Skip to content

Overview

  • The GDPR is an european necessity.
  • to operate it needs a designated person in the association who will be aware of the forthcoming legislatives dispensed by the CNIL, for example

EcclesiaCRM has been thought and built to meet this principle, as much with its DPO management as its internal structure

Security

The CRM was built around an API (via SLIM) and operates via a token during the activation, once the user is disconnected the token is null and thus the data access too.

Each file is assigned to a user and stored in a file with a UUID.

Follow-up

Follow-up: each manipulation is saved in order to record the modification made by a supervisor

User rights

Each user has specific legal rights, set up together with the DPO. With that any CRM user will only be able to see what role was given to him.

The CVS or PDF extractions are only possible via this role.

Deactivated user

  • A deactivated user is invisible to all the other users, except from an administrator for the legal period of two years.
  • They are invisible for any request, research, extraction,...
  • After the two years they will be under the DPO, which will be the only one able to see them.
  • The DPO will be able to reactivate them or to erase them definitely from the CRM.

DPO's limitations

A user will only be erase definietely is their past donations are assigned to an other member or family.

The tax laws being a priority, more than the GDPR.

MailChimp

When GDPR function is activated, every MailChimp mailing list automatically becomes GDPR and can not be legally used by MailChimp for commercial purposes.