Privacy policy

Privacy policy

Privacy Policy

Updated on 1st, January 2023

1. Description of the personal data processing carried out by the Sub-Contractor on behalf of the Applicant

Purposes of the personal data processing
Provision of the Services (in particular data processing, content services or data labeling)
Nature of the processing operations
Collecting, recording, organizing, structuring, storing, adapting, retrieving, consulting, categorizing, annotating, moderating, using data.
Categories of personal data processed
Identification data (including email, phone number, postal address, vehicle registration number) as well as images or videos
Categories of data subjects
Client’s leads Client’s end customers Client’s employees Client’s users
Duration of the processing
Duration of the Contract

2. List of the authorized Subsequent sub-processors

Subsequent sub-processors authorized
Processing activities sub-contracted
Localization of the processing
Appropriate safeguards implemented in case of transfer of personal data outside the EU
N/A*
N/A
N/A
N/A
  • The Sub-Contractor is not authorized under this Contract to use a Subsequent Sub-processor.

3. Appendix to SCCs

ANNEX I

  1. LIST OF PARTIES

Data exporter :

1.Name :ISAHIT, see contact details in the header of the Contract.

Address: see contact details in the header of the Contract.

Name, position and contact details of the contact person: see contact details in the header of the Contract

Activities relevant to the data transferred under these Clauses: see preamble of the Contract.

Signature and date : see signature of the Contract.

Role : Data processor

Data importer :

1.Name : see contact details in the header of the Contract for the Sub-Contractor.

Address: see contact details in the header of the Contract for the Sub-Contractor.

Name, position and contact details of the contact person: see contact details in the header of the Contract for the Sub-Contractor.

Activities relevant to the data transferred under these Clauses: see preamble of the Contract.

Signature and date : see signature of the Contract.

Role : Sub-processor

  1. DESCRIPTION OF THE TRANSFER
    2. Categories of data subjects whose personal data is transferred
    See Appendix 1.1
    Categories of personal data transferred
    See Appendix 1.1
    Sensitive data transferred (if applicable) and applied restrictions or safeguards that fully take into consideration the nature of the data and the risks involved, such as for instance strict purpose limitation, access restrictions (including access only for staff having followed specialized training), keeping a record of access to the data, restrictions for onward transfers or additional security measures.
    N/A
    The frequency of the transfer (e.g. whether the data is transferred on a one-off or continuous basis).
    Personal data will be transferred on a continuous basis
    Nature of the processing
    See Appendix 1.1
    Purpose(s) of the data transfer and further processing
    See Appendix 1.1
    The period for which the personal data will be retained, or, if that is not possible, the criteria used to determine that period
    See Appendix 1.1
    For transfers to (sub-) processors, also specify subject matter, nature and duration of the processing
    See Appendix 1.2 – List of the authorized Subsequent Sub-processors
  1. COMPETENT SUPERVISORY AUTHORITY

    2. The French supervisory authority.

ANNEX II – TECHNICAL, AND ORGANISATIONAL MEASURES INCLUDING TECHNICAL AND ORGANIZATIONAL MEASURES TO ENSURE THE SECURITY OF THE DATA

a) Measures implemented by the data importer for the data exporter:

  • Identification of personal data types via a tag system.
  • Measures of pseudonymization and encryption of personal data
  • Log management system for modification and consultation of personal data
  • Log management system for subcontractors accessing personal data
  • HTTPS security protocol
  • TLS protocol
  • Non-standard URLs to prevent data scrapping via robot
  • Dual authentication factor to access the platform
  • Data visualization system to display only one piece of data at a time. A subcontractor only accesses a tiny part of the data set Data transfer protocol allowing us not to host the data on our servers but only to make them available for consultation (sharing of resource Urls).
  • Segregation of Back-end and Front-end with authentication to increase data security.
  • Segregation of customer data
  • User session lockout after 3 minutes of inactivity
  • Unique identifier per user and no account sharing
  • Account access timeout after multiple failures
  • Account lockout after 10 failures
  • Enhanced password policy on equipment(change every 3 months, alphanumeric characters, special characters...)

b) Measures implemented by the data exporter on his equipment:

  • Reinforced password policy on equipment(change every 3 months, alphanumeric characters, special characters...)
  • Up-to-date and active antivirus
  • Mandatory and up-to-date firewall
  • Up-to-date operating system
  • Prohibition to work from a public Wifi
  • Obligation to work from the office or from a home
  • IP whitelisting system
  • Mandatory RGPD training
  • Automatic lockdown of the computer after 5 minutes of inactivity
  • No data backup on the equipment

APPENDIX III

LIST OF SUB-PROCESSORS

See Appendix 1.2 – List of the authorized Subsequent Sub-processors

← Previous

Home

👉
https://www.isahit.com

© isahit 2022