Data processing purpose
Lifetime Analytics aims to increase churn retention and revenue growth while analyzing subscription data collected by its clients, the Telecom Operators, to design marketing and care actions. The Operator keeps the execution of the action, including the contacts with the subscribers.
Lifetime Analytics acts a data processing supplier for the Operator.
Lifetime Analytics operates under the GDPR regulations applying to the personal data processing supplier, registered to the French Authority (CNIL) under the designation number DPO-117712.
Lifetime Analytics operates with a single and independent Data Privacy Officer (operated by DPO Consulting France), in charge of the application of the GDPR within Lifetime Analytics product design, assessment and operations. The DPO offers a single point of contact about data privacy to the operator and the regulator via email@example.com
Scope of Data under Privacy
Lifetime Analytics application stores and process automatically pseudonymized data (containing only technical ID without any contact information) about the subscribers of product and services provided by the Operator every month.
Regarding the data used by Lifetime Analytics, the related data classification is "non-sensitive personal data", that is excluding any :
- Identification data (name, ID number, address, phone number, MSISDN …)
- Sensitive personal data, including racial, ethical, religious, philosophical, political or union membership, sexual orientation, genetic, biometric and health.
- Banking personal data, including credit card, IBAN numbers, etc
The data used by Lifetime Analytics are related to the use of the product and service subscription, as described into Which Subscription Data are used by Lifetime Analytics.
The Data Privacy Officer (DPO) of the Operator can review and manage the data used by Lifetime Analytics directly into the application (See Data Reference for more details)
Location of data storage and processing
For EMEA clients, the data are stored and processed in Amsterdam, Netherlands, with a secondary site in Dublin, Ireland.
For North America clients, the data are stored and processed in Toronto, Canada. Additional locations may be added for North America clients.
Each tenant of client data storage are separated and isolated from each others, without any transfer between locations.
Note the control of the location of the data storage and processing is ensured by single location virtual private networks per environment and per client, ensuring a strict location of the data storage and processing, including for backup, load balancing and cache systems.
The data provided to Lifetime Analytics are only accessible the users defined by the client into the application User management module.
The direct access to the database is not permitted, excepting for support operations requested by the client's user through the Support Management system of the application.
Data privacy governance
The Operator, including its Data Privacy Officer (DPO), ensures :
- Data collection from its subscribers, accordingly to its own directives
- Data definition for the data provided to Lifetime Analytics, according to its own directives for the purpose of the processing with Lifetime Analytics
- Data retention period definition, according to its own directives
- Transmission of Data removal request for subscriber requesting data removal to the operator
Lifetime Analytics executes for the Operator :
- The application of the limitation of scope, according to the definition of data performed by the Operator DPO
- The application of the retention period, accordingly to the definition of the Operator DPO
- The execution of data removal request issued from the Operator DPO
- The report of any Data Privacy Breach
Data privacy procedures
Lifetime Analytics applies the following procedures :
- Data processors assessment procedure
- Data retention policy procedure
- Data subjects request procedure
- Employee data protection policy procedure
- Personal data breach report procedure
- Employee GDPR clauses
- Supplier GPDR clauses or risk assessment
- IT charter clauses
Lifetime Analytics ensures yearly assessment of risk (PIA), conducted by the 3rd party DPO.
Data Privacy Features
Lifetime Analytics application offers features to manage the Data Privacy :
- Definition of the data used by the application (See Data Reference)
- Data retention period for automated data purging
- Removal of data in application of the Data Subject Request
Lifetime Analytics ensures the application of the Data security procedures as described into the Data Security Policy document, enforced by the management team of Lifetime Analytics, including :
- Cloud network and servers practices
- On-site network and servers practices
- Workstation security practices and procedures
- Password management practices and procedures
- Acceptable usage practices and procedures
- Encryption practices and procedures
- Email practices and procedures
- Document metadata practices and procedures
- Remote access practices and procedures
- Employee termination practices and procedures
- On-site visitor and contractor access practices and procedures
- Enforcement practices and procedures
Regular cyber security / pen tests are executed by 3rd party companies, with results available upon request.