The study undertaken by INTECO was based on an assessment of compliance with a series of criteria. These were established primarily by seeking a balance between data security, protection of at-risk groups, and other aspects relating to quality and continuous improvement of the services and products on offer.
This assessment was carried out by using publicly available information from the official web-sites for each of the seals. In some instances this was supplemented with additional information provided by the brands themselves.
The criteria used for this study are detailed below.
Protection of Personal Data
Joining a seal obliges the new member to comply with regulations for protection of data of a personal nature. Checks are made that the applicant firm is fully compliant with current regulations. These can be a Spanish standard or an equivalent international norm.
The firms requesting to join must set up security measures to guarantee that the computer systems processing their business transactions are suitably protected.
It is not deemed sufficient to have merely the security measures implemented for the protection of data of a personal nature. Such measures must be extended to all systems and tools on which business operations are based.
Confidentiality of Communications
Checks are made that any firm requesting to join a seal ensures confidentiality of the information transmitted in communications. The recommendation is to use encryption in connections (digital certification such as Secure Sockets Layer [SSL] or similar).
This confidentiality applies primarily to communications including data of a personal nature at a high level. It also covers the transmission of banking details when carrying out an electronic transaction, so as to ensure that this is completed in a safe environment.
Protection of At-Risk Groups.
Any organization applying to join a seal must implement measures to guarantee particular supervision of such groups.
This criterion covers four points:
- Identification: The applicant must set up measures allowing identification of contents intended exclusively for adults.
- Transactions: Applicants must put in place measures to ensure that under-age users cannot carry out commercial transactions without authorization from their parents or guardians.
- Access: Firms requesting to join must take steps that will limit access by under-age users only to specific contents and products.
- Advertising: The applicant must ensure that any advertising material will not harm under-age users morally or physically.
For a seal to meet this criterion, it must comply with all four points. Failure to comply with any one of these points means non-compliance with the whole criterion of protection of at-risk groups.
Non-Litigious Conflict Resolution.
A seal should have mechanisms for conflict resolution that do not involve resort to law-suits, following the basic principles of procedures.
Such non-litigious conflict resolution systems will be considered valid if incidents or conflicts that cannot be resolved amicably between the parties can be referred to the body owning the seal for it to act as arbitrator of the conflict.
The quality criterion is sub-divided into the following four points:
The criterion is deemed not to be met when the seal is based on or follows no more than a set of good practices, even if these are accepted at a national or international level.
- Transparency: Applicants are required to lay out clearly all relevant information relating to their organization and the products and services they offer.
- Ethics:The seal incorporates or establishes an ethics or behaviour code that must be accepted and observed by any applicants to join it. This criterion is deemed to be met:
- When the standards for the seal explicitly lay down a code of ethics or of acceptable behaviour.
- When the seal has its basis in nationally or internationally accepted codes of ethical behaviour and legal frameworks.
- Customer Satisfaction: Applicants requesting to join the seal must have a customer-oriented approach. They must handle complaints and claims with a view to increasing customer satisfaction with the business.
- Continuous Improvement: The services offered by applicants to join a seal should be subject to a continuous improvement approach.
Any incident, complaint, claim or problem should be dealt with through actions that do not simply fix the difficulty but take steps to avoid its happening again. In this way they ensure a cycle of continuous improvement of the service provided.
In determining whether a seal complies with this criterion, all four of the points must be met. Failure to comply with any one of these points brings with it non-compliance with the whole Quality criterion.
Award of a seal involves an annual review or audit of the applicant business, whether by the seal brand itself or by a third party, so as to assess and guarantee that it compliant with the requirements for the award of the seal.