GDPR and Iziago
As of 25 May 2018, new security measures on personal data processing and its free circulation came into force in Europe.
Below, the publisher of Iziago answers the various questions you may have on this subject.
This is how Exalog processes the data saved by its customers in its software packages…
GDPR, or the General Data Protection Regulation, is the latest European reference text for protecting individuals’ privacy when processing their personal data (EU Regulation No 2016/679).
The Regulation defines the rights of individuals and the obligations that organizations must comply with when handling their data (processing is referred to in its widest sense: manual or automatic, and any form of use including storage).
“Personal data” is considered to be any information about an individual which allows them to be identified. It can be their name, phone number, a photo, email address, etc.
Two people are responsible for these tasks at Exalog:
- The Information Technology Director (ITD)
- The Data Protection Officer (DPO), appointed to ensure that processing at the company is compliant and secure
If you would like to contact either of these people, please use the form available in our contact section.
Exalog implements technical and organizational measures to ensure the security of any data saved by its customers using its software. These include:
- Hosting in high-security data centers certified to ISO 27001 and 22301
- Protecting our systems against hacking and monitoring security updates
- Secure access procedures to our software packages (two-factor authentication)
- Regular backups archived in encrypted form
Exalog’s software (servers and databases) are hosted in two high-security data centers located close to Paris (Courbevoie and Aubervilliers), belonging to a well-known hosting company.
Both of these data centers are ISO 27001 (information systems security), ISAE 3402 (appraisal of third party organizations’ services) and ISO 22301 (business continuity management) certified.
The computer bays where the servers holding our software are installed (processing servers, database servers and banking communications servers) are private and for Exalog alone. Only the Exalog Operations team looks after their management and maintenance. Exalog has exclusive ownership of the servers and network equipment.
Online data are kept for the duration stated in the contract signed by the customer.
In the event the contract is terminated, Exalog shall delete the customer’s data from the database of the shared online software within three months of the date when the contract ends.
Nevertheless, Exalog keeps archives of the shared database backups (data from all its customers), made before this deletion, for up to five years. These archives are encrypted and stored on servers under the same security conditions as those used for hosting the software.
The customer can ask for archives to be recovered; price on application.
Data is kept as follows:
- A database backup is made every hour
- Backup files are kept on secure backup servers, under the same hosting conditions as those of the production site; these files are compressed and encrypted
- Data retention period:
- Hourly backups are kept for one week before being deleted
- One backup per week is kept for a maximum period of 1825 days (5 years); each weekly backup is deleted after this period
The Customer Service teams have access to customers’ details (surname, name, company, email address, telephone) in order to process their requests for assistance.
The sales, marketing and communications teams have access to customers’ details (surname, name, company, email address, telephone), which may be used in sending newsletters or targeted promotional information. The data collected is stored in our secure Customer Relationship Management (CRM) software.
The Operations department (linked to the data-processing division) can also access customers’ data for troubleshooting purposes. In this case, the data is anonymised.
Exalog does not transfer any data from its software packages outside of the European Union or anywhere else in the world.
…and any data collected on this website
When you fill in one of our forms, the personal data collected (surname, name, email address, telephone number, company) may be used for information, business or promotional purposes. For every form, you are informed beforehand about how your data will be used.
You can ask for your data to be updated, changed or deleted at any time by clicking here. Your request is processed as soon as possible, within one month at most.
Data collected on this website is saved in our Customer Relationship Management (CRM) software. Access to the CRM is restricted to Exalog staff who need a username and password to log in. Accessing the CRM software is only possible from Exalog premises or via a VPN. Data is stored in data centers which are ISO 27001 (information systems security), ISAE 3402 (appraisal of third party organizations’ services) and ISO 22301 (business continuity management) certified.
The sales, marketing and communications teams have access to data collected on this website using online forms and may use it to answer requests for information or send newsletters or targeted promotional information. The data collected is stored in our secure Customer Relationship Management (CRM) software.
If you have any other GDPR-related questions, we are more than happy to answer them.