Testimonials, interviews and examples of created websites. Discover our users’ reviews and creations.
The purpose of this document is to define the conditions under which SITEW processes, within the framework of the Service, the personal data of visitors or end customers ("Visitors") of the website operated by the Client or the free User of the Service (hereinafter "Personal Data"), as defined in Article 4.1 of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of individuals regarding the processing of personal data and on the free movement of such data (GDPR).
It constitutes the written agreement on the processing of Personal Data, required by Article 28 of the GDPR, between the controller and the processor, and complements the General Terms and Conditions of Use (GTCU) or General Terms and Conditions of Service (GTCS) validated by the Customer, of which it is an integral part.
It is applicable to all processing that may be carried out by SITEW within the framework of the Service subscribed to by the Client, whether it involves hosting, viewing, storing, modifying, distributing or extracting personal data.
The Table of Processing summarizes the authorized processing acts according to the services provided.
The Client alone shall be responsible for the processing, within the meaning of the GDPR, of the Personal Data of Visitors processed by SITEW within the framework of the Service; SITEW shall only act as a "subcontractor" of such data in its capacity as service provider.
SITEW shall only be held liable, in its capacity as subcontractor, for obligations specifically imposed on it by the Subscription or by the regulations in force on the protection of personal data; or if it has acted outside the specific instructions of the Customer.
SITEW shall not be held liable for any failure by the Customer to comply with this regulation, which is not attributable to it in any way, pursuant to Article 82.3 of the GDPR.
In any case, SITEW's liability towards the Client, in the event of recourse by a Visitor under the joint and several liabilities instituted by Article 82.4 of the GDPR, is limited to the amount indicated in the article "Liability" of the General Terms of Service.
The Customer guarantees SITEW against any recourse, complaint or claim from a natural person (and in particular a Visitor) whose personal data is processed by SITEW or its subcontractors in any way whatsoever in the context of the Service. Consequently, the Client shall hold SITEW harmless against any indemnity or sentence that may be imposed on it as a result of the recourse of a natural person whose Personal Data is hosted, copied, viewed or processed in any way by SITEW within the framework of the Service, and linked to the Client's failure to comply with its legal or contractual obligations as set out in this Policy.
The Client authorizes SITEW, as a subcontractor, to process Personal Data on its behalf, exclusively for the purposes set out in the Table of Processing.
SITEW undertakes to:
In the event of the recruitment of subsequent subcontractors, within the meaning of the GDPR, SITEW shall inform the Client in advance and in writing, clearly indicating the subcontracted processing activities, the identity and contact details of the subcontractor and the dates of the subcontract. The Client will have a period of 15 days from the date of receipt of this information to present its objections. If no objection is raised within this period, the subsequent subcontractor shall be deemed to have been approved by the Client.
The subcontractors listed in the Processing Schedule below shall be deemed approved by Customer as of the date of the Order.
The subcontractor shall be obliged to fulfil the obligations of this agreement on behalf of and in accordance with the instructions of the controller. It is SITEW's responsibility to ensure that the sub-processor provides the same sufficient guarantees regarding the implementation of appropriate technical and organizational measures so that the processing meets the requirements of the European Data Protection Regulation. In all cases, SITEW shall remain fully responsible to the Customer for the performance by the subcontractor of its obligations.
SITEW shall implement the necessary measures to ensure the security and confidentiality of the Personal Data that it is required to process within the framework of the Service.
More specifically, SITEW undertakes to implement the following security measures:
In addition, depending on the nature of the personal data, its sensitivity, and the risks for the persons concerned in the event of a data breach, SITEW will implement, on the notice of the Customer, additional security measures for the Personal Data. These measures may include encryption of the Data, pseudonymization, or regular audits of the availability and security of the Data. These measures may result in additional billing, or a revision of the Subscription price, to consider the costs incurred by these additional security measures requested by the Customer.
All the Data processed by SITEW within the framework of the Service are stored or hosted on servers located in the European Union.
SITEW undertakes not to transfer any Data outside the European Union.
Furthermore, SITEW undertakes to use only subcontractors
It is the Customer's responsibility to deal with requests from Data Subjects to exercise their rights under the applicable regulations (in particular the right to object, the right to access and rectify data, the right to portability, the right to erase data concerning minors, and the right to limit processing). Should the persons concerned exercise their rights, these will be systematically sent back to the Client so that it can process them within the legal time limits.
SITEW undertakes to notify the Customer of any breach of personal data within a maximum of 48 hours of becoming aware of it and by e-mail. This notification will be accompanied by all useful documentation to allow the Customer, as the data controller, if necessary, to notify this violation to the competent control authority.
SITEW declares that it keeps a written register of all categories of processing activities carried out on behalf of the Client, including:
Unless otherwise agreed by the Parties, Personal Data shall be processed for the duration of the Subscription taken out by the Customer, or until the closure of the Customer/User Account, if this occurs earlier.
At the end of the Subscription or at the closure of the Account, SITEW undertakes to:
This data will be returned or transmitted in a readable and open format, under the conditions set out in the article "Consequences of the end of the Subscription" of the GTCU or GTCS.
SITEW shall make every effort to assist the Customer in its efforts to ensure that the processing of personal data complies with the regulations in force. SITEW will provide the Customer with all the necessary information for any compliance or security audit or impact analysis carried out by the Customer. On the other hand, the realization of the Customer's own procedures, such as the drafting of impact analyses or the declaration to the CNIL of a Data violation, will give rise, if necessary, to the invoicing of a separate service.
|Authorized processing acts
|Maintenance and Support
|Identity of the subcontractor