Iboo

GTC

PRELIMINARY PROVISIONS

These general subscription terms and conditions (the "GTC") apply in their entirety and constitute the essential and determining conditions of any subscription to the IBOO solution (hereinafter the "IBOO Solution") accessible at the URL https://iboo.live (hereinafter the "Web Application") and on smartphone via the IBOO web app (hereinafter the "Mobile Application") by any professional customer located within the European Economic Area (hereinafter the "Customer") in order to subscribe to the IBOO Solution (hereinafter the "Subscription").

The fact of registering on the Web Application and, a fortiori, of checking the box "I accept the general conditions of service" implies the acceptance without reserve of the present GTC and the GCU which, together, prevail on all conditions and stipulations of the Customer not expressly accepted in writing by IBOO.

1. GLOSSARY

Abuse of service : Any act of a User, intentional or not, having an impact, of some amplitude that it is and of some nature that it is, on the normal operation of the services of IBOO and the services provided by him to the Customer and to his other customers.

Anomaly : Refers to any malfunction, reproducible and repeated defect and/or non-conformity of the functionalities of the IBOO Solution with respect to its intended purpose, which prevents the normal operation of all or part of the IBOO Solution or which causes an incorrect result or unsuitable processing while the IBOO Solution is used in accordance with its intended purpose.

« Blocking Anomaly » means any anomaly that makes it impossible to use all or part of the functionalities of the IBOO Solution. « Non-blocking anomaly » means any Anomaly allowing the full operation of the IBOO Solution in all its functionalities to continue, even if this is done by means of an unusual procedure. « Semi-blocking anomaly » means any Anomaly allowing the use of the IBOO Solution's functionalities only partially.

Contract : The following are enforceable under the services provided by IBOO:

The present General Conditions and their appendices, The Special Conditions and in particular the General Conditions of Use The Quote The order form Any document exchanged between the parties within the limit of the only documents established by IBOO, proposed to the Customer and bearing the mention "Document with contractual value"..

These documents are classified in the following hierarchical order: Quotation, Purchase Order, Special Conditions, General Conditions and documents exchanged between the parties.

Only the Agreement governs the relationship between the Customer and IBOO.

Quote : Contractual document, signed by the Customer, detailing the services chosen by the Customer according to his needs and the particular terms of execution of these. It can take the form of an order form.

Datas : All information related to the IBOO Solution, i.e. data transmitted by Participants (raw data) and processed by the IBOO Solution (processed data). Personal data as defined by Article 4 paragraph 1 of the RGPD are an integral part of this information.

Username : Codes, including the name of the User and a password, necessary to reach the whole of the functionalities of the IBOO Solution. The Identifier is unique, personal and confidential. It is transmitted to the Customer as many Identifiers as Users. Any use of the Identifier is regarded as carried out by the Customer. It is thus the responsibility of the Customer to ensure the confidentiality of the Identifiers.

Guests : Means the Participants to a meeting, outside the Subscription subscribed by the Customer.

Account sharing: Refers to a non-conforming use of the IBOO Solution consisting, for the Customer, in making available a single Identifier for several Users..

Participants : Refers to persons taking part in a meeting. Participants are Users and Guests as defined herein.

GDPR : Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation).

Users : Persons designated by the Customer under his sole responsibility and having access to the IBOO Solution via their Identifiers. Are also considered as Users any employee, agent and subcontractor of the Customer as well as any other person having, in some manner that it is, accesses of the Customer to the IBOO Solution.

2. CONDITIONS FOR THE PROVISION OF THE SERVICE

2.1 Access to the service by the Customer

The Customer acknowledges that he/she is informed that the equipment used to access the IBOO Solution is not, by default, secure. Therefore, the Customer acknowledges that he/she must equip the equipment of his/her Users with an antivirus, a VPN and protect it with a secure password, in accordance with the state of the art. Thus any violation of data resulting from the absence of security of the equipment will not constitute a reason of engagement of the responsibility of IBOO; what the Customer accepts expressly.

The Identifiers transmitted to the Customer by IBOO are unique, personal and confidential. Any connection via the Identifier is presumed carried out by the Customer. The Customer commits himself, without delay, to notify IBOO of any theft or breach of confidentiality of the Identifier to the address gprd@iboo.live.

2.2 Creation of a customer account

The Customer is invited to create an account in the tab "I register" on the Web Application and to fill in the fields of the form (name, first name, email address, password of 12 alphanumeric characters with upper and lower case and special characters minimum).

In order to validate his registration, the Customer must read and accept the present General Terms and Conditions and the IBOO Privacy Policy, then click on "Continue".

In order to finalize the creation of his account, the Customer must click on "Confirm my email address" in the activation email he received.

It is pointed out that each User account is personal. For this purpose, the Customer guarantees IBOO against the Sharing of account.

2.3 Use of the services

The Subscription is attached to a Customer having an IBOO account and allowing him to organize meetings via the Web Application or the Mobile Application (hereafter the "Licensee").

To organize a meeting and invite participants (hereinafter the "Guests" or "Participants"), the Licensee must identify himself and click on "Create a meeting" by filling in the fields indicated on the Web Application. Among these fields, the IBOO Solution proposes to protect access to meetings by a password and the Customer is responsible for the systematic setting by Users of a strong password in accordance with the state of the art. Thus, in the event of violation of personal data resulting from a defect of parameter setting of the password or a not protected transmission of this last with the Participants, the responsibility for IBOO could not be committed.

In order to finalize the creation of his account, the Customer must click on "Confirm my email address" in the activation email he received.

2.4 Evolution of the IBOO Solution

Being brought to develop new functionalities to enrich the services proposed to its Customers, IBOO reserves the possibility of making them evolve as well on the contents as on the form, constantly and without notice, without that the Customer can be opposed to it, being understood that IBOO makes a commitment to guarantee:

Compliance with the provisions of Section 2.6; The maintenance of the main functionalities of the service and/or essential to the Customer as mentioned by the Customer; The information to the Customer, by any written means and at his convenience, on the evolutions of service.

In general, IBOO will strive to:

To make the service evolve in the direction of the improvement of the performances and the ergonomics of the service; To take into account the feedback of the Customer on the service and its evolutions.

However, the Customer could not reproach IBOO not to make evolve the service in spite of the communication of requests for evolutions.

2.5 Service availability

IBOO will provide its best efforts to allow the availability of the service 24h / 24h and 7 days / 7 days except the cases of absolute necessity such as described in the article 7.3 of the present, the events out of the control of IBOO, the possible breakdowns and interventions necessary to the good performance of the service and the materials.

IBOO thus makes a commitment to implement the best means to guarantee the availability of the IBOO Solution. However, IBOO could not be held responsible for the disturbances, cuts/Anomalies resulting from any event of which IBOO does not have, directly or indirectly, the control and which would affect in particular the transmissions by Internet network and more generally, by the communication network, whatever are the importance and the duration.

IBOO reserves the right to close the access to the IBOO Solution in order to ensure the maintenance of the hardware and the software necessary to the treatment of information and their lodging. More generally, IBOO reserves the right to stop the access to the IBOO Solution in order to ensure its safety and integrity. As far as possible, IBOO informs the Customer in advance of any interruption of access to the server, of its fact or which it can have knowledge. IBOO makes a commitment to provide its best efforts to proceed to the preventive maintenance apart from the hours of strong affluence.

IBOO is committed, during the duration of the Subscription, to ensure a minimum rate of availability of 99,99 % except periods of planned maintenance, technical interventions, because of the Customer or of a not authorized third and/or periods of interventions under the conditions defined above. Under these conditions, and without that its responsibility cannot be committed for this reason, IBOO will provide its best efforts to propose, on request of the Customer and provided that this one formulated by any written means of the urgent needs related to its activity, a solution of operation in degraded mode.

3. SUBSCRIPTION PURCHASE

3.1 The Customer can choose between several Subscription offers detailed on the Web Application ("Dashboard"/"Subscription").

3.2 By default, any creation of a Customer account leads to the application of the free subscription offer ("Discover Iboo") for a limited meeting duration and with a limited number of participants.

3.3 The Customer may, at any time, choose a higher Subscription offer on the Web Application by selecting the offer of his choice, then by entering his bank details. In order to validate the subscription to a paying offer, the Customer must click on "Validate payment". The subscription of the paying Subscription is firm and definitive for the Customer and for IBOO as from the date of reception by IBOO of the payment of the initial period of Subscription on the Web Application.

3.4 As soon as the payment is received by IBOO, the Customer receives an email confirming the subscription of the Subscription and can use the offer immediately. The confirmation email contains the invoice for the Subscription.

4. DURATION OF THE SUBSCRIPTION

4.1 Free Subscription is subscribed for an indefinite period from the creation of the account by the Customer and ends either when the Customer deletes his account on the Web Application, or on the date of subscription to a paid Subscription offer under the conditions set out in Article 3.3.

4.2 Paid Subscription is concluded for the duration of the Subscription offer chosen by the Customer on the Web Application, as of the date of subscription to the offer on the Web Application under the conditions set out in article 3.3. At the end of this period, the Subscription will then be tacitly renewed for successive periods of the same duration, unless terminated by either party by registered letter with acknowledgement of receipt and received by IBOO at least one (1) calendar month before the end of the current period.

4.3 During a paid Subscription period, the Customer may take out a higher Subscription offer under the conditions set out in Article 3.3. In this case, the new Subscription applies at the end of the current initial period.

5. PRICE AND PAYMENT OF THE SUBSCRIPTION

5.1 The price of the Subscription is that of the offer subscribed by the Customer on the Web Application.

5.2 The Subscription is billed according to the periodicity mentioned at the time of subscription or when it changes as provided for in article 4.3, in arrears. In the event of a change in the Subscription, the new price is invoiced on the date the new Subscription period begins. Any month started is due in full.

5.3 Invoices are payable, in euros, within a maximum of thirty (30) days from the date of issue of the invoice, by credit card via the payment solution proposed on the Web Application.

5.4 By express agreement, and except postponement requested in time and granted by IBOO in a particular and written way, the total or partial defect of payment with the expiry of any sum due to the title of the contract will involve automatically, without preliminary setting in residence and without damage of any additional compensation due and justifiable :

The immediate payment of all sums remaining due by the Customer under the Contract, regardless of the method of payment provided; The invoicing to the Customer of a late payment interest equal to the last refinancing rate of the European Central Bank, published at the date of invoicing, increased by 10 points, the interest being due by the sole fact of the expiry of the contractual term. The interest is calculated pro rata temporis over the period of one month. Suspension of services provided.

In addition, in the event of late payment, the Customer is liable for a fixed indemnity for collection costs of 40€. These expenses can be invoiced on a real basis on presentation of the receipts (ex: bailiffs fees, lawyers fees...). Any disagreement concerning the invoicing will have to be motivated by the sending of a registered letter with request for acknowledgement of receipt, in the eight (8) days of the date of emission of the invoice. In the absence of this procedure, the Client will be deemed to have accepted the invoice.

In a general way, no payment can be the subject of a compensation, a reduction (by application of penalties for example) or a refusal at the initiative of the customer in particular in the event of allegation of nonconformity or bad execution without the preliminary and written agreement of IBOO, and without IBOO having been able to control the reality of the alleged complaint

6. TERMINATION OF THE SUBSCRIPTION AND INTUITU PERSONAE

6.1 In addition to the option to terminate the Subscription by either party on each anniversary date of the Subscription as provided in Section 4, the Subscription may be terminated by either party as of right, without compensation, in the event:

Failure by the other party to comply with any of its obligations under the Subscription, if the defaulting party has not remedied the failure within thirty (30) calendar days of the formal notice sent by the party initiating the termination, by registered letter with acknowledgment of receipt; Safeguard, recovery or judicial liquidation and more generally the conclusion of any amicable or judicial plan with the creditors of the other party, the cessation of activity, dissolution or amicable liquidation of the other party; Force majeure, in accordance with Article 7.3.

Upon termination of the Subscription, and for any reason whatsoever :

The Customer commits himself paying to IBOO any sum which it would remain to owe him; The Customer is informed that the IBOO Solution will no longer be accessible to him.

In general, the exercise of this right of termination does not exempt the parties from fulfilling the obligations entered into until the effective date of termination.

6.2 The Subscription is concluded intuitu personae by IBOO and could not be yielded or transferred in some manner that it is with a third, without the preliminary and written agreement of IBOO.

7. OBLIGATIONS AND LIABILITY OF IBOO AND THE CUSTOMER

7.1 Obligations and responsibilities of IBOO

IBOO is held only with an obligation of means in the execution of the services proposed on the Solution IBOO. IBOO commits itself to make its best efforts to secure the access and the use of the IBOO Solution, and IBOO is free to choose the form and the technical means the most appropriate to place at the disposal of the Customer the whole of the functionalities of the IBOO Solution.

IBOO could not be held responsible for the external intrusions, the presence of data-processing virus in the computer system of the Customer, the possible consequences of an alteration, total or partial, of the operation of the Solution IBOO having for origin an Abuse of Service, of the non-functioning or the slowness of the telecommunication network of the Customer. The responsibility for IBOO is excluded for any defect or any inexecution not resulting from its fact, in particular in the event of inexecution of its obligations by the Customer. In particular IBOO cannot be held responsible for the data informed or imported by the Customer in the IBOO Solution or of the access rights granted by the Customer to the users. The Customer guarantees IBOO against any condemnation or transaction (civil, administrative or penal) which would be pronounced against him within the framework of legal actions having for cause or for object all actions relating to the data informed or imported by the Customer in the IBOO Solution (texts, images,?), including in particular the expenses of lawyer and expertise and the expenses and losses which could result from it for IBOO. In any assumption, the responsibility for IBOO excludes in particular any indirect, consecutive or immaterial damage, and including in particular any lost profit, loss, commercial damage, loss of sales turnover, loss of customers, loss of chance, and is, in any event, limited to the amount paid by the Customer during the current contractual year.

The security measures implemented by IBOO on the IBOO Solution are described in the IBOO commercial documentation and in the Privacy Policy.

7.2 Obligations and responsibility of the Client

The Customer undertakes not to communicate his login and password to a third party and declares and acknowledges that the Subscription is strictly personal. In defect, IBOO, reserves the possibility of suspending or of cancelling the Subscription. .

The use of the IBOO Solution requires a compatible computer, tablet or smartphone with a regularly updated operating system. The Customer is solely responsible for regularly updating the operating system of his or her computer equipment and for complying with the provisions of Articles 2.1 to 2.3.

In a general way, IBOO could not be held responsible in the event of difficulties of access to the Solution IBOO whose cause is not directly and exclusively imputable to him.

Unless the Customer can prove otherwise, any connection to the Web Application and the Mobile Application shall be deemed to have been made by the Customer. Any loss, theft, misappropriation or unauthorized use of the Customer's e-mail address or password and the consequences thereof shall be the sole responsibility of the Customer.

7.3 Force majeure

The Parties shall not be considered in default with respect to the provisions of the Contract if the performance of their obligations, in whole or in part, is delayed or prevented as a result of a situation of force majeure as defined by Article 1218 of the Civil Code.

In addition to the events usually considered by French jurisprudence as force majeure, the obligations of the Parties shall be automatically suspended in the event of events beyond their express control preventing the normal performance of this Contract, such as earthquakes, fire or flooding of the operating premises of the business of either of the Parties storm, blockage of means of transport for any reason whatsoever, total or partial strikes, internal or external to the company, lockout of the company, total or partial, regional, national or international blockage of telecommunications and total or partial, regional, national or international blockage of computer networks.

The Party noting the event shall immediately inform the other Party of its inability to perform its service and justify this to the latter. The suspension of obligations shall in no case be a cause of liability for non-performance of the obligation in question, nor shall it lead to the payment of damages or penalties for delay.

However, as soon as the cause of the suspension of their mutual obligations disappears, the Parties shall make every effort to resume normal performance of their contractual obligations as soon as possible. .

However, in the event that the suspension of the obligations arising from the Contract proves to be for a period of more than 3 (three) months, each of the Parties shall be entitled to terminate the Contract at any time, by registered letter with acknowledgement of receipt, as from the expiry of this period of suspension, without compensation on either side.

8. PERSONAL DATA

8.1 Within the framework of the Contract, the Parties are led to operate personal data processing, of third parties, within the meaning of the RGPD. As such, and only for the services for which IBOO is a subcontractor within the meaning of the RGPD, the Parties have organized their obligations and responsibilities in the Appendix "Subcontracting agreement relating to the processing of personal data".

8.2 Within the framework of the execution of its services, IBOO is brought to process personal data of the Customer, as data controller, for the following purposes:

Registration management Subscription management Management of requests to exercise rights The provision of a newsletter The security of our solution

All of our processing is based on the following legal basis: the Contract mainly and our legitimate interest from time to time. Consequently, the processing that IBOO implements as data controller does not require to obtain your consent.

Your data will not be sold, exchanged or transferred outside the European Union. They are kept for the time needed to carry out the processing and are, in the absence of legal obligation or administrative interest, immediately deleted at its expiry.

In accordance with the Data Protection Act of n°78-17 of January 6, 1978 as amended, the Regulation (EU) 2016/679 and the Law for a Digital Republic of October 7, 2016, you have the right to access, rectify, limit, oppose, delete, the right to portability of your data and to transmit directives on their fate in case of death.

You can exercise these rights by sending an email to rgpd@iboo.live.

Finally, Iboo undertakes to provide, at the Customer's request, any documentation necessary to certify its compliance with the GDPR and in particular:

The Privacy Policy regarding the management of its customers The register of processing activities relating to its customers

9. COMMERCIAL REFERENCE

IBOO is expressly authorized to use the name of the Customer or any other distinctive sign belonging to him as a commercial reference in particular in commercial presentations, intended for prospects or customers, in press releases indicating the commercial references, on its Internet site, on its company pages of the social networks or within the framework of the publication of testimonys

10. INTELLECTUAL PROPERTY

IBOO guarantees that it has all the rights to allow the use of the IBOO Solution under the conditions defined herein.

Subject to the perfect respect of the Contract, and in counterpart of the payment of the price of the Subscription, IBOO grants to the Customer, during all the duration of the Contract, a personal, non-exclusive, non-transferable, non-transferable and revocable right of use of the IBOO Solution for the purposes of access by the users to the IBOO Solution, for the whole world. The Contract does not confer on the Customer and the users any title or property right on the IBOO Solution.

In the absence of express authorization on behalf of IBOO, the Customer refrains, and will ensure that the Users refrain, consequently of:

Reproduce, arrange, adapt, translate all or part of the IBOO Solution; Correct, or have a third party correct, any errors and/or bugs in the IBOO Solution; Carry out any form of commercial exploitation of the IBOO Solution; Modify or seek to circumvent any protective features of the IBOO Solution; Research the IBOO Solution for the purpose of creating a derivative or competing work; To transfer, provide, lend, rent all or part of the IBOO Solution, to grant sub-licenses or other rights of use, or more generally, to communicate to a third party or an affiliated company all or part of the IBOO Solution; Integrate all or part of the IBOO Solution into any computer system or other software solution; To proceed to the remote transmission of the IBOO Solution, to its setting in network, in particular on Internet, or to its diffusion under any other form.

The Customer commits himself respecting the applicable regulation in particular concerning the legality of the contents imported and/or exported from or towards the Solution IBOO. As such, the responsibility of IBOO could not be committed in the event of non-observance of this provision by the Customer.

The Customer is informed that any violation of the provisions which precede is likely to involve the cancellation of the Subscription, without damage of the damages which could claim IBOO, and, moreover, to be qualified of facts of counterfeit, liable to civil and penal proceedings.

When using the IBOO Solution, the Customer may share Content. To this end, the Customer assures that he/she has all the rights, and in particular the intellectual property rights, to use all the shared elements such as, and without this being exhaustive, brands, logos, music, video, texts, hypertext links, etc.

The Customer also guarantees to IBOO that the shared elements are legal with regard to the national, European and international law. He is also responsible for the contents diffused by the Participants and makes his business of the monitoring of these. .

The Customer guarantees, with its expenses, the defense in any possible action brought against IBOO insofar as this one would be resulting from an allegation according to which an element shared by the Customer at the time of the use of the Solution IBOO could be qualified of counterfeiting or act of unfair competition or parasitism or denigration or defamation or false publicity or in a general way, would engage the responsibility of IBOO

The Customer shall pay all costs (in particular experts' and lawyers' fees within the limit of the costs usually incurred in such proceedings) and damages charged to IBOO without prejudice to IBOO's right to obtain, from the Customer, compensation for the loss suffered.

11. INDEPENDENCE

IBOO acts as an independent service provider, thus excluding any subordination link between its employees and its customers.

IBOO remains the sole employer of its employees and is responsible for their supervision and control, particularly with regard to the management of working hours, vacations and disciplinary rights.

IBOO undertakes, in this respect, to deal personally with the obligations and formalities which can or may be incumbent on it in terms of taxation and social security, and in this respect declares that it is perfectly in order.

12. INSURANCE

Each Party declares that it is insured for its professional civil liability with a reputable company for all material and immaterial damages resulting from the performance of this Contract by its personnel or collaborators and shall provide the other Party, upon first request, with a certificate of insurance. Any shortfall in coverage shall be borne by the Party that caused it.

IBOO certifies to have taken precautions with the insurance company of its choice and declared the risks taken under the collection and hosting of the Data and the IBOO Solution on its servers, on the servers of OVHcloud.

13. ADDITIONAL PROVISIONS

13.1 The Schedules are an integral part of the Contract. In the event of a contradiction between one or more of the provisions of the appendices and one or more of the provisions of the Contract, the provisions of the Contract shall prevail.

13.2 In the event of any difficulty of interpretation between the titles and the clauses hereof, the content of the clauses shall prevail.

13.3 The Contract, including its appendices, reflects all the commitments made by the Parties with respect to the subject matter to which it relates. This Agreement supersedes all prior written and oral agreements and arrangements. Neither party shall be bound by any obligations other than those expressly agreed to in the Contract.

13.4 The applicable GTCs are those in effect at the time the Subscription is taken out.

13.5 IBOO reserves the right to modify the GTC at any time. Any new version of the GTC will automatically replace the previous version and will apply to any renewal of the Subscription.

13.6 Any failure or delay in exercising a right by either Party shall not be construed as a waiver of any right.

13.7 If any provision of the Agreement is invalid in whole or in part under any applicable rule of law or statute, it shall be deemed unwritten but shall not invalidate the Agreement or any partially affected provision.

13.8 The provisions of Sections 7, 8, 9, 10, 11, 12 and 14 hereof shall remain in full force and effect notwithstanding the termination or early cessation of the Agreement from whatever cause and on whatever date.

14. APPLICABLE LAW AND JURISDICTION

The GTC, the Subscription and, in general, the commercial relations between the parties are governed by French law. In the absence of amicable resolution of the litigation, any litigation relating to the CGA, the Subscription and the relations between IBOO and the Customer, will be subjected to the exclusive competence of the competent jurisdictions of Nantes, including in the event of summary proceedings, of order on request, of plurality of defendants, of incidental request or call in guarantee.

ANNEXE 1 : SUBCONTRACTING AGREEMENT FOR THE PROCESSING OF PERSONAL DATA

Between : IBOO, a simplified joint stock company with a capital of 12,891.20 euros, registered in the Nantes Trade and Companies Register under number 8888 211 760 and located at 16 avenue du Parc de Procé 44100 Nantes. Hereinafter referred to as «the Contractor» And : The Customer Hereinafter referred to as « The Data Controller » Hereinafter, together referred to as «the Parties»

Preamble

1. The Controller and the Subcontractor have entered into one or more contracts for the provision of services as provided herein. As the performance of the service is conditional upon the Subcontractor processing personal data on behalf of the Controller, the Parties have decided to enter into an agreement relating to this subcontracting in accordance with Article 28 §3 of the General Data Protection Regulation (hereinafter "GDPR").
2. The purpose of this agreement is to define the conditions under which the Processor will carry out the processing of personal data on behalf of the Controller
3. Thus, the Parties undertake to comply with the provisions of the RGPD in its current but also future state as well as any special regulation which would specify, interpret or replace this regulation.
4. This agreement is an integral part of the contract(s) between the Parties to which it is attached.

I. Definitions

The definitions of the terms and concepts mentioned in this agreement are based on and have the same meaning as in the regulations on the protection of personal data.

"Issuing Party" means the Party submitting this Agreement.

"Receiving Party" means the Party that has acknowledged receipt of this Agreement by the Sending Party.

"Institutional Site" understood to be the site accessible at the following address: https://iboo.live/.

II. Scope of this Agreement

1. This agreement and its annexes constitute the agreement of the Parties with respect to Data Outsourcing. It supersedes any previous agreement and therefore renders it non-binding. 2. This Agreement and its annexes are interdependent and form a coherent and indivisible whole. Nevertheless, in the event of a discrepancy between this Agreement and the various annexes, an order of priority between these documents is defined as follows
a. The data outsourcing agreement b. Annex 1: Register of Treatment Activities c. Annex 2: Technical and organizational measures d. Annex 3: Means of Communication between the Parties
3. Because of its intuitu personae nature, any modification of this agreement depends on the expression of the common will of the Parties and must, therefore, be approved and signed by them.

III. Term of validity and termination

1. The term of this Agreement is based on the term of the GTC. 2. Termination of the GTC shall also result in termination of this Agreement of which it is an accessory. 3. In addition, breach of this Agreement or failure of either Party to comply with this Agreement may result in termination of the GTC without notice. 4. The Parties acknowledge that termination of this Agreement, at any time and for any reason, does not relieve them of their obligations relating to the processing of personal data.

IV. Purpose of data outsourcing

1. The Data Controller authorizes the Subcontractor to process the personal data necessary for the provision of the service(s) provided for in the GTC. 2. The Processor undertakes to provide the Subcontractor with all information necessary for the Subcontractor to perform the principal. 3. The operations carried out on personal data are explained in the register of processing carried out by the Subcontractor on behalf of the Data Controller. The conditions of communication of the said register are set out in Appendix 1 and are subject to the confidentiality of the Data Controller as set out in Article XIV § 4 hereof.

V. Location of data outsourcing

1. The data entrusted to the Processor by the Controller will only be processed in a Member State of the European Union or in the territory of the European Economic Area (EEA); 2. If the Processor intends to implement a transfer of data outside the European Union or the territory of the European Economic Area, the Processor shall inform the Controller at least 30 days prior to its implementation; 3. This transfer will be permitted if it meets the requirements of Articles 44 to 50 of the GDPR and if the Data Controller has expressly authorized it in writing; 4. In any case, such a transfer cannot be envisaged in the absence of standard contractual clauses for the protection of personal data concluded between the Data Controller and the importer of data established in a third country; 5. By this agreement, the Data Controller, as exporter of data, gives an explicit mandate to the Processor to sign, in its name and on its behalf, the standard contractual clauses issued by the European Commission with the data importer acting as a subsequent Processor.

VI. Technical and organizational measures

1. The Contractor shall take adequate technical and organizational measures to ensure a level of securitý appropriate to the risk as determined by the Processor and must maintain such measures throughout the term of the Principal. 2. The technical and organizational measures must be in accordance with the state of the art and technical developments. The Contractor may, therefore, take adequate alternative measures. The security leveĺ of these measures must not be lower than that of the technical and organizational measures. Any substantial changes must be documented.

VII. Obligations of the Subcontractor

1. The Subcontractor processes data for the sole purpose(s) for which the Subcontractor is contracted; 2. The Subcontractor is limited to following the instructions documented by the Data Controller, subject to alerting him immediately in the event of instructions that do not comply with the regulations and/or in the event of security measures that seem to him to be more appropriate within the framework of the services provided for in the principal. The Subcontractor may be held liable if it could not have been unaware of the existence of more appropriate security measures and did not expressly and promptly inform the Data Controller; 3. The Subcontractor guarantees the confidentiality of the data entrusted to it by:
a. Giving access to this data only to those with a need to know; b. Subjecting such persons to a confidentiality agreement with penalties for breach; c. Training in the protection of personal data for staff members who have access to the data of the Data Controller.
4. Contractor agrees to use tools that are compatible with data protection principles by design and by default; 5. The Subcontractor shall not make any copies of the documents and data carriers entrusted to it, except for those necessary for the performance of the present service provided for in the contract, the prior agreement of the master of the file is required; 6. The Contractor shall not disclose such documents or information to third parties, whether private or public, natural or legal persons. 7. Subcontractor agrees to:
a. Notify any incident involving personal data entrusted by the Data Controller as soon as possible after becoming aware of it. b. Promptly investigate and remedy any breach of Personal Data c. Inform the Data Controller, as soon as possible, of the corrective measures put in place to remedy the situation d. Provide the Controller with any documentation enabling him, if necessary, to notify the competent supervisory authority of the breach.
8. The Subcontractor undertakes to guarantee and maintain a level of security and confidentiality appropriate to the types of data entrusted to it by the Data Controller.

VIII. Subsequent subcontracting

1. The Controller agrees that the Subcontractor may call upon subsequent subcontractors acting in its name and on its behalf, in order to assist it in the processing of the Personal Data of the Controller and its Clients. 2. Nevertheless, the Processor shall take and document all necessary precautions in the selection of its subcontractors, to whom the said Personal Data are entrusted, and shall inform the Controller of any planned change concerning the addition or replacement of a subsequent subcontractor by any written means at its convenience. 3. The Processor may object to such addition or replacement by notifying the Processor in writing within 30 days of receipt of the notice of addition or replacement sent by the Processor. 4. The Data Controller acknowledges and accepts that the absence of an objection within the aforementioned period shall be equivalent to acceptance on its part of a new sub-processor. In the event that the Data Processor objects to the appointment of a sub-processor, the Parties agree that either of them may terminate the contract, provided that they have not been able to agree on the appointment of another sub-processor. 5. Subcontractor shall enter into a contract, with any subsequent subcontractor, containing the same obligations as set forth in this Agreement, including requiring the subsequent subcontractor to process Personal Data of the Controller and its Customers only in accordance with the documented instructions of Subcontractor. 6. Subcontractor shall provide any information to substantiate the implementation of such obligations as well as documented instructions to the subsequent Subcontractor. 7. It is the responsibility of the initial Subcontractor to ensure that its subsequent subcontractors comply with data protection regulations and this Agreement. 8. The Processor shall remain fully liable to the Processor for any processing performed by the subsequent Processor in breach of the obligations of this Agreement.

IX. The data controller's right to information

1. The Processor represents that it maintains a record of all categories of processing activities performed on behalf of the Processor, including:
a. The name and contact details of the representative of the Controller and of the subsequent Processors, as well as those of their Data Protection Officer, if any, and, if applicable, the names and contact details of its Data Protection Officer; b. Categories of processing carried out on behalf of the Data Controller; c. Where applicable, transfers of personal data to a third country or to an international organization, including the identification of such third country or international organization and, in the case of transfers referred to in the second subparagraph of Article 49(1) of Regulation (EU) 2016/679, documentation attesting to the existence of appropriate safeguards; d. To the extent possible, a general description of the technical and organizational security measures referred to in Article 32(1) of Regulation (EU) 2016/679.
2. The Contractor undertakes to inform the Controller in the event of substantial changes in the processing activities carried out on behalf of the Controller. 3. The Subcontractor, at the request of the Data Controller, undertakes to provide him with all the necessary information enabling him, in turn, to inform the Users about the automated processing activities as well as the methods of carrying out the latter. 4. The Subcontractor also undertakes to provide the Data Processor with any document that can attest to its compliance with this agreement.

X. Rights of the persons concerned

1. It is the responsibility of the Data Controller to inform the data subjects of the processing operations at the time of collection of the data. 2. The Processor will, where necessary, assist the Controller in fulfilling its obligation to respond to requests to exercise data subjects' rights under Articles 12 to 22 of the GDPR. 3. The Subcontractor shall never respond on behalf of the Data Controller to exercise requests addressed directly to it. In the event that the Subcontractor receives such a request, the Subcontractor shall forward it to the Data Controller as soon as possible so that the latter can determine what action to take;

Specific services ordered from the Subcontractor by the Data Controller as part of its RGPD compliance obligations, requiring the performance of additional services by the Subcontractor, will be subject to pricing under the conditions applicable at the date of the request.

XI. Data Protection Impact Assessments

The Subcontractor undertakes to assist the Data Controller in carrying out a privacy impact analysis, within the limits of the subcontracting service and the information available to the Subcontractor. This assistance must be reasonable and will be subject to pricing in accordance with the conditions applicable at the time of the request.

XII. Appointment of a GDPR relay

1. Where the Contractor is not required to appoint a data protection officer, the Contractor shall appoint a person to be responsible for such matters within its establishment. 2. This person will be a privileged contact of the Data Controller.

XIII. Audit

1. If the Processor deems it necessary to conduct an audit to verify the Subcontractor's compliance with the Regulations and this Agreement, the Subcontractor agrees to submit to such audit under the following conditions:
a. If the Controller believes that the documentation provided by the Subcontractor does not allow it to demonstrate compliance with the regulations, the Controller will formulate a justified and documented request for an on-site audit by registered letter with notice of receipt; b. The audit must be carried out by an independent auditor of repute, not competing with the business activities of the Processor. This independent auditor is chosen by the Controller and accepted by the Processor. The auditor must have the required professional qualifications and is subject to a confidentiality agreement; c. The Parties acknowledge that all reports and information obtained in the course of this audit are confidential information; d. The start date of the audit, the duration and the scope of the audit are defined by mutual agreement between the Parties with a minimum notice of 30 working days; e. The Controller shall bear the cost of the audit and shall reimburse the Contractor for all costs incurred in connection therewith, including time spent on the audit based on the average hourly rate of the Contractor's personnel involved in the audit. f. The audit can only be performed during the Contractor's business hours; g. The audit does not include access to information that is not related to the processing performed in accordance with this contract, nor does it include physical access to the servers on which the data is hosted and/or stored.
2. The Controller will promptly notify the Subcontractor of any information relating to a potential non-compliance discovered during the Audit. 3. In the event of potential non-compliance, Subcontractor agrees to use its best efforts to remedy the non-compliance. 4. The Processor undertakes to assist the Subcontractor in resolving any identified non-compliance and may not terminate the contract without 30 days' notice.

XIV. Obligations of the Data Controller

1. The Data Controller remains exclusively responsible for compliance with its own legal and regulatory obligations regarding the processing of Personal Data. 2. The Data Controller undertakes to:
a. Document in writing any instructions regarding the processing of data by the Subcontractor. b. Inform the Subcontractor as soon as possible of any errors or irregularities of which it is aware relating to instructions issued by it to the Subcontractor.
3. The Data Controller undertakes to inform the Subcontractor without delay, in the event of a change in its requests, leading or likely to lead to a change in the status of the Subcontractor with regard to the regulations. 4. The Data Processor undertakes to ensure the confidentiality of all documentation provided by the Subcontractor under its right of information, with the exception of documents freely accessible on the Subcontractor's Corporate Site. 5. More specifically, and concerning the registration features, the Data Controller is informed that specific conditions must be met before implementing this processing. Indeed, the Processor reminds the Controller that the implementation of such processing is likely to constitute behavioral profiling of Users. Thus, the Data Processor shall in particular:
- To document, in a dedicated treatment sheet, the implementation of this system and more particularly the legal basis allowing its realization;
- Ensure that the implementation of the processing does not have a disproportionate impact on the rights and freedoms of Users.
The Subcontractor having informed the Data Controller in advance of the risks involved in the implementation of such processing, the latter acknowledges that it is solely responsible for the implementation of such processing.

XV. Responsibility

1. The following stipulations concern the contractual relationship between the Subcontractor and the Controller. They do not preclude the provisions of Article 82 of the GDPR giving data subjects the right to compensation. 2. Subcontractor may be held liable for any breach of any of its obligations under this Agreement. 3. It is understood that the Subcontractor shall not be held responsible for decisions made by the Controller as a data controller. 4. The amount of compensation to be paid by the Subcontractor shall not exceed the amounts actually received by it under the main contract(s) within the limit of the price of an annual or monthly subscription, as the case may be.

XVI. Reversibility

1. The Subcontractor undertakes, at the end of the principal, to return all the information, data, documents and files entrusted to it by the Data Processor. 2. At the request of the Controller, the Contractor undertakes to ensure the portability of the data entrusted by the Controller to the service provider designated by the Controller. 3. After this return, the Subcontractor undertakes to destroy all personal data and all existing copies in accordance with the instructions of the Controller. Such destruction shall be subject to written justification by the Subcontractor.

Specific services ordered from the Subcontractor by the Data Controller as part of its RGPD compliance obligations, requiring the performance of additional services by the Subcontractor, will be subject to pricing under the conditions applicable on the date of the request

XVII. Reproduction of this agreement

The Party receiving this Agreement undertakes not to reproduce it in its own contractual relations.

Any reproduction of this agreement for this purpose will be subject to prosecution for parasitism on the basis of Articles 1240 and 1241 of the Civil Code.

XVIII. Additional provisions

1. The invalidity of any provision of this Agreement shall not affect the remaining provisions. The Parties agree to replace the unenforceable provision with a legal provision that would serve the same purpose as the invalid provision. 2. In the event of any inconsistency between this Agreement and other agreements between the Parties, this Agreement shall prevail. 3. In the event of any difficulty of interpretation between the titles and clauses of this Agreement, the content of the clauses shall prevail. 4. Any incidental changes, amendments and additions to this Agreement shall be in writing 5. This agreement is governed by the GDPR and by French law in the context of its execution.
ANNEXE 1.1 : REGISTER OF PROCESSING ACTIVITIES

At the request of the Controller and subject to the prior conclusion of the CGA, the Subcontractor undertakes to send him the register of the processing operations carried out in the context of the subcontracting service.

ANNEXE 1.2 :TECHNICAL AND ORGANIZATIONAL MEASURES

The Contractor has implemented a state-of-the-art data backup system in terms of design, means, organization and technology to guarantee the confidentiality, availability and integrity of the files and data entrusted to it as well as the optimal and continuous operation of said system.

The Subcontractor shall, at the request of the Controller, provide him with the documentation necessary for a full understanding of the technical and organizational measures deployed in the course of the service.

ANNEXE 1.3 :MEANS OF COMMUNICATION BETWEEN THE PARTIES 1.Communication of documented instructions

Documented instructions from the Data Controller will be communicated electronically to the following email address: contact@iboo.live.

2.Data Protection Officer of the Data Controller (or manager)

The Data Controller undertakes, at the time of the conclusion of the Contract, to transmit to the Subcontractor the contact details of the person in charge of data protection in its structure.

3.Data Protection Officer of the Subcontractor (or manager)

You can reach the Data Protection Officer at rgpd@iboo.live.

They trust us