This is some text inside of a div block.
This is some text inside of a div block.
This is some text inside of a div block.
This is some text inside of a div block.

Cenareo is committed to protecting the confidentiality, integrity, and availability of data throughout its life cycle. This data protection policy describes the technical and organizational measures put in place by Cenareo to secure the data of its customers that are entrusted to it.

By implementing these data protection controls and fostering a culture of security awareness, we strive to provide our customers with the highest level of assurance about the security and confidentiality of their data. This policy will be reviewed and updated regularly to reflect technological developments, security threats, and regulatory requirements.

Responsibilities

  • Direction: Provides the resources and support needed to implement and maintain data protection controls.
  • IT security team: Owns and manages technical controls, ensures their effectiveness and regular updating.
  • All employees: Must follow data security policies and procedures, including data management practices and reporting suspected security incidents.

Access controls

  • Multi-Factor Authentication (MFA): Cenareo requires multi-factor authentication for all access to systems containing customer data. This combines several factors (password, security token, biometrics) to verify the identity of users.
  • Principle of least privilege: Access rights are granted on the basis of least privilege, that is, only those permissions that are strictly necessary for the performance of tasks.
  • Access logging and monitoring: All attempts to access customer data are recorded and monitored for suspicious activity.

Access to the Wi-Fi network

  • Restricted access: The Wi-Fi network is protected by access control mechanisms, including WPA2 encryption with strong passwords or pre-shared keys.
  • Guest network: A separate guest network can be offered to visitors or devices that do not need access to customer data. This network is logically separate from the main network and offers limited access to internal resources.

Device registration

  • Authorized devices: Only authorized devices registered with the IT department can connect to the Wi-Fi network, allowing them to be monitored and monitored.
  • Safety requirements: Registered devices must meet minimum requirements (up-to-date system, antivirus, firewall).

Multi-Factor Authentication (MFA)

  • Mandatory MFA: All devices accessing resources containing customer data, whether connected via wired or Wi-Fi, should use MFA.
  • MFA enrollment: All users authorized to access data should register their devices in the MFA system and follow established procedures.

Safety protocols

We require the use of secure protocols such as HTTPS for web browsing, secure file transfer protocols (SFTP) for data transfers over the Wi-Fi network, and SSH (Secure Shell) for remote access. These protocols encrypt data in transit, protecting it from eavesdropping or tampering. ‍

Approved encryption protocols

  • AES (Advanced Encryption Standard): Symmetric encryption algorithm that is widely adopted and considered to be secure for most applications. It exists in various key lengths (128 bits, 192 bits, 256 bits), with the 256-bit key being the most powerful.
  • RSA (Rivest-Shamir-Adleman): An asymmetric encryption algorithm used for public key cryptography. It is generally considered safe for key exchange and digital signatures when implemented with appropriate key lengths (at least 2048 bits)
  • TLS (Transport Layer Security) : Successor to SSL, TLS secures communication between applications on a network. It uses a combination of symmetric and asymmetric encryption to ensure data confidentiality and integrity. Versions 1.2 and 1.3 are considered safe. (Note: earlier versions of TLS (for example, 1.0 and 1.1) are out of date due to vulnerabilities.)
  • SSH (Secure Shell) : Secure protocol for remote access to computer systems. It uses strong encryption to protect user authentication and data transfer.

Outdated encryption protocols:

  • DES (Data Encryption Standard): an old symmetric encryption algorithm that is no longer considered secure for most applications due to the short length of its key (56 bits).
  • RC4 (Rivest Cipher 4) : it is a flow encryption algorithm that was once widely used but has known weaknesses. Its use is strongly discouraged due to its security weaknesses.
  • MD5 (Message-Digest Algorithm 5) :: cryptographic hash function used to verify data integrity. However, MD5 is no longer considered to be collision resistant and should not be used for new security implementations.
  • SHA-1 (Secure Hash Algorithm 1) : another cryptographic hash function with vulnerabilities. Although not completely broken, SHA-1 is no longer recommended for new applications and should be replaced by SHA-2 or SHA-3 variants
  • SSL (Secure Sockets Layer) : the predecessor of TLS, SSL, has known vulnerabilities and is no longer considered secure.

Prohibited activities

  • Unauthorized access: The use of the Wi-Fi network for attempts to gain unauthorized access to customer data or other restricted resources is strictly prohibited.
  • Malicious activity: any activity on the Wi-Fi network that could compromise network security or introduce malicious software is strictly prohibited. These include activities such as unauthorized file sharing, peer-to-peer applications, or running network scanners.

Network segmentation:

  • Firewall: we set up firewalls to segment our network and restrict unauthorized access to resources containing customer data. Firewalls act as barriers, allowing only authorized traffic based on predefined security policies.
  • Demilitarized zone (DMZ): Where appropriate, we use a DMZ to isolate highly sensitive systems containing customer data from the public internet. The DMZ acts as a controlled buffer zone, minimizing the attack surface of critical systems.
  • Virtual LANs (VLANs): we can implement VLANs to further segment the network and logically separate traffic flows. Communication between the various segments of the network is thus restricted, which reinforces data security.

Intrusion detection and prevention systems (IDS/IPS)

Cenareo plans to deploy IDS/IPS systems to monitor network traffic for suspicious activity and potential security threats. These systems can detect and block malicious attempts to access customer data.

Network Access Control (NAC):

Cenareo plans to implement the NAC system to enforce security policies on devices that attempt to connect to the network. The NAC ensures that devices meet specific security requirements (for example, updated operating systems and antivirus software) before allowing network access. This helps prevent compromised devices from accessing customer data.

Vulnerability Management:

Cenareo maintains a comprehensive vulnerability management program in order to identify, prioritize, and remediate vulnerabilities in network devices and software. This proactive approach minimizes the risk of attackers exploiting vulnerabilities to gain unauthorized access to customer data.

Network monitoring and recording:

We are constantly monitoring network activity for suspicious behavior and security incidents. Network logs are collected and analyzed to identify potential threats and to investigate unauthorized access attempts.

Separation of data

  • Separation of customers: we implement a logical and, if possible, physical separation of the customer data processing environment from other customer data. This separation minimizes the risk of unauthorized access or cross-contamination.
  • Separation of production and non-production: we logically separate production environments where customer data is processed from non-production environments such as development or testing. This ensures data integrity and prevents unauthorized access from non-production systems.

Encryption

  • Encryption of data at rest: All customer data in our systems is encrypted at rest using standard algorithms.
  • Encryption of data in transit: we use TLS/SSL encryption protocols to secure data transfers containing customer data on public networks. The data is thus protected against unauthorised interception during transmission.

Key management

We use robust key management procedures and processes, including:

  • Secure key generation and activation.
  • Defined key rotation schedules and expiration policies
  • Secure storage of encryption keys with restricted access controls.
  • Regular reviews and updates of key management practices

Destruction of data

Cenareo applies a standardized process for the secure destruction of old media containing customer data. This process includes physically destroying or securely overwriting data to ensure that it is unrecoverable. This process includes physically destroying or securely overwriting data to ensure that it is unrecoverable.

At the end of the term of the contract, we securely destroy customer data according to a documented procedure. This may involve the secure removal, overwriting, or physical destruction of media. ‍

Data loss prevention

Cenareo implements DLP solutions on endpoints, email servers, web proxies, and web services to detect and prevent potential customer data leaks. DLP solutions look for sensitive data models and enforce policies to limit unauthorized data exfiltration.

Besoin de nous joindre ?

Contactez nos équipes pour toute question sur ce sujet.

Contactez nous
Cenareo

Data Protection Policy

Text Link
Engage your audiences,
become a media.
AUDIENCES
CustomersEmployeesFlowsMarket
SOLUTIONS
Digital signageVideo
Business
CastingAboutContact us
resources
BlogInsightsCustomer storiesVideos
© CENAREO 2025, All rights reserved.
Help centerSupportLegalRGPDCybersecuritySite map
en