Data Protection Policy
Data Protection Policy
Last Revision: July 29th, 2024
1. Purpose
This policy outlines the principles and guidelines for the protection of sensitive data within our organization, including personal data entered by our customers into our system. It aims to ensure the confidentiality, integrity, and availability of data while complying with relevant data protection laws and regulations.
2. Scope
This policy applies to all employees, contractors, and third parties who handle sensitive data on behalf of the organization.
3. Changes to this Policy
We may amend this Data Protection Policy from time to time to ensure transparency on all processing operations relating to you and your Personal Data in real-time.
4. Data Collection and Use
Personal data of employees, candidates, prospects, and customers entered into our systems by our customers is collected solely for the purpose of facilitating business operations and providing the intended services.
We require our customers to adhere to data protection laws and regulations when entering personal data into the ERP system.
Personal data shall be processed in accordance with the instructions provided by the customer and shall not be used for any other purposes without explicit consent.
We do not access or use personal data entered by customers for any purposes other than providing support and maintenance services as requested.
All personal data entered into Furious by customers is encrypted and stored securely to prevent unauthorized access or disclosure.
Please find below the list of the personal data we collect, its usage and its purpose:
| Data subject | Personal Data collected | Purpose |
|---|---|---|
| Customer | Identification Data (Name, contact details, employment details, …). Billing and financial information. Customer support interactions as well as any other information you share with us in other contexts. | Deliver services (fulfill subscription, provide support), manage our relationship (contracts, invoices, legal matters) |
| Contact you in order to invite you to our events or any other commercial communication. | ||
| Prospect | Name, job title, email address | Contact you for a demo and send marketing communication. |
| Browsing the Site or the Application | Strictly necessary cookies | Ensure proper functioning of the Services. |
| Browsing the site | Statistics cookies | To help us understand how the website is used and anonymously report this information. |
| Marketing Cookies | To track your use of the website and help us improve your user experience. |
5. Third parties
We limit the use of data subprocessors by leveraging our own software to handle and secure customer data. Each third party we use go through an audit to ensure their compliance to the GDPR.
| Name | Purpose | Localisation of data processing |
|---|---|---|
| AWS | Hosting and backup. | EU |
| Intercom | Handle customers support for users of the platform | EU |
6. Data Security
Hundreds of unit tests are run daily to ensure the quality and consistency of any addition to our code. Reviews are being performed before every single deployment, and an automated code and architecture review runs on our whole system on a weekly basis.
Every 6 months, a security and penetration test audit is performed by a third party, using black, gray, and white box tests. Surfaced issues are systematically addressed by our technical team.
We implemented appropriate technical and organizational measures to protect data against unauthorized access, disclosure, alteration, or destruction.
Access to sensitive data, including personal data entered by customers, is restricted to authorized personnel on a need-to-know basis.
Regular security assessments and audits are conducted every 6 months to identify and mitigate potential risks.
7. Data Retention
| Customers | Personal data entered by customers into Furious is retained only for as long as necessary to fulfill the purposes for which it was collected, or as required by law. Data that is no longer required for the customers’ operation can be archived and will be entirely and securely disposed of within 12 months. This includes an employee leaving the customer’s company and the customer willing to delete that data from their system. |
| Prospect | Upon request from the subject. |
| Browsing the site/application | Upon request from the subject. |
8. Data Subject Rights
Data subjects, including employees whose personal data is entered into Furious by customers, have the right to access, rectify, and delete their personal data within legal and the customer company requirements.
Requests from data subjects regarding their data shall be promptly addressed in accordance with applicable laws.
To exercise your right, please send your request directly by email to support@furious-squad.com.
9. Data Breach Response
In the event of a data breach, we will promptly assess the situation, mitigate the impact, and notify affected parties and relevant authorities as required by law.
10. Training and Awareness
We provide at employees’ onboarding a data protection training to ensure that they understand their responsibilities in protecting data and complying with this policy. We also conduct regular refreshers on an as-needed basis.
Our technical team is also kept up to date with the latest security best practices twice a year through an external partner.
11. Compliance
This policy shall be reviewed every 6 months to ensure ongoing compliance with applicable data protection laws and regulations.
Non-compliance with this policy may result in disciplinary action, including termination of employment or contract.
12. Contact Information
For any inquiries or concerns regarding data protection, please contact our support team on support@furious-squad.com.
13. Policy Review
This policy will be reviewed every 6 months or as necessary to reflect changes in laws, regulations, or organizational practices.
14. Furious™ extension for Google Sheets™
Furious™ extension for Google Sheets™ use and transfer to any other app of information received from Google APIs will adhere to Google API Services User Data Policy, including the Limited Use requirements.
