Data privacy compliance (Storefront Pro)
This capability is available with Storefront Pro 5.
Retailers must comply with all applicable data privacy laws and regulations applicable to them. This may include U.S. state privacy laws (“State Privacy Laws”) such as California’s CCPA, Virginia’s VCDPA, Colorado’s CPA, Connecticut’s CTDPA, Utah’s UCPA, and a number of other state laws coming into effect in the near future.
Instacart has implemented the following processes to help retailers with their privacy compliance obligations:
Data access requests
Retailers can forward to Instacart the data access requests submitted to them by their customers.
The workflow has the following steps:
- Customer contacts the retailer to request data access.
- Retailer submits a data access privacy request from Instacart Platform Portal. For instructions, see Create a data access request.
- Instacart receives the data access request and initiates a workflow to discover the relevant customer data in Instacart-owned systems.
- Instacart sets the request status to complete with a link to a file containing the data.
- Retailer downloads the data file from the Instacart Platform portal and shares the data with the customer.
Data deletion requests
Retailers can forward to Instacart the data deletion requests submitted to them by their customers.
The workflow has the following steps:
- Customer contacts the retailer to request data deletion.
- Retailer submits a data deletion privacy request from Instacart Platform Portal. For instructions, see Create a data deletion request.
- Instacart receives the data deletion request and initiates a data deletion workflow to delete or de-identify data from Instacart-owned systems (subject to the available regulatory exceptions).
- Instacart sets the request status to complete.
- Retailer informs the customer that their request is complete.
Opt-outs/Opt-ins
Under State or Provincial Privacy Laws, customers in applicable jurisdictions must be given the right to opt out of, or in some cases opt in to, the sale of their personal information (PI) or the sharing of their PI for the purposes of cross-context behavioral advertising. If a retailer determines it is selling or sharing personal information under an applicable state or provincial privacy law, Instacart can help with retailer’s compliance by linking customers to the retailer’s privacy management system to perform an opt-out or to present an opt-in banner.
Link from a storefront to a privacy management system
You can add a link to your privacy management system from the site navigation. In a browser, the opt-out link is added to the footer. In a mobile app, the link is in the app’s overflow menu. In either case, the link opens information about opting out.
The following image shows an example of an opt-out link that opens a OneTrust management window:
The following image shows an example of an opt-out link in a mobile app:
To request an integration, contact your Instacart representative.