Consents register configuration
Here is how to configure the register that will keep all consents and serve as proof in case of controls
Go to your project and select the checkbox where you want to configure the register
Once you're in, go to "Edit consent details" :
Here is a page where you can see on the left the legal register that you must show in case of controls, and on the right all the configuration options.
The two most important elements are the "purpose of the personal data processing" aswell as the "storage duration" of the consent (13 months in most cases).
Then you can enter:
- 1.The type of the personal datas processed. This corresponds to your form fields. Usually first name, last name, mail and phone number. Be careful, it is important to know that you can only collect types of datas linked to the purpose that you listed above (If you have a website and a form to sell shoes, then the purpose is to be contacted regarding shoes infos, it would be complicated to justify the need of asking any info not related to this purpose).
- 2.The consent withdrawal right is the description of the process that a client should follow if he wants to withdraw his consent. You'll usually indicate a phone number or email for the client to contact the person in charge of data processing.
If you have subcontractors, it will be needed to indicate them. Usually subcontractors are the CMS (Wordpress, Prestashop, Magento), the mail router that sends the emails and keeps emails adresses (Mailchimp, sendinblue, mailjet), the CRM (hubspot, salesforce), and every other tools that use personal datas given by the user in this form.
You'll then land on the screen below, where you will have to fill the following fields:
- 1.Processor indentifier : Technical identifier that will not be visible
- 2.Name of the processor : name that will be shown to the user
- 3.Short description : to inform the user about what the processor will do with his personal data
- 4.Role : long description of the processor for users who want precise informations about this processor
- 5.Is it an international company : Legal needed information that mentions if the head office is located in France
- 6.Country : Legal needed information that mentions in which country the head office is located
- 7.Protection mechanisms : Legal needed information to inform if a protection mechanism has been set up for companys not based in France. You'll find here the validation to know if your subcontractor signed the American protocol of data protection : https://www.privacyshield.gov/list
- 8.Website : website's URL