Data Processing Agreement

Purpose of the agreement

In the course of providing our services, MIBNtech may process personal data on behalf of its clients.

This Data Processing Agreement, or DPA, defines the conditions under which such data is processed, in accordance with the client's documented instructions, applicable contractual requirements, and data protection laws.

Unless otherwise agreed in writing, the client remains responsible for determining the purposes and means of processing. MIBNtech acts solely as a data processor for processing carried out on behalf of the client.

Roles of the parties

Within the scope of the services provided:

The client acts as data controller when it determines the purposes and means of the processing of personal data.

MIBNtech acts as data processor when it processes personal data on behalf of the client, based on the client's documented instructions.

Each party undertakes to comply with the obligations incumbent upon it under applicable data protection regulations.

Nature of data processed

The personal data processed in the context of the services may vary depending on the nature of the assignment entrusted by the client. They may include in particular:

• identification data;
• professional contact data;
• data relating to the client's users, customers, prospects or employees;
• technical or connection data;
• data necessary for the provision, support or maintenance of the services;
• any other data transmitted or made accessible by the client in the context of the services.

The client remains responsible for ensuring that data transmitted to MIBNtech is collected and processed in accordance with applicable regulations.

Purposes of processing

Personal data is processed solely for the purposes necessary to provide the services agreed with the client. These purposes may include in particular:

• performance of contractual services;
• configuration, operation, support or maintenance of the services;
• access and user management;
• technical assistance;
• security, incident prevention and service continuity;
• production of reports or deliverables requested by the client;
• any other purpose expressly provided for in the contract or the client's instructions.

MIBNtech does not process personal data for its own purposes, except where required by applicable law or with the client's express agreement.

Client instructions

MIBNtech processes personal data solely on the basis of the client's documented instructions.

These instructions may arise from the main contract, this DPA, purchase orders, specifications, written exchanges or any other documentation agreed between the parties.

If MIBNtech considers that a client instruction is likely to contravene applicable regulations, it will inform the client as soon as possible, to the extent permitted by law.

Confidentiality

MIBNtech ensures that persons authorised to process personal data are subject to an appropriate obligation of confidentiality.

Access to personal data is limited to employees, service providers or subcontractors who need it for the provision of the services.

Data security

MIBNtech implements appropriate technical and organisational measures to protect personal data against destruction, loss, alteration, unauthorised disclosure or unauthorised access. These measures may include, depending on the nature of the services:

• access controls;
• authorisation management;
• user authentication;
• logical and physical security measures;
• backups;
• systems monitoring;
• access logging where applicable;
• team awareness;
• internal security procedures;
• business continuity or recovery measures, where relevant.

These measures are tailored to the nature of the data processed, the identified risks and the services provided.

Sub-processors

In the course of providing its services, MIBNtech may engage sub-processors, in particular for hosting, maintenance, support, technical tools or professional services.

Where sub-processors are used, MIBNtech ensures they are subject to data protection obligations at least equivalent to those set out in this DPA.

Upon request, MIBNtech can provide the client with reasonable information regarding the categories of sub-processors used in the context of the services.

International transfers

Where personal data is transferred outside the European Economic Area or a territory recognised as providing an adequate level of protection, MIBNtech ensures that such transfer is governed by appropriate safeguards. These safeguards may include, depending on the case:

• an adequacy decision;
• standard contractual clauses;
• applicable binding corporate rules;
• or any other mechanism recognised by applicable regulations.

Assistance to the client

To the extent reasonably possible and taking into account the nature of the services provided, MIBNtech assists the client in fulfilling its data protection obligations. This assistance may relate in particular to:

• responding to requests to exercise the rights of data subjects;
• security of processing;
• management of personal data breaches;
• carrying out impact assessments, where applicable;
• exchanges with supervisory authorities, where necessary.

The client remains responsible for managing data subject requests, unless otherwise agreed in writing between the parties.

Personal data breach

In the event of a personal data breach affecting data processed on behalf of the client, MIBNtech informs the client as soon as possible after becoming aware of it.

This notification contains, to the extent possible, useful information enabling the client to assess the situation and fulfil its own regulatory obligations.

MIBNtech cooperates reasonably with the client to limit the effects of the incident and take appropriate corrective measures.

Data retention and deletion

Personal data is retained solely for the period necessary to provide the services or in accordance with the client's instructions.

At the end of the contractual relationship, and unless otherwise required by law, MIBNtech deletes, returns or anonymises the personal data processed on behalf of the client, in accordance with the procedures agreed between the parties.

Some data may however be retained for a limited period where necessary to comply with a legal obligation, ensure security, manage a dispute or defend rights.

Audit and documentation

MIBNtech makes available to the client the information reasonably necessary to demonstrate compliance with its obligations as a data processor.

Where contractually provided, the client may request information, documents or compliance evidence relating to the processing carried out on its behalf.

Audit arrangements, where applicable, are governed by the contract between the parties in order to preserve the security, confidentiality and continuity of the services.

Client responsibility

The client is responsible for the lawfulness of the processing it entrusts to MIBNtech. In this regard, the client undertakes in particular to:

• have an appropriate legal basis for the processing concerned;
• inform data subjects where required;
• collect only the data that is necessary;
• provide MIBNtech with instructions that comply with applicable regulations;
• respect the rights of data subjects;
• not transmit sensitive or regulated data without prior agreement and appropriate measures.

Contact

For any questions relating to this Data Processing Agreement or the protection of personal data, you can contact us at the following address:

MIBNtech
contact@mibntech.com