LogoLogo
Contact usBook a demoSupport
  • 🟦v2.0
    • 👋Introduction
    • Front Office
      • Front interface structure
      • Log in & Register
      • Homepage
        • Vendor Homepage
        • Customer Homepage
        • Homepage (User search feature)
        • AI Search Assistant
      • Rendering types
        • Commoditized Rendering types
          • Listing Deposit (All rendering types)
          • Time Based
            • Create a Listing (Time Based)
            • Edit a Listing (Time Based)
            • Show a Listing (Time Based)
            • Book a Service (Time Based)
          • Seat Based
            • Create a Listing (Seat Based)
            • Edit a Listing (Seat-Based)
            • Show a Listing (Seat-Based)
            • Book a Listing (Seat-Based)
          • Flat Rate
            • Create a Listing (Flat Rate)
            • Edit a Listing (Flat-Rate)
            • Show a Listing (Flat Rate)
            • Book a Listing (Flat Rate)
        • Uncommoditized Rendering types
          • Request for Proposal (RFP)
            • Create a Request for Proposal (RFP)
              • RFP Assistant
            • RFP page (RFP)
            • Bid proposals (RFP)
      • Listing details supported by AI
      • Platform Subscriptions
      • Quote requests (Quote)
      • Upgrades management
      • Discount Coupons
      • Search result pages
        • Listings search results page (Time-Based mode)
        • Listings search results page per category (All Rendering types)
        • Users search results page (User search feature)
        • Listing Alert management (Listing Alert mode)
        • Listings search results page
      • Favorite page
      • Profile pages
        • Profile page (Time-Based mode)
      • Content page
      • Users onboarding page
      • Contact page
    • Dashboards
      • User dashboard structure pages
      • User KPI - Homepage
        • User KPI (Time-Based, Seat-Based, Flat-Rate, RFC)
        • User KPI (RFP bundle)
      • Messages dashboard
      • Quotes dashboard (Quote feature)
      • Bids dashboard (RFP rendering type)
      • Request for proposals dashboard (RFP rendering type)
      • Bookings dashboard
        • Bookings dashboard (Time-Based rendering type)
        • Mediation management dashboard (Mediation feature)
        • Bookings dashboard (Subscription)
      • Listings dashboard
      • Platform Subscriptions
      • Payments dashboard
        • Payments dashboard (Time-Based rendering type)
        • Invoices (Flat-Rate rendering type)
      • Reviews dashboard
      • User profile dashboard
        • User profile dashboard (All rendering types)
        • User profile dashboard (User search feature)
    • SuperAdmin
      • Accessing the Backoffice
      • Navigating the Backoffice
      • Platform KPI - Homepage
      • Listings
        • Viewing and managing listings
        • Listings categories management
        • Listings attribute management
      • Coupon
      • Mediation
      • Bookings
        • Bookings management
        • Bids management
        • Quotes Management
        • Payments management
        • Reviews management
      • Users
        • Viewing and managing users
        • User categories management
        • User attributes management
        • Users messages management
        • Contact management
      • Platform Subscriptions
        • Plans
        • Subscriptions
      • Access rights
        • Administrators management
        • Rights management
        • Roles management
      • Contents
        • Header menus
        • Footer menus
        • Pages
          • Guide: manage a page's slug
          • Guide: add contents to internal pages
        • Interface texts
        • Messages to users (Notifications)
      • Configurations
        • Preset
        • Webhook
        • Commands
        • Features
          • Artificial Intelligence Features
            • AI Settings
            • AI Patterns Feature
            • AI Search Assistant Configurations
            • Vendor Matching Configuration
            • RFP Assistant Configuration
            • Rendering Type Auto Suggestion
      • Setting up Third Party API accounts
      • OAuth
      • Service templates management
        • Service templates (Flat-Rate rendering type)
        • Subscription service templates (Flat-Rate rendering type)
      • Settings
        • Home Page Media
        • Home Page Setup
    • Core Concepts
      • Time-Based rendering type
      • Flat-Rate rendering type
        • Subscription
      • Seat-Based Rendering type
        • Stock Feature
      • Request for proposal bundle (RFP)
      • Quote Feature
      • Platform Subscription
      • User search feature
      • Calendar Sync feature
      • Mediation feature
      • Typesense feature
      • Listing Alert feature
      • Upgrades feature
      • Coupon Feature
      • SMS Feature
      • Listing Search Advanced Feature
      • Recaptcha Feature
      • Payment Service Provider features (PSP)
        • Stripe bundle (PSP) - Business rules
          • Dashboard Stripe - Subscription Feature
        • Mangopay bundle (PSP) - Business rules
          • Dashboard Mangopay - Subscription Feature
          • Bank Wire Transfer Payment (Banking Alias) / RFP rendering type (Request for Proposal)
      • Search Engine Optimization (SEO)
      • Maildev
      • Audit
      • General Data Protection Regulation (GDPR)
      • Google Tools
      • Users Onboarding
    • Glossary
Powered by GitBook
LogoLogo

© Second SAS

On this page
  • Why
  • For which services
  • GRPR apply to Second
  • Limited purpose
  • Lawful legal basis
  • Information of the persons concerned
  • Data security
  • Transfer of data outside the EU
  • Internal procedures
  • Password Management Policy

Was this helpful?

Export as PDF
  1. v2.0
  2. Core Concepts

General Data Protection Regulation (GDPR)

This documentation is intended to shed light on the rules within Second. Please keep in mind that it is your contract that governs the limitation of liability between you and Second and not this docum

PreviousAuditNextGoogle Tools

Last updated 11 months ago

Was this helpful?

Why

GDPR or General Data Protection Regulation is a set of rules about how companies should process the personal data of people concerned, within the European Union.

The GDPR defines the responsibilities of organizations to ensure the confidentiality and protection of personal data. It grants to the concerned people certain rights.

It also gives regulators the power to demand proof of their liability, or even to impose fines, in cases where an organization does not comply with GDPR requirements.

The GDPR puts companies based in the European Union and those based outside Europe on an equal footing and puts an end to unfair competition.

For which services

For all marketplaces services.

Second use natively Cookiebot services on every platform.

The end-users of our solution solely remain responsible for the application of the GDPR on their platform.

At Second, we have minimized our responsibility. Also can help platform administrators with their requests regarding user data because we have access to the tools. However, this is not our responsibility.

Keep in mind that the first person in charge of user data remains the customer: the administrator of the platform.

GRPR apply to Second

Limited purpose

Definition: Personal data can only be collected and processed for specific, explicit and legitimate purposes.

  • At Second we collect the data for:

    • Users accounts

    • Listings creation and publication

    • Bookings creations

    • Payments

    • KPI’s

Lawful legal basis

Definition: The processing must correspond to one of the legal bases provided for by the GDPR (legal obligation, contract, legitimate interest, consent...). When the processing is based on consent, it is important to ensure that it has been validly collected.

  • Second is “in accordance with Article 6-1-b of the General Data Protection Regulation, the processing is necessary for the performance of the contract to which the customer has subscribed.”

Information of the persons concerned

Definition: They must be informed in a precise and transparent manner before the processing is implemented. Various information must be communicated to them: purposes, legal basis, retention period, rights of access, rectification, etc.

  • Second inform employees, customers, and users thanks to contract, general pages on the platform such as cookies pages, general terms, and conditions of sale.

Data security

Technical and organizational measures must be put in place to guarantee a level of security adapted to the risk (pseudonymization, encryption, confidentiality clauses, authorizations, backups, logging, audits, etc.). The risks to be taken into account include destruction, alteration, disclosure, or unauthorized access.

  • At Second, we make security controls on the platform each week, we also have security procedures in the office, for computer access, and more.

Transfer of data outside the EU

This must be supported by specific tools or solutions if the third country does not offer an adequate level of protection.

  • None of our data leaves the European Union.

Internal procedures

Procedures for handling complaints and requests from data subjects (right of access, rectification, opposition, portability, etc.)

To illustrate this point, here is a part of our charter on data protection:

  • “Second is not a data company. We do not exploit our customer’s data nor their user’s data, and therefore we have no economic interest in any data processing activities.

    • The right to be informed

    • The right of access

    • The right to rectification

    • The right to erasure

    • The right to restrict processing

    • The right to data portability

    • The right to object

    • Rights related to automated decision making and profiling”

  • Data security: data breach notification management procedures, etc.

    • email for password level of security

    • Weekly security check (detectify)

  • Relations with subcontractors (service providers, suppliers, etc.): procedures for contracting, auditing, etc.

    • The contracts define the limits

  • Awareness and training of the company's personnel to the regulations and the problems of personal data

    • Security documentation is accessible by all company's personnel on confluence, and during each onboarding and once a year company's personnel have to pass a test to keep up to date.

  • Taking into account data protection by design and by default: when designing an application, new processing…

    • At each step of the development process, security is taken into account.

Password Management Policy

The Password management policy in Second follow several rules in order to be compliant.

By creating a new password, please make sure you respect all these cases:

  • Minimum password length: 10 characters, it can be increased

  • Contain at least:

    • 1 uppercase character (A-Z)

    • 1 lowercase character (A-Z)

    • 1 digit (0-9)

    • 1 special character

  • The new password must be different from the previous one

  • The user should not use the first part of his email address

There is no expiration date for passwords.

Users do not have to change their password at the first connection because the password is not generated by the application but by the users themselves.

Users have 10 unsuccessful access attempts before they are locked out for 10 minutes.

Second, do not allow the choice of one of the last 8 passwords created on the application.

The passwords are not known by the employees and/or its subcontractors.

The solution protects the stored passwords thanks to the default hash by symfony, in practice on the libraries installed by default script, sodium (Argon2), or more rarely bdkdf2. The cryptographic salt is integrated in these algorithms. In short, respect of symfony best practices.

By enabling the Audit bundle, any change in entity status is stored and logged. Also stored and logged are the accounts responsible for the entity state change, including its login address. This applies to users, managers, and administrators. The technical operators are traced via the VCS Bitbucket of all interventions.

There is no expiration date on the above-mentioned logs.

🟦
Why
For which services
GRPR applies to Second
Limited purpose
Lawful legal basis
Information of the persons concerned
Data security
Transfer of data outside the EU
Internal procedures
Password Management Policy