Legal Notice

Publisher

LABER SAS, registered with the Paris Trade and Companies Register under No. 804 790 178

Guillaume Tell Street, 75017 PARIS

+33 (0)1 82 28 07 56

contact@experquiz.com

Declared training organization (Datadock certified): No. 11 755 816 375

Experquiz and GDPR — User Data

User data includes:

  • Information directly entered into the platform by the client’s contributors (name, email address, phone number, hierarchy, etc.).
  • Information resulting from users' interactions with the platform: logins, test attempts, media consultations, training sessions or e-learning modules, interactions with administrators, downloads of white papers.
  • Technical data associated with these interactions: IP addresses, browsers, etc.

It should be noted that, within the Experquiz platform, other significant data is also uploaded by the client: question databases, questions and questionnaires, media, training content, and e-learning modules. These are subject to the same level of protection and commitments as user data

Experquiz's Commitments Regarding User Data

  • Experquiz provides a feature allowing clients to define their own information and consent form, which must be accepted by each user prior to their first use of the platform.
  • Experquiz provides clients with interfaces allowing full rectification of their users’ personal data.
  • Experquiz offers tools enabling clients to implement highly detailed permission management, ensuring that access to users' personal data is strictly limited to operational needs as defined by the client.
  • Experquiz commits to using user data only in direct relation to the client’s service requests, through interactions of its administrator users with the platform.
  • Experquiz commits not to sell, transfer, or share user data.
  • Experquiz limits internal access to user data within its teams to the minimum necessary for service delivery and client support.
  • Experquiz implements state-of-the-art technical means and processes to prevent unauthorized access to data, to the best of its ability.
  • Experquiz commits to returning all personal data of any user, group of users, or all users of a client, in a readable and usable format.
  • Experquiz commits to deleting, upon the client's request, all personal data of a user or group of users.
  • Experquiz also commits to automatically delete user data after the client has removed a user from the platform, following a delay defined by the client.
  • In the event of termination of the contract between Experquiz and the client, Experquiz commits to deleting all user data from its servers within one (1) month. Periodic backups will not be altered, but if a backup is used, a specific purge process will be applied to remove the client’s data.
  • Experquiz commits to notifying the client within 72 hours of any personal data breach of which it becomes aware.
  • Finally — and this may be the most important — Experquiz commits to making its best efforts to address any client request related to GDPR requirements, including the implementation of new provisions or commitments by Experquiz as a data processor.

Hosting Provisions

Experquiz relies on Google Cloud Platform, which provides on-demand servers, database services, data storage, queue management, search, and email or SMS messaging services.

Experquiz uses a Google datacenter located in Belgium. Note that the GDPR applies regardless of server location, as it covers all companies whose users may be EU citizens. However, other regulations and certain jurisdictional matters may depend on server location.

The database and files are hosted on a highly redundant, high-availability infrastructure. Data is backed up daily, with a retention period of 3 months.

This infrastructure is secured by Google, meaning all security measures and configurations for the platform are defined and enforced by Google. This is a key security asset, ensuring industrial-grade and highly responsive security management.

The Experquiz service is accessed via HTTPS, which ensures both the identity verification of the provider (Experquiz) and end-to-end encryption of communications between each user workstation and the servers.

For client data management, Experquiz uses a partitioned database by client (namespaces), meaning that the APIs used by the application are structurally restricted from accessing data belonging to other companies.