GDPR Charter

ECOLOCOURSE Paris GDPR CLAUSE

Each party agrees to preserve the secrecy of the other party’s confidential information of which they have taken knowledge during execution of the Services provided by Ecolocourse Paris.

The term “Parties” refers to Ecolocourse Paris, who is designated at the Provider, and the Customer who is benefiting from these Services.

The term “confidential information” refers to all of the Customer’s business, technical, financial, IT, and structural information.

Ecolocourse Paris also expressly agrees to preserve the confidentiality and secrecy of, to not reveal to any third party, and to not use for any purpose other than completing the specified Services, all information provided by the Customer as well as documents and information of which it takes knowledge during execution of the specified Services.

This obligation is binding upon each of the Parties with respect to all third parties, both physical persons and legal entities, even if they belong to its own group.

Ecolocourse Paris agrees to do whatever is necessary to ensure that its own personnel, sub-agents, and sub-contractors respect the same obligation of confidentiality.

The present confidentiality obligation shall remain in effect throughout the duration of contractual relations and for an additional period of five (5) years afterwards.

The Parties agree to process all personal data, of which it becomes aware while executing the specified Services, in accordance with the regulations applicable to such processing and to the protection of privacy and especially the provisions of the Computers and Liberties Law (Law No. 78-17 dated 6 January 1978, modified) and the General Regulation Governing Data Protection (Regulation No. 2016/679 dated 27 April 2016).

The Parties agree that Ecolocourse Paris is acting as a sub-contractor in the sense of the General Regulation Governing Data Protection. For this reason, Ecolocourse Paris declares that it will maintain a register of all categories of processing activities performed on behalf of the Customer while respecting the latter regulation.

Ecolocourse Paris agrees to respect and to ensure that its personnel and sub-contractors respect the confidentiality obligations without charging any extra fees associated with that commitment.

The Customer has the right to verify respect for those obligations.

The obligations associated with the personal data are considered as essential obligations for business relations and disrespect thereof shall give the Customer the right to automatically cancel the Contract without any forenotice.

These obligations define the conditions under which Ecolocourse Paris agrees to process the Customer’s personal data.

Ecolocourse Paris is hereby authorised to process personal data for the provision of the Merchandise Road Transport Services on the Customer’s behalf.

The purpose of the processing of personal data performed under the present agreement is the land-based transport of letters and packages between the Customer’s sites, both provisional and permanent, and the sites of Customer’s customers and personnel.

The processing operations performed for the aforementioned purposes are: Data collection/Recording/Adaptation/Modification/ Organisation / Structuration / Utilisation / Limitation / Connection or Interconnection/Preservation / Extraction / Deletion or Destruction / Consultation / Distribution in all forms/ and Communication by Transmission /

The categories of personal data which are processed under this agreement are: “all data collected and processed for the purpose of completing a Transport (names, addresses, fixed and mobile telephone numbers, email addresses, GPS positions, etc.)

The Customer agrees to provide all instructions related to Ecolocourse Paris’ processing of personal data and to supervise such processing.

Ecolocourse Paris, along with its personnel and sub-contractors, agree to:

  • Process personal data while strictly respecting the aforementioned obligations, as well as all related Customer instructions, and to never use them for any other purposes.

Immediately inform the Customer if any of the latter’s instructions violate any rules governing the protection of personal data,

  • Do whatever is necessary, in terms of equipment and organisation, to ensure the confidentiality, integrity, and security of personal data and to especially ensure that such data is not distorted, damaged, or communicated to unauthorised persons;
  • Restrict access to personal information and data which shall be entrusted to only to personnel authorised to use such data and to ensure that the latter respect for the confidentiality obligations.
  • Preserve and archive personal data, per the Customer’s instructions, solely for the duration required to complete the Services.
  • Destroy or delete all data, files, and copies of personal data whenever such data is no longer needed and to provide the Customer with an attestation of such destruction and/or deletion.

Ecolocourse Paris agrees to implement any and all procedures to test, analyse, and to regularly evaluate the effectiveness of such measures as well as respect for such security obligations.

Ecolocourse Paris agrees to co-operate with the Customer and to help the latter to satisfy the legal and regulatory requirements related to the protection of personal data, especially to:

  • Fulfil its obligation to respond to all requests to exercise personal rights (access, portability, deletion, limitation, etc.); it is hereby specified that it is the Customer’s responsibility to inform concerned persons of the collection of such data and to respond to lawful requests;
  • Reduce and minimise the risks related to rights and liberties, especially by contributing to the performance of risk analyses and by providing all information and documentation useful for the latter for consultation by authorities to protect such data and to do whatever the Customer requests in order to reduce the risks and their impacts.

Notification of personal data violation :

Per the General Regulation Governing Data Protection, a violation of personal data is a violation of security leading to accidental or illicit destruction, loss, alteration, unauthorised divulgence of personal data provided, preserved or processed in alternate manners and/or unauthorised access to such data.

Ecolocourse Paris agrees to inform the Customer of any and all violations of personal data, to respond to all related Customer’s requests, and to implement all related remedies.

In such cases, Ecolocourse Paris agrees to:

  • Immediately inform the Customer of such violations within 48 hours after becoming aware of the latter;
  • Provide the Customer, or his representatives, with all related information so that he can evaluate the risks and impacts of such incidents and violation and to enable him to make all necessary decisions and take all necessary actions;
  • Provide all of the following information related to such violations:
    • Location, date, and time of the event (approximate if not precisely known) and the date/time it was observed/reported;
    • The nature and circumstances surrounding the violation,
  • loss of confidentiality or compromise of personal data (unauthorised access and/or divulgence);
  • loss of integrity, undesirable modification of personal data,
  • loss of availability,
  • loss of support (outage of server(s), fixed/ mobile computers, backups, paper documents, etc.);
  • Summary of the violation incident (general description);
    • Technical and organisational measures already taken and/or proposed to remedy the violation;
    • Number and position of persons concerned or that may be concerned (customers, prospective customers, employees, etc.);
    • Specific categories, volumes, nature, and content of impacted data;
    • Potential consequences to concerned persons and the processing manager (use of data for alternate purposes, unauthorised distribution, suspension of services, malfunctions, etc.);
    • Evaluation of potential prejudices and criticality;
    • Persons from which additional information may be obtained (identities, coordinates) especially for notification of authorities (CNIL or other) if the violation so requires;
  • Respect for the information transmission schedule requirements as well as the following details:
    • All of the aforementioned information: Immediately once Ecolocourse Paris has knowledge of the incident;
    • Additional Information: Within the Customer-specified deadline for all.
  • The Customer is responsible for proceeding with notification of such personal-data violations to the governing authorities as required.
Nevertheless, if the Customer and Ecolocourse Paris are both required to notify a governing authority (especially the CNIL), mutual coordination between the former shall take place to ensure coherency of the information and submission schedules.
If there is a requirement to inform other persons, such communications shall correspond to Customer-defined schedules and contents-definitions (and in concert with the governing authority if required). Under no circumstances shall Ecolocourse Paris initiate communication with any persons without first obtaining the Customer’s specific approval regarding the contents and methods of such communications.