GT&C SaaS dotsha SAS 01/06/2022
General terms of use and conditions for SaaS services _ v1_1
This English translation of The “Conditions Générales” is for informative purposes only.
The original version in French is available at: https://dotsha.com/fr/conditions-generales
ARTICLE 1 – PREAMBLE
The purpose of the service offered by DOTSHA is that of meeting the needs of the largest number of users. In an effort to inform and advise our clients, DOTSHA, has provided a commercial proposal and/or documentation describing its services. The Customer acknowledges having reviewed said information and it is his responsibility to determine if the Service meets his or her own specific needs based on this information. Before accepting the Contract, the customer may request additional information from DOTSHA and/or attend an additional demonstration of the Service, if they do not, the Customer acknowledges having been sufficiently informed.
Any specifications or documents expressing the client’s needs will only be taken into consideration by DOTSHA in the context of the contract, if DOTSHA has explicitly approved them before signing the present terms, and if they appear as annexes to the present terms. DOTSHA can adapt its services to meet the client’s stated needs through a separate agreement that is not governed by these general terms of use and conditions for SaaS services.
The client is informed that the Solutions offered by DOTSHA are necessary for the proper use of the Service. Thus, it is up to the Client to assess whether or not to use these services based on their own needs.
ARTICLE 2 – DEFINITIONS
For the purpose of these terms and conditions, the following definitions apply:
-The entire contract that consists of multiple parts and documents, including the “Ordered Elements” the “Order Form”, the “SEPA Mandate” part, and these general terms of use for SaaS services.
– The online order, submitted by an authorized representative of the Client, which includes the ordered items, quantities, prices, the SEPA mandate, these general terms and conditions for SaaS service use, and the technical requirements.
The general terms and conditions for SaaS service and the technical requirements: can be viewed and downloaded from DOTSHA’s website or can be sent to the customer upon request in accordance with Article L441-6 of the Commercial Code, which stipulates that communication from a service provider must be made through means consistent with professional practices. DOTSHA recommends that the Client takes note of the general terms and conditions for SaaS service use and of the technical prerequisites through this means of access, which is always available.
ARTICLE 3 – CONTRACT AGREEMENT
The Client is deemed to have read and fully understood the Contract as stated in Article 2 and to have accepted it without any reservations. The Contract is established by either the signature of the Order Form and the authorization for Direct Debit, or by concluding the online order that refers to these SaaS service usage terms and signifies acceptance of the entire Contract. Any changes to these SaaS service usage terms and conditions must be covered by agreements that have been accepted and signed by both Parties separately.
Concerning the remote acceptance of the Contract, the Client acknowledges and agrees that any electronic document featuring the signature of their representative or delegate, received by DOTSHA, has the same validity as written evidence and can be legally opposed by DOTSHA. The electronic acceptance of the Contract holds the same evidential value as an agreement on paper, between both Parties.
ARTICLE 4 – PURPOSE
DOTSHA undertakes to provide the Client with the Service as described under these general conditions of use for SaaS services as outlined below.
SERVICE PROVISIONS
ARTICLE 5 – RIGHT TO ACCESS THE SERVICE
5.1. In return for payment in the form of a subscription fee as specified in the “Ordered Items” section of the Order Form or in the online order, DOTSHA grants the Client a limited right to access the Service, restricted to the number of Users listed and/or other work units defined in quantity, limit, or cap, these elements are defined in the “Ordered Items” and “Order Form” sections or in the online order.
5.2. By User, we mean, depending on the Services and usage conditions to:
The Client has the right to access the service solely for professional purposes.
5.3. DOTSHA owns all relevant intellectual property rights related to the Service and declares that if the intellectual property belongs to a third party, he has obtained the rights from said third party to commercialize or distribute the Service. This agreement does not grant the Client any ownership rights related to the Service, its technology or to any intellectual property rights owned by DOTSHA or a third party.
5.4. The Client is prohibited from tampering with the Service and specifically using it in a manner that is inconsistent with its intended purpose and with the conditions defined in this Agreement. As a result, the Client is particularly forbidden from performing reverse engineering on the Service to create a competing product or service, and/or copying or reproducing any functionalities, features, or graphical attributes of the Service
5.5. The Client:
-Agrees to use the Services for professional purposes only, as specified in the Documentation and for the sole needs of its professional activity;
-Is responsible for ensuring that this Agreement is respected by the Users;
-Is solely responsible for the content transmitted and/or downloaded through the Services, and assumes full responsibility for the accuracy, integrity, and legality of the Customer Data transmitted to DOTSHA as part of the Service. In particular, the Client must not send or store non-professional or more in general illegal data, such as obscene, defamatory, or data in violation of the rights of a third party, the protection of minors, or privacy;
-Undertakes to not distribute the Service, not exploit it for commercial purposes, nor make it available to third parties, or rent it unless approved by DOTSHA.
-Undertakes to not alter or disrupt the integrity or performance of the Service or the data contained therein.
-Must not attempt to obtain unauthorized access to the Service or the systems or networks associated with it.
ARTICLE 6- SERVICE EXECUTION MODALITIES
6.1. DOTSHA undertakes to provide the Service in accordance with the provisions defined herein.
6.2. The Service will be used by the Client under its own control, direction and under its sole responsibility. As a result, the Client has to:
The Client is informed that he must regularly make external backups of the accounting documents generated by the Solution and extract them upon termination of his service.
DOTSHA will not be held responsible for the nature or the content of the Client’s information or data and the exploitation that results from it.
Similarly, DOTSHA will not be held responsible for the quality and electronic transmission of data when they use telecommunication networks and more generally for the quality and reliability of the telecommunication connections between User Workstations and the Service access point.
6.3. The following is excluded from the Service:
– Works and interventions regarding the installation and the proper functioning of the User Workstation and the Client’s infrastructure (telecommunications, networks, security equipment) allowing the Client to access and use the Service.
-The resolution of problems caused by a user’s error or mismanagement;
-The services as defined in Article 2 of these general terms and conditions for SaaS services.
6.4. DOTSHA is only obliged to use reasonable efforts in the performance of the services offered through the Services. DOTSHA undertakes to make its best efforts to secure access and use of the Service, and DOTSHA is free to choose the most appropriate form and technical means to provide the Client with all the features of the Service 24/7.
However, the DOTSHA Solution may be temporarily unavailable for corrective or evolutionary maintenance operations that are necessary for the proper functioning of the Services and in the event of an occurrence outside of DOTSHA’s control. Maintenance operations will take place at the discretion of DOTSHA, who will nonetheless endeavor to provide previous notice to the Client.
In the event of a technical malfunction affecting the operation of the service, DOTSHA will make its best efforts to restore the operation of the Service as soon as possible. DOTSHA cannot be held responsible for the non-performance of any of its obligations to the Client in the event of force majeure, including events such as hacking of the Services, interruption or failure of DOTSHA’s providers’ communications systems, including hosting providers (fire, flood, etc.).
6.5. Guarantee. DOTSHA guarantees that the Services are in compliance with its Documentation. DOTSHA does not guarantee that the Service is free of defects or hazards but undertakes to remedy, with all reasonable diligence, the reproducible malfunctions of the service observed in relation to its Documentation. This guarantee of conformity cannot be extended to a guarantee of conformity to specific needs or specific activity of a Client or User. DOTSHA does not guarantee the Service’s ability to achieve objectives or results that the Client may have set for itself and/or to perform specific tasks that would have motivated the Client’s decision to enter into this Agreement. It is therefore the responsibility of the Client or of any third party authorized by the Client for this purpose to make sure of the adequacy of the Service for his needs or his specific activity in the territory where the Service is used. To the extent permitted by law, any other guarantee other than those expressed in this article is expressly excluded.
6.6. It is agreed between the Parties that DOTSHA is free to determine its industrialization policy at all times. As a result, DOTSHA may design, organize, and adapt the Service, modify it and develop it as needed, with the partners and suppliers of its choice, without the prior written agreement of the client, as long as this does not go against DOTSHA’s commitments under this Agreement.“
6.7. Changes. The Client is informed that legislative developments may, at any time, render the standard application Service that are accessible under the Service, unsuitable.
As part of the Support it provides, DOTSHA will update the standard application services so that they comply with new legal requirements, provided that such adaptations or modifications do not require substantial reediting of the existing services. The Client is also informed that the evolution of technologies and customer demand may lead DOTSHA to make Updates, which may result in the modification of the technical Pre-Requirements, for which DOTSHA cannot be held responsible.
ARTICLE 7 – CLIENT DATA
7.1. CLIENT DATA LOCATION
Client’s Data is hosted in one or several sites located within the European community.
From the moment the Personal Data is:
-Collected by the Client outside of the country where the data is located before being transferred under the Service, and/or
-Transferred by the Client, or by DOTSHA on the Client’s instruction, outside the country of location of the data,
It is the Client’s responsibility to make sure that the collection, processing, and/or transfer of Personal Data in the country of location of the data is authorized by the applicable local laws or, failing that and when legally possible, to frame these transfers with adequate legal tools.
7.2. NON-USE OF CLIENT DATA
The Client is and remains responsible for the Client Data. Except for the use described in article 7.3, DOTSHA can not use, modify, transfer or disclose any Client’s Data that may have been communicated to it by the Client during the performance of the Service, in whole or in part, for a fee or free of charge.
7.3. USE OF STATISTICAL INFORMATION
As an exception to article 7.2, DOTSHA’s commitment to not use Customer Data does not include any operation necessary to establish its invoices and usage statistics, as well as to provide any explanation regarding the performance of the Service. Likewise, DOTSHA may compile anonymized, aggregated statistical information and may make it public as long as it does not reveal the Client’s confidential information and that it does not include any nominative data directly or indirectly. DOTSHA holds all intellectual property rights over the results of these statistical treatments.
7.4. STATEMENTS REGARDING CLIENT DATA
It is reminded that, as defined by law number 78-17 of January 6, 1978 known as “Data Processing and Freedoms Act”, DOTSHA acts as a subcontractor, on the instructions of the Client, who is considered to be responsible for the processing of Personal Data carried out through the Service. As a result, the Client is informed that it is his sole responsibility, to take the necessary steps, do the necessary declarations, and requests for the authorization required by the laws and regulations in force regarding any processing he carries out and data he processes using the Service. More generally, it is the Client’s responsibility to comply with any local legislation requiring a particular administrative declaration process for Personal Data. The Client undertakes to respect all obligations incumbent on him under the terms of the Data Protection Act and/or local legislation regarding Personal Data. In accordance with the provisions of Article 28 of the GDPR, the conditions under which DOTSHA will process this data as a subcontractor are specified in Annex 1 of the T&Cs relating to the protection of personal data.
ARTICLE 8 – PERSONAL DATA OF THE PARTIES
In order to conclude, manage, and execute the Service and to maintain the contractual relationship, each party will collect and process the personal data of its contacts. This processing of personal data includes names, first names, and email addresses. Both parties require this information to carry out the Service.
Neither party will transfer this personal data outside of the European Union. In the event of an administrative inspection or legal action, the data of one of the parties may be shared with the relevant authority by the other party (DGCCRF, National data protection commission, tax administration). This includes, but is not limited to, administrative and judicial bodies, or dispute resolution councils. The party disclosing the information will immediately inform the other party. Each party is responsible for keeping the personal data of the other party for the duration of the Service, and for up to three years after the Service has ended.
Each party must also inform the other party of any changes to the personal data of the interlocutors concerned. Each party is responsible for informing their contacts of the processing of their personal data by the other party.
The representatives of each party have the right to access, modify, transfer and delete their personal data, as well as the right to object and to limit the use of their data. They can send their request along with a copy of their ID to the data protection representative or delegate of the other party, as indicated below:
The data protection representative at DOTSHA can be contacted at contact@dotsha.com.
The concerned individuals have the right to file a complaint regarding the processing of their personal data by DOTSHA with the CNIL (National Commission for Information Technology and Civil Liberties) https://www.cnil.fr.
Any interlocutor whose personal data is collected has the right to define general or specific guidelines concerning the preservation, deletion, and sharing of their personal data after their death.
ARTICLE 9 – SERVICE SECURITY
9.1. SECURITY MANAGEMENT
DOTSHA undertakes to implement technical means that are in line with state-of-the-art standards to ensure the physical and logical security of the servers and networks that are under its responsibility and control. Each party must immediately inform the other party, as soon as it becomes aware of any fact that might constitute a threat to the physical or logical environment of the other party (an attempted intrusion for example).
9.2. SECURITY OF STANDARD APPLICATION SERVICES
DOTSHA will take the necessary measures to only allow access to the Service to individuals who have been authorized by DOTSHA and those who have been authorized by the Client.
9.3. CONNECTION SECURITY
In order to guarantee the privacy of data in transit between the User Workstation and the Service access point, all connections are secured. Data flows, which use telecommunications networks that are not secure, use renown security protocols such as HTTPS (based on SSL/TLS Secure Socket Layer/Transport Layer Security or SFTP (based on Secure Shell – SSH).
9.4. CLIENT DATA SECURITY
DOTSHA undertakes to take all necessary measures in accordance with the state of the art to preserve the security of the Client’s Data so that they are not, by its fault, distorted, damaged or communicated to unauthorized third parties.
As a result, DOTSHA undertakes to respect and ensure that its staff respects the following obligations:
-To not make copies of the documents and supports of the Client’s Data that have been entrusted to it, except those strictly necessary for the performance of the Service;
-To not use the Client’s Data for purposes other than those specified in this Contract;
-To not disclose the Client’s Data to other individuals, whether private or public, natural or legal, except if such disclosure is required by law or by a competent judicial or administrative authority or is necessary in the context of a legal action.
ARTICLE 10 – SERVICE DURATION
The Service is entered into for a determined period as specified in the “Order Form.” It will be automatically renewed at the end of each period by tacit renewal. The Party that decides not to renew the Service must notify of its decision to the other party through a Registered Letter with Acknowledgement of Receipt one (1) month before the end of the current period. The activation of an optional additional service during the performance of the service will not modify the duration of the Service as specified above.
ARTICLE 11 – DATA RETRIEVAL AND RESTITUTION
Upon expiration of the Service and/or in the event of termination of the Contract, access to the Service will be blocked on the last day of the Service or the day of termination of the contract. The Client must therefore have retrieved the Client’s Data accessible through the Service’s features or have requested DOTSHA to give him a copy of the last backup of the Client’s Data before this deadline. This restitution will be made in a standard market format chosen by DOTSHA and will be made available to the Client in the form of a file to be downloaded or if the volume is too large, through an external support, and this, as part of a service that will be invoiced, the fees for this service will be limited to the cost of the external support and of its secure sending. Starting from the 60th day from the day the service expires or the Contract is terminated, the process to delete the Client’s Data will be initiated to render it unusable. This deletion will be carried out on production data as well as on back up data, and will depend on the retention period of backups.
ARTICLE 12 – ACCESS TO THE SERVICE BY THE CLIENT’S SUBSIDIARIES
12.1. PREREQUISITES.
The Client’s subsidiaries will only be aauthorized to use the Service if, as of the effective date of the Contract, the Client holds control of said subsidiary as defined in article L. 233-3 of the Commercial Code (a subsidiary meeting this condition is hereinafter referred to as a “Subsidiary”). Except for entities that directly or indirectly have an activity, through intermediaries or companies, that could represent a competition to DOTSHA will not be considered as a Subsidiary. If after the effective date of the Contract, a Subsidiary no longer meets the above conditions, it will immediately and automatically lose its right to access the Service under this Contract. Services may be provided to this subsidiary subject to the signing of a SaaS contract with DOTSHA, which will include, among other things, the financial conditions for the provision of Services.
12.2. RESPECT OF THE CONTRACT TERMS BY THE SUBSIDIARIES.
Subsidiaries may benefit from the Service provided by DOTSHA to the Client under this Contract on the same terms as the Client. The Client will make sure that the Subsidiaries comply with all obligations imposed on them under the Contract, including using the Service in accordance with the Contract terms. The Client will be jointly responsible for ensuring that the Subsidiaries comply with the Contract terms. In the event of non-compliance to any of the Contract terms by one of the Subsidiaries, DOTSHA may directly address the Client to seek compensation without the need for prior notice to the Subsidiary concerned.
FINANCIAL AND GENERAL TERMS
ARTICLE 13 – FINANCIAL TERMS
13.1. PRICE
The prices of the ordered items are indicated in Euros excluding VAT and can be found in the “Ordered items” section of the Order form or in the online order.
13.2. SERVICE INVOICING AND PAYMENT
Unless otherwise specified in the contract, the Service will be invoiced as follows:
-In advance, according to the frequency mentioned at the time of subscription or of its renewal, in the case of a subscription or usage rights,
-In arrears, monthly, in case of consumption or transactions;
-In a lump sum for overage billing commissions, in the form of an annual adjustment.
In the case of online orders, unless otherwise specified in the contract, the Service will be invoiced as follows;
-In a lump sum for overage billing commissions, in the form of an annual adjustment.
-In advance, according to the frequency mentioned at the time of subscription or renewal, in the case of a subscription or usage rights,
-In arrears, monthly, in case of consumption or transactions;
Additionally, for customers who subscribed to services from DOTSHA under multiple contracts, DOTSHA reserves itself the right to invoice all the services ordered under this Contract as well as the services ordered under previous contracts through a single invoice.
Regarding orders for services with different invoicing frequencies, DOTSHA reserves itself the right to apply the same billing frequency to all services. It should be noted that this frequency will be the one applied to the Service(s) representing the majority of the total amount of services.
The first invoice of the service will be issued according to the indications specified in the “Ordered items” section of the Order Form, and no later than the first day of the month following the beginning of the provision of the service .
If the service usage or access threshold, which has been defined and set in the “ordered elements” section of the order form or in the online order, is exceeded, DOTSHA will invoice the excess based on the current rates associated with an adjustment Invoice covering the period since the excess started.
In any case, the services will be invoiced by DOTSHA based on anniversary periods and not on civil calendar periods. When necessary, the first and/or last invoice will be pro-rated.
For the service, DOTSHA’s invoices (including for online orders) will be paid by the client by automatic debit without discount no later than thirty (30) days from the date the invoice was issued.
The client undertakes to provide their bank details (IBAN and BIC) and to complete the SEPA mandate in either paper or electronic form; the client is free to choose the form of the SEPA mandate he prefers, as long as both forms are made available to him by DOTSHA.
In the event that the client decides to use the business-to-business SEPA Mandate, it is their responsibility to make sure, beforehand, that their credit institution is able to process his request. From the implementation of the SEPA Mandate and in the event that the client successively signs several contracts and chooses to pay the sums due to DOTSHA by automatic debit each time, he accepts that each of these contracts will be governed by a common and unique direct debit authorization whose amount varies, according to the additions and deletions of contracts over time.
13.3. Services are invoiced as soon as they are performed at the price agreed in the contract.
13.4. In the event that the Client would like DOTSHA to comply with one of its own practices for payment of invoices issued under this Contract (specific mention on invoices, particular invoice communication process, etc.), he must communicate this practice to DOTSHA before signing this Contract so that it can be taken into account and indicated in special conditions in this Contract. If this is not the case, failure to comply with these practices specific to the Client cannot be a reason for the Client to not pay or pay DOTSHA’s invoices late.
13.5. After the due date, a late payment penalty calculated based on an interest rate set at three times the legal interest rate will be requested by DOTSHA without any reminder being necessary.
13.6. According to Article L 441-6 I of the Commercial Code, the Client will also be liable for a fixed compensation fee of forty (40) euros (€) for the recovery costs incurred by DOTSHA. If necessary, when the costs exceed the amount of this compensation, DOTSHA may claim additional compensation from the Client, upon presentation of supporting documents specifying the diligence performed. These compensation will not be applied in cases where the Client proves that he is the subject of an insolvency or bankruptcy proceedings.
13.7. DOTSHA reserves itself the right to suspend the Service and any ongoing work fifteen (15) days after having sent a formal notice of payment in the form of a registered letter, if the payment remains partially or completely ineffective.
13.8. All outstanding fees resulting from a Client’s lack of payment will remain the financial responsibility of the Client.
13.9. During the initial term of the Services, DOTSHA may revise the prices under the Contract once per calendar year. Beyond the initial term of the Services, or during renewal periods, DOTSHA may modify the prices under the Contract at any time. If the Client refuses to pay the higher amount invoiced, he has the right to terminate the Service by sending a registered letter with acknowledgment of receipt within thirty (30) days after the invoice, containing the new billing amounts, was issued. The Service will then remain in effect with the same pricing conditions of the previous invoice until the end of the month following the one during which the invoice in question was issued.
ARTICLE 14 – COLLABORATION
The proper execution of the Contract and the smooth functioning of the Service require a loyal, active, and permanent collaboration between the Parties. This is why, each party undertakes to:
-Actively involve themselves in the execution of their obligations;
-Refrain from any behavior that may affect or impede the execution of the other Party’s obligations;
-Provide each other with sufficient information and documents necessary for the execution of the Contract, in a timely manner, compatible with the deadlines agreed upon between the Parties;
– Alert each other as soon as possible in case of any issue and work together to find the best solution possible in a timely manner.
It is the responsibility of the Client, to provide DOTSHA with all the necessary information for the execution of the Services and to inform DOTSHA of any difficulties that they may be aware of or that their knowledge of their field of activity allows them to consider, all along the execution of the present contract. Furthermore, the Client undertakes to work with competent, qualified, and trained Users during the entire execution of the present.
ARTICLE 15 – TERMINATION OF THE CONTRACT
DOTSHA may demand the automatic termination of this Contract through a registered letter with acknowledgement of receipt, in the event the Client fails to fulfill its obligations as stated in articles 5, 7.4, 13, and 17, without prejudice to any damages and interests.
The termination of this Contract will take effect three (3) months after the reception of the aforementioned letter by the Client, unless the latter can provide evidence of appropriate remedies that have been or are to be taken to remediate the situation. The Client agrees to pay DOTSHA any amount still owed.
ARTICLE 16 – RESPONSIBILITIES
16.1. Taking into account the state of the art in its field, DOTSHA undertakes to exercise due care to the performance of its obligations and is only subject to an obligation of means.
16.2. DOTSHA will only be held responsible for direct and foreseeable damages arising from a breach of its contractual obligations. In the event that DOTSHA’s liability is established, the total and cumulative compensation that the Client may claim will be limited to the amount paid to the Client by DOTSHA during the twelve (12) months preceding the event proven to be DOTSHA’s responsibility.
16.3. Under no circumstances, DOTSHA will be held responsible by the Client or by any third party for any unforeseeable damage or any indirect damage, whether it is material or immaterial, such as loss of profits, damage to image or any other financial loss arising from the Client’s use or inability to use the Service, as well as any loss or deterioration of information for which DOTSHA cannot be held responsible. Any loss suffered by a third party is indirect damage and does not, as a result, give rise to compensation.
16.4. The Parties acknowledge that the price of the Contract reflects the distribution of risks arising from the contract, as well as the economic balance desired by the Parties, and that the contract would not have been entered into without the limitations of liability defined herein. The Parties explicitly agree that the limitations of liability continue to apply even in the event of dissolution or termination of the contract.
ARTICLE 17 – FIGHT AGAINST FRAUD
The Client guarantees that he will use the Services provided by DOTSHA in accordance with applicable laws and regulations, particularly in terms of taxes. Specifically, in the event that DOTSHA is held jointly responsible by the tax authorities for the payment of tax remittances due to the Client’s irregular use of the Services provided, the Client agrees to fully indemnify DOTSHA for the amount claimed by the authorities.
ARTICLE 18 – FORCE MAJEURE
18.1. Neither party will be held responsible for any failure to fulfill its contractual obligations if prevented from doing so by an event of force majeure, as defined in Article 1218 of the Civil Code. It is expressly agreed between the parties that the malfunctioning of telecom operators and telecommunications will constitute events of force majeure as described in this clause, provided that these malfunctions are not caused by the technical means used by DOTSHA.
18.2. In such a case, the party invoking the event of force majeure will promptly notify the other party by registered letter with acknowledgement of receipt of the occurrence of such event and of the need to extend the deadlines to perform its duties. If the impediment is temporary, the performance of the obligation will be suspended until the party invoking the event of force majeure is no longer prevented from performing his duty by the force majeure event. The party invoking the event of force majeure will keep the other party informed and will make its best efforts to limit the duration of the interruption. If the interruption continues for a period exceeding three (3) months, each one of the parties will have the option to terminate the contract without compensation by giving notice to the other party of its decision by registered letter with acknowledgement of receipt.
If the impediment is definitive, the contract will automatically be terminated and the parties will be released from their obligations as stated in the conditions provided for in Articles 1351 and 1351-1 of the Civil Code.
ARTICLE 19- PRIVACY
All information, data (including Customer Data), deliverables, and/or know-how, whether or not protected by intellectual property laws, whatever their form or nature ( commercial, industrial, technical, financial, etc.), exchanged between the parties or of which they become aware during the execution of the Contract, shall be considered confidential (hereinafter referred to as “Confidential Information”).
Each party agrees to use the Confidential Information only for the purpose of executing this Contract, to protect the Confidential Information, and to not disclose it to third parties other than its employees, staff, subsidiaries, and subcontractors who need to have access to it for the execution of the Contract without the prior written authorization of the other party. The parties agree to take all necessary measures to ensure that their employees, staff, subsidiaries, and subcontractors who have access to Confidential Information are informed of the confidential nature of the information communicated and that they comply with the obligations arising from this clause.
Each party will be relieved from their confidentiality obligations with regards to all the information that (i) was in the possession of this party prior to its disclosure by the other party, if such possession is not the direct or indirect result of the unauthorized disclosure of such information by a third party, (ii) is part of the public domain at the date the Contract was accepted or that have become public after this date without such cause being attributable to the non-compliance of this party with their obligations of confidentiality under the Contract, (iii) has been independently made by this party, or (iv) that the disclosure of which is required by law or by a competent judicial or administrative authority or that is necessary to defend the interests of either party in the context of a legal action.
The parties undertake to comply with the obligations arising from this article for the entire duration of the Contract and for five (5) years following its dissolution. As such, upon the expiration or termination of this Agreement, each party shall either return to the other party all documents containing confidential information or ensure the other party that all confidential information in their possession has been destroyed.
Under no circumstances may a copy of the documents containing confidential information be kept by a party unless there is an exceptional and written agreement from the other party.
ARTICLE 20 – TRANSFER
20.1 The Client may transfer the Contract, as well as the rights and duties described in it, in whole or in part, for consideration or free of charge, subject to DOTSHA’s prior written agreement.
20.2 DOTSHA may freely assign or transfer the Contract without formalities. Upon written notification of the transfer to the Client, DOTSHA will be released from its obligations under the Contract and will not be responsible for the performance of the Contract by the assignee.
ARTICLE 21 – MISCELLANEOUS
21.1. The fact that one of the Parties does not enforce any of the obligations specified in the Contract can not be interpreted subsequently as a waiver of the obligation in question.
21.2. The Client agrees that DOTSHA may freely and without prior formalities, sub-contract a third party to carry out any or all of its obligations under these terms and conditions, under its own responsibility. In case of subcontracting, DOTSHA shall remain solely responsible for the proper fulfillment of the obligations set forth in the Contract.
21.3. This Contract takes precedence over any other document, including any general conditions of purchase of the Client. Unless explicitly stipulated, the terms and conditions and obligations of this document shall take precedence over all others.
21.4. If one or more provisions of the Contract were held to be invalid or declared as such under the provisions of a law or as a result of a final decision of a competent court, the other provisions shall retain their value and scope.
21.5. The Client authorizes DOTSHA to mention his name and/or reproduce its logo in its commercial documents and press announcements, in any form and on any support.
21.6. DOTSHA is free to use the know-how acquired during the execution of the Contract and to perform similar services for other Clients.
21.7 The Client is informed that in case of a computerized accounting audit in France, during the duration of the Service, DOTSHA undertakes to :
-Keep the necessary documentation available for the tax authorities to understand the functioning and use of the Service;
-Cooperate with the Client in the event of such an audit and assist by providing any information requested from the tax authorities, on the Client’s express request and for a fee to be agreed upon.
The Client is informed that he has, within the context of the Service, the possibility to extract supporting documents in their original format, if these documents are produced by the Service, in order to meet his obligation of retaining accounting data. The Client is informed that the Service is not a data archiving solution and therefore undertakes to carry out the necessary filing operations to keep track of his computerized accounting.
Upon termination of the Service and during the period not prescribed for tax purposes related to the years for which the Client has used the Service, the Client is informed that in case of an audit of their computerized accounting in France, DOTSHA undertakes to:
-Keep the necessary documentation available for the tax authorities to understand the functioning and use of the Service;
-Cooperate with the Client in the event of such an audit and assist him by providing any information requested by tax authorities, on the Client’s express request and for a fee to be agreed upon.
21.8 DOTSHA reserves itself the right to charge the Client for the time spent searching for the cause of an incident, if the incident encountered by the Client is not due to a Service provided by DOTSHA under these terms.
21.9 DOTSHA and the Client declare that the information provided and used by DOTSHA’s Service is binding between them until proven otherwise.
21.10 DOTSHA undertakes to keep in effect a professional liability insurance covering damages that may occur during the execution of the Service.
21.11 The Parties have taken into account all the risks related to the execution of the Contract, which they accept and assume, and consequently, they waive the right to renegotiate the terms regardless of the circumstances. It is therefore expressly agreed between the Parties that the application of Article 1195 of the Civil Code is excluded.
ARTICLE 21 – LAW AND JURISDICTION
This agreement is governed by French law both in form and substance. In the event of a dispute and in the absence of an amicable resolution, exclusive jurisdiction is given to the Commercial Court of Tours, notwithstanding the multiplicity of defendants or the introduction of third parties.
ANNEX 1
ANNEX 1: Processing of personal data carried out by DOTSHA as a Subcontractor
In the course of providing the Service, DOTSHA, acting as subcontractor, is required to process personal data on behalf of the Client, who is responsible for said data. This Annex outlines, as stated in Article 28 of the GDPR, the conditions under which DOTSHA undertakes to perform the personal data processing operations, as part of its Service, on behalf of the Client.
In this Annex, the terms that start with a capital letter, singular or plural, will have the meaning defined in the Contract.
1.SCOPE OF THE PROCESSING CARRIED OUT BY DOTSHA
DOTSHA is authorized to process, on behalf of the data controller, the personal data necessary for the execution of the Service and in order to provide the Services. The individuals concerned by the processing carried out by DOTSHA, as part of its Services, are the Users of the services. As part of its Services, DOTSHA performs the following processing operations on personal data:
The purpose of the processing of personal data are as follows: for the performance of the Service, hosting and maintenance of the Solution, and performance of the Services and Support.
The duration of the processing of personal data corresponds to the duration of the Service.
– Si existantes, les instructions documentées relatives aux données personnelles, nécessaires à l’exécution des dispositions de la présente Annexe par DOTSHA.
2.1 CLIENT’S COMMITMENTS:
In order to carry out the Service, the Client must provide DOTSHA with the following necessary information:
-The name and contact details of the Data Protection Officer of the Client’s personal data in accordance with the GDPR;
-The name and contact details of the Data Protection Officer of the Client’s data in accordance with the GDPR, if applicable, or alternatively, DOTSHA’s point of contact regarding personal data for the purposes of this Annex;
-If applicable, the documented instructions related to the personal data, necessary for the execution of the provisions of this Annex by DOTSHA.
2.2 DOTSHA UNDERTAKES TO:
-Process the data for the sole purpose(s) of executing the Service;
-Process the data in accordance with the Client’s documented instructions. If DOTSHA considers an instruction to be in violation of applicable data protection regulations, it undertakes to inform the client immediately;
-Notify the Client, in the event it is required to process personal data by virtue of a mandatory provision of the European Union law or a law of any member states, unless the law concerned prohibits such notification for important public interest reasons;
-Get the Client’s prior written consent before transferring his personal data to a country located outside the European Union.
If this consent is given, DOTSHA undertakes to cooperate with the Client to ensure:
-The respect of the procedures to comply with applicable regulations for the protection of personal data, for example, in cases where authorization from a competent supervisory authority may be required;
-If necessary, the conclusion of one or more contracts to frame cross-border flow of personal data. DOTSHA undertakes in particular, if necessary, to sign such contracts with the Client. To do so, it is agreed between the Parties that the standard contractual clauses published by the European Commission will be used to frame cross-border flows of personal data;
-Guarantee the confidentiality of personal data processed within the context of this Agreement;
-Ensure that the individuals authorized to process the personal data under this Agreement:
-Agree to respect the confidentiality of it or that they are subject to appropriate legal confidentiality obligations;
-Receive the necessary training about the protection of personal data.
-Take into account, in its tools, products, applications, or services, the principles of protection of personal data from the design stage and the protection of personal data by default.
-Assist the client to respect its own obligations related to the protection of personal data
3- RECURRING TO A SUBSEQUENT SUBCONTRACTOR
DOTSHA is authorized to engage one or several subcontractors (hereafter referred to as ‘the Subsequent Subcontractor) to carry out specific processing activities.
The Subsequent Subcontractor must comply with the obligations of the Service, and must only use the personal data on behalf of and according to the instructions documented by the Client. DOTSHA undertakes to make every effort to ensure that the obligations related to the protection of the personal data comply with those provisions set out in this contract. However, DOTSHA is only obligated to use reasonable efforts.
DOTSHA must guarantee, through a written contract, that the Subsequent Subcontractor provides the same and adequate guarantees regarding the implementation of appropriate technical and organizational measures to ensure that the processing meets the requirements of the GDPR.
The Client is the sole responsible for providing information and exercising the rights of the individuals concerned relative to the personal data processed by the Client, and when applicable by DOTSHA and by any Subsequent Subcontractors. In case, DOTSHA receives a request from a data subject to exercise its rights, it undertakes to transmit the data requested to the Client as soon as possible, who is the only party authorized to make such a request. DOTSHA undertakes to assist the Client in responding to data requests from subjects concerned in relation to the services provided within the context of the Service.
5- COMPLIANCE WITH THE REGULATIONS APPLICABLE TO THE PROTECTION OF PERSONAL DATA
As data controller, the Client is the sole responsible for complying with its own legal and regulatory obligations applicable to the protection of the personal data of users of the Website.
6- NOTIFICATION OF PERSONAL DATA BREACHES
If there is a breach of personal data within the meaning of the GDPR, DOTSHA agrees to carry out all necessary investigations about this breach of rules of protection in order to remedy the breach as soon as possible and to minimize the impact of such breach on the data subjects concerned.
DOTSHA will notify the Client of any breach of personal data as soon as possible after becoming aware of it. This notification may then be supplemented, with any useful documentation in order to enable the Client, if necessary, to notify this violation to the competent supervisory authority or to communicate to the data subjects concerned. This documentation may include the description and nature of the personal data concerned, the description of the origin of the data breach, and the description of the measures taken by DOTSHA to remedy the breach.
The Client is the sole responsible for the decision whether or not to notify the competent supervisory authority about the breach and whether or not to communicate this information to the person concerned, DOTSHA will not notify or communicate any such information.
7- SECURITY MEASURES
DOTSHA undertakes to make everything possible to implement the appropriate technical and security measures to protect personal data, so that the processing of personal data within the context of the Services complies with the GDPR and the French law of January 6, 1978 (known as the “Data Processing and Freedoms Act”.
DOTSHA thus undertakes, in particular, to take all necessary precautions with regard to the nature of the personal data and the risks presented by the processing, to preserve the security of the personal data, the files and in particular to limit the risks of deformation, alteration, damage, accidental or unlawful destruction, loss, disclosure and/or any access to it by third parties, who have not been previously authorized by the Customer.
The means implemented by DOTSHA intended to guarantee the security and confidentiality of the data include the following measures in particular:
– Regular monitoring of technical and organizational measures to guarantee the security and durability of the personal data processed;
– Raising awareness regularly about the security of personal data and compliance with the regulations applicable to the protection of personal data among DOTSHA employees.
DOTSHA undertakes to maintain these means throughout the execution of the Service. In any case, in the event of a change in the means aimed at ensuring the security and confidentiality of personal data, DOTSHA undertakes to replace them with means of equivalent or superior performance.
DOTSHA cannot be held responsible in the event of a breach of personal data not resulting from its act, and in particular in the event of non-compliance by the Client with its own obligations with regard to the regulations applicable to the protection of personal data or in the event of absence of documented instructions communicated in written form by the Client to DOTSHA in order to comply with regulations or practices applicable to the Client’s sector of activity.
8- PERSONAL DATA AT THE END OF THE SUBSCRIPTION
Upon termination of the Service and according to the Client’s choice, DOTSHA undertakes to:
– To securely destroy all personal data and computer files containing personal data that remain in its possession within two (2) months after the termination of the Subscription;
– or, to return them to the Client within two (2) months after the termination of the Subscription.
In the absence of written instructions from the Customer transmitted within a maximum period of ten (10) days from the termination of the Service, DOTSHA undertakes to destroy the personal data under the aforementioned conditions.
9- COOPERATING IN CASE OF AUDIT AND RESPONSIBILITY
In the event of an audit by a competent authority, the Parties undertake to cooperate with each other and with the audit authority. In the event that the audit carried out concerns only the processing implemented by DOTSHA as data controller, DOTSHA will take care of the audit.
In the event that the audit carried out at DOTSHA concerns the processing implemented in the name and on behalf of the Client, DOTSHA undertakes to inform the Client thereof and to make no commitment for him.
In the event of an audit by a competent authority at the Client’s premises concerning in particular the Services delivered by DOTSHA, the Client undertakes to immediately inform DOTSHA thereof and DOTSHA undertakes to cooperate with the Client and to provide him with any information he may need or that could be needed.
