Potloc & the General Data Protection Regulation (GDPR)
All data collected by Potloc is processed in a secure manner. Potloc acts on several levels to ensure the security of your data is in accordance with GDPR.
1. General Privacy Statement
Potloc only retrieves the answers provided by respondents when interacting with our questionnaires. In addition, Potloc does not use a Software Development Kit (SDK), which means we do not have access to respondent profiles - interests, activities, etc.
Each respondent participates in our questionnaires on his or her own initiative. If the questionnaire requires the respondent to provide personal data, the respondent will be informed at the end of the questionnaire. The respondents will be informed that the data will be processed in accordance with GDPR, which guarantees the security of their data. In order to ensure compliance with our internal procedures, all Potloc processes, and documents relating to the GDPR have been approved by Gide®.
3. Data Access
The CNIL authorizes us to keep the data for a maximum of 3 years from the date of the last answer to one of our questionnaires was provided. However, a respondent may make a specific request to have his or her data deleted via the following dedicated contact email address: firstname.lastname@example.org.
A data deletion request form is also available here and a data recovery form is available here. If necessary, the deletion will be performed by Potloc within 24 hours. In addition, only a very limited list of employees have access to data at Potloc: each of them is bound by a privacy agreement drafted and approved by Gide®. The company for which the survey is conducted does not have access to the respondents’ personal data.
4. Procedure in the event of an incident
Everything is planned so that there are no security breaches. Nevertheless, the law stipulates that a document setting out the procedure to be followed in the event of hacking must be drawn up in every organization. Our “Data Breach Procedure” therefore aims to detail the procedure to follow in case of database hacking, in accordance with the law.
A few points to keep in mind:
- Mapping of personal data summarizing where personal data is stored at Potloc
- Drafting of a charter of good practices for employees, including sanctions in the event of non-compliance with the law
- Implementing clauses in the contracts of our subcontractors guaranteeing that they comply with the legal provisions concerning the data they entrust to you
- Appointing of a Data Protection Officer (DPO) whose role is to ensure the compliance of data processing
- Guaranteeing of individual rights: the right to be forgotten (deletion), right to data portability (recovery), the respondent can request that his data be deleted from our server, or to recover all data that Potloc possesses
- Keeping a data log: linked to the personal data card, the log specifies who has access to what, for how long, and for what purpose Potloc keeps such data
- Preparing for a potential data breach: implementation of the Data Breach Procedure, activated in case of a personal data breach. This universal document is mandatory, its content is specific to each company