General terms and conditions of sale
Last update : September 11th, 2023.
These general terms and conditions of sale, together with the quote (the “Quote”) constitute the agreement (the “Agreement”) under which AXA Climate (the “Service Provider”) will provide the customer, as identified in the Quote, (the “Customer”) with the Services. By signing the Quote, the Customer agrees to be bound by these terms and conditions which supersede and replace any terms and conditions issued by the Customer, which are hereby excluded and inapplicable.
Definitions – Terms which are capitalized shall have the meanings given to them in this Article or elsewhere in this Agreement.
“Authorized User(s)” means the employees of the Customer who will be authorised by the Customer to access and use the Butterfly School, within the limits set out in the Agreement.
“Butterfly School” means an online learning experience introducing to the regenerative business created by the Service Provider, as described at the following URL: https://butterfly-regen.com/
“EdApp Platform” means the e-leaning platform developed, hosted and maintained by EdApp, accessible in SaaS mode pursuant to EdApp Services Levels, on which the Butterfly School is hosted.
“Fees” means the fees payable by the Customer in consideration for the Services as detailed in the Quote.
“Intellectual Property Rights” means all intellectual property rights (copyright and related rights) or industrial property rights (trademarks, business names, domain names, patents, designs and models) of the Parties, whether or not they are registered, throughout the world and for the period of their validity.
“Licence” means the personal non-assignable, non-transferable and non-exclusive license of access and use of the Butterfly School granted to the Customer for its Authorized Users.
“Services” means the License granted in the conditions detailed in the Quote.
“Service Levels” means the expected values (in terms of uptime, response time, correction time or else) in relation to the EdApp Platform as set out in Article 14.
“Party/Parties” means individually or jointly the Customer and/or the Service Provider.
“Tax” means any tax, including all state / national and local taxation, corporate tax, business tax, goods and services tax, value added tax, ad valorem tax, capital gains tax, withholding tax, stamp duty, customs and other import and export duties, levies and charges, and all penalties, charges, costs and additions to tax as imposed by any government, government agency, statutory body or any revenue authorities in respect of all the fees, charges, interests and expenses arising from this Agreement.
“Term” means the duration for which the Customer is authorised to access and use the Butterfly School, as specified in the Quote.
- License
The Service Provider grants the Customer the License in consideration of the payment of the Fees by the Customer, for the number of Authorised User, as described in the Quote. The Customer undertakes that the Authorized Users will use the Butterfly School in compliance with the terms and conditions of this Agreement.
- Training Schedule
The Training Schedule is provided at the beginning of the training. The Service Provider reserves the right to modify time and date of some meetings in case of unavailability and will freely reschedule those meetings according to Authorized Users’ availability.
- Intellectual property rights on the Butterfly School
The Butterfly School constitutes protected copyrighted material and valuable trade secrets of AXA Climate. Ownership of the Butterfly School including any intellectual property embodied therein (and in particular, all information, materials, tools, techniques, including but not limited to unpatented inventions, drawings, videos, presentations, quiz, methods, data, documents, instruction and training manuals), remains the property of the Service Provider or its licensor(s) at all times, which shall retain all Intellectual Property Rights, whether registered or not, therein. As a consequence, this Agreement does not convey, assign or transfer title or ownership of the Butterfly School.
The Customer, its Affiliates and any Authorized User shall not:
- use the Butterfly School for the purpose of building a competitive product, competitive product means any product or service that is being developed or sold by the Customer and is of the same general type, performs similar function, may be substituted for or is intended or used for the same purpose as the Butterfly School;
- copy, reproduce, represent, adapt, correct, arrange, translate, integrate, transcribe, extract, summarize, distribute, modify, or create any derivative works of the Butterfly School, including any component, part, feature, function, user interface, or graphic thereof, in any manner or form, by any means, according to any current or future technology, for any other purpose or destination, on any media.
- Warranties
The Service Provider will provide the Services with reasonable skill and care. The Service Provider possesses and shall maintain resources and expertise to provide the Services in accordance with the terms and conditions of this Agreement. The Service Provider further warrants that it will provide the Services in a manner consistent with general industry standards reasonably applicable to the provision thereof.
Notwithstanding the above the Butterfly School is provided on an « as is », and « as available » basis and without any further warranties of any kind. Except as expressly stated in this Agreement, implied warranties of fitness for a particular purpose, non-infringement, and suitability of information and functionality are expressly excluded and the Service Provider hereby expressly disclaims any liabilities of whatever nature in relation thereto. The Customer acknowledges that the Butterfly School is not a substitute for professional advice.The Service Provider will take all reasonable steps to ensure the accuracy of the information provided, it being specified that the Service Provider cannot guarantee the accuracy of all such information, which may be evolving, prospective or resulting from interpretations made by third parties. The Customer assumes full responsibility for the access and use of the Butterfly School by Authorized Users and the data contained in the Butterfly School.
The Customer acknowledges that it has been informed of the content of the Butterfly School to date, via the existing Butterfly School catalogue and enters into this Agreement with full knowledge of the said content.
- Fees and Taxes
The applicable Fees for the Services are indicated in the Agreement. The Fees include the entire Service Provider’s compensation. All the expenses or additional costs are excluded from any value added tax or other relevant tax for which the Customer is solely accountable. The Parties shall collaborate with each other to accurately determine any tax obligation arising from this Agreement or to any other order, as well as to minimize such tax liability, to the extent permissible and to the extent that such cooperation is not detrimental to either Party. Each Party will provide and make available to the other Party any tax invoices, tax exemption certificates, and any other relevant information reasonably requested by the other Party. In the event of payments not received from Customer by the due date, any sum due to Service Provider will bear automatic late payment interest, starting on the day after the payment period’s expiry date equal to the key interest rate applied by the European Central Bank, plus 10 points. In addition, pursuant to Articles L. 441-6 and D. 441-5 of the French commercial Code, Customer shall pay a fixed allowance of forty (40) euros for recovery costs per invoice.
- Term and termination
This Agreement shall come into force at the signing date of the Quote and shall remain in effect for the Term indicated in the Quote.
The Customer will be able to cancel this Agreement for convenience and with no cost until 15 days before the beginning of the Training Session to which the Authorized User(s) has(have) subscribed. In this case, the Fees, if already paid, will be paid back by the Service Provider.
In case of cancellation less than 15 days before the beginning of the Training Session, the cancellation won’t be allowed and no payback will be made, but the Service Provider will propose to re-subscribe the Authorized Users in the next Training Session.
This Agreement may be terminated as of right by either Party in case of a breach of any term of the Agreement. Early termination shall take place thirty (30) days after a formal notice to remedy has been sent to the breaching Party by registered mail with acknowledgement of receipt and has remained without effect.
- Confidentiality
“Confidential Information” means, without limitation, all information and data communicated –in writing and/or orally– by one Party to the other Party in connection with the performance of this Agreement, including, without limitation whether in whole or in part, reports, interpretations, forecasts, analyses, know-how, market information, marketing plans, studies, notes and other documents. Each Party undertakes on its behalf (and in the name and on behalf of its corporate officers, employees and subcontractors) to keep the Confidential Information strictly confidential, implement adequate security and safety measures using the same means and procedures as those used for their own Confidential Information. Each Party will be entitled to disclose Confidential Information strictly as required by any court of competent jurisdiction, or by a governmental or regulatory authority or where there is a legal duty or requirement to disclose. Confidentiality shall remain in force for the Term and for a period of three (3) years after its expiration or termination or any longer period as may be required by law.
- Data privacy
The provisions of Annex 1 and 2 (Data Processing Addendum) shall apply in relation to the Parties’ obligations relating to any processing of personal data for the performance of the Agreement and the Services.
- Force majeure
In no event shall either Parties be liable to the other for any delay or failure to perform caused by a force majeure event through no fault from the Party claiming relief. Force majeure is the occurrence of unpredictable and irresistible event beyond the control of the Party claiming relief including, but not limited to, when they present these characteristics: acts of the public enemy; wars; fires; floods; epidemics; and quarantine restrictions. In case of force majeure event, each Party shall exercise all reasonable efforts to mitigate the extent of such delay or failure. Performance times under this Agreement shall be considered extended for a period of time equivalent to the time lost because of any delay which is excusable under this Article. If any such force majeure event continues for a period of more than thirty (30) business days, either Parties shall have the option of terminating the Agreement or any order as of right and without formality, upon written notice to the other.
- Liability
The Service Provider shall be liable only in cases of direct damages. The Service Provider shall not be liable for any indirect, incidental, special, consequential, punitive damages or loss of profits arising out of, or in connection with, this Agreement or the performance or breach thereof. The Customer acknowledges that the Butterfly School is not a substitute for professional advice. The Customer assumes full responsibility for the access and use of the Butterfly School by Authorized Users and the data contained in the Butterfly School.
Notwithstanding any other provision, the Service Provider’s entire liability arising out of or under this Agreement is capped at an amount equal to the Feespaid by the Customer in relation to this Agreement.
- Commercial referencing
Each Party may use the other Party’s name, logo or trademarks as a commercial reference and/or communicate about the existence of the Agreement without the other Party’s express prior consent.
- Governing law and jurisdiction
The Agreement will be governed by and interpreted in accordance with the laws of France. The Courts of Paris shall have exclusive jurisdiction to decide all disputes relating to the Agreement.
- Miscellaneous
13.1 Modification – No modification, addendum, addition or waiver to any of this Agreement’s clause will be binding for the Parties, unless it is formalized in writing and signed by a legal representative of each Party to which its execution is requested.
13.2 No Waiver of Rights – Unless otherwise provided in this Agreement, the failure of either Party at any time to enforce any right available to it under this Agreement or otherwise with respect to any breach or failure by the other Party shall not be construed as a waiver of that right with respect to any other breach or failure by the other Party.
13.3 Interpretation and Entire Agreement – This Agreement constitutes the entire agreement between the Parties with respect to the subject matter hereto and replaces any previous proposals, correspondence, declarations of intent or other communications, whether written or oral. The Annexes form part of the Agreement and shall have effect as if set out in full in the body of the Agreement.
13.4 Electronic Signature – The Parties may sign this Agreement by using an electronic signature. In this case, the Parties agree that the electronic signature is managed by the Terms of Use « Conditions d’utilisation du Portail de signature électronique (AXA powered by Universign) » available on the signature portal. The Parties agree that the electronic signature expresses the consent for this Agreement to be legally binding to the Parties and to serve as evidence on the same account as a hand-signed paper document.
- Compliance & Ethics obligations
The Customer acknowledges that the Service Provider adheres to certain principles and practices aiming at doing business in a socially responsible manner by promoting sustainable development in its business as more fully set forth in the AXA Compliance and Ethics Guide (https://www.axa.com/en/press/publications/compliance-ethics-guide). The Service Provider encourages its suppliers to be socially and environmentally responsible. The Service Provider may therefore, at its discretion, not renew this Agreement and/or, subject to applicable laws, implement an AXA Group-wide prohibition on entering into future contracts with the Customer in the event the Service Provider determines, after discussion with the Customer, that the Customer’s practices are contrary to the principles and practices set forth in the AXA Compliance and Ethics Guide. In addition, as part of the Service Provider’s principles and practices of sustainable development, the Service Provider requires its customers to observe the following three main specific International Labour Organization (ILO) principles: (i) refrain from using, or accepting that their own suppliers and subcontractors make use of child labour (under 15 years of age) or forced labour; (ii) ensure staff safe and healthy working conditions and environment, respecting individual and collective liberties; and (iii) promote non-discrimination (sex, race, religion or political conviction) as regards staff recruitment and management. In the event that the Service Provider notifies the Customer or the Customer becomes aware that any of its business practices are contrary to such ILO principles, the Customer agrees to remedy the practice in question and notify the Service Provider of such remediation. If the Customer does not appropriately address this matter or commits further violations, the Service Provider may terminate this Agreement for convenience, as of right and without formality, without liability or indemnity of any kind to the Customer.
Customer acknowledges that Service Provider: (i) is committed to abide by the applicable laws and regulations prohibiting corruption and influence peddling (together: “Corruption”)[1]; and (ii) has implemented and will maintain within its organization policies, that prohibit any such actions by its officers, employees, affiliates, agents, subcontractors, and any other third parties acting on its behalf.
Corruption can be defined as the act by which a person invested of a specific public or private function, solicits or accepts a gift, offers or promises to perform, delay or omit to perform an act that enters, directly or indirectly, within the scope of its functions.
Influence peddling can be defined as the solicitation or to approve, at any time, directly or indirectly, offers, promises, donations, gifts or benefits of any kind, for himself or for others, to abuse or have abused his real or supposed influence in order to obtain distinctions, jobs, contracts or any favorable decision from a public authority or administration. The Parties represent, warrant and covenant that, in connection with the Agreement:
- neither the Parties, nor their officers, employees, affiliates, agents, subcontractors, nor any other third party acting on their behalf, have committed or will commit any Bribery of the other Party’s officer, employee, affiliate, agent, subcontractor, or any other third parties acting on its behalf; and
- the Parties have implemented and will maintain adequate anti-Bribery policies and controls in place to prevent and detect Bribery throughout their organization, whether committed by their officers, employees, affiliates, agents, subcontractors or any other third parties acting on their behalf.
In particular, the Parties shall refrain from promising, offering, or granting to any person, directly or indirectly, any undue advantage so that such person performs or refrain from performing any act within the scope of its functions in the performance of this Agreement; or in order to make such person using its real or supposed influence over a third party in order to obtain any advantage.
To the extent permitted by the applicable law, each Party shall notify the other Party immediately upon becoming aware or upon becoming reasonably suspicious that an activity carried out in connection with the Agreement has contravened or may have contravened this Article or any anti-Bribery law or regulation.
Each Party may at any-time request evidence of the other Party’s compliance with its obligations under this Article.
If either Party has reasons to believe that the other Party is not complying with the obligations contained in this Article, such Party may suspend the performance of the Agreement until the other Party provides reasonable evidence that it has not committed or is not about to commit a breach. The Party that has suspended performance of the Agreement shall in no event be liable for any damage or loss caused to the other Party.
Breach of this clause by each Party shall be deemed a material breach of this Agreement and each Party may terminate the Agreement with immediate effect upon written notice – as of right and without any judicial authorization – if during the Term of the Agreement the other Party is convicted of an act of Bribery or fails to comply with this Article or any anti-Bribery law or regulation even if not connected to the Agreement. To the extent permitted by the applicable law, the defaulting Party shall indemnify the other Party, its officers, employees, affiliates, agents, subcontractors, or any other third party acting on its behalf, against any losses, liabilities, damages, costs (including legal fees) and expenses incurred by, or awarded against these indemnified parties as a result of any breach of this Article.
Either Party shall not be bound by any obligation and shall not provide any service and under this Agreement when the implementation of such an obligation or the supply of such service would expose it to a sanction, prohibition or restriction resulting from a resolution of the United Nations organization, and/or to the economic or commercial sanctions provided for by the laws or regulations enacted by the European Union, France, the United Kingdom or the United States of America or by any other national law providing for such measures.
The Customer undertakes to inform the Service Provider of any situation likely to create a conflict of interest for the Service Provider. The Service Provider undertakes to declare any potential conflict of interest with the Customer. Notwithstanding the foregoing, the parties acknowledge that Service Provider providing services to a Customer Competitor or other Third Party shall not, of itself, create a conflict of interest.
- EDAPP Services Levels Agreement
EdApp is AXA Climate’s subcontractor and provides the access to the EdApp Platform in accordance with the following services levels agreement.
EdApp is contractually committed to use commercially reasonable efforts, being no less than accepted industrial standards in this regard, to ensure that the EdApp Services are available to Customer 99.9% of the time in any calendar month. However, in case of unavailability of the EdApp Platform, AXA Climate will not be held directly liable by the Customer.
Category Level |
Criteria |
Response Time |
Resolution Time |
Critical |
Issue is deemed too critical and needs to be resolved immediately. Critical impact on > 20% users |
Immediate
|
Within 12hrs
|
Serious |
Issue impacts major functionality and/ or has risk impacts Serious impact on > 10% users |
24hrs
|
12 – 72hrs
|
Minor |
Issue requires attention however there is no functional or risk Minor impact on > 5% users |
72hrs
|
72hrs – 1 week
|
Trivial |
Issue is trivial and does not pose any immediate risk |
96hrs |
In line with release schedule |
ANNEXE 1 : PERSONAL DATA PROTECTION
The purpose of this Annex is to set forth the conditions under which AXA Climate, where it accesses, receives and/or processes Personal Data from Customer, shall act as Data Processor (or “Processor”) on behalf of Customer, acting as Data Controller (or “Controller”).
As part of their contractual relations, the Parties undertake to comply with any Data Privacy Applicable Laws and Regulations and, in particular, the Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 (hereinafter « the General Data Protection Regulation” or “GDPR”).
IN CASE OF SUBSTANTIAL MODIFICATION OF THE CONDITIONS AGREED IN THE CONTRACT THAT COULD IMPACT THE PERSONAL DATA PROCESSING ACTIVITIES, THE PARTIES AGREE TO RENEGOCIATE THIS ANNEX TO ADAPT IT TO ANY NEW PERSONAL DATA PROCESSING ACTIVITY OF CONDITIONS.
- Definitions
Capitalized terms not otherwise defined in the Agreement or in this Annex, shall have the meaning given in the GDPR and further interpretations provided by the Supervisory Authorities, as understood under chapter VI of the GDPR including: Personal Data, Processing, Purpose, or Personal Data Breach among others.
“Controller Personal Data” means any Personal Data made available or transferred by Controller to the Processor and any Personal Data that the Processor processes as Processor as defined by the Data Privacy Applicable Laws and Regulations in the framework of this Agreement.
“Data Privacy Applicable Laws and Regulations” means any laws or binding rules, statute, ordinance, regulation, order or opinion of any supervisory authority regarding data protection or privacy, in particular the Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 (hereinafter « the General Data Protection Regulation” or “GDPR”).
“Data Subject Rights” means every right given by the Data Privacy Applicable Laws and Regulations to the Data Subjects affected by the Processing activities of this Agreement, including: right of access, rectification, deletion and opposition, right to limitation of the Processing, right to portability, and right to not being subject to an automated individual decision-making.
- Obligations of the Parties
Processor shall comply with Controller’s documented and lawful instructions regarding Controller Personal Data as described in the Agreement and in the data privacy specifications that may be attached hereto. The Processor shall inform the Data Controller if, in its opinion, an instruction infringes the Data Privacy Applicable Laws and Regulations. The Processor shall process Personal Data only on instruction of the Controller, and on behalf of the Controller.
Within the conditions set out in this Annex, the Processor undertakes to:
- Assist Controller in satisfying the legal obligations related to the protection of Controller Personal Data, notably by supplying to Controller any information necessary for the fulfilment of any required formalities, or the demonstration of its compliance with the obligations laid down in this Annex, and in the Data Privacy Applicable Laws and Regulations,
- Unless provided otherwise by applicable law, inform Controller of any request or order issued by a public authority (e.g. data protection authority, courts, police) concerning directly or indirectly Controller Personal Data;
- Take the reasonable protection measures, given the nature of Controller Personal Data and the Processing level of risks, to ensure a level of security appropriate to the risks on Controller Personal and, in particular, prevent its alteration or destruction, or unauthorized access to it;
- Implement the appropriate technical and organizational measures, insofar as this is possible, notably those required for the fulfilment of Controller’s obligation to respond to requests for exercising the Data Subject Rights;
- Take steps to ensure that any natural person acting under its authority who has access to Controller Personal Data does not process them except on instructions from the Controller, unless such person is required to do so by the Data Privacy Applicable Laws and Regulations;
- Special categories of Data
Unless expressly instructed by the Data Controller, the Parties acknowledge that under no circumstances the Controller will transfer to the Processor or ask the Processor to process Special Categories of Data, including sensitive data (i.e. social security number, data relating to criminal convictions and offences, financial data, etc.).
- International Transfer of Personal Data
Controller Personal Data may be transferred, including for Processing, hosting or granting remote access purposes, with prior written consent of Controller, outside of the European Economic Area (EEA) or countries that have been deemed as offering an adequate protection by the European Commission. In case the recipient is located outside the EU/EEA, Processor:
- has implemented the necessary measures, such as signing the last version of EU standard contractual clauses agreed by the EU Commission,
- has implemented appropriate safeguards such as supplementary security measures.
For the sake of this Annex, the following Sub-Processors are deemed to have received consent from the Controller:
Identification |
Country |
Edapp Pty Ltd |
Australia |
Zoom Video Communications, Inc |
USA |
Should Processor intend to change the data processing authorized location, Processor shall obtain the Controller’s prior written approval.
- Sub-processing
The Processor may use a Sub-Processor to carry out specific processing activities. The Processor shall inform the controller in advance and in writing of any envisaged change regarding the addition or replacement of Sub-Processor. The Controller shall have a period of 15 days from the date of receipt of this information to raise reasonable objections. Such subcontracting may be carried out only if the Controller has not objected within the agreed time limit..
For the sake of this Annex, the following Sub-Processors are deemed to have received consent from the Controller:
Identification |
Country |
EdApp Pty Ltd |
Australia |
Zoom Video Communications, Inc |
USA |
Sendinblue SAS |
France |
YUMA |
France |
SARL Agarta |
France |
Processor also commits that it shall ensure that the Sub-Processor will comply with all the obligations contained in this Annex and in the Data Privacy Applicable Laws and Regulations, which shall be established through a specific agreement or similar arrangement (“Sub-Processing Agreement”).
- Confidentiality of Personal Data
The Parties agree that Controller Personal Data shall be treated, by nature, as confidential information. Persons authorised to process the personal data have committed themselves to confidentiality or are under an appropriate statutory obligation of confidentiality.
- Retention, Return and Destruction of Personal Data
Processor shall not retain Controller Personal Data longer than the duration of the Agreement, augmented of any applicable mandatory retention period (such as applicable statute of limitations). The Parties agree that upon the expiration of this duration, the Processor will delete Personal Data and any copies thereof unless Controller expresses its choice, in writing and, within thirty (30) days after expiration, of a return of Personal data under a readable format.
The Processor will provide sufficient guarantees to implement appropriate technical and organisational measures to preserve the security of the Controller Personal Data and, in particular, prevent their alteration and damage, or access by non-authorized third-parties.
- Personal Data Breach
Processor shall notify in written to the Controller without undue delay after becoming aware of any Personal Data Breach. Said notification shall be sent along with any necessary documentation to allow Controller, where necessary, to notify this Personal Data Breach to the competent Supervisory Authority. The Processor shall provide all the necessary information to the Controller, in order for the latter to comply with article 33.3 of the GDPR. Where, and in so far as, it is not possible to provide the information at the same time as the written notification of the Personal Data Breach, the information may be provided in phases without undue further delay. In case of Personal Data Breach, Processor shall proceed as quickly as possible to mitigate any adverse impact and to prevent similar Personal Data Breaches from occurring in the future.
- Audit
Controller may audit Processor in order to assess Processor’s compliance with the obligations under this Annex, at the cost of the Controller, with a three (3) month prior written notice and not more than once every 12 months. The notice shall mention the identity of the auditor third-party considered by the Controller (the “Proposed Auditor”), which shall be impartial and independent. After receiving such notice, the Processor will have the possibility to reasonably object within one (1) month to the Proposed Auditor. In such hypothesis, the Parties will negotiate in good faith to choose a neutral auditor third party.
- Liability
Regardless of any contrary provision, the liability of the Processor towards the Controller for any acts or omissions relating to its obligations with regard to the processing of Persona Data under this Annex/the Agreement, the confidentiality thereof and/or the Data Privacy Applicable Laws and Regulations will be limited to the total Fees payable under the Agreement within the last twelve months (the “Personal Data Liability Cap”).
Processor will be solely liable (within the limits of the Personal Data Liability Cap) for the damage caused by its processing activities, when it has not complied with Data Privacy Applicable Laws and Regulations or this Annex.
- Data Subjects Rights and Mutual assistance
The Controller will provide data subjects with information required under the Data Privacy Applicable Laws and Regulations. The Controller will answer to executing the requests of Data Subject Rights. Processor shall assist the Controller in executing the requests of Data Subject Rights, where applicable. When the Data Subject Rights are requested directly to the Processor by the Data Subject, Processor shall transfer these requests upon receipt, by e-mail to Controller. In case of a control or a claim investigated by a competent Supervisory Authority regarding the Data Processing within the framework of the Agreement/this Annex, the Parties agree to cooperate in good faith. The Processor will use commercially reasonable efforts to provide the relevant information, that could have been requested by the Supervisory Authority, to the Controller. Any non-commercially reasonable costs relating to assistance by the Processor will be borne by the Controller.
The provisions of this Annex will stay in force between the Parties for the duration of the Agreement.
All the provisions of this Annex are subject to French law.
ANNEX 2 : DESCRIPTION OF PERSONAL DATA PROCESSING ACTIVITIES
The table(s) below shall be filled-in and duplicated for each Processing activity of Controller Personal Data undertaken by the Processor, and shall be attached to the Agreement.
The content of each table acts as written instructions from the Controller. Processor undertakes to only process Controller Personal Data according to these instructions, and only on behalf of the Controller. All localizations, and Sub-Processors, listed in the table hereafter, shall be considered as authorized by the Controller.
Purpose of the Processing |
Delivering online training and organize collective live sessions |
Nature of the Processing |
Data hosting, connection to online services, transmission of messages and audio and video contents |
Type of processed Personal Data |
Name, first-name, e-mail address, phone number, postal address, public link to LinkedIn profile |
Categories of Data Subjects |
Customer’s employees |
Location of Data Processing |
France for AXA Climate
USA for Zoom
Australia for EdApp
France for Sendinblue
France for YUMA
France for Agarta |
Duration of the Data Processing Activity (active archiving) |
Duration of the agreement, plus 6 months during which access to the platform is maintained |
Personal Data Retention Period (intermediary archiving)
|
5 years |
Technical and organizational measures implemented by the Processor
|
AXA Group IT standards |
Sub-Processors list (including affiliates within the same Group) |
EdApp / Australia (online learning platform provider)
Zoom / USA (online messaging provider)
Sendinblue / France (marketing services provider)
YUMA / France (content provider and animator of the training)
Agarta / France (Web agency) |
[1] As defined in AXA Code Compliance & Ethics Code (https://www.axa.com/en/press/publications/compliance-ethics-guide)