PERSONAL DATA PROTECTION POLICY

Articles & Definitions

The following capitalized terms are defined as follows:

  • Subscription: refers to the specific conditions of access for the Client to the Services as indicated in the Quotation.
  • Client Account: refers to the personal space opened by DILYNX for the Client and allowing him to access and manage the Services to which he has subscribed.
  • Client: refers to the natural or legal person who subscribes to Stafiz in the course of his or her professional activity. The Client is a non-consumer professional.
  • Contract: refers to the Stafiz General Terms and Conditions and the Quotation.
  • Quotation: refers to DILYNX's commercial proposal established according to the needs and expectations of the Client, determined on the basis of the documents and information provided.
  • Customer Data : refers to all of the Customer's information and data, including any Personal Data, entered, entered or uploaded, automatically or by the User on the Platform.
  • Personal Data : refers to data which, within the meaning of the Legislation on the Protection of Personal Data, makes it possible to designate or identify, directly or indirectly, a natural person.
  • Customer Information : refers to any information or data provided by the Customer to manage its subscription to the Services, including the Users' personal data
  • Personal Data Protection Legislation: refers to all laws and regulations relating to the protection of Personal Data, applicable to either Party in the context of this Agreement and in particular Regulation (EU) 2016/679 of 27 April 2016 known as the General Data Protection Regulation (hereinafter "GDPR"), as well as the national legislation adopted pursuant to the GDPR, including Law No. 78-17 of 6 January 1978 relating to information technology, files and freedoms in its version in force (hereinafter "Data Protection Act").
  • Services : refers to all the services offered by DILYNX on the Platform as more fully described in Article 1.
  • Sites : refers to the following websites:
    • Platform: refers to the site available at the address www.stafiz.net, on which the Services are accessible
    • Showcase Site: refers to the site available at the www.stafiz.com address on which the commercial information is disseminated
  • User : refers to any person who holds a license to access Stafiz and is authorized by the Client to use the Services according to the options subscribed to.

This privacy policy governs the processing of data of Customers who visit the Showcase Site and/or use Stafiz's Services, in accordance with the Legislation relating to Personal Data, which applies according to the following qualifications:

  • DILYNX is responsible for the processing of personal data relating to the administrative, commercial and technical management of the Sites, and in particular the management of the use and navigation of the Sites, the management of registrations and Customer and User Accounts.
  • The Customer is responsible for the processing of personal data relating to content created using the Services. As part of this processing, DILYNX is a subcontractor of the Client, as long as DILYNX ensures, on behalf of the Client and on its documented instructions, the provision of tools and functionalities allowing access to the Services.

As a data controller, DILYNX processes Customer Information in order to:

  • To ensure the subscription of the Subscription, the management of the Account and the invoicing of the Services to the Client. The legal basis for this processing is the performance of the Agreement between the Client and DILYNX. To send Commercial Prospecting Users, in particular commercial information on its sponsorship campaigns. The legal basis for this processing is the User's consent.

This data is managed internally by DILYNX and is transmitted to certain suppliers or technical partners such as DILYNX's accountant or the host of the Sites.

This data is stored on servers located in the European Union, for the duration of the contract and then for 3 years on an active basis.

In accordance with the Data Protection Act and the GDPR, Users may exercise their rights of access, opposition, rectification, erasure, limitation and portability by sending an email to the following address: contact@stafiz.com.

Users also have the right to define general and/or specific directives concerning the fate of their Personal Data after their death and to choose to whom DILYNX shall communicate this information.

For the collection, storage and processing of Customer Data, DILYNX acts on the instructions of the Customer as a processor in accordance with Article 28 of the GDPR.

The Client provides all the Client Data to DILYNX in order to integrate it into the Platform.

In this context, DILYNX is designated as a subcontractor and the Customer as the controller of the Customer Data.

The processor is authorized to process on behalf of the Data Controller the Personal Data necessary for the sole purpose of performing the Agreement.

The nature of the operations carried out on the data is of a technical nature: the processor collects, manages and stores the Customer Data within the Platform according to the instructions of the data controller in order to provide the Services.

The purpose of the processing is the organisation and management of Customer Data within the Customer Account.

The Personal Data processed are the following: name, first name, photograph, function, date of entry and departure, and email of the persons concerned as well as all Customer Data.

The categories of persons concerned are the Users and all persons identified by the Customer in the Customer Data.

For the performance of the Services, the Controller shall make the necessary information available to the Contractor.

Obligations of DILYNX as a subcontractor:

When acting as a subcontractor, DILYNX undertakes to :

  • process Personal Data only for the purposes that are the subject of the subcontracting, unless the Client instructs you to do so.
  • process Personal Data exclusively and in accordance with Customer's documented instructions as and when performing this Agreement, unless it is required to do so by virtue of a legal obligation.

In this case, DILYNX informs the Customer of this legal obligation prior to processing, unless prohibited by law for important reasons of public interest. Instructions may also be given subsequently by the Client throughout the duration of the processing of Personal Data.

If DILYNX considers that an instruction constitutes a violation of the GDPR or any other provision of Union law or the law of the Member States relating to data protection, it shall immediately inform the Customer.

In addition, if DILYNX is required to transfer data to a third country or international organisation under EU law or the law of the Member State to which it is subject, it must inform the Customer of this legal obligation prior to processing, unless the law concerned prohibits such information on important grounds of public interest.

  • ensure the confidentiality of Personal Data processed under this Agreement. Thus, DILYNX only grants its staff members access to the Personal Data subject to processing to the extent strictly necessary for the execution, management and monitoring of the contract.
  • ensure that individuals authorized to process Personal Data under this Agreement:
  • undertake to respect confidentiality or are subject to an appropriate legal obligation of confidentiality,
  • receive the necessary training on the protection of Personal Data.
  • take into account, with respect to its tools, products, applications or services, the principlesof data protection by design and data protection by default.

DILYNX has the general authorisation of the controller for the recruitment of sub-processors on the basis of an agreed list. The Processor shall specifically notify the Controller in writing of any proposed changes to this list by the addition or replacement of sub-processors at least 30 days in advance, thereby giving the Client sufficient time to be able to object to such changes prior to the recruitment of the relevant sub-processor(s).

DILYNX shall provide the data controller with the information necessary to enable it to exercise its right to object.

Where DILYNX engages a sub-processor to carry out specific processing activities (on behalf of the Customer), it does so by means of a contract that imposes on the sub-processor, in substance, the same data protection obligations as those imposed on the sub-processor under these clauses.

The subcontractor shall ensure that the subsequent subcontractor complies with the obligations to which it is itself subject under these clauses and Regulation (EU) 2016/679 and/or Regulation (EU) 2018/1725.

At the Customer's request, DILYNX shall provide the Customer with a copy of this contract with the subcontractor and any subsequent amendments thereto. To the extent necessary to protect business secrets or other confidential information, including Personal Data, the subcontractor may redact the text of the contract before distributing a copy.

DILYNX shall remain fully liable to the Customer for the performance of the obligations of the subcontractor in accordance with the contract concluded with the subcontractor. DILYNX shall inform the Customer of any breach of contractual obligations by the subcontractor.

DILYNX agrees with the sub-processor a third party beneficiary clause according to which - in the event that DILYNX has materially disappeared, ceased to exist in law or become insolvent - the controller has the right to terminate the contract with the sub-processor and to instruct the sub-processor to delete or return the Personal Data.

DILYNX, at the time of collection of Customer Data, must provide the persons concerned by the processing operations with information relating to the data processing it carries out. The wording and format of the information must be agreed with the Customer prior to the collection of data.

Within the framework of this Contract, it is agreed that the Client, in its capacity as Data Controller, undertakes to inform its teams, including the Users, of the processing operations carried out by the Subcontractor.

Obligations of the Client as data controller

The Client, in its capacity as data controller, undertakes to :

  • provide the Contractor with the data necessary for the performance of the Service,
  • document in writing any instructions regarding the processing of the data by the Contractor, it being understood that the Contractor may not create or modify the Customer Data without instructions from the Customer (except in the case of duplication),
  • ensure, beforehand and throughout the processing, that the obligations provided for in the European Data Protection Regulation are complied with by the Processor.

Rights of the persons concerned

To the extent possible, DILYNX shall assist the Client in fulfilling its obligation to respond to requests to exercise the rights of data subjects: right of access, rectification, erasure and opposition, right to restriction of processing, right to data portability, right not to be subject to automated individual decision-making (including profiling).

Where data subjects make requests to the Contractor to exercise their rights, the Contractor shall send such requests to the Client by e-mail upon receipt.

Notification of personal data breaches

The Subcontractor shall notify the Controller of any Personal Data breach within a maximum of 48 hours of becoming aware of it and by the following means: by email with acknowledgement of receipt This notification shall be accompanied by any useful documentation in order to enable the Controller, if necessary, to notify this breach to the competent supervisory authority.

Security measures

The Contractor undertakes to implement appropriate technical and organisational measures, including physical, hardware and software measures, to preserve the security, integrity and confidentiality of the Customer Data, including the encryption of first and last names included in the Customer Data.

Fate of data

Within 3 months of the expiry of the Contract with the Client, the Subcontractor undertakes to destroy all Client Data and to retain only the data necessary to fulfil its legal obligations.

In the case of Data relating to a User, the Subcontractor undertakes to destroy it one year after the closure of the corresponding Client Account.

Data Protection Officer

The Processor shall communicate to the Data Controller the name and contact details of its Data Protection Officer, if it has appointed one in accordance with Article 37 of the GDPR.

Register of categories of processing activities

The Processor declares that it keeps a written record of all categories of processing activities carried out on behalf of the Controller.

Questions or comments

If you have a comment or question regarding DILYNX's processing of your personal data, please email us at dataprivacy@stafiz.com

As data controller, DILYNX processes the Personal Data of people who make contact and demonstration requests on the Showcase Site, spontaneously or as part of a sponsorship operation, in order to manage these requests. The legal basis for this processing is DILYNX's legitimate interest in responding to Internet users' requests.

This data may, where appropriate, be processed in order to manage the sponsorship operations, the legal basis for this processing being DILYNX's legitimate interest in managing its sponsorship operations.

This data is managed internally by DILYNX and is transmitted to certain suppliers or technical partners such as DILYNX's accountant or the host of the Showcase Site.

This data is kept on servers located in the European Union, for the time it takes to respond to the request in question, except in cases where this request is made in the context of a referral (in this case, its data is kept for the time it takes to pay the sponsor his commission).

In accordance with the Data Protection Act and the GDPR, Users may exercise their rights of access, opposition, rectification, erasure, limitation and portability by sending an email to the following address: dataprivacy@stafiz.com.

Our site participates in and complies with all IAB Europe Transparency & Consent Framework Specifications and Policies. It uses the Consent Management Platform n°92.

You can change your choices at any time by clicking here.

The Internet users concerned also have the right to define general and/or specific directives relating to the fate of their Personal Data after their death and to choose to whom DILYNX should communicate this information.