Application Privacy Policy

Tryane Analytics Privacy Policy

Version 1.5 – April 19,2021

  1. Introduction

We are strongly committed to protecting and respecting your privacy and the confidentiality of your data. This privacy policy explains in an intelligible and transparent way the type of personal data we collect and how we use it. It also provides information on the steps you can take to protect your privacy when using our services.

This policy governs your access of the Tryane analytics website and service, regardless of how you access it. By using our service, you consent to the collection, transfer, processing, storage, disclosure, and other uses described in this document.

  1. General Data Protection Regulation (GDPR)

We are a Data Processor, meaning that we will collect and process personal information you will give us access to, on your behalf. We never own your data; it always belongs to you.

As a data processor, we are engaged to follow obligations such as:

  • Data breaches notification: In case of a personal data breach, Tryane must notify the owner of the data within 72 hours.
  • Accountability: Obligation for Tryane to implement internal mechanisms and procedures to demonstrate compliance with the rules on data protection.
  • Privacy by design: Obligation for information systems processing personal data to offer the highest possible level of data protection.
  • Data Protection Officer (DPO): Mandatory appointment of a Data Protection Officer to implement (internally or externally) compliance with the European Data Protection Regulation.
  • Data Privacy Impact Assessment (DPIA): DPO is responsible for conducting all studies to identify the risks involved in processing personal data before determining the appropriate means to reduce them.

If you are a resident of the European Economic Area (EEA), you have certain data protection rights, including:

  • The right to access your personal information.
  • The right to rectification.
  • The right to erasure.
  • The right to restriction.
  • The right to data portability
  • The right to object.

Means available to enforce your rights are described in Chapter “Rights of the data subjects”

  1. Description of the service

Digital communications keep growing within organizations, generating information overload and loss of productivity.  Companies understood the challenge and are heavily investing in new tools (instant messaging, professional social networks, collaborative platforms…) and new methods to exit the era of “only-email”.

Since 2008, Tryane is convinced that measuring the collaboration activity is mandatory to progress. 

Tryane Analytics is the dashboard which allows you to pilot this key transition for your business. Tryane Analytics is a SAAS service designed to help you increase efficiency and boost adoption on Office 365 by:

  • Measuring the adoption of Office 365 products across your organization
  • Analyzing which tools are thriving
  • Giving your community managers access to the statistics of their perimeter
  • Discovering which content is driving the audience
  • Analyzing user collaboration behavior within your company
  • Helping you managing your Office 365 governance

Tryane Analytics connects to your Office 365 tenant to collect and capture users’ activity in Office 365. This activity is then used to compute advanced Key Performance Indicators (KPIs) of employees’ usage of collaboration tools in your company. Finally, end users can consult these KPIs from the Tryane Analytics web interface.

  1. How do we collect your data?

We distinguish two kinds of data collection:

Data collected through Tryane Analytics

This data collection is related to the gathering of your users’ activity in your Office 365 tenant. 

  • This data collection is an automated machine to machine process.
  • Our service connects to Office 365 using standard APIs defined by Microsoft.
  • To access those APIs, we use Azure AD applications (ex-Office 365 applications) or Yammer application. Those applications are the standard way provided by Microsoft to access Office 365 APIs.  Those applications clearly define the set of permissions that will be granted to Tryane on your Office 365 tenant.

The complete list of protocols, APIs and endpoint used by Tryane Analytics for data collection is available on demand. Please refer to chapter “Consent” for more details about application permissions.

Data collected through the Tryane Analytics website

This data collection is related to the gathering of Tryane Analytics end users’ activity on Tryane Analytics website.

  • Tryane uses logs generated from access on Tryane Analytics’ website, and logs generated by Tryane’s application itself.
  • Tryane also uses Google Analytics which allows to see information on user website activities including, but not limited to, page views, source and time spent on our website.
  • Tryane uses an Azure AD application named “Tryane Analytics Login” to enable the user to log in to Tryane Analytics using his Office 365 identity. 
  1. What data do we collect?

Data collected through Tryane Analytics

In order to provide its service Tryane will collect and process the following categories of data:

PERSONAL DATA
CategoryNon-exhaustive example
User identification:
Technical information used to identify users in your tenant 
User name, email address, upn, ..
User profile information:
User information defined in Office 365
Office 365 licenses, department, function, …
User activity:
Description of actions made by users when using Office 365 tools
Number of e-mail sent, pages views, comments in Yammer, …
NON-PERSONAL DATA
CategoryNon-exhaustive example
Office 365 structure:
Properties of elements defining the structure of Office 365 tools.
Properties of site collections and sites in SharePoint, properties of teams and channels in Microsoft Teams, properties of Yammer groups, …
Properties of specific Office 365 items:
Properties of Office 365 items specifically analyzed by Tryane Analytics.
Properties of SharePoint document and pages, Teams applications, …

The complete list of information gathered through Tryane Analytics is available on demand.

Tryane Analytics NEVER stores the content of messages, conversations, or documents.

Data collected through the Tryane Analytics website

When the User browses the Tryane Analytics website, Tryane collects the following data types:

PERSONAL DATA
CategoryNon-exhaustive example
Identification data Surname, forename, mail address, etc.
Billing and/or payment data Bank account details, methods of payment, bills, etc.
Customer relationship dataRequests for support, correspondence with customers, etc.
Information about visits to the websiteIP address of the users’ computer and which browser was used to view the website, the users’ operating system, resolution of screen, location, language settings in browsers, the site the user came from, keywords searched (if arriving from a search engine), the number of page views, information entered, advertisements seen, etc.
Log DataTryane automatically records certain information from your account and your activity on the site and the Service. This information may include the IP address, access times,
  1. How will we use your data?

We use your personal information for the following purposes:

  • Provide the Tryane Analytics service
  • Provide the Tryane Analytics customer support
  • Meet legal and regulatory requirements as well as to allow Tryane to meet contractual requirements relating to the services provided to Customer
  • Create, establish and administer Customer’s subscription to Tryane Analytics, to respond to Customer inquiries related to its subscription and to contact Customer about Tryane services or subscription-related matters
  • Measure and analyze user behavior in order to, among others, monitor, maintain and improve Tryane products or features and to create new products, services or features
  1. How do we store your data?

For each client, data is stored with the following precautions: 

  • Each client’s data is stored in its own database instance
  • Tryane will retain your personal information only for as long as is necessary for the purposes set out in this Privacy Policy. We will retain and use your information to the extent necessary to comply with our legal obligations, resolve disputes, and enforce our policies.
  • Once expired, personal data will be automatically deleted within 12 months. You can ask to change this retention duration by sending an email to support@tryane.com.
  • By default, Client’s data is automatically deleted 30 days after the end of its subscription.
  1. Where do we store your data?

Clients’ data storage is located in France in our Azure production environment, which guarantees that our clients’ data is clearly isolated and under French jurisdiction. Client’s data is never to be transferred outside of France.

If Tryane plans to modify the storage country, Tryane will notify the Client in advance without any delay. Tryane shall give to the Client an updated list of the storage countries.

  1. Data privacy and security rules

We take all steps required to protect the personal data we process. We ensure an appropriate level of security, protection and confidentiality based on the sensitivity of your data, using administrative, technical, and physical measures preventing any loss or theft or any unauthorized use, disclosure or alteration of your data. Amongst all those principles we can cite:

  • We only process what is necessary: Clients’ data not required to provide the Tryane Analytics service is never read nor stored
  • Tryane Analytics does not read nor store the content of documents stored in our Client’s SharePoint or attachments in our client’s emails.
  • Raw individual activity is not accessible directly and the department-level aggregated data (obtained from calculations) is only accessible from the application GUI
  • All personal or confidential data is always encrypted 
  • Tryane protects the integrity of the Service, the results, the secure process, transfer, and the backup of the data on the software platform.

The security rules are available on demand.

  1. Data quality

Most of the data (users’ activities in Microsoft products) is generated and processed automatically without user interaction, which guarantees a high level of quality of processed data. 

Other information such as user profile options, notification options, company structure modeling and any other option available in the end-user interface (website) can be updated manually. The User is solely responsible for circulating this data and he is required to ensure this information is accurate.

In order to guarantee the highest level of quality, all data collected by the application is always subject to multiple validations (format validation, content validation) before being processed and stored by Tryane Analytics.

  1. Sharing your data

Tryane does not share personal or any other kind of information with companies, organizations, and individuals unless one of the following circumstances applies:

  • Meet any applicable law, regulation, legal process or enforceable governmental request.
  • Enforce applicable Terms of Service, including investigation of potential violations (with Client consent).
  • Detect, prevent or otherwise address fraud, security or technical issues (with client Consent).

In all those circumstances, Tryane privacy rules will be communicated to third parties to whom personal information may be disclosed. Third parties must align with Tryane Security, Privacy and Confidentiality policies, and will be selected using criteria described in the Security Policy (available on demand).

Tryane will maintain a record of authorized disclosures of personal information that is complete, accurate, and timely.

Tryane would take remediation action in response to misuse of personal information by a third party to whom Tryane would have transferred such information.

In the future, if Tryane has to change this policy and share personal data to third parties not identified by the circumstances described above, Tryane will first notify all its affected customers and ask for consent before any data is shared.

  1. Consent

Tryane uses Azure AD applications to collect your data (Please refer to chapter “How do we collect your data”).

Azure AD applications follow an authorization model that gives users and administrators control over how data can be accessed: our applications define a set of permissions required by Tryane to perform the Tryane Analytics services. 

To benefit from those permissions, Azure AD applications have to request these permissions from users and administrators, who must approve the request before the app can access data or act on a user’s behalf. Request approvement is performed using a standard consent prompt workflow (managed by Microsoft), and designed to ensure users have enough information to determine if they trust the client application to access protected resources on their behalf (for more details about Azure AD application consent, please refer to https://docs.microsoft.com/en-us/azure/active-directory/develop/application-consent-experience)

In conclusion, Tryane cannot access any of your data until a user or and administrator of your tenant has explicitly given his consent to. Furthermore, access to your data is limited to the permissions listed in our Azure AD applications.

If in the future and as part of the product evolution, if Tryane Analytics requires new permissions, it will result in the modification of the authorizations of associated Tryane Azure AD applications. Therefore, Clients and Users will be automatically prompted to re-consent the Tryane Azure Ad applications, and the associated data collection and processing activities.

  1. Rights of the data subjects

In accordance with the GDPR, data subjects benefit from several fundamental rights:

  • Right to Access Personal Data Under GDPR, data subjects have the right to access the data collected on them by Tryane. Tryane must respond to that request within 30 days (Article 15).
  • Right to Rectification: Data subjects have the right to request modification of their data, including the correction or errors and the updating of incomplete information (Article 16).
  • Right to Erasure: The right to erasure – also referred to as the right to deletion or the right to be forgotten – allows a data subject to stop all processing of their data and request their personal data be erased (Article 17). Please refer to “appendix G / Right to erasure” chapter for more details about this procedure.
  • Right to Restrict Data Processing Data subjects, under certain circumstances, can request that all processing of their personal data be stopped (Article 18).
  • Right to Data Portability: A data subject can request that their personal data file be sent electronically to a third party. Data must be provided in a commonly used, machine readable format, if doing so is technically feasible (Article 20).
  • Right to Object: The data subject shall have the right to object, on grounds relating to his or her particular situation, at any time to processing of personal data concerning him or her, including profiling based on those provisions  (Article 21).
  • Right to Reject Automated Individual Decision-Making: Data subjects have the right to refuse the automated processing of their personal data to make decisions about them if that significantly affects the data subject or produces legal effects – profiling for example (Article 22).

Data subjects can enforce their rights by sending an email to helpdesk@tryane.com.

In your request, please make clear that you want to exercise your rights. We will answer by sending you a questionnaire; this questionnaire will allow us to identify which of the above rights you would like to enforce and to request for a proof of your identity.
If your request is legitimate, it will be processed as soon as possible; we will comply with your request promptly, but in any event within thirty days of your request.
Otherwise, we will communicate the reasons for our refusal.

In the event that your personal data has been transmitted to a 3rd party (in accordance with the criteria defined in chapter “Sharing your data”), Tryane will also transfer your request to this 3rd party.

  1. Data Breach

In accordance with the GDPR article 33 (https://gdpr-info.eu/art-33-gdpr/), Notification of a personal data breach to the supervisory authority, Tryane will notify the breach of personal information to its impacted Clients not later than 72 hours after having become aware of it.

The notification must:

  • describe the nature of the personal data breach including where possible, the categories and approximate number of data subjects concerned, and the categories and approximate number of personal data records concerned
  • communicate the name and contact details of the data protection officer or other contact point where more information can be obtained
  • describe the likely consequences of the personal data breach
  • describe the measures taken or proposed to be taken by Tryane to address the personal data breach, including, where appropriate, measures to mitigate its possible adverse effects.

Tryane will create and maintain a record of detected or reported unauthorized disclosures of personal information.

In accordance with our Security Policy, Tryane only works with third parties who can provide us with a data breach notification commitment.

  1. Data Deletion

At the end of a customer’s subscription period, the customer account is “closed.” In this state:

  • The app no longer delivers Tryane Analytics services (data collection, indicator calculations, display)
  • Users associated with this customer account can no longer connect to Tryane Analytics’ graphics interface
  • Customer data is stored for 30 days, during which time the customer can re-subscribe and retrieve their data history and configuration.

At the end of these 30 days, the customer’s data is automatically and permanently deleted. Deletion of customer data consists of:

  • Deleting the customer’s dedicated databases
  • Deleting all customer user accounts

The customer’s reference and the history of the actions made on this account (subscription to a module, etc.) are retained for functional management.

  1. Contact information, Complaints

If you have questions, concerns, or complaints about this Policy or our data collection or processing practices, if you want to report any security violations, or just simply ask a question, please contact us by sending an email to helpdesk@tryane.com or by using the “Help” button available in the Tryane Analytics web site.

  1. Changes

Tryane may update those General principles to reflect changes to our information practices. If we make any material changes we will provide notice by notifying you by email (sent to the e-mail address specified in your account), prior to the change becoming effective.

Tryane will also keep prior versions of this those principles for your review.

VersionDateComment
1.029/10/2014Initial version 
1.126/10/2016Updated CGU / Benchmark data usage
1.222/04/2018Updated Tryane addressUpdated Tryane Analytics data sources
1.325/05/2020Recreated policy from scratch, in the context of the SOC2 certification process.
1.419/04/2021Updated chapter 7: expired personal data will be automatically deleted within 12 months