What do I do when I receive a Data Download request?

What is a Data Download Request?

The process of data inquiry and deletion is one of the most important aspects of the LGPD (Brazil's General Data Protection Law). It embodies the rights granted to data subjects — thanks to the LGPD — to decide what can or cannot be done with their personal data and to exercise their rights as citizens.

With a simple email, you can perform an internal sweep, preparing any information you may have about the visitor to send it back to them.

If you use software to manage personal data, it can be integrated with AdOpt so that when a request is made, the report is already available, or you can use it to generate such a report.

How Does AdOpt Handle Data Download Requests?

The first step is identifying what data is collected: AdOpt only collects data when a visitor voluntarily provides contact information (email), via a form within the client’s AdOpt environment.

Next, AdOpt automatically forwards this data to the client.

Within 30 (thirty) days, we delete the data from our records, keeping only the anonymous, encrypted CookieID.

Suggested Step-by-Step Process for the Data Protection Officer (DPO)

Example: [email protected] submitted a download request.

  1. Access the Consent Log section in AdOpt and identify which cookies the user [email protected] consented to.

  2. Using the consent list and your data mapping, you can determine where the data is stored/shared (e.g., your CRM, email marketing platform, logistics system, etc.).

  3. Prepare a professional email for [email protected], listing all data your company holds on them: email, gender, address, or any other information found in your systems or tools.

  4. Attach AdOpt’s detailed record, including the date/time the opt-in occurred (this information can be found using the Cookie ID).

  5. Send the data download report to the user.


Below is an example of a report created in AdOpt, followed by the system-generated email:

data-download-request_1.png

#>info These are just suggestions and may or may not apply to your specific business model. Consult your DPO or a privacy specialist for better guidance.

Additionally, it's important to highlight that every interaction initiated by data subjects triggers 2 emails from AdOpt:

  1. AdOpt > AdOpt Client – notifying the client to proceed with the required legal actions.

  2. AdOpt > Client's Visitor – confirming the request has been received and assuring the visitor it’s being processed.

Why Doesn’t AdOpt Include Consent Details in Some Emails?

There are a few technical reasons this might happen:

  1. The visitor cleared AdOpt cookies from their browser before making the request. Therefore, we have no way to retrieve the data.

  2. The visitor never gave consent but still submitted a download request.

  3. The visitor's browser blocks cookies or uses an extension that prevents tracking (e.g., Ad Blocker, Ghostery, VPN, etc.). This can also lead to scenario 1.

  4. The visitor’s browser is set to automatically clear cookies.

  5. There was a rare data loss between the browser and AdOpt systems.


Lastly, here are two examples of emails sent to the requester by AdOpt during a data download request:

Email to the Client's Visitor

data-download-request_2.png

Email to the AdOpt Client

data-download-request_3.png

Logo
Address: 7345 W Sand Lake Road, Ste 210 Office 5898 Orlando, FL 32819
EIN: 86-3965064
Phone: +1 (407) 768-3792

AdOpt

Resources

Legal Terms

© GO ADOPT, LLC since 2020 • Made by people who love

🍪