← Back to App

Privacy & Data Protection Policy

ARTICLE 1: LEGAL IDENTITY AND DATA CONTROLLER

The BOSControl application is published by:

• Company Name: LinkeBIM SARL
• Registration: [FR23 825173313]
• Registered Office: 59 rue de la forge, gavisse 57570 France
• Legal Representative: Mr BOSC Matthieu, as CEO.
• Contact: contact@linkebim.com

ARTICLE 2: SCOPE AND DEFINITIONS

This policy governs the processing of data within the BOSControl ecosystem.

• User: Any natural person authenticated via an Azure AD tenant.
• Organization: The legal entity (Client) that has subscribed to the service.
• Resources: Physical assets (desks, meeting rooms, parking spaces) modeled within the application.

ARTICLE 3: TECHNICAL INVENTORY OF COLLECTED DATA

BOSControl adheres to the principle of data minimization (Privacy by Design).

3.1 Identity Data (via Azure AD OIDC)

• Unique Identifier (Object ID), First Name, Last Name, Professional Email Address.
• Role attributes and professional specialties (as defined in the BOSControl RBAC module).

3.2 Microsoft Graph Synchronization Data (Restricted Scope)

In accordance with Microsoft's policy on "Restricted Scopes," BOSControl only accesses:

• Calendars.ReadWrite: Exclusive Read/Write access to events created by the application or identified as being linked to a Resource.
• User.Read: Basic profile information for interface display purposes.

Technical Note: We never store the content of email bodies or attachments. Only event metadata (ID, Timestamps, Resource ID) is persisted.

3.3 Spatial and Audit Data

• Reservation logs (Who, What, When).
• Security audit logs (access attempts, changes to administrative rights).

ARTICLE 4: SECURITY AND STORAGE ARCHITECTURE

3.1 Encryption and Integrity

• In Transit: All data flows are secured via TLS 1.3 with certificates managed by Google Trust Services.
• At Rest: Data stored in Firebase/Firestore is encrypted using the AES-256 algorithm. Encryption keys are managed via Google Cloud KMS.
• Application Level: Sensitive identifiers (e.g., Azure API Keys) benefit from a double layer of encryption (Application-side encryption before storage).

3.2 Data Isolation (Multi-tenancy)

BOSControl utilizes a strict logical siloing architecture. Firebase Security Rules prevent any data leakage between Tenants (e.g., a user from one client cannot physically query data from another client, even with a valid token).

3.3 Data Localization

All data is hosted on Google Cloud Platform (GCP) servers located in Europe (regions europe-west3 or europe-west4), ensuring data sovereignty in compliance with CJEU (Court of Justice of the European Union) rulings.

ARTICLE 5: ACCESS MANAGEMENT (RBAC & CLAIMS)

Access to data is governed by a Role-Based Access Control (RBAC) model:

• Authentication utilizes Custom Claims injected into JWT tokens.
• Access to "Admin" and "Audit" modules requires explicit validation of the admin flag at the secure backend level.

ARTICLE 6: SUB-PROCESSORS

BOSControl relies on the following infrastructures, all of which are ISO 27001, SOC 2, and HIPAA certified:

• Google Cloud Platform (Firebase): Hosting and database services.
• Microsoft Azure: Identity management and Graph API gateway.

ARTICLE 7: RETENTION AND PURGE (DATA LIFECYCLE)

• Active Data: Retained for the duration of the subscription.
• Contract Termination Purge: Upon termination, data is fully deleted from production servers within 30 days (RTO).
• Security Logs: Retained for 12 months to meet legal traceability obligations.

ARTICLE 8: DATA SUBJECT RIGHTS (GDPR)

Each user has the right to access, rectify, port, and delete their data. Requests can be sent to: contact@linkebim.com.
A response will be provided within 72 business hours.

ARTICLE 9: SECURITY ASSESSMENT

BOSControl regularly performs automated vulnerability scans on its infrastructure. For Enterprise clients, an in-depth security audit or penetration test (Pentest) may be conducted upon request, subject to specific contractual terms and conditions.

ARTICLE 10: COOKIES AND TRACKING

BOSControl uses only essential technical cookies for authentication and session security. No data is sold to third parties or used for advertising purposes. We use Firebase Analytics/Sentry for anonymized performance monitoring and bug resolution.

We use LocalStorage solely to store your interface preferences (theme, display settings).

ARTICLE 11: MICROSOFT LIMITED USE COMPLIANCE

BOSControl's use of information received from Microsoft APIs will adhere to the Microsoft Application Data Usage Policy, including the Limited Use requirements. Data received from Microsoft APIs will not be used for advertising, nor will it be transferred to data brokers. BOSControl strictly guarantees that no customer data, including spatial layouts or calendar metadata, is used to train large language models (LLMs) or artificial intelligence algorithms for third-party use.