KOMIDOC PROTECTION OF PERSONAL DATA

 

Solutions in the KOMIDOC range are implemented in accordance with the European personal data protection regulation (Regulation 2016/679).

1. PROVIDER acting as data controller: The Provider acts as controller of Authorised Users’ personal data. This data is processed exclusively to enable access to the Solution (if it is accessible in SaaS mode) and to track access to content. Every Designated User has a right to access and correct their personal data. The Designated User can also request the deletion thereof, but in this case, they will no longer be able to access the Solution. Designated Users’ personal data is kept for the term of the contractual relationship between the Provider and the Client.

2. PROVIDER acting as data processor: The Provider acts as the Client’s processor of personal data (hereinafter “PD”) contained in documents and information of any kind belonging to the Client and managed by a KOMIDOC Solution. Accordingly, the Provider undertakes to:

a) take any necessary precautions to maintain the confidentiality and security of PD and particularly prevent it from being distorted, damaged or disclosed to unauthorised third parties; more generally, the Provider undertakes to implement appropriate technical and organisational measures to protect PD against accidental or unlawful destruction, accidental loss, alteration, unauthorised dissemination or access; the Provider undertakes to ensure that all persons required to process PD for which it is liable comply with these measures.

b) not grant, rent, assign or otherwise disclose to a third party all or part of the PD, whether in return for payment or free of charge.

c) not use PD for purposes other than the functioning of the Solution ordered by the Client.

d) delete as quickly as possible any content belonging to the Client as soon as they so request in writing

e) reply as quickly as possible to any request from the Client regarding content managed by a Solution to enable it to take account, within the given time limits, of any requests from data subjects (right of access, right of correction, right of destruction, etc.).

f) inform the Client in writing of any modification or change concerning them that could have an impact on PD.

g) not sub-contract the provision of services relating to a Solution to a third party without the Client’s permission. Accordingly, the Client is informed and accepts that depending on the client location, KOMIDOC is hosted by the following hosting providers:

Client location

Hosting provider

Europe, Africa

Orange Business Service (France)

Middle East

Microsoft Azure (Dubai)

South East Asia

Microsoft Azure (Singapore)

 

h) in case of authorised sub-contracting, make its own sub-contractor comply with all the obligations that it is required to comply with in accordance with this clause via contract clauses.

i) not transfer PD outside the European Economic Area or to a country that is not recognised by the European Commission as having a sufficient level of protection, unless this transfer is governed by standard European Commission contract clauses or binding company rules. The Client recognizes that depending on the Client location data hosting is provided to the Provider through the Microsoft Azure services whose datacenters are located in Dubai or in Singapore.

j) if the Provider has reason to believe or has become convinced of the existence of a security flaw, loss or alteration of documents, the Provider undertakes to (i) report the existence of this incident to the Client as quickly as possible, (ii) not disclose the existence of this incident, (iii) assist the Client, at no extra cost, with putting in place actions intended to resolve this flaw.