From a technological partnership of several years, Cryptosmart 5.2 opens new possibilities for the deployment of top performing devices. Monaco, the 11th October 2018 – Today, Samsung and Ercom mark a turning point for enterprise mobile security, with the release of Cryptosmart 5.2, a globally unique solution to address increasing threats and the unprecedented risks…
The Application is one of the software components of the Cryptobox platform, managed and hosted by Ercom, and accessed remotely. Cryptobox is therefore a “SaaS” solution in this configuration.
1. Account Manager data and Cryptobox usage data
Ǫ What Account Manager data do we possess?
® Essential information: first name, last name and e-mail address.
To allow subscriptions to Cryptobox, we need the first name, last name and e-mail address of the Customer’s Account Manager, in order to send him/her a link and a password by e-mail to access the Cryptobox Application.
This information is communicated to us by the Customer who has subscribed to the Cryptobox service. Designed to identify and authenticate Account Managers, this data is kept for the entire duration of the subscription.
Ǫ What solution and service usage data do we have access to?
® Only usage data.
For the purpose of administering the service, we collect the following usage data from the solution (metadata):
- Connection date and time
- Actions: logins (success/failure), adding/deleting user(s), adding/deleting Account Manager(s), modifying user/Account Manager rights
- Connection IP address
In addition, we may access license information (number of users, activation status, start date, end date) that is not personally identifiable, but may be indirectly associated with users of the service.
This information is collected automatically on our servers. Designed to understand, manage and improve the use of the Cryptobox solution as well as allow Customers to manage the service, this data is kept for one year after its collection.
2. End user data (you)
Ǫ What identifying data about you do we possess?
® Only your first name, last name and e-mail address.
When subscribing to the Cryptobox service, a Customer sends us the first name, last name and e-mail address of each user authorized to access the service, and we invite directly authorized users by e-mail to create their account using the Application.
As such, we send a hypertext link to the e-mail address provided to verify the e-mail address and finalize your registration. In order to use Cryptobox, you must be registered, either through a list sent by Customer while subscribing to the Cryptobox service, or throughout the subscription, you may be invited by an existing Account Manager.
Then, when you first log into the Application, we need to verify that you are authorized to use Cryptobox.
For this, when you register, you provide us with only your first name and last name (we already have your e-mail address that was communicated to us by the Customer or the Account Manager) (hereafter, “Identifying Data”). We do not ask you for any other personal information. This information is mandatory in order to validate your registration.
Your access to Cryptobox is conditional on your account being validated by an Account Manager.
When you finalize your registration, your first name, last name and e-mail address are communicated to the Account Manager to inform him/her of your registration to Cryptobox and allow him/her to validate your account.
Your personal data is also used when another Cryptobox user designates you as a trustee (hereafter, “Trustee”), i.e. the trusted person through which this user can access his/her account in case he/she has forgotten his/her password.
Ǫ Can we see the content of your shared documents?
® We are not able to access the content of your shared documents.
Files uploaded or downloaded to/from Cryptobox are encrypted end-to-end from/to your device. They are only accessible to users you have designated yourself.
The files you store in your collaborative workspace (hereafter, the “Workspace”) are kept for the duration of the subscription, and for a period of 30 days afterwards to allow you to recover your files by downloading them. After this period, files are deleted from our servers. However, if you are using an evaluation version or trial license of Cryptobox, your documents may be kept for a shorter duration after the end of the license, if at all! Please check the terms of your license!
To allow you to use Cryptobox, the Application also requires the following permissions:
- “Read System Memory”: Reads system shared memory (adding files to the service);
- “Write to System Memory”: Allows you to write to and read from the system’s shared memory (downloading files from the service);
- “Read access to contacts”: Access to contacts to invite them or share documents with them;
- “Internet access”: Access to the device connection status to ensure proper operation of the Application.
Ǫ Can we access your instant communications?
® No, we do not have access to the content of your communications.
Your communications (instant messaging using “My Chats”) with another user are encrypted end-to-end. We do not have access to the content of your communications.
Ǫ Do bug reports allow us to collect personal information?
® Bug reports are not intended to allow collection of personal information.
You can provide us with information about your use of Cryptobox (hereafter, “Bug Reports”) by sending us an e-mail containing information about the performance of Cryptobox or other issues.
In this case, we collect your e-mail address and possibly other personal information that you decide to communicate as part of this e-mail. We generally do not wish to possess such information, which is why we invite you to limit as much as possible personal information in your correspondence. Your e-mail address may however be useful for us to be able to respond!
The Application also include features to automatically detect application anomalies. You have the option to manually share this information with us, or choose to automate this feature. The information sent to us is anonymous and relates to the configuration of the device and the Application.
Ǫ What data do we collect automatically when you use Cryptobox?
® Only usage data.
Usage data revealing Cryptobox usage statistics, also known as metadata, are collected by our servers.
Usage data collected:
- The date and time an action occurred (downloading/uploading files, selecting a Trustee, changing the password, etc.);
- Your e-mail address;
- The name of the server on which the action took place;
- Your IP address;
- The first name, last name and e-mail address of users with whom you communicate:
- In a workspace;
- In a conversation.
This usage data is not visible in the Application and is not communicated to the Account Manager or the Customer (e.g. your employer).
® The Application does not use any cookie.
Ǫ For what purposes do we collect your personal data?
® Only to provide a quality Cryptobox service!
The identifying data collected from you and, where applicable, from the Account Managers and the Customer are required for:
- Manage user identification and authentication;
- Display your first name, last name and e-mail address in the list of users of a collaborative workspace;
- Display your first name, last name and e-mail address to your contacts within Cryptobox, including instant messaging;
- Send e-mail notifications in case you have opted for this feature (e.g. to be notified of scheduled updates or service downtimes);
In addition, usage data (metadata) and any personal information you choose to include in bug reports sent to us are only used for:
- Manage and track Cryptobox usage;
- Display your details (first name, last name and e-mail address) to Cryptobox administrators as part of providing support in response of a bug report;
- Compile statistics to measure adoption and application performance;
- Measure service quality to improve user experience, through a security audit.
Ǫ Where and how is your personal data stored?
® In France, complying with very high levels of security.
Your personal data is stored on servers located in France. Your data will never be transferred outside France.
Cryptobox is designed around security and privacy (security & privacy by design).
Cryptobox security is primarily based on robust encryption technology (AES 256-bit). It secures user-to-user communications and file sharing between users and external partners, data storage within Cryptobox, and provides Cryptobox with robust protection.
Your personal information is stored on our servers located in France. Their logical access (with end-to-end encryption) and physical access (restricted and protected access) is very secure.
Ǫ Who can access your personal information?
® Very few people…
Your identifying data and, where applicable, your Trustee status, are communicated to the Account Manager.
Other personal information resulting from your use of Cryptobox may be accessible to the Account Manager depending on the subscribed offer. For more information on access and use of your usage data by your organization, please contact the relevant services at your organization.
When the Customer does not have access to your usage data, these may be aggregated and anonymised, and provided to the Account Manager and/or the Customer responsible for your account, but these are no longer personal information!
Access to your personal information is restricted to our authorized employees, as well as our vendors bound by very demanding confidentiality agreements. In both cases, only members on a strictly need to know basis can access personal information, and can only use them for the purposes listed above.
We do not commercially exploit your data and guarantee they are not transferred to third parties other than those mentioned above, and only because it is strictly required for your use of Cryptobox.
We may however be required to provide your personal information in case of legal or regulatory obligation, or resulting from a decision of a relevant judicial or administrative authority.
Ǫ What is the retention period for personal information?
® The duration strictly necessary, no more!
We keep your usage data (metadata) and the personal information possibly contained in Bug Reports for a duration of one (1) year after their collection.
Other personal data (specifically, your first name, last name and e-mail address) are kept for the entire duration of your rights to use Cryptobox. Once your rights have come to an end, for any reason (including deletion of your account), we may retain this data for up to one (1) year for billing purposes, facilitating subscription, and to improve user experience.
At the end of the retention periods mentioned above, all your personal information will be deleted from our servers or anonymised.
Termination of your rights to use Cryptobox does not, however, affect the information that other Cryptobox users possess about you (including messages you sent them).
Ǫ How do you access your personal information?
® By contacting us, preferably by e-mail
You have the right to access your personal information to check their accuracy and correct them as necessary. Your personal information may be updated, corrected or modified as appropriate. We will endeavor to fulfill your request as soon as possible, but this right should not be exercised in an exaggerated or abusive manner.
You also have the right to request a copy of your personal information.
You also have the right to oppose or limit the processing of your personal information, to withdraw your consent to their processing, as well as request the deletion of your personal information. Note, however, that exercising this right may affect your ability to use Cryptobox.
You can exercise this right in association with your personal information by contacting us by e-mail at: firstname.lastname@example.org.
If, after contacting us, you believe the rights regarding your personal information have not been enforced or if you believe their processing does not comply with privacy protection rules, you may file a complaint with a supervisory authority, such as CNIL in France.
Ǫ Your consent
Ǫ Contact us
6 rue Dewoitine, Immeuble Rubis
Tel: +33 1 39 46 50 50