These general subscription conditions (the "GSC") apply in their entirety and constitute the essential and determining conditions of any subscription to the SSLOK solution (hereinafter the "SSLOK Solution") accessible at the URL https://SSLok.io (hereinafter the "Web Application") and on smartphone via the SSLOK web app (hereinafter the "Mobile Application") by any professional client located within the European Economic Area (hereinafter the "Client") with a view to subscribing to a subscription to the SSLOK Solution (hereinafter the "Subscription").
Registering on the Web Application and, a fortiori, checking the box "I accept the general conditions of service" implies unreserved acceptance of these General Subscription Conditions and the General Terms and conditions of Use which, together, prevail over all conditions and stipulations of the Client not expressly accepted in writing by SSLOK.
Abuse of service : Any act by a User, intentional or not, having an impact, of whatever magnitude and of whatever nature, on the normal functioning of SSLOK's services and the services provided by it to the Client and its other clients.
Anomaly : Means any malfunction, reproducible and repeated defect and/or non-conformity of the functionalities of the SSLOK Solution in relation to its intended purpose, which prevents the normal functioning of all or part of the SSLOK Solution or which causes an incorrect result or unsuitable processing while the SSLOK Solution is used in accordance with its intended purpose.
« Blocking Anomaly » means any Anomaly making it impossible to use all or part of the functionalities of the SSLOK Solution.
« Non-Blocking Anomaly » means any Anomaly that allows the full operation of the SSLOK Solution to continue in all its functionalities, even if this is done using an unusual procedure.
« Semi-Blocking Anomaly» means any Anomaly that only partially allows the use of the SSLOK Solution functionalities.
Contract : The following are enforceable under the services provided by SSLOK:
These General Conditions and their annexes,
The Special Conditions and in particular the General Conditions of Use
The Quote
The Purchase Order
Any document exchanged between the parties within the limit of only the documents established by SSLOK, offered to the Client, and bearing the mention “Document with contractual value”.
These documents are classified in the following hierarchical order: Estimate, Purchase order, Special conditions, General conditions and documents exchanged between the parties.
Only the Contract governs the relations between the Client and SSLOK.
Quote : Contractual document, signed by the Client, detailing the services chosen by the Client according to his needs and the specific terms of execution thereof. It may take the form of a purchase order.
Data : All information related to the SSLOK Solution, namely the data transmitted by Users (raw data) and processed by the SSLOK Solution (processed data). An integral part of this information is personal data as defined by Article 4 paragraph 1 of the GDPR.
Identifier : Codes, including the name or email address of the User and a password, necessary to access all the features of the SSLOK Solution. The Identifier is unique, personal and confidential. It is transmitted to the Client for as many Identifiers as there are Users. Any use of the Identifier is considered to be made by the Client. It is therefore the Client's responsibility to ensure the confidentiality of the Identifiers.
GDPR : Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation).
Users : Persons designated by the Client under its sole responsibility and having access to the SSLOK Solution via their Identifiers. Also considered as users are any employee, agent and subcontractor of the Client as well as any other person having, in any way whatsoever, the Client's access to the SSLOK Solution.
The Client acknowledges being informed that the equipment allowing access to the SSLOK Solution is not, by default, secure. As a result, the Client acknowledges having to equip its Users' equipment with an antivirus, a VPN and to protect it with a secure password, in accordance with the state of the art. Thus, any data breach resulting from the lack of security of the equipment will not constitute grounds for engaging SSLOK's liability; which the Client expressly accepts.
The Identifiers transmitted to the Client by SSLOK are unique, personal and confidential. Any connection via the Identifier is presumed to have been made by the Client. The Client undertakes, without delay, to notify SSLOK of any theft or breach of confidentiality of the Identifier at the address rgpd@SSLok.io .
The Customer is invited to create an account in the “I register” tab on the Web Application and to fill in the fields of the form (last name, first name, email address, password of 12 alphanumeric characters with uppercase, lowercase and special characters minimum).
In order to validate his registration, the Client must read and accept these General Terms and conditions of Use as well as SSLOK's confidentiality policy, then click on "Continue".
In order to finalize the creation of his account, the Customer must click on “Confirm my email address” in the activation email he received.
The Subscription is attached to a Customer with an SSLOK account and allowing them to import, order, monitor, manage, renew and automatically deploy their SSL/TLS digital certificates via the Web Application or the Mobile Application (hereinafter the “Licensee”).
To use the SSLOK solution, the Licensee must identify himself on the Web Application. In the event of a breach of personal data resulting from a failure to configure the password or an unsecured transmission of the latter to a third party, SSLOK cannot be held liable.
Being required to develop new functionalities to enhance the services offered to its Customers, SSLOK reserves the right to change them both in substance and form, at any time and without notice, without the Customer being able to object, it being understood that SSLOK undertakes to guarantee:
Compliance with the provisions set out in Article 2.6;
Maintaining the main functionalities of the service and/or those essential to the Client as mentioned by the Client;
Informing the Customer, by any written means and at their convenience, about service developments.
In general, SSLOK will endeavour to:
Develop the service in order to improve performance and service ergonomics;
Take into account feedback from the Customer on the service and its developments.
However, the Client may not blame SSLOK for not developing the service despite the communication of development requests.
SSLOK will provide its best efforts to enable the availability of the service 24 hours a day, 7 days a week, except in cases of force majeure as described in Article 7.3 hereof, events beyond SSLOK's control, possible breakdowns and interventions necessary for the proper functioning of the service and equipment.
SSLOK thus undertakes to implement the best means to guarantee the availability of the SSLOK Solution. However, SSLOK cannot be held responsible for disruptions, outages/Anomalies resulting from any event over which SSLOK does not, directly or indirectly, have control and which would affect in particular transmissions via the Internet network and more generally, via the communication network, whatever their importance and duration.
SSLOK reserves the right to close access to the SSLOK Solution in order to ensure maintenance of the hardware and software necessary for processing and hosting information. More generally, SSLOK reserves the right to interrupt access to the SSLOK Solution in order to ensure its security and integrity. To the extent possible, SSLOK informs the Client in advance of any interruption of access to the server, whether caused by it or of which it may be aware. SSLOK undertakes to make its best efforts to carry out preventive maintenance outside peak hours.
SSLOK undertakes, during the term of the Subscription, to ensure a minimum availability rate of 99.99% excluding periods of planned maintenance, technical interventions, due to the Customer or an unauthorized third party and/or periods of interventions under the conditions defined above. Under these conditions, and without its liability being incurred in this regard, SSLOK will make its best efforts to offer, at the request of the Customer and provided that the latter has formulated by any written means urgent needs related to its activity, a degraded mode operating solution.
3.1 The Customer has the choice between several Subscription offers detailed on the Web Application (“Prices”, “Dashboard”).
3.2 By default, any creation of a Client account results in the application of a free account, allowing you to discover the Client interface of the solution, and with limited functionalities.
3.3 The Customer may, at any time, choose a Subscription offer on the Web Application by selecting the offer of their choice, then entering their bank details. In order to validate the subscription to a paid offer, the Customer must click on "Validate payment". The subscription to the paid Subscription is firm and final for the Customer and for SSLOK from the date of receipt by SSLOK of payment for the initial Subscription period on the Web Application.
3.4 Upon receipt of payment by SSLOK, the Customer receives an email confirming the subscription to the Subscription and can use the offer immediately. The confirmation email contains the invoice for the Subscription.
4.1 The free account is subscribed for an indefinite period from the creation of the account by the Customer and ends either upon deletion of his account by the Customer on the Web Application, or on the date of subscription to a paid Subscription offer under the conditions provided for in article 3.3 .
4.2 The Paid Subscription is concluded for the duration of the Subscription offer chosen by the Customer on the Web Application, from the date of subscription to the offer on the Web Application under the conditions set out in Article 3.3. At the end of this period, the Subscription will then be tacitly renewed for successive periods of the same duration, unless terminated by either party by registered letter with acknowledgement of receipt and received by SSLOK at least one (1) calendar month before the end of the current period.
4.3 During a paid Subscription period, the Customer may subscribe to a higher Subscription offer under the conditions set out in Article 3.3. In this case, the new Subscription applies at the end of the current initial period.
5.1 The price of the Subscription is that of the offer subscribed to by the Customer on the Web Application.
5.2 The Subscription is billed according to the frequency mentioned when subscribing to the Subscription or when it changes as provided for in article 4.3, term to expire. In the event of modification of the Subscription, the new price is billed on the start date of the new Subscription period. Any Subscription started is due in full.
5.3 Invoices are payable, in euros, within a maximum period of thirty (30) days from the date of issue of the invoice, by bank card via the payment solution offered on the Web Application.
5.4 By express agreement, and unless a postponement is requested in time and granted by SSLOK in a specific and written manner, total or partial failure to pay on the due date any sum due under the contract will automatically result, without prior formal notice and without prejudice to any additional compensation due and justifiable:
The immediate payment of all sums remaining due by the Customer under the Contract, regardless of the method of payment provided;
Invoicing the Customer of late payment interest equal to the latest refinancing rate of the European Central Bank, published on the invoice date, increased by 10 points, the interest being due solely upon the expiry of the contractual term. The interest is calculated pro rata temporis over the period of one month.
Suspension of services provided.
In addition, in the event of late payment, the Customer is automatically liable for a fixed compensation for recovery costs in the amount of €40. These costs may be invoiced at actual cost upon presentation of supporting documents (e.g. bailiffs' fees, lawyers' fees, etc.). Any disagreement regarding invoicing must be justified by sending a registered letter with acknowledgement of receipt, within eight (8) days of the date of issue of the invoice. In the absence of this procedure, the Customer will be deemed to have accepted it.
In general, no payment may be subject to compensation, reduction (by applying penalties for example) or refusal at the initiative of the customer, particularly in the event of an allegation of non-compliance or poor performance without the prior written agreement of SSLOK, and without SSLOK having been able to verify the reality of the alleged grievance.
6.1 In addition to the right to terminate the Subscription by each party on each anniversary date of the Subscription as provided for in Article 4, the Subscription may be terminated automatically, without compensation, by each party in the event of:
Failure by the other party to fulfill one of its obligations under the Subscription, if the defaulting party has not remedied the failure within thirty (30) calendar days from the formal notice sent by the party initiating the termination, by registered letter with acknowledgment of receipt;
Safeguarding, recovery or liquidation proceedings and more generally concluding any amicable or legal plan with the creditors of the other party, ceasing activity, dissolution or amicable liquidation of the other party;
Force majeure, under the conditions of article 7.3.
Upon termination of the Subscription, and for whatever reason:
The Client undertakes to pay SSLOK any amount that remains owed to it;
The Client is informed that the SSLOK Solution will no longer be accessible to him.
Generally speaking, exercising this right of termination does not exempt the parties from fulfilling the obligations contracted up to the effective date of termination.
6.2 The Subscription is concluded intuitu personae by SSLOK and may not be assigned or transferred in any way whatsoever to a third party without the prior written consent of SSLOK.
SSLOK is only bound by an obligation of means in the execution of the services offered on the SSLOK Solution. SSLOK undertakes to make its best efforts to secure access to and use of the SSLOK Solution, and SSLOK is free to choose the most appropriate form and technical means to make all the functionalities of the SSLOK Solution available to the Client.
SSLOK shall not be held liable for external intrusions, the presence of computer viruses in the Client's computer system, any consequences of a total or partial alteration of the operation of the SSLOK Solution resulting from an Abuse of Service, or the non-functioning or slowness of the Client's telecommunications network. SSLOK shall not be liable for any defect or non-performance not resulting from its actions, in particular in the event of non-performance of its obligations by the Client. In particular, SSLOK shall not be held liable for data entered or imported by the Client into the SSLOK Solution or for access rights granted by the Client to users. The Client guarantees SSLOK against any conviction or transaction (civil, administrative or criminal) that would be pronounced against it in the context of legal actions having as cause or object any actions relating to the data entered or imported by the Client in the SSLOK Solution (texts, images, etc.), including in particular the lawyer's and expert fees and the costs and losses that could result for SSLOK. In any event, SSLOK's liability excludes in particular any indirect, consequential or immaterial damage, and including in particular any lost profit, loss, commercial prejudice, loss of turnover, loss of customers, loss of opportunity, and is, in any event, limited to the amount paid by the Client during the current contractual year.
The security measures implemented by SSLOK on the SSLOK Solution are described in SSLOK's commercial documentation and in the Privacy Policy.
The Customer undertakes not to communicate his username and password to a third party and declares and acknowledges that the Subscription is strictly personal. Failing this, SSLOK reserves the right to suspend or terminate the Subscription.
Use of the SSLOK Solution requires having a compatible computer, tablet or smartphone with a regularly updated operating system. The Customer is solely responsible for regularly updating the operating system of its computer equipment and for compliance with the provisions of Articles 2.1 to 2.3.
In general, SSLOK cannot be held responsible in the event of difficulties in accessing the SSLOK Solution for which the cause is not directly and exclusively attributable to it.
Unless proven otherwise by the Customer, any connection to the Web Application and the Mobile Application will be deemed to have been made by the Customer. Any loss, theft, misappropriation or unauthorized use of his email address or password and their consequences will be the sole responsibility of the Customer.
The Parties may not be considered in default with regard to the provisions of the Contract if the performance of their obligations, in whole or in part, is delayed or prevented as a result of a force majeure situation as defined by Article 1218 of the Civil Code.
In addition to the events usually considered by French case law in cases of force majeure, the obligations of the Parties will be automatically suspended in the event of events beyond their express control preventing the normal performance of this Contract, such as earthquakes, fire or flooding of the premises where the activity of either Party is carried out, storms, blockages of means of transport for any reason whatsoever, total or partial strikes, internal or external to the company, lockout of the company, total or partial, regional, national or international blockage of telecommunications and total or partial, regional, national or international blockage of computer networks.
The Party noting the event must immediately inform the other Party of its inability to perform its service and provide justification to the latter. The suspension of obligations may in no case be a cause of liability for non-performance of the obligation in question, nor lead to the payment of damages or late payment penalties.
However, as soon as the cause of the suspension of their mutual obligations disappears, the Parties will make every effort to resume the normal execution of their contractual obligations as quickly as possible.
However, in the event that the suspension of the obligations arising from the Contract proves to be for a period exceeding 3 (three) months, each of the Parties shall be entitled to terminate the Contract at any time, by registered letter with acknowledgement of receipt, from the expiry of this suspension period, without compensation from either party.
8.1 As part of the Contract, the Parties are required to process personal data of third parties, within the meaning of the GDPR. As such, and only for the services for which SSLOK is a subcontractor within the meaning of the GDPR, the Parties have organized their obligations and responsibilities in the Appendix "Subcontracting Agreement relating to the processing of personal data".
8.2 As part of the performance of its services, SSLOK is required to process the Client's personal data, as data controller, for the following purposes:
Registration management
Subscription management
Management of requests to exercise rights
Providing a newsletter
Securing our solution
All of our processing is based on the following legal basis: the Contract primarily and our legitimate interest occasionally. Therefore, the processing that SSLOK implements as data controller does not require obtaining your consent.
Your data is not sold, exchanged or transferred outside the European Union. It is kept for the duration of the processing and, in the absence of legal obligation or administrative interest, is immediately deleted upon expiry.
In accordance with the Data Protection Act No. 78-17 of 6 January 1978 as amended, Regulation (EU) 2016/679 and the Law for a Digital Republic of 7 October 2016, you have the right to access, rectify, limit, oppose, delete, the right to the portability of your data and to transmit instructions on their fate in the event of death.
You can exercise these rights by sending an email to rgpd@SSLok.io .
Finally, SSLOK undertakes to communicate, at the request of the Client, any documentation necessary to attest to its compliance with the GDPR and in particular:
The privacy policy relating to the management of its customers
The register of processing activities relating to its customers
SSLOK is expressly authorized to use the Client's name or any other distinctive sign belonging to it as a commercial reference, in particular in commercial presentations, intended for prospects or customers, in press releases indicating commercial references, on its website, on its company pages on social networks or in the context of the publication of testimonials.
SSLOK warrants that it has all rights to permit the use of the SSLOK Solution under the conditions set forth herein.
Subject to full compliance with the Contract, and in return for payment of the Subscription price, SSLOK grants the Client, for the entire duration of the Contract, a personal, non-exclusive, non-transferable, non-assignable and revocable right to use the SSLOK Solution for the purposes of access by users to the SSLOK Solution, for the entire world. The Contract does not grant the Client and users any title or ownership rights over the SSLOK Solution.
In the absence of express authorization from SSLOK, the Client shall refrain from, and shall ensure that Users refrain from, as a result of:
Reproduce, arrange, adapt, translate all or part of the SSLOK Solution;
Correct, or have corrected by a third party, any errors and/or bugs in the SSLOK Solution;
Carry out any form of commercial exploitation of the SSLOK Solution;
Modify or seek to circumvent any protection device of the SSLOK Solution;
Conduct research from the SSLOK Solution for the purpose of creating a derivative or competing work;
Assign, provide, lend, rent all or part of the SSLOK Solution, grant sublicenses or other usage rights, or more generally, communicate to a third party or an affiliated company all or part of the SSLOK Solution;
Integrate all or part of the SSLOK Solution into any computer system or other software solution;
Carry out the remote transmission of the SSLOK Solution, its networking, in particular on the Internet, or its distribution in any other form.
The Client undertakes to comply with the applicable regulations, in particular concerning the legality of content imported and/or exported from or to the SSLOK Solution. As such, SSLOK cannot be held liable in the event of non-compliance with this provision by the Client.
The Customer is informed that any violation of the preceding provisions is likely to result in the termination of the Subscription, without prejudice to the damages that SSLOK may claim, and, in addition, to be qualified as acts of counterfeiting, liable to civil and criminal prosecution.
When using the SSLOK Solution, the Client may share Content. To this end, the Client ensures that it has all rights, including intellectual property rights, to use all shared elements such as, but not limited to, brands, logos, photos, videos, texts, hyperlinks, etc.
The Client also guarantees to SSLOK that the shared elements are lawful under national, European and international law.
The Customer guarantees, at its own expense, the defense in any possible action brought against SSLOK to the extent that this arises from an allegation that an element shared by the Customer when using the SSLOK Solution could be qualified as counterfeit or an act of unfair competition or parasitism or denigration or defamation or false advertising or, in general, would engage the liability of SSLOK.
The Customer shall pay all costs (including expert and lawyers' fees within the limit of costs commonly incurred in such proceedings) and damages awarded against SSLOK without prejudice to the Customer's right to obtain compensation for the damage suffered from the Customer.
SSLOK acts as an independent Service Provider, thereby excluding any link of subordination between its employees and its Clients.
SSLOK remains the sole employer of its employees and ensures both their supervision and control, particularly in the management of working hours, leave and disciplinary law.
SSLOK undertakes, in this respect, to take personal responsibility for the obligations and formalities which may or may be incumbent upon it in terms of tax and social security and in this regard declares that it is fully in order.
Each Party declares that it is insured for its professional civil liability, with a notoriously solvent company, for all material and immaterial damage resulting from the execution of this Contract by its staff or collaborators and will provide the other Party, upon first request, with a certificate of insurance. Any insufficiency of cover will be the responsibility of the Party that is at the origin of it.
SSLOK certifies that it has taken precautions with the insurance company of its choice and declared the risks taken in connection with the collection and hosting of Data and the SSLOK Solution on OVHcloud servers.
13.1 The Annexes are an integral part of the Contract. In the event of a contradiction between one or more of the provisions of the Annexes and one or more of the provisions of the Contract, the provisions of the Contract shall prevail.
13.2 In the event of any difficulty of interpretation between the titles and the clauses hereof, the content of the clauses shall prevail.
13.3 The Contract, including its annexes, reflect all the commitments made by the Parties regarding the subject matter to which it relates. This Contract cancels and replaces all written and verbal provisions or agreements prior to its signature. Neither party may be held to any obligations other than those expressly agreed by the Contract.
13.4 The applicable GSC are those in force at the time of subscription to the Subscription.
13.5 SSLOK reserves the right to modify the GSC at any time. Any new version of the GSC will automatically replace the previous version and will apply to any renewal of the Subscription.
13.6 Any failure or delay in exercising any right by either Party shall not be construed as a waiver of any right.
13.7 If any provision of the Contract is void in whole or in part, under a rule of law or a law in force, it will be deemed unwritten but will not result in the nullity of the Contract or that of a partially concerned clause.
13.8 The provisions of Articles 7, 8, 9, 10, 11, 12 and 14 hereof shall remain in force notwithstanding the termination or early cessation of the Contract, whatever the cause and date.
The GSC, the Subscription and, in general, the commercial relations between the parties are governed by French law. In the absence of an amicable resolution of the dispute, any dispute relating to the GSC, the Subscription and the relations between SSLOK and the Customer, will be subject to the exclusive jurisdiction of the competent courts of Nantes, including in the event of summary proceedings, injunctions on application, multiple defendants, incidental claims or third-party claims.
Between :
Company , operating under the trade name SSLOK , a simplified joint stock company with capital of 1,000.00 euros, registered with the RCS of Rennes under number 949 833 313 and established at 90 Bis rue de Fougères 35700 RENNES.
Hereinafter referred to as « the Subcontractor »
And :
The Client
Hereinafter referred to as « The Data Controller »
Hereinafter, together referred to as « the Parties »
1. The Data Controller and the Subcontractor have entered into one or more contracts for the provision of services as provided for herein. Since the performance of the service is conditional on the processing of personal data by the Subcontractor on behalf of the Data Controller, the Parties have decided to enter into an agreement on this subcontracting in accordance with Article 28 §3 of the General Data Protection Regulation (hereinafter “GDPR”).
2. The purpose of this agreement is to define the conditions under which the Subcontractor will implement the processing of personal data on behalf of the Data Controller.
3. Thus, the Parties undertake to comply with the provisions of the GDPR in its current and future state, as well as any special regulations which may clarify, interpret or replace these regulations.
4. This agreement forms an integral part of the contract(s) concluded between the Parties to which it would be annexed.
The definitions of the terms and concepts mentioned in this agreement find their substance in the regulations on the protection of personal data and have the same meaning.
« Issuing Party” means the Party submitting this Agreement.
« Receiving Party” means the Party that has acknowledged receipt of this Agreement by the Issuing Party.
« Institutional site” means the site accessible at the following address: https://SSLok.io.
1. This Agreement and its Annexes constitute the Parties' agreement regarding the Subcontracting of Data. It prevails over any previously concluded agreement which it therefore renders non-binding.
2. This Agreement and its Annexes are interdependent and form a coherent and inseparable whole. However, in the event of any discrepancy between this Agreement and the various Annexes, an order of priority between these documents is defined as follows:
a. The Data Processing Agreements b. Appendix 1: Register of processing activities c. Annex 2: Technical and organizational measures d. Annex 3: Means of communication between the Parties
3. By its intuitu personae character, any modification of this agreement depends on the expression of the common will of the Parties and must, consequently, be approved and signed by them.
1. The duration of this agreement depends on that provided for in the General Terms and conditions of Use.
2. Termination of the GSC will also result in termination of this Agreement to which it is attached.
3. In addition, any breach of this Agreement or failure by either Party to comply with it may result in termination of the GSC without notice.
4. The Parties acknowledge that termination of this Agreement, at any time and for any reason, does not exempt them from their obligations relating to the processing of personal data.
1. The Data Controller authorizes the Subcontractor to process the personal data necessary for the provision of the service(s) provided for in the General Terms and conditions of Use.
2. The Data Controller undertakes to communicate to the Subcontractor all the information necessary for the Subcontractor to carry out the principal.
3. The operations carried out on personal data are explained in the register of processing carried out by the Subcontractor on behalf of the Data Controller. The conditions for communicating said register are provided for in Appendix 1 and subject to the confidentiality of the Data Controller as provided for in Article XIV § 4 hereof.
1. The data entrusted to the Subcontractor by the Data Controller will only be processed in a Member State of the European Union or in the territory of the European Economic Area (EEA);
2. If the Subcontractor plans to implement a transfer of data outside the European Union or the territory of the European Economic Area, the latter shall inform the Data Controller at least 30 days before its implementation;
3. This transfer will be permitted provided that it meets the requirements of Articles 44 to 50 of the GDPR and that the Data Controller has expressly authorized it in writing;
4. In any event, such a transfer cannot be envisaged in the absence of standard contractual clauses for the protection of personal data concluded between the Data Controller and the data importer established in a third country;
5. By this agreement, the Data Controller as data exporter, explicitly mandates the Subcontractor to sign, in its name and on its behalf, the standard contractual clauses published by the European Commission with the data importer acting as subsequent Subcontractor.
1. The Subcontractor shall take appropriate technical and organizational measures to ensure a level of security appropriate to the risk as determined by the Data Controller and shall maintain these measures throughout the duration of the contract.
2. The technical and organizational measures must comply with the state of the art and technical developments. The Subcontractor may therefore take appropriate alternative measures. The security level of these measures must not be lower than that of the technical and organizational measures. Any substantial modification must be documented.
1. The Subcontractor processes the data, for the sole purpose(s) of the Subcontracting;
2. The Subcontractor is limited to following the instructions documented by the Data Controller, subject to immediately alerting it in the event of instructions that do not comply with the regulations and/or in the event of security measures that seem more appropriate to it in the context of the services provided for in the main contract. The Subcontractor may be held liable if he could not be unaware of the existence of more appropriate security measures and has not expressly and promptly informed the Data Controller thereof;
3. The Subcontractor guarantees the confidentiality of the data entrusted to it by:
a. Providing access to this data only to those who need to know; b. Subjecting these individuals to a confidentiality agreement with penalties for violation; c. Training staff members who have access to the Data Controller’s data on the protection of personal data.
4. The Subcontractor undertakes to use tools compatible with the principles of data protection from design and by default;
5. The Subcontractor does not make any copies of the documents and information media entrusted to it, with the exception of those necessary for the performance of this service provided for in the contract; the prior agreement of the file owner is necessary;
6. The Subcontractor does not disclose these documents or information to third parties, whether private or public, natural or legal persons.
7. The Subcontractor undertakes to:
a. Notify any incident concerning personal data entrusted by the Data Controller as soon as possible after becoming aware of it. b. Promptly investigate any Personal Data breach in order to remedy such breach c. Inform the Data Controller, as soon as possible, of the corrective measures put in place to remedy this d. Provide the Data Controller with any documentation enabling it, if necessary, to notify this violation to the competent supervisory authority.
8. The Subcontractor undertakes to guarantee and maintain a level of security and confidentiality appropriate to the types of data entrusted to it by the Data Controller.
1. The Data Controller accept that the Subcontractor may call upon subsequent subcontractors acting in its name and on its behalf, in order to assist it in the processing operations of Personal Data of the Data Controller and his Customers.
2. Nevertheless the Subcontractor brings and documents all necessary precautions in choosing its subcontractors, to whom the said Personal Data is entrusted and informs the Data Controller of any planned change regarding the addition or replacement of a subsequent sub-processor by any written means at its convenience.
3. The Data Controller may object to such an addition or replacement by notifying to the subcontractor in writing in the 30 days following receipt of the notice of addition or replacement sent by the Subcontractor.
4. The Data Controller recognizes And accepted that the absence of objection within the aforementioned period equivalent to an acceptance of its part of a new subsequent subcontractor. In the event that the Data Controller objects to the appointment of a subsequent subcontractor, the Parties agree that either may terminate the contract provided that they have not been able to agree on the designation of another subsequent subcontractor.
5. The Subcontractor concludes a contract, with any subsequent subcontractor, containing the same obligations as those set out in this agreement, in particular by requiring the subsequent subcontractor not to process the Personal Data of the Data Controller and of his Customers only in accordance with instructions documented of the Subcontractor.
6. The Subcontractor communicates any information allowing to justify the implementation of such obligations as well as the documented instructions communicated to the subsequent Subcontractor.
7. It is the responsibility of the initial Subcontractor to ensure the compliance of its subsequent subcontractors with data protection regulations and with this agreement.
8. The Subcontractor remains fully responsible towards of the Data Controller for any processing carried out by the subsequent subcontractor in violation of the obligations of this contract.
1. The Subcontractor declares that it keeps a record of all categories of processing activities carried out on behalf of the Data Controller, including:
a. The name and contact details of the representative of the Data Controller and subsequent Sub-processors as well as those of their possible data protection officer and, where applicable, the names and contact details of its data protection officer; b. The categories of processing carried out on behalf of the Data Controller; c. Where applicable, transfers of personal data to a third country or an international organisation, including the identification of that third country or international organisation and, in the case of transfers referred to in the second subparagraph of Article 49(1) of Regulation (EU) 2016/679, the documents attesting to the existence of appropriate safeguards; d. Where possible, a general description of the technical and organisational security measures referred to in Article 32(1) of Regulation (EU) 2016/679.
2. The Subcontractor undertakes to inform the Data Controller in the event of a substantial change in the processing activities carried out on behalf of the Data Controller.
3. The Subcontractor, at the request of the Data Controller, undertakes to provide it with all necessary information enabling it, in turn, to inform Users about the automated processing activities and the methods for carrying out the latter.
4. The Subcontractor also undertakes to communicate to the Data Controller any document enabling it to attest to its compliance with this agreement.
2. The Subcontractor will, where necessary, assist the Data Controller in fulfilling its obligation to respond to requests to exercise the rights of data subjects provided for in Articles 12 to 22 of the GDPR.
3. The Subcontractor never responds on behalf of the Data Controller to requests for exercise addressed to it directly. In the event that the Subcontractor should be the recipient of such a request, it shall forward it to the Data Controller as soon as possible so that the latter can determine the follow-up to be given to it;
The specific services ordered from the Subcontractor by the Data Controller as part of its GDPR compliance obligations, requiring the performance of additional services by the Subcontractor, will be subject to pricing under the conditions applicable on the date of the request.
The Subcontractor undertakes to assist the Data Controller in its process of carrying out a privacy impact analysis, within the limits of the subcontracting service and the information available to the Subcontractor. This assistance must be reasonable and will be subject to pricing under the conditions applicable on the date of the request.
1. Where the Subcontractor is not subject to an obligation to appoint a data protection officer, the latter shall appoint a person in charge of these matters within its establishment.
2. This person will be a privileged contact for the Data Controller.
1. If the Data Controller considers it necessary to carry out an audit to verify the Subcontractor's compliance with the regulations and this agreement, the Subcontractor agrees to submit to it under the following conditions:
a. If the Data Controller considers that the documentation provided by the Subcontractor does not enable it to demonstrate compliance with the regulations, the Data Controller will make a request for an on-site audit, justified and documented, by registered letter with acknowledgment of receipt; b. The audit must be carried out by an independent auditor, of well-known reputation, not competing with the commercial activities of the subcontractor. This independent auditor is chosen by the Data Controller and accepted by the Subcontractor . He must have the required professional qualifications and is subject to a confidentiality agreement; c. The Parties acknowledge that any report and information obtained as part of this audit is confidential information; d. The start date of the audit, the duration and the scope of the audit are defined by mutual agreement by the Parties with a minimum notice of 30 working days; e. The Data Controller shall bear the audit costs and reimburse the Subcontractor all costs incurred for this purpose, in particular the time spent on the audit based on the average hourly rate of the Subcontractor's staff having collaborated on the audit. f. The audit may only be carried out during the Subcontractor's opening hours; g. The audit does not include access to information that is not linked to the processing carried out in accordance with this contract, nor physical access to the servers on which the data is hosted and/or saved.
2. The Data Controller will notify the Subcontractor as soon as possible of any information relating to potential non-compliance discovered during the Audit.
3. In the event of potential non-compliance, the Subcontractor undertakes to make best efforts to remedy it.
4. The Data Controller undertakes to support the Subcontractor in resolving any non-conformities identified and may not terminate the contract without 30 days' notice.
1. The Data Controller remains exclusively responsible for compliance with his own legal and regulatory obligations regarding the processing of Personal Data.
2. The Data Controller undertakes to:
a. Document in writing any instructions regarding the processing of data by the Subcontractor. b. Inform the Subcontractor as soon as possible of any error or irregularity of which it becomes aware relating to the instructions given by it to the Subcontractor.
3. The Data Controller undertakes to alert the Subcontractor without delay, in the event of any change in its requests, resulting in or likely to result in a change in the status of the Subcontractor with regard to the regulations.
4. The Data Controller undertakes to ensure the confidentiality of all documentation provided by the Subcontractor under its right to information, with the exception of documents freely accessible on the Subcontractor's institutional Site.
5. More specifically, and concerning the recording functionalities, the Data Controller is informed that specific conditions must be respected before the implementation of this processing. Indeed, the Subcontractor reminds the Data Controller that the implementation of such processing is likely to constitute behavioral profiling of Users. Thus, the Data Controller must in particular:
- Document, in a dedicated processing sheet, the implementation of this system and more particularly the legal basis enabling its implementation;
- Ensure that the implementation of the processing does not constitute a disproportionate impact on the rights and freedoms of Users.
The Subcontractor having previously informed the Data Controller of the risks regarding the implementation thereof, the latter acknowledges being solely responsible for the implementation of such processing.
1. The following provisions concern the contractual relations between the Processor and the Data Controller. They do not preclude the provisions of Article 82 of the GDPR giving the right to compensation to data subjects.
2. The Subcontractor may be held liable for any failure to comply with any of its obligations under this agreement.
3. It is understood that the Subcontractor cannot be held responsible for decisions taken by the Data Controller as data controller. treatment.
4. The amount of compensation to be paid by the Subcontractor may not exceed the sums actually received by it under the main contract(s) within the limit of the Price of an annual subscription.
1. The Subcontractor undertakes, at the end of the principal, to return all information, data, documents and files entrusted by the Data Controller.
2. At the request of the Data Controller, the Subcontractor undertakes to ensure the portability of the data entrusted by the Data Controller to the service provider designated by the Data Controller.
3. After this restitution, the Subcontractor undertakes to destroy all personal data and all existing copies in accordance with the instructions of the Data Controller. This destruction must be the subject of written justification by the Subcontractor.
The specific services ordered from the Subcontractor by the Data Controller as part of its GDPR compliance obligations, requiring the performance of additional services by the Subcontractor, will be subject to pricing under the conditions applicable on the date of the request.
The Party receiving this Agreement undertakes not to reproduce it within the framework of its own contractual relations.
Any reproduction of this agreement for this purpose will be subject to prosecution for parasitism on the basis of Articles 1240 and 1241 of the Civil Code.
1. The invalidity of a provision of this Agreement shall not affect the other provisions thereof. The Parties undertake to replace the inapplicable provision with a legal provision that would pursue the same objective as the one deemed invalid.
2. In the event of any conflict between this Agreement and other agreements between the Parties, this Agreement shall prevail.
3. In the event of any difficulty in interpretation between the headings and the clauses of this Agreement, the content of the clauses shall prevail.
4. Any accessory modification, amendment and addition to this agreement will be made in writing.
5. This Agreement is governed by the GDPR and by French law in the context of its execution.
At the request of the Data Controller and subject to the prior conclusion of the General Terms and conditions of Use, the Subcontractor undertakes to send it the register of processing carried out within the framework of the subcontracting service.
The Subcontractor has implemented a data backup system that complies with the state of the art in terms of design, means, organization and technologies to guarantee the confidentiality, availability and integrity of the files and data entrusted to it as well as the optimal and continuous operation of said system.
The Subcontractor, at the request of the Data Controller, sends it the documentation necessary for a full understanding of the technical and organizational measures deployed within the framework of the service.
The documented instructions of the Data Controller will be communicated electronically to the following email address: contact@SSLok.io.
2.Data Protection Officer of the Data Controller (or responsible party)The Data Controller undertakes, upon conclusion of the Contract, to transmit to the Subcontractor the contact details of the person responsible for data protection in its structure.
3.Data Protection Officer of the Subcontractor (or responsible person)You can contact the Data Protection Officer at: rgpd@SSLok.io.