This page has no legal value. These are simply ways to be compatible with European regulation. We invite you to contact your legal department, your lawyer and/or the data protection authority (CNIL in France) for more precise advice.
The General Data Protection Regulation (GDPR) is a European regulation that must be respected by any data controller of at least 1 European citizen.
In a few words, the GDPR makes the following changes:
- More rights for European citizens (right to forget, right to data portability, etc.).
- More data security (risk analysis, data protection from the design stage, mandatory notification in the event of a security incident)
- More more controls on data processing (consent of users, supervision of transfers to subcontractors or to countries outside the European Economic Area)
- More more sanctions on companies that do not comply with the regulation (up to a maximum of €20 million or 4% of worldwide turnover)
- A worldwide scope, any entity processing European citizens' data must comply with the regulation
In the context of use of the Julie Desk service, who is responsible for data treatment and processing?
In the case of GDPR, as Julie Desk users, you are responsible for data processing. Julie Desk is a subcontractor.
What does that mean ?
This means that you are the owner of the data and you are the person giving the orders to set up meetings, Julie Desk is simply executing your instructions.
As the owner of the data, you must ensure that you have the right to transfer and process it to us. You are also responsible for informing your contacts of the processing.
If you make appointments with people you know or if you have collected contact details by specifying the purposes of your processing via opt-in forms (your contact explicitly ticks a box authorizing you to process his data), then you have the right.
If you have recovered databases of email addresses without the consent of the persons concerned (scrapping, spam or other techniques that are less than questionable) then you are illegally processing data vis-à-vis the GDPR and expose yourself to possible sanctions.
Consent to data treatment is the basis of the GDPR.
Regarding the purpose of the data processing, informing contacts is quite simple. To use the service, you must indicate the purpose of your request so that it can be understood (for example, arranging an appointment at the office). Your contact is therefore informed of the purpose of the processing of his data for this particular request.
Concerning the broader description of data treatment, you have the possibility of defining the data use in the signature of the email address which is addressed to your contacts (Julie's signature) by addressing the support team.
We advise you to add the following information to your e-signature, featured here in the format: information required followed by sample text:
|Purpose of the processing|
Julie Desk is an artificial intelligence supervised by humans that organizes your appointments by email.
Restrictions on the confidentiality of data transferable to the service in accordance with your security policy (if applicable).
Please limit the information transmitted to the strictest information necessary to make an appointment. Do not include confidential or sensitive information.
If you have any questions regarding the processing of your data, please contact firstname.lastname@example.org
2 scenarios are possible:
· You received a request from Julie Desk:
A user contacted us directly and we forwarded the request to you. We will then ask you to confirm this request (you are the owner of this data) before we make any changes on our side.
· You have received a direct request from one of your contacts :
A user has contacted you specifically regarding the Julie Desk service or made a general query about the processing of his data. You must this request to the Julie Desk team via the support email so that we can treat it in a targeted way regarding your data for this contact.