STORMSHIELD makes it a priority to process and protect your personal data in accordance with legal requirements. In this document, we will explain how Stormshield Data Security collects, uses and processes your personal data.
Types of data collected and purpose of their collection
The information that Stormshield Data Security collects is used for the operation and improvement of features offered.
Identification information. Stormshield Data Security collects your name and email address from the encryption certificate provided by your administrator. Such information will then be written in the confidential files that you protect.
If you received your encryption certificate on a smart card, depending on your hardware configuration, Stormshield Data Security may potentially use your device’s Bluetooth or NFC interfaces to read your card.
Email addresses of your contacts. Stormshield Data Security collects the names and email addresses of users with whom you wish to share confidential files. To make it easier for you to enter these addresses, Stormshield Data Security can extract them from your address book.
These names and email addresses are used in order to:
- – Look for your collaborators’ encryption certificates,
- – Send an email to them, if you wish to do so, informing them that you have published a confidential file meant for them,
- – Compile the list of authorized users in each protected confidential file.
Authentication tokens. When Stormshield Data Security uploads/downloads a file to or from a file sharing service such as Dropbox, Microsoft Office 365, OneDrive, SharePoint On-Premises, SharePoint Online, authentication on this server is performed by the specific synchronization tool from the file sharing service.
Stormshield Data Security does not store or know the username or password of your file sharing service account. It only retains the authentication token so that you can download/upload a new file later without having to reauthenticate. This token is stored encrypted on your device and is valid for the duration set by the file sharing service. The solution does not access any other information from your file sharing service account.
Location. Stormshield Data Security gathers information on the location of your device in order to determine the country you are in and apply restrictions on use in your organization’s security policy, if necessary, for the country in question.
Log files. Stormshield Data Security logs the operations you perform with the product: logon/logoff, encryption/decryption of documents, publication of documents in shared areas, etc. The following types of data are logged:
- – Operations performed, date and time,
- – Your email address and the email addresses of users with whom documents are shared,
- – The name of the shared file,
- – Information about your device: operating system, device model, device name and IP address.
This data is first stored on the device where it is read/write protected. Only Stormshield Data Security can read and edit it. The data will then be transferred to your organization’s administration server: the TLS protocol ensures the confidentiality and integrity of this transfer. Once it has been transmitted, the data will be erased from the device and the administration server will be responsible for protecting the data it has received.
Such data is collected mainly to:
- – Track the deployment of the product in the targeted device pool,
- – Ensure that documents are properly protected in accordance with your organization’s security policy,
- – Control the distribution of the product in relation to its license,
- – Generate various usage reports, such as: by shared area, by type of device, etc.,
- – Check that the product runs correctly and improve the product.
This data is stored on the administration server for periods that can be configured (maximum one year).
Sharing collected data
The data described above will never be sent to STORMSHIELD S.A.S: it either remains on your device or it is sent to a central server managed by your organization.
These privacy rules may be revised periodically (see “Publication Date” below).
Date of publication: February 13, 2017