• By regulation and standard
  • By product
  • Personal data protection and respect for privacy
  • Multi-conformités
  • Governance
  • Compliance
  • Risk management
  • Automation
  • All products

GDPR frameworks

  • GDPR compliance framework
  • Optimal organization of GDPR compliance
  • Achievement and day-to-day management of GDPR compliance
  • GDPR awareness-raising
  • Performance assessment

Smart Whistleblower®

– Launch of alerts
– Global monitoring of alerts
– Alert Action Planner
– Improved capacity for action, understanding, governance


Smart Integrity Index®

  • Installation of the anonymous integrity-indexing platform
  • Preparation of the integrity-indexing questionnaire
  • Information gathering to identify shortcomings
  • Integrity-assessment report

Smart Global Academy®

  • Activation of training register
  • Planning of training
  • Performance assessment
  • Compliance documentation

Smart Partner Network®

  • Creating value innovation
  • Increase your sales
  • Benefit from training
  • Benefit from advantages
  • Be Smart Global Governance® accredited

Smart Certification Partnership

  • Digitization of the certification frame of reference
  • Digitization of the certification audit process
  • Configuration of the applicant’s documentation interface
  • Remote collaboration with the certifying third party
  • Dashboard creation and monitoring

Smart Compliance Index®

  • Setting out the strategic guidelines for compliance
  • Creation of dashboards

Smart Compliance Booster®

  • Optimal compliance organization
  • Selection of your compliance obligations
  • Establishment and day-to-day management of compliance
  • Dissemination of a compliance and risk culture
  • Performance assessment for each compliance framework

Smart elasticReg®

  • Selection of compliance frameworks
  • Adaptation of the compliance frameworks to your operating context
  • Use with Smart Compliance Booster®

Smart Retention Duration®

  • Definition of your data retention policy
  • Online help with a selection of over 80 jurisdictions relevant to your Organization
  • Use of legal retention periods for minimum and maximum civil data, criminal, fiscal, social and data privacy

Smart Data Discovery®

  • Automated mapping of the information system
  • Automated mapping of metadata and data

Smart Data Catalog®

  • Creation of your data catalogue
  • Automatic provisioning of your data catalogue

Smart Certification Readiness

  • Selection of the certification reference framework
  • Launch of the certification process
  • Internal diagnostic of certification
  • Collaborative management of tasks linked to certification recommendations
  • Drawing up and monitoring of dashboards
  • Remote collaboration with the certifying third party

Smart Vendor Risk Management®

  • Creation of a directory of Third Parties
  • Sending of multi-conformity questionnaires
  • Third Party Evaluation
  • Automatic relaunch of Third Parties to get answers to questionnaires
  • Automatic analysis of responses and feeding of a queue of non-v responses
  • Automatically verifiable
  • Collaborative project management to mitigate risk
  • Follow-up of relations with third parties regarding compliance

Smart Request Automation®

  • Configuration of your decision-making process and associated response messages
  • Connection to your information system
  • Decision making on how to respond to a person’s request to exercise his/her rights
  • Fully automated processing with the possibility to intervene manually where necessary
  • Documentation is held in the record of people’s requests to exercise their rights

Smart Process Automation®

  • Automation thanks to the connections that exist between Smart Global Governance® and over 1 500 third-party software            packages
  • Automation of made-to-measure reports
  • Automation of information-gathering from public and/or private databases

Smart Internal Audit®

  • Definition of the audit plan
  • Collection of internal and external information
  • Automatic analysis of malfunctions and margins for improvement
  • Elaboration of recommendations for the efficiency of the Organization
  • Collaborative management of tasks related to recommendations
  • Elaboration and follow-up of dashboards


Privacy Policy for Data Protection


Within the framework of its activity, SMART GLOBAL GOVERNANCE, a company under French law registered in the Trade and Companies Register of Grasse under the number 853 951 556, whose head office is located at 1240 route des Dolines 06560 Valbonne, processes personal data in the database of its solution.

Smart Global Governance provides a platform to manage and pilot data protection compliance regulations to customers around the world, hereinafter referred to as “customers”. This solution is made available to SMART GLOBAL GOVERNANCE Customers in the form of a subscription in the legitimate interest of customers who wish to have a regulatory compliance solution. SMART GLOBAL GOVERNANCE’s customers are therefore exclusively composed of public or private organisations concerned by these regulations and who wish to have a tool or an online management solution.

3 types of data are concerned:

  1. Personal data of customers and prospects appearing in the CRM and internal management tools of SMART GLOBAL GOVERNANCE.
  2. Personal data of its Clients/Users, produced by the client directly in the service
  3. Personal data of partners, subcontractors of Smart Global Governance.

These provisions set out our personal data protection policy which constitutes the commitment of SMART GLOBAL GOVERNANCE with regard to the respect of privacy and the protection of personal data collected and processed with the use of SMART GLOBAL GOVERNANCE’s services under the conditions referred to in the General Terms of Use of SMART GLOBAL GOVERNANCE’s services.

This policy may be modified in accordance with legal and regulatory developments, in particular those of the French Data Protection Act relating to information technology, files and freedoms, and the European Regulation on the protection of personal data known as the “GDPR” (General Data Protection Regulation) as they exist at present and as they may be amended, and any other rules, laws, recommendations, regulations of the French data protection authority or any competent European supervisory authority.

The purpose of these Confidentiality Rules is to tell you what information SMART GLOBAL GOVERNANCE collects and for what purpose, as well as how to update, manage, export and delete it.

Data Controller – Data Protection Officer

SMART GLOBAL GOVERNANCE has appointed M° Odile Dussart, lawyer at the Draguignan Bar, 95 avenue Victor HUGO 83700 SAINT RAPHAEL (FRANCE) as Data Protection Officer (DPO).

The data controller is Smart Global Governance, represented by Mr. Guignard Benoît, manager.

Data produced by Smart Global Governance relating to customers

Description of the treatment

SMART GLOBAL Governance collects non-sensitive business data about customers and prospects.

Data Collected

The personal data collected may include the following:

  • Sex, first name, surname
  • Function
  • Title
  • Company
  • Professional email
  • Direct telephone or business mobile phone
  • Business mailing address

Purposes of collecting personal data

SMART GLOBAL Governance collects and uses the personal data of clients/prospects for the needs of its business and in particular for the following purposes:

  • To follow and ensure the commercial follow-up of its customers and prospects through marketing operations, support and communication.
  • Serving Smart Global Governance Customers who subscribe to our solution

SMART GLOBAL GOVERNANCE ensures that the personal data of clients/prospects is kept up to date throughout processing so that it is not obsolete.

Subject to the applicable local legislation, by providing their professional email, the customer has expressly authorized SMART GLOBAL GOVERNANCE to use it with other useful personal data among those mentioned in the previous paragraph to send them commercial messages or to ensure the support of its services.

SMART GLOBAL GOVERNANCE is also likely to use the decision-maker’s professional email for administrative or other non-marketing purposes (for example, to offer them access to their personal data in order to update it).

These purposes have been brought to the attention of the Data Protection Officer of SMART GLOBAL GOVERNANCE who has included them in his register.

Storage of the data:

SMART GLOBAL GOVERNANCE only keeps the personal data of clients/prospects for the time necessary for the operations for which they were collected and in compliance with the regulations in force. This parameter is systematic, obligatory and present for each contact. Each data collection indicates the duration of explicit consent as well as the storage period and its purpose (with a default storage value of 18 months).

Restricted access to personal data

Only duly authorised recipients may have access, within the framework of an access management policy, to the information necessary for their activity. Actually, SMART GLOBAL GOVERNANCE defines the rules of access and confidentiality applicable to the personal data processed. Access rights are granted in accordance with the User’s function and are updated in case of upgrade or change of function. This internal company document and appendix to our internal regulations is available on request by mail from the SMART GLOBAL GOVERNANCE data processing manager.

Data collection process

The data collection process is based on the following elements CONFIDENTIALITY AND PROTECTION POLICY

Source of collected data

  • Direct collection from customers/prospects or from our partners by telephone in compliance with the principle of prior information within the framework of B2B use of personal data.

Qualification of collected data

  • Initial qualification
    All the data collected are checked (by telephone or with the person concerned), directly with the decision-maker or, failing that, with a reference contact (assistant, company communication department if necessary).
  • Regular qualification
    At least twice a year, SMART GLOBAL GOVERNANCE verifies that the personal data collected is not obsolete. This is done automatically via the administrative and customer support team.
    This verification takes the form of a telephone call to the decision-maker’s business contact details, enabling the change in professional information to be identified and the data to be updated accordingly if necessary. This can also be done via the Smart Global Governance platform by the end user who has the possibility to update their personal information.

Right to your data

SMART GLOBAL GOVERNANCE implements the necessary means to ensure that clients/prospects have access, rectification, opposition, limitation, portability and deletion of personal data concerning them when they request it. Data may be rectified, completed, updated, locked or deleted when they are inaccurate, incomplete, ambiguous, outdated, or when their collection, use, communication or storage is prohibited.

In accordance with the French Data Protection Act No. 1.165 as amended, clients/prospects have the right to access, rectify and oppose information concerning them by contacting: (or the data controller)

Transfer of data collected on customers/prospects

The personal data collected relating to customers/prospects is hosted within the European Union only. All data is processed by SMART GLOBAL GOVERNANCE employees located within the European Union being the headquarters of Smart Global Governance.

SMART GLOBAL GOVERNANCE uses the services of its subcontractor Microsoft Azure for the hosting in France of all data concerned by its data processing.

Security of personal data

SMART GLOBAL GOVERNANCE attaches particular importance to the security of its Data and implements all appropriate measures in order to limit the risks of loss, deterioration or misuse thereof.

To this end, SMART GLOBAL GOVERNANCE ensures the security of personal data of clients/prospects/users/customers/prospects by implementing data protection reinforced by the use of physical and logical security means.

SMART GLOBAL GOVERNANCE has taken all reasonable precautions to preserve the security of personal data and, in particular, to prevent them from being distorted or damaged or from unauthorised access to them by third parties.

These security measures include the following in particular:

  • Organizational measures
    • Opening access to SMART GLOBAL GOVERNANCE employees when hiring, and closing upon dismissal from the company. The access integrates the management of rights limiting the access to the data according to the employee’s profile.
    • External security audit carried out regularly by an expert service provider.
    • Inactivation of obsolete downstream data
    • Setting up secure servers to carry out data exchanges
  • Logical security measures
    • Regular backup of its entire infrastructure
    • Access to business applications controlled by password and login with profile-based rights management
    • Historization of mass data manipulations
    • Historization of all the data consulted on our system
    • Advanced activation management
    • Securing workstations (access to workstations after authentication via login / password) and access to the database (authentication via login / dedicated password)
    • Restricted access to business tools limited to the company’s premises
    • Daily update of workstations, antivirus software on all workstations
    • Connections to the application tools are encrypted in TLS or SSH.
  • Physical security measures
    • Each employee has access to the premises with a personalised badge and during specific time slots.
    • Building guarded night and day

The data is stored on a cloud infrastructure and is subject to computer processing in order to provide the service subscribed to by the Customer and to improve the services. The hosting servers on which SMART GLOBAL GOVERNANCE processes and stores the databases of its Customers/Users are exclusively located within the European Union.

Distribution of the data privacy policy

The privacy and data protection policy is distributed:

  • Internally to employees as an appendix to the company’s internal regulations
  • As part of the General Terms and Conditions of Use.

This policy will be renewed each time a new DPO is appointed and otherwise every three years. Validation by Odile Dussart in her capacity as Data Protection Officer.

Date of last update : 24/05/2018