Your Data & Security
At Oneflex, data security and confidentiality are at the core of our concerns. We make every effort to protect our clients' information while adhering to the strictest compliance standards, particularly the General Data Protection Regulation GDPR. Discover how we secure your data and protect your personal information through advanced security measures and specialized teams
GDPR Compliance and Customizable Data Management
We fully comply with GDPR, ensuring our clients have complete control over the management of their personal data. Here's how we proceed:
• Customization of data retention duration:
Each client can define their own policy for retaining sensitive data, such as personnel assignments. For example, you can choose a retention period of 36 months or any other duration that suits you. Once this period has elapsed, the data is automatically anonymized or deleted according to your preferences.
• Data deletion at the end of contract:
In case of contract termination or expiration, all associated data is immediately deleted from our systems, ensuring maximum protection of your information.
• Anonymization of archived data:
Profile data of archived users is anonymized to preserve the accuracy of overall statistics while respecting the confidentiality of personal information.
• Data management by clients:
Our clients have the ability to determine when the data of archived users should be anonymized, thus offering complete control over their information.
Data Security and Hosting
We have implemented rigorous security measures to protect your data at every stage:
• Hosting in Europe:
All data is hosted in our data centers located in the Île-deFrance region. Additionally, our service providers host their data in Europe, ensuring compliance with European regulations.
• Data segregation:
To guarantee security and confidentiality, client data is strictly segregated, preventing any unauthorized access between different client environments.
Dedicated Security Team and Incident Management
Data security is an ongoing priority for us. Here's how we ensure your data is always protected:
• Dedicated security team:
We have a team of senior developers responsible for continuously monitoring production incidents and resolving security vulnerabilities. This team is supported by a qualified Information Systems Security Manager ISSM and Data Protection Officer DPO, specialized in GDPR compliance and security regulations.
• Proactive incident management:
Our team is trained to respond quickly to any security incident, ensuring continuous protection of your data.
Source Code Security and Audits
We conduct rigorous security audits to ensure the security of our source code and systems:
• Annual audit with Synacktiv:
We collaborate with Synacktiv, a leading security company in France, which conducts in-depth technical security audits on our source code. These audits are performed in white-box mode, meaning Synacktiv has access to our complete source code to perform comprehensive security tests.
• Continuous audit with SonarQube:
In addition to annual audits, we use SonarQube, a code quality tool, to perform continuous audits of our source code. This tool allows us to quickly detect and correct any vulnerabilities, thus ensuring the security of our applications.
Protection of Data in Transit and at Rest
The security of data in transit and at rest is essential for us:
• Encryption of data in transit:
All data in transit between our servers and users is encrypted using the TLS 1.3 protocol, offering end-to-end security.
• Encryption of data at rest:
Data stored on our AWS servers is protected by AES 256 encryption, the industry standard for data security.
Let's talk about it !
by