ARUM AcCESs Commitment on General Data Protection Regulation Appendix to Contract (Article 6) relating to the Protection of Personal Data
ARUM AcCESs is committed to complying with the provisions of the Applicable Data Protection Act, constituted by the so-called “Computer and Freedoms” French law 78-17 and the European Regulation 2016/679 of 27 April 2016, as long as it is required to deal with “personal data” in the context of the implementation of this Contract.
For the purposes of this article, the terms ‘personal data’, ‘treat or process’, ‘responsible for processing’, ‘subcontractor’, ‘transfering’ have the same meaning as those given to them in Law 78-17 of 6 January 1978 relating to computers, files and freedoms, and in the European Regulation 2016/679 of 27 April 2016. These texts are together referred to as “Data Protection Legislation.” Personal data is thus considered confidential information.
Each of the Parties undertake to complying with the obligations arising from the application of any applicable data protection legislation. The Parties undertake to actively cooperate to enable the formalities to be completed and, if necessary, to obtain the authorisations of the relevant data protection authorities.
In the event of a conflict between (i) the terms and/or obligations of this Contract with (ii) the terms of the Applicable Data Protection Legislation, the latter will prevail over that contract.
Parties recognize and agree that each Party acts as the Responsible for Processing for its Personal Data Processing in relation to the provision and receipt of the Services.
Parties must, for the purpose of providing and receive services object of the Contract:
- Comply with their respective obligations under the applicable Data Protection Legislation, including but not limited to:
ensure that, for each person concerned, the person has received all the necessary information concerning: (i) the processing of their personal data for the purposes provided for this agreement; and (ii) the disclosure of personal data to the other Party;
ensure that, for each person concerned, each Party has a valid legal basis under applicable legislation to share its information with the other Party;
process Personal Data for the sole purpose of complying with its obligations under this Agreement;
implement, maintain and apply sufficient and appropriate technical and organisational measures that meet the requirements of the applicable Data Protection Legislation;
take all necessary measures to ensure the reliability of all staff with access to personal data and to ensure that all of these personnel are bound by an obligation to keep personal data confidential;
- At the request of the other Party and within a reasonable delay, provide proof of the actions taken to comply with its obligations under this section.
- Immediately inform the other Party in writing:
about any complaint directly or indirectly related to the handling of personal data under this agreement or to the compliance of either Party with applicable data protection legislation; or
if Personal Data is processed in violation of this Contract or applicable Data Protection Legislation; or
if Personal Data is lost or destroyed or damaged, corrupted or unusable, or if Personal Data has been affected by a security breach, and will provide the other Party (at the expense of the other Party) with full cooperation and assistance in this regard;
- When this agreement is terminated or expired, within a reasonable period of time, the Parties safely delete all personal data in their possession or control.
In the event that Personal Data is to be transferred outside the European Economic Area, the Parties will implement the EU standard contractual clauses or transfer this Personal Data in accordance with the principles of the Privacy Shield or another similar data transfer mechanism, approved and accepted by applicable data protection legislation.
Each of the Parties will compensate the other Party for all losses, damages and costs, any expenses incurred or to be incurred, and related to a third party’s appeal to the extent that it results from non-compliance with the obligations arising from this article
This article will remain in effect at all times when ARUM AcCESs (or a subcontractor on its behalf) processes personal data on behalf of the Customer, notwithstanding the termination or expiry of this Agreement.
7 bis rue des Clotais – 94360 BRY sut Marne – Tél. : 06 61 63 00 22 – Email : firstname.lastname@example.org
ARUM AcCESs – SASU au capital de 1 500 € – RCS CRETEIL 852 904 069 – SIRET 852 904 069 00014 – APE 7022Z – TVA FR 47852904069
ARUM AcCESs : Accompanying – Consulting – Education – Solutions