Terms and Conditions
This document constitutes a Software License Agreement (hereinafter referred to as the “Agreement”) granted by Float ApS, CVR-number 42703613, represented by Christian Endresen, as Director, duly authorized for that purpose (hereinafter referred to as "Float" or the "PROVIDER") to any natural or legal person wishing to use the Software (hereinafter referred to as the “CLIENT” or “You”), collectively referred to as “the Parties” or individually as “Party”.
The CLIENT is informed that the use of the Software is conditional upon acceptance of this Software License Agreement which contains all necessary and useful information to enable the CLIENT to commit in full knowledge of the facts. Accordingly, the mere use of the Software constitutes acceptance by the CLIENT of the entirety of the terms and conditions of this Agreement.
Float is a software publisher that develops proprietary solutions whose licenses are marketed to its customers in the form of Software as a Service (hereinafter "SaaS"), which refers to the way in which the functionalities of a software solution are made available remotely, using Internet technologies and accessible via the Internet network. Float has developed a software for e-commerce merchants, focused on return order dynamics. Float has also developed a custom app for Shopify integration purposes. All together hereinafter the "Software".
HAVING REGARD TO THE AFORESAID, IT IS AGREED AS FOLLOWS:
ARTICLE 1 – DEFINITIONS
"Authorized Use": refers to the authorized use of the License by the CLIENT as defined in section 5 of the Agreement.
"Data": refers to all information created, acquired, aggregated, or archived by or for the CLIENT, including personal data processed via the Software, as well as the results of processing carried out on the basis of such data via the said Software. The Data also refers to the data communicated by the CLIENT relating to its activities, know-how, etc. These data are confidential and are the exclusive property of the CLIENT for the data concerning him.
"License": refers to the license as described in section 5 of the Agreement.
"Object Code": refers to the series of machine-readable instructions (executable program) that are intended to be directly executed by a computer after appropriate processing and linking but without the compilation or assembly steps.
“Support Assistance”: refers to the support provided by the PROVIDER team with commercially reasonable efforts. This technical assistance is provided through email or via phone.
"Software" means the Software described in the Preamble of this Agreement, including all new versions, updates and modifications that may be developed after the date of accepting the Agreement. By new versions and updates, we mean any improvements or evolutions of the existing functionalities of the Software, any corrections made to the Software. Software is accessible through a dashboard and through integrations with third parties.
"Source Code": includes for the Software (i) a complete presentation of operations and instructions, expressed in an advanced language that is understandable to a computer professional, (ii) the procedures and methods used to achieve this result and (iii) all the technical documentation.
ARTICLE 2 - CONTRACTUAL DOCUMENTS
The rights and obligations of the Parties relating to the subject matter hereof shall be governed by the provisions of the Agreement, which shall include the body of this Agreement, as well as the schedules hereafter listed.
The body of the Agreement should prevail over the others. Any modification of the Agreement shall be the subject of a written amendment agreed by mutual agreement between the Parties.
The Agreement expresses the entire agreement of the Parties as to its purpose. It replaces any previous agreements, declaration, negotiation, commitment, communication, oral or written, or any general conditions of the CLIENT or the PROVIDER, regardless of the time and/or medium of their communication.
ARTICLE 3 – PURPOSE
The purpose of the Agreement is to specify the terms and conditions under which the PROVIDER makes available to the CLIENT a License to use the Software.
ARTICLE 4 – DURATION
The Agreement takes effect upon the acceptation date of the terms and conditions provided herein for a term of 1 (one) month or 12 (twelve) months according to the terms set forth in Appendix 1.
At the end of the term, the Agreement may be tacitly renewed for successive period of 1 (one) month, for the 1-month Agreement, or 12 (twelve) months for the 12-month Agreement (“Renewal Subscription Period”), unless one of the Parties terminates the Agreement by email sent to the other Party at least 15 (fifteen) days before the end of the term, for the 1-month Agreement, or three (3) months before the term of the 1 (one) year Agreement.
ARTICLE 5 - USER LICENSE
In exchange for payment of the license fees the PROVIDER grants the CLIENT the non-exclusive and non-transferable right to use the Software, during the term of this Agreement. To this end, the PROVIDER provides the CLIENT with a license to use the Software, in SaaS mode, 24 hours a day, 7 days a week, subject to interruptions for maintenance reasons planned outside the CLIENT's usual working hours or interruptions due to a failure external to the PROVIDER, for the duration of the Agreement in return for the payment of the financial conditions as determined in Appendix 1. The Software remains on the PROVIDER’s infrastructure. Thus, the latter does not, under any circumstances, give a copy of the Software, in any form or on any medium whatsoever, to the CLIENT. Appendix 1 describes the price evolution by number of orders. Thus, the PROVIDER will apply the price corresponding to the chosen option during the Subscription Process.
In this respect, the CLIENT agrees to:
use the solution only for the strict needs of its activity. The CLIENT shall take the necessary measures to ensure that users comply with the Authorized Use;
not to modify, transfer, or distribute the license and not to correct any Error by itself, to disassemble, compile, decompile, reverse engineer, or translate the Software, to use any of the components of the Software and/or any of the elements relating to this license separately from the Software, or to assign or sublicense the Software;
copy the license only for the purpose of loading, displaying, executing, storing.
ARTICLE 6 - OBLIGATIONS OF THE PARTIES
6.1. OBLIGATIONS OF THE PROVIDER
The PROVIDER agrees to:
make the Software available according to the terms and conditions agreed between the Parties;
report to the CLIENT all elements or events of which it has become aware, and which could compromise the proper performance of the services covered by the Agreement.
maintain the Software to ensure its proper functioning, without taking any commitment on any level of service
6.2. CLIENT COOPERATION
The CLIENT agrees to cooperate loyally and actively with the PROVIDER and in particular to provide or facilitate the consultation of all the elements or documents that will be necessary for the performance of its services under the Agreement. The CLIENT agrees to pay the corresponding monthly or annual fees, of the license in accordance with the provisions of Appendix 1.
ARTICLE 7 - ASSISTANCE
The technical assistance is provided through email or phone call. The technical assistance is not intended to replace the installation services (for example: module activation, configuration workshop, etc.), training or advice of users or the CLIENT, which could be the subject of separate services and agreements, under a separate implementation and training service contract from this Agreement.
Any Error noted by the CLIENT, and which would affect the Software will be notified in writing to the PROVIDER.
ARTICLE 8 - INTELLECTUAL PROPERTY
The PROVIDER is the owner of all intellectual property rights relating to the Software and the accompanying documentation as well as all their updates, old, current, and future versions, and all developments carried out by the PROVIDER. Under no circumstances shall these rights be transferred to the CLIENT as a result of this Agreement. The CLIENT shall refrain from infringing in any way whatsoever the PROVIDER's intellectual property rights over the Software.
The CLIENT is expressly prohibited from using or using the Software in a manner that does not comply with this Agreement. In particular, it is prohibited to:
any reproduction of the Software in any form and on any type of medium whatsoever, in particular by modification, merging or inclusion in another software and/or modification of the accompanying documentation;
any reproduction other than a backup copy, it being specified that the backup copies are the PROVIDER's property;
any modification of the Software;
any representation of the Software on any type of medium whatsoever;
any provision of the Software in whole or in part and by any means, rental, transfer, etc;
any disclosure, marketing, or use of the Software for the benefit of third parties as well as any training of third parties in the use of all or part of the Software;
any decompilation of the Software, subject to applicable legal provisions;
any modification or intervention in the Software, whatever its nature, including for the purpose of correcting errors likely to affect the functioning of the Software, insofar as the right to correct such errors is reserved solely to the PROVIDER.
In general, the PROVIDER guarantees the CLIENT the peaceful enjoyment of the rights granted to him by the PROVIDER under the Agreement.
The PROVIDER agrees to guarantee the CLIENT against any action or claim on the basis of counterfeiting tending to restrict or prohibit the use of the Software that the PROVIDER will be required to provide to the CLIENT under the Agreement.
The above provisions are subject to the following express conditions:
that the CLIENT has notified the PROVIDER, within a reasonable time, of the action or claim or declaration that preceded the dispute;
that the PROVIDER has been able to defend freely and at his own expense the defence of his own interests as well as those of the CLIENT, and that, to this end, the latter has loyally collaborated in the said defence by providing, in due time, all the elements, information and assistance reasonably necessary to carry out such defence.
In the event that the prohibition of use of all or part of the Software that the PROVIDER is required to provide to the CLIENT under the Agreement is imposed as a result of any action, in particular for infringement, or results from a transaction signed with the plaintiff in such action, the PROVIDER shall endeavor, at its option and at its expense, to replace the latter at the latest within a period of 3 (three) months in order to avoid any risk of infringement, unfair competition or parasitical acts.
The CLIENT guarantees the PROVIDER (i) against any action for infringement relating to the elements placed at its disposal by the CLIENT (ii) that it has obtained from third parties all the necessary authorizations allowing the PROVIDER to use the elements provided by third parties, placed at the PROVIDER's disposal by the CLIENT. In this respect, the CLIENT shall bear all damages to which the PROVIDER may be condemned by a court decision that has become final and based on an action for infringement, an action for unfair competition and/or parasitic acts and/or a failure to obtain the authorizations required from third parties by the CLIENT, tending to restrict or prohibit the use of the elements of which the CLIENT and the author or subject to authorization required from third parties, made available to the PROVIDER.
EXCEPT TO THE PREVISOUS PROVISONS IN RELATION TO INTELLECTUAL PROPERTY, THE SOFTWARE IS PROVIDED ON AN “AS IS” AND “AS AVAILABLE” BASIS WITHOUT ANY REPRESENTATIONS, WARRANTIES, COVENANTS, OR CONDITIONS OF ANY KIND (EXPRESS OR IMPLIED, STATUTORY OR OTHERWISE), INCLUDING, BUT NOT LIMITED TO, WARRANTIES OF MERCHANTABILITY, TITLE, FITNESS FOR A PARTICULAR PURPOSE, OR NONINFRINGEMENT. FURTHER, EXCEPT FOR THE SUPPORT ASSISTANCE, THE PROVIDER DOES NOT REPRESENT OR WARRANT THAT (A) THE ACCESS TO OR USE OF THE SOFTWARE WILL BE SECURE, TIMELY, UNINTERRUPTED, ERROR-FREE, OR OPERATE IN COMBINATION WITH ANY OTHER HARDWARE, SOFTWARE, SYSTEM, OR DATA, (B) ERRORS OR DEFECTS WILL BE CORRECTED, PATCHES OR WORKAROUNDS WILL BE PROVIDED, OR THE PROVIDER WILL DETECT ANY BUG IN THE SOFTWARE, (C) THE SOFTWARE IS FREE OF VIRUSES OR OTHER HARMFUL COMPONENTS, OR (D) THIRD-PARTY DISRUPTIONS OR SECURITY BREACHES OF THE SOFTWARE WILL BE PREVENTED.
ARTICLE 9 – TERMINATION
In the event of non-performance by a Party of any of its obligations under the Agreement, the other Party may terminate the Agreement, if it deems it appropriate, in its own rights by sending a registered letter with acknowledgement of receipt. Such termination may only take place after a formal notice has remained unsuccessful within a period of 10 (ten) working days, in regard to the 1 (one) month term, and 30 (thirty) days, in regard to the 12 (twelve) months term, without prejudice to any damages that may be awarded as a result of the aforementioned breaches.
Each Party is also entitled to terminate the Agreement, without incurring any liability to the other Party, by simple written notice to the latter's address, in the following cases:
opening of insolvency proceedings or judicial liquidation or any judicial decision having equivalent effect and, in the cases provided for by law, after silence or refusal to opt for the continuation of the Agreement by the administrator or judicial liquidator;
termination of activities for any reason whatsoever.
In the event of failure by the CLIENT to pay an amount due to the PROVIDER under the Agreement, the PROVIDER may terminate the Agreement by operation of law without any other formality than by sending a registered letter with acknowledgement of receipt.
Notwithstanding the termination or expiration of the Agreement, it is understood that the provisions of the Articles "Liability", "Intellectual Property", "Non-solicitation of Personnel" and "Confidentiality" shall survive such termination or expiration, for any reason whatsoever.
ARTICLE 10 - LIABILITY
The CLIENT is responsible for ensuring that the Software meets its needs. The CLIENT acknowledges that it has received from the PROVIDER all the necessary information enabling to assess the suitability of the Software for its needs.
The CLIENT has decided to sign the Agreement after having read the software solutions proposed by the PROVIDER and verified their accounting according to its other equipment (hardware, software, configuration, etc.) and its needs. Thus, the PROVIDER may under no circumstances be held liable for direct or indirect damage of any kind suffered by the CLIENT due to the impossibility of using the software solutions, especially in case of interconnection problems with the connectors, or inadequacy to its needs. Likewise, the PROVIDER should bear no responsibility incurred by the accuracy of the Data provided by the CLIENT, a latency of Data update (“Data Refresh Hour”) or incorrectness.
The CLIENT acknowledges that the information provided within the use of the Software are of general range and that they are meant to be used to help the CLIENT manage marketing metrics. Such information can under no circumstances replace a marketing analysis, therefore, the CLIENT is solely liable to assess whether the content available through the Software is suitable for its needs.
The PROVIDER's role is to provide a Software License, the use of which is left to the discretion and responsibility of the CLIENT. a result, the PROVIDER is not liable for damages such as financial, commercial, customer loss, any commercial disturbance, loss of profit, loss of brand image, loss of data, files or software suffered by the CLIENT, increase in charges, cost of services necessary to implement or correct the data or results obtained, which could result from the non-performance of the Agreement, which damages are deemed to have the nature of indirect damages.
IN NO EVENT SHALL THE AGGREGATE LIABILITY OF EACH PARTY ARISING OUT OF OR RELATED TO THIS AGREEMENT EXCEED THE TOTAL AMOUNT PAID BY CLIENT HEREUNDER FOR THE SERVICES GIVING RISE TO THE LIABILITY IN THE TWELVE MONTHS PRECEDING THE FIRST INCIDENT OUT OF WHICH THE LIABILITY AROSE. THE FOREGOING LIMITATION WILL APPLY WHETHER AN ACTION IS IN CONTRACT OR TORT AND REGARDLESS OF THE THEORY OF LIABILITY BUT WILL NOT LIMIT CLIENT’S AND ITS AFFILIATES’ PAYMENT OBLIGATIONS UNDER ARTICLE 15 BELOW. IN NO EVENT WILL EITHER PARTY OR ITS AFFILIATES HAVE ANY LIABILITY ARISING OUT OF OR RELATED TO THIS AGREEMENT FOR ANY LOST PROFITS, REVENUES, GOODWILL, OR INDIRECT, SPECIAL, INCIDENTAL, CONSEQUENTIAL, COVER, BUSINESS INTERRUPTION OR PUNITIVE DAMAGES, WHETHER AN ACTION IS IN CONTRACT OR TORT AND REGARDLESS OF THE THEORY OF LIABILITY, EVEN IF A PARTY OR ITS AFFILIATES HAVE BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES OR IF A PARTY’S OR ITS AFFILIATES’ REMEDY OTHERWISE FAILS OF ITS ESSENTIAL PURPOSE. THE FOREGOING DISCLAIMER WILL NOT APPLY TO THE EXTENT PROHIBITED BY LAW.
ARTICLE 11 - DATA PROTECTION
The CLIENT's Data and databases, whether or not containing personal data, to which the PROVIDER may have access in the performance of the Agreement, are the exclusive property of the CLIENT. These Data and databases are strictly confidential in accordance with the terms of the article "Confidentiality".
The PROVIDER shall refrain from infringing the CLIENT's property rights relating to the aforementioned Data and databases and, in this respect, shall refrain from communicating them to third parties, from reproducing them, from carrying out extractions (unless these operations are part of the services covered by the Agreement or following an express and prior request by the CLIENT), or from infringing the security of the processing of these Data.
In general, the PROVIDER shall maintain and comply with adequate technical security measures to protect the CLIENT's Data, to which the PROVIDER may have access in the performance of the Agreement, against any accidental or unlawful destruction or accidental loss, damage, alterations, disclosure, or unauthorized access, in particular when the processing involves the transmission of data or databases over a network, and against any other form of unlawful processing.
To the extent PROVIDER processes any CLIENT Personal Data contained in CLIENT Data on behalf of CLIENT, the terms of the Data Processing Addendum which are incorporated in this Agreement, by reference, will apply and the parties agree to comply with such terms.
ARTICLE 12 - FORCE MAJEURE
The Parties shall not be held liable for any breach of any of their obligations under the Agreement resulting from the occurrence of an event of force majeure, as defined by the case law of the Danish courts. In this case, the obligations of the Parties shall be suspended from the notification of this exonerating cause by one of the Parties to the other Party until its termination.
To the extent that such circumstances continue for a period of more than 1 (one) month, the Parties agree to enter into discussions with a view to amending the terms of their respective commitments.
If no agreement or alternative is possible, these commitments may then be terminated by the Party whose obligations are not affected by the event of force majeure, without damages, by simple written notification by registered letter with acknowledgement of receipt, without compensation or notice.
ARTICLE 13 – CONFIDENTIALITY
Each of the Parties acknowledges that they will communicate to each other (and to their officers, employees, consultants and subcontractors who may have a direct need to know such information) (together the "Authorized Persons") certain technical, commercial, financial or other information relating to their respective activities, as well as the Agreement and all its Annexes and amendments, whether such information has been delivered in writing, orally or by any other means (the "Confidential Information") under the Agreement.
In order to protect the confidentiality of the Confidential Information, each Party agrees, under the terms of the Agreement, to:
maintain the Confidential Information in absolute confidentiality and not to disclose it to any third party to the Agreement (other than Authorized Persons), subject to the prior written consent of the Party that owns the Confidential Information concerned;
use the Confidential Information only in the context of the Agreement, and therefore to refrain from any other use, directly or indirectly, in any form whatsoever, either for itself or on behalf of any third party;
ensure that Authorized Persons to whom all or part of the Confidential Information has been communicated, are informed by that Party of the obligations under the Agreement relating to such Confidential Information;
return, at the request of either Party, any Confidential Information in its possession, and destroy any copies of any Confidential Information in its possession (however, this obligation does not extend to documents or reports prepared on the basis of the Confidential Information or incorporating certain Confidential Information, provided that such documents and reports remain confidential under the conditions stipulated in the above paragraphs).
Provided that the obligations referred to in the above paragraphs shall not apply to Confidential Information provided by a Party which:
have fallen into the public domain at the time of their communication or subsequent to their communication, provided, in the latter case, that such communication is not the result of a breach of confidentiality by the Party having had knowledge of the Confidential Information concerned;
were known by the other Party in a legitimate and peaceful manner, prior to the date on which such Confidential Information was communicated to it;
shall be provided by the other Party pursuant to any applicable law or regulation or at the request of any supervisory or regulatory body, administration, or courts;
are legitimately obtained by the Receiving Party from a third part which, by making such disclosure, does not breach any obligation of confidentiality;
are developed autonomously by the Receiving Party;
are disclosed by the disclosing Party to a third party without any obligation of confidentiality;
This obligation of confidentiality applies for the entire duration of the Agreement and for a period of two (2) years upon expiry or termination of the Agreement, for any reason whatsoever.
The Provider will respond with data requests within 72 hours, and you may ask for data to be permanently deleted, with written confirmation after it is completed.
ARTICLE 14 - PRICES
The CLIENT shall pay the amounts set forth in Appendix 1. These amounts are monthly fees licenses.
Any amount unpaid on the due date shall bear interest for late payment, subject to prior formal notice to pay, sent by registered letter with acknowledgement of receipt, which shall remain without effect for a period of 5 (five) working days following its receipt, at the rate of 3 (three) times the legal interest rate in force on the due date.
More generally, any supply or service not expressly defined in the Agreement will be invoiced under the terms of the amendment governing it.
In general, the CLIENT shall not reimburse any expenses incurred by the PROVIDER under the Agreement without his express prior written consent.
The PROVIDER remains free to change amounts set forth in Appendix 1, as well as the structure and modalities of its pricing if and only if the PROVIDER informs the CLIENT 60 (sixty) days prior to Renewal Subscription Period. Such change cannot occur during the ongoing subscription period.
When using the online payment service, the PROVIDER may use the services of the company Stripe. To this end, the CLIENT authorizes the PROVIDER to transmit personal data to its partner, like CLIENT details (Name, registration date), and any other documents or information relating to our regulatory obligations in the fight against money laundering and terrorist financing. Stripe Ltd. is authorized by the Financial Conduct Authority (FCA) as a payment institution in accordance with the Payment Services Regulations 2009. FCA reference is FRN 580343.
ARTICLE 15 - NON-SOLICITATION
The CLIENT expressly refrains from soliciting, with a view to hiring or subcontracting, any employee of the PROVIDER, for the entire duration of the Agreement and the 12 (twelve) months following its termination, regardless of the cause. This prohibition also applies during the 12 (twelve) months following the end date of an employee's employment contract, regardless of the cause. In the event of an infringement of this prohibition, following a poaching and/or an offer made, the defaulting Party shall be required to pay the other Party, as a penalty clause, a lump-sum indemnity equal to 12 (twelve) times the last gross monthly salary of the requested person, plus the costs incurred in recruiting a replacement.
ARTICLE 16 - GENERAL PROVISIONS
Transfer. No change in the legal form of either Party and/or in the capital structure of either Party, including change in corporate form, merger, takeover or change of control, may affect the performance of the Agreement.
No waiver. The absence of sanction by one of the parties of a breach of a provision of this Agreement or failure to comply with the time of performance of an obligation to perform does not mean that it waives its right to sanction any prior or subsequent breach of the same or any other provision.
Notifications. All notices required to be given to either Party under this Agreement shall be in writing and delivered by hand during normal business hours or by registered mail with return receipt during normal business hours to the respective addresses indicated on the cover page of this document, which the Parties shall choose for the delivery or sending of notices, communications or legal proceedings arising under this Agreement. The Parties shall have the right to replace such address with another physical address, which shall take effect 30 (thirty) days after the other Party has been given written notice.
Applicable law and dispute resolution. Any inconsistencies and disputes which may arise from the Agreement, including interpretation, validity, and execution, must be settled in accordance with Danish law, with the Court of Copenhagen as a jurisdiction. Before any litigation is taken, the Parties shall seek, in good faith, to settle amicably their disputes relating to the validity, performance and interpretation of the Agreement. The Parties shall meet to discuss their points of view and make any relevant findings to enable them to find a solution to the conflict between them. The Parties shall endeavor to reach an amicable agreement within thirty (30) days of notification by one of them of the need for an amicable agreement by registered letter with acknowledgement of receipt.
Data Processing Agreement
In the context of their contractual relations, the Parties undertake to comply with the regulations in force applicable to the processing of personal data and, in particular, Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 applicable as from 25 May 2018 (hereinafter referred to as the "GDPR"), as well as Law No 78-17 of 6 January 1978 on data processing, files and freedoms (hereinafter referred to as the amended "Data Protection Act"). The purpose of this Annex is to define the conditions under which the processor undertakes to carry out on behalf of the controller the processing operations of personal data defined below.
I. Definitions of the terms
For the purposes of this Agreement, the following terms shall have the following meaning:
"Personal Data" means any information relating to an identified or identifiable natural person; an "identifiable natural person" is defined as a natural person who can be identified, directly or indirectly, in particular by reference to an identification number or to one or more elements unique to him/her. In order to determine whether a person is identifiable, all means of identification available or accessible to the Data Controller or any other person must be considered.
"Data Subject" refers to a natural person whose Personal Data are processed.
"Data Controller" means the CLIENT, who determines the purposes and means of the Personal Data Processing.
"Data Processor" refers to the PROVIDER who processes Personal Data under the authority, on instructions and on behalf of the Data Controller.
"Processing" means any operation or set of operations involving Personal Data by the Data Processor on behalf of the Data Controller, regardless of the process used, and in particular the collection, recording, organization, structuring, storage, adaptation or modification, extraction, consultation, use, communication by transmission, dissemination, or any other form of making available, reconciliation or interconnection, as well as limitation, deletion, or destruction.
"Personal Data Breach" means a security breach resulting in the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or unauthorized access to, Personal Data transmitted, stored, or otherwise processed.
II. Obligations of the Data Controller
The Data Controller acknowledges and guarantees:
that the Processing is carried out in accordance with the provisions of the GDPR and the Data Protection Act, in particular, that the Data Subject has been informed of the purpose of the Processing, his rights, the recipients of the Personal Data and the policy on the protection of privacy and personal data;
only in the event that the Data Controller processes "sensitive" data as defined in Article 8 of the GDPR (i.e. the Processing of personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs or trade union membership, as well as the Processing of genetic data, biometric data for the purpose of uniquely identifying a natural person, data concerning health or data concerning the sex life or sexual orientation of a natural person), the Data Controller has collected them and requires the Data Processor to carry out their Processing, in full compliance with the provisions of the said Article 7;
that it will respond as soon as possible to any Data Protection Authority requests for information, if any;
that it will respond, as soon as possible, to requests from any Data Subject by the Processing, to communicate information on its Personal Data and that it will give appropriate instructions to the Data Processor, in due course.
The Data Controller also undertakes to:
document in writing any instructions concerning the Processing of Personal Data by the Data Processor;
ensure, in advance and throughout the duration of the Processing, that the Data Processor complies with the obligations provided for in the European Data Protection Regulation;
supervise the Processing, including carrying out audits and inspections of the Data Processor.
III. Obligations of the Data Processor
The Data Processor undertakes to:
process the data only for the purposes indicated by the Data Controller;
if the Data Processor considers that an investigation constitutes a violation of the European Data Protection Regulation or any other provision of Union law or of the law of the Member States relating to data protection, it shall immediately inform the Data Controller. In addition, if the Data Processor is required to transfer data to a third country or international organization, under the law of the Union or the law of the Member State to which it is subject, it must inform the Data Controller of this legal obligation before the Processing, unless the law concerned prohibits such information for important reasons of public interest;
guarantee the confidentiality of the personal data processed under this Agreement;
ensure that the persons authorized to process personal data under this Agreement:
undertake to respect confidentiality or are subject to an appropriate legal obligation of confidentiality;
receive the necessary training in the protection of personal data;
consider, with regard to its tools, products, applications or services, the principles of privacy by design and data protection by default;
inform its employees of their responsibility regarding the protection of Personal Data, in particular as regards the confidentiality of such data;
in the event of a possible legal, administrative or judicial prohibition that could prevent it from carrying out the Processing, the Data Processor shall inform the Data Controller and may then terminate the Agreement, without the Data Controller being able to hold the Data Processor liable or claim damages from him;
cooperate with the CNIL in the event of a request for information from the latter and that it will comply with any recommendation of the CNIL relating to the Processing.
The Data Processor may use another subcontractor (hereinafter, the "Subprocessor") to carry out specific Processing activities. In this case, he/she shall inform the Data Controller in advance and in writing of any planned change concerning the addition or replacement of other Subprocessors. This information must clearly indicate the subcontracted Processing Activities, the identity and contact details of the Subprocessor and the dates of the subcontract. The Data Controller has a minimum period of one (1) month from the date of receipt of this information to present his objections. This subcontracting may only be carried out if the Data Controller has not raised any objection within the agreed period.
The Subprocessor is required to comply with the obligations of this Agreement on behalf of and in accordance with the instructions of the Data Controller. It is the initial Data Processor's responsibility to ensure that the Subprocessor provides the same sufficient guarantees as to the implementation of appropriate technical and organizational measures so that the Processing operation complies with the requirements of the European Data Protection Regulation. If the subsequent processor does not fulfill its data protection obligations, the initial Data Processor remains fully liable to the Data Controller for the performance by the subsequent processor of its obligations.
2. Right of data subjects to be informed
It is the responsibility of the Data Controller to provide the information to the Data Subjects on the Processing operations at the time of data collection.
3. Exercise of data subject’s rights
The Data Controller grants requests to exercise the rights of the Data Subjects (right of access, rectification, deletion, and opposition, right to limit the Processing, right to data portability, right not to be the subject of an automated individual decision, including profiling) and will give appropriate instructions to the Data Processor in due course. As far as possible, the Data Processor shall assist the Data Controller in fulfilling his obligation to comply with requests to exercise the rights of the Data Subjects.
4. Notification of Personal Data Breaches
The Data Processor shall notify the Data Controller of any breach of personal data as soon as possible and, at the latest, 72 hours after becoming aware of it. This notification shall be accompanied by all relevant documentation in order to enable the Data Controller, if necessary, to notify this Violation to the competent supervisory authority. The Data Processor must take all necessary steps to identify the causes of such Personal Data Violation and take all measures that it deems necessary and reasonable to remedy the origin of such Violation when such remedy is under the control of the Data Processor.
5. Security measures
The Data Processor must at all times have technical and organizational measures in place to prevent unauthorized access to the Personal Data and the use of the Personal Data for purposes other than those agreed for their transmission to the Data Processor. The Data Processor represents and warrants that the security measures taken are in no event less than those required by applicable law or those that a person performing the same activity as the Data Processor would reasonably have taken for the protection of Personal Data against unauthorized access or use.
In cases where the Data Processor has obtained the prior consent of the Data Controller for the transmission of Personal Data to a third party, the Data Processor must again take appropriate security measures to ensure the secure transmission of the Personal Data. The Data Processor must protect and maintain the Personal Data as confidential information. The confidentiality requirements required by each of the commercial documents and/or confidentiality agreements signed between the Data Controller and the Data Processor must apply to the Personal Data.