Security and Data Protection Policy
Ref.: connect.speechi.com – Speechi Connect
Last update: 28 June 2024
About This Document
Speechi Connect is an all-in-one solution for the optimal management and operation of interactive screens, focusing on personalisation, security and a seamless user experience.
The purpose of this document is to guide the user (“User”) of the Speechi Connect solution (“Speechi Platform”), a Software as a Service (SAAS) solution, developed, published and managed by Wouarf, SAS registered with the RCS of Lille Métropole (Siren number 449 742 667), registered office located at 12 rue de Weppes, 59800 Lille, France (hereinafter referred to as “Speechi” or “the Publisher”), accessible via the URL www.connect.speechi.com (hereinafter referred to as “the Service” or “the Platform”); through the Speechi Connect Privacy Policy.
This Privacy Policy applies to every use of the Speechi Platform or Services, during the period of use of Speechi Connect products and services, during the process to register to the Speechi Connect solution and thereafter.
Data Controller
As the “Data Controller”, Speechi is responsible for collecting and using User information in accordance with this policy. As such, Speechi is committed to ensuring that the collection and use of information is carried out in a lawful and secure manner, while protecting the rights of Users. This includes, for example, ensuring that Users have access to the information Speechi keeps about the User.
For any data protection concerns or to exercise his/her data protection rights, the User may contact Speechi at the following address: privacy@speechi.com.
Definition of Personal Information
The term “personal information” or “personal data” means information that specifically identifies an individual (such as a name, mobile number, email address or other account number), and information about the location or activities of that individual (such as information about the User’s use of Speechi Connect Services, IP addresses or mobile device details) when directly linked to personally identifiable information.
Personal information does NOT include anonymised information, which is data about the use of the Speechi Connect Services from which individual identities or other personal information have been removed so that the data subject cannot be identified directly or indirectly. This data is used to understand User trends and needs so that Speechi can better consider new features or otherwise adapt its Services. This policy does not in any way restrict the collection and use of this information.
Collected Information and Use of Collected Data
Information Provided by the User
Account Registration Information
When a User registers and creates an account, in order to use the Speechi Connect Services, the following information is collected about this User:
- Name
- First name
- Email address
- Email verification code
- Password
- Country/Region
The User’s Country/Region is collected in order to offer the Speechi Connect Services in the language of the User’s Country/Region of origin and to identify the areas to be supplied and where to store the data.
Once registered, the User will be able to review and amend this information via the product settings and will be responsible for ensuring that his/her account details are up to date.
Support Service Information
If the User contacts the support team, the information provided during the interaction may be collected. In some cases, these interactions may be recorded to improve service quality. In such case, the user’s prior consent is required. No recording may occur without the prior consent of the User.
Sharing Resources or Documents
Speechi Connect offers temporary storage to the User to facilitate secure exchanges between their devices and the interactive screens. Storage is highly secure and all access and processing is described in the “Storage and Security of Exchanges” section below.
Information Collected by Speechi
Information About the Interactive Screen
Speechi collects information about the device used by the User to access its services, such as the IP address of the device, the device identification and longitude and latitude information (approximate precise location at country level) for location purposes. Speechi may also collect data such as device information, events and other technical, behavioural and preference data entered and/or accessed on the Speechi Platform.
Policy on Cookies and Other Similar Tracking Technologies
By using our services, the User agrees that we may automatically collect information through the use of “cookies” or other similar tracking technologies in order to analyse trends and manage the Services. Many browsers allow you to control the use of cookies at the individual browser level.
Cookies are small text files that are stored on the User’s device in order to ensure the proper operation of the services and convenient access to them. Cookies generally contain login details, website names, numbers and characters. We only use the cookies that are strictly necessary for our services to operate, such as connection data. We consider the information collected by cookies and similar technologies to be non-personal information as it does not contain any personally identifiable information about the User. However, as Internet Protocol (IP) addresses or similar identification are considered as personal information by national laws, we will also comply with the laws of the countries in question.
If the User wishes to block, delete or be notified of cookies, he/she should refer to the instructions or help screen of his/her browser or mobile device to find out more about these functions. The User may not be able to delete or deactivate cookies on some mobile devices and/or some browsers.
Users should be aware that if a browser or mobile device is configured not to accept cookies or if a User rejects a cookie, some parts of the platform or services may not function properly. For example, the User may not be able to connect and access some functions.
We do not use cookies for purposes other than those set out in this policy.
Authentication
The Speechi Connect platform uses IAM (Identity and Access Management) for user authentication, guaranteeing a high level of security and reliability. Speechi does not have any knowledge of usernames or passwords. The IAM Cloud service offers a number of advantages:
- Simplified connection: compatible with major identity providers such as Google and Microsoft.
- Biometric recognition: integration of biometric recognition for enhanced security and an improved user experience.
- Multi-factor management (MFA): dual authentication for enhanced protection.
- Scalability: supports millions of users without compromising performance.
- Compliance and security: certified as compliant with international security standards, including GDPR and HIPAA.
- Reduced risk: by relying on a specialised, globally recognised supplier, the security risks associated with managing login details and access internally are controlled and limited.
Storage and Security of Exchanges
Secure Temporary Storage
Speechi Connect offers temporary storage to facilitate secure exchange between the User’s devices and interactive screens.
There are many advantages to this approach:
- Secure exchanges: data is transferred securely without leaving any trace on the servers.
- Non-persistence of data: no data is retained after use, minimising the risk of leaks or unauthorised access.
- Default SSE encryption: server-side SSE encryption is designed to protect data at rest. Objects are encrypted using the SSE-S3 (Server-Side Encryption with S3-Managed Keys) standard with encryption keys managed by the storage server.
- Encryption of data in transit: to secure data in transit, data is encrypted using Transport Layer Security (TLS 1.3).
- Certification and compliance: our storage servers benefit from numerous security and compliance certifications, including PCI-DSS, HIPAA/HITECH, FedRAMP, SEC Rule 17-a-4, FISMA, and comply with the European Data Protection Regulation.
No Direct Access to Personal and Professional Storage
The Speechi Connect Platform is designed to protect the privacy of Users and their sensitive data. As such, Speechi guarantees that there is no direct access to the User’s professional or personal storage environments. This strict separation protects information against any attempt at intrusion or exploitation.
No file transits through the Services either during the transfer of data from the User’s devices to the interactive screen, or during the retrieval of data from the interactive screen to the devices. Speechi uses a system of pre-signed urls, and streams are encrypted using TLS 1.3.
Data Encryption
The security of data stored on the Speechi Connect platform is ensured by advanced encryption mechanisms:
- SSE-KMS (Server Side Encryption with Key Management Service) encryption: all stored data is encrypted and readable using a unique encryption key. The data cannot be read without this encryption key.
- Key management: encryption keys are secured using an independent key management system.
- Secure transport: data is transmitted using secure protocols (TLS/SSL) to prevent interception.
Deleting Data at the End of a Session
We ensure the confidentiality and security of activities by deleting all records of User sessions when the User leaves the interactive screen:
- Deleting notes: all notes entered on the interactive screen are automatically deleted at the end of the work session.
- Browsing History: the Internet browsing history, as well as any login and password entered during the session, are automatically deleted.
- Downloaded files: downloaded files are also deleted at the end of the session to avoid any unwanted retention.
Notification in the Event of a Data Breach
In the event of a breach of personal data, Speechi will notify the affected user and the relevant data protection authorities in accordance with legal requirements and within the required time limits. Speechi also undertakes to provide any assistance required to effectively document, resolve and communicate the breach.
Data Localisation and Management
Speechi is committed to complying with the European data protection regulations. The SAAS servers are located in Europe, more specifically in Ireland, France and Germany, guaranteeing:
- Full compliance with the GDPR and European Union directives on data protection.
- High levels of performance and availability thanks to a robust, scalable infrastructure.
A Content Delivery Network (CDN) is natively integrated into the Platform so that when a user requests content, the CDN redirects this request to the server closest to the user, thereby minimising latency.
Selection of Subcontractors
Speechi rigorously selects its subcontractors and technology partners, which must provide sufficient guarantees regarding the implementation of appropriate technical and organisational measures, in accordance with the requirements of the General Data Protection Regulation (GDPR) and the regulations in force.
For example, it may involve:
- Companies with which Speechi collaborates to provide its Services, for example the company hosting the Website
- Analysis providers assisting Speechi in improving and optimising the Speechi Connect Platform
- Insurers/insurance brokers assisting Speechi in preventing risks related to business management
- Business partners, suppliers and subcontractors with which Speechi is linked for the performance of the contract concluded with them
- Speechi’s professional advisers, such as lawyers, accountants, etc. when they need information to advise Speechi
- The police, administrative and tax authorities, when a request is issued, for example as part of crime prevention or prosecution
Non-Transfer Agreement: Speechi may from time to time need to use international suppliers or partners to ensure that it provides its clients with the best products and services: as such, Speechi keeps the personal data of its clients and users within the European Economic Area (EEA) but in order to run its business, data may from time to time be transferred, used, stored outside, in countries where data protection laws may not be equivalent to those in the EEA. However, in no event will personal data be transferred outside the EEA without adequate safeguards and in accordance with the transfer conditions provided for in the applicable regulations. Speechi undertakes to inform users in the event of any change in policy regarding the location of data storage.
Data Retention Period
In accordance with its legal obligations with regard to data protection and confidentiality, Speechi only keeps the personal data it processes for as long as is necessary to achieve the purpose(s) for which Speechi initially obtained the data.
| Purposes | Subpurposes | Retention Period |
|---|---|---|
| Communication management and external information | Provision of the Speechi website and platform and management of its operation (logs) | Maximum 6 months |
| Issue of a newsletter and corresponding statistics | 3 years after the last contact, unless unsubscribed earlier | |
| Sending communications relating to the operation of the Website | Until the client account is deleted or the client unsubscribes | |
| Responding to forms / contact requests via the Website or Platform / disputes | 1 year following request closure | |
| Opposition right management | 3 years following exercise of opposition rights | |
| Customer relationship management | Invoicing | 10 years for accounting documents (invoices) |
| Unpaid invoices and dispute management | 3 years from the end of the commercial relationship, then archiving for the period during which Speechi may be held liable. | |
| Management of requests to exercise rights | 1 year for identity documents in the event of exercising the right of access or rectification | |
| Production of sales statistics | Retention of data until deletion of the account by the user or 2 years from the last activity on the account by the client | |
| Customer account management | Creation and management of online accounts | Retention of data until deletion of the account by the user or 2 years from the last activity on the account by the client |
| Prospect relationship management | Commercial communications | 3 years from the date of collection of the data by Speechi or the last contact with the prospect |
| Answering a request for a quote | Duration required to respond to the request and its consequences |
After these periods, Speechi will delete or anonymise personal data to ensure such data can no longer be linked to the data subject.
Data Access and Correction
In accordance with the GDPR and other applicable laws, the User has specific rights regarding his/her personal data, which the User may exercise by contacting Speechi by post or by email at privacy@speechi.net.
These rights are as follows:
- Right of access: the right of data subjects to access their personal data and request a copy in electronic format. In the event of multiple requests for copies of personal data, Speechi may charge a reasonable fee based on administrative costs.
- Right to be informed: right to obtain information on the conditions of processing (recipients, purposes, categories of data, etc.).
- Right to rectification of inaccurate information: if a data subject has reason to believe that personal data collected on his/her behalf is inaccurate and cannot be corrected directly, the data subject may contact Speechi at the above address.
- Right to erasure/deletion, for example if the personal data is no longer necessary to achieve the purposes for which it was collected. Speechi will respond to the request and delete the data if necessary, in accordance with and to the extent allowed by applicable laws.
- Right to restrict or object to processing: the right to request that the processing of personal data be stopped and/or suspended where the interests, rights or freedoms of the data subject prevail over Speechi’s legitimate interests in continuing such processing. Speechi will respond to the request to restrict / suspend / stop the processing of data where necessary, in accordance with and within the limits of applicable laws.
- Right to request the cessation of all marketing communications: any data subject may stop receiving communications from Speechi by clicking on the “unsubscribe” or “no longer receive” link included in each email.
- Right to data portability: the right to receive from Speechi the personal data provided, in a structured, commonly used and machine-readable format, the right to transmit this data or to ask Speechi to transmit it to another service provider.
- The right to define directives relating to the treatment of data after death, regarding the conservation, deletion and communication of data after death; or to designate a person to carry out these directives.
Speechi reserves the right not to respond to any requests received where Speechi is legally entitled to do so, for example if Speechi reasonably considers that a request is malicious, technically very costly, involves disproportionate effort or infringes the rights of others.
Any interested person may contact Speechi regarding these rights at the above-mentioned email address; if, however, they feel that Speechi has not responded adequately, they may submit a complaint to the CNIL (Commission nationale de l’informatique et des libertés) located at 3 Place de Fontenoy – TSA 80715, 75334 PARIS CEDEX 07, FRANCE.
Audit and Compliance
Speechi undertakes to carry out regular security audits to verify the compliance of its data protection measures with best practice and regulatory requirements. The results of these audits will be shared with the regulatory authorities upon request.
Third Party Links
The Speechi Connect Services may contain links to third party websites.
If a user follows a link to the website of any third party, they are expressly advised that these websites have their own privacy policies and Speechi will not be liable in relation to them.
Update of this Privacy Policy
The main purpose of this privacy policy is to provide up-to-date and accurate information on how Speechi collects and uses the personal data entrusted to the company. Therefore, this policy is regularly reviewed to ensure that privacy is adequately protected. Accordingly, Speechi reserves the right to update and/or modify this policy at any time by publishing the updated version on its Speechi Connect Platform and related Services. For this reason, Speechi recommends that all visitors to its platform regularly check the privacy policy for the latest information. In the event of significant changes to this confidentiality policy, information will be sent to users when they access its Services.
How to Contact Speechi
For any questions relating to this privacy policy, to stop receiving services or further information, to exercise your rights, or any other request relating to this policy, please contact Speechi via:
- By post: 12 rue des Weppes – 59800 Lille, France
- By email: privacy@speechi.net
- Phone: +33.3.20.34.74.25
Speechi will respond at the earliest opportunity.
