CaptainVerify and the GDPR

The introduction of the General Data Protection Regulation (GDPR for internationalized companies) is shaking up the digital world by imposing new legislation on all entities collecting data. In other words, it is all companies (regardless of size) and all business sectors that are involved.

The services provided by CaptainVerify are widely used by e-merchants, start-ups or small company whose collection of personal data is essential to the proper functioning of the company and that is why it is crucial that each piece of data is collected, processed, stored and protected properly.

Since CaptainVerify is a third-party player and subcontractor through which your data can transit, it seems obvious that we are doing our utmost to implement the recommendations of the GDPR by deploying means at the height of the security that we owe you guarantee.

A pole dedicated to GDPR compliance

In order to continue to offer you services that comply with the rules and legislation that govern our businesses, CaptainVerify is surrounded by a dedicated consulting center made up of experts with specialized and diverse skills: Intellectual Property Law, NTIC (New Information and Communication Technologies), e-commerce Regulation and protection of personal data.

Opt-in mail databases at compliant GDPR databases

So far, we have been paying special attention to the quality of the files we are processing and cleaning thanks to a antispam policy rigorous and uncompromising, we have already reviewed our terms of use to bring them into compliance with the new regulations.

As for our anti-spam policy that the users of the services published by CaptainVerify undertake to respect without restraint or reserve, the new general conditions of use will condition the right to use our verification service without any exception no flexibility be granted.

For existing customers, a communication will be sent to you very soon to submit you the new contractual clauses that will protect your interests and the confidentiality of your data.

Actions based on the principle of accountability

The GDPR, applicable from May 25, 2018, establishes the principle of accountability, which brings together a set of best practices to improve data protection. While this basic principle was already mentioned in pre-GDPR texts such as the OECD in 1980, the ISO 29100 standard or the Madrid International Conference Standard, today it is based on three main principles in which the GDPR finds its foundation:

  • Taking steps to comply with the GDPR: fairness, transparency of processing, respect for the purpose principle, accuracy of data, respect of retention periods.
  • Evidence that appropriate measures have actually been taken
  • Flexibility: updating and continuous improvement of the implemented measures

Our commitments as a subcontractor

Mapped client data processes for a transparent subcontractor registry

As an entity collecting personal data, it will be necessary to be able to provide 3 types of GDPR registers:

  • The controller registry
  • The Subcontractor Registry
  • The registry of notifications of personal data breaches

As a subcontractor, CaptainVerify has put in place a list of treatments carried out on personal data which is mapped into 3 main categories of treatment:

  • Verifying the validity of emails and mobile numbers
  • Detailed verification statistics (verification result)
  • Billing

This registry is regulated and we make sure it contains all the information that needs to be kept.

Our actions demonstrate that compliant GDPR measures have been taken and we are able to prove that they have been implemented properly.

Our commitment to collecting user data

In keeping with the principle of flexibility and updating of data, the platform CaptainVerify has applied a policy of reduction of stored user data. Today, we can guarantee the security of your data at many levels:

Data encryption

All data stored and related to user files and processed files is encrypted

Data Storage Policy

A policy for reducing stored personal data is already in place to collect the minimum amount of customer information and to keep it for the 90-day regulatory period

Processing Payment Data

Your bank details do not pass at any time through our service since the payment system is made by Braintree subsidiary of Paypal.

Collection of user data

Access to platform client and user data is limited to only access by CaptainVerify employees and is protected by encryption

Protection of privacy

You have the ability to simply control your data. Access, rectification or erasure of your data can be done at any time via our contact form.