The company ARSEN (the "Company") is a simplified joint-stock company registered with the Trade and Companies Register of Orléans under number 881 923 775, with its registered office located at 1 Avenue du Champ de Mars, CS 30019 45074 Orléans Cedex 2, and represented by its President, Mr. Thomas Le Coz, or its General Manager, Mr. Alexandre Esser, both having full authority for the purposes hereof.
The Company provides its customers with Software as a Service (SaaS) (the "SaaS Services") that enable them to design, configure, and implement test campaigns with their employees to assess, over time, their resilience to phishing-type cyberattacks and to raise awareness about the correct behaviors to adopt in the face of such attacks. The Company's customers have a tool that allows them to measure the risk associated with their employees' behaviors and to implement awareness actions to reduce this risk.
The customer is a professional who has shown interest in the SaaS Services offered by the Company after:
The Company then provided the customer with an offer (the "Offer") to meet the customer's needs, specifying in particular:
After thoroughly reviewing the characteristics of the SaaS Services based on the Offer, the customer ensured, prior to entering into this agreement, that the characteristics chosen for the SaaS Services and said proposal are in line with their needs.
Following the acceptance of the Offer by signing the proposal in the form of a quotation, the Company provided the customer with (i) an invoice and (ii) temporary login credentials for the user designated by the customer, enabling them to accept the terms of this contract and access the SaaS Services through the SaaS portal.
The acceptance of this contract is a prerequisite for accessing and using the trial version of the SaaS Services, as well as the subscribed SaaS Services by the customer, which the customer was informed of through exchanges with the Company and the Offer.
The parties agree to engage in a continuous exchange of information with a view to contributing to the success of this contract and avoiding the generation of difficulties detrimental to the interests of both parties.
The following terms shall have the following meanings between the parties:
The purpose of this contract is to define the conditions under which the Company:
Any other service not provided for in this contract will be subject to a separate quotation and contract.
The contractual documents, in decreasing order of priority, are:
The parties expressly exclude the application of any other document to the provision of the SaaS Services.
In case of contradiction between documents of different nature or rank, it is expressly agreed between the parties that the provisions contained in the higher-ranking document will prevail for conflicting interpretation obligations.
In case of contradiction between the terms of documents of the same order, the latest documents will prevail over the others.
Notwithstanding the contract interpretation rules defined in the Civil Code, criteria of rank will be applied according to the following principles:
This contract is an electronic contract entered into between the Company and the client, both of whom are professionals. Consequently, in accordance with Article 1127-3 of the Civil Code, the parties expressly agreed to deviate from the provisions:
Access to the SaaS Services provided in the Offer presupposes, beforehand:
To this end, the client undertakes to designate a user with full authority to bind the client to these terms.
The "double click" consists of the user checking the box corresponding to each of the aforementioned documents and then confirming this choice by clicking on the button "By clicking on this button, I acknowledge having read the entire SaaS Services contract and its annexes."
The version of the contract applicable to the client is the one accepted by the client under the conditions provided for in the "Access to SaaS Services" article.
This version is permanently accessible to the client on their customer portal of the SaaS portal.
This contract is concluded for the duration specified in the Offer.
The contract is automatically renewed for one-year periods on the anniversary date of the contract, unless terminated by either party with one (1) month's notice before the anniversary date of the contract, notified by registered letter with acknowledgment of receipt.
Any contractual year begun is due in its entirety.
The scope of the SaaS Services is detailed in the "Description of SaaS Services" annex.
The SaaS Services and the SaaS portal are hosted on servers outsourced to a provider designated by the Company and presenting equivalent levels of guarantees and security.
The provider responsible for hosting said servers is Google Cloud Platform. The hosting centers are located in the following locations:
The Company only provides the client with remote access to the SaaS Services and the SaaS portal, in order to allow the processing of data transmitted by the client to the Company via this access.
The Company ensures the routing of flows to the hosted SaaS Services via a connection to the SaaS portal.
The Company will host the client's data on its servers, as well as their processing, within the volumetric limits defined in the "Financial Terms" annex and in the Offer.
In case of an increase in the available space required for hosting the client's data, the parties will work together to define the conditions, including financial conditions, for the Company to provide additional space for hosting the client's data.
The client's data necessary for the execution of the SaaS Services will be periodically backed up on the servers hosting said services and the SaaS portal.
After a period of three (3) months from the end of the contractual relationship between the parties, for any reason whatsoever, the backups of the client's data made by the Company will be destroyed, with the Company committing not to keep any copies.
The Company cannot be held responsible for any damaging consequences for the client or third parties resulting from the loss, deterioration, or destruction of the client's data.
It is therefore the client's responsibility to make backup copies of their data entrusted to the Company and the results obtained during each test campaign and, more generally, through the implementation of the SaaS Services.
Documentation related to the SaaS Services is available online at https://support.arsen.co.
The client undertakes to comply with the Company's recommendations regarding hardware and devices (especially in terms of telecommunications) necessary for the use of the services defined in the "Scope" article.
The Company may, if necessary and at the client's request, conduct an audit of the client's installations prior to any deployment, in order to assess the adequacy of these installations with the hardware recommendations and to propose, if necessary, modifications or developments to comply with the prerequisites. This technical audit will be subject to additional billing.
As of the entry into force of these terms and conditions and subject to payment corresponding to the subscribed SaaS Services, the Company will grant the client the right to use the SaaS portal, the SaaS Services, and the creation of a database containing all the data corresponding to the implementation of the SaaS Services requested by the Company.
To do this, the Company will provide the client with an identifier and password allowing the users designated by the client to access the SaaS services covered by these terms.
The identification of the client's users using the identifier and password sent to them is irrefutably attributable to the operations carried out using this password and identifier.
The identification and password provided by the Company to the client are confidential, unique, and personal. The client is solely responsible for their use by the users they have designated and guarantees that these users will comply with basic security and confidentiality rules.
The Company will use its best efforts to keep the SaaS Services accessible to the Client, subject to the provisions set out in the "Service Level Commitments" annex.
However, the Company reserves the right to restrict, in whole or in part, access to the SaaS Services in order to carry out maintenance, as part of scheduled services, of its computer configuration and the infrastructures implemented for the provision of the SaaS Services.
To the extent possible, the Company will attempt not to make the SaaS Services unavailable for an excessive period of time and to carry out maintenance services outside of normal working hours and on weekends.
In the absence of transmission by the client of the data necessary to perform the services under this contract, the Company's liability cannot be engaged in the event of delay.
The Company reserves the right to evolve the SaaS Services accessible via the SaaS portal in order to improve its services.
In general, the Company reserves the right to make and implement any technical decision aimed at improving the SaaS Services, subject to ensuring continuity and upward compatibility.
In the event that the Company needs to carry out scheduled interventions on the portal, the Company will endeavor to inform the client by electronic message, at least 24 hours before the scheduled date for these interventions, and will attempt to avoid making access to the service unavailable for more than 5 working days.
The Company is not responsible for damages of any kind that may result from a temporary unavailability of all or part of the SaaS service distribution portal.
In the event of non-compliance with its obligations by the client or in the event of suspected fraudulent use of the SaaS Services, the Company reserves the right to suspend, automatically and without notice, access to all or part of the SaaS services.
Access to the services will be suspended for the time necessary to carry out the verifications and until the cause of the suspension has disappeared.
The client is responsible for accessing the Company's SaaS portal.
Telecommunications specifications necessary for the use of the software applications are included in the online documentation on the portal.
Access costs to the Company's server will be the exclusive responsibility of the client, who is responsible for subscribing to the necessary telecommunications subscriptions.
The computerized records, kept in the Company's computer systems under reasonable security conditions, will be considered as evidence of communication and sending of registration forms, as well as the various transmissions of information by the client to the Company enabling it to carry out the processing requested by the client.
The archiving of various registration and information forms must be carried out on a faithful and durable medium.
In the event of a conflict between the computerized records of the Company and any document on written media or electronic file of the client, it is expressly agreed between the parties that the computerized records of the Company will prevail over the client's documents and will be the only ones admitted as evidence.
The Company undertakes to use its best efforts to carry out the services described under the conditions provided for herein.
The service level commitments (SLAs) relating to the accessibility and performance of the SaaS Services are set out in the "Service Level Commitments" annex.
Each of the parties undertakes to comply with the applicable legislation and regulations regarding the processing of personal data, in particular, Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 (General Data Protection Regulation or "GDPR"), which applies from 25 May 2018, and French Law No. 78-17 of 6 January 1978 on information technology, data files, and civil liberties, as amended (hereinafter referred to as the "applicable data protection regulations"). In this regard, each party is free to determine the purposes and means of the processing they carry out, independently of the other party, as a data controller within the meaning of the applicable data protection regulations.
The processing covered by this article has the following purposes:
The personal data collected concern the contacts of a party involved in the execution of this contract (including, but not limited to, name, first name, email address, phone number). This data is retained for the duration strictly necessary for the performance of this contract. The personnel of each party, its control services (including auditors), and its subcontractors may have access to the personal data collected.
These processes may lead the data subjects to exercise their rights, including (i) the right to obtain access to and, where applicable, rectification or erasure of their data, (ii) the right to request the restriction of processing, (iii) the right to object to processing on legitimate grounds, (iv) the right to data portability, to retrieve and retain their data, and (v) the right to lodge a complaint with a competent supervisory authority.
To learn more about the processing carried out by the Company as a data controller, the client is invited to consult the Privacy Policy accessible here.
Each of the parties guarantees the other that it has implemented the necessary legal prerequisites for this contract and allowing the communication of data in compliance with applicable data protection regulations, including formalities, information of data subjects, and, if necessary, obtaining consent when required.
One party shall not in any way interfere with the processing carried out by the other party, except in the case of data processing subcontracting as referred to in this "Personal Data" article.
Each of the parties is responsible for all legal and regulatory obligations concerning the protection of personal data. One party cannot be held responsible for the other party's failure to comply with its obligations. Each party shall personally handle any potential sanctions or financial consequences it may incur due to non-compliance with data protection regulations.
In accordance with the applicable data protection regulations, the client is designated as the "Data Controller," and the Company, which processes personal data on behalf of and according to the client's instructions, is referred to as the "Processor."
The "Personal Data" appendix to this contract describes the purpose and duration of the processing, the nature and purpose of the processing, the type of personal data processed, as well as the categories of individuals concerned by the processing carried out by the Company on behalf of the client under this contract.
As the Data Controller, the client is responsible for ensuring the accuracy, integrity, and legality of the personal data for which it is responsible, including the data to which the Company may have access in the course of performing these services.
The client also commits to: document in writing any instructions regarding data processing by the Company; provide the personal data specified in the "Personal Data" appendix to this contract, excluding any personal data that is irrelevant, disproportionate, or unnecessary, and excluding any "special" data within the meaning of applicable data protection regulations unless justified by the processing, with the client being responsible for establishing such justifications and taking all appropriate measures, including prior information, obtaining consent, and security measures, for such special data; lawfully, fairly, and transparently collect, under its responsibility, the personal data provided to the Company for the execution of its services, ensuring the legal basis for this collection and the information due to data subjects; ensure compliance with the obligations of applicable data protection regulations and, more generally, applicable law, particularly in terms of labor law, before and throughout the processing; keep a record of processing activities and, more generally, comply with the principles of the applicable Regulation.
The Company may only act on the client's instructions and undertakes to take all necessary measures to ensure compliance with these obligations, and, unless otherwise instructed by the client, to:
In this regard, the Company reserves the right to suspend, without any liability on its part, the processing until the client modifies the instruction so that it no longer violates the aforementioned regulations. This suspension does not entitle the client to a refund of the price of the SaaS Services under this contract for the suspension period.
The parties agree to define the concept of instruction as acquired when the Company acts in the execution of this contract. Furthermore, any new instruction from the Data Controller shall be communicated in writing to the Processor.
The Company ensures that authorized persons processing personal data commit to respecting the confidentiality of the data or are subject to an appropriate legal obligation of confidentiality.
Considering the nature of the data and the risks posed by the processing, and taking into account the state of knowledge, implementation costs, and the nature, scope, context, and purposes of the processing, as well as the risks to the rights and freedoms of natural persons, the Company undertakes to take appropriate technical and organizational measures to preserve data security, preventing any accidental or unlawful distortion, alteration, destruction, loss, unauthorized disclosure, and/or access by unauthorized third parties beforehand.
The Company commits to maintaining adequate security measures to ensure data confidentiality throughout the execution of this agreement.
The Company undertakes to notify the client, within 48 hours of becoming aware of it, of any personal data breach or any security breach resulting in the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to personal data transmitted, stored, or otherwise processed. Communication regarding this security incident must remain strictly confidential and should only be made to persons formally identified within the Company's organization and should be reported solely to the client's specified email address below.
This notification must include a description of the nature of the incident, including, to the extent possible, the categories and number of individuals affected, as well as the categories and an estimate of the volume of personal data concerned, and the consequences of the data breach, measures already taken, or proposed to address it. The Company commits to providing the client with any additional relevant information to clarify the content of the initial notification and to actively collaborate with the client so that they can meet their contractual and regulatory obligations. It is the sole responsibility of the client, as the data controller, to report this data breach to the competent supervisory authority and, if necessary, to the data subjects.
The Company is authorized to engage subcontractors (the "Subsequent Processor") listed in the "Personal Data" appendix to perform specific processing activities and to transfer personal data to these listed Subsequent Processors, in the context of this contract, to countries located outside the European Union, subject to the implementation of appropriate safeguards as defined by the applicable data protection regulations. In the event of a change in the list of Subsequent Processors, the Company shall inform the client in writing in advance. This information must clearly indicate the subcontracted processing activities, the identity and contact details of the Subsequent Processor. The client has a period of fifteen (15) days from the date of receipt of this information to raise legitimate and reasoned objections. In the absence of objections raised after this period, the client will be deemed to have accepted the use of the new Subsequent Processor. The Subsequent Processor is required to comply with the obligations of this contract on behalf of and according to the instructions of the client. It is the responsibility of the Company to ensure that the Subsequent Processor provides the same adequate guarantees regarding the implementation of appropriate technical and organizational measures to ensure that the processing complies with the requirements of the applicable data protection regulations. If the Subsequent Processor fails to fulfill its data protection obligations, the Company remains fully responsible to the client for the performance of the Subsequent Processor's obligations.
The Company provides reasonable assistance to the client:
The client shall bear the reasonable costs incurred by this assistance, within the limits of the assistance imposed by the GDPR and provided that the assistance requires more than one person-day of work.
At the end of the services, the Company must return or delete all personal data. The Company must ensure that no copies are retained, except where required by the applicable data protection regulations.
The Company provides the client, upon request, with all the information and documents necessary to demonstrate compliance with its obligations and to enable audits. The client has the possibility to carry out audits once (1) per year and at its own expense to verify the Company's compliance with the obligations set out in this article. The client will inform the Company of the audit with a minimum notice of two (2) weeks. The Company reserves the right to refuse the identity of the auditor if they belong to a competing company. The audit must be carried out during the Company's business hours and in a manner that disrupts its activities as little as possible. The audit shall not in any way affect (i) the technical and organizational security measures implemented by the Company, (ii) the security and confidentiality of the data of other clients of the Company, and (iii) the proper functioning and organization of the Company's production. To the extent possible, the Parties shall agree in advance on the scope of the audit.
The audit report shall be sent to the Company to allow it to make any written observations or remarks, which shall be annexed to the final version of the audit report. Each audit report shall be considered confidential information.
The Company undertakes to implement all technical and organizational means in accordance with the state of the art, necessary to ensure the logical security of access to the SaaS Services and hosted data and to prevent any intrusion by unauthorized persons, regardless of the nature or technique used.
The client agrees to comply with the security procedures and rules outlined in the documentation.
The Company shall not be held liable for any failure by the client to comply with the security procedures and rules.
The Company undertakes to limit access to the server center, its secure platform, and to implement an internal procedure to ensure that no person outside the service can access this location.
The Company shall not be held liable for any failure by the telecommunications operator.
Users may ask the Company questions regarding the operation of the SaaS Services, excluding anyone else, including recipients of test campaigns.
Therefore, the client commits to appoint competent and qualified individuals for using the SaaS Services.
The Company provides users with an email address for contacting technical support during its business hours, Monday to Friday, excluding holidays, from 9 am to 5 pm.
Questions posed by users should be clear, precise, and, if necessary, documented to facilitate proper handling by technical support. Users should also refer to the documentation for the SaaS Services available online before seeking technical assistance.
Responses will be provided by the Company via email.
Details of technical support are outlined in the "Service Level Commitments" appendix.
Corrective maintenance involves correcting any reproducible anomalies that occur in the use of remote access to the SaaS Services, as well as in the various processes that can be performed by them.
It is the client's responsibility to consult the documentation before each phone call to be able to describe the encountered problems precisely and comprehensively.
Details of corrective maintenance are outlined in the "Service Level Commitments" appendix.
Updates to the SaaS Services may be installed by the Company on its server as they become available.
These updates, unilaterally decided upon by the Company, will be provided to the client via remote access from their server at no additional cost.
The various updates are intended to make all necessary modifications due to legal or regulatory changes corresponding to the processing related to the implementation of the SaaS Services.
Maintenance services not explicitly mentioned herein are not included in the scope of maintenance services.
Maintenance will not be provided in the following cases without:
In these cases, the client cannot claim any compensation or reimbursement of amounts already paid under this contract.
The client agrees to:
In general, the client is responsible for their use of the services and any information they share in this context. They agree to use the services personally and not allow any third party to use them on their behalf.
The client must not misuse the services for purposes other than their intended use, including:
The client must also not:
The client indemnifies the Company against any claims and/or actions that may be taken against it due to the client's breach of any obligations. The client will compensate the Company for any damages incurred and reimburse any sums it may have to bear as a result.
The client agrees to test the SaaS Services covered by these terms before any professional use, and in any case within a maximum period of one month from the date the Company provides login credentials.
The use of the SaaS Services for purposes other than verifying compliance with the documentation constitutes final acceptance of said services.
Pricing and billing terms are defined in the "Financial Terms" appendix.
Prices are quoted excluding taxes and are subject to taxes, including VAT, in effect at the time of invoicing.
Prices are revised annually according to the following formula: P(t) = P(t-1) x [(S(t)/S(t-1)], in which:
In the event of the disappearance of the revision index and in the absence of agreement on a new index, explicit authority is granted to the President of the competent court to define an index that will be incorporated into the revision formula.
This index must be chosen in such a way that it is as close as possible to the disappeared index and respects the intent of the parties when establishing this revision clause.
Any delay or non-payment of all or part of an invoice issued by the Company within thirty (30) days following its issuance, without the need for any reminder, will result in the enforceability of late penalties. The interest rate will be the one applied by the European Central Bank to its most recent refinancing operation, increased by 10 percentage points. This rate is in effect on January 1st of the year in question for the first half of the relevant year. For the second half of the relevant year, it is the rate in effect on July 1st of the relevant year.
These penalties will be calculated on the VAT-inclusive amount on the invoice, without prejudice to the Company's right to claim compensation for its damage due to the delay or non-payment. Penalties will be due from the day following the due date of the invoice until it is collected by the Company.
Finally, any client in a situation of payment delay is automatically liable for a flat-rate indemnity for collection costs, set at 40 euros. If the collection costs were higher, the Company could request additional compensation with justification. However, the Company cannot claim the benefit of these indemnities when the opening of a safeguard, recovery, or judicial liquidation procedure prohibits payment of the due receivable at its maturity.
The Company guarantees the client the ability to access computer applications remotely, according to the availability rate and service levels defined in the "SaaS Service Specifications" article.
Unless otherwise specified in this contract or in the Offer, the Company provides no other express or implied warranties, written or oral, regarding the suitability or proper functioning of the SaaS Services for a particular use, even if the Company has been informed of such use.
Likewise, any warranty of hidden defects and any warranty of compliance with the state of the art or compliance of the SaaS Services with the client's (in France or abroad) regulatory or sector-specific standards are expressly excluded.
The client guarantees the Company that it has all the rights associated with its data.
The client guarantees the Company against any actions, claims, demands, oppositions, by any person asserting any right of any kind over the client's data that may have been affected by the execution of this contract.
In this case, the indemnities and expenses of any kind incurred by the Company to defend itself, including advisory fees, as well as any damages that may be awarded against it, will be borne by the client.
By mutual agreement, the parties expressly agree that:
Notwithstanding the above and any contrary provision, the Company, as a Personal Data Processor:
The Company's liability shall not be incurred due to disruptions or damages inherent to the internet and presenting the characteristics of a force majeure event.
The client agrees to use the SaaS Services under its sole responsibility. The client is solely responsible for the proper use of the SaaS Services in accordance with the terms of this contract, the documentation provided by the users, and applicable law, particularly regarding personal data and labor law.
In the context of using the SaaS Services, the client enters its own data into the SaaS portal. The Company only provides the technical tool. Therefore, the client is responsible for the data it enters, their processing, and the use of the results of this processing, as well as any direct or indirect consequences that may arise. In any case, the client is responsible for:
The client also indemnifies the Company against any action by a user or third party based on the operation of the SaaS Services.
The client and the Company undertake to implement technical means to suspend access to the SaaS Services by users in case of unauthorized access or attempted access, security breach, or violation of contractual commitments by the beneficiary or user. The parties undertake to immediately suspend access when they become aware of a violation or attempted violation by a beneficiary of the intellectual property rights attached to the SaaS Services.
The client acknowledges that the Company cannot be held liable and no compensation can be requested for delays or harmful consequences resulting in particular from:
By mutual agreement, the parties agree that the Company's liability is only incurred for the consequences of direct damages, and compensation for indirect damages is excluded.
Indirect damages include data loss, time loss, loss of profits, turnover, margins, loss of orders, customers, operations, revenue, business actions, damage to brand image, expected results, and actions by third parties.
The Company's damage is, by mutual agreement, limited to the amounts actually paid by the client.
This clause remains applicable in the event of nullity, resolution, termination, expiration, or annulment of the contractual relationship.
Each party certifies that it has taken out an insurance policy with a financially sound insurance company for all financial consequences of its professional civil, tortious, and/or contractual liability for bodily, material, and immaterial damage caused to the other party and any third parties in the context of the execution of this contract.
To this end, each party undertakes to pay the premiums and contributions related to said insurance policy and, in general, to comply with all obligations in order to cover all activities related to this contract.
The SaaS Services, the SaaS portal, and the related documentation are the property of the Company, in accordance with the provisions of the Intellectual Property Code.
All elements comprising the SaaS Services, the SaaS portal, including the interfaces made available to the client in the execution of these, the documentation, and any other information provided by the Company to the client are and remain the exclusive property of the Company or its partners.
Consequently, the client shall refrain from any action or act capable of directly or indirectly infringing the intellectual property rights over the computer applications, and, in general, the associated trademarks.
The Company grants the client, who accepts it, a personal, non-exclusive, and non-transferable license to use the SaaS Services, the SaaS portal, and the associated documentation, for the number of users specified in the Offer, for the entire duration of this contract.
This right of use is exercised by remote access from the client's connection to the Company's server from its server and solely for the use of the functionalities of the SaaS portal hosted in the context of the use of the SaaS Services and for the client's use of the processing results.
Any use not expressly authorized by the Company under these terms is unlawful, in accordance with the provisions of Article L.122-6 of the Intellectual Property Code.
Thus, it is notably prohibited for the client to:
The Company shall retain ownership of the methods and know-how or tools that are specific to it and have been used to perform the services.
The Company may use subcontractors in the execution of the services, who are subject to the same obligations as its own in the context of their intervention.
The Company may cite the client's name as a commercial reference in accordance with commercial practices.
In the context of these, the SaaS Services of the Company, including the proposed functionalities, data model, graphical interface, as well as the ideas, principles, know-how, and methods behind the SaaS Services, algorithms, data organization, navigation, and any other element included in the SaaS Services, hereinafter referred to as "confidential information," are deemed confidential.
The client undertakes that confidential information:
The client also undertakes to:
For its part, the Company undertakes to respect the confidentiality of the client's data in accordance with the provisions of this contract and its annexes.
The client undertakes, with respect to the Company, not to develop, directly or indirectly, a similar or competing service to the SaaS Services covered by this contract, for the entire duration of the contract and for a period of one (1) year following its termination, regardless of the cause, within the territory of metropolitan France and the overseas territories.
Both parties acknowledge that this obligation is not disproportionate and corresponds to their express will.
In the event of a breach of this obligation, the client agrees to pay the Company an indemnity in the amount of 150,000 euros.
This indemnity is due, regardless of any damages and interest resulting from the incurred loss.
The Company may modify its general terms and conditions at any time and will inform the client by any written means (including email).
The modified general terms and conditions come into effect upon contract renewal.
If the client does not accept these modifications, they must terminate the contract in accordance with the provisions of the "Termination of Services" article.
In order to terminate the provision of SaaS Services, the contract must be terminated no later than one (1) month before the next contract anniversary date, by:
In the event of a breach by one of the parties of any obligation herein not remedied within thirty (30) days from the sending of a registered letter with acknowledgment of receipt notifying the breach in question, the other party may automatically terminate or resolve the contract, without prejudice to any damages and interest to which it may be entitled under this contract.
In the event of early termination of the contract, for any reason whatsoever, all amounts paid to the Company shall remain with the Company.
In the event of the termination of contractual relations, for any reason whatsoever, the Company shall, within a reasonable period, return to the client all confidential information provided by the client under these terms and shall proceed with the destruction of personal data entrusted by the client, as provided for in the annex "Personal Data."
In this context, remote access to the SaaS Services from the SaaS portal granted to the client will no longer be allowed, and the client agrees not to use it or attempt to use it, including through its users.
In accordance with the provisions of Article 1218 of the French Civil Code, no party shall be held liable for a failure to perform its contractual obligations if such failure is due to an event beyond the control of the parties and constitutes force majeure.
Initially, cases of force majeure shall suspend the execution of the contract.
If cases of force majeure persist for more than two months, this contract shall be automatically terminated, unless otherwise agreed by the parties.
Force majeure shall be understood to mean the occurrence of an event characterized by unpredictability, irresistibility, and external factors beyond the parties' control as typically recognized by French law and courts.
The following events are considered in particular as cases of force majeure or fortuitous events:
The parties mutually agree that the fact that one party tolerates a situation does not grant the other party acquired rights.
Furthermore, such tolerance cannot be interpreted as a waiver of the rights in question.
The parties declare their commitments in good faith.
To this end, they declare that they have no knowledge of any information that, if disclosed, would have altered the consent of the other party.
The parties acknowledge that they each act on their own behalf as independent parties separate from each other and expressly declare that they are and will remain, throughout the duration of this contract, independent professionals.
This contract does not constitute a partnership, franchise, or mandate given by one party to the other party and shall not be interpreted in any way as a commercial agency contract or any form of representation.
No party may make commitments on behalf of the other party.
In addition, each party remains solely responsible for its acts, allegations, commitments, services, products, and personnel.
In case of difficulties in interpretation resulting from a contradiction between any of the headings at the beginning of the clauses and any of the clauses, the headings shall be declared nonexistent.
If one or more provisions of this contract are deemed invalid or declared as such under a law, regulation, or as a result of a final decision of a competent court, the other provisions shall retain their full force and effect.
This contract cancels and replaces all quasi-contracts, implicit and explicit commitments, promises having the same object as those herein.
However, this clause is not intended to prevent the use of said documents but to evaluate, from a legal perspective, the quality of the consents exchanged during the formation of this contract.
In the event of any difficulty of any kind and before any legal proceedings, each of the parties undertakes to designate two individuals from their company, at the "General Management" level.
These individuals shall meet at the initiative of the more diligent party within eight days of receiving the request for a conciliation meeting.
The agenda is set by the party initiating the conciliation.
If decisions are reached by mutual agreement, they shall have contractual value.
This clause continues to apply despite any possible nullity, resolution, termination, or annulment of these contractual relations.
This contract may not be fully or partially assigned, for consideration or gratuitously, by one of the parties without the prior written consent of the other party.
For the execution of this agreement, and unless otherwise specified, the parties agree to send all correspondence to their respective registered offices.
Any change of address must be notified to the other party by registered letter with acknowledgment of receipt.
This contract is governed by French law.
This applies to substantive and formal rules, irrespective of the places of performance of the substantial or ancillary obligations.
All legal actions between the parties are subject to a statute of limitations, unless contrary mandatory provisions, if they have not been initiated within one (1) year from the end of each testing campaign conducted by the client using the SaaS Services.
Each Party undertakes, in the performance of its obligations under this Contract (and, where applicable, will cause its Subsidiaries) to: (A) comply with (i) all applicable laws and regulations relating to anti-corruption and bribery, including the Law of December 9, 2016 on transparency, the fight against corruption, and the modernization of the economy known as "Sapin 2," the Foreign Corrupt Practices Act of December 19, 1977, and the UK Bribery Act of April 8, 2010, and (ii) other similar anti-corruption laws in other jurisdictions to the extent applicable and mandatory for the Parties, and (B) maintain policies and procedures designed to promote and achieve, in their reasonable judgment, compliance with these laws. Each Party undertakes not to take any action that would cause the other Party to violate any of the anti-corruption provisions set forth above.
Each Party hereby undertakes that, during the negotiations and as of the effective date of the Contract, it, its directors, officers, or employees have not offered, promised, given, authorized, solicited, or accepted any pecuniary or other undue advantage of any kind (or implied that they will or may do so at any time in the future) in any way related to the Contract and that reasonable measures have been taken to prevent subcontractors, agents, or any other third parties under its control from doing so.
The Parties undertake and warrant:
The Service Provider undertakes and warrants that it evaluates its own subcontractors, and requires them to comply with the anti-corruption legislation in force in France, as well as the Foreign Corrupt Practices Act and the UK Bribery Act.
During the term of this contract, but no more than once a year, the client may, at any time and at its own expense, after providing written notice of fourteen (14) business days sent to the Service Provider by registered letter with acknowledgment of receipt, conduct an audit during business hours to verify compliance with this article by the Service Provider.
In addition, each Party shall immediately inform the other Party if it has information or suspects that there may be a violation of any anti-corruption law in connection with the performance of activities under this Contract.
In the event of a breach of the provisions of this article, the client may terminate the Contract, without prejudice to any damages that may be claimed from the defaulting party, block payment of amounts due under the Contract, or demand reimbursement of amounts already paid and initiate legal proceedings.
The appendices are as follows:
The SaaS services are as follows:
It is defined by the application at the time of purchase of a paid plan, based on the number of email addresses of recipients loaded into the application.
The price is payable in advance at the time of activation of the paid usage plan.
The billing address is defined by the client in their member area and will be used on the invoices issued at the time of payment.
Payment is instantaneous.
The volume subscribed by the client is specified in the Offer.
Response time: 4 hours from receipt
Definition of severity level:
Correction time from the receipt of the request:
| Severity | Time to Permanent Solution | Time to Workaround Solution |
|---|---|---|
| Severity 1 | 48 business hours | 4 business hours |
| Severity 2 | 4 business days | 8 business hours |
| Severity 3 | 7 business days | 8 business hours |
This annex is an integral part of the contract and, along with the "Personal Data" article, serves as a written data processing agreement between the Company, a personal data processor, and the client, the data controller.
The Company is authorized to process personal data on behalf of the client in the execution of the subscribed SaaS Services by the client.
Purpose & objectives. The processing of personal data carried out by the Company has the exclusive purpose and objective of implementing the SaaS Services in accordance with these terms.
Nature. The operations carried out on this data are as follows:
Duration. In principle, and unless otherwise instructed by the client, the duration of the processing carried out by the Company is limited to the period of use of the SaaS Services and, in any case, may not exceed three (3) months from:
Type of data. The personal data processed by the Company pertains to the following categories of data:
Categories of individuals concerned. The personal data subject to processing concerns the following categories of individuals:
List of authorized sub-processors. Sub-processors authorized by the client to carry out all or part of the personal data processing are as follows:
| Authorized Sub-processors | Sub-processed Data Processing Activities | Location of Processing | Appropriate Safeguards Implemented for Data Transfer Outside EU |
|---|---|---|---|
| Google Cloud Platform | Hosting | Europe | N/A |
| Mailgun | Email Delivery Service | Europe | N/A |