Logo-Gonexa-White
Solutions
Projects
Formation
Rates
resources
Login
Contact us
Contact us
Solutions
Icon-Doc
Doc
Icon-Sign
Sign
Icon-RF
RF
Icon-Connect
Connect
Formation
Rates
Help & Support
Updated on 24/11/2022

Legal information

SUBCONTRACTING OF PERSONAL DATA

 

GONEXA is authorized to process on behalf of the Customer personal data (hereinafter the “Personal Data”) necessary for the execution of the Contract. This treatment will be carried out for the duration of the Contract.

 

The term “Applicable Legislation” refers to the RGPD but also all legal and regulatory provisions applicable in France and relating to the protection of Personal Data. In addition to the terms defined above, each term beginning with a capital letter used in this Appendix (hereinafter the “Appendix”) has the meaning defined in Article 4 of the GDPR.

 

1. GONEXA's Data Processing Commitments

 

When GONEXA processes Personal Data under the Contract, it must:

 

• Process Personal Data in accordance with the Customer's written instructions, including those set out in the Agreement. However, GONEXA may process Personal Data if required to do so in accordance with the Applicable Legislation or any other relevant legislation. In this case, GONEXA undertakes to inform the Customer of this legal requirement before carrying out the processing, unless said laws prohibit such information for important reasons of public interest;

• Inform the Customer immediately if, in the opinion of GONEXA, an instruction for the processing of Personal Data violates Applicable Legislation;

• Implement and maintain appropriate technical and organizational measures to ensure the security of Personal Data and in particular to put in place the means to guarantee the confidentiality of Personal Data.

• Ensure that staff members processing Personal Data (i) undertake to respect confidentiality or are subject to an appropriate legal obligation of confidentiality and (ii) receive the necessary training in the protection of Personal Data;

• Communicate to the Customer the name and contact details of his data protection officer, if he has appointed one in accordance with article 37 of the RGPD;

• Notify the Customer of any Personal Data Breach that results in an accidental or unlawful manner in the destruction, loss, alteration or accidental, unauthorized or unlawful disclosure of such Personal Data or unauthorized access to such Personal Data, without undue delay after becoming aware of it;

• Do not transfer Personal Data to a country outside the European Economic Area or to any country in respect of which no valid adequacy decision has been issued by the European Commission, unless the transfer is carried out within the framework of transfer mechanisms recognized by the Applicable Legislation, such as the standard contractual clauses established by the European Commission. In this context, the Customer gives an express mandate to the Subcontractor to sign such clauses on his behalf;

• Do not disclose Personal Data to third parties, except as permitted by the Contract, Applicable Legislation, or subsequent instructions from the Customer. GONEXA is expressly authorized to use subcontractors if they are subject to a minimum of contractual obligations in terms of the protection of Personal Data comparable to those stipulated in the Contract. The list of subcontractors used is appended to this document (article 4). GONEXA will inform the Customer of any planned changes concerning the addition or replacement of subcontractors, thus giving the Customer the opportunity to issue within ten (10) working days from the notification of objections to these changes. The absence of a response from the Customer within this period will constitute tacit acceptance by the new subcontractor. In the event of an objection, the Customer must detail the reasons for his objection and GONEXA will be entitled to terminate the Contract as of right by simple notification to the Customer by registered letter with acknowledgement of receipt and without this termination being considered as a contractual breach;

• If it receives a request, a notification, a complaint or any other communication addressed to the Customer from the persons whose Personal Data is processed, GONEXA will without delay transmit the request, notification, complaint or communication to the Customer and will provide assistance to the Customer in managing this request, notification, complaint or communication, as appropriate. The costs of this assistance may be subject to additional billing;

• Actively help the Customer, taking into account the nature of the treatment, to ensure compliance with the obligations provided for in articles 32 to 36 of the RGPD. The costs of this assistance may be subject to additional billing;

• Upon expiration or termination of the Contract and upon receipt of a written request from the Customer, return or destroy Personal Data, unless a legal obligation provided for by Applicable Legislation requires the storage of Personal Data;

• Make available to the Customer all the documents to verify compliance with the obligations defined in this document. To this end, the Customer may have an audit carried out during the Subcontractor's business hours by a third party commonly chosen by the Parties and subject to an obligation of confidentiality. Such an audit may be carried out at most once a year, after having respected a notice period of fifteen (15) days notified to the Subcontractor by registered letter with acknowledgement of receipt, by a third party selected jointly by the Parties and subject to an obligation of confidentiality. In any event, the costs of the audit will be borne exclusively by the Customer. GONEXA undertakes to participate in good faith in any audit operation requested by the Customer. In the event of a breach found during the audit, GONEXA will be required to implement appropriate corrective measures as soon as possible. If GONEXA provides evidence that the agreed Data Protection obligations are properly implemented, the audit will be limited to a sampling check.

 

2. Customer commitments with regard to the processing of Personal Data

 

The Customer undertakes to:

• Provide the Subcontractor with the Personal Data referred to in Article 3 of Annex 1;

• Document in writing any instructions concerning the processing of Personal Data by Gonexa;

• Provide information to the Persons concerned by the processing operations at the time of collection of Personal Data;

• Ensure, in advance and throughout the duration of Annex 1, that GONEXA complies - by GONEXA - with the obligations provided for by the Applicable Legislation.

• Create a backup of all relevant system files and databases prior to any maintenance and support actions by GONEXA.

 

3. Description of treatment activities

 

Persons concerned

Personal Data concerns the following categories of persons: the natural persons subject of the documents generated via the Gonexa Doc Solution

 

Personal Data Categories

The Personal Data processed concerns all categories of personal data that the Customer will use to generate documents via the Gonexa Doc Solution.

 

Treatment

Personal Data will be subject to the following basic processing activities: consultation of Personal Data as part of technical support operations.

 

4. Subcontractor

 

Name and address

Microsoft Azure

Services provided

Source code hosting.

Model hosting

Computing power

Place of treatment

France or Europe

 

Ready to get started?

Book an appointment with an expert
Contact us
Contact us