Version 1.5 - April 19,2021
This policy governs your access of the Tryane analytics website and service, regardless of how you access it. By using our service, you consent to the collection, transfer, processing, storage, disclosure, and other uses described in this document.
We are a Data Processor, meaning that we will collect and process personal information you will give us access to, on your behalf. We never own your data; it always belongs to you.
As a data processor, we are engaged to follow obligations such as:
If you are a resident of the European Economic Area (EEA), you have certain data protection rights, including:
Means available to enforce your rights are described in Chapter “Rights of the data subjects”
Digital communications keep growing within organizations, generating information overload and loss of productivity. Companies understood the challenge and are heavily investing in new tools (instant messaging, professional social networks, collaborative platforms…) and new methods to exit the era of "only-email".
Since 2008, Tryane is convinced that measuring the collaboration activity is mandatory to progress.
Tryane Analytics is the dashboard which allows you to pilot this key transition for your business. Tryane Analytics is a SAAS service designed to help you increase efficiency and boost adoption on Office 365 by:
Tryane Analytics connects to your Office 365 tenant to collect and capture users’ activity in Office 365. This activity is then used to compute advanced Key Performance Indicators (KPIs) of employees’ usage of collaboration tools in your company. Finally, end users can consult these KPIs from the Tryane Analytics web interface.
We distinguish two kinds of data collection:
This data collection is related to the gathering of your users’ activity in your Office 365 tenant.
The complete list of protocols, APIs and endpoint used by Tryane Analytics for data collection is available on demand. Please refer to chapter “Consent” for more details about application permissions.
This data collection is related to the gathering of Tryane Analytics end users’ activity on Tryane Analytics website.
In order to provide its service Tryane will collect and process the following categories of data:
Technical information used to identify users in your tenant
|User name, email address, upn, ..|
|User profile information:
User information defined in Office 365
|Office 365 licenses, department, function, ...|
Description of actions made by users when using Office 365 tools
|Number of e-mail sent, pages views, comments in Yammer, ...|
Office 365 structure:
|Properties of site collections and sites in SharePoint, properties of teams and channels in Microsoft Teams, properties of Yammer groups, ...|
Properties of specific Office 365 items:
Properties of SharePoint document and pages, Teams applications, …
The complete list of information gathered through Tryane Analytics is available on demand.
Tryane Analytics NEVER stores the content of messages, conversations, or documents.
When the User browses the Tryane Analytics website, Tryane collects the following data types:
|Identification data||Surname, forename, mail address, etc.|
|Billing and/or payment data||Bank account details, methods of payment, bills, etc.|
|Customer relationship data||Requests for support, correspondence with customers, etc.|
|Information about visits to the website||IP address of the users’ computer and which browser was used to view the website, the users’ operating system, resolution of screen, location, language settings in browsers, the site the user came from, keywords searched (if arriving from a search engine), the number of page views, information entered, advertisements seen, etc.|
|Log Data||Tryane automatically records certain information from your account and your activity on the site and the Service. This information may include the IP address, access times|
For each client, data is stored with the following precautions:
Clients’ data storage is located in France in our Azure production environment, which guarantees that our clients’ data is clearly isolated and under French jurisdiction. Client’s data is never to be transferred outside of France.
If Tryane plans to modify the storage country, Tryane will notify the Client in advance without any delay. Tryane shall give to the Client an updated list of the storage countries.
We take all steps required to protect the personal data we process. We ensure an appropriate level of security, protection and confidentiality based on the sensitivity of your data, using administrative, technical, and physical measures preventing any loss or theft or any unauthorized use, disclosure or alteration of your data. Amongst all those principles we can cite:
The security rules are available on demand.
Most of the data (users’ activities in Microsoft products) is generated and processed automatically without user interaction, which guarantees a high level of quality of processed data.
Other information such as user profile options, notification options, company structure modeling and any other option available in the end-user interface (website) can be updated manually. The User is solely responsible for circulating this data and he is required to ensure this information is accurate.
In order to guarantee the highest level of quality, all data collected by the application is always subject to multiple validations (format validation, content validation) before being processed and stored by Tryane Analytics.
Tryane does not share personal or any other kind of information with companies, organizations, and individuals unless one of the following circumstances applies:
In all those circumstances, Tryane privacy rules will be communicated to third parties to whom personal information may be disclosed. Third parties must align with Tryane Security, Privacy and Confidentiality policies, and will be selected using criteria described in the Security Policy (available on demand).
Tryane will maintain a record of authorized disclosures of personal information that is complete, accurate, and timely.
Tryane would take remediation action in response to misuse of personal information by a third party to whom Tryane would have transferred such information.
In the future, if Tryane has to change this policy and share personal data to third parties not identified by the circumstances described above, Tryane will first notify all its affected customers and ask for consent before any data is shared.
Tryane uses Azure AD applications to collect your data (Please refer to chapter “How do we collect your data”).
Azure AD applications follow an authorization model that gives users and administrators control over how data can be accessed: our applications define a set of permissions required by Tryane to perform the Tryane Analytics services.
To benefit from those permissions, Azure AD applications have to request these permissions from users and administrators, who must approve the request before the app can access data or act on a user's behalf. Request approvement is performed using a standard consent prompt workflow (managed by Microsoft), and designed to ensure users have enough information to determine if they trust the client application to access protected resources on their behalf (for more details about Azure AD application consent, please refer to https://docs.microsoft.com/en-us/azure/active-directory/develop/application-consent-experience)
In conclusion, Tryane cannot access any of your data until a user or and administrator of your tenant has explicitly given his consent to. Furthermore, access to your data is limited to the permissions listed in our Azure AD applications.
If in the future and as part of the product evolution, if Tryane Analytics requires new permissions, it will result in the modification of the authorizations of associated Tryane Azure AD applications. Therefore, Clients and Users will be automatically prompted to re-consent the Tryane Azure Ad applications, and the associated data collection and processing activities.
In accordance with the GDPR, data subjects benefit from several fundamental rights:
Data subjects can enforce their rights by sending an email to email@example.com.
In your request, please make clear that you want to exercise your rights. We will answer by sending you a questionnaire; this questionnaire will allow us to identify which of the above rights you would like to enforce and to request for a proof of your identity. If your request is legitimate, it will be processed as soon as possible; we will comply with your request promptly, but in any event within thirty days of your request. Otherwise, we will communicate the reasons for our refusal.
In the event that your personal data has been transmitted to a 3rd party (in accordance with the criteria defined in chapter "Sharing your data"), Tryane will also transfer your request to this 3rd party.
In accordance with the GDPR article 33 (https://gdpr-info.eu/art-33-gdpr/), Notification of a personal data breach to the supervisory authority, Tryane will notify the breach of personal information to its impacted Clients not later than 72 hours after having become aware of it.
The notification must:
Tryane will create and maintain a record of detected or reported unauthorized disclosures of personal information.
In accordance with our Security Policy, Tryane only works with third parties who can provide us with a data breach notification commitment.
At the end of a customer's subscription period, the customer account is "closed." In this state:
At the end of these 30 days, the customer's data is automatically and permanently deleted. Deletion of customer data consists of:
The customer's reference and the history of the actions made on this account (subscription to a module, etc.) are retained for functional management.
If you have questions, concerns, or complaints about this Policy or our data collection or processing practices, if you want to report any security violations, or just simply ask a question, please contact us by sending an email to firstname.lastname@example.org or by using the “Help” button available in the Tryane Analytics web site.
Tryane may update those General principles to reflect changes to our information practices. If we make any material changes we will provide notice by notifying you by email (sent to the e-mail address specified in your account), prior to the change becoming effective.
Tryane will also keep prior versions of this those principles for your review.
|1.1||26/10/2016||Updated CGU / Benchmark data usage|
|1.2||22/04/2018||Updated Tryane address Updated Tryane Analytics data sources|
|1.3||25/05/2020||Recreated policy from scratch, in the context of the SOC2 certification process.|
|1.4||19/04/2021||Updated chapter 7: expired personal data will be automatically deleted within 12 months|