Regulations on the Protection of Personal Data

There are currently various documents covering data protection in place at the national, international, and European levels. The main ones are the following:

TEEPTRAK undertakes to abide by its obligations in accordance with the aforementioned regulations, in particular, the General Data Protection Regulations (GDPR).

We strongly encourage all of our clients to be particularly vigilant on these compliance aspects. Other more specific regulations may also exist, in particular for certain categories of personal data. It is the client’s responsibility to properly identify the regulations applicable to their activities, in order to comply with them.

Data Protection Officer (DPO): a player in the daily service of data protection

Francois Coulloudon is the DPO of TEEPTRAK.

The DPO has the resources to carry out their role. They advise the operational staff and managers of the company, in compliance with the obligations and good practices that TEEPTRAK must implement with regard to the protection of personal data.

In practice, they regularly raise awareness and train the group’s employees, responding to their requests regarding the protection and processing of personal data. They are also the point of contact for all customers and users wishing to have appropriate guarantees regarding the measures implemented to ensure their compliance with the regulations, including the GDPR.

The DPO can be contacted regarding data protection and privacy at any time using this email address: gdpr@teeptrak.com

GDPR

The General Data Protection Regulation (GDPR) is the legal framework for the processing of personal data in Europe, as of 25 May 2018. Unlike Directive 95/46/EC, which previously governed these treatments, the GDPR is directly applicable in the Union and does not require national transpositions. As such, it will promote the harmonization of legal regimes on the protection of personal data in Europe. Better still, the GDPR has an extraterritoriality principle, which allows, in certain circumstances, to extend its scope beyond Euopean borders.

If you are a structure dealing with personal data, there is a good chance that you will be subject to the provision of the GDPR. In this regard, you are subject to obligations that you must comply with. The same applies to TEEPTRAK, which, in view of its situation, will have seperate obligations: as a subcontractor or controller.

Definitions

Understanding the real, specific issues at stake in European regulations is not always an easy task, especially when it contains 99 articles, 173 recitals and numerous guidelines used to clarify its interpretation. However, this is essential in order to avoid any risk that may result from an overly broad or imprecise interpretation of the regulatory obligations of your structure. A proper understanding of the terms defined below is therefore essential:

  • Personal data: any information relating to an identified or identifiable real person. An identifiable real person is defined as any real person who can be directly or indirectly identified.
  • Processing: any operation or set of operations carried out or not carried out using automated processes and applied to personal data or data sets (collection, registration, transmission, storage, preservation, retrieval, consultation, use, interconnection, etc).
  • Controller: the natural or legal person, public authority, department or other body that alone or jointly determines the purposes and means of the processing.
  • Subcontractor: the natural or legal person, public authority, department or other body that processes personal data on behalf of the controller.

TEEPTRAK as a subcontractor

It is certainly in this capacity that your expectations are the most important. Teeptrak is qualified as a “subcontractor” when it processes personal data on behalf of a controller.

This is typically the case when you use the TEEPTRAK services and store personal data on a TEEPTRAK infrastructure. Within the limits of its technical constraints, TEEPTRAK may process any data stored solely in accordance with your instructions, and on your behalf.

User data on our infrastructures

As part of the use of our Internet platforms (in particular www.teeptrak.net), it is possible that personal data (names, reporting emails, equipment operators tracked) may be stored. It is possible to contact the TEEPTRAK DPO at any time to know the nature of the recorded information. We undertake to support to controller (i.e the user company) in the proper management of personal data.

TEEPTRAK’s commitments as a subcontractor

As a subcontractor, TEEPTRAK undertakes in particular to implement the following actions:

  • To process personal data for the sole purpose of the proper performance of the services: TEEPTRAK will never process your information for other purposes (marketing, etc.).
  • To not transfer your data outside the EU or outside the countries recognized by the European Commission as having a sufficient level of protection: provided that you do not select an infrastructure in a geographical area outside the EU (for example our infrastructure in China).
  • To inform you of any use of subcontractors who may process your personal data: to date, no service involving access to the content stored by you as part of the services is outsourced outside the TEEPTRAK group.
  • To implement high security standards in order to provide a high level of security to our services.
  • To notify you as soon as possible in case of data breach.

FAQ: Who owns the personal data used and stored by the customer as part of the services?

The data hosted by the client as part of the TEEPTRAK services remain the property of the client.

TEEPTRAK will only access this data when necessary in the context of the execution of the services and within the limits of its technical constraints and will never use them except to, in a completely anonymous manner, calculate the impact on the performance of it systems over time.

TEEPTRAK prohibits any resale of said data, as well as any use for personal purposes (such as data mining, profiling, or direct market activites).

TEEPTRAK as a data controller

TEEPTRAK is qualified as a “controller” when it determines the purposes and means of “its” processing of personal data.

This is typically the case when TEEPTRAK collects data for invoicing, collection management, service quality and performance improvement, commercial canvassing, commercial management, etc. But also whne TEEPTRAK processes the personal data of its own employees.

In this case, ‘your’ data – the data which you store on TEEPTRAK’s infrastructures (such as www.teeptrak.net) – is not affected. On the other hand, certain information concerning you or relating to your employees (identity and contact details of the TEEPTRAK contact person in the context of a request for technical assistance, for example) may be. This is why TEEPRAK would like to give you some insight into the safeguards implemented to ensure the protection of this personal data.

 

  • To process personal data for the sole purpose of the proper performance of the services: TEEPTRAK will never process your information for other purposes (marketing, etc.).
  • To not transfer your data outside the EU or outside the countries recognized by the European Commission as having a sufficient level of protection: provided that you do not select an infrastructure in a geographical area outside the EU (for example our infrastructure in China).
  • To inform you of any use of subcontractors who may process your personal data: to date, no service involving access to the content stored by you as part of the services is outsourced outside the TEEPTRAK group.
  • To implement high security standards in order to provide a high level of security to our services.
  • To notify you as soon as possible in case of data breach.

Data security

As part of its services, TEEPTRAK implements a set of techniques and procedures to gaurantee data security.
Here is some information regarding implemented safety measures:

  • Data encryption: All data transmitted from the tablet uses a 256-bit GeoTrust SSL certificate by HTTPS protocol.
  • Unsecured traffic (HTTP) is automatically redirected to the encypted protocol (HTTPS).
  • Each tablet connected to the system is identified by UDID (Unique Device Identifier) and must have been authorized to communicate with our infrastructures.
  • Each tablet also has a dedicated security token (Token).
  • Passwords are encypted using the “Salt” method.
  • The data is stored on tablets for a maximum of one week before being deleted (and therefore only available on the platform).
  • All data is stored permanently on a second dedicated and physically isolated infrastructre.
  • Our systems are protected against the most classic attacks: SQL injection, Cross Site Scripting (XSS), Cross-Site Request Forgery, Header injection and more.
  • Each of the hardware bricks can lose connectivity without any information being lost. Everythng resynchronizes when the communcation channels are operational again. Only a 2.4 GHz module defect cause a loss of information.

Our European infrastructure uses dedicated servers exclusively at OVH. We know the physical location of the data our customers entrust to us. More information: https://www.ovh.com/fr/protection-donnees-personnelles/securite.xml.

Addresses of our Supplier
• Headquarters: 2 rue Kellermann, 59100 Roubaix, France.
• Servers location: GRA-1, Route de la Ferme Masson, 59820 Gravelines, France

For more information and/or to access or enquiry about your personal data, you can contact TEEPTRAK’s DPO, Francois Coulloudon, at this address: gdpr@teeptrak.com