GDPR
Trivore ID supports GDPR personal data processing requests. A Personal Data Request (PDR) is a formal record of a user's request regarding their personal data. Administrators create and manage requests on behalf of users via the Management API or the Management UI. Users can view the status and outcomes of their requests through a dedicated self-service page accessed via a one-time link.
Request types
| Value | Meaning |
|---|---|
DATA_RETRIEVAL | User requests a copy of their stored personal data |
REMOVAL | User requests deletion of their personal data (right to erasure) |
CORRECTION | User requests correction of inaccurate personal data |
PROCESSING_RESTRICTION | User requests restriction of processing of their personal data |
Data model
| Field | Type | Description |
|---|---|---|
id | string | Unique request ID |
requestType | string (enum) | See Request types |
requestTime | string (ISO-8601) | When the request was submitted |
requestRemarks | string | Free-text remarks from when the request was created |
confirmTime | string (ISO-8601) | When the request was confirmed as processed; null if not yet processed |
confirmBy | string | Username / namespace code of the admin who confirmed |
confirmRemarks | string | Internal remarks added by the admin on confirmation; not shown to the user |
commentForUser | string | Message for the user explaining the outcome; shown in the Personal Data View |
Submitting a Personal Data Request
Via the Management API
Endpoint: POST /api/rest/users/{userId}/personaldatarequest
Required permission: ACCOUNT_MODIFY_PERSONAL_DATA_REQUESTS
Both requestType and requestRemarks are required in the request body. Other fields are ignored on creation. Returns the created PersonalDataRequest object.
{
"requestType": "DATA_RETRIEVAL",
"requestRemarks": "User called support and requested a copy of their data."
}
Via the Management UI
On the main Management UI dashboard, click Make a new PDR to open the request dialog. Select the request type and enter remarks, then submit.
Viewing Personal Data Requests
List all requests for a user
Endpoint: GET /api/rest/users/{userId}/personaldatarequest
Required permission: ACCOUNT_VIEW_PERSONAL_DATA_REQUESTS
Returns an array of PersonalDataRequest objects.
Get a single request
Endpoint: GET /api/rest/users/{userId}/personaldatarequest/{requestId}
Required permission: ACCOUNT_VIEW_PERSONAL_DATA_REQUESTS
Returns a single PersonalDataRequest, or 404 if not found.
Handling (confirming) a Personal Data Request
Confirming a request as processed is only available through the Management UI. There is no REST API endpoint for this action.
Admin view
A dedicated admin view lists all unconfirmed requests across all users. The list can be filtered by user, time range, and confirmation status, and supports Excel export.
Required permissions: ACCOUNT_VIEW + PERSONAL_DATA_REQUEST_VIEW_ALL
Per-user request manager
In the Customer Care context, from the user detail page, click Manage data requests to open the request manager for that user. The admin can:
- Enter confirmation remarks (internal, not visible to the user)
- Enter a comment for the user (shown in the Personal Data View)
- Upload attachment files related to the processing outcome
- Check Notify user to send an email to the user on confirmation
- Click Confirm processed
Required permission to confirm: PERSONAL_DATA_REQUEST_VERIFY_PROCESSED. Without it the view is read-only.
Email notification on confirmation
If Notify user is checked when confirming, an email is sent to the user containing the commentForUser text and the identity of the confirming administrator.
Personal Data View (end-user self-service page)
A separate end-user UI allows users to view their personal data requests and outcomes. It is not part of the main Management UI. Access is via a one-time link containing a server-side token.
Generating the link
Endpoint: POST /api/rest/users/{userId}/personaldatarequest/view-uri
Required permission: ACCOUNT_MODIFY_PERSONAL_DATA_REQUESTS
Optional query parameter returnUri: a URL the user is navigated to when they click Return on the page.
The link is valid for 30 days and is single-use — the token is consumed on first access.
{
"viewUri": "https://id.example.com/personal-data-view?ssdt=abc123..."
}
Permissions summary
| Permission | Purpose |
|---|---|
ACCOUNT_MODIFY_PERSONAL_DATA_REQUESTS | Create requests; generate Personal Data View links |
ACCOUNT_VIEW_PERSONAL_DATA_REQUESTS | Read request information for a user |
PERSONAL_DATA_REQUEST_VIEW_ALL | View all requests across all users in the admin view |
PERSONAL_DATA_REQUEST_VERIFY_PROCESSED | Confirm a request as processed |