Data Protection Policy
Data Protection Policy
Last Revision: July 29th, 2024
1. Purpose
This policy outlines the principles and guidelines for the protection of sensitive data within our organization, including personal data entered by our customers into our system. It aims to ensure the confidentiality, integrity, and availability of data while complying with relevant data protection laws and regulations.
2. Scope
This policy applies to all employees, contractors, and third parties who handle sensitive data on behalf of the organization.
3. Changes to this Policy
We may amend this Data Protection Policy from time to time to ensure transparency on all processing operations relating to you and your Personal Data in real-time.
4. Data Collection and Use
Personal data of employees, candidates, prospects, and customers entered into our systems by our customers is collected solely for the purpose of facilitating business operations and providing the intended services.
We require our customers to adhere to data protection laws and regulations when entering personal data into the ERP system.
Personal data shall be processed in accordance with the instructions provided by the customer and shall not be used for any other purposes without explicit consent.
We do not access or use personal data entered by customers for any purposes other than providing support and maintenance services as requested.
All personal data entered into Furious by customers is encrypted and stored securely to prevent unauthorized access or disclosure.
Please find below the list of the personal data we collect, its usage and its purpose:
| Data subject | Personal Data collected | Purpose |
|---|---|---|
| Customer | Identification Data (Name, contact details, employment details, …). Billing and financial information. Customer support interactions as well as any other information you share with us in other contexts. | Deliver services (fulfill subscription, provide support), manage our relationship (contracts, invoices, legal matters) |
| Contact you in order to invite you to our events or any other commercial communication. | ||
| Prospect | Name, job title, email address | Contact you for a demo and send marketing communication. |
| Browsing the Site or the Application | Strictly necessary cookies | Ensure proper functioning of the Services. |
| Browsing the site | Statistics cookies | To help us understand how the website is used and anonymously report this information. |
| Marketing Cookies | To track your use of the website and help us improve your user experience. |
5. Third parties
We limit the use of data subprocessors by leveraging our own software to handle and secure customer data. Each third party we use go through an audit to ensure their compliance to the GDPR.
| Name | Purpose | Localisation of data processing |
|---|---|---|
| AWS | Hosting and backup. | EU |
| Intercom | Handle customers support for users of the platform | EU |
6. Data Security
- All personal data entered into Furious is encrypted and stored securely.
- Two-factor authentication (2FA) is enabled for all development environments and access to customer data, including support.
- Disk encryption is enabled for all devices and servers.
- USB device usage is prohibited, with cloud storage replacing physical media.
- We use only secure protocols such as HTTPS, SSH, FTPS, and LDAPS.
- Regular updates are performed for all tools, modules, and libraries used in the application, including tracking versions. The main components are updated in real-time via AWS, while libraries are updated as needed. Each time a library is used, it is updated beforehand.
- AWS WAF and CloudFront are employed for advanced server protection.
- Daily off-site backups are performed and stored in environments separate from AWS.
- A strict access control policy is in place, with rights reviewed regularly.
- Security and penetration tests are conducted every six months by Devensys (external contractor). All identified vulnerabilities are systematically corrected.
- An internal Security Operations Center (SOC) manages threats and collaborates with external auditors for biannual reviews.
- Logs related to the usage of Furious are stored securely. User activity logs are retained for six months, while other logs are retained for two years.
7. Data Retention
| Customers | Personal data entered by customers into Furious is retained only for as long as necessary to fulfill the purposes for which it was collected, or as required by law. Data that is no longer required for the customers’ operation can be archived and will be entirely and securely disposed of within 12 months. This includes an employee leaving the customer’s company and the customer willing to delete that data from their system. |
| Prospect | Upon request from the subject. |
| Browsing the site/application | Upon request from the subject. |
8. Data Subject Rights
Data subjects, including employees whose personal data is entered into Furious by customers, have the right to access, rectify, and delete their personal data within legal and the customer company requirements.
Requests from data subjects regarding their data shall be promptly addressed in accordance with applicable laws.
To exercise your right, please send your request directly by email to support@furious-squad.com.
9. Data Breach Response
In the event of a data breach, we will promptly assess the situation, mitigate the impact, and notify affected parties and relevant authorities as required by law.
10. Disaster Recovery Plan
Furious maintains a Business Continuity and Disaster Recovery Plan (PCA/PRA) that is tested regularly to ensure readiness. Backup systems are tested periodically and stored off-site to ensure reliability.
11. Training and Awareness
We provide data protection training to employees during onboarding and conduct regular refreshers on an as-needed basis. Technical staff receive updates on security best practices twice a year from an external partner. Regular security awareness sessions are conducted in alignment with GDPR requirements.
12. Compliance
This policy shall be reviewed every 6 months to ensure ongoing compliance with applicable data protection laws and regulations.
Non-compliance with this policy may result in disciplinary action, including termination of employment or contract.
13. Contact Information
For any inquiries or concerns regarding data protection, please contact our support team on support@furious-squad.com.
14. Policy Review
This policy will be reviewed every 6 months or as necessary to reflect changes in laws, regulations, or organizational practices.
15. Furious™ extension for Google Sheets™
Furious™ extension for Google Sheets™ use and transfer to any other app of information received from Google APIs will adhere to Google API Services User Data Policy, including the Limited Use requirements.
