed in the Orders application when editing orders on the Shipping and Billing tabs
  • Displayed in order invoices ande-commerce email notifications (by default)

Phone number

AddressPhone
  • User interface – displayed in the Orders application when editing orders on the Shipping and Billing tabs

System data

AddressID
AddressGUID
AddressLastModified
AddressType
  • AddressID and AddressGUID – used as identifiers within the system
  • AddressLastModified – timestamp used by the system
  • AddressType – indicates whether the address is a billing, shipping or company address for the related order.

References to other entities

AddressCountryID
AddressStateID
AddressOrderID
  • AddressCountryID – country of the order address
  • AddressStateID – (federated) state within the given country
  • AddressOrderID – the order where the address is used (a single order can have multiple related addresses, each with a different AddressType – billing, shipping or company)

Order addresses – Personal data sources

Source

Data flow

Related tables

Customer addresses
  • When a customer completes checkout on the live site, the system automatically creates order addresses based on the customer’s shopping cart and the data of the referenced customer addresses.

COM_Address

Address editing
  • Users with access to the administration interface manually edit order addresses in the Orders application.

> Back to table of contents

E-commerce – Shopping carts

Database table: COM_ShoppingCart

Customers purchase products by browsing the website and adding items to their shopping cart. The system stores the shopping cart of each customer until they complete the checkout process, or until the cart is abandoned and cleared. When a customer completes checkout, the system automatically converts the given shopping cart into an order and then deletes the cart.

The shopping cart entity can be used to obtain information about the products in which specific users or customers were interested (when combined with the data of the related shopping cart items).

Shopping carts – Stored personal data

Data

Column names

Purpose / Description

User input

ShoppingCartNote
  • Stores the text of notes that customers can add to their purchase during the checkout process
  • When the customer completes checkout, the system copies the shopping cart note into the resulting order

System data

ShoppingCartID
ShoppingCartGUID
ShoppingCartLastUpdate
  • ShoppingCartID and ShoppingCartGUID – used as identifiers within the system
  • ShoppingCartLastUpdate – timestamp used by the system

References to other entities

ShoppingCartBillingAddressID
ShoppingCartShippingAddressID
ShoppingCartCompanyAddressID

ShoppingCartContactID
ShoppingCartCustomerID
ShoppingCartUserID
  • ShoppingCartBillingAddressID, ShoppingCartShippingAddressID, ShoppingCartCompanyAddressID – the customer address used for the shopping cart’s billing, shipping or company address respectively. The billing address is always required for completed shopping carts, the shipping and company addresses are optional.
  • ShoppingCartContactID – the contact related to the shopping cart. The system uses the reference to track abandoned shopping carts (logging of activities of the Shopping cart abandoned type).
  • ShoppingCartCustomerID – the customer who created the shopping cart.
  • ShoppingCartUserID – the user related to the shopping cart (for registered customers).

Shopping carts – Personal data sources

Source

Data flow

Product catalog
  • The system automatically creates shopping carts for customers when they add the first product to their cart.

Order checkout
  • Shopping cart addresses are assigned by customers when checking out orders.
  • Customers can input a note when checking out orders.

Shopping carts – References from entities containing personal data

Entity (Database table)

Column names

Description

Shopping cart items (COM_ShoppingCartSKU)

ShoppingCartID

The shopping cart containing the given shopping cart item (product).

> Back to table of contents

E-commerce – Shopping cart items

Database table: COM_ShoppingCartSKU

Customers purchase products by browsing the website and adding items to their shopping cart. Every item represents one or more units of a given product. Shopping cart items can either be standard products, product variants, or product options that were purchased together with another product.

Shopping cart items do not directly contain any personal data, but can be used to obtain information about the products in which specific customers were interested (when combined with the data of the related shopping cart).

The system automatically deletes all items together with the related shopping cart when it is converted into an order upon successful checkout, or after it is abandoned and cleared.

Shopping cart items – Stored personal data

Data

Column names

Purpose / Description

References to other entities

SKUID
ShoppingCartID
  • Each item stores a reference to the related product and shopping cart
  • Activities – activities of the Product added to shopping cart and Product removed from shopping cart types are logged when shopping cart items are created or removed
  • Used to display shopping cart content on the website
  • The system creates the content of orders based on shopping cart items when the customer completes the checkout process

Shopping cart items – Personal data sources

Source

Data flow

Product catalog
  • The system automatically creates shopping cart items when a customer adds a product to their shopping cart on the live site.

> Back to table of contents

E-commerce – Suppliers

Database table: COM_Supplier

E-commerce sites can store objects representing suppliers of products. Supplier data can be considered as personal only in cases where the supplier is a natural person.

Suppliers – Stored personal data

Data

Column names

Purpose / Description

Contact information

SupplierEmail
SupplierFax
SupplierPhone
  • User interface – displayed in the Suppliers application
  • Can be displayed on the live site (for example in product details)

Name

SupplierDisplayName
SupplierName
  • User interface – displayed in the Suppliers application and when editing products in the Products or Pages application
  • Can be displayed on the live site (for example in product details)

System data

SupplierID
SupplierGUID
SupplierLastModified
  • SupplierID and SupplierGUID – used as identifiers within the system
  • SupplierLastModified – timestamp set by the system

Suppliers – Personal data sources

Source

Data flow

Suppliers
  • Users with access to the administration interface manually create suppliers in the Suppliers application or directly from product editing forms (in the Products or Pages application).

Suppliers – References from other entities

Entity (Database table)

Column names

Description

Products (COM_SKU)

SKUSupplierID

The supplier specified for the given product.

> Back to table of contents

E-commerce – Wishlist items

Database table: COM_Wishlist

Wishlist items are records representing relationships between products and users. Each record means that a user (customer) has added a given product to their wishlist on an e-commerce website. Wishlists are only available for customers who are registered as users.

Wishlist items – Stored personal data

Data

Column names

Purpose / Description

References to other entities

SKUID
UserID
  • Each item stores a reference to the product that was added to the wishlist and the related user
  • Activities – activities of the Product added to wishlist type are logged when wishlist items are created

Wishlist items – Personal data sources

Source

Data flow

Wishlist
  • The system automatically creates wishlist items when a registered customer adds a product to their wishlist on the live site.

> Back to table of contents

Emails

Database table: CMS_Email

The system stores records of sent emails according to the settings configured in the System -> Emails category of the Settings application. This includes:

  • Queued emails that are waiting to be sent to the SMTP server for mail out
  • Emails whose sending failed
  • Archived emails that were successfully sent (stored for a limited number of days)

For more information, see Sending emails.

Emails – Stored personal data

Data

Column names

Purpose / Description

Email address

EmailFrom
EmailTo
EmailCc
EmailBcc
EmailReplyTo
  • Email engine – used to fill the email address header fields for emails sent by the system
  • User interface – displayed in the Email queue application

Email content

EmailBody
EmailPlainTextBody
EmailSubject
  • Email engine – used in the subject and content of emails sent by the system. May contain personal data depending on the type of the email.
  • User interface – displayed in the Email queue application

System data

EmailID
EmailGUID
EmailCreated
EmailLastModified
EmailLastSendAttempt
EmailLastSendResult
  • EmailID and EmailGUID – identifiers used within the system
  • EmailCreated, EmailLastModified and EmailLastSendAttempt – timestamps used by the system
  • EmailLastSendResult – displayed in the Email queue application
    • For emails whose sending failed, stores error messages that may in some cases contain related email address values

References to other entities

EmailSiteID
EmailHeaders
  • EmailSiteID – the site for which the email was sent (0 for global emails)
  • EmailHeaders – custom email message headers that may contain references to related entities for certain types of emails (for example contact or subscriber identifiers)

Emails – Personal data sources

Source

Data flow

Administration interface
  • Various applications in the system provide an interface for sending emails or configuring email parameters. The input is then used to set the email address values and content of the given emails.

Email templates
  • Automated emails sent by the system load their email address values and content from Email templates.

Settings
  • Various settings configured by administrators are used to set the From and To addresses of sent emails.

SMTP servers
  • When sending of emails fails on the side of the used SMTP server, third-party error messages are saved into the EmailLastSendResult field (may contain email address values).

User entities
  • For emails related to user entities within the system (users, contacts, customers, etc.), the system automatically:
    • Sets From and To addresses based on the corresponding email address values stored for the given entity.
    • Saves the identifier referencing the given entity into the email’s EmailHeaders field.

> Back to table of contents

Email feeds

Database table: Newsletter_Newsletter

Email feeds are an on-line marketing entity representing a newsletter or an email campaign. Email feeds are managed in the Email marketing application.

Email feeds – Stored personal data

Data

Column names

Purpose / Description

Email address

NewsletterSenderEmail
  • User interface – displayed in the Email marketing application
  • Used as the sender address of the feed’s marketing emails and automatic subscription status notifications

Name

NewsletterSenderName
  • User interface – displayed in the Email marketing application
  • Used as the sender of the feed’s marketing emails and automatic subscription status notifications

System data

NewsletterID
NewsletterGUID
NewsletterLastModified
  • NewsletterID and NewsletterGUID – used as identifiers within the system
  • NewsletterLastModified – timestamp used by the system

Email feeds – Personal data sources

Source

Data flow

Email marketing
  • Users with access to the administration interface manually submit the name and email address of the sender in the Email marketing application.

Campaigns
  • Users with access to the administration interface manually submit the name and email address of the sender in the Campaigns application.

Email feeds – References from entities containing personal data

Entity (Database table)

Column name

Description

Activities (OM_Activity)

ActivityItemID

The object related to the logged activity is an email feed for activities of the Clicked link in marketing email , Opened marketing email, Subscription to a newsletter and Unsubscription from a single email feed types – i.e., when the value of the ActivityType column is newsletterclickthrough , newsletteropen , newslettersubscription or newsletterunsubscription.

Email feed issues (Newsletter_Issue)

IssueNewsletterID

Email feed related to the given issue.

Email feed unsubscriptions (Newsletter_Unsubscription)

UnsubscriptionNewsletterID

Email feed from which the given email address is unsubscribed.

> Back to table of contents

Email feeds – Issues

Database table: Newsletter_NewsletterIssue

Email feed issues represent individual emails related to an email feed. An email feed may contain multiple issues which can be viewed on the Emails tab of the email feed in the Email marketing application.

Issues – Stored personal data

Data

Column names

Purpose / Description

Email address

IssueSenderEmail
  • User interface – displayed in Email marketing application
  • Used as the sender address of marketing emails

Name

IssueSenderName
  • User interface – displayed in Email marketing application
  • Used as the sender of marketing emails

System data

IssueID
IssueGUID
IssueLastModified
IssueMailoutTime
  • IssueID and IssueGUID – identifiers used within the system
  • IssueLastModified and IssueMailoutTime – timestamps used by the system

References to other entities

IssueNewsletterID
IssueVariantOfIssueID
  • IssueNewsletterID – email feed to which the issue is related
  • IssueVariantOfIssueID – the original issue for emails that are A/B testing variants

Issues – Personal data sources

Source

Data flow

Related tables

Email feeds
  • When issues are created, the sender name and email address are preloaded from the related email feed.

Newsletter_Newsletter

Email marketing application
  • Users with access to the administration interface manually submit the name and email address of the sender in the Email marketing application.

Issues – References from entities containing personal data

Entity (Database table)

Column name

Description

Activities (OM_Activity)

ActivityItemID

The object related to the logged activity is an email feed issue for activities of the Opted out from all marketing emails type – i.e., when the value of the ActivityType column is newsletterunsubscriptionfromall.

Activities (OM_Activity)

ActivityItemDetailID

The additional object related to the logged activity is an email feed issue for activities of the Clicked link in marketing email , Opened marketing email and Unsubscription from a single email feed types – i.e., when the value of the ActivityType column is newsletterclickthrough , newsletteropen or newsletterunsubscription.

Email feed unsubscription (Newsletter_Unsubscription)

UnsubscriptionFormIssueID

The email feed issue from which the given email address is unsubscribed.

Queued marketing emails (Newsletter_Emails)

EmailNewsletterIssueID

The issue related to the given queued email item. Queued emails are temporary objects created by the system when sending emails to individual recipients.

Opened emails (Newsletter_OpenedEmail)

OpenedEmailIssueID

The issue related to the email open record.

> Back to table of contents

Database table: Newsletter_ClickedLink

The Clicked link entity represents user actions of opening links in received marketing emails. Multiple clicks may be registered for the same email recipient and link if the user clicks the link multiple times. The purpose of this entity is to track how recipients react to marketing emails.

Data

Column names

Purpose / Description

Email address

ClickLinkEmail
  • User interface – displayed in the Email marketing application in the Clicks report of individual emails
  • Matching clicked links to contacts – used for displaying contact demographic insights when viewing click details in the Overview report of individual emails in the Email marketing application

System data

ClickedLinkID
ClickedLinkGUID
ClickedLinkTime
  • ClickedLinkID and ClickedLinkGUID – identifiers used by the system
  • ClickedLinkTime – stores the time when the link was clicked, but the system does not display or process the value by default (the column is obsolete)

References to other entities

ClickedLinkNewsletterID
  • ClickedLinkNewsletterID – the email feed issue where the link was clicked

Source

Data flow

Clicked links
  • New clicked links are registered and stored when a recipient clicks a link in a marketing email, including the recipient’s email address.

> Back to table of contents

Email feeds – Opened emails

Database table: Newsletter_OpenedEmail

The Opened email entity represents user actions of opening received marketing emails. The purpose of this entity is to track how users react to marketing emails.

Opened emails – Stored personal data

Data

Column names

Purpose / Description

Email address

OpenedEmailEmail
  • User interface – displayed in the Email marketing application in the Opens report of individual emails
  • Matching opened emails to contacts – used for displaying contact demographic insights when viewing open details in the Overview report of individual emails in the Email marketing application

System data

OpenedEmailD
OpenedEmailGUID
OpenedEmailTime
  • OpenedEmailID and OpenedEmailGUID – identifiers used by the system
  • OpenedEmailTime – displayed in the Email marketing application in the Opens report of individual emails

References to other entities

OpenedEmailIssueID
  • OpenedEmailIssueID – the related email issue

Opened emails – Personal data sources

Source

Data flow

Opened marketing emails
  • New opened emails are logged when a recipient opens an email in their email client for the first time, or when they click a link within the email. The saved data includes the recipient’s email address and the open time.

> Back to table of contents

Email feeds – Newsletter subscriptions

Database table: Newsletter_Subscriber

Newsletter subscriptions represent contacts or entire contacts groups who are subscribed to receive newsletters.

Newsletter subscriptions – Stored personal data

Data

Column names

Purpose / Description

Email address

SubscriberEmail
  • User interface – displayed in the Email marketing application
  • Can be displayed within the content of marketing emails

Name

SubscriberFirstName
SubscriberLastName
SubscriberFullName
  • User interface – displayed in the Email marketing application
  • Can be displayed within the content of marketing emails

System data

SubscriberID
SubscriberGUID
SubscriberLastModified
  • SubscriberID and SubscriberGUID – identifiers used within the system
  • SubscriberLastModified – timestamp used by the system

References to other entities

SubscriberRelatedID
SubscriberType
  • SubscriberRelatedID – the subscribed contact or contact group object
  • SubscriberType – specifies the type of the subscribed object (contact or contact group)
  • Together both fields reference a contact or contact group, which is used to:
    • Get the recipient addresses when sending marketing emails
    • Provide information about the newsletter subscriptions of contacts/users in various parts of the administration interface

Newsletter subscriptions – Personal data sources

Source

Data flow

Related tables

Subscription

Data of newsletter subscriptions is created or updated when:

  • Users or anonymous visitors fill in a newsletter subscription form on the live site.
  • Authenticated users manage their newsletter subscriptions (using the Users or My profile applications in the administration interface).
  • Users with access to the administration interface manually subscribe a contact to a newsletter in the Email marketing or Users application.

Contacts

The system automatically updates email address and name data of subscriptions when the related contact is updated (from any source).

OM_Contact

Newsletter subscriptions – References from entities containing personal data

Entity (Database table)

Column name

Description

Activities (OM_Activity)

ActivityItemDetailID

The additional object related to the logged activity is a newsletter subscription for activities of the Subscription to a newsletter type – i.e., when the value of the ActivityType column is newslettersubscription.

Queued marketing emails (Newsletter_Emails)

EmailSubscriberID

Subscription related to the given queued email item. Queued emails are temporary objects created by the system when sending emails to individual recipients.

> Back to table of contents

Email feeds – Unsubscriptions

Database table: Newsletter_Unsubscription

Email feed unsubscriptions represent email addresses that are opted out from receiving newsletters and email campaigns. Unsubscriptions can either be for a specific email feed or all feeds in the system.

Unsubscriptions – Stored personal data

Data

Column names

Purpose / Description

Email address

UnsubscriptionEmail
  • User interface – displayed in the Email marketing application:
    • On the Opt-out list tab
    • In the Contact loss details of marketing email reports
  • Matching opted out email addresses to contacts – used to evaluate and display the “Receiving marketing email” status of contacts

System data

UnsubscriptionID
UnsubscriptionGUID
UnsubscriptionCreated
  • UnsubscriptionID and UnsubscriptionGUID – identifiers used by the system
  • UnsubscriptionCreated – timestamp, displayed in the Email marketing application

References to other entities

UnsubscriptionNewsletterID
UnsubscriptionFromIssueID
  • UnsubscriptionNewsletterID – email feed from which the email address is unsubscribed (if the unsubscription is not for all email feeds)
  • UnsubscriptionFromIssueID – the specific email feed issue from which the recipient unsubscribed (only for unsubscriptions created via unsubscription links in marketing emails)

Unsubscriptions – Personal data sources

Source

Data flow

Marketing emails
  • New email feed unsubscriptions are created when recipients click unsubscription links in the content of marketing emails.

Email marketing application
  • Users with access to the administration interface manually add or edit email addresses in the opt-out list in the Email marketing application.

> Back to table of contents

Email feeds – Queued emails

Database table: Newsletter_Emails

When a user in the administration interface initiates the sending of a marketing email issue, the system generates a sending queue of emails, with separate records for individual recipients. The queued emails are deleted immediately after sending is successfully finished.

Queued emails – Stored personal data

Data

Column names

Purpose / Description

Email address

EmailAddress
  • Email engine – sending of marketing emails to recipients

System data

EmailID
EmailGUID
  • EmaiIID and EmailGUID – identifiers used within the system

References to other entities

EmailNewsletterIssueID
EmailSubscriberID
EmailContactID
  • EmailNewsletterIssueID – the related email feed issue
  • EmailSubscriberID – the related email feed subscription
  • EmailContactID – the related contact (recipient)

Queued emails – Personal data sources

Source

Data flow

Related tables

Contact

When generating queued emails, the system retrieves the recipient email address from the contact referenced by the EmailContactID column.

OM_Contact

> Back to table of contents

Email templates

Database table: CMS_EmailTemplate

The system sends automatic emails for various purposes, such as password reset emails, workflow notifications, etc. The content of such emails is based on Email templates, which can also store email address values used for sender, copy and reply-to addresses.

Email templates – Stored personal data

Data

Column names

Purpose / Description

Email address

EmailTemplateFrom
EmailTemplateCc
EmailTemplateBcc
EmailTemplateReplyTo
  • Email engine – used to fill the email address header fields (sender, copy, reply-to) for emails based on templates. Typically sent automatically by the system.
  • User interface – displayed in the Email templates application

System data

EmailTemplateID
EmailTemplateGUID
EmailTemplateLastModified
  • EmaiITemplateID and EmailTemplateGUID – identifiers used within the system
  • EmailTemplateLastModified – timestamp used by the system

Email templates – Personal data sources

Source

Data flow

Email template editing
  • Users with access to the administration interface manually edit email address values for templates in the Email templates application.

> Back to table of contents

Event log records

Database table: CMS_EventLog

The system automatically creates records within an Event log to keep track of errors and many types of events. The event log helps administrators and developers find sources of problems, identify potential security threats, and monitor the behavior of the system.

Event log records – Stored personal data

Event log personal data purpose

All types of data stored within event log records can be used by the system in the following ways (depending on the configuration of settings):

  • Displayed in the Event log application
  • Displayed on dashboards by the EventLog widget
  • Sent within error notification emails (for error events)
  • Saved into the CMS\App_Data\logEvents.log file on the server’s file system
  • Logged into the Windows Event Viewer on the server’s operating system

Data

Column names

Description

Browser user agent

EventUserAgent
  • User agent providing information about the browser and operating system of the user or visitor who triggered the event

Event details

EventDescription
  • A detailed description of the event, which may contain personal data in certain cases. For example, if the Log metadata changes setting is enabled, the system logs events for all updates of objects, including the values of the modified object fields. If the given object field contains personal data, the values are stored in the description of the corresponding event.

IP address

IPAddress
  • The IP address of the user or visitor who triggered the event

Referring URL

EventUrlReferrer
  • The URL referrer of the web request during which the event occurred (for example may contain the URL of a site from which a visitor arrived)

User name

UserName
  • The user name of the user that triggered the event

System data

EventTime
EventID
  • EventTime – timestamp identifying when the event occurred
  • EventId – used as an identifier within the system

References to other entities

SiteID
UserID
  • SiteID – the site on which the event occurred
  • UserID – the user who triggered the event

Event log records – Personal data sources

Source

Data flow

System activity and user actions

The system logs events based on user actions or automated processes.

Not all types of personal data are logged for all events. Events that are not directly triggered by a user’s web request do not contain any of the user-related data. Events that do not occur within the context of a specific site are global and do not reference a site, etc.

> Back to table of contents

Object version history

Database table: CMS_ObjectVersionHistory

Many types of objects in the system support versioning. If enabled, the system creates and stores separate versions of these objects when they are edited and saved. Object versions are also created when objects are deleted to the recycle bin. The recycle bin functionality can include objects that do not otherwise support versioning (for example personal data entities, such as users).

Every object version record stores all data of the original object in XML format, so any personal data contained in the given object is also stored in the version history. Users in the administration interface can restore objects from the recycle bin, or roll objects back to previous versions.

Object version history – Stored personal data

Data

Column names

Purpose / Description

Object data

VersionXML

  • Contains all data of the versioned or deleted object in XML format

  • Allows the system to restore deleted objects from the recycle bin, compare different versions of an object’s history, or roll objects back to older versions

  • User interface – used and displayed in the following locations:

    • On the Versions tab when editing an object that supports versioning (see supported object types)
    • In the Recycle bin application on the Objects tab
    • By the Object recycle bin dashboard widget

Object name

VersionObjectDisplayName

  • Identifies the original object related to the version history record

  • May contain personal data for certain types of objects (for example a user name for user objects in the recycle bin)

  • User interface – displayed in the following locations:

    • In the Recycle bin application on the Objects tab
    • The Object recycle bin dashboard widget

System data

VersionID
VersionModifiedWhen
VersionDeletedWhen
  • VersionID – used as an identifier within the system
  • VersionModifiedWhen – stores the time when the versioned object was modified
  • VersionDeletedWhen – stores the time when the object was deleted to the recycle bin

References to other entities

VersionModifiedByUserID
VersionDeletedByUserID
VersionObjectSiteID
VersionObjectID
VersionObjectType
  • VersionModifiedByUserID – the user who modified the versioned object
  • VersionDeletedByUserID – the user who deleted the object to the recycle bin
  • VersionObjectSiteID – the site to which the versioned or deleted object belongs
  • VersionObjectID and VersionObjectType – these two columns together reference the object to which the version history data belongs. VersionObjectType stores the type of the referenced object and VersionObjectID holds the identifier of a specific object.

Object version history – Personal data sources

Source

Data flow

Modification of versioned objects
  • Users in the administration interface update and save an object for which versioning is enabled, and the system creates a new record in the object’s version history.

Deleting of objects to the recycle bin
  • Users in the administration interface (or scheduled/automated processes) delete an object, and the system creates a new object version history record for the recycle bin.

> Back to table of contents

Report subscriptions

Database table: Reporting_ReportSubscription

Report subscriptions represent relationships between subscribed users and reports.

Report subscriptions – Stored personal data

Data

Column names

Purpose / Description

Email address

ReportSubscriptionEmail
  • Reporting
    • Used to send emails containing report data
    • Displayed in the list of subscriptions for each report in the Reporting application

System data

ReportSubscriptionLastModified
ReportSubscriptionID 
ReportSubscriptionGUID
  • ReportSubscriptionLastModified – timestamp used by the system
  • ReportSubscriptionID and ReportSubscriptionGUID – used as identifiers within the system

References to other entities

ReportSubscriptionReportID
ReportSubscriptionUserID
ReportSubscriptionGraphID
ReportSubscriptionTableID
ReportSubscriptionValueID
  • ReportSubscriptionReportID – the report to which the subscription applies
  • ReportSubscriptionUserID – the user who created the subscription (the user does not need to match the subscription’s email address)
  • ReportSubscriptionGraphID – a graph from the report for subscriptions to a specific graph (component that retrieves data and displays it in various formats)
  • ReportSubscriptionTableID – a table from the report for subscriptions to a specific table (component that retrieves data and formats it into a table)
  • ReportSubscriptionValueID – a value from the report for subscriptions to a specific value (component that retrieves a single scalar value)

Report subscriptions – Personal data sources

Source

Data flow

Reporting
  • Users with access to the administration interface can enter their email address and subscribe to reports displayed in various applications (Reporting, Web analytics, Store reports, A/B testing, Facebook, LinkedIn, Twitter)
  • Users with access to the Reporting application can manually create, edit or delete subscriptions for reports.

> Back to table of contents

Saved reports

Database table: Reporting_SavedReport

Saved reports represent archived data from reports in the Reporting application.

Saved reports – Stored personal data

Data

Column names

Purpose / Description

Saved report content

SavedReportHTML
  • HTML content used to display and print saved report data in the Reporting application
  • Contains the data that is displayed within the original report, which may include personal information for some reports

System data

SavedReportDate
SavedReportLastModified
SavedReportID
SavedReportGUID
  • SavedReportDate and SavedReportLastModified – timestamps used by the system
  • SavedReportID and SavedReportGUID – used as identifiers within the system

References to other entities

SavedReportReportID
SavedReportCreatedByUserID
  • SavedReportReportID – the original report
  • SavedReportCreatedByUserID – the user who saved the report

Saved reports – Personal data sources

Source

Data flow

Reporting

The system generates Saved Report HTML content when users in the administration interface manually save reports (for example in the Reporting, Store reports or Web analytics applications).

> Back to table of contents

Synchronization tasks

Database tables: Export_Task, Integration_Task, Staging_Task, CMS_WebFarmTask

The system creates and stores the following types of synchronization tasks:

  • Export delete tasks – serve as representations of object delete operations, and can be included within Export packages.
  • Integration tasks – synchronize data with external systems or applications via the Integration bus. The system automatically deletes integration bus tasks after they are successfully processed.
  • Staging tasks – synchronize content and objects between different Xperience instances via Staging. The system automatically deletes staging tasks after they are successfully synchronized.
  • Web farm tasks – synchronize cached data and files between Xperience servers in a Web farm environment. The system automatically deletes web farm tasks after they are successfully processed.

Synchronization tasks store the data of the related object in XML format, so personal data contained in the given object can also be stored within corresponding tasks. This may include sensitive objects such as users, contacts or customers.

Export, Integration, and Staging tasks – Stored personal data

Data

Column names

Purpose / Description

Object data

TaskData

  • Contains data of the related object in XML format (may include sensitive objects such as users, contacts or customers)

  • Allows the system to synchronize objects to other instances or external systems (staging and integration tasks) or identify objects that need to be deleted when importing a package (export tasks)

  • User interface – the data can be viewed in the following locations:

    • In the Integration bus application (integration tasks)
    • In the Staging application (staging tasks)

  • For export tasks, the data can be included within export packages that the system creates on the file system.

Task name

TaskTitle

  • Describes the type of the synchronization task (create, delete, update, etc.) and identifies the related object

  • May contain personal data for certain types of objects (for example the user name of deleted or modified user objects)

  • User interface – displayed in the following locations:

    • In the Integration bus application (integration tasks)
    • In the Staging application (staging tasks)
    • In the Sites application on the Tasks tab of the View export history page, and in the export/import wizard (export tasks)

System data

TaskID
TaskTime
  • TaskID – used as an identifier within the system
  • TaskTime – timestamp storing the time when the task was logged (matches the time when the related create, update or delete action was performed)

References to other entities

TaskSiteID
TaskObjectID
TaskObjectType
  • TaskSiteID – the site for which the task was logged
  • TaskObjectID and TaskObjectType – these two columns together reference the object related to the synchronization task. The type of the referenced object is stored in the TaskObjectType column and TaskObjectID holds the identifier of a specific object.

Web farm tasks – Stored personal data

Data

Column names

Purpose / Description

Object data

TaskTextData
  • Stores data of the related object in XML format (may include sensitive objects such as users, contacts or customers). The data primarily includes object identifiers and/or names.
  • Allows the system to synchronize cached data and files between Xperience servers when running in a web farm environment
  • User interface – the data can be viewed in the Web farm application

System data

TaskID
TaskGUID
TaskCreated
  • TaskID and TaskGUID – used as identifiers within the system
  • TaskCreated – timestamp storing the time when the task was logged (matches the time when the related action was performed)

References to other entities

TaskTarget
  • Stores the type of the object related to the web farm task. Used to reference the related object in combination with the identifier data stored in the TaskTextData column.

Staging tasks – References from entities containing personal data

Entity (Database table)

Column name

Description

Staging task users (Staging_TaskUser)

TaskID

The system stores relationships between staging tasks and users. Every relationship indicates that the specified user performed the change which caused the system to log the given staging task (referenced in the TaskID column).

Export tasks – Personal data sources

Source

Data flow

Object deletion
  • If the Log export tasks setting is enabled, the system creates export tasks when an object is deleted (by a user in the administration interface or by a scheduled/automated process).

Integration tasks – Personal data sources

Source

Data flow

Object changes
  • If the Integration bus is enabled and appropriate connectors for outgoing synchronization are created in the system, the system logs integration tasks when objects are created, updated or deleted (by a user in the administration interface or by a scheduled/automated process).

External systems
  • If the Integration bus is enabled and appropriate connectors for incoming synchronization are created in the system, the system logs integration tasks based on data transfers from the related external application or system.

Staging tasks – Personal data sources

Source

Data flow

Object changes
  • If staging is enabled, the system logs staging tasks when pages or objects are created, updated or deleted (by a user in the administration interface or by a scheduled/automated process).

Manual staging synchronization
  • Users with access to the administration interface can manually run synchronization of objects, pages or custom table data in the Staging application.
  • Manual synchronization creates update staging tasks for the related objects and immediately runs them. All successfully synchronized tasks are immediately deleted.

Web farm tasks – Personal data sources

Source

Data flow

Object changes
  • The system logs synchronization tasks for every available server when objects are created, updated or deleted (by a user in the administration interface or by a scheduled/automated process).

> Back to table of contents

Users

Database tables: CMS_User, CMS_UserSettings

Users are an entity representing people in Xperience. User accounts allow people to sign in on the live site and into the Xperience administration interface (depending on the user privilege level). New user accounts are typically created when a visitor goes through registration on the live site. However, administrators can also create accounts manually in the Users application.

The system stores user data within two coupled database tables – users (CMS_User) and user settings (CMS_UserSettings).

Users – Stored personal data

Data

Column names

Purpose / Description

Email address

Email
  • Email engine – sending various types of automated emails to users (notifications, password reset functionality, registration confirmation, etc.)
  • Used as the recipient address when sending emails to registered users (for example from the Users or Email queue applications)
  • Saved into the user’s UserName field as an identifier if a separate value is not specified during registration
  • Used to validate email address values of new users if the Require unique user emails setting is enabled
  • Synchronized into the email address field of related customers and contacts (according to mapping configuration)
  • Pre-filling of email address values for signed in users in various locations within the administration interface
  • Activities – saved into the titles of logged activities of the User registration and User login types
  • User interface – displayed as part of user information in various administration interface locations:
    • Users application
    • My profile application
    • Contact management application
    • User selection dialogs
    • Various lists of subscriptions (Reports, etc.)

Last sign-in information

UserLastLogon
UserLastLogonInfo
  • UserLastLogon – the date and time of the user’s last sign-in on the live website or into the administration interface
  • UserLastLogonInfo – stores the IP address and browser user agent of the user’s environment at the time of their last sign-in
  • User interface – the last sign-in information is displayed in the Users application

Name

UserName
FirstName
MiddleName
LastName
FullName
  • UserName – serves as a unique identifier for users, most importantly when signing in (authentication)
    • Saved into the fields of various system objects to identify related users (event log records, staging tasks, security debug logs, etc.)
    • Stored as the value of the authentication cookie
    • Caching – username values are added to the names of cache keys to allow user-specific caching
    • Used when generating preview links to unpublished pages
    • Saved into the security signatures of macro expressions
  • FullName – the full name is automatically composed for each user from the first, middle and last name values (if not directly modified)
  • User interface – displayed throughout the administration interface to identify users
  • Displayed within user-related system emails based on the default email templates
  • Synchronized into the names fields of related customers and contacts (according to mapping configuration)
  • Activities – user names are saved into the titles of logged activities of the User registration and User login types
  • Translation services – submissions for human translation services include an instructions file, which contains the full name of the user who created the submission (by default)
  • Displayed in various system reports
  • Displayed by user-related dashboard widgets (Recent users)

Password

UserPassword

System data

UserID
UserGUID
UserCreated
UserLastModified

  • UserID and UserGUID – used as identifiers within the system

  • UserCreated – the date and time when the user account was created

    • User interface – displayed in the Users application
    • Used to evaluate which non-activated users are automatically deleted based on the Delete non-activated users after (days) setting
    • Displayed by user-related dashboard widgets (Recent users)

  • UserLastModified – timestamp used by the system

User settings – Stored personal data

Data

Column names

Purpose / Description

Contact information

UserPhone
UserSkype
UserIM
  • User interface – displayed in the Users and My profile applications
  • UserPhone – synchronized into the phone number field of related customers

Descriptions

UserDescription
UserPosition
  • User interface – displayed in the Users and My profile applications

Name

UserNickName
  • User interface – displayed as part of user names in various locations in the administration interface

Natural personal data

UserGender
UserDateOfBirth
  • UserGender – stores the gender of the user
  • UserDateOfBirth – used when computing the value of the UserAge macro property for users
  • User interface – displayed in the Users and My profile applications

Password change information

UserPasswordLastChanged
  • Required to calculate the expiration date and time for user passwords

Signature

UserSignature
  • User interface – displayed in the Users and My profile applications

Registration information

UserRegistrationInfo
UserCampaign
UserURLReferrer
UserActivationDate
  • UserRegistrationInfo – stores the IP address and browser user agent of the user’s environment at the time of registration
  • UserCampaign – the name of a specific campaign if the user registered within the context of campaign
  • UserURLReferrer – the URL referrer of the web request during which the user registered (for example may contain the URL of a site from which a visitor arrived)
  • UserActivationDate – the date and time when the user account was activated via email confirmation or administrator approval
  • User interface – the registration information values are displayed when editing users in the Users application

System data

UserSettingsID
  • UserSettingsID – used as an identifier within the system

References to other entities

UserAvatarID
UserSettingsUserID
UserSettingsUserGUID
UserActivatedByUserID
  • UserAvatarID – the user’s avatar
  • UserSettingsUserID and UsersSettingsUserGUID – the user object coupled with the user settings
  • UserActivatedByUserID – the user who approved the given user’s registration (when requiring approval for new users)

Users – Personal data sources

Source

Data flow

Related tables

Authentication

Customers
  • When the name, email address and phone number data of a customer is modified, the system automatically synchronizes the values to the associated user.
  • If the Register customer after first checkout setting is enabled, the system automatically creates new users based on the data of anonymous customers when they complete the order checkout process.
  • Administrators can create new users based on customer data in the Customers application when editing an anonymous customer on the Login details tab. For registered customers, the same interface also allows administrators to change the password for the associated user account.

COM_Customer

Emergency administrator recovery
  • Emergency recovery of administration interface access via the CMSAdminEmergencyReset web.config key can create a new user with the Global administrator privilege level and a specified username and password.

Password change
  • Users can change their password via the administration interface sign-in page (after submitting a password change request with email verification).

Registration

User activation
  • When new users activate their account via email confirmation, the UserActivationDate is automatically set in the user settings.
  • If the system is configured to require approval for new users, the UserActivationDate and UserActivatedByUserID values are automatically set in the user settings when an administrator approves an account in the Users application.

User editing
  • Users with access to the administration interface manually create users or edit user and user settings data in the Users application.
  • Users with access to the administration interface edit their data in the My profile application.

Users – References from entities containing personal data

Entity (Database table)

Column name

Description

Accounts (OM_Account)

AccountOwnerUserID

The user assigned as the owner of the given on-line marketing account.

Activities (OM_Activity)

ActivityItemID

The object related to the logged activity is a user for activities of the User login and User registration type – i.e., when the value of the ActivityType column is userlogin or userregistration .

Contacts (OM_Contact)

ContactOwnerUserID

The user assigned as the owner of the given contact.

Contact membership relationships (OM_Membership)

RelatedID

The user related to a given contact. The table contains records representing relationships between contacts and users/customers.

Records representing user relationships have the value of the MemberType column set to 0.

Customers (COM_Customer)

CustomerUserID

The user related to the customer (for registered customers).

Dashboard widget content (CMS_Personalization)

PersonalizationUserID

The user who created the given dashboard widget content.

Considered as personal data, because the PersonalizationLastModified column of the personalization record contains a timestamp that could be used to track the user’s activity.

Event log records (CMS_EventLog)

UserID

The user who triggered the logged event.

External authentication records (CMS_ExternalLogin)

UserID

The user related to the given external authentication record (for users created as a result of authentication via an external provider).

Media files (Media_File)

FileCreatedByUserID
FileModifiedByUserID

The users who created and last modified the given media file.

Considered as personal data, because the media file record contains timestamps that could be used to track the user’s activity.

Orders (COM_Order)

OrderCreatedByUserID

The user who created the order (for registered customers).

Report subscriptions (Reporting_ReportSubscription)

ReportSubscriptionUserID

The user who created the report subscription.

Shopping carts (COM_ShoppingCart)

ShoppingCartUserID

The user related to the shopping cart (for registered customers).

User settings (CMS_UserSettings)

UserSettingsUserGUID
UserSettingsUserID
UserActivatedByUserID

The user coupled with the given user settings (referenced in the UserSettingsUserID and UserSettingsUserGUID columns).

The user who approved the registration of the given user account (when requiring approval for new users).

Wishlist items (COM_Wishlist)

UserID

The user who added the product to their wishlist.

> Back to table of contents

Web analytic statistics

Database table: Analytics_Statistics

The web analytics feature stores data as statistics representing individual tracked events. Each statistic contains the type of the event and information about the context in which the event occurred (i.e., a related object, site, and culture).

Web analytic statistics – Stored personal data

Web analytics store all types of logged statistics within the Analytics_Statistics database table. The type of each statistic is determined by the value of the StatisticsCode column. For statistics with the browsertype, countries, mobiledevice and urlreferrals StatisticsCode values, the data stored in the additional StatisticsObjectName column could be considered as personal (see the table below).

The default statistics are anonymous and do not contain any references to entities representing a natural person.

Data

Column names

Purpose / Description

Browser type

StatisticsObjectName
  • Displayed in the Browser types report in the Web analytics application
  • Processed and displayed by reports under the Web Analytics -> Browser capabilities -> Browser types category (accessible in the Reporting application)

Country name

StatisticsObjectName
  • Displayed in the Countries report in the Web analytics application
  • Processed and displayed by reports under the Web Analytics -> Countries category (accessible in the Reporting application)

Mobile device type

StatisticsObjectName
  • Displayed in the Mobile devices report in the Web analytics application
  • Processed and displayed by reports under the Web Analytics -> Mobiles devices category (accessible in the Reporting application)

Referring URL

StatisticsObjectName
  • Displayed in the Acquisition reports in the Web analytics application
  • Processed and displayed by reports under the Web Analytics -> Referrals and Referring sites categories (accessible in the Reporting application)

System data

StatisticsID
  • StatisticsID – used as an identifier within the system

References to other entities

StatisticsObjectID
StatisticsSiteID
  • StatisticsObjectID – the object related to the logged statistic. The type of the referenced object depends on the type of the statistic (stored in the StatisticsCode column).

Web analytic statistics – Personal data sources

Source

Data flow

Web analytics
  • The system saves values into the StatisticsObjectName column when logging web analytics for website visitors.

> Back to table of contents

Workflow and automation process steps

Database table: CMS_WorkflowStep

Marketing automation processes and advanced workflows consist of steps, which may in certain cases contain personal data. The most common example are email address values in the From / To parameters of Send email steps.

Workflow and automation process steps – Stored personal data

Data

Column names

Purpose / Description

Step configuration

StepActionParameters
  • Stores the parameter configuration for the step in XML format, which may include personal data in certain cases (e.g. email address values for Send email steps)

System data

StepLastModified
StepID
StepGUID
  • StepLastModified – timestamp used by the system
  • StepID and StepGUID – used as identifiers within the system

Workflow and automation process steps – Personal data sources

Source

Data flow

Step editing
  • Users with access to the administration interface manually enter parameter values for steps in the workflow / process designer interface (within the Workflows or Marketing automation application).

Workflow and automation process steps – References from entities containing personal data

Entity (Database table)

Column name

Description

Automation process history (CMS_AutomationHistory)

HistoryStepID
HistoryTargetStepID

The marketing automation steps related to the history record for a given process. Such history records are logged automatically when automation processes transition between steps. The history record also stores the ID of the user who approved the transition.

Workflow history (CMS_WorkflowHistory)

StepID
TargetStepID

The workflow steps related to the version history record for a given page. Such history records are logged automatically when pages transition between workflow steps. The history record also stores the ID of the user who approved the transition.

Step security settings (CMS_WorkflowStepUser)

StepID

The workflow or automation step which has security settings assigned for specific users. Each record also stores the ID of the assigned user.

> Back to table of contents