Sign in Try for free

GENERAL CONDITIONS OF SUBSCRIPTION AND USE OF THE GRYZZLY SAAS SOLUTION

Condition générales de'utilisation et de vente de Gryzzly

Last update : February 2024

Article 1. DEFINITIONS

“Subscription”: refers to the right to access and use the pay-as-you-go Solution in Saas mode, granted by the Supplier to the Customer and its Users, including the Associated Services, for the Price under the conditions defined in these GCUA;

“Data Protection Agreement”: means the Data Protection Agreement entered into between the Supplier and the Customer, set out in Appendix 1 ;

“Anomaly”: means any malfunction of the Solution that prevents its normal use when the Solution is used in accordance with its instructions and documentation;

“Blocking Anomaly”: means any Anomaly that makes it impossible to use all the functionalities of the Solution;

“Major Anomaly”: refers to an Anomaly which, without paralyzing the use of the Solution by the Customer, prevents the use of certain essential functionalities of the Solution (for example: the impossibility of entering times for a User);

“Minor Anomaly”: refers to any Anomaly other than Blocking or Major;

“Chatbot”: refers to the software agent that interacts with Users to enter their time into the Solution and that is integrated into Essential Third Party Products ;

“CGAU”: refers to these general terms and conditions of use and subscription to the Solution;

“General Terms and Conditions of Use”: refers to the general terms and conditions of use of the Solution; those in force at the time of signature of the Contract appear in Appendix 2 hereto; the applicable General Terms and Conditions of Use will be those accepted by any User, unless the latter have been updated in accordance with the terms and conditions set out herein;

“Contract”: means these GCUA including its Annexes and any Order;

“Order”: refers to any Subscription order placed by the Customer with the Supplier;

“General Terms and Conditions of the Payment Intermediary”: refers to the general terms and conditions of the Payment Intermediary accessible at the following address: https://stripe.com/fr/legal/ssa;

“Customer”: means “You” as a professional customer, who, in order to use the Solution, places an Order for a Subscription, under the conditions hereinafter defined. The Customer is understood to be an establishment in the legal sense of the term (identified individually by a SIRET number - company, subsidiary, branch, main establishment, secondary establishment, site, works council, etc.). The Customer is responsible for ensuring that Users accept the general conditions of use of the Solution, prior to accessing and using it;

“Source Code”: means the source program for the Solution, written in an advanced programming language that can be understood by a person skilled in the art;

“Trial”: refers to the fourteen (14) day free trial without commitment offered to the Customer under the conditions defined in this Agreement, in particular with regard to the functionalities of the Solution made available to the Customer and the number of Users to whom the Customer may give access to the Solution;

“Effective Date”: refers to the Subscription start date;

“Data or Customer Data”: refers to the Customer data collected by the Supplier via the Solution, which are all the Data entered and imported by Users; Customer Data may include Users’ Personal Data;

“Personal Data”: has the meaning defined in the Regulations;

“Contract Term”: means the Initial Period and any Renewal Periods;

“Supplier”: refers to GRYZZLY, a Société par Actions Simplifiée (simplified joint stock company) with capital of 15,866 euros, headquartered at 92 cours Lafayette - 69003 LYON, registered in the LYON Trade and Companies Register under number 837 971 324, represented by its Chairman, Mr Jonathan MAGAT, whose object, in France and abroad, training in software design and development for professional or personal use, computer programming, consulting and research into computer systems, website design and development on behalf of third parties;

“Web Interface”: refers to the dashboard used to enter and track Users’ time and budget for services sold by the Customer, accessible via the Essential Third-Party Products login by any User; depending on the User’s role in the Solution, the User has more or less extensive rights to the Web Interface and access to more or less functions;

“Initial Period”: refers to the initial commitment period of a Subscription, as indicated within the dedicated Subscription offer;

“Renewal Period”: refers to the tacit renewal term of the Subscription, which comes into effect at the end of the Initial Period and ends on termination of the Contract under the conditions set out in article 10.2 ;

“Essential Third-Party Products”: refers to any third-party product without which the Solution cannot be accessed and operated (by means of an API key), which can be used from the Solution or to which the Solution is integrated, and for which the rights of use are granted to the Customer by a third party directly (and not by the Supplier itself) in accordance with the third-party supplier’s own licensing terms or services;

“Non-Essential Third-Party Product”: means any third-party product which is not required to access and operate the Solution (by means of an API key) and can be used from the Solution or to which the Solution is integrated and for which the rights of use are granted to the Customer by a third party directly (and not by the Supplier itself) in accordance with the third-party supplier’s own license or service conditions.

“Third-Party Products”: means any Essential Third-Party Product and any Non-Essential Third-Party Product.

“Price”: means the annual or monthly Subscription price paid by the Customer to access the Solution, as specified in the Subscription Order placed by the Customer, and which includes the right to access and use the Solution and the Associated Services;

“Solution”: refers to the “GRYZZLY” software solution developed and published by the Supplier, accessible in Saas (software-as-a-service) mode by the Customer and its Users; the Solution constitutes assistance in project management and consists of the Chatbot and the Web Interface;

“Party(ies)”: means individually the Supplier or the Customer and collectively the Supplier and the Customer;

“GDPR”: refers to the General Data Protection Regulation (EU) 2016/679 ;

“User”: refers to any natural person designated by the Customer among its employees who has more or less extensive rights to the Solution attached to his/her role, and who has accepted the Solution’s General Conditions of Use: this may be an administrator, a manager, a collaborator, a contributor or a project manager;

“Subsequent Subcontractor(s)”: means within the meaning of the RGPD any entity engaged by the Supplier identified in Appendix 2 below, to carry out specific processing activities to be performed under the Contract ;

“Support”: refers to the support services for the Solution provided by the Supplier to the Customer as part of the Associated Services;

“Scheduled Downtime” has the meaning defined in article 7.3.2 ;

“Associated Services”: refers to Maintenance, Data Hosting and Solution Support services, as included in the Subscription Price;

“Payment Intermediary”: refers to the payment intermediary used by GRYZZLY for the payment of Subscriptions. The identity of the Payment Intermediary is attached in Appendix 3 of the GCUA.

Article 2. PURPOSE - ORDERS

The purpose of the GCSU is to determine the conditions under which the Supplier grants the Customer the right to access and use the Solution in Saas mode and to benefit from Associated Services during the Term of the Contract.

The GCUA apply to all Orders.

Together with the Order, the GCUA form the Contract. They are supplemented by the General Terms of Use and the Data Protection Agreement.

By using the Solution, the Customer undertakes to ensure that the User acknowledges and agrees to be bound by the Terms and Conditions of Use. The Supplier recommends that each Customer print out a copy of the GCUA and their Appendices and keep it.

Article 3. NO INTERMEDIATION BY THE SUPPLIER - THIRD-PARTY SITES AND COMMERCIAL ELEMENTS

The Solution is designed to enable Users to facilitate the recording of their time and tasks, as well as to monitor the budgets of related consultancy services and/or their production activity. The Solution thus centralizes communication flows between Users and connects all resources, both human and technical, in order to boost productivity.

The Solution represents assistance in project management. It is not a substitute for human resources, nor does it justify any exemption under current laws and regulations.

No other purpose or warranty is given by the Supplier, which the Customer acknowledges and accepts.

The Supplier does not act as an intermediary between the Customer and other Users. The Supplier cannot be held liable in this respect.

By virtue of its integration with a Third-Party Product and the payment of the Subscription Price managed by the Payment Intermediary, the Solution contains elements and/or hypertext links referring to websites managed by persons other than the Supplier, including but not limited to the holders of the rights to the Third-Party Products over which the Supplier exercises no control whatsoever.

The Supplier assumes no responsibility for these elements, sites or content to which these elements and sites may refer. The presence of these elements and hypertext links does not imply that the Supplier approves, in any way whatsoever, the content in question. The Supplier is not responsible for any changes or updates to these elements and websites.

The Supplier is not responsible for the transmission of information from them, nor for their malfunction or execution.

Users are solely responsible for all interactions and/or transactions carried out with third parties (including, in particular, Third-Party Products and the Payment Intermediary) when using the Solution.

No stipulation of the GCUA, nor any agreement whatsoever, shall be deemed to place the Supplier and any of the Users within the framework of an association, company, EIG, enterprise or any other legal or de facto grouping or agency or commercial representation relationship, employee relationship, servant relationship or the like. Neither the Supplier, nor any of the Users shall have the right or authority to undertake any action likely to create any obligation on the part of either of the Parties.

Article 4. ACCESS TO THE SOLUTION - ACCEPTANCE OF TERMS AND CONDITIONS - MODIFICATION OF TERMS AND CONDITIONS

The Solution is accessible to all Users under the conditions set out in the General Terms of Use.

The Customer acknowledges that it has the skills and equipment (computer, telecommunication means, etc.) required to access the Solution, and that it makes all skills and equipment available to Users to enable them to use it, in accordance with its General Conditions of Use. In any event, the Customer shall personally assume all costs related to such equipment (telecommunication costs, etc.).

Under no circumstances shall the Supplier be held liable for any damage, direct or indirect, regardless of cause or date, resulting from the downloading, installation and/or use of a Third-Party Essential Product, which is subject to its own third-party conditions.

In addition, as part of the registration procedure, each User must expressly accept the Solution’s General Terms and Conditions of Use by ticking a box before accessing and using the Solution.

Article 5. Trial period

Following the Customer’s registration, the Solution becomes accessible to the Customer free of charge during the Trial period, from the date of creation of the Gryzzly space.

At the end of the Trial period, the Customer will have the choice of placing an Order for a dedicated Subscription in order to continue to use the Solution and allow its Users to benefit from it, or to cease all use of the Solution. The Supplier will notify the Customer of the approaching end of the Trial period at least seventy-two (72) hours in advance, so that the Customer can place an Order for a Subscription if he so wishes. Only by ordering a Subscription before the end of the Trial period can Users continue to use the Solution.

In the absence of a Subscription Order, the Customer and other Users will lose the benefit of the Solution and will no longer be able to use it, without any compensation. The Customer’s Data will be made available by the Supplier, under the conditions set out in article 12.2.

Article 6. SUBSCRIPTION OFFER - ORDER PROCEDURES - PROOF

In return for access to and use of the Solution, the Customer undertakes to place a Subscription Order with the Supplier. Subscription offers appear on the Site, and are valid only for the content described, on the day of the Order. Any modification and/or upgrade must be the subject of a new Subscription, in accordance with the dedicated offers.

Without prejudice to the application of all the stipulations of the GCUA, which are fully applicable as soon as they are accepted by the User, the Supplier offers a Trial to the Customer, to test the Solution.

At the end of this Trial period, the Customer must place an Order or cease all use of the Solution, as indicated in article 5 above.

A Subscription is binding on the Customer, who undertakes to pay the Price in full. Any Subscription initiated under these conditions is due in full.

A Subscription is non-transferable and personal to the Customer, except with the Supplier’s prior written consent.

Computerized registers, kept in the Supplier’s computer systems under reasonable security conditions, will be considered as proof of communications, Orders and payments between the Parties. Orders and invoices are archived on a reliable and durable medium that can be produced as proof.

Article 7. SUBSCRIPTION DESCRIPTION

7.1. Subscription description

Subscription includes :

  • Access to the Solution in the form of a right of access and use under the conditions defined in article 7.2 ;
  • Associated Services, as defined in article 7.3.

7.2. Right to access and use the Solution

To be able to access and use the Solution, all Users must first have an account with an Essential Third Party Product specified in the documentation to which the Chatbot of the Solution is integrated in order to function.

The Supplier grants the Customer a right to access and use the Solution under the conditions defined in article 13.2 below.

7.3. Associated Services included in the Subscription

Under the Subscription, the Supplier provides the following Associated Services:

  • Hosting of the Solution and Data ;
  • Maintenance ;
  • Support.

All of the Supplier’s interventions in respect of the Associated Services listed above are carried out remotely. Should the Customer require the Supplier’s personnel to travel in order to carry out these Associated Services, the Customer shall reimburse the Supplier for such travel time and expenses upon presentation of receipts.

7.3.1. Solution and data hosting

The Supplier undertakes to provide the server power required to operate the Solution and host the Data for the duration of the Contract.

In view of the foregoing, the Customer hereby grants the Supplier and its subcontractors a non-exclusive, worldwide, free and non-transferable license to host, cache, copy and display the Customer Data within the Solution as it is accessible to Users only for the sole purpose of performing the Agreement.

This license will terminate automatically on termination of the Contract, unless it is necessary to continue hosting and processing Customer Data at the Customer’s request, in particular in the context of implementing reversibility operations under the conditions set out in article 12.2 below.

The Customer guarantees to be :

  • Owner of the Customer Data collected via the Solution for the purposes hereof, insofar as such Data is subject to such ownership;
  • That it has all the necessary authorizations to use the Customer Data within the framework of the Contract and that it may freely grant a license under the aforementioned terms to the Supplier and its subcontractors.

The Customer undertakes to indemnify the Supplier for any financial consequences that the Supplier may incur as a result of the Customer’s failure to comply with the aforementioned guarantees concerning its Data.

The Supplier regularly backs up the Data. To this end, it ensures a redundant backup, so that the Customer is able, as far as possible, to access its Data at any time, within the limit of the availability rate provided for herein.

7.3.2. Maintenance

The Supplier provides Maintenance under the conditions defined below.

With regard to Maintenance, the Supplier will use its best efforts to ensure the operation of the Solution 24 hours a day, 7 days a week, excluding the time devoted to Corrective Maintenance, whether scheduled or unscheduled, which will, as far as possible, be scheduled during the Customer’s non-working hours.

The Supplier will regularly make corrections and updates to the Solution, at any time, in order to improve functionality.

The Supplier will inform the Customer of all corrective and evolutionary Maintenance operations five (5) working days in advance. Some of these operations may be carried out during the day, subject to the Customer’s agreement. All downtime due to corrective Maintenance operations agreed between the Parties will hereinafter be referred to as “Scheduled Downtime”.

The Customer acknowledges that the Solution may be unavailable during Scheduled Downtime and that Scheduled Downtime will not be deducted from the Solution’s availability rate.

The Supplier will nevertheless make every effort to limit the duration and disruption caused by these operations.

7.3.3. Support

In the event of an Anomaly noted by the Customer concerning the operation of the Solution, the Customer may contact the Solution Support department under the conditions defined below.

The Solution Support department, via the Customer’s designated contact, will qualify the level of Anomaly concerned, subject to a sufficient description of the problems encountered by the Customer. In the absence of such a sufficient description, the Supplier shall be entitled to request additional information from the Customer.

The Supplier provides Support to the Customer at the following times, on the following days and under the following conditions:

  • Operating days: Monday to Friday, excluding French public holidays
  • Working hours: 9am to 6pm (CET, France)
  • Telephone: 09 80 80 55 51
  • E-mail :help@gryzzly.io

Schedules may be unilaterally modified by the Supplier upon simple notification to the Customer.

The Supplier’s response times are as follows:

  • Blocking anomaly: one (1) working day
  • Major defect: seven (7) working days
  • Minor defect: thirty (30) working days

Intervention times are counted from the moment the Customer has sufficiently described the problems encountered.

The time limits for consideration, correction or bypass stipulated herein constitute an obligation of means incumbent on the Supplier, who will make its best efforts to intervene and remedy the Anomalies as soon as possible, but may not be held liable in this respect.

The Supplier may not be held liable in the event of an Anomaly resulting from a partial or total malfunction of an API developed by the Customer.

Article 8. SUPPLIER COMMITMENTS

The Supplier undertakes, as a professional, to cooperate with the Customer and to exercise all due care and diligence in the supply of the Solution and Associated Services in terms of quality in accordance with the rules of the trade.

The Supplier undertakes to provide the Customer with all information necessary for the proper performance of the Contract, and to advise, inform and warn the Customer throughout the performance of the Contract in connection with the use of the Solution.

The Supplier undertakes, throughout the Term of the Contract and in accordance with good practice in its profession, to assign a sufficient number of (a) competent and experienced personnel and (b) personnel to ensure the proper performance of the Contract.

The Supplier’s personnel remain at all times under the hierarchical and disciplinary authority of the Supplier, who, at all times during the performance of the Associated Services, in its capacity as employer, is responsible for the administrative, accounting and social management of its personnel, including when the Supplier’s personnel are on the Customer’s site.

The Supplier warrants that the Associated Services will be performed solely by employees employed in accordance with Articles L 3243-1, L 3243-2, L 3243-4, L 1221-13, L 1221-15, and L 1221-10 of the French Labor Code and in compliance with the provisions of Articles L 8221-1 and L 8221-5 of the same Code. The Supplier further declares that all members of its personnel assigned to the performance of the Associated Services are duly registered with the social services.

The Supplier undertakes to provide, at the Customer’s first request :

  • An extract of the company’s registration with the Registre du Commerce et des Sociétés (k-bis);
  • A certificate of vigilance, issued by URSSAF, stating the number of employees and total remuneration declared by the Supplier at the last due date. This document must also attest to the Supplier’s compliance with its obligations to declare and pay social security contributions;
  • Where applicable, a list of foreign employees requiring work authorization (date of hire, nationality, type of authentication number).

Article 9. CUSTOMER COMMITMENTS

The Customer is solely responsible for the security of the individual workstations of its Users enabling access to the Solution, as well as for the access identifiers to the Essential Third-Party Products enabling access to the Solution. In the event that the Customer becomes aware of a fraudulent intrusion on its information system, its intranet and/or one of the individual workstations, it will immediately inform the Supplier in writing.

In general, the Customer undertakes to cooperate with the Supplier and to provide it with any information necessary for the proper performance of the Contract, in good time. Should the Customer fail to fulfill its obligations to cooperate in a timely and/or sufficient manner, the Supplier shall not be liable for such failure, and shall not be held responsible for any delays or difficulties encountered by the Supplier.

The Customer is solely responsible for its choice of Internet access provider enabling it to access the Solution. The Supplier provides no guarantee in this respect and cannot be held responsible for interruptions and/or unavailability and/or errors or bugs occurring on the Solution solely as a result.

The Customer is solely responsible for the use of the Solution and Data in accordance with applicable French and/or foreign regulations. Under no circumstances may the Customer seek the Supplier’s liability in this respect. The Supplier does not guarantee that the Solution is adapted to the Customer’s needs.

The Customer shall use the Solution in accordance with the Contract and the documentation and any written instructions that may be issued by the Supplier (in particular in the event of the identification of a security flaw).

Article 10. CONTRACT DURATION - RENEWAL

10.1 Entry into force of the Contract

The Contract comes into force on the Effective Date for the duration of the Initial Period.

The duration of the Initial Period is monthly or annual.

10.1 Subscription renewal - Termination

At the end of the Initial Period, the Subscription will be tacitly renewed for successive Renewal Periods of one (1) month or (1) year depending on the duration of the Initial Period, unless terminated in accordance with the conditions set out below.

Seventy-two (72) hours before the end of a current monthly or annual term, the Supplier will notify the Customer of the approaching end of the Initial Period and the tacit renewal of the Subscription for a Renewal Period.

Each Subscription will thus be tacitly renewed on a monthly or annual basis, unless prior cancellation is made by Notification to the Supplier with acknowledgement of receipt twenty-four (24) hours before the end of the Initial Period or Renewal Period concerned.

Any Notification after the notice period, except for a legitimate reason, will not be considered as a regular termination of the Subscription, which will then be tacitly renewed for a new period.

Article 11. PRICES AND PAYMENT TERMS

The Subscription Price is calculated according to the number of Users, over the past monthly and/or annual term. The method of calculating the Subscription price is shown on the pricing page of the Supplier’s website, accessible at the following address: https//www.gryzzly.io and, at any time, from the Solution, on the Subscription page.

There is no limit to the number of projects and times you can enter, including in the case of the Trial.

The Customer undertakes to ensure that all information provided for the purpose of calculating the amount of the corresponding Subscription is complete, accurate and precise.

To this end, the Supplier will keep a detailed statement of the number of Users per Customer account, so as to be able to calculate the amount of the Subscription due by the Customer. This statement will be drawn up and updated on a monthly basis. This statement will be kept at the disposal of the Parties until the date of termination of the Subscription, whatever the cause or date, and thereafter, for the purposes of payment of the Subscription, if any, due to the Supplier.

The sums due by the Customer for a Subscription are payable by credit card using the Payment Intermediary’s online payment platform.

As payment of the Subscription is based on the use of the online payment platform managed by the Payment Intermediary, this legally implies that the Customer is contracting with the Payment Intermediary for all aspects of payment, and expressly accepts the Payment Intermediary’s General Terms and Conditions.

CONSEQUENTLY, SUBSCRIPTION ORDERS ARE SUBJECT TO THE CUSTOMER’S PRIOR ACCEPTANCE OF THE PAYMENT INTERMEDIARY’S GENERAL TERMS AND CONDITIONS.

For the purposes of Subscription payment, Users expressly authorize the communication to the Payment Intermediary of all useful personal information concerning them, for the calculation of the corresponding Subscription due All sums paid to the Supplier, including in the event of early termination, shall be retained by the Supplier and shall not be subject to return or reimbursement.

Unjustified non-payment of an invoice may result in suspension of the Subscription (and without prejudice to any other action, in particular recovery of the Price still due for the Subscription taken out). Any sum not paid by the due date will automatically incur late payment interest equivalent to the ECB (European Central Bank) refinancing rate plus ten (10) points, as well as the payment of a lump sum of forty (40) euros to cover collection costs. This interest runs from the due date until full payment.

In any event, the Customer remains solely liable to Users for all the consequences of its failure, without any possible compensation.

Subscriptions, including all or part of their content, may be modified, subject to a fifteen (15) day notice period for the Supplier. Modifications will not affect Subscriptions in progress and/or subscribed and/or renewed prior to the effective date in question. If the Customer does not agree with the Supplier’s new pricing, it must inform the Supplier by Notification of its wish not to renew the Subscription, under the conditions set out above.

Article 12. EARLY TERMINATION FOR FAULT

12.1 Cancellation

Or In the event of termination as defined in article 10.2 hereof, if either of the Parties is in serious breach of one of its essential obligations under the Contract as defined in articles 6, 7, 8, 9, 11, 13, 14, 15, 16, 17 , the other Party may, thirty (30) days after formal notice has been given by registered letter with acknowledgement of receipt, which has remained unsuccessful, declare the Contract terminated ipso jure, without further formality.

If the effects of a case of force majeure, as defined in article 12.2 below, should last for more than thirty (30) days, the Contract may be terminated by operation of law at the request of either Party after written notification by registered letter with acknowledgement of receipt, without entitlement to compensation.

12.2 Effects of termination - Reversibility

Whatever the reason for termination of the Contract, the Customer undertakes to immediately cease all use of the Solution. The Supplier may terminate Users’ access to the Solution, without being held responsible for doing so.

Termination of the Contract for any reason whatsoever obliges the Customer to pay all sums due to the Supplier in accordance with the terms of the Contract.

The Supplier undertakes to make available to the Customer, within eight (8) days of termination of the Contract for any reason whatsoever, an export of all Data in the following format: “.csv”, or failing this, in a standard computer format readable without difficulty in an equivalent environment, for a period of (3) months. After this period of three (3) months, the Data held in the Supplier’s computer systems will be automatically deleted. The Supplier must be able to provide proof of this at the Customer’s first request.

The Supplier undertakes not to keep any copy of the Customer Data, of its Users, on its hosting servers or those of its possible Subsequent Subcontractors. However, the Customer acknowledges and accepts that Customer Data will be anonymized for use by the Supplier for statistical analysis purposes.

Article 13. INTELLECTUAL PROPERTY

13.1 Reservation of rights

The Parties acknowledge that the Supplier holds all intellectual property rights to the Solution, and/or has the necessary rights to grant the Customer the rights covered hereby.

The Supplier thus retains exclusive intellectual property rights over the Solution, including all related Source Code and all improvements, enhancements, modifications, configurations and customizations, methods and know-how, it being understood that all intellectual property rights over all or part of the Third-Party Products are and remain the exclusive property of such Third-Party(ies). The Contract does not confer any ownership rights on the Customer.

13.2 Conditions of use of the Solution

Subject to compliance by the Customer with the terms of the Agreement, the Supplier grants the Customer a right of access and use of the Solution which is personal, non-exclusive, non-transferable and limited to the duration of the Agreement, under the strict conditions defined in the present article, and within the limit of the number of Users defined within the Subscription offer. Except in cases where the law prohibits such a restriction, the Customer undertakes to use the Solution only for its own business needs. In this context, the Customer shall restrict its use to:

  • Users; and
  • To the exclusion of all third parties; and
  • Excluding any commercial use or exploitation on behalf of third parties and/or any distribution of the Solution to third parties, whether free of charge or in return for payment.

The Customer undertakes to ensure that only Users have access to the Solution and that they use it in accordance with the Contract.

The Customer and its Users must also have taken out a subscription with the publishers of the Essential Third-Party Products and have accepted the general conditions of use of these Essential Third-Party Products. The Customer acknowledges that access to the Solution is dependent on his subscription to the Essential Third-Party Products. Consequently, the Customer undertakes to maintain valid connections to the Essential Third-Party Products throughout the Term of the Contract, in compliance with the terms and conditions imposed by the third-party publishers supplying the latter. Failing this, the Customer acknowledges that the Solution cannot be used, for which the Supplier cannot be held responsible. The Customer acknowledges that in all cases, the Supplier is committed for the Initial Period, and that consequently, the sums invoiced will be due by the Customer, even if the Solution is inaccessible due to these Essential Third-Party Products.

The Customer agrees not to transfer, provide, lend, rent, distribute, sublicense or grant any other rights to the Solution, or more generally, to communicate to a third party all or part of the Solution, without the Supplier’s prior written consent. The Customer undertakes not to use the Solution for purposes contrary to the law and/or infringing the rights of third parties.

Under no circumstances may the Customer and Users :

  • modify the Solution and its functionalities,
  • reproduce the Solution and its functionalities,
  • distribute the Solution commercially,
  • arrange, adapt and translate the Solution and its functionalities,
  • market the Solution,
  • correct the Solution and its functionalities,
  • decompile the Solution,

either directly or with the assistance of a third party, without the Supplier’s prior written consent, except under the conditions strictly provided for by law.

Any failure to comply with the provisions of this article shall constitute a breach of the Contract.

The right of access and use provided for herein concerning the Solution extends to all minor and major developments supplied hereunder by the Supplier to the Customer during the term of the Contract.

13.3 Counterfeiting

With the exception of Third-Party Products, the Supplier declares that it is the author of the Solution and all its constituent elements, including content and graphics, and more generally holds all intellectual property rights pertaining thereto. It therefore guarantees the peaceful enjoyment of the Solution by the Customer, whether as a result of its own actions or those of third parties.

Henceforth, the Supplier shall be personally responsible for any claim of infringement made by a third party against the Customer and based on the Customer’s use of the Solution, provided that :

  • The Customer has informed the Supplier within eight (8) days of receipt of this complaint;
  • The Customer has used the Solution in accordance with this Agreement;
  • The Customer entrusts the management of this dispute exclusively to the Supplier;
  • The Customer shall provide the Supplier with all necessary information and reasonable assistance at its own expense in settling the dispute.

Under this infringement action, the Supplier’s liability is limited to the following, at the Supplier’s option - provided this limitation is applicable under applicable law:

  • The replacement or modification, at no cost to the customer, of infringing elements of the Solution to ensure its continued use;
  • Obtaining from the third party the right for the Customer to continue using the Solution at no cost to the Customer;
  • Immediate termination of this Agreement without the Customer being entitled to claim reimbursement of any sum or being required to pay any other amount to the Supplier in respect of the current Initial or Renewal Period; in such a case, the Supplier will immediately implement the reversibility provided for in article 12.2 of the Agreement, at no cost to the Customer.

Article 14. CUSTOMER DATA

14.1

The Customer is the owner or holder of the Customer Data, or has the rights to use the Customer Data and to grant rights to the Supplier hereunder. The Customer warrants to the Supplier that the use of the Customer Data in accordance with the Agreement does not constitute misappropriation, appropriation or infringement of any third party rights. The Supplier shall not be liable for the nature and content of the Customer Data, or for the interpretation or analysis of the Data obtained using the Solution.

14.2

The Customer grants the Supplier and its subcontractors involved in the Contract, the non-exclusive rights and for the territory concerned, to hold, store, host, access the Customer Data for the exclusive purpose of performing its obligations under the Contract and providing the Solution and Associated Services where applicable (including to prevent or resolve security or technical problems) including the provision and enhancement of any features, functionalities and/or machine learning automations for such services. Any other use of Customer Data by the Supplier is expressly prohibited.

14.3

The Supplier may access and use Customer Data if required to do so by law, court order or administrative decision. The Supplier reserves the right to block the Customer’s access to the Solution and Associated Services and/or to delete Customer Data if it believes that the Customer is in violation of the law or if the Supplier is legally required to delete such Customer Data.

14.4

The Customer will assume any third-party claim against the Supplier, hold the Supplier harmless and indemnify the Supplier for any damages awarded against it or resulting from an out-of-court settlement (including by paying reasonable legal or expert fees) based on (a) the Supplier’s use of Customer Data or any other data or material provided to the Supplier by the Customer and (b) the Supplier’s violation of any property right of the Customer, or experts’ fees) based on (a) the Supplier’s use of the Customer Data or any other data or material provided to the Supplier by the Customer and (b) the Customer’s infringement of a third party’s intellectual property right including a non-conforming use of a Third Party Product To enable this assumption, the Supplier will (i) promptly notify the Customer in writing of such claim and allow the Customer to defend the claim and all related negotiations, (ii) cooperate in the defense and provide all necessary information and authority to the Customer without settling such claim itself and (iii) admit no liability on behalf of the Customer.

Article 15. LIABILITY - WARRANTY - FORCE MAJEURE - INSURANCE

15.1 Liability - Warranty

The Supplier guarantees that it will provide the Customer with a Solution that complies with the documentation provided to the Customer upon signature of the Contract.

The Supplier is in no way responsible for any malfunction of Third-Party Products making access to the Solution impossible or difficult.

The present warranty is excluded if the Customer fails to comply with the conditions of use of the Solution. In particular, the Supplier in no way guarantees the suitability of the Solution for the Customer’s particular needs, nor the absence of bugs in the Solution, nor the absence of failures or malfunctions due to interruptions or poor quality of the communication networks linking the Solution to the Customer’s information system.

Except for this warranty expressly set forth in this Article 15.1 and any warranty which may not be excluded or limited under applicable law, the Supplier disclaims and excludes all other warranties, express or implied, including, but not limited to, implied warranties of merchantability and fitness for a particular purpose.

The Supplier is only bound by an obligation of means. Consequently, the Customer uses the Solution under its sole responsibility, with no possible recourse against the Supplier.

The Supplier’s liability under this Contract is limited to the total amount of the sums paid by the Customer under the Contract, during the twelve (12) months preceding the event giving rise to the liability claim. This limitation does not apply in the event of personal injury.

Under no circumstances shall the Supplier be held liable in the event of :

  • Modification of all or part of the Solution not carried out by the Supplier or by one of the approved service providers designated by the Supplier;
  • Use of all or part of the Solution when the Supplier, following a difficulty or for any other reason whatsoever, had recommended suspending use of the Solution;
  • Use of the Solution in an environment that does not comply with the documentation requirements, or in connection with third-party programs or data not expressly endorsed by the Supplier,
  • The occurrence of any damage resulting from the Customer’s fault or negligence, or which the Customer could have avoided by seeking the Supplier’s advice;
  • The occurrence of any damage resulting from the fault or negligence of a third party;
  • Use in connection with the Solution of programs not supplied or endorsed by the Supplier and likely to affect the Solution or Customer Data;
  • Failure to use the most recent version of the Solution, when the claim could have been avoided by using this most recent version.

The Supplier shall not be held liable for any indirect and/or intangible damage suffered by the Customer as a result of using the Solution, as the notion of indirect and/or intangible damage is defined by the established case law of the French courts, and in particular for any loss or destruction, total or partial, of Customer Data, in the event of corruption of Data, loss of profits, loss of revenue, loss of image, loss of clientele or weakening of any element of the Customer’s assets.

15.2 Force majeure

Neither Party shall be liable for delay or non-performance of any obligation under this Agreement resulting from an event of force majeure as defined by French law and jurisprudence.

However, it is expressly agreed between the Parties that failures, malfunctions, interruptions or poor quality of the communications network constitute a case of force majeure beyond the control of any of the Parties and meet the criterion of unpredictability.

15.3 Insurance

The Supplier undertakes to take out liability insurance with a reputable and solvent insurer and to maintain such insurance in force for the duration of the Contract. The Supplier has taken out professional liability insurance covering all its activities and the risks of errors and omissions, bodily injury, property damage and contractual damage.

Article 16. PRIVACY

The Parties undertake to keep strictly confidential all Confidential Information exchanged within the framework of the Contract, regardless of the mode of transmission of such Confidential Information, and in particular to :

  • Not to communicate or disclose Confidential Information, directly or indirectly, to any third party whatsoever,
  • Communicate Confidential Information from the Disclosing Party only to those members of its staff who need to know it in order to perform the Contract, after informing them of their obligations under the Contract,
  • Reproduce the Confidential Information and/or record it on any electronic medium only to the extent strictly necessary to achieve this purpose,
  • Not to apply for a patent or any other industrial or intellectual property right including this Confidential Information,
  • Adopt and maintain all measures necessary to prevent unauthorized access to the Disclosing Party’s Confidential Information and to ensure that Confidential Information disclosed by the Disclosing Party to the Receiving Party is treated with the same degree of protection and care as its own Confidential Information, and in particular to take all measures to prevent and protect against theft, unauthorized disclosure, copying or reproduction of the Disclosing Party’s Confidential Information.

Notwithstanding the foregoing, the Parties may be required to disclose any Confidential Information by operation of law, or by governmental, administrative or judicial decision. In such a case, the requested Party will inform the other Party immediately and without delay of the request in order to enable the said Party to give its prior assistance to the communication of any Confidential Information.

The confidentiality obligations set forth in this Agreement shall not apply to information of which the receiving Party can provide proof:

  • That they were in the public domain at the time of disclosure, other than by breach of this Agreement,
  • It was in its possession prior to the signing of this Contract,
  • That they have been revealed to it by a third party not bound by an obligation of confidentiality towards the other Party,
  • That their disclosure has been expressly authorized by the other Party.

The Receiving Party acknowledges that the Confidential Information originating from the Disclosing Party remains the property of the latter, and undertakes to return or destroy at the first request of the Disclosing Party or at the latest at the end of this Agreement, all Confidential Information, including all copies, reproductions, notes, documents and media which may be in its possession and which remain the exclusive property of the Disclosing Party.

The provisions of this section “Confidentiality” shall remain in force during the Term of the Contract and for five (5) years after its expiry or termination for any reason whatsoever.

Article 17. PERSONAL DATA

17.1

Each Party will process Personal Data in accordance with the Contract and the Regulations.

17.2

If the Supplier processes Personal Data in the name and on behalf of the Customer, the Supplier shall be deemed to be acting as a processor and the Customer as a data controller and in accordance with the provisions of the attached Data Protection Agreement.

17.3

In addition, for the performance of the Contract, and/or to meet legal and regulatory obligations, and/or the Supplier’s legitimate interest, the Supplier acting as data controller, processes Personal Data relating to the Customer’s employees or managers (which may include, for example, but without limitation, information such as first and last names, business address and telephone number) in particular to manage the commercial relationship with the Customer (management of contracts, Customer accounts, orders, Subscription, training, management of invoicing and accounting…). This Personal Data is processed in compliance with the Regulations and may be shared with the Supplier’s subcontractors who need to know it in order to perform the Contract. Data subjects may exercise their rights of access, rectification, etc. by sending a letter to the Supplier’s address at the top of the Contract.

Article 18. INDEPENDENCE OF THE PARTIES

The Parties shall at all times act as independent parties in the performance of their obligations under this Agreement. The Contract does not create any relationship, association, partnership or joint venture between the Parties. Neither Party may make any commitment or incur any costs or expenses on behalf of the other.

Article 19. NOTIFICATION - WAIVER

Unless otherwise specified in the Contract, notifications to Users - including in particular all information, commercial elements, news and updates from the Supplier, modifications and formal notices - are made by e-mail. Where applicable, notifications may be made directly via the Solution’s Web Interface.

Any Notification, demand, or other communication required under the Contract shall be in writing and addressed to the Customer’s or Supplier’s notification address and delivered: (a) by hand; (b) by registered mail; (c) by courier.

The fact that a Party does not avail itself at a given time of any of the provisions of this Contract and/or tolerates a breach by the other Party of any of the obligations referred to in this Contract, may not be interpreted as a waiver by that Party of its right to avail itself subsequently of any of the said conditions.

Article 20. MODIFICATIONS TO THE CGAU

THE GSA MAY BE MODIFIED BY THE SUPPLIER, IN PARTICULAR IN THE EVENT OF COMMERCIAL, FINANCIAL, ECONOMIC, TECHNICAL, LEGAL OR JURISPRUDENTIAL DEVELOPMENTS, OR WHEN NEW FUNCTIONALITIES OF THE SOLUTION ARE IMPLEMENTED. The Supplier will inform the Customer sufficiently in advance. The Customer must accept any substantial modification of the GCUA.

Article 21. INTEGRALITY - DISABILITY - LEGISLATION AND REGULATIONS

The Agreement constitutes the entire agreement between the Parties with respect to the subject matter hereof.

If one or more stipulations of the Contract are held to be invalid or declared as such in application of a law, a regulation - and in particular European Union law - or following a final decision by a competent court, the other stipulations shall retain all their force and scope. The Supplier will make the necessary modifications without delay, respecting as far as possible the spirit of the Contract.

The contractual conditions are established within the framework of the legal and regulatory provisions in force on the date the Supplier’s offer is drawn up. In the event of changes to these provisions, which would modify the economic conditions of the offer and/or the GCUA, the Parties will meet to adapt the terms to the new situation in good faith.

Article 22. APPLICABLE LAW - DISPUTES

The GCUA shall be governed by and construed in accordance with the laws and regulations of France. All disputes and disagreements relating to the Contract, the GCUA, their interpretation, validity and/or execution, which are not resolved amicably, may be submitted by the most diligent Party to the jurisdiction of the Lyon Commercial Court.

Barres de progression - Gryzzly

APPENDIX 1: GENERAL TERMS OF USE

Barres de progression - Gryzzly

1. Subject - Acceptance - Installation - Login

You are a user of the GRYZZLY Solution provided by your employer (hereinafter “User” and “Solution”). This Solution is an assistant to project management and simplifies time tracking. It is published by the GRYZZLY Supplier (the “Company”).

To access the Solution, you must connect to the Solution either by visiting the website: https ://www.gryzzly.io/fr/ (the “Site”), or by downloading the Solution from the “Slack app directory” or “Microsoft” stores.

You must hold an account provided by the third-party publisher of the “Slack” or “Microsoft Teams” product (the “Third-Party Account”), with sufficient rights. If you wish to access the Solution from the Site, you must first log in to your Third Party Account, or create one.

If you download the Solution from the “Slack App directory” or “Microsoft” stores, you must first connect to your Third Party Account via Google or Apple or connect directly with your email address. If you do not have a Third Party Account, you must create one.

Installation and access to the Solution may be subject to a fee (particularly if you use a “Teams” Third-Party Account). Installation is subject to validation by the Supplier of the activation of your account.

Once your account has been activated by the Supplier, you will have had the opportunity to read and accept these Terms and Conditions of Use, which will enable you to access the functionalities of the Solution.

These General Terms of Use may be modified at any time. In such a case, in order for the new General Terms of Use to be applicable to you, you must reiterate your acceptance at your next connection. Failing this, all access to the Solution will be suspended.

You are solely responsible for the use of your Third Party Account identifiers. The Supplier is not responsible for the security of these identifiers.

If you do not agree with the content of this document, you will not be able to access the Solution.

2. Solution description

The functionalities and services covered by the Solution vary according to the role allocated to you and include the following:

As director :

  • Manage your subscription from your ;
  • Use all the features of the Solution.

As Director :

  • Consult project, customer, time, team and administration views;
  • View all Solution views except subscription ;
  • View a user’s hourly cost, financial data and project view ;
  • View all projects, even those to which you are not directly assigned;
  • Creating and editing projects ;
  • Create and edit customers ;
  • Edit tags and teams ;
  • Edit the entries of an employee with a role lower than his or her own;
  • View and edit the details of a User with a role inferior to their own (cost, hourly volume, roles and deactivation).

As project manager :

  • Consult the “projects” and “team” views;
  • Create and edit projects for which you are responsible;
  • Edit the entries of an employee with a role lower than yours.
  • However, you cannot :
  • access to the financial aspects of projects for which you are not responsible;
  • consult the “administration” and “customer” views ;
  • edit a User’s hourly costs or manage tags and teams.

As a collaborator :

  • Consult the projects to which it is assigned in the “projects” view;
  • Consult the “my times” view to edit your own entries;
  • Declare time from the chatbot.
  • However, you cannot access tabs other than the “time” tab in the project sheet.

As a contributor :

  • Enter timesheets ;
  • However, as a contributor, you can neither edit your own times, nor consult the times spent on a project.
  • All functions are subject to change at any time. The Supplier may modify the content, presentation and operation of the Solution at any time without incurring any liability.

3. Obligations of the User

As a User, you declare that you are fully aware of the characteristics of the Internet and the constraints associated with its use, in particular the impossibility of guaranteeing the integrity and confidentiality of all data in transit.

When using the Solution, you agree not to use any computer programs that could disrupt, interrupt or destroy all or part of the service provided by the Solution. The Supplier is in no way responsible for any malfunction of Third Party Accounts making access to the Solution impossible or difficult.

Similarly, you undertake not to infringe the intellectual property rights of any third party, nor to disseminate any information of a confidential nature in the Solution or any data generated by the Solution without the prior written authorization of your employer, or the dissemination of which would constitute a breach of a contractual obligation to a third party.

You acknowledge that you use the data collected and/or generated by the Solution under your sole responsibility. You agree to provide accurate and correct information when entering information into the Solution. You waive your right to take any action against the Supplier in the event of legal proceedings brought by a third party, another User or your employer - in the event that the latter has authorized your access to the Solution - as a result of any breach of the obligations arising from the present contract.

You acknowledge that it is forbidden to carry out any action likely to interrupt the Solution, restrict its availability or prevent its continuity. Any intrusion, or attempted intrusion, into the Solution, misappropriation of data, or breach of the Solution’s security and authentication measures may give rise to legal proceedings.

4. Intellectual Property

The Solution, the functionalities offered therein and all the elements constituting them are the full and entire property of the Supplier or of third-party publishers, including the related intellectual property rights, and all trademarks and logos used by the Supplier.

The Supplier indirectly grants you a limited, personal, non-transferable and non-exclusive right of access and use, for the purpose of using the Solution under the conditions set forth herein. Any other use is expressly excluded.

The content made available to you as part of the Solution may only be used within this framework, without any right of use, reproduction and/or distribution for commercial purposes, and under your sole responsibility.

You may not, under any circumstances, either directly or with the assistance of a third party, without the Supplier’s prior written consent, except under the conditions strictly provided for by law:

  • Modify the Solution and its functionalities,
  • Reproduce the Solution and its functions,
  • Distribute the Solution commercially,
  • Arrange, adapt and translate the Solution and its functionalities,
  • Correct the Solution and its functionalities,
  • Decompile the Solution.

5. Personal Data

By clicking on the appropriate box to accept these General Terms and Conditions of Use, you acknowledge that you have been informed of the processing of your Personal Data, in accordance with the conditions set out in Act no. 78-17 of January 6, 1978 as amended and EU Regulation no. 2016/179 as from its entry into force (hereinafter together “the Regulations”).

When using the Solution, the Supplier is likely to collect certain data belonging to you, on the instructions of your employer, who is the data controller, and in particular your surname, first name, professional e-mail address, role assigned on the Solution, time data, tasks and projects, which may constitute “Personal Data” or “Data”. Personal Data refers to any data or information that directly or indirectly identifies a natural person. The provision of this information is contractual in nature. Thus, the legal basis for the processing carried out in connection with the use of the Solution is the contract entered into by your employer with the Supplier. If you do not provide this Data, the Supplier will not be able to perform the contract with your employer.

The Supplier is a Personal Data processor within the meaning of the aforementioned Regulation, acting on the instructions of your employer.

Your Personal Data is collected and processed for the purposes of operating the Solution and managing the services it offers, solely for the purposes of the Contract between us and your employer. It will only be kept for the duration of your employer’s subscription to the Solution. If you leave your employer before the end of the subscription period, your Personal Data will be deleted as soon as you leave.

The recipients of your Personal Data are the Supplier’s internal employees and its subcontractors (in particular for hosting the Solution). You accept, as a User, that the Personal Data concerning you collected in the context of the present Agreement may be transmitted to our employees and subcontractors with whom we have a contractual relationship for the sole purpose of operating the Solution, provided that these Personal Data subcontractors are subject to a Regulation guaranteeing an appropriate and adequate level of protection as defined in EU Regulation n°2016/179.

You are hereby informed that you have the right to access, rectify, delete, limit, oppose and remove your Personal Data in accordance with the Regulations. You may exercise your rights by sending an e-mail to the following address: dpo@gryzzly.io.

You are also informed that you have the right to lodge a complaint with the CNIL if you consider that your employer or the Supplier is not complying with the Regulations.

Barres de progression - Gryzzly

DATA PROTECTION AGREEMENT

Barres de progression - Gryzzly

In the course of providing services to the Customer on the Solution in accordance with the Agreement (“Services”), the Supplier may process Personal Data on behalf of the Customer. This Personal Data Processing Agreement (Appendix 2) and the attached processing description sheet (Appendix 2 Bis) form an integral part of the Agreement between the Customer and the Supplier. In the event of any contradiction between the terms of this appendix and the terms of the Contract, the provisions of this appendix shall prevail.

1. Definitions

For the purposes of this Appendix, :

Supervisory Authority: An independent public authority that is set up by a Member State under Article 51 of the RGPD ;

EU Standard Contractual Clauses: The Annex to the Commission Implementing Decision on standard contractual clauses for the transfer of personal data to third countries under Regulation (EU) 2016/679 of the European Parliament and of the Council or any later version thereof published by the European Commission (which will apply automatically) ;

Personal data: Any information relating to an identified or identifiable natural person, the Data Subject ;

EEA: European Economic Area ;

Member state: Country belonging to the European Union ;

Applicable data protection law: The national laws and regulations implementing or supplementing the RGPD applicable to each Party respectively;

Technical and Organizational Measures: The appropriate measures implemented as part of the Contract, designed to protect Personal Data against any Personal Data Breach in compliance with the requirements of the applicable Data Protection Law and to guarantee the right of Data Subjects;

“Subsequent Subcontractor Notification”: has the meaning defined in Article 5.3 ;

International organization: An international organization and the bodies governed by international public law, or any other body created by or pursuant to an agreement between two or more countries;

Third country: Country outside the EEA for which the European Commission has not decided that this country or a territory or one or more specific areas of this country guarantee an adequate level of security for the protection of Personal Data;

Data subject: A natural person who can be identified, directly or indirectly, in particular by reference to an identifier, such as a name, an identification number, location data, an online identifier, or to one or more factors specific to his or her physical, physiological, genetic, mental, economic, cultural or social identity;

General Data Protection Regulation or GDPR: Regulation (EC) 2016/679 of the European Parliament and of the Council of April 27, 2016 on the protection of individuals with regard to the Processing of personal data and on the free movement of such data, applicable since May 25, 2018 ;

Data Controller: The Customer, as he is the Party to the Contract who, as a natural or legal person, alone or jointly with others, determines the purposes and means of the Processing of Personal Data;

Subcontractor: The Supplier who is the Party to the Contract who processes Personal Data on behalf of the Data Controller;

Subsequent Subcontractor: Any party engaged by the Supplier to process Personal Data in order to perform certain Services;

Processing: Any operation or set of operations, whether or not carried out using automated processes and applied to Personal Data or sets of Personal Data, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, communication by transmission, dissemination or otherwise making available, alignment or combination, limitation, erasure or destruction;

Violation of Personal Data: A breach of security resulting in the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to, Personal Data transmitted, stored or otherwise processed.

2. Object

For the purposes of this Data Protection Agreement, the Supplier is the Processor of the Customer’s Personal Data and the Customer is the Data Processor. The purpose of this Agreement is to define the conditions under which the Subcontractor undertakes, on behalf of the Controller who has appointed the Subcontractor by means of the Contract, to carry out the Personal Data Processing operations defined in the Contract, insofar as this is necessary to provide the Services under the Contract.

The Processing of Personal Data and the Technical and Organizational Measures implemented by the Subcontractor in connection with the Services provided under the Contract are described in the Processing Description Sheet attached hereto, which may be updated as the Solution evolves. The most recent version of this Appendix will apply between the Parties.

3. Obligations of the data controller

3.1

The Customer, acting under the Contract, is and remains the Data Controller and is required to give documented instructions to the Supplier acting as Subcontractor, concerning the Processing of Personal Data. These instructions are contained in the Contract including this Appendix and the attached description sheet. The Controller may give additional documented instructions reasonably practicable for the Subcontractor concerning the Processing of Personal Data. If the execution of an additional instruction requires the implementation of Technical and Organizational Measures specially adapted for the Data Processor that are not necessary or mandatory in accordance with the Data Protection Law applicable to the Subcontractor, that the Subcontractor can implement and that this entails additional costs, the Subcontractor will inform the Data Processor. Only after receiving written confirmation from the Data Controller that it will bear these additional costs will the Subcontractor carry out the said instruction. The Data Controller’s instructions will be given in writing (e-mail permissible) unless an emergency or other specific circumstances require oral communication. Non-written instructions must be confirmed in writing by the Data Controller within twenty-four (24) hours at the latest. In addition, where the Data Controller is not located in the country where the Subcontractor has its registered office, the Data Controller will inform the Subcontractor of the specific obligations that apply to it and that are mandatory under the local laws applicable to the Data Controller so that the Parties can define the action to be taken.

3.2

The Data Controller must provide information to the Data Subjects concerned by the Processing operations. The Data Controller complies with its obligation to respond to requests from Data Subjects to exercise their rights. If the Data Controller is unable to obtain directly the information and data necessary to process a Data Subject’s request to exercise his/her rights, he/she will request the necessary information and data from the Subcontractor, who will assist, as far as possible, the Data Controller in fulfilling its obligation to comply with requests to exercise the Data Subject’s rights.

4. Subcontractor’s obligations

4.1

The Subcontractor will only process Personal Data on behalf of the Data Controller in accordance with the Data Controller’s documented instructions. This obligation to comply with the Data Controller’s instructions also applies to the transmission of Personal Data to a Third Country or to an International Organization.

The Subcontractor will immediately inform the Data Controller if, in its opinion, an instruction constitutes a violation of the applicable Data Protection Act. In such a case, the Subcontractor will not be obliged to follow the instruction in question, until the Data Controller has clarified or modified the instruction in such a way that it no longer violates the applicable Data Protection Act.

4.2

The Subcontractor shall ensure that the persons authorized by the Subcontractor to process the Personal Data on behalf of the Data Controller undertake to observe the required confidentiality or that such persons are subject to an adequate legal obligation of confidentiality and that the persons who have access to the Personal Data only process such Personal Data in accordance with the instructions of the Data Controller. In the event of the use of a subsequent Subcontractor, the provisions of article 5 shall apply.

4.3

The Subcontractor will implement and comply with the Technical and Organizational Measures falling within the Subcontractor’s scope of responsibility, taking into account the nature of the Processing, the state of the art and the costs of implementation, as well as the risk to Data Subjects. These Technical and Organizational Measures are subject to change, in particular as a result of technical progress. The Data Processor reserves the right to modify the Technical and Organizational Measures provided that the operation and security of the Services provided under the Contract, and the agreed level of protection, are not impaired. The Data Controller confirms at the time of signing the Contract that the Technical and Organizational Measures provide an appropriate level of protection for its Personal Data.

4.4

The Subcontractor also undertakes to:

(a) Keep a written record of the categories of Processing activities carried out on behalf of the Controller if this obligation is applicable pursuant to Article 30 of the GDPR ;

(b) Inform the data controller :

  • (i) any legally binding request for disclosure of Personal Data from a public or judicial authority, unless such notification is prohibited as in the case of a criminal prohibition aimed at preserving the confidentiality of legal proceedings;
  • (ii) Complaints and requests to exercise their rights emanating directly from Data Subjects (e.g. complaints and requests for access, correction and erasure, limitation of Processing, notification, data portability, objection to direct marketing, profiling in the context of direct marketing and decision based solely on automated processing), without acceding to such requests, unless authorized or compelled to do so in any other way; this information will be given within a maximum of seventy-two hours of receipt of said complaints and requests to exercise their rights;
  • (iii) If the Subcontractor is obliged, on the basis of European Union (EU) legislation or the legislation of a Member State applicable to the Subcontractor, to process Personal Data outside the scope of the assignment entrusted by the Data Controller, and before carrying out the Processing in question outside that scope, unless the EU legislation or the legislation of the Member State in question prohibits such information on serious grounds of public interest; such notification must state the legal requirement under EU legislation or the legislation of the Member State in question;

(c) Assist the Controller in an impact analysis of the envisaged Processing operations as required by Article 35 of the RGPD, taking into account the nature of the Processings and the information available to the Processor which relates to the Services provided by the Processor to the Controller and the Processings carried out by the Processor on behalf of the Controller ;

(d) Perform immediately, if and insofar as the Subcontractor is required by law or is requested to correct and/or delete Personal Data processed on the basis of the Contract.

4.5

The Subcontractor shall notify the Data Controller, as soon as possible after becoming aware of it, and at the latest within seventy-two hours, of the existence of a Personal Data Breach impacting the Customer’s Personal Data. This notification will be sent by the Subcontractor to the contact point informed by the Data Controller in the Contract (in the absence of information to the signatory of the Contract) and will contain the information available to the Subcontractor to enable it to document the Personal Data Breach, in accordance with Article 33 of the RGPD. If it is impossible to provide all the information at the time of notification to the Data Controller, the Subcontractor may stagger the provision of this information to the Data Controller as and when it receives or becomes aware of it.

4.6

The Subcontractor will immediately implement all technical and organizational security measures necessary to put an end to the Violation and limit its impact for the Data Subjects and for the Data Controller.

5. Subsequent subcontractor

5.1

Subject to this Article 5 and Article 6 below, the Data Controller authorizes the Subcontractor to use one or more subsequent Subcontractors who may process Personal Data to provide the Services on behalf of the Data Controller. The Data Controller acknowledges and accepts that the Supplier may engage third party Subcontractors in connection with the provision of the Services, a list of which is available in the processing description sheet attached as Appendix 2 Bis.

5.2

All subsequent Subcontractors are required to comply with the obligations to which the Subcontractor is bound under this Personal Data Processing Agreement, as they apply to their performance of the Services. The Sub-processor remains liable to the Data Controller in the event of a subsequent Sub-processor’s failure to comply with its obligations. Where a third party is retained as a Subsequent Subcontractor, the Subcontractor will ensure that such Subsequent Subcontractor accepts a contract containing the applicable data protection obligations and meeting the requirements of Articles 28(3) and 46(1) of the GDPR, as applicable, and the Subcontractor will ensure that the Third Party Subsequent Subcontractor provides sufficient guarantees as to the application of the Technical and Organizational Measures that are relevant to the Services provided by such Subsequent Subcontractor. Third Country Subcontractors may only be engaged if the specific requirements of Article 44 et seq. of the GDPR are met (e.g. Commission adequacy decision, EU Standard Contractual Clauses, approved codes or conduct). This may require the Subcontractor and subsequent third-party Subcontractors to take additional measures to ensure the protection of the Data Controller’s Personal Data.

5.3

The Processor will inform the Data Controller of any change concerning the addition or replacement of a Subsequent Processor, specifying the identity of the envisaged Subsequent Processor and the Processing activities subcontracted (“Subsequent Processor Notification”). The Data Controller has a period of fourteen (14) days following the Notification of Subsequent Processor to present its objections.

6. Transfer

The Data Controller agrees that the Subcontractor may transfer Personal Data to third parties, including subsequent Subcontractors, in Third Countries, provided that such transfers comply with the applicable Data Protection Law and the provisions of this Data Protection Agreement. If necessary, the Subcontractor alone and/or the Parties together will enter into the EU Standard Contractual Clauses and/or implement the appropriate measures required by the applicable Data Protection Law.

7. Inspection and audit rights of the data controller

The Subcontractor shall make available to the Data Controller all information in its possession necessary to demonstrate compliance with the obligations set forth in this Agreement. Additional information (within the limits of information which is confidential to the Subcontractor and does not fall within the scope of the Agreement or is a business secret) will be communicated to the Customer at its written request. Should the above-mentioned information prove insufficient to enable the Data Controller to demonstrate that the Subcontractor is complying with its compliance obligations, the Parties may agree on the terms of an additional inspection.

The Data Controller is aware of the fact that audits (in particular in-person and on-site audits) may disrupt the Subcontractor’s activities. It therefore undertakes to give fifteen (15) days’ notice and to bear the costs associated with the audit. The auditor appointed by the Data Controller shall be bound by an obligation of confidentiality and may not engage in any activity in competition with that of the Supplier.

Furthermore, in the event of an inspection or investigation by a Control Authority, the Parties undertake to cooperate with each other and with the Control Authority and to provide each other with the necessary information.

8. Effects of the end of the Contract

At the end of the Contract, for whatever reason, the Subcontractor shall, at the option of the Data Controller, erase all Personal Data or return them to the Data Controller as part of the reversibility service provided for in Article 8 of the Contract’s General Terms and Conditions, and erase all existing copies unless the Subcontractor is required to retain such Personal Data by virtue of EU legislation or the legislation of a Member State.

9. Liability

Any liability of the Subcontractor arising out of or in connection with this Data Protection Agreement shall follow and be exclusively governed by the liability provisions set forth in the General Conditions of Contract.

10. Miscellaneous

Unless otherwise specified in this Data Protection Agreement, all provisions of the Agreement shall be in full force and effect.

Data Processing description

Barres de progression - Gryzzly

APPENDIX 2 Bis: DESCRIPTION OF PERSONAL DATA PROCESSING AND TECHNICAL AND ORGANSATIONAL MEASURES

Barres de progression - Gryzzly

This Appendix 2 Bis is issued in accordance with the Contract and in particular the Data Protection Agreement between the Supplier and the Customer and forms an integral part thereof.

The Supplier, as the Customer’s Subcontractor, may process Personal Data on behalf of the Customer, the Data Controller, in the performance of the Contract in order to provide the Solution, the Associated Services :

Categories of people concerned Solution users
Data Categories Identification data: last name, first name, email address, Essential Third-Party Product ID (Slack or Teams)

Project data: project name, task name, team, time entry, hourly rate (budget offer).
User data: avatar (Teams or Slack), work rhythm, hourly cost (budget offer)
Treatment operations carried out Data Hosting
Data display
Data export creation
Anonymize Data for statistical purposes
Location of processing operations France
Goals Creating user access
Solution hosting and supervision
Data backup
Data recovery, configuration, testing
Maintenance
Support
Duration Contract duration
Transfers outside the EU YES (see table in section 3 Subcontractors)

2. TECHNICAL AND ORGANIZATIONAL MEASURES

The Supplier shall take the appropriate Technical and Organizational Measures, which shall be assessed on the basis of the state of the art at the time of the conclusion of the Contract, and shall evaluate such measures over time, taking into account the costs of implementation, the nature, scope, context and purposes of the Processing, as well as the risk of differences in the degree of probability and seriousness of the rights and freedoms of the Data Subjects.

All the measures implemented at the time of signing the Contract and recognized as sufficient by the Data Controller can be consulted at by clicking here.

3. SUBCONTRACTORS

The Customer agrees that the Supplier, as Subcontractor, may engage subsequent Subcontractors to perform specific data processing activities (including hosting services, software development, Support and Maintenance services, etc.) on behalf of the Customer:

Identity of subsequent subcontractor Treatment activity Location of processing operations Location
Stripe Solution subscription billing and payment management 10 Boulevard Haussmann, 75009 Paris France
SAS OVH Data and Solution Hosting 2 rue Kellermann, 59100 Roubaix, France France
Scaleway S.A.S Data and Solution Hosting 8 rue de la Ville l'Évêque, 75008 Paris France
Intercom User support San Francisco
55 2nd Street, 4th Floor HQ		 United States
Vitally, Inc. Customer health monitoring tool (usage, engagement, NPS) 185 Wythe Ave
Floor 2
Brooklyn, NY 11249		 United States
Hubspot CRM : deal monitoring 25 First Street, Cambridge, MA 02492 U.S.A. United States
Well done for getting this far, give yourself some cheer!

  • ©Gryzzly - 2022