Personal Data Protection FAQ

Introduction

Welcome to the Neostore Data Protection FAQ, designed to address the most common queries regarding our data processing practices and how we ensure compliance with global data protection standards.

Neostore is uniquely positioned to help global retail companies navigate the complexities of data protection in-store across the globe. Our platform is engineered to simplify data collection and enhance customer autonomy, enabling consumers to interact with their favorite brands through tailored forms. These forms are adaptable based on brand needs, store locations, regions, and localizations, ensuring that data handling is both effective and respectful of customer preferences.

Neostore collaborates with a dedicated Data Protection Officer (DPO) from Deta Consulting, a Data Privacy Specialist, to oversee and ensure the highest standards of data protection are maintained. Additionally, whenever possible, we involve the brand or retailer’s DPO in the project implementation phases to align our processes closely with the client’s specific data protection needs and policies.

Should you have any questions about how Neostore processes and protects personal data, or if you require assistance with specific data protection issues, please do not hesitate to reach out to our DPO at the contact details provided below: contact@deta-consulting.com

1. Personal Data Processing

Does Neostore process personal data in providing its services?

Yes, Neostore processes personal data as part of its service offerings, covering operations such as collection, recording, organization, structuring, storage, adaptation, retrieval, use, and erasure of personal data.

What are Neostore’s obligations as a data processor?

Neostore is committed to:

• Processing personal data solely for the contracted purposes.
• Following the client’s documented instructions and immediately notifying the client if an instruction is believed to violate any data protection regulations.
• Ensuring the confidentiality of the personal data it processes.
• Deleting or returning all personal data at the end of the contract unless required to retain it by law.
• Assisting the client in ensuring compliance with data protection obligations, including facilitating audits and inspections.
• Implementing appropriate technical and organizational measures to ensure data processing meets GDPR requirements, particularly regarding data security.

2. Processing Description

What are the nature and purpose of Neostore’s data processing activities?

Processing activities include collecting, reading, displaying, and transferring data to/from CRM tools, mainly for managing customer accounts and integrating loyalty cards into digital wallets.

How long does Neostore retain processed data?

Neostore retains customer identifiers only for the duration necessary to facilitate the intended transactions. No other personal data is stored permanently.

What are the client’s obligations in the data processing agreement?

The client is responsible for ensuring that data subjects are informed about the processing activities and that data collection is compliant with applicable data protection laws. This includes securing consent where required, particularly for promotional communications.

3. Data Subjects & Personal Data

Who is affected by Neostore’s data processing activities?

The processing activities primarily affect the customers and prospects of Neostore’s clients.

What types of personal data does Neostore process?

The types of personal data processed can include names, email addresses, opt-in/out preferences, language preferences, and loyalty information, subject to client requirements.

Does Neostore process any sensitive personal data?

Neostore does not process sensitive personal data by default. Any sensitive data processing would be performed in strict compliance with legal requirements and client consent.

Does Neostore use cookies or other tracking technologies?

Neostore does not use cookies or trackers. Clients can customize forms to include third-party data tracking if necessary, using tools like Google Tag Manager.

4. Personal Data Protection

Are Neostore’s staff subject to confidentiality obligations?

Yes, all Neostore staff and external contractors are bound by confidentiality obligations and follow stringent data protection protocols.

What measures are in place to secure the personal data?

Neostore has implemented technical and organizational measures that ensure the security of personal data, protecting against unauthorized or unlawful processing, accidental loss, destruction, or damage. This includes ensuring data confidentiality, integrity, availability, and resilience of processing systems and services.

What happens to the data at the end of the contract?

Neostore will delete or return all personal data at the end of the agreement, except where required to retain the data by European Union or Member State law.

5. Sub-processors

Can Neostore subcontract parts of its data processing responsibilities?

Yes, with general authorization from the client, Neostore can subcontract parts of the data processing. Neostore ensures that its subprocessors are bound by contractual terms that are at least as protective as those stipulated in Neostore’s own agreement with its clients.

Who are the main subcontractors?

Neostore uses Microsoft Azure for hosting and Cloudflare for security, ensuring that all data processing remains within EU boundaries.

How does Neostore ensure compliance from its sub-processors?

Sub-processors are selected based on their technical capabilities and commitment to data protection, verified through certifications like SOC 2 and ISO 27001.

How does Neostore ensure the lawfulness of subcontracting?

Neostore signs contracts with its subprocessors that impose obligations comparable to those Neostore undertakes with its clients, ensuring appropriate security measures and compliance with GDPR.

6. Data Subject Rights

How does Neostore handle requests concerning data subject rights?

Neostore facilitates access and modification of data through its platform, ensuring data subjects can manage their information effectively.

How does Neostore manage unsubscribes and opt-outs?

Neostore includes options for unsubscribing in all communications, which can be managed directly by the data subjects through their device settings.

7. Incident and Complaint Management

What is Neostore’s approach to data breaches?

Neostore is committed to promptly notifying clients of any data breaches, detailing the nature, potential impact, and measures taken to address the breach.

Has Neostore experienced any data breaches or received complaints in the last five years?

There have been no reported data breaches or formal complaints regarding data processing by Neostore in the last five years.

8. Compliance and Regulations

How does Neostore ensure compliance with local and international data protection regulations?

Neostore’s CRM tool is designed to be flexible, allowing for alignment with local data protection regulations, including mechanisms for managing consent and ensuring accurate data handling.

9.Neostore’s Data Protection Features

How does Neostore incorporate the privacy by design concept in its platform?

Neostore integrates privacy by design principles to ensure compliance with global data protection regulations such as GDPR, CCPA, and LGPD. This approach minimizes personal data processing while maintaining effective customer interactions. For example, Neostore uses technologies that do not require directly identifying information to send push notifications or manage loyalty cards.

What is Zero-party data and how does Neostore facilitate its collection?

Zero-party data, or Earned data, is information that customers voluntarily and proactively share with brands in a trusted environment. Neostore promotes the collection of this type of data, enabling brands to gather authentic insights directly from customers without relying on third-party data.

How does Neostore help minimize personal data processing?

Neostore allows brands to collect only the data they truly need from customers via customizable forms. This minimizes unnecessary data collection and builds trust, aligning with data minimization principles required by various regulations. Neostore does not impose specific data collection requirements, ensuring flexibility and compliance.

How does Neostore manage data storage and duplication?

Neostore does not store customer data collected through its platform. Instead, data is immediately transferred to the client’s system or CRM tools like Cegid Retail or Salesforce. For clients subject to local data storage laws, such as in Russia or China, Neostore can adapt to store data directly on local servers.

How does Neostore support transparent information collection and consent management?

Neostore enables clients to implement consent mechanisms, such as opt-in checkboxes, within their Neostore layout, accompanied by clear informational notices. This helps comply with laws like CCPA by including options such as “Do not sell my personal information” checkboxes. Consent logs can be integrated into the client’s CRM tool, providing evidence of GDPR-compliant consent collection.

What tools does Neostore provide to support clients’ cookie policies?

While Neostore encourages minimizing the use of third-party data, it supports the implementation of Consent Management Platforms (CMPs) within its layout for clients who choose to maintain a cookie policy.

How does Neostore assist customers in managing their rights over their personal data?

Neostore’s platform facilitates customers’ ability to exercise their rights, such as data modification, deletion, or objection. This feature encourages proactive management of personal data directly by customers through the platform.

Can Neostore help in auditing and compliance demonstration?

Yes, Neostore commits to assisting clients in demonstrating compliance with their data protection obligations. This includes supporting audits and inspections by allowing an independent auditor, appointed by the client, to conduct annual audits. Neostore helps ensure that these audits are informed and efficient, contributing to overall transparency and compliance efforts.

These FAQs are designed to help Neostore clients understand how the platform supports compliance with data protection regulations and enables effective and secure customer data management. For further information or specific queries, clients are encouraged to contact Neostore’s privacy team at privacy@neostore.cloud