Many products will collect personal data from users as part of their core functionality. That data is stored in the platform and can be accessed by admin users using various products, forms and templates, by GOSS hosting engineers who have access to the hosting environment, and by developers who have access to platform tools.
Roles
The following categories of users have access to data in the platform.
The Data Subject
The data subject submits personal data into the platform and is able to see and possibly update that data, depending on it's nature.
Users will generally interact with the platform via forms, and view and manage their data using My Account - Advanced Layout, Self Service and User Requests.
The Data Subject Rights article looks at this in more detail.
Staff Agents
These are your logged-in staff users who securely access the platform, either via the public website or staff portal, and can interact with data using forms and the Self Service, User Request and Assisted Service templates. They could be customer service agents handling cases via Case Management, event organisers using the Bookings product, or waste service staff looking at reported fly tipping.
The access these users have is controlled in two ways. First, the forms and templates they use to interact with data can be set up to only show certain types of data and only allow certain processing to be performed on it. Second, the access to those forms and templates can be controlled by user group security.
Developers and iCM Users
This category potentially includes all authenticated iCM users. Once logged in, user security and privileges restrict the areas of the platform these users can access. The areas that could allow access to personal data are:
- End Points - Use the iCM API to query the database
- Workflow process instances - Personal data stored in process variables visible in the modeller
- Form data - Ability to search and browse saved form data
- Object data - Export saved object data
- User profiles - Direct access to personal data, in particular contact information
- History data - The main store for data. Although there is no direct interface into this data, several forms, accessible as "apps" within iCM, do allow it to be accessed, as can End Points
- Forms designer - Use the iCM API to access the database. Forms will need to be published before they can return data (either on the site or as an iCM form app)
- File manager - Upload scripts (eg ColdFusion scripts) that can then be executed via the iCM custom directory in a browser
All of these interfaces can be locked down based upon user roles and group membership.
GOSS Hosting Engineers
Our hosting engineers have direct access to the hosting environment so can access the iCM database and any personal data it holds.