As a specialist in digital intelligence, Humind pays the utmost attention to the handling of personal data.
Our long experience in this market has allowed us to build a real policy of personal data management in order to combine privacy, copyright, data security and competitiveness.
Here Humind details its business, how it processes personal data and what rights you have to your data.
What is personal data?
Personal data is "any information that directly or indirectly identifies a natural person (e.g. name, registration number, telephone number, photograph, date of birth, place of residence, fingerprint, etc.)". Source: CNIL
What personal data is processed by Humind?
In the course of its business, Humind processes several categories of personal data: employee data, contact and billing data of its customers, suppliers and partners, navigation data on Humind's websites, user data of our solutions and finally data indexed on the Internet, via our web applications.
For the latter, Humind indexes data from the web and in particular from social networks. These indexed data are not considered as sensitive according to the definition given by the CNIL.
Moreover, in application of the new European regulation on the protection of personal data (RGPD Article 6), Humind only indexes data whose status is public on the internet and which have been the object of an express consent regarding their use by third parties.
Therefore, information with a private status is never collected and Humind cannot access profiles or pages on the internet and more specifically on social networks, if access has been restricted by the user.
What does Humind do with this data?
All of Humind's employee data, as well as the contact and billing data of its customers, suppliers and partners, is used to perform standard business functions such as communication of all kinds, payment and billing.
Navigational data on Humind websites is used to improve the architecture and navigation of these sites.
Finally, the indexation of web data allows our applications to generate consolidated analyses of public data from the net for use by Humind's client companies.
How is public data from the web indexed?
As part of its web data indexing activity, Humind uses proprietary automated indexing systems, also known as "crawlers". This is done via application programming interfaces (APIs), via agreements with websites or with third-party content providers.
Humind crawlers respect the terms and conditions of each website. In doing so, they study each platform's terms of access and abide by each site's protocols. Humind does not use login bypasses and only collects data when authorised by the site.
Our company's crawlers can also be identified by the sites visited as belonging to Humnd. The latter can therefore choose to block them or to contact us for any information.
The indexes of the data from the web are stored with subcontractors who are subject to the same level of requirements, in particular by virtue of theArticle 28 of the RGPD. The data may only be stored in countries of the European Union or in countries whose legislation is considered adequate by European Union law.
How can I be sure that my data is protected?
In application of the new European regulation on the protection of personal data Article 32Humind ensures that all organisational and technical measures are implemented in order to guarantee a level of security adapted to the type of data collected.
This is a data management process that started long before the symbolic date of the RGPD's entry into force on 25 May 2018, in line with the 1978 Data Protection Act, and which continues to be ongoing, beyond this deadline.
To meet these requirements, data shall be indexed according to type, sensitivity and processing. Each processing operation shall be listed in a register, as provided for by thearticle 30Each processing operation shall be listed in a register, as provided for in Article 3(1)(a) of the Regulation, and shall be subject to appropriate protection defined after an impact assessment (PIA) and governed by Article 3(1)(a) and (b) of the Regulation. Article 35 et seq. of the same regulation.
All these documents as well as the mapping of the use and transfer of each type of data is available to the supervisory authorities designated by the articles 54 and following of the RGPD (the CNIL in France).
In this context, Humind has established a policy of "privacy by design", which means that from the design of applications and IT processes, the objective is to collect only the data strictly necessary for the use that will be made of them, as recommended by the European regulation article 25.
Once data is indexed, it is not retained for longer than is necessary for the nature and purpose of the processing. To ensure that data is not voluntarily or involuntarily kept longer than necessary, Humind has implemented an automatic deletion system. These different measures are part of the strategy of "minimisation" of personal data followed by Humind.
In parallel, Humind implements the physical and application security measures necessary to guarantee the watertightness of its databases and their protection from the outside world. These measures are in line with the Software as a Service (SaaS) market standards and are shared with Humind's clients under specific confidentiality agreements.
Similarly, in order to ensure strict security and to prevent any harm from unauthorised access to data, Humind, in compliance with thearticle 33 of the GDPR, notifies the competent supervisory authority and the data subject of a breach of the processing rules as soon as it becomes aware of the breach.
Respect for the personal nature and wishes of the persons concerned
Humind is aware of the importance of controlling personal data, and guarantees the full cooperation of its services to any person concerned by the processing of their data.
As such, and in compliance with the obligations enshrined in data protection laws, Humind guarantees its compliance with:
- The General Data Protection Regulation (GDPR):
This regulation is a European standard effective since 25 May 2018. It allows individuals to have control over their personal data and unifies the European Union's law on the transfer of personal data. Humind ensures compliance with this legislation and allows its clients to exercise their rights under this regulation:
- The right of access to one's data(Article 15 GDPR): The data subject may request from Humind confirmation as to whether or not personal data relating to him or her are being processed and, where they are, access to such personal data as well as information on the processing, recipients, storage period, purposes of processing and storage locations.
- The right to object(Article 21 GDPR): The data subject may, at any time, object, on grounds relating to his or her particular situation, to the processing of his or her personal data.
- The right to erasure(Article 17 GDPR): The data subject may request Humind to erase his or her personal data as soon as possible if the personal data are no longer necessary for the purposes for which they were collected, or if the data subject has withdrawn his or her consent on which the processing is based, in accordance with Article 17 GDPR, or if he or she has objected to the processing of his or her data as provided for above.Article 6§1The data subject shall be informed of the reasons for the withdrawal of consent, or if he or she has objected to the processing of his or her data as provided for above.
- The right of rectification(Article 16 GDPR): The data subject may request Humind to rectify personal data relating to him or her that are inaccurate. In view of the purposes of the processing, the data subject may also request that incomplete personal data be completed, including by providing an additional declaration.
- The right to notification of a personal data breach(Article 34 GDPR): Where a personal data breach is likely to result in a high risk to the rights and freedoms of the data subject, Humind undertakes to ensure that the data subject is notified of the personal data breach as soon as possible.
- The California Consumer Privacy Act ( CCPA )
- The right to request information about the data collected: The data subject has the right to request the categories of personal information that Humind has collected(Article 1798.100 and 17980115 CCPA)
- The right to deletion of data: The data subject may request that Humind delete all his or her personal data(Article 1798.105 CCPA)
- The right to request a copy of the personal data collected during the last 12 months(Article 1798.130 CCPA)
- The right to equal services and prices: Humind provides its services without discrimination when the person concerned exercises one of his rights under the CCPA(Article 1798.125 CCPA)
- Personal Data Protection Act (PDPA)
This regulation is a standard on personal data protection in Singapore and is effective from 2 July 2014. The PDPA establishes a general protection regime including obligations that Humind complies with:
- Consent requirement: Humind only uses the personal data of individuals who have consented to share it(Article 13 PDPA)
- The duty of reasonable data collection: Humind collects, uses or discloses personal data of subjects only for purposes that a reasonable person would consider appropriate in the circumstances.(Article 18 PDPA)
- The obligation of access and correction: The subject may ask Humind for access to and correction of his or her personal data if it is not accurate.(Article 21 PDPA)
- Obligation to protect: Humind has put in place security measures to protect its customers' personal data(Article 24 PDPA)
- Obligation to delete personal data: The data subject may request Humind to delete his or her personal data as soon as possible when it is no longer necessary for the purposes for which it was indexed.(Article 25 PDPA)
- Limitation of transfer obligation: Humind undertakes, when transferring data from a subject living in Singapore, to do so in accordance with the measures set out in the PDPA.(Article 26 PDPA)
If you wish to obtain further information or to assert your rights regarding your personal data, you can contact us now.