Individuals
Companies
Marketplace
Lobbyists
ProfitFlow's concept
Buying passive rights: Meet a ProfitFlow lobbyist without obligation
+32 (0)2 31 88 777

Privacy and RGPD compliance

Preamble

Under the obligations laid down by the General Data Protection Regulation (GDPR), ProfitFlow, in its unwavering quest for excellence and compliance, has opted for a proactive approach. From the very inception of its systems and tools, the company has put in place specific mechanisms to guarantee seamless compliance with this regulation. Our technical architecture, the fruit of rigorous and meticulous work, is deliberately designed to preserve the integrity, security and above all the confidentiality of the personal data entrusted to us or passing through our platforms.

Each entity, customer or partner, which interacts with our tools and software, has the prerogative to encrypt its sensitive information, thus offering an additional layer of protection and confidence. This approach, far from being fortuitous, reflects our firm determination to ensure that the fundamental rights and freedoms of individuals, in particular their right to the protection of personal data, are never compromised. This preamble clearly sets out the framework of our commitment and responsibility to implement the principles of the GDPR, and demonstrates our determination to establish compliance and trust as central pillars of our business.

Definitions

For the purposes of this document, it is imperative to establish clarity with regard to the terms used. This section aims to define key terms to ensure mutual understanding and avoid any ambiguity in the interpretation of the text.

  1. Personal data Refers to any information relating to an identified or identifiable natural person, directly or indirectly, in particular by reference to an identifier such as a name, an identification number or factors specific to his or her physical, physiological, genetic, mental, economic, cultural or social identity.

  2. Encryption Encryption: Refers to the process of converting data into a code to prevent unauthorised access. Encryption strengthens the security of information and guarantees its integrity.

  3. Treatment Any operation or set of operations which is performed upon personal data or sets of personal data, whether or not by automatic means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.

  4. Person responsible for processing Controller: The natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data.

  5. Subcontractor A natural or legal person, public authority, department or other body that processes personal data on behalf of the controller.

Autonomous data management by customers

Each customer is in charge of their own data, either via a server located within their company, or by means of an encryption key specifically designed to store this information locally. To ensure that operations run smoothly, a cache is duplicated and stored on the ProfitFlow infrastructure. It should be noted that this duplication in no way alters the customer's control or ownership of the data.

ProfitFlow provides its customers with specific tools, in particular the ProfitFlow.app application and a physical server called PF. These tools have been designed to facilitate autonomous, secure management that complies with the most demanding standards.

The customer undertakes to exercise caution and diligence in the management of its data. It is imperative that it applies rigorous RGPD measures. Furthermore, the client is responsible to ProfitFlow for the correct management and use of its data.

ProfitFlow has integrated native encryption functions into the tools it offers. Several levels of security are available, adapted to the specific needs of each customer. However, it is the customer's responsibility to ask ProfitFlow to activate the level of encryption they consider necessary for their own data management.

ProfitFlow undertakes to provide "best effort" assistance with regard to the management of data by the customer. However, this assistance is limited by the fact that ProfitFlow is not directly involved in the complete management of the customer's data. All support will be offered in compliance with this provision.

By opting for the autonomous management of their data using ProfitFlow's tools, clients acknowledge that they are aware of these provisions and accept them in full.

ProfitFlow's hosting role

ProfitFlow performs two essential functions as a hosting provider: real-time replication of the data cache and the storage of anonymised data aggregated for statistical purposes. These actions enable ProfitFlow to provide optimum performance to its users while guaranteeing a high level of security and confidentiality.

It is essential to understand that the primary responsibility for RGPD compliance lies with our customers. However, as a hosting provider, ProfitFlow takes to heart its role as a guardian of trust and ensures that agreements with its clients include clauses stipulating the need for strict compliance with the RGPD. In the event of a proven breach or complaints from a third party, ProfitFlow reserves the right to terminate the data caching services of the client concerned in order to protect the rights and freedoms of the individuals concerned.

In terms of data retention, ProfitFlow adheres to a rigorous policy: data is retained for as long as necessary to ensure that the protocol functions properly, and is then deleted as soon as it is no longer required for evidential purposes.

With respect to security, ProfitFlow uses all technical measures available to it. These measures include, but are not limited to, the use of two-factor authentication (2FA), encryption of stored files and databases, and encryption of backups.

It should be noted that, although ProfitFlow takes every precaution to ensure the security and compliance of hosted data, it does not offer specific support services as a hosting provider. It is the responsibility of each customer to ensure the security and compliance of their data.

ProfitFlow's limits of liability

ProfitFlow, in its capacity as a technical intermediary and service provider, undertakes to comply with the legal and regulatory provisions relating to data protection, in particular the General Data Protection Regulation (GDPR). However, the liability arising from these obligations is defined and limited by the terms specified in each contract entered into with our customers. Each memorandum of understanding has specific arrangements, depending on its context and imperatives.

It is important to stress that ProfitFlow acts as a facilitating platform between the various players. Consequently, when dealing with our clients' customers, we have no direct control over the way in which data is collected, processed or stored. As such, ProfitFlow cannot be held responsible for any failures or defaults by clients in relation to their GDPR obligations to their own clients.

Our primary role is to provide tools and solutions that adhere to RGPD best practice. However, the ultimate responsibility for compliance with data protection and privacy provisions lies with each business using our service.

We therefore encourage all our partners and customers to ensure rigorous, transparent and compliant management of their users' personal data, to guarantee integrity and trust within the ProfitFlow ecosystem.

Confidentiality clause and data protection officer

ProfitFlow is committed to processing and protecting your personal data in accordance with the General Data Protection Regulation (GDPR). We collect only the information necessary for our services, ensure its security through advanced measures, and guarantee that it is never sold, rented or exchanged without your consent, nor transferred outside the European Union without the consent of the parties concerned. Any questions or requests concerning your data may be addressed to our Data Protection Officer :

DPO ProfitFlow
24PM
2 avenue du bois de chapelles
1380 LASNE
BELGIUM

Procedure in the event of a data breach

In the event of a data breach or suspected data breach, ProfitFlow will take immediate steps to assess the nature and extent of the incident. We will endeavour to contain the breach and implement corrective measures to prevent it from spreading or becoming worse. The relevant authorities will be notified within 72 hours of becoming aware of the breach, in accordance with the requirements of the GDPR.

At the same time, we will carry out an in-depth analysis to determine the underlying causes of the incident. If the breach poses a high risk to the rights and freedoms of data subjects, we will inform them without delay of the associated risks, the measures we have taken or propose to take, and recommendations for limiting the potential consequences of the breach.

ProfitFlow Consortium: "Where value is returned to those who shape it".

en_GB English (UK)
en_GB English (UK) fr_FR Français

The content of this page is protected

Request to be contacted by a lobbyist

Make an informed decision. Fill in the form, share your objectives and discover the ProfitFlow method.

Request more information on companies selling their passive rights
You wish to

GDPR: By validating this form, you consent to us directing your request to the lobbyist best suited to your location, following contact on our part.

Skip to content