PROTECTION OF DATA

DATA SOURCES

The customer provides their data to Certisio through two channels:

the business contact designated to be reached
the user who enters their login credentials and generates data themselves using the Certisio mobile app for processing and analysis

Data from the mobile app is accessible at Certisio for a limited time. It is stored and archived by the client, who is fully responsible for their processed data. They may and decide to delete any Certisio data concerning them. Deletion is permanent

Additionally, a bot permanently deletes data older than one month

Certisio facilitates data collection by the client through compressed files. They can delete the files from their back-office space

Summary of the standard processing procedure for business client data

Taking photos with the Certisio mobile app. The data (photo) is stored on the smartphone until it is sent by the user or permanently deleted from the device. The user retains control over their data.

SUBMITTING THE PHOTO

At the user’s initiative, the mobile app sends the photo along with metadata. Immediately upon completion of this transmission, the mobile device automatically deletes the photo from the device.

At this stage, the user no longer holds any photo data on their mobile device. However, they manage the server data pertaining to them for each submitted photo. The user can permanently delete a photo’s data.

The Certisio bot irreversibly deletes all data older than 1 month on a monthly basis, regardless of the file type: PDF, JPEG, TXT. At this stage, the data is physically stored with the customer and remains under their sole responsibility.

To prevent further unauthorized submissions, the customer account is deactivated

CHANGE OF CUSTOMER CONTACT

Photo data is automatically deleted after one month. This results in a very short cycle between the creation of the photo and its permanent deletion from the platform

Client data, referred to as “Manager,” is immediately deleted from the database at the client’s request. Any subsequent use by this client will require re-registration as a manager, without any restoration of data, as this is prevented by their respective deletion

Deleting a customer account results in the immediate deletion of the associated photo data, followed by the customer account (Manager)

Certisio does not use any customer mailboxes. All data is consolidated within its user management platform for photo data

DISCLOSURE TO THIRD PARTIES

No data is disclosed to third parties by the Certisio platform. Lending the app for use by a client to a person from another entity is prohibited for security reasons (liability, availability, protection, improper and unlawful use, as well as other damages), with financial consequences resulting from the consumption of tokens (credits). The loss of a mobile device hosting the Certisio app or of authentication data must result in an immediate loss report and change of access rights

ADVERTISING

The platform does not contain any activities, spaces, or use of services related to advertising. Website visitors are not solicited or targeted for the sale of Certisio tokens/credits. No data is collected by the website.

GENERAL DATA PROTECTION REGULATION – GDPR

The Certisio platform uses the email address of each registered end user. During the registration process, the end user is free to choose whether or not to enter their phone number and company name. Only the email address is required. The email address alone is not considered personal data under data protection regulations.

Certisio does not store any other personal information in its database. Any user can delete or modify this data by simply deleting their account from the mobile app. The user can then re-register on the mobile app. Deleting the registration permanently erases all photos stored in the mobile app’s gallery.

The Certisio server does not retain any copies of the images. These are available only in the mobile app and in the certificate’s PDF file. The private link to access and save this PDF file is sent to the user, who is responsible for its confidentiality.

The PDF certificate can be downloaded for 30 days before being permanently deleted.

Furthermore, each end user is solely responsible for the PDF file, its content, and its distribution. The PDF certificate reminds the reader, on the last page in the “ACKNOWLEDGMENTS” section, of personal responsibility

Privacy Policy

This Policy demonstrates Certisio’s commitment to respecting fundamental rights and freedoms, privacy, and the protection of personal data. Certisio ensures that Professional Data is stored locally without being disclosed to third parties, unless at the client’s request

This Policy thus sets forth the principles and guidelines followed for the protection of your Personal Data and aims to inform you about:

• the Business Data that Certisio receives from the client directly.

• how this Business Data is used,

• as well as your rights regarding your Business Data.

This Policy applies to all Professional Data processed in connection with the provision of Certisio’s services and products to Certisio’s customers. All operations involving this Professional Data are carried out in compliance with applicable regulations, including the European General Data Protection Regulation (hereinafter “GDPR”), Law No. 78-17 “Informatique, Files, and Freedoms” of January 6, 1978, as amended, as well as its implementing decrees (hereinafter “the Regulations” or “the Applicable Regulations”).

This Policy is subject to change over time, in particular to reflect changes in the Regulations or to indicate how Certisio’s practices have been adapted to technological developments.

GENERAL DATA PROTECTION REGULATION – GDPR

The PDF certificate can be downloaded for 30 days before being permanently deleted.