Data Protection

GDPR Compliance & Security

Data protection and GDPR compliance

FAB-DIS Connect ensures transparent, responsible and secure management of all data collected through our platform.

Discover our commitment Contact the DPO
Our commitment

Our commitment to data protection

FAB-DIS Connect was designed to secure and simplify the exchange of product data between manufacturers and distributors in the FAB-DIS format. The platform meets the highest standards of the General Data Protection Regulation (GDPR) and the requirements of our industrial partners.

We guarantee transparent, responsible and secure management of all data collected through our platform.

Legal framework

Roles and responsibilities

Depending on the use case:

The client

Data controller

for the data they transmit or enter.

FAB-DIS Connect

Data processor

within the meaning of the GDPR, to carry out the processing related to the operation of the platform (hosting, account management, security, support, billing).

Specific cases

Joint data controller

(e.g. anonymized statistics, user accounts).

Transparency

Data collected and purposes

The data collected is used exclusively to:

  • Manage user accounts and access rights
  • Provide support and handle complaints
  • Manage subscriptions and billing
  • Maintain the security and traceability of operations
  • Communicate about technical and commercial developments
  • Produce anonymized statistics on the use of the FAB-DIS format

Main categories of data processed:

Data typeExample fieldsMain purpose
IdentityLast name, first name, titleAccount creation and management
ContactProfessional email, phoneCommunication and support
CompanyCompany name, brands, registration number, roleRights assignment, eligibility, statistics
SecurityIP, logs, credentials, rolesAccess security, audit, abuse detection
AccountingEmail and phone of the accounting departmentBilling and payment management
Free-text contentMessages, attachmentsAssistance and technical diagnosis

No sensitive data (health, opinions, religion, biometrics, payment) is collected.

Infrastructure

Hosting and security

Host

Microsoft Azure
West Europe (Netherlands) — Redundancy: North Europe (Ireland)
Microsoft France SAS – 39 quai du Président Roosevelt, 92130 Issy-les-Moulineaux
Azure certifications
ISO 27001 — Information security ISO 27017 — Cloud security ISO 27018 — Personal data protection SOC 1 / SOC 2 Type II CSA STAR

Security measures

  • TLS 1.2+ encryption (in transit) and AES-256 (at rest)
  • Access management via Azure Active Directory (OAuth)
  • Encrypted and redundant backups

Data encryption (Encryption at Rest)

All data stored on Azure Blob Storage and PostgreSQL is protected by Azure’s native Service-Side Encryption (SSE) mechanism, based on 256-bit AES.

Secure exchanges

Website and exchange security

SSL certificate rated A

The connect.fabdis.fr portal is protected by a verified SSL certificate rated A by Qualys SSL Labs (TLS 1.2 / 256-bit ECDSA).

Two-factor authentication

The platform includes a two-factor authentication system that sends a verification code to secure access to the platform.

Access governance

Access rights mapping

A complete mapping of roles and permissions is defined for each user profile:

PROFILE 01

FAB-DIS administrators / Manufacturers / Distributors

Creation, management of accounts and subscriptions, supervision of exchanges.

PROFILE 02

Standard users

Consultation, file upload, monitoring of Easy-Check analyses.

PROFILE 03

IT service providers / integration partners

Restricted access to specific API functions.

Each role is associated with precise rights (creation, reading, sharing, analysis, deactivation). Administrators must complete security & compliance training.

Your rights

Your rights and the GDPR process

Every user has the following rights:

Access to their data Rectification Restriction or objection Portability
Request process
1

Submission

via the dedicated form.

2

Acknowledgement

within 7 days.

3

Identity verification

securing the process.

4

Processing

within 30 days maximum.

5

Documented response

export, deletion, justification.

6

Archiving

for GDPR traceability.

Lifecycle

Retention periods

Data typeMaximum durationSubsequent action
Account dataActive account + 3 yearsDeletion or anonymization
Support / complaintsUp to 10 yearsSecure archiving
Security logsAccording to internal policyAnonymization
Accounting dataLegal prescription (6-10 years)Legal retention
Marketing data3 years after last contactAutomatic deletion
Support

Contact and support

For any request relating to data protection

dpo@fabdis.fr www.fabdis.fr
Contact the DPO
FAB-DIS remains available to its clients and partners to:
  • Provide contractual documents (Register, DPA, Azure certifications, etc.)
  • Explain the processing procedures
  • Assist with compliance or auditing of solutions connected to FAB-DIS Connect