The implementation of the General Data Protection Regulations (GDPR, also known by the acronym GDPR for internationalized companies) has turned the digital world upside down by imposing new legislation on all entities that collect data. In other words, it is all businesses (regardless of size) and all sectors of activity that are affected.
The services made available by CaptainVerify are widely used by e-merchants, start-ups or SMEs / VSEs whose collection of personal data is essential for the proper functioning of the business and that is why it is crucial that each data is collected, processed, stored and protected properly.
CaptainVerify being a third party actor and subcontractor through which your data can pass, it seems obvious that we are doing our best to apply the recommendations of the GDPR by deploying means commensurate with the security that we must guarantee you.
A pole dedicated to GDPR compliance
In order to continue to offer you services that comply with the rules and legislation that govern our businesses, CaptainVerify has surrounded itself with a dedicated advisory center made up of experts with specialized and diverse skills: Intellectual property law, NTIC (News Information and Communication Technologies), E-commerce regulation and protection of personal data.
From opt-in email databases to compliant GDPR databases
If so far we have already paid particular attention to the quality of the files we process and clean thanks to a rigorous and uncompromising anti-spam policy, we have already reviewed our general conditions of use in order to bring them into compliance with the new regulations.
As with our anti-spam policy that users of the services published by CaptainVerify undertake to respect without reserve or reservation, the new general conditions of use will condition the right to use our verification service without any exceptions or flexibility. be granted.
For existing customers, a communication will be sent to you very soon in order to submit the new contractual clauses which will protect your interests and the confidentiality of your data.
Actions based on the principle of accountability
The GDPR, applicable from May 25, 2018, establishes the principle of accountability which brings together a set of good practices intended to improve data protection. If this basic principle was already mentioned in texts prior to the GDPR such as the OECD in 1980, the ISO 29100 standard or the Standard of the Madrid International Conference, it is today based on 3 main principles in which the GDPR finds its foundation:
- Taking measures to comply with the GDPR: loyalty, transparency of processing, compliance with the principle of purposes, accuracy of data, compliance with retention periods.
- Evidence that appropriate action has been taken
- Flexibility: updating and continuous improvement of the measures implemented
Our commitments as a subcontractor
Processing of mapped customer data, for a transparent subcontracting register
As an entity collecting personal data, it will be necessary to be able to provide 3 types of GDPR registers:
- The data controller register
- The subcontractor's register
- The register of notifications of personal data breaches
As a subcontractor, CaptainVerify has set up a list of processing operations performed on personal data which is mapped into 3 main processing categories:
- Checking the validity of emails and mobile phone numbers
- Detailed verification statistics (verification result)
This register is regulated and we make sure that it contains all the information that must be kept.
Our actions make it possible to demonstrate that compliant GDPR measures have been taken and we are able to demonstrate their good implementation.
In compliance with the principle of flexibility and updating of data, the CaptainVerify platform has applied a policy of reduction of stored user data. Today, we can guarantee the security of your data on several levels:
All data stored and linked to user files as well as processed files is encrypted
Data storage policy
A policy for reducing stored personal data is already in place to collect the minimum amount of customer information and to keep it for the regulatory period of 90 days.
Payment data processing
Your bank details do not pass through our service at any time since the payment system is made by Stripe.
User data collection
Access to customer and user data on the platform is limited to the sole access of CaptainVerify employees and is protected by encryption
Protection of private life
You have the option of simply controlling your data. Access, rectification or erasure of your data can be done at any time via our contact form.