GDRP

We have implemented our GDRP policy to be compliant and transparent about the use of your personal data.

Our policy

In order to improve the services offered, eMundus can collect information related to the emundus.fr website. As the developer of an online application management platform, eMundus works very closely with customers who collect personal data. Therefore, we had to define a policy to comply with the General Data Protection Regulations in order to guarantee data security.

eMundus is committed to respecting its GDRP policy
Commitment to the GDRP

eMundus is committed to respecting this GDRP policy in the context of the activity, and thus to respecting the privacy, protection, confidentiality and security of personal data. In order to ensure the implementation of these commitments, a Data Protection Officer (DPO) has been appointed within our team.

Data storage

Customers can choose to store the data collected through the eMundus platform either on eMundus servers or on their own servers.

Backup

On our servers (rented from the SoYouStart service provider), backups are made to our web folders and databases. We are implementing a backup via encryption in AES-256, which is an encryption algorithm used by the NSA, with also a data retention policy. This policy consists of a 7-day data backup for each customer, a storage of 4 backups per month, or 12 backups per year).

Data Security

RSA encryption keys ranging from 2048 to 4096 bits are used to secure each of our machines. Many security and confidentiality measures are implemented :

  • the building is secure
  • password authentication
  • connection logging
  • a firewall filtering access to the server
  • backup encryption
  • securing back office access at the server level
  • blocking of high-risk IP addresses
  • user blocking when an attempt at hacking is detected

Collection of information

The main step in our activity and that of our customers.

GDRP Policy - Data Collection
Data Collection
  • For each collection of personal data from our customers, the consent of the data processing is required. Each customer is therefore informed of this collection.
  • The collection is carried out with the goal ofimproving services but also to better meet the needs of our customers.
  • Users are informed of the use of cookies on our website emundus.fr/en.
  • eMundus does not take care of the request for consent to data processing of candidate files that are processed by our clients. Remember, this request can be made when you create an account.

Visualization

Concerning access to data :

  • The visualization of our customers' data is limited to internally by our team.
  • For the visualization of candidate data, it only concerns our clients. We access a candidate file only by a request from our clients in the case of a problem.
GDRP Policy - Data Visualization
Data Visualization

Processing

Concerning the respect of the processing of personal data :

GDRP Policy - Data Processing
Data Processing
  • The data processing is limited to the achievement of the main objective of theobjectif principal de eMundus activity.
  • The data processing may correspond to a verification of the conformity of certain documents such as the passport, visa etc... to certify that these documents are indeed the requested documents.
  • eMundus does not share the data with other service providers without the consent of the customers.
  • eMundus also uses customer data to authenticate customers on their platform to ensure security.
  • The processing of candidate file data is the responsibility of our clients.

Conservation

In order to comply with the Regulation, it is important to address data retention.

  • Data retention is the duration of collaboration with our customers.
  • eMundus is not responsible for the retention and deletion of candidate data, collected by our customers. Nevertheless, an encrypted backup of the data is performed for a possible recovery of lost data. This backup is performed daily and is stored for a maximum of one year.
GDRP Policy - Data Retention
Data Retention

Modification

Concerning the possibility of data access for our customers:

Our customers can modify their data via their platform. If the data to be modified concerns commercial exploitation, simply contact us.

Do you have any questions about our GDRP policy ?

We will answer it as soon as possible