Privacy

This Privacy Policy covers the information we collect about you when you use our products or services, or otherwise interact with us (for example, by visiting our website), unless a different policy is displayed.

Lundano, refers to “Subcurrent”, and any of our corporate affiliates. We offer an online entreprise organisation software, Org@Work across Microsoft Teams platform. We refer to Org@Work, together with our other services and websites as "Services" in this policy.

Our Services manage information (regarding employee planning & work organization) that qualifies as “personal data” pursuant to the definition given by the General Data Protection Regulation (GDPR).

Our Services are provided to organizations having signed an agreement for using our Services. We refer as “Clients” to define these organisations.

When users submit information about themselves, it is assumed that the user has granted consent to our collection of that information. Should the Client register an account in our Services for you, it is assumed that consent was given.

Accordingly, if you are one of our Clients, and therefore user of our Services, you are subject to the provisions of the GDPR in two contexts:
- In the context of your relationship with us, inasmuch as we are acting as your processor (GDPR, Article 28)
- In the context of your relationship with your members of staff, inasmuch as you are acting as the controller of their personal data by using our solutions.

Personal data

Personal data processed might include:
- Civil status : First name and last name, email adress
- Organization : legal entity, department, site, manager
- Work organization : Remote working, on site working, leaves

Data storage

Subcurrent has chosen Microsoft based on security and support criteria. Subcurrent data is hosted in Microsoft European Union datacenters, chosen on the criteria of geographical distance to and independence from the main hosting center of Microsoft. The Azure datacenter selected is located in Paris, France.

Commitments as a processor

As a processor, we make the following commitments:
- Only to process the personal data of your members of staff in the course of the performance and implementation of the Subcurrent’s Services and applications to which you have subscribed. We will never sell or use data concerning your members of staff for marketing purposes.
- Not to transfer your data outside the EU
- To inform you of any change in the processors we use to store or process some of your personal data, and to ensure that any such processors are also in compliance with the GDPR.
- To restrict access to your personal data to only those members of our staff who are duly authorised to provide you with assistance as part of our support functions.
- To assure you of a high level of security and protection of your data.
- To ensure our members of staff are aware of the confidential nature of personal data and, as necessary, provide them with training on applicable data protection legislation.
- To notify you within 24 hours in case of any data breach.

Client as a processor

The clients manages, through our services and applications, the personal data of its members or staff, and therefore is responsible to permit them to exercise rights in relation to personal data, such as:
- right of access
- right to be forgotten
- right to rectification

Our services and applications help the client meet his obligations.

Security and confidentiality policy

Subcurrent has implemented the necessary security measures to its Services, to ensure the integrity and the confidentiality of the personal data entrusted to it:
- systematically encrypt data transiting over the public network,
- synchronise production data on an hourly basis at a remote location,
- make an encrypted daily back-up on Azure,
- erase personal data when such data leave the production area,
- manage infrastructure access using two levels of security: VPN + individual account, and periodically review accounts,
- conduct security audits and penetration testing on a regular basis,
- implement a systematic code review to ensure secure deployments.

Contact

Email: contact@lundano.com

Phone : +33140055186

Address : 17 rue Joubert, 75009 Paris, France

If you have additional questions or require more information about our Privacy Policy, do not hesitate to contact us through email at dpo@lundano.com