Acquire

Privacy Policy

This policy describes the data processings of the company Mantra, a French simplified joint stock company (société par actions simplifiée) with headquarters located at 65 rue de la Croix, 92000 Nanterre (France), and registered with the trade and companies register of Nanterre under number 892 440 959, regarding of the use of the website https://www.mantra.ms/ (hereafter the “Website”) and the implementation of its phishing simulation and cybersecurity training solutions. (hereafter the “Solutions”).

Mantra and personal data

For the purposes of this document, "personal data" has the meaning defined in Article 4 of the "General Data Protection Regulation" (GDPR).

These data are collected, recorded and stored in accordance with the provisions of the law relating to data processing, files and freedoms of January 6, 1978 (Loi n° 78-17 du 6 janvier 1978 relative à l'informatique, aux fichiers et aux libertés dite Loi informatique et liberté) in its current version, as well as with the provisions resulting from Regulation (EU) n °2016/679 (GDPR).

Nature of the processings and data collected for which Mantra acts as data controller – applicable legal basis

Nature of the main processing operations provided as data controller and applicable legal basis:

Processing activity

Data collected

Lawful basis

Retention period

Management of contact requests

Name, Function / employer, Content of the request

3 years

Consent

Name, company name, email, phone number, products, language, company size.

3 years

Contract and pre-contractual measures

Email

Until consent is withdrawn

Consent

Email and phone number, white paper type.

3 years

Consent

E-mail and phone number

3 years

Consent

Surname, name, email and telephone number

3 years

Consent

Name, email content of exchanges

3 years

Consent

Name of the participant

Name of the organization to which the participant belongs

Nature of the training followed

Date and duration of the training

Contract duration

Consent

Name

Function

Employer contact information

Professional contact details (email/ telephone/ name of employer/ address)

Username and password

Login data

Until the account is closed

Contract and pre-contractual measures

Account data

Time since last use

2 years

Contract and pre-contractual measures

Name

Nature of the problem encountered

Content of the request

Data covered by a request if applicable

Modalities for obtaining consent

Duration of pre-litigation and litigation processing

Legal and regulatory obligations

White paper download

Newsletter subscription

Management of quote requests

Management of demo requests

Management of free trial requests

Website chat management

Training services offer

Management and creation of administrator accounts

Monitoring of inactive accounts

Management of requests to exercise the rights provided for by the GDPR

Only the data necessary for the processing mentioned above are processed

Nature of the processings and data collected for which Mantra acts as a subcontractor

Processings

Data type

Legal basis

The duration of the conservation

Persons concerned

Sending simulated phishing emails

Position within the client

Employees list (last name first name, department, location, time zone, software used, language)

Employees list (last name first name, department, location, time zone, software used, language)

Contract

Duration of the contract or for 3 consecutive years

Clients and prospective clients’ employees

Monitoring employees' results in the simulation

Last name, first name, position, email address, number of clicks in-mail, opening time and date, report time and date, sensitive action rate (Documents opened, downloading, Credential inputted) 

Contract

Duration of the contract or for 3 consecutive years

Clients’ employees

Identifying suspicious emails

Sender’s email address, email subject, email body, employee reporting (time and date)

Contract

Duration of the contract or for 3 consecutive years

Clients’ employees

Employees training (chatbot)

Client’s corporate information 

List of employees

Contract

Duration of the contract or for 3 consecutive years

Clients’ employees

Monitoring of employees’ training (chatbot)

List of employees (first name, last name, department) courses taken, progression.

Contract

Duration of the contract or for 3 consecutive years

Clients’ employees


Analysis of the employees’ e-mails

Metadata/Message headers: (senders and recipient’s information, email address domain name, IP address, time and date of the exchange, country, workstation, nature of the e-mail services used, outbox location, Computer system location.)

Contract

Duration of the contract or for 3 consecutive years

Any person whose data is processed through emails

Add a trusted sender

(Email analysis)

Sender’s and recipient’s email address.

Contract

Duration of the contract or for 3 consecutive years

Any person whose data is processed through emails

Analysis of how the passwords are used

User’s ID (last name, first name, e-mail address)

Password input Time and date on a suspicious website, suspicious website.

Contract

Duration of the contract or for 3 consecutive years

Client’s employees

Analysis of the downloaded files

File type

Contract

Duration of the contract or for 3 consecutive years

Client’s employees

Analysis of the browser extensions

Name of the browser extension

Contract

Duration of the contract or for 3 consecutive years

Client’s employees

Transfer of personal data outside the European Union

Mantra does not transfer personal data outside the European Union.

In the event that a customer or sub-contractor is located outside the European Union or a country benefiting from an adequacy decision, Mantra will enter into European Commission standard contractual clauses with this customer or subcontractor in order to regulate the conditions of transfer and access to personal data.

Security and confidentiality of personal data

Mantra takes all necessary measures to ensure that access to personal data is strictly limited to those who need to access it in the context of the provision of its services.

In particular, Mantra ensures that persons authorized to process personal data for the purposes of providing the services undertake to comply with an obligation of confidentiality or are subject to compliance with an appropriate obligation of confidentiality.

Mantra also undertakes to implement sufficient and appropriate technical measures to preserve the integrity and confidentiality of personal data and to protect them against accidental or unlawful destruction, loss, alteration, dissemination or unauthorized access and against any other form of unlawful processing. These measures must ensure, taking into account the state of the art and the costs associated with their implementation, an appropriate level of security with regard to the risks presented by the processing and the nature of the personal data to be protected. Mantra uses secure means of communication to process personal data.

Rights of persons

Mantra collects the personal data referred to in this policy from representatives of its customers, visitors to the Website and users of its solutions.

The persons concerned have a right of access, rectification and erasure of their personal data which is exercised by sending an email to the address: guillaume@mantra.ms 

In the event of difficulties in the processing of their personal data, the persons concerned may contact the French data protection authority (CNIL) or any competent authority.

Cookies

The Website and the Solutions use cookies.

Some cookies are strictly necessary for the operation of the Website and the Solutions and allow in particular to exchange with the user on the chat.

When Mantra uses cookies that are not strictly essential to the operation of the Website and the Solutions, these are only placed on the browser after acceptance by the Website visitor. Navigation preferences can be changed at any time.