General Data Protection Regulation

Pillars of compliance

• A general personal data protection policy, which describes the Group's commitments in terms of compliance with the protection of personal data accessible from our website.

As a subcontractor:

• The implementation of a continuously improved GDPR compliance program for our platform.
• One DPA based on the European Commission's standard model in accordance with the RGPD and the recommendations of the CNIL.
• One technical documentation detailing our security measures.

As data controller:

• The mapping and maintenance of two processing registers (data controller and data subcontractor).
• Procedures and policies such as the governance policy, a retention policy, a security breach notification procedure, a procedure for accessing individual rights.
• A notice providing information on treatments.
• An IT Charter.
• An internal training program on the protection of personal data.
• An IT Security department in charge of technical and organizational security measures and the Security Assurance Plan.

The purpose of the Booklet is to describe the program and the actions implemented to ensure GDPR compliance. It provides answers to the most frequently asked questions.

FIRST PART: ROOMEE AS A SUBCONTRACTOR

• Chapter 1: Roomee Platform Compliance
• Chapter 2: Activities and purposes of processing - The categories of nature of processing of personal data - Legal basis for processing
• Chapter 3: The roles of the parties in implementing the platform and associated services
• Chapter 4: Our subcontractors for the processing of personal data
• Chapter 5: Procedure for accessing personal data - Procedure in the event of a personal data breach

SECOND PART: ROOMEE AS DATA CONTROLLER

• Chapter 6: Our internal policies for the protection of personal data

‍