DATA PROCESSING AGREEMENT (DPA)
Personal data: any information relating to an identified or identifiable natural person (hereinafter referred to as "data subject"); an "identifiable natural person" is one who can be identified, directly or indirectly, in particular by reference to an identifier, such as a name, an identification number, a location data, an online identifier, or to one or more factors specific to his physical, physiological, genetic, mental, economic, cultural or social identity
Processing: Any operation or set of operations that may or may not be performed upon personal data or sets of personal data, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
File: Any structured set of personal data accessible according to determined criteria, whether this set is centralized, decentralized or distributed in a functional or geographical manner.
Data controller: The natural or legal person, public authority, department or other body which, alone or jointly with others, determines the purposes and means of the processing.
Processor: The natural or legal person, public authority, department or other body which processes personal data on behalf of the controller.
Recipient: The natural or legal person, public authority, department or other body that receives personal data, whether or not it is a third party.
ARTICLE 1. PROCESSING OF DATA COLLECTED BY SEMIOLOGIC
The person in charge of the treatment is SEMIOLOGIC, 67 cours Mirabeau - 13100 Aix en Provence represented by Mr. David DJIAN.
In accordance with its obligation of security, SEMIOLOGIC is committed to ensure the confidentiality of the personal data. SEMIOLOGIC implements the technical means to ensure this security and to avoid any destruction, any detour, any theft or any consultation by a third party of the personal data.
The Editor is informed that SEMIOLOGIC, as the person in charge of processing, implements personal data processing concerning the interlocutors, physical persons within the Editor.
The Editor is informed, on any form of collection of personal data, of the obligatory or optional character of the answers by the presence of an asterisk (*). If you do not provide the required information, your request will not be processed.
The data collected are the names and surnames, contact details of the interlocutors - contacts within the Editor. The legal basis of the treatment is the contract.
In order to ensure the payment of our services, the banking data relating to the means of payment used by the Editor are collected. The legal basis of the processing is the contract.
The email address is collected in order to send you newsletters and promotional offers.
The personal data are hosted in France.
The recipients of the personal data are SEMIOLOGIC, and its subcontractors: host, accountant, banking provider, lawyer, auditor.
The natural persons who are interlocutors or users within the Editor whose personal data are treated by SEMIOLOGIC have a right of access to the data concerning them, the right to see their data rectified, completed, updated, locked or erased, on request and in the respect of the legal conditions.
They also have the right to limit their personal data, to portability as well as the right to define their directives as to the fate of their personal data in case of death (conservation, deletion, communication of their personal data).
They also have the right to object on legitimate grounds and/or to withdraw their consent at any time without affecting the lawfulness of the processing based on the consent given prior to the withdrawal of consent.
To exercise any of these rights, the individuals concerned may send their request to:
SEMIOLOGIC will send an answer within ONE (1) month from the date of receipt of the request. This period may be extended by TWO (2) months due to the complexity and number of requests. SEMIOLOGIC will inform the concerned person within ONE (1) month after receipt of the request.
In case of unsatisfactory answer, the concerned person has the right to introduce a complaint to the CNIL, competent control authority (www.cnil.fr).
Concerning the commercial mails/newsletters, the unsubscription is possible at any time by clicking on the hypertext link available in each of the mails sent by SEMIOLOGIC.
The data concerning the sending of promotional mails are kept for a duration of THREE (3) years as from your last activity on the web site of SEMIOLOGIC including the sending of an e-mail.
The data are kept during the duration of the contract and are then, the object of an intermediate filing between 5 and 10 years in order to answer the accounting and tax obligations (article L.123-22 paragraph 2 of the commercial code) or legal such as the 5 years deadline which is the limitation period applicable to the personal or movable actions (article 2224 of the civil code) of
In case of legal proceedings, the personal data concerning SEMIOLOGIC will be kept in order to allow SEMIOLOGIC to ensure its defense or to allow it to establish facts if SEMIOLOGIC is in demand.
ARTICLE 2. PROCESSING OF PERSONAL DATA BY SEMIOLOGIC AS A SUBCONTRACTOR
2.1. Quality of subcontractor of SEMIOLOGIC
Within the framework of these general conditions of sale, SEMIOLOGIC, the subcontractor (defined as data processing subcontractor in the sense of the legislation/regulation referred to below), carries out, on behalf of the Editor (defined as data controller in the sense of the legislation/regulation referred to below), the operations of personal data processing defined hereafter
In accordance with article 35 of the law n° 78-17 of January 6, 1978 known as "Data-processing and Freedoms" law, SEMIOLOGIC is a subcontractor of the Editor and can intervene on the data only on instructions of the Editor, responsible for the treatment.
In the sense of this Appendix, the Editor is the "Data controller" and SEMIOLOGIC is the "Data processor".
2.2. Description of the processing being outsourced
SEMIOLOGIC is authorized to process the personal data of the Editor and the Users within the framework of this contract.
Type of data
Email addresses, usernames, avatar image, company titles and other specific data entered by the controller into the processor platform
Group of people involved
Subscribers to the chat solution, customers and clients, and the controller's staff and business partners
Extent, type and purpose of collection, processing or use of data
Service contract for the discussion system solution and associated services
2.3. Obligations of the subcontractor (SEMIOLOGIC)
2.3.1. SEMIOLOGIC is committed to:
The Editor is informed that SEMIOLOGIC uses subcontractors to offer its Solution. The subcontractors concerned are:
SEMIOLOGIC may use another subcontractor to carry out specific processing activities. In this case, SEMIOLOGIC will inform the Editor in advance and in writing of any contemplated changes regarding the addition or replacement of other subcontractors. This information must clearly indicate the subcontracted processing activities, the identity and contact information of the subcontractor and the dates of the subcontract. Editor shall have FIFTEEN (15) days from the date of receipt of such information to submit its objections. Such subcontracting may only be performed if the Contractor has not objected within such period.
In any event, any subsequent subcontractor is obligated to fulfill the obligations of the contract and this schedule on behalf of the Editor. It is the responsibility of SEMIOLOGIC to ensure that the subsequent subcontractor presents the same sufficient guarantees regarding the implementation of appropriate technical and organizational measures so that the processing meets the requirements of the European Data Protection Regulation. If the subsequent processor does not fulfill its data protection obligations, SEMIOLOGIC remains fully responsible for the other processor's performance of its obligations.
2.3.3. Support from SEMIOLOGIC
SEMIOLOGIC will assist the Editor, to the extent practicable, in fulfilling its obligation to respond to any requests received from data subjects to exercise their rights or from the competent supervisory authority within a reasonable time. It is specified that it is the responsibility of the Editor to provide information to the data subjects at the time of collection of the data.
In the event that SEMIOLOGIC receives a request to exercise its rights, SEMIOLOGIC undertakes to communicate this request to the Customer within a maximum of 48 hours.
SEMIOLOGIC will assist the Editor to guarantee the respect of:
2.3.4. Personal data breach notification (security breach)
SEMIOLOGIC notifies the Editor of any personal data violation within a maximum of 72 hours after having become aware of it and by the following means: electronic mail.
This notification is accompanied by any useful documentation in order to allow the Editor, if necessary, to notify this violation to the CNIL.
2.3.5. Security measures implemented by SEMIOLOGIC
SEMIOLOGIC implements the following measures:
Basic security actions are carried out such as:
2.3.6. Data Fate
At the end of the service, SEMIOLOGIC commits itself to anonymize the personal data without delay at the end of the contract, except for legal provisions imposing SEMIOLOGIC to keep the data.
2.3.7. Keeping a record of activities
SEMIOLOGIC has an updated activity register concerning its subcontracting activity.
2.3.8. Obligations of the data controller (the Editor)
The Editor undertakes to:
For the purpose of conducting an audit. It is expressly provided that the audit may be carried out once per contractual year.
This audit may be carried out by the Editor or a third party of its choice provided that this third party is not in competition with the activities carried out by SEMIOLOGIC.
The third party will have to sign, beforehand, a confidentiality agreement which will be written and transmitted by SEMIOLOGIC.
The costs related to this audit will be taken in charge by the Editor. These expenses include the provision of the necessary personnel of SEMIOLOGIC to carry out the audit. An invoice
The Editor must inform SEMIOLOGIC of his intention to carry out an audit at least FIFTEEN (15) days before the desired audit date. The audit will take place during normal business hours.