DATA PROTECTION POLICY
This statement explains how WorkStreams handles the personal data of public users who access the various digital instances it provides.
DEFINITION
The term 'personal data' refers to any information relating to an identified or identifiable natural person. A natural person is considered identifiable if they can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, or an online identifier. Data processing refers to any operation performed on the personal data of the user, regardless of the means used (automated or not). This includes collection, recording, organization, structuring, storage, adaptation or modification, extraction, consultation, use, communication, dissemination or any other form of making available, matching or interconnection, restriction, deletion or destruction of this data.
LEGAL BASIS
The data processing carried out by WorkStreams is subject to the Federal Data Protection Act (DPA) and the Ordinance to the Federal Data Protection Act (ODPA).
PURPOSE
WorkStreams only processes data necessary for a user-friendly, secure, and reliable digital service. This may include data related to registration on a digital instance, navigation data, browser and device data, content data, metadata or secondary and usage data, location data, sales, contractual, and payment data. Data processing is carried out only for the period necessary to achieve the purpose related to the use of the digital instance. If data needs to be used beyond the purpose or period for comparison statistics, for example, it is anonymized. Personal data that is no longer needed is deleted.
USER RIGHTS AND ACCESS TO PERSONAL DATA
Public users whose data is processed by WorkStreams have rights provided by Swiss data protection law. These rights include the right of access as well as the right to rectification, deletion, or blocking of processed personal data. Users whose personal data is processed by WorkStreams have the right to lodge a complaint with a competent supervisory authority. The supervisory authority for data protection in Switzerland is the Federal Data Protection and Information Commissioner (FDPIC). In light of these rights, users may request an extract of their personal data and/or request the deletion of their user account by contacting contact@workstreams.ch. The entity responsible for processing personal data is: WorkStreams, Sàrl, Route des Acacias 43, 1227 Les Acacias. The person designated as responsible for data processing at WorkStreams, Sàrl is: Mr. Fabrice Roublot, WorkStreams Sàrl, fabrice.roublot@workstreams.ch
SERVER LOCATION
WorkStreams (WS) has a housing contract with Infomaniak SA. It declares that it has no other subcontractors. All WS servers are located in Switzerland and are owned by WorkStreams Sàrl. No data transfer is made to another third party. WS takes all technical and organizational measures to ensure the protection and security of data. Despite these measures, data processing on the Internet can present security vulnerabilities. Therefore, WorkStreams cannot guarantee absolute data security.
DATA SECURITY
All exchanges with WS servers are protected by SSL (Secure Sockets Layer) and TLS (Transport Layer Security) encryption. The digital instances operate via an https (HyperText Transfer Protocol Secure) protocol, preventing interception and modification of data in transit, thus protecting sensitive information such as passwords or credit card data. Physical access to the servers or storage system (database, file system, etc.) is only possible for two authorized individuals at WS, who are partners. All access is logged. Access to physical systems (servers, routers, etc.) is protected by biometric identification, and access to software systems is protected by RSA 2048-bit key encryption.
PRIVACY POLICY
Only the information necessary for the operation of the digital services managed by WorkStreams is collected. No transfer or sharing of data with a third party is carried out. WS retains as little information as possible. The retention period for data is as short as possible. It corresponds to the duration of the contract and the legal fiduciary requirements. Personal data retained may include:
Contact Data
| Name |
| First Name |
| Job Title |
| Company Name |
| Email Address |
| Language |
| Physical Address |
| Profile Picture |
| Identification Data |
| Password (hash) to allow authentication and service access |
Security Data
| IP Address |
| Operating System |
| Browser |
| Connection Date |
Interaction Data
| Video Encoding Level |
| Training Data |
| Connection Duration |
| Progress Status |
| Question Responses |
| Uploaded Documents |
| Score |
| Completed, Started, Accessible, or Assigned Courses |
COOKIE POLICY
The cookie policy of WS consists of minimal information retention. Only information about the user that is strictly necessary for the system's operation is collected and exposed.
This includes:
| Cookie Name | Purpose |
|---|---|
| Tokenpublic | Unique identifier of a user allowing access to their public information by other users. |
| SessionID | Unique session number for a user (manages reconnection). |
| Tokensession | Unique identifier of a user (manages authentication). |
| Name | User's name. |
| Firstname | User's first name. |
| Login | User's email address. |
| Job | User's job title. |
| Organization | User's organization. |
| Lang | User's language. |
| Bitrate | Video encoding level. |
| Level | User's role (administrator, manager, user). |
The cookie's lifespan is equivalent to the user's session. However, if the user wishes to remain logged in, the cookie's lifespan will not exceed two months.
A notification about cookie usage is displayed to users on each visit to the digital instance.
FINAL PROVISIONS
WorkStreams may modify and supplement this data protection statement at any time. Changes and additions will be announced in an appropriate form on the digital instances managed by WorkStreams.