PERSONAL DATA PROTECTION POLICY

Articles & Definitions

The following capitalized terms are defined as follows:

  • Subscription : designates the specific conditions of access for the Customer to the Services as indicated in the Quote.
  • Customer Account : designates the personal space opened by DILYNX for the Customer and allowing him to access and manage the Services to which he has subscribed.
  • Client : designates the person, natural or legal, who subscribes to Stafiz as part of their professional activity. The Client is a non-consumer professional.
  • Contract : refers to the Stafiz General Conditions and the Quote.
  • Quote : designates DILYNX's commercial proposal established according to the Customer's needs and expectations, determined on the basis of the documents and information provided.
  • Customer Data : refers to all of the Customer's information and data, including all Personal Data, entered, entered or downloaded, automatically or by the User on the Platform.
  • Personal Data : refers to data which, within the meaning of the Legislation relating to the protection of Personal Data, makes it possible to designate or identify, directly or indirectly, a natural person.
  • Customer Information : refers to any information or data provided by the Customer to manage their subscription to the Services, including the personal data of Users
  • Legislation relating to the protection of Personal Data : means all laws and regulations relating to the protection of Personal Data, applicable to one or other of the Parties within the framework of this Contract and in particular Regulation (EU) 2016/ 679 of April 27, 2016 known as the general data protection regulation (hereinafter “GDPR”), as well as national legislation adopted pursuant to the GDPR, including law no. 78-17 of January 6, 1978 relating to IT , files and freedoms in its current version (hereinafter “Informatics and Freedoms Law”).
  • Services : designates all of the services offered by DILYNX on the Platform as more fully described in Article 1.
  • Site (s : designates the following websites:
    • Platform : designates the site available at the address www.stafiz.net , on which the Services are accessible
    • Showcase Site : designates the site available at the address www.stafiz.com on which commercial information is distributed
  • User : refers to any person holding an access license to Stafiz and authorized by the Client to use the Services according to the options subscribed.

This confidentiality policy governs the processing of data from Customers who visit the Showcase Site and/or use the Stafiz Services, in compliance with the Legislation relating to Personal Data, which applies according to the following qualifications:

  • DILYNX is responsible for the processing of personal data relating to the administrative, commercial and technical management of the Sites, and in particular the management of use and navigation on the Sites, the management of registrations and Customer and User Accounts.
  • The Client is responsible for processing personal data relating to content created using the Services. As part of these treatments, DILYNX is a subcontractor of the Client, since DILYNX ensures, on behalf of the Client and on its documented instructions, the provision of tools and functionalities allowing access to the Services.

As data controller, DILYNX processes Customer Information in order to:

  • To ensure the subscription of the Subscription, the management of the Account and the invoicing of the Services to the Client. The legal basis for this processing is the execution of the Contract between the Client and DILYNX. To send commercial prospecting to Users, in particular commercial information on its sponsorship campaigns. The legal basis for this processing is the User's consent.

This data is managed internally by DILYNX and is transmitted to certain suppliers or technical partners such as the DILYNX accountant or the host of the Sites.

This data is stored on servers located in the European Union, for the duration of the contract and then for 3 years on an active basis.

In accordance with the Data Protection Act and the GDPR, Users can exercise their rights of access, opposition, rectification, erasure, limitation and portability by sending an email to the following address: contact@stafiz .com .

Users also have the right to define general and/or specific directives concerning the fate of their Personal Data after their death and to choose to whom DILYNX shall communicate this information.

For the collection, storage and processing of Customer Data, DILYNX acts on the instructions of the Customer as a processor in accordance with Article 28 of the GDPR.

The Customer provides all Customer Data to DILYNX in order to integrate them into the Platform.

In this context, DILYNX is designated as a subcontractor and the Customer as the controller of the Customer Data.

The subcontractor is authorized to process on behalf of the Data Controller the Personal Data necessary for the sole purpose of executing the Contract.

The nature of the operations carried out on the data is technical: the subcontractor collects, manages and stores the Customer Data within the Platform according to the instructions of the data controller in order to provide the Services.

The purpose of the processing is the organisation and management of Customer Data within the Customer Account.

The Personal Data processed are the following: name, first name, photograph, function, date of entry and departure, and email of the persons concerned as well as all Customer Data.

The categories of persons concerned are the Users and all persons identified by the Customer in the Customer Data.

For the performance of the Services, the Controller shall make the necessary information available to the Contractor.

Obligations of DILYNX as a subcontractor:

When acting as a subcontractor, DILYNX undertakes to :

  • process Personal Data only for the purposes which are the subject of the subcontracting, unless otherwise instructed by the Client.
  • process Personal Data exclusively and in accordance with the Customer's documented instructions during the execution of this Agreement, unless it is required to do so by virtue of a legal obligation.

In this case, DILYNX informs the Client of this legal obligation before processing, unless the law prohibits it for important reasons of public interest. Instructions may also be given subsequently by the Client throughout the duration of the processing of Personal Data.

If DILYNX considers that an instruction constitutes a violation of the GDPR or any other provision of Union law or the law of the Member States relating to data protection, it will immediately inform the Client.

In addition, if DILYNX is required to transfer data to a third country or international organisation under EU law or the law of the Member State to which it is subject, it must inform the Customer of this legal obligation prior to processing, unless the law concerned prohibits such information on important grounds of public interest.

  • guarantee the confidentiality of Personal Data processed within the framework of this Contract. Thus, DILYNX only grants members of its staff access to the Personal Data subject to processing to the extent strictly necessary for the execution, management and monitoring of the contract.
  • ensure that the persons authorized to process Personal Data under this Agreement:
  • undertake to respect confidentiality or are subject to an appropriate legal obligation of confidentiality,
  • receive the necessary training on the protection of Personal Data.
  • take into account, with regard to its tools, products, applications or services, the principles of data protection by design and data protection by default.

DILYNX has the general authorization of the controller for the recruitment of sub-processors based on an agreed list. The processor shall specifically inform the controller in writing of any proposed modification of this list by the addition or replacement of sub-processors at least 30 days in advance, thereby giving the Client sufficient time to be able to object to these changes before recruiting the relevant sub-processor(s).

DILYNX shall provide the data controller with the information necessary to enable it to exercise its right to object.

Where DILYNX engages a sub-processor to carry out specific processing activities (on behalf of the Customer), it does so by means of a contract that imposes on the sub-processor, in substance, the same data protection obligations as those imposed on the sub-processor under these clauses.

The subcontractor shall ensure that the subsequent subcontractor complies with the obligations to which it is itself subject under these clauses and Regulation (EU) 2016/679 and/or Regulation (EU) 2018/1725.

At the Customer's request, DILYNX shall provide the Customer with a copy of this contract with the subcontractor and any subsequent amendments thereto. To the extent necessary to protect business secrets or other confidential information, including Personal Data, the subcontractor may redact the text of the contract before distributing a copy.

DILYNX shall remain fully liable to the Customer for the performance of the obligations of the subcontractor in accordance with the contract concluded with the subcontractor. DILYNX shall inform the Customer of any breach of contractual obligations by the subcontractor.

DILYNX agrees with the sub-processor a third party beneficiary clause according to which - in the event that DILYNX has materially disappeared, ceased to exist in law or become insolvent - the controller has the right to terminate the contract with the sub-processor and to instruct the sub-processor to delete or return the Personal Data.

DILYNX, at the time of collection of Customer Data, must provide the persons concerned by the processing operations with information relating to the data processing it carries out. The wording and format of the information must be agreed with the Customer prior to the collection of data.

Within the framework of this Contract, it is agreed that the Client, in its capacity as Data Controller, undertakes to inform its teams, including the Users, of the processing operations carried out by the Subcontractor.

Obligations of the Client as data controller

The Client, in its capacity as data controller, undertakes to :

  • provide the Contractor with the data necessary for the performance of the Service,
  • document in writing any instructions regarding the processing of the data by the Contractor, it being understood that the Contractor may not create or modify the Customer Data without instructions from the Customer (except in the case of duplication),
  • ensure, beforehand and throughout the processing, that the obligations provided for in the European Data Protection Regulation are complied with by the Processor.

Rights of the persons concerned

As far as possible, DILYNX must help the Client to fulfill its obligation to respond to requests to exercise the rights of the persons concerned: right of access, rectification, erasure and opposition, right to limitation of processing, right to data portability, right not to be subject to an automated individual decision (including profiling).

Where data subjects make requests to the Contractor to exercise their rights, the Contractor shall send such requests to the Client by e-mail upon receipt.

Notification of personal data breaches

The Subcontractor shall notify the Controller of any Personal Data breach within a maximum of 48 hours of becoming aware of it and by the following means: by email with acknowledgement of receipt This notification shall be accompanied by any useful documentation in order to enable the Controller, if necessary, to notify this breach to the competent supervisory authority.

Security measures

The Contractor undertakes to implement appropriate technical and organisational measures, including physical, hardware and software measures, to preserve the security, integrity and confidentiality of the Customer Data, including the encryption of first and last names included in the Customer Data.

Fate of data

Within 3 months of the expiry of the Contract with the Client, the Subcontractor undertakes to destroy all Client Data and to retain only the data necessary to fulfil its legal obligations.

In the case of Data relating to a User, the Subcontractor undertakes to destroy it one year after the closure of the corresponding Client Account.

Data Protection Officer

The Subcontractor communicates to the data controller the name and contact details of its data protection officer, if it has designated one in accordance with Article 37 of the GDPR.

Register of categories of processing activities

The Processor declares to keep a written record of all categories of processing activities carried out on behalf of the Data Controller.

Questions or comments

If you have a comment or question regarding DILYNX's processing of your personal data, please email us at dataprivacy@stafiz.com

As data controller, DILYNX processes the Personal Data of people making requests for contact and demonstration on the Showcase Site, spontaneously or as part of a sponsorship operation in order to manage these requests. The legal basis for this processing is the legitimate interest of DILYNX in responding to Internet users' requests.

These data may, where appropriate, be processed in order to manage sponsorship operations, the legal basis for this processing then being the legitimate interest of DILYNX in managing its sponsorship operations.

This data is managed internally by DILYNX and is transmitted to certain suppliers or technical partners such as the DILYNX accountant or the host of the Showcase Site.

These data are kept on servers located in the European Union for the time necessary to respond to the request concerned, except in cases where this request occurs within the framework of sponsorship (in this case, the data is kept for the time it is paid to the sponsor his commission).

In accordance with the Data Protection Act and the GDPR, Users can exercise their rights of access, opposition, rectification, erasure, limitation and portability by sending an email to the following address: dataprivacy@stafiz .com .

Our site participates in and complies with all IAB Europe Transparency & Consent Framework Specifications and Policies. It uses Consent Management Platform n°92.

You can change your choices at any time by clicking here.

The Internet users concerned also have the right to define general and/or specific directives relating to the fate of their Personal Data after their death and to choose to whom DILYNX must communicate this information.