BJT Partners, creating and marketing the new telecommunications service "Quicktalk", a simplified joint
stock company with its registered office at 50 bis rue Maurice Arnoux, 92120 MONTROUGE, FRANCE,
registered with the Paris Companies Register under number 480 234 210 (hereinafter the “Processor” or
“Quicktalk”), the owner of the “Quicktalk” brand;
AND
The Client : (hereinafter referred to as the "Controller" or "Client").
Individually a « Parties » and collectively the « Parties » ;
WHO AGREED AS FOLLOWS:
In the course of providing the Services to the Client under the Agreement, Quicktalk may process Personal Data on behalf of the Client and the Parties agree to comply with the following provisions regarding any Personal Data, each acting reasonably and in good faith.
This Data Processing Agreement is an integral part of the Quicktalk Service Contract between Quicktalk and the Client to which it is attached, and reflects the agreement of the Parties with respect to the Processing of Personal Data.
In this Contract and unless otherwise defined in the Quicktalk Service Contract, all capitalized terms used in this Contract shall have the meanings set forth below:
All terms relating to the protection of personal data that are not specifically defined in the contract, such as "supervisory authority", "file", "recipient", "data breaches", "consent", shall have the meaning given to them in Article 4 of the GDPR.
The Parties acknowledge and agree that, with respect to the Processing of Personal Data, the Client is the Controller, Quicktalk is the Processor and that Quicktalk may hire Sub-Processors in accordance with the provisions of Article 4 "Sub-Processing" below.
The Client, acting as Data Controller, determines the purposes and means of processing Personal Data. The Client undertakes, when using the Quicktalk Services, to process Personal Data in accordance with the requirements of the Applicable Data Protection Regulations. To avoid any doubts, the Client's instructions for processing personal data must comply with the Applicable Data Protection Regulations. The Client is solely responsible for the accuracy, quality and legality of the personal data and the means by which the Client has acquired Personal Data. The Client shall also inform the Data Subjects of the Processing of their Personal Data by Quicktalk.
Quicktalk, acting as a Processor, undertakes to treat Personal Data as confidential information and undertakes to process Personal Data only on behalf of the Client and in accordance with the Client's documented instructions. The Client instructs Quicktalk to process Personal Data for the following purposes: (i) processing for the performance of this Contract, the Quicktalk Service Contract and any applicable order form(s); (ii) processing initiated by Client in the course of using the Quicktalk Services and generally for the provision of the Quicktalk Services, (iii) processing to comply with any other reasonable and documented instructions from Client (e.g., by e-mail) so long as such instructions are consistent with the terms of the Contract.
The purpose of the Processing of Personal Data by Quicktalk is the provision of the Quicktalk Services in accordance with the Quicktalk Service Contract as described in this Contract. The duration of the Processing, the nature and purpose of the Processing and the types of Personal Data and categories of Data Subjects processed under this Contract are set out in Appendix A (Details of the Processing).
The Client undertakes to :
Quicktalk, as a Processor, undertakes to :
The Client acknowledges and agrees that Quicktalk may hire Sub-Processors in connection with the provision of the Quicktalk Services. In such event, Quicktalk shall have entered into a written agreement with each Sub- Processor containing privacy obligations with respect to the protection of Client's Personal Data to the extent applicable with respect to the nature of the Quicktalk Services provided by said Sub-Processor.
Quicktalk remains liable for the acts and omissions of its Sub-Processors under the same conditions as if Quicktalk was directly responsible for providing the Quicktalk Services entrusted to the Sub-Processors under this Contract, except where the Quicktalk Service Contract provides otherwise.
Quicktalk makes available to the Customer a list of current Sub-Processors who may be involved in the provision of the Quicktalk Services and for the Processing described in Appendix A. The list of current Sub- Processors is available in Appendix B and will be available on the Quicktalk personal space accessible by users with "super administrator" privileges.
Quicktalk undertakes to inform the Client in the event of the addition or deletion of Sub-Processors at least ten (10) working days before such changes.
The Client may object to Quicktalk's appointment of a new Sub-Processor, if it objectively considers that such Sub-Processor prevents the Client from complying with its legal obligations, in particular under the Applicable Data Protection Regulations to which it is subject, by promptly notifying Quicktalk in writing within ten (10) business days of receipt of Quicktalk's notification in accordance with the mechanism described in Article 4.3. If the Client objects to the appointment of a new Sub-Processor, Quicktalk shall use reasonable efforts to offer the Client an alternative solution in the provision of the Quicktalk Services or to recommend a commercially reasonable change in the Client's configuration or use of the Quicktalk Services to avoid the Processing of Personal Data by the new Sub-Processor who was objected to, without this constituting an unreasonable effort for the Client.
Quicktalk undertakes to implement and maintain appropriate technical and organisational security measures to ensure the security (including protection against unauthorised or unlawful Processing, and against accidental or unlawful loss, destruction, alteration, damage, unauthorised or unlawful disclosure of or access to the Client's Personal Data), confidentiality and integrity of the Personal Data provided by the Client in accordance with the security standards of Quicktalk described in Appendix C (“Appendix C: Security measures”). Quicktalk regularly checks compliance with these measures. Quicktalk undertakes not to substantially reduce the overall security of the provision of the Quicktalk Services during the period of their subscription by the Client.
It is the Client's responsibility to verify the information made available by Quicktalk regarding the security of Personal Data and to independently determine whether the Quicktalk Services meet the Client's legal requirements and obligations under the Applicable Data Protection Regulations. The Client acknowledges that the security measures are subject to technical progress and development and that Quicktalk may update or modify the security measures from time to time, without prior notice to the Client, provided that such updates and modifications do not result in a significant degradation of the overall security of the service provided to the Client. The Client may at any time obtain
Notwithstanding the foregoing, the Client agrees, except as otherwise provided in this Contract or the Quicktalk Service Contract, to be responsible for its secure use of the Quicktalk Service, including securing its account authentication credentials, protecting the security of the Client's data in transit to and from the Quicktalk Service, taking appropriate steps to encrypt or securely back up the Client's data uploaded to the Quicktalk Service. The Client also declares that it is responsible for the secure use of the Quicktalk Service by its employees or processors.
Quicktalk maintains security incident management rules and procedures and will promptly notify the Client of any accidental or unlawful loss, destruction or alteration and any unauthorised disclosure of or access to Client Data, including Personal Data transmitted, stored or processed by Quicktalk or its Sub-Processors and of which Quicktalk becomes aware of, in accordance with the Applicable Data Protection Regulations. Quicktalk will use reasonable efforts to identify the cause of such incident, whether or not it constitutes a data breach within the meaning of the Applicable Data Protection Regulations, and will take such steps as it considers necessary and reasonable to remedy the cause of such incident, to the extent that the power to remedy such incident is within its control.
In particular, once Quicktalk becomes aware of a breach of Personal Data, Quicktalk:
Ces obligations ne s’appliquent pas aux incidents causés par le Client.
Upon request and in strict compliance with the confidentiality obligations set forth in the Service Contract, Quicktalk agrees to make available to the Customer all information reasonably necessary to demonstrate Quicktalk's compliance with the terms of this Contract, including responses to information security questionnaires, provided that the Customer is not a competitor of Quicktalk or an affiliate of a competitor of Quicktalk. Quicktalk will answer questions posed by the Client about the Processing of Personal Data provided by the Client.
In the event that the information provided by Quicktalk does not allow the Client to reasonably verify Quicktalk's compliance with its obligations under this Contract or in the event of a breach of Personal Data, Quicktalk shall, in consultation with the Client, either:
Audits may be conducted no more than once per year per Client, during the term of the Quicktalk Service Contract, during normal business hours, and shall be subject to (i) a written request submitted to Quicktalk at least sixty (60) days prior to the proposed audit date and (ii) a detailed written audit plan reviewed and approved by Quicktalk's security organisation. These audits may only take place in the presence of a representative of the Quicktalk security team or any other person appointed for this purpose by Quicktalk. Audits must not disrupt Quicktalk's Processing activities or compromise the security and confidentiality of Personal Data belonging to other Quicktalk Clients.
The Client shall pay for the time spent by Quicktalk and its teams or Sub-Processors on such an audit at Quicktalk's professional service rates applicable at that time, which shall be made available to the Client upon request. Prior to the commencement of such an on-site audit, the Client and Quicktalk shall mutually agree on the scope, schedule and duration of the audit, as well as the costs for the time spent by Quicktalk and its teams or Sub-Processors, for which the Client shall be responsible. These costs must be reasonable, taking into account the resources expended by Quicktalk or its Sub-Processors. The Client undertakes to inform Quicktalk promptly of any non-compliance discovered during an audit.
The Parties agree that Personal Data collected, processed, hosted, backed up or stored by Quicktalk on behalf of the Client, under this Contract and the Quicktalk Service Contract or at the Client's initiative, is and remains the sole property of the Client.
In order to provide the Quicktalk Services under the Service Contract, Quicktalk may need to transfer certain Personal Data provided by the Client to Sub-Processors in accordance with Article 4 of the Contract, who may be located in countries outside the European Economic Area and who do not provide an adequate level of protection for Personal Data.
Quicktalk undertakes, in accordance with the Applicable Data Protection Regulations, to implement a mechanism to cover such a transfer in a manner that complies with the Applicable Data Protection Regulations and in particular with the Standard Contractual Clauses adopted by the European Commission to govern the transfer of Personal Data to Sub-Processors located outside the European Economic Area.
Upon termination or expiration of the Quicktalk Service Contract, Quicktalk shall cease all operations on the Personal Data provided by the Client and, at the Client's discretion, shall return or irretrievably delete all Personal Data provided by the Client under the Quicktalk Service Contract and shall require its Sub- Processors to do the same. If the Client does not make this choice, Quicktalk will automatically delete the Personal Data provided by the Client under the Quicktalk Service Contract.
If Quicktalk is prohibited by the Applicable Data Protection Regulations, its national law or a supervisory authority from destroying or returning all or part of such Personal Data, Quicktalk undertakes to maintain the confidentiality of such Personal Data and will not process any of these data for any other purpose. In such event, Quicktalk may retain a copy of the Personal Data provided by the Client as archives, to the extent required by the Applicable Data Protection Regulations, as authorised by the Client, or as necessary for dispute resolution purposes.
Once the data has been returned to the Client, Quicktalk will no longer be responsible for the security of the data and its integrity, in particular when it is stored, following the transfer of data from Quicktalk to the Client, on the Client's servers or on the servers of a processor operating on behalf of the Client.
If Quicktalk receives a request from a Data Subject to exercise his/her right to access, correct, restrict Processing, delete, data portability, object to Processing, set out instructions on the fate of his/her data after his/her death or not to be subject to an automated individual decision, Quicktalk undertakes to promptly notify the Client thereof.
Given the nature of the Processing, Quicktalk undertakes to provide reasonable assistance to the Client to the extent possible and by appropriate technical and organisational means to enable the Client to comply with its obligation to respond to any Data Subject’s request in accordance with the Applicable Data Protection Regulations. In addition, at the Client's express request and to the extent that the Client does not have the ability to respond to a Data Subject’s request in the course of its use of the Quicktalk Services,Quicktalk agrees to use commercially reasonable efforts to assist the Client in responding to such a request. In the event that such cooperation and assistance require significant resources on the part of Quicktalk, Quicktalk reserves the right to charge the Client at Quicktalk's professional service rates in force at that time, which will be made available to the Client upon request, with prior submission of a quote.
If Quicktalk receives a request for disclosure of Personal Data provided by Client from law enforcement, a government security agency or a supervisory authority, Quicktalk will promptly notify the Client of such request, except where disclosure of such information is prohibited by law.
In any case, Quicktalk will never respond to a request from a Data Subject whose Personal Data is processed on behalf of the Client, unless specifically instructed beforehand to do so by the Client in writing. Similarly, when the request is made by an authority and Quicktalk can inform the Client of this in accordance with the stipulations of the previous paragraph, Quicktalk will never respond to such a request unless specifically instructed beforehand to do so by the Client in writing.
In addition to the obligations set forth in Articles 3 and 9, Quicktalk shall use its best efforts to cooperate with the Client to reasonably assist the Client in the performance of its obligations under the Applicable Data Protection Regulations and within the scope of Quicktalk and its Sub-Processors, including but not limited to the obligations to notify about any data breach or obligations to consult a supervisory authority.
Quicktalk's cooperation and assistance to the Client may particularly include the following: :
In the event that such cooperation and assistance require significant resources on the part of Quicktalk, Quicktalk reserves the right to charge the Client at Quicktalk's professional service rates in force at that time, which will be made available to the Client upon request, with prior submission of a quote.
The entire liability of each Party arising out of or in connection with this Contract and the Quicktalk Service Contract and any order form, whether in contract, tort or otherwise, is subject to the "Limitation of Liability" article in the Quicktalk Service Contract, and any reference to a Party's liability in that article means that Party's entire liability under the whole of this Contract, the Quicktalk Service Contract and any order form signed between the Parties.
Each Party shall treat this Contract and information received from the other Party and its activities in relation to this Contract as confidential information and shall keep it in a proper and secure manner. Each Party shall not use or disclose such confidential information without the prior written consent of the other Party, unless (i) disclosure is required by law or (ii) the relevant information has already been made public.
The Contract shall remain in force between the Parties for the duration of the provision of the Quicktalk Services in accordance with the terms of the Quicktalk Service Contract and any related order forms.
This Contract is governed by French law. The Parties shall use their best efforts to resolve amicably, in a fair and equitable manner, any dispute relating to the formation, interpretation, performance and termination of this Contract. The Parties agree to meet after receipt of a notification to this effect sent by registered mail with acknowledgement of receipt by one of the Parties with the intention of resolving this dispute amicably. If the Parties fail to reach an amicable settlement by signing a settlement agreement within sixty (60) days following the amicable settlement meeting, the Parties shall submit their dispute to the competent court within the jurisdiction of the Paris Court of Appeal, which shall have exclusive jurisdiction to settle the dispute.
LThis Contract constitutes the entire agreement between the Parties with respect to its subject matter. Any amendment to this Contract must be the subject of a written amendment signed by both parties. In the event of any conflict between this Contract, the Quicktalk Service Contract or any order form, this Contract shall prevail except where the Quicktalk Service Contract is expressly given precedence.
All notices and communications given under this Contract shall be in writing and shall be sent by post or email to the postal and email addresses set out in the heading of this Contract. If one of the parties changes its address during the term of the Quicktalk Service Contract, it shall be responsible for informing the other party of this within a reasonable period of time by post or e-mail.
This Contract is duly accepted by the Parties and takes effect on the date of signature of the order form.
|
DATA CATEGORIES |
DATA RETENTION PERIOD |
|
General information: company name, address, workforce, etc |
The entire term of the Service Contract. Upon termination, this data is kept for one (1) year for any potential requisition by the competent authorities. |
|
Call and fax logs: all information about incoming and outgoing calls. |
The logs are kept for a maximum of one year on Quicktalk's servers in order to be suitable for any potential requisition by the competent authorities. |
|
Call recordings: audio recordings of incoming and outgoing calls. |
The records are kept for the duration defined by the Client on the Dashboard. |
|
Fax |
The entire term of the Service Contract. Upon termination, this data is kept for one (1) year for any potential requisition by the competent authorities. |
|
Transactional emails |
Quicktalk does not store transactional email history containing Client information. |
|
CRM Contact |
3 years from the last active exchange with the Client / prospect. |
|
Client contact, created manually by the Client on Quicktalk. |
Any contact deleted manually by the client is deleted by Quicktalk. When a client cancels, Quicktalk deletes all their contacts. |
|
Client contact, synchronised with CRM |
The Client has the possibility to desynchronise its contacts directly in its administration space via an option available on its Quicktalk dashboard. When the Client activates the desynchronisation of CRM contacts, Quicktalk no longer has any contacts of the Client. |
|
Transcription of calls and voice messages |
Transcripts are kept for the duration defined by the Administrator on the Dashboard. |
|
User number (OKTA or AZURE) in case of SSO integration |
These data will be kept for the term of the Service Contract |
As an operator of electronic communications services within the meaning of Article L.33-1 of the French Postal and Electronic Communications Code, our activity is declared to the ARCEP and we are required to keep certain personal data relating to electronic communications services for a legal period of 12 months in accordance with the provisions of Article L.34-1 of the French Postal and Electronic Communications Code (III. to VI.) and its implementing decrees 2006-538 and 2012-436.
|
NAMES OF PROCESSORS |
ACTIONS TAKEN ON THE DATA |
LOCATION OF SERVERS |
MEASURES TO COVER THE TRANSFER (if applicable) |
|
SSCALEWAY |
Storage of our databases, cloud service, API load balancer & CDN/S3/p> |
FRANCE |
N/A |
|
DATAPACKET |
Storage of our databases, web servers, Telecom servers |
FRANCE |
N/A |
|
CLOUDFLARE |
DNS and API load balancer |
UNITED STATES |
No transfer outside EU, data localization suite option (data stored in EU) |
|
BTS EUROPE SA |
Telecommunications service (Voice & SMS) |
SPAIN |
N/A |
|
COLT |
Number rental |
UNITED KINGDOM |
CCT |
|
VONAGE |
Number and SMS rental |
UNITED STATES |
CCT |
|
LEGOS |
Number rental |
FRANCE |
N/A |
|
ORANGE |
Number rental |
FRANCE |
N/A |
|
VOXBONE |
Number rental |
BELGIUM |
N/A |
|
BICS |
STelecommunications service, SIP TRUNK and emergency calls |
BELGIUM |
N/A |
|
TOFANE |
Telecommunications service, international termination |
FRANCE |
N/A |
|
TATA COMMUNICATIONS |
Telecommunications service, international termination |
UNITED KINGDOM |
CCT |
|
ORANGE INTERNATIONAL CARRIERS |
International telecommunication service in VoIP |
FRANCE |
N/A |
|
SENDINBLUE (BREVO) |
Mailing |
FRANCE |
N/A |
|
SENDGRID |
Mailing (Sendinblue backup provider) |
UNITED STATES |
CCT |
|
SLACK |
Internal communication tool |
UNITED STATES |
CCT |
|
DEEPTRANSCRIPT |
Transcription of telephone conversations |
FRANCE |
N/A |
All the centres where the data required to provide Quicktalk services is hosted are located in France, which means that no data is transferred outside the European Union or the European Economic Area.
These hosts have the following certifications: :
|
Hosting companies |
Location |
|
Telehouse 2 |
Paris |
|
Equinix |
Seine-Saint-Denis |
|
Scaleway DC 3 |
Vitry-sur-Seine |
We also have a business continuity and incident response plan in place.
In addition :
Visits to hosting sites : All Clients, suppliers and visitors do not have access to our hosting sites. Requests for access to hosting sites are strictly documented and must be justified by the appropriate Quicktalk staff.
All employees sign a privacy agreement outlining their responsibility to protect Client data.
We are implementing awareness-raising operations for our teams and we plan to increase the frequency and development of awareness-raising operations, particularly in the area of cyber security. In addition, good security practices are the subject of training communications (for example, when new employees join) and written material is accessible (posted in work areas and made available on the intranet). In addition, we train our employees to acquire the right data security reflexes and we also carry out internal tests (e.g. "fake phishing campaign", use of public Wi-Fi networks, etc.).
We implement industry-standard physical security and protection measures. Our offices and our employees' information systems are adequately secured and the measures implemented include, in particular:
Visit to the Quicktalk premises: Visitors, Clients and suppliers must register at the reception desk and are always accompanied by a member of the Quicktalk staff when entering our premises and during their time on site. The same goes for leaving.
We systematically implement a hashing technology with a salting that is at least as robust as the SHA-256 standard.
Passwords for Quicktalk accounts are hashed. Our own staff can't even see them. If you lose your password, it cannot be recovered - it must be reset.
Our environments are strictly separated, both physically and logically. All developments are carried out on development environments that are separate from the production ones. We also implement a strict testing procedure on multiple environments before making the decision to go live.
In addition, all databases are separate and dedicated to the prevention of corruption and overlap. We have several layers of logic that separate user accounts from each other.
We actively monitor the emergence and identification of new potential vulnerabilities (0-day) and enforce the implementation of new security patches on all workstations and production environments.
Our servers are updated regularly, especially at every production launch.
We have a physical firewall (machine) with firewalling rules that only allow flows that are necessary for Quicktalk's purposes and the provision of its services to Clients.
We have an automatic hot and cold backup system, machines and database clusters.
We do not use a VPN, but use SSH tunnels to access the servers.
All workstations and production environments are protected by antivirus software. On each workstation, an automatic sleep mode is also set up and configured after 5 minutes of inactivity.
We have implemented several classes of access and permission privileges for our Clients :
These 4 user classes ensure that the access and power of each of the Client's users only have the rights necessary for them to use the services, on a strict "need to know" and "need to do" basis. These 4 levels of use enable the uses and administration rights of the Quicktalk solution to be segmented.
If you have discovered a vulnerability in the Quicktalk application, please do not share it publicly. Instead, please submit a report via the process described below. We review all security issues brought to our attention and take a proactive approach to emerging security issues. Every day, new security problems and new attack vectors are created. Quicktalk strives to keep abreast of the latest security developments, both internally and by collaborating with external security researchers and companies. We appreciate the community's efforts to create a more secure website.
If you believe your account has been compromised or if you notice any suspicious activity on your account, please send an email to [email protected].