The purpose of the present clauses is to define the conditions under which the Company PROOFTAG SAS (hereinafter “Prooftag”) undertakes to carry out on behalf of the Customer (hereinafter “the Processing Manager”) the Personal Data Processing Operations defined hereafter. Within the framework of their contractual relations, the parties undertake to comply with the regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 applicable as of 25 May 2018 (hereinafter, the “European Data Protection Regulation”, “EDPR” or “Regulation”) hereafter GDPR
Prooftag is authorized to process on behalf of the Processing Manager the personal data necessary to provide the following services: Implementation of the ProoftagCerv online service platform, provision of information enabling the latter to supervise the distribution and implementation of its products or documents, and technical support.
The nature of the operations carried out on the data is the analysis of the information in order to correct erroneous information, the performance of computer maintenance tasks to ensure the availability of the service, and the provision of functional advice on the use of data entry and exploitation software.
Prooftag undertakes to comply with the provisions of the GDPR within the framework of its obligations.
The Processing Manager undertakes to define the data collected in compliance with the GDPR.
The legal basis of the processing operation is the execution of the service contract.
The categories of data subjects are the customers of the Processing Manager.
For the execution of the service, which is the object of the present clauses, the Processing Manager provides Prooftag with the following necessary information:
Prooftag undertakes to:
It is the responsibility of the Processing Manager to provide information to the persons concerned by the processing operations at the time of data collection.
As far as possible, Prooftag must help the Processing Manager to fulfil its obligation to respond to requests to exercise the rights in relation of data: right of access, rectification, deletion and opposition, right to limit processing, right to portability of the data, right not to be subject to an automated individual decision (including profiling). When the concerned persons make requests to Prooftag to exercise their rights, Prooftag must send these requests upon receipt by e-mail to the Data Protection Officer of the Processing Manager or to the representative of the Processing Manager.
Prooftag notifies the Processing Manager, as soon as possible after becoming aware of it, of any violation of personal data for which it is responsible, by e-mail to the Processing Manager . This notification shall be accompanied by any useful documentation to enable the Processing Manager, if necessary, to notify the competent supervisory authority of the breach.
Prooftag may assist the Processing Manager in carrying out impact analyses relating to data protection. Prooftag may assist the Processing Manager in carrying out any prior consultation of the control authority system.
In application of article 32.1 of the GDPR, the Processing Manager and Prooftag acknowledge that they implement the appropriate technical and organizational measures in order to guarantee a level of security appropriate to the risks.
Prooftag is responsible for the security of the outsourced processing only for those aspects falling within its control. The Processing Manager remains responsible for the security and confidentiality of its information systems and its internal policy for access to the Software, particularly in the definition and allocation of functional roles. It is the responsibility of the Processing Manager to ensure that the uses and configuration choices of the ProoftagCerv online service platform at his disposal meet the requirements of the Regulation. Prooftag has no obligation to protect personal data that is stored or transferred by the Processing Manager outside the Software provided by Prooftag:
At the end of the provision of services relating to the processing of this data, Prooftag undertakes, at the choice of the parties:
a. To destroy all personal data or
b. To return all personal data to the Processing Manager, or
c. To send the personal data to the processor designated by the Processing Manager .
The return must be accompanied by the destruction of all existing copies in the Subcontractor’s information systems. Once they have been destroyed, Prooftag must justify the destruction in writing.
Any communication to the DPO should be addressed to:
PROOFTAG SAS, 1100 av de l’Europe – 8200 Montauban – France
Prooftag declares that it keeps in writing a register of all categories of processing activities carried out on behalf of the Processing Manager, including:
Upon request, Prooftag will provide the Processing Manager with the documentation necessary to demonstrate compliance with all its obligations and to enable audits, including inspections, to be carried out by the Processing Manager or another auditor that it has mandated, and to contribute to these audits.
The Processing Manager undertakes to:
The general conditions set out above are applicable from the signature of the contract and during the entire period of execution of the contract between, in accordance with the European Data Protection Regulation.