GDPR – SUPRAVOX ON THE ROAD TO COMPLIANCE
GDPR : General Data Protection Regulation.
Protecting customer data remains a top priority for Supravox. Find out how Supravox works to comply with the GDPR.
Supravox is a French company with customers all over the world. As such, the protection of the personal data of our customers and employees is one of our priorities. In 2016, the European Union approved a new data protection law, the General Data Protection Regulation (GDPR), which applies to all organizations that collect the personal data of EU citizens. Since then, Supravox has been committed to being GDPR compliant. At Supravox, we know that proper implementation of this new regulation requires a cross-functional approach within our organization. To carry out this compliance initiative, we have therefore mobilized employees from several of our divisions : Products, Information Security, Legal, Compliance and IT. The cross-functional team thus created works closely with the various people involved in each of the functional units concerned to, on the one hand, examine all the Products, Operations and Suppliers impacted by the GDPR and, on the other hand, to ensure that the adequate level of compliance is achieved both enterprise-wide and system-wide.
Additionally, we are also working with external consultants and attorneys to ensure that Supravox meets the timelines for this project and that our efforts capture the required level of compliance. Based on the work done to date, we expect to be in compliance with GDPR requirements by July 15, 2018.
How is Supravox preparing for the GDPR ?
We conduct continuous compliance review and resulting actions leverage our existing investments in privacy, security, and operational processes necessary to meet the requirements of GDPR and other applicable regulations. As a company that processes data, Supravox is aware of its obligation to help its customers prepare for the change represented by the GDPR. We therefore currently provide our customers with several guarantees regarding the use of their personal data, in particular in terms of :
- Personal Data Processing Practices : Each of our online applications or software involves the collection, use, storage and disposal of personal data on a different level. We have carefully and scrupulously reviewed the personal data collection practices of each of these applications, we have documented the different sources of data and we have implemented automation measures to ensure that we are in compliance with the GDPR.
- Visibility and Transparency : One of the important aspects of GDPR is how personal data is used. Supravox is a company required to process data exclusively internally for its communication and promotion. In this context, our role is to provide our direct or indirect customers with one or more accesses from which they can not only manage but also effectively protect their personal data. We have therefore developed automated measures to optimize Supravox products without compromising performance, in order to be able to guarantee transparency to our customers.
- Improved data integrity and security : Supravox is aware of its duty to ensure the confidentiality and security of its customers' data. In this regard, we maintain both technical and organizational security practices and measures to protect the confidentiality, security, availability and integrity of the data of all our customers. We also streamline processes by implementing IT policies and procedures that support end-to-end data security.
- Portability and transferability of data : At Supravox, we believe that each end user should have the possibility of knowing, receiving, erasing or transferring all of their personal data. In this context, we are working on technical improvements that will support these capabilities.
Agreements on the processing of (personal) data : We have used important agreements on the processing of personal data in the past and are in the process of revising them to meet the requirements of the GDPR.
Google uses this information on our behalf to evaluate the use of our online offer by users, to compile reports on the activities of our online offer and to provide other services relating to the use of our online offer. this offer online and internet. The processed data makes it possible to create anonymous user profiles.
Google is certified to the Privacy Shield and thus offers the guarantee to comply with European data protection law.
Newsletters : The following information concerns the content of our Newsletter, the registration process, sending and statistical analysis as well as your rights of opposition. By subscribing to our Newsletter, you accept its receipt and the process described.
We send newsletters, e-mails and other electronic messages containing advertising information (hereinafter referred to as "newsletter") only with the consent of the recipients or a legal authorization. If the contents are concretely described in the context of a subscription to the newsletter, they are decisive for the consent of the users. In addition, our newsletters contain information on developments and offers from the machining sector as well as our services.
Subscription to our Newsletter uses a double opt-in procedure. Indeed, after your registration, you will receive an e-mail asking you to confirm your registration. This confirmation is necessary to avoid registrations with false e-mail addresses. Registrations for the Newsletter are recorded in order to be able to establish a connection process in accordance with legal requirements. This is the storage of the date of registration and confirmation as well as the IP address. Changes to your data stored by the shipping service provider are also logged.
Users who do not wish cookies to be stored on their computer are invited to deactivate the corresponding option in the settings of their browser. Saved cookies can be deleted from the browser settings. The absence of cookies may prevent you from fully benefiting from the functionalities of this online offer.
Facebook Social Plugins : Our online offer uses Social Plugins ("plugins") of the social network facebook.com, operated by Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland ("Facebook"), on the basis of our legitimate interests (i.e. our interests in the analysis, optimization and economic operation of our online offer). The plugins are recognizable by one of the Facebook logos (“white f” on blue square, “Like”, “Like” or “Thumbs up”) or are provided with the words “Facebook Social Plugin”. Find a list of Facebook Social Plugins and their appearance here: https://developers.facebook.com/docs/plugins/.
When a user calls up a function of this online offer that contains a plugin, his device establishes a direct connection to the Facebook servers. Facebook transmits the content of the plugin directly to the user's device, which integrates it into the online offer. The processed data makes it possible to create user profiles. We therefore have no influence on the volume of data collected by Facebook using this plugin and we inform users according to the state of our knowledge.
By integrating the plugin, Facebook is informed that a user has accessed the page of our online offer. If the user is logged in to Facebook, Facebook can associate this visit with the user's Facebook account. If the user interacts with the plugin, for example by clicking the "Like" button or adding a comment, this information is sent directly from your device to Facebook, where it is saved. If you are not a member of Facebook, it is still possible that Facebook learns your IP address and saves it.
For more information on the purpose and scope of data collection, processing and use by Facebook as well as your rights and related setting options for privacy control, see the Facebook information on this: https://www.facebook.com/about/privacy/.
Facebook is Privacy Shield certified and thus offers the guarantee to comply with European data protection law. If a user is a member of Facebook and does not want Facebook to collect information about him from our website and related to his data stored on Facebook, he must log out of Facebook before using our online offer and delete its cookies. The user can configure and oppose the use of data for advertising purposes in the settings of his Facebook profile: https://www.facebook.com/settings?tab=ads or on the American site http://www.aboutads.info/choices/ or the European site http://www.youronlinechoices.com/. The settings are platform-independent, i.e. they are saved on all devices, whether desktop or mobile.
Users are requested to inform themselves regularly about the content of the privacy statement.