We have developed Reflect with the utmost respect for the privacy and security of your data. We are aware that your data is very valuable, so we treat it with the utmost care. With Reflect, you are safe.
as defined by the General Data Protection Regulation (GDPR) in effect since May 25, 2018.
A processor is the natural or legal person, public authority, department or any other body that processes personal data on behalf of the controller.
A controller is the legal or natural person who determines the purposes and means of processing personal data. The data controller is responsible for compliance with the GDPR within his or her organization, and in particular for respecting the rights of employees (right of access, right to erasure, etc.).
We will only process your data for the purpose(s) that are being outsourced. For example, we will never sell or use your employee data for marketing purposes.
We will inform you immediately if an instruction given by you constitutes a violation of the Data Protection Regulations.
We process Personal Data only on your documented instructions, including with respect to the location of hosting and transfers to third countries.
We guarantee the confidentiality of your data processed under the contract and ensure, in this regard, that the persons authorized to process your data undertake to respect confidentiality or are subject to an appropriate legal obligation of confidentiality.
We make available to you all the information necessary to demonstrate compliance with our obligations and to enable audits, including inspections, to be carried out by you or a chosen auditor, and contribute to such audits under the conditions referred to below.
We will, at your option, destroy all of your data or return it to you upon completion of the service, provided that return of such data shall be accompanied by our destruction of all existing copies in our information systems.
We encrypt the communication channels on which the data are transmitted. The encryption of the flows is guaranteed by TLS and a Content-Security-Policy including only the actors that you authorize to deposit contents is set up. Finally, we protect the access to the database available to the only private network created for the solution.
Identify the data useful to each business process (access of persons to only the data they need) Logically separate the data useful to each process (management of access rights differentiated according to business processes)
We manage user profiles by separating tasks and areas of responsibility. We restrict access to administrative tools and interfaces to authorized individuals. We identify anyone with legitimate access to data with a unique identifier.
When data is sent to a database, it is necessary to implement analysis measures to prevent attacks by SQL or script injection.
I use Reflect all the time. And my team is using it more and more. It's amazing to see them using it autonomously. It's a true revolution for our teams.