In a previous post, we touched on what the General Data Protection Regulation (GDPR) means from our members' viewpoint and what step we have been taking to both comply help our members comply. In this article, we detail in full transparency what data we store for both our members and their customers, when it is deleted, where it is located, what subcontractors we use, and the security measures in place.
PhotoDeck's business approach has always been to place product quality center and front, and on strong ethical foundations. Deep respect for and attention to personal data are part of our DNA.
We collect only what is necessary to 1) provide the service our members contract, 2) allow our company's legitimate operations, and 3) comply with the laws we're subject to. We store as little personal data as needed, for a limited duration, and it would naturally be out of question to share our users' data with third parties outside of the scope described above.
We distinguish our members' websites' and customers' data from data controlled by PhotoDeck.
Data related to PhotoDeck members and visitors
PhotoDeck is Data Controller for data concerning our members (subscribers) and visitors.
Subscriber's personal data
We further distinguish data that we must legally keep for at least 10 years: account creation date (contract acceptance), first and last names, e-mail addresses, language, security information linked to logins (date and IP address, login failures), orders (including IP address), subscriptions, invoices and financial transactions. We also keep e-mail correspondance with our members and other contacts.
Other data is automatically deleted from the operational database when the grace period (up to 2 months) following the last subscription expires (contract termination): password (encrypted and salted), address book, payment details and preferences, carts, referral URLs and campaigns, affiliate links ...
These pieces of data are stored on servers located in OVH datacenters, in France, and are partially accessible by the contractor(s) we employ to provide technical support to our members.
We also occasionnaly send an email newsletter to our current and former members to keep them informed about our product's developments. For that, we require and record explicit consent, that is kept without time limit but that is revokable (unsubscription) at any time.
Unidentifiable aggregate data
Aggregate data about the service (e.g. subscribers number, usage rate of certain features, etc...) are produced and kept without duration limitation, but are not linked nor linkable to identifiable individuals.
We also use Google Analytics for a global traffic analysis of our websites, without using features that would allow to link that data to identifiable individuals.
Members' websites' and clients' data
A PhotoDeck member is responsible (Data Controller) for his own (PhotoDeck-powered) website's data and for that website's clients' data.
PhotoDeck is then a subcontractor (Data Processor) in the GDPR sense: we process data on behalf and under instruction of the member, and we don't use that data outside of the scope of the service contracted by that member.
In other words, the data of a member's website and customers belong exclusively to that member, who control them fully.
This data includes, beside the member's images/video clips, website customization and configuration settings, any other personal data stored via the tools provided by PhotoDeck: for example, the customers' login credentials, carts, selections (lightboxes), orders, comments left on the website, IP address, physical addresses, et...
This data is mainly stored on servers located in OVH datacenters, in France. The files imported by our members, as well as websites' static code parts, are stored on the Amazon cloud. The data is partly accessible by the contractor(s) we use to provide technical support to our members.
The data are transmitted to third-parties, other than the subcontractors we use (and within the GDPR requirements), only upon instruction from the member (for example, order details transmitted to a lab for fulfillment).
The data is automatically deleted from our operational database at the end of the grace period (up to 2 months) following the last subscription (contract termination). The uploaded images, video clips and documents may be kept for an additional 2 months.
A general database backup (excluding files uploaded by our members) is maintained at all times. This general backup is a contingency for a potential disastrous technical failure concerning the whole database, and is also meant to help analyse and repair a potential issue occuring progressively over time in the database. As it is a "low-level" backup, data in this backup file are not directly accessible or usable.
Each backup file is encrypted before being stored on the Amazon S3 Cloud (Ireland), and is kept for two years.
Subcontractors and data location
The main data is stored with OVH (France).
Static files (uploaded by our members, general backups, order delivery files...) are stored on the Amazon Cloud, in Ireland or in the USA, within the GDPR requirements, and/or with OVH.
Technical support to our members may be provided by a contractor, located in Europe or in the USA.
Physical access to the data, to the servers and the datacenters it is located in, is guaranteed by OVH and Amazon, respectively.
PhotoDeck ensures remote access security by limiting access at several software layers, on a "prohibited if not explicitely allowed" basis. Administrative access to the servers and the overal database is limited to the strict minimum.
Members' and administrators' connections to the web service, from outside the datacenters, is secured (SSL encryption). Connections to the members websites are also secured with SSL when personal data is transmitted (e.g. checkout pages, login, ...).
The general backups are encrypted before being stored with the cloud provider who ensures the physical security of the encrypted files. The decryption key is stored separately, offline.
The contractor(s) providing support to members have a limited remote access, via a web interface secured with individual credentials.
Computer system security updates are performed as soon as possible following their release, as a result of specialized communication channels monitoring.
Want to know more? Ask us!