Confidentiality at ORSEC Technologies
General Introduction
Your cyber peace of mind being our priority, we apply best practices in cybersecurity and data confidentiality to our solutions.
Cybersecurity of your data at ORSEC Technologies
But if the API Services (orsec.io) makes it possible to synchronize the updates of my probe in the computer network, is there not a risk for my data on the ORSEC Technologies server?
Excellent question! The answer is no ". That's why :
Data collection on servers
The General Data Protection Regulation (GDPR) is clear on this point: the best protection of data is not to have it. At ORSEC Technologies, we like this maxim. We have designed our hardware solution so that the data collected on your network is reduced to the strict minimum.
The data that NMS solutions collect on your network
Regarding your business:
• All devices on your network
• All flows
• Evolving security risks for your network
• The public IP address and gateway IP address of your network
Regarding ORSEC Technologies equipment:
• All network traffic of the NMS® solution
• The secure data history of the NMS® solution
• Physical data from the NMS® solution (temperature, voltage, CPU, GPU, RAM, HDD statistics and internal software statistics)
ORSEC Technologies therefore does not collect ANY sensitive data or personal data on its servers.
Data that ORSEC Technologies does not collect on your network
• Types of connected devices
• IP addresses of connected devices
• MAC addresses of connected devices
• The OS and software installed on the devices
• Emails and phone numbers that the ORSEC Technologies solution could detect on devices
• Contact lists that the ORSEC Technologies solution could detect on devices
• User and administrator names that the ORSEC Technologies solution could detect on devices
• Data from hard drives or device servers (documents, photos, videos, etc.)
• etc...
Purposes of processing
All data collected mentioned above is for the exclusive purpose of the ORSEC Technologies cyber serenity offer:
• Mapping your network
• Discovery and alert of known security vulnerabilities in real time
• Monitoring the physical state of the NMS® solution
• Generation of flow reports
• Generating risk reports
• Detection of new devices connected to your network
None of this data is used for other purposes, nor is it transferred, free of charge or otherwise, to a third party.
Data retention period
ORSEC Technologies processes the data mentioned above for the duration of the contract. At the end of our partnership, ORSEC Technologies recovers the NMS solution and completely resets it within three (3) months. All data contained in the NMS solution is destroyed except the following data which is anonymized and archived for statistical purposes:
• Evolution of the number of connected devices
• Evolution of the number of devices by criticality level
• Evolution of the overall security rating of your network
• Evolution of the health status of the device
No sensitive data on our servers
Your business will not be subject to the same cyber risks depending on the types of data processed. Contact us to determine the NMS solution best suited to your structure and activities.
ORSEC Technologies does not have access to your sensitive data
No sensitive information leaves the corporate network. All confidential information remains on the NMS solution and is only accessible by connecting from the corporate network. In reality, ORSEC Technologies is unable to store your data on its network. Our hardware was simply not designed with the purpose of transmitting personal data.
ORSEC Technologies only has access to:
• Nor to any personal data on your network
• Nor to any sensitive data
• Nor to the types of security breaches
The reasons are simple:
• We want to respect the law
• We want to respect our philosophy and our values
• We want to establish a relationship of trust with our customers
• We do not want to become the target of all the hackers in the world attracted by network vulnerabilities and the personal data of our customers
In short, the only personal data processed by ORSEC Technologies is the administrative information necessary for the execution of the ORSEC Technologies Service (surname, first name, email and mobile telephone number of the contractual contact) obtained upon signing the contract. p>
Personal customer account data
When we start a partnership with a client, we are obviously required to create a client account and therefore collect data. In this case too, we limit the processing to the strict minimum.
Personal data collected
• Contact name
• Contact first name
• Email and mobile phone number of the contractual contact (if non-professional)
And that's all ! All other data processed is linked to the company's legal & administrative information and billing information (postal address, payment information, etc.).
Purpose of processing
All data collected mentioned above is for the exclusive purpose of the execution of the contract between ORSEC Technologies and the Client:
• Company legal information
• Company administrative information
• Company billing information
• Administrative information of the company's contractual contact
Duration of retention of personal data
ORSEC Technologies processes the data mentioned above throughout the duration of the contract. At the end of our partnership, ORSEC Technologies deletes this personal data within three (3) months. Under no circumstances are they transferred, free of charge or otherwise, to a third party.
Our subcontractors in GDPR compliance
ORSEC Technologies works with partners and subcontractors: distributors, resellers, outsourcers, auditors, pentesters, etc. As stipulated in the GDPR, they “present sufficient guarantees regarding the implementation of technical measures » (Article 28). They have also all accepted by oral agreement our charter of good conduct and GDPR compliance. Through this charter, they undertake to respect the philosophy and values of ORSEC Technologies with regard to the processing of personal data and the security of your computer networks. Like ORSEC Technologies, our subcontractors and partners do not have access to your network data.
References and links
• CNIL website : https://www.cnil.fr/
• Text of the GDPR : https://www.cnil.fr/fr/reglement-europeen-protection-donnees
Contact
For any additional information, do not hesitate to contact us at contact@orsec.tech or by post to the following address: ORSEC Technologies, 8 rue des métiers, 05000 Rennes, France. DPO representative: David Legeay