General terms and conditions of service provision in SaaS mode

The General Terms and Conditions of Service (“General Terms and Conditions of Services in SaaS mode”) apply to the services provided by Regate SAS to the Customers who order the service or whose name appears on the Purchase Order. Please read these terms and conditions of service carefully. By subscribing to our services, you declare that you have read and accepted without reservation the latest version of this Contract. The services are solely for professional use by persons over 18 years of age.

  • Regate has developed a software solution accessible in SaaS mode (the Solution) to simplify and automate the accounting process, consisting of several modules (Modules) presented [on its website].
  • After analysing the functionalities offered by the Solution and receiving the necessary information and explanations from Regate, the Customer has chosen the Modules that meet his/her/its needs and so wishes to be able to access the Solution for the internal needs of his/her/its company solely for the benefit of his/her/its Users and, in general, to benefit from the Services offered by Regate.
  • Consequently, the Customer has decided to adhere to these terms and conditions in order to obtain from Regate a right to access and use its Solution and benefit from the Services ordered.

Article 1 - Definitions

Capitalised terms used in this document and in the annexes have the meaning stated in Annex I.

Article 2 - Purpose

The purpose of this Contract is to set out the conditions under which REGATE (i) provides access to its Platform hosting the Solution whose Modules desired by the Customer have been the subject of an Order Form and (ii) provides the Customer with the Services described herein and subscribed to in the corresponding Order Forms.
The stipulations herein shall apply to each Order Form and shall form an integral part thereof. It is expressly recalled that for the Payment Module, the applicable conditions are those of S-Money, REGATE's partner and payment service provider; REGATE being then agent of S-Money, registered with the ACPR in the Regafi Register. The conditions related to this service shall be transmitted and signed at the time of the subscription to the Payment Module.

Article 3 - Contractual documents

The Contractual Documents consist of the following documents:

  • The Purchase Order(s) containing, where applicable, the Special Terms and Conditions specific to the Modules and Services ordered;
  • Consequently, the Customer has decided to adhere to these terms and conditions in order to obtain from Regate a right to access and use its Solution and benefit from the Services ordered.
  • Annex 1: Definitions
  • Annex 2: Personal Data processed by Regate in its capacity as Data Processor
  • Annex 2.A: Management of Personal Data by Regate as Data Processor

Article 4 - Effective date - Duration - Suspension - Termination

4.1 Effective date

4.1.1 Effective date of these General Terms and Conditions

These General Terms and Conditions shall take effect from the effective date of the Purchase Order.

4.1.2 Effective date of each Purchase Order

Unless the provisions state otherwise in the Purchase Orders, each such provision shall take effect from the date of signature by the last of the two Parties.

4.2 Duration

4.2.1 Duration of the General Terms and Conditions

These General Terms and Conditions are entered into for an indefinite period and may be terminated by either Party at any time, by sending a registered notification letter with acknowledgement of receipt, subject to giving three (3) months’ notice. It is hereby specified that the provisions hereof shall remain in force to govern the performance of the Purchase Orders in progress and must end in any event upon expiry of the Purchase Orders. No new Purchase Orders may be subscribed to starting from the period following notification of termination, unless otherwise agreed by the Parties.

4.2.2 Duration of Purchase Orders

Each Purchase Order shall take effect from the effective date provided for in 4.1.2 above and shall remain in force for a minimum period of one (1) year, starting from the effective date, renewable for successive periods of the same duration, unless terminated by a registered letter with acknowledgement of receipt sent to the other Party, giving three (3) months’ notice prior to the anniversary date.

4.3 Suspension

In the event of fraudulent behaviour by the Customer and/or the Customer failing to comply with the terms and conditions of use of the Platform, Regate may, before any termination procedure is implemented in accordance with Article 4.4 below, decide to suspend all or part of the Services if the Customer has still not complied with said obligations or remedied the breach five (5) days after Regate warns him/her/it by email.

4.4 Termination

4.4.1 Termination of these General Terms and Conditions

In the event of either Party seriously or repeatedly breaching one or more of its contractual obligations and said breach remaining unremedied (if the breach can be remedied) thirty (30) calendar days after a registered letter is sent, this Contract may be terminated ipso jure by the non-defaulting Party by sending a letter to the other Party by registered letter with acknowledgement of receipt, said termination taking effect five (5) working days after said registered letter with acknowledgement of receipt is received.Breaches considered as giving rise to the right to termination include non-compliance with the confidentiality undertakings and intellectual property rights of the Solution and the provisions relating to the management of Personal Data.

4.4.2 Termination of Purchase Orders

The Parties agree that the Purchase Order may consist of several Services and several Modules depending on the Customer’s choices. The Purchase Orders may be terminated ipso jure in the event that one of the Parties breaches its obligations relating to said Purchase Order and does not remedy it within thirty (30) calendar days of the sending of a registered letter with acknowledgement of receipt. The events that are considered breaches specific to Purchase Orders that may result in termination include the following:

  • At the initiative of Regate: in the event of non-payment of invoices relating to a Purchase Order more than thirty (30) calendar days after being served formal notice, if the Customer fails to comply with the Limits of Use specific to each Module and to each Service Level subscribed to by the Customer as described in his/her/its Purchase Orders and/or in the event of the Customer seriously or repeatedly breaching his/her/its obligations under the terms of this Contract.
  • At the Customer’s initiative: in the event of serious and repeated breaches by Regate of any of its obligations relating to the terms and conditions of warranty, maintenance and availability of the Modules, or if a change of sub-processor is refused, under the terms of the Order Form.

If the above-mentioned breach has not ceased, or where possible has been corrected or repaired, within thirty (30) days of notification by email to the defaulting Party, the Purchase Order may be terminated, as of right, by the other Party by sending a letter to the defaulting party by registered letter with acknowledgement of receipt, said termination taking effect five (5) working days after receipt of said registered letter with acknowledgement of receipt.

4.5 Consequences of termination

In the event of termination, each Party undertakes to destroy the Confidential Information received in the context of the Contract.Furthermore, Regate undertakes to archive and not make any use of the Customer Data processed in the context of the Contract. The Customer Data existing in the Platform on the termination date shall remain accessible to the Customer upon request during the three (3) months following the termination of the Contract and shall be archived and retained for the sole purpose of proof in the event of an inspection by an administrative or judicial authority, litigation or the Customer’s needs, for a period of five (5) years before being destroyed. It is hereby stated that prior to the termination date, and no later than three (3) months after the effective date of termination hereof, the Customer shall be responsible for retrieving all his/her/its Customer Data hosted on the Platform. Furthermore, in the event of termination of this Contract or of a Purchase Order, the Customer undertakes, immediately and without further formality, to (i) pay Regate all invoices due up to the effective expiry of the Purchase Order(s) concerned, and (ii) cease all use of the Solution, whose terms and conditions of accessibility will cease.

Article 6 - Commissioning conditions

6.1 Acceptance of the Platform and Services

Before the Go Live date of the various Modules, set out in the Purchase Order, the Customer must either perform the necessary configuration services itself or entrust their performance to Regate pursuant to the provisions of the Purchase Order. The performance by Regate of these Services will require the Customer to have provided the necessary data as required by Regate.Said Services are deemed completed when the Customer first uses the Modules in live operation, after Regate has informed the Customer that provision of said Services has ended if their provision was entrusted to Regate; the use of a Module in live operation constitutes acceptance.

6.2 Training

If the Customer has expressly so requested it in his/her/its Purchase Order, he/she/it will receive training Services to optimise the use of the Solution.  The terms and conditions of the training depend on each Module to which the training relates. The details are specified in the corresponding Purchase Order.

Article 7 - Conditions of access and use of the platform

7.1 Access conditions

To access the Solution, the Customer shall be provided with Administrator Codes by Regate to enable him/her/it to grant access to the Users. Access to the Service is controlled by the Customer via the “settings” section, through which the Customer alone determines the opening of each User’s rights and authorisations. The maximum number of Users, depending on the Modules and the Service Level to which the Customer subscribes, is fixed in the relevant Purchase Order. The Customer is responsible for training the Users prior to them using the Solution, on the understanding that if he/she/it so wishes, the Customer may ask Regate, as part of the provision of services, to provide training to the Users.The Customer acknowledges and agrees that all Users are solely responsible for their personal and confidential Access Codes. Under no circumstances may Regate be held liable if the Solution is used by a third party using a User’s Access Codes.  In the event that the Customer becomes aware that an unauthorised person has access to the Solution following the loss, theft or misuse of a User’s Access Code, the Customer must, via his/her/its administrator code, change the relevant Access Code using the procedure provided by Regate.

7.2 Rights of use

From the date indicated in the relevant Order Form, the Customer has the right to access the subscribed Modules; this right is personal, non-exclusive, non-assignable, non-transferable and limited to Users. The Customer benefits from the right to access each Module subscribed to, for its own internal needs only. The Client undertakes to use, and to oblige Users to use, the Modules in accordance with these Terms and Conditions, the Limitations of the Order Form, the Documentation, REGATE's recommendations and the Payment Partner's conditions for the Payment Module.

In particular, it is forbidden to:

  • Grant or provide access to third parties other than the Users, including through its Access Codes;
  • Use the Platform in relation to and/or for the purpose of carrying out, directly or indirectly, illegal or illicit activities or on behalf of or the needs of entities other than the company signing this Contract;
  • Perform any act liable, directly or indirectly, to interfere with or adversely affect the Solution and/or the Platform and/or Regate’s business;
  • Disassemble, decompile, reverse-engineer or attempt to discover in any way whatsoever the source code and/or structure of all or part of the Solution (except where expressly provided for by law);
  • Remove or alter any branding, logo, slogan, copyright, proprietary or confidentiality notice, symbol, etc. appearing on the Platform and/or in the Documentation;
  • Disclose to any third party any results of performance tests, functionalities or evaluation of the Platform and/or Services without the prior written consent of Regate;
  • Provide the Documentation to any non-User third party;
  • Exceed the Usage Limits specific to each Module and each Service Level; it being specified that any use beyond these Limits exposes the Customer to additional invoicing as detailed in the relevant Purchase Order. In this respect, Regate shall regularly alert the Customer if he/she/it approaches the Usage Limits to which he/she/it has subscribed.

The Customer undertakes to inform Regate of any malfunction that may affect all or part of the Solution so that Regate can remedy said malfunction as soon as possible.

7.3 Availability

Throughout the period of this Contract, Regate shall use its best efforts to guarantee a monthly availability rate of the Solution of 99.5% [with the exception of unavailability due to a case of force majeure, an internet network problem, a Customer network problem, or scheduled maintenance operations for which Regate shall endeavour to inform the Customer with a minimum of three (3) days’ notice.

7.4 Customer Data

The Customer has access through the Platform, via its account, to all its Customer Data (invoices, fees or other) that have been entered into it during the current year and the previous calendar year. However, all previous Customer Data will no longer be accessible via the Platform.

7.5 Provisions specific to certain Modules

The implementation of certain Modules, including the Payments Module, may require checks prior to their provision by Regate or its Partners, to take into account regulatory provisions, which the Customer accepts. Regate shall not be held liable if its Partner, including for the Payments Module, refuses to grant access to its Module after the aforementioned checks.

Article 8 - Warranty and Maintenance

REGATE guarantees the compliance of the Solution Modules with the Documentation provided that the Modules are used in accordance with the Documentation and that [all technical requirements and] the Limits of Use indicated in the Order Form relating to the Modules and Service Level subscribed to, have been respected.These Modules are provided "as is" and REGATE provides no warranty other than those provided herein, in particular no warranty of uninterrupted or error-free operation or of the suitability of the Modules or the Solution for any particular need or purpose of the Customer. The Customer alone shall assess the relevance of the data and information derived directly or indirectly from the Modules or the Solution in relation to its business and shall be solely responsible for any decisions taken on this basis.

REGATE provides the Customer, according to the Service Levels subscribed to, with the Chat and Telephone Support necessary to understand and resolve the Anomalies. This support cannot be used to resolve problems related to the Internet connection, equipment or computer configuration of the Client or Users, which are their responsibility.

In the event of Anomalies affecting the operation of a Module in relation to the Documentation, the Client shall notify REGATE by opening a trouble ticket on the Platform portal or by sending a message by e-mail to the support department and REGATE shall make its best efforts to correct it or, by default, to provide a workaround as soon as possible.

The Client shall automatically benefit from any updates made by REGATE to the Modules subscribed to. On the other hand, Evolutionary Maintenance does not include the provision of new functionalities of the Modules, nor of new Modules; the Client may, however, at any time subscribe, within the framework of an Order Form, to these new features.

The provisions relating to the guarantees and maintenance support of the Payment Module are set out in Appendix 2 and provided by S-Money, it being understood that the Client will report any complaints about the Payment Module to REGATE who will pass them on to S-Money.

Article 9 - Cooperation between the parties

9.1 Contact persons of the Parties

Regate undertakes to appoint a person who will be the sole contact person for the Customer during the period of this Contract and the Purchase Order(s). Said contact person is responsible for monitoring and resolving all incidents reported by the Customer that may occur during the execution [of the Contract and Purchase Order(s)]. Similarly, the Customer undertakes to appoint a contact person with whom Regate may discuss this Contract and the Purchase Order(s).

9.2 Cooperation

The Customer has knowingly chosen the Solution, taking into account the technical and functional characteristics specified in the Documentation. He/she/it undertakes to be responsible for implementing the technical prerequisites as indicated by Regate. It is hereby stated that the Parties shall cooperate in good faith throughout the period of the Contract and shall provide each other with information useful for understanding or performing their own obligations. The Customer shall be responsible for ensuring that all his/her/its Users comply with the conditions and Usage Limits of each Module applicable according to his/her/its profile and the Service Level to which he/she/it subscribes.

9.3 Provision of information

The Customer agrees that for the implementation of certain Modules, including the Payments Module, he/she/it may be required to send Regate up-to-date information concerning him/her/it in order to meet regulatory requirements. The Customer undertakes to provide said information on first request, as failure to provide said information may force Regate to suspend or definitively terminate the service concerning the Module concerned, simply by sending a registered letter with acknowledgement of receipt, with no compensation due to the Customer.

Article 10 - Financial conditions

10.1 Fee

The Customer is liable for a specific Fee calculated according to the chosen Modules and the subscribed Service Levels. The prices are detailed in its Purchase Orders.  The Customer is solely responsible for paying the Fee and for paying any taxes and/or duties relating to the performance of the Contract. The invoices are issued electronically and must be paid by bank transfer upon receipt of the invoice. The prices may be revised annually. In this case, Regate shall send the Customer, no later than four (4) months before the anniversary date of his/her/its Purchase Order, the new rates applicable for the following contractual year. If the Customer refuses its new prices, the Customer shall be free not to renew his/her/its Purchase Order and to terminate it by complying with the three-month notice period indicated in Article 4.2.2 above. Unless said Purchase Order is terminated under these conditions, the Customer shall be deemed to have accepted the revised rates and the Purchase Order shall be renewed with the new rates.

10.2 Penalties for late payment

In the event of non-payment of an invoice and without requiring prior formal notice from the Customer: Late payment penalties will automatically apply to any invoice unpaid on its due date.  The interest rate for said penalties shall be equal to the interest rate applied by the European Central Bank to its most recent refinancing operation (or any other rate that may replace it) plus 10 percentage points (10%) (as published on the European Central Bank’s website; fixed compensation of forty euros (€40) for recovery costs shall also be payable, in addition to the late payment compensation. In addition, and without prejudice to the foregoing, Regate also reserves the right, at its sole discretion and without notice, to suspend access to the Solution or all or part of the Services until the corresponding invoices have been paid.

10.3 Claims

Any claim regarding the invoices must be sent in writing to Regate by the Customer within thirty (30) calendar days of the date of receipt of the invoice concerned.The Customer may not in any case suspend or defer payment of invoices even in the event of a dispute over the Services.

Article 11 - Intellectual property

11.1 Intellectual property rights for the Solution (and for each Module)

Regate warrants (i) that it holds all intellectual property rights to the Solution, including all graphic, sound, text and software elements, including the underlying technology, or of any other nature, comprising the Solution, subject to any modules that may have an “Open Source” licence, or (ii) that it has the right to make the Platform and the Solution accessible to the Customer.Regate grants the Customer a personal, non-exclusive, non-assignable and non-transferable right to use the Solution, throughout the period of this Contract and for the entire world. The Customer thus undertakes not to infringe Regate’s intellectual property rights and, in this respect, shall refrain from reproducing, representing, translating, modifying or disseminating, even partially, any element protected by an intellectual property right, unless expressly authorised beforehand. This Contract does not confer on the Customer any ownership right over the Solution and shall not be considered an assignment within the meaning of the French Intellectual Property Code. Any reproduction of an element of the Solution by the Customer, without the express prior authorisation of Regate, constitutes an act of piracy liable to criminal and civil proceedings. Regate agrees, at its own expense, to defend the Customer (and to assume all reasonable attorneys’ fees) against (or, if Regate so chooses, to settle by way of a settlement) any action brought by a third party against the Customer whereby all or part of the Solution [or any deliverable provided by Regate in the context of Purchase Orders], used in accordance with Regate’s instructions, would infringe an intellectual property right or other proprietary right (an “IP Action”), provided that the Customer: (a) promptly notifies Regate in writing of such IP Action, (b) leaves Regate in control and command of seeking, preparing, defending and settling the IP Action, and (c) fully assists and cooperates in the defence of such IP Action. Following notification of an IP Action or any facts that may give rise to such IP Action, Regate may, at its sole discretion and at if it so chooses, (a) obtain for the Customer the right to continue using the Solution, (b) replace the relevant Module [or deliverables], or (c) modify the relevant Module [or deliverable] so that it no longer constitutes piracy. If Regate considers that it is not commercially reasonable to implement any of these alternatives, it may automatically and ipso jure terminate the Purchase Order relating to the cause of the dispute.Regate shall in no event assume any obligations under this article or any liabilities in respect of any action or claim if the IP Action is caused by, or results from, the following: (a) the modification of a Module [or a deliverable] by a person other than Regate when the IP Action could have been avoided using the version provided by Regate, (b) the Customer’s pursuit of an alleged infringing activity after he/she/it has been informed of it or after having received modifications that would have avoided the alleged piracy, (c) the modification by Regate of the Module in accordance with the Customer’s requests, and if said modification is the cause of the piracy, or (d) the use of a version other than the most recent version of the Module when the claim or action could have been avoided by using the latest version.

11.2 Ownership of the elements provided by the Customer

All data uploaded by or on behalf of the Customer onto the Platform (trademarks, logos, copyright, Personal Data, Customer Data, etc.) and the related Customer Databases are the sole and exclusive property of the Customer. The Customer is solely responsible for the quality, legality, accuracy and relevance of the data and content that it sends in the context of the Services. The Customer grants Regate a right to use, reproduce, store and modify the data and the Customer Databases relating thereto solely for the purpose of fulfilling its obligations under the Contract and/or any Purchase Order. The Customer warrants to Regate that it holds full ownership of the data and the related Customer Databases and that it may freely grant Regate the aforementioned rights of use without any third-party authorisation or prior formality being necessary. The Customer undertakes to compensate Regate for any costs, losses or damages that the latter may incur as a result of a claim brought by a third party against Regate on the basis of all or part of the data or the related Customer Databases.

Article 12 - Personal data processed by Regate as a processor

The information relating to the personal data processed by Regate in its capacity as a processor is provided in Annex 3 of this Contract.

Article 13 - Exchange of personal data between the parties

Each of the Parties may give access to Personal Data concerning its staff and more generally any individuals, whether salaried or not, participating in its business (corporate officers, trainees, temporary workers, consultants, etc.), to the other Party for the purposes of the Contract (invoicing, business relationship management, etc.). The Party receiving said Personal Data shall act as the corresponding Data Controller and shall comply with his/her/its obligations under the Data Regulations. In this context, each Party shall be responsible for providing, on behalf of the other Party, to his/her/its personnel concerned any information relating to the Data Processing executed by said other Party in connection with the Contract.

Article 14 - Liability

Each Party shall be liable for the consequences of its own misconduct causing direct, certain and foreseeable damage to the other Party. In all cases except those involving personal injury, fraud or gross negligence, the Customer's overall right to compensation, per contractual year, as a result of REGATE's proven liability under these Conditions and the Purchase Orders, is strictly limited to the sums actually received by REGATE solely under the Purchase Order concerned and for the single contractual year during which the loss occurred, whatever the legal basis of the claim and the procedure used to bring it to a conclusion.
REGATE shall not be held liable for any loss suffered by the Customer in the event of :

  • Destruction, whether accidental or not, of the Customer Data by the Customer or by a third party that has accessed the Platform by means of the Customer’s Access Codes;
  • Destruction of Customer Data or malfunction of the Platform due to viruses, attacks or computer intrusions;Any indirect damage (even if Regate has been informed of the possibility of such damage) or unforeseeable damage to the Customer or third parties and in the event of any loss of earnings, loss, inaccuracy or corruption of files or Customer Data, theft or misuse of the Access Codes, breaches of Platform security, loss of turnover or profit, loss of customers, loss of reputation, loss of opportunity and/or the cost of obtaining a replacement product, service or technology, in relation to or resulting from the non-performance or wrongful performance of the Contract;
  • Interruption or slowdown of the network and/or Internet connection;
  • Changes to Internet browsers (Safari, Google, etc.) that no longer enable the Platform to work;
  • Breach due to the Customer and/or anyone working for the Customer;
  • Force majeure.

The Customer acknowledges and accepts that REGATE has entered into the Contract on the basis of the above limitations of liability, which allocate the risk fairly between REGATE and the Customer:

The customer acknowledges and accepts that S-Money is solely responsible for the operation of the payment module and the guarantees associated with it, in accordance with the legal conditions set out in Appendix 2.

Article 15 - Force majeure

In case of force majeure, as defined by law and interpreted by the French courts, the obligations of the prevented Party shall be suspended and his/her/its liability shall not be incurred as a result. The Parties agree that events such as disruptions to the electricity and/or internet networks shall be considered as force majeure.The Party observing the event must immediately inform the other Party that he/she/it is unable to perform his/her/its obligations. The suspension of the obligations or the delay may not under any circumstances be a cause for liability for failing to execute the obligation in question, or result in the payment of damages or late penalties.Notwithstanding the above, the payment obligation may not be affected by a case of force majeure.

Article 16 - Audit of the customer by Regate

The Client agrees that Regate’s infrastructure, and in particular the Platform, may be subject to inspections by supervisory, administrative or judicial inspection bodies that require Customers to provide evidence of certain payments, including in the context of anti-money laundering regulations.The Customer undertakes to work with Regate and to answer any requests. Similarly, if the Customer is inspected, where applicable on the Platform operated by Regate with regard to Customer Data, Regate undertakes to work closely with the Customer and to give the auditors access to the required Customer information, subject to full disclosure from the Customer.

Article 17 - Confidentiality

Under the terms of this Agreement, each of the Parties undertakes to respect a general obligation of confidentiality with regard to information obtained from the other Party. All documents and information of any nature whatsoever (commercial, technical, financial, structural, etc.) emanating from a Party, and to which the other Party will have access in the course of the performance of the Agreement, will be considered by the latter to be strictly confidential (the "Confidential Information"). The Parties shall therefore refrain from communicating to any person, directly or indirectly, all or part of the Confidential Information of any nature, which shall have been communicated to them by the other Party or of which they shall have become aware during the performance of the present Agreement. The obligation of confidentiality shall remain in force five (5) years after the termination of the present Agreement for any reason whatsoever.

Information and/or documents are not considered confidential:

  • they are in the public domain when provided,
  • they are known to Regate before the Customer provided them,
  • their disclosure has been authorised in writing by the other Party,
  • they were developed by Regate in good faith,
  • they were disclosed pursuant to a decision by a competent authority.

Article 18 - Applicable law and jurisdiction of courts

The Contract is governed by French law [and the French version shall be authentic].In the event of a dispute concerning the conclusion, interpretation, performance or termination of this Contract and the Purchase Orders, the Parties hereby agree to meet in order to try to find an amicable agreement within fifteen (15) calendar days of receipt of a registered letter with request for acknowledgement of receipt sent by either of the Parties. If, at the end of this period, the Parties are unable to reach an agreement, the dispute shall be submitted to the competent courts of Paris.

Article 19 - Miscellaneous

19.1 Prescription

By express derogation from the provisions of Article 2224 of the French Civil Code, the Parties hereby agree that any action that may be taken on the basis of a breach of a Party’s obligations shall be time-barred after a period of one (1) year starting from the date on which the other Party knew, or should have known, the facts enabling it to take said action.

19.2 Communication

the Customer expressly authorises Regate to (i) use the Customer’s names/logos/brands, in strict compliance with its house style, as a commercial reference (including Regate’s list of Customer references and public announcements on Regate’s professional social networks), (ii) produce a “Customer Success Story” Customer case study for the public, consisting of articles, slides and videos that will be published in the press, on the Internet and at Regate events, (iii) potentially participate in external events (testimonies, breakfasts, conferences, etc.) with Regate, (iv) reply to requests and take references from Regate prospects, and (v) communicate on the Customer’s decision to choose Regate as soon as this Contract is signed. This authorisation from the Customer is a material and determining condition of Regate’s consent to contract with the Customer under the financial terms and conditions set out in this Contract.

19.3 Nullity

If any of the provisions of this Contract is necessarily declared invalid or unenforceable, said provision shall be amended to obtain its validity or shall be deemed unwritten but shall not render void or invalid this Contract or its other provisions. The Parties undertake to make their best efforts to replace any invalid or void clause with a new clause that comes as close as possible to the initial intention of the Parties.

19.4 Non-waiver

The fact that Regate does not avail itself at a given time of all or part of the provisions hereof and/or tolerates a breach by the Customer of one of his/her/its obligations referred to herein may not be interpreted as any form of waiver by Regate to subsequently avail itself of one of the aforementioned provisions.

19.5 Assignment

The rights and obligations under this Contract are not assignable or transferable by the Customer, whether in whole or in part, without the express written consent of Regate, which may accept or refuse said assignment or transfer. Any change of control within the Customer shall also be covered by this provision. Regate reserves the right to assign or transfer the contract to a third party of its choice, which shall be bound by all terms hereof. In the event of this Contract being assigned in accordance with this paragraph, the Customer acknowledges that Regate shall be validly released from it.

19.6 Subcontracting

The Processor may use another processor (hereinafter the “Sub-Processor”) to perform specific processing activities. In this case, it must inform the Data Controller in writing in advance of any planned change concerning the addition or replacement of other sub-processors. When so informing the Data Controller, it must clearly indicate the subcontracted processing activities and the identity and contact details of the Sub-Processor. The Data Controller has a maximum period of thirty (30) days starting from the date of receipt of said information to present its objections. Said subcontracting may only be carried out if the Data Controller has not raised an objection within the agreed period.

19.7 Relationship between the Parties

Nothing herein shall create or be deemed to create a partnership, joint venture, association or principal-contractor or employer-employee relationship between the Parties.

19.8 Waiver of specific performance

This Contract sets out the sanctions applicable in the event of non-compliance by the Parties with their obligations and each [Party] waives any enforcement action in kind or to have the obligations of the other Party carried out.

19.9 Non-solicitation

The Customer undertakes not to hire, obtain the hiring of or obtain work for, directly or indirectly, without the prior written agreement of Regate, any employee of the latter throughout the period of this Contract and up to one (1) year after the termination of the contractual relationship defined herein.In the event of a breach of the provisions of this article, the Customer is required to pay Regate a lump sum equal to twenty-four (24) months of gross monthly pay of the individual in question.

Annex 1 - Definitions


Means the person named by the Customer in the Purchase Order, who is by default the Customer’s main point of contact. He/she centralises all communication between the Customer and Regate regarding the operational aspects of the Service.


Means any reproducible malfunction or non-conformity of a Module relative to the Documentation while the Module is used in accordance with its Documentation (excluding anomalies resulting from an action by the Customer).

Blocking Anomaly

Means any Anomaly that causes a Module to stop or be completely unavailable.

Major Anomaly

Means any Anomaly that causes an essential function of a Module to stop or be completely unavailable.

Minor Anomaly

Means any Anomaly that does not significantly affect the use of a Module.

Order form

Means the document specifying the Modules chosen by the Customer and the associated Services and all the terms and conditions useful for the proper execution of the order.

Access code(s)

Means, together, the unique identifier and password allowing the Customer or User to access the Solution.

Payment account

Payment account associated with an IBAN opened in the books of the Payment Partner in the Customer’s name


Means the documentation relating to each Module, available online or on physical media and describing the characteristics, functionalities and Limits of Use of each Module. The Documentation serves as a baseline for determining the compliance of a Module.

Customer Data

Means any of the Customer’s digital data processed by the Solution. These may be invoices or expenses, for example

Personal Data

Has the meaning given to it in Article 4 of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of individuals with regard to the processing of personal data and the free movement of said data.


Means the European Economic Area comprising, at the date of the Contract, the European Union, Norway, Iceland and Liechtenstein.

Limits of use

Usage restrictions applicable to each Module and dependent on the Customer Profile and Service Level subscribed to by the Customer. Depending on the Modules, these Usage Limits may relate to the number of Users, the number of invoices, the number of entities, etc.


Means the corrective maintenance and support service, the cost of which is included in the Fee.

Going into production

Means the date starting from which each Module is available online for the use of the Customer’s Users.


Means, at the date of signature of the Contract, the Supplier Invoices Module, the Payments Module and the Expense Reports Module and any new Module that may be proposed by Regate in the future in the context of this Contract. Each Module is a component of the Solution.

Supplier invoices module

Means the module used to receive, read, record and obtain payment authorisation for supplier invoices.

Payment module

Means the module used to pay supplier invoices on the Platform with the Payment Partner of Regate, S­money, at the date of signature of this Contract. This Module is subject to the S­money legal terms and conditions set out in Annex 2.

Expense report module

Means the Module used to submit and approve the expense reports of the Customer’s employees.

Service level

Service level category provided by Regate. The content of the Services varies depending on the Level subscribed to as indicated in the Purchase Order

Payment Partner

Banking partner, Payments Module supplier


Means any individual (customer, employee, service provider, supplier, etc.) whose Personal Data is liable to undergo Processing in the context of the Contract.


Means the Regate infrastructure (hardware and software) that includes the Solution accessible by the Customer in SaaS mode.


What Regate is due to provide to the Customer under the Purchase Orders, namely, access to the Modules and Services ordered.

Customer Profile

Type of Customer that receives different Services because of its Profile.

Enterprise Customer Profile


Self Service Customer Profile



Means the sum owed by the Customer to Regate in return for the right to benefit from the Solution. The Fee depends on each Module comprising the Solution and the Service Level subscribed to by the Customer. It is invoiced and due for settlement under the terms and conditions set out in the relevant Purchase Order.

Data Regulations

Means the regulations applicable to the use of Personal Data, resulting from Regulation (EU) 2016/679 on the protection of individuals with regard to the processing of personal data and on the free movement of said data (the “GDPR”) and Law no. 78-17 of 6 January 1978 on information technology, files and liberties as well as any regulations intended to supplement or replace it. All terms not defined in this Contract but which are contained or referred to in the GDPR shall be deemed to have the meaning given to them in said GDPR.


Refers to the services provided by REGATE and related to the Solution. The Platform Hosting and Solution Maintenance Services are included in the Fee for each Module, depending on the Service Level subscribed to.
Configuration, training or other services are subject to an Order Form and may be invoiced in addition to the Modules.


Refers to the computer program installed on the Platform, consisting of one or more Modules.
The composition of the Solution chosen by the Client is detailed in the Order Form.

Chat Support

Support available, regardless of the Service Level subscribed by the Customer, via the service desk portal of the Platform open Monday–Friday between 9am and 6pm.

Telephone Support

Support available Monday–Friday between 9am and 6pm on the number provided, depending on the Service Level subscribed to by the Customer.

Processing or Process

Has the meaning given to it in Article 4 of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of individuals with regard to the processing of personal data and the free movement of said data.


Means transferring or giving access to Personal Data, including simply making it available, from the territory of an EEA country to a country located outside the EEA.


Means the individual authorised by the Customer to benefit from access to all or part of the Solution for the internal needs of the Customer’s company.  A user may be an employee, agent or consultant acting on behalf of the Customer, as well as, where applicable, a third-party consultant, accountant or chartered accountant or any third-party authority in the context of an inspection for example.

Annex 2 - Personal data processed by Regate as a processor

In the context of the performance of this Contract, the Customer is a “Data Controller” and Regate is a “Data Processor” within the meaning of the GDPR, involved in the implementation of the processing of personal data on behalf of the Customer [and the Beneficiary Companies].

1. Background

By virtue of its location, the Parties are subject to European regulations on the protection of personal data:

  • Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 (European Data Protection Regulation) repealing Directive 95/46/EC (currently in force), applicable from 25 May 2018,
  • where applicable, the texts adopted within the European Union and the local laws that may apply to the personal data processed in the context of the Services,
  • texts and decisions issued by independent European supervisory authorities,
  • any text relating to privacy and professional secrecy,

The Processor declares that it has been informed of its obligation to provide guarantees relating in particular to the security, confidentiality and transfer of the personal data it processes in connection with the Services, and undertakes to entrust the Processing solely to personnel subject to a confidentiality obligation, which the Customer may ask it to justify, if the nature of the Processing or the criticality of the Data processed so requires.

2. Definitions

The terms "Data, Personal Data", "Processor", "Data Processor", "Data Processing", refer to the definitions in the GDPR.For the purposes of this clause, the following terms are contractually defined below:

"Transfer out of the EU" or "Processing outside the EU" or "Transfer" :

Means the transmission of Data from an EU or EEA member country to a third country or access to Data located in an EU or EEA member country from a third country (e.g. remote access to a database located in Europe);


Refers to the European Union;

"Third country":

Refers to a country that does not belong to the EU or the EEA;

"Suitability decision:

Refers to a decision adopted by the European Commission which establishes that a third country ensures an adequate level of protection of personal data by virtue of its domestic legislation or international commitments;

"Data breach" or "Breach":

Means a breach of security resulting in the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of or access to personal data transmitted, stored or otherwise processed; (i) network mapping operations such as pinging, unsuccessful or blocked access attempts on firewalls or border servers and port scans, (ii) unsuccessful or blocked connection attempts, (iii) denial of service attacks, (iv) passive or active eavesdropping on flows or encrypted data on the networks, (v) blocked or unsuccessful attempts to exploit technical or application vulnerabilities.

3. Identification of Treatments

In the context of the Services covered by the Contract, REGATE, acting as a Subcontractor on behalf of the Data Processors, carries out Processing of Personal Data subject to the GDPR.
Each of the Processing operations must be identifiable with regard to its purpose, duration, nature, purpose, type of Data and categories of data subjects. The required detail is provided by means of Annex 7A which the Client, and REGATE undertakes to follow the documented instructions of the Client.

4. Scope of the Treatments

The Processing is defined by the Client in its capacity as Data Controller. The Subcontractor shall only act in accordance with the documented instructions of the Client
The Processing carried out by REGATE shall be exclusively that required for the performance of the Services provided for in the Contract, any other use of the Data being prohibited without the express and prior agreement of the Client, without which any use of the Data shall constitute a misappropriation of personal data within the meaning of Article 226-21 of the French Penal Code engaging the contractual and criminal liability of REGATE.
In this context, REGATE undertakes to allow the Client to fulfil its legal obligations in relation to the respect of the rights of the persons concerned, in particular those listed in article 12.9.1 "rights of persons" and to keep and present any documentation that the Client may request in order to comply with the rights of the persons concerned.
REGATE also undertakes to inform the Client if it considers that the instructions issued by the Client are incompatible with the legal provisions on personal data.
The Client undertakes to transmit to REGATE only Data that has been pseudonymised beforehand.
The Parties agree that REGATE shall never be held liable if the Client transmits non-pseudonymised data.

5. Location of Data Processing

The Data Processing must be carried out exclusively within the EU or the EEA.
As an exception, and if the performance of the Service justifies it, Processing outside the EU/EEA may be carried out upon prior written information from the Client.
In any event, REGATE acknowledges that such transfers outside the EU/EEA are only possible if they meet one of the following conditions:

  • If the Processing is carried out within a third country benefiting from an Adequacy Decision;
  • If the Processing is carried out by a company established in the United States AND having adhered to the Privacy Shield or the system approved by the European Commission that is required to replace it;
  • If the processing is governed by Standard Contractual Clauses issued by the European Commission.

In this case, the Parties incorporate the Standard Contractual Clauses, which they undertake to ratify prior to the implementation of the Processing concerned, by reference to the Contract.

6. Security of Treatment

Regate shall implement organisational and technical measures that fit the nature, scope, context and purpose of the Processing and the probability and severity of the risks run for the rights and liberties of the individuals if the Data is destroyed, lost, altered or disclosed or illegally accessed, in order to ensure the physical and logical security of the Data, in accordance with the highest of the following standards:

  • the state of the art and the recommendations published by the data protection authorities or the competent administrative authorities relating to IT security,
  • and industry standards.

The security measures shall guarantee the confidentiality, integrity, availability of the Data, traceability of access, at all times and include in particular:

  • Encryption of data in accordance with the state of the art, or if requested by the Customer.
  • Training of REGATE personnel who may have access to the Client Data in good information security practices and regulatory compliance.
  • Identification and security of premises (e.g. locked access, restricted access and requiring authorisation and authentication).
  • The identification and strict control of access by REGATE personnel to the Data and environments supporting the services delivered to the Client (nominative accounts, password policy, traceability of access and actions, review of accounts, etc.).
  • Logical security (e.g. network segmentation, configuration hardening, intrusion probes, firewalls, authentication and archiving of data access, incident simulation, clocks synchronization).
  • Protection of administration interfaces against unauthorised access (use of VPN, strong authentication, use of secure and encrypted protocols).
  • Maintaining the security conditions of all the elements under REGATE's responsibility (backups, security monitoring, patch management).
  • For systems exposed on public networks, the implementation of appropriate security measures (reverse proxy, WAF, anti-DDoS).
  • The implementation of a technical architecture meeting the requirements expressed by THE CUSTOMER in terms of availability.
  • The securing of Data exchange flows so that they cannot be exploited by an unauthorised third party.
  • Historicisation of activities on the computer system: the elements monitored are listed with an indication of their retention period (at least one year unless there are regulatory constraints).
  • Protection of IT environments with up-to-date antivirus software (programs and virus signatures).
  • Secure destruction of data carriers at the end of their life or before their reuse.
  • The implementation of control procedures to ensure the level of security, the results of which the Client may request to receive and the corresponding action plans, provided that they do not contain any confidential information that REGATE must keep secret (e.g. penetration tests, vulnerability scans, security audits, etc.).

REGATE is responsible for determining the said measures and for transmitting them to the Client at the latest at the conclusion of the Contract and at any time upon request by the Client, or in the event of a change in its security policy.
REGATE, in its capacity as a professional in the field of performance of the Services, retains a general obligation to advise and warn about all these measures.

7. Audit

At the Client's request, REGATE will make available to it the information strictly necessary and relating to the technical and organisational means for the verification of the activities covered by these clauses.
In any case, such verification :

  • shall be carried out by an inspection body composed of independent members with the required professional qualifications, bound by an obligation of confidentiality, not belonging to a company directly competing with Regate and chosen by mutual agreement between the Customer and Regate;
  • shall be limited to once a year;
  • the scope shall be limited to Customer Data and so may not contain or disclose any information relating to Regate’s intellectual property rights or know-how;
  • shall be carried out at the exclusive expense of the Customer.

The Client shall inform REGATE of the start of the audit with at least one month's notice. If compliance problems are revealed, they will be studied in the framework of a contradictory review in order to decide on the necessary corrective actions. REGATE will take the necessary measures to ensure compliance. The latter shall be carried out within a reasonable period of time agreed with the Client and shall give rise to the production of a signed document demonstrating compliance. In the meantime, depending on the seriousness of the shortcomings observed, the Processing may be suspended and will not be invoiced for this time of unavailability. In the event that, in the absence of elements that can justify it, REGATE does not authorise the verification, does not undertake any compliance work or does not devote the necessary resources to its completion, the Client reserves the right to immediately suspend the Processing of Data by REGATE. Such unjustified refusal shall constitute a cause for termination of the Contract.

8. Subsequent subcontracting

REGATE may use one or more Subcontractors for Processing operations in the context of the Services and shall inform the Client in advance. A list of REGATE's current Subcontractors at the date of signature of this Contract is given to the Client in Appendix 4A.
In this case, REGATE undertakes to :

  • Make its Sub-Processor responsible for all obligations required to ensure that the confidentiality, security and integrity of the Data are respected, and that said Data may only be processed on the instructions of the Controller, are not transferred or leased to a third party free of charge or otherwise, or used for purposes other than those defined by the Customer;
  • Enable the Customer to access the description of the essential elements of the contract concluded by his/her/its Processor, including the implementation of the technical and organisational obligations relating to the protection of personal data,
  • Inform the Customer in writing of any plans to add or replace Data Processors in order to enable the Customer to object to these changes. Any such objections shall remain reasonable and be made within ten (10) business days of receipt of the information. The Data Processor must take due account of said objection. If the Customer still refuses the Data Processor, the Data Processor shall be entitled to terminate the Contract subject to one (1) month’s prior notice and at no cost to Regate.
  • Make available to the Customer the list of entities (or individuals) to which it subcontracts all or part of the Processing carried out under the Contract, specifying the processing concerned.

Where its Sub-Processors fail to fulfil their Data Protection obligations, Regate shall remain fully liable to the Customer and undertake to take all necessary measures to remedy said failure.

9. Support from REGATE

9.1 Rights of persons

Regate undertakes to enable the Customer to fulfil his/her/its legal obligations relating to compliance with the rights of individuals whose Data is subject to Processing under the Contract, namely:

  • right of access: the Data available to Regate must be extracted in a readable format,
  • right to rectification or deletion, for which a certificate of performance may be requested,
  • right to Data portability,
  • right to restrict the Processing.

If Regate receives, directly or through a Data Processor, a request relating to the rights referred to above, it undertakes to send the request to the Customer without delay and at most within one week of receiving said request and not to reply to it.

Regate undertakes to provide reasonable assistance to the Customer in the event that:

  • the implementation of Processing would require the prior completion of an impact study,
  • the risks revealed by the impact study require consultation with the inspection authority.

To exercise your rights, please write to Regate - 17 rue Saint Fiacre - 75002 Paris (France) indicating your name, first name, e-mail address, or by e-mail: We have a period of 30 working days from receipt of your request to reply. Some binding requests may take longer, in which case the deadline will be extended and you will be informed. If you feel that your rights are not being respected, you may also file a complaint with the Commission Nationale de l'Informatique et Libertés (CNIL) 3 Place de Fontenoy - TSA 80715 - 75334 PARIS CEDEX 07 or via the website:

10. Data Restitution

In any case, and unless it can prove that doing so is forbidden by law, Regate must, within two (2) months of the effective end of provision of the Services, prove that said data has been destroyed. Until said two-month period expires, the Customer shall have access to the data available on the Platform.

11. Judicial or administrative requisition

Regate undertakes to inform the Customer of any judicial or administrative authority request, as soon as possible after said request, for the transmission or consultation of the Data and provided that Regate is not legally prohibited from informing [the Customer].

12. Security incidents

Regate undertakes to implement and maintain procedures to detect security incidents affecting the Processing. In the event that an incident constituting a Data Breach is detected, Regate undertakes to inform the Customer within forty-eight (48) hours of its detection.Regate undertakes to conduct all necessary investigations into the circumstances that have allowed, where applicable, such a Breach in order to remedy it without delay and to minimise the consequences for the individuals whose Data is affected. Regate undertakes to actively cooperate with the Customer so that it is able to meet its regulatory and contractual obligations following such Breach. It is the Customer’s sole responsibility, as Controller, to report any Data Breach to the competent inspection authority and, where applicable, to the data subjects.

13. Maintenance of Treatment Records

Each of the Parties undertakes to keep a register of all processing carried out under this Contract pursuant to Article 30 of Regulation (EU) 2016/679 of 27 April 2016.To this end, the Customer and/or his/her/its Beneficiary Companies, which shall be understood to mean Data Controllers, undertake(s) to provide Regate with the information required to properly maintain its Data Processor register, including the following elements:

  • Name(s) and contact details of the Data Controller(s)
  • Name(s) and contact details of the representative(s) of the Data Controller(s)
  • Name(s) and contact details of the personal data protection officer(s)
  • In the event of Data Transfer(s) to a Third Country or an international organisation, the identity of said Country or organisation,

Regate is responsible for providing the other information required by the GDPR, i.e., the category of processing performed for each Data Controller and the general description of the technical and organisational security measures implemented;The Parties shall inform each other of any changes to the Processing performed in the context of this Contract, including, but not limited to, if the purposes of the Processing or the technical and organisational security measures implemented change. The Parties mutually undertake to make available to the parties, upon request and within a reasonable time, their register of processing operations concerning the Processing performed in the context of this Contract.

14. Obligations of the Customer

The Customer undertakes to do the following:

  • Provide REGATE with the Data covered by the contract;
  • Document in writing any instructions regarding the processing of Data by REGATE and ensure that such documented instructions always comply with the provisions of the GDPR;
  • To collect Data fairly and lawfully, in accordance with the provisions of the GDPR and in particular to ensure the consent of the data subjects and to provide information to the data subjects of the processing operations at the time of collection of the Data;
  • To ensure, beforehand and throughout the processing, that REGATE complies with the obligations laid down in the RGPD;
  • To supervise the processing, including carrying out audits and inspections of REGATE as provided for herein.

Annex 2.A - Management of personal data by Regate as a processor

Nature of the Processing operations

Automated management of company accounts :

  • Automated supplier invoice management and payment
  • Automated expense report management and reimbursement

Description of processing operations:

  • Workflow for creating administrator and user accounts (vendors/suppliers; buyers/customers);
  • Acquisition workflow: (i) supplier invoices (including credit notes); (ii) expense reports;
  • Allocation, recording and allocation workflow for: (i) supplier invoices (including credit notes); (ii) expense reports
  • Approval and payment workflow for: (i) supplier invoices; approval and refund workflow; (ii) expense reports
  • Traceability (reports and searches) of Administrator and User workflow actions (vendor/suppliers; customers/buyers);
Categories of Personal Data Processed by REGATE

Data of the Platform’s Users

  • Identification data
  • Business data
  • Connection data

Specific connection data: logs

Data relating to the data subjects (employees or otherwise) in the context of expense reports

  • Identification data
  • Business data
  • Connection data
  • Economic and financial data (IBAN)
Categories of Persons

Users as defined in Appendix 1
Employees or officers of the Customer with director or user status

Directors or External Users (accountant or chartered accountant, or others) acting on behalf of or for the Customer purchasing goods, products or services from the invoicing supplier

Directors or External Users (accountant, or chartered accountant, or others): acting in the name of or on behalf of the supplier seller, biller

Employees (executives or non-executives, including TNS) or managers of the customer, with administrator or user status, in charge of all or part of the processing operations related to the expense reports

Duration of use and archiving of Personal

Platform Users' data: Data kept for the duration of the services, or as the case may be, of the contract(s) and legal conditions of services agreed with the Clients

Specific connection data: Retention for a common period of 5 years from the end of the accounting year concerned

Data relating to the persons concerned (employees or not) in the context of expense claims: Data kept for the duration of the services, or as the case may be, of the contract(s) and legal conditions of services agreed with the Clients

Names of subcontractors engaged by REGATE
Names of subcontractors engaged by REGATE
Countries in which the Treatments take place



Budget Insight