Privacy and Protection of Personal Information

Management commitment

At Optania, we are fully committed to ensuring the confidentiality and security of your data. We base our commitment on the standards of the OWASP foundation, compliance with our contractual obligations and strict adherence to current legislation. We also invest in employee training to build and maintain a proactive information security culture, guaranteeing the optimal protection of your data.

Governance practices and policies

The protection of personal information and respect for privacy is at the heart of everything we do. In addition to our privacy policy, which is published on the websites and mobile applications for our various products, we have strict internal guidelines. All team members are required to sign and abide by several commitments before their first day of work.

1. Employee commitment

   1. Employment contract: Employees commit to performing their work with prudence and diligence. Employees must act with loyalty and not use confidential information obtained in the course of their work. Employees must use company property in a safe manner and undergo background checks upon hiring and upon request.
   2. Ethics and policies: The code of ethics outlines several expected standards including respect, confidentiality and security, both internally and with our customers. The security policy defines the use of information assets and remote connection. It includes the access management process and incident management.
   3. Confidentiality agreement: Employees commit to respecting the confidentiality and non-disclosure rules and policies established by the company and to use their access rights only in the performance of their duties.

2. Least privilege access control and strong authentication

   1. Access management: The Human Resources department and the Information Technology department work together to assign, modify or revoke access rights based on employees' roles and responsibilities.
   2. Access requests: Requests for access to systems and applications are submitted via a formal request process and approved by an authorized person in charge.

3. Awareness

   1. Security training: All employees receive mandatory cybersecurity training and are made aware of the risks associated with access.
   2. Security and personal information protection committee: The security and personal information protection team is responsible for promoting and updating our security policies. The person responsible for personal information also serves on the management team to coordinate the various processes for managing personal information, complaints and incidents.

4. Sanctions

   1. Policy violations: Any employee who violates our policies may face sanctions, including disciplinary measures up to and including dismissal.

Collection and use of Personal Information

Customer service

To serve our customers, we collect personal information such as name, postal address, telephone number, email address and other relevant financial information used for administrative purposes and governmental obligations. We also retain email exchanges with our customers to ensure better follow-up and support.

Product operation

The above information also enables us to activate user accounts. The content generated by our customers within our products is encrypted at several levels to maintain maximum confidentiality and anonymity.

Updating personal information and handling complaints

We are committed to maintaining the accuracy and completeness of your personal information and to updating it as soon as necessary. To help us keep your information up to date, please inform us promptly of any changes. If you wish to access or amend your personal data held by us or exercise any other rights under data protection laws, please address your request in writing to the person in charge of personal information, whose contact details are listed above.

Incident management

This management process enables our team to quickly identify a potential incident and assess the risks. The resolution or mitigation work planned will be relative to the level of criticality of the vulnerability found. This includes procedures for escalation, attenuation and rapid communication to relevant parties, as well as registration.

If you have any questions about these rights or how to exercise them, please contact the person in charge of personal information. We will handle all requests in accordance with current legislation.

For more information, please visit our security page.