Personal Data Protection Policy for Cecurity Products and Services – Version August 1, 2018

1.PREAMBLE
This personal data policy is an integral part of the general terms and conditions of sale or use that you have accepted. Cecurity.com and/or one of its subsidiaries (hereinafter collectively referred to as “Cecurity”) is the service provider and the operator of the digital safe SaaS service.

2.PURPOSE
This personal data policy aims to inform you, on the one hand, how we collect, process, and protect your personal data in connection with the use of our products and services and, on the other hand, how we store the data you implement in our hosted products. This personal data policy applies to all data collected in connection with the use of our products and services, regardless of the method of subscription (website, direct interaction with the sales department, reseller, through your employer, etc.).

3.DATA COLLECTED BY CECURITY
When using our products and services, we may collect and process all or part of the data you provide by filling out forms, uploading content online, subscribing to online services, or contacting us. We may therefore collect your first and last names, postal address, email address, phone numbers, IP address, connection data, browsing data, your feedback on our products, payment information, purchase history, and any specific request you may send to us.

4.USE OF DATA COLLECTED BY CECURITY
The personal data we collect is mainly used for: (i) managing your account; (ii) managing, invoicing, and collecting payment for your orders; (iii) responding to your requests or sending you information regarding our products and services; (iv) customizing our products and services to your needs; (v) improving your digital experience by adapting our materials and their content.
Personal and traceability data will be stored for a duration appropriate to the purpose of the processing.

5.EXERCISING YOUR RIGHTS OVER DATA COLLECTED BY CECURITY
The information collected by Cecurity for the management of our products and services is protected under Regulation (EU) 2016/679 of the European Parliament and the Council of April 27, 2016 on the protection of personal data (GDPR). You may exercise your individual rights to access, rectify, restrict, transfer, or delete your data by contacting the Cecurity.com compliance department at the following address: dpo@cecurity.com.

6.DISCLOSURE OF PERSONAL DATA COLLECTED BY CECURITY
Cecurity is the recipient of the personal data you provide for the management of our products and services. This data is solely intended to allow us to manage the existing contractual relationship between you and Cecurity as defined above. To this end, we may share it beyond our subsidiaries, where necessary, with our service providers and subcontractors—but only for the performance of the services you access. We require our subcontractors to use your personal data only to manage the services we ask them to provide and to always act in accordance with Regulation (EU) 2016/679 of April 27, 2016 (GDPR).

7.DATA STORED IN HOSTED PRODUCTS AND SERVICES
Cecurity’s hosted products and services guarantee the integrity, availability, and confidentiality of the data you store. The data and their metadata stored in our hosted products and services are accessible only to you and any designated user(s). Cecurity does not have access to the data stored in hosted products and services. Therefore, please note that Cecurity can in no case restore data that has been unintentionally deleted by you. The maximum number of people you designate to access the products and services, the maximum number of instances, and the maximum storage space allocated to you in accordance with your subscription are specified at registration and in your customer account.

8.SERVICE ACCESS
Access to Cecurity’s products and services is granted based on the usage rights you have either from your initial subscription or directly through the products and services, as defined in the general terms and conditions of sale or use. For certain products and services, you may designate other users who can access them. These individuals will receive personal credentials to access the products and services. Appointing additional users helps ensure access to your data. Please ensure the security and confidentiality of your usernames and passwords to prevent unauthorized access to the products and services.

9.HOSTING
Data collected by Cecurity, as well as data you store using our hosted products and services and their metadata, are hosted by us within the European Union. No data will be transferred outside the European Union.

10.USER RESPONSIBILITY
You are fully responsible for all data and content you store when using our products and services. You agree not to: (i) violate any laws or regulations; (ii) infringe upon third-party rights (such as copyright or privacy laws), or encourage others to do so; (iii) store illegal content (e.g., incitement to violence, racial hatred, child pornography); (iv) store computer viruses or any other malicious programs or code; (v) disrupt the normal functioning of the products and services or the servers and networks connected to them.
Please note that Cecurity’s products and services are not certified to host health-related data. You must not store any health data in Cecurity’s products and services.

11.USE OF ENCRYPTED PRODUCTS AND SERVICES
Some of Cecurity.com’s products and services allow the encryption and decryption of digital documents as well as the management of associated encryption/decryption keys. The cryptographic algorithms used in Cecurity’s encrypted products and services are: AES CBC 256, RSA 2048, PBKDF2 256, SHA 256.
Cecurity reserves the right to change, without contractual impact and subject to prior notification, the cryptographic algorithms and/or the software used by its encrypted products and services.

12.MODIFICATIONS
This personal data policy may be modified by Cecurity at any time to accurately reflect our data protection practices or incorporate any legal or regulatory developments. We encourage you to consult our materials regularly. Any changes to this personal data policy will be published on our website. Modifications will not apply retroactively and will take effect at least fourteen (14) days after publication. However, changes made for legal reasons may apply immediately if required. If you do not accept the modifications to this policy, you may cancel the service.