GDPR Compliance

GDPR Compliance about your personal data

Mis à jour le 10/07/2018

Definitions

Personal data 

Personal data is any information relating to an identified or identifiable natural person.

Data controller

The data controller is the natural or legal person responsible for processing personal data that they collect for one or several purposes. They ensure that their processing operations comply with applicable legislation in force.

Service

One or more service, provided by Compilatio

User

Individual with individual and personal access to one or more services provided by Compilatio

All definitions are on the CNIL website [FR] :
https://www.cnil.fr/fr/reglement-europeen-protection-donnees/chapitre1#Article4

access-blur-bowl-744461

pexels-photo (2)

User Liability

The user is considered to be responsible for the processing of their personal data. As such, Compilatio provides them with interfaces, tools and/or procedures allowing them to view, modify, export or delete all of their data.

As the user of a service, you alone define the purpose for which a Compilatio service processes your personal data. This is why you are solely liable for the consequences that this processing may have, in the event that a third party’s rights and freedoms are not respected.

Performance of a processing operation

As a data processor, Compilatio performs processing operations only upon the user’s explicit and documented request. This documentation is done by using a feature provided in the interface, by writing a support request, by an email from the user, or in a phone call report written by a member of the Compilatio team.

Hosting and processing of personal data

Users’ personal data is hosted on server centers managed by the following companies.
List of data processing and hosting providers used by Compilatio for:

Operation of services

OVH

GDPR Compliance :
https://www.ovh.co.uk/personal-data-protection/
Location of data centers:
https://www.ovh.co.uk/aboutus/datacentres.xml
Data centers specifically used: “France”

Transmitting data and documents by electronic means (especially email) for communications with the support desk

ZENDESK

GDPR Compliance:
https://www.zendesk.co.uk/company/customers-partners/eu-data-protection/
Data centers specifically used: “Europe”
About the data centers:
https://www.zendesk.co.uk/company/policies-procedures/regional-data-hosting-policy/

Exchanging data and documents with Compilatio members

GOOGLE – SERVICE G-SUITE

GDPR Compliance:
https://gsuite.google.fr/intl/fr/terms/dpa_terms.html
Location of data centers :
https://www.google.com/about/datacenters/inside/locations/index.html

ZOHO CORP. – SERVICE ZOHO ONE

GDPR Compliance : [FR] https://www.zoho.eu/fr/gdpr.html
Data centers specifically used: “Europe”
About the data centers: [FR]  https://www.zoho.com/general/blog/zoho-data-centers-in-europe.html
Security Policy : [FR] https://www.zoho.eu/security.html

adult-africa-african-1089550

caution-cone-control-211151

 Data confidentiality

All Compilatio SAS employees who may handle personal data are held to the strictest confidentiality by a binding confidentiality agreement.

Compilatio undertakes not to use or transfer users’ data for any purpose other than for designing, performing, maintaining and improving the company’s services.

Data security

Special attention is paid to the following aspects of security

Resilience – remain operational and well-functioning, even if one or more servers fail

Availability – the data is accessible at all times, even if one or more servers fail

Longevity – the ability to recover data that is corrupted or accidentally lost after an incident

Access control – data is only accessible to authorised users and processes

Compilatio SAS implements all known measures to ensure a level of security suitable for the type of data and the risk of violations of the users’ rights and freedoms.

Procedure for exercising the user’s rights

Reminder of the user’s rights regarding personal data

  • Access to data
  • Correction of data
  • Deletion of data
  • Exportation of data available in a digital medium, in a “structured” format (ex: .xls, .csv, .xml file)
  • Limitation of and opposition to data processing

Procedures

Using the features offered in the service interface

Sending a request via the form at the following address:
https://support.compilatio.net/hc/en-us/requests/new

Ownership of personal data

The user retains the intellectual property rights over their personal data. Personal data is deleted at the latest 3 months after the user’s account is deleted.

In the case where an organisation has subscribed to a Compilatio service and makes the service available to its members: after a user account is deleted, the client organisation may only keep the user’s documents if it contractually certifies that it holds the rights to these documents. The client organisation alone shall bear the consequences from any infringement of rights with regard to the documents.

banking-business-checklist-416322