The Terms and Conditions of Service ("Terms and Conditions of SAAS Services") apply to the services provided by Regate SAS to Customers who order the service or whose name appears on the order form. Please read these Terms of Service carefully. By subscribing to our services, you declare that you have read and accepted without reservation the latest version of this contract. The services are only available for professional use and to persons over the age of 18.
THE FOLLOWING IS RECALLED BEFOREHAND:
Capitalized terms used in this document and in the annexes have the meaning given in Annex I.
The purpose of this Contract is to set out the conditions under which REGATE (i) provides access to its Platform hosting the Solution, the Modules of which the Client wishes to use have been the subject of an Order Form, and (ii) provides the Client with the Services described herein and subscribed to in the corresponding Order Forms.
The provisions of this Contract shall apply to each Order Form and shall form an integral part thereof. It is expressly recalled that for the Payment Module, the applicable conditions are those of S-Money, REGATE's partner and payment service provider; REGATE being then agent of S-Money, registered with the ACPR in the Regafi Register. The conditions related to this service shall be transmitted and signed at the time of the subscription to the Payment Module.
The Contractual Documents consist of the following documents:
The present General Conditions take effect from the date of the order form.
Unless otherwise specified in the Purchase Orders, each Purchase Order shall take effect from the date of signature by the last of the two Parties.
These General Conditions are concluded for an indefinite period and may be terminated by either Party at any time, by notification of a registered letter with acknowledgement of receipt, subject to three (3) months notice. It being understood that the provisions hereof shall remain in force to govern the performance of the current Purchase Orders and shall in any event terminate upon expiry of the Purchase Orders. No new Purchase Orders may be entered into as from the period following the notification of termination, unless otherwise agreed by the Parties.
Each Purchase Order shall take effect from the effective date provided for in 4.1.2 above and shall remain in force for a minimum period of one year from the effective date, renewable for successive periods of the same duration, unless terminated by registered letter with acknowledgement of receipt, sent to the other Party giving three months' notice prior to the anniversary date.
In the event of fraudulent behaviour and/or non-compliance by the Client with the conditions of use of the Platform, REGATE may, before any possible termination procedure in accordance with Article 4.4 below, decide to suspend all or part of the Services, if the Client persists after 5 days from the warning sent by REGATE by e-mail, in not complying with the said obligations or in not remedying the breach.
In the event of a serious or repeated breach by either Party of one or more of its contractual obligations which is not remedied (if the breach is reparable) within a period of thirty (30) calendar days, as from the sending of a registered letter, the present contract may be terminated, as of right, by the non-offending Party by sending a letter to the other Party by registered post with acknowledgement of receipt, with the termination taking effect 5 working days after receipt of the said registered post with acknowledgement of receipt.The following in particular shall be considered as breaches giving rise to the right to terminate the Agreement: failure to comply with the confidentiality and intellectual property rights commitments of the Solution, and the provisions relating to the management of personal data.
The Parties agree that the Purchase Order may be composed of several Services and several Modules depending on the Customer's choice. The Purchase Orders may be terminated by operation of law in the event that one of the Parties fails to fulfil its obligations relating to the said Purchase Order and does not remedy such failure within thirty calendar days of the sending of a registered letter. In particular, the following are considered to be breaches specific to the Purchase Orders which may lead to termination
At REGATE's initiative: in the event of non-payment of invoices relating to a Purchase Order more than 30 calendar days after formal notice, in the event of non-compliance by the Client with the Usage Limits specific to each Module and each Service Level subscribed to by the Client as described in its Purchase Orders and/or in the event of serious or repeated failure by the Client to fulfil its obligations hereunder.
At the Customer's initiative: in the event of serious and repeated breaches by REGATE of one of its obligations under the Purchase Order relating to the conditions of guarantee, maintenance or availability of the Modules.
If the aforementioned breach has not ceased or, where possible, been corrected or remedied, within thirty (30) days of the notification made by e-mail to the Party at fault, the Purchase Order may be terminated, by operation of law, by the other Party by sending a letter to the Party at fault by registered post with acknowledgement of receipt, with termination taking effect 5 working days after receipt of the said registered letter with acknowledgement of receipt.
In the event of termination, each Party undertakes to destroy the Confidential Information received under the Contract and REGATE undertakes to archive and not to make any use of the Customer Data processed under the Contract. The Customer Data existing in the Platform on the day of termination shall remain accessible to the Customer on request for three months following termination and shall then be archived and kept solely for the purposes of proof in the event of control by an administrative or judicial authority, litigation or the needs of the Customer, for a period of 5 years before being destroyed. It is reminded that prior to the date of termination, and at the latest within three months of the effective date of termination of the present contract, the Customer shall be responsible for recovering all its Customer Data hosted on the Platform. Furthermore, in the event of termination of this Agreement or of an Order Form, the Customer undertakes, immediately and without further formality, to (i) pay to REGATE the invoices remaining due until the effective end of the Order Form(s) concerned and (ii) cease all use of the Solution whose accessibility conditions will cease.
Before the date of the Production Start-up of the various Modules, set out in the Purchase Order, the Client shall either carry out the necessary parameterisation services itself or entrust the carrying out of these services to REGATE in accordance with the provisions of the Purchase Order. The performance of these services by REGATE shall require the prior transmission by the Client of the necessary data as required by REGATE. These services shall be deemed to be completed when the Client uses the Modules for the first time in real operation, after REGATE has notified the Client of the end of the service if these services have been entrusted to REGATE; the use of a Module in real operation shall be deemed to be acceptance.
If the Customer has expressly requested it in his Order Form, he will benefit from Training Services to optimise the use of the Solution. The conditions of the training depend on each Module to which the training relates. The details are specified in the corresponding Order Form.
To access the Solution, the Client will be provided by REGATE with Administrator Codes enabling it to give access to Users. Access control to the Service is ensured by the Client, via the "settings" section, thanks to which the Client alone determines the opening of rights and authorisations for each User. The maximum number of Users, depending on the Modules and the Service Level subscribed to, is set out in the relevant Order Form. It is the Client's responsibility to train the Users prior to using the Solution, it being recalled that if it so wishes, the Client may ask REGATE, in the context of a service provision, to provide training to the Users.The Client acknowledges that all Users are solely responsible for their personal and confidential Access Codes. Under no circumstances shall REGATE be held liable in the event of use of the Solution by a third party using a User's Access Codes. In the event that the Client becomes aware that an unauthorised person has access to the Solution, following a loss, theft or misuse of a User's Access Code, the Client must, via its administrator code, modify the Access Code concerned using the procedure provided by REGATE.
From the date indicated in the relevant Order Form, the Customer benefits from a right of access to the subscribed Modules; this right is personal, non-exclusive, non-assignable, non-transferable and limited to Users. The Customer benefits from the right to access each Module subscribed to, for its own internal needs only. In no case may the Client use the Modules to meet the needs of third parties or in the context of office services. The Client undertakes to use, and to oblige Users to use, the Modules in accordance with these Terms and Conditions, the Limits of the Order Form, the Documentation, REGATE's recommendations and the conditions of the Payment Partner for the Payment Module.
In particular, it is forbidden to :
Give access or allow access to third parties other than Users, in particular through its Access Codes;
Use the Platform in connection with and/or for the purpose of carrying out, directly or indirectly, illegal or illicit activities or for the account or needs of entities other than the company signing this agreement;
Committing any act that may, directly or indirectly, interfere with or negatively impact the Solution and/or the Platform and/or the business of REGATE ;
Disassemble, decompile, reverse engineer or otherwise attempt to discover the source code and/or structure of all or part of the Solution (except as expressly provided by law);
Remove or alter any trademarks, logos, slogans, copyrights, proprietary or confidentiality notices, symbols, etc. on the Platform and/or the Documentation;
Disclose to any third party any results of performance testing, functionality testing or evaluation of the Platform and/or Services without REGATE's prior written consent;
Communicate the Documentation to any non-user third party;
Exceeding the Usage Limits specific to each Module and each Service Level; it being specified that any usage beyond these Limits will expose the Customer to additional billing as detailed in the relevant Purchase Order. In this respect, REGATE will regularly alert the Client if it approaches the Usage Limits to which it has subscribed.
The Client undertakes to inform REGATE of any malfunction that may affect all or part of the Solution so that REGATE can remedy it as soon as possible.
For the entire duration of the present contract REGATE will make its best efforts to guarantee a monthly availability rate of 99.5% of the Solution [ except for unavailability due to force majeure, internet network problems, problems with the Client's network, or scheduled maintenance operations for which REGATE will endeavour to give the Client at least three days' notice.
The Customer has access through the Platform, via his account, to all his Customer Data (whether invoices, fees or other) that have been integrated into it during the current and previous calendar year. However, all previous Customer Data will no longer be accessible through the Platform.
The implementation of certain Modules, in particular the Payment Module, may require checks prior to being made available by REGATE or its Partners, to take account of regulatory provisions, which the Client accepts. REGATE shall not be held responsible if its Partner, in particular for the Payment Module, refuses to give access to its Module after the above-mentioned checks.
8.1 REGATE guarantees the compliance of the Solution Modules with the Documentation provided that the Modules are used in accordance with the Documentation and that [all technical requirements and] the Limits of Use indicated in the Order Form relating to the Modules and Service Level subscribed to, have been respected.These Modules are provided "as is" and REGATE provides no warranty other than those provided herein, in particular no warranty of uninterrupted or error-free operation or of the suitability of the Modules or the Solution for any particular need or use of the Customer. The Customer alone shall assess the relevance of the data and information derived directly or indirectly from the Modules or the Solution to its business and shall be solely responsible for any decisions taken on this basis.
8.2 REGATE provides the Customer, according to the Service Levels subscribed to, with the Chat and Telephone Support necessary for the understanding and resolution of Anomalies. This support cannot be used to resolve problems related to the Internet connection, equipment or computer configuration of the Customer or Users, which are their responsibility.
8.3 In the event of anomalies affecting the operation of a Module in relation to the Documentation, the Client shall notify REGATE by opening a trouble ticket on the Platform portal or by sending a message by e-mail to the support service and REGATE shall make its best efforts to correct it or, by default, to provide a workaround solution as soon as possible.
8.4 The Client shall automatically benefit from any updates made by REGATE to the subscribed Modules. On the other hand, the Evolutionary Maintenance does not include the provision of new functionalities of the Modules, nor new Modules; the Client may, however, subscribe to these new features at any time, within the framework of an Order Form.
8.5 The provisions relating to the guarantees and maintenance support of the Payment Module are indicated in Appendix 2 and provided by S-Money, it being specified that the Client shall forward any complaints about the Payment Module to REGATE, which shall transmit them to S-Money.
REGATE undertakes to appoint a person to act as the Customer's sole contact for the duration of this Contract and the Purchase Order(s). This contact person shall be responsible for the follow-up and settlement of all incidents reported by the Client that may occur during their execution. Similarly, the Customer undertakes to designate a contact person with whom REGATE can discuss this Contract and the Purchase Order(s).
The Client has chosen the Solution with full knowledge of the facts, taking into account the technical and functional characteristics specified in the Documentation. The Client undertakes to implement the technical requirements as indicated by REGATE. It is recalled that the Parties shall cooperate in good faith throughout the duration of the Contract and shall provide each other with information useful for understanding or performing their own obligations. The Client shall be responsible for ensuring that all its Users comply with the conditions and Limits of use of each Module applicable to its profile and the Service Level to which it subscribes.
The Client acknowledges that for the implementation of certain Modules, in particular the Payment Module, he/she may be required to provide REGATE with updated information concerning him/her, in order to comply with regulatory requirements. The Client undertakes to provide this information on first request, the failure to do so may oblige REGATE to suspend or terminate the service concerning the Module concerned, by registered letter with acknowledgement of receipt, without any compensation due to the Client.
The Customer shall pay a specific fee calculated according to the Modules chosen and the Service Levels subscribed to. The prices are detailed in its Order Forms. The Customer is solely responsible for the payment of the Fee and for the payment of any tax and/or duty related to the performance of the Contract. Invoices are issued electronically and must be paid, by bank transfer, on receipt of the invoice. Prices may be revised each year. In this case, REGATE shall send the Client the new prices applicable for the following contractual year at least 4 months before the anniversary date of the Purchase Order. If the Client does not accept the new rates, the Client shall be free not to renew the Purchase Order and to terminate it by giving the three months' notice specified in article 4.2.2 above. Unless the said Purchase Order is terminated under these conditions, the Customer shall be deemed to have accepted the revised rates and the Purchase Order shall be renewed with the new rates.
In the event of non-payment of an invoice and without it being necessary to give the Customer prior notice of default: Late payment penalties will automatically be applied to any invoice not paid by the due date. The interest rate of these penalties shall be equal to the interest rate applied by the European Central Bank to its most recent refinancing operation (or any other rate that may succeed it) plus 10 percentage points (10%) (as published on the website of the European Central Bank http://www.ecb.int); A fixed indemnity of 40 euros for collection costs shall also be payable, in addition to the late payment penalties. In addition, and without prejudice to the foregoing, REGATE also reserves the right, at its sole discretion and without prior notice, to suspend access to the Solution or all or part of the Services until the corresponding invoices have been paid.
Any complaint about the invoices must be sent in writing to REGATE by the Client within thirty (30) calendar days of the date of receipt of the invoice concerned. The Client may not under any circumstances suspend or defer payment of the invoices even in the event of a dispute about the Services.
REGATE guarantees (i) that it holds all the intellectual property rights to the Solution, and in particular to all the graphic, sound, textual and software elements, including the underlying technology, or of any other nature, making up the Solution, subject to any modules that may benefit from an "Open Source" licence or (ii) that it has the right to make the Platform and the Solution available to the Customer.REGATE grants the Client a personal, non-exclusive, non-assignable and non-transferable right to use the Solution for the entire duration of this Contract and for the whole world. The Client thus undertakes not to infringe REGATE's intellectual property rights and shall not reproduce, represent, translate, modify or distribute, even partially, any element protected by intellectual property rights, unless it has obtained prior express authorisation. This Contract does not confer on the Client any property right in the Solution and shall not be considered as an assignment within the meaning of the Intellectual Property Code. Any reproduction of an element of the Solution by the Client without the express prior authorisation of REGATE shall constitute an act of infringement liable to criminal and civil proceedings. REGATE agrees, at its own expense, to defend the Customer (and to pay all reasonable attorneys' fees) against (or at REGATE's option, to settle by way of settlement) any action brought by a third party against the Customer alleging that all or part of the Solution [or any deliverables provided by REGATE under Purchase Orders], used in accordance with REGATE's instructions, infringes an intellectual property or other proprietary right (an "IP Action"), provided that the Customer: (a) promptly notifies REGATE in writing of such IP Action; (b) leaves to REGATE the control and direction of the investigation, preparation, defence and settlement of the IP Action, and (c) assists and cooperates fully in the defence of such IP Action. Following notice of an IP Action or any facts that may give rise to such an IP Action, REGATE may, in its sole discretion and at its option, (a) obtain for the Customer the right to continue to use the Solution, (b) replace the Module(s) [or deliverable(s)] concerned or (c) modify the Module [or deliverable] concerned so that it is no longer infringing. If REGATE considers that it is not commercially reasonable to implement any of these alternatives, it may automatically terminate the Purchase Order relating to the subject matter of the dispute by operation of law.REGATE shall have no obligations under this Article or liability for any action or claim if the IP Action is caused by or results from: (a) modification of a Module [or deliverable] by someone other than REGATE where the IP Action would have been avoided by using the version provided by REGATE, (b) the continuation by the Customer of alleged infringing activity after the Customer has been informed of it or after having received modifications that would have avoided the alleged infringement, (c) REGATE's modification of the Module in accordance with the Customer's requests, and if such modification is the cause of the infringement or (d) the use of a version other than the most recent version of the Module when the claim or action could have been avoided by using the latest version.
All data uploaded by or on behalf of the Customer to the Platform (trademarks, logos, copyrights, Personal Data, Customer Data, etc.) and the related Customer Databases are the full and exclusive property of the Customer. The Client is solely responsible for the quality, lawfulness, accuracy and relevance of the data and content it transmits in the context of the Services. The Customer grants REGATE a right to use, reproduce, store and modify the data and the related Customer Databases solely for the purpose of fulfilling its obligations under the Contract and/or any Order Form. The Customer warrants to REGATE that it has full ownership of the data and related Customer Databases and that it may freely grant REGATE the above rights of use without any third party authorisation or prior formality being required. The Customer undertakes to indemnify REGATE for any costs, losses or damages that REGATE may incur as a result of a claim by a third party against REGATE on the basis of all or part of the data or the related Customer Databases
Information on the personal data processed by REGATE as a subcontractor is set out in Annex 3 to this Agreement.
Each of the Parties may give access to Personal Data concerning its staff and more generally any person, whether employed or not, participating in its activity (corporate officers, trainees, temporary staff, consultants, etc.), to the other Party for the purposes of the Contract (invoicing, management of the commercial relationship, etc.). The Party receiving this Personal Data shall act as the corresponding Data Controller and shall comply with its obligations under the Data Regulations. In this context, each Party shall be responsible for providing on behalf of the other Party to its relevant staff any information relating to the Processing carried out by that other Party in connection with the Contract.
Each Party shall be liable for the consequences of its own misconduct causing direct, certain and foreseeable damage to the other Party. In all cases except those involving personal injury, fraud or gross negligence, the Customer's overall right to compensation, per contractual year, as a result of REGATE's proven liability under these Conditions and the Purchase Orders, is strictly limited to the sums actually received by REGATE solely under the Purchase Order concerned and for the single contractual year during which the loss occurred, whatever the legal basis of the claim and the procedure used to bring it to a conclusion.
REGATE shall not be held liable for any loss suffered by the Client in the event of :
Accidental or unintentional destruction of Customer Data by the Customer or a third party who has accessed the Platform using the Customer's Access Codes;
Destruction of Customer Data or malfunction of the Platform due to viruses, attacks or computer infiltration;Any indirect damage (even if REGATE has been informed of the potential for such damage) or unforeseeable damage to the Client or third parties and in the event of any loss of profit, loss, inaccuracy or corruption of files or Client Data, theft or misuse of Access Codes, breaches of the security of the Platform, loss of turnover or profit, loss of customers, loss of reputation, loss of opportunity, cost of obtaining a substitute product, service or technology, in connection with or arising from the non-performance or wrongful performance of the Contract;
Interruption or slowdown of the network and/or Internet connection ;
Changes to Internet browsers (Safari, Google, etc.) that no longer allow the Platform to function;
Default by the Customer and/or any of the Customer's employees;
The Client acknowledges and accepts that REGATE has entered into the Contract on the basis of the aforementioned limitations of liability, which allocate the risk fairly between REGATE and the Client.
The Client acknowledges and accepts that S-Money is solely responsible for the operation of the Payment Module and for the guarantees relating to the Payment Module, in accordance with the legal conditions set out in Appendix 2.
In the event of force majeure, as defined by law and interpreted by the French courts, the obligations of the Party prevented from performing will be suspended and its liability will not be incurred as a result. The Parties agree that disruptions to the electricity and/or internet networks shall be considered as force majeure. The Party noting the event shall immediately inform the other Party of its inability to perform its obligations. The suspension of the obligations or the delay shall in no case be a cause of liability for non-performance of the obligation in question, nor shall it lead to the payment of damages or penalties for delay.Notwithstanding the foregoing, the obligation to pay shall not be affected by a case of force majeure.
The Client acknowledges that REGATE's infrastructures and in particular the Platform may be subject to checks by supervisory authorities, administrative or judicial control authorities, requiring the Client to provide proof of certain payments, in particular in the context of regulations relating to the fight against money laundering. In the same way, in the event of a control being carried out on the Platform operated by REGATE in relation to the Client's Data, REGATE undertakes to collaborate closely and to give the controllers access to the Client's information required, subject to the Client being fully informed.
Under the terms of this Agreement, each of the Parties undertakes to respect a general obligation of confidentiality with regard to information obtained from the other Party. All documents and information of any nature whatsoever (commercial, technical, financial, structural, etc.) emanating from a Party, and to which the other Party will have access in the course of the performance of the Agreement, will be considered by the latter to be strictly confidential (the "Confidential Information"). The Parties shall therefore refrain from communicating to anyone, directly or indirectly, all or part of the Confidential Information of any kind, which shall have been communicated to them by the other Party or of which they shall have become aware during the performance of the present Agreement. The obligation of confidentiality shall remain in force five (5) years after the termination of the present Agreement for any reason whatsoever.
The following information and/or documents shall not be considered confidential
known to the public at the time of their communication,
of which REGATE was aware prior to their transmission by the Client,
the disclosure of which has been authorised in writing by the other Party,
developed by REGATE in good faith,
disclosed by virtue of a decision of a competent authority.
In the event of a dispute arising from the conclusion, interpretation, performance or termination of these Terms and Conditions and the Order Forms, the Parties agree to meet in order to attempt to reach an amicable agreement within fifteen (15) calendar days of receipt of a registered letter with acknowledgement of receipt from one of the Parties. If at the end of this period, the Parties are unable to reach an agreement, the dispute shall be submitted to the competent courts of Paris.
In express derogation of the provisions of Article 2224 of the Civil Code, the Parties agree that any action that may be brought on the basis of a breach of obligations by one Party shall be time-barred after a period of one year from the date on which the other Party knew or should have known the facts enabling it to bring such action.
The Client expressly authorises REGATE to (i) use the Client's name/logo/brand, in strict compliance with its graphic charter, as a commercial reference (in particular, a list of REGATE's Client references and public announcements on REGATE's professional social networks), (ii) produce a public Client case study of the "Customer Success Story" type consisting of articles, slides and videos which will be published in the press, on the Internet and at REGATE events, (iii) potentially take part in external events (testimonies, breakfasts, conferences, etc) with REGATE) with REGATE, (iv) to respond to solicitations and take references from REGATE prospects, (v) to communicate on the choice of REGATE by the Client upon signature of this agreement. This authorisation by the Client is a substantial and determining condition of REGATE's consent to contract with the Client under the financial conditions set out herein.
If any of the provisions hereof should be declared null and void or unenforceable, it shall be modified in order to obtain its validity or shall be deemed unwritten but shall not entail the nullity or invalidity of these Terms and Conditions or of its other provisions. The Parties undertake to use their best efforts to replace any invalid or void clause with a new clause that comes as close as possible to the original intention of the Parties.
The fact that REGATE does not at a given time avail itself of all or part of the provisions hereof and/or tolerates a breach by the Client of one of its obligations hereunder shall not be interpreted as a waiver by REGATE of its right to avail itself of any of the aforementioned provisions at a later date.
The rights and obligations hereunder are not assignable or transferable by the Client, either in part or in whole, without the express written consent of REGATE, which may accept or reject such assignment or transfer. Any change of control within the Client shall also be covered by this provision. REGATE reserves the right to assign or transfer the contract to a third party of its choice who shall be bound by all the terms hereof. In the event of an assignment of this agreement in accordance with this paragraph, the Client acknowledges that REGATE shall be validly discharged.
REGATE reserves the right to subcontract all or part of the Services to a service provider of its choice within the European Union.
Nothing herein shall create or be deemed to create a partnership, joint venture, association, principal-agent or employer-employee relationship between the Parties.
The penalties applicable in the event of non-compliance by the Parties with their obligations are hereby determined and each of them waives any action for specific performance or to enforce the obligations of the other Party itself.
The Client undertakes not to hire, have hired, or have employed, directly or indirectly, without REGATE's prior written consent, any of REGATE's employees for the entire duration of the present contract and for one (1) year after the termination of the contractual relationship defined herein. In the event of a breach of the provisions of this article, the Client shall pay REGATE a lump sum equal to twenty-four (24) months of gross monthly remuneration of the person in question
Refers to the person named by the Client in the Purchase Order, who is by default the Client's main contact point. He/she is the central point of communication between the Client and REGATE for the operational aspects of the Service.
Means any reproducible malfunction or non-conformity of a Module with respect to the Documentation while the Module is being used in accordance with its Documentation (excluding anomalies resulting from an action of the Customer).
Refers to any Anomaly that causes the shutdown or total unavailability of a Module.
Refers to any Anomaly that causes the shutdown or total unavailability of an essential function of a Module.
Refers to any Anomaly without significant impact on the use of a Module.
Refers to the document specifying the Modules chosen by the Customer and the associated Services and all the conditions useful for the proper execution of the order.
Means, together, the unique identifier and password allowing access to the Solution by the Client or the User.
Payment account associated with an IBAN opened in the Payment Partner's accounts on behalf of the Customer
Means the documentation relating to each Module, available online or on physical media and describing the features, functionality and Limitations of use of each Module. The Documentation serves as a reference for determining the compliance of a Module.
Means any data in digital format from the Client processed by the Solution. This may include invoices, charges, for example
Has the meaning given to it in Article 4 of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data.
Means the European Economic Area comprising, at the date of the Contract, the European Union, Norway, Iceland and Liechtenstein.
Limits of use
Restrictions of use applicable to each Module and depending on the Customer's Profile and the Service Level subscribed to by the Customer. Depending on the Modules, these Usage Restrictions may relate to the number of Users, the number of invoices, the number of entities, etc.
Refers to the corrective maintenance and assistance/support service, the amount of which is included in the Fee.
Means the date from which each Module is available online for the benefit of the Customer's Users.
Means at the date of signature of the Contract the Supplier Invoice Module, the Payment Module and the Expense Report Module and any new Module that may be proposed by REGATE in the future within the framework of the present Contract. Each Module is a component of the Solution.
Supplier Invoices Module
Refers to the module for receiving, reading, posting and clearing supplier invoices.
Refers to the module allowing the payment of supplier invoices on the Platform with REGATE's Payment Partner, S-Money, at the date of signature of the present document. This Module is subject to the S-Money legal terms and conditions set out in Appendix 2.
Expense Report Module
Refers to the module used to submit and validate the Customer's employee expense reports.
Category of service level provided by REGATE. The content of the services varies according to the Level subscribed to as indicated in the Order Form
Banking partner, provider of the Payment Module
Refers to any natural person (customer, employee, service provider, supplier, etc.) whose personal data may be processed within the framework of the Contract.
Means the infrastructure (hardware and software) of REGATE which integrates the Solution accessible by the Client in SaaS mode.
Purpose of the supply by REGATE of what is due to the Client under the Purchase Orders, namely access to the Modules and the Services ordered.
Type of Customer, benefiting from distinct Services due to their Profile.
Enterprise Customer Profile
TO BE DEFINED
Self Service Customer Profile
TO BE DEFINED
Refers to the amount owed by the Client to REGATE in return for the right to use the Solution. The Fee depends on each Module making up the Solution and the Service Level subscribed to by the Client. It is billable and payable under the conditions set out in the relevant Purchase Order.
Refers to the applicable regulations on the use of Personal Data, resulting from Regulation (EU) 2016/679 on the protection of individuals with regard to the processing of personal data and on the free movement of such data (the "RGPD") and Law No. 78-17 of 6 January 1978 on information technology, files and freedoms, as well as any regulations intended to supplement or replace it. All terms not defined in this Agreement but which are defined or referred to in the RGPD shall be deemed to have the meaning given to them in the RGPD.
Refers to the services provided by REGATE and related to the Solution. The hosting services of the Platform and the Maintenance of the Solution are included in the Fee for each Module, according to the Service Level subscribed to.
The Services of configuration, training, or other are subject to an Order Form and may be invoiced in addition to the Modules.
Refers to the computer program installed on the Platform, made up of one or more Modules.
The composition of the Solution chosen by the Client is detailed in the Order Form.
Support is available, regardless of the Service Level subscribed to by the Customer, via the Platform's service desk portal open from Monday to Friday from 9am to 6pm.
Support can be accessed on the number given from Monday to Friday from 9am to 6pm, depending on the Service Level subscribed by the Customer.
Treatment or Treat
Has the meaning given to it in Article 4 of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data.
Transfer or Forward
Transferring or providing access to Personal Data, including by making it available, from the territory of an EEA country to a country outside the EEA.
Refers to the natural person authorised by the Client to benefit from access to all or part of the Solution for the internal needs of the Client's company. A user may be an employee, agent or consultant acting on behalf of the Client, as well as, where applicable, a third party advisor, accountant or chartered accountant or any third party authority in the context of an audit for example.
In the performance of this Contract, the Client is the "Data Controller" and REGATE is the "Data Processor" within the meaning of the GDPR, involved in the implementation of the processing of personal data on behalf of the Client [and the Beneficiary Companies].
By virtue of its location, the Parties are subject to European regulations on the protection of personal data:
The Sub-Contractor declares that it is aware of its obligation to provide guarantees relating in particular to the security, confidentiality and transfer of personal data that it processes within the framework of the Services, and undertakes to entrust the Processing only to personnel subject to an obligation of confidentiality, which the Client may ask it to justify, if the nature of the Processing or the criticality of the Data processed so requires.
The terms "Data, Personal Data", "Processor", "Data Processor", "Data Processing", refer to the definitions in the GDPR.
For the purposes of this clause, the following terms are contractually defined below:
In the context of the Services covered by the Contract, REGATE, acting as a Subcontractor on behalf of the Data Processors, carries out Processing of Personal Data subject to the GDPR.
Each of the Processing operations must be identifiable with regard to its purpose, duration, nature, purpose, type of Data and categories of data subjects. The required detail is provided by means of Annex 7A which the Client, and REGATE undertakes to follow the documented instructions of the Client.
The Processing is defined by the Client in its capacity as Data Controller. The Subcontractor shall only act in accordance with the documented instructions of the Client
The Processing carried out by REGATE shall be exclusively that required for the performance of the Services provided for in the Contract, any other use of the Data being prohibited without the express and prior agreement of the Client, without which any use of the Data shall constitute a misappropriation of personal data within the meaning of Article 226-21 of the French Penal Code engaging the contractual and criminal liability of REGATE.
In this context, REGATE undertakes to enable the Client to fulfil its legal obligations in relation to the respect of the rights of the persons concerned, in particular those listed in article 12.9.1 "rights of persons" and to keep and present any documentation that the Client may request in order to comply with the rights of the persons concerned.
REGATE also undertakes to inform the Client if it considers that the instructions issued by the Client are incompatible with the legal provisions on personal data.
The Client undertakes to transmit to REGATE only Data that has been pseudonymised beforehand.
The Parties agree that REGATE shall never be held liable if the Client transmits non-pseudonymised data.
The Data Processing must be carried out exclusively within the EU or the EEA.
As an exception, and if the performance of the Service justifies it, Processing outside the EU/EEA may be carried out with the prior written consent of the Client.
In any event, REGATE acknowledges that such transfers outside the EU/EEA are only possible if they meet one of the following conditions:
In this case, the Parties shall incorporate by reference in the Contract the said Standard Contractual Clauses which they undertake to ratify prior to the implementation of the processing operation(s) concerned.
REGATE will implement organisational and technical measures appropriate to the nature, scope, context, purpose of the Processing, likelihood and gravity of the risks to the rights and freedoms of individuals in the event of destruction, loss, alteration, disclosure of the Data or unauthorised access, in order to ensure the physical and logical security of the Data, in accordance with the highest of the following standards:
The security measures must guarantee the confidentiality, integrity and availability of the Data and the traceability of access at all times and include in particular:
a. Encryption of the Data in accordance with the state of the art requirements, or if requested by the Client.
b. Training of REGATE personnel who may have access to Client Data in good information security practices and regulatory compliance.
c. Identification and securing of premises (e.g. locked access, restricted access and requiring authorisation and authentication).
d. Identification and strict control of access by REGATE staff to the Data and environments supporting the services delivered to the Client (named accounts, password policy, traceability of access and actions, account review, etc.).
e. Logical security (e.g. network segmentation, hardening of configurations, anti-intrusion probes, firewalls, authentication and archiving of access to the Data, incident simulation, clocks synchronization).
f. Protection of administration interfaces against unauthorised access (use of VPN, strong authentication, use of secure and encrypted protocols).
g. Maintaining the security conditions of all the elements under REGATE's responsibility (backups, security monitoring, patch management).
h. For systems exposed on public networks, the implementation of appropriate security measures (reverse proxy, WAF, anti-DDoS).
i. The implementation of a technical architecture that meets the requirements expressed by THE CUSTOMER in terms of availability.
j. The securing of Data exchange flows so that they cannot be exploited by an unauthorised third party.
k. The historicisation of activities on the computer system: the elements monitored are listed with an indication of their retention period (at least one year unless there are regulatory constraints).
l. Protection of IT environments by up-to-date antivirus software (programmes and virus signatures).
m. Secure destruction of Data media at the end of their life or before they are reused.
n. Implementation of control procedures to ensure the level of security, of which the Client may ask to receive the results and the corresponding action plans provided that they do not contain any confidential information that REGATE must keep secret (for example: intrusion tests, vulnerability scans, security audits, etc.).
It is up to REGATE to determine the said measures and to transmit them to the Client at the latest at the conclusion of the Contract and at any time on request of the Client, or in case of modification of its security policy.
REGATE, in its capacity as a professional in the field of carrying out the Services, retains a general obligation to advise and warn concerning all these measures.
At the Client's request, REGATE will make available the information strictly necessary and relating to the technical and organisational means for the verification of the activities covered by these clauses.
In any case, such verification :
The Client shall inform REGATE of the start of the audit with at least one month's notice. If compliance problems are revealed, they will be studied in the framework of a contradictory review in order to decide on the necessary corrective actions. REGATE will take the necessary measures to ensure compliance. The latter shall be carried out within a reasonable period of time agreed with the Client and shall give rise to the production of a signed document demonstrating compliance. In the meantime, depending on the seriousness of the shortcomings observed, the Processing may be suspended and will not be invoiced for this period of unavailability.
In the event that, in the absence of elements that can justify it, REGATE does not authorise the verification, does not undertake any compliance work or does not devote the necessary resources to its completion, the Client reserves the right to immediately suspend the Processing of Data by REGATE. Such unjustified refusal shall constitute a cause for termination of the Contract.
REGATE may use one or more Subcontractors for Processing operations in the context of the Services and shall inform the Client in advance. A list of REGATE's current Subcontractors at the date of signature of this Contract is given to the Client in Appendix 4A.
In this case, REGATE undertakes to :
Where its Subcontractors fail to fulfil their obligations in relation to Data protection, REGATE remains fully responsible to the Client and undertakes to take all necessary measures to remedy the situation.
REGATE undertakes to enable the Client to fulfil its legal obligations in relation to the respect of the rights of the persons whose Data are processed under the Contract, namely :
In the event that REGATE receives, directly or through a Sub-Contractor, a request relating to the rights referred to above, it undertakes to forward it to the Client as soon as possible and at the latest within one week of the said request and not to respond to it.
REGATE undertakes to provide reasonable assistance to the Client in the event that :
In any case, and unless it is prohibited by law, REGATE shall justify its destruction within 2 (two) months of the effective end of the services. At any time, the Client may request assistance from REGATE in order to obtain the return of the Data in a readable and usable format, which shall be the subject of an estimate. REGATE undertakes to maintain the Data in at least one standard format recognised on the market.
REGATE undertakes to notify the Customer of any request for transmission or consultation of the Data issued by a judicial or administrative authority as soon as possible following such request and provided that REGATE is not legally prohibited from making such notification.
REGATE undertakes to implement and maintain procedures to detect security incidents affecting the Processing. In the event that an incident constituting a Data Breach is detected, REGATE undertakes to notify the Client within 48 (forty-eight) hours of its discovery. REGATE undertakes to carry out all useful investigations into the circumstances that may have led to such a Breach in order to remedy it without delay and to minimise the consequences for the persons whose Data are affected. REGATE undertakes to cooperate actively with the Client to ensure that it is able to meet its regulatory and contractual obligations following such a breach. It is the sole responsibility of the Client, as the Controller, to notify any Data Breach to the relevant supervisory authority and, where appropriate, to the persons affected.
Each of the Parties undertakes to keep a register of the processing activities carried out under this Contract, in accordance with Article 30 of EU Regulation No. 2016/679 of 27 April 2016.To this end, the Client and/or its Beneficiary Companies, understood as Data Processors, undertake(s) to transmit to REGATE the information necessary for the proper keeping of its register of Subcontractors, and in particular the following elements:
The Parties shall inform each other of any changes to the Processing carried out under this Contract and in particular, without this list being exhaustive, in the event of changes to the purposes of the Processing or to the technical and organisational security measures that are implemented. The Parties mutually undertake to make available to each other, on request and within a reasonable time, the parts of their register of processing activities concerning the Processing carried out under this Contract.
The Client undertakes to :
1. provide REGATE with the contracted Data;
2. document in writing any instructions regarding REGATE's processing of the Data and ensure that such documented instructions always comply with the provisions of the GDPR;
3. collect the Data in a fair and lawful manner, in accordance with the provisions of the GDPR and in particular ensure the consent of the Data Subjects and provide information to the Data Subjects about the processing operations at the time of collection of the Data;
4. To ensure, beforehand and throughout the processing, that REGATE complies with the obligations provided for by the RGPD;
5. To supervise the processing, including carrying out audits and inspections of REGATE in the conditions provided for herein.
Nature of treatment operations
Automated management of company accounts :
Description of the processing operations:
Categories of Personal Data Processed by REGATE
Platform Users' Data
Specific connection data: logs
Data on data subjects (employees or not) in the context of expense claims
Categories of People
Users as defined in Appendix 1
Employees or officers of the Customer with director or user status
External directors or users (accountant or chartered accountant, or others) acting on behalf of or for the Customer purchasing goods, products or services from the invoicing supplier
External directors or users (accountant, or chartered accountant, or others): acting in the name of or on behalf of the supplier seller, issuer of invoices
Employees (executives or non-executives, including TNS) or managers of the customer, with administrator or user status, in charge of all or part of the processing operations related to the expense reports
Duration of use and archiving of Personal Data
Platform Users' data: Data kept for the duration of the services, or as the case may be, of the contract(s) and legal conditions of services agreed with the Clients
Specific connection data: Retention for a common period of 5 years from the end of the accounting year concerned
Data relating to the persons concerned (employees or not) in the context of expense claims: Data kept for the duration of the services, or as the case may be, of the contract(s) and legal conditions of services agreed with the Clients
The execution of a contract between REGATE and its Clients