General terms

General terms and conditions of service

  1. Purpose

These Terms of Service (hereinafter the “TOS” or the “Agreement”) define the terms of access to and use of the EVERREADY.AI service (hereinafter the “Service”) offered by EVERREADY.AI (hereinafter “EVERREADY.AI”) to its clients and/or affiliates (hereinafter the “Client”) for their personal use, except where expressly authorised, permitted or certified in writing by EVERREADY.AI. EVERREADY.AI and the Client are hereafter referred to as the “Parties”.

The Service is accessible either in Software as a Service mode via the internet (hereinafter the “SaaS Access”), or via a Mobile application (hereinafter the “Apps”).

The options subscribed to by the Customer as part of the Service are mentioned in the Order. It is specified that the number of authorised users (hereinafter the “Users”) is limited as specified. The use of the Service by Users is governed by the EVERREADY.AI general terms of use (“TOU”) and subject to their prior acceptance. In case of difference(s) and/or contradiction(s) between the provisions of the TOS and these TOS, the provisions of the latter shall prevail over those of the TOS.

Any order placed by a Client with EVERREADY.AI to use the Service implies acceptance of the TOS as well as the express waiver of its own general terms and conditions of purchase or any other previous document or exchange relating to the Order or subsequent not formalized by a written amendment signed by both Parties.

  1. Orders

To place an Order, the Client must send to EVERREADY.AI the commitment form issued by EVERREADY.AI duly completed, or conclude with EVERREADY.AI special conditions (hereinafter the “Purchase Order”). Such Purchase Order must be accompanied by (i) payment of the agreed price and (ii) these T&Cs (hereinafter the “Order”).

An Order shall be deemed valid and accepted by EVERREADY.AI upon receipt by EVERREADY.AI of the price indicated.

EVERREADY.AI reserves the right to improve the Service, at any time and without prior notice to the Client. The improvements to the Service are deployed in accordance with the provisions of Article 9.9

  1. Prices

Prices are indicated on the Order in Euros, exclusive of taxes and external charges of any kind.

EVERREADY.AI reserves the right to modify its prices at any time. Price changes are immediately applicable to any new Order. For Services in use, in the event of a price increase, the Client will be informed by e-mail thirty (30) calendar days before the date of entry into force of the new prices. In this case, the Customer shall have a period of thirty (30) calendar days from the date of this information to terminate the Subscription without penalty, by registered letter with acknowledgement of receipt. Failing this, the Customer will be deemed to have accepted the new rates applicable to the Service.

  1. Terms of payment

Invoices are sent to the Client by any means (electronic or postal) and must be paid within forty-five (45) days of the date of invoice unless otherwise specified in the Order. EVERREADY.AI may require the payment of a deposit or the totality of the Service to validate the Order.

In the case of Subscriptions, Rentals and/or Purchases (as these terms are defined below), EVERREADY.AI may require the payment in advance of all or part of the sums to be paid by the Client over the duration of its commitment. No discount is granted for early payment.

Invoices not paid on their due date will bear interest on the basis of a rate equal to three (3) times the legal rate in force, increased by five (5) points, as from their due date and without notification.

In accordance with the provisions of Articles L.441-3 and L.441-6 of the French Commercial Code, any delay in payment shall automatically result in the application to the professional debtor of a fixed indemnity for collection costs in the amount of forty (40) euros. Notwithstanding the foregoing, the amount of this indemnity shall be increased by the actual costs of collection upon justification if these costs are greater than forty (40) euros.

In addition, in the event of non-payment, EVERREADY.AI reserves the right to suspend access to the Service, to terminate the Subscription, and this, without prejudice to any other damages if applicable and any other remedy. Suspension of access to the Service shall take place thirty (30) days after a formal notice has been served in writing to the defaulting Customer, indicating the intention to apply this Article and which has not been followed by any regularisation. The aforementioned suspension may not be considered as unavailable time for the Service in the context of the implementation of the Service commitments provided for in Article 9.8 of the GCS.

  1. Access in SaaS mode

SaaS mode Access is subscribed to by the Customer for an initial period specified in the Order Form (hereinafter the “Subscription”). Unless otherwise expressly agreed between the Parties, the Subscription is automatically and tacitly renewed for successive periods of the same duration as the initial period, unless terminated by either Party by registered letter with acknowledgement of receipt, subject to a minimum of thirty (30) days’ notice before the end of the initial period and of each renewed period.

The Service is accessible from a website (hereinafter the “Site”) and requires the use of personal identifiers provided by EVERREADY.AI.

The Client undertakes to have, at his own expense, a broadband Internet access (not included in the Subscription).

EVERREADY.AI reminds the Client that the Internet network allowing both access to the

Service in SaaS mode or mobile application, is an open and informal network, constituted by the interconnection on an international scale of computer and telecom networks. The management of the Internet & telecom is not subject to any central entity, each portion of this network belonging to an independent public or private body. Its operation is based on cooperation between the operators of the various networks, without any obligation to supply or quality of supply between operators. The networks may have unequal transmission capacities and their own usage policies. EVERREADY.AI cannot guarantee the proper functioning of the Internet and the telecom network as a whole, nor can it guarantee the lack of access, partial or total, to the Service.

  1. Terms of Use of the Service

EVERREADY.AI provides the Client with information relating to the Service and its use (hereafter the “Documentation”). This Documentation is accessible online.

The Client undertakes to read the Documentation and any updates thereto and to use the Service in accordance with its terms.

The Client acts as an independent entity and consequently assumes all risks related to its activity.

The Client and EVERREADY.AI undertake to comply with all legal and regulatory requirements in force, and in particular those relating to data processing, personal data, files and freedoms, and in particular to make any declaration of processing to the competent territorial authority and to inform the Users of the use by EVERREADY.AI of personal data used in the framework of the Service and to communicate to them the elements set out in Article 14.

The Client acknowledges that the use of the Service implies the acceptance, subject to the particular conditions negotiated with the Contracting Party, of the TOS by the users of the Service.

The Service is deemed to be made available to the Customer “as is” without being subject to any specific adaptation measures. It is therefore the Client’s responsibility to check the suitability of the Service for its needs and to take all necessary precautions.

Any warranty is excluded in case of (i) abnormal use and/or use not in accordance with the purpose of the Service, (ii) use of another version of the Service than the one defined in these TOS, (iii) combination of the Service with another product resulting or not in the infringement of the rights of a third party, (iv) intervention of a third party not authorized by EVERREADY.AI for a repair or a correction.

The Client acknowledges that he is solely responsible for the data he creates, modifies or deletes.

  1. Intellectual Property

EVERREADY.AI owns or is vested with all intellectual property rights relating to the Service (the service, any Additional Services, the Site) and grants to the Client, who accepts it, and this for his own use, a personal, non-assignable and non-transferable license to use his rights relating to the Service, to the exclusion of any other use, for the whole world, and this, subject to the full payment of the sums due in this respect.

This licence is granted for the entire duration of the use of the Service

The Service may incorporate third party technologies for which EVERREADY.AI has the necessary rights or permissions to provide the Service. Notwithstanding the foregoing, the rights granted on these technologies are subject to the respect of various rights and obligations that are imposed on the Client, and which are communicated to the latter in the Documentation, as the case may be, which he acknowledges.

The Client undertakes to respect the rights of EVERREADY.AI and may not, under any circumstances, apart from the use of the Service in accordance with the TOS, for its own use, reproduce, represent, modify, transmit, publish, adapt, on any medium whatsoever, by any means whatsoever, or exploit in any way whatsoever, the Service without the prior written permission of EVERREADY.AI.

The Client agrees to:

– Connect to the Service only with the personal and confidential code that he will have defined himself (hereinafter the “Code”);

– Keep confidential his Code and inform EVERREADY.AI without delay of any theft or loss of his Code;

– To use the Service for its own needs (within the framework of its internal organization, its customer relationship and for any event carried out on its behalf) and to refrain from any commercial use of the Service involving any form of marketing of the Service as such, products or services based on the Service or integrating all or part of the latter and which would be invoiced by the Customer to third parties (with the exception of the provision of services carried out by Customers Partners of EVERREADY.AI duly certified or authorized for this purpose by EVERREADY.AI);

– Not to infringe the copyright and/or the image and/or the reputation of EVERREADY.AI;

– Not to reconstitute or attempt to reconstitute, from the information on the Site or the Service, a website and/or software with a view to offering to third parties, directly or indirectly, free of charge or against payment, the same or a comparable service, and/or to disseminate or sell, in any manner whatsoever, information with a view to assisting a third party to reconstitute, in whole or in part, such a website or equivalent site, software or equivalent software.

Unless otherwise expressly agreed, the Client authorises EVERREADY.AI to use the Client’s name and logo as a trade reference on EVERREADY.AI Websites and its marketing material during the term of the Subscription.

 

  1. Maintenance

Throughout the duration of the Subscription, EVERREADY.AI provides the Client with a technical assistance service in case of difficulty in accessing or using the Service.

EVERREADY.AI will make its best efforts to deal with the Client’s request, without further guarantee.

As part of the corrective maintenance, EVERREADY.AI will make available to the Client any update of the version of the Service that has been deployed to it (hereinafter an “Update”). The Client undertakes to use only the latest Update issued by EVERREADY.AI

  1. Confidentiality

The Parties undertake to keep confidential all confidential information of any kind exchanged, collected or created during the Subscription for the entire duration of the Subscription and for a period of five (5) years from the end of the Subscription, for whatever reason. To this end, the Parties shall refrain from communicating all of this information for any reason whatsoever, in any form whatsoever and for any purpose whatsoever, and undertake to ensure that this obligation is respected by all of their managers, employees, agents and any subcontractors.

The obligations of the Parties under this Article shall not extend to confidential information in respect of which the Party receiving the information can prove :

– that it disclosed the information after obtaining the prior written consent of the other Party or that the disclosure was made by the other Party ;

– that they were publicly available at the time of their disclosure by the other Party, or that they became publicly available after such disclosure through no fault of its own; and

– they were lawfully received from a third party not subject to any obligation of confidentiality;

– at the time of their communication by the other Party, they were already in the possession of the latter;

– that their disclosure was imposed pursuant to a mandatory legal or regulatory provision or a final decision of a court of competent jurisdiction. The Party subject to such an obligation to disclose shall, to the extent possible, give prior notice to the other Party and, where appropriate, request the implementation of any confidentiality protection measures or procedures applicable in the case.

Transfer of confidential information.

As part of our relationship with our Customers, we may need to exchange confidential information in which case we use our secure protocol by default via a link shared on our Drive.

  1. Liability

EVERREADY.AI shall not be held responsible for any indirect damage, which is expressly accepted by the Client.

It is recalled that the Client is solely and fully responsible for the use of the Service.

In any case, it is expressly agreed between the Parties that, subject to the applicable regulations, the total, all causes combined, of the indemnities, damages, costs of any kind that would be borne or paid by EVERREADY. AI in favour of the Client, following a final decision rendered by a competent court, shall not exceed a global ceiling, all disputes included, of an amount equal to the sums, exclusive of tax, paid by the Client to EVERREADY.AI in respect of the disputed Order during the twelve (12) months preceding the occurrence of the event giving rise to it.

The limitations of liability set out in this article shall not apply in the event of (i) personal injury, death of an employee, agent or subcontractor of the Client; (ii) wilful misconduct or gross negligence of EVERREADY.AI; (iii) infringement of intellectual property rights by EVERREADY.AI.

  1. Processing of Data

General framework of processing operations under the Contract :

Within the framework of the execution of the Contract and the use of the Service, data relating to the Client and/or the Users or allowing them to be identified directly or indirectly are processed or are likely to be processed by EVERREADY.AI, the Client and/or the Users (hereinafter the “Personal Data”). Each Party determines individually, in its capacity as data controller, the means of collection of Personal Data and the purposes of the processing operations of Personal Data that it implements within the framework of the execution of this Contract. The Contract does not entail any solidarity between the Parties or subcontracting relationship with regard to the processing of Personal Data.

Processing of Personal Data by the Customer : The Client is solely responsible for the processing of Personal Data that it carries out for itself, for the Users, or for the administration of the accounts as well as for the processing carried out by the Users directly within the framework of the use of the Service, and this without any instruction being given in this respect to EVERREADY.AI by the Client.

Common obligations of the Parties

The Parties undertake, for their respective Personal Data processing operations: – to comply with all legal and regulatory requirements in force relating to the collection and processing of Personal Data, in particular the EU Regulation n°2016/679 of 27 April 2016 known as “RGPD” (hereinafter the “Applicable Regulation”) and to comply with the compliance obligations imposed by the RGPD (keeping a register of processing operations, impact analysis, etc.);

– to implement organisational and technical measures to preserve the confidentiality and integrity of the Personal Data, as well as the appropriate safeguards, if any, required by the GDPR; and

– to keep the Personal Data for a period of time proportionate to the purposes for which they are processed.

In particular, each Party, for its own processing operations, undertakes to provide data subjects with the information required by the Applicable Regulation and to put in place procedures allowing the exercise of rights over their Personal Data. Each Party, in its capacity as data controller, ensures the security of the Personal Data processing operations it carries out. The liability of EVERREADY.AI, in case of damage suffered by the Client as a result of a Personal Data processing operation carried out by EVERREADY.AI, is governed by the provisions of Article 9 hereof.

Rights of the persons concerned

In accordance with the provisions of the Applicable Regulation (Articles 15 to 22 of the GDPR), the Client has the right to request from EVERREADY.AI access to the Personal Data, the rectification or erasure thereof, or a restriction of the processing, or the right to object to the processing and the right to portability of the Personal Data.

In accordance with the Applicable Regulations, the Client is informed that the Personal Data that are derived, calculated or inferred by EVERREADY.AI from the data provided by the Client or by the Users are excluded from the right to portability, insofar as they are not provided by the Client or by the Users, but created by EVERREADY.AI.

In order to exercise these rights, the Client may modify his Personal Data on the Site or, failing that, by sending an e-mail to EVERREADY.AI contact@everready.ai.

The Client is informed that the information relating to the processing operations of Personal Data by EVERREADY.AI in relation to the Users are indicated in the general conditions of use EVERREADY.AI displayed on the Users’ terminals.

Users agree to read and accept the EVERREADY.AI Terms and Conditions of Use before starting the first use of EVERREADY.AI. Users, informed by the Client of the provisions of this article, may exercise their rights by sending an e-mail to EVERREADY.AI contact@everready.ai.

The Client may obtain information on the Applicable Regulations or lodge a complaint with the Commission Nationale de l’Informatique et des LibertĂ©s: 3 Place de Fontenoy – TSA 80715 – 75334 PARIS CEDEX 07.

Storage of Data

EVERREADY.AI undertakes to take all reasonable precautions to ensure the physical protection of the Data stored and/or exchanged within the framework of the Service in SaaS mode, in accordance with the rules of the art applicable to the Service and the provisions of the Applicable Regulations.

EVERREADY.AI keeps the Client’s Personal Data for the duration of the Contract. Upon termination of the Contract, EVERREADY.AI undertakes to delete all Customer data within a maximum period of 6 months.

  1. Termination for fault

Without prejudice to the other provisions of the TOS, any Subscription and/or Purchase may be terminated by either Party in the event of non-compliance by the other Party with any of its essential obligations.

In accordance with the provisions of Article 1226 of the Civil Code, termination will automatically take effect thirty (30) days after formal notice has been served by registered letter with acknowledgement of receipt to the defaulting Party, indicating the intention to apply this Article and which has not been followed by regularisation, all without prejudice to any damages that the Party that is the victim of the default may be entitled to claim.

  1. Modifications to the TOS

EVERREADY.AI reserves the right to modify at any time the T&Cs, which will apply to any new Order received by EVERREADY.AI subsequent to the entry into force of the modified T&Cs.

  1. Choice of Domicile, Applicable Law and Jurisdiction

The Order, the Subscription, the TOS and the use of the Service are exclusively subject to French Law. Any provision of the Vienna Convention on the International Sale of Goods is excluded. Any dispute and/or claim relating thereto that cannot be resolved amicably shall be brought before the courts of Nanterre (France), subject to the applicable regulations.

Subcontracting

Preamble

The services set forth below entail the processing of personal data by the Subcontractor (hereinafter “Personal Data”) on behalf of the Data Controller, as described in Article 2 herein. The Parties have acknowledged their respective status as Subcontractor and Data Controller as defined by Article 4 of Regulation (EU) 2016/679 of the European Parliament and Council of April 27, 2016, effective as of May 25, 2018 (hereinafter, “the GDPR”):

Services of EverReady as a Subcontractor:

Automatic updating of professional contacts and business activities in the CRM through the analysis of users’ email boxes, calendars, and professional phones.

Mindful of complying with regulations related to the protection of Personal Data, including the GDPR, the Parties have come together to agree as follows. They recognize that these provisions cancel and replace any other previous agreements concerning the protection of personal data.

Article 1: Definitions

The Parties agree on the following definitions:

“The Legislation concerning the protection of personal data” includes any legislative or regulatory text applicable in French territory, including, but not limited to (i) the GDPR, the Law No. 78-17 of January 6, 1978, relating to data processing, files, and freedoms, Decree No. 2019-536 of May 29, 2019, for the application of Law No. 78-17 of January 6, 1978, concerning data processing, files, and freedoms, the Directive 2002/58/EC of the European Parliament and of the Council of July 12, 2002, concerning the processing of personal data and the protection of privacy in the electronic communications sector (Directive on privacy and electronic communications), any text that would (ii) modify, and/or (iii) complete the previous ones;

Terms “Data Controller”, “Subcontractor”, “Processing”, “Personal Data”, “Data Breach”, “Data Subjects”, “Data Processing Register”, “Data Protection Officer” have the definitions given by the GDPR, whether singular or plural.

Article 2: Description of the processing being subcontracted

The processing subject to subcontracting is described in Annex A herein.

Article 3: Obligations of the Subcontractor towards the Data Controller

The Subcontractor undertakes to:

Process the data only for the single purpose(s) that is/are the subject of the subcontracting;

Process the data in accordance with the documented instructions of the Data Controller, which may be supplemented at any time and by any means by the Data Controller.

If the Subcontractor considers that an instruction constitutes a violation of the Legislation concerning the protection of personal data, it shall immediately inform the Data Controller, under the conditions specified in the Communication point of these terms.

In this case, the Parties agree that they will meet by any means within a reasonable period, not exceeding thirty (30) calendar days, to discuss and collectively find a solution. If the disagreement persists after this consultation, the Subcontractor would be in a position to refuse to carry out the contentious instruction;

Not transfer the Personal Data to a third country outside the European Union or an international organization without the prior agreement of the Data Controller, except for a legal obligation to the contrary;

Inform the Data Controller in the case where the Subcontractor is required to carry out a transfer of data to a third country or an international organization, under a legal obligation to which it is subject, before Processing, unless the law concerned prohibits such information for significant reasons of public interest;

Guarantee the confidentiality of the personal data processed under this contract;

Ensure that persons authorized to process the personal data under this contract:

Commit to respect confidentiality or are subject to an appropriate legal obligation of confidentiality;

Receive the necessary training in personal data protection;

Take into account, in terms of its tools, products, applications, or services, the principles of data protection from the design and default data protection as defined in Article 25 of the GDPR, and specified by the documentation from the various national and European authorities competent in the field of data protection persons.

Article 4 – Subsequent subcontracting

The Subcontractor may call upon another Subcontractor (hereinafter, “the subsequent Subcontractor”) to conduct specific processing activities. In this case, it informs the Data Controller in advance and in writing of any envisaged changes concerning the addition or replacement of other Subcontractors. This information must clearly indicate the processing activities being subcontracted, the identity and contact details of the Subcontractor, and the dates of the subcontracting contract. The Data Controller has a maximum period of thirty (30) calendar days from the date of receipt of this information to present its objections. This subcontracting can only be carried out if the Data Controller has not expressed any objection during the agreed period.

The subsequent Subcontractor is obliged to respect the obligations of these terms for the account and according to the instructions of the Data Controller. It is the responsibility of the initial Subcontractor to ensure that the subsequent Subcontractor presents the same sufficient guarantees as to the implementation of appropriate technical and organizational measures so that the processing meets the requirements of the European regulation on data protection. If the subsequent Subcontractor fails to fulfill its data protection obligations, the initial Subcontractor remains fully responsible before the Data Controller for the performance of the other Subcontractor’s obligations.

Article 5 – Right to information of the data subjects

Unless otherwise agreed by the Parties, it is the responsibility of the Data Controller to provide the information to the Data Subjects about the processing operations at the time of data collection.

If the collection of Personal Data were carried out by the Subcontractor, the Parties agree that it is the responsibility of the latter, at the time of data collection, to provide the data subjects with information relating to the data processing he performs. The wording and format of the information must be agreed with the Data Controller before the data collection.

Article 6 – Exercise of the rights of the persons

As far as possible, the Subcontractor must help the Data Controller to fulfill its obligation to respond to requests to exercise the rights of the data subjects: the right of access, rectification, erasure, and opposition, the right to restrict processing, the right to data portability, the right not to be subject to an automated individual decision (including profiling).

When the data subjects exercise their rights with the Subcontractor, the Subcontractor must send these requests to the Data Controller upon receipt under the conditions specified in the Communication point of these terms.

Article 7 – Notification of personal data breaches

The Subcontractor notifies the Data Controller of any personal data breach within a maximum of forty-eight (48) hours after having become aware of it under the conditions set out by the Communication point of these terms. This notification is accompanied by all the necessary documentation to allow the Data Controller, if necessary, to notify this breach to the competent supervisory authority. The notification contains at least:

The description of the nature of the personal data breach including, if possible, the categories and approximate number of persons concerned by the breach and the categories and approximate number of personal data records concerned;

The name and contact details of the data protection officer or another point of contact from whom further information can be obtained;

The description of the likely consequences of the personal data breach;

The description of the measures taken or proposed to be taken by the data controller to remedy the personal data breach, including, where appropriate, measures to mitigate its possible adverse effects.

If, and to the extent that it is not possible to provide all this information at the same time, the information may be communicated in a phased manner without undue delay.

The Subcontractor undertakes to use all the means at its disposal to resolve and/or mitigate the effects of the data breach, as soon as possible.

Article 8 – Assistance from the Subcontractor in the context of compliance by the Data Controller with its obligations

The Subcontractor assists the Data Controller, as well as its Data Protection Officer, in carrying out data protection impact analyses and conducting prior consultation with the CNIL in the case where the Data Controller would be subject to one or all these obligations.

If applicable, the Data Controller may delegate the carrying out of an impact analysis to the Subcontractor.

Article 9 – Security measures

The Subcontractor undertakes to implement all necessary security measures (technical and organizational) to protect the personal data processed under these terms.

Article 10 – Fate of the data

At the end of the provision of services related to the processing of these data, the Subcontractor undertakes, according to the choice expressed by the Data Controller:

To destroy all personal data

OR

To return all personal data to the Data Controller OR

To return the personal data to the Subcontractor designated by the Data Controller.

The Data Controller notifies by any means its choice to the Subcontractor who has thirty (30) calendar days to comply.

In the case where the Data Controller has chosen the return of the Personal Data, whether to himself or another Subcontractor, the return must be accompanied by the destruction of all existing copies in the information systems of the Subcontractor. Once destroyed, the Subcontractor must justify in writing the destruction within seven (7) calendar days following.

Article 11 – Data Protection Officer

The client undertakes to inform us if it has designated a data protection officer and to transmit his contact details to us as soon as possible after the conclusion of the service.

For EverReady, it is Loic Deo Van – gdpr@everready.ai

Article 12 – Communication

Unless expressly provided otherwise, any communication in the context of the Processing of Personal Data will be made by email. The client undertakes, at the beginning of the conclusion of the service, to indicate to us the name and contact details of the referent within the company who will be our point of contact.

For EverReady, it is Loic Deo Van – loic.deovan@everready.ai

Any communication must be addressed to him.

Article 13 – Register of categories of processing activities

The Subcontractor declares to keep in writing a register of all categories of processing activities carried out on behalf of the Data Controller including:

The name and contact details of the Data Controller for whom it acts, any Subcontractors, and, where applicable, the Data Protection Officer;

The categories of processing carried out on behalf of the Data Controller;

Where applicable, transfers of personal data to a third country or an international organization, including the identification of that third country or that international organization and, in the case of the transfers referred to in Article 49, paragraph 1, second subparagraph, of the European regulation on data protection, documents attesting to the existence of appropriate safeguards;

As far as possible, a general description of the technical and organizational security measures.

The Subcontractor makes available to the Data Controller the part of the register that concerns him. The Data Controller can request a copy at any time, in accordance with Article Audit of these terms.

Article 14 – Documentation

The Subcontractor makes available to the Data Controller the documentation necessary to demonstrate compliance with all its obligations and to allow the carrying out of audits, including inspections, by the Data Controller or another auditor it has mandated and contributes to these audits.

Article 14 – Audit

The Data Controller may conduct on-site or document audits under the following conditions.

The Data Controller sends to the Subcontractor any request for making available by email with acknowledgments of receipt and reading. Unless otherwise indicated by the Data Controller, the making available of the documentation must be carried out by returning the documentation in a digital format, easily consultable, through secure email.

The Service Provider undertakes to make available to the Data Controller as soon as possible the requested documentation, and in any case within a period not exceeding thirty (30) calendar days.

The Parties agree that the Data Controller may, within the limit of once a year, conduct an audit of the Personal Data Processing practices and information systems of the Subcontractor on the latter’s premises, or have such an audit carried out by a third-party auditor duly authorized for this purpose.

The audit can only be carried out with prior notice, sent by any means to the Subcontractor, at least five (5) working days before the audit date. The audit can only take place during the opening hours of the Subcontractor’s premises and in conditions aiming not to disturb the activity of the latter.

At the end of this audit, the Data Controller may draw up or have drawn up by a third-party auditor an audit report, listing the points of non-compliance with these provisions and the Legislation concerning the protection of personal data identified during the audit. The Subcontractor undertakes to implement any appropriate measure to regularize the points of non-compliance within three hundred and sixty-five (365) days following receipt of the report, without transferring the financial cost to the Data Controller.

Annex A: Description of Processing

1. Nature of Processing Operations

We host user personal data to authenticate them, provide access to our Service, and send them notifications.

We analyze emails, appointments, and calls exchanged between our users and their prospects and clients to automatically update professional contacts and business activities in the CRM.

2. Purposes of the Processing Operations

– To automatically update contacts and business activities in the CRM

– To provide dashboards for tracking updates

– To send notifications to users about updates performed

3. Category(ies) of Personal Data

a. Data stored on our servers

Data related to EverReady.ai service users:

– Identification: name, first name, professional email, professional phone number

– Access to systems / Usage / Permissions

b. Data processed in real-time, without storage on our servers

Data related to the business activities of users with their prospects and clients:

– From professional emails: subject, message, professional signature (first name, last name, professional landline and mobile numbers, professional postal address, professional email, job title), recipients, sender, attachment, timestamp.

– From the professional calendar: event, subject, participants, timestamp

– From CRM company accounts: company name, domain name, phone, email

– From CRM contacts: first name, last name, phone, email, job title

– From CRM leads: company or contact name, phone, email

– From the professional mobile phone: call history, numbers, outgoing/incoming calls, duration, timestamp. Only during business hours, conversations are not recorded.

Only the technical data (ID and dates) of elements created or modified in the CRM by EverReady are stored.

4. Category(ies) of Data Subject(s)

– Employees: EverReady users.

– Prospects and clients: EverReady users within the CRM.

5. Duration of Processing

Personal data concerning EverReady users is retained for a maximum of 6 months after the end of the contract or termination of the EverReady service.

6. List of subsequent Subcontractors

Amazon Web Service
Company name Amazon Web Service
Head office address AMAZON WEB SERVICES EMEA SARL
Data Privacy Policy https://aws.amazon.com/fr/legal/?nc1=f_cc
Field of intervention of the subsequent Subcontractor Amazon Web Service EMEA hosts EverReady.ai’s technical platform and all our data.
Relationship between EVERREADY.AI and the subsequent Subcontractor Provision of services on behalf of EverReady.ai
Places where personal data is processed

(including any remote access)

Dublin, Ireland
Data center address 4033 Citywest Avenue, Cooldown Commons, County Dublin, Ireland
Transfer outside the EEA

(Yes or No)

No
Google
Company name Google
Head office address Google Building Gordon House, Barrow St, Dublin 4, Irland
Data Privacy Policy https://firebase.google.com/support/privacy
Field of intervention of the subsequent Subcontractor Google Firebase is our Identity and notifications provider
Relationship between EVERREADY.AI and the subsequent Subcontractor Provision of services on behalf of EverReady.ai
Places where personal data is processed

(including any remote access)

Dublin, Ireland
Data center address Dublin, Ireland
Transfer outside the EEA

(Yes or No)

No