Privacy and data protection policy


As the software publisher for monitoring third party compliance in SaaS mode, may process personal data either for its internal needs, in which case it is acting as the controller, or on behalf of its client and their third-party suppliers, service providers and other contractors, in which case it is acting as a processor.

These processing operations are carried out in compliance with the French Data Protection Act and the General Data Protection Regulation (GDPR). The GDPR aims to ensure respect for the fundamental rights and freedoms of natural persons in particular their right to the protection of personal data; it is intended to contribute to the accomplishment of an area of freedom, security and justice and of an economic union, to economic and social progress, to the strengthening and the convergence of the economies within the internal market, and to the well-being of natural persons. In particular, it provides for very strict requirements in terms of the protection of personal data of natural persons, which are necessary to provide legal certainty and transparency for economic operators, and to provide natural persons in all Member States with the same level of legally enforceable rights and obligations and responsibilities for controllers and processors.

To comply with these provisions, has taken a variety of measures including:

  • establishing a mapping of the processing of personal data that on the basis of which it was possible to create and update records of processing activities of the controller and the processor;
  • setting up a team dedicated to the protection of personal data:
    • a DPO (Data Protection Officer)
    • a CISO (Chief Information Security Officer)
    • a CTO (Chief Technology Officer)
  • carrying out impact assessments prior to the processing, where necessary;
  • taking into account the principles of personal data protection at the time of the design of its software; (principles known as privacy by design and by default)
  • complying with good practices to improve data protection and to demonstrate the effectiveness of these measures; (principle known as accountability)
  • taking security, organisational and technical measures reinforced by the ISO27001 certification of its information security management system (ISMS). is committed to implementing a continuous process for ensuring the protection and security of personal data, in particular:

  • has been certified to the international standard ISO/IEC 27001:2013 on the information security management system and requirements for the assessment and treatment of information security risks since May 2018; has been a member of AFCDP, the French association of data protection officers, since 2013 where it can exchange and progress on best practices with other data protection professionals
Purpose of this policy
Identity and contact details of the controllers
Collection and origin of data
Purpose of the processing and types of data processed
Non-communication of personal data
Data storage location
Data storage period
Security and certifications
Contact, right of access, rectification and objection