The General Data Protection Regulation (GDPR) n° 2016/679 dated April 27th, 2016 became effective on May 25th last year, also modifying law n°78-17 of January 6th, 1978 relative to information technology, data files and liberties.
Here are the main actions required on your Store Locator to ensure full compliance with the GDPR and the new standards dictated by the CNIL :
I-A cookie banner in compliance with the new CNIL standards
What exactly do these new standards consist of?
Article 82 of the Data Protection Act transposes into French law Article 5.3 of Directive 2002/58/EC on privacy and electronic communications (or "ePrivacy"). It provides in particular for the obligation, subject to certain exceptions, to obtain the consent of Internet users before any operation involving the writing or reading of cookies and other tracers.
In the context of the services that we provide to our Customers on the BRIDGE platform and Store Locators, and in our capacity as a subcontractor with regard to the processing of personal data, we recommend that you implement these new specific measures on your BRIDGE Store Locator in order to bring you into compliance with the new regulations.
The deadline for compliance with the new rules dictated by the CNIL should be respected by the end of March 2021 at the latest.
While the CNIL will take into account the operational difficulties of operators during this period, during which it will give priority to support rather than controls, it reserves the possibility, in accordance with the case law of the Council of State, to prosecute certain breaches, particularly in the event of a particularly serious breach of the right to privacy (CE, 16 October 2019, n° 433069, Rec.). In addition, the CNIL will continue to prosecute breaches of the rules on cookies prior to the entry into force of the RGPD, informed by its recommendation of 5 December 2013.
For any questions relating to the new standards dictated by the CNIL, we invite you to discover the dedicated article in our help centre.
II-The transparency of your company's information and the use of personal data
Leadformance, a subsidiary of the Solocal group, decided a long time ago to ensure the protection of personal data and incorporated this in its governance.
In the framework of our services to our Clients on the BRIDGE platform and the Store Locators and as a subcontractor in terms of processing personal data, we have listed below the measures that we recommend you implement on the platform in order to comply with the new regulation.
To respect your obligations of information and transparency relative to the persons concerned by the processing of personal data on your Store Locator, we recommend that, as data controller, you put the following on your Store Locator:
- “Data Protection” and “Cookie Information” pages
- an information notice informing the persons concerned of the processing of their personal data at the bottom of each form available on your Store Locator (contact forms, contact detail request form and newsletter registration forms).
- information for the persons concerned at the bottom of each email sent to prospects (emails confirming that contact requests have been received and emails with a personal response following a contact request).
III-Anonymisation and the duration of storage of prospect's personal data on the BRIDGE platform
Our platform allows the anonymisation of prospect’s personal data in compliance with the GDPR at the end of the conservation period you have set. We recommend the following conservation periods:
- 13 months from the prospect’s last traced activity (contact request form, email in response sent by the prospect)
- 3 months from reception of an email from the prospect subscribing to a newsletter.
To help you comply with your obligations as a data controller, you can contact the Support Team to find the standard documents (Personal Data Protection Policy, Cookie Info Page, Information Notices) that you can put on line on your Store Locator. If you use these, you will first have to adapt and fill in the documents/notices for the specificities of your Store Locator and the personal data processing that you implement on it and on the BRIDGE platform.
For any question relating to the RGPD, you can write to us at the following address firstname.lastname@example.org.
For any question relating to the implementation of these measures on your BRIDGE Store Locator, please contact the Support team.
We wish you a wonderful day from the BRIDGE by SOLOCAL team