Document Version 4.3.5 - Applies to Platform V4.x
Last document update

This document is in progress; Missing : new User data in v4.4 + External users + Conversations

For V3.x to 4.3.3 platform, please refer to previous version 3.5.6 - Last updated - December 3rd, 2018

DATA PROTECTION GUIDE

This guide describes the principles and rules of personal data protection at Popsell to ensure GDPR compliance:

  • Personal data processing in the Popsell Platform

  • Popsell internal processes to ensure Data Privacy and Protection

This document gives exhaustive information in addition to the Privacy Policy available on the http://popsell.com web site and all the Brand dedicated platforms.

TABLE OF CONTENTS


GENERAL PROCESS

What is Popsell?

Popsell is a SAAS provider, which runs a web platform dedicated to brands, retail or direct selling companies (all designated as ‘Brand in this document). In addition to being a SAAS provider, Popsell can also provide services to the users: support (level 2) and community management on behalf of the Brand.

The purpose of Popsell is to enable their users to become brand ambassadors, sale advisors or resellers on behalf of the brand.

Who uses the Popsell platform?

Users of the Popsell platform, which are recorded in the Popsell databases, are called 'Users', and are identified by their ’Role'.

  • Members’ are the Users who have an access to the Popsell platform (User roles from 0 to 6).

  • External Users’ are the Users who only interact with Popsell through widgets embedded in a Brand website or app (User roles 7 and 8).

Role no.

Role name

Description

0

Ambassador (Member)

Usually a Brand customer or a prospect.
They can act as Brand promoters, or they can remain simple members of the platform who participate in the community or buy products from the brand.

Ambassadors are never under contract with the Brand, and GDPR always applies.

He/She has verified credentials to access the Popsell platform, and has accepted the Popsell Terms and Conditions.

1

Employee (Member)

An employee of the Brand, or someone under contract with the Brand.

He/She has verified credentials to access the Popsell platform, and has accepted the Popsell Terms and Conditions.

2

Administrator (Member)

An employee in charge of administering the platform, with additional rights. He is considered to be under contract with the Brand.

He/She has verified credentials to access the Popsell platform, and has accepted the Popsell Terms and Conditions.

3

Vendor (Member)

Depends on the scenario which applies to the Brand

  1. An employee who works as a sales representative, or a sales assistant in a shop (Standard scenario)

  2. A Home Seller (Direct sales scenario) who will use the Popsell platform to promote the Brand and grow his/her sales.

  3. A member who has purchased a product, which has given him/her the right to sell in turn (Selective sales scenarios)

Case 1 and 2 : they are considered as being under contract with the Brand.
Case 3 : they are not under contract, and GDPR rules apply.

He/She has verified credentials to access the Popsell platform, and has accepted the Popsell Terms and Conditions.

The “pro" field in the Brand table determines which scenario applies according to its value :

  • pro = 0 : Classic scenario. Vendors are under contract with the Brand

  • pro = 2 : Direct selling scenario. Vendors are under contract with the Brand

  • pro = 3 or pro = 4 : Selective sale scenarios. Vendors are not under contract with the Brand, and are subject to RGPD.

4

Shop manager (Member)

A shop manager (under contract with the Brand)

He/She has verified credentials to access the Popsell platform, and has accepted the Popsell Terms and Conditions.

5

Manager (Member)

Usually an employee who works as a manager. This role can be used for various purposes (under contract with the Brand)

He/She has verified credentials to access the Popsell platform, and has accepted the Popsell Terms and Conditions.

6

Expert (Member)

Usually an expert or an Influencer who works on behalf of the Brand (someone under Contract with the Brand).

He/She has verified credentials to access the Popsell platform, and has accepted the Popsell Terms and Conditions.

7

Client (External user)

A Brand customer or prospect, who has an account on an external system, usually an e-Commerce website.

This user does not have any access to the Popsell Platform. He only interacts through Popsell widgets embedded on a Brand site.

He/she has accepted the Brand Terms and Conditions (which may include Popsell specific clauses) or has at least accepted a Popsell user policy dedicated to the service accessible via the Widget.

8

Temporary account (External user)

An unauthenticated visitor of the Brand website, who only interacts through Popsell widgets.
He/she does not have an account, neither on the website nor on the platform.
However, he has accepted a Popsell user policy dedicated to the service accessible via the Widget. Popsell may ask for his firstname and/or his email address, which are stored for a very short period of time, and for a use limited to that described in the Widget's policy.

Members may manage their contacts (designated as ‘Contacts in this document) who can come from different sources, as described further in this document. These Contacts may opt-in or opt-out from the Popsell platform.

Responsibilities

The Brand and Popsell are jointly responsible for the processing carried out on the personal data collected via the Popsell Platform and widgets, including Users and their Contacts.

Popsell ensures that its platform, services and processes meet the requirements of the GDPR rules. The Popsell platform will collect data and consents, manage access rights, revoke consents and delete data according to the rules and processes described in this document. Popsell is responsible to respond to requests to exercise the rights defined in articles 15 to 22 of the GDPR.

Brand partitioned databases

Each Brand uses an independent instance operated by Popsell. The platform is white-labeled, and all the data collected remain partitioned for each Brand.

Personal data in the Popsell platform

Personal data in the Popsell platform are divided into two databases:

  • Users data

  • Contacts data

Members:

Members sign up into a Popsell platform, they must accept the Popsell Terms & Conditions, and are warned about the personal data processes.

External users :

External users only interact with Popsell through widgets embedded in a Brand website. They must accept a specific Widget Policy (which can also be integrated in the Brand T&C).

Member’s contacts:

Once they are registered, Members can build their own publications, using personal content or content provided by the Brand. These publications are shared to their personal or professional networks through the use of social media platforms or emailing. To enable them to send publications by email, personal data is collected in a contact management feature (designated as the ‘CRM in this document). Data collection processes are further detailed in this document.

PERSONAL DATA IN THE POPSELL PLATFORM

Members data

Members’ personal data collected into the Popsell database:

Data

Comments

Creation date

Date when member signed up into the platform

Gender

Required or Not asked for, depending on Brand configuration

Data not erased when member is deleted

First name

Required
See Last name comments for deletion

Last name

Required or Optional, depending on Brand configuration.

First name and Last name are erased when the user is deleted (i.e.: unsubscription, blocked, etc.) only for the following roles : 0 (Ambassador), 7 (Client), 8 (Temporary account).
First name and Last name are not erased for roles 1 to 6 (employees, vendors, etc., i.e. people under contract with the Brand.).

Alias

Optional or Not asked for, depending on Brand configuration

Password

Password are always hashed by a BCrypt algorithm.

Required unless Facebook/Google/Apple login or SSO (Single Sign On)

Customer ID

Optional (unless required by the Brand)

Hashed data kept when member is deleted

Social ID

Facebook ID, Apple ID or Google ID.

Optional. Hashed data is kept when member is deleted

Email address

Required (hashed data is kept when member is deleted)

The email address is always verified (through a double opt-in process, or via a social media login process)

Hashed data kept when member is deleted

Address

 

Address, city, postal code and country

Optional

Data is erased except city and postal code when member is deleted.

Language

Preferred language

Date of birth

Optional (unless required by brand)

Day and month erased when member is deleted

T&C

Whether Terms & conditions have been accepted or not.

Unless a signup has been interrupted, all members in the database must have accepted Popsell T&C. If not, access is not permitted.

Profile photo

Optional

Uploaded by the Member or imported from Social media if signup with Social login e.g.. Facebook

File deleted when ambassador deleted

About

Ambassador’s short description (self-entered – optional)

Data deleted when ambassador deleted

Interests

Optional (unless required by brand)

Position

Position in the Brand organization

Optional (unless required by brand)

IBAN

IBAN number Deprecated since Popsell V4.0, Nov 2020.

Community visibility opt-out

Enables a member to hide all his data to other members of the Brand community :

  • “Hide my events in the live stream”

  • “Hide me from the community”

Check boxes are not checked by default (opt-in during signup, in terms & conditions)

Communication opt-ins

Enables a member to opt-out to communications sent by the platform (opt-in during signup, in terms & conditions)

  • Receive newsletters by email

  • Enable events notifications

  • Enable challenges notifications

  • Enable notifications for each new comments

Social media access granted

Deprecated since Popsell v4.0, Nov 2020

TBD

New data in Popsell 4.4 TBD - Also Add Phone Number missing

External Users data

Clients

Data for brand customers (Clients) may be collected through the use of Brand APIs or Popsell APIs.

All the data described above for Members may apply to these clients, always on an optional basis, depending on the use of the APIs to collect data.

Temporary accounts

Data collected for temporary accounts:

Data

Comments

First name

Optional. May be collected through Chat widgets.
Data is never kept in the database for more than a few days.

Email address

Optional. May be collected through Chat widgets.

The email address is never verified (no double opt-in process).

Its usage is strictly limited to sending a notification when a Member replies to a chat message.
Data is never kept in the database for more than a few days.

Email and Temporary Email addresses

Two different columns are used to store email addresses in the Popsell databases:

  • email: this field is used to store email addresses used by Members, who have necessarily agreed to the Popsell Terms and Conditions. This email has always been verified via a double opt-in (Popsell built-in, via a Social Media authentication or via a Brand verification process).

  • email_tmp: temporary emails are associated with External users (clients or temp accounts) who did not accept the General Terms and Conditions of the Popsell platform (only consent to the brand T&C or a charter limited to the use of the Popsell Widgets).

Separating email and email_temp makes it possible to ensure that no use will be made of it apart from the granted rights.

Members activity

Throughout the use of the Popsell Platform, an ambassador generates various data and contents:

Data

Comments

Publication

Members can create their own publications, posted on social medias or sent by email.
A publication is a collection of Brand contents (photos, videos), UGCs (see below) and a personal comment always manually entered by the Member.

UGC

Members can upload their own personal photos (UGC = User Generated Content) and share it in a publication.

These UGCs are stored on Popsell servers.

UGCs remain the property of the Members, but the Brand have the rights to re-use them, as specified by a specific contest or challenge, or in the Terms and Conditions.

In that case, the member will be warned and will consent that his UGCs can be reused, for the usage and duration specified.

Community comments and likes

Publications displayed to other members can be liked and commented on the community flow.

Activity logs

IP address and ‘user-agent’ (browser characteristics) are collected on the Popsell database. They are used by an anti-fraud monitoring algorithm.

IP addresses are always hashed as soon as they are collected.

Score, badges

Activity of the Members are compiled in a gamification program, which generates the following data :

  • score,

  • badges earned

  • level reached

  • awards

Conversations

TBD

Contact data

This table lists all the data that can be collected into the Members‘contacts database.

Each field is optional, it is only required to have at least one data filled.

Data

Comments

Member

Reference to the unique Member who owns this contact.

If a same contact has been entered by more than one Member, then the data will be stored twice.

First name

 

Last name

 

Email address

Hashed data is kept when contact is deleted

Email status

Status received from previous emails :

  • Spam (contact has marked email as spam)

  • Hard Bounce (wrong email address or other definitive errors)

  • Soft bounce (temporary errors, e.g. full mailbox)

  • Blocked

  • Email address not verified

This status is displayed to the Member in the CRM, but the Member is not able to send emails to a contact with a blocked status.

Only a Soft bounce can be released manually by the Member in the CRM.

Customer ID

Customer reference in the brand database

Member opt-in

If the contact has accepted to be contacted by the Member.

Values :

  • New record (no known status)

  • Invitation sent (no known status)

  • Invitation accepted (opted-in)

  • Invitation declined (opted-out)

  • Opt-out from an email (opted-out)

  • Opt-out no action from an invitation email (opted-out)

  • Global opt-out (if the contact has opted-out from a Member’s publication and has also chosen to opt-out from all the Members of this brand).

  • Social media only

  • Opt-in from Brand - imported (opted-in)

  • Opt-in from blog popin pending email verification (temporary opted-out)

  • Opt-in from blog popin + email verified (opted-in)

  • Opt-in from internal form (opted-in)

  • Opt-in from external form (opted-in)

  • Opt-in from order (opted-in)

  • Opt-in from order pop-in (opted-in)

  • Other Opt-in (opt-in obtained by various means)

  • Storage only : no opt-in obtained, but data can be stored in the Popsell database because the Contact has been implicitly informed of the storage

Date Member opt-in

Date for the last opt-in or opt-out status.

Brand opt-in

If the contact has accepted to let his personal data be stored by the brand and has accepted to receive emails from the brand.
This data can be imported from the Brand database or obtained on the Popsell platform.

Values :

  • No opt-in (contact data is hidden to the Brand on the Popsell Manager)

  • Opt-in for communications – from Popsell blog (contact is displayed to the Brand)

  • Opt-in for communications – from Popsell internal form (contact is displayed to the Brand)

  • Opt-in for communications – from Popsell external form (contact is displayed to the Brand)

  • Opt-in for communications – from the brand database (contact is displayed to the Brand)

  • Opt-in for storage only, contact has been implicitly informed of the storage of his data (contact is displayed to the Brand)

Date brand opt-in

Date for the last opt-in or opt-out status.

Partners opt-in

V4 Deprecated

Date partners opt-in

V4 Deprecated

Contact type

Hostess, Customer, Prospect : only used in direct selling scenarios

Comments

Text area that can be filled by the Member

Address

Address, city, postal code and country

Data is erased except postal code and city when contact is deleted

Mobile phone

 

Home phone

 

Tags

Tags (keywords) can be created by a Member and manually assigned to his contacts.

Interactions history

List of publications sent by email to this contact.
Interactions for each email (view, click).

Sales history

Online orders or store purchase made following an Member’s publication.

Date and amount of order :
no other detail if displayed in the CRM

List of products purchased :
displayed in the Popsell Manager only

Change history

Created by (manually, from a social media, etc.), modified by, date record has been created or modified.

Contacts black list

This table contains some extra information about contact consents:

  • Global opt-out: if a contact has decided not to receive any publications from any Member, this information is stored in this table (email address is hashed). This enables to block future Members that would import again a contact who opted-out.

  • Email callbacks: if a definitive error (spam, hard bounce, block) has been returned by the messaging platform, this information is stored to ensure to block any future communications (email address is hashed).

MEMBERS DATA COLLECTION MECHANISMS

Introduction

Members’ data can be collected through 3 different mechanisms:

  • Signup forms: data is manually entered by the Member. His email address is verified by a double opt-in (email sent with a link to confirm the registration)

  • Facebook Login + additional data manually entered if needed

  • Single Sign On (SSO): see details below

 

In all cases, Popsell Terms and Conditions must be accepted to enable account creation.

Single Sign On

SSO mechanism enables to rely on the credentials used by a user on a Brand platform (e-commerce platform, Extranet …) to authenticate on the Popsell Platform.

SSO enables:

  • Account provisioning (Member data is collected and saved in the Popsell database on first connection),

  • Automatic login (without having to re-enter credentials)

  • Data update (data updated on the Brand database are synchronized to the Popsell database)

  • Account deletion (if an account has been deleted on the Brand database, the account and his personal data will also be deleted in the Popsell database).

Please refer to the Popsell SSO Guide for further details.

Registration white List

The Popsell platform enables a Brand to control who is authorized to sign up as a Member:

  • List of email addresses authorized (data hashed in the database)

  • List of customer ID authorized (e.g. employee ID or Loyalty program ID)

  • SSO process can be set in an exclusive mode (which means that SSO is the only possible way to sign up) thus ensuring that only members of the Brand database can sign up. 

CONTACTS DATA COLLECTION MECHANISMS

Introduction

Member’s contacts data can be collected through several mechanisms. Contacts are saved in the Popsell database and Members can see their own contacts in the CRM page. Brand administrators can only see the contacts with a Brand opt-in in the Popsell Manager, contacts without a Brand opt-in are hidden.

1| Manually entered in the CRM

Data is manually entered by a member in a CRM form.

At that time, if the contact has a valid email address, then the Member is proposed to send an invitation email. The ambassador must send an invitation email within a 30 days period or the contact will be deleted from the database (data is deleted).

For specific Direct Selling scenarios, it will be possible to manually enter an opt-in, if the consent has been obtained via an external process. (Not available at the moment in current version of the Popsell platform).

As of version 4.0, it is not possible to manually enter new contacts. This functionality is deprecated but it is not excluded that this will be reactivated if necessary in a later version.

2| Manually imported from a private contact list

This option is deprecated since version 4.0 (November 2020)

3| Automatic imported from an external Brand database

A data synchronization process can be setup with the Brand, in order to import and regularly update contacts data, from a database owned by the Brand.

When the contacts are synchronized, an opt-in status is sent.
In the Popsell database, this opt-in status is assigned to both Member opt-in and Brand opt-in. If no opt-in is imported from the Brand database, then the Member opt-in is set to “New” and Brand opt-in status is set to 'Storage only' in the Popsell database.

This feature is only available for direct selling scenarios (Members are sales representatives of the Brand) or for employees (professionals employed by the Brand or sub-contractors).

4| Imported from Social networks

This option is deprecated since version 4.0 (November 2020)

5| Created from a Member’s e-shop

This option is deprecated since version 4.0 (November 2020)

6| Created during the order process

TBD : diff V3 Process with contacts vs V4.4 process through amb Role 7/8

When a new contact places an order on the Brand web site (after having seen an ambassador’s publication), his contact details can be exported to the Popsell database through a web service.

Depending on how the web service is called (each Brand can implement it specifically), the following data may be exported:

  • First name and last name

  • Email address

  • Order amount and product details

  • Brand opt-in

 

All the data is stored in the Popsell database, and the following values are set for opt-ins:

  • If Brand opt-in parameter value is True, then

o   Ambassador opt-in is set to “optin from order”

o   Brand opt-in is set to “optin from brand database”

  • If Brand opt-in parameter is False, or if Brand opt-in parameter is not set:

o   Both Ambassador and Brand opt-ins are set to “Storage only”

7| Created after a store purchase

TBD : Difference V3 Process with contacts vs V4.4 process through amb Role 7/8

In some cases, store purchases can be tracked. They can only be tracked if the contact generates a voucher and presents it to the store assistant during checkout. To be able to generate the voucher, the contact must already be in the Ambassador’s database (with opt-in).

8| Created from an external form

A Member can lead users to a specific form in an external website, e.g. subscription to a newsletter, subscription to a loyalty program, participation in a game…

Data collected depends on the implementation of the specific form.

All the data is stored in the Popsell database (storage allowed), and the following values are set for opt-ins:

  • Member opt-in is set to New (unless Member opt-in asked for in the form)

  • Brand opt-in is set to ‘storage only’ (unless Brand opt-in asked for in the form)

As of version 4.0, this functionality is deprecated but it is not excluded that this will be reactivated if necessary in a later version.

USERS DATA DELETION PROCESS

Deleted vs Hashed

Users and Contacts data are never completely removed from the database (soft deletes only). Instead, data is erased or hashed, which means that it is anonymized with an encryption algorithm that cannot be decrypted.

Popsell uses a sha-256 algorithm to hash the data (except passwords which are BCrypt hashed).

Data is erased or hashed instead of being removed from the database:

  1. to enable statistics,

  2. to keep opt-out information usable (for example, if a contact opted-out, we must prevent another Member to re-enter or import the same information. This remains possible by comparing hashed data)

Difference between Users under contract and general public

First Name and Last name are treated differently depending on whether it is a person under contract (employee, vendor, manager, etc.) or the general public (ambassador, client, …).

As long as the Brand has an active platform with Popsell, Firstname and Lastname are kept in the databases for roles 1 to 6. They are erased for roles 0, 7 and 8 when the account is not active any more.

Member unsubscription

A Member can unsubscribe from the Popsell platform. Access is immediately blocked, and his personal data is deleted (hashed) within 7 days (to enable a rollback in case of mishandling). All his contacts are also deleted, except those having an opt-in for the Brand.

The duration is set to 7 days by default, but can be changed in the platform configuration for the Brand.

End of contract of an employee or a sales representative

If a Brand employee or a sales representative terminates his contract with the Brand, the Brand must delete it manually in the Popsell Back Office, or give the information to Popsell to enable the deletion of his personal data.

This operation can be done automatically if an SSO process has been setup with Popsell.

Account access is immediately blocked, but data is deleted within a delay of 7 days, to enable a rollback in case of mishandling. 

The duration is set to 7 days by default, but can be changed in the platform configuration for the Brand.

End of contract between Popsell and the Brand

Should the contract between Popsell and the Brand terminate, all personal data (Users and Contacts) will be deleted (hashed) within a delay of 7 days, to enable a rollback in case of mishandling

Program suspended

If the program is suspended for any reason, and planned to be relaunched soon, data can be kept in the database, for a maximum of 6 months.

Members will be warned of the program suspension by a newsletter and can opt-out.

Members without activity

Members with no activity for a period of 3 years are automatically deleted from the database (their data is hashed with a sha-256 algorithm). No activity means that they have not logged into the platform for a period of 3 years.

Two emails are sent prior to account deletion, every 15 days, to let the Member reactivate his account.

The duration is set to 3 years by default, but can be changed in the platform configuration for the Brand.

ACTIVITY DATA DELETION PROCESS

Activity data and UGCs

All personal data generated by a Member on the Popsell platform are deleted or hashed at the same time as his account is deleted.

There is an exception if the content (personal photos) have been collected through a specific contest or challenge. In that case, this content will be deleted according to specific usage and duration specified within the contest.

CONTACTS BLOCK/DELETION PROCESS

Contacts without activity

Contacts (with optin or storage allowed) with no activity for a period of 3 years are automatically deleted (hashed) from the database.

An activity means they intentionally interacted with the publication (click, like, etc.). Opening an email is not considered as an activity.

The duration is set to 3 years by default but can be changed in the platform configuration for the Brand.

New contacts in the database

New contacts who have just been imported or manually entered in the database are blocked by default: nothing can be sent to these contacts except an invitation email.

If no invitation email is sent to these contacts within a 30 days period, contacts are deleted (hashed).

The duration is set to 30 days by default, but can be changed in the platform configuration for the Brand.

Contacts in the database prior to GDPR application

This only applies to Contacts recorded in Popsell Databases prior to May 25th, 2018.
If these contacts have an activity history (e.g. engagement on a social media, email clicked …), an opt-in is assigned by default, assuming that they have not opted-out, and that their activity proves an interest in the Member’s publications.

If these contacts have no activity, they are marked as “new” and will follow the same process as new contacts.

Contacts with an invitation pending

An invitation email has been sent to the contacts, but they did not respond (no click on ‘decline’ or ‘accept’ buttons, no bounce or spam received for the messaging system).

These contacts remain blocked by default for a period of 15 days.

A new invitation will automatically be sent after this 15 days period.

If still no response is received after another 15 days, then the account is marked as opted-out.

The duration is set to 15 days by default, but can be changed in the platform configuration for the Brand.

Contacts pending email confirmation

Contacts who received an email to confirm their email address are stored in the database, but not visible to ambassadors.

If they never confirm their address, then data is deleted within 15 days.

Same parameter is used as in previous case for no response received.

Contacts opted-out

Contacts who have opted-out for a publication or contacts who have declined an invitation:

  • They are immediately blocked

  • Data is kept in the database for a 1 year period, to ensure that the ambassador knows about his opt-out, and does not try to recreate and resend an invitation.

  • Email address is hidden to the ambassador

The duration is set to 1 year by default, but can be changed in the platform configuration for the Brand.

Contacts imported from an external system

Contacts are deleted when the delete information is sent by the Brand via the synchronization process (data hashed): data privacy rules from the Brand apply.

 

EXPORT TO A DATA WAREHOUSE

Data exported

Data is exported daily to a data warehouse in order to feed data marts, dashboards and reports.
The databases used for the data warehouse and the data marts are hosted in the same Azure data centres as the production databases.

All the data exported is anonymous, except:

  • First name, Last name :

    • This data is only exported for Members under contract with the Brand:

      • Members whose role number is 1, 2, 4, 5, 6.

    • Ambassadors (role 0) : not exported.

    • Vendors (role 3) : (Brand scenario determined by pro field in table Brand)

      • not exported if Brand scenario = 2 or 3

      • exported if Brand scenario = 0 or 2

    • Clients (role 7) and Temporary accounts (role 8) : not exported.

  • This data is never made public, its only purpose is to reveal Member KPIs in the Dashboards, which visibility is limited to Brand and Popsell administrators.

  • Email addresses, phone numbers and complete postal addresses are never exported to the Data Warehouse databases.

  • City, Postal code, or a a geocode whose precision is intentionally limited to the city is exported.

Deletion of data

All the data exported to the data warehouse is synchronized from the production databases.

This means that any changes to data that is deleted, erased or hashed are also reflected in the data warehouse databases.
Data confidentiality and compliance with the GDPR are therefore ensured.

There is no historical record of the data stored in the data warehouse databases.

COOKIES AND TRACKERS

Since Popsell V4.0, Popsell only stores technical data in the browser Local Storage (no use of cookies).
These trackers are only used for the purpose of running the Popsell features.
They do not contain any personal data, and they are never transferred to a third party.

Trackers created by Popsell on the Brand web site

These trackers are created on the brand website, by the Popsell JavaScript tags or Widgets embedded.

The information stored is the Member’s Popsell ID, the context of the Widget (last action performed on the Widget), and if the User intends to pick a product reference in order to display a “Product Picking” optimised interface.

Trackers created on the Popsell platform

These trackers are created while using the Popsell platform:

  • Popsell_registered: to remember if the user has already signup, in order to redirect to the login page

  • Popsell_remember_me: used for autologin of the Members.

DATA PROTECTION

Roles and access to personal data

  • Popsell account team (community managers and support agents): they are granted access to all data of the Brands they manage, through the Popsell Management platform.

These people are referenced in the “users” interface and must log in with their assigned account.

  • Popsell technical team (developers and system administrators): they can access all data through the Popsell Management platform or through technical database administrative tools.               

  • Brand users (administrators, support agents and Community Managers): they have a limited access to ambassadors’ data, through the Popsell Management Platform. Ambassador’s contact data is not available unless a contact has left a consent (Brand opt-in).      
    These people are referenced in the “users” interface and must log in with their assigned account.        
    The Brand is responsible for granting and revoking access to its employees.

  • Members: on the Popsell platform, they can access their own contacts data only. They can see other Members of the Brand community. Members information displayed depends on Brand configuration, and if Members have not opted-out for displaying their personal information to other Members:

    • Name of Members: First name and Last name, or only First name + family initial, or only the Alias they have chosen.

    • Postal code or City

    • Profile photo

    • Gamification metrics: score and badges

Data Access right

Popsell employees and sub-contractors who are part of the account team and the technical team are educated and aware of Data Protection and GDPR rules.

Data can only be accessed or updated on behalf of a User or a Contact, for support purposes only.

Real data must not be used in testing environments. Members of the development team must use test data only.

Data remains on the Popsell servers and must never be copied and stored on client computers, even by the technical team.

Popsell employees and sub-contractors are not allowed to copy, export or transfer personal data outside of Popsell databases for any reason.

Data transfer

Through the Popsell Manager platform, Brand users can access Users and Contacts personal data, but only if a consent has been collected.

Contacts data without Brand opt-in is never displayed to Brand users, thus cannot be read, copied or exported.

Contents generated by the Members (comments posted, personal photos and Chat messages) are displayed in the Popsell Manager platform but cannot be exported or reused by the Brand without the Members consent.

Data operational security

Popsell is committed through its processes to ensure a secure platform:

  • All Popsell developers are educated to write secure code and ensure that the platform cannot be hacked using injections and other techniques.

  • Popsell is performing regular external audits on its platforms to ensure identity, design and operational security.

  • Identity and access management best practices are implemented. Password are encrypted using the most secure encryption algorithms.

  • Access logs are recorded to monitor any intrusion or data theft attempts

  • Logs are kept for 1 year

  • Logs are anonymous and do not record personal data.

 

Popsell is fully operated on Microsoft Azure Services:

  • All services and data are hosted in Europe (Primary servers in the Netherlands, backup servers in Ireland)

  • Production databases and data warehouse databases are hosted in the same Azure data centres.

  • Physical and network protection is ensured by Microsoft services.

  • Microsoft Azure best practices and guidance are implemented.

  • Database backup is performed every hour using Microsoft Azure Backup Services

  • Hourly backups are kept for 40 days.

  • Monthly backups are kept for 1 year.

  • All information on security and GDPR compliance of Azure services are available on: https://www.microsoft.com/en-us/trustcenter

 

Popsell relies on Mailjet services for emailing:

Data Privacy Policy

Members are warned of the data privacy policy when they sign-up to the Popsell program and accept the Terms and Conditions.

This policy is always accessible to Members and their Contacts from any page of the Popsell Platform, and from the footer of emails.

Contacts

For any question about data privacy please contact: privacy@popsell.com