Data Protection Guide
Document Version 4.6.3 Applies to Platform V4.x
Last document update
Updates are to be implemented as specified in the document in Popsell 4.8 by Q1 2024 at the latest.
DATA PROTECTION GUIDE
This guide describes the principles and rules of personal data protection at Popsell to ensure GDPR compliance:
Personal data processing in the Popsell Platform,
Popsell internal processes to ensure Data Privacy and Protection.
This document gives exhaustive information in addition to the Privacy Policy available on the https://popsell.com web site and all the Brand dedicated platforms, e.g. https://ba111od.community/legal/data-privacy.
GENERAL PROCESS
What is Popsell?
Popsell is a SAAS provider, which runs a web platform dedicated to retail, B2B or direct selling companies (all designated as ‘Brand’ in this document). In addition to being a SAAS provider, Popsell may also provide services to the users: support (level 2) and community management on behalf of the Brand.
The purpose of Popsell is to empower Brand sales teams or to enable their customers and partners to become brand ambassadors, sales advisors or resellers on behalf of the brand.
The Popsell platform provides two major features:
an affiliation program, to drive traffic to an e-Commerce website or a Popsell platform,
a conversational program, to enable conversations between Members and Visitors.
More information is available here: Affiliation vs Conversational programs
Who uses the Popsell platform?
Users of the Popsell platform, which are recorded in the Popsell databases, are called 'Users', and are identified by their Role.
‘Members’ are the Users who have an access to the Popsell App platform (User roles from 0 to 6). They are typically sales assistants or brand ambassadors.
‘External Users’ , also called ‘Visitors’ are the Users who only interact with Popsell through widgets embedded in a Brand website or app (User roles 7 and 8). They are typically anonymous visitors or authenticated customers.
Role no. | Role name | Description |
|---|---|---|
0 | Ambassador (Member) | Usually a Brand customer, a prospect, an influencer. Ambassadors are never under contract with the Brand, and GDPR always applies. |
1 | Employee (Member) | An employee of the Brand, or someone under contract with the Brand. He/She has verified credentials to access the Popsell platform, and has accepted the Popsell Terms and Conditions. |
2 | Administrator (Member) | An employee in charge of administering the platform, with additional rights. He is considered to be under contract with the Brand. He/She has verified credentials to access the Popsell platform, and has accepted the Popsell Terms and Conditions. |
3 | Vendor (Member) | Depends on the scenario which applies to the Brand
Case 1 and 2 : they are considered as being under contract with the Brand. He/She has verified credentials to access the Popsell platform, and has accepted the Popsell Terms and Conditions. Note : the “
|
4 | Shop manager (Member) | A shop manager (under contract with the Brand) He/She has verified credentials to access the Popsell platform, and has accepted the Popsell Terms and Conditions. |
5 | Manager (Member) | Usually an employee who works as a manager. This role can be used for various purposes (under contract with the Brand) He/She has verified credentials to access the Popsell platform, and has accepted the Popsell Terms and Conditions. |
6 | Expert (Member) | Usually an expert, an Influencer or a freelancer who works on behalf of the Brand (someone under Contract with the Brand). He/She has verified credentials to access the Popsell platform, and has accepted the Popsell Terms and Conditions. |
7 | Client (External user) | A Brand customer or prospect, who has an account on an external system, usually an e-Commerce website. This user does not have any access to the Popsell Platform. He only interacts through Popsell widgets embedded on a Brand site. He/she has accepted the Brand Terms and Conditions (which may include Popsell specific clauses) or has at least accepted a Popsell user policy dedicated to the service accessible via the Widget. |
8 | Temporary account (External user) | An unauthenticated visitor of the Brand website, who only interacts through Popsell widgets. |
‘Contacts’ : Members may manage their contacts (designated as ‘Contacts’ in this document) who can come from different sources, as described further in this document. These Contacts may opt-in or opt-out from the Popsell platform.
Contacts do not use the Popsell platform, they do not have an authenticated account, but may receive email campaigns and view Popsell web pages. Depending on scenarios, they can buy a product on the Brand Web site or on the Popsell app.‘Popsell Manager users’: In addition to the above mentioned roles, Users can be granted access to the Popsell Manager platform, which is the global management platform, and which gives access to all the data related to the brand.
Contacts are usually used by Direct Selling companies, and do not apply to Retail companies. Contact privacy@popsell.com for specific information relating to a Brand.
External users only apply to Brand that have embedded Popsell Widgets on their website.
Responsibilities
The Brand and Popsell are jointly responsible for the processing carried out on the personal data collected via the Popsell Platform and widgets, including Users and their Contacts.
Popsell ensures that its platform, services and processes meet the requirements of the GDPR rules. The Popsell platform will collect data and consents, manage access rights, revoke consents and delete data according to the rules and processes described in this document. Popsell is responsible to respond to requests to exercise the rights defined in articles 15 to 22 of the GDPR.
Brand partitioned databases
Each Brand uses an independent instance operated by Popsell. The platform is white-labeled, and all the data collected remain partitioned for each Brand, inside of a shared environment.
In some cases, Brand may have dedicated environments, providing an even more secure data isolation.
Personal data in the Popsell platform
Personal data in the Popsell platform are divided into two databases:
Users data (Members, external users, Popsell Manager users)
Contacts data
Members:
Members sign up into a Popsell App, they must accept the Popsell Terms & Conditions, and are warned about the personal data processes.
External users:
External users only interact with Popsell through widgets embedded in a Brand website. They must accept a specific Widget Policy (which can also be integrated in the Brand T&C).
Contacts:
Once they are registered, Members can build their own publications, using personal content or content provided by the Brand. These publications are shared to their personal or professional networks through the use of social media platforms or emailing. To enable them to send publications by email, personal data is collected in a contact management feature (designated as the ‘CRM’ in this document). Data collection processes are further detailed in this document.
Popsell Manager users:
Access to the Popsell Manager can only be granted by an existing Popsell Manager user, who has the right to send a secured invitation email.
These users may be granted different level access, the highest level allowing access to all personal data in the database.
Personal Data is never kept in the Popsell databases for more than 3 years after the last action performed by the user. This deadline may be shortened if required by the Brand.
PERSONAL DATA IN THE POPSELL PLATFORM
Members data
Members’ personal data collected into the Popsell database:
Data | Comments |
Creation date | Date when member signed up into the platform |
Gender | Required or Not asked for, depending on Brand configuration Data not erased when member is deleted |
First name | Required |
Last name | Required or Optional, depending on Brand configuration. First name and Last name are erased when the user is deleted (i.e.: unsubscription, blocked, etc.) only for the following roles : 0 (Ambassador), 7 (Client), 8 (Temporary account). |
Alias | Optional or Not asked for, depending on Brand configuration. |
Password | Password are always hashed by a BCrypt algorithm. Required unless Facebook/Google/Apple login or SSO (Single Sign On) Data erased when member is deleted |
Customer ID | Optional (unless required by the Brand) Hashed data kept when member is deleted |
Social ID | Facebook ID, Apple ID or Google ID. Optional. Hashed data is kept when member is deleted |
Email address | Required (hashed data is kept when member is deleted) The email address is always verified (through a double opt-in process, or via a social media login process) Hashed data kept when member is deleted |
Address
| Address, city, postal code and country Optional Data is erased except city and postal code when member is deleted. |
| Not used as of current version |
Language | Preferred language |
Date of birth | Optional (unless required by brand) Day and month erased when member is deleted |
Popsell T&C | Whether Terms & conditions have been accepted or not. Unless a signup has been interrupted, all members in the database must have accepted Popsell T&C. If not, access is not permitted. For external users, T&C must be accepted by the visitors when they interact with the Widget, as soon as they are able to leave personal content, e.g. when they start to chat or comment a publication (please refer to External users section) |
Profile photo | Optional Uploaded by the Member or imported from Social media if signup with Social login e.g.. Facebook File deleted when ambassador deleted |
About | Ambassador’s short description (self-entered – optional) Data deleted when ambassador deleted |
Interests | Optional (unless required by brand) |
Position | Position in the Brand organization Optional (unless required by brand) |
| IBAN number Deprecated since Popsell V4.0, Nov 2020. |
Community visibility opt-out | Enables a member to hide all his data to other members of the Brand community :
Check boxes are not checked by default (opt-in during signup, in terms & conditions) |
Communication opt-ins | Enables a member to opt-out to communications sent by the platform (opt-in during signup, in terms & conditions)
|
| Deprecated since Popsell v4.0, Nov 2020 |
The purpose of collecting member data is to enable members to participate in the Popsell programme, i.e.:
to participate in the community and interact with its members,
to create content, publications and promote the brand,
to purchase brand products,
to engage in conversations with other Members or with External users,
to participate in the gamification programme and get rewards.
External Users data
Clients and Temporary accounts
Data of Brand customers (Clients) may be collected by Popsell through the use of Brand APIs, Popsell APIs, or Popsell Widgets embedded into the Brand’s site.
All the data described above for Members might apply to these clients, but always on an optional basis, depending on the use of the APIs to collect data. In that case, specific clauses must be added by the Brand into their Terms & Conditions.
In Popsell's standard scenarios, limited to its affiliation programme and its conversational programme, the only data collected is the one specified below:
Data | Comments |
|---|---|
First name | Optional Update TBD in v 4.8: Must never be collected in affiliation scenarios |
Last name | Optional Update TBD in v 4.8: Must never be collected in affiliation scenarios |
Email address | Optional The email address is never verified (no double opt-in process. Email addresses must already have been validated by the brand when the data was initially collected.). Update TBD in v 4.8: In affiliation scenarios, or when specific Popsell service T&C have not been accepted, the email address must never be collected. In other scenarios through Popsell widgets, e.g. comments or conversations, with a required acceptance of T&C, the email address can be collected. |
Customer ID | Unique identifier of the External User. Optional. Update TBD in v 4.8: In affiliation scenarios, an identifier of the customer, which can be a brand Customer ID or a temporary identifier, may be collected in order to keep track of the orders anonymously. This key can be used in order to compare online or instore orders following an interaction with a Popsell program (affiliation or conversation). |
Service T&C | Whether widget specific Popsell Terms & conditions have been accepted or not. In case of conversations and community interaction, it as mandatory that the external user accepts the Service Terms and Conditions. In case of affiliation tracking, Service T&C may not have been accepted,thus preventing the collection of first name, last name and email address. |
The purposes of collecting External users data are:
Keeping track of online or in-store purchases by Visitors following an affiliation scenario (click on a Member’s publication) or a conversation with a Member.
The email address is used as a key to identify the user in the Brand’s purchases database,Enabling the Members to identify the user in a conversation, or in his conversation history,
Sending a one-time notification by email to the user when a Member has replied to a message of the user in a conversation window while his was not online.
Email and Temporary Email addresses
Two different columns are used to store email addresses in the Popsell databases:
email: this field is used to store email addresses used by Members, who have necessarily agreed to the Popsell Terms and Conditions. This email has always been verified via a double opt-in (Popsell built-in, via a Social Media authentication or via a Brand verification process).
email_tmp: temporary emails are associated with External users (clients or temp accounts) who did not accept the General Terms and Conditions of the Popsell App (only consent to the brand T&C or a charter limited to the use of the Popsell Widgets).
Separating email and email_temp makes it possible to ensure that no use will be made of it apart from the granted rights.
Users activity
Throughout the use of the Popsell Platform, a Member or an External user generates various data and contents:
Data | Comments |
Publication | Members can create their own publications, posted on social medias or sent by email. |
UGC | Members can upload their own personal photos (UGC = User Generated Content) and share it in a publication. These UGCs are stored on Popsell servers. UGCs remain the property of the Members, but the Brand have the rights to re-use them, as specified by a specific contest or challenge, or in the Terms and Conditions. In that case, the member will be warned and will consent that his UGCs can be reused, for the usage and duration specified. |
Community comments and likes | Publications displayed to other members can be liked and commented on the community flow. This applies to both Members and External users through the use of Popsell widgets. |
Activity logs | IP address and ‘user-agent’ (browser characteristics) are collected and hashed on the Popsell database. They are used by an anti-fraud monitoring algorithm. IP addresses are always hashed as soon as they are collected. No readable IP address is stored. |
Score, badges | Activity of the Members are compiled in a gamification program, which generates the following data :
|
Conversations | Members and External Users can have online conversations, and generate data :
By agreeing to the service's terms of use, users agree never to write or provide personal information in their conversations. |
Contact data
This table lists all the data that can be collected into the Members‘contacts database.
Each field is optional, it is only required to have at least one data filled.
Data | Comments |
Member | Reference to the unique Member who owns this contact. If a same contact has been entered by more than one Member, then the data will be stored twice. |
First name |
|
Last name |
|
Email address | Hashed data is kept when contact is deleted |
Email status | Status received from previous emails :
This status is displayed to the Member in the CRM, but the Member is not able to send emails to a contact with a blocked status. Only a Soft bounce can be released manually by the Member in the CRM. |
Customer ID | Customer reference in the brand database |
Member opt-in | If the contact has accepted to be contacted by the Member. Values :
|
Date Member opt-in | Date for the last opt-in or opt-out status. |
Brand opt-in | If the contact has accepted to let his personal data be stored by the brand and has accepted to receive emails from the brand. Values :
|
Date brand opt-in | Date for the last opt-in or opt-out status. |
| V4 Deprecated |
| V4 Deprecated |
Contact type | Hostess, Customer, Prospect : only used in direct selling scenarios |
Comments | Text area that can be filled by the Member |
Address | Address, city, postal code and country Data is erased except postal code and city when contact is deleted |
| V4 Deprecated |
| V4 Deprecated |
Tags | Tags (keywords) can be created by a Member and manually assigned to his contacts. |
Interactions history | List of publications sent by email to this contact. |
Sales history | Online orders or store purchase made following an Member’s publication. Date and amount of order : List of products purchased : |
Change history | Created by (manually, from a social media, etc.), modified by, date record has been created or modified. |
The purpose of collecting contacts data is to enable the use of the Members ’CRM :
to keep track of traffic and purchases of their Contacts,
and to enable sending personalized emailing campaigns to their opt-ins Contacts.
Contacts black list
This table contains some extra information about contact consents:
Global opt-out: if a contact has decided not to receive any publications from any Member, this information is stored in this table (email address is hashed). This enables to block future Members that would import again a contact who opted-out.
Email callbacks: if a definitive error (spam, hard bounce, block) has been returned by the messaging platform, this information is stored to ensure to block any future communications (email address is hashed).
MEMBERS DATA COLLECTION MECHANISMS
Introduction
Members’ data can be collected through 3 different mechanisms:
Signup forms: data is manually entered by the Member. His email address is verified by a double opt-in (email sent with a link to confirm the registration)
Facebook, Google or Apple Login + additional data manually entered if needed
Single Sign On (SSO): see details below
In all cases, Popsell Terms and Conditions must be accepted to enable account creation.
Single Sign On
SSO mechanism enables to rely on the credentials used by a user on a Brand platform (e-commerce platform, Extranet …) to authenticate on the Popsell Platform.
SSO enables:
Account provisioning (Member data is collected and saved in the Popsell database on first connection),
Automatic login (without having to re-enter credentials)
Data update (data updated on the Brand database are synchronized to the Popsell database)
Account deletion (if an account has been deleted on the Brand database, the account and his personal data will also be deleted in the Popsell database).
Please refer to the Popsell SSO Guide for further details.
Registration white List
The Popsell platform enables a Brand to control who is authorized to sign up as a Member:
List of email addresses authorized (data is hashed in the database)
List of customer ID authorized (e.g. employee ID or Loyalty program ID)
SSO process can be set in an exclusive mode (which means that SSO is the only possible way to sign up) thus ensuring that only members of the Brand database can sign up.
EXTERNAL USERS DATA COLLECTION MECHANISMS
External users data is collected via Popsell widgets embedded on a Brand website.
The data may be collected in these three cases:
Interacting with a Popsell Widget: an external user (an anonymous visitor or a Brand authenticated user) is starting a conversation with a Member, or is commenting or liking a Member’s publication displayed on the Brand’s website.
The user is always required to accept the specific Popsell service’s Terms.Loggin-into the Brand website: only if the user has already interact with a Popsell Widget, loggin-into the Brand wesite might provide additional information to Popsell, e.g. first name, last name or email address. These data are collected in compliance with the Popsell service’s Terms that the user has accepted.
Placing an order: while placing an order, data is collected only if:
the user has interacted with a Popsell widget (comment, conversation) and accepted the specific Popsell T&C,
the user has clicked on a Popsell publication shared by a Member on a social media, by email, or displayed on the Brand website (Affiliation scenario). In that case, the user has not necessarily accepted the Popsell T&C. That’s why it is mandatory for the Brand to add a specific clause in the General Terms and Conditions of sale.
The acceptance of a specific Popsell Widget Policy is required prior to collecting the data.
The visitor’s data collected by Popsell must always be collected in accordance with the Brand's General Terms and Conditions that must have been accepted by the Client.
It is the responsibility of the brand to inform their Clients of the collected data and their processing in their T&C.
It is the responsibility of Popsell to process these data in compliance with the Terms and Conditions required by the brand.
CONTACTS DATA COLLECTION MECHANISMS
Introduction
Member’s contacts data can be collected through several mechanisms. Contacts are saved in the Popsell database and Members can see their own contacts in the CRM page. Brand administrators can only see the contacts with a Brand opt-in in the Popsell Manager, contacts without a Brand opt-in are hidden.
In some scenarios, when Widgets are embedded in the Brand’s site, contacts data are collected as External users (please refer to
1 | Manually entered in the CRM
Data is manually entered by a member in a CRM form.
At that time, if the contact has a valid email address, then the Member is proposed to send an invitation email. The ambassador must send an invitation email within a 30 days period or the contact will be deleted from the database (data is deleted).
For specific Direct Selling scenarios, it will be possible to manually enter an opt-in, if the consent has been obtained via an external process. (Not available at the moment in current version of the Popsell platform).
As of version 4.0, it is not possible to manually enter new contacts. This functionality is deprecated but it is not excluded that this will be reactivated if necessary in a later version.
2 | Manually imported from a private contact list
This option is deprecated since version 4.0 (November 2020)
3 | Automatic imported from an external Brand database
A data synchronization process can be setup with the Brand, in order to import and regularly update contacts data, from a database owned by the Brand.
When the contacts are synchronized, an opt-in status is sent.
In the Popsell database, this opt-in status is assigned to both Member opt-in and Brand opt-in. If no opt-in is imported from the Brand database, then the Member opt-in is set to “New” and Brand opt-in status is set to 'Storage only' in the Popsell database.
This feature is only available for direct selling scenarios (Members are sales representatives of the Brand) or for employees (professionals employed by the Brand or sub-contractors).
4 | Imported from Social networks
This option is deprecated since version 4.0 (November 2020)
5 | Created from a Member’s e-shop
This option is deprecated since version 4.0 (November 2020)
6 | Created during the order process
Two different cases may exist at the time the order is placed:
Creation of a Contact, as described in the following paragraph.
Creation of an External user, as decribed in the “External Users” section above.
When a new contact places an order on the Brand web site (after having seen a Member’s publication), his contact details can be exported to the Popsell database through a web service.
Depending on how the web service is called (each Brand can implement it specifically), the following data may be exported:
First name and last name
Email address
Order amount and product details
Brand opt-in
All the data is stored in the Popsell database, and the following values are set for opt-ins:
If Brand opt-in parameter value is True, then
o Ambassador opt-in is set to “optin from order”
o Brand opt-in is set to “optin from brand database”
If Brand opt-in parameter is False, or if Brand opt-in parameter is not set:
o Both Ambassador and Brand opt-ins are set to “Storage only”
7 | Created after a store purchase
Two different cases may exist at the time a purchase is made:
Creation of a Contact, as described in the following paragraph.
Creation of an External user, as decribed in the “External Users” section above.
In some cases, store purchases can be tracked. They can only be tracked if the contact generates a voucher and presents it to the store assistant during checkout. To be able to generate the voucher, the contact must already be in the Member’s database (with opt-in).
8 | Created from an external form
A Member can lead users to a specific form in an external website, e.g. subscription to a newsletter, subscription to a loyalty program, participation in a game…
Data collected depends on the implementation of the specific form.
All the data is stored in the Popsell database (storage allowed), and the following values are set for opt-ins:
Member opt-in is set to New (unless Member opt-in asked for in the form)
Brand opt-in is set to ‘storage only’ (unless Brand opt-in asked for in the form)
As of version 4.0, this functionality is deprecated but it is not excluded that this will be reactivated if necessary in a later version.
USERS DATA DELETION PROCESS
Deleted vs Hashed
Users and Contacts data are not completely removed from the database (soft deletes only). Instead, data is erased or hashed, which means that it is anonymized with an encryption algorithm that cannot be decrypted.
Popsell uses a sha-256 algorithm to hash the data (except passwords which are BCrypt hashed).
Data is erased or hashed instead of being removed from the database:
to enable statistics,
to keep opt-out information usable (for example, if a contact opted-out, we must prevent another Member to re-enter or import the same information. This remains possible by comparing hashed data)
Difference between Members under contract and general public
First Name and Last name are treated differently depending on whether it is a person under contract (employee, vendor, manager, etc.) or the general public (ambassador, client, …).
As long as the Brand has an active platform with Popsell, Firstname and Lastname are kept in the databases for roles 1 to 6. They are erased for roles 0, 7 and 8 when the account is not active any more.
Users deletion
Users data with no activity for a period of 3 years are automatically deleted (hashed) from the database.
This applies to:
Members → no access to the Popsell App,
External users → no interaction with a Popsell Widget.
Member unsubscription
A Member (roles 1 to 6) can unsubscribe from the Popsell platform. Access is immediately blocked, and his personal data is deleted (hashed) within 7 days (to enable a rollback in case of mishandling). All his contacts are also deleted, except those having an opt-in for the Brand.
The duration is set to 7 days by default, but can be changed in the platform configuration for the Brand.
End of contract of an employee or a sales representative
If a Brand employee or a sales representative terminates his contract with the Brand, the Brand must delete it manually via the Popsell Manager, or give the information to Popsell to enable the deletion of his personal data.
This operation can be done automatically if an SSO process has been setup with Popsell.
It can also be done automatically through the call of Popsell APIs.
Account access is immediately blocked, but data is deleted within a delay of 7 days, to enable a rollback in case of mishandling.
The duration is set to 7 days by default, but can be changed in the platform configuration for the Brand.
End of contract between Popsell and the Brand
Should the contract between Popsell and the Brand terminate, all personal data (Users and Contacts) will be deleted (hashed) within a delay of 7 days, to enable a rollback in case of mishandling
Program suspended
If the program is suspended for any reason, and planned to be relaunched soon, data can be kept in the database, for a maximum of 6 months.
Members will be warned of the program suspension by a newsletter and can opt-out.
Members without activity
Members with no activity for a period of 3 years are automatically deleted from the database (their data is hashed with a sha-256 algorithm). No activity means that they have not logged into the platform for a period of 3 years.
Two emails are sent prior to account deletion, every 15 days, to let the Member reactivate his account.
The duration is set to 3 years by default, but can be changed in the platform configuration for the Brand.
ACTIVITY DATA DELETION PROCESS
Activity data and UGCs
All personal data generated by a Member on the Popsell platform are deleted or hashed at the same time as his account is deleted.
There is an exception if the content (personal photos) have been collected through a specific contest or challenge. In that case, this content will be deleted according to specific usage and duration specified within the contest.
CONTACTS BLOCK/DELETION PROCESS
Contacts without activity
Contacts (with optin or storage allowed) with no activity for a period of 3 years are automatically deleted (hashed) from the database.
An activity means they intentionally interacted with the publication (click, like, etc.). Opening an email is not considered as an activity.
The duration is set to 3 years by default but can be changed in the platform configuration for the Brand.
New contacts in the database
New contacts who have just been imported or manually entered in the database are blocked by default: nothing can be sent to these contacts except an invitation email.
If no invitation email is sent to these contacts within a 30 days period, contacts are deleted (hashed).
The duration is set to 30 days by default, but can be changed in the platform configuration for the Brand.
Contacts in the database prior to GDPR application
This only applies to Contacts recorded in Popsell Databases prior to May 25th, 2018.
If these contacts have an activity history (e.g. engagement on a social media, email clicked …), an opt-in is assigned by default, assuming that they have not opted-out, and that their activity proves an interest in the Member’s publications.
If these contacts have no activity, they are marked as “new” and will follow the same process as new contacts.
Contacts with an invitation pending
An invitation email has been sent to the contacts, but they did not respond (no click on ‘decline’ or ‘accept’ buttons, no bounce or spam received for the messaging system).
These contacts remain blocked by default for a period of 15 days.
A new invitation will automatically be sent after this 15 days period.
If still no response is received after another 15 days, then the account is marked as opted-out.
The duration is set to 15 days by default, but can be changed in the platform configuration for the Brand.
Contacts pending email confirmation
Contacts who received an email to confirm their email address are stored in the database, but not visible to ambassadors.
If they never confirm their address, then data is deleted within 15 days.
Same parameter is used as in previous case for no response received.
Contacts opted-out
Contacts who have opted-out for a publication or contacts who have declined an invitation:
They are immediately blocked
Data is kept in the database for a 1 year period, to ensure that the ambassador knows about his opt-out, and does not try to recreate and resend an invitation.
Email address is hidden to the ambassador
The duration is set to 1 year by default, but can be changed in the platform configuration for the Brand.
Contacts imported from an external system
Contacts are deleted when the delete information is sent by the Brand via the synchronization process (data hashed): data privacy rules from the Brand apply.
EXPORT TO A DATA WAREHOUSE
Data exported
Data is exported daily to a data warehouse in order to feed data marts, dashboards and reports.
The databases used for the data warehouse and the data marts are hosted in the same Azure data centres as the production databases.
All the data exported is anonymous, except:
First name, Last name, Alias, for Members only.
This data is never made public, its only purpose is to reveal Member KPIs in the Dashboards, which visibility is limited to Brand and Popsell users of the Popsell Manager.
Email addresses, phone numbers and complete postal addresses are never exported to the Data Warehouse databases.
City, Postal code, or a a geocode whose precision is intentionally limited to the city is exported.
Deletion of data
All the data exported to the data warehouse is synchronized from the production databases.
This means that any changes to data that is deleted, erased or hashed are also reflected in the data warehouse databases.
Data confidentiality and compliance with the GDPR are therefore ensured.
There is no historical record of the data stored in the data warehouse databases.
COOKIES AND TRACKERS
Since Popsell V4.0, Popsell only stores technical data in the browser Local Storage (no use of cookies).
These trackers are only used for the purpose of running the Popsell features.
They do not contain any personal data, and they are never transferred to a third party.
Trackers created by Popsell on the Brand web site
These trackers are created on the brand website, by the Popsell JavaScript tags or Widgets embedded.
The information stored is the Member’s Popsell ID, the context of the Widget (last action performed on the Widget), and if the User intends to pick a product reference in order to display a “Product Picking” optimised interface.
Trackers created on the Popsell platform
These trackers are created while using the Popsell platform:
Popsell_registered: to remember if the user has already signup, in order to redirect to the login page
Popsell_remember_me: used for autologin of the Members.
DATA PROTECTION
Roles and access to personal data
Popsell account team (community managers and support agents): they are granted access to all data of the Brands they manage, through the Popsell Manager platform.
These people are referenced in the “users” interface and must log in with their assigned account.
Popsell technical team (developers and system administrators): they can access all data through the Popsell Management platform or through technical database administrative tools.
Brand users (administrators, support agents and Community Managers): they have a limited access to ambassadors’ data, through the Popsell Management Platform. Ambassador’s contact data is not available unless a contact has left a consent (Brand opt-in).
These people are referenced in the “users” interface and must log in with their assigned account.
The Brand is responsible for granting and revoking access to its employees.Members: on the Popsell platform, they can access their own contacts data only. They can see other Members of the Brand community. Members information displayed depends on Brand configuration, and if Members have not opted-out for displaying their personal information to other Members:
Name of Members: First name and Last name, or only First name + family initial, or only the Alias they have chosen.
Postal code or City
Profile photo
Gamification metrics: score and badges
Data Access right
Popsell employees, interns and sub-contractors who are part of the account team and the technical team are regularly educated and aware of Data Protection and GDPR rules.
Data can only be accessed or updated on behalf of a User or a Contact, for support purposes only.
Production data must never be used in testing environments. Members of the development team must use fake test data only.
Through the Popsell Manager platform, Brand users can access Users and Contacts personal data, but only if a consent has been collected.
Contacts data without Brand opt-in is never displayed to Brand users, thus cannot be read, copied or exported.
Contents generated by the Members (comments posted, personal photos and Chat messages) are displayed in the Popsell Manager platform but cannot be exported or reused by the Brand without the Members consent.
Data transfer
Data only remains on the Popsell servers and must never be copied and stored on client computers, even by the technical team.
Popsell employees and sub-contractors are not allowed to copy, export or transfer personal data outside of Popsell databases for any reason.
Should a Brand explicitly requests the export of personal data, that will be done only following a request duly justified and authorized by the Data controller of the brand as well as the Popsell CDO.
The data will be sent through a secured flow with a storage limited in time (maximum 48 hours).
These exchanges are systematically recorded in the GDPR register of Popsell.
Data operational security
Popsell is committed through its processes to ensure a secure platform:
All Popsell developers are educated to write secure code and ensure that the platform cannot be hacked using injections and other techniques.
Popsell is performing regular external audits on its platforms to ensure identity, design and operational security.
Identity and access management best practices are implemented. Password are encrypted using the most secure encryption algorithms.
Access logs are recorded to monitor any intrusion or data theft attempts
Logs are kept for 1 year
Logs are anonymous and do not record personal data.
Popsell is fully operated on Microsoft Azure Services:
All services and data are hosted in Europe (Primary servers in the Netherlands, backup servers in Ireland)
Production databases and data warehouse databases are hosted in the same Azure data centres.
Physical and network protection is ensured by Microsoft services.
Microsoft Azure best practices and guidance are implemented.
Database backup is performed every hour using Microsoft Azure Backup Services
Hourly backups are kept for 40 days.
Monthly backups are kept for 1 year.
All information on security and GDPR compliance of Azure services are available on: https://www.microsoft.com/en-us/trustcenter
Popsell relies on Mailjet services for emailing:
Mailjet is fully GDPR compliant and certified: https://www.mailjet.com/gdpr/mailjet-gdpr-compliance
Data Privacy Policy
Members are warned of the data privacy policy when they sign-up to the Popsell program and accept the Terms and Conditions.
This policy is always accessible to Members and their Contacts from any page of the Popsell Platform, and from the footer of emails.
Contacts
For any question about data privacy please contact: privacy@popsell.com