This document provides the full list of systems that will be in scope of OneTrust’s Privacy Rights Automation module, for which there will be an automation of the process of data deletion and data access upon request by a guest through our mobile app/ website.
The list is subject to be updated over time, as RBI business evolves.
Guest delete requests
AWS (RBI guest database)
Snowflake (RBI reporting)
Datadog (logging)
LogRocket (session replay)
mParticle (customer data platform)
Braze
Amplitude - if this system is contracted by the Franchisee
Branch (deep links) - if this system is contracted by the Franchisee
Payment service providers - however, we are still investigating (a) whether PSP’s are in scope for data deletion and (b) if “yes” who is responsible for the deletion
Backups - however, we are still investigating whether we can implement a 30 days retention period
Forter (fraud detection) - if this system is contracted by the Franchisee
Guest access requests:
AWS (RBI guest database)
Payment service providers - however, we are still investigating (a) whether PSP’s are in scope for data deletion and (b) if “yes” who is responsible for the deletion
Forter (fraud detection) - if this system is contracted by the Franchisee