Demonstration
To process your request, we need to process your personal data. Find out more about the processing of your personal data here.

Trust Center compliance badges

The badges displayed in the Trust Center provide a quick overview of a company's specific commitments to data protection.

Each badge corresponds to a key area of GDPR compliance GDPR data governance, security, transparency, processors management, commercial prospecting, etc.

The objective is simple: to enable prospects, partners, or clients quickly understand how the company approaches personal data protection.

These badges are therefore an indicator of maturity and structure in data compliance.

1. How do badges work?

Badges are not awarded automatically or on the basis of a simple declaration.

They reflect concrete actions taken as part of the GDPR compliance plan.

Each company supported has a personalized action plan, defined by a specialised lawyer.

This action plan takes into account, in particular:

  • business sector (e.g healthcare, SaaS, e-commerce, etc.)
  • the role of the company (data controller or processor)
  • the nature of the data processing operations carried out
  • the maturity level of the organization

The badges displayed in the Trust Center are therefore tailored to the reality of each organization.

2. Badges based on completed actions

Each badge corresponds to a set of actions related to a specific area of compliance.

A badge only appears when the actions required to obtain it have been completed as part of the company's action plan.

These actions may, for example, concern:

  • data protection governance
  • system and access security
  • supervision of service providers processing data
  • transparency towards users
  • Data retention period management
  • the regulation of artificial intelligence
  • compliance of marketing and prospecting activities

Thus, the badges reflect concrete measures implemented within the organization, rather than a simple declaration of intent.

3. Commitment badges displayed in the Trust Center

1. Registered external DPO

DPO icon registered with the CNIL (National Commission for Information Technology and Civil Liberties)

We have appointed Dipeeo as our external DPO, registered with the relevant supervisory authority, to manage, monitor, and oversee the protection of your personal data.

What the regulations say

In certain situations (sensitive processing, large-scale monitoring, public bodies), the GDPR the appointment of a Data Protection Officer (Articles 37 to 39).

Guarantees provided by this badge

The appointment of an external DPO registered with the CNIL (National Commission for Information Technology and Civil Liberties) that:

  • The organization complies with its legal obligations under Article 37 of GDPR
  • An independent and qualified expert oversees compliance (Article 37.5: the DPO is appointed on the basis of their professional qualities and specialized knowledge).
  • The DPO is officially registered and accessible to the supervisory authority.
  • A designated contact person is available for any questions relating to data protection.
  • The organization implements the principle of Accountability set out in Article 5.2 of GDPR.

To contact the DPO: The DPO's contact details are available in the organization's privacy policy and can be provided upon request.

2. Continuing education on GDPR

GDPR training GDPR teams

We regularly train and educate our employees on GDPR ensure operational mastery of data protection obligations and best practices.

What the regulations say

The GDPR organizations to implement appropriate organizational measures to ensure data protection and stipulates that staff involved in processing must be made aware of the applicable rules (Articles 24 and 39).

Guarantees provided by this badge

Continuing education on GDPR that:

  • Teams are informed of the rules applicable to the personal data they process.
  • Internal responsibilities are clarified.
  • The procedures related to individual rights and data breaches are known.
  • Risky practices are identified and regulated.
  • Compliance is integrated into the internal culture of the organization.

3. Maintenance of the record of processing activities

record of processing activities

We maintain a record of processing activities that lists all personal data processing carried out in the course of our business.

What the regulations say

The GDPR the maintenance of a record of processing activities listing all processing operations carried out and their main characteristics (Article 30). This document can be used to demonstrate compliance in the event of an inspection.

Guarantees provided by this badge

Maintaining the register ensures that:

  • Data processing operations are identified and formalized.
  • The purposes, legal bases, and durations of Data retention defined.
  • Recipients and any transfers are recorded.
  • The security measures are documented.
  • The register is updated to reflect actual practices.

4. Data Protection Agreements

Data Processing Agreement (DPA): Data protection agreements,

We provide a GDPR DPA GDPR incorporate it into our contracts to ensure a clear legal framework for the processing of personal data.

What the regulations say

Article 28 of GDPR a written contract govern any data processing carried out on behalf of a client. This contract, known as a DPA, must include mandatory clauses relating to security, confidentiality, and data management.

Guarantees provided by this badge

Implementing a compliant DPA ensures that:

  • The respective responsibilities of the parties are clearly defined.
  • The legal obligations set out in the GDPR formalized contractually.
  • Security and confidentiality requirements are regulated.
  • The terms and conditions for assistance, auditing, and termination of the contract are provided.
  • The contractual relationship is legally secure.

5. Supervision of our service providers

Supervision of GDPR service providers

We select, audit, and supervise each of our service providers who process personal data in order to guarantee a level of protection that complies with GDPR requirements.

What the regulations say

The GDPR selecting service providers that offer sufficient guarantees and formalizing a contract in accordance with Article 28, which strictly regulates processing carried out on behalf of the company.

Guarantees provided by this badge

The supervision of service providers ensures that:

  • processors selected based on compliance and security criteria.
  • processors regularly audited by Dipeeo to ensure that the technical and organizational measures they claim to have implemented are appropriate for the data processing activities carried out.
  • processors contractually processors to comply with their data protection obligations.
  • Responsibilities are clearly defined.
  • Provisions regarding support, audits, the use of processors , and contract termination are set forth

6. Data retention periods

GDPR consent duration

We comply with the Data retention periods Data retention by regulations and delete or anonymize personal data at the end of the applicable periods.

What the regulations say

The GDPR that personal data be kept only for as long as is strictly necessary for the Purpose processing (Article 5.1.e). Beyond that, it must be deleted or anonymized.

Guarantees provided by this badge

Controlling Data retention periods Data retention that:

  • Data retention periods Data retention defined for each processing operation.
  • Data is not stored indefinitely.
  • Procedures for deletion or anonymization are in place.
  • Contractual obligations at the end of the relationship are fulfilled.
  • The risk associated withData retention is limited.

7. Transparency regarding data processing

GDPR personal information

Our privacy policy is accessible at any time and regularly updated to ensure that it is comprehensive and compliant with GDPR requirements.

 

What the regulations say

The GDPR clear, comprehensive, and accessible information GDPR regarding the processing of personal data (Articles 12–14).

Guarantees provided by this badge

  • An accessible privacy policy describes the processing operations carried out.
  • The purposes and legal bases are specified.
  • People's rights are explained and easily exercised.
  • The Data retention periods, Data retention the recipients and transfers of data outside the European Union, are specified.
  • The information is updated regularly.

8. Respect for human rights

We guarantee that data subjects can exercise their rights (access, rectification, erasure, etc.) and that their requests will be processed in a timely manner and in accordance with GDPR.

What the regulations say

The GDPR data subjects several rights regarding their personal data (Articles 12 through 23). The organization must ensure that these rights can be effectively exercised, provide clear information, and respond to requests within one month (except in specific cases), by establishing appropriate procedures.

Guarantees provided by this badge

This badge guarantees that:

  • Data subjects can easily exercise their rights.
  • An internal procedure governs the receipt and processing of requests.
  • Regulatory response times are being met.
  • The applicant's identity is verified when necessary to ensure the security of the process.
  • Requests are tracked and monitored.

9. Compliant sales prospecting

GDPR sales prospecting badge

We strictly regulate our commercial prospecting activities (email, telephone, text messages, mail) to ensure transparency, compliance, and respect for individual rights.

What the regulations say

Marketing outreach must have a legal basis, be accompanied by transparent information, and allow individuals to easily exercise their right to object (GDPR, Articles 6 and 21 of GDPR; Article L34-5 of the CPCE (Code of Posts and Electronic Communications)).

Guarantees provided by this badge

Compliance with prospecting ensures that:

  • The legal bases are identified according to the channel and the audience concerned.
  • Mandatory information is included in the messages.
  • A simple and effective opposition mechanism is provided for.
  • Requests to unsubscribe are processed immediately.
  • Prospect data is not retained beyond the applicable time limits.

10. Compliant cookies

We provide a detailed description of the cookies we use and strictly adhere to the rules regarding information, prior consent, and preference management.

What the regulations say

Cookies that are not necessary for the service to function may only be stored after obtaining prior, freely given, and informed consent. Users must be able to refuse them just as easily as they can accept them, and they must be able to change their choice at any time.

Guarantees provided by this badge

Cookie compliance ensures that:

  • No cookies requiring consent are stored until the user gives their consent.
  • The banner provides a clear and balanced selection.
  • You can change your preferences at any time.
  • The Data retention periods Data retention cookies are limited.
  • A transparent cookie policy is available at all times.

11. Data Security

GDPR data security

We implement strict technical and organizational measures (e.g., access restrictions, secure password management, data encryption, employee awareness training, etc.)

What the regulations say

The GDPR the implementation of appropriate technical and organizational measures to ensure a level of security appropriate to the risks associated with the processing of personal data (Article 32).

Guarantees provided by this badge

The implementation of security measures ensures that:

  • Access to data is limited and controlled.
  • The authentication mechanisms are secure.
  • The systems are protected against unauthorized access.
  • Security incidents are governed by a defined procedure.
  • Data is protected at a level appropriate to its sensitivity.

12. Responsible and Regulated AI

Responsible and committed AI in accordance with the AI Act

We evaluate and supervise our use of artificial intelligence to ensure that it is used responsibly, transparently, and in compliance with applicable regulatory requirements.

What the regulations say

AI systems are subject to the principles of GDPR Article 5), the right to human intervention in the case of automated decision-making (Article 22), and the requirements for transparency and data quality set out in the AI Act.

Guarantees provided by this badge

Regulating the use of AI ensures that:

  • clients data is clients shared without a legal basis.
  • The data used for training is partitioned or anonymized when required.
  • The risks of bias and discrimination are analyzed.
  • Users are informed when they interact with AI.
  • Human intervention is possible in the event of a significant automated decision.
  • Training data is deleted or anonymized after use.
  • AI systems benefit from appropriate security measures.