Thank you for taking the time to learn about Reviewclub's legal policies. In the following sections below, you will find information regarding our privacy statement and policies, user data and privacy handling; and Reviewclub user rules. You can also check out our support page. If you still have questions, you can always drop us a line.
Reviewclub is part of Stars and Stories®. This is a company who activates people to write User Generated Content on different platforms. To execute our business, we gather data from suppliers, clients, community members and employees and process this data in multiple software solutions. All that applies to Stars and Stories goes for Reviewclub.
- Stars and Stories® is ‘Stars and Stories BV’, and additionally covers legal entities of Stars and Stories® where the Data Protection Act applies.
- Reviewclub is Stars and Stories BV trading under the name Reviewclub.
- Data Subject, an individual who is the subject of the personal data.
- The Data Controller is a person who (either alone or jointly or in common with other persons) determines the purposes for which and the manner in which any personal data are, or are to be, processed.
- A data processor is a person who processes data on behalf of a data controller. A data controller decides the purpose and manner to be followed to process the data, while data processors hold and process data, but do not have any responsibility or control.
- A data breach is a security incident in which sensitive, protected or confidential data is copied, transmitted, viewed, stolen or used by an individual unauthorised to do so.
Data protection officer
Stars and Stories® has appointed Mohamed El Sioufy as the Data Protection Officer (DPO) who will endeavour to ensure that all personal data is processed in compliance with this Policy and the Principles of the General Data Protection Regulation (GDPR).
The Data Protection Officer is enlisted at the dutch “Autoriteit Persoonsgegevens” under number FG001400 and can be reached at email@example.com.
Data protection policy
Reviewclub shall so far as is reasonably practicable comply with the General Data Protection Regulation to ensure all data is:
- Fairly and lawfully processed.
- Processed for a lawful purpose.
- Adequate, relevant and not excessive.
- Accurate and up to date.
- Not kept longer than necessary.
- Processed in accordance with the data subject's rights.
Personal data processing
Personal data covers information about our members and is processed by Reviewclub in order to be able to select the right persons for testing products. Besides the name, email address and address details of the member, we ask specific questions when the member signs up for testing a product. This data is used for selecting the most suitable members for the product to test. The questions we ask may also include sensitive personal data as defined in the GDPR.
Consent is required for the processing of personal data unless processing is necessary for the performance of the contract of employment. Any information which falls under the definition of personal data and is not otherwise exempt, will remain confidential and will not be disclosed to third parties without appropriate consent.
The Data subject will always be informed on the purpose of the data collection before providing consent. This information will be provided in such a way that the data subject has complete access to the information. Any use of previously collected data for a new purpose requires a new consent.
At any point of time, Data subjects have the right to request an opt-out to these activities.
Sensitive personal data
Reviewclub may, from time to time, be required to process sensitive personal data. Sensitive personal data includes for example data relating to gender, religion, sexual orientation. This data is asked to the data subject and consent for processing this data will always be explicitly asked. Processing of sensitive personal data without explicit consent by the data subject will not be permitted. Only the data necessary for the purpose of the data processing is collected.
Processing overview (Register)
Reviewclub keeps a privacy register to provide and keep a good overview of the personal data processed by your organisation including why it has been processed and for what reason it’s been processed including Data Processing Compliance Agreements.
Rights of data subjects
Reviewclub respects the rights of data subjects, including the right to access, accuracy and to be forgotten.
Right to access
Data subjects have the right to access information held by Reviewclub. Any data subject wishing to access their personal data should put their request by email to Reviewclub at firstname.lastname@example.org. Reviewclub will endeavour to respond to any such written requests as soon as is reasonably practicable and in any event, within 30 days for access to records.
Right to accuracy
Reviewclub will endeavour to ensure that all personal data held in relation to all data subjects is accurate. Data subjects must notify the data processor of any changes to information held about them. Data subjects have the right in some circumstances to request that inaccurate information about them is erased. This does not apply in all cases, for example, where records of mistakes or corrections are kept, or records which must be kept in the interests of all parties to which they apply.
Right to be forgotten
Data subjects have the right to be forgotten and can submit a request at email@example.com. Reviewclub will delete and/or anonymise all information of the data subject when all mutual legal agreements are fulfilled. Note that data subjects can also submit the request through their account
Reviewclub takes appropriate technical and organisational steps to ensure the security of personal data. All staff will be made aware of this policy and their duties under the General Data Protection Regulation. Reviewclub and therefore all staff are required to respect the personal data and privacy of others and must ensure that appropriate protection and security measures are taken against unlawful or unauthorised processing of personal data, and against the accidental loss of, or damage to all personal data.
An appropriate level of data security is deployed for the type of data and the data processing being performed. In most cases, personal data is stored in appropriate cloud systems.
Examples of IT controls in place
Below a few examples are stated of what Reviewclub does to have the:
- All websites and IT Tools Reviewclub uses are protected with SSL Certificates to guaranty secure connections.
- All personal data is stored encrypted for software solutions developed by Reviewclub.
- Reviewclub uses a password vault with different secure passwords for all solutions which is protected with 2 factor authentication.
Reviewclub must ensure that data processed by external processors, for example, service providers, Cloud services including storage, websites etc. are compliant with this policy and the relevant legislation. Data Processing Compliance Agreements with relevant third parties are in place.
When data held in accordance with this policy is destroyed, it must be destroyed securely in accordance with best practice at the time of destruction.
Retention of Data
Reviewclub may retain data for differing periods of time for different purposes as required by statute or best practices, individual departments incorporate these retention times into the processes and manuals. Other statutory obligations, legal processes and enquiries may also necessitate the retention of certain data. Reviewclub will delete all data after the retention period.
Reviewclub has a process in place for when data breaches occur, including reporting of the data breach within 72 hours to the Autoriteit Persoonsgegevens.
If an individual believes that Reviewclub has not complied with this Policy or acted otherwise than in accordance with the General Data Protection Regulation, the member could contact the Data Protection officer of Reviewclub by email at firstname.lastname@example.org.