At OliveSoft, we attach paramount importance to protecting your personal data and complying with current regulations, in particular the General Data Protection Regulation (GDPR). As part of our IT services, we are required to access our customers’ systems and data, thus becoming a data processor. It is within this framework that the present privacy policy falls.
This privacy policy also defines and informs you of the manner in which OliveSoft uses and protects the information that you may transmit to us when you use this site, which is accessible from the following URL: https://olivesoft.fr
Please note that this privacy policy may be modified or supplemented at any time by OliveSoft, in particular in order to comply with any legislative, regulatory, jurisprudential or technological developments. In such a case, the date of the update will be clearly identified at the top of this policy. These modifications are binding on the User as soon as they are put online. It is therefore advisable for the User to consult the present privacy and cookie use policy on a regular basis in order to take note of any changes.
Article 1. Definitions
Article 2. Security Measures
OliveSoft may act either as a Data Controller or as a Processor, depending on the circumstances. As a Data Controller, OliveSoft determines the purposes and means of processing personal data and is responsible for the compliance of these processes with legal and regulatory obligations. As a Processor, OliveSoft processes personal data on behalf of a client under a service contract, respecting the instructions of the Data Controller and contractual and legal obligations regarding data protection, including security and confidentiality.
OliveSoft implements and maintains appropriate technical and organizational security measures to protect the confidentiality of the Personal Data it processes or accesses, in accordance with the prescriptions of the Data Protection Regulation.
These measures take into account the potential risks to the individuals concerned due to the processing activities. They comply with industry standards and best practices in security, and take into account the recommendations of Data Protection Authorities.
OliveSoft strives to:
In case of failure, OliveSoft will do its best to restore the service as soon as possible, within the limits of its commitments.
For the purpose of providing Services and more generally to perform any other tasks assigned by the Client under the Service Agreement, OliveSoft may process the Personal Data that the Client integrates into its IT systems.
As a Subcontractor, OliveSoft undertakes to respect the following obligations and to ensure that its staff respects these same obligations, in accordance with article 28 of the GDPR:
Customer is advised that if OliveSoft is required to disclose Personal Data to a law enforcement agency, OliveSoft will use its best efforts to provide Customer with reasonable notice and opportunity to seek any protective order or other remedy. appropriate, unless OliveSoft is prohibited from doing so by law or by the relevant Data Protection Authority.
The Personal Data is not stored within OliveSoft infrastructure but is stored in the client’s data centers and IT systems in accordance with applicable legal provisions.
OliveSoft nevertheless has access to this data in the context of performing the service contract. This access is necessary to allow OliveSoft to provide the agreed services and meet the needs of its clients. Thus, OliveSoft access to clients’ personal data falls within the legal framework of the service contract and is limited to the needs of performing the agreed services.
If OliveSoft becomes aware of a Personal Data breach, it will inform the Client as soon as possible after becoming aware of it and will provide all necessary information so that the Client can assess the breach.
In accordance with Article 33 of the GDPR, unless the breach is unlikely to result in a risk to the rights and freedoms of Data Subjects, the Client, as the Data Controller, will be responsible for notifying the Supervisory Authority and, if the breach is likely to result in a high risk to their rights and freedoms, the affected individuals, in each concerned Member State. This notification must be made without undue delay and no later than 72 hours after the Client has become aware of a Personal Data breach.
This notification from the Client to the Supervisory Authority must:
OliveSoft maintains a record of processing activities carried out on behalf of the Client, identifying for itself and each of its subsequent processors the processing activities performed on behalf of the Client, the location from which the service is provided, and any transfers of Personal Data outside the European Economic Area (EEA). The record will also document, where applicable, the implementation of appropriate safeguards to ensure an adequate level of protection, and any other information required by the Data Protection Regulation. The record will be accessible at any time to the Client and the Data Protection Authority.
The general security requirements are set out in ARTICLE 2 above. Regarding the security of Personal Data processed for the purpose of providing the Services, OliveSoft implements additional measures resulting from the Data Protection Regulation. In particular, OliveSoft commits to implementing the following measures:
The Client expressly authorizes OliveSoft to subcontract the execution of tasks involving processing, in whole or in part, of Personal Data in the context of the Services to its subsidiary.
OliveSoft commits to informing the Client of any planned changes regarding the designation or replacement of a subsequent processor and to give the Client the opportunity to object to this change in writing within 8 calendar days.
The Client may only object to the new subsequent processor for the following reasons: (i) the new processor is a direct competitor of the Client; (ii) the new processor is involved in an ongoing dispute with the Client; (iii) the Client believes that the new processor does not comply with the Data Protection Regulation; (iv) the replacement of the processor would reduce existing security measures.
In any case, OliveSoft guarantees that any subsequent processor it appoints provides sufficient guarantees to implement appropriate technical and organizational measures to meet the requirements of the Data Protection Regulation. Processing by a subsequent processor is governed by a contract between OliveSoft and the subsequent processor that sets out the same rights and obligations as those defined herein, including the obligation to ensure the security of processing, the protection of Personal Data, and the right to audit.
OliveSoft will regularly verify, including through audits, the compliance of its subsequent processors with the aforementioned obligations. Additionally, for transfers of Personal Data outside the European Economic Area (EEA), OliveSoft will ensure that these contracts include the standard contractual clauses approved by the European Commission to ensure an adequate level of protection for the transferred Personal Data.
OliveSoft maintains an up-to-date list of subsequent processors specifying (i) their name and contact details, as well as (ii) the nature of the tasks assigned, (iii) the location of processing, and (iv) the dates of the last audits. In any case, OliveSoft remains fully responsible to the Client for the performance of its subsequent processors’ obligations.OliveSoft will provide the Customer, subject to confidentiality obligations, with all the information necessary to demonstrate its compliance with the obligations of the Data Protection Regulations.
At the end of the Service Contract, OliveSoft undertakes to return or delete the Personal Data
As the Data Controller, the Client must ensure that Users and Data Subjects have been informed about the processing of their Personal Data and have given their consent where required. The Client guarantees OliveSoft compliance with Data Protection Regulations (including providing complete, intelligible, and easily accessible information to Data Subjects; establishing a proper legal basis for processing; and adhering to all required procedures and formalities, such as conducting a data protection impact assessment if applicable, etc.). If the Client acts as a Data Processor on behalf of a third-party Data Controller, the Client guarantees OliveSoft that:
The Client guarantees that it has obtained and will maintain all necessary consents and/or declarations/authorizations required to lawfully process the Personal Data of Users and Data Subjects. The Client will indemnify and hold OliveSoft harmless from any claim or action by a User or Data Subject regarding the protection of their Personal Data.
Article 14. Liability
It is reiterated that OliveSoft is subject to a duty of care in providing Services to the Client. OliveSoft’s liability to the Client can only be engaged in the event of direct damage suffered by the Client due to a proven contractual breach by OliveSoft committed during or in connection with the performance of its obligations.
Notwithstanding the foregoing, the Client expressly acknowledges and agrees that OliveSoft liability cannot be engaged regarding the processing of Personal Data conducted by the Client. The Client, as the Data Controller, is solely responsible to third parties for compliance with Data Protection Regulations and guarantees OliveSoft against any action, claim, or recourse from third parties (Data Subjects, Supervisory Authorities, or other third parties) in this regard. In accordance with Article 82 of the GDPR, it is reiterated that OliveSoft’s liability, as a Data Processor for the Client, is strictly limited to the contractual obligations assumed within the framework of the service agreement.
If both Parties are jointly declared responsible for damage caused to a Data Subject due to the processing of their Data, OliveSoft will only be liable for damages proportional to its contractual responsibility towards the Client.
OliveSoft processes the following Personal Data as Data Controller:
OliveSoft collects, stores, processes, uses, and communicates personal data about you when you use the “contact us” section of the website: https://OliveSoft.fr/
OliveSoft collects and processes the following categories of data: Identification and contact data: for example, your identity, email address, phone number.
OliveSoft collects data about you to respond to your requests, questions, and complaints online. For this purpose based on our legitimate interest, we ensure to consider any potential impact that this collection may have on you and the users of the Site in general. If we believe that your interest or your fundamental rights and freedoms outweigh our legitimate interest, then we will not use your personal data on this basis and may ask for your specific consent.
The data is kept for a period not exceeding the duration necessary for the purposes for which they were collected and described above. They will then be permanently deleted from our systems or anonymized so that you are no longer identified or identifiable.
In addition to the aforementioned Subprocessors, OliveSoft may be required to communicate the Personal Data it processes to the following categories of recipients:
OliveSoft undertakes to process the Personal Data of the Client and Users in strict compliance with data protection regulations. To this end, OliveSoft implements and maintains security measures for the Platform and more generally, its computer system, in accordance with the aforementioned Regulations, as further specified in ARTICLE 2 above.
Personal Data are strictly confidential and intended exclusively for OliveSoft,, which prohibits the exploitation of Personal Data for purposes other than those mentioned above. Only the recipients mentioned in ARTICLE 16 above may have access to the Personal Data, for the sole purpose of exercising their missions.
OliveSoft undertakes to keep the Personal Data processed for the duration mentioned above.
The Client or the User expressly acknowledges that certain Subprocessors, mentioned in ARTICLE 16, are affiliated companies of foreign groups located outside the European Economic Area. Therefore, Personal Data may be transferred outside the EEA for technical reasons (e.g., platform management, remote maintenance, etc.) or due to a legal or regulatory request. OliveSoft will notify the Client promptly if such a request is made and will only transmit the Personal Data to the authorities with the express agreement of the Client. If such notification is not permitted (preservation of confidentiality or a judicial investigation), OliveSoft will notify the Client or the User as soon as it is legally authorized to do so.
Outside of these cases, OliveSoft undertakes to take all legal measures recognized as appropriate by data protection regulations to control the transfer in question and ensure that it complies with the requirements of the aforementioned Regulations.
The Client and each User have the following rights over their Personal Data:
You can exercise these rights or ask any questions regarding the management of your personal data by contacting our Data Protection Officer: dpo@olivesoft.fr.
En visitant notre site, vous acceptez notre politique de confidentialité concernant les cookies, les statistiques de suivi, etc.