English Français Deutsch
This Agreement (hereinafter referred to as the "Agreement") determines the conditions under which the parties undertake to process personal data within the meaning of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 (hereinafter referred to as the "GDPR" or "European Data Protection Regulation") as well as production data entrusted by the Processor in the context of the provision of Jalios' SaaS application services.
The purpose of the Agreement is to define the obligations incumbent on Jalios in the context of the processing of personal data and production data on which the provision of services as defined by Jalios is based, including in particular the obligations with regard to data security and confidentiality.
The parties undertake to comply with the regulations in force applicable to the processing of personal data and, in particular, Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 applicable as of 25 May 2018 (hereinafter, "the European Data Protection Regulation").
Jalios is authorized to process on behalf of the data controller the personal data necessary to provide the installation and maintenance of JPlatform Cloud, Digital Workplace grouping together ¬6 major families of functionalities:
For the performance of the service covered by this agreement, the data controller provides the Jalios with administrator mode access to the Customer's platform.
The complete description of the processing is detailed in the appendix.
The Processor undertakes to:
If the Processor considers that an instruction constitutes a breach of the European Data Protection Regulation or any other provision of Union or Member State law relating to data protection, it shall immediately inform the Controller. In addition, if the processor is required to transfer data to a third country or to an international organization under Union law or the law of the Member State to which it is subject, it must inform the controller of this legal obligation prior to the processing, unless the law concerned prohibits such information on important grounds of public interest.
Jalios may engage another processor (hereinafter, "the sub-processor") to carry out specific processing activities. In this case, the processor shall inform the controller in advance and in writing of any planned changes regarding the addition or replacement of further processors.
This information must clearly indicate the processing activities outsourced, the identity and contact details of the processor and the dates of the outsourcing agreement. The data controller has a minimum of 15 days from the date of receipt of this information to present its objections. This subcontracting can only be carried out if the controller has not raised any objections within the agreed period.
The Jalios is obliged to fulfil the obligations of this agreement on behalf of and according to the instructions of the controller. It is the responsibility of the original processor to ensure that the subsequent sub-processor presents the same sufficient guarantees regarding the implementation of appropriate technical and organizational measures so that the processing meets the requirements of the European Data Protection Regulation. If the sub-processor fails to fulfil its data protection obligations, the original processor remains fully responsible to the controller for the other processor's performance of its obligations.
It is the responsibility of the data controller to provide information to the data subjects of the processing operations at the time of data collection.
To the extent possible, the processor must assist the controller in fulfilling its obligation to comply with requests to exercise the rights of data subjects: right of access, rectification, erasure and objection, right to restriction of processing, right to data portability, right not to be subject to an automated individual decision (including profiling).
Where data subjects make requests to the processor to exercise their rights, the processor must send such requests upon receipt by email to pdo@customer.com
The processor shall notify the controller of any personal data breach within a maximum of 72 hours of becoming aware of it by email or post. This notification shall be accompanied by any useful documentation in order to allow the controller, if necessary, to notify the breach to the competent supervisory authority.
The notification shall contain at least:
If and to the extent that it is not possible to provide all of this information at the same time, the information may be provided in a staggered manner without undue delay.
For security purposes and in order to comply with the RGPD, we invite you to inform your business contact of your CISO and DPO contacts (name, first name and email). These contacts will be alerted of any personal data breach. These contacts will be alerted of the availability of security patches that Jalios will apply to the Customer's SaaS platform.
The processor assists the controller in carrying out data protection impact assessments.
The processor assists the controller in carrying out the prior consultation with the supervisory authority.
The processor undertakes to implement and maintain at its own expense appropriate technical and organizational measures relating to the processing of data within the framework of the services provided:
At the end of the use of the Jalios SaaS application, the Jalios must return all the Data collected and produced in the course of providing the application services to Jalios or delete them, in accordance with the provisions of article "11.6 Reversibility" of the agreement.
The Data Protection Officer of the Jalios can be contacted by email at gdpr@jalios.com, in accordance with Article 37 of the European Data Protection Regulation.
The Processor declares to keep a written record of all categories of processing activities performed on behalf of the Controller including:
The Processor shall make available to the Controller the documentation necessary to demonstrate compliance with all of its obligations and to enable and assist in audits, including inspections, by the Controller or another auditor appointed by the Controller.
The Jalios publisher cannot make any commitment for third-party services for which Jalios provides a connector and for which the customer has signed a direct contract. It is up to the customer to prohibit or limit their use. For information, the main third-party services offered by the Jalios service (as standard or as an option) are Office 365, Skype for business, Google Drive, Google Analytics, Google Maps, Kofax Capture, Lecko RSE Analytics, Universign, XiTi, Momindum, etc.
The data controller (Article 4.7 GDPR) undertakes, prior to any use of the SaaS Service and throughout the duration of the use of the Jalios application, to:
