> For the complete documentation index, see [llms.txt](https://community.commandersact.com/customer-success/llms.txt). Markdown versions of documentation pages are available by appending `.md` to page URLs; this page is available as [Markdown](https://community.commandersact.com/customer-success/faqs/consent-and-preference-management/gdpr-and-e-privacy.md).
# GDPR & e-Privacy
What are my obligations in terms of data processing?
1. You should only process necessary data and you should regularly delete unnecessary data.
* This logic aims at sourcing only useful data.
* This is a legal requirement that we must be able to present and justify to our clients.
* The data import logic must include a bridge to the data register declaration.
2. The processing operations are subject to a declaration to the CNIL (if no CIL) or to an entry in the CIL register (if CIL). With the GDPR, the registration of a register of processing operations is mandatory. (Article 30 GDPR)).
What is the difference between personal data and nominative data?
The GDPR defines personal data as any information relating to an identified or identifiable natural person, directly or indirectly, in particular by reference to an online identifier or location data.
Types of data affected by the GDPR :
* Directly identifying data (e.g. name, email, address, email, phone number, etc.)
* Online identification data (e.g. cookie ID, advertising ID, Mac address, IP address)
* Browsing or purchase histories, the cross-referencing of which may allow the identification of the individual by fingerprinting (e.g. OS, language, battery level, fonts and plugins, etc.).
However, companies collecting personal data can opt to "anonymise" it, so that the data no longer allows an individual to be identified.
According to the European data protection authorities, this data should no longer be able to be individualized, correlated or inferred.
Are there any recommendations to follow in terms of traceability of connections on my applications?
Any person in an organization who may have access to personal data must be authenticated using a sufficiently robust method:
* Provide traceability of users connected to your applications.
* Provide for traceability of actions performed by a user:
* Features used
* Details of use
* Date of connectionType of data processed, ...
Are there any recommendations on how long data should be kept?
*
Alternatives to third-party cookies: What does the CNIL think?
*
---
# Agent Instructions
This documentation is published with GitBook. GitBook is the documentation platform designed so that both humans and AI agents can read, navigate, and reason over technical content effectively. Learn more at gitbook.com.
## Querying This Documentation
If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.
Perform an HTTP GET request on the current page URL with the `ask` query parameter, and the optional `goal` query parameter:
```
GET https://community.commandersact.com/customer-success/faqs/consent-and-preference-management/gdpr-and-e-privacy.md?ask=&goal=
```
`ask` is the immediate question: it should be specific, self-contained, and written in natural language.
`goal` is optional and describes the broader end goal you are ultimately trying to accomplish on behalf of the user. GitBook uses it to tailor the answer towards what is most useful for that goal.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.
Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.