Pages

This document introduces the concept of website visitor profiling and describes the options the Frosmo Platform provides for addressing profiling issues.

Introduction to visitor profiling

Website visitor profiling means that you collect data about the behavior and potential interests of your website visitors, and then use that data to provide the visitors with relevant, targeted content. For example, on a sports equipment web store, you can track each visitor's location and the product categories and pages they most often visit (such as women's running shoes), and use that information to target them with recommendations relevant to them (such as women's running shoes appropriate for the season and climate of the visitor).

The advantage of profiling is that you can use it to segment markets and tailor services and products to align with individual needs. Other sectors than ecommerce, such as education and health care, can also benefit from profiling.

GDPR and profiling

The General Data Protection Regulation (GDPR), applicable in the European Union (EU) and the European Economic Area (EEA), is designed to make profiling and automated decision-making more transparent to individual persons ("data subjects"). The underlying concern, according to the Article 29 Working Party guidelines, is that:

Profiling can perpetuate existing stereotypes and social segregation. It can also lock a person into a specific category and restrict them to their suggested preferences. This can undermine their freedom to choose, for example, certain products or services such as books, music or newsfeeds. In some cases, profiling can lead to inaccurate predictions. In other cases it can lead to denial of services and goods and unjustified discrimination.

According to the GDPR, profiling is always:

  • Automated data processing
  • Carried out on personal data
  • Performed to evaluate the personal aspects (including economic situation, health, personal preferences and interests, reliability, behavior, and location or movement) of a natural person

This means that data tracking for analytics purposes, for example, is not considered profiling. Data tracking becomes profiling only when it involves personal data of a natural person that is used to evaluate and predict the performance, interests, or behavior of that person.

To profile website visitors and, more broadly, to collect and process personal data about them, you need their consent. Consent means that your visitors:

  • Freely opt in to data processing
  • Have an ongoing control over how you process their data
  • Have an opportunity to withdraw their consent at any time

A good way to seek consent is to provide your visitors with clear opt-in/opt-out options with explanations on how their data will be used.

According to the GDPR, consent is not the only lawful basis for personal data processing. For more information about the other lawful bases, see, for example, the Guide to the UK General Data Protection Regulation (UK GDPR) by the UK Information Commissioner's Office (ICO).

Frosmo and profiling

In the Frosmo Platform, the following features are related to profiling:

  • Conversion definitions
  • Custom actions (for example, when using geolocation)
  • Modification settings that define whether to display the modification to visitors based on visitor history
  • Recommendations
  • Segmentation (segments, segment groups)
  • Super-Affinity

These features can be considered profiling in that they use or provide data about visitor behavior for the purpose of personalizing or targeting content to visitors. As mentioned above, though, segmenting visitors or collecting behavioral data about them is not profiling in and of itself.

For more information about what data the platform collects from websites and how the platform processes the data, see Data collection and processing.

In a relationship between Frosmo and a customer, the customer always represents the data controller, while Frosmo always acts as the data processor. This means that the legitimate and specific purpose for collecting personal data through the Frosmo Platform is always determined by the customer. In addition, the customer ensures that the data subjects have given their consent, one way or another, to data collection and profiling.

If the customer chooses to seek explicit consent by providing visitors with opt-in/opt-out options, a visitor can refuse profiling. The following section describes the solutions that the Frosmo Platform provides for ensuring that no profiling-based content is shown to visitors who opt out of profiling.

Visitor profiling solutions

The Frosmo Platform provides the following solutions for accommodating a visitor who opts out of profiling:

  • Disable the platform for the visitor.

    Do not deliver any content – personalized or otherwise – to the visitor through the platform. Use this solution for visitors who refuse the platform's services as a whole.

  • Use selective profiling on the site.

    Show the visitor only non-personalized, non-targeted modifications that do not use any profiling. Use this solution for visitors who only refuse personalized, targeted content, but otherwise consent to the platform's services, including data tracking.

Disabling the Frosmo Platform for a visitor

Disabling the Frosmo Platform for a visitor means that (1) the visitor will not get any content delivered through the platform on the site and (2) the platform will not track the visitor in any way on the site.

Use this solution in the following cases:

  • The visitor refuses the platform's services as a whole, not just features related to profiling.
  • The platform is represented by a single on/off setting in your consent management system. The visitor can only refuse or consent to the platform's services as a whole.

You implement this solution together with Frosmo, as a rule. If you want to implement this solution on your own, contact Frosmo support.

Once implemented, the solution works as follows:

  1. A visitor enters the site.
  2. The site displays a consent pop-up or similar prompt to the visitor.
  3. The visitor either opts in to or opts out of profiling by the Frosmo Platform. (This can be a Frosmo-specific setting or a broader profiling setting that includes the platform.)
  4. Depending on the visitor's choice:
    • If the visitor opted in, the platform shows them personalized, targeted modifications based on their behavior on the site. For example, the visitor sees product recommendations for products they have viewed on the site.
    • If the visitor opted out, the platform sets the frosmo-off cookie for the site in the visitor's browser. The cookie prevents the Frosmo scripts from loading in the browser, meaning the platform is effectively turned off for the visitor. Depending on your site configuration, this may have a significant impact on the visitor's user experience.

To check your site layout and functionality with the Frosmo Platform disabled, add the frosmo=off query parameter to the URL of any page on the site. The parameter sets the frosmo-off cookie for the site in your browser. For example, if the page URL is https://frosmo.com/, check the no-Frosmo layout by changing the URL to https://frosmo.com/?frosmo=off. The platform remains disabled until you clear the site cache or the cookie expires. You can also manually re-enable the platform at any time by adding the frosmo=on query parameter to the URL of any page on the site.

Using selective profiling on a site

Selective profiling is a feature that allows the Frosmo Platform to display modifications to visitors based on their profiling choice: Visitors who opt in see personalized, targeted modifications, while visitors who opt out only see non-personalized, non-targeted modifications.

Use selective profiling in cases where the visitor only refuses personalized, targeted content, but otherwise consents to the platform's services, including data tracking. Your consent management system must provide a dedicated setting for visitors to opt in or opt out of personalized, targeted content delivered through the platform.

If a visitor refuses the platform's services as a whole, including data stored in cookies and the browser's local storage, selective profiling will not work.

Selective profiling only affects modifications and recommendations. If you use other profiling-related features on your site, you must disable them manually (unless you get the appropriate consent from your visitors or otherwise have a lawful basis for processing their personal data).

You can implement selective profiling for your site on your own, or you can have Frosmo do it for you. For more information, see the modification user guide, or contact Frosmo support.

Once implemented, selective profiling works as follows:

  1. A visitor enters the site.
  2. The site displays a consent pop-up or similar prompt to the visitor.
  3. The visitor accepts (opts in to) the core services provided by the Frosmo Platform.
  4. The visitor either accepts (opts in to) or refuses (opts out of) personalized, targeted content delivered through the Frosmo Platform. The platform registers and stores the choice in the browser's local storage.
  5. Depending on the visitor's choice:
    • If the visitor opted in, the platform shows them personalized, targeted modifications based on their behavior on the site. For example, the visitor sees product recommendations for products they have viewed on the site. The platform can also show them non-personalized, non-targeted modifications that are not based on their behavior on the site.
    • If the visitor opted out, the platform only shows them non-personalized, non-targeted modifications that are not based on their behavior on the site. For example, the visitor sees product recommendations based on the most viewed products on the site.

The Frosmo Platform continues to track data normally on the site. However, the data is not used in a profiling capacity to deliver personalized, targeted content to visitors who have opted out of such content.

For more information about the selective profiling feature, see:

Selective profiling and modifications

When selective profiling is in use on a site, the platform assigns each modification – whether an existing one or a new one – to one of the following visitor groups:

  • All: The modification is shown to all visitors irrespective of their profiling choice. The modification cannot use any profiling features.
  • Opt in: The modification is only shown to visitors who have opted in to profiling. The modification can use profiling features.
  • Opt out: The modification is only shown to visitors who have opted out of profiling. The modification cannot use any profiling features.

To which group the platform assigns a modification depends on the modification's case and, for a non-personalized modification, the modification's visitor group setting. A non-personalized modification is a special modification case, only available on sites where selective profiling is enabled. Non-personalized modifications allow you to deliver non-personalized, non-targeted content to all visitors or just those visitors who opt out of profiling.

Table: Modification assignment to visitor group by modification case

CaseGroupNotes
A/B testOpt in

The platform automatically assigns the modification to the group.

You cannot change the group.

Multi-armed bandit
Personalization
Non-personalizedAll or Opt out

The platform assigns the modification to the group that matches the modification's visitor group setting.

You can change the setting and thus the group.

The following figure illustrates how the platform assigns and displays modifications to the different visitor groups. Visitors who have not made their profiling choice – neither opted in nor opted out – see all modifications irrespective of group assignment.

Displaying modifications to visitors based on their profiling choice

Figure: Displaying modifications to visitors based on their profiling choice (click to enlarge)

The following table shows how a visitor's profiling choice (top row) and the visitor group of a modification (leftmost column) together determine whether the platform shows the modification to the visitor. For example, if the visitor has opted out, the platform will only show them modifications whose assigned visitor group is All or Opt out, while modifications whose group is Opt in are hidden from the visitor.

Table: Displaying modifications to visitors based on their profiling choice


Choice: Opt inChoice: NoneChoice: Opt out
Modification: AllShowShowShow
Modification: Opt inShowShowHide
Modification: Opt outHideShowShow

Selective profiling and recommendations

When selective profiling is in use on a site, the platform does not return personalized recommendations to visitors who opt out. Visitors who opt in, or who have yet to make their profiling choice, see personalized recommendations normally. Only recommendations based on a strategy can be personalized.

A recommendation is personalized if its strategy meets any of the following criteria:

  • The strategy applies some level of affinity.
  • The strategy uses one of the following algorithms:
    • Bought together with categories recently bought by the visitor
    • Bought together with items recently viewed by the visitor
    • Most viewed by the visitor
    • Recently viewed by the visitor
    • Viewed together with categories recently viewed by the visitor
    • Viewed together with items recently viewed by the visitor

For a visitor who has opted out, the platform:

  • Returns recommendations without applying any affinity to them.
  • Does not return any recommendation whose strategy use one of the above algorithms.

Depending on the strategy settings, the platform therefore either returns a non-personalized version of a recommendation or no recommendation at all.

If you're using the Recommendations API to directly fetch recommendations for the site, you must always define the profile query parameter in an API request. The parameter contains the profiling choice of the visitor whom the API request targets. Without the parameter, the platform cannot respect the visitor's profiling choice.

The profile query parameter is only valid for API requests that retrieve recommendation data for strategies.

Selective profiling use cases

Create your profiling-managed modifications based on who you want to target and with what type of content:

  • If you want to deliver personalized and/or targeted content to visitors who have opted in to such content, create a modification using one of the following cases:

    • A/B test
    • Multi-armed bandit
    • Personalization

    For more information about creating the modification, see the modification user guide.

  • If you want to deliver dedicated or alternative content to visitors who have opted out of personalized, targeted content, create a modification using the Non-personalized case, and set the visitor group setting to No profiling.

    For more information about creating the modification, see the modification user guide.

  • If you want to deliver generic content, such as UI improvements and bug fixes, to all visitors irrespective of their profiling choice, create a modification using the Non-personalized case, and set the visitor group setting to All.

    For more information about creating the modification, see the modification user guide.

Where to go next