Following the recent modernization of laws relating to computer data security and protection, new regulatory constraints are emerging.
With effect from 25 May 2018, the General Data Protection Regulations (GDPR) set the first steps in this transformation in the field of IT security.
Finalcad currently meets the following guidelines:
1- Creation and maintenance of a data processing register
2- Nomination of a Data Protection Officer
3- Verification of data transfers and possibility for the user to request them
4- Impact analysis before the implementation of a data processing operation
5- Easy access for the person to his data
6-Notification of personal data violations
7-Right to erase data ("Right to forget")
Finalcad has identified applications involving personal data and associated processing.
Marc BOUREL, currently Chief Information Officer (CIO) has been appointed as Data Protection Officer (DPO).
Transfers of personal data to foreign countries are now subject to verification of the guarantees offered by the laws of that country to preserve an equivalent level of security for the data. Article 45 of the Regulation provides that, ideally, the recipient country should be listed by the European Commission. Failing this, special guarantee clauses should be included in contracts, in addition to the possibility of using codes of conduct, certifications and other labels. In this case, it will not be necessary to obtain authorization from the national authority of the country of origin of the data.
Furthermore, Article 49 of the Regulation provides that, if the processing requires the consent of the person concerned, he must be informed of the transfer of his data and of the risks involved in the operation. This, of course, in order to allow the person to possibly withdraw his consent.
Data location of Finalcad applications and sites
In practice, production data is hosted at Amazon Web Services, in DataCenters corresponding to distinct geographical areas:
The GDPR thus introduces the concept of taking privacy into account from the design of the processing operation: the different obligations on data collection must be considered from the design of the data processing operation ("privacy protection from the design stage and by default").
Finalcad carried out this impact assessment. All personal data managed by Finalcad are recorded, by application. Their criticality is evaluated.
Product Managers have been made aware of the right to forget from the outset of application design. It is now necessary to accompany the teams for the implementation of this concept on the new solutions as well as on the old ones.
Finalcad allows the transparency of personal data stored in its applications. The user can modify the data accessible to him.
In the event of an attack, intrusion, or any event involving the violation of your personal data, Finalcad undertakes to notify the legal authorities as well as the users concerned by the violation of personal data.
As required by the DGMP, you may contact us to request to be removed from our databases and applications.
To do so, please send a request to email@example.com so that we proceed to the deletion if this deletion does not enter in contradiction with the legal constraints of traceability.
The term "personal data" means any data that identifies an individual, including your full name, postal and e-mail addresses, telephone numbers, data relating to your transactions on the Site and/or the Application, including subscriptions, and any other information you choose to provide about yourself.
Depending on the type of relationship between us, uses vary:Prospect / Person showing interest in our solutions/areas of activity :
Finalcad will never transfer your personal data to third parties. The personal data collected will only be used for the purposes mentioned above.