Data Protection Readiness

Companies as well as clubs are subject to data protection law (EU-GDPR, ePrivacy, CH-nDSG, local law).

We are often in contact with clients who claim compliance with the GDPR just because they provide a privacy policy and cookie banner (created by adapting generic templates or using freeware generators available on the market). However, GDPR compliance means much more, including the creation and maintenance of a processing directory, the storage of all consent events, the regular review of GDPR-relevant documents for changes to the legal basis (privacy policy, cookie policy, etc.), the support of various processes to cover user rights and much more.

 

Data Protection Readiness is an implementation of the GDPR at an affordable price.

Data Protection Readiness offers a hosted integrated data protection platform that contains all elements relevant to the GDPR:

  • Creation of legal documents (privacy policy, cookie policy and banner)
  • Installation instructions for integration into the customer's web environment
  • Processing activities and the associated order processing contracts (for SaaS products, we provide the processing directories free of charge)
  • Automated updating of the legal documents in the event of changes in the law
  • Visitor view of the website (privacy policy, cookie policy and banners)
  • Back-end view (consent, processing directory)
  • Staff training and proof of training
  • And much more.

 

Data Protection Readiness for SMBs              

Data Protection Readiness for SMBs is offered in 3 editions:  

 

 

Price example for the standard edition with 2 languages:

  • 1 x one-time implementation = CHF 410.00
  • 2 x licence per language = CHF 54.00
  • 1 x hosting = CHF 190.00
  • Total: CHF 410.00 one-off and CHF 244.00 annual hosting fees.

Detailed information about prices: fccDataPrivacy price list.

Data Protection Readiness for Clubs     

Data Protection Readiness for clubs is offered in 3 editions:

 

Price example for the standard edition with 2 languages:

  • 1 x one-time implementation = CHF 260.00
  • 2 x licence per language = CHF 54.00
  • 1 x hosting = CHF 160.00
  • Total: CHF 360.00 one-off and CHF 214.00 annual hosting fees.

Detailed information about prices: fccDataPrivacy price list.

 

Functional Descriptions:

Legal Documents  

Legal documents are (usually published on the website):

  • Privacy Statement
    The privacy statement (GDPR Art. 13 and 14) describes how personal data is processed by an organisation, i.e. how this data is collected, used and whether it is disclosed to third parties. In addition, it often describes what measures an organisation takes to ensure the privacy of its customers or users.
  • Cookie policy
    Based on the e-Privacy Directive (or Cookie Law), when using cookies, organisations are obliged not to process a user's personal data without their consent. The Cookie Policy must identify all cookies used that may collect personal data.
  • Cookie banner
    The cookie banner is the legal implementation of the e-Privacy Directive and is displayed on the user's first visit (and, depending on the configuration, on subsequent visits) to a website and allows the user to allow or refuse the installation of cookies on their computer.

Processing Activities      

According to Article 30 GDPR (processing activities), each controller must maintain (and keep up to date) a processing register. This includes

  • Name and contact details of the controller
  • Purposes of processing
  • Description of categories of data subjects and data
  • Categories of recipients
  • Third countries to which data are transferred
  • Deletion periods for personal data
  • technical and organisational measures to protect data.

For supported club administration software, the processing activities in fccDataPrivacy is already defined for clubs. These processing activities are based on the functional capabilities of the respective club administration software and not on the actual use in a club / association. If desired, the processing activities can be adapted to the actual use (project according to expenditure).

Consent      

Generally the processing of personal data of natural persons is prohibited (Art. 6 GDPR, lawfulness of processing), unless it is explicitly permitted by a number of recitals. One of these recital is consent. Consent is required for all newsletters or online orders, i.e. for all web forms that collect personal data. The website operator (responsible person) must be able to prove consent, i.e. all given consent must be stored.

fccDataPrivacy stores all consents in the background and makes them available in the admin portal. Consent includes:

  • who provided the consent
  • when and how consent was acquired from the individual user
  • the consent collection form they were presented with at the time of the collection
  • which conditions and legal documents were applicable at the time that the consent was acquired.

User Rights     

According to Art. 12 (Rights of the Data Subject) and 13- 22 (Information and access to personal data), GDPR provides the following rights for individuals (aka data subjects, users):

  • The right to be informed
    Individuals have the right to be informed about the collection and use of their personal data. This is a key transparency requirement under the GDPR.
  • The right of access
    Individuals have the right to access their personal data.
  • The right of rectification
    The GDPR includes a right for individuals to have inaccurate personal data rectified, or completed if it is incomplete.
  • The right to erasure
    The GDPR introduces a right for individuals to have personal data erased. The right to erasure is also known as ‘the right to be forgotten’.
  • The right to restrict processing
    Individuals have the right to request the restriction or suppression of their personal data. This is not an absolute right and only applies in certain circumstances.
  • The right to data portability
    The right to data portability allows individuals to obtain and reuse their personal data for their own purposes across different services. It allows them to move, copy or transfer personal data easily from one IT environment to another in a safe and secure way, without affecting its usability. 
  • The right to object
    The GDPR gives individuals the right to object to the processing of their personal data in certain circumstances. Individuals have an absolute right to stop their data being used for direct marketing.
  • Rights in relation to automate decision making and profiling
    The GDPR has provisions on automated individual decision-making (making a decision solely by automated means without any human involvement) and profiling (automated processing of personal data to evaluate certain things about an individual). Profiling can be part of an automated decision-making process. The GDPR applies to all automated individual decision-making and profiling. Article 22 of the GDPR has additional rules to protect individuals if you are carrying out solely automated decision-making that has legal or similarly significant effects on them.

fccDataPrivacy has implemented these rights and the related processes can be triggered within the Admin Portal.

Admin Portal      

The admin portal contains all the functions, documents and data required for ongoing operations, including auto trail (proof of change).

Both the website and the admin portal are state-of-the-art protected against cyber attacks and access to the admin portal is additionally secured with two-factor authentication.

Education        

As a registered customer, your defined users have access to a Learning Management System (Campus) which offers initial and ongoing learning lessons about GDPR and how to use GDPR in a Club. Each learning session is accompanied by a short examination (Quizz). When passing the quizz with 75% correct answers the user will receive a certificate and this education will be registered within your education evidence (which is a legal obligation to demonstrate the education proof).

Support            

Registered customers have access to a ticketing system in order to report problems.

 

 

Questions & Answers

+ - What is the difference between the editions? Click to collapse

The editions are mainly intended to reflect the company size (number of employees). While the legally supported framework is identical for all editions, there are differences in the number of authorized persons with access to the fccDataPrivacy Portal as well as in the form of support.

+ - Can I switch between the editions? Click to collapse

Yeah, anytime. Just create a ticket and we'll do the upgrade. You will then be charged the pro-rata fees for the remainder of the current subscription period.

Please note: A downgrade between the editions is not possible.

+ - How can I cancel a subscription? Click to collapse

The subscription term is one year with automatic renewal for a further year if not cancelled 1 month before the end of the subscription term. Cancellations can be made in writing or in text form (e.g. by e-mail or contact form).

In the event of termination within the subscription term, no pro-rata repayment will be made.

+ - Where is my personal data stored? Click to collapse

For the fccDataPrivacy part, all data is stored in secure data centres in Switzerland and EU member states.

For your club administration software, please read the information provided by your software vendor (usually club administration software is hosted as a SaaS model and your vendor's privacy policy should state where their data centers are located).

+ - What languages are supported? Click to collapse

For the Legal Part (the elements visible to visitors of your webpage: Privacy Policy, Cookie Policy, Cookie Banner) we currently support Dutch, English, French, German, Italian, Portuguese, Russian and Spanish).

The Process Activities and the fccDataPrivacy Admin Portal currently supports English and German).

+ - What is the estimated effort to make fccDataPrivacy running? Click to collapse

fccDataPrivacy is installed in your web tool. The installation procedure for the supported web tools is well documented and tested. The installation effort depends on the skills and experience of the person performing the installation. A professional or semi-professional web developer can complete the installation within a few hours.

If you do not have the resources for the installation yourself, you are welcome to contact one of our installation partners.

+ - What web tools (CMS) are supported? Click to collapse

fccDataPrivacy ships for a number of supported environments. These are the most popular native CMS tools (such as WordPress, Joomla!, Magento). For a list of supported environments, please refer to Supported Platforms.

It is our goal to support the tools used by our customers. If your environment is not on the list of supported environments, just let us know and we will either show you how to install it or start working on the integration. We don't charge for new integrations - even better, the first customer we implement a new integration for gets a 100% discount on the installation fees.

+ - Does my CMS support the installation of fccDataPrivacy? Click to collapse

Some CMS do not support all technologies necessary for the proper operation of fccDataPrivacy. Under Q&A you will find the information and tips & tricks to set up your CMS for the operation of fccDataPrivacy.

+ - How can I become a fccDataPrivacy partner? Click to collapse

fccDataPrivacy is designed for partners and we support both, Distribution and Installation Partners. Typical partners are web agencies and web hosting providers. Please contact us for further information.