Extract from the general conditions
17. PERSONAL DATA
SeeZam® and the Members will ensure that personal data communicated in the context of these General Conditions and the use of the Site or the Services (the “Personal Data”) are processed in accordance with European Regulation 2016/679 of 27 April 2016, as amended or replaced (the “General Data Protection Regulation” or “GDPR“) and any other applicable laws, regulations, standards and other requirements relating to privacy, data protection or confidentiality, including European Union Directives and Regulations (“Data Protection Legislation“).
17.2 DATA DESCRIPTION
SeeZam® keeps and processes the names, first names and fixed and/or mobile telephone numbers of the Clients’ contacts (the “Commercial Data“) in particular to be able to report to its Clients any event requiring their intervention (including events related to the use of SeeZam, the follow-up of support requests and updates) or otherwise for the management of the relationship with the Client (including invoicing and payment for services) or to ensure SeeZam’s compliance with applicable laws and regulations.
The bank details of the Clients transmitted in the context of the renewal of the subscription to the Paid Services will be communicated to the organisation in charge of the online payment procedure for SeeZam® having all the required authorisations and complying with the latest security rules in the matter (the “Payment Provider“).
Data such as surname, first name, email address, mobile phone number and other data such as countries of residence or any other information appearing on the registration form provided for this purpose or provided by the Client and concerning the User (the “User Data“), will then be visible and editable by the User during his connection.
User Data is subject to editable parameters. With the exception of the user name and email address, User Data is unintelligible in form for SeeZam® because it is encrypted with the User’s keys, which SeeZam® does not have.
SeeZam® does not treat any sensitive data and collects as the only personal information of users an identifier whether explicit (first name. Last name) or not (FCVGT1245) and an email address whether explicit (prénom.nom@NomEntreprise.com) or not (email@example.com), which the user can change at any time.
The User can use the communicating vault function to share information with other Users. The User will be able to determine whether specific Data that he himself has chosen to provide to complete his profile will be visible or not to other Users.
SeeZam® has opted for the highest security rules and the application of a level that guarantees personal secrecy and encryption that ensures the confidentiality of his Members’ confidential or secret data.
SeeZam® is not able to decipher and take cognizance of the contents of Members’ safes and in particular of the personal data that may be contained in these safes (“the Safe Data“).
17.3 PROCESSING RESPONSIBILITY
The Member acting as controller
The User and/or the Client, as the case may be, is/are responsible for the processing (within the meaning of the GDPR) of the Commercial Data, User Data and Safe Data processed in connection with the use by Members of the Services, the Site or the Tools. SeeZam® will act as a subcontractor within the meaning of the GDPR in connection with such data processing operations.
Member warrants that all Data (in particular User Data and Safe Data) communicated or made available to SeeZam® or added to a safe has been collected and transferred in accordance with Data Protection Legislation.
The Member undertakes to meet all his obligations in his capacity as data controller and to indemnify SeeZam® from any claim and dispute concerning these obligations or concerning the guarantees formulated concerning the Data.
SeeZam® acting as controller
SeeZam® is only responsible for the processing of Business Data and User Data within the meaning of the GDPR in when SeeZam® processes them for its own purposes, and in particular when the processing is necessary for the performance of the General Conditions (for payment and invoicing issues for example), when SeeZam® is required to comply with its legal and regulatory obligations or meet the requests and requirements of public authorities or when the processing is necessary for SeeZam’s legitimate business interests (such as litigation management, client management or business development).
The Member undertakes to provide reasonable assistance to SeeZam® in fulfilling its obligations as controller. This assistance may include, on SeeZam’s request, providing specific information to Users regarding SeeZam’s processing of their data.
17.4 THE OBLIGATIONS OF SeeZam® AS DATA CONTROLLER
In order to fulfil the purposes described in article 17.2 and 17.3 and for which SeeZam® acts as controller, SeeZam:
- may be required to communicate specific Data to subcontractors or external service providers (notably the Payment Service Provider); and
- may be required to disclose any readable or intelligible content (email, login, name of a safe) to comply with applicable laws or if, in good faith, SeeZam® considers that such action is necessary, including in connection with judicial or administrative proceedings, to enforce these General Conditions, to respond to complaints and/or claims alleging infringement of the rights of third parties, to protect the rights or interests of SeeZam, his Members, or the public, without this list being exhaustive.
SeeZam® will take all precautionary measures to ensure the security of the Commercial Data and User Data in relation to which it may be regarded as data controller within the limits of the purposes referred to above in Article 17.2 and 17.3. However, it cannot rule out all the risks associated with the use of the Internet.
Rights of data subjects
SeeZam® will allow Members whose personal data are processed by SeeZam® in his capacity as controller to exercise the rights conferred on them by the GDPR insofar as this exercise is not limited by the technical characteristics of the Services offered by SeeZam. These rights consist of:
- access to the Data and information concerning the processing of it;
- the rectification of incorrect or incomplete Data;
- the deletion of Data under conditions;
- opposition to data processing based on SeeZam’s legitimate interest;
- the possibility of receiving the Data and transmitting it to another controller insofar as the legitimacy of the processing is based on the performance of a contract and the processing is automated;
- To exercise these rights, the Member can contact SeeZam® through the online forms.
SeeZam® will retain the Data only as long as necessary for the relevant processing activity and/or for the retention period permitted by applicable law.
17.5 OBLIGATIONS OF SeeZam® AS A SUBCONTRACTOR
The following provisions apply for Data processing operations for which SeeZam® acts as a subcontractor within the meaning of the GDPR.
SeeZam® undertakes, within the strict limits of what its Services technically allow, to:
- process the Data only under the terms of the order form or the General Conditions and on documented instruction from the Member responsible for processing;
- ensure that persons authorised to process the Data are subject to confidentiality;
- take appropriate technical and organisational data security measures and assist the Member who is the data controller, in fulfilling (i) his own data security obligations described in Articles 32 to 26 of the GDPR and (ii) his obligation to respond to requests from individuals concerned by the processing of their data with a view to exercising their rights;
- comply with the instructions of the Member who is a data controller concerning the return or deletion of Data at the end of the contract unless these instructions breach the applicable law;
- provide the Member who is a data controller, at his request, with the information strictly necessary to demonstrate compliance with his obligations as a processor and allow audits to be carried out in this respect (the number of audits being limited to 1 per year).
Within the context of his activity, SeeZam® may be required to communicate the User’s name and unencrypted email address only to persons to whom SeeZam® subcontracts specific work related to the operation of the Site.
SeeZam® will ensure that each of his contractors is bound by the same data protection obligations as SeeZam® under this article. SeeZam® will remain liable for the performance of his obligations as subcontractor when the processing is carried out by a subcontractor of SeeZam.