Data Protection and GDPR Compliance

FAB-DIS Connect ensures transparent, responsible and secure management of all data collected through our platform.

Our commitment to data protection

FAB-DIS Connect was designed to secure and simplify the exchange of product data between manufacturers and distributors in the FAB-DIS format. The platform meets the highest standards of the General Data Protection Regulation (GDPR) and the requirements of our industrial partners.

We guarantee transparent, responsible and secure management of all data collected through our platform.

Roles and responsibilities

Depending on the use case:

The client is the Data Controller

for the data they transmit or enter.

FAB-DIS Connect acts as a Data Processor

within the meaning of the GDPR, to carry out the processing operations related to the platform’s operation (hosting, account management, security, support, billing).

In certain specific cases, FAB-DIS Connect acts as a Joint Controller

(e.g. anonymised statistics, user accounts).

Collected data and purposes

The data collected is used exclusively to:

  • Manage user accounts and access rights
  • Provide support and handle complaints
  • Manage subscriptions and billing
  • Maintain the security and traceability of operations
  • Communicate about technical and commercial updates
  • Produce anonymised usage statistics for the FAB-DIS format

Main categories of processed data:

Data typeExample fieldsMain purpose
IdentityLast name, first name, titleAccount creation and management
ContactProfessional email, phone numberCommunication and support
CompanyCompany name, brands, SIREN number, roleRights assignment, eligibility, statistics
SecurityIP, logs, identifiers, rolesAccess security, auditing, abuse detection
AccountingEmail and phone of the accounting departmentBilling and payment management
Free-form contentMessages, attachmentsSupport and technical diagnostics
⚠️ No sensitive data (health, opinions, religion, biometrics, payment) is collected.

Hosting and security

Hosting provider

Microsoft Azure – West Europe (Netherlands)
Redundancy: North Europe (Ireland)
📞 Microsoft France SAS – 39 quai du Président Roosevelt, 92130 Issy-les-Moulineaux

Security measures

  • TLS 1.2+ encryption (in transit) and AES-256 (at rest)
  • Access management via Azure Active Directory (OAuth)
  • Encrypted and redundant backups

Azure certifications

ISO 27001 – Information security ISO 27017 – Cloud security ISO 27018 – Personal data protection SOC 1 / SOC 2 Type II CSA STAR

Data encryption (Encryption at Rest)

All data stored on Azure Blob Storage and PostgreSQL is protected by Azure’s native Service-Side Encryption (SSE) mechanism, based on AES 256-bit.

Website and exchange security

The portal connect.fabdis.fr is protected by a verified SSL certificate rated A by Qualys SSL Labs (TLS 1.2 / ECDSA 256-bit).

The platform includes a two-factor authentication system with a verification code sent to secure access to the platform.

Access rights mapping

A comprehensive mapping of roles and permissions is defined for each user profile:

FAB-DIS Administrators / Manufacturers / Distributors

Account and subscription creation and management, exchange supervision

Standard users

Viewing, file uploading, Easy-Check analysis tracking

IT service companies / Integration partners

Restricted access to specific API functions

Each role is associated with specific rights (creation, reading, sharing, analysis, deactivation). Administrators must complete security & compliance training.

Your rights and the GDPR process

Each user has the following rights:

Access to their data
Rectification
Restriction or objection
Data portability

🔁 Request process:

1

Submission

via the dedicated form

2

Acknowledgement of receipt

within 7 days

3

Identity verification

securing the process

4

Processing

within 30 days maximum

5

Documented response

export, deletion, justification

6

Archiving

for GDPR traceability

Retention periods

Data typeMaximum durationSubsequent action
Account dataActive account + 3 yearsDeletion or anonymisation
Support / complaintsUp to 10 yearsSecure archiving
Security logsPer internal policyAnonymisation
Accounting dataLegal limitation period (6–10 years)Legal retention
Marketing data3 years after last contactAutomatic deletion

Contact and support

For any request related to data protection:

dpo@fabdis.fr www.fabdis.fr

FAB-DIS is available to its clients and partners to:

  • Provide contractual documents (Register, PII, Azure certifications, etc.)
  • Explain data processing procedures
  • Assist with compliance or auditing of solutions connected to FAB-DIS Connect
Contact the DPO