GDPR Compliance

We at GDH SAS recognize our responsibilities under the General Data Protection Regulation (GDPR) and French data protection laws. This Statement explains how we handle personal data in a B2B context when providing our LogCentral service.

• GDH SAS (Processor): When we store your logs, we act primarily as a data processor, processing data on your behalf.
• You (Controller): As our customer, you are the data controller determining the purposes and means of the data you provide or process through the Service.

Our platform is designed for technical log storage. We encourage you to avoid sending any unnecessary personal data in these logs, as they are primarily meant for debugging or operational data. If personal data is included, you must ensure you have a lawful basis for doing so under GDPR.

We implement appropriate technical and organizational measures to secure data, including:

• Secure hosting infrastructure
• Role based access control & 2 Factor Authentication
• Automated monitoring
• Regular testing of security measures
• Staff training on data protection
• Data minimization and pseudonymization where possible
• Regular backups and disaster recovery procedures
• Encryption in transit (TLS)

We process personal data on the following legal bases:

• Consent: Where you have given clear consent for us to process your personal data for a specific purpose.
• Contract fulfillment: Where processing is necessary for the performance of a contract to which you are a party.
• Legal obligation: Where processing is necessary for compliance with a legal obligation to which we are subject.
• Legitimate interests: Where processing is necessary for the purposes of the legitimate interests pursued by us or by a third party.

Under GDPR, you have the following rights:

• Right to access: You can request a copy of your personal data.
• Right to rectification: You can request that we correct any inaccurate or incomplete data.
• Right to erasure: You can request that we delete your personal data in certain circumstances.
• Right to restrict processing: You can request that we limit the processing of your data in certain circumstances.
• Right to data portability: You can request a copy of your data in a machine-readable format.
• Right to object: You can object to our processing of your personal data in certain circumstances.
• Rights related to automated decision-making: You have rights related to automated decision-making and profiling.

We implement appropriate technical and organizational measures to ensure a level of security appropriate to the risk, including:

• Encryption of personal data
• Regular testing of security measures
• Access controls and authentication
• Staff training on data protection
• Data minimization and pseudonymization where possible
• Regular backups and disaster recovery procedures

We ensure that any international transfers of personal data comply with GDPR requirements through appropriate safeguards such as Standard Contractual Clauses or adequacy decisions.