GDPR Statement – General Data Protection Regulation
Overview
GIDE is an IT Services Company specialising in the processing of survey data in the broadest sense of the term, mostly in the field of market, social and opinion research.
Except in specific contexts, GIDE does not process data on its own behalf but on behalf of its clients and therefore acts as a subcontractor to the data controllers, which are its clients, private or public organisations.
Processing covers data collection, data processing in the sense of statistics (cross-tabulation and data analysis), data restitution in the form of reports, and on request, distribution to various departments of the client.
Collection of information
We program and administer online questionnaires with specialised software developed by GIDE : GIDE therefore has full control over the features of this tool.
All transactions related to the collection of data are carried out using the secure HTTPS protocol (https://en.wikipedia.org/wiki/HTTPS).
Except in specific contexts, GIDE does not use cookies or advertising trackers in its online questionnaires.
The software and the data collected are stored on secure servers owned by GIDE and hosted on protected sites located in France (see § “Subcontracting” below).
Information processing
All processed data, whether collected by GIDE or made available by GIDE’s clients, is stored on secure servers owned by GIDE and hosted in protected sites located in France (see § “Subcontracting” below).
Operations on the data are carried out at the request of the client and executed on the same servers.
The data is not used for purposes other than those for which it was collected or provided, purposes defined by the customer.
The data are, in most cases, processed statistically. In some particular cases, GIDE may be required to process individual data: here again, of course, this is at the request of the customer, and with the consent of the persons concerned.
Transfer of data
Depending on the client’s preference, the data and results produced are exchanged between GIDE and the client in a secure manner either via the SFTP protocol (https://en.wikipedia.org/wiki/SSH_File_Transfer_Protocol), or via a Nextcloud file exchange platform (https://en.wikipedia.org/wiki/Nextcloud) made available to the client and hosted on GIDE’s servers.
Recourse
Persons contacted through GIDE to complete a questionnaire may contact the GIDE client’s data controller to request that they no longer be solicited. In the event that this person is not sufficiently identifiable, GIDE may act as a relay. To do so, send an e-mail to the e-mail address dpo@gide.net giving the necessary and sufficient details (link included in the e-mail received, study concerned, etc.) to process the request in the best possible way.
Subcontracting
With regard to data collection and processing in the broadest sense, GIDE carries out all operations without recourse to subcontracting, except for the following specific operations:
Server hosting
The servers used for data processing operations have been acquired and installed by GIDE. Except in special circumstances, these servers are hosted on Scaleway’s DC2 secure platform in Vitry-sur-Seine (94), on French territory, i.e.: https://www.scaleway.com/en/datacenter/.
Email routing
In order to maximize their deliverability, the solicitation and transactional emails sent by GIDE on behalf of its clients are prepared on GIDE’s servers and routed by the specialized operator Mailjet, ISO 27001 certified and GDPR compliant: https://www.mailjet.com/gdpr/mailjet-gdpr-compliance/.
If they wish, GIDE’s clients may request that the emails be routed directly by GIDE from its own servers.
SMS routing
Solicitation and transactional SMS messages sent by GIDE on behalf of its clients are prepared on GIDE’s servers and routed by the specialist operator Esendex, which is ISO 27001 certified and GDPR compliant: https://www.esendex.co.uk/information-security-statement/.