Personal data protection regulations

 

There are various international, European and national texts currently applicable to the protection of personal data. The main ones are as follows:

 

TeepTrak undertakes to comply with the obligations incumbent upon it by virtue of the aforementioned regulations and, in particular, the General Data Protection Regulation (RGPD).

We strongly encourage all our customers to pay particular attention to these compliance aspects. Other more specific regulations may also exist, particularly for certain specific categories of personal data. It is the customer’s responsibility to identify the regulations applicable to their activities in order to comply with them.

The Data Protection Officer (DPO): a player in the daily service of data protection

 

 

 

François Coulloudon is TeepTrak’s DPO.

The DPO has the necessary resources to carry out his role. He or she advises the company’s operational staff and managers, in compliance with the obligations and best practices that TeepTrak must implement in terms of personal data protection.

In practice, it regularly educates and trains the Group’s employees and responds to their requests regarding the protection and processing of personal data. It is also the point of contact for all customers and users seeking appropriate guarantees regarding the measures implemented to ensure their compliance with regulations, including the RGPD.

The address to be used to contact him in connection with personal data is : gdpr@teeptrak.com

The RGPD

 

 

The General Data Protection Regulation (GDPR) is the legal framework for the processing of personal data in Europe from 25 May 2018. Unlike Directive 95/46/EC, which previously governed such processing, the GDPR is directly applicable in the EU and does not require national transposition. As such, it will promote the harmonisation of legal systems for the protection of personal data in Europe. Better still, the RGPD has a principle of extraterritoriality which, in certain circumstances, allows its scope of application to be extended beyond European borders.
If you are an organisation that processes personal data, there is a good chance that you are subject to the provisions of the RGPD. In this respect, you are subject to obligations with which you must comply. The same applies to TeepTrak which, depending on its situation, will have distinct obligations: in its capacity as processor or data controller.

Definitions

 

 

It’s not always easy to understand the real and precise implications of a European regulation, especially when it contains 99 articles, 173 recitals and numerous guidelines to clarify its interpretation. However, it is essential if you are to avoid any risks arising from an overly broad or imprecise interpretation of the regulatory obligations incumbent on your organisation. It is therefore essential to have a clear understanding of the terms defined below:

  • Personal data: any information relating to an identified or identifiable natural person. An identifiable natural person is one who can be identified, directly or indirectly.
  • Processing: any operation or set of operations which is performed upon personal data or sets of data, whether or not by automatic means (collection, recording, transmission, storage, keeping, retrieval, consultation, use, interconnection, etc.).
  • Controller: the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing operation.
  • Sub-processor: the natural or legal person, public authority, department or other body which processes personal data on behalf of the controller.

TeepTrak as subcontractor

 

 

It is certainly in this capacity that your expectations of TeepTrak are the most important. TeepTrak is qualified as a ‘processor’ when it processes personal data on behalf of a data controller.

This is typically the case when you use TeepTrak services and store personal data on a TeepTrak infrastructure. Within the limits of its technical constraints, TeepTrak will only be able to process the data stored according to your instructions, for your account.

User data on our infrastructures

 

 

As part of the use of our Internet platforms (in particular www.teeptrak.net), it is possible that personal data may be stored (names, emails used to send reports, operators of equipment monitored). It is possible at any time to contact TeepTrak’s DPO to find out about the nature of the information recorded. We undertake to support the data controller (i.e. the user company) in the proper management of personal data.

TeepTrak’s commitments as a subcontractor

 

 

As a subcontractor, TeepTrak undertakes in particular to implement the following actions:

  • Process personal data for the sole purpose of the proper execution of services: TeepTrak will never process your information for other purposes (marketing, etc.).
  • Not to transfer your data outside the EU or outside countries recognised by the European Commission as having an adequate level of protection: provided that you do not select an infrastructure in a geographical area outside the EU (e.g. our China infrastructure).
  • Inform you of any recourse to subcontractors who could process your personal data: to date, no service involving access to the content stored by you as part of the services is subcontracted outside the TeepTrak group.
  • To implement high security standards in order to provide a high level of security for our services.
  • Notify you as soon as possible in the event of a data breach.

FAQ : Who owns the personal data used and stored by the customer as part of the services?

 

 

The data hosted by the customer as part of Teeptrak’s services remain the property of the customer.

Teeptrak only accesses this data when necessary for the execution of its services and within the limits of its technical constraints, and never uses it except to calculate, in a completely anonymous manner, the impact on the performance of its systems over time.

TeepTrak prohibits any resale of said data, as well as any use for personal purposes (such as datamining, profiling or direct marketing).

 

TeepTrak as data controller

 

 

TeepTrak is qualified as a ‘data controller’ when it determines the purposes and means of ‘its’ personal data processing.

This is typically the case when TeepTrak collects data for the purposes of invoicing, managing collections, improving the quality of services and performance, commercial canvassing, commercial management, etc. But also when TeepTrak processes the personal data of its own employees. But also when TeepTrak processes the personal data of its own employees.

In this hypothesis, ‘your’ data, those that you store on TeepTrak infrastructures (such as teeptrak.net), are not concerned. On the other hand, certain information concerning you or your employees (identity and coordinates of the TeepTrak contact in the context of a request for technical assistance, for example) may be. This is why Teeptrak would like to give you an understanding of the guarantees implemented to ensure the protection of this personal data.

  • Process personal data for the sole purpose of the proper execution of services: TeepTrak will never process your information for other purposes (marketing, etc.).
  • Not to transfer your data outside the EU or outside countries recognised by the European Commission as having an adequate level of protection: provided that you do not select an infrastructure in a geographical area outside the EU (e.g. our China infrastructure).
  • Inform you of any recourse to subcontractors who could process your personal data: to date, no service involving access to the content stored by you as part of the services is subcontracted outside the TeepTrak group.
  • To implement high security standards in order to provide a high level of security for our services.
  • Notify you as soon as possible in the event of a data breach.

Data security

 

 

As part of its services, TeepTrak implements a range of techniques and procedures to guarantee data security.
Here is some information about some of the elements we have put in place:

  • Data encryption: All data transmitted from the tablet uses a GeoTrust 256-bit SSL certificate via HTTPS protocol.
  • Unsecured traffic (HTTP) is automatically redirected to the encrypted protocol (HTTPS).
  • Each tablet connected to the system is identified by a UDID (Unique Device IDentifier) and must be authorised to communicate with our infrastructure.
  • Each tablet also has a dedicated security token.
  • Passwords are encrypted using the ‘Salt’ method
  • The data is kept on the tablets for a maximum of one week before being deleted (and is therefore only available on the platform).
  • All data is permanently backed up on a second dedicated and physically isolated infrastructure
  • Our systems are protected against the most common attacks: SQL injection, Cross Site Scripting (XSS), Cross-Site Request Forgery, Header injection and more.
  • Each of the hardware bricks can lose connectivity without any information being lost. Everything resynchronises when the communication channels are operational again. Only a 2.4 GHz module fault causes a loss of information.

Our European infrastructure uses exclusively dedicated servers at OVH. We know the physical location of the data our customers entrust to us. For more information, click here: https://www.ovh.com/fr/protection-donnees-personnelles/securite.xml.

Addresses of our supplier
– Headquarters: 2 rue Kellermann, 59100 Roubaix, France.
– Datacenter for our European servers: GRA-1, Route de la Ferme Masson, 59820 Gravelines, France For all requests to access and/or rectify personal data, please contact TeepTrak’s DPO, François Coulloudon, at the following address : gdpr@teeptrak.com