Data protection agreement

  1. Introduction

    The purpose of the Data Protection Agreement (hereinafter the "Agreement") is to govern the use of personal data of Clients (hereinafter the "Client") of Getheroes SAS (hereinafter the "Processor") using its app ZELIQ service (hereinafter the "Service").

  2. Definitions

    All terms relating to the applicable personal data protection regulations used in the Agreement are defined in Article 4 of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data (hereinafter "GDPR").

  3. Role of the Parties

    Under the Agreement, the Client acts as a personal data controller and the Processor acts as a processor within the meaning of Article 28 of the RGPD (hereinafter, together, the "Parties").

  4. Contractual documents and duration

    The Agreement, which is an indivisible appendix to the contract signed between the Client and the Processor for the use of the Service (hereinafter the "Contract"), is applicable for the duration of the existing contractual relationship between the Parties.

    In the event of any contradiction between the Contract concluded for the use of the Service and the Agreement, the obligations set forth in the Agreement shall prevail over the Contract with regard to the applicable data protection rules.

  5. Declarations and commitments

    The Processor declares that it complies with all applicable rules on the protection of personal data and presents all sufficient guarantees to meet the requirements of the RGPD in connection with the provision of the Service.

    The Processor declares that all internal and external personnel required to process the Client's personal data are bound by a confidentiality clause, an information systems charter or any other binding legal document, and receive regular training and awareness-raising.

    The Processor declares that the Service has been produced in compliance with the rules of "Privacy by design" and "Privacy by default" and therefore that the Service is accompanied by functionalities enabling the Client to comply with its obligations as data controller.

  6. Documented instructions

    The Processor undertakes to use the Client's personal data in connection with the use of the Service only on the Client's documented instructions.

    The list of treatments carried out is detailed in the appendix or can be supplied on request.

  7. Security

    The Processor undertakes to guarantee the security of the Client's personal data and to implement all technical and organizational measures necessary for its Service.

    All technical and organizational security measures are detailed in the appendix hereto, or are provided on request.

  8. Violation of personal data

    The Processor undertakes to notify the Client, in accordance with the obligations set out in Article 28 of the GDPR, as soon as possible after becoming aware of any personal data breach that may affect the Client's personal data.

    The Processor undertakes to communicate, as soon as possible after becoming aware of it, all necessary and required information in its possession to reduce the effects of the personal data breach suffered and to enable the Client to take adequate safeguarding and protection measures.

    Unless agreed otherwise between the Parties, the Processor is not authorized to take charge of notifications of personal data breaches to the relevant supervisory authority and to inform, on behalf of the Client, the persons concerned by the processing carried out under the Contract.

  9. Help and support

    The Processor shall provide the Client, upon written request, with all necessary and required information on the technical and organizational security measures to be implemented to guarantee the security of its personal data.

    The Processor shall provide the Client, upon written request, with all information necessary and required to ensure the performance of an impact analysis ("AIPD").

    The Processor undertakes to notify the Client as soon as possible after becoming aware of any request for rights to the Client.

    The Processor shall provide the Client, upon written request, with all necessary and required information to enable the Client to fulfill its obligation to comply with the requests of the persons concerned.

    At the Client's written request, the Processor shall carry out the actions necessary for the Client to fulfill its obligation to comply with the requests of the persons concerned.

  10. Liability

    The Processor shall never be liable for any use of the Service by the Client that does not comply with the applicable rules on the protection of personal data.

    The Processor is not obliged to manage requests for personal rights in place of and on behalf of the Client. Any additional request for such management may be refused and, where appropriate, an additional fee may be charged.

    The Processor is not obliged to ensure or audit the Client's security or to carry out IAPDs for and on behalf of the Client. Any additional request for information may be refused and, where appropriate, an additional fee may be charged.

  11. Sub-Processors

    The Client accepts that the Processor may recruit Sub-Processors as part of the performance of the Agreement provided that it informs the Client, by any means, of any changes concerning such Sub-Processor occurring during the performance of the Agreement and remains responsible for the acts of the subsequent Processor as part of the Agreement.

    The Processor undertakes to recruit only Sub-Processors that offer the necessary and sufficient guarantees to ensure the security and confidentiality of the Client's personal data.

    The Processor undertakes to monitor its SPs and to ensure that the contract entered into with the Sub-Processor used in connection with the service contains obligations similar to those set out in the Agreement.

    The Client may raise objections by registered letter with acknowledgement of receipt i) if the Sub-Processor is one of its competitors, ii) if the Client and the Sub-Processor are in a pre-litigation or litigation situation, and iii) if the Sub-Processor has been convicted by a data protection supervisory authority in the year of its recruitment.

    The Processor has 6 months from receipt of the objection to amend the Sub-Processor.

  12. Disposal of personal data
    The Processor deletes the Client's personal data at the end of the term of performance of the Contract entered into in connection with the use of the Service and agrees that the Processor may, where technically possible, anonymize the Client's personal data for statistical purposes.

    The Processor shall certify to the Client, upon written request, that its personal data and all existing copies thereof have been effectively deleted.

    The Client must recover his personal data before the end of the Agreement. Failing this, the Client may no longer recover his personal data, as the deletion of personal data is irreversible.

    The Client remains solely responsible for the loss of personal data following the deletion of data at the end of the Agreement.

  13. Audits
    The Client has the right to carry out an audit in the form of a written questionnaire once a year to verify compliance with this Agreement. The questionnaire has the force of a sworn undertaking binding on the Processor.

    The questionnaire may be sent in any form to the Processor, who undertakes to reply within a maximum of two months of receipt.

    The Client also has the right to carry out an audit at the Processor's premises, at its own expense, once a year only in the event of a data breach or proven and demonstrated failure to comply with the applicable data protection rules and this Agreement.

    An audit at the Processor's premises may be carried out either by the Client or by an independent third party appointed by the Client and must be notified to the Processor in writing at least thirty (30) days prior to the audit.

    The Processor has the right to refuse the choice of the independent third party if the latter is i) a competitor or ii) in pre-litigation or litigation with the Processor. In this case, the Client undertakes to select a new independent third party to carry out the audit.

    The Processor may refuse access to certain areas for reasons of confidentiality or security. In this case, the Processor carries out the audit in these areas at its own expense and communicates the results to the Client.

    In the event of any discrepancy identified during the audit, the Processor undertakes to implement, without delay, the necessary measures to comply with this Agreement.

  14. Data transfers outside the European Union
    The Processor undertakes to take all necessary steps not to transfer the Client's personal data outside the European Union or to recruit STUs located outside the European Union.

  15. Cooperation with supervisory authorities
    Where this concerns processing carried out under the Agreement, the Processor undertakes to provide, on request, all the information necessary for the Client to cooperate with the competent supervisory authority.

  16. Contact
    The Client and the Processor shall each appoint a contact person for this Agreement, who shall be the addressee of the various notifications and communications to be made under the Agreement.

    The Processor informs the Client that it has appointed Dipeeo SAS as its Data Protection Officer, who can be contacted at the following address:

    ● Email address: privacy@zeliq.com

    ● Postal address: Société Dipeeo SAS, 95 avenue du Président Wilson, 93100 Montreuil, France

    ● Telephone number: 01 59 06 81 85

  17. Review
    The Processor reserves the right to modify this Agreement in the event of changes to the applicable rules on the protection of personal data which would have the effect of modifying any of its provisions.

  18. Applicable law and jurisdiction
    This Agreement is governed by French law. Any dispute arising in connection with the performance of this Agreement shall be subject to the exclusive jurisdiction of the courts within the jurisdiction of the Court of Appeal of the place where the Processor is domiciled.

    Certified by Dipeeo ®.

Get it on Chrome
LinkedIn Extension
Join our newsletter

Resources

BlogMedia KitPricingAbout usAPI DocsWe recruit!

Product

Contact DataOmnichannel SequencePerformanceRelease note

Use Cases

Business DeveloperMarketingSales LeaderRevenue OperationFounder

Alternatives

ZELIQ vs LemlistZELIQ vs LushaZELIQ vs KasprZELIQ vs ApolloZELIQ vs HumanlinkerZELIQ vs CognismZELIQ vs FullEnrichZELIQ vs OutreachZELIQ vs Salesloft

© Zeliq - 228 Park Ave S PMB 663752 New York, New York 10003-1502 US

LegalsPrivacy PolicyTerm of UseRemove my Data