Stormshield SAS (also known as, "Stormshield", or "we" or "us") appreciate your interest in our products, services and business lines and your use of our websites, portals and "apps". Your privacy is important to us and we want you to feel comfortable using our websites. The protection of your privacy and Personal Data is an important concern to which we pay special attention throughout our business processes. Personal Data collected during use of our Web Application “Stormshield Data Security for Email”, also called “SDS for Email”, is processed by us according to the legal regulations valid in the European Union.
Stormshield is committed to protecting the rights of individuals in line with the General Data Protection Regulation (reference EU2016/679) of the European Parliament and of the Council of 27 April 2016 on the protection of physical persons with regard to the processing of Personal Data and on the free movement of such data (hereinafter referred as: 'GDPR') as well as each applicable national Personal Data protection laws and regulations (collectively referred to as "Data Protection Laws and Regulations").
This Privacy Policy serves to inform you of the Personal Data we collect when you access/use the service; how we use and disclose your data; how you can control the use and disclosure of your data; and how we protect your Personal Data.
Personal Data is information that can be used to identify a person either directly or indirectly (hereinafter referred to as: 'Personal Data'). A 'personal identifier' is a piece of information that can identify an individual. This definition covers a wide range of personal identifiers to constitute Personal Data, including name, address, email address, identification number, location data or online identifier.
When you use this service, Stormshield will collect, use and process any information generated as a result of using the service, such as IP address or location information from your device. The user settings and private key are stored in the browser. This saves the user from having to re-import the key each time the application is opened.
NAME | PURPOSE | RETENTION PERIOD |
Private keys (PGP) | Storage of the private key on the user's browser to avoid having to re-import the key each time the application is opened | Up to the cleaning of the data in the browser |
Public keys (PGP) | Speed of execution for sending emails | Web Application life time (between application start and refresh or close of the tab) |
User settings | Storage of user settings (activation/deactivation of crash reporting) | Up to the cleaning of the data in the browser |
By using the Web Application, Stormshield will collect and process your Personal Data in accordance with this Notice. Your Personal Data may be used for the following purposes (hereinafter referred as: the 'Purposes'):
We use your Personal Data for administrative purposes, including to help us better understand how our customers access and use our websites and applications; to provide reports to prospective partners, service providers, regulators, and others; to implement and maintain security, anti-piracy, fraud prevention, and other services designed to protect our customers, partners and us; and to enforce our policies, directives and processes.
We use your Personal Data for customer service purposes, including providing services to you, for technical support or other similar purposes and to provide you with tailored and personalized content and information based on your purchases of Stormshield products; to provide you with new updates; track the registration of your products; generate statistics on the deployment and use of our solutions...
We use your Personal Data for research and development purposes, including improving our websites, applications, services, and customer experience and for other research and analytical purposes dedicated to improving our products and services.
We use Sentry.io, a self-hosted and cloud-based error monitoring tool that helps software teams discover, triage, and prioritize errors in real-time.
The deactivation of this service is possible directly by the user. For this, a toggle button is available on the application. You just have to position the cursor on "off". Caution! If this option is disabled and you encounter a problem, its resolution will be more complex. You can reactivate Sentry.io at any time with the toggle button.
We use your Personal Data to comply with applicable legal obligations, including responding to an authority or court order or discovery request.
Where we believe it is necessary to investigate, prevent or act regarding illegal activities, suspected fraud, situations involving potential threats to the safety of any person or violations of policies, terms, and other policies.
As a responsible company, we need a lawful basis for collecting and/or processing your data. We generally rely on a number of grounds (reasons) for our business processing.
We process your Personal Data in accordance with the provisions set out in the GDPR and the relevant applicable Data Protection Laws and Regulations. The legal basis for processing your Personal Data is:
When you subscribe to a particular service through the Web Application, the purposes of processing your Personal Data are primarily determined by that service and we will process your information so that we can provide that service to you.
When you consent to the processing of your Personal Data by us for the service, you can withdraw that consent at any time by contacting us at dpo@stormshield.eu. For further information on the right to withdraw your consent, please see below Section "Am I obliged to provide my Personal Data?"
In certain circumstances we may not need your consent to use your data, given our legitimate interest to do so but we must inform you when we do this; examples of this are:
Stormshield, as any other company, is subject to legal obligations and regulations. In some cases, the processing of your Personal Data will be necessary for Stormshield in order to fulfill these obligations.
If you access our Services from a third-party application or connect to our Services via a third-party application, you should also read that third-party application's Terms of Service and Privacy Policy.
If you are unclear about what information a third-party application is sharing with us, you should refer to the third-party application provider to find out more about their privacy practices.
Here you can find Google Products Privacy Policy.
Stormshield processes your Personal Data mostly in the EEA.
The data transferred outside of the EEA is the data reported to Sentry.io, an American company. It concerns in particular the application crash reports. See the table below for additional information about this.
Stormshield is based in Europe, we process personal information mainly in Europe.
The data transferred outside of the EEA is the data reported to Sentry.io, an American company. It concerns in particular the application crash reports. See the table below for additional information about this.
If your Personal Data is no longer required for contractual or statutory obligations, it will be erased on a regular basis, unless further processing is necessary, for instance, to preserve particular evidence under applicable Data Protection Laws and Regulations, or in the context of legal statutes of limitation.
All customer data stored on Sentry.io servers is erased upon a customer’s termination of service with account deletion following a 24-hour waiting period in case of accidental cancellation.
We use technical and organizational security measures in order to protect the data we have under our control against accidental or intentional manipulation, loss, destruction and also against access by unauthorized persons. Our security procedures are continually enhanced as new technology becomes available.
You may at any time exercise your data protection rights:
To this effect, please contact Stormshield in writing either by e-mail at the following address: dpo@stormshield.eu or by writing to the address below, enclosing a copy of a document providing evidence of your identity.
Stormshield, Data Protection Officer, 1 Place VERRAZZANO, 69009 LYON, France
You may at any time object to the processing of your Personal Data or where your consent is required, withdraw such consent by contacting us at dpo@stormshield.com. However, please note that if you withdraw your consent, you may not be able to access and use certain information, features or functions of the service.
As a matter of principle, we do not use fully automated decision-making processes. In the event that we should use such processes in individual cases, we will, if prescribed by law, specifically inform you of this and of your rights in this respect.
As a matter of principle, your Personal Data will not be processed automatically with the objective of evaluating certain personal aspects (profiling). In the event that we should process your Personal Data with the objective of conducting profiling, we will, if prescribed by law, specifically inform you of this and of your rights in this respect.
If you are unhappy with the way in which your Personal Data has been processed or should you have questions regarding the processing of your Personal Data, you may refer in the first instance to the Stormshield Data Protection Officer, who is available for enquiries or complaints, at the following email address: dpo@stormshield.eu or you can write to the address below:
Stormshield, Data Protection Officer, 1 Place VERRAZZANO, 69009 LYON, France
If the answers supplied are unsatisfactory, you may then directly approach the French data protection authority: the Commission Nationale de l'Informatique et des Libertés (CNIL).
Cookies are small files or pieces of information, that may be stored, accessed and removed from your device when you access SDS for Email.
They are widely used in order to make websites work, or work more efficiently, as well as to provide information to the owners of the site.
For instance, a “Cookie” may refer to “http cookie”, “flash cookie” (used by some applications or websites relying on Flash technology), local storage area of your internet browser, unique identifier calculated from your internet browser characteristics (also known as “browser fingerprinting”), or unique identifiers related to your device or your internet browser (device serial number, MAC address, Android ID, advertising ID, etc...)].
Cookies allow us to recognize your device and store information about your preferences or past actions. We may use Cookies:
The table below aims to inform you about the type and purpose of each cookie, and the type of Personal Data processed inside, and that we may use in our Web Application:
NAME OF COOKIE | PURPOSE | RETENTION PERIOD | MANDATORY |
Functional cookies | |||
Google Cookies | Google SSO which allows the use of your servers (authentication, authorizations, mail api, contact api) | Up to the cleaning of the data in the browser | Yes |
Audience measurement cookies | |||
Atauthority | Allows you to save the visitor's choice about audience cookies | 1 year | No |
Atuserid | Visitor ID | 1 year | No |
At-optout | Allows you to retain the refusal to collect audience measurement via AT Internet | 6 months | No |
AT internet is an analytic solution that we use to get usage web application statistics.
When the Cookies we use are strictly necessary for technical reasons, they are marked as "mandatory" in the table above. These Cookies do not require your consent and cannot be disabled.
You can prevent Cookies from being stored on your device by setting your browser to not accept cookies. The exact instructions for this can be found in the manual for your browser. You can also delete Cookies already on your device at any time through your browser’s settings.
On the Chrome browser, you just have to go to chrome://settings/clearBrowserData to be able to clear the cookies.
For more information, you can find here detailed documentation from Google on how to clear your browsing data.
Stormshield Data Security For Email will only use access to read, write, modify, or control Gmail message bodies (including attachments), metadata, headers, and settings to provide a web email client that allows users to compose, send, read, and process emails and will not transfer this Gmail data to others unless doing so is necessary to provide and improve these features, comply with applicable law, or as part of a merger, acquisition, or sale of assets.
Stormshield Data Security For Email will not use this Gmail data for serving advertisements.
Stormshield Data Security For Email will not allow humans to read this data unless we have your affirmative agreement for specific messages, doing so is necessary for security purposes such as investigating abuse, to comply with applicable law, or for Stormshield Data Security For Email's internal operations and even then only when the data have been aggregated and anonymized.
Stormshield Data Security for email doesn’t use and doesn’t transfer to any other app of information received from Google APIs will adhere to the Google API Services User Data Policy, including the Limited Use requirements.
Stormshield will update this Privacy Policy from time to time in order to reflect changes in our practices and services and also to remain compliant to Data Protection Laws and Regulations. We will inform you of any substantial modification to how we process your Personal Data.