General policy on the protection of personal data
All rights reserved 2010-2023 SharingCloud – GDPR – General policy for the protection of personal data – 2023
Privacy and the protection of personal data are key factors in building trust, a value that SharingCloud is particularly committed to, as we strive to respect the fundamental rights and freedoms of each individual.
This Personal Data Protection Policy sets out SharingCloud’s commitment to the responsible use of personal data in its day-to-day activities.
A Data Protection Officer (DPO)
In order to safeguard everyone’s privacy and the protection of personal data, in 2018 SharingCloud appointed a Data Protection Officer (DPO) who carries out his duties for all its structures.
The DPO is a guarantee of reliability. A specialist in the protection of personal data, responsible for ensuring the protection of privacy and the correct application of the rules on the protection of personal data, and a special contact for the Commission Nationale de l’Informatique et des Libertés (CNIL), as well as for all persons concerned by the collection or processing of personal data.
To contact our Data Protection Officer:
dpo-rgpd@sharingcloud.com
Principles applicable to the protection of personal data
SharingCloud has developed an On-Premises and SaaS solution for optimizing meeting spaces and videoconferencing rooms, as well as for fully managing employee services and corporate communications. As a result, it collects and processes personal data in compliance with the laws and regulations in force, in particular the amended French Data Protection Act of 6 January 1978 and the standards laid down by the CNIL.
SharingCloud applies the principles defined by Privacy by Design in all its projects, and has a policy of informing and raising awareness among its teams about compliance with the principles laid down by the General Data Protection Regulation.
1. Specific, explicit and legitimate purpose of processing:
Personal data is collected for specific objectives (purposes) defined by the needs of the processing carried out within the framework of validated specifications.
2. Proportion and relevance of data collected:
The personal data collected is strictly necessary for the purpose for which it was collected. The SharingCloud processing sheets are designed to minimize the amount of data collected.
3. Limited retention period of personal data:
Personal data is kept for a limited period which does not exceed the time required for the purposes for which it was collected.
4. Confidentiality / Data security:
Information Systems Security Policies (ISSP) are implemented, adapted to the nature of the data processed and the way it is processed.
Appropriate physical, logical and organizational security measures are in place to guarantee the confidentiality of data, and in particular to prevent any unauthorized access.
SharingCloud also requires any subcontractor to provide appropriate guarantees to ensure the security and confidentiality of personal data.
5. Individual rights:
We use all necessary means to ensure that individuals can exercise their rights with regard to their personal data.
– Personal data is collected fairly on behalf of our customers, who are responsible for processing it and informing users of the collection of information, the purpose of processing and their rights
– The personal data collected is processed in accordance with the instructions received from our customers.
– The data collected is not subsequently used in a way that is incompatible with these purposes.
– Personal data is kept accurate and up to date.
– Data retention periods are communicated to individuals and vary according to the nature of the data, the purpose of the processing or legal or regulatory requirements.
– If personal data were to be transferred to countries inside or outside the European Union, the persons concerned would be informed in detail, and specific measures would be taken to govern these transfers.
– The means necessary to guarantee the effectiveness of the rights of individuals with regard to their personal data are implemented, in particular by providing clear and comprehensive information on the data processing carried out, which is easily accessible and comprehensible to all.
All persons have rights over their data, which they may exercise at any time and free of charge towards the data controller, by providing proof of their identity. This means that individuals can access their personal data and, in certain cases, have it corrected, deleted or refuse to allow processing.
Access to these rights is facilitated by the procedures implemented by SharingCloud.
Monitoring of the Personal Data Protection Policy.
This policy is updated regularly to take account of legislative and regulatory developments, and any changes in the organization of SharingCloud or in the offerings, products and services provided.
This Personal Data Protection Policy is supplemented by
- Documentation of the explicit purposes of our data processing with regard to individuals, data recipients, retention periods and the procedures for exercising individuals’ rights.
- A full and regular assessment of our data hosting subcontractors and software publishers to ensure that they are complying with their obligations under the GDPR.
- Appropriate contractual clauses with our subcontractors in the context of a normal or significant risk to the protection of private data generated by processing.
- Specific confidentiality clauses in the employment contracts of our employees who handle private data.
- Rules governing the use of computer equipment.