OIE Session Générale

inwink compliance with GDPR 

The European regulation ‘’General Data Protection Regulation’’ (GDPR) came into effect on 25th May 2018.

inwink is a BtoB event-management solution available in SaaS mode, developed and published by Infinite Square SAS. The OIE uses the inwink platform to collect and process registration and attendance data pertaining to its events. 

The inwink platform enables the OIE, as Data Controller, to manage personal information about its participants by means of the platform user interface for the management of the OIE General Session. 

As Data Processor, Infinite Square is not allowed to manage personal information processed by the inwink platform unless it receives explicit and documented instruction from the Data Controller (the OIE). Data Protection Officer at OIE can be contacted at dpo@oie.int or by post at the following address: OIE, 12 rue de Prony, 75017 Paris, France, to the Legal Unit- DPO service. 

The Data Protection Officer at Infinite Square can be contacted at support@inwink.com regarding any question or request for creation, update, or deletion of data. 

It is the responsibility of business customers using inwink to generate forms which collect data, to ensure that the legal notices related to the collection of personal information be put into place. 

The inwink platform is hosted in Microsoft Cloud datacenters located in Europe (Dublin and Amsterdam), in order to guarantee that the data collected remain physically within the European territory. This hosting infrastructure is certified under the ISO/IEC 27018 – Cloud Privacy requirement. 

Data collected by the inwink platform are encrypted by means of the SQL Database Transparent Encryption functionality. 

A strict system of logs at the application level has been put into effect by design into the inwink architecture in order to detect and track any intrusion attempt. 

inwink is built on a PaaS architecture which implements current state-of-the-art practices in terms of application-layer security. 

Physical destruction of the entire set of data pertaining to a customer (hot data and backup data) is conducted right away upon request from the customer. 

The cookie policy in the front-end component of the inwink platform implements a strict classification rule of essential versus non-essential. 

It is the responsibility of the company or organization using the inwink platform to: 
  • Insert the appropriate legal notices into all forms collecting data, and to disclose the workflows of data collection and processing which are specific to this business customer 
  • Create a form to collect the requests from registrants and participants to access their personal information, in particular to implement the right to be forgotten 
  • Create specific pages to enable registrants and participants, once they have been properly identified, to access and modify their personal information 
  • To retrieve upon request the entire set of data collected pertaining to a participant or registrant to an event, or to delete the data physically and permanently