Privacy policy

GDPR Conformity and Privacy Policy

Our Company is committed to respecting confidentiality and more generally to protecting your personal data and those of your customers, which will be collected and processed in connection with our services as described in our Contracts.In this regard, our Company complies with European and French legislation on the protection of personal data, mainly European regulation EU n ° 2016/679 known as "GDP" and law n ° 78-17 called "Informatique et Libertés".Our Company has, from the outset, implemented protective measures, in accordance with the principle of * Privacy by design * imposed by Article 25 of the GDPR, and in particular:

• Document its processing through processing registers (article 30 of the GDPR)
• Minimize the data processed to process only that strictly necessary for the processing - Principle of data minimization (article 5 of the GDPR)
• Information of the persons concerned in accordance with Articles 12 and following ones of the GDPR
• Established processes to respond to requests for GDPR rights formulated by data subjects (article 15 and following of the GDPR)
• Put in place technical and organisational protection measures, in accordance with Article 32 of the GDPR.

Compliance and respect for private data is, for Blobr members as a whole, and for the two co-founders in particular, a top priority!

What we have put in place

1) Internally

1.1 Register of processing activities
The creation and maintenance of a register is an obligation of article 30 for the GDPR. This applies to all organisations that process personal data on a regular basis in the course of their activities.
This register has been established and maintained since April 2021.

1.2. Secure Data
What we have put in place, in accordance with article 32 of the GDPR, and following the CNIL recommendations:
• Sheet 2: Authenticating users
• Sheet 3: Manage authorizations
• Sheet 4: Trace accesses and manage incidents
• Sheet 10: Safeguard and plan for business continuity
• Sheet 11: Archive securely
• Sheet 12: Supervising the maintenance and destruction of data
• Sheet 16: Supervising IT developments
• Sheet 17: Encrypt, guarantee integrity or sign

The elementary precautions of each of these major axes are taken technically and humanly.

2) Compliance with subcontractors (article 28 of the GDPR)

According to Article 28 of the GDPR, we make sure that our subcontractors are in compliance with data protection rules. We have a strict and separate contract with each of them.
Our subcontractors today are:
AWS for the cloud part, contract (written by them) signed in June 2020

3) Subcontracting agreement with customers

If desired or required, we sign subcontracting agreements with our clients according to your or our contract template.

4) With regard to the persons concerned

We transmit all information relating to the processing to the persons concerned, and this in complete transparency, in accordance with Articles 12 following ones of the GDPR.The following information is transmitted in particular:

4.1. Data collected
Sources of data that we collect:
• CRM
• Usage data (back office or product monitoring as Hotjar and Hubspot)
• Marketing data
• Support tickets
• Billing
• NPS

4.2. Purposes of processing
Your data will be processed as part of the establishment of a customer monitoring solution for the Customer Success department. You will benefit from a dashboard summarizing your customer behavior and an alert system identifying consumption information about API users.
• Your data will also be processed as part of the continuous improvement of our solution (re-training every month).
• Your data will be kept for the duration of our commercial relationship, and for 3 years following the end of this relationship.

Those affected by the processing who so wish may exercise their GDPR rights provided for in Articles 15 and following ones of the GDPR. These individuals have the right to access, rectify, oppose, limit and delete data. of a personal nature concerning them, a right to the portability of their data, as well as a right to define directives relating to the fate of their personal data after his death.