Security and Confidentiality

When the Lawyer uses and subscribes to the various services of Symplicy, he entrusts his valuable data as well as that of his clients or potential clients (hereinafter referred to as end users or end user).

The Symplicy solution is a platform (SaaS) that allows the Lawyer to:

  • Manage the influx of requests received via Contact Forms. These Contact Forms are installed on the Lawyer’s website.
  • Conduct legal research (case law, Document Template) via a Personal Space.

Symplicy has made it a priority to protect its data and offer choices to the Lawyer for control.

Symplicy understands that Lawyers are particularly concerned about how Symplicy uses, collects, processes and protects data.

Symplicy processes, collects, retains the data of these end users when they use its service.

By using Symplicy’s services to contact the Lawyer, the end users will be required to fill out a form.

On the Lawyer’s website, the end user completes and sends the form.

The Lawyer directly receives the completed form in his inbox as well as in his Personal Space.

Security

Data centers

The data and main servers of Symplicy are hosted in the data center of Amazon Web Services (AWS), Microsoft and OVH Cloud.

Symplicy’s servers are located in the European Union.

Amazon Web services:

  • Amazon Web Services infrastructure implements solid guarantees to help protect customer privacy. The data processed by Symplicy is stored in highly secure AWS data centers.
  • For a detailed overview of all security and privacy measures, visit the AWS Cloud Security page.
  • For a list of all current security accreditations, visit the AWS Compliance Programs page.

Microsoft:

  • Symplicy also uses Microsoft infrastructures, in particular for mail hosting and data backup. These are backups of data hosted at AWS.
  • Microsoft implements robust infrastructures which you can consult by following this link.

OVH:

  • Symplicy uses OVH for the management of its domain names.
  • OVH implements a range of security measures which you can discover by following this link.

Privacy and GDPR

What is the GDPR?

In 2016, the European Commission adopted the new General Data Protection Regulation (Regulation No 2016/679). It came into effect on May 25, 2018.

Why is the GDPR important?

The GDPR adds new requirements regarding how companies must protect individuals’ personal data.

What does Symplicy do to comply with the GDPR?

Symplicy has always worked in compliance with the GDPR and lawyer’s ethics. Symplicy wishes to continue in this direction.

Symplicy works hard to meet its obligations as a data controller and also as a subcontractor under article 28 of the GDPR.

Symplicy has taken appropriate technical and organizational measures to protect personal data from any unauthorized access, use, loss or disclosure.

For example,Symplicy has taken the following measures:

  • Symplicy keeps a record of the processing of personal data. It is available upon simple request.
  • Symplicy maintains a procedure in case of data leaks, theft as well as a record of data leaks, thefts. To date, there has never been a data leak or theft.
  • Symplicy provides a list of its subcontractors.
  • Symplicy has implemented an internal policy informing and obliging its administrators, employees to maintain the confidentiality of data and comply with the GDPR. Symplicy has implemented a Sharepoint in order to raise its team’s awareness of personal data issues.
  • Symplicy is able to inform the Lawyer without delay in case of data breach (even though Symplicy and its subcontractors work hard to ensure this is not necessary).
  • Symplicy has a username and password policy on all its systems.
  • Symplicy pseudonymises personal information when necessary.
  • Symplicy systematically backs up personal data in order to recover them in case of physical or technical incidents.
  • Symplicy regularly tests and evaluates its measures, and adjusts them if necessary.
  • Symplicy has been guided by competent legal experts in privacy matters.
  • Symplicy keeps informed of the guides and guidelines published by the CNIL and by the Personal Data Authority of Belgium.

Useful resources