Confidentiality Agreement
Confidentiality agreement between the customer and Magileads
Magileads undertakes:
- customer's database which will be given to Magileads for distribution of email campaigns.
- To be destroyed at the end of the service this same information or at the anticipated request of the client.
In accordance with the article Article 28 of the CNIL – Subcontracting
- The data is hosted in France at OVH on servers dedicated to us and secure.
- Data between the client and Magileads is transferred using SSH and MD5 encryption.
Personal data subcontracting contract
This contract is concluded between the persons designated below.
The customer [name]
Hereinafter referred to as the data controller .
Company KA-Group – MAGILEADS
40 Rue de Plaisance, 75014 Paris
hereinafter referred to as the subcontractor
Preamble
The customer [customer name] is responsible for the processing of personal data governed by Regulation (EU) 2016/679 of the European Parliament and of the Council of April 27, 2016, relating to the protection of natural persons with regard to the processing personal data and the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation). This regulation is hereinafter referred to as the GDPR .
The processing of personal data is also governed by French law no. 78-17 of January 6, 1978 relating to data processing, files and freedoms (amended).
The data controller wishes to entrust the processing of personal data to the subcontractor, in accordance with Article 28 of the GDPR. The parties undertake to strictly comply with the GDPR, which will apply in all circumstances, notwithstanding any possible stipulation to the contrary.
Subcontractor declaration
The processor declares that it provides the necessary guarantees regarding the implementation of appropriate technical and organizational measures so that the processing meets the requirements of the GDPR and guarantees the protection of the rights of the data subject.
Characteristics of the processing of personal data
The data controller defines its characteristics as follows.
Purpose of processing – The purpose of processing is commercial prospecting.
Duration of processing – Processing is carried out from the start of the contract until the end of our partnership.
Nature and purpose of processing – Automated prospecting .
Type of personal data – B2B contact file .
Categories of data subjects – B2B companies
Obligations and rights of the data controller
The data controller determines the purposes and means of the processing of personal data.
The data controller guarantees that the processing is lawful and that personal data is collected and processed by him in accordance with the GDPR and French law. The data controller guarantees in particular that it provides the required information to the persons concerned by the processing operations, at the time of data collection when personal data is collected from the data subject, or within the required time limits when the personal data has not been collected from the data subject, in accordance with Articles 12 to 14 of the GDPR. The data controller guarantees the subcontractor against the consequences of a possible failure by the data controller to fulfill its obligations under the GDPR.
The data controller will communicate to the subcontractor all the information necessary to enable it to perform its services in compliance with the GDPR and French law.
Obligations of the subcontractor
The processor does not under any circumstances determine the purposes and means of the processing. Otherwise, he is considered a data controller with regard to the processing concerned.
The processor and any person acting under its authority with access to personal data may not process such data, except on instructions from the controller, unless obliged to do so by European Union law or the law of a Member State.
The processor only processes personal data on the documented instructions of the controller, including with regard to transfers of personal data to a country third to the European Union or to an international organization, unless it is not required to do so under European Union law or the law of the Member State of the European Union to which the subcontractor is subject; in this case, the processor informs the controller of this legal obligation before processing, unless the relevant law prohibits such information for important reasons of public interest.
The processor shall ensure that persons authorized to process personal data undertake to respect confidentiality or are subject to an appropriate legal obligation of confidentiality.
The processor takes all measures required under Article 32 of the GDPR.
The processor takes into account the nature of the processing, assists the controller, through appropriate technical and organizational measures, to the greatest extent possible, to fulfill its obligation to respond to requests made by the data subjects. the processing contact it in order to exercise their rights provided for in Chapter III of the GDPR.
The processor helps the controller to ensure compliance with the obligations provided for in Articles 32 to 36 of the GDPR , taking into account the nature of the processing and the information available to the processor.
The processor shall immediately inform the controller if, in his opinion, an instruction constitutes a violation of the GDPR or other provisions of Union or Member State law relating to data protection.
Data retention and destruction
At the choice of the controller, the processor deletes all personal data or returns them to the controller at the end of the provision of services relating to the processing, and destroys existing copies, unless the right of the controller The European Union or the applicable law of a Member State requires the retention of personal data.
Audit
The processor makes available to the controller all the information necessary to demonstrate compliance with the obligations provided for in this contract and to enable audits, including inspections, to be carried out by the controller or another auditor that he mandated, and contribute to these audits.
Other subcontractor
The subcontractor complies with the following conditions to recruit another subcontractor.
The processor does not recruit another processor without the prior written authorization, specific or general, of the controller. In the case of a general written authorization, the processor shall inform the controller of any planned changes regarding the addition or replacement of other processors, thereby giving the controller the opportunity to raise objections against these changes.
When a processor recruits another processor to carry out specific processing activities on behalf of the controller, the same data protection obligations as those set out in this contract are imposed on that other subcontractor. -processing by contract or, where applicable, by means of another legal act under European Union law or the law of a Member State, in particular with regard to providing sufficient guarantees as to the implementation implementation of appropriate technical and organizational measures so that the processing meets the requirements of the GDPR. Where this other processor fails to fulfill its data protection obligations, the original processor remains fully responsible to the controller for the performance by the other processor of its obligations.
Duration
This contract will be in force for the entire period of time the personal data is held by the subcontractor. It will govern the subcontracting of the personal data referred to here, at any time including after its termination.
Applicable law and jurisdiction clause
This contract is subject to French law and the exclusive jurisdiction of the courts territorially competent for the city of Paris, France.
Hereinafter designated the data controller.
Francois KOLLI DPO – dpo@magileads.eu
Company KA-Groupe – MAGILEADS
40 Rue de Plaisance, 75014 Paris
RC / Siret number: number 848746632
APE code: 7022Z
VAT / VAT number: FR93 848746632