The General Data Protection Regulation 2016/679 (GDPR) governs the protection of natural persons regarding the processing of personal data and the free movement of such data.
Enacted on April 27, 2016, it came into effect on May 25, 2018.
The GDPR applies to legal entities:
- Companies established within the European Union
- Companies outside the European Union that process data of European citizens
It aims to ensure better and harmonized protection and control over personal data across the member countries of the European Union. It strengthens anc complements the French Data Protection Act of 1978.
Legal entities that process personal data must comply with fundamental principles. This article explains these principles and how Brand Communities contributes to GDPR compliance.
Security by design
Skeepers ensures adequate security of personal data processed on the Brand Communities platform, including:
- Protection against any unauthorized or unlawful processing
- Protection against loss, destruction, or accidental damage
- Guarantee of data integrity and confidentiality (using appropriate technical or organizational measures)
All data is encrypted in transit and at rest (SSL and SHA1 to protect passwords).
Full documentation on data security provided by Skeepers (ISSP, PAS, etc.) can be requested at security@skeepers.io
For information on the security of our hosting providers:
- Microsoft Azure: https://learn.microsoft.com/fr-fr/azure/security/fundamentals/physical-security
- Azure Encryption: https://learn.microsoft.com/en-us/azure/security/fundamentals/encryption-overview
Privacy by design
Determined, explicit and legitimate purpose
Brand Communities is a SaaS solution for community platform management. It allows the Client to benefit from content created by its Consumers presenting and/or mentioning the Client’s products.
Concerned individuals register on the platform (contractual basis) and accept the General Terms of Use (a template is provided).
For more information on the processing carried out:
Agreement on the processing of personal data (table p13 and following)
Data minimization by design
Brand Communities was designed to collect, by design, only accurate, adequate, relevant, and limited data necessary to join the community platform (last name, first name, username, email, USER ID/referral code, full address if product shipment is required).
Users may freely provide additional information (gender, date of birth, location, social networks, biography, profile picture, etc.).
The Client may also collect additional data according to specific needs (e.g., skin type, skin problems/sensitivity, age range, etc.).
Data classified as “sensitive” under the GDPR, such as data that “reveals racial or ethnic origin, […] health data […]” requires prior consent from Users before processing by the Client.
For more information on the data processed:
Agreement on the processing of personal data (table p13 and following)
Data retention limitation (data relevance over time)
Collected data must be accurate, kept up to date, and stored only for the period necessary for the purposes for which it is processed.
Users (Consumers) may:
- Update their data at any time from their personal account
- Request the deletion of their data at any time, in any case
Data is retained for the duration of the user’s activity on the platform. Data is deleted after 36 months of inactivity on the User account.
Information to data subjects (lawfulness, fairness, transparency)
As the Data Controller, the Client is subject to the transparency obligation set out in Articles 12 and following of the GDPR.
The Client may:
- Provide information about data processing carried out using Brand Communities through a Privacy Policy
- Insert a link to this Privacy Policy on the registration page of the community platform
- Host the Privacy Policy directly on the community platform
Skeepers can provide a template Privacy Policy for Brand Communities by contacting privacy@skeepers.io
Accountability
The GDPR requires the use of a register to accurately record all personal data processing activities (“Processing Register”). Maintaining a Processing Register allows to:
- Record all personal data processing activities
- Verify the relevance of the data in relation to the intended purposes (more information on the CNIL website)
- Ensure traceability and compliance
Skeepers can provide a template Processing Register by contacting privacy@skeepers.io
Cookie Management
Brand Communities uses and places various platform cookies on Users’ devices:
- Login cookie (technical cookie), consent is not required
- Tracking cookies (Google Analytics), consent is required
Brand Communities implements its own cookie banner, allowing Users to accept or refuse cookies. The Client can integrate their own cookie banner or use their own tracking tool.
More information about Brand Communities cookies.