Compilatio attaches great importance to protecting your personal data, in accordance with the new General Data Protection Regulation (GDPR).
Note: To receive updates made to this notice, please subscribe by clicking on the "Subscribe" button.
Definitions
Personal data
Personal data is any information relating to an identified or identifiable natural person.
Data controller
The data controller is the natural or legal person responsible for processing personal data that they collect for one or several purposes. They ensure that their processing operations comply with applicable legislation in force.
Service
One or more service, provided by Compilatio
User
Individual with individual and personal access to one or more services provided by Compilatio
All definitions are on the CNIL website [FR] :
https://www.cnil.fr/fr/reglement-europeen-protection-donnees/chapitre1#Article4
Compilatio's commitments
In accordance with article 28 of the GDPR, Compilatio undertakes to:
- use subcontractors with sufficient guarantees (technical and organisational measures) to carry out processing activities using Personal Data (PD)
- assume all responsibility in relation to the subcontractors and undertakes to inform the customer one month in advance if the list of subcontractors is changed
- process only personal data on the basis of an instruction from the data controller (including transfers)
- ensure that all persons who may be required to process PD undertake to respect the confidentiality of this PD
- ensure that the processing of PD provides adequate and risk-appropriate security measures (technical and organisational)
- assist the data controller with their obligations in responding to data subjects' requests to exercise their rights
- comply with the requirements of the GDPR if there is a potential data breach (communication and assistance provided to the data controller)
- support the data controller in impact analyses related to data protection and discussions with supervisory authorities
- delete (or return upon request) PD within 6 months after the end of the business relationship for the services
- assist the data controller in substantiating compliance with the GDPR
User Liability
The user is considered to be responsible for the processing of their personal data. As such, Compilatio provides them with interfaces, tools and/or procedures allowing them to view, modify, export or delete all of their data.
As the user of a service, you alone define the purpose for which a Compilatio service processes your personal data. This is why you are solely liable for the consequences that this processing may have, in the event that a third party’s rights and freedoms are not respected.
Performance of a processing operation
As a data processor, Compilatio performs processing operations only upon the user’s explicit and documented request. This documentation is done by using a feature provided in the interface, by writing a support request, by an email from the user, or in a phone call report written by a member of the Compilatio team.
Hosting and processing of personal data
In accordance with the Terms and Conditions and / or the Terms of Services of the offer subscribed by the Customer, the Customer has given Compilatio his written and general permission to subcontract the processing of personal data to subcontractors and / or later subcontractors.
The list of subcontractors and/or later sub-processors and the processing operations concerned is shown in the table below:
|
Processing of personal data outsourced in whole or in part to third parties |
Identity of the subcontractor (for Studium and/or Copyright users) | Identity of the subcontractor (for Magister users) | Location of personal data | Additional information |
| Compilatio account creation by a Studium and/or Copyright user | SAS OVH | / | France | Learn more: https://www.ovh.co.uk/personal-data-protection/ |
| GOOGLE LLC | / | European Union | Learn more: https://cloud.google.com/terms/cloud-privacy-notice | |
| Creation of a Sponsored Student Account by an Affiliated Institution | / | SAS OVH | France | Learn more: https://www.ovh.co.uk/personal-data-protection/ |
| / | GOOGLE LLC | European Union | Learn more: https://cloud.google.com/terms/cloud-privacy-notice | |
| Order Management | SAS OVH | / | France | Learn more: https://www.ovh.co.uk/personal-data-protection/ |
| STRIPE PAYMENTS EUROPE LIMITED | / | Outside the European Union |
The similar level of protection is ensured by: standard contractual clauses (in accordance with the new version of June 4, 2021 of the European Commission) Learn more: |
|
|
Delivery of the service of Detection and Measurement of Similarities in texts in digital format, with others freely accessible and consultable on Internet / Fraud prevention in accessing and using the Service |
SAS OVH | SAS OVH | France | Learn more: https://www.ovh.co.uk/personal-data-protection/ |
| Request for assistance on the service | ZENDESK INC. | ZENDESK INC. | European Union | Learn more: https://www.zendesk.fr/company/privacy-and-data-protection/ |
| SAS OVH | SAS OVH | France | Learn more: https://www.ovh.co.uk/personal-data-protection/ | |
| GOOGLE LLC | GOOGLE LLC | European Union | Learn more: https://cloud.google.com/terms/cloud-privacy-notice | |
| Customer support Customer relationship management | ZOHO CORP. | ZOHO CORP. | European Union | Learn more: https://www.zoho.com/privacy.html |
| GOOGLE LLC | GOOGLE LLC | European Union | Learn more: https://cloud.google.com/terms/cloud-privacy-notice | |
|
Accounting |
STRIPE PAYMENTS EUROPE LIMITED | / | Outside the European Union |
The similar level of protection is ensured by: standard contractual clauses (in accordance with the new version of June 4, 2021 of the European Commission) Learn more: https://stripe.com/fr/privacy-center/legal#data-transfers |
| / | ZOHO CORP. | European Union | Learn more: https://www.zoho.com/privacy.html | |
| Tracking your interest and exploring products and services associated with Studium and Copyright, for individual use | ZOHO CORP. | ZOHO CORP. | European Union | Learn more: https://www.zoho.com/privacy.html |
| GOOGLE LLC | GOOGLE LLC | European Union | Learn more: https://cloud.google.com/terms/cloud-privacy-notice | |
| Discover the other products offered by Compilatio | ZOHO CORP. | ZOHO CORP. | European Union |
Learn more: https://www.zoho.com/privacy.html |
| GOOGLE LLC | GOOGLE LLC | European Union |
Learn more: https://cloud.google.com/terms/cloud-privacy-notice |
|
| Information on the topic of plagiarism | ZOHO CORP. | ZOHO CORP. | European Union | Learn more: https://www.zoho.com/privacy.html |
| GOOGLE LLC | GOOGLE LLC | European Union | Learn more: https://cloud.google.com/terms/cloud-privacy-notice | |
| Storage of credit card information to facilitate future orders | STRIPE PAYMENTS EUROPE LIMITED | / | Outside the European Union |
The similar level of protection is ensured by: standard contractual clauses (in accordance with the new version of June 4, 2021 of the European Commission) |
At least 15 calendar days in advance, Compilatio informs the Customer of any planned changes regarding the addition or replacement of subcontractors and / or subcontractors later by amending upstream the list in the table presented above.
Data confidentiality
All Compilatio SAS employees who may handle personal data are held to the strictest confidentiality by a binding confidentiality agreement.
Compilatio undertakes not to use or transfer users’ data for any purpose other than for designing, performing, maintaining and improving the company’s services.
Data security
Special attention is paid to the following aspects of security
Resilience – remain operational and well-functioning, even if one or more servers fail
Availability – the data is accessible at all times, even if one or more servers fail
Longevity – the ability to recover data that is corrupted or accidentally lost after an incident
Access control – data is only accessible to authorised users and processes
In order to ensure a level of security that is suitable for the type of data and for the risks of users' rights and freedoms being infringed, Compilatio SAS has implemented the following measures:
-
Restricted access to tools via individual accounts requiring login and password
-
Restricted SSH server access via login and password
-
Added a system that blocks the IP address of a user who has made too many failed attempts
-
Daily backup of databases
-
Daily backup of web servers
-
Clustering the database containing user documents
-
TLS encryption of client/server communications (https)
-
Monitoring servers with automatic error reporting
-
Server incident management protocol
-
Organisational security features such as restricted access to buildings by requiring a badge, or a confidentiality clause for all employees
CSA STAR CAIQ v3.1 Self-Assessment of Magister SaaS Service: https://cloudsecurityalliance.org/star/registry/compilatio
Procedure for exercising the user’s rights
Reminder of the user’s rights regarding personal data
- Access to data
- Correction of data
- Deletion of data
- Exportation of data available in a digital medium, in a “structured” format (ex: .xls, .csv, .xml file)
- Limitation of and opposition to data processing
Procedures
All personal data collected as you use Compilatio’s services is viewable and editable through the features offered in the software interfaces.
Compilatio SAS’s Data Controller is Mr. Frédéric AGNES. If you would like to send a specific request to assert your rights over your personal data, send your request through the form at the following address: https://support.compilatio.net/hc/en/requests/new, or send an email to GDPR@compilatio.net
Ownership of personal data
The user retains the intellectual property rights over their personal data. At the end of the contract between the user and Compilatio or between the organisation to which the user belongs and Compilatio, all personal data shall be deleted within the contractually stipulated periods.
In the case where an organisation has subscribed to a Compilatio service and makes the service available to its members: after a user account is deleted, the client organisation may only keep the user’s documents if it contractually certifies that it holds the rights to these documents. The client organisation alone shall bear the consequences from any infringement of rights with regard to the documents.