Scenario: 2Soyled is a retail company that sells a wide range of electronic products from top European brands. It primarily sells its products in its online platforms (which include customer reviews and ratings), despite using physical stores since 2015. Soyled's website and mobile app are used by millions of customers. Soyled has employed various solutions to create a customer-focused ecosystem and facilitate growth. Soyled uses customer relationship management (CRM) software to analyze user data and administer the interaction with customers. The software allows the company to store customer information, identify sales opportunities, and manage marketing campaigns. It automatically obtains information about each user's IP address and web browser cookies. Soyled also uses the software to collect behavioral data, such as users' repeated actions and mouse movement information. Customers must create an account to buy from Soyled's online platforms. To do so, they fill out a standard sign-up form of three mandatory boxes (name, surname, email address) and a non-mandatory one (phone number). When the user clicks the email address box, a pop-up message appears as follows: "Soyled needs your email address to grant you access to your account and contact you about any changes related to your account and our website. For further information, please read our privacy policy.' When the user clicks the phone number box, the following message appears: "Soyled may use your phone number to provide text updates on the order status. The phone number may also be used by the shipping courier." Once the personal data is provided, customers create a username and password, which are used to access Soyled's website or app. When customers want to make a purchase, they are also required to provide their bank account details. When the user finally creates the account, the following message appears: "Soyled collects only the personal data it needs for the following purposes: processing orders, managing accounts, and personalizing customers' experience. The collected data is shared with our network and used for marketing purposes." Soyled uses personal data to promote sales and its brand. If a user decides to close the account, the personal data is still used for marketing purposes only. Last month, the company received an email from John, a customer, claiming that his personal data was being used for purposes other than those specified by the company. According to the email, Soyled was using the data for direct marketing purposes. John requested details on how his personal data was collected, stored, and processed. Based on this scenario, answer the following Questio n:Questio n:When completing the sign-up form, the user gets a notification about the purpose for which Soyled collects their email address. Is Soyled required by the GDPR to do so?
Answer(s): A
Under Article 13 of GDPR, controllers must inform data subjects at the time of data collection about the purpose of processing their personal data. This ensures transparency and accountability.Soyled provides a pop-up message explaining why the email is collected, which aligns with GDPR's transparency principles. Option A is correct. Option B is incorrect because GDPR requires notification at collection, not upon request. Option C is incorrect as GDPR mandates disclosure of purpose, not just storage and processing methods. Option D is misleading because the purpose must be disclosed regardless of communication intent.
GDPR Article 13(1)(c) (Obligation to inform data subjects about processing purposes)Recital 60 (Transparency and accountability in data collection)
Scenario: 2Soyled is a retail company that sells a wide range of electronic products from top European brands. It primarily sells its products in its online platforms (which include customer reviews and ratings),despite using physical stores since 2015. Soyled's website and mobile app are used by millions of customers. Soyled has employed various solutions to create a customer-focused ecosystem and facilitate growth. Soyled uses customer relationship management (CRM) software to analyze user data and administer the interaction with customers. The software allows the company to store customer information, identify sales opportunities, and manage marketing campaigns. It automatically obtains information about each user's IP address and web browser cookies. Soyled also uses the software to collect behavioral data, such as users' repeated actions and mouse movement information. Customers must create an account to buy from Soyled's online platforms. To do so, they fill out a standard sign-up form of three mandatory boxes (name, surname, email address) and a non-mandatory one (phone number). When the user clicks the email address box, a pop-up message appears as follows: "Soyled needs your email address to grant you access to your account and contact you about any changes related to your account and our website. For further information, please read our privacy policy.' When the user clicks the phone number box, the following message appears: "Soyled may use your phone number to provide text updates on the order status. The phone number may also be used by the shipping courier." Once the personal data is provided, customers create a username and password, which are used to access Soyled's website or app. When customers want to make a purchase, they are also required to provide their bank account details. When the user finally creates the account, the following message appears: "Soyled collects only the personal data it needs for the following purposes: processing orders, managing accounts, and personalizing customers' experience. The collected data is shared with our network and used for marketing purposes." Soyled uses personal data to promote sales and its brand. If a user decides to close the account, the personal data is still used for marketing purposes only. Last month, the company received an email from John, a customer, claiming that his personal data was being used for purposes other than those specified by the company. According to the email, Soyled was using the data for direct marketing purposes. John requested details on how his personal data was collected, stored, and processed. Based on this scenario, answer the following Questio n:Questio n:The GDPR indicates that the processing of personal data should be based on a legal contract with the data subject. Based on scenario 6, has Soyled fulfilled this requirement?
Answer(s): C
Under Article 6(1) of GDPR, processing personal data must have a lawful basis, such as consent,contract, legal obligation, or legitimate interest. Additionally, under Article 13, controllers must inform users before collecting their data.Soyled failed to disclose that personal data would be shared with the network before collection, which violates GDPR transparency requirements. Option C is correct. Option A is incorrect because informing about email collection does not mean lawful processing. Option B is incorrect because the information was not disclosed at the right time. Option D is incorrect because explicit consent is not necessarily required if another lawful basis applies.
GDPR Article 6(1) (Lawfulness of processing)GDPR Article 13(1) (Transparency in data processing)
Scenario: 2Soyled is a retail company that sells a wide range of electronic products from top European brands. It primarily sells its products in its online platforms (which include customer reviews and ratings), despite using physical stores since 2015. Soyled's website and mobile app are used by millions of customers. Soyled has employed various solutions to create a customer-focused ecosystem and facilitate growth. Soyled uses customer relationship management (CRM) software to analyze user data and administer the interaction with customers. The software allows the company to store customer information, identify sales opportunities, and manage marketing campaigns. It automatically obtains information about each user's IP address and web browser cookies. Soyled also uses the software to collect behavioral data, such as users' repeated actions and mouse movement information. Customers must create an account to buy from Soyled's online platforms. To do so, they fill out a standard sign-up form of three mandatory boxes (name, surname, email address) and a non-mandatory one (phone number). When the user clicks the email address box, a pop-up message appears as follows: "Soyled needs your email address to grant you access to your account and contact you about any changes related to your account and our website. For further information, please read our privacy policy.' When the user clicks the phone number box, the following message appears: "Soyled may use your phone number to provide text updates on the order status. The phone number may also be used by the shipping courier." Once the personal data is provided, customers create a username and password, which are used to access Soyled's website or app. When customers want to make a purchase, they are also required to provide their bank account details. When the user finally creates the account, the following message appears: "Soyled collects only the personal data it needs for the following purposes: processing orders, managing accounts, and personalizing customers' experience. The collected data is shared with our network and used for marketing purposes." Soyled uses personal data to promote sales and its brand. If a user decides to close the account, the personal data is still used for marketing purposes only. Last month, the company received an email from John, a customer, claiming that his personal data was being used for purposes other than those specified by the company. According to the email, Soyled was using the data for direct marketing purposes. John requested details on how his personal data was collected, stored, and processed. Based on this scenario, answer the following Questio n:Questio n:Based on scenario 2, Soyled only has three mandatory fields in its sign-up form. On which GDPR principle is this decision based?
Under Article 5(1)(c) of GDPR, the data minimization principle states that personal data must be adequate, relevant, and limited to what is necessary for processing. Soyled's decision to have only three mandatory fields (name, surname, and email) aligns with data minimization since it only collects the minimum data needed for account creation. Option C is correct. Option A is incorrect as transparency relates to informing users. Option B is incorrect because purpose limitation focuses on using data only for specific purposes. Option D is incorrect because storage limitation concerns data retention periods.
GDPR Article 5(1)(c) (Data minimization principle)Recital 39 (Limiting data collection to necessity)
Scenario: 2Soyled is a retail company that sells a wide range of electronic products from top European brands. It primarily sells its products in its online platforms (which include customer reviews and ratings), despite using physical stores since 2015. Soyled's website and mobile app are used by millions of customers. Soyled has employed various solutions to create a customer-focused ecosystem and facilitate growth. Soyled uses customer relationship management (CRM) software to analyze user data and administer the interaction with customers. The software allows the company to store customer information, identify sales opportunities, and manage marketing campaigns. It automatically obtains information about each user's IP address and web browser cookies. Soyled also uses the software to collect behavioral data, such as users' repeated actions and mouse movement information. Customers must create an account to buy from Soyled's online platforms. To do so, they fill out a standard sign-up form of three mandatory boxes (name, surname, email address) and a non-mandatory one (phone number). When the user clicks the email address box, a pop-up message appears as follows: "Soyled needs your email address to grant you access to your account and contact you about any changes related to your account and our website. For further information, please read our privacy policy.' When the user clicks the phone number box, the following message appears: "Soyled may use your phone number to provide text updates on the order status. The phone number may also be used by the shipping courier." Once the personal data is provided, customers create a username and password, which are used to access Soyled's website or app. When customers want to make a purchase, they are also required to provide their bank account details. When the user finally creates the account, the following message appears: "Soyled collects only the personal data it needs for the following purposes: processing orders, managing accounts,and personalizing customers' experience. The collected data is shared with our network and used for marketing purposes." Soyled uses personal data to promote sales and its brand. If a user decides to close the account, the personal data is still used for marketing purposes only. Last month, the company received an email from John, a customer, claiming that his personal data was being used for purposes other than those specified by the company. According to the email, Soyled was using the data for direct marketing purposes. John requested details on how his personal data was collected, stored, and processed. Based on this scenario, answer the following Questio n:Questio n:Based on scenario 2, is John's request eligible under GDPR?
Under Article 15 of GDPR, the Right of Access allows data subjects to request detailed information about:The purpose of data processingCategories of personal data collectedData recipientsStorage durationRights to rectification and erasureJohn's request is valid under GDPR, making Option C correct. Option A is incorrect because GDPRgrants full transparency. Option B is incorrect because data subjects must be informed upon request. Option D is incorrect because lawful basis does not override access rights.
GDPR Article 15 (Right of Access)Recital 63 (Transparency in personal data processing)
Scenario: 2Soyled is a retail company that sells a wide range of electronic products from top European brands. It primarily sells its products in its online platforms (which include customer reviews and ratings), despite using physical stores since 2015. Soyled's website and mobile app are used by millions of customers. Soyled has employed various solutions to create a customer-focused ecosystem and facilitate growth. Soyled uses customer relationship management (CRM) software to analyze user data and administer the interaction with customers. The software allows the company to store customer information, identify sales opportunities, and manage marketing campaigns. It automatically obtains information about each user's IP address and web browser cookies. Soyled also uses the software to collect behavioral data, such as users' repeated actions and mouse movement information. Customers must create an account to buy from Soyled's online platforms. To do so, they fill out a standard sign-up form of three mandatory boxes (name, surname, email address) and a non-mandatory one (phone number). When the user clicks the email address box, a pop-up message appears as follows: "Soyled needs your email address to grant you access to your account and contact you about any changes related to your account and our website. For further information, please read our privacy policy.' When the user clicks the phone number box, the following message appears: "Soyled may use your phone number to provide text updates on the order status. The phone number may also be used by the shipping courier." Once the personal data is provided, customers create a username and password, which are used to access Soyled's website or app. When customers want to make a purchase, they are also required to provide their bank account details. When the user finally creates the account, the following message appears: "Soyled collects only the personal data it needs for the following purposes: processing orders, managing accounts, and personalizing customers' experience. The collected data is shared with our network and used for marketing purposes." Soyled uses personal data to promote sales and its brand. If a user decides to close the account, the personal data is still used for marketing purposes only. Last month, the company received an email from John, a customer, claiming that his personal data was being used for purposes other than those specified by the company. According to the email, Soyled was using the data for direct marketing purposes. John requested details on how his personal data was collected, stored, and processed. Based on this scenario, answer the following Questio n:Scenario:Soyled's customers are required to provide their bank account details to buy a product. According to the GDPR, is this data processing lawful?
Under Article 6(1)(b) of GDPR, processing is lawful if it is necessary for the performance of a contract with the data subject. Since the customers must provide bank details to complete their purchases, this processing is necessary for fulfilling the agreement.Option A is correct because payment data is essential for transaction processing, which aligns with GDPR's contract basis.Option B is incorrect because having a privacy policy does not automatically justify data processing.Option C is incorrect because financial data can be processed by authorized commercial entities under GDPR.Option D is incorrect because explicit consent is not required when processing is contractually necessary.
GDPR Article 6(1)(b) (Processing necessary for contract performance)Recital 44 (Necessity of processing for contract fulfillment)
Share your comments for PECB GDPR exam with other users:
fantastic assessment on psm 1
56 question correct answer a,b
thank you for providing the q bank
true quesstions
i can´t believe ms asks things like this, seems to be only marketing material.
hi, could you please add the last update of ns0-527
question #3 refers to vnet4 and vnet5. however, there is no vnet5 listed in the case study (testlet 2).
sometimes it may be good some times it may be
qs 4 answer seems wrong- please check
very detailed explanation !
the interactive nature of the test engine application makes the preparation process less boring.
very useful.
complete question dump should be made available for practice.
i just passed my first exam. i got 2 exam dumps as part of the 50% sale. my second exam is under work. once i write that exam i report my result. but so far i am confident.
nice create dewey stefen
i just wrote this exam and it is still valid. the questions are exactly the same but there are about 4 or 5 questions that are answered incorrectly. so watch out for those. best of luck with your exam.
passed my exam today. this is a good start to 2023.
great sharing
very helpful
thanks.. very helpful
i registered for 1z0-1047-23 but dumps qre available for 1z0-1047-22. help me with this...
please upload oracle 1z0-1110-22 exam pdf
becoming interesting on the logical part of the cdbs and pdbs
some of the answers are incorrect, i would be wary of using this until an admin goes back and reviews all the answers
question # 267: federated operating model is also correct.
its helpful alot.
the questiosn from this braindumps are same as in the real exam. my passing mark was 84%.
it is an exam that measures your understanding of cloud computing resources provided by aws. these resources are aligned under 6 categories: storage, compute, database, infrastructure, pricing and network. with all of the services and typees of services under each category
good and very useful
i cleared the az-104 exam by scoring 930/1000 on the exam. it was all possible due to this platform as it provides premium quality service. thank you!
easy questions
could you please upload ad0-127 dumps
good content