Terms of service

The purpose of the GTS is to define the conditions under which DIGITALEO undertakes to make the Solutions available to the Customer, to provide the Services and/or Agency Services ordered, and the conditions, including financial conditions, under which the Customer may access and benefit from them.

The following documents (hereinafter the ” Contractual Documents “) express all the rights and obligations of the Parties:

1. The Framework Agreement, where one has been concluded between the Parties ;
2. The Special Conditions or Order Form ;
3. The GSC and its appendices ;
4. The Sales Proposal.

The Contractual Documents form the contract for the provision of services (hereinafter the ” Contract “).

The terms of the Contractual Documents may not be contradicted by any other document, and in particular by the Customer’s general terms and conditions of purchase. In the event of contradiction between the Contractual Documents, the document ranked first in the order of precedence shall prevail.

The GCS cover exclusively the provision of the Platform and Modules and the execution of the Agency Services by DIGITALEO to the professional Customer acting in the field of its principal professional activity. The Solutions are intended, in principle, for the Customer, its designated Users including its Beneficiaries.

The GTS are communicated to the Customer, on a durable medium, in particular with the Special Conditions, the Order Form or, where applicable, the Framework Contract to which they are attached or to which reference is made. The fact that the Customer signs the Special Conditions, the Order Form or, more generally, contracts with DIGITALEO implies full and complete acceptance of the GTS in their version in force on the date of this signature or acceptance.

The terms below will have the present definition in the Contractual Documents binding DIGITALEO and its CUSTOMER.

Subscription: refers to the contractual commitment enabling the Customer, in return for periodic payment, to access the ordered Modules via the Platform and to benefit from Customer Success Support. Services are not included in the Subscription.

Customer Service Support: refers to the support service provided by DIGITALEO, including the intervention of a dedicated team and a Project Manager responsible, on behalf of the Customer, for onboarding and getting to grips with the Platform, functional support, usage monitoring and the management of actions and recommendations.

Anomaly: means any reproducible malfunction affecting the Solutions, which is the responsibility of DIGITALEO or its Suppliers, and which either prevents the normal use of all or part of the Solutions, or causes an incorrect result or action even though the Solution(s) is (are) being used in accordance with its (their) purpose.

Beneficiary: refers to a member of the Customer’s network, a User authorized by the Customer to access and/or use the subscribed Modules.

Purchase Order: refers to the document issued by the Customer, summarizing the Module(s) ordered, the Agency Services and the price.

Project Manager: designates the single, privileged contact for each Party, responsible for coordinating relations and transmitting information.

Customer: designates the individual or legal entity, acting within the framework and for the needs of its professional activity, who orders from DIGITALEO access to Solutions and associated Services and/or Agency Services.

Account: refers to the personal digital space, accessible on the Platform, specific to each User, which enables him/her to access the ordered Modules and their functionalities.

Conditions Générales de Services or CGS: refers to the present document.

General Conditions of Use or GCU: refers to the document that describes to Users the conditions of access to the Platform and use of the Modules. They are available on the Platform.

Special Conditions: refers to the document describing the Modules and Services subscribed to, and the special conditions applied to the Customer, particularly with regard to price or agreed Scope. They supplement the GCS.

Framework contract: means, where it exists, the contract concluded between the Parties setting out the general framework of their contractual relations and articulated with these GCS and, where applicable, with Special Conditions, Purchase Orders, Sales Proposals and/or appendices.

Content: refers to all elements such as texts, images, sounds, videos, data, programs, applications or any type of content used by the Customer and/or belonging to the latter and accessible by DIGITALEO within the framework of the Services and/or Agency Services.

Documentation: refers to the documentation of any kind relating to the Solutions that DIGITALEO provides to the Customer, formalizing the repository of functional and technical specifications for the Platform and Modules.

DIGITALEO: refers to the company DIGITAL MEDIA PUBLIS DIGITALEO, registered in the Rennes Trade and Companies Register under number 451 322 119, located at 20 avenue Jules MANIEZ 35000 Rennes. DIGITALEO publishes the Platform.

Data: refers to all Customer information and data, including any Personal Data, entered or uploaded, automatically or by the User, into the Modules, or processed, modified or generated by or via the Modules.

Personal Data: refers to any information that directly or indirectly identifies a natural person.

AI functionalities: designate the functionalities of Solutions based on an AI System, enabling them to generate or suggest content, analyze textual data, propose recommendations, optimize messages or assist the user by means of conversational tools.

Supplier: refers to any supplier or partner of DIGITALEO likely to be involved in the provision of Solutions and/or Agency Services.

Working hours: refer to the working hours of DIGITALEO’s Customer Service (excluding public holidays): Monday to Thursday from 8:30 to 12:30 and from 14:00 to 18:30 and Friday from 8:30 to 12:30 and from 14:00 to 18:00.

Identifiers: refers to the User’s login (e-mail address) and password enabling him/her to access his/her Account.

Security Incident: means any breach of the security of the Solutions and/or the confidentiality, completeness and/or integrity of the Data, any violation of Personal Data, as well as more generally any unauthorized and/or illegal access, acquisition, use, disclosure, modification, hosting/processing, destruction or loss of the Data.

Working days: refers to DIGITALEO’s working days, i.e. Monday to Friday, excluding public holidays.

Deliverables: refers to the achievements produced and supplied by DIGITALEO, under the Services or the execution of the Agency Services, and likely to be protected by an intellectual property right.

Sapin Law: refers to Law no. 93-122 of January 29, 1993 on the prevention of corruption and the transparency of economic life and public procedures.

Modules: refers to the various applications made available to the Customer via the Platform. They are described in the GTS and Documentation.

Service Levels: refers to the commitments made by DIGITALEO, described in the appendix.

Parties: refers individually or jointly to DIGITALEO and/or the Customer.

Perimeter: refers to the geographical site(s), brand(s) and authorized User(s), as defined in the Special Conditions.

Platform: refers to the SaaS portal published by DIGITALEO allowing access to and use of the Modules and their functionalities.

Services: refers to Installation Services and Additional Services.

Additional Services: refers to services provided by DIGITALEO which are not Installation Services. They may include development, training, graphic design or reversibility services, for example.

Installation Services: refers to the adaptation, customization, configuration and/or parameterization Services required to deploy the Platform and Modules.

Commercial Proposal: refers to the commercial document sent by DIGITALEO to the Customer, presenting in particular and depending on the case, the Modules proposed, the associated Services, the Agency Services and the prices.

Applicable Regulations: means all laws and regulations applicable to the Parties in the context of the Contract, including in particular, as the case may be: (i) regulations relating to data protection (RGPD and LIL), (ii) regulations relating to services and data (including, as the case may be, the Data Act), (iii) regulations relating to artificial intelligence (including, as the case may be, the AI Act), as well as (iv) regulations relating to online advertising including the Sapin Law.

Data Controller: means the natural or legal person, public authority, department or other body which, alone or jointly with others, determines the purposes and means of processing Personal Data.

Reversibility: refers to the return of Data to the Customer on expiry of the Contract, for whatever reason.

Agency Services: refers to the marketing services provided by DIGITALEO, distinct from the provision of the Platform, including in particular the intervention of an integrated creative studio, strategic support for the design and management of campaigns, as well as the intervention of dedicated consultants to train, advise or produce content or campaigns. Their scope and conditions of execution are defined in the Purchase Order or Special Conditions.

Solutions: refers to the Platform and Modules.

AI Outputs: means any content, text, recommendation, suggestion, response, analysis, synthesis, result or other element generated, assisted or proposed by an AI System when using the Solutions.

Sub-Contractor: refers to the natural or legal person, public authority, department or other organization that processes Personal Data on behalf of the Data Controller.

AI System or AIS: refers to any computer system based on artificial intelligence technologies, integrated into the Module concerned and enabling, in particular on the basis of Data and/or Content, the automatic production of content, analyses, suggestions, recommendations or responses.

User: means any person authorized by the Customer to connect to the Platform and access the Modules.

DIGITALEO reserves the right to modify the GST at any time, without prior notice. The Customer may consult them at any time on the DIGITALEO Internet site, accessible at the following address: https: //preprod-www.digitaleo.com/fr/conditions-generales-de-service. DIGITALEO will make its best efforts to inform the Customer of the modifications made.

The GCS come into force and apply from the moment the Customer signs the Special Terms and Conditions or the Purchase Order.

Agency services.

Agency Services are agreed for the duration required to perform them, as defined in the applicable Order Form or Special Conditions.

Principle – Fixed-term subscription.

The Subscription is concluded, in principle, for an initial fixed term indicated in the Purchase Order or Special Conditions. It is then tacitly renewed for successive periods of the same duration, unless terminated by either Party in writing at least three (3) months prior to the expiry of the current contractual period.

Exception – Open-ended subscription.

As an exception to the above, the Subscription may be taken out for an indefinite period, with, where applicable, a firm commitment period indicated in the Purchase Order or Special Conditions. At the end of this commitment period, the Subscription may be terminated at any time by either of the Parties, subject to three (3) months’ notice by registered letter with acknowledgement of receipt, or by any other written means capable of proving receipt.

The duration of the Subscription is specified in the applicable Order Form or Special Conditions.

The Customer acknowledges having read the Documentation describing the Modules, the Services and/or the Agency Services prior to entering into the Contract, and having thus been provided with all the information required, in particular to determine the suitability of the Modules, the Services and the Agency Services for the Customer’s needs.

The Customer acknowledges having been informed by DIGITALEO of all the technical requirements necessary for the optimal operation of the Modules.
The Customer is also informed that these requirements may change, in particular for technical reasons. If a change occurs during the term of the Contract, the Customer will be informed in advance.

The Customer undertakes to assign one (1) person to be responsible for the Contract, in order to ensure that it runs smoothly, this person being DIGITALEO’s sole contact for the purposes of the Contract. Should the Customer wish to change its representative, it undertakes – insofar as possible – to inform DIGITALEO at least fifteen (15) days before the effective date of the change. The replacement of the Customer’s representative must have an appropriate level of qualification and responsibility, at least equivalent to that of the previous representative.

The Parties agree to cooperate closely, actively and regularly throughout the term of the Contract, in particular by communicating to each other any information likely to have an impact on the proper performance of the Contract. Each Party appoints a designated Project Manager no later than fifteen (15) calendar days after signing the Special Conditions or the Purchase Order. Each Party acknowledges that the person it appoints (or any person replacing the appointee, after notice to that effect has been given to the other Party) represents it and has full authority and competence to do all acts, take all decisions and give all authorizations required in connection with the performance of the Contract.

DIGITALEO provides the Customer with remote access to the Platform in SaaS mode. Access is available for the duration of the Contract, subject to compliance with the Customer’s ObOBOs, particularly with regard to payment. Access to Modules and/or certain functionalities depends on the Subscription taken out.

The Customer is responsible for the choice of Internet service provider and for the supply and installation of the equipment required to access the Platform and Modules via the Internet. The Customer is advised of the technical hazards that may affect the Internet network and cause slowdowns or unavailability making connection impossible. DIGITALEO cannot be held responsible for the malfunction of any Internet connection used by the Customer.

Subject to payment of the sums due and compliance with the GCS, DIGITALEO grants the Customer, for the duration of the Contract, a non-exclusive, non-transferable and non-sublicensable license to use the Platform, for its internal needs and those of its network (its Beneficiaries) where applicable. The license is strictly limited to the Perimeter defined in the Documentation, Order Form or Special Conditions.

Under no circumstances may the Customer make the Platform and Modules available to a third party, sell, rent, distribute or sub-license them.

Similarly, the Customer is strictly forbidden, without this list being limitative, from any other use, in particular any adaptation, modification, translation, arrangement, evolution, creation of new versions or new developments, integration into derived works, distribution, compilation or decompilation, export, merging with other computer applications, disassembly, analysis, reverse engineering process or attempt to do so, to seek or have a third party seek the robustness and availability or the presence of security flaws and exploit them, except within the limits authorized by law.

The Customer shall refrain from correcting by himself any Anomaly whatsoever, of the Platform and/or Modules, DIGITALEO reserving this right alone.

The Customer agrees not to :
Bypass technical protection measures or authentication mechanisms ;
Use the Solutions in a way that could impair their operation, overload the infrastructure or compromise security;
Use the Solutions for activities that are illegal, fraudulent or contrary to the policies of third-party platforms (Google, Meta, etc.) to which certain Modules connect;
Introduce illegal content, files, data or scripts;
Extract, collect, copy, reproduce or reuse on a massive scale all or part of the data, content, results, functionalities or elements of the Solutions, in particular by automated process, scrapping, harvesting or data aspiration;
Use the AI Features in a way that is contrary to their purpose, unlawful, misleading or likely to infringe the rights of third parties;
Use the Solutions, AI Features or AI Outputs to train, power, test or improve a third-party artificial intelligence system or competing service, except with the express written consent of DIGITALEO ;
Use Solutions to create a competing or derived service.

DIGITALEO reserves the right to suspend access to the Solutions in the event of non-compliant or dangerous use, after informing the Customer within a reasonable period of time, except in the case of an emergency related to security.

The Customer undertakes to :

• Provide accurate information when creating User Accounts and keep it up to date;
• Use the Solutions in accordance with the Documentation, applicable laws and the policies of integrated or interconnected third-party platforms;
• Ensure the confidentiality of Identifiers and that only authorized Users have access to the subscribed Modules;
• Make sure that its computer environment (browser, network, hardware) meets the technical requirements communicated by DIGITALEO;
• Provide, maintain and update all information, Data, Content, access, authorizations and settings required for the proper operation of the Solutions;
• Guarantee the accuracy, quality, lawfulness and relevance of the Data and Content that it imports, provides, processes, distributes or uses by means of the Solutions;
• Check the relevance of any suggestions, recommendations, analyses or AI Outputs generated using the Solutions before any dissemination, publication, use or decision-making;
• Not to use the Solutions, and in particular the AI Features, to produce or disseminate content that is illicit, misleading, defamatory, discriminatory or infringes the rights of third parties;
• Inform its Users, Beneficiaries and, where applicable, the persons concerned, of the use of AI Functionalities when such information is required by Applicable Regulations.

When the Platform is made available to employees of the Customer or members of its network (the Beneficiaries), the Customer is responsible for compliance with the GCS and GCU by all such Users. The Customer guarantees DIGITALEO against any breach, non-conforming use or damage resulting from their acts or omissions. The Customer remains solely responsible for any use made of its Accounts or access authorizations, whether by itself or by a third party acting on its behalf.

Each User has personal and confidential Identifiers, strictly reserved for individual use.

The customer is solely responsible for managing Accounts and revoking access, especially in the event of an employee leaving the company, a change of role, etc.

DIGITALEO implements reasonable technical and organizational measures to ensure :

• Security of access to the Platform and Modules;
• Protection against unauthorized access ;
• Security Incident Detection ;
• Connection logging.

To this end, DIGITALEO provides the Customer with a double authentication mechanism designed to reinforce the security of connections to the Platform. The Customer undertakes to activate and maintain double authentication for all Users accessing the Platform, and in any event for Administrator Accounts or Accounts with extended rights.

The Customer remains solely responsible for :

• The effective deployment of dual authentication among its Users;
• Parameterization and maintenance in operational conditions;
• More generally, of the internal access management policy it applies.

Should the Customer fail to comply with this obligation, DIGITALEO cannot be held responsible for the consequences of unauthorized access, intrusion, loss or alteration of Data. DIGITALEO further reserves the right to suspend or restrict access to any Account that does not comply with this security requirement, until such time as the situation has been rectified.

Evolution of Solutions.

DIGITALEO reserves the right to develop the Platform and Modules, both functionally and technically, in particular to improve them, adapt them to regulatory or technological developments, or ensure their security. Such changes may involve minor modifications to ergonomics or functionality, without altering the essential performance of the Solutions. The customer will be informed in advance within a reasonable time of any major changes or the removal of a substantial function.

Specific developments.

Solutions are provided as part of a standardized SaaS model.
DIGITALEO is not obliged to carry out any specific development, particular adaptation or customized evolution at the Customer’s request, unless expressly agreed in writing by the Parties, formalized by a separate quotation or amendment specifying the scope, deadlines and applicable financial conditions. In the absence of such an agreement, the Customer acknowledges that individual requests for development or customization cannot be invoked against DIGITALEO nor, in the event of refusal, constitute a breach of contract.

DIGITALEO may temporarily suspend access to the Platform:

• For scheduled maintenance operations (as defined in the Service Level Agreements) ;
• In the event of an immediate risk to the security of Solutions and Data ;
• In the event of manifestly improper use by the Customer and/or its Beneficiaries and Users ;
• In the event of persistent non-payment.

Suspension is limited to what is strictly necessary and is communicated to the customer as soon as possible.

The Platform provides access to and use of the Modules, a list and description of which appear in the Documentation and/or in the Special Conditions or Order Form. Access to Modules depends on the Subscription taken out by the Customer, and may vary according to the rights assigned to Users, including Beneficiaries.

Module activation takes place :

• At the time of initial subscription ;
• Or subsequently, at the Customer’s request and after acceptance of an additional quotation or Commercial Proposal;
• Or as part of a change of Subscription.

DIGITALEO undertakes to activate the Module within a reasonable time after validation of the order.

Each Module has its own functional scope as defined in the Documentation and, where applicable, in the relevant technical appendices.

The Customer acknowledges that :

• Use of the Modules may be subject to technical or operational limitations linked in particular to the Platform’s capacities, to interconnected third-party services, to authorizations or access provided by the Customer or its Beneficiaries, and to the quality, accuracy or completeness of the Data and Content it provides;
• Some Modules require the provision by the Customer of external information, Content or access (in particular Google Business accounts, Facebook pages, APIs, etc.), the availability, accuracy and updating of which the Customer guarantees;
• Some Modules may integrate functionalities based on an AI System. In this context, the analyses, suggestions, recommendations or content generated by these functionalities (the “AI Outputs”) are provided for assistance only and may vary according to the Data used, the context or the parameters of use. The Customer remains solely responsible for verifying and validating the AI Outputs prior to any use, distribution or decision-making;
• Regulatory constraints (notably on digital advertising, personal data protection, customer feedback management or the use of AI systems) may also limit the functionalities available.

These limitations shall not constitute a breach by DIGITALEO.

Some Modules rely on the use or synchronization of Data from third-party services, including Google, Meta (Facebook/Instagram), Apple, Waze, LinkedIn, review platforms, Print providers or partner messaging solutions.

The Customer acknowledges that :

• The operation or availability of such third party services is beyond the control and responsibility of DIGITALEO ;
• The policies, functionalities, APIs, rates or conditions of these services may change or be suspended at the sole initiative of the Supplier;
• Such changes may affect the operation of the corresponding Modules, without DIGITALEO being held liable.

The customer is solely responsible for complying with the conditions of use of third-party services and for providing the required access.

In the event of modification, failure, access restriction or interruption of a third-party service affecting a Module :

• DIGITALEO will inform the Customer within a reasonable period of time;
• The Module may be temporarily suspended or its scope modified;
• DIGITALEO shall not be held liable, indemnified or penalized for this situation.

DIGITALEO will do its best to propose, where possible, an alternative solution or an adaptation of the Module.

DIGITALEO provides the Customer with a Customer Success Support service. This service is provided by a dedicated team, and includes a Project Manager for each customer.

Customer Success Support Services are designed to facilitate and optimize use of the Platform. They are included in the cost of the Subscription and notably cover :

• Onboarding and familiarization with the Platform and ordered Modules;
• Functional support for use of the Platform ;
• Usage monitoring, enabling DIGITALEO to identify and notify the Customer of relevant actions to optimise use;
• Management of actions and recommendations, without any obligation on DIGITALEO to implement them.

Practical details (contact times and channels, response times, scope of support, any limitations, exclusions) are described in the Service Levels.

DIGITALEO hosts the Customer’s Solutions and Data on a secure infrastructure, adapted to the provision of services. Hosting is carried out in data centers located within the European Union. DIGITALEO may freely change the hosting provider, provided that this change does not lead to a deterioration in Service Levels. The technical characteristics of the hosting infrastructure and the applicable security measures are specified in the Documentation.

DIGITALEO implements regular backup procedures for hosted Data, designed to enable restoration in the event of a Security Incident. The frequency of backups, the technical methods of conservation and the conditions of restoration are specified in the Service Levels or in any specific document communicated to the Customer. It is the customer’s responsibility to assess whether the proposed backup policy is adapted to his needs and to the criticality of his Data. Any request for specific adaptation may give rise to separate financial conditions.

DIGITALEO may provide, independently of the Platform, Agency Services. These services are carried out at the Customer’s request and on the basis of a Purchase Order or Special Conditions, which determine the scope, conditions of execution, deliverables, deadlines and rates.

Agency Services may include, but are not limited to:

• An integrated creative studio, responsible for producing or adapting graphic content, visuals and marketing materials;
• Strategic support to design, plan or manage advertising campaigns. In such cases, the Agency Service is also subject to the provisions of articles 34 to 40 of the GCS;
• Dedicated consultants for training, consulting, support, content and campaign production.

The terms and conditions of Agency Services are defined in the Purchase Order or Special Conditions and may specify :

• Description of deliverables,
• Expected media and formats,
• Provisional deadlines,
• The number of round trips included in the price,
• Requirements and elements to be supplied by the customer (brief, graphic charter, access, content, etc.).

Any request exceeding the agreed scope or involving additional services will be subject to an additional quotation.

Deliverables submitted for validation are deemed to have been accepted as soon as they have been expressly validated by the Customer, or in the absence of a written return within five (5) Working Days of their being made available. Any modification requested after validation may be invoiced separately.

The Customer undertakes to :

• Provide all information, elements, Content and authorizations necessary for the execution of the Agency Services,
• Appoint a Project Manager,
• Validate transmitted elements within agreed deadlines.

Any delay or failure on the part of the Customer to cooperate may result in a shift in the schedule, without any liability on the part of DIGITALEO.

Within the framework of the Agency Services, DIGITALEO may, in the name and on behalf of the Customer, purchase advertising space from advertising agencies or sellers of advertising space (hereinafter the “Media”).

In accordance with the provisions of the Sapin Law, these purchases can only be made within the framework of a written agency contract, with DIGITALEO acting exclusively as agent for the Customer, the advertiser.

The Customer expressly authorizes DIGITALEO to :

• Negotiate and purchase advertising space from Media ;
• Transmit advertising orders validated by the customer;
• Follow up on releases in accordance with validated orders;
• Gather and transmit to the customer all information relating to the conditions of acquisition of space.

Any written instruction or validation issued by the Customer to purchase one or more advertising spaces from a given Media, for a given amount, period, format and conditions, constitutes a firm commitment on the part of the Customer within the meaning of the Sapin Law.

is prohibited from receiving, directly or indirectly, any remuneration, advantage or benefit of any kind whatsoever from the Supports, in accordance with articles 20 to 22 of the Sapin Law.

In accordance with Article 24 of the Sapin Law, DIGITALEO declares that it has no financial links with sellers of advertising space or their agencies, and undertakes to inform the Customer of any change in this situation.

DIGITALEO’s remuneration for its mandate is paid exclusively by the Customer, in accordance with the terms and conditions set out in the Purchase Order or the Special Conditions.

DIGITALEO undertakes to inform the Customer of all information available to it concerning the conditions of purchase of advertising space, including in particular: (i) the actual price of the space purchased, (ii) the identity of the Media concerned, (iii) the volumes, formats and periods of distribution, as well as (iv) the existence of any discount, rebate or tariff advantage granted by the Media.

In accordance with the provisions of the Sapin Law, advertising space purchases made by DIGITALEO as an agent are made exclusively in the name and on behalf of the Customer, the advertiser.

Payment of the Media by the Customer.

Under a “non-paying” mandate:
DIGITALEO manages, optimizes and monitors advertising campaigns on behalf of the Customer;
Payment for advertising space purchases is made directly by the Customer, using his own means of payment connected to the advertising account concerned;
The Customer is invoiced directly by the Media;
DIGITALEO acts exclusively as a management agent and does not advance any media costs.

Payment of the Supports by DIGITALEO.

As part of a “payer” mandate:
DIGITALEO pays for the purchase of advertising space using its own means of payment;
To this end, the Customer provides DIGITALEO with all the information, identifiers and authorizations required by the Media (in particular billing identifiers, access to advertising or Business Manager accounts);
Invoices issued by the Media are drawn up and sent in the Customer’s name, in accordance with the Sapin Law, even when payment is made via DIGITALEO ;
DIGITALEO will invoice the Customer for the exact amount of media purchases paid, in accordance with the terms and conditions set out in the Purchase Order or the Special Conditions.

Principal debtor.

Regardless of the configuration chosen, the Customer acknowledges that it remains, in its capacity as advertiser, the principal debtor of the sums due to the Media. The Customer guarantees DIGITALEO against any claim, action or recourse by the Media relating to the payment of space purchases made in its name and on its behalf.

DIGITALEO provides the Customer with a monthly written report including in particular :

• Spaces actually broadcast,
• The amounts committed to each Support,
• Proof of distribution provided by the Media,
• The corresponding invoices (including any rebates granted by the Supports).

DIGITALEO may entrust all or part of the material execution of the mandate to a sub-agent acting in the name and on behalf of the Customer, under its exclusive responsibility. DIGITALEO remains solely responsible to the Customer for the proper execution of the mandate, and assumes the remuneration of the sub-agent, with no consequences for the Customer.

In return for the execution of the advertising space purchase mandate, DIGITALEO receives remuneration paid exclusively by the Customer, in accordance with the provisions of the Sapin Law. This remuneration is fixed as a percentage of the amount, excluding taxes, of the media budget effectively invested in the name and on behalf of the Customer, as specified in the Order or the Special Conditions. DIGITALEO’s remuneration is distinct from the amounts corresponding to the purchase of advertising space, which are invoiced separately and remain the sole responsibility of the Customer.

Some Modules may integrate or rely on one or more AI Systems, allowing in particular to generate, analyze, suggest, optimize or assist in the creation of content, recommendations, responses or analyses when using the Solutions. These Functionalities are either developed by DIGITALEO or integrate technologies, models or services designed by Suppliers. In both cases, DIGITALEO is considered, within the meaning of the Applicable Regulations (IA ACT), as the “supplier” of the AIS. The functionalities based on an AI System are described in the Documentation or in the information media made available to the Customer. Their functional scope may evolve under the conditions set out in the GTS.
In this context, DIGITALEO undertakes to implement reasonable measures to ensure that the AI Systems integrated into the Solutions provide results consistent with the documented purposes.

Functionalities based on an AI System and AI Outputs are provided for assistance and decision support.

The Customer acknowledges that the modalities of human intervention depend on the functionality in question and the parameter settings selected:

• Some AI Functionalities, such as internal conversational interfaces, are designed solely to assist the User in thinking, writing or analyzing, without automatically executing any action;
• Some AI Features may give rise to occasional suggestions, the execution of which is subject to the User’s express action or validation;
• Other functions can be activated in automated mode by the customer, according to rules, authorizations and parameters that he defines under his own responsibility.

The Customer remains solely responsible for :

• Whether or not to activate the proposed automations;
• The settings, governance rules and authorizations it defines;
• As well as checking, monitoring and, if necessary, suspending or modifying activated automations.

In any event, DIGITALEO recommends that the Customer verify the consistency, relevance and, where applicable, conformity of the AI Outputs before any distribution, publication, transmission to a third party or use in a decision-making process, in particular when these are likely to produce significant effects on third parties or on the Customer’s image.

The Customer acknowledges that AI Outputs may, due to the probabilistic nature of AI Systems :

• Be inaccurate, incomplete, biased, out of context or obsolete;
• Vary according to the Data used, the parameters of use, the rules defined by the Customer or the evolution of the underlying technologies.

DIGITALEO does not guarantee the accuracy, relevance or completeness of the AI Outputs.

The quality of AI Outputs depends on :

• Data and Content provided by the Customer or its Users;
• Customer-defined instructions, authorizations, preferences and settings;
• Context of use ;
• The technologies and technical services used.

AI Outputs should not be construed as professional, legal, financial, strategic or decision-making advice.

Certain functionalities based on an AI System may depend on technologies, infrastructures, models or services operated by Suppliers. The Customer acknowledges that the availability, performance, response time or evolution of these services may be affected by factors beyond the control of DIGITALEO. Consequently, limitations, temporary interruptions, service degradations, errors or functional evolutions may affect all or part of the IA Functionalities. DIGITALEO reserves the right to modify, suspend, restrict or withdraw certain functionalities based on an AI System, in particular for technical, security, contractual or regulatory reasons.

The use of certain AI Functionalities based on an AI System may involve the transmission or processing of Data or Content provided by the Customer or its Users. The Customer undertakes not to submit to the AI System any Data or Content that is unlawful, infringes the rights of third parties, or for which it does not have the necessary rights, authorizations or legal basis.

The Customer remains solely responsible for the legality, accuracy, relevance and compliance of the Data and Content it submits to the AI System.

DIGITALEO informs the Customer, by any appropriate means, when certain AI Functionalities are based on artificial intelligence and when the User interacts with a conversational interface or receives content generated, suggested or optimized by an AI System.

However, the Customer acknowledges that it is its responsibility, when using the Solutions to distribute or publish generated, suggested or automated content intended for third parties, to ensure compliance with any legal or regulatory information obligations that may apply to such distribution.

Option 1: Opt-In

DIGITALEO may evolve, improve or adapt the functionalities based on an AI System as part of the continuous improvement of the Solutions. Unless expressly agreed by the Customer, the Data, Content and instructions provided by the Customer are not used by DIGITALEO to train, re-train or improve the underlying artificial intelligence models. When DIGITALEO proposes to the Customer to participate in the improvement of the AI Functionalities by using its Data or Contents for the purpose of training, re-training or improving the models, this participation is subject to the prior and express agreement of the Customer. The Customer may withdraw this agreement at any time, in accordance with the terms and conditions communicated by DIGITALEO.

Option 2: opt-out

DIGITALEO may evolve, improve or adapt the functionalities based on an AI System as part of the continuous improvement of the Solutions. Unless the Customer objects under the conditions set out below, DIGITALEO may use the Data, Content and instructions provided by the Customer for the purposes of improving, training or retraining AI Functionalities, subject to compliance with the applicable contractual undertakings, in particular with regard to confidentiality, data protection and security.

The Customer may oppose such use at any time by notifying DIGITALEO in writing or by activating the opposition mechanism available to him, where this exists. The Customer’s objection takes effect within a reasonable period of time from its receipt and does not affect the lawfulness of processing already carried out prior to this date.

Principles.

The Customer undertakes to pay the amounts stipulated in the applicable Purchase Order or Special Conditions. Any contractual period subscribed to is firm, and the amounts due for this period are irrevocable, unless otherwise expressly stipulated herein. Unless otherwise specified, prices are exclusive of tax, firm and final, without prejudice to the application of the price revision clause provided for in article 51.

Additional service.

Any additional order, extension of scope or complementary service is invoiced on the basis of the rates in force on the day the order is placed.

Price availability.

DIGITALEO’s rates are available to the Customer, who may request them at any time. Certain services or functionalities (e.g.: specific consumption) may be subject to rates which are not detailed in the Order Form or the Special Conditions. In such cases, the applicable rates are clearly and unambiguously displayed on the Platform, and are subject to express double validation by the Customer prior to any additional invoicing. The Customer may at any time request the deactivation of these functionalities for his Users.

Specific pricing conditions.

When specific pricing conditions are granted to the Customer by virtue of its membership of a group expressly identified in the Purchase Order or Special Conditions, the loss of this status automatically calls into question the said conditions. The new applicable pricing conditions will then be renegotiated between the Parties.

Subscriptions.

For Subscriptions, a monthly invoice is issued, including :

• Subscription to expire ;
• Past month’s consumption, if any.

Invoicing commences from the date on which the Identifiers or authentication keys enabling access to the Modules ordered are made available, unless a specific deadline has been agreed in the Order Form or Special Conditions. Long SMS messages (over 160 characters) are invoiced for each additional 153 characters, according to the terms specified on the Platform.

Services.

Services are invoiced on completion. For any order for Services in excess of 200 euros excluding VAT, DIGITALEO reserves the right to request a deposit at the time of order, the amount and terms of which are defined in the Order Form and/or the Special Conditions.

Paid advertising campaigns.

In addition to the provisions of article 37 of the GCS, DIGITALEO issues a specific invoice for paid advertising campaigns as soon as prepayment by bank card or SEPA direct debit has been validated. Campaigns are activated within a maximum of seven (7) days from the effective validation of payment.

Payment terms.

Unless otherwise specified :

• Subscription invoices are payable within fifteen (15) days of their date
  of issue;
• Invoices for Services are payable in cash on receipt.

Payment by direct debit.

Payments are made without discount, by SEPA direct debit. To this end, upon conclusion of the Contract, the Customer shall provide DIGITALEO with a duly signed SEPA direct debit mandate, accompanied by a bank statement.
The Customer undertakes to keep his account sufficiently funded on the date of debit. DIGITALEO must be notified in writing of any change in bank details or SEPA mandate within a maximum of three (3) days of receipt of the invoice concerned. In the event of revocation of the SEPA mandate without the implementation of a new means of payment accepted by DIGITALEO, the latter reserves the right to suspend the execution of its own obligations, under the conditions mentioned in article 66 of the GCS.

In the event of late payment, for whatever reason :

• The sums due by the Customer shall automatically bear, from the due date and without prior notice, default interest calculated daily at the rate of three (3) times the legal interest rate.
• The Customer shall pay DIGITALEO a fixed indemnity of forty (40) euros for collection costs in accordance with Articles L 441-10 and D 441-5 of the French Commercial Code.

DIGITALEO reserves the right to suspend access to the Solutions under the conditions set out in article 66, until full payment of the sums due by the Customer.

DIGITALEO reserves the right to revise the Subscription price annually. The Customer will be informed by any written means at least one (1) month before the new prices come into effect. The new rates apply automatically from their effective date, unless the Customer expressly refuses by registered letter with acknowledgement of receipt before this date. In this case, the Customer may terminate the Contract under the conditions set out in article 8, with termination taking effect, notwithstanding the said article 8, on the day before the new rates take effect. In the event of modification of the services offered, their scope or their conditions of execution, DIGITALEO also reserves the right to revise its rates under the conditions set out in article 52.

Independently of the annual review, DIGITALEO reserves the right to change prices in the event of substantial changes to services, in particular in the event of :

• Significant functional enhancements ;
• Changing the business model;
• Regulatory or legal developments ;
• Change of suppliers or subcontractors.

In this case, the Customer is informed of the nature of the change and the new applicable tariff three (3) months prior to the application of the new tariffs. The Customer may either terminate the Contract, or accept the new tariff conditions by paying the first invoice issued in accordance with these new conditions.

Without prejudice to the provisions of articles 51 and 52 by express agreement, if a change of circumstances

unforeseeable at the time of conclusion of the Contract, makes performance of the Contract excessively onerous for one Party, that Party may ask the other Party, by registered letter, to renegotiate the Contract, clearly and precisely stating the reasons.

Such renegotiation will relate solely to the commercial terms of the Contract, and the Parties hereby waive their right to seek judicial review of the Contract. The Parties are then required to meet and negotiate in good faith the conditions for a return to the initial economic equilibrium of the Contract, without however suspending the Parties’ obligations in this respect. Should the Parties reach an agreement, this will be set out in a written amendment to the Contract, signed by both Parties. In the absence of agreement within three (3) months of receipt of the request for renegotiation, either Party may, without formalities and subject to a further three (3) months’ notice served by registered letter, terminate the Contract.

The Platform, the Modules, their architectures, interfaces, functionalities, algorithms, databases, documentation, as well as all the elements of which they are composed (in particular software, codes, designs, tree structures, trademarks, logos and distinctive signs) are and remain the exclusive property of DIGITALEO or its licensors. The Contract does not entail any transfer of intellectual property rights to the Customer, with the exception of the right of use strictly necessary for access to and use of the Platform in accordance with these GTC.

Data – Content.

The Customer remains the sole owner of the intellectual property rights pertaining to the Content, Data, information, graphic elements, texts, images, videos, files or documents that it imports, hosts, distributes or exploits by means of the Platform or within the framework of the Agency Services. The Customer guarantees that it has all the rights and authorizations necessary for the use of the Content and guarantees DIGITALEO against any third party claim in this respect.

AI outputs.

AI Outputs are deemed to constitute Customer Content/Data as soon as they are made available to the Customer. This stipulation does not imply any transfer to the Customer of the rights of DIGITALEO (or its licensors) to the Solutions, its models, methods, parameterizations, software, databases and Documentation.

The Customer grants DIGITALEO, for the duration of the Agreement, a non-exclusive, non-transferable, worldwide and free license to the Customer’s Content and Data, including AI Outputs, strictly limited to the needs of the performance of the Agreement and the provision of the Solutions, including:
(i) hosting, storage and backup, (ii) processing, extracting, structuring, making available the Customer’s Content via the Platform and analysis, including via Suppliers, (iii) performance of the Services ordered (including distribution, publication, customization, duplication, technical adaptation), as well as (iv) support, maintenance, security and incident prevention.

DIGITALEO undertakes not to use the Content, Customer Data and AI Outputs for any purpose other than that provided for in the Contract, and in particular not to resell or transfer them to third parties, with the exception of recourse to Suppliers strictly necessary for the execution of the Contract.

The use of Content, Customer Data and/or AI Outputs for the purposes of continuous improvement of Solutions and AI Functionalities is governed by article 46 of the GCS “Continuous improvement of AI Functionalities – opt-in for training”, which stipulates in particular that any use for the purposes of training or evaluation of an AI model shall only be carried out with the express agreement of the Customer, embodied in the Purchase Order.

Templates, models, graphic libraries, design elements, methodologies, tools, templates, scripts, generic creations or assets made available by DIGITALEO as part of the provision of the Platform or Agency Services remain the exclusive property of DIGITALEO, unless expressly stipulated otherwise. The Customer benefits from a non-exclusive right of use, limited to its own needs, for the duration of the Contract, to the exclusion of any autonomous re-use, transfer, resale or provision to third parties. Any transfer of specific rights to creations made within the framework of Agency Services must be expressly stipulated in the Order Form or in the Special Conditions.

DIGITALEO retains full ownership of its know-how, its methods, its tools, its previous creations and any improvements or developments made independently or during the performance of the Contract, including when these result from feedback or suggestions from the Customer.

Each of the Parties is responsible for its own obligations under the Applicable Regulations.
It should be noted that DIGITALEO, in its capacity as Data Controller and for the purposes of managing its commercial relations with the Customer, processes the Personal Data of data subjects directly linked to the Customer – for example, its representatives and/or employees (including Beneficiaries and Users).

More specifically, DIGITALEO uses the Personal Data of the Customer (including its employees and/or representatives) and of Users for the following purposes in particular:

• Manage and secure access to Solutions ;
• Respond to requests for contact, assistance or information on the Solutions sent by the Customer;
• Managing the conclusion of the Contract ;
• Prospect the customer and manage an opposition list;
• Manage customer complaints;
• Manage requests to exercise your rights;
• Manage and measure customer satisfaction.

The Customer is informed that the persons concerned have various rights over their Personal Data – in particular rights of access, rectification and opposition, which they may exercise by contacting DIGITALEO at dpo@digitaleo.com.

For further information, the Customer and/or the persons concerned by the processing may consult DIGITALEO’s Policy on the use of Personal Data.

The Customer guarantees DIGITALEO that it has communicated the above information to the persons concerned by the processing and that they have effectively taken note of it.

For the purposes of the Contract, DIGITALEO may process, as a Subcontractor, in the name and on behalf of the Customer, the Data Controller, Personal Data within the meaning of the Applicable Regulations. Accordingly, the Customer authorizes DIGITALEO, for the duration of the Contract and for the sole purpose of performing the Services and/or Prestations, to access (including remotely) and/or process the Personal Data contained in the Customer’s environment. In this context, the Parties apply the provisions set out in the Personal Data subcontracting agreement available in Appendix 2.

Each Party undertakes to guarantee the strict confidentiality of all Content, information and Data received from the other Party or to which it may have had access thanks to the latter during negotiations or during the performance of the Contract, whatever their form, medium or mode of transmission, (“Confidential Information”).

Within this framework, each Party undertakes to :

• Use the Confidential Information solely for the performance of the Contract;
• Not to copy or incorporate the Confidential Information into its own records or databases, except to the extent necessary for the performance of the Contract;
• To transmit Confidential Information only to its employees (and assimilated), subcontractors, advisors, lawyers or experts who need to know it, on the express condition that they are bound by a legal or contractual obligation of confidentiality;
• Take all necessary measures to preserve the security of Confidential Information, and in particular to prevent it from being subject to unauthorized access or from being disclosed, damaged, lost or destroyed, whether unlawfully or accidentally;
• Immediately inform the other Party of any breach of confidentiality obligations, and provide any assistance to minimize the effects of such breach.

By way of exception, the Party disclosing Confidential Information shall not be guilty of any breach: (i) if the disclosure is required under applicable laws and regulations or (ii) if it is acting on an injunction from a court or an administrative or supervisory authority. It will, however, inform the Holding Party in advance.

Finally, the following information does not constitute Confidential Information and is therefore not subject to this clause:

• Publicly available, through no fault of any kind and without any breach of confidentiality on the part of any Party;
• Received by a Party from a third party free to dispose of them in a lawful manner;
• Developed independently and in good faith by the Party concerned, independently of any access to the Confidential Information of the other Party;
• Expressly mentioned, in writing, as non-confidential by the Holding Party.

The Parties are bound by this clause for the entire duration of the Contract plus five (5) years.

Principle.

DIGITALEO may only be held liable if it is established that the damage claimed results from its personal act, and that there is a direct and certain causal link between the fault attributed to it and the damage suffered by the Customer. DIGITALEO is bound by an obligation of means in the execution of the Contract.

It shall not be held liable in particular in the event of :

• Use of the Solutions that does not comply with the Contract, the Documentation or DIGITALEO’s recommendations;
• Customer’s breach of contract ;
• Acts, omissions or negligence attributable to the Customer, its Users, its Beneficiaries or any third party;
• Use of functionalities based on an AI System contrary to their purpose, their documentation or the recommendations of DIGITALEO;
• The absence of verification, validation or supervision by the Customer of AI Outputs, particularly when these are used in an automated context or distributed to third parties;
• Settings, rules, authorizations or automations defined and activated by the Customer as part of the AI Functionalities.

The liability of DIGITALEO constitutes a global liability, applicable regardless of the number of subsidiaries, Beneficiaries, entities or members of the Customer’s network affected by the damage. In the event that one or more subsidiaries, Beneficiaries, entities or members of the Customer’s network are affected by an event attributable to DIGITALEO, the Customer undertakes that they will renounce any direct action against DIGITALEO, and guarantees the latter against any claim, action or recourse that may be brought in this respect.

Exclusion of consequential damages.

In no event shall DIGITALEO be liable for any indirect or unforeseeable damages of the Customer, including but not limited to lost profits, loss, inaccuracy and/or corruption of files or Data, commercial loss, loss of sales or profits, loss of customers, loss of opportunity, cost of recovering Data, obtaining a substitute product, service or technology, damage to image or any other moral prejudice.

Specific exclusions of liability.

DIGITALEO shall not be held liable for :

• The operation, decisions, developments or interruptions of third-party services (in particular platforms, advertising agencies, social networks, telecom operators, hosts, partners or suppliers);
• Suspension, restriction or closure of the Customer’s accounts by third-party platforms or agencies;
• The performance or results of marketing, advertising or sales actions carried out for the Customer (audience, visibility, conversion, ROI, referencing, reputation);
• The conformity, legality or accuracy of the Content, Data or instructions provided by the Customer;
• Strategic, budgetary or operational choices made by the customer, particularly in terms of advertising investment;
• The nature, content, accuracy, relevance or reliability of the AI Outputs generated in connection with the AI Features;
• Decisions, actions, publications or automations implemented by the Customer on the basis of AI Outputs, whether they have been validated manually or executed automatically according to the settings defined by the Customer;
• Biases, errors, hallucinations, omissions or limitations inherent in artificial intelligence technologies, including those based on third-party services.

Repairing.

Subject to the provisions of public order, the total liability of DIGITALEO, all causes combined, is limited to the amount (excluding taxes) actually paid by the Customer for the services and/or Prestations concerned during the last twelve (12) months preceding the occurrence of the event giving rise to the damage.

This ceiling applies per claim and per contract year.

This limitation does not apply in the event of :

• Gross negligence or intentional misconduct on the part of the Service Provider,
• Bodily injury,
• Or when the applicable law prohibits such a limitation.

Risk distribution.

This clause has been concluded and accepted taking into account the distribution of risks between the Parties, the price, the conditions and the economic balance desired by the Parties.

The Parties acknowledge that the Contract would not have been concluded under these conditions without the agreed limitations of liability.

It is expressly agreed that any liability action against DIGITALEO under the terms of the Contract is time-barred one (1) year after the event giving rise to it.

As a matter of principle, the Parties shall under no circumstances be held liable, and no compensation may be claimed from them, for any failure or delay in the performance of any of their obligations under the Contract, due to the occurrence of an event of force majeure.

Force majeure may only be considered to be an event: 1) beyond the control of the Party invoking it; 2) which could not reasonably have been foreseen when the Contract came into force; 3) the effects of which cannot be avoided by appropriate measures; 4) which prevents the Party invoking it from fulfilling its obligation. These conditions are cumulative.

When a Party becomes aware of the event, it shall inform the other Party, by written notification, as soon as possible and at the latest within ten (10) calendar days of the occurrence of the case of force majeure preventing it from performing its obligations.

Obligations whose performance is rendered impossible by the occurrence of a case of force majeure will be suspended for the duration of this event.

The Contract may, however, be terminated by registered letter with acknowledgement of receipt 1) if the duration of the event exceeds two (2) months; or 2) if the event results in a delay that renders the execution of the Services and/or the Provisions incompatible with their purpose; or 3) if the event definitively prevents the execution of the Services and/or the Provisions.

In any event, the Party invoking force majeure undertakes to take all measures to limit the prejudicial consequences of this event for the other Party.

Each of the Parties declares that it is insured, in particular for professional civil liability, with a company known to be solvent, and undertakes to keep all insurance policies up to date, to cover all damage caused to the other Party or to any third party and consecutive to the performance or non-performance of the Contract.

In the event that the Customer fails to pay the price within the agreed timeframe, DIGITALEO will suspend access to the Solutions and/or performance of the Services, after a period of seven (7) days following receipt by the Customer of an unsuccessful formal notice, and for a maximum period of two (2) months.
Thus, during this period, the Users/Beneficiaries’ access to the Solutions and the Services will be suspended. After the aforementioned period of two (2) months, if the failure persists, the Contract will be terminated to the detriment of the Customer, all without prejudice to any damages to which DIGITALEO may be entitled. The resumption of services will only take effect once the Customer’s debt has been settled, in principal, costs and interest, including the instalments accrued during the period of suspension, which will remain due.

In the absence of default by either of the Parties, the Contract may be terminated on its expiry date or cancelled under the conditions set out in article 8 of the GCS.

For the duration of the notice period, the Contract continues under the conditions in force at the date of notification of termination. As such, the Solutions continue to be supplied, the Agency Services performed and invoiced in accordance with the applicable contractual stipulations.

In the case of Agency Services, the Parties agree that, during the notice period, the monthly amount invoiced to the Customer may not be less than the monthly average of the amounts, exclusive of tax, invoiced by DIGITALEO for the said Services during the last three (3) months prior to notification of termination. This average is calculated excluding media expenses and sums rebilled as disbursements. This minimum monthly billing applies irrespective of the actual level of use of the Agency Services by the Customer during the notice period.

In the event of a breach by one of the Parties of any of its obligations under the Contract, the Party suffering the breach may give formal notice to the other Party, by registered letter with acknowledgement of receipt, to remedy the breach within a maximum period of thirty (30) days.

In particular, the Customer, its Users and/or Beneficiaries shall be deemed to be in breach if they :

• Don’t pay the price;
• Not respecting the intellectual property rights of DIGITALEO or third parties;
• Make unlawful use of the Solutions or use that does not comply with the TOU and TOS.

If necessary, DIGITALEO may also suspend access to the Solutions and/or the performance of the Services, under the conditions mentioned in article 66.

The formal notice must expressly state that if the debtor fails to meet its obligation, the creditor is entitled to terminate the Contract.

If, at the end of this period, the breach has not been remedied, the Party which has suffered the breach may terminate the Contract by registered letter with acknowledgement of receipt, without prejudice to any damages to which it may be entitled. In this case, termination will take effect on the date of receipt by the debtor of notification of termination by the creditor Party.

On expiry of the Contract, or following its termination for any reason whatsoever, each Party shall return to the other, at its own expense and within one week, all media or documentation transmitted in the performance of the Contract.

In the event of termination for any reason whatsoever, each Party shall remain obliged to fulfil its contractual obligations until the effective date of termination, without prejudice to any damages that the complaining Party may obtain as a result of the non-performance by the defaulting Party of its obligations under the Contract.

Principle.

On expiry or termination of the Contract, for whatever reason, the Customer benefits from a right of Reversibility designed to enable him to recover all his Data.

Implementation procedures.

The request for Reversibility must be made in writing by the Customer within thirty (30) days of the expiry or termination date of the Contract.

Time limit.

The overall timeframe for Reversibility operations is mutually agreed between the Parties, particularly in view of the volume of Data.
In the absence of a specific agreement, the Parties will use their best efforts to ensure that the total duration of the operations does not exceed two (2) months. During Reversibility, DIGITALEO will maintain the availability of the Data required for the operations, under the conditions set out in the Contract.

However, when Reversibility consists of a simple standard export of the Data, this is carried out within a reasonable time of the Customer’s request.

Cost.

The Customer alone bears the entire cost of Reversibility operations. By exception, when Reversibility is limited to the provision of a standard Data export as proposed by the Platform, this operation is carried out at no cost to the Customer. The implementation of Reversibility does not exempt the Customer from payment of the Services and Subscriptions due under the Contract, which remain payable until full completion of Reversibility.

Prior to the start of operations, DIGITALEO sends the Customer a commercial proposal detailing the operations to be carried out, any equipment required and the associated costs. Operations will only begin once the Customer has accepted the commercial proposal in writing. This paragraph does not apply to standard reversibility by export, which does not require any specific service.

The Customer acknowledges that the execution of Reversibility depends, where applicable, on the diligence of third parties involved by the Customer (publishers, service providers, contractors, etc.).

DIGITALEO cannot be held responsible for any delay, difficulty or poor execution of operations when these result from the behaviour, unavailability or lack of cooperation of this third party, or of the services to which the Customer must subscribe.

Data restitution.

DIGITALEO provides the Customer with all Data and metadata, in an open, structured, commonly used and interoperable format (e.g. CSV, XML, JSON or other equivalent format), allowing their reuse by the Customer or any mandated third party. When Reversibility is carried out in the form of a standard export, the Data is supplied in the formats proposed by the Platform, which the Customer acknowledges as suitable for reasonable re-use.

DIGITALEO will provide, at the Customer’s request, the minimum technical documentation necessary to understand the format and to reintegrate the Data.
DIGITALEO undertakes to cooperate in good faith in order to allow an effective and secure migration.

Any additional assistance Services (audit of the information system and Data, in-depth analysis of the Customer’s needs, provision of personalized advice on the migration project, planning and management of the migration project, etc.) will be invoiced separately. Reversibility is deemed to be compliant and completed on the date of express or tacit validation by the Customer of the correct return of the Data.

Data deletion.

When Reversibility has been implemented, DIGITALEO deletes all Customer Data within a maximum of thirty (30) days following express or tacit validation of the successful completion of Reversibility. If the Customer does not wish to benefit from Reversibility, the Data will be deleted within a maximum of sixty (60) days after expiry of the Services concerned.

Where other commercial offers and/or Contracts remain in force, DIGITALEO is authorized to keep the Data necessary for the continuation of these Services until the end of all the Services, or for the time necessary in the event of litigation or to satisfy a legal obligation.

Each Party agrees not to solicit, hire, engage or otherwise retain the services, directly or indirectly, of any employee of the other Party. This undertaking is valid for the duration of the Contract and for a period of one (1) year following its termination. Failing this, the defaulting Party shall immediately pay the other Party a sum equivalent to one (1) year’s gross remuneration of the employee concerned, by way of penalty.

For the purposes of the Contract, a former employee whose employment contract with a Party has been terminated for more than one (1) year, for any reason whatsoever, shall not be considered an employee and his or her hiring shall therefore not give rise to the application of the above-mentioned penalty clause.

Each Party acts in its own name and on its own behalf under the Contract. The Contract is devoid of any affectio societatis and, as such, will have no effect on the independence of each Party with regard to the exercise of its business and the pursuit of its corporate purpose, each Party continuing to exercise its management, rights and obligations independently and to assume its responsibilities.

The Contract may be assigned, in whole or in part, for valuable consideration or free of charge, by one of the Parties, subject to the prior written agreement of the other Party, or in the absence of any objection by the assigned Party after acknowledgement thereof, or by reason of operations prescribed as part of a legal obligation of public order. In the event of an assignment in accordance with the principles set out above, the assigning Party is released for the future. The Customer hereby expressly consents to the fact that DIGITALEO may transfer all or part of the benefit of the Contract to any entity which may take over its rights as a result of a merger, demerger, transfer of assets or similar operation, or to an affiliate.

In any event, DIGITALEO shall communicate all documents to the transferee. In the event of the insolvency of a Party leading to a takeover by a third party, each Party hereby accepts that the Contract will be assigned and transmitted to the purchaser of the Party concerned. In the event that the Customer is taken over, DIGITALEO may, at the request of the purchaser, study the conditions of transfer and the associated pricing conditions. In the event of disagreement, DIGITALEO may continue to perform its obligations under the previously defined conditions, or terminate them.

DIGITALEO reserves the right to subcontract all or part of the services and/or the Services. In this case, DIGITALEO shall communicate to the Customer, in the Documentation, the Order Form and/or the Special Conditions or by any means, including by e-mail, the identity, contact details and the mission(s) entrusted to the subcontractor. DIGITALEO shall remain liable to the Customer for the proper execution of the subcontracted services and/or Performances.

DIGITALEO may use the Customer’s name as a commercial reference on any document or medium for the entire duration of the Contract, plus five (5) years.

The fact that any provision of the GTS is or becomes illegal or unenforceable shall in no way affect the validity or enforceability of the remaining provisions hereof. The Parties shall replace the invalid provisions by means of a rider with new provisions that are legally valid and as close as possible to the intended legal and economic meaning and purpose.

A tolerance on the part of one of the Parties with regard to the application of one or more of the clauses of the GCS may never, regardless of its duration or frequency, be considered as a modification or deletion of these clauses, or as a waiver of the right to invoke them.

The Customer agrees that the information exchanged with DIGITALEO, with a view to the conclusion of the Contract or within the framework of its execution, may be transmitted to him by electronic mail. The Parties agree that proof of their contractual obligations will be provided in the following manner: the signature of the Order Form or the Special Conditions manifests the Customer’s consent and implies acceptance of the Contract. DIGITALEO may use as proof any act, program, data, file, recording, operation and other element of a nature or in a computer or electronic format or medium, established, received or stored directly or indirectly by it, for example in any database.

For the purposes of the present contract, DIGITALEO elects domicile at its registered office, the address of which is given in article 1 of the present contract.

The GCS are written in French. In the event that these GTS are translated into several other language versions, only the French version will be binding.

The GCS are governed by and construed in accordance with French law.

Any dispute or controversy relating to the formation, validity, interpretation or performance of the GTS must be settled amicably between the Parties as a matter of priority.

The Parties thus undertake to find an amicable, concrete, precise and feasible solution in good faith within sixty (60) days of the dispute arising, as notified by registered letter with acknowledgement of receipt sent to the other Party by the most diligent Party.

IN THE EVENT OF A DISPUTE OF ANY NATURE WHATSOEVER, WHERE THE CUSTOMER IS A MERCHANT, JURISDICTION IS EXPRESSLY ASSIGNED TO THE MATERIALLY COMPETENT COURTS OF RENNES, NOTWITHSTANDING MULTIPLE DEFENDANTS OR THE INTRODUCTION OF THIRD PARTIES. THIS JURISDICTION ALSO APPLIES TO SUMMARY PROCEEDINGS.

In all other cases, the parties agree to refer to and apply the provisions of the contract.

The purpose of this Appendix is to define the Service Levels applicable to the supply of Solutions by DIGITALEO as well as the conditions under which DIGITALEO ensures the management of Security Incidents and Anomalies.

Anomaly: has the meaning given to it in the General Terms and Conditions of Services.

Blocking Anomaly: refers to an Anomaly that makes it impossible to use the Solutions or an essential functionality.

Major Anomaly: refers to an Anomaly that significantly affects the use of the Solutions, but does not totally prevent their use.

Minor Anomaly: designates the Anomaly only affecting functionalities that are not essential to the use of the Solutions.

Request for Intervention: designates the notification of an Anomaly sent by the Customer to DIGITALEO support according to the methods provided below.

DIGITALEO undertakes to ensure a monthly availability of the Solutions of 99.9%, calculated on a monthly calendar basis.

Calculation methods.

Availability is calculated using the following formula :
Availability (%) = (Total time – Downtime) / Total time × 100

Exclusions.

The following are not taken into account when calculating availability:

• Planned maintenance operations, subject to reasonable notice (at least 24 hours except in emergencies)
• Interruptions of less than 15 consecutive minutes;
• Unavailability due to :
  • To the customer (infrastructure, configuration, improper use) ;
  • Third-party networks or services (hosts, operators, platforms, APIs, etc.);
  • Force majeure or external events (cyber attacks, network outages, etc.).

Reporting procedures.

Any Anomaly must be the subject of an Intervention Request:
Via the support tool made available by DIGITALEO, or
By any other channel communicated by DIGITALEO.

The Intervention Request must contain a sufficiently precise description of the malfunction to allow its diagnosis.

Support times.

The times mentioned in this Appendix are expressed in Working Hours, as defined in the General Terms of Services.

Support is provided during Working Days and Working Hours.

The deadlines below run from receipt of a complete Request for Intervention.

Defect level	Response time	Workaround (if possible)	Resolution time
Blocking anomaly	2 working hours	4 working hours	Best efforts – indicative target: 8 working hours
Major anomaly	4 working hours	18 working hours	Best efforts – indicative target: 24 working hours
Minor anomaly	4 working hours	Not applicable	Correction for an update – indicative time: 10 working days

The resolution times indicated are targets and not firm commitments, particularly in view of :

• The complexity of Anomalies ;
• Dependence on third-party technologies or service providers;
• The need to deploy global patches.
  DIGITALEO will, wherever possible, give priority to the rapid implementation of workarounds.

The Customer undertakes to :

• Collaborate actively with DIGITALEO to qualify anomalies;
• Provide the information needed for diagnosis;
• Reproduce malfunctions (if required) ;
• Do not interfere with correction operations.

Service Levels do not apply:

• Functional changes or enhancement requests;
• Security incidents resulting from third-party services;
• Limitations inherent to AI Functionalities (notably variability of results, errors, latency or unavailability not constituting a Technical Anomaly).

DIGITALEO reserves the right to adapt the commitments of the present appendix, in particular in the event of technical evolution of the Solutions, subject to prior information of the Customer.

This contract (hereinafter referred to as the ” Agreement “) is part of the provision of Solutions, the performance of Services and/or Agency Services by DIGITALEO and involves the processing of personal data (hereinafter referred to as ” Personal Data “) by DIGITALEO in the name and on behalf of the Customer, the Data Controller.

The Personal Data processed, in this context, will be processed in accordance with the General Data Protection Regulation (EU) 2016/679 of April 27, 2016 (hereinafter “ GDPR “) and Law n°78-17 of January 6, 1978 known as “Informatique et Libertés” (together referred to as the“Applicable Regulations “).

Contract: means the contract for the provision of services concluded between DIGITALEO and the Customer as defined in the DIGITALEO General Terms and Conditions of Services.

Personal Data: information that directly or indirectly identifies the Data Subject.

EEA: refers to the European Economic Area.

Data Subject: refers to any natural person whose Personal Data is Processed by the Customer, the Data Controller, as part of the execution of the Services.

Services: refers to the services offered by DIGITALEO under the terms and conditions set out in the DIGITALEO General Conditions of Services.

Subsequent Sub-Contractor: means the natural or legal person who, under the direct authority of DIGITALEO, is authorized to Process Personal Data on behalf of the Customer. The list of Subcontractors is provided in article 13 of the Agreement.

Treatment/Processing/Processing: refers to any operation carried out on the Personal Data of the Data Subject and in particular, the collection, access, consultation, recording, saving, organization, storage, conservation, adaptation, use, restoration, restitution or destruction.

Personal Data Breach: means a breach of security resulting in the destruction, loss, alteration, unauthorized disclosure of or unlawful or accidental access to Personal Data transmitted, stored or Processed.
The terms ” Processor “, ” Subprocessor “, “ Supervisory Authority ” and other terms used in the Agreement have the meaning given to them in Article 4 of the RGPD.

The purpose of the Agreement is to define the legal status of the Parties and the terms and conditions under which the Parties undertake to comply with the Applicable Regulations.

The Agreement comes into force on the date of signature of the Contract and for the duration of the Contract.

5.1. The Customer is the Data Controller of the Personal Data of the Data Subjects and is domiciled at the address mentioned in the Order Form and/or the Special Conditions.

DIGITALEO processes, on behalf of the Customer, the Personal Data necessary to provide the Solutions and execute the Services and/or Agency Services ordered.

5.2. The Parties acknowledge that certain Personal Data subject to such Processing may be subject to separate Processing by DIGITALEO in its capacity as Data Controller in accordance with Applicable Regulations. The Agreement does not apply to such other Processing. The Customer may consult DIGITALEO’s Privacy Policy available on its website.

The object, duration, nature and purpose of the Processing, as well as the types of Personal Data and the categories of Data Subjects concerned by the Processing, are defined in the table below.

Information on the Customer, Data Controller and Data Protection Officer

Identity and contact details of the Data Controller	This information is given in the Order Form and/or the Special Conditions.
Identity and contact details of the Data Controller’s legal representative	This information is given in the Order Form and/or the Special Conditions.
Identity and contact details of the Data Protection Officer of the Data Controller	This information is given in the Order Form and/or the Special Conditions.

Treatment Information

Purpose of Processing	Hosting, assistance (support), application maintenance, message routing, studies, expertise or training services.
Nature of Processing (operations performed on Personal Data)	Collection, recording, saving, organization, conservation, extraction, access and consultation, use, communication by transmission, limitation, restoration, restitution, deletion or destruction.
Duration of Processing	As long as the Data Controller wishes to benefit from the Solutions and until the end of the Reversibility operations.
Duration of Processing	As long as the Data Controller wishes to benefit from the Solutions and until the end of the Reversibility operations.
Categories of Data Subjects	Depending on the services concerned: employees, customers, prospects, all persons concerned by the Data Processed via the subscribed Modules, Users/Beneficiaries of the Solutions.
Category of Personal Data	Identification and civil status data (in particular surname, first name, title, age or date of birth) Contact data (including postal and e-mail addresses, telephone numbers, geographical location) Professional data (in particular job title, professional contact details, socio-professional category, affiliation with an establishment or company) Data relating to the commercial relationship and purchasing behavior (in particular purchase history, visits to points of sale, participation in loyalty programs, use of coupons or offers, average basket, subscription date); Preference data and centers of interest (including declared or inferred centers of interest, purchasing intentions, participation in events or marketing operations); Personal profile and context data (in particular family situation, housing or vehicle characteristics, declarative information or information from authorized marketing processes) Data from digital and social interactions (including public profiles, pseudonyms, opinions, ratings, comments, reactions or interactions on partner platforms or social networks) Technical and usage data (including technical identifiers, connection data, logs, CRM identifiers or equivalent).
Location of Personal Data Processing	France and Europe.
Security measures implemented by DIGITALEO	Consult the DIGITALEO Security Policy.
Retention rules within DIGITALEO	See article 63 of the GCS on Data Reversibility, which sets out the principles applicable to the return and deletion of Data.

The signature and/or acceptance of the Order Form and/or the Special Terms and Conditions expressing the Customer’s consent and acceptance of the Contract constitute instructions from the Data Controller within the meaning of the Applicable Regulations.

The Customer undertakes to :

• Provide DIGITALEO in a secure manner with the Personal Data necessary for the Processing referred to in article 6 (principle of minimization);
• To document in writing any instruction concerning the Processing of Personal Data by DIGITALEO ;
• To ensure, beforehand and throughout the duration of the Processing, that its agents, employees, collaborators, service providers or representatives comply with the obligations set out in the Applicable Regulations;
• At the time of collection of Personal Data, inform and, if necessary, collect the consent of each Data Subject, of the Processing concerning them and of their rights provided for by Articles 15 et seq. of the RGPD ;
• Immediately inform DIGITALEO of any modification to the Personal Data of a Data Subject;
  Supervise the Processing, including by carrying out, if necessary, audits and inspections at DIGITALEO;
• Immediately inform DIGITALEO of any Security Incident observed and originating from a defect related to the Solutions, Services and/or Agency Services provided by DIGITALEO so that DIGITALEO can remedy the situation;
• Cooperate with and assist DIGITALEO in complying with its obligations regarding the protection of Personal Data;
• Implement appropriate technical and organizational measures to guarantee and be able to demonstrate that the Processings are carried out in accordance with Article 32 of the RGPD and 19 of the Agreement. These measures are reviewed and updated as necessary.

DIGITALEO :

1. Processes Personal Data solely for the purpose(s) for which the Personal Data is processed in connection with the provision of Solutions, the performance of Services and/or Agency Services;
2. Processes Personal Data in accordance with the Customer’s documented instructions. If DIGITALEO considers that an instruction constitutes a violation of the Applicable Regulation, of any other provision of Union law or of the law of the Member States relating to the protection of Personal Data, it shall immediately inform the Customer;
3. Uses subcontractors under the terms and conditions set out in article 13 of the Agreement;
4. Takes all measures required under Article 32 of the RGPD, namely to implement appropriate technical and organizational measures to ensure a level of security appropriate to the risk to the rights and freedoms of Data Subjects, including, at a minimum, the measures provided for in Article 19 and in its security policy ;
5. Guarantees that in the event of transfer of Personal Data outside the EEA to a recipient whose country, territory or sector is not the subject of an adequacy decision by the European Commission within the meaning of Article 45 of the RGPD, DIGITALEO will implement appropriate safeguards within the meaning of Article 46 of the RGPD, for example by using the European Commission’s Standard Contractual Clauses for the transfer of Personal Data to a third country, unless one of the derogations permitted under Article 49 of the RGPD can be applied. DIGITALEO will inform the Customer and, in the case of transfers referred to in Article 46 or Article 49(1), second subparagraph, of the RGPD, will make available to the Customer a copy of the appropriate safeguards used so that the Customer can meet its obligations to the Data Subjects under Articles 13, 14 and 15 of the RGPD ;
6. Guarantees the confidentiality of Personal Data processed in connection with the provision of Solutions, the performance of Services and/or Agency Services;
7. Ensures that the persons authorized to Process Personal Data on behalf of
   Customer:
   1. Are committed to confidentiality or are subject to an appropriate legal or contractual obligation of confidentiality;
   2. Receive the necessary training in the protection of Personal Data;
   3. Take into account, with regard to its tools, products, applications or services, the principles of data protection by design and data protection by default.

In the event of a Violation of Personal Data, DIGITALEO must notify the Customer of this Violation as soon as possible after becoming aware of it.

DIGITALEO also undertakes to send the Customer, as soon as possible after becoming aware of the Personal Data Breach, an analysis including in particular:

• The description and nature of the Personal Data Breach, including if possible, the categories and approximate number of Data Subjects affected by the breach and the categories and approximate number of records of Personal Data affected;
• The name and contact details of the DPO or other point of contact from whom further information can be obtained;
• Description of the likely consequences of the Personal Data Breach;
• A description of the measures taken or proposed to be taken by DIGITALEO and/or the Subsequent Subcontractor to remedy the Personal Data Breach, including, if applicable, measures to mitigate any negative consequences.

DIGITALEO undertakes to cooperate in order to enable the Customer to notify the Personal Data Breach to any competent Supervisory Authority in accordance with the Applicable Regulations.

DIGITALEO collaborates with the Customer to carry out impact analyses relating to the protection of Personal Data and/or prior consultation with the Supervisory Authority.

DIGITALEO has appointed a Data Protection Officer (” DPO “):

DIGITALEO declares that it keeps a register of the categories of Processing activities carried out on its own behalf and on behalf of the Customer, including in the latter case :

• The name and contact details of the Customer on whose behalf it is acting, of any Subsequent Subcontractors and of the DPO;
• Categories of Processing carried out on behalf of the Customer ;
• Where applicable, transfers of Personal Data to a third country or to an international organization, including the identification of such third country or international organization and, in the case of transfers referred to in the second subparagraph of Article 49(1) of the GDPR, documents attesting to the existence of appropriate safeguards ;
• A general description of technical and organizational security measures.

Contract: means the contract for the provision of services concluded between DIGITALEO and the Customer as defined in the DIGITALEO General Terms and Conditions of Services.

Personal Data: information that directly or indirectly identifies the Data Subject.

EEA: refers to the European Economic Area.

Data Subject: refers to any natural person whose Personal Data is Processed by the Customer, the Data Controller, as part of the execution of the Services.

Services: refers to the services offered by DIGITALEO under the terms and conditions set out in the DIGITALEO General Conditions of Services.

Subsequent Sub-Contractor: means the natural or legal person who, under the direct authority of DIGITALEO, is authorized to Process Personal Data on behalf of the Customer. The list of Subcontractors is provided in article 13 of the Agreement.

Treatment/Processing/Processing: refers to any operation carried out on the Personal Data of the Data Subject and in particular, the collection, access, consultation, recording, saving, organization, storage, conservation, adaptation, use, restoration, restitution or destruction.

Personal Data Breach: means a breach of security resulting in the destruction, loss, alteration, unauthorized disclosure of or unlawful or accidental access to Personal Data transmitted, stored or Processed.
The terms ” Processor “, ” Subprocessor “, “ Supervisory Authority ” and other terms used in the Agreement have the meaning given to them in Article 4 of the RGPD.

The Customer accepts that DIGITALEO may use one or more Subcontractor(s) to carry out all or part of the Processing activities described in article 6 of the Agreement. The Customer accepts that DIGITALEO may use the Subcontractors listed here.

DIGITALEO keeps a register of the Subcontractors it uses, the activities subcontracted and the contracts concluded with these Subcontractors.

In the event of the addition or change of Subsequent Subcontractors, DIGITALEO will inform the Customer in advance. The Customer has a maximum of fifteen (15) days from the date of receipt of this information to present any objections. Objections must be notified by the Customer to DIGITALEO’s DPO, whose contact details are mentioned in article 11 of the Agreement. In any case, DIGITALEO is under no obligation to renounce a change of Subsequent Subcontractor. If, following an objection from the Customer, DIGITALEO does not waive the change of Subsequent Subcontractor, the Customer may terminate the services concerned without being able to claim compensation.

In cases where a Subsequent Subcontractor is engaged, the latter must be subject to the same contractual terms and conditions with regard to the protection of Personal Data as those described in the Agreement. In particular, the Subsequent Subcontractor must present sufficient guarantees as to the implementation of appropriate technical and organizational measures so that the Processing meets the requirements of the RGPD.

DIGITALEO is fully responsible to the Customer for its non-performance.

The Customer hereby grants DIGITALEO full authority to enter into an agreement with any Subsequent Subcontractor who is not established in the EEA and whose country, territory or sector is not the subject of an adequacy decision by the European Commission within the meaning of Article 45 of the RGPD, containing the Standard Contractual Clauses (hereinafter the “SCC”) referred to herein, especially module 3 of said SCC, as may be amended by the European Commission pursuant to Article 46 of the RGPD.

Where CLAs are implemented, the following provisions apply:

1. Concerning the identity of the Parties :
   1. The data exporter is DIGITALEO.
   2. The data importer is the Subcontractor.
2. For clause 9 of the TCCs, DIGITALEO and the Data Importer will engage Subsequent Subcontractors on the basis of option 2 “General Written Authorization”.
3. With regard to clause 17 of the CLA, it is agreed that the clauses of the CLA will be governed by French law.
4. The purposes of the transfers are the routing of e-mail or SMS, in the name and on behalf of the Customer, the Data Controller, in the context of sending transactional or marketing messages.
5. The description of Processing set out in Article 6 of the Agreement shall be reproduced by the importer of the Data in Appendix 1 of the TCCs “Description of Transfers”.
6. It is also agreed that the competent supervisory authority is the Commission Nationale Informatique et Libertés (CNIL).
7. DIGITALEO and the Data importer shall complete the security measures taken by the importer to ensure the security of the transfer(s).

The purpose of the preceding paragraph is to specify the terms on which the Parties agree to apply the CLAs, and not to derogate from or conflict with them. In the event of conflict, the signed CLAs shall prevail.

The Contract may be drawn up in a number of copies less than the number of parties, in derogation of article 1375 of the Civil Code, insofar as all parties are merchants, in which case DIGITALEO may hold an original on behalf of the Customer.

The Customer is solely responsible for managing the requests of Concerned Parties.

DIGITALEO undertakes to cooperate with the Customer in the event that the latter is requested in the context of the performance of its obligation to comply with requests to exercise the rights of Data Subjects (access, rectification, deletion, opposition, etc.).

DIGITALEO undertakes (without responding directly to the Persons Concerned) to :

1. Transmit to the Customer, within a period not exceeding forty-eight (48) working hours, any request and/or demand and/or notification from a Data Subject for the purpose of exercising his/her rights under the Applicable Regulations;
2. Upon receipt of the aforementioned information, cooperate if necessary with the Customer and provide it, within an appropriate period of time not to exceed eight (8) calendar days, with the information necessary to enable the Customer to respond to the Persons Concerned;
3. In all cases and where applicable, implement and have implemented by Subsequent Subcontractors within an appropriate period not exceeding eight (8) calendar days, any request from the Customer concerning the rights of Concerned Persons.

DIGITALEO shall make available to the Customer, the documentation necessary to demonstrate compliance with all its obligations and to allow audits, including inspections, to be carried out by the Customer, or another auditor appointed by it, and to contribute to such audits, in accordance with Article 17 of the Agreement.

DIGITALEO shall, upon receipt of at least thirty (30) days’ prior written notice from the Customer, make available to the latter or to the auditor it has appointed (who shall be bound by an obligation of confidentiality) the necessary information on its Processing resources so that the Customer can carry out a reasonable audit of the Processing activities carried out under the Agreement. If the Parties so wish by mutual agreement, such an audit may be carried out by an independent third-party auditor agreed by the Parties and bound by a duty of confidentiality and, where applicable, approved by the competent Supervisory Authority.

All costs, internal and external, relating to any audit shall be borne by the Customer.

DIGITALEO shall provide the Customer or any auditor with the necessary information and retain the necessary records for such audit and, subject to applicable law, provide such documents and/or data carriers to the Customer or auditor upon written request.

DIGITALEO shall provide reasonable support for all audits of the Customer or auditor under this section and shall assist in the full and efficient performance of such audits.

The stipulations of the present article 17 are specific to audits carried out with DIGITALEO.

With regard to the audit by the Customer of the Subsequent Subcontractors, DIGITALEO will ensure that their contract obliges them to make available all the information necessary to demonstrate compliance with their obligations under the Agreement binding them to DIGITALEO and to allow audits, including inspections, to be carried out by DIGITALEO (on its behalf and/or that of the Customer) or another auditor it has appointed, and to contribute to these audits.

If the Customer wishes to give instructions to DIGITALEO which are not necessary for the latter’s performance of the Contract(s) relating to the Treatments, DIGITALEO shall be entitled to reasonable remuneration for complying with such written instructions from the Customer, in accordance, where applicable, with any applicable price list.

Taking into account the state of the art, the costs of implementation, the nature, scope, context and purposes of the Processing as well as the risks for the rights and freedoms of the Data Subjects, DIGITALEO implements the appropriate technical and organizational measures in order to guarantee a level of security adapted to the risk.

When selecting measures, the Parties will refer in particular to the state of the art and to the recommendations of competent authorities such as CNIL or ANSSI.

DIGITALEO undertakes to implement technical and organizational security measures, as listed in its security policy, in order to prevent accidental or unauthorized access to its tools, infrastructures and Personal Data. Security measures must guarantee the confidentiality, availability, integrity and traceability of Personal Data.

DIGITALEO may modify the security measures at any time, without having to inform the Customer in advance.

For its part, the Customer is required to take all necessary precautions, having regard to the nature of the Personal Data and the risks presented by the Processing, to preserve the security of the Personal Data and, in particular, to prevent it from being distorted, damaged or accessed by unauthorized third parties.

DIGITALEO cannot be held responsible for any breach by the Customer of its safety obligation. Conversely, the Customer cannot be held responsible for any breach by DIGITALEO of its safety obligation.

20.1. The Customer shall be responsible for and shall indemnify DIGITALEO against any costs, losses or liabilities (including reasonable legal fees), suffered or incurred by DIGITALEO (including as a result of DIGITALEO indemnifying any Subsequent Subcontractor), which result from:
Any violation by the Customer of the RGPD or other applicable laws ;
Any processing of the Data Concerned carried out by DIGITALEO or any Subsequent Subcontractor in accordance with instructions given by the Customer that contravenes the GDPR or any other applicable law; or
Any breach by the Customer of its obligations under the Agreement,
except to the extent that DIGITALEO or the Subsequent Subcontractor is responsible under paragraph 20.2 of the Agreement.

20.2. DIGITALEO shall be liable and shall indemnify the Customer for any costs, losses or liabilities (including reasonable legal fees), suffered or incurred by the Customer arising directly or indirectly from the Concerned Processings of the Concerned Data:
If it results from DIGITALEO’s breach of the Agreement (whether caused by DIGITALEO or a Subsequent Subcontractor); and
Insofar as such breach is not the consequence of a breach by the Customer of one or more of its obligations under the Agreement.

To the extent permitted by applicable law, the aggregate liability of DIGITALEO (and any Subsequent Subcontractor) under this Agreement shall be limited to the indemnity limit set forth in the Contract, except in the case of gross negligence or wilful misconduct.

As the Agreement is accessory to the Contract(s) relating to the Treatments concerned between the Customer and DIGITALEO, the termination or expiry of the whole of the Contract(s) for any reason whatsoever will result in the termination of the Agreement.

Without prejudice to any obligation arising from Article 21 of the Agreement and at the end of the Contract(s) relating to the Processings, DIGITALEO shall cease to Process the Personal Data concerned and shall require all Subsequent Processors to cease to Process the Personal Data concerned.

At the request and option of the Customer, Personal Data will either be destroyed by DIGITALEO, or returned and then destroyed by DIGITALEO.

In the event of return, the Personal Data will be returned to the Customer within a reasonable period of time, which may not exceed thirty (30) days, from the Customer’s written request.

This restitution will take place in the same format as that used by the Customer to make the Personal Data available to DIGITALEO or, failing that, in the format indicated in article 70 of the GCS.

This return will be the subject of minutes signed by the parties.

DIGITALEO will definitively destroy, sixty (60) days after the return, the copies of the Personal Data held in its systems, unless the legislation imposed on DIGITALEO prevents it from returning or destroying all or part of the Personal Data, and shall provide proof thereof to the Customer concomitantly with the signing of the return report.

DIGITALEO shall ensure that the Subsequent Subcontractors are aware of and carry out the obligations referred to in the present article.

Notwithstanding any provisions to the contrary in any contract for the provision of services relating to Data Processing between the Parties, the Agreement is governed by French law.