Consent categories


Consent categories allow you to manage and organize data into multiple categories, each with different consent status and a different approach to data processing and communication. Thanks to the categories, you will be able to approach each of your customers in the way to which the specific customer consented or for which they have a legitimate interest. There are three types of categories available in Bloomreach Engagement:

Category typeUse
General consentThis is a system setting in Bloomreach Engagement that allows you to send campaigns to all your customers even without consents or those who already opted out. This is only to allow you to send transactional emails or important warnings and needs to be used carefully.
ConsentAs per GDPR, consent has to be freely and actively given by a customer. You can define multiple consent categories (such as "Newsletter", "Push notifications" etc.). Consents need to be tracked/imported for every customer. Learn how.
Legitimate interestProcessing data under legitimate interest is more flexible in comparison to the active consents. It enables you to process personal data without actively asking your customers to provide consent. Hence in Bloomreach Engagement, you can define a legitimate interest group by creating an automatic filter based on a customer's behavior (such as having a purchase etc.)

Configuring the categories

You can create and configure consent categories in Project settings > Privacy management > Consents.

You can then select from these categories in the settings of each campaign you are about to launch. This will ensure that you will show e.g. a push notification only to customers who have given you the appropriate consent.


You can choose what category you want to apply in the settings of each campaign.


Deleting consent categories

To delete a consent category that does not have a bin icon, you need to go to Data Manager > Mapping to check the mapping of the affected categories. The delete button (bin icon) will be visible once you uncheck the boxes in that section, leaving empty boxes.

In the following sections, we will go over each of the 3 main consent categories and how you can configure them.

Configuring the tracking consent categories

There has been added explanation about the GDPR law in Germany, where accessing all data on a user´s device requiere explicit consent. More details about the explicit consent, how to configure the tracking of the consent categories can be found in a separate article.

General consent

General consent should be used only in very few instances. When it is used, customer consent preferences are ignored and this may result in approaching customers without any legal basis for doing so. Therefore, permission to use General consent should be very limited.

The best practice is to disable it altogether and re-enable it only for some very specific purposes where you are sure its use is legal and appropriate. In Project settings > Privacy management > Consents you choose in which channels can the General consent be used.

If you decide to disable a channel, you can also see which of your campaigns and scenarios have been using General consent in 'Check dependencies' so that you know what campaigns need adjustments in their Consent category. General consent will only be disabled after the adjustments to the running campaigns are made.


You can create custom consent categories based on the specific consent you received from your customers. It is preferable to have multiple consent categories. Firstly, because different customers will give you consent for different things, and secondly, it is preferable to allow customers to opt-out only from some of your communication they had previously consented to instead of them withdrawing their consent to all communication.

ColorDistinguish between consent categories with different colors.
Consent categoryThis field is used for mapping the consent category to the tracked consent event.. This field needs to have the same value as the attribute category in the consent event. We recommend using a simple lowercased word in English for easy troubleshooting. This will not be visible to your customers.
NameThis is a human-readable name of the consent category that will also be visible to your customers on the consent page.
DescriptionDescription of the consent category that will also be visible to your customers on the consent page.
Public APIBy default, new consent categories have tracking of consents from public API disabled. In practice, this means that consent events with property source=public_api will be ignored or invalid.

We strongly recommend leaving this option disabled, because it is preventing attackers to change user consents at will by obtaining public API token. As an alternative, we recommend using either consent double opt-in or tracking of consents by API with a private key, which will be tracked as source=private_api.

Consent category name translation

If you use the same consent categories for multi-language audiences you can set up translations for their names so that the correct translation is shown to a particular customer. To set it up open the consent category as in the image below:

Legitimate interest

You can apply a legitimate interest to all your customers, or only a specific segment, using the filter in the "applies on" column.

Legitimate interest has the same configuration as consents except for the ‘Applies on’ in the settings. The remaining ones are the same as in the table above.

Applies onUse this setting to define on what segment of customers you want to apply this legitimate interest.
All customers - every customer in Bloomreach Engagement has this legitimate Interest
Filtered customers - only segment of customers defined by filter has the legitimate interest

Note that this filter is not static, but always reflects the actual state based on customers' behavior.

Opting in/out from a legitimate interest

Customers have an option to opt-in/opt-out from a legitimate interest in the same way as for consent. They are also visible on the consent page.


Important notice

Tracking of an explicit consent event containing a legitimate interest consent category will always override the legitimate interest filter.

What´s next?

Learn how to track consents and opt-outs.