Privacy Impact Assessment
For convenience and information, you will find hereafter an excerpt in english. Please report to the full document for an exhaustive details.
Data collection and retention
During your registration and usage of FishFriender, we collect a few data qualified as personal:
during registration using email : first and last name, email. Email is mandatory here to formally connect the user. Data is provided by the user. Those data are never shared with commercial partners.
during registration using facebook : first and last name, email (optional). Data is provided by Facebook, only when authorized by the user.
User id : when creating an account, the app generates an internal user id, specific to the user.
using the fishing log : when catches are saved in the app, pictures and position of catches are saved on the device and on our servers. The pictures are visible by default from other people using the social network. Otherwise stated by the user on a catch basis, the place of the catch is private. We only display the geographical department in which the catch was made, so that position can not be induced.
Unique device identifier : to manage push notification, the app gets the unique device identifier, and store it server side. It also send this unique device identifier to OneSignal, the partner in charge of push notifications. In order to make FishFriender better, we need to know how anglers use the app. Therefore, we use aggregation tools to get crash reports (to fix bugs) and to know for example which screens are the most seen, or which features are the most used. To do this we partner with services providers, who gather and analyse those data for us: Google Analytics, Rollbar, Facebook Analytics and Fabric. You can disable this anonymous data collection using the privacy settings.
How is that data collected and retained?
Data is collected by asking the user (for his/her login information such as first and last name, email or facebook login data, and for his/her fishing log data), or by generating them upon inscription (user id) or when the user grants permission for push notification (unique device identifier).
Is the data stored locally, on our servers, or both?
Data is stored both locally (on the user's phone), and on our server. We store data on our server for multiple reasons : it allows the user to have backups and therefore find their data on multiple supports, and also because the app is a social network : user's can see data of other users (when they are marked as public).
For how long is data stored, and when is the data deleted?
Data is stored indefinitely. Data is deleted when the user delete data from his account using provided features, or when the user asks for the deletion of his account.
What is the process for granting consent for the data processing, and is consent explicit and verifiable?
We do not process the following collected data : first name, last name and email. First name and last name are only used by the app to be displayed on a user's profile. Email is only used to log the user in, and to send him updates concerning the app (user can unsubscribe from this emailing).
We do process data concerning fish catches, but we strip all personal identification from them, as so we do not ask for consent for this process. Resulting reports does not offer the ability to follow a user, or to see precisely where one did fish.
When processing personal data for external partners (such as reporting for fishing associations), the user must join each collection program via the application, so he can control where his/her data are sent.
What controls do users have over the data collection and retention?
Users can ask for a deletion of all the data they created. It will be done by our team under a maximum delay of 30 days.
Technical and security measures
Is the data encrypted?
Password are encrypted. Other data are not.
Is the data backed up?
Yes, there is an automated database backup, handled by Heroku.
What are the technical and security measures at the host location?
Hosting of server and database, therefore technical and security measures, are provided by Heroku. We use an EU based hosting for database and server.
Who has access to the data?
Access to the production database is restricted to the CTO. Access to the FishFriender's administration console is restricted to the C-team. This console provides access to personal data of users : it is used only to maintain the operating system, to fix bugs, or to help users with their accounts.
What data protection training have those individuals received?
CTO has more than 8 years of experience in computer sciences development and operations. CEO is trained by the CTO on a daily basis.
What security measures do those individuals work with?
We use specific passwords and two factor authentication for every service we personally connect to. We do not develop tools that could allow us to export personal data.
What data breach notification and alert procedures are in place?
Our services are protected by an external tool (Cloudflare), that help detects and mitigate common attack vectors. We use several tools to maintain or code up to date on security updates.
We listen regularly to our service providers (such as Heroku) for breach information.
If we are notified or suspect an intrusion or data breach, the procedure in place is an immediate activation of the maintenance mode, and investigating using our logs and intel. External communication will be done after fixing has been put in place to avoid another breach on this particular point. Competent authority would be informed.
What procedures are in place for government requests?
Contact Gregory Tordjeman ([email protected]) for any government request.
How does the data subject exercise their access rights?
Users can see all of their data in the application.
How does the data subject exercise their right to data portability?
An interface to export user's data will be available in the future in the user's privacy settings page. During the meantime, a user can contact us, and we will perform a manual extract of their data.
How does the data subject exercise their rights to erasure and the right to be forgotten?
Currently, a simple request by email (email is used to prove user is indeed the user asking to delete his account) is enough to get his data deleted. When asked, we simply delete all data we have concerning this user under a maximum delay of 30 days.
How does the data subject exercise their right to restrict and object?
Each user has access to a privacy settings page, allowing him to enable / disable all or each processing process.