GDPR compliance

The security of your company is our priority

Compliance with GDPR is the starting point for all data processing activities, which is why it is the foundation of the actions we take to ensure the safety of you and your customers.

How do we keep your data safe?

At Rating Captain, we only process personal data in the European Economic Area. We also use a number of organizational and technical security measures, including:

1. We only store personal data on the servers with access control. In addition, we use security features such as: 

1. regular changes to internal system passwords,

2. we provide passwords only to employees who need them to perform their tasks, we

3. store the passwords of system users in an encrypted form.

2. We record lists of employees with access to the database.

3. We allow the processing of data only in designated areas, which are specified in our security policy.

4. Each of our employees undergoes training in the field of personal data protection before gaining access to IT systems in which personal data is processed.

5. Each employee authorized to process data confirms in writing that he has read the data security documentation and that he understands all security rules.

6. We regularly test the IT system in several ways:

1. with penetration security tests,

2. automatic functionality tests,

3. we test new functionalities on a test server where there are no personal data.

How to collect and display reviews in compliance with the Omnibus directive?

You certainly know that the Omnibus (Directive (EU) 2019/2161) requires entrepreneurs to provide customers with access to reviews to indicate whether and how they verify that the reviews come from consumers who have used or purchased the product. In short, this means that the company should communicate whether it verifies reviews (YES or NO), if so, it should inform about the method of verification.

Where the trader provides access to consumers' reviews about the products, information on whether and how the trader ensures that the published reviews come from consumers who actually used the product or bought it. 

But that's not all, "[...] it is explicitely prohibited to post or commission any other legal or natural person to post false consumer reviews for the purpose of promoting products." It also prohibits the distortion and manipulation of consumer reviews, for example by publishing only positive reviews and removing negative ones.

It is worth adding that these provisions also apply to reviews about the company, i.e. those concerning mainly the characteristics of the entrepreneur and the quality of the services he provides.

How to avoid penalties?

The obvious answer is: don't buy reviews. However, that's not all, the EU directive provides for penalties for errors that will be detected during inspections. The document is clear: "[...] traders are prohibited from claiming that reviews of a product were made by consumers who actually used or purchased the product, although no reasonable steps were taken to verify that the reviews were from such consumers."

If you post reviews on a website, it is your responsibility as an entrepreneur to provide information as to whether and how you verify the reviews. One way is to ask the feedbackers for information that confirms the purchase or service (e.g., order or reservation number). Another way is to only allow customers to provide feedback, for example by sending them invitations asking for their review.

If you verify reviews, your task is to post information:

• whether all reviews are published, 

• where are they drawn from, 

• how the average rating is calculated,

• whether the rating is influenced by sponsored reviews. 

It is also important that the message is in the same place where consumer reviews are published, i.e. on the page of a given product. The information should also be included in the regulations of the store or website.