General terms of service

General Terms and Conditions of Service (TCS) relative to personal data and confidentiality

PERSONAL DATA

Third party personal data

To complete an order, and generally during various exchanges with the Client, Amaïa, hereinafter the Company, may receive personal data regarding third parties, hereinafter the Data.

Such Data may be included in the documents to be translated, or in any other document provided by the Client. The Data may relate to any natural person and may be of any nature such as: surname, first name, age, profession, address, telephone number, etc. Some of these Data may be particularly sensitive, in particular those relating to racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, genetic or biometric data, sex life or sexual orientation, health, offences or convictions of any kind, in particular criminal.

The Client guarantees the Company that they have obtained the valid consent of the persons whose Data are cited in the documents provided to the Company, and that they have informed them of their rights as the data controller. The Company, as a subcontractor, shall not be bound by any obligation in this respect, and shall not be held liable if the processing requested by the Client is unlawful. If, as a result of the Client, the Company is sought after to be held liable on the basis of Data processed, the Client shall protect the company up to the amount of the required compensation.

The Company is authorised to process said Data on behalf of the Client in order to carry out the following services:

  • The translation of documents and/or content provided to it by the Client; and/or
  • The legalization/certification of a document given by the Client; and/or
  • Participation in an interpreting mission; and/or
  • Participation in any other linguistic-based mission ordered by the Client.

In order to carry out these services, the Company may be required to process Data, in particular to receive, consult, modify, copy, save and/or restore the Data.

In addition, as part of the execution and follow-up of the order, the Company is authorised to subcontract all or part of the processing of the Data to a third party of its choice, whether this third party is located in or outside the European Union.

During the execution of the order, and as long as the Company remains in possession of the Data, it undertakes, in its capacity as subcontractor, to:

1. Communicate to the Client, at the Client’s request, its information systems security policy;

2. implement all technical and organizational measures to guarantee a maximum level of security taking into account the sensitive nature of the Data, the risk involved, and the state of technical knowledge;

3. process the Data only on the Client’s documented instructions and in accordance with it, a fortiori with regard to the transfer of such Data to another European Union Member State or to a country outside the European Union;

4. immediately inform the Client if one or more of the Client’s instructions constitutes a violation of the provisions of the Regulation or a violation of European Union law on personal data,;

5. process the Data entrusted by the Client only within the limits that will be defined by the Client on a case-by-case basis, in particular as regards the purpose, nature, duration and purposes of the processing;

6. assist the Client, as much as is possible, in order to enable the owners of such Data to exercise their rights (in particular their rights of access, rectification, deletion and opposition, their rights to limit processing, the portability of the Data, and their right not to be the subject of an automated individual decision);

7. inform the Client of any incident or security breach likely to affect the security and/or confidentiality of the Data without delay following the occurrence;

8. assist the Client, as much as is possible so as to react effectively and within the briefest possible time to a breach of the Data, including the obligation to use all means at its disposal to immediately inform the Client of such a breach, and the obligation to cooperate with the Client in order to inform the supervisory authority and the persons concerned, as well as the obligation to inform the Client of the probable consequences of such a breach and the measures to be taken to remedy it;

9. Assist the Client, as much as is possible, in the implementation of impact assessments and in prior consultation with the supervisory authority, such assessments having the objective of determining a priori the risks that may arise from a particular processing operation on the rights and freedoms of the persons concerned;

10. Upon the Client’s instructions and without delay, delete the transmitted Data from all media on which they appear, retaining no copy in any form whatsoever, making no subsequent use of them for any reason, and substantiating their destruction in writing;

11. At the end of a ten-year-period from the date of execution of the order, permanently delete the Data transmitted from all media on which they appear, keeping no copy in any form whatsoever and making no kind of subsequent use of them for any reason, and substantiating their destruction in writing, unless laws of the European Union or the laws of the Member State requires that the Data be kept for a longer period;

12. Communicate the name and contact details of the Data Protection Officer (DPO), if one has been appointed;

13. Inform the Client of the existence of a processing registry if necessary;

14. Provide the Client with all the information necessary to demonstrate compliance with the obligations arising herein, and, if necessary, allow an audit to be carried out for these purposes, in the care of the Client or by any third party mandated by them.

Client’s personal data

In addition, to execute the order, and generally during various exchanges with the Client, the Company may receive personal data belonging to the Client’s personnel (staff, employees, managers, etc.), hereinafter referred to as the Client’s Data.

The Client’s Data may be of any nature, in particular: surname, first name, telephone number, e-mail address, etc.

As the Client’s Data is necessary for the execution of the order, it is collected and processed on the basis of Article 6, paragraph 1, point b) of EU Regulation 2016/679 of 27 April 2016, hereinafter the GDPR.

The Client’s Data is collected and processed by the Company in order to:

  • process and monitor orders;
  • inform the Client of the Company’s service offering in accordance with their needs;
  • learn of the Client’s opinion of the Company’s service.

In accordance with Article 6, paragraph 1, point (a), the Client agrees that the Company may use their Data to contact them in order to inform them of the service offerings and to obtain their opinion on the services provided.

The Company is responsible for processing Client Data. To this end, it can be contacted by e-mail at the following address: contact ((@)) amaia-int.com or by mail at the following postal address: Parc Altaïs – 70 rue Cassiopée – 74650 CHAVANOD

The Client’s Data is processed by the Company, its employees and subcontractors in accordance with the purposes described above. As such, this Data may be subject to automated or partially automated processing. This Data may be transferred in whole or in part outside the European Union, which may in some cases be necessary for the performance of our services. The Client agrees that their contact details (including email) may be used to contact them for the purpose of completing the order, commercial follow-up and to obtain their opinion on the services provided.

The Company does not sell Client Data, which is only used for the proper execution of the order.

During the execution of the order and for as long as the Company remains in possession of the Client’s Data, the Company undertakes to:

  • implement all technical and organisational measures to guarantee a maximum level of security taking into account the sensitive nature of the Data, the risk involved, and the state of technical knowledge;
  • inform the Client of any incident or security breach likely to affect the security and/or confidentiality of the Data immediately following any occurrence;
  • inform the Client, if necessary, of any ulterior processing of their Data for any reason -other than for the reason(s) for which the Data was collected.

The Client enjoys, under the GDPR and Law no. 78-17 of 6 January 1978, the following rights subject to the conditions of exercise laid down in the texts:

  • The right to access, rectify, update, or delete Data if that Data is incorrect, incomplete, suspect, outdated, or for which the collection, use, transfer, or storing of is prohibited;
  • The right to limit processing;
  • The right to oppose processing;
  • The right to portability;
  • The right to file a complaint with the supervising authority;
  • The right to retract their permission;
  • The right to define their directives regarding the conservation, deletion, and transfer of their Data after their death.

If the Client wishes to exercise one or more of these rights, they must contact the Company by post at the following address: Parc Altaïs – 70 rue Cassiopée – 74650 CHAVANOD or by e-mail at the following address: contact ((@)) amaia-int.com. The Company undertakes to reply by e-mail or letter if necessary within 14 days.

For any complaint relating to the processing of your Data, the Client may contact the Commission Nationale de l’Informatique et des Libertés (CNIL) located at 3 Place de Fontenoy – TSA 80715 – 75334 PARIS CEDEX 07. Tel.: +33 (0)1 53 73 22 22 (Monday to Thursday from 9am to 6.30pm / Friday from 9am to 6pm). Fax: +33 (0)1 53 73 22 00. In this regard, the Client is informed that the data controller is the Company and that the Company’s Data Protection Officer is Vincent Rivalle: Amaïa – Parc Altaïs – 70 rue Cassiopée – 74650 CHAVANOD

The Client’s Data will be kept by the Company for the time necessary for processing according to the purposes described above. If necessary for administrative follow-up purposes, due to legal or regulatory requirements, or for archiving purposes, this Data will be kept beyond the period necessary to achieve the purposes described above. In any case, the maximum period of storage of the Data is ten years, after which the Data will be deleted.

CONFIDENTIALITY

The Company undertakes to respect the confidentiality of personal Data and the Client’s Data.

As part of its obligation of confidentiality, the Company undertakes, for the entire duration necessary for the execution of the order and for 10 years beyond it, to:

  • process personal Data and the Client’s Data in a strictly confidential manner and, consequently, to transfer these Data only to people who necessarily require access to them for the completion of their missions, and to hold these people to a legal or contractual requirement of confidentiality;
  • not use, for any reason, personal Data or the Client’s Data for personal use;
  • ensure the protection of these personal Data and the Client’s Data, with as much care as the Company employs to protect its own confidential information, and in any case, to put in place a level of protection that is objectively sufficient.

This obligation to confidentiality does not apply to personal Data, the Client’s data, and generally to information of any nature that:

  • belongs to the public domain at the time the information is communicated, or belongs public domain after the information is communicated through no fault of the Parties; or,
  • is lawfully received from a third party without a confidentiality clause; or,
  • for which the divulging of said information has been authorised by the Client or for which said information must be divulged for the execution of the order; or,
  • for which a legal or regulatory requirement or a judiciary decision has required be divulged.

APPLICABLE LAW

The above provisions are exclusively governed by French law for both their interpretation and execution.

In the event of a dispute between the Parties, the Parties agree to work together to find an amicable solution.

If no amicable agreement is reached within thirty (30) days, the most reactive Party shall bring the dispute before the French courts, which alone have jurisdiction to hear the dispute.

These provisions form an integral part of the Company’s general terms and conditions of service on the date they are accepted by the Client. They cancel and replace any provision of the general terms and conditions of service that is contrary to them.