Note: To receive updates made to this notice, please subscribe by clicking on the "Subscribe" button.
“Compilatio is deeply committed to respecting your rights. We pay particular attention to provide you with quality service, while minimising the processing of personal data and complying with applicable regulations.”
Frédéric Agnès, CEO of Compilatio
1. Hosting and processing of personal data
In accordance with the General Terms and Conditions of Sale and/or the General Terms and Conditions of Use of the offer subscribed to by the Client, the Client has granted Compilatio and/or 1D345 its written and general authorization to subcontract the processing of personal data to subprocessors and/or subsequent subprocessors.
The list of subcontractors and/or later sub-processors and the processing operations concerned is shown in the table below:
| Outsourcing of personal data processing to third parties, either fully or partially. | Identity of the processor (for Studium or Copyright users) | Identity of the subsequent processor (for Magister/Magister+ users) | Identity of the processor (for Letimio users) | Identity of the subsequent processor (for Gingo users) | Location of personal data | Level of adequacy | Additional information |
|
Compilatio account creation
|
SAS OVH | SAS OVH | SAS OVH | SAS OVH | France | / |
Learn more: https://us.ovhcloud.com/ |
| MAILJET INC. | MAILJET INC. | MAILJET INC. | / | European Union | / |
Learn more: |
|
| SAS 1D345 | SAS 1D345 | / | SAS 1D345 | France | / | / | |
| / | / | SAS COMPILATIO | / | France | / |
Learn more: https://support.compilatio.net/hc/en-us/articles/31108755155857 |
|
| / | / | / | BREVO | European Union & Outside the European Union |
The similar level of protection is ensured by: (i) the European Commission's adequacy decision of July 10, 2023 (ii) registration on the Data Privacy Framework (DPF) list (iii) standard contractual clauses (compliant with the new version from June 4, 2021, of the European Commission) |
Learn more: https://www.brevo.com/legal/termsofuse/ | |
| Order Management | SAS OVH | / | / | / | France | / |
Learn more: https://us.ovhcloud.com/ |
| STRIPE PAYMENTS EUROPE LIMITED | / | / | STRIPE PAYMENTS EUROPE LIMITED | European Union & Outside the European Union |
The similar level of protection is ensured by: (i) the European Commission's adequacy decision of July 10, 2023 (ii) registration on the Data Privacy Framework (DPF) list (iii) standard contractual clauses (compliant with the new version from June 4, 2021, of the European Commission) |
Learn more: |
|
| Provision of the subscribed service | SAS OVH | SAS OVH | SAS OVH | SAS OVH | France | / |
Learn more: https://us.ovhcloud.com/ |
| SAS 1D345 | SAS 1D345 | / | SAS 1D345 | France | / | / | |
| / | / | SAS Compilatio | / | France | / |
Learn more: https://support.compilatio.net/hc/en-us/articles/31108755155857 |
|
| / | / | / |
Azure OpenAI
|
European Union | / | Learn more: https://www.microsoft.com/licensing/docs/documents/download/MicrosoftProductandServicesDPA(WW)(French)(April2025)(CR).docx | |
| / | / | / | Infomaniak | Switzerland | Appropriate country | Learn more: https://www.infomaniak.com/documents/privacy/DPA/Accord_sur_le_traitement_des_donnees_(DPA).pdf | |
| / | / | / | Scaleway | European Union | / | Learn more: https://www.scaleway.com/en/privacy-policy/ | |
| Request for assistance on the service | ZENDESK INC. | ZENDESK INC. | / | / | European Union | / | Learn more: https://www.zendesk.fr/company/privacy-and-data-protection/ |
| SAS OVH | SAS OVH | / | / | France | / |
Learn more: https://us.ovhcloud.com/ |
|
| SAS 1D345 | SAS 1D345 | / | / | France | / | / | |
| Google Cloud France SARL | Google Cloud France SARL | / | Google Cloud France SARL | European Union | / |
Learn more: https://cloud.google.com/terms/cloud-privacy-notice |
|
|
Customer Support Customer Relationship Management
|
ZOHO CORP. | ZOHO CORP. | / | ZOHO CORP. | European Union | / | Learn more: https://www.zoho.com/privacy.html |
| Google Cloud France SARL | Google Cloud France SARL | / | Google Cloud France SARL | European Union | / |
Learn more: https://cloud.google.com/terms/cloud-privacy-notice |
|
|
Infoplag
|
/ | SAS OVH | / | / | France | / |
Learn more: https://us.ovhcloud.com/ |
| / | SARL ALPAWEB | / | / | France and Switzerland (adequate country) | / |
Learn more: |
|
|
Training
|
/ | ZOHO CORP. | / | / | European Union | / | Learn more: https://www.zoho.com/privacy.html |
| / | Google Cloud France SARL | / | / | European Union | / |
Learn more: https://cloud.google.com/terms/cloud-privacy-notice |
|
|
Webinar
|
/ | ZOHO CORP. | / | / | European Union | / | Learn more: https://www.zoho.com/privacy.html |
| / | Google Cloud France SARL | / | / | European Union | / |
Learn more: https://cloud.google.com/terms/cloud-privacy-notice |
|
| Accounting | STRIPE PAYMENTS EUROPE LIMITED | / | / | STRIPE PAYMENTS EUROPE LIMITED | Outside the European Union |
A similar level of protection is ensured by: (i) the European Commission’s adequacy decision of July 10, 2023; (ii) inclusion on the Data Privacy Framework (DPF) list; (iii) standard contractual clauses (in accordance with the European Commission’s new version dated June 4, 2021) |
Learn more: https://stripe.com/fr/privacy-center/legal#data-transfers |
| / | ZOHO CORP. | / | / | European Union | / | Learn more: https://www.zoho.com/privacy.html | |
| Tracking your interest and discovering related products and services | ZOHO CORP. | ZOHO CORP. | / | ZOHO CORP. | European Union | / | Learn more: https://www.zoho.com/privacy.html |
| Google Cloud France SARL | Google Cloud France SARL | / | Google Cloud France SARL | European Union | / |
Learn more: https://cloud.google.com/terms/cloud-privacy-notice |
|
| Discovery of other products offered by Compilatio or 1D345 (depending on the type of subscribed services) | ZOHO CORP. | ZOHO CORP. | / | ZOHO CORP. | European Union | / | Learn more: https://www.zoho.com/privacy.html |
| Google Cloud France SARL | Google Cloud France SARL | / | Google Cloud France SARL | European Union | / |
Learn more: https://cloud.google.com/terms/cloud-privacy-notice |
|
|
Information on the topic of plagiarism and AI
|
ZOHO CORP. | ZOHO CORP. | / | / | European Union | / | Learn more: https://www.zoho.com/privacy.html |
| Google Cloud France SARL | Google Cloud France SARL | / | / | European Union | / |
Learn more: https://cloud.google.com/terms/cloud-privacy-notice |
|
| Storage of credit card information to facilitate future orders | STRIPE PAYMENTS EUROPE LIMITED | / | / | STRIPE PAYMENTS EUROPE LIMITED | Outside the European Union |
A similar level of protection is ensured by: (i) the European Commission’s adequacy decision of July 10, 2023; (ii) inclusion on the Data Privacy Framework (DPF) list; (iii) standard contractual clauses (in accordance with the European Commission’s new version dated June 4, 2021) |
Learn more: |
At least 15 calendar days in advance, Compilatio and/or 1D345 (depending on the subscribed Service(s)) shall inform the Client of any planned change regarding the addition or replacement of subprocessors and/or subsequent subprocessors by updating in advance the list set out in the table above.
2. Data security
In order to ensure a level of security appropriate to the nature of the data and the risks to users’ rights and freedoms, Compilatio SAS and/or 1D345 SAS implement, in particular, the following measures:
Technical measures
- Access restricted via named user accounts requiring login/password
- Password policy aligned with CNIL and ANSSI recommendations
- SSH access restriction
- Limited login attempts (Magister, Magister+, Letimio, Studium)
- IP blocking after failed attempts
- Data replication across multiple data centers (Gingo)
- Daily database backups
- Daily web server backups
- Database clustering
- TLS encryption (≥1.2) for client/server communications
- Server-to-server encryption
- Server monitoring with alerts
- Incident management procedures
- Automatic session lock on inactivity
- WPA2 Wi-Fi security
- Antivirus use
- Firewall installation
- Logging system
- Log protection
- Secure VPN remote access
Organizational measures
- Staff training in data protection law
- Cybersecurity training (ANSSI)
- Access control profiles
- Removal of obsolete permissions
- Badge-controlled building access
- Confidentiality agreements
- IT usage policy
- Data breach notification procedures
More information:
https://cloudsecurityalliance.org/star/registry/compilatio
This article has been automatically translated. If you notice a translation error, please contact us.