Compilatio places great importance on protecting your personal data, in compliance with the General Data Protection Regulation (GDPR).
Important :
To receive updates to this article, we invite you to subscribe by clicking the “Subscribe” button.
Definitions
Personal Data
Personal data represents any information relating to an identified or identifiable natural person.
Data Controller
The data controller is the natural or legal person responsible for processing personal data for one or more purposes.
They are responsible for ensuring compliance with relevant regulations.
Service
One or more services provided by Compilatio SAS
User
An individual with personal access to one or more services provided by Compilatio.
All definitions available on the CNIL website: https://www.cnil.fr/en/english-french-glossary-data-protection
Commitments by Compilatio
- Using subprocessors that provide sufficient guarantees (technical and organizational measures) for processing personal data (PD).
- Assuming responsibility for subprocessors and informing clients one month in advance in case of changes to the list.
- Processing personal data only upon the data controller’s explicit instructions (including transfers).
- Ensuring that anyone processing PD maintains its confidentiality.
- Guaranteeing appropriate and adapted security measures for PD processing.
- Assisting the data controller in responding to rights requests from individuals.
- Complying with GDPR requirements in case of data breaches (including communication and assistance to the data controller).
- Supporting the data controller with impact assessments and interactions with supervisory authorities.
- Deleting (or returning upon request) PD within six months after the end of the business relationship for the services.
- Assisting the data controller in demonstrating GDPR compliance.
User Responsibility
The user is considered the controller of their personal data.
As such, Compilatio provides them with interfaces, tools, and/or procedures allowing them to view, modify, export, or delete all their data.
As a service user, you alone define the purpose for which you request the processing of your personal data by a Compilatio service.
Therefore, you are solely responsible for any consequences that this processing may have, especially in the event of non-compliance with the rights and freedoms of a third party.
Processing Execution
As a data processor, Compilatio carries out processing only upon explicit and documented request from the user.
Documentation is provided by using a feature in the interface, submitting a support request, sending an email, or through a phone call report written by a member of the Compilatio team.
Hosting and Processing of Personal Data
In accordance with the General Terms and Conditions of Sale (GTC) and/or the General Terms and Conditions of Use (GTCU) of the offer subscribed to by the Client, the latter has given Compilatio their written and general authorization to subcontract the processing of personal data to processors and/or subsequent processors.
The list of processors and/or subsequent processors and the relevant processing is provided in the table below:
Processing of Personal Data Fully or Partially Outsourced to Third Parties | Identity of the Subcontractor (for Studium and/or Copyright users) | Identity of the Subsequent Subcontractor (for Magister users) | Location of Personal Data | Additional Information |
Création de compte Compilatio par un utilisateur Studium et/ou Copyright | SAS OVH | / | France | En savoir plus : https://www.ovh.com/fr/protection-donnees-personnelles/ |
MAILJET INC. | / | Union Européenne | En savoir plus : https://www.mailjet.com/fr/legal/politique-confidentialite/ | |
Gestion de la Commande | SAS OVH | / | France | En savoir plus : https://www.ovh.com/fr/protection-donnees-personnelles/ |
STRIPE PAYMENTS EUROPE LIMITED | / | Hors de l’Union Européenne |
Le niveau de protection similaire est assuré par : des clauses contractuelles types (conformes à la nouvelle version du 4 juin 2021 de la Commission Européenne) En savoir plus : |
|
Délivrance du service de Détection et Mesure de Similitudes dans des textes au format numérique, avec d'autres librement accessibles et consultables sur Internet / Prévention de la fraude lors de l’accès et de l’utilisation du Service |
SAS OVH | SAS OVH | France | En savoir plus : https://www.ovh.com/fr/protection-donnees-personnelles/ |
Demande d’assistance sur le service | ZENDESK INC. | ZENDESK INC. | Union Européenne | En savoir plus : https://www.zendesk.fr/company/privacy-and-data-protection/ |
SAS OVH | SAS OVH | France | En savoir plus : https://www.ovh.com/fr/protection-donnees-personnelles/ | |
GOOGLE LLC | GOOGLE LLC | Union Européenne | En savoir plus : https://cloud.google.com/terms/cloud-privacy-notice?hl=fr | |
Accompagnement client Gestion de la relation client |
ZOHO CORP. | ZOHO CORP. | Union Européenne | En savoir plus : https://www.zoho.com/privacy.html |
GOOGLE LLC | GOOGLE LLC | Union Européenne | En savoir plus : https://cloud.google.com/terms/cloud-privacy-notice?hl=fr | |
Infoplag
|
/ | SAS OVH | France | En savoir plus : https://www.ovh.com/fr/protection-donnees-personnelles/ |
/ | SARL ALPAWEB | France et Suisse (pays adéquat) | En savoir plus : https://www.alpaweb.com/mentions-legales-6.html | |
Formation
|
/ | ZOHO CORP. | Union Européenne | En savoir plus : https://www.zoho.com/privacy.html |
/ | GOOGLE LLC | Union Européenne | En savoir plus : https://cloud.google.com/terms/cloud-privacy-notice?hl=fr | |
Webinar
|
/ | ZOHO CORP. | Union Européenne | En savoir plus : https://www.zoho.com/privacy.html |
/ | GOOGLE LLC | Union Européenne | En savoir plus : https://cloud.google.com/terms/cloud-privacy-notice?hl=fr | |
Comptabilité |
STRIPE PAYMENTS EUROPE LIMITED | / | Hors de l’Union Européenne |
Le niveau de protection similaire est assuré par : des clauses contractuelles types (conformes à la nouvelle version du 4 juin 2021 de la Commission Européenne) En savoir plus : https://stripe.com/fr/privacy-center/legal#data-transfers |
/ | ZOHO CORP. | Union Européenne | En savoir plus : https://www.zoho.com/privacy.html | |
Suivi de votre intérêt et découverte des produits et services associés à Studium et Copyright, pour un usage individuel |
ZOHO CORP. | ZOHO CORP. | Union Européenne | En savoir plus : https://www.zoho.com/privacy.html |
GOOGLE LLC | GOOGLE LLC | Union Européenne | En savoir plus : https://cloud.google.com/terms/cloud-privacy-notice?hl=fr | |
Découverte des autres produits proposés par Compilatio |
ZOHO CORP. | ZOHO CORP. | Union Européenne | En savoir plus : https://www.zoho.com/privacy.html |
GOOGLE LLC | GOOGLE LLC | Union Européenne | En savoir plus : https://cloud.google.com/terms/cloud-privacy-notice?hl=fr | |
Informations sur le thème du plagiat |
ZOHO CORP. | ZOHO CORP. | Union Européenne | En savoir plus : https://www.zoho.com/privacy.html |
GOOGLE LLC | GOOGLE LLC | Union Européenne | En savoir plus : https://cloud.google.com/terms/cloud-privacy-notice?hl=fr | |
Conservation des informations sur la carte bancaire pour faciliter des commandes ultérieures | STRIPE PAYMENTS EUROPE LIMITED | / | Hors de l’Union Européenne |
Le niveau de protection similaire est assuré par : des clauses contractuelles types (conformes à la nouvelle version du 4 juin 2021 de la Commission Européenne) En savoir plus : |
At least 15 calendar days in advance, Compilatio notifies the Client of any planned changes regarding the addition or replacement of subcontractors and/or subsequent subcontractors by updating the list shown in the table above.
Data Confidentiality
All employees of Compilatio SAS who may handle personal data are bound by a strict contractual confidentiality clause. Compilatio commits to not using or sharing user data for any purpose other than the design, execution, maintenance, and improvement of the company’s services.
Data Security
Particular attention is paid to the following aspects of security:
- Resilience: Maintaining operational and performance capabilities, even in the event of a failure of one or more servers
- Availability: Ensuring that data remains accessible at all times, even in the event of a failure of one or more servers
- Durability: The ability to recover corrupted or accidentally lost data following an incident
- Access Control: Ensuring that data is accessible only to authorized users and processes
To ensure an appropriate level of security for the nature of the data and the risks to users' rights and freedoms, Compilatio SAS implements the following measures:
- Restricting access to tools through nominative accounts requiring a login and password
- Limiting SSH server access through login/password credentials
- Adding a system to block the IP address of users who have made too many unsuccessful attempts
- Daily backups of databases
- Daily backups of web servers
- Database clustering for user document storage
- TLS encryption for client/server communications (HTTPS)
- Server monitoring with automatic error reporting
- Server incident management protocol
- Organizational security measures, such as restricted building access via badge systems and confidentiality clauses for all employees
Self-assessment CSA STAR CAIQ v3.1 for the SaaS Magister service: https://cloudsecurityalliance.org/star/registry/compilatio
Procedure for Exercising User Rights
Reminder of user rights regarding personal data:
- Access to data
- Data correction
- Data deletion
- Data export on digital media in a “structured” format (e.g., .xls, .csv, .xml files)
- Limitation and objection to data processing
Procedures
All personal data collected during the use of Compilatio services can be accessed and modified using the features provided in the service interfaces.
The Data Processing Officer at Compilatio SAS is Mr. Frédéric AGNES. If you wish to make a specific request to exercise your rights regarding your personal data, submit your request via the form at https://support.compilatio.net/hc/en-us/requests/new, or email gdpr@compilatio.net.
Ownership of Personal Data
The user retains intellectual ownership of their personal data. Upon the expiration of the contract between the user and Compilatio or between the organization the user belongs to and Compilatio, all personal data is deleted within the contractually specified timeframe.
In the case of a subscription to a Compilatio service by an organization that provides the service to its members, if a user account is deleted, the client organization may retain the user’s documents only if it contractually attests to owning the rights to these documents. The client organization alone assumes responsibility for any potential infringement of rights related to these documents.