Right to Erasure (RTBF)

Learn how to handle data deletion requests from visitors to comply with GDPR's right to erasure.

Understanding Right to Erasure

What is RTBF?

The Right to Be Forgotten (RTBF) under GDPR Article 17 allows individuals to request deletion of their personal data when:

• Data no longer necessary for original purpose
• Consent is withdrawn
• Data was unlawfully processed
• Legal obligation requires deletion
• Individual objects to processing

When It Applies to Analytics

A visitor may request deletion of their analytics data:

• Page views and session history
• Event tracking data
• Identified user profiles
• Revenue attribution data

Receiving Deletion Requests

Request Channels

Accept requests via:

• Email (privacy@yourcompany.com)
• Web form on your site
• Postal mail
• In-person (if applicable)

Required Information

To process a request, you need:

• Verification of identity
• Scope of deletion requested
• Any identifying information you have

Example Request Form

<form action="/privacy/erasure" method="POST">
  <h2>Data Deletion Request</h2>

  <label>Email Address (for verification)</label>
  <input type="email" name="email" required>

  <label>User ID (if known)</label>
  <input type="text" name="user_id">

  <label>What data should be deleted?</label>
  <select name="scope">
    <option value="all">All my data</option>
    <option value="analytics">Analytics data only</option>
    <option value="account">Account and analytics</option>
  </select>

  <label>Additional Information</label>
  <textarea name="details"></textarea>

  <button type="submit">Submit Request</button>
</form>

Processing Requests

Step 1: Verify Identity

Before deleting, verify the requester:

// Example verification process
async function verifyIdentity(email, userId) {
  // Option 1: Send verification email
  await sendVerificationEmail(email, {
    action: 'data_deletion',
    token: generateSecureToken()
  });

  // Option 2: Match to known user
  const user = await findUserByEmail(email);
  if (user && user.id === userId) {
    return { verified: true, user };
  }

  return { verified: false };
}

Step 2: Identify Data

Find all data associated with the user:

Via Dashboard:

1. Go to Settings → Security → Data Lookup
2. Search by user ID, visitor ID, or email
3. Review all associated data records

Via API:

# Retrieve visitor data for a website
curl -X GET "https://api.zenovay.com/api/external/v1/analytics/{websiteId}/visitors" \
  -H "X-API-Key: zv_YOUR_API_KEY"

Step 3: Delete Data

Via Dashboard:

1. Go to Settings → Privacy → Data Deletion
2. Enter user ID or visitor ID
3. Review data to be deleted
4. Confirm deletion

Data deletion is performed through the dashboard. There is no public API endpoint for deleting individual visitor or user data. Use the dashboard interface described above.

Step 4: Confirm Completion

// Send confirmation to requester
await sendEmail(requester.email, {
  subject: 'Data Deletion Complete',
  body: `
    Your data deletion request has been processed.

    Request ID: ${request.id}
    Completed: ${new Date().toISOString()}
    Data Deleted:
    - Page view history
    - Event tracking data
    - Session recordings
    - User profile data

    This action is permanent and cannot be undone.
  `
});

What Gets Deleted

Included in Deletion

Data Type	Deleted
Page views	✓
Events	✓
Session data	✓
Session recordings	✓
Heatmap contributions	✓
User profile	✓
Revenue data	✓
Custom properties	✓

Not Included

Data Type	Why
Aggregate statistics	Anonymized, not personal data
Audit logs	Legal requirement
Invoice records	Financial compliance

Performing Deletions

Via Dashboard

All data deletion operations are performed through the Zenovay dashboard:

1. Go to Settings → Security → Data Deletion
2. Enter the identifier (user ID, visitor ID, or email)
3. Review the data that will be deleted
4. Confirm the deletion

After deletion completes, you will see a confirmation with details:

{
  "success": true,
  "deleted": {
    "page_views": 1234,
    "events": 567,
    "sessions": 89
  },
  "deletion_id": "del_abc123",
  "completed_at": "2025-01-15T10:30:00Z"
}

Bulk Deletion

For bulk deletion requests (multiple users), contact support at support@zenovay.com or use the dashboard's bulk deletion tool under Settings → Security → Bulk Data Deletion.

Timeline Requirements

GDPR Deadlines

Action	Deadline
Acknowledge request	Promptly (within 3 days recommended)
Complete deletion	Within 30 days
Extension if needed	+60 days (must notify)

Request Tracking

// Track deletion requests
const deletionRequest = {
  id: generateId(),
  requester_email: 'user@example.com',
  user_id: 'user_123',
  received_at: new Date(),
  acknowledged_at: null,
  completed_at: null,
  status: 'pending'
};

// Update on acknowledgment
deletionRequest.acknowledged_at = new Date();
deletionRequest.status = 'acknowledged';

// Update on completion
deletionRequest.completed_at = new Date();
deletionRequest.status = 'completed';

Handling Edge Cases

User Has Multiple Identifiers

// Find all linked identifiers
const user = await findUser(email);

const allIdentifiers = {
  user_id: user.id,
  visitor_ids: user.visitor_ids,
  emails: user.emails,
  device_ids: user.device_ids
};

// Delete all associated data
for (const visitorId of allIdentifiers.visitor_ids) {
  await deleteVisitorData(visitorId);
}
await deleteUserData(user.id);

Anonymous Visitor Requests

If visitor isn't identified:

1. Request identifying information they have
2. Check if they can provide:
   • Cookie value
   • Device fingerprint
   • Time of specific visits
3. If can't identify, explain data is already anonymous

Third-Party Data

If data was shared with third parties:

1. Identify third parties
2. Forward deletion request
3. Confirm third-party deletion
4. Document the chain

Exceptions to Deletion

When You Can Refuse

GDPR allows refusal when:

• Data needed for legal claims
• Legal obligation to retain
• Public interest reasons
• Exercising right of freedom of expression

How to Refuse

Dear [Requester],

We have received your data deletion request dated [date].

Unfortunately, we are unable to fulfill this request because:

[ ] We need to retain this data for ongoing legal proceedings
[ ] We have a legal obligation to retain this data
[ ] The request is manifestly unfounded or excessive

If you disagree with this decision, you have the right to
lodge a complaint with your supervisory authority.

Sincerely,
[Your Company]

Automation

Webhook for Deletion Requests

Receive deletion requests via webhook:

// Set up webhook endpoint
app.post('/webhooks/zenovay/deletion', async (req, res) => {
  const { user_id, email, request_id } = req.body;

  // Log the request
  await logDeletionRequest({
    request_id,
    user_id,
    email,
    received_at: new Date()
  });

  // Trigger internal workflow
  await createDeletionTicket({
    user_id,
    email,
    deadline: addDays(new Date(), 30)
  });

  res.status(200).json({ received: true });
});

Scheduled Cleanup

Automate deletion for inactive users:

// Run daily
async function cleanupInactiveUsers() {
  const inactiveUsers = await findUsersInactiveFor(365); // 1 year

  for (const user of inactiveUsers) {
    await sendNotification(user.email,
      'We will delete your data in 30 days unless you log in');

    scheduleForDeletion(user.id, 30); // days
  }
}

Documentation

Maintain Records

Keep records of:

Record	Retention
Deletion request	3 years
Verification evidence	3 years
Completion confirmation	3 years
Refusal reason	3 years

Deletion Certificate

Provide proof of deletion:

CERTIFICATE OF DATA DELETION

Request ID: del_abc123
Date Received: 2025-01-15
Date Completed: 2025-01-20

Requester: user@example.com

Data Deleted:
- 1,234 page view records
- 567 event records
- 89 session recordings
- 1 user profile

Deletion confirmed by: [System/Administrator]
Timestamp: 2025-01-20T15:30:00Z

This certificate confirms that the above data has been
permanently deleted from our systems and cannot be recovered.

Best Practices

Response Templates

Prepare templates for:

• Acknowledgment email
• Verification request
• Completion confirmation
• Refusal (with reasons)

Staff Training

Train team on:

• Recognizing deletion requests
• Verification procedures
• Timeline requirements
• Escalation process

Regular Audits

Periodically review:

• Request handling times
• Completion rates
• Common issues
• Process improvements

Next Steps

• Data Export
• GDPR Compliance
• Data Retention