GDPR

Storyboard_TechnicalAnalyses_H500.jpg

continu.online and GDPR

continu.online is a business unit of EthiCom CVBA, a legal entity active within communications, IT and consulting industries.

We do everything possible to protect the data we process during our daily operations.

By default, we don't share the data we process with third parties. However, sometimes it is inevitable in order to provide a usable service. Should this be the case in your situation, your consent will be requested accordingly.

If you have any enquiries about your data, please contact our responsible contact:

Ward Van den Broeck
ward@continu.online

Ethicom CVBA
Van Haelenstraat 63
2880 Bornem
Belgium
BE 0475.789.453
https://ethicom.be

Information we collect

Through our activities we collect and process data. We don't keep more data than necessary, longer than necessary.

We collect data from:

  • leads
    • through our website we track visitor data, like locations, clicks and pageviews, to be able to keep improving our website.
    • interested persons can provide contact data (like name, email and company) to request detailed information about our services.
  • our customers
    • customers provide us with data that we need to be able to correctly deliver our services. Data can be addresses, contact persons, telephone numbers or account numbers.
    • for our customers we might offer data processing services. Depending on the scenario we merely process, or process and store internal customer data.
  • suppliers
    • we collect and process data from suppliers that is necessary for delivery of their services.

How we use data

At continu.online we use data to improve our and our customer's IT services. Actions subject to data transactions are:

  • solving a technical problem by email
  • executing a technical change in an IT environment
  • the migration of a business application
  • strategic consultancy by email
  • a performance analysis of an application or service
  • backoffice activities (administration, finance)
  • promotion and marketing
  • human resources

We make a clear distinction between "administrative data" and "operational data".

Administrative data is data collected and used in relation to communication and facilitating transactions with our customers and suppliers. This data is our sole property and portions of it are only shared on a need to know basis with involved parties (example, customer information on an invoice).

Operational data is data subject to our specific IT operations. For our customers we might handle and/or store their internal company data. We always discuss the exact storage location(s) with our customers in full transparency. Sometimes we only handle data that is stored using 3rd party vendors (Microsoft, Google, AWS,...).

How we share data

By default, we don't share data.

However, sometimes data sharing is inevitable to enable quality of service.

We are a "virtual" infrastructure provider. This means we rely on third parties for data center facilities (storage, computing and networking). We work with our customers' privately owned datacenter facilities too.

In normal circumstances, third parties do not have access to data stored on their equipment.

We only share data from customers to suppliers and vice versa on a need-to-know basis to enable delivery of services (for instance, sending a phonenumber from a supplier technician to a customer, so that he/she can let in the technician on the customer premises for certain maintenance).

How we protect data

continu.online has processes and practices in place to ensure that data is handled correctly. We follow a set of simple guidelines:

  • If there's no reason to transfer data, don't transfer it.
  • We only work with GDPR compliant infrastructure suppliers. We only use facilities/regions located in the European Union.
  • Our internal systems are regularly backup'd and stored offline
  • We have implemented several access and authentication methods:
    • physical access ( locks / codes / .. )
    • virtual access
      • firewalls
      • passwords
      • OTP / 2F auth
      • openssl
      • audit logs and NIDS systems
  • We always encrypt data in transport using openssl cryptography

Where we store data

We store data in several locations, in own facilities and with a carefully selected group of suppliers.

Data is always stored in EU regions (Frankfurt, Milan, Amsterdam, Brussels, Stockholm,..).

For details of the GDPR policy of involved third parties, we would like to share the website of those parties:

  • EnterCloudSuite srl: https://www.entercloudsuite.com
  • DigitalOcean llc: https://www.digitalocean.com
  • Combell NV: https://www.combell.com
  • BDC bvba: http://www.bcdbvba.be

How long we store data

We never store data longer than needed en regularly delete redundant data from our systems.

Or default retention terms:

  • leads: maximum 5 years after the last contact.
  • customers: as long as necessary to deliver purchased services.
  • employees: as long as necessary for the duration of employment and to comply with legal obligations.
  • suppliers: as long as necessary for the duration of deliverd services.