DATA PROTECTION COMMITMENT OF GIT SA PRODUCTS AND SERVICES
ID 49807, Version 5, Last modified 22.08.2018 Modified by Mickaël Strazzeri
5 areas of activity
These provisions apply to the five business divisions offered by GIT SA:
1. Use of our website (www.git.ch & www.git-cloud.ch)
2. Use of our software in cloud mode
3. Use of our software installed locally
4. Support provided by GIT SA Technical Support
5. Commercial activities
GIT SA hereby makes a commitment to:
1 Use of our website (www.git.ch & www.git-cloud.ch)
1.1 Collection of voluntary information
When you register on our website, we collect a certain amount of nominative and personal information such as your name, surname, company for which you work, email address and telephone number.
1.2 Automatic information collection
During your visit, we automatically receive and record information from your computer and browser, including your IP address, and the page you visit.
1.3 Use of information
Any information we collect from you may be used to:
• Meet your individual needs,
• Provide personalised content such as a newsletter,
• Enhance our website,
• Improve customer service and your support needs,
• Contact you by email
1.4 Disclosure to third parties
We are the sole owners of the information collected on this website. Your personal information will not be sold, exchanged, transferred, or given to a third party for any reason without prior permission.
1.5 Data protection
We implement a set of measures to safeguard the security of your personal information. We use encryption in line with industry standards to protect sensitive information during their transfer and storage. Access to personally identifiable data is controlled and limited to employees of GIT SA and their trusted technical partners and only then for the purposes of performing their tasks (for example: newsletters, customer service, website maintenance, backups, updates, etc.). The computers and servers used to store personally identifiable data are located in a secure environment that meets industry standards.
We use the email address you provide us with to occasionally send you information about our products, activities, company news and, where applicable, important information regarding the use of our products or services. If you wish to unsubscribe and no longer receive emails, simply send an email to this address: firstname.lastname@example.org.
By checking the corresponding box, you consent to the section of this document governing the collection and use of the information covered in section (1.1).
By visiting our website, you consent to the section of this document governing the collection and use of information covered in section (1.2).
2 Use of our software in cloud mode (git-cloud / asp4experts / ConnectMe)
As a provider of IT services and software, GIT SA is committed to complying with its obligations under current official regulations. As a result, you, the clients, are also able to meet the regulatory obligations that are related to our services.
As a provider of IT services and software, GIT SA commits to the following:
2.1 Storage and ownership of data
The data entrusted to GIT SA as part of its cloud services is stored exclusively in data centres based in Switzerland and is never transferred outside these infrastructures. The client is and remains responsible for the ownership of the data stored in the GIT SA cloud service even in case of data storage for a third party.
2.2 Security standard
GIT SA implements all the means and technical measures deemed appropriate and necessary to ensure the durability and confidentiality of data.
Unless previously agreed, explicitly and in writing, access to data by GIT SA staff and its technical partners is strictly limited to the mandate entrusted to them by the client. This is exclusively limited to maintenance, backup and training operations.
Data access events are system-limited and are securely recorded for audit.
Any data copying can only be performed for technical reasons and the copy will be erased at the closure of the client’s request.
GIT SA ensures the traceability of actions performed by SaaS users, GIT SA service technicians or technical partners during data access operations. This information is stored securely and access is limited to technicians monitoring the security of our infrastructure.
GIT SA undertakes to inform you as soon as possible in cases of data breach.
2.5 Data isolation
GIT SA undertakes to have physical and / or logical isolation systems (depending on the services) in order to isolate the data of our clients.
GIT SA is committed to being exemplary in terms of responsiveness in security updates on the systems you use as well as the software.
In addition, it is essential to distinguish between the security of the infrastructures on which your data is hosted, and their exploitation and implementation by you.
Role of the client
The client is solely responsible for the security of accesses to GIT SA services (example: secure storage of usernames / passwords, misuse of passwords, transmission of access to a third party, etc.)
Role of GIT SA
We are committed to ensuring the safety of our infrastructures according to the standards in force in Switzerland. In addition, we make a commitment to respect European standards governing data protection (4.9 GDPR)
2.8 Delegation to third parties
GIT SA ensures that trusted third parties (technical partners) engaged by the company GIT SA comply with the following provisions and regulations related to data protection.
GIT SA undertakes to respect the applicable European legal provisions governing the protection of personal data (GDPR) and to use only technical partners that comply with these same provisions.
2.10 Website (www.asp4experts.ch, www.git-cloud.ch)
Exploit raw browsing and usage statistics to gain insight into clients’ topics of interest and optimise servers based on traffic. These statistics include the Internet Protocol (IP) address assigned by the client’s access provider, the identity of their computer, the SaaS user, the browser class, the time of connection and disconnection, the data relative to access to computer applications such as the name of the program, the company, and the type of operation.
The client is informed that these statistics have no other purpose than to better analyse the general behaviour of clients and also for maintenance purposes. GIT SA keeps this information for a period of 12 months in a confidential manner, undertakes not to communicate it to third parties other than its technical partners and only reserves the right to communicate anonymous statistical analysis.
2.11 Data backup
GIT SA maintains backups of the entire service infrastructure as well as client data. These different backups are stored in the active data centre and immediately outsourced to a second data centre in Switzerland. Both data centres comply with the legal provisions in force. Backups are kept for the current week (7 days).
2.12 Data suppression
GIT SA deletes data (complete or partial), as soon as the client has made an explicit request. This will be executed within 8 days. The final and definitive deletion of data will only be effective when the oldest backup set containing this data expires.
2.14 General conditions
In the event of discrepancies between this text and the General Conditions & SLA SaaS, the general terms and conditions of service written in French are binding.
3 Use of our software installed locally
As a provider of software installed locally:
GIT SA undertakes to ensure that all of its software complies with the requirements of the current official regulations, in particular the European legal provisions governing the protection of personal data (GDPR) and the Swiss Data Protection Act (LPD). Therefore, by using our software, you are also able to meet the requirements of your regulatory obligations with respect to security, confidentiality and the GDPR. It is understood that as a user of our software, you must comply with your security protocols to ensure data confidentiality.
3.2 Tools and Features
GIT SA undertakes to ensure that all its software is equipped with the features required by the GDPR, in particular, traceability and other requirements. GIT SA also undertakes to provide, following a client request, all the support necessary to comply with the European legal provisions governing the protection of personal data (GDPR) in the context of the use of its software.
4 Support provided by GIT SA Technical Support
GIT SA is a publisher of business management software. As part of its activities and in order to provide good service to its clients, GIT SA may be required to view client data or ask its clients to provide data on accounts or payroll for the purpose of providing support services.
GIT SA hereby makes a commitment to:
Use information or data only for analysis, diagnostics, or processing to meet specific client needs or requests.
To not use information or data received by the client in a manner that is prejudicial to the other party.
Not to disclose or otherwise communicate information or data, in whole or in part, to a third party without the express consent of the client.
4.3 Data protection
Respect the applicable European legal provisions governing the protection of personal data (GDPR). GIT SA promises to take all necessary measures to preserve the confidentiality of the information and to apply the same care and deploy the same efforts that it would apply and deploy to protect the confidentiality of its own corresponding information.
4.4 Special provisions for remote support
4.4.1 Client control
The client may, at any time if so desired, shut down remote access by simply closing the “Support Bomgar” window. Upon shut down of remote support, the technician closes the remote assistance request and no software remains on the client’s computer.
By using the remote assistance access code, the client authorises the technician to access their device in order to provide assistance, technical maintenance or training. The technician is limited to the scope of the intervention.
4.4.3 Confidentiality of data
When required for technical needs and with the consent of the client, data may be transferred during the support session. In this case, the data will ONLY be used for purposes of quality control or maintenance and will be removed upon closing the application. All information collected is stored in Switzerland.
4.4.4 Security of the connection
The connection between technician and client is fully encrypted according to current best practices.
4.4.5 Use of third-party software
The use of software other than that provided by GIT SA for technical support or remote learning purposes is limited as follows: the client must expressly request it and he is responsible for the legality and quality of the tools concerned. The client also undertakes to cover any additional costs that may arise from the use of these tools.
5 Commercial activities
5.1 Client files
We collect information during prospection or upon purchase of our software / services. The information collected includes the name of the company, the postal address, the telephone number, the name and surname of the account manager, their email address, telephone and various billing information such as invoices issued by GIT SA, the products and their licenses.
About two newsletters a year are sent to our clients. These newsletters include various pieces of information related to the company, new regulations, updates of our software or any other information that we think is useful to send to our clients. The file containing the email addresses for the newsletter is managed internally and is undisclosed to third parties other than for technical reasons (file generation, newsletter processing or list storage).
If you wish to unsubscribe and no longer receive our emails, simply send an email to this address: email@example.com.
5.3 Use of information
Any information we collect from you may be used to:
• Meet your individual needs
• Provide personalised content such as a newsletter
• Improve our services and products
• Improve client services and your support needs
• Contact you
5.4 Disclosure to third parties
We are the sole owners of the information collected. Your personal information will not be sold, exchanged, transferred, or given to another company for any reason without your prior permission.
5.5 Access to client files
For organisation and maintenance purposes, we allow access to client files to our IT service provider GIT-IT SA. The latter undertakes to respect the present conditions regarding the confidentiality and security of the data and not to disclose the information contained in the client files to third parties.
5.6 Data protection
We implement a set of measures to safeguard the security of your personal information. Computers and servers used to store personally identifiable information are located in a completely secure environment in Switzerland.
5.7 Deletion of data
In the case of an explicit request by the client, we may delete all data relating to them as long as it is not necessary for billing / accounting, client services or assistance. The request must be made to firstname.lastname@example.org.