This is automatic translation from original french version.
1.1 Octopush, a simplified joint-stock company with a capital of 30,000 euros, registered in
RCS of Marseille under number 538 371 816, whose registered office is located at 131, avenue du Prado 13008
Marseille (hereinafter referred to as “Octopush”) is a company that operates a platform allowing
its users to benefit from various mobile communication services according to different modes (SMS,
1.2 These general conditions of service (hereinafter the “GTC”) are intended to
determine the conditions under which users can access and use this platform and
benefit from the associated services provided by Octopush (hereinafter the “Services”), against payment
by users at the price stipulated below.
1.3 The aforementioned users and Octopush are hereinafter referred to, individually or collectively, as ” the Party(ies) “.
In the CGS, the terms and expressions identified by a capital letter have the meaning indicated below.
afterwards, whether they are used in the singular or in the plural
- “ Subscription ”: refers to the subscription formula for the Services which is based on an annual commitment by the User. The operation of the Subscription is described in article 7.1.1.
- “ API ”: refers to the programming interface, developed and operated by Octopush, which allows the User to integrate into his own information system and automate some of the Services, as provided in the Documentation.
- “ Order ”: designates the order of a Service by the User.
- “ User Account ”: refers to the User’s personal and secure management interface on the Platform, which he accesses with a username and password.
- “ Documentation ”: refers to all documents, instructions, Platform pages, FAQs, user manuals, technical and functional, relating to the type, description and use of the Services. The Documentation is made available to the User by Octopush on the Platform and is enforceable against the User in accordance with Article 6.1.
- ” API Documentation ” means the API Usage Documentation.
- “ User Documentation ”: refers to the Documentation for using the Platform and the Services.
- ” Data “: refers to all information, including personal data, owned by the User or under the responsibility of the User, processed by the Platform and/or necessary for the performance of the Services.
- “ Pack ”: refers to the subscription formula for the Services which is based on a one-time commitment by the User, without a Subscription. The operation of the Pack is described in article 7.1.2.
- “ Platform ”: refers to the website ( https://www.octopush.com ), developed and operated by Octopush and which allows the provision of Services to the User.
- “ Routers ”: any party, whether direct co-contractor of Octopush or not, who intervenes in the routing of messages.
- “ Services ”: refers to the services offered to the User via the Platform allowing the transmission of various types of messages to telecommunications operators, the Services being more fully described in the User Documentation.
- “ User ”: designates the users of the Platform, exercising in the form of a company or as an individual, and using the Services within the framework of their professional activity exclusively.
3. Entry into force – Duration – Modification
3.1 The T&Cs come into force from their acceptance by the User during their first connection to the Platform for the creation of their Account (hereinafter the “Effective Date”).
3.2 The CGS have the following duration:
i. In the event of a Subscription, the T&Cs have an annual term from the Effective date. At the end of this initial Subscription period, the T&Cs are automatically renewed for identical successive periods, unless terminated by either Party by email by acknowledgment of receipt thirty (30) days before the expiration of the current Subscription period.
ii. In the event of a Pack, the CGS remain in force until the expiry of a period of one (1) year from the last use of the Services by the User. At the end of this period, if the User has not renewed the Pack, the CGS will end.
3.3 The T&Cs may be modified at any time by Octopush according to the following terms. The modifications will be notified to the User by e-mail and will enter into force (1) month after the sending of the notification. In the event of the User’s disagreement with the new T&Cs, the User may terminate them in accordance with the terms of Article 3.2 (i)
4. Access to the Platform
4.1 Technical prerequisites
The operation of the Platform assumes a connection to the Internet network, for which Octopush is not responsible and for which the User is therefore entirely responsible. In the same way, the User is responsible for the computer equipment allowing access to the Platform, Octopush not providing these nor assuming any liability in this respect.
4.2 User account
4.2.1 Access to the Platform requires the creation, by the User, of a User Account, under the conditions specified in the Documentation.
4.2.2 Creation of the User Account:
- is carried out directly by the User if the latter exercises on an individual basis;
- is carried out by one or more agents of the User if the latter operates in the form of a company. In this case, the User acknowledges that the officials who create the User Account must be legal representatives of the company or, failing that, must provide proof of power. Any act carried out by an employee therefore commits the User and cannot be challenged in this regard.
4.2.3 The User undertakes to provide, when creating the User Account, correct and complete information and to update it in the event of a change.
4.2.4 The connection to the User Account is made using a username and a password. The User is solely responsible for the use and confidentiality of the username and password associated with the User Account. He undertakes to ensure the confidentiality of these access codes and to ensure that they are neither communicated nor accessible to unauthorized third parties. Octopush cannot be held responsible for the consequences of such communication or such access, which will be deemed to be the User’s fault.
5. General use of the Platform
In addition to what is stipulated elsewhere in the T&Cs, the User acknowledges the following.
5.1 The User acknowledges that the Platform may only be used in the context of his professional activity, to the exclusion of any personal use. The User is therefore deemed to use the Platform and the Services in a professional capacity. Consequently, the User acknowledges and accepts that no right of withdrawal is applicable to the Services.
5.2 The User undertakes not to introduce, voluntarily or even involuntarily, viruses or files of any kind whatsoever disturbing the proper functioning of the Platform or allowing access, by third parties, to the Platform or to the Data it contains. To this end, the User makes sure to install, on his computer equipment, recent and up-to-date anti-virus software as well as a recent and up-to-date firewall.
5.3 The User is solely responsible for the Data and more generally for the content, of whatever nature, that he publishes on the Platform or uses within the framework of the Services. The User guarantees that he has the necessary rights to this Data and content. It also guarantees that such Data and content are not illegal. Octopush is neither bound by a general obligation to monitor the User’s Data and content stored on the Platform nor by a general obligation to seek facts or circumstances revealing illicit activities. The User is however informed that Octopush may delete temporarily or permanently, without notice, any Data or any content which would have a manifestly illicit character or whose circumstances or facts would reveal this illicit character,
5.4 The User acknowledges that he has the obligation to regularly back up his Data and content.
5.5 Data is confidential. Octopush thus undertakes to take the same protective measures with regard to this Data as with regard to its own confidential information and, in particular, not to disclose it to third parties, in any form, on any medium. and for any reason whatsoever, and to require from any employee or third party likely to have knowledge of the Data for the purposes of the execution of the T&Cs, the same confidentiality commitment.
6.1 Type and description of Services – Documentation
The different types of Services and their terms are described on the Platform, and in particular, in the Documentation. The Documentation is by nature evolutionary. The User acknowledges that he must regularly consult the Documentation and that it is binding on him in its entirety, at any time during the execution of the T&Cs.
The User also accepts that the technical conditions and functionalities (specified in the Documentation) and that the financial conditions (fixed in each Order) of the Services may vary depending on the territory and during the term of the T&Cs.
To benefit from a Service, the User places an Order on the Platform, any Order falling within the legal framework of the CGS.
6.3 Performance of the Services
6.3.1 The User acknowledges that Octopush is bound, in the performance of the Services, by an obligation of means: Octopush performs the Services according to the instructions given by the User and is only liable in the event of proven fault. if the Services are not provided in accordance with such instructions. It is also recalled that the Services consist in transmitting messages to Routers, and are solely responsible for their dispatch.
6.3.2 The User is the sole judge, having regard to his unique knowledge of his internal strategy and his professional activities, of the use he makes of the Services. Octopush is not responsible for the impact of the Services on the User’s activity. In particular, Octopush does not guarantee the User any conversion rate.
6.3.3 The Services are provided via the Internet network, and more generally via telecommunications networks. Therefore, the User is warned of technical hazards that may affect these networks and lead to slowdowns or unavailability of the Services, without Octopush being held responsible.
6.3.4 Octopush may suspend access to the Services, without prior notice but subject to immediate information, if the User does not comply with the obligations incumbent on him under the T&Cs.
6.3.5 The User undertakes to collaborate in good faith with Octopush in the performance of the Services and to alert Octopush of any difficulty of which it is aware and which may affect the Services.
6.3.6 The User guarantees Octopush against any claim or action that may be brought by a third party against Octopush under the T&Cs and, in particular, for an action related to improper use of the Services by the User. This guarantee covers in particular any legal fees necessary to defend the interests of Octopush.
6.4 Support – Maintenance
6.4.1 The Documentation allows the User to quickly obtain the operational methods of operation of the Platform and the Services.
6.4.2 Octopush also sets up technical support relating to the Platform and the Services, accessible according to the methods specified in the Documentation.
6.4.3 Octopush will do its best to ensure the corrective and evolutionary maintenance of the Platform, under the conditions provided for in the Documentation. Octopush reserves the right to suspend access to the Platform and/or the Services for the purpose of scheduled maintenance interventions, of which the User will be informed in advance, except in an emergency.
7. Financial conditions
7.1 Price of Services
When creating his User Account, the User chooses between the Subscription and the Pack.
The price of each Service will be determined by Octopush, for each Order, taking into account the prices then applied by its own suppliers, according to the territory concerned. The price of each Service is therefore set by Octopush before each Order, automatically on the Platform.
7.1.1 Subscription plan
The Subscription formula gives rise to:
- at an annual fixed price, invoiced monthly, corresponding to the price of the Subscription giving the User the right to use the Platform;
- and at an additional price, billed monthly, corresponding to the Services actually provided to the User during the past month.
In the event of the end of the CGS, for any reason whatsoever, before the end of the current Subscription period, no refund will be made by Octopush and the User will be liable to Octopush for the balance of the Subscription price up to at the end of the current period.
The price and volume of the Services vary according to the Subscription formula chosen by the User. Before the start of the provision of the Services, the User pays in advance the price of the Services corresponding to the Subscription formula chosen. Each Service Order will be charged against the prepaid price of the Services.
If during the month the User exceeds the price of the Services paid in advance, he will pay an additional price for the Services according to the price list for these said Services to be provided, the possible balance of which will be allocated to the price of the Services for the following month. .
7.1.2 Formula Pack
The Pack formula gives rise to the payment, by the User, of a fixed price paid in advance covering the right to use the Platform and the provision of the Services during the period indicated in article 3.2 ii). This price remains acquired by Octopush regardless of the Services ordered by the User during the aforementioned period. The same will apply in the event of the end of the CGS and/or the Order, for any reason whatsoever during the aforementioned period.
The price, volume and type of Services provided will depend on the Pack chosen by the User from among those appearing on the Platform.
Each Service Order will be charged to the aforementioned price within the limit of the Pack retained by the User.
All prices for the Services are expressed exclusive of tax and VAT, at the rate in force on the day of invoicing, or any other tax applicable to the Services, will be added.
7.3 Terms of invoicing and payment
Invoices are issued monthly for the Subscription formula and upon subscription to a Pack for the Pack formula. Their payment is immediate and is done when editing the invoice
Invoices are accessible by the User in the Platform, in his User Account.
In the event of dispute of an invoice, the User must inform Octopush in writing within fifteen (15) calendar days of the provision of the invoice in question. After this period, the invoices are deemed accepted by the User.
Payment is made by the User by credit card, bank transfer, SEPA direct debit, check or third-party payment service provider such as Paypal or Stripe.
In the event that payment is not made before the Service is provided, any delay in payment of an invoice on its due date will result in the suspension of access to the Platform and the Services without notice and without liability. of Octopush cannot be sought as such.
Any delay in payment will also automatically give rise to the application of (i) a late payment penalty equal to three (3) times the legal interest rate then in force and (ii) a lump sum indemnity for recovery costs in the amount of forty (40) euros.
8. Intellectual Property
Octopush is and remains the holder of all the intellectual property rights on the Platform and the Documentation (the “ Elements ”), the T&Cs not operating any transfer of intellectual property rights for the benefit of the User.
Octopush grants the User, for the duration of the T&Cs, a simple right to use the Elements, non-exclusive, non-transferable and non-assignable, for the sole purpose of providing the Services and to the exclusion of any other use.
Consequently, the User is prohibited from any other use of the Elements, and in particular, without this enumeration being exhaustive: (i) representing, distributing, marketing and/or making them available to third parties, whether free of charge or expensive; (ii) reproduce, adapt, modify, correct or translate them; and (iii) assign, lease or license them.
1.1 Octopush will only be liable for the foreseeable, immediate and direct harmful consequences of a breach on its part under the T&Cs, in accordance with articles 1231-3 and 1231-4 of the Civil Code.
- It is expressly agreed that the following damages will not be compensated by Octopush, even if they were directly caused by a breach of its contractual obligations:
- loss of earnings linked to economic loss of any kind whatsoever such as, for example, loss of order, operating loss, loss of customer, loss of turnover, or linked to expected savings;
- loss and/or alteration of Data, when the User has the obligation to save it, in accordance with the above stipulations of the CGS;
- damage to the User’s image;
- third party action.
- In addition, Octopush cannot be held liable in the following cases, regardless of the nature of the damage:
- Malfunction of the Platform linked to problems of hosting, telecommunications, Internet or telephone network;
- Malfunction of the Platform attributable to the User;
- Default or authentication error attributable to the User;
- Relationship between the User and his own customers;
- Failure in sending messages by Routers.
1.4 If the User considers that Octopush is in breach of its obligations under the T&Cs, it will be up to the User to inform Octopush in writing within one (1) month of the event in question.
In any case, in the event of a breach by Octopush of its obligations under the T&Cs causing damage to the User, Octopush’s liability will be limited, regardless of the nature and legal basis of the claim against it. contrary, at the price paid by the User for the last twelve (12) months preceding the triggering event.
The liability of Octopush can no longer be engaged after the expiry of a period of two (2) years from the occurrence of the event giving rise to liability.
2. Termination – Consequences of the end of the T&Cs
2.1 Termination clause
In the event of a serious and/or repeated breach by the User of one of his obligations under the T&Cs, not repaired within seven (7) calendar days of a formal notice to remedy it notified by e-mail with acknowledgment of receipt, Octopush may automatically terminate the T&Cs at the User’s fault, without prejudice to any damages it may claim.
2.2 Consequences of the end of the CGS
In addition to what is stipulated in article 7, in the event of termination of the T&Cs for any reason whatsoever, the User will no longer have access to the Platform or the Services. As such, Octopush may, therefore, immediately and without notice, interrupt the User’s access to the Platform and the Services, without its liability being sought by the User.
It will therefore be up to the User:
- to retrieve their Data on the Platform before the expiry of the T&Cs under the conditions of article 3.2;
- or, if the T&Cs are terminated under the conditions of Article 10.1, to ask Octopush, within seven (7) calendar days of the termination of the T&Cs, to return its Data to it.
2.3 Prohibited behavior
In the event of prohibited behavior as described below, the time limit applicable to clause 10.1 will not apply to the User.
It is strictly prohibited to use the Platform or the Services for the following purposes:
- the exercise of illegal, fraudulent activities or activities which infringe the rights or the security of third parties,
- breach of public order or violation of the laws and regulations in force,
- intrusion into a third party’s computer system or any activity likely to harm, control, interfere with, or intercept all or part of a third party’s computer system, violate its integrity or security,
- sending unsolicited emails,
- manipulations intended to improve the referencing of a third-party site,
- aiding or inciting, in any form and in any way, one or more of the acts and activities described above,
- and more generally any practice diverting the Services for purposes other than those for which they were designed.
Users are strictly prohibited from copying and/or misappropriating for their own purposes or those of third parties the concept, technologies and/or other element of the Platform.
Are also strictly prohibited:
(i) any behavior likely to interrupt, suspend, slow down or prevent the continuity of the Services;
(ii) any intrusions or attempted intrusions into Octopush systems;
(iii) any misappropriation of Octopush system resources;
(iv) any actions likely to impose a disproportionate burden on the infrastructure of the latter,
(v) any breaches of security and authentication measures,
(vi) any acts likely to infringe the financial, commercial or moral rights and interests of Octopush or other users of its Platform,
(vii) and finally more generally any breach of these T&Cs.
It is strictly forbidden to monetize, sell or grant all or part of the access to the Services or the Platform, as well as to the information hosted and/or shared there.
2.4 Consequences of breaches
In the event of breach of one or any of the stipulations of these T&Cs or more generally, violation of the laws and regulations in force by the User, Octopush reserves the right to take any appropriate measure and in particular to:
(i) suspend or terminate access to the User Services,
(ii) delete any content posted on the Platform
(iii) notify any relevant authority,
(iv) initiate any legal action.
3. Force majeure
None of the Parties shall be held liable in the event of non-performance or delay in performance of one or more obligations arising from the T&Cs, due directly or indirectly to a case of force majeure as the notion is defined by article 1218 of the Civil Code, provided that the Party being affected by the case of force majeure informs the other Party by e-mail with acknowledgment of receipt within seven (7) days from the appearance of the case of force majeure . It is understood that the User will not be able to claim a case of force majeure in respect of his financial obligations or the impossibility of benefiting from the Services that he would have paid in advance.
The execution of the obligations under the CGS is suspended as long as the case of force majeure persists. However, if the impossibility to perform or the delay in performance continues beyond a period of one (1) month from the aforementioned notification, each of the Parties may terminate the T&Cs with immediate effect by written notification, without any of the Parties being able to claim any compensation.
4. Protection of personal data
4.1 Octopush acting as data controller
Within the framework of the T&Cs, Octopush is required to process certain personal data of the User or of the User’s agents if the latter is a legal person.
Octopush thus acts as personal data controller within the meaning of EU Regulation 2016/679 of April 27, 2016 (GDPR) and Law No. 78-17 of January 6, 1978 relating to data processing, files and freedoms (together the ” Personal data regulations “) and undertakes to respect the obligations incumbent on it in this respect.
Information relating to the processing of personal data is available on the Platform.
4.2 Octopush acting as processor
As part of certain Services, Octopush may be required to process certain personal data for which the User is responsible for processing, on behalf of the User.
Octopush then acts as a subcontractor within the meaning of the Personal Data Regulations and the Parties enter into a subcontracting agreement within the meaning of Article 28 of the GDPR, appended to these T&Cs.
5. Final provisions
5.1 Subcontracting – Assignment
5.1.1 The User is informed and accepts that the Services may be subcontracted, in whole or in part, by Octopush, under its responsibility and in compliance with the stipulations of article 12 above.
5.1.2 Neither Party may assign its status as a party to the T&Cs, except with the prior written consent of the other Party. The possible transfer of party status to the CGS will be made under the conditions of articles 1216 to 1216-3 of the Civil Code.
By way of derogation from the foregoing, Octopush may freely assign its status as a party to the T&Cs to any company controlled, controlling or under common control of Octopush on the day of the assignment, control being understood within the meaning of Article L.233 -3 of the Commercial Code.
5.2 Convention on evidence
The Parties expressly acknowledge that the evidential value is equivalent to that of an original writing and will therefore benefit from a presumption of validity: simple letters, faxes, electronic messages exchanged between the Parties in the context of the performance of the Services. , postal mail, telephone recordings operated by Octopush, computer recordings of operations carried out by the User on the Platform.
The User authorizes Octopush to communicate its name and logo as a commercial reference.
5.4 Consequences of breaches of contract
It is expressly agreed between the Parties that the User may not invoke, against Octopush, articles 1219 to 1223 of the Civil Code.
5.5 Validity of clauses
If one of the stipulations of the GCS is considered in whole or in part as inapplicable or invalid by a competent jurisdiction, the rest of this stipulation and/or the other clauses of the GCS will remain entirely valid and will retain all their effect. In this case, the Parties will have to negotiate a new legal clause, by way of amendment, valid and possible to implement, coming as close as possible to their intention defined in the original clause.
Any waiver by one of the Parties to invoke the existence or total or partial violation of one of the stipulations of the T&Cs, whatever the duration, cannot constitute a modification, deletion of this stipulation or a waiver by such Party to rely on prior, contemporaneous, or subsequent breaches of the same or other stipulations.
5.7 Permanence of obligations
The obligations intended to survive will remain in force after the termination of the CGS, for any reason whatsoever, and will continue to produce their effects after the termination thereof.
6. Applicable law – JURISDICTION CLAUSE
6.1 The T&Cs are governed by French law, excluding the provisions of the United Nations Convention on Contracts for the International Sale of Goods (Vienna Convention).
6.2 IN THE EVENT OF A DISPUTE RELATING TO THE VALIDITY, EXECUTION OR INTERPRETATION OF THE CGS, EXPRESS JURISDICTION IS ATTRIBUTED TO THE COMMERCIAL COURT OF MARSEILLE, NOTWITHSTANDING MULTIPLE DEFENDANTS OR APPEAL IN WARRANTY, EVEN FOR EMERGENCY PROCEDURES OR PROCEDURES CONSERVATORIES IN REFERENCE OR BY REQUEST.
Annex – Protection of personal data
In this appendix, the meaning given to the following terms is that as defined by Regulation (EU) 2016/79 of 27 April 2016 (General Data Protection Regulation, hereinafter the “ GDPR ” or the “ Regulation ”):
- Data controller
- Concerned person
- Personal data
The performance of the Services involves the Processing of Personal Data for which the User is the Data Controller. Consequently, Octopush is a Processor, authorized by the User to carry out the Processing on behalf of the latter and in compliance with this appendix.
1. Description of Processing
|Purpose(s) of Processing||Sending e-mail, SMS or other messages|
|Nature of Processing operations||Recording, storage, organization, modification, communication, deletion of Data.|
|Type of Personal Data subject to Processing||Identification data of message recipients (surname, first name, telephone number, e-mail address)|
The User must first inform Octopush of any processing of other Data .
|Categories of Data Subjects||Customers, prospects, partners, suppliers and employees of customers, prospects, partners, prospective suppliers or partners|
The User must first inform Octopush of any other category of Data Subjects.
2. Obligations of Octopush
2.1 General principles
2.1.1 Octopush’s general intervention framework
Octopush processes Personal Data only on the User’s documented instructions and in strict compliance with the purpose of the Processing and its characteristics as described in Article 1 above.
Octopush immediately informs the User in writing if, in its opinion, an instruction constitutes a violation of the Regulation or other provisions of Union law or the law of the Member States relating to the protection of Personal Data.
Octopush implements all necessary measures to ensure an appropriate level of security for Personal Data in accordance with Articles 28 (3) (c) and 32 of the Regulation. Octopush guarantees that these measures make it possible to ensure the constant confidentiality, integrity, availability and resilience of the systems and the Processing.
Octopush regularly monitors these measures in order to adapt or reinforce them if necessary. These changes must not, under any circumstances, degrade the existing level of security.
Octopush does not make any copies of Personal Data without the prior written consent of the User, with the exception of copies necessary for the proper execution of the Processing or the satisfaction of legal or regulatory obligations.
Octopush ensures the confidentiality of the Personal Data processed. In particular, Octopush ensures that its employees and all other parties authorized to process Personal Data are bound by a contractual or legal obligation of confidentiality. Octopush ensures that said employees and stakeholders, for the performance of their mission, have received the necessary training in the protection of Personal Data and only have access to Personal Data that is strictly necessary.
2.2 Transfer of Personal Data
Octopush may have to use Subcontractors under the conditions of article 2.5 below involving a transfer of Personal Data to countries outside the European Union and the European Economic Area.
Octopush guarantees, in any event, that Personal Data will benefit from an adequate level of protection, in particular through the use of the Standard Contractual Clauses adopted by the European Commission on the basis of Article 46 § 2 of the GDPR which will be accompanied by a prior analysis of the applicable legislation of the recipient country as well as the implementation, if necessary, of additional measures.
2.3 Obligation of active cooperation
2.3.1 Information of Data Subjects
The User communicates to the Data Subjects the information provided for in Articles 13 and 14 of the Regulations with, if necessary, the assistance of Octopush.
2.3.2 Rights granted to Data Subjects and exercise of these rights
The Data Subjects have, according to the meaning conferred on them by the Regulations, a right of access (article 15 of the GDPR), a right of rectification (article 16 of the GDPR), a right to erasure or “right to ‘oblivion’ (Article 17 GDPR), a right to restriction of processing (Article 18 GDPR), a right to data portability (Article 20 GDPR) and a right to object (Article 21 GDPR).
Octopush assists the User in fulfilling his obligation to respond to requests from Data Subjects to exercise the aforementioned rights granted to them.
If Octopush receives such a request from a Data Subject, it must immediately forward it to the User.
2.3.3 Personal Data Breach
Octopush assists the User in the event of a Personal Data breach within the meaning of Article 4 § 12°) of the Regulations.
As soon as it becomes aware of it and at the latest within thirty-six (36) hours, Octopush notifies the User of any violation of Personal Data, by sending an email available to Octopush.
Octopush assists and cooperates with the User, as far as possible, in the implementation of these measures.
2.3.4 Impact analysis relating to the protection of Personal Data
Octopush assists the User when he must carry out an impact analysis on the protection of Personal Data of a Processing envisaged and likely to generate a high risk for the rights and freedoms of the Persons concerned.
If necessary or required by the User, Octopush assists the User in consulting the supervisory authority when the impact analysis indicates that the processing would present a high risk if the Data Controller did not take measures to mitigate the risk.
2.3.5 General information and cooperation obligations
Octopush communicates to the User all information that would be necessary for the demonstration of the respect by the User of his obligations under the Regulations, in particular if the User must justify such respect or if he is the subject of investigation by a supervisory authority.
Octopush will also cooperate with the User if it receives requests for information from a supervisory authority.
Octopush will immediately inform the User in writing of any investigation or other measure of which it would be the subject by a supervisory authority or any competent authority, as soon as it concerns the Processing.
2.4 Return of Personal Data
In the event of termination of the Agreement, for whatever reason, Octopush shall return the Personal Data to the User and destroy any existing copies, unless Octopush is required to keep a copy under the law. of the European Union or of the law of a Member State. Octopush confirms in writing to the User the destruction of the copies.
Octopush may use a Sub-processor for all or part of the Processing operations carried out under the Contract.
Any Sub-Processor of Octopush and any Sub-Processor of any Sub-Processor of Octopus is bound, under the terms of a written contract, by the same obligations as those stipulated in this article.
Octopush and any subsequent Sub-processor must ensure that its subsequent Sub-processor(s) provide sufficient guarantees, in particular with regard to the implementation of technical and organizational measures so that the Processing complies with the requirements of the Regulations.
In any event, Octopush remains fully liable to the User for the performance by the Subcontractors of their obligations, in particular in the event of a breach of their obligations under the protection of Personal Data.
3. Obligations of the User
The User agrees to:
- Provide Octopush with the Personal Data that is the subject of the Processing;
- Document in writing its instructions to Octopush and in particular, and without delay, confirm oral instructions in writing;
- Comply with the obligations related to its status as Data Controller, under the Regulations;
- Supervise Processing.
Appendix 1 – Technical and organizational measures implemented by the Service Provider
Octopush implements the following security measures to ensure Data protection:
Physical access control
- Access to data hosting infrastructures is secured by the ISO 27001 certified data host.
System access control
- Access to the ISMS is restricted to authenticated users with double authentication factor.
- All access to the ISMS is tracked and stored.
Data access control
- Data access is restricted to authenticated users with two-factor authentication.
- All access to the ISMS is tracked and stored.
Control of Data transmissions
– The data transition is made end-to-end encrypted.
Control of the Data entered
- Data integrity is checked by software during each entry.
Protection against loss or destruction of Data
- Data is protected against loss or destruction by continuous and secure backups.
- A PRA is defined in order to allow recovery in the event of a general failure.