GENERAL TERMS AND CONDITIONS OF USE OF TAIGA SERVICES APPLICABLE FROM May, the 25th 2018
DEFINITIONS
In these general terms and conditions of use, the following expressions will have the meaning given to them below: • GTCU: means these general terms and conditions of use applicable to the Services.
• Personal Data: means any information relating to an identified or identifiable natural person; an identifiable person is one who can be identified, directly or indirectly, in particular by reference to an identification number or to one or more factors specific to the physical, physiological, mental, economic, cultural or social identity of that person.
• Identifier: means the personal identifier associated with the User’s account as well as any confidential code or password issued to the User by TAIGA and subsequently changed by the User, with which the User can identify himself or herself in order to access the Services.
• Personal Data Regulations: means jointly Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 applicable as from 25 May 2018 (hereinafter, “the General Data Protection Regulation”) and the French Data Protection Act (the “Computing and Freedoms Act”) no. 78-17 of 6 January 1978, as amended by Act no. 2004-801 of 6 August 2004.
• Parties: means jointly TAIGA and the User.
• Services: means all TAIGA software applications made available to a TAIGA Client and to all users designated by the latter for drawing up accounting and/or financial analyses and financial projections and for carrying out dunning activities in relation to unpaid debts.
• Website: means the website www.taiga-cm.com and, in particular, all software solutions accessible from that site or directly through addresses whose suffix is always XXXX.taiga-cm.com.
• User: means any natural person who uses the Website and accesses the Services offered by TAIGA through the Website.
Unless otherwise stated in the GTCU:
• Where a word or phrase has a defined meaning, any other form of that word or phrase has a corresponding meaning;
• Words in the singular include the plural and vice versa;
• Any reference to a document, standard, legislative provision, code or any other document includes any modification or updating of that document, standard, legislative provision or code;
• If a period of time is specified and refers back to a specific day or to the day of acceptance of these GTCU, that period of time must be calculated as including that day.
LEGAL NOTICES
TAIGA Services are operated by TAIGA CM, a société par actions simplifiée with a share capital of €73,714, entered in the NANTERRE Trade and Companies Register under number 512 149 105, with registered office at 114 Avenue Charles de Gaulle 92200 Neuilly-sur-Seine, France, and VAT number FR16512149105.
Publication manager: Sarl McDeer, President.
Hosting Service Provider: OVH SAS with a share capital of €10,069,020, entered on the Lille Métropole Trade and Companies Register under number 424 761 419 00045, 2 Rue Kellermann 59000 Roubaix, France.
PURPOSE OF THE GTCU AND CURRENT VERSION
The purpose of these GTCU is to set out the terms and conditions under which Users may access and use the Services.
Any Users who access the Services offered by TAIGA agree to comply unreservedly with these GTCU, which may, where applicable, be supplemented by Special Terms and Conditions of Use. Users are notified of these GTCU for prior express acceptance before they use the Services.
If Users do not agree with all or part of the GTCU, they are strongly advised not to use the Website and Services.
TAIGA is free to modify these GTCU at any time in order to take account of any legal, regulatory and/or technical developments or developments in case law. The current version is the version available online at the following address: https://taiga-cm.com. The same applies to any Special Terms and Conditions of Use accessible online at the address of the Services. All Users are therefore required to refer to the version accessible online on the date on which they access and use the Services.
Users are expressly informed that the only authentic version of the GTCU of the Services is the version available online on the Website, which they acknowledge and unreservedly accept and to which they agree to refer systematically each time they connect.
CAPACITY
Use of the Services is reserved for natural person Users who are designated by their employer through a contract signed between TAIGA CM and that employer.
INFORMATION, RESPONSBILITIES AND GUARANTEES RELATING TO MEANS OF ACCESS TO SERVICES
TAIGA puts in place the necessary means for ensuring that the Services work correctly. TAIGA takes the necessary measures to maintain continuity and quality of the Services according to agreements entered into between the User’s representative and TAIGA.
TAIGA cannot be held responsible for disruptions to the internet due to force majeure events as defined by the case law of the French Supreme Court or due to planned maintenance of the Services by TAIGA. Likewise, TAIGA cannot
be held responsible for the installation and operation of the terminals used by the User to access the Services where these are not supplied by TAIGA.
The transfer rates and response times for information travelling from the TAIGA platform to the internet are not guaranteed by TAIGA. Users acknowledge that information transmission speed does not depend on the Services offered by TAIGA but is determined by the characteristics inherent in electronic communication networks and by the technical characteristics of the method of connection used (cable, ADSL, 3G, 4G, etc.) as well as by the User’s internet access.
TAIGA cannot be held responsible under any circumstances for any indirect damage suffered by Users when using the Services. Damage is considered to be indirect where it does not originate exclusively and directly from the failure of TAIGA Services.
PRIOR INFORMATION ABOUT SERVICES
The Website offers the possibility for Users to use the various software solutions offered through a contract existing between their employer and TAIGA.
The employer alone is responsible for the cost of the equipment (computer, telephone, software, means of electronic communication) required to access and use the Services and for the electronic communication costs (telephone costs, internet access costs) resulting from the use of such equipment.
SERVICES
In accordance with a contract drawn up between the employer company and TAIGA, Users are provided with information enabling them to access the services made available by their employer when connecting for the first time. Users must change their password on the first connection.
Users alone are responsible for the use of their Identifiers, even if they pre-save their Identifier on their computer, mobile phone or on any other type of device thus allowing automatic connection to the Services.
Any access, use of Services and transmission of data made from a User’s account will be deemed to have been made by that User. Users alone are responsible for ensuring the confidentiality of their Identifiers. Users are therefore required to ensure that they properly disconnect from the Services at the end of each session and, in particular, when accessing the Services from a public computer. Users alone are responsible for any loss, misuse or unauthorised use of their Identifiers and for any resulting consequences. In all of the cases mentioned above, Users must notify TAIGA immediately, stating their Identifiers, last name and first names, by emailing the following address: contact@taiga-cm.com, so that TAIGA can reset the User account.
Users may change their login details at any time by contacting their employer directly or by emailing TAIGA at: contact@taiga-cm.com,
THIRD PARTY WEBSITES
If the Services contain hypertext links to websites published by third parties (hereinafter “Third Party Websites”) over which TAIGA has no control, TAIGA assumes no responsibility for the content of those Third Party Websites or the content to which they may link. The presence of hypertext links to Third Party Websites does not mean that TAIGA in any way endorses the content of those sites. TAIGA is not responsible for any modification or updating of Third Party Websites. TAIGA is not responsible for the transmission of information from Third Party Websites or for the incorrect operation of those sites.
INTELLECTUAL PROPERTY
TAIGA Services and all constituent elements are, unless otherwise specified, the exclusive property of TAIGA. Users cannot use any trademarks or logos belonging to TAIGA without the latter’s prior written consent.
Therefore, in accordance with the French Intellectual Property Code and with the laws and regulations enacted in any countries and with international conventions, any alteration, reproduction, distribution or representation, in whole or in part, of TAIGA Services or of any constituent element thereof is prohibited. Users are prohibited, in particular, from adapting, arranging, modifying, correcting, combining, translating into any languages, placing on the market, free of charge or in return for payment, or marketing all or part of the Services provided by TAIGA or any constituent element thereof by any means and on any medium. Nothing contained in these GTCU can be construed as an assignment of intellectual property rights, whether by implication or otherwise.
PERSONAL DATA PROTECTION
PERSONAL DATA RELATING TO THE USER
TAIGA expressly invites Users to consult its Personal Data Protection Policy, which forms an integral part of these GTCU.
COLLECTION & ORIGIN OF DATA
All data concerning Users is collected directly from their manager or from Users themselves.
Data can also be collected through the accounting statements provided by Clients using TAIGA applications.
TAIGA undertakes to obtain the consent of its Users and/or to enable them to object to the use of their data for certain purposes, whenever this is necessary.
In all cases, Users are informed of the purposes for which their data is collected through this charter.
PURPOSE OF DATA COLLECTION
1. Need to collect data
Certain data is required for identifying users when connecting and using TAIGA applications. In this case, TAIGA acts as the Controller.
Other data is collected through the integration of accounting and/or financial data operated by TAIGA or directly by its clients in TAIGA applications. In this latter case, TAIGA acts as the Processor.
2. Purposes
Users’ Personal Data is collected so as to enable them to connect to TAIGA applications. Data will also be collected so as to enable Users to use TAIGA solutions, to carry out dunning activities in relation to unpaid invoices, or to process a company’s accounting data in order to draw up actual or projected financial statements or financial analyses.
TAIGA Users are informed of the mandatory or optional nature of the personal data requested and the possible consequences of a failure to reply at the time their data is collected.
TYPES OF DATA PROCESSED
As Processor, TAIGA is required to process personal data to enable the drawing up of financial or accounting statements, accounting or financial analyses, or to carry out dunning activities in relation to unpaid debts.
TAIGA is required to process personal data, in its capacity as Controller, to allow browsing on its software applications, connection data and use of the Website or to prevent and combat computer fraud (spamming, hacking, etc.).
TAIGA may also process personal data
-for the creation of databases for direct marketing purposes, but the source of which is only professional data published by the author in public social networks,
-by the hardware used for browsing, the IP address, password (hashed) — to improve browsing on software applications,
-by professional email addresses — to run communication campaigns (email): telephone number, email address,
The data processed is mainly professional data (email address, telephone, accounting data, where applicable).
NON-DISCLOSURE OF PERSONAL DATA
The User’s Personal Data will not be transmitted to commercial parties or advertisers.
The User’s Personal Data may be processed by TAIGA’s subsidiaries and subcontractors (service providers), which are themselves compliant with current data protection regulations, while fully observing the principle established above, exclusively in order to achieve the purposes of this policy.
Within the limits of their respective powers and for the purposes mentioned above, the main persons having access to the data of TAIGA Users are solely clients falling within the category of “users”.
In addition, TAIGA uses a data host in accordance with the General Data Protection Regulation.
PERIOD FOR WHICH DATA IS STORED
We keep your data only for as long as is necessary for the purposes for which it was collected, in accordance with legal requirements.
USER RIGHTS
Whenever TAIGA processes Personal Data, TAIGA takes all reasonable steps to ensure that Personal Data is accurate having regard to the purposes for which it is processed by TAIGA.
In accordance with current European regulations, TAIGA Users enjoy the following rights: right of access (Article 15 of the GDPR); right to rectification (Article 16 of the GDPR); right to have data updated and incomplete data completed; right of blocking or erasure of personal data (Article 17 of the GDPR), where it is inaccurate, incomplete, ambiguous or out of date or where the collection, use, communication or storage of such data is prohibited; right to withdraw consent at any time (Article 13(2)(c) of the GDPR); right to restriction of processing of data (Article 18 of the GDPR); right to object to the processing of data (Article 21 of the GDPR); right to the portability of data provided by Users, where such data is subject to automated processing based on their consent or on a contract (Article 20 of the GDPR); right to define what happens to their data after their death and to stipulate that TAIGA must (or must not) communicate their data to a third party whom they have previously designated.
As soon as TAIGA becomes aware of a User’s death and in the absence of instructions from that User, TAIGA undertakes to destroy his or her data, unless the retention of such data is necessary for evidential purposes or to fulfil a legal obligation.
If Users want to know how TAIGA uses their Personal Data, or to ask TAIGA to rectify their data or to object to the processing of their data, they may contact TAIGA in writing at the following address: TAIGA – DPD, 114 Avenue Charles De Gaulle, 92200 Neuilly-sur-Seine, France, or by email at dataprivacy@taiga-cm.com. In this case, Users must indicate the Personal Data that they would like TAIGA to correct, update or delete and identify themselves by furnishing a copy of an identity document (identity card or passport). Any requests for erasure of Personal Data will be subject to the obligations imposed on TAIGA by law, particularly with respect to the retention or archiving of documents. Finally, TAIGA Users may lodge a complaint with the supervisory authorities and, specifically, with the CNIL (https://www.cnil.fr/fr/plaintes).
SOCIAL MEDIA
TAIGA Users can click on the icons corresponding to the social networks Twitter, Facebook, LinkedIn and Google Plus on the TAIGA Website.
Social networks help to improve interaction on the Website and to promote the Website through sharing. Video sharing services enrich the TAIGA Website with video content and increase its visibility.
When Users click on these buttons, TAIGA will be able to access the personal information that the User has indicated as public and accessible from their Twitter, Facebook, LinkedIn and Google Plus profiles. However, TAIGA does not create or use any database independent from Twitter, Facebook, LinkedIn and Google Plus using the personal information that Users may publish on those networks and TAIGA will not process any data relating to their private life in this way.
If Users do not wish TAIGA to have access to personal information published on the public space of their profiles or social media accounts, they must use the functionalities provided by Twitter, Facebook, LinkedIn and Google Plus to restrict access to their data.
SECURITY
TAIGA adopts all technical and organisational measures necessary to ensure the security of personal data processing and the confidentiality of Personal Data.
Accordingly, TAIGA takes all useful precautions, having regard to the nature of the data and to the risks presented by the processing, in order to preserve the security of data and, in particular, to prevent data from being distorted or damaged or to prevent unauthorised third parties from accessing that data (physical protection of the premises, authentication procedures involving personal and secure access via confidential IDs and passwords, logging of connections, encryption of certain data, etc.).
PERSONAL INFORMATION AND MINORS
In principle, the Website and the Software Applications are intended for adults capable of assuming legal obligations in accordance with the legislation of the country in which the User is located.
As the Processor, personal information is provided to TAIGA through TAIGA’s Client Manager, and the latter alone is responsible for any personal information concerning minors that may have been transmitted to TAIGA.
CONTACT US – DPO’S CONTACT DETAILS
The Data Protection Officer is: Mr Oussama Alhamoutie, Engineer Analyst Developer.
Where processing is based on consent:
• The request for consent shall be presented in an intelligible and easily accessible form, using clear and plain language.
• The data subject has the right to withdraw his or her consent at any time. Prior to giving consent, the data subject shall be informed thereof. It shall be as easy to withdraw as to give consent.
Where data is collected from the data subject, the controller shall, at the time when personal data is obtained, provide the data subject with all of the following information:
• the contact details of the data protection officer, where applicable;
• the purposes of the processing for which the personal data is intended as well as the legal basis for the processing;
• the recipients or categories of recipients of the personal data, if any;
• where applicable, the fact that the controller intends to transfer personal data to a third country or international organisation and the existence or absence of an adequacy decision by the Commission;
• the period for which the personal data will be stored, or if that is not possible, the criteria used to determine that period;
• the existence of the right to request from the controller access to and rectification or erasure of personal data or restriction of processing concerning the data subject or to object to processing as well as the right to data portability;
• the existence of the right to withdraw consent at any time, without affecting the lawfulness of processing based on consent before its withdrawal;
• the right to lodge a complaint with a supervisory authority;
• whether the provision of personal data is a statutory or contractual requirement, or a requirement necessary to enter into a contract, as well as whether the data subject is obliged to provide the personal data and of the possible consequences of failure to provide such data;
• the existence of automated decision-making, including profiling, [and, at least in those cases,] meaningful information about the logic involved, as well as the significance and the envisaged consequences of such processing for the data subject.
Where personal data has not been obtained from the data subject, the controller shall provide the data subject with the following information:
• the contact details of the data protection officer, where applicable;
• the purposes of the processing for which the personal data is intended as well as the legal basis for the processing;
• the categories of personal data concerned;
• the recipients or categories of recipients of the personal data, if any;
• where applicable, that the controller intends to transfer personal data to a recipient in a third country or international organisation and the existence or absence of an adequacy decision by the [Commission], or [appropriate or] suitable [safeguards] and the means to obtain a copy of them or where they have been made available;
• the period for which the personal data will be stored, or if that is not possible, the criteria used to determine that period;
• where the processing is based on point (f) of Article 6(1), the legitimate interests pursued by the controller or by a third party;
• the existence of the right to request from the controller access to and rectification or erasure of personal data or restriction of processing concerning the data subject and to object to processing as well as the right to data portability;
• the existence of the right to withdraw consent at any time, without affecting the lawfulness of processing based on consent before its withdrawal;
• the right to lodge a complaint with a supervisory authority;
• from which source the personal data originates, and if applicable, whether it came from publicly accessible sources;
• the existence of automated decision-making, including profiling, and, at least in those cases, meaningful information about the logic involved, as well as the significance and the envisaged consequences of such processing for the data subject.
IP ADDRESS
TAIGA expressly invites Users to consult its Personal Data Protection Policy, which forms an integral part of these GTCU.
At the request of the judicial authorities, TAIGA may disclose the User’s IP address so that the User can be identified in cooperation with the relevant internet access provider.
PROOF
Messages received by fax or by electronic means and, more generally, electronic documents exchanged between TAIGA and the User are considered original documents within the meaning of Article 1366 of the French Civil Code, in other words they have the same probative value as the original. Faxes or electronic documents should be kept in such a way that they remain faithful and lasting copies within the meaning of Article 1379 of the French Civil Code.
WAIVER
The fact that one or the other of the Parties does not enforce one or more clauses of these GTCU cannot under any circumstances operate as a waiver by that Party of the right to enforce that clause at a later date.
SEVERABILITY
If any clauses of the GTCU are deemed unenforceable for any reason, including by operation of any applicable law or regulation, the parties will remain bound by the other clauses of the GTCU and will endeavour to remedy the unenforceable clauses in the same spirit as that which existed at the time the GTCU were drawn up.
APPLICABLE LAW AND JURISDICTION
These GTCU are governed by French law. Any difficulties relating to the validity, application or interpretation of the GTCU will, unless amicably resolved, be referred to the Paris Regional Court, to which the Parties confer territorial jurisdiction regardless of the place of performance or the defendant’s address. This jurisdiction also applies in the case of urgent interim proceedings or where there is more than one defendant or where a third party is joined to the proceedings.