This agreement is between Archimed (“The Holder”) and the Client, hereinafter referred to together as “The Parties”.

PERSONAL DATA

The parties undertake to comply with the provisions of Regulation (EU) No. 2016/679 of 27 April 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data (hereinafter referred to together as the "Personal Data Regulation").

The Client acknowledges that it acts as controller within the meaning of the Personal Data Regulations in respect of the data it uses, processes and stores via the software on which the Holder provides his services.

On these aspects, the Client guarantees in particular that he/she is entitled to communicate to the Holder his/her personal data concerning the performance of the services, whether it concerns the data of his/her own customers or the data of his/her employees, and that the personal data provided have been processed in accordance with the Personal Data Regulations.

In this respect, the Client also declares that it is up to date with all the obligations arising from this regulation and in particular with the declaration or authorisation formalities. It is also the Client's responsibility to ensure that the persons concerned have been duly informed and to ensure that the data stored by the Holder, within the framework of this contract and/or at its end, are not kept beyond the legal deadlines. The Client also undertakes to ensure that his or her personal data also comply with the Personal Data Regulations, the terms of this contract and in particular to ensure the confidentiality and security of the information entrusted to the Holder.

As a subcontractor within the meaning of the Personal Data Regulations, the Holder undertakes to process the data only on documented instructions from the Client and to make its best efforts to ensure the confidentiality and security of the data entrusted by the Client in order to prevent such data from being distorted, damaged or communicated to unauthorised persons, and to follow the latter's instructions in this respect, in particular as regards the deletion of data. The Holder undertakes to use the personal data processed on behalf of the Client only to perform the services related to this contract and not to disclose such data to other persons without the prior consent of the Client. The Holder undertakes not to make copies or duplications of the personal data thus entrusted without the prior authorisation of the Client, unless such copies or duplications are necessary for the performance of its services. Finally, the Holder undertakes not to transfer personal data entrusted outside the European Union without the prior written consent of the Client.

The Holder shall provide reasonable assistance to the Customer to enable him to:

- comply with its obligation to assess the risks related to the processing of the personal data entrusted to it;

- comply with its obligation to notify the competent authorities and the persons concerned, where appropriate, of any security breaches or violations of personal data that may be identified. In this respect, the Holder undertakes to notify the Client as soon as possible of any incident likely to impact the data and of which it is aware;

- ensure that the rights of data subjects are respected, in particular in the event of a request for access, rectification, deletion, limitation or portability of their data, in particular by forwarding to it any request received directly in this respect.

- The Holder also undertakes to immediately inform the Client if it considers that an instruction from the latter constitutes a violation of the Personal Data Regulations and to notify it as soon as possible of any requests from the competent regulatory authority or any other entity authorised by law, with regard to the processing that the Holder carries out on behalf of the Client.

The Holder may have to resort to subcontractors acting under his responsibility in the context of the performance of the services and to whom his own obligations regarding the protection of personal data are passed on.

At the end of this contract, the Customer must inform the Holder of his choice either to return the personal data processed to the Customer or to destroy them, subject to and within the limits of the legal and regulatory obligations to retain them, if applicable, imposed on the Holder. Without information from the Client within 3 months, the Holder may delete them.

Finally, the Holder may also be required to process, as controller, personal data belonging to some of the Customer's employees limited mainly to names and professional contact details for the management of the commercial relationship (management of the contractual relationship, management of invoicing, etc.). The rights of access, rectification, opposition, limitation, deletion and portability can be exercised at the following address: dpo@archimed.fr

CONFIDENTIALITY

Each party undertakes to observe the utmost discretion with regard to all information from the other party, regardless of the nature of the information (right of protection, formula, process, know-how, specific information), both with regard to third parties and with regard to members of its staff not required to use or have knowledge of it. The provisions of this article do not apply to information that is commonly used to communicate to Customers, nor to information recognized as public.