Tryane Analytics and Communication
Insights
Privacy Policy
Version 1.6 - March 25, 2024
1
Introduction
We are strongly committed to protecting and
respecting your privacy and the confidentiality of your data. This privacy policy
explains in an intelligible and transparent way the type of personal data we
collect and how we use it. It also provides information on the steps you can
take to protect your privacy when using our services.
This policy governs your access of the Tryane
analytics and Communication Insights website and services, regardless of how
you access it. By using our service, you consent to the collection, transfer,
processing, storage, disclosure, and other uses described in this document.
2
General Data Protection Regulation (GDPR)
We are a Data Processor, meaning that we
will collect and process personal information you will give us access to, on
your behalf. We never own your data; it always belongs to you.
As a data processor, we are engaged to follow
obligations such as:
�
Data breaches notification: In
case of a personal data breach, Tryane must notify the owner of the data within
72 hours.
�
Accountability: Obligation
for Tryane to implement internal mechanisms and procedures to demonstrate
compliance with the rules on data protection.
�
Privacy by design:
Obligation for information systems processing personal data to offer the
highest possible level of data protection.
�
Data Protection Officer (DPO): Mandatory
appointment of a Data Protection Officer to implement (internally or
externally) compliance with the European Data Protection Regulation.
�
Data Privacy Impact Assessment (DPIA): DPO
is responsible for conducting all studies to identify the risks involved in
processing personal data before determining the appropriate means to reduce
them.
If you are a resident of the European Economic
Area (EEA), you have certain data protection rights, including:
�
The right
to access your personal information.
�
The right to
rectification.
�
The right to
erasure.
�
The right to
restriction.
�
The right
to data portability
�
The right
to object.
Means available to enforce your rights are
described in Chapter �Rights of the data subjects�
3
Description of the service
Digital communications keep growing within organizations, generating information overload and loss of productivity.� Companies understood the challenge and are heavily investing in new tools (instant messaging, professional social networks, collaborative platforms�) and new methods to exit the era of "only-email".
Since 2008, Tryane is convinced that measuring the collaboration activity is mandatory to progress.
Tryane Analytics is the dashboard which allows you to pilot this key transition for your business. Tryane Analytics is a SAAS service designed to help you increase efficiency and boost adoption on Office 365 by:
- Measuring the adoption of Office 365 products across your organization
- Analyzing which tools are thriving
- Giving your community managers access to the statistics of their perimeter
- Discovering which content is driving the audience
- Analyzing user collaboration behavior within your company
- Helping you managing your Office 365 governance
Communication Insights by Tryane is a SAAS service providing advanced statistics about Internal Communications campaigns:
- Measure the performance of corporate news
- Measure what are the most popular pages/items/news/documents
- Detect inactive content and analyze why
- Power the employee experience with advanced analytics
- Discover which departments are the most engaged
Both solutions connect to its Clients� Office 365 tenant to collect and capture users� activity in Office 365. This activity is then used to compute advanced Key Performance Indicators of employees� usage of collaboration tools in their company.
Both solutions use an HTLM5 responsive design GUI that will display on any device (laptop, smartphone, tablet) and any browser. They been designed to be easy-to-use and easy-to-understand (within minutes) especially by non-technical person.
4
How do we
collect your data?
We distinguish two kinds of data collection:
Data collected through
Tryane Analytics / Communication Insights
This data collection is related to the gathering of your users� activity in your Office 365 tenant.
- This data collection is an automated machine to machine process.
- Our service connects to Office 365 using standard APIs defined by Microsoft.
- To access those APIs, we use Azure AD applications (ex-Office 365 applications) or Yammer application. Those applications are the standard way provided by Microsoft to access Office 365 APIs.� Those applications clearly define the set of permissions that will be granted to Tryane on your Office 365 tenant.
The complete list of protocols, APIs and endpoint used by Tryane Analytics for data collection is available on demand. Please refer to chapter �Consent� for more details about application permissions.
Data collected through the Tryane
Analytics / Communication Insights website
This data collection is related to the gathering of Tryane Analytics end users� activity on Tryane Analytics website.
- Tryane uses logs generated from access on Tryane Analytics' website, and logs generated by Tryane�s application itself.
- Tryane
uses an Azure AD application named �Tryane Analytics Login� to enable the
user to log in to Tryane Analytics using his Office 365 identity.
5
What data
do we collect?
Data collected through Tryane Analytics
/ Communication Insights
In order to provide its service Tryane will collect and process the following categories of data:
|
PERSONAL DATA |
|
|
Category |
Non-exhaustive example |
|
User identification: |
User
name, email address, upn, .. |
|
User profile information: |
Office
365 licenses, department, function, ... |
|
User activity: |
Number
of e-mail sent, pages views, comments in Yammer, ... |
|
NON-PERSONAL DATA |
|
|
Category |
Non-exhaustive example |
|
Office 365 structure: |
Properties
of site collections and sites in SharePoint, properties of teams and channels
in Microsoft Teams, properties of Yammer groups, ... |
|
Properties
of specific Office 365 items: |
Properties
of SharePoint document and pages, Teams applications, � |
The complete list of information gathered through Tryane Analytics is available on demand.
Tryane Analytics NEVER stores the content of messages, conversations, or documents.
Data collected through the Tryane
Analytics / Communication Insights website
When the User browses the Tryane Analytics website, Tryane collects the following data types:
|
PERSONAL DATA |
|
|
Category |
Non-exhaustive example |
|
Identification
data |
Surname,
forename, mail address, etc. |
|
Customer relationship data |
Requests
for support, correspondence with customers, etc. |
|
Information about visits to the website |
IP
address of the users� computer and which browser was used to view the
website, the users� operating system, resolution of screen, location,
language settings in browsers, the site the user came from, keywords searched
(if arriving from a search engine), the number of page views, information
entered, advertisements seen, etc. |
|
Log Data |
Tryane
automatically records certain information from your account and your activity
on the site and the Service. This information may include the IP address,
access times, |
6 How will we use your data?
We use your personal information for the following purposes:
- Provide the Tryane Analytics and Communication Insights services
- Provide the Tryane Analytics and Communication Insights customer support
- Meet legal and regulatory requirements as well as to allow Tryane to meet contractual requirements relating to the services provided to Customer
- Create, establish and administer Customer�s subscription to Tryane Analytics/Communication Inisights, to respond to Customer inquiries related to its subscription and to contact Customer about Tryane services or subscription-related matters
- Measure and analyze user behavior in order to, among others, monitor, maintain and improve Tryane products or features and to create new products, services or features
7
How do we
store your data?
For each client, data is stored with the following precautions:
- Each client�s data is stored in its own database instance
�
Tryane
will retain your personal information only for as long as is necessary for the
purposes set out in this Privacy Policy. We will retain and use your
information to the extent necessary to comply with our legal obligations,
resolve disputes, and enforce our policies.
�
Once expired,
personal data will be automatically deleted within 12 months. You can ask to
change this retention duration by sending an email to support@tryane.com.
- By default, Client�s data is automatically deleted 30 days after the end of its subscription.
8
Where do
we store your data?
Clients� data storage is located in France in our Azure production environment, which guarantees that our clients� data is clearly isolated and under French jurisdiction. Client�s data is never to be transferred outside of France.
If Tryane plans to modify the storage country, Tryane will notify the Client in advance without any delay. Tryane shall give to the Client an updated list of the storage countries.
9
Data
privacy and security rules
We take all steps required to protect the personal data we process. We ensure an appropriate level of security, protection and confidentiality based on the sensitivity of your data, using administrative, technical, and physical measures preventing any loss or theft or any unauthorized use, disclosure or alteration of your data. Amongst all those principles we can cite:
- We only process what is necessary: Clients� data not required to provide the Tryane Analytics service is never read nor stored
- Tryane Analytics and Communication Insights does not read nor store the content of documents stored in our Client�s SharePoint or attachments in our client�s emails.
- Raw individual activity is not accessible directly and the department-level aggregated data (obtained from calculations) is only accessible from the application GUI
- All personal or confidential data is always encrypted
- Tryane protects the integrity of the Service, the results, the secure process, transfer, and the backup of the data on the software platform.
The security rules are available on demand.
10 Data quality
Most of the data (users� activities in Microsoft products) is generated and processed automatically without user interaction, which guarantees a high level of quality of processed data.
Other information such as user profile options, notification options, company structure modeling and any other option available in the end-user interface (website) can be updated manually. The User is solely responsible for circulating this data and he is required to ensure this information is accurate.
In order to guarantee the highest level of quality, all data collected by the application is always subject to multiple validations (format validation, content validation) before being processed and stored by Tryane Analytics and Communication Insights.
11 Sharing your data
Tryane does not share personal or any
other kind of information with companies, organizations,
and individuals unless one of the following circumstances applies:
- Meet any
applicable law, regulation, legal process or enforceable governmental
request.
- Enforce
applicable Terms of Service, including investigation of potential
violations (with Client consent).
- Detect, prevent
or otherwise address fraud, security or technical issues (with client Consent).
In all those circumstances, Tryane privacy rules will be communicated to third parties to whom personal information may be disclosed. Third parties must align with Tryane Security, Privacy and Confidentiality policies, and will be selected using criteria described in the Security Policy (available on demand).
Tryane will maintain a record of authorized disclosures of personal information that is complete, accurate, and timely.
Tryane would take remediation action in response to misuse of personal information by a third party to whom Tryane would have transferred such information.
In the future, if Tryane has to change this policy and share personal data to third parties not identified by the circumstances described above, Tryane will first notify all its affected customers and ask for consent before any data is shared.
12 Consent
Tryane uses Azure AD applications to collect your data (Please refer to chapter �How do we collect your data�).
Azure AD applications follow an authorization model that gives users and administrators control over how data can be accessed: our applications define a set of permissions required by Tryane to perform the Tryane Analytics services.
To benefit from those permissions, Azure AD applications have to request these permissions from users and administrators, who must approve the request before the app can access data or act on a user's behalf. Request approvement is performed using a standard consent prompt workflow (managed by Microsoft), and designed to ensure users have enough information to determine if they trust the client application to access protected resources on their behalf (for more details about Azure AD application consent, please refer to https://docs.microsoft.com/en-us/azure/active-directory/develop/application-consent-experience)
In conclusion, Tryane cannot access any of your data until a user or and administrator of your tenant has explicitly given his consent to. Furthermore, access to your data is limited to the permissions listed in our Azure AD applications.
If in the future and as part of the product evolution, if Tryane Analytics/Communication Insights requires new permissions, it will result in the modification of the authorizations of associated Tryane Azure AD applications. Therefore, Clients and Users will be automatically prompted to re-consent the Tryane Azure Ad applications, and the associated data collection and processing activities.
13 Rights of the data subjects
In accordance with the GDPR, data subjects benefit from several fundamental rights:
- Right to Access Personal Data Under GDPR, data subjects have the right to access the data collected on them by Tryane. Tryane must respond to that request within 30 days (Article 15).
- Right to Rectification: Data subjects have the right to request modification of their data, including the correction or errors and the updating of incomplete information (Article 16).
- Right to Erasure: The right to erasure � also referred to as the right to deletion or the right to be forgotten � allows a data subject to stop all processing of their data and request their personal data be erased (Article 17). Please refer to �appendix G / Right to erasure� chapter for more details about this procedure.
- Right to Restrict Data Processing Data subjects, under certain circumstances, can request that all processing of their personal data be stopped (Article 18).
- Right to Data Portability: A data subject can request that their personal data file be sent electronically to a third party. Data must be provided in a commonly used, machine readable format, if doing so is technically feasible (Article 20).
- Right to Object: The data subject shall have the right to object, on grounds relating to his or her particular situation, at any time to processing of personal data concerning him or her, including profiling based on those provisions� (Article 21).
- Right to Reject Automated Individual Decision-Making: Data subjects have the right to refuse the automated processing of their personal data to make decisions about them if that significantly affects the data subject or produces legal effects � profiling for example (Article 22).
Data subjects can enforce their rights by sending an email to helpdesk@tryane.com.
In your request,
please make clear that you want to exercise your rights. We will answer by sending
you a questionnaire; this questionnaire will allow us to identify which of the
above rights you would like to enforce and to request for a proof of your
identity.
If your request is legitimate, it will be processed as soon as possible; we
will comply with your request promptly, but in any event within thirty days of
your request.
Otherwise, we will communicate the reasons for our refusal.
In the event that your personal data has been transmitted to a 3rd party (in accordance with the criteria defined in chapter "Sharing your data"), Tryane will also transfer your request to this 3rd party.
14 Data Breach
In accordance with the GDPR article 33
(https://gdpr-info.eu/art-33-gdpr/), Notification of a personal data breach
to the supervisory authority, Tryane will notify the breach of personal
information to its impacted Clients not later than 72 hours after
having become aware of it.
The notification must:
- describe the nature of the personal data breach including where
possible, the categories and approximate number of data subjects
concerned, and the categories and approximate number of personal data
records concerned
- communicate the name and
contact details of the data protection officer or other contact point
where more information can be obtained
- describe the likely consequences of the personal data breach
- describe the measures taken or proposed to be taken by Tryane to
address the personal data breach, including, where appropriate, measures
to mitigate its possible adverse effects.
Tryane will create and maintain a record of detected or reported unauthorized disclosures of personal information.
In accordance with our Security Policy, Tryane only works with third parties who can provide us with a data breach notification commitment.
15 Data Deletion
At the end of a customer's subscription
period, the customer account is "closed." In this state:
- The app no longer delivers Tryane Analytics and /or Communication Insights services (data collection, indicator calculations, display)
- Users associated with this
customer account can no longer connect to Tryane Analytics' graphics
interface
- Customer data is stored for 30 days, during which time the
customer can re-subscribe and retrieve their data history and
configuration.
At the end of these 30 days, the customer's
data is automatically and permanently deleted. Deletion of customer data consists of:
- Deleting
the customer's dedicated databases
- Deleting
all customer user accounts
�
The customer's reference and the history of
the actions made on this account (subscription to a module, etc.) are retained
for functional management.
16 Contact information, Complaints
If you have questions, concerns, or complaints about this Policy or our data collection or processing practices, if you want to report any security violations, or just simply ask a question, please contact us by sending an email to helpdesk@tryane.com or by using the �Help� button available in the Tryane Analytics web site.
17 Changes
Tryane
may update those General principles to reflect changes to our information practices. If we make any
material changes we will provide notice by notifying you by email (sent to the e-mail address
specified in your account), prior to the change becoming effective.
Tryane
will also keep prior versions of this those principles for your review.
|
Version |
Date |
Comment |
|
1.0 |
29/10/2014 |
Initial version |
|
1.1 |
26/10/2016 |
Updated CGU / Benchmark data usage |
|
1.2 |
22/04/2018 |
Updated Tryane address Updated Tryane Analytics data sources |
|
1.3 |
25/05/2020 |
Recreated policy from scratch, in the context of
the SOC2 certification process. |
|
1.4 |
19/04/2021 |
Updated chapter 7: expired personal data will be automatically deleted within 12 months |
|
1.5 |
28/11/2022 |
Tryane does not use Google Analytics anymore |
|
1.6 |
25/03/2024 |
Annual review. Stating more explicitly that this policy also applies to Communication Insights. Removed banking information from list of personal data stored. |