The General Terms and Conditions of Service (“General Terms and Conditions of Services in SaaS mode”) apply to the services provided by Regate SAS to the Customers who order the service or whose name appears on the Purchase Order. Please read these terms and conditions of service carefully. By subscribing to our services, you declare that you have read and accepted without reservation the latest version of this Contract. The services are solely for professional use by persons over 18 years of age.
Capitalised terms used in this document and in the annexes have the meaning stated in Annex I.
The purpose of this Contract is to set out the conditions under which REGATE (i) provides access to its Platform hosting the Solution whose Modules desired by the Customer have been the subject of an Order Form and (ii) provides the Customer with the Services described herein and subscribed to in the corresponding Order Forms.
The stipulations herein shall apply to each Order Form and shall form an integral part thereof. It is expressly recalled that for the Payment Module, the applicable conditions are those of S-Money, REGATE's partner and payment service provider; REGATE being then agent of S-Money, registered with the ACPR in the Regafi Register. The conditions related to this service shall be transmitted and signed at the time of the subscription to the Payment Module.
The Contractual Documents consist of the following documents:
These General Terms and Conditions shall take effect from the effective date of the Purchase Order.
Unless the provisions state otherwise in the Purchase Orders, each such provision shall take effect from the date of signature by the last of the two Parties.
These General Terms and Conditions are entered into for an indefinite period and may be terminated by either Party at any time, by sending a registered notification letter with acknowledgement of receipt, subject to giving three (3) months’ notice. It is hereby specified that the provisions hereof shall remain in force to govern the performance of the Purchase Orders in progress and must end in any event upon expiry of the Purchase Orders. No new Purchase Orders may be subscribed to starting from the period following notification of termination, unless otherwise agreed by the Parties.
Each Purchase Order shall take effect from the effective date provided for in 4.1.2 above and shall remain in force for a minimum period of one (1) year, starting from the effective date, renewable for successive periods of the same duration, unless terminated by a registered letter with acknowledgement of receipt sent to the other Party, giving three (3) months’ notice prior to the anniversary date.
In the event of fraudulent behaviour by the Customer and/or the Customer failing to comply with the terms and conditions of use of the Platform, Regate may, before any termination procedure is implemented in accordance with Article 4.4 below, decide to suspend all or part of the Services if the Customer has still not complied with said obligations or remedied the breach five (5) days after Regate warns him/her/it by email.
In the event of either Party seriously or repeatedly breaching one or more of its contractual obligations and said breach remaining unremedied (if the breach can be remedied) thirty (30) calendar days after a registered letter is sent, this Contract may be terminated ipso jure by the non-defaulting Party by sending a letter to the other Party by registered letter with acknowledgement of receipt, said termination taking effect five (5) working days after said registered letter with acknowledgement of receipt is received.Breaches considered as giving rise to the right to termination include non-compliance with the confidentiality undertakings and intellectual property rights of the Solution and the provisions relating to the management of Personal Data.
The Parties agree that the Purchase Order may consist of several Services and several Modules depending on the Customer’s choices. The Purchase Orders may be terminated ipso jure in the event that one of the Parties breaches its obligations relating to said Purchase Order and does not remedy it within thirty (30) calendar days of the sending of a registered letter with acknowledgement of receipt. The events that are considered breaches specific to Purchase Orders that may result in termination include the following:
If the above-mentioned breach has not ceased, or where possible has been corrected or repaired, within thirty (30) days of notification by email to the defaulting Party, the Purchase Order may be terminated, as of right, by the other Party by sending a letter to the defaulting party by registered letter with acknowledgement of receipt, said termination taking effect five (5) working days after receipt of said registered letter with acknowledgement of receipt.
In the event of termination, each Party undertakes to destroy the Confidential Information received in the context of the Contract.Furthermore, Regate undertakes to archive and not make any use of the Customer Data processed in the context of the Contract. The Customer Data existing in the Platform on the termination date shall remain accessible to the Customer upon request during the three (3) months following the termination of the Contract and shall be archived and retained for the sole purpose of proof in the event of an inspection by an administrative or judicial authority, litigation or the Customer’s needs, for a period of five (5) years before being destroyed. It is hereby stated that prior to the termination date, and no later than three (3) months after the effective date of termination hereof, the Customer shall be responsible for retrieving all his/her/its Customer Data hosted on the Platform. Furthermore, in the event of termination of this Contract or of a Purchase Order, the Customer undertakes, immediately and without further formality, to (i) pay Regate all invoices due up to the effective expiry of the Purchase Order(s) concerned, and (ii) cease all use of the Solution, whose terms and conditions of accessibility will cease.
Before the Go Live date of the various Modules, set out in the Purchase Order, the Customer must either perform the necessary configuration services itself or entrust their performance to Regate pursuant to the provisions of the Purchase Order. The performance by Regate of these Services will require the Customer to have provided the necessary data as required by Regate.Said Services are deemed completed when the Customer first uses the Modules in live operation, after Regate has informed the Customer that provision of said Services has ended if their provision was entrusted to Regate; the use of a Module in live operation constitutes acceptance.
If the Customer has expressly so requested it in his/her/its Purchase Order, he/she/it will receive training Services to optimise the use of the Solution. The terms and conditions of the training depend on each Module to which the training relates. The details are specified in the corresponding Purchase Order.
To access the Solution, the Customer shall be provided with Administrator Codes by Regate to enable him/her/it to grant access to the Users. Access to the Service is controlled by the Customer via the “settings” section, through which the Customer alone determines the opening of each User’s rights and authorisations. The maximum number of Users, depending on the Modules and the Service Level to which the Customer subscribes, is fixed in the relevant Purchase Order. The Customer is responsible for training the Users prior to them using the Solution, on the understanding that if he/she/it so wishes, the Customer may ask Regate, as part of the provision of services, to provide training to the Users.The Customer acknowledges and agrees that all Users are solely responsible for their personal and confidential Access Codes. Under no circumstances may Regate be held liable if the Solution is used by a third party using a User’s Access Codes. In the event that the Customer becomes aware that an unauthorised person has access to the Solution following the loss, theft or misuse of a User’s Access Code, the Customer must, via his/her/its administrator code, change the relevant Access Code using the procedure provided by Regate.
From the date indicated in the relevant Order Form, the Customer has the right to access the subscribed Modules; this right is personal, non-exclusive, non-assignable, non-transferable and limited to Users. The Customer benefits from the right to access each Module subscribed to, for its own internal needs only. The Client undertakes to use, and to oblige Users to use, the Modules in accordance with these Terms and Conditions, the Limitations of the Order Form, the Documentation, REGATE's recommendations and the Payment Partner's conditions for the Payment Module.
In particular, it is forbidden to:
The Customer undertakes to inform Regate of any malfunction that may affect all or part of the Solution so that Regate can remedy said malfunction as soon as possible.
Throughout the period of this Contract, Regate shall use its best efforts to guarantee a monthly availability rate of the Solution of 99.5% [with the exception of unavailability due to a case of force majeure, an internet network problem, a Customer network problem, or scheduled maintenance operations for which Regate shall endeavour to inform the Customer with a minimum of three (3) days’ notice.
The Customer has access through the Platform, via its account, to all its Customer Data (invoices, fees or other) that have been entered into it during the current year and the previous calendar year. However, all previous Customer Data will no longer be accessible via the Platform.
The implementation of certain Modules, including the Payments Module, may require checks prior to their provision by Regate or its Partners, to take into account regulatory provisions, which the Customer accepts. Regate shall not be held liable if its Partner, including for the Payments Module, refuses to grant access to its Module after the aforementioned checks.
REGATE guarantees the compliance of the Solution Modules with the Documentation provided that the Modules are used in accordance with the Documentation and that [all technical requirements and] the Limits of Use indicated in the Order Form relating to the Modules and Service Level subscribed to, have been respected.These Modules are provided "as is" and REGATE provides no warranty other than those provided herein, in particular no warranty of uninterrupted or error-free operation or of the suitability of the Modules or the Solution for any particular need or purpose of the Customer. The Customer alone shall assess the relevance of the data and information derived directly or indirectly from the Modules or the Solution in relation to its business and shall be solely responsible for any decisions taken on this basis.
REGATE provides the Customer, according to the Service Levels subscribed to, with the Chat and Telephone Support necessary to understand and resolve the Anomalies. This support cannot be used to resolve problems related to the Internet connection, equipment or computer configuration of the Client or Users, which are their responsibility.
In the event of Anomalies affecting the operation of a Module in relation to the Documentation, the Client shall notify REGATE by opening a trouble ticket on the Platform portal or by sending a message by e-mail to the support department and REGATE shall make its best efforts to correct it or, by default, to provide a workaround as soon as possible.
The Client shall automatically benefit from any updates made by REGATE to the Modules subscribed to. On the other hand, Evolutionary Maintenance does not include the provision of new functionalities of the Modules, nor of new Modules; the Client may, however, at any time subscribe, within the framework of an Order Form, to these new features.
The provisions relating to the guarantees and maintenance support of the Payment Module are set out in Appendix 2 and provided by S-Money, it being understood that the Client will report any complaints about the Payment Module to REGATE who will pass them on to S-Money.
Regate undertakes to appoint a person who will be the sole contact person for the Customer during the period of this Contract and the Purchase Order(s). Said contact person is responsible for monitoring and resolving all incidents reported by the Customer that may occur during the execution [of the Contract and Purchase Order(s)]. Similarly, the Customer undertakes to appoint a contact person with whom Regate may discuss this Contract and the Purchase Order(s).
The Customer has knowingly chosen the Solution, taking into account the technical and functional characteristics specified in the Documentation. He/she/it undertakes to be responsible for implementing the technical prerequisites as indicated by Regate. It is hereby stated that the Parties shall cooperate in good faith throughout the period of the Contract and shall provide each other with information useful for understanding or performing their own obligations. The Customer shall be responsible for ensuring that all his/her/its Users comply with the conditions and Usage Limits of each Module applicable according to his/her/its profile and the Service Level to which he/she/it subscribes.
The Customer agrees that for the implementation of certain Modules, including the Payments Module, he/she/it may be required to send Regate up-to-date information concerning him/her/it in order to meet regulatory requirements. The Customer undertakes to provide said information on first request, as failure to provide said information may force Regate to suspend or definitively terminate the service concerning the Module concerned, simply by sending a registered letter with acknowledgement of receipt, with no compensation due to the Customer.
The Customer is liable for a specific Fee calculated according to the chosen Modules and the subscribed Service Levels. The prices are detailed in its Purchase Orders. The Customer is solely responsible for paying the Fee and for paying any taxes and/or duties relating to the performance of the Contract. The invoices are issued electronically and must be paid by bank transfer upon receipt of the invoice. The prices may be revised annually. In this case, Regate shall send the Customer, no later than four (4) months before the anniversary date of his/her/its Purchase Order, the new rates applicable for the following contractual year. If the Customer refuses its new prices, the Customer shall be free not to renew his/her/its Purchase Order and to terminate it by complying with the three-month notice period indicated in Article 4.2.2 above. Unless said Purchase Order is terminated under these conditions, the Customer shall be deemed to have accepted the revised rates and the Purchase Order shall be renewed with the new rates.
In the event of non-payment of an invoice and without requiring prior formal notice from the Customer: Late payment penalties will automatically apply to any invoice unpaid on its due date. The interest rate for said penalties shall be equal to the interest rate applied by the European Central Bank to its most recent refinancing operation (or any other rate that may replace it) plus 10 percentage points (10%) (as published on the European Central Bank’s website http://www.ecb.int); fixed compensation of forty euros (€40) for recovery costs shall also be payable, in addition to the late payment compensation. In addition, and without prejudice to the foregoing, Regate also reserves the right, at its sole discretion and without notice, to suspend access to the Solution or all or part of the Services until the corresponding invoices have been paid.
Any claim regarding the invoices must be sent in writing to Regate by the Customer within thirty (30) calendar days of the date of receipt of the invoice concerned.The Customer may not in any case suspend or defer payment of invoices even in the event of a dispute over the Services.
Regate warrants (i) that it holds all intellectual property rights to the Solution, including all graphic, sound, text and software elements, including the underlying technology, or of any other nature, comprising the Solution, subject to any modules that may have an “Open Source” licence, or (ii) that it has the right to make the Platform and the Solution accessible to the Customer.Regate grants the Customer a personal, non-exclusive, non-assignable and non-transferable right to use the Solution, throughout the period of this Contract and for the entire world. The Customer thus undertakes not to infringe Regate’s intellectual property rights and, in this respect, shall refrain from reproducing, representing, translating, modifying or disseminating, even partially, any element protected by an intellectual property right, unless expressly authorised beforehand. This Contract does not confer on the Customer any ownership right over the Solution and shall not be considered an assignment within the meaning of the French Intellectual Property Code. Any reproduction of an element of the Solution by the Customer, without the express prior authorisation of Regate, constitutes an act of piracy liable to criminal and civil proceedings. Regate agrees, at its own expense, to defend the Customer (and to assume all reasonable attorneys’ fees) against (or, if Regate so chooses, to settle by way of a settlement) any action brought by a third party against the Customer whereby all or part of the Solution [or any deliverable provided by Regate in the context of Purchase Orders], used in accordance with Regate’s instructions, would infringe an intellectual property right or other proprietary right (an “IP Action”), provided that the Customer: (a) promptly notifies Regate in writing of such IP Action, (b) leaves Regate in control and command of seeking, preparing, defending and settling the IP Action, and (c) fully assists and cooperates in the defence of such IP Action. Following notification of an IP Action or any facts that may give rise to such IP Action, Regate may, at its sole discretion and at if it so chooses, (a) obtain for the Customer the right to continue using the Solution, (b) replace the relevant Module [or deliverables], or (c) modify the relevant Module [or deliverable] so that it no longer constitutes piracy. If Regate considers that it is not commercially reasonable to implement any of these alternatives, it may automatically and ipso jure terminate the Purchase Order relating to the cause of the dispute.Regate shall in no event assume any obligations under this article or any liabilities in respect of any action or claim if the IP Action is caused by, or results from, the following: (a) the modification of a Module [or a deliverable] by a person other than Regate when the IP Action could have been avoided using the version provided by Regate, (b) the Customer’s pursuit of an alleged infringing activity after he/she/it has been informed of it or after having received modifications that would have avoided the alleged piracy, (c) the modification by Regate of the Module in accordance with the Customer’s requests, and if said modification is the cause of the piracy, or (d) the use of a version other than the most recent version of the Module when the claim or action could have been avoided by using the latest version.
All data uploaded by or on behalf of the Customer onto the Platform (trademarks, logos, copyright, Personal Data, Customer Data, etc.) and the related Customer Databases are the sole and exclusive property of the Customer. The Customer is solely responsible for the quality, legality, accuracy and relevance of the data and content that it sends in the context of the Services. The Customer grants Regate a right to use, reproduce, store and modify the data and the Customer Databases relating thereto solely for the purpose of fulfilling its obligations under the Contract and/or any Purchase Order. The Customer warrants to Regate that it holds full ownership of the data and the related Customer Databases and that it may freely grant Regate the aforementioned rights of use without any third-party authorisation or prior formality being necessary. The Customer undertakes to compensate Regate for any costs, losses or damages that the latter may incur as a result of a claim brought by a third party against Regate on the basis of all or part of the data or the related Customer Databases.
The information relating to the personal data processed by Regate in its capacity as a processor is provided in Annex 3 of this Contract.
Each of the Parties may give access to Personal Data concerning its staff and more generally any individuals, whether salaried or not, participating in its business (corporate officers, trainees, temporary workers, consultants, etc.), to the other Party for the purposes of the Contract (invoicing, business relationship management, etc.). The Party receiving said Personal Data shall act as the corresponding Data Controller and shall comply with his/her/its obligations under the Data Regulations. In this context, each Party shall be responsible for providing, on behalf of the other Party, to his/her/its personnel concerned any information relating to the Data Processing executed by said other Party in connection with the Contract.
Each Party shall be liable for the consequences of its own misconduct causing direct, certain and foreseeable damage to the other Party. In all cases except those involving personal injury, fraud or gross negligence, the Customer's overall right to compensation, per contractual year, as a result of REGATE's proven liability under these Conditions and the Purchase Orders, is strictly limited to the sums actually received by REGATE solely under the Purchase Order concerned and for the single contractual year during which the loss occurred, whatever the legal basis of the claim and the procedure used to bring it to a conclusion.
REGATE shall not be held liable for any loss suffered by the Customer in the event of :
The Customer acknowledges and accepts that REGATE has entered into the Contract on the basis of the above limitations of liability, which allocate the risk fairly between REGATE and the Customer:
The customer acknowledges and accepts that S-Money is solely responsible for the operation of the payment module and the guarantees associated with it, in accordance with the legal conditions set out in Appendix 2.
In case of force majeure, as defined by law and interpreted by the French courts, the obligations of the prevented Party shall be suspended and his/her/its liability shall not be incurred as a result. The Parties agree that events such as disruptions to the electricity and/or internet networks shall be considered as force majeure.The Party observing the event must immediately inform the other Party that he/she/it is unable to perform his/her/its obligations. The suspension of the obligations or the delay may not under any circumstances be a cause for liability for failing to execute the obligation in question, or result in the payment of damages or late penalties.Notwithstanding the above, the payment obligation may not be affected by a case of force majeure.
The Client agrees that Regate’s infrastructure, and in particular the Platform, may be subject to inspections by supervisory, administrative or judicial inspection bodies that require Customers to provide evidence of certain payments, including in the context of anti-money laundering regulations.The Customer undertakes to work with Regate and to answer any requests. Similarly, if the Customer is inspected, where applicable on the Platform operated by Regate with regard to Customer Data, Regate undertakes to work closely with the Customer and to give the auditors access to the required Customer information, subject to full disclosure from the Customer.
Under the terms of this Agreement, each of the Parties undertakes to respect a general obligation of confidentiality with regard to information obtained from the other Party. All documents and information of any nature whatsoever (commercial, technical, financial, structural, etc.) emanating from a Party, and to which the other Party will have access in the course of the performance of the Agreement, will be considered by the latter to be strictly confidential (the "Confidential Information"). The Parties shall therefore refrain from communicating to any person, directly or indirectly, all or part of the Confidential Information of any nature, which shall have been communicated to them by the other Party or of which they shall have become aware during the performance of the present Agreement. The obligation of confidentiality shall remain in force five (5) years after the termination of the present Agreement for any reason whatsoever.
Information and/or documents are not considered confidential:
The Contract is governed by French law [and the French version shall be authentic].In the event of a dispute concerning the conclusion, interpretation, performance or termination of this Contract and the Purchase Orders, the Parties hereby agree to meet in order to try to find an amicable agreement within fifteen (15) calendar days of receipt of a registered letter with request for acknowledgement of receipt sent by either of the Parties. If, at the end of this period, the Parties are unable to reach an agreement, the dispute shall be submitted to the competent courts of Paris.
By express derogation from the provisions of Article 2224 of the French Civil Code, the Parties hereby agree that any action that may be taken on the basis of a breach of a Party’s obligations shall be time-barred after a period of one (1) year starting from the date on which the other Party knew, or should have known, the facts enabling it to take said action.
the Customer expressly authorises Regate to (i) use the Customer’s names/logos/brands, in strict compliance with its house style, as a commercial reference (including Regate’s list of Customer references and public announcements on Regate’s professional social networks), (ii) produce a “Customer Success Story” Customer case study for the public, consisting of articles, slides and videos that will be published in the press, on the Internet and at Regate events, (iii) potentially participate in external events (testimonies, breakfasts, conferences, etc.) with Regate, (iv) reply to requests and take references from Regate prospects, and (v) communicate on the Customer’s decision to choose Regate as soon as this Contract is signed. This authorisation from the Customer is a material and determining condition of Regate’s consent to contract with the Customer under the financial terms and conditions set out in this Contract.
If any of the provisions of this Contract is necessarily declared invalid or unenforceable, said provision shall be amended to obtain its validity or shall be deemed unwritten but shall not render void or invalid this Contract or its other provisions. The Parties undertake to make their best efforts to replace any invalid or void clause with a new clause that comes as close as possible to the initial intention of the Parties.
The fact that Regate does not avail itself at a given time of all or part of the provisions hereof and/or tolerates a breach by the Customer of one of his/her/its obligations referred to herein may not be interpreted as any form of waiver by Regate to subsequently avail itself of one of the aforementioned provisions.
The rights and obligations under this Contract are not assignable or transferable by the Customer, whether in whole or in part, without the express written consent of Regate, which may accept or refuse said assignment or transfer. Any change of control within the Customer shall also be covered by this provision. Regate reserves the right to assign or transfer the contract to a third party of its choice, which shall be bound by all terms hereof. In the event of this Contract being assigned in accordance with this paragraph, the Customer acknowledges that Regate shall be validly released from it.
The Processor may use another processor (hereinafter the “Sub-Processor”) to perform specific processing activities. In this case, it must inform the Data Controller in writing in advance of any planned change concerning the addition or replacement of other sub-processors. When so informing the Data Controller, it must clearly indicate the subcontracted processing activities and the identity and contact details of the Sub-Processor. The Data Controller has a maximum period of thirty (30) days starting from the date of receipt of said information to present its objections. Said subcontracting may only be carried out if the Data Controller has not raised an objection within the agreed period.
Nothing herein shall create or be deemed to create a partnership, joint venture, association or principal-contractor or employer-employee relationship between the Parties.
This Contract sets out the sanctions applicable in the event of non-compliance by the Parties with their obligations and each [Party] waives any enforcement action in kind or to have the obligations of the other Party carried out.
The Customer undertakes not to hire, obtain the hiring of or obtain work for, directly or indirectly, without the prior written agreement of Regate, any employee of the latter throughout the period of this Contract and up to one (1) year after the termination of the contractual relationship defined herein.In the event of a breach of the provisions of this article, the Customer is required to pay Regate a lump sum equal to twenty-four (24) months of gross monthly pay of the individual in question.
Means the person named by the Customer in the Purchase Order, who is by default the Customer’s main point of contact. He/she centralises all communication between the Customer and Regate regarding the operational aspects of the Service.
Means any reproducible malfunction or non-conformity of a Module relative to the Documentation while the Module is used in accordance with its Documentation (excluding anomalies resulting from an action by the Customer).
Means any Anomaly that causes a Module to stop or be completely unavailable.
Means any Anomaly that causes an essential function of a Module to stop or be completely unavailable.
Means any Anomaly that does not significantly affect the use of a Module.
Means the document specifying the Modules chosen by the Customer and the associated Services and all the terms and conditions useful for the proper execution of the order.
Means, together, the unique identifier and password allowing the Customer or User to access the Solution.
Payment account associated with an IBAN opened in the books of the Payment Partner in the Customer’s name
Means the documentation relating to each Module, available online or on physical media and describing the characteristics, functionalities and Limits of Use of each Module. The Documentation serves as a baseline for determining the compliance of a Module.
Means any of the Customer’s digital data processed by the Solution. These may be invoices or expenses, for example
Has the meaning given to it in Article 4 of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of individuals with regard to the processing of personal data and the free movement of said data.
Means the European Economic Area comprising, at the date of the Contract, the European Union, Norway, Iceland and Liechtenstein.
Usage restrictions applicable to each Module and dependent on the Customer Profile and Service Level subscribed to by the Customer. Depending on the Modules, these Usage Limits may relate to the number of Users, the number of invoices, the number of entities, etc.
Means the corrective maintenance and support service, the cost of which is included in the Fee.
Means the date starting from which each Module is available online for the use of the Customer’s Users.
Means, at the date of signature of the Contract, the Supplier Invoices Module, the Payments Module and the Expense Reports Module and any new Module that may be proposed by Regate in the future in the context of this Contract. Each Module is a component of the Solution.
Means the module used to receive, read, record and obtain payment authorisation for supplier invoices.
Means the module used to pay supplier invoices on the Platform with the Payment Partner of Regate, Smoney, at the date of signature of this Contract. This Module is subject to the Smoney legal terms and conditions set out in Annex 2.
Means the Module used to submit and approve the expense reports of the Customer’s employees.
Service level category provided by Regate. The content of the Services varies depending on the Level subscribed to as indicated in the Purchase Order
Banking partner, Payments Module supplier
Means any individual (customer, employee, service provider, supplier, etc.) whose Personal Data is liable to undergo Processing in the context of the Contract.
Means the Regate infrastructure (hardware and software) that includes the Solution accessible by the Customer in SaaS mode.
What Regate is due to provide to the Customer under the Purchase Orders, namely, access to the Modules and Services ordered.
Type of Customer that receives different Services because of its Profile.
TO BE DEFINED
TO BE DEFINED
Means the sum owed by the Customer to Regate in return for the right to benefit from the Solution. The Fee depends on each Module comprising the Solution and the Service Level subscribed to by the Customer. It is invoiced and due for settlement under the terms and conditions set out in the relevant Purchase Order.
Means the regulations applicable to the use of Personal Data, resulting from Regulation (EU) 2016/679 on the protection of individuals with regard to the processing of personal data and on the free movement of said data (the “GDPR”) and Law no. 78-17 of 6 January 1978 on information technology, files and liberties as well as any regulations intended to supplement or replace it. All terms not defined in this Contract but which are contained or referred to in the GDPR shall be deemed to have the meaning given to them in said GDPR.
Refers to the services provided by REGATE and related to the Solution. The Platform Hosting and Solution Maintenance Services are included in the Fee for each Module, depending on the Service Level subscribed to.
Configuration, training or other services are subject to an Order Form and may be invoiced in addition to the Modules.
Refers to the computer program installed on the Platform, consisting of one or more Modules.
The composition of the Solution chosen by the Client is detailed in the Order Form.
Support available, regardless of the Service Level subscribed by the Customer, via the service desk portal of the Platform open Monday–Friday between 9am and 6pm.
Support available Monday–Friday between 9am and 6pm on the number provided, depending on the Service Level subscribed to by the Customer.
Has the meaning given to it in Article 4 of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of individuals with regard to the processing of personal data and the free movement of said data.
Means transferring or giving access to Personal Data, including simply making it available, from the territory of an EEA country to a country located outside the EEA.
Means the individual authorised by the Customer to benefit from access to all or part of the Solution for the internal needs of the Customer’s company. A user may be an employee, agent or consultant acting on behalf of the Customer, as well as, where applicable, a third-party consultant, accountant or chartered accountant or any third-party authority in the context of an inspection for example.
In the context of the performance of this Contract, the Customer is a “Data Controller” and Regate is a “Data Processor” within the meaning of the GDPR, involved in the implementation of the processing of personal data on behalf of the Customer [and the Beneficiary Companies].
By virtue of its location, the Parties are subject to European regulations on the protection of personal data:
The Processor declares that it has been informed of its obligation to provide guarantees relating in particular to the security, confidentiality and transfer of the personal data it processes in connection with the Services, and undertakes to entrust the Processing solely to personnel subject to a confidentiality obligation, which the Customer may ask it to justify, if the nature of the Processing or the criticality of the Data processed so requires.
The terms "Data, Personal Data", "Processor", "Data Processor", "Data Processing", refer to the definitions in the GDPR.For the purposes of this clause, the following terms are contractually defined below:
Means the transmission of Data from an EU or EEA member country to a third country or access to Data located in an EU or EEA member country from a third country (e.g. remote access to a database located in Europe);
Refers to the European Union;
Refers to a country that does not belong to the EU or the EEA;
Refers to a decision adopted by the European Commission which establishes that a third country ensures an adequate level of protection of personal data by virtue of its domestic legislation or international commitments;
Means a breach of security resulting in the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of or access to personal data transmitted, stored or otherwise processed; (i) network mapping operations such as pinging, unsuccessful or blocked access attempts on firewalls or border servers and port scans, (ii) unsuccessful or blocked connection attempts, (iii) denial of service attacks, (iv) passive or active eavesdropping on flows or encrypted data on the networks, (v) blocked or unsuccessful attempts to exploit technical or application vulnerabilities.
In the context of the Services covered by the Contract, REGATE, acting as a Subcontractor on behalf of the Data Processors, carries out Processing of Personal Data subject to the GDPR.
Each of the Processing operations must be identifiable with regard to its purpose, duration, nature, purpose, type of Data and categories of data subjects. The required detail is provided by means of Annex 7A which the Client, and REGATE undertakes to follow the documented instructions of the Client.
The Processing is defined by the Client in its capacity as Data Controller. The Subcontractor shall only act in accordance with the documented instructions of the Client
The Processing carried out by REGATE shall be exclusively that required for the performance of the Services provided for in the Contract, any other use of the Data being prohibited without the express and prior agreement of the Client, without which any use of the Data shall constitute a misappropriation of personal data within the meaning of Article 226-21 of the French Penal Code engaging the contractual and criminal liability of REGATE.
In this context, REGATE undertakes to allow the Client to fulfil its legal obligations in relation to the respect of the rights of the persons concerned, in particular those listed in article 12.9.1 "rights of persons" and to keep and present any documentation that the Client may request in order to comply with the rights of the persons concerned.
REGATE also undertakes to inform the Client if it considers that the instructions issued by the Client are incompatible with the legal provisions on personal data.
The Client undertakes to transmit to REGATE only Data that has been pseudonymised beforehand.
The Parties agree that REGATE shall never be held liable if the Client transmits non-pseudonymised data.
The Data Processing must be carried out exclusively within the EU or the EEA.
As an exception, and if the performance of the Service justifies it, Processing outside the EU/EEA may be carried out upon prior written information from the Client.
In any event, REGATE acknowledges that such transfers outside the EU/EEA are only possible if they meet one of the following conditions:
In this case, the Parties incorporate the Standard Contractual Clauses, which they undertake to ratify prior to the implementation of the Processing concerned, by reference to the Contract.
Regate shall implement organisational and technical measures that fit the nature, scope, context and purpose of the Processing and the probability and severity of the risks run for the rights and liberties of the individuals if the Data is destroyed, lost, altered or disclosed or illegally accessed, in order to ensure the physical and logical security of the Data, in accordance with the highest of the following standards:
The security measures shall guarantee the confidentiality, integrity, availability of the Data, traceability of access, at all times and include in particular:
REGATE is responsible for determining the said measures and for transmitting them to the Client at the latest at the conclusion of the Contract and at any time upon request by the Client, or in the event of a change in its security policy.
REGATE, in its capacity as a professional in the field of performance of the Services, retains a general obligation to advise and warn about all these measures.
At the Client's request, REGATE will make available to it the information strictly necessary and relating to the technical and organisational means for the verification of the activities covered by these clauses.
In any case, such verification :
The Client shall inform REGATE of the start of the audit with at least one month's notice. If compliance problems are revealed, they will be studied in the framework of a contradictory review in order to decide on the necessary corrective actions. REGATE will take the necessary measures to ensure compliance. The latter shall be carried out within a reasonable period of time agreed with the Client and shall give rise to the production of a signed document demonstrating compliance. In the meantime, depending on the seriousness of the shortcomings observed, the Processing may be suspended and will not be invoiced for this time of unavailability. In the event that, in the absence of elements that can justify it, REGATE does not authorise the verification, does not undertake any compliance work or does not devote the necessary resources to its completion, the Client reserves the right to immediately suspend the Processing of Data by REGATE. Such unjustified refusal shall constitute a cause for termination of the Contract.
REGATE may use one or more Subcontractors for Processing operations in the context of the Services and shall inform the Client in advance. A list of REGATE's current Subcontractors at the date of signature of this Contract is given to the Client in Appendix 4A.
In this case, REGATE undertakes to :
Where its Sub-Processors fail to fulfil their Data Protection obligations, Regate shall remain fully liable to the Customer and undertake to take all necessary measures to remedy said failure.
Regate undertakes to enable the Customer to fulfil his/her/its legal obligations relating to compliance with the rights of individuals whose Data is subject to Processing under the Contract, namely:
If Regate receives, directly or through a Data Processor, a request relating to the rights referred to above, it undertakes to send the request to the Customer without delay and at most within one week of receiving said request and not to reply to it.
Regate undertakes to provide reasonable assistance to the Customer in the event that:
To exercise your rights, please write to Regate - 17 rue Saint Fiacre - 75002 Paris (France) indicating your name, first name, e-mail address, or by e-mail: privacy@regate.io.Vos. We have a period of 30 working days from receipt of your request to reply. Some binding requests may take longer, in which case the deadline will be extended and you will be informed. If you feel that your rights are not being respected, you may also file a complaint with the Commission Nationale de l'Informatique et Libertés (CNIL) 3 Place de Fontenoy - TSA 80715 - 75334 PARIS CEDEX 07 or via the website: www.cnil.fr
In any case, and unless it can prove that doing so is forbidden by law, Regate must, within two (2) months of the effective end of provision of the Services, prove that said data has been destroyed. Until said two-month period expires, the Customer shall have access to the data available on the Platform.
Regate undertakes to inform the Customer of any judicial or administrative authority request, as soon as possible after said request, for the transmission or consultation of the Data and provided that Regate is not legally prohibited from informing [the Customer].
Regate undertakes to implement and maintain procedures to detect security incidents affecting the Processing. In the event that an incident constituting a Data Breach is detected, Regate undertakes to inform the Customer within forty-eight (48) hours of its detection.Regate undertakes to conduct all necessary investigations into the circumstances that have allowed, where applicable, such a Breach in order to remedy it without delay and to minimise the consequences for the individuals whose Data is affected. Regate undertakes to actively cooperate with the Customer so that it is able to meet its regulatory and contractual obligations following such Breach. It is the Customer’s sole responsibility, as Controller, to report any Data Breach to the competent inspection authority and, where applicable, to the data subjects.
Each of the Parties undertakes to keep a register of all processing carried out under this Contract pursuant to Article 30 of Regulation (EU) 2016/679 of 27 April 2016.To this end, the Customer and/or his/her/its Beneficiary Companies, which shall be understood to mean Data Controllers, undertake(s) to provide Regate with the information required to properly maintain its Data Processor register, including the following elements:
Regate is responsible for providing the other information required by the GDPR, i.e., the category of processing performed for each Data Controller and the general description of the technical and organisational security measures implemented;The Parties shall inform each other of any changes to the Processing performed in the context of this Contract, including, but not limited to, if the purposes of the Processing or the technical and organisational security measures implemented change. The Parties mutually undertake to make available to the parties, upon request and within a reasonable time, their register of processing operations concerning the Processing performed in the context of this Contract.
The Customer undertakes to do the following:
Automated management of company accounts :
Description of processing operations:
Data of the Platform’s Users
Specific connection data: logs
Data relating to the data subjects (employees or otherwise) in the context of expense reports
Users as defined in Appendix 1
Or
Employees or officers of the Customer with director or user status
Directors or External Users (accountant or chartered accountant, or others) acting on behalf of or for the Customer purchasing goods, products or services from the invoicing supplier
Directors or External Users (accountant, or chartered accountant, or others): acting in the name of or on behalf of the supplier seller, biller
Employees (executives or non-executives, including TNS) or managers of the customer, with administrator or user status, in charge of all or part of the processing operations related to the expense reports
Platform Users' data: Data kept for the duration of the services, or as the case may be, of the contract(s) and legal conditions of services agreed with the Clients
Specific connection data: Retention for a common period of 5 years from the end of the accounting year concerned
Data relating to the persons concerned (employees or not) in the context of expense claims: Data kept for the duration of the services, or as the case may be, of the contract(s) and legal conditions of services agreed with the Clients
Smoney
France
Budget Insight
France
Mindee
France
