Data protection - French departments

I'm a french departmeent

When our clients use our Services, we collect and process certain information on their behalf. As a result, our clients are responsible for data processing in accordance with Article 4 of the GDPR. JESUISENCOURS, as a service provider, acts as a data processor. In this capacity, we are committed to assisting our clients in their efforts to comply with data protection regulations.

If you are unable to contact the Data Controller, you may reach out to the Data Protection Officer (DPO) of JESUISENCOURS:

Maxime JACOB
6 rue Léon Jouhaux, 75010 PARIS
dpo@horizontalsoftware.com

Personal Data Collected by JESUISENCOURS in the Context of Digital Process Transformation

The personal data collected by JESUISENCOURS in the course of its mission to digitize processes are necessary for the execution of the contractual commitments accepted by the client.

Purposes for which JESUISENCOURS processes the data:

• Accurate and automated recording of participants' attendance in training sessions.
• Generation of attendance certificates for trainers and training managers.
• Real-time monitoring of participants' attendance throughout training sessions.
• Automation of administrative processes related to the management of attendance and absences.
• Collection of information on the performance of participants in training.
• Monitoring of learners' progress throughout training programs.
• Analysis of evaluation data to identify strengths and areas for improvement in training programs.
• Conducting remote evaluations for online or hybrid training, facilitating access and participation for learners.
• Precise and automated tracking of RSA (Social Assistance for the Unemployed) beneficiaries' participation in mandatory follow-up activities.
• Generation of follow-up reports for departments.
• Real-time monitoring of RSA beneficiaries' involvement in training and professional integration programs.
• Automation of administrative processes related to monitoring RSA beneficiaries' activities.
• Improvement of data traceability and confidentiality compared to traditional tracking methods.
• Analysis of follow-up data to assess the effectiveness of professional integration and training initiatives for RSA beneficiaries.

Legal Basis for the Processing of Personal Data

JESUISENCOURS processes personal data based on the execution of a contract. When the user enters into a contractual relationship with JESUISENCOURS, the latter collects and uses the personal data required to provide the requested services or products, as well as to manage and execute the contract.

As part of the software contract execution, JESUISENCOURS may need to collect personal data such as the user's name, email address, configuration preferences, and other information necessary for the customization and maintenance of the software (See section 5. Categories of Data Collected for further details).

JESUISENCOURS only processes personal data to the extent necessary for the execution of the software license contract. This data is used to ensure the software's compliance with the agreed specifications, to provide effective technical support, and to ensure the software's ongoing proper functioning.

It is important to note that the personal data processed within the scope of the software license contract is strictly used for the purpose of providing the agreed software services and is not shared with third parties without the user's explicit consent.

The data processing concerns users of the SoWeSign solution via the following 2 platforms: 

• Corporate Application  
• SWS Manager  

The users identified are : 

• The Trainers for Collective Training Actions
• The Participants in the Training
• The Software Administrators (System Managers)
• The Human Resources Managers
• The RSA Beneficiaries Being Followed by the Department, Whether Funded or Not by the ESF (European Social Fund)
• The Department's Referrals in Charge of Supporting the Beneficiaries
• The External Organization's Referrals Responsible for Supporting These Beneficiaries

Data concerning the “Training Learner” profile

• Identification data: first name, last name, gender, date of birth, place of birth
• Contact data: landline phone, mobile phone, email address, postal address
• Training-related data
• Professional life data
• Personal life data: disability, parents' place of birth
• Connection data

Data concerning the “RSA Beneficiary” profile

• Identification data: first name, last name, gender, date of birth, place of birth
• Contact data: landline phone, mobile phone, email address, postal address
• Training-related data
• Job search data
• Professional life data
• Personal life data: disability, parents' place of birth
• Connection data

Data concerning the “Trainer” profile

• Identification data: first name, last name, address
• Contact data: landline phone, mobile phone, email address
• Connection data

Data concerning the profiles of “Software Managers,” “Department Referrals in charge of supporting beneficiaries,” and “HR Managers”:

• Identification data: first name, last name
• Contact data: landline phone, mobile phone
• Support-related data: Department or service in charge, professional status, history of interactions with RSA beneficiaries, comments or feedback on the support of beneficiaries
• Connection data

Are sensitive data processed?

The collection of certain data, particularly sensitive data, is strictly regulated by GDPR and requires special attention. This includes data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or union membership, genetic and biometric data, data concerning health, sexual life or sexual orientation, criminal convictions or offenses, as well as the unique national identification number (NIR or social security number).

X Yes  No

If yes, which ones?: disability status

SOURCE OF THE DATA

The data is collected through provision by the client. This may include, among other things, the connection of the SoWeSign software to an ERP system, provision of files containing personal data, and manual entries in the software (non-exhaustive list).

Data may also be collected during the connection to applications and the completion of forms.

OBLIGATORY NATURE OF DATA COLLECTION

The collection of certain data may be mandatory to ensure the achievement of specific data processing objectives. Data necessary for the execution of contracts, as specified in section 5, Categories of collected data, may be considered mandatory to guarantee the agreed-upon services. Similarly, data necessary for the efficient management of activities, such as contact information for various stakeholders, may be required to ensure smooth communication and proper follow-up.

How long do you keep this information? 

The above-mentioned data is kept for 10 years for legal reasons. 

If the contractual relationship with the customer is terminated, the data is provided to the customer before being deleted from SoWeSign's databases. 

Customers

The data controller and all individuals authorized by the data controller.

Internal recipients 
(examples: entity or department, categories of authorised persons, IT department, etc.) 

• Software development team 
• Technical support team 
• Data management and information security team 
• Team of consultants responsible for monitoring the project 

Subcontractors  
(Examples: hosting providers, IT maintenance providers, etc.) 

• Data hosting service providers 
• Third-party maintenance and support service providers 
• Third-party software development service providers for specific functionalities 
   

Are personal data transmitted outside the European Union? 

    Yes  X NO

Personal data is not transferred outside the European Union. It is stored on hosting servers located in the European Union, or in third countries that guarantee the protection of personal data under conditions that are equivalent to those in the European Union. 

JESUISENCOURS implements the appropriate technical and organisational means to permanently guarantee an appropriate level of protection against the risks of infringement of the privacy of individuals, in particular against the risks of unauthorised access to personal data, disclosure, destruction or unlawful use of data.  

User access control  

To guarantee the protection of personal data in accordance with the RGPD, JESUISENCOURS has implemented the following measures concerning user access control: 

• Identification and authentication of users using unique identifiers and strong passwords. 
• Implementation of access management procedures to ensure rapid revocation of access rights in the event of a user leaving or changing responsibilities. 
• Continuous monitoring of the activities of authorised users to detect and prevent any misuse or unauthorised use of data. 

Traceability measures 

In order to ensure the traceability of operations carried out on personal data, JESUISENCOURS has implemented the following measures: 

• Logging of all operations carried out on personal data, including accesses, modifications and deletions. 
• Retention of activity logs for a defined period in accordance with legal requirements on data retention. 

Software protection measures  

In order to guarantee the security of the personal data processed, JESUISENCOURS has put in place a set of measures to protect the software used in data processing. These measures include 

• Carrying out security tests, including vulnerability tests and penetration tests, to assess the resilience of the software to potential attacks and to identify and correct any security flaws. 
• Continuous monitoring of the software environment to detect and respond quickly to any anomalies or suspicious activities that could compromise the security of personal data. 

Data encryption 

In order to guarantee the confidentiality of personal data, JESUISENCOURS has implemented the following encryption measures: 

• Encryption of personal data in transit, particularly during transmission on internal and external networks. 
• Encryption of personal data at rest, in particular when stored on physical or virtual storage devices. 

Control of subcontractors 

To ensure that sub-contractors comply with the requirements for the protection of personal data, JESUISENCOURS has implemented the following measures: 

• Rigorous selection of subcontractors on the basis of their ability to guarantee an adequate level of protection of personal data. 
• Signature of contracts including specific clauses relating to the protection of personal data in accordance with the requirements of the RGPD. 
• Regular monitoring of subcontractors to verify their compliance with contractual and regulatory requirements relating to the protection of personal data. 

Other measures:  

In addition to the above measures, JESUISENCOURS has also implemented the following measures to enhance the security of personal data: 

• Raising employee awareness of good practices in terms of personal data protection. 
• Carrying out regular security audits to evaluate and continuously improve our data security posture. 
   

Any person concerned by the processing of his or her data may access it and obtain a copy, have it rectified, request that the processing be restricted and, under certain conditions, object to the processing of the data or have it deleted. 

1. Exercising your rights (contact details of the Data Protection Officer) 
   
   To exercise these rights or if you have any questions about the processing of your data under this system, you can contact the administrator by e-mail: dpo@horizontalsoftware.com 
    
2. Complaints to the CNIL

   If you believe, after contacting the Data Protection Officer, that your data protection rights have not been respected, you can file a complaint with the CNIL (National Commission on Informatics and Liberty):

   Address: 3 place Fontenoy – TSA 80715 – 75334 Paris Cedex 07
   Phone: +33 1 53 73 22 22
   Website: www.cnil.fr