Avoid sending personal and/or pseudo-anonymous data to ShinyStat

ShinyStat recommends that special attention is given to avoid sending, even inadvertently, personal and/or pseudo-anonymous data

To protect the privacy of website visitors, the ShinyStat’s Term of Service specify that it is not allowed to send personal data, even pseudoanonyms, to ShinyStat™ collection systems.

Personal information includes, but not limited to, name, email address, postal address, personal telephone number, fiscal code, exact location (for example, via GPS), etc.

If in doubt about the type of data classified as personal information, we suggest you confront your privacy and/ Data Protection Officer consultants.
Before installing ShinyStat, we suggest following the instructions and best practices below:

• Avoid User IDs containing personal information
• Avoid URLs containing personal information
• Remove personal information entered by visitors
• Configure the ShinyStat Features paying attention to privacy risks
• Geolocation

 Avoid User IDs containing personal information
It isn’t possible to use identifiers containing identifiable personal information (PII), such as e-mail addresses, telephone numbers or any data considered "PII".
It is therefore necessary to pass to ShinyStat encrypted identifiers, according to an adequate level of encryption, for which the use of a minimum of 8 characters is recommended.  

Note: ShinyStat has a minimum hashing requirement of SHA256.     

Avoid URLs containing personal information
The ShinyStat tag collects the page URL of each page viewed. 
It may happen that, through these URLs, personal information is inadvertently sent. 
To avoid sending personal information, we suggest that neither the path nor the URL parameters contain any personal information.  Both URLs or URL parameters must be free of personal information.

It is possible to change the URL, before it gets sent to ShinyStat, using the "PAG=" parameter. 
For further information: Advanced Code - Option: Rename page (assign a name to your pages)


There are different solutions to avoid sending personal information via URL:        

• Use post (instead of get) to implement form 
  Through the HTTP protocol it is possible to submit form in GET or POST. If you use GET, the form’s parameters are included in the URL and, consequently, are displayed in the address bar. In order to avoid sending personal information via page URL, simply use POST for submitting forms by setting the form tag to have "method = post" in the attribute.
  
  
• Structure the URL avoiding the inclusion of personal information
  In some websites, such as those that allow the user to log in, URLs may be structured to include personal information.
  In such cases, structure the URL to avoid entering personal information.     

Remove personal information entered by visitors
Users and  visitors may enter personal information in the SEARCH field or in any FORM present on the site.
Personal information entered by visitors must be removed before it is sent to ShinyStat.

Configure the ShinyStat Features paying attention to privacy risks
In order to protect the privacy of site users and visitors, we also recommend paying attention to the way in which the various features offered by ShinyStat are configured, (such as campaigns, conversions, external links, channels, video, pages and the like), which must be configured in order to avoid sending any personal information, such as name, fiscal code, email address, unique identifier of devices, etc.

Geolocation
If the site collects geolocation information, make sure that this information is not based on GPS data and/or does not include detailed location information.
Please consider that sometimes even a postal code may indicate a specific residence.
Avoid sending similar data to ShinyStat collection systems.