LEGAPASS and the protection of your personal data
Date of last update : February 2024
What is the RGPD?
The General Regulation on the Protection of Personal Data (RGPD) frames the processing of personal data on the territory of the European Union. Entered into force, on May 25, 2018, LEGAPASS is subject to the RGPD as well as its subcontractors.
- Commission Nationale de l'Informatique et des Libertés (French Data Protection Authority) (CNIL) provides the following terminological clarifications:
What is personal data?
It is defined as "any information relating to an identified or identifiable natural person".
For example, the LEGAPASS database contains information such as the location or identification data of its users (surname, first name, date of birth, etc.).
What is personal data processing?
It is "an operation, or set of operations, involving personal data, whatever the process used (collection, recording, organization, storage, adaptation, modification, extraction, consultation, use, communication by transmission, dissemination or any other form of making available, retrieval)".
For example, LEGAPASS processes personal data by keeping precise and detailed records for the purpose of managing customers and users.
All personal data collected and processed by LEGAPASS is stored in France. Should our activities be extended to the European Union or beyond, your consent will again be sought in accordance with current European legislation.
What LEGAPASS has done about it
➡️ Transparency: LEGAPASS provides clear and precise information on how the personal data of users and visitors to the site will be used. For example, the consent of individuals is obtained in advance for any processing of their information.
➡️ Security: LEGAPASS has, for example, implemented strong physical and IT security measures concerning the "secrets" entered by Users in their digital safe.
➡️ Compliance: LEGAPASS is committed to ensuring ongoing legal and contractual compliance. This includes, for example, verifying changes in data processing, and ensuring that procedures and security measures are in place.
1. RGPD awareness and training
LEGAPASS is committed to implementing in-house information and recommendation initiatives for its employees and subcontractors, in particular using the instructive tools provided by the CNIL.
We based our approach on certified online training to raise awareness of data protection issues among LEGAPASS teams and to support our compliance efforts.
With the aim of increasing LEGAPASS teams' awareness of the RGPD, we have referred to a guide relating to one of our major activities, IT development (for more information: https://lincnil.github.io/Guide-RGPD-du-developpeur/).
2. The information we process about our users
The service offered by LEGAPASS is unique in that the sensitive data entered by the customer in the form of a secret is encrypted end-to-end in a highly secure manner and stored in an off-line safe without LEGAPASS being able to access it at any time. (For further information: https://legapass.com/securite/).
When you register and take out a free, premium or pro subscription, we collect the personal data you provide, such as your identity and identification details.
In accordance with the principle of data minimization and our data security policy, LEGAPASS processes minimal user data, strictly insofar as this is absolutely necessary to maintain the website and application.
Regarding the purposes of processing, LEGAPASS uses your personal data for precise and specific purposes, in particular to manage the contractual relationship between us and the User, to ensure the performance of the services offered... (to see all the purposes in detail : https://legapass.com/privacy-policy/).
3. Information we collect about visitors to our site
Before personal data is collected, when you first visit the site www.legapass.com your consent is requested, collected and stored by Axeptio our RGPD compliant consent collection and cookie management provider.
When you browse the site, we automatically collect information about your web browser, your location, your IP address, your time zone and certain cookies. Data resulting from your web consultations and your interactions with the site are collected and referred to as "device information".
For more information about our cookie policy, please visit this page: https://legapass.com/politique-de-cookies/
4. How long we keep your personal data
In accordance with the principle of limiting the retention period of personal data, LEGAPASS determines a retention period that is consistent with and justified by its processing objectives.
- When we have a relationship with you as a user, we keep your personal data for as long as this relationship lasts, particularly if you have an account with us (simplified standard n°48 CNIL).
- As long as your account is active, we will keep your personal data for as long as necessary to provide you with the services we offer. (Simplified standard n°48 CNIL).
- The data required to manage a site, such as the identity of visitors, is kept for a period of one year (DI-007 Article 3 of Decree no. 2011-219 of February 25, 2011).
- In order to comply with our legal and contractual obligations, we will retain certain categories of your data for as long as necessary.
- With regard to the policy on cookies, the CNIL recommends that information collected via these tracers should be kept for a maximum period of thirteen months (CNIL simplified standard no. 48).
RGPD and security
Technical and organizational security measures in place
We take our users' personal data, business information and system security very seriously.
Our duty is to protect our users' information, which is why we use three overlapping and complementary levels of security at the heart of our actions: encryption, offline safes and secure retrieval. (For further details, please consult this page: https://legapass.com/securite/).
Here are some of the procedures and methods we use:
- We use 2-factor authentication on our sensitive accounts (e.g. hosting provider, etc.);
- Data and application servers are isolated and partitioned;
- Access to our server systems is only permitted after authentication;
- We make regular backups;
- We constantly add automatic security tests to monitor the system;
- Your data sent to LEGAPASS is automatically encrypted from end to end;
- Our infrastructures are secure and access is controlled.
And many more...
Your data protection rights
If you are a European resident, you have the following rights related to your personal data:
- The right to be informed.
- The right of access.
- The right of rectification.
- The right to erasure.
- The right to restrict processing.
- The right to data portability.
- The right to object.
- Rights related to automated decision making and profiling.
If you wish to exercise your rights in relation to the processing of your personal data, please refer to this page: https://legapass.com/privacy-policy/.
If you would like to understand more about this page or if you have any questions about individual rights and your personal information, you can contact us at the following e-mail address: dpo@legapass.com.
English 
Français 
Deutsch 
Español 
Italiano 
Русский 
