This document is intended for the majority of our customers.

If you are a Spanish client in a FUNDAE context, please click here If you are a french department, please click here.

For any questions regarding the SWS solution, please contact the support service: support@sowesign.com.

1 - Details of the data controller

When our clients use our Services, we collect and process certain information on their behalf. As a result, our clients are responsible for data processing in accordance with Article 4 of the GDPR. JESUISENCOURS, as a service provider, acts as a data processor. In this capacity, we are committed to assisting our clients in their efforts to comply with data protection regulations.

If you are unable to contact the Data Controller, you may reach out to the Data Protection Officer (DPO) of JESUISENCOURS:

Maxime JACOB
6 rue Léon Jouhaux, 75010 PARIS
dpo@horizontalsoftware.com

2 - Objectives

Description of Data Processing Purpose and Features

The personal data collected by JESUISENCOURS in the course of its mission to digitize processes is necessary for the fulfillment of contractual commitments agreed upon by the client.

The purposes for which JESUISENCOURS processes data are as follows:

  • Accurate and automated recording of participants' attendance during training sessions.
  • Generation of attendance certificates for trainers and training managers.
  • Real-time monitoring of participant attendance throughout training sessions.
  • Automation of administrative processes related to managing attendance and absences.
  • Collection of information on participant performance during training sessions.
  • Tracking learner progress throughout training programs.
  • Analysis of evaluation data to identify strengths and areas for improvement in training programs.
  • Conducting remote assessments for online or hybrid training sessions, thus facilitating learner access and participation.

Legal Basis for Personal Data Processing

JESUISENCOURS processes personal data based on the performance of a contract. When a user enters into a contractual relationship with JESUISENCOURS, the company collects and uses the personal data required to provide the requested services or products, as well as to manage and execute the contract in question.

As part of the software contract execution, JESUISENCOURS may collect personal data such as the user’s name, email address, configuration preferences, and other information necessary for software customization and maintenance (See point 5. Category of Data Collected for more details).

JESUISENCOURS processes personal data only to the extent necessary for the execution of the software license agreement. This data is used to ensure the software’s compliance with agreed specifications, to provide effective technical support, and to ensure the continuous proper functioning of the software.

It is important to note that personal data processed as part of the software license agreement is strictly used for providing the agreed software services and is not shared with third parties without the user’s explicit consent.

3 - Categories of people concerned

The data processing concerns users of the SoWeSign solution via the following 2 platforms: 

  • Corporate Application  
  • SWS Manager  

The users identified are : 

  • Trainers for collective training courses 
  • Training participants 
  • Software managers (administrators) 
  • Human resources managers 

4 - Categories of data collected

Data concerning the "Learner in training" profile

  • Identification data: first name, last name, title
  • Contact data: mobile phone, email address
  • Data related to training
  • Connection data

Data concerning the "Trainer" profile

  • Identification data: first name, last name, address
  • Contact data: landline phone, mobile phone, email address
  • Connection data

Data concerning the "Software Managers" and "HR Managers" profiles

  • Identification data: title, first name, last name
  • Contact data: mobile phone, email address

Are sensitive data being processed?

The collection of certain data, particularly sensitive data, is strictly regulated by GDPR and requires special attention. This includes data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, genetic and biometric data, data concerning health, sexual life, or sexual orientation, data relating to criminal convictions or offenses, as well as the national identification number (NIR or social security number).

Yes   X No

 

SOURCE OF DATA

The data is collected through provision by the client. This may include, among other things, the connection of the SoWeSign software to an ERP system, the provision of files containing the necessary data for collection, as well as manual entries into the software (non-exhaustive list).
Data may also be collected when connecting to applications and completing questionnaires.

MANDATORY NATURE OF DATA COLLECTION

The collection of certain data may be mandatory to ensure the achievement of specific data processing objectives. Data necessary for the performance of contracts, such as those specified in point 5. Categories of collected data, may be considered mandatory to ensure the provision of the agreed services. Likewise, data necessary for the efficient management of activities, such as contact information for various stakeholders, may be required to ensure smooth communication and proper follow-up.

5 - Retention period for categories of data

How long do you keep this information? 

The above-mentioned data is kept for 10 years for legal reasons. 

If the contractual relationship with the customer is terminated, the data is provided to the customer before being deleted from SoWeSign's databases. 

6 - Categories of data recipients

Customers

The data controller and all individuals authorized by the data controller.

Internal recipients 
(examples: entity or department, categories of authorised persons, IT department, etc.) 

  • Software development team 
  • Technical support team 
  • Data management and information security team 
  • Team of consultants responsible for monitoring the project 

Subcontractors  
(Examples: hosting providers, IT maintenance providers, etc.) 

  • Data hosting service providers 
  • Third-party maintenance and support service providers 
  • Third-party software development service providers for specific functionalities 
     

7 - Data transfers outside the EU

Are personal data transmitted outside the European Union? 

    Yes  X NO

Personal data is not transferred outside the European Union. It is stored on hosting servers located in the European Union, or in third countries that guarantee the protection of personal data under conditions that are equivalent to those in the European Union. 

8 - Safety measures

JESUISENCOURS implements the appropriate technical and organisational means to permanently guarantee an appropriate level of protection against the risks of infringement of the privacy of individuals, in particular against the risks of unauthorised access to personal data, disclosure, destruction or unlawful use of data.  

User access control  

To guarantee the protection of personal data in accordance with the RGPD, JESUISENCOURS has implemented the following measures concerning user access control: 

  • Identification and authentication of users using unique identifiers and strong passwords. 
  • Implementation of access management procedures to ensure rapid revocation of access rights in the event of a user leaving or changing responsibilities. 
  • Continuous monitoring of the activities of authorised users to detect and prevent any misuse or unauthorised use of data. 

Traceability measures 

In order to ensure the traceability of operations carried out on personal data, JESUISENCOURS has implemented the following measures: 

  • Logging of all operations carried out on personal data, including accesses, modifications and deletions. 
  • Retention of activity logs for a defined period in accordance with legal requirements on data retention. 

Software protection measures  

In order to guarantee the security of the personal data processed, JESUISENCOURS has put in place a set of measures to protect the software used in data processing. These measures include 

  • Carrying out security tests, including vulnerability tests and penetration tests, to assess the resilience of the software to potential attacks and to identify and correct any security flaws. 
  • Continuous monitoring of the software environment to detect and respond quickly to any anomalies or suspicious activities that could compromise the security of personal data. 

Data encryption 

In order to guarantee the confidentiality of personal data, JESUISENCOURS has implemented the following encryption measures: 

  • Encryption of personal data in transit, particularly during transmission on internal and external networks. 
  • Encryption of personal data at rest, in particular when stored on physical or virtual storage devices. 

Control of subcontractors 

To ensure that sub-contractors comply with the requirements for the protection of personal data, JESUISENCOURS has implemented the following measures: 

  • Rigorous selection of subcontractors on the basis of their ability to guarantee an adequate level of protection of personal data. 
  • Signature of contracts including specific clauses relating to the protection of personal data in accordance with the requirements of the RGPD. 
  • Regular monitoring of subcontractors to verify their compliance with contractual and regulatory requirements relating to the protection of personal data. 

Other measures:  

In addition to the above measures, JESUISENCOURS has also implemented the following measures to enhance the security of personal data: 

  • Raising employee awareness of good practices in terms of personal data protection. 
  • Carrying out regular security audits to evaluate and continuously improve our data security posture. 
     

9 - Your rights regarding your personal data

Any person concerned by the processing of his or her data may access it and obtain a copy, have it rectified, request that the processing be restricted and, under certain conditions, object to the processing of the data or have it deleted. 

  1. Exercising your rights (contact details of the Data Protection Officer) 

    To exercise these rights or if you have any questions about the processing of your data under this system, you can contact the administrator by e-mail: dpo@horizontalsoftware.com 
     
  2. Complaints to the CNIL 

    If, after contacting the Data Protection Officer, you feel that your rights with regard to your data have not been respected, you may submit a complaint to the CNIL (Commission nationale de l'informatique et des libertés, 3 place Fontenoy - TSA 80715 - 75334 Paris cedex 07 - Tel: 01 53 73 22 22 - www.cnil.fr).