PERSONAL DATA PROTECTION POLICY

Articles & Definitions

The following capitalized terms are defined as follows:

  • Subscription: refers to the specific conditions of access for the Customer to the Services as indicated in the Quotation.
  • Customer Account: refers to the personal space opened by DILYNX for the Customer, enabling it to access and manage the Services to which it has subscribed.
  • Customer: refers to the individual or legal entity that subscribes to Stafiz as part of its professional activity. The Customer is a non-consumer professional.
  • Contract: means the Stafiz General Terms and Conditions and the Quotation.
  • Quotation: means DILYNX's commercial proposal based on the Customer's needs and expectations, determined on the basis of the documents and information provided.
  • Customer Data: refers to all Customer information and data, including all Personal Data, entered or uploaded automatically or by the User on the Platform.
  • Personal Data: refers to data which, within the meaning of legislation on the protection of Personal Data, can be used to designate or identify, directly or indirectly, a natural person.
  • Customer Information: refers to any information or data provided by the Customer to manage his subscription to the Services, including Users' personal data.
  • Legislation relating to the protection of Personal Data: means all laws and regulations relating to the protection of Personal Data, applicable to one or other of the Parties in the context of this Contract and in particular Regulation (EU) 2016/679 of 27 April 2016 known as the General Data Protection Regulation (hereinafter "GDPR"), as well as national legislation taken in application of the GDPR, including Law n°78-17 of 6 January 1978 relating to information technology, files and freedoms in its current version (hereinafter "Loi Informatique et Libertés").
  • Services: refers to all services offered by DILYNX on the Platform as more fully described in Article 1.
  • Sites refers to the following Internet sites
    • Platform: refers to the site available at www.stafiz.net, on which the Services are accessible.
    • Showcase site: refers to the site available at www.stafiz.com on which commercial information is broadcast.
  • User: means any person holding a Stafiz access license and authorized by the Customer to use the Services in accordance with the options subscribed to.

This Privacy Policy governs the processing of data of Customers who visit the Showcase Site and/or use Stafiz Services, in compliance with the Personal Data Legislation, which applies according to the following qualifications:

  • DILYNX is responsible for the processing of personal data relating to the administrative, commercial and technical management of the Sites, and in particular the management of use and browsing on the Sites, the management of registrations and Customer and User Accounts.
  • The Customer is responsible for the processing of personal data relating to content created using the Services. In the context of such processing, DILYNX is a subcontractor of the Customer, insofar as DILYNX provides, on behalf of the Customer and on its documented instructions, the tools and functionalities enabling access to the Services.

As the data controller, DILYNX processes Customer Information in order to:

  • To subscribe to the Subscription, manage the Account and bill the Customer for Services. The legal basis for this processing is the performance of the Contract between the Customer and DILYNX. To send Users commercial prospecting, in particular commercial information on sponsorship campaigns. The legal basis for this processing is the User's consent.

This data is managed internally by DILYNX and is transmitted to certain suppliers or technical partners such as DILYNX's chartered accountant or the Sites' host.

This data is stored on servers located in the European Union, for the duration of the contract and then for 3 years on an active basis.

In accordance with the French Data Protection Act and the RGPD, Users may exercise their rights of access, opposition, rectification, deletion, limitation and portability by sending an email to the following address: contact@stafiz.com.

Users also have the right to define general and/or specific directives concerning the fate of their Personal Data after their death and to choose to whom DILYNX shall communicate this information.

For the collection, storage and processing of Customer Data, DILYNX acts on the instructions of the Customer as a processor in accordance with Article 28 of the GDPR.

The Customer provides all Customer Data to DILYNX for integration into the Platform.

In this context, DILYNX is designated as a subcontractor and the Customer as the controller of the Customer Data.

The subcontractor is authorized to process on behalf of the Controller the Personal Data necessary for the sole purpose of performing the Contract.

The nature of the operations carried out on the data is technical: the processor collects, manages and stores Customer Data within the Platform according to the instructions of the data controller in order to provide the Services.

The purpose of the processing is the organisation and management of Customer Data within the Customer Account.

The Personal Data processed are the following: name, first name, photograph, function, date of entry and departure, and email of the persons concerned as well as all Customer Data.

The categories of persons concerned are the Users and all persons identified by the Customer in the Customer Data.

For the performance of the Services, the Controller shall make the necessary information available to the Contractor.

Obligations of DILYNX as a subcontractor:

When acting as a subcontractor, DILYNX undertakes to :

  • process Personal Data solely for the purposes for which it is subcontracted, unless otherwise instructed by the Customer.
  • process Personal Data exclusively and in accordance with the Customer's documented instructions as and when the present Contract is executed, unless it is required to do so by virtue of a legal obligation.

In this case, DILYNX will inform the Customer of this legal obligation prior to processing, unless prohibited by law for important reasons of public interest. Instructions may also be given subsequently by the Customer for the duration of the processing of Personal Data.

If DILYNX considers that an instruction constitutes a breach of the GDPR or any other provision of Union or Member State law relating to data protection, it shall immediately inform the Customer.

In addition, if DILYNX is required to transfer data to a third country or international organisation under EU law or the law of the Member State to which it is subject, it must inform the Customer of this legal obligation prior to processing, unless the law concerned prohibits such information on important grounds of public interest.

  • guarantee the confidentiality of Personal Data processed under this Agreement. Accordingly, DILYNX grants its employees access to the Personal Data processed only to the extent strictly necessary for the performance, management and monitoring of the Contract.
  • ensure that the persons authorized to process Personal Data under this Contract :
  • undertake to respect confidentiality or are subject to an appropriate legal obligation of confidentiality,
  • receive the necessary training on the protection of Personal Data.
  • take into account the principles ofdata protection by design and data protection by default for its tools, products, applications and services.

DILYNX has the general authorization of the data controller to recruit further subcontractors on the basis of an agreed list. The processor specifically informs the controller in writing of any plans to modify this list by adding or replacing subsequent processors at least 30 days in advance, thus giving the Customer sufficient time to object to such changes prior to the recruitment of the subsequent processor(s) concerned.

DILYNX shall provide the data controller with the information necessary to enable it to exercise its right to object.

Where DILYNX engages a sub-processor to carry out specific processing activities (on behalf of the Customer), it does so by means of a contract that imposes on the sub-processor, in substance, the same data protection obligations as those imposed on the sub-processor under these clauses.

The subcontractor shall ensure that the subsequent subcontractor complies with the obligations to which it is itself subject under these clauses and Regulation (EU) 2016/679 and/or Regulation (EU) 2018/1725.

At the Customer's request, DILYNX shall provide the Customer with a copy of this contract with the subcontractor and any subsequent amendments thereto. To the extent necessary to protect business secrets or other confidential information, including Personal Data, the subcontractor may redact the text of the contract before distributing a copy.

DILYNX shall remain fully liable to the Customer for the performance of the obligations of the subcontractor in accordance with the contract concluded with the subcontractor. DILYNX shall inform the Customer of any breach of contractual obligations by the subcontractor.

DILYNX agrees with the sub-processor a third party beneficiary clause according to which - in the event that DILYNX has materially disappeared, ceased to exist in law or become insolvent - the controller has the right to terminate the contract with the sub-processor and to instruct the sub-processor to delete or return the Personal Data.

DILYNX, at the time of collection of Customer Data, must provide the persons concerned by the processing operations with information relating to the data processing it carries out. The wording and format of the information must be agreed with the Customer prior to the collection of data.

Within the framework of this Contract, it is agreed that the Client, in its capacity as Data Controller, undertakes to inform its teams, including the Users, of the processing operations carried out by the Subcontractor.

Obligations of the Client as data controller

The Client, in its capacity as data controller, undertakes to :

  • provide the Contractor with the data necessary for the performance of the Service,
  • document in writing any instructions regarding the processing of the data by the Contractor, it being understood that the Contractor may not create or modify the Customer Data without instructions from the Customer (except in the case of duplication),
  • ensure, beforehand and throughout the processing, that the obligations provided for in the European Data Protection Regulation are complied with by the Processor.

Rights of the persons concerned

Insofar as possible, DILYNX shall assist the Customer in fulfilling its obligation to comply with requests to exercise the rights of data subjects: right of access, rectification, erasure and objection, right to limitation of processing, right to data portability, right not to be subject to an automated individual decision (including profiling).

Where data subjects make requests to the Contractor to exercise their rights, the Contractor shall send such requests to the Client by e-mail upon receipt.

Notification of personal data breaches

The Subcontractor shall notify the Controller of any Personal Data breach within a maximum of 48 hours of becoming aware of it and by the following means: by email with acknowledgement of receipt This notification shall be accompanied by any useful documentation in order to enable the Controller, if necessary, to notify this breach to the competent supervisory authority.

Security measures

The Contractor undertakes to implement appropriate technical and organisational measures, including physical, hardware and software measures, to preserve the security, integrity and confidentiality of the Customer Data, including the encryption of first and last names included in the Customer Data.

Fate of data

Within 3 months of the expiry of the Contract with the Client, the Subcontractor undertakes to destroy all Client Data and to retain only the data necessary to fulfil its legal obligations.

In the case of Data relating to a User, the Subcontractor undertakes to destroy it one year after the closure of the corresponding Client Account.

Data Protection Officer

The Processor shall provide the Controller with the name and contact details of its Data Protection Officer, if it has appointed one in accordance with Article 37 of the RGPD.

Register of categories of processing activities

The Subcontractor declares that it keeps a written record of all categories of processing activities carried out on behalf of the Controller.

Questions or comments

If you have a comment or question about DILYNX's processing of your personal data, please send us an email at dataprivacy@stafiz.com.

In its capacity as data controller, DILYNX processes the Personal Data of persons making contact and demonstration requests on the Showcase Site, either spontaneously or as part of a sponsorship operation, in order to manage these requests. The legal basis for this processing is DILYNX's legitimate interest in responding to Internet users' requests.

This data may, where applicable, be processed in order to manage sponsorship operations, the legal basis for such processing being DILYNX's legitimate interest in managing its sponsorship operations.

This data is managed internally by DILYNX and is transmitted to certain suppliers or technical partners such as DILYNX's chartered accountant or the Website host.

This data is stored on servers located in the European Union, for the time it takes to respond to the request concerned, except in cases where the request is made as part of a sponsorship (in this case, the data is stored for the time it takes to pay the sponsor his commission).

In accordance with the French Data Protection Act and the RGPD, Users may exercise their rights of access, opposition, rectification, deletion, limitation and portability by sending an email to the following address: dataprivacy@stafiz.com.

Our site participates in and complies with all IAB Europe Transparency & Consent Framework Specifications and Policies. It uses Consent Management Platform n°92.

You can change your choices at any time by clicking here.

Internet users also have the right to define general and/or specific directives concerning the fate of their Personal Data after their death and to choose to whom DILYNX should communicate this information.