fccDataPrivacy for SMB

Companies are subject to data protection law (EU-DSGVO, ePrivacy, local law).

We are often in contact with SMBs who claim to comply with the GDPR just because they provide a privacy statement and a cookie banner (created by adapting generic templates or using freeware generators available on the market). As described under Everyone is talking about Data Protection, GDPR compliance means much more, including the creation and maintenance of processing activities, storage of all consent events, regular review of GDPR-relevant documents for changes to the legal basis (data protection declaration, cookie regulation, etc.), the support of various processes to cover user rights and much more.

 

fccDataPrivacy for SME is a full GDPR implementation at an affordable price.

fccDataPrivacy for SME provides a hosted integrated data protection platform that includes all GDPR relevant elements:

  • Preparation of legal documents (privacy statement, cookie directive and banner)
  • Processing activities and the corresponding contract processing agreements
  • Automated update of legal documents in the event of changes to the law
  • Installation instructions of the solution for the client's web environment
  • Website Visitor View (Privacy Policy, Cookie Policy and Banner)
  • Backend view (approval, processing agreements)
  • Employee training and training certificate
  • And much more.

fccDataPrivacy for SMEs is offered in 2 editions:

 

Descriptions of the functions:

Legal Documents      

Legal documents are:

  • Privacy policy
    The data protection declaration (GDPR Art. 13 and 14) describes how data (in particular personal data) is processed by an organisation, i.e. how this data is collected, used and whether it is passed on to third parties. In addition, it is often described what measures the organisation takes to ensure the privacy of its customers or users.
  • Cookie Policy
    Based on the e-Privacy Policy (or Cookie Act), organizations are required when using cookies not to collect a user's personal information without their consent. The Cookie Policy must identify all cookies used to collect personal information.
    The fccDataPrivacy website doesn't use any tracking Cookies.
  • Cookie Banners
    The cookie banner is the legal implementation of the cookie policy and is displayed on a website during the user's first visit (and, depending on the configuration, also during further visits) and allows the user to permit or refuse the installation of cookies on his computer.

Processing Activities      

According to Article 30 GDPR (processing activities), each controller must maintain (and keep up to date) a processing register. This includes

  • Name and contact details of the controller
  • Purposes of processing
  • Description of categories of data subjects and data
  • Categories of recipients
  • Third countries to which data are transferred
  • Deletion periods for personal data
  • technical and organisational measures to protect data.

For supported club administration software, the processing activities in fccDataPrivacy is already defined for clubs. These processing activities are based on the functional capabilities of the respective club administration software and not on the actual use in a club / association. If desired, the processing activities can be adapted to the actual use (project according to expenditure).

Consent      

Generally the processing of personal data of natural persons is prohibited (Art. 6 GDPR, lawfulness of processing), unless it is explicitly permitted by a number of recitals. One of these recital is consent. Consent is required for all newsletters or online orders, i.e. for all web forms that collect personal data. The website operator (responsible person) must be able to prove consent, i.e. all given consent must be stored.

fccDataPrivacy stores all consents in the background and makes them available in the admin portal.

User Rights     

According to Art. 12 (Rights of the Data Subject) and 13- 22 (Information and access to personal data), GDPR provides the following rights for individuals (aka data subjects, users):

  • The right to be informed
    Individuals have the right to be informed about the collection and use of their personal data. This is a key transparency requirement under the GDPR.
  • The right of access
    Individuals have the right to access their personal data.
  • The right of rectification
    The GDPR includes a right for individuals to have inaccurate personal data rectified, or completed if it is incomplete.
  • The right to erasure
    The GDPR introduces a right for individuals to have personal data erased. The right to erasure is also known as ‘the right to be forgotten’.
  • The right to restrict processing
    Individuals have the right to request the restriction or suppression of their personal data. This is not an absolute right and only applies in certain circumstances.
  • The right to data portability
    The right to data portability allows individuals to obtain and reuse their personal data for their own purposes across different services. It allows them to move, copy or transfer personal data easily from one IT environment to another in a safe and secure way, without affecting its usability. 
  • The right to object
    The GDPR gives individuals the right to object to the processing of their personal data in certain circumstances. Individuals have an absolute right to stop their data being used for direct marketing.
  • Rights in relation to automate decision making and profiling
    The GDPR has provisions on automated individual decision-making (making a decision solely by automated means without any human involvement) and profiling (automated processing of personal data to evaluate certain things about an individual). Profiling can be part of an automated decision-making process. The GDPR applies to all automated individual decision-making and profiling. Article 22 of the GDPR has additional rules to protect individuals if you are carrying out solely automated decision-making that has legal or similarly significant effects on them.

fccDataPrivacy has implemented these rights and the related processes can be triggered within the Admin Portal.

Admin Portal      

The admin portal contains all the functions, documents and data required for ongoing operations, including auto trail (proof of change).

The website as well as the admin portal are state-of-the-art protected against cyber attacks and access to the admin portal is additionally secured with two-factor authentication.

Education        

As a registered customer, your defined users have access to a Learning Management System (Campus) which offers initial and ongoing learning lessons about GDPR and how to use GDPR in a Club. Each learning session is accompanied by a short examination (Quizz). When passing the quizz with 75% correct answers the user will receive a certificate and this education will be registered within your education evidence (which is a legal obligation to demonstrate the education proof).

Support            

Registered customers have access to a ticketing system in order to report problems.

 

 

Pricing example for a Standard Edition with 2 languages:

  • 1 x one-time implementation = CHF 300.00
  • 2 x Licence per Language = CHF 54.00
  • 1 x Hosting = CHF 150.00
  • Totally: CHF 300.00 one-time and CHF 204.00 yearly running cost.

Please refer to the fccDataPrivacy Pricing Guide for more detailed information about Pricing. 

 

 

Questions & Answers

 

The Starter Edition is intended for very small companies with up to 25 employees. While the legally supported framework is identical for both editions, there are differences in the number of authorized persons for access to the fccDataPrivacy Portal as well as in the form of support.

Yeah, anytime. Just create a ticket and we'll do the upgrade. You will then be charged the pro-rata fees for the remainder of the current subscription period.

Please note: A downgrade from Standard to Starter Edition is not possible.

The subscription term is one year with automatic renewal for a further year if not cancelled 1 month before the end of the subscription term. Cancellations can be made in writing or in text form (e.g. by e-mail or contact form).

In the event of termination within the subscription term, no pro-rata repayment will be made.

For the fccDataPrivacy part, all data is stored in secure data centres in Switzerland and EU member states.

For your club administration software, please read the information provided by your software vendor (usually club administration software is hosted as a SaaS model and your vendor's privacy policy should state where their data centers are located).

For the Legal Part (the elements visible to visitors of your webpage: Privacy Policy, Cookie Policy, Cookie Banner) we currently support Dutch, English, French, German, Italian, Portuguese, Russian and Spanish).

The Process Activities and the fccDataPrivacy Admin Portal currently supports English and German).

fccDataPrivacy is installed in your web tool. The installation procedure for the supported web tools is well documented and tested. The installation effort depends on the skills and experience of the person performing the installation. A professional or semi-professional web developer can complete the installation within a few hours.

If you do not have the resources for the installation yourself, you are welcome to contact one of our installation partners.

fccDataPrivacy ships for a number of supported environments. These are the most popular native CMS tools (such as WordPress, Joomla!, Magento. For a list of supported environments, please refer to Supported Platforms.

It is our goal to support the tools used by our customers. If your environment is not on the list of supported environments, just let us know and we will either show you how to install it or start working on the integration. We don't charge for new integrations - even better, the first customer we implement a new integration for gets a 100% discount on the installation fees.

fccDataPrivacy for SMB is designed for partners and we support both, Distribution and Installation Partners. Typical partners are web agencies and web hosting providers. Please contact us for further information.