Privacy Impact Assessment
Data Prootection Officer :
Data collection and retention
Lors de votre inscription, puis de l'utilisation de FishFriender, nous sommes amenés à récolter plusieurs données qualifiées de données personnelles :
during registration using email : first and last name, email. Email is mandatory here to formally connect the user. Data is provided by the user.
during registration using facebook : first and last name, email (optional). Data is provided by Facebook, only when authorized by the user.
User id : when creating an account, the app generates an internal user id, specific to the user.
using the fishing log : when catches are saved in the app, pictures and position of catches are saved on the device and on our servers. The pictures are visible by default from other people using the social network. Otherwise stated by the user on a catch basis, the place of the catch is private. It currently displays a 10km radius around the closest city, but this will be extended in the near future to the department, so that position can definitely not be induced.
Unique device identifier : to manage push notification, the app gets the unique device identifier, and store it server side. It also send this unique device identifier to OneSignal, the partner in charge of push notifications.
How is that data collected and retained?
Data is collected by asking the user (for his/her login information such as first and last name, email or facebook login data, and for his/her fishing log data), or by generating them upon inscription (user id) or when the user grants permission for push notification (unique device identifier).
Is the data stored locally, on our servers, or both?
Data is stored both locally (on the user's phone), and on our server. We store data on our server for multiple reasons : it allows the user to have backups and therefore find their data on multiple supports, and also because the app is a social network : user's can see data of other users (only when they are marked as public).
For how long is data stored, and when is the data deleted?
Data is stored indefinitely. Data is deleted when the user asks for the deletion of his account.
What is the process for granting consent for the data processing, and is consent explicit and verifiable?
We do not process the following collected data : first name, last name and email. First name and last name are only used by the app to be displayed on a user's profile. Email is only used to log the user in, and to send him updates concerning the app (user can unsubscribe from this emailing).
We do process data concerning fish catches, but we strip all personal identification from them, as so we do not ask for consent for this process. Resulting reports does not offer the ability to follow a user, or to see precisely where one did fish.
What controls do users have over the data collection and retention?
Users can ask for a deletion of all the data they created. It will be done by our team as soon as possible.
Technical and security measures
Is the data encrypted?
Password are encrypted. Other data are not.
Is the data anonymized or pseudonymized?
We use a unique user id for each user of the app. We only share this id with tiers, not any other information.
Is the data backed up?
Yes, there is an automated database backup, handled by Heroku.
What are the technical and security measures at the host location?
Hosting (of server and database) is provided by Heroku. We currently use an EU based hosting.
Who has access to the data?
Access to the production database is restricted to the DPO. Access to the FishFriender's administration console is restricted to the C-team. This console provides access to personal data of users : it is used only to maintain the operating system, to fix bugs, or to help users with their accounts.
What data protection training have those individuals received?
DPO has 5 years of experience in computer sciences work. CEO is trained by the DPO on a daily basis.
What security measures do those individuals work with?
We use specific passwords and two factor authentication for every sensitive service we connect to. We do not develop tools that could allow us to export personal data.
What data breach notification and alert procedures are in place?
Our services are protected by an external tool (Cloudflare), that help detects and mitigate common attack vectors. We use several tools to maintain or code up to date on security updates.
We listen regularly to our service providers (such as Heroku) for breach information.
If we are notified or suspect an intrusion or data breach, the procedure in place is an immediate activation of the maintenance mode, and investigating using our logs and intel. External communication will be done after fixing has been put in place to avoid another breach on this particular point. Competent authority would be informed.
What procedures are in place for government requests?
Contact DPO Philippe Auriach ([email protected]) for any government request.
How does the data subject exercise their access rights?
Users can see all of their data in the application.
How does the data subject exercise their right to data portability?
An interface to export user's data will be available in the near future in the user's privacy settings page. During the meantime, a user can contact us, and we will perform a manual extract of their data.
How does the data subject exercise their rights to erasure and the right to be forgotten?
Currently, a simple request by email (email is used to prove user is indeed the user asking to delete his account) is enough to get his data deleted. When asked, we simply delete all data we have concerning this user.
How does the data subject exercise their right to restrict and object?
Each user has access to a privacy settings page, allowing him to enable / disable all or each processing process.