Data privacy and security have always been our concern at Le New Black and have specifically been at the core of our Le Privé offer. As a marketplace, we have a "data controller" mission to manage and protect the data underlying our business community. As a sales platform operating white-label showrooms (Le Privé), we have a "data processor" mission to control compliance and secure your data so that your business can run every day and every hour.
The EU legal environment will change on May 25th, 2018, when General Data Protection Regulation (GDPR) comes into force and provides european individuals with strengthened rights regarding their data protection.
In this article:
- General Data Protection Regulation
- Where Le New Black stands with GDPR compliance
- Where brands stands with GDPR compliance
- Third-party subprocessors
- Personal data collecting purpose
General Data Protection Regulation
GDPR generally applies to data related to physical persons only. It does not apply to data related to businesses. GDPR imposes new rules when it comes to collect, track or process EU-based individual people's personal data, based on the following principles:
- Transparency: personal data must be processed lawfully, fairly and in a transparent manner
- Legitimacy: personal data must be collected for legitimate and stated purpose
- Data minimisation: personal data must be relevant to that specific purpose
- Accuracy: personal data must be held correct and up to date, fixes to data must be done in due time when necessary
- Limitation: personal data cannot be held more than the time needed for achieving that specific purpose
- Integrity: individuals have a right to know which of their data have been collected and request a copy or it to be deleted, restricted, or moved.
Where Le New Black stands with GDPR compliance
Le New Black is acting both as a Data Controller and as a Data Processor:
As the operator of www.lenewblack.com marketplace, Le New Black is a Data Controller responsible for determining the purposes and means of the process of personal data
As the operator of white-label showrooms (Le Privé offer), Le New Black is a Data Processor, responsible for processing and protecting the data our brand customer on their behalf.
Where brands stands with GDPR compliance
Brands on the Marketplace (www.lenewblack.com) are not Data Controllers, Le New Black is the Data Controller in that context.
Brands on Le Privé are Data Controllers, and as such must take some action on Le New Black to comply with GDPR:
- Make sure their Terms of Use and Privacy Policy are compliant and up to date
- Assign a Data Protection Officer when applicable
... and may as well perform research about their business specific duties implied by GDPR, including proper consent fo their contacts.
Third-party subprocessors
In order to offer you our services, we work with vendors that all meet EU GDPR requirements. You will find their list and related purposes below.
Data used by Le New Black and brands
Vendor |
Purpose |
Used by |
Entity country |
Maintaining chat conversations and user data |
Le New Black / Brands |
USA |
|
Maintaining transactional email data |
Le New Black / Brands |
USA |
|
Hosting user data |
Le New Black / Brands |
France |
|
Maintaining support tickets data |
Le New Black / Brands
|
USA |
Data used by Le New Black only
Vendor | Purpose | Used by | Entity country |
Acronis | Hosting backup data | Le New Black | France Strasbourg |
Alan | Maintaining employee data | Le New Black | France |
Alteo | Technical infrastructure outsourcing | Le New Black | France |
Google Analytics | Maintaining website traffic data | Le New Black | USA |
Google Drive | Maintaining user and account management data | Le New Black | USA |
Google Firebase | Maintaining iPad app traffic data | Le New Black | USA |
Hubspot | Maintaining payment data | Le New Black | USA |
Mailchimp | Maintaining email marketing data | Le New Black | USA |
Payfit | Maintaining employee data | Le New Black | France |
Slack | Maintaining company messaging data | Le New Black | USA |
Stripe | Maintaining payment data | Le New Black | USA |
Personal data collecting purpose
In order to offer you our services, we work with vendors that all meet EU GDPR requirements. You will find their list and related purposes below:
Area | Data collected | Purpose | Used by |
Profile / End-users | Email, last name, first name, phone number | The data is used to facilitate end-user account management, and upon sending email to provide the sender identity. | Le New Black + Users |
Profile / Buyers | Email, last name, first name, phone number | End-users can use this data to send invitations, follow-up on their orders and any wholesale business matters. | Le New Black + Users |
Security / Authentication | Email, user-agent, IP address | The data is used to authenticate brand end-users and buyers for granting them access to Le New Black services. | Le New Black + Users |
Transaction / Logs | Email, last name, first name, user-agent, IP address | Actions of end-users are recorded to keep track of content modifications. This informations is displayed in a dedicated account holder section where actions author emails can be seen. | Le New Black + Users |
Transaction / Orders and invoices | Email, last name, first name, phone number | This data is used to place valid orders and write valid invoices on Le New Black. Comments can be added for communicating additional details between brand end-users and buyers. | Users |
Transaction / Messages | Email, last name, first name | End-users can discuss with buyers using a messaging module and actions on the platform can trigger notifications to be sent. Both messages and notifications require name and emails. | Users |
Profile / Leads | Email, last name, first name, phone number | The data is used to identify visitors having requested a product demo or any additional information. | Le New Black |
Please contact us at support@lenewblack.com if you need further information about GDPR compliance.
GDPR stands for General Data Protection Regulation / The french version RGPD stands for Règlement Général sur la Protection des Données".
Comments
0 comments
Article is closed for comments.