Hasfy - IT Management Solution logo

Privacy Policy

At Hasfy, protecting your data is a priority. This privacy policy explains what data we collect, why, how it is protected, and what your rights are. It applies to the website https://www.hasfy.fr and the Hasfy application (https://app.hasfy.fr).

1. Preamble

This privacy policy applies to all services offered by Hasfy SAS: the marketing website https://www.hasfy.fr and the SaaS application https://app.hasfy.fr. Hasfy operates under two distinct roles depending on context: - Data controller: for data of website visitors and users creating an account (identification, billing, navigation data). - Data processor: for data that our professional customers enter into the application to manage their own business (their clients' data, tickets, IT assets, etc.). In this case, the Hasfy customer is the data controller. This distinction is important: it defines who is responsible for which data and in what capacity.

2. General principles of data collection and processing

In accordance with Article 5 of the GDPR (EU Regulation 2016/679), Hasfy collects and processes personal data in compliance with the following principles: - Lawfulness, fairness, transparency: data is collected on a valid legal basis and users are informed accordingly. - Purpose limitation: data is used only for the purposes for which it was collected. - Data minimisation: only strictly necessary data is collected. - Accuracy: data is kept up to date upon user request. - Storage limitation: data is deleted as soon as it is no longer needed. - Integrity and confidentiality: appropriate technical and organisational measures are in place.

3. Personal data collected and processed when browsing the site

3.1 Data collected and processed and method of collection

As part of using the website and application, Hasfy collects the following categories of data: - Identification data: last name, first name, email address, phone number (optional) - Connection data: IP address, browser type, access logs - Billing data: billing address, payment information (processed via our secure payment provider, not stored at Hasfy) - Usage data: features used, preferences, account settings - Business data (application): data entered by the customer in the application (assets, tickets, clients, contracts) — Hasfy acts as data processor for this data Retention periods: - Account data: until account deletion, then 30 additional days - Billing data: 10 years (legal accounting obligation) - Connection logs: 12 months - Business data: 30 days after subscription termination, then permanent deletion

3.2 Purposes of data processing

Personal data collected is processed for the following purposes: - Service delivery: account creation and management, application access, customer support - Billing: payment processing, invoice issuance, subscription management - Product improvement: anonymised usage analysis to improve features - Communication: sending service-related information (updates, incidents, subscription expiry) - Legal obligations: retention of accounting data, responding to requests from competent authorities

3.3 Legal grounds

Data processing is based on the following legal grounds, in accordance with Article 6 of the GDPR: - Performance of a contract (art. 6.1.b): processing necessary for service delivery (account, billing, application access) - Legal obligation (art. 6.1.c): retention of accounting and tax data - Legitimate interest (art. 6.1.f): product improvement, platform security, fraud prevention - Consent (art. 6.1.a): marketing communications, non-essential cookies

3.4 Data transmission to third parties

Hasfy uses a limited number of subprocessors to provide the service. Each is bound by a GDPR-compliant data processing agreement. Current subprocessors: - OVH SAS (France): hosting of the website and application. Data stored in France. ISO 27001 and HDS certified. Data policy: https://www.ovhcloud.com/en/personal-data-protection/ Hasfy does not sell or rent your data to third parties. No data is shared for advertising or profiling purposes.

3.3 Data hosting

The website https://www.hasfy.fr and the application https://app.hasfy.fr are hosted by OVH SAS, headquartered at 2 rue Kellermann, 59100 Roubaix, France. Servers are located in France. Your data never leaves French territory.

3.4 International data transfers

All data processed by Hasfy is hosted at OVH, on servers located in France. No data is transferred outside the European Union. This architecture ensures that your data and your clients' data remain exclusively subject to European law (GDPR) and are not exposed to extraterritorial legislation such as the US Cloud Act.

4. Data controller

The company responsible for processing personal data is: Hasfy SAS. They can be contacted as follows: contact@hasfy.fr. The data controller is responsible for defining the purposes and means of processing personal data.

4.1 Obligations of the data controller

Hasfy commits to protecting the collected personal data, not disclosing it to unauthorised third parties, and respecting the purposes for which it was collected. All communications between the user and our servers are encrypted via TLS. Appropriate technical and organisational security measures are in place to prevent unauthorised access. In the event of a data breach likely to result in a risk to the rights and freedoms of individuals, Hasfy commits to notifying the CNIL within 72 hours and to informing the individuals concerned without undue delay, in accordance with Articles 33 and 34 of the GDPR. A Data Processing Agreement (DPA) compliant with Article 28 of the GDPR is available to professional customers upon request at contact@hasfy.fr.

5. User rights

5.1 Presentation of the user's rights with regard to data collection and processing

Under the GDPR, you have the following rights over your personal data. To exercise these rights, send your request to contact@hasfy.fr stating your name and email address. Hasfy commits to responding within 30 days. - Right of access (art. 15): obtain a copy of your personal data processed by Hasfy - Right to rectification (art. 16): correct inaccurate or incomplete data - Right to erasure (art. 17): request deletion of your data, subject to legal retention obligations - Right to data portability (art. 20): receive your data in a structured, machine-readable format - Right to object (art. 21): object to processing based on legitimate interest - Right to restriction (art. 18): temporarily restrict the processing of your data - Right to complain: lodge a complaint with the CNIL (www.cnil.fr) if you believe your rights are not being respected

5.2 Personal data of minors

In accordance with Article 8 of European Regulation 2016/679 and the French Data Protection Act, only minors aged 15 or older may consent to the processing of their personal data. If the user is a minor under the age of 15, consent from a legal representative is required. The site operator reserves the right to verify the user's age or obtain the consent of a legal representative before allowing navigation on the site.

5.3 Data Processing Agreement (DPA)

In the context of using the Hasfy application, and in accordance with Article 28 of the GDPR, Hasfy acts as a data processor for its professional customers, who are themselves data controllers for their own clients' data. A Data Processing Agreement (DPA) is available to all professional customers upon simple request at contact@hasfy.fr. This document defines the respective obligations of each party, the security measures in place, the list of sub-processors, and the procedures for exercising the rights of data subjects.

6. Use of cookies

The website https://www.hasfy.fr uses cookies to ensure the proper functioning of the service and improve the user experience. Types of cookies used: - Essential cookies: necessary for the site to function (session, authentication). These cookies do not require consent. - Analytical cookies: audience measurement via anonymised tools. Deposited only with your consent. Consent validity period: 6 months. You may withdraw your consent at any time from your browser settings. To manage cookies in your browser: - Chrome: Settings > Privacy and security > Cookies - Firefox: Settings > Privacy & Security - Safari: Preferences > Privacy - Edge: Settings > Cookies and site permissions

8. Data security

Hasfy implements appropriate technical and organisational measures to protect personal data against unauthorised access, loss, or destruction. These measures include: encryption of communications (TLS 1.2+), per-tenant data isolation (separate PostgreSQL schemas, Row-Level Security), restriction of production access to a limited number of people, and logging of all accesses. Details of our security practices are available on our dedicated page: https://www.hasfy.fr/security

9. Conditions for modifying the privacy policy

This privacy policy may be consulted at any time at the following address: https://www.hasfy.fr/privacy-policy/ The site editor reserves the right to modify it in order to ensure its compliance with current legislation. Consequently, the user is invited to consult this privacy policy regularly in order to keep abreast of the latest changes. However, in the event of substantial modification of this policy, the user will be informed in the following manner:\nBy e-mail to the address provided by the user. The user is informed that this privacy policy was last updated on: 11/11/2024.

Your competitors are still running 4 tools.
You can do better.

Hosted in France. GDPR compliant. Up in 20 minutes.
See if it's right for me30 minutes, no commitment