Personal data: any information that can be used to directly or indirectly identify a particular person.
Data processing: A personal data processing is an operation, or set of operations, relating to personal data (collection, extraction, adaptation, storage etc).
Data controller: The person responsible for processing personal data is in principle the person, public authority, company or organization that determines the purposes and means of this file, that decides on its creation.
Purpose: The purpose of processing is the main objective of the use of personal data. The data are collected for a well-defined and legitimate purpose and are not further processed in a way that is incompatible with this initial purpose
Sub-processor: The processor, within the meaning of the GDPR, is the natural or legal person (company or public body) that processes data on behalf of another organization (the controller), in the context of a service or provision
Sensitive data: This is information that reveals the alleged racial or ethnic origin, political opinions, religious or philosophical beliefs or trade union membership, as well as the processing of genetic data, biometric data for the purpose of uniquely identifying a natural person, data concerning health or data concerning the sex life or sexual orientation of a natural person. The EU Regulation prohibits the collection or use of such data, except, inter alia, in the following cases:
- If the data subject has given his or her express consent (an active, explicit and preferably written step, which must be free, specific, and informed); - If the information is manifestly made public by the data subject; - If it is necessary for the safeguarding of human life; - If its use is justified by the public interest and authorized by the CNIL; - If it concerns the members or adherents of a political, religious, philosophical, political or trade union association or organization
Data breach: is characterized by the destruction, loss, alteration, unauthorized disclosure of or access to personal data transmitted, stored or otherwise processed, whether accidental or unlawful.
1. Identity and contact details of the data controller
When visiting our site, as the person responsible for processing, may be required to collect your personal data in the context of the execution of your insurance contracts. All personal data provided to or collected by the company bsoft.fr are controlled by the data protection officer at the address: 4 rue Coste, 69300 Caluire et Cuire, France
2. Why and how is your personal data collected?
We can collect your data by different means: - That you give us directly = Website = Email address = Phone - That we collect automatically (cookies) - That we collect from other sources (canvassing, partners)
Information you give us. We use this information : - To provide the requested service. - To communicate with you by responding to your inquiries about using the solution or billing. - To administer your account. - To protect the solution from abuse and fraud. - To inform you of changes and improvements to our service.
Information we collect. Weuse this information: - To provide the service in a user-friendly manner. - To administer the health of the solution. - To correct problems in the solution. - To measure the effectiveness and use of the Service.
Participant Information. Participant information can be used by users: - To send email or SMS communications related to the solution. - To track attendance at training sessions individually and collectively. - To secure access to company data.
Data processing on our solutions:
Information you give us: When you create an account on our solution, you give us the following information: name, first name, address, email, phone number and billing information.
a) Participant data Participant information: When using the solution, users (training organizations or facilitators) are required to enter personal data of people interacting with the solution (other users, facilitators, trainees). This data is the property of the client and we do not control what he collects. This data can be, but is not limited to: name, surname, title, email address, phone number, company, planned trainings. When an attendee signs in, we also collect their signature and attendance information at the training location.
b) For all Information we collect: When you use the service we automatically collect the following information: - Technical information about your browser when you visit the website. This information may include your IP address, the browser you are using and how it is set up (such as language preferences), the dates and times you use the service, and the actions you take on the solution. - Technical information about the mobile device when you use the application. This information may include your IP address, the device model and its technical information (including a unique device identifier that can only be accessed through our app), dates and times you use the app, and actions taken on the app. Full diagnostic data is only collected in the event of a malfunction.
How do we determine how long we keep your personal data?
We keep the data for the time necessary for the operations for which they were collected and in compliance with the regulations in force. The length of time we keep data varies and depends on the nature of the data, its purpose and the legal and regulatory aspects to which it is subject. These periods are based on the legal requirements for legal action. In this case, the first retention period takes into account the duration of your contract. The retention period begins at the end of the contractual break. The solution offers the customer the possibility of deleting the data on its interfaces at any time. bsoft.fr undertakes in any case not to retain them for more than 3 years after the end of the service, or earlier if the customer so requests.
What is a cookie?
A cookie is a text file that the site you are visiting stores on your hard drive or in your browser's RAM. It allows your computer to store various technical data such as the number of visits, the frequency of exposure to an advertising banner, the connection to other sites. It also allows you to personalize your future connections by memorizing the choice of language of the site, your connection information, your preferences.
How long cookies are kept
The cookies we collect are kept for a maximum of 13 months.
4. With whom do we share your personal data?
International Data Transfers
If we need to transfer personal data outside the EEA, bsoft.co.uk will ensure that it is protected in the same way as it is in the EEA. We will use one of the following safeguards:
- Transfer to a country outside the EEA whose privacy legislation ensures an appropriate level of protection for personal data as in an EEA country; - Put in place a contract with the foreign third party that means they must protect personal data to the same standards as the EEA - Transfer personal data to organizations that are part of specific agreements relating to cross-border data transfers with the European Union (e.g., the Privacy Shield or Bouygues International). (e.g., the Privacy Shield is a framework that defines privacy standards for data transferred from EU countries to the United States).
5. How do we protect your personal data?
Bsoft.co.uk takes the security of your personal data very seriously. We strive to protect your personal data from data breaches such as misuse, interference, loss, unauthorized access, alteration or disclosure. Our measures include implementing appropriate access controls, investing in the latest information security capabilities to protect the computing environments we operate.
Non-exhaustive list of security measures implemented:
Access to your personal data is only allowed among our employees and agents on a need-to-know basis and is subject to strict contractual confidentiality obligations when data is processed by third parties. Our data is hosted in France via a chain of French providers. In the context of the use of the service, some data are sent to providers located outside the European Union (see point III.) The personal information we collect is kept in a secure environment. The people working for us are required to respect the confidentiality of your information. To ensure the security of your personal information, we use the following measures:
We are committed to maintaining a high degree of confidentiality by incorporating the latest technological innovations to ensure the privacy of your data. However, as no mechanism offers maximum security, there is always a degree of risk involved when using the Internet to transmit personal information. Furthermore, we can only advise users to choose secure passwords. The use of a password manager is an excellent way to secure and remember all its accesses. bsoft.fr undertakes to communicate to the customer, the occurrence of any security breach, having direct or indirect consequences on the treatment, as well as any complaint which would be addressed to him by any person concerned by the treatment carried out under the licence of use of our solution. This information or request must be made as soon as possible and no later than 72 hours after the discovery of the security breach or following receipt of a complaint.
6. What are your rights?
In accordance with the amended "Informatique et Libertés" law of January 6, 1978 and the European regulation n°2016/679/EU of April 27, 2016, you can access your data, rectify it, request its deletion or exercise your right to portability or limitation of the processing of your data. You may also withdraw your consent at any time. To exercise these rights or for any questions about the processing of your data in this system, you can contact our Data Protection Officer (DPO) by e-mail: email@example.com If you feel, after having contacted us, that your data protection rights have not been respected, you can submit a complaint to the Commission Nationale de l'Informatique et des Libertés (CNIL) either via the following URL: https://www.cnil.fr/fr/plaintes, or via e-mail to the following address: 3 place de Fontenoy, TSA 80715, 75334 PARIS CEDEX 07