Data protection

The company responsible for this processing is JESUISENCOURS, represented by :
Maxime JACOB
86 Rue Charonne, 75011, Paris

When our customers use our Services, we collect and process certain information on their behalf. Our customers are therefore responsible for data processing in accordance with Article 4 of the RGPD. JESUISENCOURS, as a service provider, then acts as a processor. As such, we are committed to assisting our customers in their efforts to bring their processing into compliance. 

Clearly describe the purpose of the personal data processing and its functionalities. 

The personal data collected by JESUISENCOURS in the course of carrying out its process digitisation mission is necessary for the performance of the contractual commitments accepted by the customer.  

The purposes for which JESUISENCOURS processes data are as follows: 

• Accurate and automated recording of participants' attendance at training courses. 
• Generation of attendance certificates for trainers and training managers. 
• Real-time monitoring of participant attendance throughout training sessions. 
• Automate administrative processes linked to attendance and absence management. 
• Gather information on training participants' performance. 
• Track learners' progress throughout training programmes. 
• Analysing evaluation data to identify strengths and areas for improvement in training programmes. 
• Carry out remote evaluations for online or hybrid training, facilitating learner access and participation. 
• Accurate and automated monitoring of RSA beneficiaries' participation in compulsory follow-up activities. 
• Generation of follow-up reports for departments 
• Real-time monitoring of RSA recipients' involvement in training and employment programmes. 
• Automation of the administrative processes involved in monitoring the activities of RSA recipients. 
• Improved traceability and confidentiality of data compared with traditional monitoring methods. 
• Analysis of monitoring data to assess the effectiveness of vocational integration and training initiatives for RSA recipients. 
• Compliance with the administrative regulatory obligations in force in Spain with regard to the management of vocational training (FUNDAE). 

Legal basis for processing personal data 

JESUISENCOURS processes personal data on the basis of the performance of a contract. When the user enters into a contractual relationship with JESUISENCOURS, the latter collects and uses the personal data required to provide the services or products requested, and to manage and execute the contract in question. 

Within the framework of the execution of the software contract, JESUISENCOURS may collect personal data such as the name of the user, his e-mail address, his configuration preferences, as well as other information necessary for the personalisation and maintenance of the software (See point 5. Category of data collected for further details). 

JESUISENCOURS only processes personal data to the extent necessary for the performance of the software licence contract. This data is used to ensure that the software complies with the agreed specifications, to provide effective technical support and to ensure the continued proper functioning of the software. 

It is important to note that personal data processed under the software licence agreement is used strictly for the purpose of providing the agreed software services and is not shared with third parties without the user's explicit consent. 

The data processing concerns users of the SoWeSign solution via the following 2 platforms: 

• Corporate Application  
• SWS Manager  

The users identified are : 

• Trainers for collective training courses 
• Training participants 
• Software managers (administrators) 
• Human resources managers 
• RSA beneficiaries being monitored by the department, whether or not financed by the ESF 
• Departmental advisors responsible for supporting beneficiaries 
• Referrers from organisations outside the department responsible for supporting these beneficiaries 

Data concerning the "Learner in training" profile 

• Identification data: surname, first name, gender, date of birth, place of birth 
• Contact details: landline telephone, mobile telephone, email address, postal address 
• Data relating to training 
• Data relating to professional life 
• Personal details: disability, parents' place of birth 
• Connection details 

Data relating to the "RSA beneficiary" profile 

• Identification data: surname, first name, gender, date of birth, place of birth 
• Contact details: landline telephone, mobile telephone, email address, postal address 
• Data relating to training 
• Data relating to job search 
• Data relating to professional life 
• Data relating to personal life: disability, parents' place of birth 
• Connection details 

Data concerning the "Trainer" profile 

• Identification data: surname, first name, address,  
• Contact details: landline telephone, mobile telephone, email address 
• Connection details  

Data concerning the "Software Manager", "Departmental Support Officer" and "HR Manager" profiles:  

• Identification data: surname, first name,  
• Contact details: landline telephone, mobile telephone 
• Data relating to support: Department or service in charge, Professional status, History of interactions with RSA beneficiaries, Comments or feedback on the support provided to beneficiaries. 
• Connection data  
• Are sensitive data processed? 

The collection of certain particularly sensitive data is strictly governed by the RGPD and requires particular vigilance. This includes data revealing a person's alleged racial or ethnic origin, political opinions, religious or philosophical beliefs or trade union membership, genetic and biometric data, data concerning a person's health, sex life or sexual orientation, data relating to criminal convictions or offences, and the unique national identification number (NIR or social security number). 

  X YES         No   

If yes, which ones? Data relating to: disability. 

DATA SOURCE 

The data is collected by the customer. This may include, but is not limited to, the connection of the SoWeSign software to an ERP system, the provision of files containing personal data, and manual entries in the software. 
Data may also be collected when connecting to applications and filling in forms. 

COMPULSORY COLLECTION OF DATA 

The collection of certain data may be mandatory in order to ensure the achievement of specific data processing objectives. Data necessary for the performance of contracts, such as that specified in point 5 Categories of data collected, may be considered mandatory in order to guarantee the provision of the agreed services. Similarly, data necessary for the efficient management of activities, such as contact information for the various stakeholders, may be required to ensure smooth communication and appropriate follow-up. 

How long do you keep this information? 

The above-mentioned data is kept for 10 years for legal reasons. 

If the contractual relationship with the customer is terminated, the data is provided to the customer before being deleted from SoWeSign's databases. 

Internal recipients 
(examples: entity or department, categories of authorised persons, IT department, etc.) 

• Software development team 
• Technical support team 
• Data management and information security team 
• Team of consultants responsible for monitoring the project 

Subcontractors  
(Examples: hosting providers, IT maintenance providers, etc.) 

• Data hosting service providers 
• Third-party maintenance and support service providers 
• Third-party software development service providers for specific functionalities 
   

Are personal data transmitted outside the European Union? 

    Yes  X NO

Personal data is not transferred outside the European Union. It is stored on hosting servers located in the European Union, or in third countries that guarantee the protection of personal data under conditions that are equivalent to those in the European Union. 

JESUISENCOURS implements the appropriate technical and organisational means to permanently guarantee an appropriate level of protection against the risks of infringement of the privacy of individuals, in particular against the risks of unauthorised access to personal data, disclosure, destruction or unlawful use of data.  

User access control  

To guarantee the protection of personal data in accordance with the RGPD, JESUISENCOURS has implemented the following measures concerning user access control: 

• Identification and authentication of users using unique identifiers and strong passwords. 
• Implementation of access management procedures to ensure rapid revocation of access rights in the event of a user leaving or changing responsibilities. 
• Continuous monitoring of the activities of authorised users to detect and prevent any misuse or unauthorised use of data. 

Traceability measures 

In order to ensure the traceability of operations carried out on personal data, JESUISENCOURS has implemented the following measures: 

• Logging of all operations carried out on personal data, including accesses, modifications and deletions. 
• Retention of activity logs for a defined period in accordance with legal requirements on data retention. 

Software protection measures  

In order to guarantee the security of the personal data processed, JESUISENCOURS has put in place a set of measures to protect the software used in data processing. These measures include 

• Carrying out security tests, including vulnerability tests and penetration tests, to assess the resilience of the software to potential attacks and to identify and correct any security flaws. 
• Continuous monitoring of the software environment to detect and respond quickly to any anomalies or suspicious activities that could compromise the security of personal data. 

Data encryption 

In order to guarantee the confidentiality of personal data, JESUISENCOURS has implemented the following encryption measures: 

• Encryption of personal data in transit, particularly during transmission on internal and external networks. 
• Encryption of personal data at rest, in particular when stored on physical or virtual storage devices. 

Control of subcontractors 

To ensure that sub-contractors comply with the requirements for the protection of personal data, JESUISENCOURS has implemented the following measures: 

• Rigorous selection of subcontractors on the basis of their ability to guarantee an adequate level of protection of personal data. 
• Signature of contracts including specific clauses relating to the protection of personal data in accordance with the requirements of the RGPD. 
• Regular monitoring of subcontractors to verify their compliance with contractual and regulatory requirements relating to the protection of personal data. 

Other measures:  

In addition to the above measures, JESUISENCOURS has also implemented the following measures to enhance the security of personal data: 

• Raising employee awareness of good practices in terms of personal data protection. 
• Carrying out regular security audits to evaluate and continuously improve our data security posture. 
   

Any person concerned by the processing of his or her data may access it and obtain a copy, have it rectified, request that the processing be restricted and, under certain conditions, object to the processing of the data or have it deleted. 

1. Exercising your rights (contact details of the Data Protection Officer) 
   
   To exercise these rights or if you have any questions about the processing of your data under this system, you can contact the administrator by e-mail: dpo@horizontalsoftware.com 
    
2. Complaints to the CNIL 
   
   If, after contacting the Data Protection Officer, you feel that your rights with regard to your data have not been respected, you may submit a complaint to the CNIL (Commission nationale de l'informatique et des libertés, 3 place Fontenoy - TSA 80715 - 75334 Paris cedex 07 - Tel: 01 53 73 22 22 - www.cnil.fr).