Recevez votre lien de démonstration gratuitement en cliquant ici

Recevez votre lien de démonstration gratuitement en cliquant ici

Logo

Support

Bien démarrer

GDPR compliance

Découvrez comment Magnétis garantit la conformité RGPD et la sécurité de vos données. Un guide complet sur nos procédures et engagements de protection.

Découvrez comment Magnétis garantit la conformité RGPD et la sécurité de vos données. Un guide complet sur nos procédures et engagements de protection.

Achieving compliance with the General Data Protection Regulation (GDPR) is a cornerstone of our commitment to data security and confidentiality at Magnétis.

This documentary base has been crafted to offer a transparent and detailed overview of the documents, procedures, and actions implemented to ensure our compliance with the GDPR. From the meticulous collection of data to its secure processing, every facet of our approach is documented to reflect our dedication to protecting the personal information of our clients and users.

By making this article available, Magnétis underscores its commitment to fostering a culture of data protection, ensuring responsible management in line with the strictest European standards.

1. Record of Processing Activities

This document is pivotal for GDPR compliance. It enumerates all personal data processing activities conducted by Magnétis, including the purposes of processing, the categories of data processed, and the recipients of the data.

The processing activities are listed in the table below. Each process also has a detailed internal datasheet at Magnétis.

  • Magnetis Client Account Management (FR-001): Client Management, Collection of contact details of business clients (B2B) and the company's responsible person.

  • Management of Client Sub-Accounts (FR-002): Management of client sub-accounts created by network clients and partner clients.

  • Access Management to the Magnétis Platform (FR-003): Access management to client accounts and sub-accounts.

  • Management of Transferred Telephone Call Data (FR-004): Statistics Management, Collection of incoming call data, compilation of the call log and overall statistics.

  • Web Module Management (FR-005): Web module management for displaying tracked numbers based on the origin channel.

  • Billing Management (FR-006): Sending of invoices, monitoring of client payment balances, and reminders.

  • Prospect Management (FR-007): Monitoring of relational events (meeting, telephone exchanges, and email).

  • Payment Management (FR-008): Online payment management, debits on bank cards, and SEPA direct debit.

  • Email Tracking Management (FR-009): Statistics Management and collection of individual received emails.

  • Technical Support Management (FR-010): Monitoring of client onboarding, assistance with installation and configuration.

  • Phone Call Recording (FR-011): Collection of phone call recordings, consultation of audio files.

  • Payroll and HR Management (FR-012): Calculation of remunerations and social contributions.

  • SMS Sending on Lost Calls (FR-013): Management of telephone numbers and network events.

  • Landing Pages with Form Management (FR-014): Consent management, collected data management, and notification.

2. Privacy Policy

Our Privacy Policy is available at the following link, explaining how Magnétis collects, uses, and protects the personal data of individuals and its users: Magnétis Privacy Policy (https://www.magnetis.fr/politique-de-confidentialite/)

The General Terms and Conditions of Use (GT&C) play a significant role in the context of the GDPR: General Terms and Conditions of Use of the service (https://app.magnetis.fr/console/assets/cgv/cgv-cgu-magnetis.pdf)

3. Information Notices

These elements inform individuals at the time of collecting their personal data about the use that will be made of this data, the legal basis for processing, and their rights under the GDPR. The collection of commercial data and prospecting is conducted through our product forms and contact forms on our website www.magnetis.fr:

  • Request for demonstration link: Magnétis processes your personal data to enable you to obtain a demo of our call-tracking platform.

  • Downloading of whitepapers and pricing: Magnétis processes your personal data to enable us to send you information regarding our services.

  • Contact form: Magnétis processes your personal data to allow us to contact you back and answer your questions.

When a user subscribes to our call-tracking platform, accepting the general terms and conditions of use confirms the information and acceptance of roles and responsibilities.

In the context of our SMS alert service with contact landing page (SMS/LP), specific conditions apply. You can find these elements in the dedicated article "Compliance of the SMS/LP feature".

4. Data Processing Agreements

When we engage subcontractors to process personal data on our behalf, we ensure that these relationships are governed by contracts specifying each party's data protection obligations.

We have Data Processing Agreements (DPAs) with our subcontractors, including Infrastructure and Cloud service providers, Telephony providers, CRM suite providers, SMS sending providers, and Online payment solution providers.

We ensure that the data processing addendums cover the following points: GDPR Compliance, Clarification of Responsibilities, Security Measures, Data Breach Management, Subcontracting conditions, and International Transfers.

5. Consent collection when using the call-tracking service

Within the framework of our call-tracking service, the personal data processing activities carried out by our company are not systematically subject to obtaining the consent of the individuals concerned. We primarily rely on the legal basis of legitimate interests pursued by our company or our clients.

However, the use of the call-tracking module with visitor journey tracking installed on the website requires the implementation of visitor consent tools.

Our call-tracking web module use the following cookie to achieve the service:

  • mgt_visitor: Magnétis Cookie. Universally Unique Identifier. Delay: 30 days.

This consent must be obtained in compliance with guidelines. To facilitate the collection, management, and justification of consent, we recommend dedicated tools such as Piwik Pro, Axeptio, or Didomi.

6. Technical and Organizational Measures

To ensure the proper functioning of its services and their operational maintenance, Magnétis has implemented the following actions or tools:

  • Hosting of Personal Data on servers located within the European Union.

  • Awareness-raising among its personnel.

  • User authentication devices with personal and secure access.

  • Authorization management procedure.

  • Access tracking devices and connection logging.

  • Regular implementation of internal audits and penetration tests.

  • Physical security of premises and workstations.

  • Encryption of storage tools and web exchanges (https).

  • Business Continuity Plan.

7. Data Breach Register

The register is structured to contain details of any personal data breach. In the event of a Data Breach, Magnétis undertakes to notify the CNIL. Internally, documentation is structured according to the nature of the breach, affected categories, likely consequences, and measures taken. The breach register is currently empty.

8. Procedures for the rights of data subjects

Magnétis has established procedures to enable individuals to exercise their rights under the GDPR, such as the right of access, rectification, erasure, and data portability.

Any individual using the call-tracking service can submit their request through our dedicated form. Magnétis undertakes to respond within a maximum period of one month.

9. Data Protection Impact Assessment (DPIA)

After a thorough assessment, we have concluded that a Data Protection Impact Assessment (DPIA) is not necessary in our case. Our processing activities do not present a high risk to the rights and freedoms of data subjects and involve technical information rather than sensitive data.

10. Data Retention Policy

This policy sets out the retention periods for different categories of personal data. The main processes in place are:

  • Application and prospecting data: 3 years after the last usage.

  • CSV files (Lost calls alerts / Synthesis reports): 7 days.

  • SFTP and Recording audio files: 25 days by default (customizable).

  • API and Webhook logs: 25 last calls per API key in database, then hardware storage.

  • Web module and user events: 30 days by default.

11. Assessment of the level of security of personal data

The overall assessment is conducted following the Data Security Guide provided by the CNIL and ISO 27001 guidelines. Key areas such as Managing Data Security, Authenticating users, Securing workstations, and Backing up are systematically validated and monitored for continuous improvement.

12. Contact our DPO

For any further information, you can address your requests via the contact details below:

  • Par mail : Magnétis – Demande RGPD – 47 rue de Bitche, 92400 Courbevoie, France

  • Par eMail : delegueprotectiondonnees@magnetis.fr

Articles liés

Comment créer un compte Magnétis?

Comment ajouter, modifier et supprimer un destinataire d’appel (pays, fixe, mobile) ?

Choix du nom de domaine de ma marque blanche

Consulter ses statistiques géographiques

Quand y-a-t-il du hors forfait et comment est-il calculé?

Créer un ticket support

Gestion et création de comptes, mise en place des fonctionnalités, facturation ... Nos équipes traiteront votre demande au plus vite.