Obscreen Docs

Appearance

Designation of a Data Protection Officer (DPO)

This document formalizes the designation of a Data Protection Officer (DPO) for Obscreen and complements the Privacy Policy, the Information Security Policy, the Terms of Service, and the Subprocessors page.

1. Official Designation

Obscreen hereby designates Jessym Reziga, Founder and Owner of Obscreen, as Data Protection Officer (DPO) of the company.

This designation is voluntary: under Article 37 of the General Data Protection Regulation (GDPR), the appointment of a DPO is not strictly mandatory for an organization of Obscreen's size and activity. Obscreen has nevertheless chosen to designate a DPO as a single point of contact and accountability for personal data protection matters.

2. Context

In accordance with the General Data Protection Regulation (GDPR) and our commitment to protecting the personal data of our customers, users, and employees, Obscreen designates a DPO to supervise and ensure the compliance of our practices in terms of personal data protection.

3. Role and Responsibilities of the DPO

The DPO's main missions are:

  • Information and Advice:
    • Inform and advise management, employees, and subprocessors on legal obligations regarding the protection of personal data.
    • Raise awareness among staff about data protection issues.
  • Compliance Monitoring:
    • Ensure compliance with the GDPR and applicable national data protection laws.
    • Supervise internal and external compliance audits.
    • Ensure that the company's policies and procedures (Privacy Policy, Information Security Policy, Systems Security and Integrity Policy, Customer Data Encryption Policy, Subprocessors page) are kept up to date and consistent with legal requirements.
  • Management of Data Subject Requests:
    • Process customer and user requests regarding their rights (access, rectification, erasure, objection, portability, restriction of processing).
    • Maintain a register of requests and the actions taken.
  • Data Protection Impact Assessments (DPIA):
    • Advise on conducting DPIAs for projects presenting high risks for data subjects.
    • Validate the proposed mitigation measures.
  • Point of Contact with the Supervisory Authority:
    • Serve as the main point of contact with the CNIL (Commission nationale de l'informatique et des libertés), Obscreen's lead supervisory authority as a French entity.
    • Manage notifications of personal data breaches in accordance with Articles 33 and 34 of the GDPR.
  • Coordination with Subprocessors:
    • Review the data protection commitments of Obscreen's subprocessors.
    • Maintain Data Processing Agreements (DPA) where required.

4. Confidentiality Commitment

The DPO is bound by professional secrecy or a confidentiality obligation regarding the performance of their duties, in accordance with Article 38.5 of the GDPR.

5. Means and Resources

Obscreen commits to providing the DPO with:

  • Autonomy and Independence:
    • Ensure that the DPO does not receive instructions concerning the performance of their DPO duties, in accordance with Article 38.3 of the GDPR.
    • Manage potential conflicts of interest in line with Article 38.6 of the GDPR. Given that Obscreen is a sole proprietorship and the DPO is also the Founder and Owner, the DPO will document any decision involving a potential conflict and, if needed, seek external advice from qualified counsel.
  • Necessary Resources:
    • Access to personal data and to processing operations.
    • Sufficient time to carry out their missions.
    • Support for ongoing training in data protection matters.

6. Duration of the Designation

This designation is effective as of May 8, 2026 and shall remain in force until a new designation is notified, or until a permanent or external DPO is appointed.

7. Acceptance

The DPO hereby accepts this appointment and commits to fulfilling their missions in accordance with the provisions of the GDPR and the applicable national laws.

DPO Obligations at a Glance

  • Confidentiality: Respect the confidentiality of the information and data being processed.
  • Compliance: Ensure that all processing activities comply with the GDPR.
  • Documentation: Keep the documentation related to personal data processing up to date (record of processing activities, DPIAs, DPAs).
  • Training: Stay informed of legislative and technological developments in the field of data protection.

8. Contact

For any question regarding the protection of personal data, to exercise your rights as a data subject, or to report a personal data breach, please contact the DPO at [email protected].