• Document its processing through processing registers (article 30 of the GDPR)
• Minimize the data processed to process only that strictly necessary for the processing - Principle of data minimization (article 5 of the GDPR)
• Information of the persons concerned in accordance with Articles 12 and following ones of the GDPR
• Established processes to respond to requests for GDPR rights formulated by data subjects (article 15 and following of the GDPR)
• Put in place technical and organisational protection measures, in accordance with Article 32 of the GDPR.
Compliance and respect for private data is, for Blobr members as a whole, and for the two co-founders in particular, a top priority!
What we have put in place
1.1 Register of processing activities
The creation and maintenance of a register is an obligation of article 30 for the GDPR. This applies to all organisations that process personal data on a regular basis in the course of their activities.
This register has been established and maintained since April 2021.
1.2. Secure Data
What we have put in place, in accordance with article 32 of the GDPR, and following the CNIL recommendations:
• Sheet 2: Authenticating users
• Sheet 3: Manage authorizations
• Sheet 4: Trace accesses and manage incidents
• Sheet 10: Safeguard and plan for business continuity
• Sheet 11: Archive securely
• Sheet 12: Supervising the maintenance and destruction of data
• Sheet 16: Supervising IT developments
• Sheet 17: Encrypt, guarantee integrity or sign
The elementary precautions of each of these major axes are taken technically and humanly.
2) Compliance with subcontractors (article 28 of the GDPR)
According to Article 28 of the GDPR, we make sure that our subcontractors are in compliance with data protection rules. We have a strict and separate contract with each of them.
Our subcontractors today are:
AWS for the cloud part, contract (written by them) signed in June 2020
3) Subcontracting agreement with customers
If desired or required, we sign subcontracting agreements with our clients according to your or our contract template.
4) With regard to the persons concerned
We transmit all information relating to the processing to the persons concerned, and this in complete transparency, in accordance with Articles 12 following ones of the GDPR.The following information is transmitted in particular:
4.1. Data collected
• Sources of data that we collect:
• Usage data (back office or product monitoring as Hotjar and Hubspot)
• Marketing data
• Support tickets
To find out all the information that is collected, please refer to the ‘List of data’ file which transcribes the audit carried out together.
4.2. Purposes of processing
• Your data will be processed as part of the establishment of a customer monitoring solution for the Customer Success department. You will benefit from a dashboard summarizing your customer behavior and an alert system identifying consumption information about API users.
• Your data will also be processed as part of the continuous improvement of our solution (re-training every month).
• Your data will be kept for the duration of our commercial relationship, and for 3 years following the end of this relationship.
Those affected by the processing who so wish may exercise their GDPR rights provided for in Articles 15 and following ones of the GDPR. These individuals have the right to access, rectify, oppose, limit and delete data. of a personal nature concerning them, a right to the portability of their data, as well as a right to define directives relating to the fate of their personal data after his death.