This policy describes the data processings of the company Mantra, a French simplified joint stock company (société par actions simplifiée) with headquarters located at 65 rue de la Croix, 92000 Nanterre (France), and registered with the trade and companies register of Nanterre under number 892 440 959, regarding of the use of the website https://www.mantra.ms/ (hereafter the “Website”) and the implementation of its phishing simulation and cybersecurity training solutions. (hereafter the “Solutions”).
Mantra and personal data
For the purposes of this document, "personal data" has the meaning defined in Article 4 of the "General Data Protection Regulation" (GDPR).
These data are collected, recorded and stored in accordance with the provisions of the law relating to data processing, files and freedoms of January 6, 1978 (Loi n° 78-17 du 6 janvier 1978 relative à l'informatique, aux fichiers et aux libertés dite Loi informatique et liberté) in its current version, as well as with the provisions resulting from Regulation (EU) n °2016/679 (GDPR).
Nature of the processings and data collected for which Mantra acts as data controller – applicable legal basis
Nature of the main processing operations provided as data controller and applicable legal basis:
Management of contact requests
Name, Function / employer, Content of the request
Name, company name, email, phone number, products, language, company size.
Contract and pre-contractual measures
Until consent is withdrawn
Email and phone number, white paper type.
Surname, name, email and telephone number
Name, email content of exchanges
Name of the participant
Name of the organization to which the participant belongs
Nature of the training followed
Date and duration of the training
Name
Function
Employer contact information
Professional contact details (email/ telephone/ name of employer/ address)
Username and password
Login data
Until the account is closed
Contract and pre-contractual measures
Account data
Time since last use
Contract and pre-contractual measures
Name
Nature of the problem encountered
Content of the request
Data covered by a request if applicable
Modalities for obtaining consent
Duration of pre-litigation and litigation processing
Legal and regulatory obligations
Management of quote requests
Management of demo requests
Management of free trial requests
Management and creation of administrator accounts
Monitoring of inactive accounts
Management of requests to exercise the rights provided for by the GDPR
Only the data necessary for the processing mentioned above are processed
Nature of the processings and data collected for which Mantra acts as a subcontractor
The duration of the conservation
Sending simulated phishing emails
Position within the client
Employees list (last name first name, department, location, time zone, software used, language)
Employees list (last name first name, department, location, time zone, software used, language)
Duration of the contract or for 3 consecutive years
Clients and prospective clients’ employees
Monitoring employees' results in the simulation
Last name, first name, position, email address, number of clicks in-mail, opening time and date, report time and date, sensitive action rate (Documents opened, downloading, Credential inputted)
Duration of the contract or for 3 consecutive years
Identifying suspicious emails
Sender’s email address, email subject, email body, employee reporting (time and date)
Duration of the contract or for 3 consecutive years
Employees training (chatbot)
Client’s corporate information
List of employees
Duration of the contract or for 3 consecutive years
Monitoring of employees’ training (chatbot)
List of employees (first name, last name, department) courses taken, progression.
Duration of the contract or for 3 consecutive years
Analysis of the employees’ e-mails
Metadata/Message headers: (senders and recipient’s information, email address domain name, IP address, time and date of the exchange, country, workstation, nature of the e-mail services used, outbox location, Computer system location.)
Duration of the contract or for 3 consecutive years
Any person whose data is processed through emails
Add a trusted sender
(Email analysis)
Sender’s and recipient’s email address.
Duration of the contract or for 3 consecutive years
Any person whose data is processed through emails
Analysis of how the passwords are used
User’s ID (last name, first name, e-mail address)
Password input Time and date on a suspicious website, suspicious website.
Duration of the contract or for 3 consecutive years
Analysis of the downloaded files
Duration of the contract or for 3 consecutive years
Analysis of the browser extensions
Name of the browser extension
Duration of the contract or for 3 consecutive years
Transfer of personal data outside the European Union
Mantra does not transfer personal data outside the European Union.
In the event that a customer or sub-contractor is located outside the European Union or a country benefiting from an adequacy decision, Mantra will enter into European Commission standard contractual clauses with this customer or subcontractor in order to regulate the conditions of transfer and access to personal data.
Security and confidentiality of personal data
Mantra takes all necessary measures to ensure that access to personal data is strictly limited to those who need to access it in the context of the provision of its services.
In particular, Mantra ensures that persons authorized to process personal data for the purposes of providing the services undertake to comply with an obligation of confidentiality or are subject to compliance with an appropriate obligation of confidentiality.
Mantra also undertakes to implement sufficient and appropriate technical measures to preserve the integrity and confidentiality of personal data and to protect them against accidental or unlawful destruction, loss, alteration, dissemination or unauthorized access and against any other form of unlawful processing. These measures must ensure, taking into account the state of the art and the costs associated with their implementation, an appropriate level of security with regard to the risks presented by the processing and the nature of the personal data to be protected. Mantra uses secure means of communication to process personal data.
Rights of persons
Mantra collects the personal data referred to in this policy from representatives of its customers, visitors to the Website and users of its solutions.
The persons concerned have a right of access, rectification and erasure of their personal data which is exercised by sending an email to the address: guillaume@mantra.ms
In the event of difficulties in the processing of their personal data, the persons concerned may contact the French data protection authority (CNIL) or any competent authority.
Cookies
The Website and the Solutions use cookies.
Some cookies are strictly necessary for the operation of the Website and the Solutions and allow in particular to exchange with the user on the chat.
When Mantra uses cookies that are not strictly essential to the operation of the Website and the Solutions, these are only placed on the browser after acceptance by the Website visitor. Navigation preferences can be changed at any time.