Home

Data Processing Guide

Data Processing Groups and Specifications specify activities you do with customer data for specific purposes. It is best practice to be transparent to your customers about this usage, and in many cases it is also required by law.

You can define Data Processing activities on https://signatu.com, use the REST API directly, or a combination of both.

Authorization

API calls are authorized using an OAuth Bearer token set in the Authorization header. See Authorization for details.

Note that the OAuth token must be authorized for the dataprocessing scope.

Data Processing Group

A Data Processing Group contains one or more Data Processing Specifications. Groups are used to bundle together Data Processing Specifications that are related. A Group can be embedded in a Privacy Policy as a section, or used to build a consent dashboard.

Group schema

FieldDescription
idAn automatically assigned unique ID for this group.
nameName of the Data Processing Group. The name is used for the title of the Consent request.
descriptionDescription of the Data Processing Group. The description is used as the caption for the Consent request.
purposeThe purpose of the processing, e.g., “marketing”.
createdAtISO 8601 timestamp for when the text was created.
updatedAtISO 8601 timestamp for when the text was last updated.

Data Processing Specification

Data Processing specifications are automatically versioned, and Signatu keeps track of up to 100 previous versions.

Spec schema

FieldDescription
idAn automatically assined unique ID for this specification.
dataDescription of the data - e.g., “e-mail”.
purposeThe purpose of the processing, e.g., “marketing”.
textsList of Data Processing Text objects by language (see below).
action(optional) Type of text. Can be used to support different texts to different audiences, e.g., children.
sensitive(optional) Type of text. Can be used to support different texts to different audiences, e.g., children.
consentTargetSpecifies if this specification is a target for consent. This is used to determine whether to e.g., build a consent UI for this element. Default value: true.
location(optional) The geographical location of the processing, e.g., USA.
duration(optional) The duration of the action in days. Only relevant for some actions, e.g., “store”.
legalBasis(optional) The legal basis for the processing. Valid values are: CONSENT, CONTRACT, LEGAL_OBLIGATION, VITAL_INTEREST, PUBLIC_INTEREST, OFFICIAL_AUTHORITY, LEGITIMATE_INTEREST, LEGITIMATE_INTEREST_3RDPARTY, CUSTOM
externalHref(optional) URL to external content, e.g., a Privacy Policy outside of the control of Signatu.
createdAtISO 8601 timestamp for when the text was created.
updatedAtISO 8601 timestamp for when the text was last updated.

Texts

A text is a free-form text that you want to present to your customers. While this allows you flexibility to customize your tone of voice, you also need to take care that the text fully describes the formal requirements of the Data Processing activity - i.e., the purpose of the processing, the Data Processing action(s), location of processing and so on.

Text schema

FieldDescription
valueThe custom text in the language specified by language.
languageISO 639-1 language code.
type(optional) Type of text. Can be used to support different texts to different audiences, e.g., children.
createdAtISO 8601 timestamp for when the text was created.
updatedAtISO 8601 timestamp for when the text was last updated.

Consent UI components can use a Data Processing Specification as a target for consent, as identified by the endpoint URL for the specification, e.g., https://api.signatu.com/dataprocessing/v0/dpspecs/3293675406ac219b. Based on the target the SDK can automatically build a UI for the end-user request.

Automatic Data Processing Request UI

API Usage Examples

Create a new group

curl https://api.signatu.com/dataprocessing/v0/dpgroups \
-H 'Authorization: Bearer YOUR_TOKEN' \
-H 'Content-Type: application/json' \
-d '{"description": "The loyalty program"}'
{
"id": "e3cfa660fd28345c",
"description": "The loyalty program",
"userId": 213,
"createdAt": "2018-03-04T10:31:31.644Z",
"updatedAt": "2018-03-04T10:31:31.645Z"
}

Create a new Data Processing Specification in a group

Use the ID from the previous response to add specs to this new group:

curl https://api.signatu.com/dataprocessing/v0/dpgroups/e3cfa660fd28345c/specs \
-H 'Authorization: Bearer YOUR_TOKEN' \
-H 'Content-Type: application/json' \
-d '{"data": "e-mail", "purpose": "Send you marketing e-mails", "action": "collect"}'
{
"id": "3293675406ac219b",
"data": "e-mail",
"purpose": "Send you marketing e-mails",
"action": "collect",
"sensitive": false,
"consentTarget": true,
"location": "EU",
"groupId": "e3cfa660fd28345c"
}

Add an English text to the a Data Processing Specification

Use the two-character ISO 639-1 code to specify the language. Using en for English:

curl https://api.signatu.com/dataprocessing/v0/dpspecs/3293675406ac219b/texts \
-H 'Authorization: Bearer YOUR_TOKEN' \
-H 'Content-Type: application/json' \
-d '{"value": "Our customer club wants to send you marketing e-mails", "language": "en"}'
{
"language": "en",
"value": "Our customer club wants to send you marketing e-mails",
"id": 14448
}