1. Preamble

BLUEDIGITAL attaches great importance to the protection of the privacy and personal data of users stored on its network.

BLUEDIGITAL undertakes to comply with the provisions of European regulation 2016/679 of April 26, 2016 known as “general regulations relating to the protection of personal data “GDPR”, the “information technology and freedoms” law of January 6, 1978 as amended and the decree of October 20, 2005 modified.
Please note that all information collected is recorded by BLUEDIGITAL.

2. Categories of data collected

BLUEDIGITAL collects personal data transparently and explicitly.
BLUEDIGITAL undertakes to respect the principle of minimizing the personal data collected by strictly collecting only the information necessary for the purposes of the processing.

As such, BLUEDIGITAL collects as part of the operation of its services:
– Connection data: Name, first name and email address.
– Contact data: Name, first name and email address.
BLUEDIGITAL does not collect any sensitive data (article 9 of the European regulation).

3. Purposes of processing

The purpose of collecting data on the user profile creation and management pages is to manage the account.

The legal bases for this processing are: the execution of a contract in application of the provisions of article 6.1 of the GDPR (All services of the company) and in the context of training activities the legal obligation for a training organization training to issue a nominative training certificate.

Each data collection is carried out specifically for explicit purposes and clearly stated on the service page where the data is collected.

It will also be indicated whether the data requested is necessary or optional for the achievement of the intended purpose, as well as the consequences of not providing the necessary data.

BLUEDIGITAL reserves the right to create additional and/or complementary means of collection. As such, BLUEDIGITAL will specify, in accordance with the regulations, the purposes specific to the processing concerned on the data collection page.

BLUEDIGITAL does not carry out any processing leading to fully automated decision-making based on your personal data.

4. Recipients of processing

There are several types of recipients of the data:

– BLUEDIGITAL teams,
– subcontractors and partners, only if this proves necessary for the execution of the processing concerned, referred to where applicable, in the apparent mentions on the data collection page,
– where applicable , authorities, in accordance with applicable law and regulations.

Transmissions of personal data to recipients (whatever their legal nature, subcontractor, data controller or simple recipient) are carried out securely and in accordance with an agreement between BLUEDIGITAL and each recipient. BLUEDIGITAL undertakes to ensure that each recipient is aware of the guiding principles of personal data protection and is subject to them in accordance with the law and/or a specific contract.

5. Data location, retention and security

BLUEDIGITAL takes care to store personal data in a country which guarantees an adequate level of protection with regard to the protection provided by European Union law. As such, BLUEDIGITAL has taken all guarantees in terms of compliance with the regulations protecting privacy and personal data by signing, with the subcontractor ensuring the hosting of personal data, the standard clauses of the European Commission. Personal data is thus stored by BLUEDIGITAL in a secure manner and in accordance with regulations.
Currently the data will be hosted in France by the company OVHcloud.

The retention periods practiced by BLUEDIGITAL comply with the regulations applicable in France on the date hereof, i.e. in principle until the account is deleted, which most of the time corresponds to the duration of the contract.

BLUEDIGITAL applies a set of security measures adapted to the level of risk and sensitivity of the data. In particular, encryption of all communications using the HTTPS protocol, certificate guaranteeing the identity of the site, strong password policy, active software firewall on the site detecting malicious actions, anti-DDoS host protection (denial service) and dedicated computer server guaranteeing the watertightness and isolation of data. A set of other security measures is detailed in the Information System Security Policy applied by BlueDigital employees, communicated on request to customers of the service.

6. Rights of individuals

Individuals have the following rights:

– right of access to their personal data;
– right to rectification of their personal data if it is inaccurate or incomplete;
– right of limitation under the conditions referred to in Article 18 of the European regulation;
– right to erasure of their personal data if:

-they are no longer necessary for the purposes for which they were collected or otherwise processed;
-withdrawal of consent regarding processing subject to consent;
-valid opposition to processing;
-data subject to unlawful processing; or
-a law requires it.

– right of opposition for legitimate reasons,
– right to the portability of their data,
– right to define directives relating to the fate of their personal data after their death and,
– for processing based on consent, to withdraw their consent at any time.

To exercise one or more of these rights, you must provide proof of identity and contact the person in charge of data protection at BLUEDIGITAL (contact_bluedigital.fr).

7. Personal data breach

BLUEDIGITAL undertakes to notify its customers of any event of which it is aware, constituting a violation of security rules of a logical or physical nature, or the occurrence of a computer infection, hacking or cyberattack of data to personal character collected without delay in order to enable the customer to fulfill his obligation to notify his data protection authority and, where applicable, the persons concerned.

8. Restitution or deletion of data

At the end of the contractual relationship or earlier at the customer’s request, BLUEDIGITAL will destroy all documents, processing and personal data related to the contract in its possession, in compliance with data protection rules, unless the legislation of the The Union or Member States does not require the storage of personal data.
BLUEDIGITAL undertakes to confirm this destruction upon simple request.

 

 

   9. Syncing with Google Workspace

 

BlueSecure use and transfer of information received from Google APIs to any other app will adhere to Google API Services User Data Policy, including the Limited Use requirements.