GDPR Compliance

Our GDPR Commitment

The Tesseris service, published by Sohmware SARL with a capital of 5000 euros, SIREN 749862322, NAF 62.02A (3 rue Hanau, 67350 Niedermodern, France) and hosted by OVH SAS in France (2 rue Kellermann, 59100 Roubaix), is fully committed to respecting the General Data Protection Regulation (GDPR). French hosting guarantees compliance with European regulations for your main data. Certain necessary interactions with external APIs may involve transfers to servers located outside the EU, within the strict framework of route optimization. For your end customers' data, Tesseris acts as a processor under your data controller responsibility.

1. Fundamental Principles Respected

We rigorously apply GDPR principles: (a) Lawfulness, fairness and transparency: legal and transparent processing; (b) Purpose limitation: collection for specific and legitimate purposes; (c) Data minimization: collection limited to what is necessary; (d) Accuracy: up-to-date and correct data; (e) Storage limitation: defined durations; (f) Integrity and confidentiality: enhanced security; (g) Accountability: demonstration of our compliance.

2. Legal Bases for Our Processing

Each data processing has a legal basis compliant with GDPR: (a) Contractual performance: account management, billing, service provision; (b) Legitimate interests: service improvement, security, technical support; (c) Consent: newsletter, marketing communications; (d) Legal obligations: invoice retention, tax declarations; (e) Protection of vital interests: exceptional emergency situations.

3. Data Subject Rights

We guarantee the effective exercise of all your GDPR rights: (a) Information and access: complete transparency on our processing; (b) Rectification: correction of inaccurate data; (c) Erasure ('right to be forgotten'): deletion under conditions; (d) Restriction: temporary blocking of certain processing; (e) Portability: recovery in exploitable format; (f) Objection: refusal of certain processing; (g) Withdrawal of consent: at any time for relevant processing. Response time: 1 month maximum.

4. Data Breach Management

We have implemented a strict procedure in case of breach: (a) Rapid detection and assessment of the incident; (b) Notification to CNIL within 72h if risk to rights and freedoms; (c) Information to concerned persons without delay if high risk; (d) Complete documentation of the incident and measures taken; (e) Post-incident analysis to strengthen security. We maintain a breach register in accordance with GDPR.

5. Governance and Controls

Our GDPR organization includes: (a) Data controller: Tesseris management team; (b) Data protection officer: dpo@tesser.is; (c) Processing register: kept up to date and available; (d) Impact assessment (DPIA): performed for our route optimization service in accordance with Article 35 of GDPR, considering international transfers, data interconnection and large-scale automated processing; (e) Internal audits: regular compliance checks; (f) Training: continuous awareness of our teams.

6. Complaints and Appeals

If you believe your rights are not respected: (a) Contact us first: we are committed to resolving any problem quickly; (b) Supervisory authority: CNIL (Commission Nationale de l'Informatique et des Libertés) - www.cnil.fr; (c) Online complaint procedure on the CNIL website; (d) Mail: CNIL - 3 Place de Fontenoy - TSA 80715 - 75334 PARIS CEDEX 07. We fully cooperate with supervisory authorities.

7. Evolution and Continuous Improvement

Our GDPR compliance constantly evolves: (a) Regulatory watch: monitoring legislative and jurisprudential developments; (b) Continuous improvement: adaptation of our processes and tools; (c) Change notification: email information for any substantial modification; (d) Renewed consent: explicit request if necessary; (e) Updated version: always available on tesser.is/gdpr with last modification date.

Data Processing - End Customers

For your end customers' data (individuals), Tesseris acts as a GDPR processor. You remain the data controller and must comply with your obligations: information, consent, data subject rights. Our role is limited to technical processing for route optimization according to your instructions.