This page provides information about personal data stored in Kentico Xperience, as well as the flow of this data and its purpose. You can use the information when analyzing the GDPR compliance of your websites.
Disclaimers
- This page only covers the built-in Xperience functionality. You also need to check any customized functionality for personal data handling.
- This page is provided for informational purposes only and should not be relied upon as legal advice. You can use the information to identify personal data and its flow in the system, and take appropriate measures. However, we recommend consulting with a legally qualified professional to verify that your project complies with the GDPR.
The following is a list of the most important entities in Xperience that hold personal data. For every entity, the page displays up to three sets of data organized into tables. The first table contains a list of data considered as personal according to the GDPR Article 4, Paragraph 1, the corresponding database columns, as well as the purpose of the data. The second table contains a list of sources, describing the flow of personal data in the system. The third table contains information about other entities with personal data that contain a reference to the given entity. The data includes entities, database fields, purposes and sources that might under various conditions manipulate with personal information of natural persons (in the default Xperience functionality). Depending on your usage of features and configuration, parts of the information may not apply to your Xperience project.
Table of contents
Accounts
Database table: OM_Account
Accounts are an on-line marketing entity representing organizations, companies, etc. They allow marketers to categorize contacts based on their affiliations.
Note: Account data can be considered as personal only in cases where the account represents a natural person, not an entire organization (for example individual contractors).
Accounts – Stored personal data
Address | AccountAddress1
AccountAddress2
AccountCity
AccountZIP | User interface - Displayed in the Contact management application
- Displayed by the My accounts dashboard widget
|
Contact information | AccountEmail
AccountFax
AccountPhone | User interface - Displayed in the Contact management application
- Displayed by the My accounts dashboard widget
|
Name | AccountName | User interface - Displayed in the Contact management application
- Displayed by the My accounts dashboard widget
- Displayed in various administration interface locations to identify accounts
May be used for contact segmentation and automated marketing (assigning entire accounts to Contact groups, account actions within Marketing automation) Salesforce – the account name may be used to set the company name when replicating contacts to Salesforce leads
|
System data | AccountCreated
AccountLastModified
AccountGUID
AccountID | - AccountID and AccountGUID – used as identifiers within the system
- AccountCreated and AccountLastModified – timestamps used by the system
|
References to other entities | AccountOwnerUserID
AccountPrimaryContactID
AccountSecondaryContactID
AccountSubsidiaryOfID
AccountCountryID
AccountStateID | - AccountOwnerUserID – user responsible for managing the account
- AccountPrimaryContactID and AccountSecondaryContactID – significant contacts set for the account
- AccountSubsidiaryOfID – a different account of which the given account is a subsidiary
- AccountCountryID – country of the account’s address
- AccountStateID – (federated) state of the account’s address within the given country
|
Accounts – Personal data sources
Account editing | - Users with access to the administration interface manually create or edit accounts in the Contact management application.
- Users who are assigned as account owners can edit the data of accounts using the My accounts dashboard widget.
|
Accounts – References from entities containing personal data
Contact-account relationships (OM_AccountContact) | AccountID | Binding table containing relationships between accounts and the assigned contacts. |
> Back to table of contents
Activities
Database table: OM_Activity
Activities are an on-line marketing entity which represents actions done on the live site by visitors (contacts). The system logs activities of various types, therefore activity records can contain different data based on the activity type. The type of each activity is determined by the value of the ActivityType column in the OM_Activity table.
Activities – Stored personal data
Activity personal data purpose
All activity data collected for contacts can be viewed by users of the administration interface in the activity log (in the Contact management application or displayed on dashboards using the Activities widget). Each activity may contain different data based on its type. For example, user registration activities contain a username in their title, but most other activities do not.
The data of logged activities is also used by the system when evaluating on-line marketing conditions, macro rules and methods (for example for automation process triggers or in scoring rules).
Referring URL | ActivityURLReferrer | - The URL referrer of the web request during which the activity occurred (for example may contain the URL of a site from which a visitor arrived)
|
Title | ActivityTitle | - The activity title contains personal data for the following activity types:
- User login (userlogin) – the full name and email address of the authenticated user
- User registration (userregistration) – the full name and email address of the registered user
|
URL | ActivityURL | - The URL where the activity occurred contains personal data for the following activity types:
- Opened marketing email (newsletteropen) – a tracking link which includes the email address of the recipient
- Opted out from all marketing emails (newsletterunsubscriptionfromall) – an unsubscription link which includes the email address of the recipient
- Unsubscription from a single email feed (newsletterunsubscription) – an unsubscription link which includes the email address of the recipient
|
References to other entities | ActivityContactID
ActivityItemID
ActivityItemDetailID | ActivityContactID – the contact who performed the activity (for all activity types) ActivityItemID – contains references to objects related to the activity. The type of the object is determined by the activity type: - Clicked link in marketing email (newsletterclickthrough) – the email feed related to the email where the link was clicked
- Form submission (bizformsubmit) – the form for which the data record was submitted
- Opened marketing email (newsletteropen) – the email feed related to the opened email
- Opted out from all marketing emails (newsletterunsubscriptionfromall) – the email feed issue where the unsubscription link was clicked
- Purchase (purchase) – the created order
- Subscription to a newsletter (newslettersubscription) – the newsletter (email feed) for which the subscription was added
- Unsubscription from a single email feed (newsletterunsubscription) – the email feed for which the unsubscription occurred
- User login (userlogin) – the user who signed in to the website
- User registration (userregistration) – the registered user
ActivityItemDetailID – contains references to additional objects related to the activity. The type of the object is determined by the activity type: - Clicked link in marketing email (newsletterclickthrough) – the email feed issue where the link was clicked
- Form submission (bizformsubmit) – the specific form data record that was submitted
- Opened marketing email (newsletteropen) – the email feed issue that was opened
- Subscription to a newsletter (newslettersubscription) – the added newsletter subscription
- Unsubscription from a single email feed (newsletterunsubscription) – the email feed issue where the unsubscription link was clicked
|
Activities – Personal data sources
User and visitor actions | - The system logs new activities when users or website visitors perform any of the monitored actions. Activity data is loaded from various types of related entities.
|
Manual editing | - Users with access to the administration interface can manually edit the Title and URL values of logged activities in the Contact management application or using the Activities dashboard widget.
|
> Back to table of contents
Database table: OM_Contact
Contacts are an on-line marketing entity representing website visitors and users. During the first visit of the website, an anonymous contact is created and linked to the current session. If further information is provided by the visitor through various sources, the system updates the contact and adds the information.
Contacts aggregate information about page visitors. This information is further processed by the system and can be used to deduce conclusions, such as marketing prospectiveness, about visitors and customers.
All of the data acquired by contacts may be viewed in the Contact management application.
Address | ContactAddress1
ContactCity
ContactZIP | |
Campaign name | ContactCampaign | |
Email address | ContactEmail | |
Name | ContactFirstName
ContactLastName
ContactMiddleName | |
Natural personal data | ContactBirthday
ContactGender | |
Occupational information | ContactCompanyName
ContactJobTitle | - User interface – displayed in various administration interface locations that contain detailed contact information
- Contact profiling and personalized marketing (Lead scoring, Personas)
- Salesforce
- Mapping to Salesforce data
- Contact export to a third-party Salesforce organization
- ContactCompanyName – used to build reports
|
Phone numbers | ContactMobilePhone
ContactBusinessPhone | - User interface – displayed in various administration interface locations that contain detailed contact information
- Contact profiling and personalized marketing (Lead scoring, Personas)
- ContactBusinessPhone
- Displayed in notification emails
- Building reports
|
System data | ContactCreated
ContactLastModified
ContactGUID
ContactID | - ContactID – used as a unique identifier within the system
- ContactCreated and ContactLastModified – timestamps used by the system
- ContactGUID – used as a unique identifier in the following features:
|
References to other entities | ContactStatusID
ContactCountryID
ContactStateID
ContactPersonaID
ContactOwnerUserID
ContactSalesForceLeadID | - ContactStatusID – marketing status of the contact
- ContactCountryID – country of the contact’s address
- ContactStateID – (federated) state of the contact within the given country
- ContactPersonaID – persona to which the contact is assigned
- ContactOwnerUserID – user responsible for managing the contact
- ContactSalesForceLeadID – identifier of a third-party Salesforce entity matching the contact
|
Campaigns | - When a contact is created within the context of a specific campaign, the campaign’s name is saved into the contact’s data.
| |
Contact editing | - Users with access to the administration interface manually create or edit contacts in the Contact management application.
| |
Contact import | | |
Customers | - When a customer is created or updated, the system transmits data to contact fields according to mapping configuration.
- Update of account details and processing of information obtained from the purchase order creates user relationships and updates the contact’s properties.
- Billing or shipping addresses used in a customer’s orders are saved into the address fields of the corresponding contact.
| COM_Customer |
Forms | | Separate database table generated for each form. |
Geolocation | - If enabled, the Geolocation feature can update the contact’s properties based on the visitor’s IP address.
| |
Personas | - Updates of personas or contact scores trigger a re-evaluation of personas and assign contacts to the corresponding personas.
| |
Subscribers | - When a subscriber is created or updated, the system transmits data to contact fields according to mapping configuration.
- Subscription to newsletters saves the given first name and last name into the contact.
- Subscription to newsletters without double opt-in and access to approval pages updates the contact’s properties.
| Newsletter_Subscriber |
Users | - When a user is created or updated, the system transmits data to contact fields according to mapping configuration.
- Retrieval of contact information from the login or register activity, submission of forms in the My profile application creates user relationships and updates the contact’s properties.
| CMS_User |
Accounts (OM_Account) | AccountPrimaryContactID
AccountSecondaryContactID | Primary and secondary contacts set for accounts. |
Activities (OM_Activity) | ActivityContactID | The contact who performed the given activity. |
Contact membership relationships (OM_Membership) | ContactID | The contact related to a user/customer. The table contains records representing relationships between contacts and users/customers. |
Contact-account relationships (OM_AccountContact) | ContactID | Binding table containing relationships between accounts and the assigned contacts. The optional role of the contact in the account is stored in the ContactRoleID column, which references a role from the OM_ContactRole database table. |
Marketing automation states (CMS_AutomationState) | StateObjectID | The contact related to the given state of a marketing automation process. The type of the referenced object is stored in the StateObjectType column (the value is om.contact for contacts). |
Queued marketing emails (Newsletter_Emails) | EmailContactID | The contact who is the email recipient. |
Shopping carts (COM_ShoppingCart) | ShoppingCartContactID | The contact related to the shopping cart. The system uses the reference to track abandoned shopping carts. |
> Back to table of contents
Database table: OM_Score
Scoring is an on-line marketing feature that evaluates each contact based on their profile information and activity on the website. Score definitions can store an email address, which is used to send notification emails when a contact reaches a specified score value.
Email address | ScoreNotificationEmail | - Email engine – the system sends notification emails to the given address when a contact reaches a certain score value (specified in the ScoreEmailAtScore column)
- User interface – displayed in the Scoring application
|
System data | ScoreID
ScoreGUID
ScoreLastModified | - ScoreID and ScoreGUID – identifiers used within the system
- ScoreLastModified – timestamp used by the system
|
Score editing | - Users with access to the administration interface manually edit notification address values for scores in the Scoring application.
|
> Back to table of contents
E-commerce – Customers
Database table: COM_Customer
Customers are an e-commerce entity representing users who make purchases on the website. Every completed order is linked with a specific customer. Customers can either be anonymous (created for one specific order) or registered (linked with a user account).
Customer data is required to process orders and payments, and maintain e-commerce records.
Note: For registered customers, the system automatically synchronizes name, email address and phone number data with the corresponding user account. The synchronization works in both directions whenever changes occur for the related entity.
Customers – Stored personal data
Company information | CustomerCompany
CustomerOrganizationID
CustomerTaxRegistrationID | - User interface – displayed as part of customer information in various administration interface locations:
- Customers application
- Orders application
- Contact management application
- Orders dashboard widget
- Customer selection dialogs
- Used to set the AddressPersonalName field for the customer’s company addresses
- Used to prefill customer values during checkout for existing customers
- Displayed in E-commerce reports
- CustomerTaxRegistrationID – used to exempt customers from tax (for tax classes that have the Zero tax if tax ID is supplied flag enabled)
|
Email address | CustomerEmail | - Email engine – sending e-commerce email notifications to customers
- User interface – displayed as part of customer information in various administration interface locations:
- Customers application
- Orders application
- Contact management application
- Orders dashboard widget
- Customer selection dialogs
- Saved into the email address field of related users and contacts representing customers (according to mapping configuration)
- Saved into the username field of new user objects when registering customers, if a separate username value is not set
- Used to validate the uniqueness of email addresses when registering customers
- Sent to third-party payment gateways when performing payment transactions
- Used to prefill customer values during checkout for existing customers
- Displayed in E-commerce reports
|
Fax | CustomerFax | - Not displayed or processed by default.
|
Name | CustomerFirstName
CustomerLastName | - User interface – displayed as part of customer information in various administration interface locations:
- Customers application
- Orders application
- Contact management application
- Orders dashboard widget
- Customer selection dialogs
- Saved into the name fields of related users and contacts representing customers (according to mapping configuration)
- Used to set the AddressPersonalName field for the customer’s billing and shipping addresses
- Sent to third-party payment gateways when performing payment transactions
- Displayed in E-commerce reports
|
Phone number | CustomerPhone | - User interface – displayed when editing customers in the Customers application
- Saved into the phone number field of related users and contacts representing customers (according to mapping configuration)
- Prefilled as the default phone value for the customer’s addresses
- Sent to third-party payment gateways when performing payment transactions
- Displayed in E-commerce reports
|
System data | CustomerID
CustomerGUID
CustomerCreated
CustomerLastModified | - CustomerID and CustomerGUID – used as identifiers within the system
- CustomerCreated and CustomerLastModified – timestamps used by the system
|
References to other entities | CustomerUserID
CustomerSiteID | - CustomerUserID – the user related to the customer (for registered customers)
- CustomerSiteID – the site on which the customer was created (only for anonymous customers)
|
Customers – Personal data sources
Order checkout | - Customers submit data when checking out orders on the live site. For new customers, the system creates the customer object when the visitor inputs valid data into the customer form and moves to the next checkout step.
| |
Customer editing | - Users with access to the administration interface manually edit customer data in the Customers application.
- Users with access to the administration interface can add new customers while manually creating orders in the Orders application.
| |
Users | - When the name, email address and phone number data of a user account is modified, the system automatically transfers the values to all customer objects associated with the given user.
| CMS_User
CMS_UserSettings |
Customers – References from entities containing personal data
Contact membership relationships (OM_Membership) | RelatedID | The customer related to a given contact. The table contains records representing relationships between contacts and users/customers. Records representing customer relationships have the value of the MemberType column set to 1. |
Customer addresses (COM_Address) | AddressCustomerID | The customer related to the address. |
Customer credit events (COM_CustomerCreditHistory) | EventCustomerID | The customer for which the customer credit record was logged. |
Orders (COM_Order) | OrderCustomerID | The customer who created the order. |
Shopping carts (COM_ShoppingCart) | ShoppingCartCustomerID | The customer who created the shopping cart. |
> Back to table of contents
E-commerce – Customer addresses
Database table: COM_Address
The system stores various types of addresses (billing, shipping or company) for Customers who make purchases on the website. The addresses are required to process orders and payments, deliver order shipments, and maintain e-commerce records.
Customer addresses – Stored personal data
Address | AddressCity
AddressLine1
AddressLine2
AddressName
AddressZip | - Used to process e-commerce orders (billing, shipping and company addresses). Automatically saved into the address values of created orders.
- Billing addresses are sent to third-party payment gateways when performing payment transactions.
- Billing address values are saved into the address fields of contacts representing customers.
- User interface – displayed in the Customers application under the Addresses tab.
|
Name | AddressPersonalName | - Labels addresses with the customer’s name for easier identification
- User interface – displayed in the Customers application under the Addresses tab
|
Phone number | AddressPhone | - Saved into the mobile phone field of contacts representing customers.
- User interface – displayed in the Customers application under the Addresses tab
|
System data | AddressID
AddressGUID
AddressLastModified | - AddressID and AddressGUID – used as identifiers within the system
- AddressLastModified – timestamp used by the system
|
References to other entities | AddressCustomerID
AddressCountryID
AddressStateID | - AddressCustomerID – the customer related to the address
- AddressCountryID – country of the customer address
- AddressStateID – (federated) state within the given country
|
Customer addresses – Personal data sources
Order checkout | - Customers submit billing/shipping address data when checking out orders.
- The AddressName value is a summary, automatically composed from the other address data fields.
- When creating addresses, the customer’s name is saved into the AddressPersonalName field.
|
Address editing | - Users with access to the administration interface manually edit customer addresses in the Customers application.
- Customers edit their address data on the live site.
|
Customer addresses – References from entities containing personal data
Shopping carts (COM_ShoppingCart) | ShoppingCartBillingAddressID
ShoppingCartShippingAddressID
ShoppingCartCompanyAddressID | The billing, shipping and company addresses specified for the given shopping cart. The billing address is always required for completed shopping carts, the shipping and company addresses are optional. |
> Back to table of contents
E-commerce – Orders
Database table: COM_Order
Orders represent purchases that customers make on e-commerce websites. Typically, customers create orders on the live site by going through a checkout process. Users with access to the administration interface can also edit or create orders in the Orders application.
Order data is required to process orders and payments, generate invoices, and maintain e-commerce records.
The order entity can be used to obtain information about the products purchased by specific customers (when combined with the data of the related order items).
Orders – Stored personal data
Date and time | OrderDate | - The date and time when the customer placed the order
- Used by the system when recalculating existing orders (for example to evaluate discount validity)
- User interface – displayed in the Orders application and by the Orders dashboard widget
|
Invoice | OrderInvoice | - Stores the full HTML code of the invoice for the order. May contain personal data of the related customer.
- User interface – displayed in the Orders application
|
Payment data | OrderPaymentResult | |
User input | OrderNote | - Stores the text of notes that customers add to their purchase during the checkout process
- Can be included in e-commerce email notifications
- May be sent to third-party payment gateways when performing payment transactions
- User interface – displayed in the Orders application and by the Orders dashboard widget
|
Tracking number | OrderTrackingNumber | - User interface – displayed in the Orders application and by the Orders dashboard widget
- Can be displayed on the live site
|
System data | OrderID
OrderGUID
OrderLastModified | - OrderID and OrderGUID – used as identifiers within the system. The OrderID value is used to generate invoice numbers by default.
- OrderLastModified – timestamp used by the system
|
References to other entities | OrderCustomerID
OrderCreatedByUserID | - OrderCustomerID – the customer who created the order
- OrderCreatedByUserID – the user who created the order (for registered customers)
|
Orders – Personal data sources
Invoice template | - The system generates the invoice for orders according to a template defined in the Store configuration or Multistore configuration application (when creating new orders or if an administrator re-generates an invoice in the Orders application).
| |
Order editing | - Users with access to the administration interface manually edit or create orders in the Orders application.
| |
Payment options | - The system’s payment gateways set the payment data for orders when processing payments.
| |
Shopping carts | - When a customer completes checkout on the live site, the system automatically creates a new order based on the customer’s shopping cart. Transfers information, such as the order note.
| COM_ShoppingCart |
Orders – References from entities containing personal data
Activities (OM_Activity) | ActivityItemID | The object related to the logged activity is an order for activities of the Purchase type – i.e., when the value of the ActivityType column is purchase . |
Order items (COM_OrderItem) | OrderItemOrderID | The order containing the given order item (product). |
Order status changes (COM_OrderStatusUser) | OrderID | The order whose status was changed. The COM_OrderStatusUser table tracks changes in statuses for orders. The ChangedByUserID column of this table can be used to connect the order with a user (the administrator who performed the order status change). |
Customer credit events (COM_CustomerCreditHistory) | EventName | The text values stored in the EventName column of customer credit records may contain the ID of the related order. |
> Back to table of contents
E-commerce – Order items
Database table: COM_OrderItem
Every order item represents one or more units of a given product within an Order created by a customer. Order items can either be standard products, product variants, or product options that were purchased together with another product.
Order item data is required to process orders and payments, generate invoices, and maintain e-commerce records.
Order items do not directly contain any personal data, but can be used to obtain information about the products purchased by specific customers (when combined with the data of the related order).
Order items – Stored personal data
References to other entities | OrderItemSKUID
OrderItemOrderID | Each item stores a reference to the related product and order Processed by the system when calculating and evaluating orders (total prices, shipping, discounts, etc.) Used to display the products contained within orders: Order items are sent to certain third-party payment gateways when performing payment transactions
|
Order items – Personal data sources
Order editing | - Users with access to the administration interface can add, remove or update order items in the Orders application (only for orders that have not been paid yet).
| |
Shopping cart items | - When a customer completes checkout on the live site, the system automatically creates order items for the new order based on the customer’s shopping cart.
| COM_ShoppingCartSKU |
> Back to table of contents
E-commerce – Order addresses
Database table: COM_OrderAddress
The system stores various types of addresses (billing, shipping or company) for Orders. The addresses are required to process orders and payments, generate invoices, deliver order shipments, and maintain e-commerce records.
Order addresses – Stored personal data
Address | AddressCity
AddressLine1
AddressLine2
AddressZip | - Used to process orders (billing, shipping and company addresses)
- Billing addresses are sent to third-party payment gateways when performing payment transactions
- User interface – displayed in the Orders application when editing orders on the Shipping and Billing tabs
- Displayed in order invoices ande-commerce email notifications (by default)
|
Name | AddressPersonalName | - Labels addresses with the customer’s name for easier identification
- User interface – displayed in the Orders application when editing orders on the Shipping and Billing tabs
- Displayed in order invoices ande-commerce email notifications (by default)
|
Phone number | AddressPhone | - User interface – displayed in the Orders application when editing orders on the Shipping and Billing tabs
|
System data | AddressID
AddressGUID
AddressLastModified
AddressType | - AddressID and AddressGUID – used as identifiers within the system
- AddressLastModified – timestamp used by the system
- AddressType – indicates whether the address is a billing, shipping or company address for the related order.
|
References to other entities | AddressCountryID
AddressStateID
AddressOrderID | - AddressCountryID – country of the order address
- AddressStateID – (federated) state within the given country
- AddressOrderID – the order where the address is used (a single order can have multiple related addresses, each with a different AddressType – billing, shipping or company)
|
Order addresses – Personal data sources
Customer addresses | - When a customer completes checkout on the live site, the system automatically creates order addresses based on the customer’s shopping cart and the data of the referenced customer addresses.
| COM_Address |
Address editing | - Users with access to the administration interface manually edit order addresses in the Orders application.
| |
> Back to table of contents
Database table: COM_ShoppingCart
Customers purchase products by browsing the website and adding items to their shopping cart. The system stores the shopping cart of each customer until they complete the checkout process, or until the cart is abandoned and cleared. When a customer completes checkout, the system automatically converts the given shopping cart into an order and then deletes the cart.
The shopping cart entity can be used to obtain information about the products in which specific users or customers were interested (when combined with the data of the related shopping cart items).
User input | ShoppingCartNote | - Stores the text of notes that customers can add to their purchase during the checkout process
- When the customer completes checkout, the system copies the shopping cart note into the resulting order
|
System data | ShoppingCartID
ShoppingCartGUID
ShoppingCartLastUpdate | - ShoppingCartID and ShoppingCartGUID – used as identifiers within the system
- ShoppingCartLastUpdate – timestamp used by the system
|
References to other entities | ShoppingCartBillingAddressID
ShoppingCartShippingAddressID
ShoppingCartCompanyAddressID ShoppingCartContactID
ShoppingCartCustomerID
ShoppingCartUserID | - ShoppingCartBillingAddressID, ShoppingCartShippingAddressID, ShoppingCartCompanyAddressID – the customer address used for the shopping cart’s billing, shipping or company address respectively. The billing address is always required for completed shopping carts, the shipping and company addresses are optional.
- ShoppingCartContactID – the contact related to the shopping cart. The system uses the reference to track abandoned shopping carts (logging of activities of the Shopping cart abandoned type).
- ShoppingCartCustomerID – the customer who created the shopping cart.
- ShoppingCartUserID – the user related to the shopping cart (for registered customers).
|
Product catalog | - The system automatically creates shopping carts for customers when they add the first product to their cart.
|
Order checkout | - Shopping cart addresses are assigned by customers when checking out orders.
- Customers can input a note when checking out orders.
|
Shopping cart items (COM_ShoppingCartSKU) | ShoppingCartID | The shopping cart containing the given shopping cart item (product). |
> Back to table of contents
Database table: COM_ShoppingCartSKU
Customers purchase products by browsing the website and adding items to their shopping cart. Every item represents one or more units of a given product. Shopping cart items can either be standard products, product variants, or product options that were purchased together with another product.
Shopping cart items do not directly contain any personal data, but can be used to obtain information about the products in which specific customers were interested (when combined with the data of the related shopping cart).
The system automatically deletes all items together with the related shopping cart when it is converted into an order upon successful checkout, or after it is abandoned and cleared.
References to other entities | SKUID
ShoppingCartID | - Each item stores a reference to the related product and shopping cart
- Activities – activities of the Product added to shopping cart and Product removed from shopping cart types are logged when shopping cart items are created or removed
- Used to display shopping cart content on the website
- The system creates the content of orders based on shopping cart items when the customer completes the checkout process
|
Product catalog | - The system automatically creates shopping cart items when a customer adds a product to their shopping cart on the live site.
|
> Back to table of contents
E-commerce – Suppliers
Database table: COM_Supplier
E-commerce sites can store objects representing suppliers of products. Supplier data can be considered as personal only in cases where the supplier is a natural person.
Suppliers – Stored personal data
Contact information | SupplierEmail
SupplierFax
SupplierPhone | - User interface – displayed in the Suppliers application
- Can be displayed on the live site (for example in product details)
|
Name | SupplierDisplayName
SupplierName | - User interface – displayed in the Suppliers application and when editing products in the Products or Pages application
- Can be displayed on the live site (for example in product details)
|
System data | SupplierID
SupplierGUID
SupplierLastModified | - SupplierID and SupplierGUID – used as identifiers within the system
- SupplierLastModified – timestamp set by the system
|
Suppliers – Personal data sources
Suppliers | - Users with access to the administration interface manually create suppliers in the Suppliers application or directly from product editing forms (in the Products or Pages application).
|
Suppliers – References from other entities
Products (COM_SKU) | SKUSupplierID | The supplier specified for the given product. |
> Back to table of contents
E-commerce – Wishlist items
Database table: COM_Wishlist
Wishlist items are records representing relationships between products and users. Each record means that a user (customer) has added a given product to their wishlist on an e-commerce website. Wishlists are only available for customers who are registered as users.
Wishlist items – Stored personal data
References to other entities | SKUID
UserID | - Each item stores a reference to the product that was added to the wishlist and the related user
- Activities – activities of the Product added to wishlist type are logged when wishlist items are created
|
Wishlist items – Personal data sources
Wishlist | - The system automatically creates wishlist items when a registered customer adds a product to their wishlist on the live site.
|
> Back to table of contents
Emails
Database table: CMS_Email
The system stores records of sent emails according to the settings configured in the System -> Emails category of the Settings application. This includes:
- Queued emails that are waiting to be sent to the SMTP server for mail out
- Emails whose sending failed
- Archived emails that were successfully sent (stored for a limited number of days)
For more information, see Sending emails.
Emails – Stored personal data
Email address | EmailFrom
EmailTo
EmailCc
EmailBcc
EmailReplyTo | - Email engine – used to fill the email address header fields for emails sent by the system
- User interface – displayed in the Email queue application
|
Email content | EmailBody
EmailPlainTextBody
EmailSubject | - Email engine – used in the subject and content of emails sent by the system. May contain personal data depending on the type of the email.
- User interface – displayed in the Email queue application
|
System data | EmailID
EmailGUID
EmailCreated
EmailLastModified
EmailLastSendAttempt
EmailLastSendResult | - EmailID and EmailGUID – identifiers used within the system
- EmailCreated, EmailLastModified and EmailLastSendAttempt – timestamps used by the system
- EmailLastSendResult – displayed in the Email queue application
- For emails whose sending failed, stores error messages that may in some cases contain related email address values
|
References to other entities | EmailSiteID
EmailHeaders | - EmailSiteID – the site for which the email was sent (0 for global emails)
- EmailHeaders – custom email message headers that may contain references to related entities for certain types of emails (for example contact or subscriber identifiers)
|
Emails – Personal data sources
Administration interface | - Various applications in the system provide an interface for sending emails or configuring email parameters. The input is then used to set the email address values and content of the given emails.
|
Email templates | - Automated emails sent by the system load their email address values and content from Email templates.
|
Settings | - Various settings configured by administrators are used to set the From and To addresses of sent emails.
|
SMTP servers | - When sending of emails fails on the side of the used SMTP server, third-party error messages are saved into the EmailLastSendResult field (may contain email address values).
|
User entities | - For emails related to user entities within the system (users, contacts, customers, etc.), the system automatically:
- Sets From and To addresses based on the corresponding email address values stored for the given entity.
- Saves the identifier referencing the given entity into the email’s EmailHeaders field.
|
> Back to table of contents
Email feeds
Database table: Newsletter_Newsletter
Email feeds are an on-line marketing entity representing a newsletter or an email campaign. Email feeds are managed in the Email marketing application.
Email feeds – Stored personal data
Email address | NewsletterSenderEmail | - User interface – displayed in the Email marketing application
- Used as the sender address of the feed’s marketing emails and automatic subscription status notifications
|
Name | NewsletterSenderName | - User interface – displayed in the Email marketing application
- Used as the sender of the feed’s marketing emails and automatic subscription status notifications
|
System data | NewsletterID
NewsletterGUID
NewsletterLastModified | - NewsletterID and NewsletterGUID – used as identifiers within the system
- NewsletterLastModified – timestamp used by the system
|
Email feeds – Personal data sources
Email marketing | - Users with access to the administration interface manually submit the name and email address of the sender in the Email marketing application.
|
Campaigns | - Users with access to the administration interface manually submit the name and email address of the sender in the Campaigns application.
|
Email feeds – References from entities containing personal data
Activities (OM_Activity) | ActivityItemID | The object related to the logged activity is an email feed for activities of the Clicked link in marketing email , Opened marketing email, Subscription to a newsletter and Unsubscription from a single email feed types – i.e., when the value of the ActivityType column is newsletterclickthrough , newsletteropen , newslettersubscription or newsletterunsubscription. |
Email feed issues (Newsletter_Issue) | IssueNewsletterID | Email feed related to the given issue. |
Email feed unsubscriptions (Newsletter_Unsubscription) | UnsubscriptionNewsletterID | Email feed from which the given email address is unsubscribed. |
> Back to table of contents
Email feeds – Issues
Database table: Newsletter_NewsletterIssue
Email feed issues represent individual emails related to an email feed. An email feed may contain multiple issues which can be viewed on the Emails tab of the email feed in the Email marketing application.
Issues – Stored personal data
Email address | IssueSenderEmail | - User interface – displayed in Email marketing application
- Used as the sender address of marketing emails
|
Name | IssueSenderName | - User interface – displayed in Email marketing application
- Used as the sender of marketing emails
|
System data | IssueID
IssueGUID
IssueLastModified
IssueMailoutTime | - IssueID and IssueGUID – identifiers used within the system
- IssueLastModified and IssueMailoutTime – timestamps used by the system
|
References to other entities | IssueNewsletterID
IssueVariantOfIssueID | - IssueNewsletterID – email feed to which the issue is related
- IssueVariantOfIssueID – the original issue for emails that are A/B testing variants
|
Issues – Personal data sources
Email feeds | - When issues are created, the sender name and email address are preloaded from the related email feed.
| Newsletter_Newsletter |
Email marketing application | - Users with access to the administration interface manually submit the name and email address of the sender in the Email marketing application.
| |
Issues – References from entities containing personal data
Activities (OM_Activity) | ActivityItemID | The object related to the logged activity is an email feed issue for activities of the Opted out from all marketing emails type – i.e., when the value of the ActivityType column is newsletterunsubscriptionfromall. |
Activities (OM_Activity) | ActivityItemDetailID | The additional object related to the logged activity is an email feed issue for activities of the Clicked link in marketing email , Opened marketing email and Unsubscription from a single email feed types – i.e., when the value of the ActivityType column is newsletterclickthrough , newsletteropen or newsletterunsubscription. |
Email feed unsubscription (Newsletter_Unsubscription) | UnsubscriptionFormIssueID | The email feed issue from which the given email address is unsubscribed. |
Queued marketing emails (Newsletter_Emails) | EmailNewsletterIssueID | The issue related to the given queued email item. Queued emails are temporary objects created by the system when sending emails to individual recipients. |
Opened emails (Newsletter_OpenedEmail) | OpenedEmailIssueID | The issue related to the email open record. |
> Back to table of contents
Email feeds – Clicked links
Database table: Newsletter_ClickedLink
The Clicked link entity represents user actions of opening links in received marketing emails. Multiple clicks may be registered for the same email recipient and link if the user clicks the link multiple times. The purpose of this entity is to track how recipients react to marketing emails.
Clicked links – Stored personal data
Email address | ClickLinkEmail | - User interface – displayed in the Email marketing application in the Clicks report of individual emails
- Matching clicked links to contacts – used for displaying contact demographic insights when viewing click details in the Overview report of individual emails in the Email marketing application
|
System data | ClickedLinkID
ClickedLinkGUID
ClickedLinkTime | - ClickedLinkID and ClickedLinkGUID – identifiers used by the system
- ClickedLinkTime – stores the time when the link was clicked, but the system does not display or process the value by default (the column is obsolete)
|
References to other entities | ClickedLinkNewsletterID | - ClickedLinkNewsletterID – the email feed issue where the link was clicked
|
Clicked links – Personal data sources
Clicked links | - New clicked links are registered and stored when a recipient clicks a link in a marketing email, including the recipient’s email address.
|
> Back to table of contents
Email feeds – Opened emails
Database table: Newsletter_OpenedEmail
The Opened email entity represents user actions of opening received marketing emails. The purpose of this entity is to track how users react to marketing emails.
Opened emails – Stored personal data
Email address | OpenedEmailEmail | - User interface – displayed in the Email marketing application in the Opens report of individual emails
- Matching opened emails to contacts – used for displaying contact demographic insights when viewing open details in the Overview report of individual emails in the Email marketing application
|
System data | OpenedEmailD
OpenedEmailGUID
OpenedEmailTime | - OpenedEmailID and OpenedEmailGUID – identifiers used by the system
- OpenedEmailTime – displayed in the Email marketing application in the Opens report of individual emails
|
References to other entities | OpenedEmailIssueID | - OpenedEmailIssueID – the related email issue
|
Opened emails – Personal data sources
Opened marketing emails | - New opened emails are logged when a recipient opens an email in their email client for the first time, or when they click a link within the email. The saved data includes the recipient’s email address and the open time.
|
> Back to table of contents
Email feeds – Newsletter subscriptions
Database table: Newsletter_Subscriber
Newsletter subscriptions represent contacts or entire contacts groups who are subscribed to receive newsletters.
Newsletter subscriptions – Stored personal data
Email address | SubscriberEmail | - User interface – displayed in the Email marketing application
- Can be displayed within the content of marketing emails
|
Name | SubscriberFirstName
SubscriberLastName
SubscriberFullName | - User interface – displayed in the Email marketing application
- Can be displayed within the content of marketing emails
|
System data | SubscriberID
SubscriberGUID
SubscriberLastModified | - SubscriberID and SubscriberGUID – identifiers used within the system
- SubscriberLastModified – timestamp used by the system
|
References to other entities | SubscriberRelatedID
SubscriberType | - SubscriberRelatedID – the subscribed contact or contact group object
- SubscriberType – specifies the type of the subscribed object (contact or contact group)
- Together both fields reference a contact or contact group, which is used to:
- Get the recipient addresses when sending marketing emails
- Provide information about the newsletter subscriptions of contacts/users in various parts of the administration interface
|
Newsletter subscriptions – Personal data sources
Subscription | Data of newsletter subscriptions is created or updated when: - Users or anonymous visitors fill in a newsletter subscription form on the live site.
- Authenticated users manage their newsletter subscriptions (using the Users or My profile applications in the administration interface).
- Users with access to the administration interface manually subscribe a contact to a newsletter in the Email marketing or Users application.
| |
Contacts | The system automatically updates email address and name data of subscriptions when the related contact is updated (from any source). | OM_Contact |
Newsletter subscriptions – References from entities containing personal data
Activities (OM_Activity) | ActivityItemDetailID | The additional object related to the logged activity is a newsletter subscription for activities of the Subscription to a newsletter type – i.e., when the value of the ActivityType column is newslettersubscription. |
Queued marketing emails (Newsletter_Emails) | EmailSubscriberID | Subscription related to the given queued email item. Queued emails are temporary objects created by the system when sending emails to individual recipients. |
> Back to table of contents
Email feeds – Unsubscriptions
Database table: Newsletter_Unsubscription
Email feed unsubscriptions represent email addresses that are opted out from receiving newsletters and email campaigns. Unsubscriptions can either be for a specific email feed or all feeds in the system.
Unsubscriptions – Stored personal data
Email address | UnsubscriptionEmail | - User interface – displayed in the Email marketing application:
- On the Opt-out list tab
- In the Contact loss details of marketing email reports
- Matching opted out email addresses to contacts – used to evaluate and display the “Receiving marketing email” status of contacts
|
System data | UnsubscriptionID
UnsubscriptionGUID
UnsubscriptionCreated | - UnsubscriptionID and UnsubscriptionGUID – identifiers used by the system
- UnsubscriptionCreated – timestamp, displayed in the Email marketing application
|
References to other entities | UnsubscriptionNewsletterID
UnsubscriptionFromIssueID | - UnsubscriptionNewsletterID – email feed from which the email address is unsubscribed (if the unsubscription is not for all email feeds)
- UnsubscriptionFromIssueID – the specific email feed issue from which the recipient unsubscribed (only for unsubscriptions created via unsubscription links in marketing emails)
|
Unsubscriptions – Personal data sources
Marketing emails | - New email feed unsubscriptions are created when recipients click unsubscription links in the content of marketing emails.
|
Email marketing application | - Users with access to the administration interface manually add or edit email addresses in the opt-out list in the Email marketing application.
|
> Back to table of contents
Email feeds – Queued emails
Database table: Newsletter_Emails
When a user in the administration interface initiates the sending of a marketing email issue, the system generates a sending queue of emails, with separate records for individual recipients. The queued emails are deleted immediately after sending is successfully finished.
Queued emails – Stored personal data
Email address | EmailAddress | |
System data | EmailID
EmailGUID | - EmaiIID and EmailGUID – identifiers used within the system
|
References to other entities | EmailNewsletterIssueID
EmailSubscriberID
EmailContactID | - EmailNewsletterIssueID – the related email feed issue
- EmailSubscriberID – the related email feed subscription
- EmailContactID – the related contact (recipient)
|
Queued emails – Personal data sources
Contact | When generating queued emails, the system retrieves the recipient email address from the contact referenced by the EmailContactID column. | OM_Contact |
> Back to table of contents
Email templates
Database table: CMS_EmailTemplate
The system sends automatic emails for various purposes, such as password reset emails, workflow notifications, etc. The content of such emails is based on Email templates, which can also store email address values used for sender, copy and reply-to addresses.
Email templates – Stored personal data
Email address | EmailTemplateFrom
EmailTemplateCc
EmailTemplateBcc
EmailTemplateReplyTo | - Email engine – used to fill the email address header fields (sender, copy, reply-to) for emails based on templates. Typically sent automatically by the system.
- User interface – displayed in the Email templates application
|
System data | EmailTemplateID
EmailTemplateGUID
EmailTemplateLastModified | - EmaiITemplateID and EmailTemplateGUID – identifiers used within the system
- EmailTemplateLastModified – timestamp used by the system
|
Email templates – Personal data sources
Email template editing | - Users with access to the administration interface manually edit email address values for templates in the Email templates application.
|
> Back to table of contents
Event log records
Database table: CMS_EventLog
The system automatically creates records within an Event log to keep track of errors and many types of events. The event log helps administrators and developers find sources of problems, identify potential security threats, and monitor the behavior of the system.
Event log records – Stored personal data
Event log personal data purpose
All types of data stored within event log records can be used by the system in the following ways (depending on the configuration of settings):
- Displayed in the Event log application
- Displayed on dashboards by the EventLog widget
- Sent within error notification emails (for error events)
- Saved into the CMS\App_Data\logEvents.log file on the server’s file system
- Logged into the Windows Event Viewer on the server’s operating system
Browser user agent | EventUserAgent | - User agent providing information about the browser and operating system of the user or visitor who triggered the event
|
Event details | EventDescription | - A detailed description of the event, which may contain personal data in certain cases. For example, if the Log metadata changes setting is enabled, the system logs events for all updates of objects, including the values of the modified object fields. If the given object field contains personal data, the values are stored in the description of the corresponding event.
|
IP address | IPAddress | - The IP address of the user or visitor who triggered the event
|
Referring URL | EventUrlReferrer | - The URL referrer of the web request during which the event occurred (for example may contain the URL of a site from which a visitor arrived)
|
User name | UserName | - The user name of the user that triggered the event
|
System data | EventTime
EventID | - EventTime – timestamp identifying when the event occurred
- EventId – used as an identifier within the system
|
References to other entities | SiteID
UserID | - SiteID – the site on which the event occurred
- UserID – the user who triggered the event
|
Event log records – Personal data sources
System activity and user actions | The system logs events based on user actions or automated processes. Not all types of personal data are logged for all events. Events that are not directly triggered by a user’s web request do not contain any of the user-related data. Events that do not occur within the context of a specific site are global and do not reference a site, etc. |
> Back to table of contents
Object version history
Database table: CMS_ObjectVersionHistory
Many types of objects in the system support versioning. If enabled, the system creates and stores separate versions of these objects when they are edited and saved. Object versions are also created when objects are deleted to the recycle bin. The recycle bin functionality can include objects that do not otherwise support versioning (for example personal data entities, such as users).
Every object version record stores all data of the original object in XML format, so any personal data contained in the given object is also stored in the version history. Users in the administration interface can restore objects from the recycle bin, or roll objects back to previous versions.
Object version history – Stored personal data
Object data | VersionXML | Contains all data of the versioned or deleted object in XML format Allows the system to restore deleted objects from the recycle bin, compare different versions of an object’s history, or roll objects back to older versions User interface – used and displayed in the following locations: - On the Versions tab when editing an object that supports versioning (see supported object types)
- In the Recycle bin application on the Objects tab
- By the Object recycle bin dashboard widget
|
Object name | VersionObjectDisplayName | Identifies the original object related to the version history record May contain personal data for certain types of objects (for example a user name for user objects in the recycle bin) User interface – displayed in the following locations: - In the Recycle bin application on the Objects tab
- The Object recycle bin dashboard widget
|
System data | VersionID
VersionModifiedWhen
VersionDeletedWhen | - VersionID – used as an identifier within the system
- VersionModifiedWhen – stores the time when the versioned object was modified
- VersionDeletedWhen – stores the time when the object was deleted to the recycle bin
|
References to other entities | VersionModifiedByUserID
VersionDeletedByUserID
VersionObjectSiteID
VersionObjectID
VersionObjectType | - VersionModifiedByUserID – the user who modified the versioned object
- VersionDeletedByUserID – the user who deleted the object to the recycle bin
- VersionObjectSiteID – the site to which the versioned or deleted object belongs
- VersionObjectID and VersionObjectType – these two columns together reference the object to which the version history data belongs. VersionObjectType stores the type of the referenced object and VersionObjectID holds the identifier of a specific object.
|
Object version history – Personal data sources
Modification of versioned objects | - Users in the administration interface update and save an object for which versioning is enabled, and the system creates a new record in the object’s version history.
|
Deleting of objects to the recycle bin | - Users in the administration interface (or scheduled/automated processes) delete an object, and the system creates a new object version history record for the recycle bin.
|
> Back to table of contents
Report subscriptions
Database table: Reporting_ReportSubscription
Report subscriptions represent relationships between subscribed users and reports.
Report subscriptions – Stored personal data
Email address | ReportSubscriptionEmail | - Reporting
- Used to send emails containing report data
- Displayed in the list of subscriptions for each report in the Reporting application
|
System data | ReportSubscriptionLastModified
ReportSubscriptionID
ReportSubscriptionGUID | - ReportSubscriptionLastModified – timestamp used by the system
- ReportSubscriptionID and ReportSubscriptionGUID – used as identifiers within the system
|
References to other entities | ReportSubscriptionReportID
ReportSubscriptionUserID
ReportSubscriptionGraphID
ReportSubscriptionTableID
ReportSubscriptionValueID | - ReportSubscriptionReportID – the report to which the subscription applies
- ReportSubscriptionUserID – the user who created the subscription (the user does not need to match the subscription’s email address)
- ReportSubscriptionGraphID – a graph from the report for subscriptions to a specific graph (component that retrieves data and displays it in various formats)
- ReportSubscriptionTableID – a table from the report for subscriptions to a specific table (component that retrieves data and formats it into a table)
- ReportSubscriptionValueID – a value from the report for subscriptions to a specific value (component that retrieves a single scalar value)
|
Report subscriptions – Personal data sources
Reporting | - Users with access to the administration interface can enter their email address and subscribe to reports displayed in various applications (Reporting, Web analytics, Store reports, A/B testing, Facebook, LinkedIn, Twitter)
- Users with access to the Reporting application can manually create, edit or delete subscriptions for reports.
|
> Back to table of contents
Saved reports
Database table: Reporting_SavedReport
Saved reports represent archived data from reports in the Reporting application.
Saved reports – Stored personal data
Saved report content | SavedReportHTML | - HTML content used to display and print saved report data in the Reporting application
- Contains the data that is displayed within the original report, which may include personal information for some reports
|
System data | SavedReportDate
SavedReportLastModified
SavedReportID
SavedReportGUID | - SavedReportDate and SavedReportLastModified – timestamps used by the system
- SavedReportID and SavedReportGUID – used as identifiers within the system
|
References to other entities | SavedReportReportID
SavedReportCreatedByUserID | - SavedReportReportID – the original report
- SavedReportCreatedByUserID – the user who saved the report
|
Saved reports – Personal data sources
Reporting | The system generates Saved Report HTML content when users in the administration interface manually save reports (for example in the Reporting, Store reports or Web analytics applications). |
> Back to table of contents
Synchronization tasks
Database tables: Export_Task, Integration_Task, Staging_Task, CMS_WebFarmTask
The system creates and stores the following types of synchronization tasks:
- Export delete tasks – serve as representations of object delete operations, and can be included within Export packages.
- Integration tasks – synchronize data with external systems or applications via the Integration bus. The system automatically deletes integration bus tasks after they are successfully processed.
- Staging tasks – synchronize content and objects between different Xperience instances via Staging. The system automatically deletes staging tasks after they are successfully synchronized.
- Web farm tasks – synchronize cached data and files between Xperience servers in a Web farm environment. The system automatically deletes web farm tasks after they are successfully processed.
Synchronization tasks store the data of the related object in XML format, so personal data contained in the given object can also be stored within corresponding tasks. This may include sensitive objects such as users, contacts or customers.
Export, Integration, and Staging tasks – Stored personal data
Object data | TaskData | Contains data of the related object in XML format (may include sensitive objects such as users, contacts or customers) Allows the system to synchronize objects to other instances or external systems (staging and integration tasks) or identify objects that need to be deleted when importing a package (export tasks) User interface – the data can be viewed in the following locations: - In the Integration bus application (integration tasks)
- In the Staging application (staging tasks)
For export tasks, the data can be included within export packages that the system creates on the file system.
|
Task name | TaskTitle | Describes the type of the synchronization task (create, delete, update, etc.) and identifies the related object May contain personal data for certain types of objects (for example the user name of deleted or modified user objects) User interface – displayed in the following locations: - In the Integration bus application (integration tasks)
- In the Staging application (staging tasks)
- In the Sites application on the Tasks tab of the View export history page, and in the export/import wizard (export tasks)
|
System data | TaskID
TaskTime | - TaskID – used as an identifier within the system
- TaskTime – timestamp storing the time when the task was logged (matches the time when the related create, update or delete action was performed)
|
References to other entities | TaskSiteID
TaskObjectID
TaskObjectType | - TaskSiteID – the site for which the task was logged
- TaskObjectID and TaskObjectType – these two columns together reference the object related to the synchronization task. The type of the referenced object is stored in the TaskObjectType column and TaskObjectID holds the identifier of a specific object.
|
Web farm tasks – Stored personal data
Object data | TaskTextData | - Stores data of the related object in XML format (may include sensitive objects such as users, contacts or customers). The data primarily includes object identifiers and/or names.
- Allows the system to synchronize cached data and files between Xperience servers when running in a web farm environment
- User interface – the data can be viewed in the Web farm application
|
System data | TaskID
TaskGUID
TaskCreated | - TaskID and TaskGUID – used as identifiers within the system
- TaskCreated – timestamp storing the time when the task was logged (matches the time when the related action was performed)
|
References to other entities | TaskTarget | - Stores the type of the object related to the web farm task. Used to reference the related object in combination with the identifier data stored in the TaskTextData column.
|
Staging tasks – References from entities containing personal data
Staging task users (Staging_TaskUser) | TaskID | The system stores relationships between staging tasks and users. Every relationship indicates that the specified user performed the change which caused the system to log the given staging task (referenced in the TaskID column). |
Export tasks – Personal data sources
Object deletion | - If the Log export tasks setting is enabled, the system creates export tasks when an object is deleted (by a user in the administration interface or by a scheduled/automated process).
|
Integration tasks – Personal data sources
Object changes | - If the Integration bus is enabled and appropriate connectors for outgoing synchronization are created in the system, the system logs integration tasks when objects are created, updated or deleted (by a user in the administration interface or by a scheduled/automated process).
|
External systems | - If the Integration bus is enabled and appropriate connectors for incoming synchronization are created in the system, the system logs integration tasks based on data transfers from the related external application or system.
|
Staging tasks – Personal data sources
Object changes | - If staging is enabled, the system logs staging tasks when pages or objects are created, updated or deleted (by a user in the administration interface or by a scheduled/automated process).
|
Manual staging synchronization | - Users with access to the administration interface can manually run synchronization of objects, pages or custom table data in the Staging application.
- Manual synchronization creates update staging tasks for the related objects and immediately runs them. All successfully synchronized tasks are immediately deleted.
|
Web farm tasks – Personal data sources
Object changes | - The system logs synchronization tasks for every available server when objects are created, updated or deleted (by a user in the administration interface or by a scheduled/automated process).
|
> Back to table of contents
Users
Database tables: CMS_User, CMS_UserSettings
Users are an entity representing people in Xperience. User accounts allow people to sign in on the live site and into the Xperience administration interface (depending on the user privilege level). New user accounts are typically created when a visitor goes through registration on the live site. However, administrators can also create accounts manually in the Users application.
The system stores user data within two coupled database tables – users (CMS_User) and user settings (CMS_UserSettings).
Users – Stored personal data
Email address | Email | - Email engine – sending various types of automated emails to users (notifications, password reset functionality, registration confirmation, etc.)
- Used as the recipient address when sending emails to registered users (for example from the Users or Email queue applications)
- Saved into the user’s UserName field as an identifier if a separate value is not specified during registration
- Used to validate email address values of new users if the Require unique user emails setting is enabled
- Synchronized into the email address field of related customers and contacts (according to mapping configuration)
- Pre-filling of email address values for signed in users in various locations within the administration interface
- Activities – saved into the titles of logged activities of the User registration and User login types
- User interface – displayed as part of user information in various administration interface locations:
- Users application
- My profile application
- Contact management application
- User selection dialogs
- Various lists of subscriptions (Reports, etc.)
|
Last sign-in information | UserLastLogon
UserLastLogonInfo | - UserLastLogon – the date and time of the user’s last sign-in on the live website or into the administration interface
- UserLastLogonInfo – stores the IP address and browser user agent of the user’s environment at the time of their last sign-in
- User interface – the last sign-in information is displayed in the Users application
|
Name | UserName
FirstName
MiddleName
LastName
FullName | - UserName – serves as a unique identifier for users, most importantly when signing in (authentication)
- Saved into the fields of various system objects to identify related users (event log records, staging tasks, security debug logs, etc.)
- Stored as the value of the authentication cookie
- Caching – username values are added to the names of cache keys to allow user-specific caching
- Used when generating preview links to unpublished pages
- Saved into the security signatures of macro expressions
- FullName – the full name is automatically composed for each user from the first, middle and last name values (if not directly modified)
- User interface – displayed throughout the administration interface to identify users
- Displayed within user-related system emails based on the default email templates
- Synchronized into the names fields of related customers and contacts (according to mapping configuration)
- Activities – user names are saved into the titles of logged activities of the User registration and User login types
- Translation services – submissions for human translation services include an instructions file, which contains the full name of the user who created the submission (by default)
- Displayed in various system reports
- Displayed by user-related dashboard widgets (Recent users)
|
Password | UserPassword | |
System data | UserID
UserGUID
UserCreated
UserLastModified | UserID and UserGUID – used as identifiers within the system UserCreated – the date and time when the user account was created - User interface – displayed in the Users application
- Used to evaluate which non-activated users are automatically deleted based on the Delete non-activated users after (days) setting
- Displayed by user-related dashboard widgets (Recent users)
UserLastModified – timestamp used by the system
|
User settings – Stored personal data
Contact information | UserPhone
UserSkype
UserIM | - User interface – displayed in the Users and My profile applications
- UserPhone – synchronized into the phone number field of related customers
|
Descriptions | UserDescription
UserPosition | |
Name | UserNickName | - User interface – displayed as part of user names in various locations in the administration interface
|
Natural personal data | UserGender
UserDateOfBirth | - UserGender – stores the gender of the user
- UserDateOfBirth – used when computing the value of the UserAge macro property for users
- User interface – displayed in the Users and My profile applications
|
Password change information | UserPasswordLastChanged | - Required to calculate the expiration date and time for user passwords
|
Signature | UserSignature | |
Registration information | UserRegistrationInfo
UserCampaign
UserURLReferrer
UserActivationDate | - UserRegistrationInfo – stores the IP address and browser user agent of the user’s environment at the time of registration
- UserCampaign – the name of a specific campaign if the user registered within the context of campaign
- UserURLReferrer – the URL referrer of the web request during which the user registered (for example may contain the URL of a site from which a visitor arrived)
- UserActivationDate – the date and time when the user account was activated via email confirmation or administrator approval
- User interface – the registration information values are displayed when editing users in the Users application
|
System data | UserSettingsID | - UserSettingsID – used as an identifier within the system
|
References to other entities | UserAvatarID
UserSettingsUserID
UserSettingsUserGUID
UserActivatedByUserID | - UserAvatarID – the user’s avatar
- UserSettingsUserID and UsersSettingsUserGUID – the user object coupled with the user settings
- UserActivatedByUserID – the user who approved the given user’s registration (when requiring approval for new users)
|
Users – Personal data sources
Authentication | | |
Customers | - When the name, email address and phone number data of a customer is modified, the system automatically synchronizes the values to the associated user.
- If the Register customer after first checkout setting is enabled, the system automatically creates new users based on the data of anonymous customers when they complete the order checkout process.
- Administrators can create new users based on customer data in the Customers application when editing an anonymous customer on the Login details tab. For registered customers, the same interface also allows administrators to change the password for the associated user account.
| COM_Customer |
Emergency administrator recovery | - Emergency recovery of administration interface access via the CMSAdminEmergencyReset web.config key can create a new user with the Global administrator privilege level and a specified username and password.
| |
Password change | - Users can change their password via the administration interface sign-in page (after submitting a password change request with email verification).
| |
Registration | | |
User activation | - When new users activate their account via email confirmation, the UserActivationDate is automatically set in the user settings.
- If the system is configured to require approval for new users, the UserActivationDate and UserActivatedByUserID values are automatically set in the user settings when an administrator approves an account in the Users application.
| |
User editing | - Users with access to the administration interface manually create users or edit user and user settings data in the Users application.
- Users with access to the administration interface edit their data in the My profile application.
| |
Users – References from entities containing personal data
Accounts (OM_Account) | AccountOwnerUserID | The user assigned as the owner of the given on-line marketing account. |
Activities (OM_Activity) | ActivityItemID | The object related to the logged activity is a user for activities of the User login and User registration type – i.e., when the value of the ActivityType column is userlogin or userregistration . |
Contacts (OM_Contact) | ContactOwnerUserID | The user assigned as the owner of the given contact. |
Contact membership relationships (OM_Membership) | RelatedID | The user related to a given contact. The table contains records representing relationships between contacts and users/customers. Records representing user relationships have the value of the MemberType column set to 0. |
Customers (COM_Customer) | CustomerUserID | The user related to the customer (for registered customers). |
Dashboard widget content (CMS_Personalization) | PersonalizationUserID | The user who created the given dashboard widget content. Considered as personal data, because the PersonalizationLastModified column of the personalization record contains a timestamp that could be used to track the user’s activity. |
Event log records (CMS_EventLog) | UserID | The user who triggered the logged event. |
External authentication records (CMS_ExternalLogin) | UserID | The user related to the given external authentication record (for users created as a result of authentication via an external provider). |
Media files (Media_File) | FileCreatedByUserID
FileModifiedByUserID | The users who created and last modified the given media file. Considered as personal data, because the media file record contains timestamps that could be used to track the user’s activity. |
Orders (COM_Order) | OrderCreatedByUserID | The user who created the order (for registered customers). |
Report subscriptions (Reporting_ReportSubscription) | ReportSubscriptionUserID | The user who created the report subscription. |
Shopping carts (COM_ShoppingCart) | ShoppingCartUserID | The user related to the shopping cart (for registered customers). |
User settings (CMS_UserSettings) | UserSettingsUserGUID
UserSettingsUserID
UserActivatedByUserID | The user coupled with the given user settings (referenced in the UserSettingsUserID and UserSettingsUserGUID columns). The user who approved the registration of the given user account (when requiring approval for new users). |
Wishlist items (COM_Wishlist) | UserID | The user who added the product to their wishlist. |
> Back to table of contents
Web analytic statistics
Database table: Analytics_Statistics
The web analytics feature stores data as statistics representing individual tracked events. Each statistic contains the type of the event and information about the context in which the event occurred (i.e., a related object, site, and culture).
Web analytic statistics – Stored personal data
Web analytics store all types of logged statistics within the Analytics_Statistics database table. The type of each statistic is determined by the value of the StatisticsCode column. For statistics with the browsertype, countries, mobiledevice and urlreferrals StatisticsCode values, the data stored in the additional StatisticsObjectName column could be considered as personal (see the table below).
The default statistics are anonymous and do not contain any references to entities representing a natural person.
Browser type | StatisticsObjectName | - Displayed in the Browser types report in the Web analytics application
- Processed and displayed by reports under the Web Analytics -> Browser capabilities -> Browser types category (accessible in the Reporting application)
|
Country name | StatisticsObjectName | - Displayed in the Countries report in the Web analytics application
- Processed and displayed by reports under the Web Analytics -> Countries category (accessible in the Reporting application)
|
Mobile device type | StatisticsObjectName | - Displayed in the Mobile devices report in the Web analytics application
- Processed and displayed by reports under the Web Analytics -> Mobiles devices category (accessible in the Reporting application)
|
Referring URL | StatisticsObjectName | - Displayed in the Acquisition reports in the Web analytics application
- Processed and displayed by reports under the Web Analytics -> Referrals and Referring sites categories (accessible in the Reporting application)
|
System data | StatisticsID | - StatisticsID – used as an identifier within the system
|
References to other entities | StatisticsObjectID
StatisticsSiteID | - StatisticsObjectID – the object related to the logged statistic. The type of the referenced object depends on the type of the statistic (stored in the StatisticsCode column).
|
Web analytic statistics – Personal data sources
Web analytics | - The system saves values into the StatisticsObjectName column when logging web analytics for website visitors.
|
> Back to table of contents
Workflow and automation process steps
Database table: CMS_WorkflowStep
Marketing automation processes and advanced workflows consist of steps, which may in certain cases contain personal data. The most common example are email address values in the From / To parameters of Send email steps.
Workflow and automation process steps – Stored personal data
Step configuration | StepActionParameters | - Stores the parameter configuration for the step in XML format, which may include personal data in certain cases (e.g. email address values for Send email steps)
|
System data | StepLastModified
StepID
StepGUID | - StepLastModified – timestamp used by the system
- StepID and StepGUID – used as identifiers within the system
|
Workflow and automation process steps – Personal data sources
Step editing | - Users with access to the administration interface manually enter parameter values for steps in the workflow / process designer interface (within the Workflows or Marketing automation application).
|
Workflow and automation process steps – References from entities containing personal data
Automation process history (CMS_AutomationHistory) | HistoryStepID
HistoryTargetStepID | The marketing automation steps related to the history record for a given process. Such history records are logged automatically when automation processes transition between steps. The history record also stores the ID of the user who approved the transition. |
Workflow history (CMS_WorkflowHistory) | StepID
TargetStepID | The workflow steps related to the version history record for a given page. Such history records are logged automatically when pages transition between workflow steps. The history record also stores the ID of the user who approved the transition. |
Step security settings (CMS_WorkflowStepUser) | StepID | The workflow or automation step which has security settings assigned for specific users. Each record also stores the ID of the assigned user. |
> Back to table of contents
