Protecting your data is our priority

We have developed Reflect with the utmost respect for the privacy and security of your data. We are aware that your data is very valuable, so we treat it with the utmost care. With Reflect, you are safe.

Definition of the main concepts

as defined by the General Data Protection Regulation (GDPR) in effect since May 25, 2018.

We are a subcontractor

A processor is the natural or legal person, public authority, department or any other body that processes personal data on behalf of the controller.

You are a controller

A controller is the legal or natural person who determines the purposes and means of processing personal data. The data controller is responsible for compliance with the GDPR within his or her organization, and in particular for respecting the rights of employees (right of access, right to erasure, etc.).

Our commitments

Data Usage

We will only process your data for the purpose(s) that are being outsourced. For example, we will never sell or use your employee data for marketing purposes.

Data protection

We will inform you immediately if an instruction given by you constitutes a violation of the Data Protection Regulations.

Data processing

We process Personal Data only on your documented instructions, including with respect to the location of hosting and transfers to third countries.

Data Privacy

We guarantee the confidentiality of your data processed under the contract and ensure, in this regard, that the persons authorized to process your data undertake to respect confidentiality or are subject to an appropriate legal obligation of confidentiality.

Transparency

We make available to you all the information necessary to demonstrate compliance with our obligations and to enable audits, including inspections, to be carried out by you or a chosen auditor, and contribute to such audits under the conditions referred to below.

Data Deletion

We will, at your option, destroy all of your data or return it to you upon completion of the service, provided that return of such data shall be accompanied by our destruction of all existing copies in our information systems.

Our technical guarantees

Security

We encrypt the communication channels on which the data are transmitted. The encryption of the flows is guaranteed by TLS and a Content-Security-Policy including only the actors that you authorize to deposit contents is set up. Finally, we protect the access to the database available to the only private network created for the solution.

Privacy

Identify the data useful to each business process (access of persons to only the data they need) Logically separate the data useful to each process (management of access rights differentiated according to business processes)

Partitioning

We manage user profiles by separating tasks and areas of responsibility. We restrict access to administrative tools and interfaces to authorized individuals. We identify anyone with legitimate access to data with a unique identifier.

Integrity

When data is sent to a database, it is necessary to implement analysis measures to prevent attacks by SQL or script injection.

What our customers say about Reflect

Mathilde,

People Operations Manager

I use Reflect all the time. And my team is using it more and more. It's amazing to see them using it autonomously. It's a true revolution for our teams.