We hold ourselves to the highest standards
A solution built to secure your data
End-to-end security controls
At PeopleSpheres, we strive to be your trusted partner by becoming a leading example of security, reliability and transparency. Our comprehensive approach to data security and compliance includes:
Learn about our security and GDPR compliance in more detail
Yes, PeopleSpheres and its solutions respect the GDPR.
If you would like to know more about PeopleSpheres’ GDPR obligations, you can read the rest of this article or the explanatory material provided by our teams. For any additional questions, do not hesitate to contact our Data Protection Officer (DPO) at the following e-mail address: firstname.lastname@example.org
Yes, PeopleSpheres is currently certified with the AFAQ Data Protection certification.
The data protection regulations are part of the logical follow-up of the Data Protection Act. This new regulation added principles and obligations: we have deployed the necessary resources for the proper implementation and application of these new rules. Today, a DPO manages the various topics related to this issue.
First, we started by reading the legislation. After reading and understanding it, we identified the important points and possible improvements to our daily practices.
The aim was to further develop the evaluation already done. PeopleSpheres consulted the CNIL Governance label, which incorporates the principles of the GDPR. Finally, these two phases gave us a clear and precise plan of action.
The rest of the methodology was based on the fundamentals of risk management: assessment, prioritization, correction and prevention.
We have obtained different storage locations thanks to our partners. Most of the data is stored in France, the rest is stored in England.
No, the legislation imposes an obligation on the safe storage of data and requires a framework for non-EU data transfers.
If you want to transfer data outside of the European Union, you will need to look at whether the CNIL authorizes data transfers to this country.
The link below gives you access to a world map that lets you estimate the level of security that the country can offer you.
We are aware of the apprehension and the effect that this law might have on HR managers. This is why all of our clients will find explanatory material for the GDPR in the PeopleSpheres Support Center.
If you wish to consult this material, type “GDPR” in Search.
You will have access to the following documents:
– GDPR: Rights of the persons concerned
– GDPR: Inform my employees
– GDPR: NeoSpheres Compliance Action Plan
– GDPR: Write your internal policy regarding data protection
– GDPR: Legal bases and legitimate interests*
– GDPR: Enter MonPortailRH in my register of processing operations
Consultants are subject to very strict internal rules that they must respect:
– Rules for limiting the retention of data
– Rules for securing the transfer of files
– Acting on written instructions
Keep in mind that the team of consultants is not required to answer all your questions on the protection of your data. You will be directed to the Data Protection Officer who will answer all your questions.
No. Our company has strengthened these procedures so sending files containing personal data is no longer possible: consultants can no longer accept these documents.
For more information, you can request our explanatory guide of this new operation.
Randomization and generalization are the two main approaches to anonymizing data. Most publishers use one of these two methods.
Regarding the deletion of data, we are able to erase data from the active base: it will be deleted when the back-up bases are synchronized.
The GDPR modifies the rules concerning deletion/ anonymization through two elements:
– Chapter II, Article 5, paragraph (e): “kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the personal data are processed”
– Chapter III, Section 3, Article 17: Right to erasure (“right to be forgotten”).
These two articles must therefore be taken into account.
The first principle is retention, which should be applied as long as necessary. The retention period varies according to the needs of the activity and the legal obligations.
The second principle is the right to be forgotten. When the mandatory retention period is exceeded, the data can be deleted on the person’s request.
Please consult this article for more information: https://www.cnil.fr/fr/reglement-europeen-protection-donnees/chapitre3#Article17
If you wish to exercise one of your rights, a reply must be provided within one month of the company receiving your request.
If the company receives many requests, it can add an additional response time of two months (which makes a maximum of three months).
However, the company must keep you informed of this change of deadline within one month of receipt of your application. The company is not required to specify deadlines.