Personal data policy of the service in SAAS mode of the e-vault
Version of 28 April 2016
This personal data policy forms part of the terms and conditions of sale, which you have accepted when placing your order. Cecurity.com and/or one of its subsidiaries within the meaning of article L 233-1 of the Commercial Code (jointly referred to hereinafter as “Cecurity”) is the service provider as well as the operator of the service in SaaS mode of the electronic vault.
The aim of this personal data policy is to inform you about how, on the one hand, we collect, process and ensure the protection of your personal data in the context of the use of the Products and services and on, the other hand, how we store the data that you implement in the hosted Products. This personal data policy applies to all data collected in the context of the use of the products and services, irrespective of the marketing method chosen (website, face to face directly with the sales department, retailer, etc.).
3. DATA COLLECTED BY CECURITY
In the context of the use of our products and services, we will be required to collect and process some or all of the data with which you provide us by completing our forms, loading online content, subscribing to online services or sending us correspondence. We may therefore collect your surnames, first names, postal address, e-mail address, telephone numbers, IP address, connection data, navigation data, your opinion of the products, payment information, your purchase history, any specific request you may make to us.
4. USE OF DATA COLLECTED BY CECURITY
The information gathered by Cecurity to manage our products and services enjoys the protection provided for by Act No. 78-17 of 6 January 1978 on data processing, files and freedoms. It may give rise to the exercise of the individual right of access and correction with the Data Protection Officer (Correspondant Informatique et Libertés, CIL) of Cecurity.com at the following address: firstname.lastname@example.org
6. COMMUNICATION OF PERSONAL DATA COLLECTED BY CECURITY
Cecurity is the recipient of the personal data you submit to us for the management of products and services. These data are only intended to allow us to manage the existing contractual relationship between Cecurity and you as defined above. To do this, we may be required to transmit these data beyond our subsidiaries, if need be to our service providers and subcontractors, but only to implement the services contained in your order. We require our subcontractors to use your personal data only to manage the services we ask them to provide. We also require our subcontractors to act at all times in compliance with Act No. 78-17 of 6 January 1978 on data processing, files and freedoms.
7. DATA STORED IN THE HOSTED PRODUCTS AND SERVICES
The hosted products and services of Cecurity help ensure the integrity, availability and confidentiality of the data you store in our hosted products and services. The data and their metadata stored in our hosted products and services are only accessible to you as well as any user(s) you have designated. Cecurity does not have access to the data stored in the hosted Products and services. In this regard we draw your attention to the fact that Cecurity may not under any circumstances restore data that are inadvertently destroyed by you. The maximum number of people you appoint to have access to the products and services you order, the maximum number of instances and the maximum space available that will be granted to you when you place an order are specified in the order form as well as in your customer account.
8. ACCESS TO THE SERVICE
Depending on the user rights you ordered either during your initial subscription or directly via the products and services, access to the product(s) and service(s) of Cecurity is as defined in the terms and conditions of sale. In connection with the use of the products and services, you have the option of designating other users who can have access to the product(s) and service(s). The people you appoint in this regard will have personal access to the products and services and will identify themselves using a username and password specific to them. Designating other users will allow you to guarantee access to your data, even in the event of loss of key or death. We draw your attention to the fact that you must ensure the security and confidentiality of the usernames and passwords with which you are provided to prevent any unauthorized access to the product(s) and service(s).
The data collected by Cecurity as well as the data you store while using our hosted products and services together with their metadata are hosted by us on national territory. No data will be transferred outside the European Union.
10. RESPONSIBILITY OF THE USER
You are fully responsible for all data and content you store in connection with the products and services. As such you agree not to: violate laws or regulations, infringe the rights of third parties (for example copyright or privacy laws) or encourage others to do so; store illegal content (example: incitement to murder, incitement to racial hatred, child pornography, etc.); store computer viruses or any other malicious program or code; affect the proper functioning of the products and services or servers or networks connected to them; we draw your attention to the fact that the products and services issued by Cecurity have not been approved for the hosting of health data. For this reason we ask you not to store health data in Cecurity Products and services.
11. USE OF ENCRYPTED PRODUCTS AND SERVICES
Certain products and services of Cecurity.com allow individual encryption and decryption of digital documents as well as the management of associated encryption-decryption keys. The encrypted products and services of Cecurity incorporate key sequestration security and a mechanism for recovering lost keys. The cryptographic algorithms used by the encrypted products and services of Cecurity are as follows: AES CBC 256, RSA 2048, PBKDF2 256, SHA 256 The encrypted products and services of Cecurity are currently based on the use of the CecurCrypt software from Cecurity.com, registered with the ANSSI (French National Digital Security Agency) under number 15070507. Cecurity reserves the right to change the cryptographic algorithms and/or the software on which the encrypted products and services are based without this having any contractual impact and subject to giving you due notice.
This personal data policy may be amended by Cecurity at any time to accurately reflect the actions undertaken by Cecurity to protect data or incorporate any relevant legislative or regulatory developments. We therefore invite you to consult our media regularly. We will publish notices of any changes to this personal data policy on our website. The changes will not apply retroactively and will come into force at least fourteen (14) days after their publication. However, changes made for legal reasons may apply immediately if necessary. If you do not accept the changes made to the terms and conditions of sale and/or to one of the policies to which these relate, you may cancel the service.