GDPR compliance
Emilie Roze avatar
Written by Emilie Roze
Updated over a week ago

Like any organization dealing with personal data, Supermood is subject to the recommendations and rules published by the CNIL through the General Data Protection Regulation. Here is how we meet the 2 objectives identified by the CNIL for companies. 👇

Reinforce the rights of individuals

Not being a data controller, Supermood uses data provided by companies to survey their employees and analyze survey results.

  • Each employee data collected by the company must be motivated by a need for analysis.

  • Unused data will not be collected, or will be deleted if it is no longer needed.

  • An employee may request access or deletion of all of their data and answers, by sending a request to [email protected].

    💡 To facilitate the access or deletion request, consider adding your Data Protection Officer to this exchange - we will need their approval.

Holding data processors accountable

We take data security and privacy issues on our platform very seriously.

  • All of the data we use is stored in Europe, on ISO-certified servers.

  • This data is only accessible to a limited number of people within Supermood - always on a need-to-know basis (technical intervention, support, creation of analysis reports, etc.) - and each access request is logged and motivated.

  • The only people who have constant access to all of your company's account data are: your Account Manager (functional management) and our CTO (technical management).

If you have any questions, feel free to reach out to us at [email protected] - we'll be happy to answer them. 💁‍♀️

Did this answer your question?