The General Data Protection Regulation 2016/679 concerning the protection of natural persons with regard to the processing of personal data and the free movement of such data (hereinafter referred to as "GDPR") was enacted on April 27, 2016, and came into effect on May 25, 2018.
The GDPR applies to legal entities, such as European companies, as well as to companies outside the European Union that process the data of European citizens.
It provides better protection, harmonized across the member countries of the European Union, of personal data of their citizens and offers them better control over it. It strengthens and complements Data Protection in France, which has been enforced since 1978 by the Data Protection Act.
It imposes respect for certain fundamental principles on legal entities that process personal data.
What are these principles? How to ensure compliance with them? How does Skeepers' BRAND COMMUNITIES solution act as a GDPR-compliant tool?
Security by design
Skeepers ensures adequate security of personal data processed on the BRAND COMMUNITIES platform, including protection against unauthorized or unlawful processing and against accidental loss, destruction, or damage, through appropriate technical or organizational measures (integrity and confidentiality). Request our documentation on data security ensured by Skeepers (ISSP, PAS, etc.): security@skeepers.io
For information on the security at our hosting providers:
https://learn.microsoft.com/fr-fr/azure/security/fundamentals/physical-security
Data is encrypted in transit and at rest (SSL and SHA1 for passwords). See Azure encryption: https://learn.microsoft.com/en-us/azure/security/fundamentals/encryption-overview
Privacy by design
- A determined, explicit, and legitimate purpose of processing: BRAND COMMUNITIES is a SaaS solution for community platform engagement, allowing the Client to benefit from content created by their Consumers that presents and/or mentions the Client's products. The concerned individuals register on the Platform (contractual basis) and accept the General Terms of Use, for which a template is provided. For more information on the processing operations: Personal data processing agreement (table p13 and following)
-
Data minimization by design: BRAND COMMUNITIES is a solution designed to collect, by design, only accurate, adequate, relevant, and limited data necessary for joining its community platform (name, first name, nickname, email, USER ID/referral code, complete address if product shipment). Consumers can freely provide additional information (such as gender, date of birth, location, social media, biography, profile photo, etc.). Finally, Clients may also collect additional data according to their specific needs (e.g., skin type, skin issues/sensitivity, age range, etc.).
Data classified as "sensitive" under the GDPR, such as data "revealing racial or ethnic origin, [...], or health data [...]" require obtaining the prior consent of consumers before processing by the Client.
For more information on the processed data: Personal data processing agreement (table p13 and following)
- Data relevance over time (retention limitation): the data collected must be both accurate, up-to-date, and kept for no longer than necessary in relation to the purposes for which they are processed. Consumers' personal data can be updated by them at any time from their personal space. Data is retained throughout their activity on the Platform. Consumers can request the deletion of their data at any time, and in any case, it is deleted after 36 months of inactivity on their user account.
-
Informing the data subjects (lawfulness, fairness, transparency): as a Data Controller, the Client is subject to a transparency obligation as outlined in articles 12 and following of the GDPR.
The Client can provide information on the data processing it performs by using the BRAND COMMUNITIES Solution in a Privacy Policy, with a link that can be added to the community platform registration page where the Policy can be hosted. Skeepers can provide a standard Privacy Policy template for its Solution by contacting privacy@skeepers.io
- Accountability: The GDPR requires the use of a register to accurately record the personal data processing activities you carry out ("Processing Register"). Maintaining a Processing Register allows you to know how you use personal data and assess its relevance to the intended purposes (more information on the CNIL website). Skeepers can provide a standard Processing Register template for its Solution by contacting privacy@skeepers.io
Cookies
On the Platform, BRAND COMMUNITIES places the following cookies on Users' devices:
- Login cookie (technical cookie, consent is not required)
- Tracking cookies (Google Analytics) consent is required.
BRAND COMMUNITIES implements its own cookie banner, allowing Users to refuse or accept trackers, but the Client may also integrate their own on the Platform.
The Client can also install their own tracking tool.
For more information on BRAND COMMUNITIES's cookies, please refer to the following page:
https://tokywoky.notion.site/List-of-cookies-used-85cfe4a1fdd3477a963e135337aabb8e?pvs=74