RGPD

17.1 GENERAL

SeeZam® as well as Members shall ensure that personal data provided in connection with these Terms and Conditions and the use of the Website or Services (the «Data») is processed in accordance with the European Regulation 2016/679 of 27 April 2016, as amended or replaced (the «General Data Protection Regulation» or «GDPR») and any other applicable laws, regulations, standards and other requirements related to privacy, data protection or confidentiality, including European Union directives and regulations (the «Data Protection Legislation»).

In particular, the User authorizes SeeZam® to use the information collected via the Website for statistical purposes, respectively to manage the relationship between the Parties, or at the request of competent legal or regulatory authorities. The personal data collected in this way are only used for the purpose of managing the connected Users. SeeZam® undertakes never to make the information collected in this way known to third parties.

More generally and beyond the sole use of the Website, the User acknowledges that he/she is duly informed that SeeZam® only collects personal data in the context of its legitimate interests and always with the consent of the person concerned, in order to :

• ascertain the identity of a person who comes into contact with it, or
• to provide information to it as appropriate.

The only personal data that may be collected, and only through voluntary communication by the persons concerned, are those described in point 17.2. of this document. Additional personal data may be collected in specific situations, which will be subject to the express and explicit consent of the persons concerned.

Personal data collected and/or held by SeeZam® is always provided directly and exclusively by the data subject him/herself, necessarily voluntarily and with full knowledge of the facts, if necessary by filling in specific forms.

Any person providing personal data to SeeZam®, expressly consents to SeeZam® collecting, storing, processing and retaining such data in the course of its business and for the purposes described in this Agreement. The User hereby expressly acknowledges that he/she considers such data collection to be legitimate and lawful in his/her own discretion.

Personal information is stored in a computerized file by SeeZam®, which will only process or use personal data insofar as this is necessary for the processing of the requests of the person concerned, and of that person alone.

Personal information is kept generally for as long as necessary during the processing of the data subject's requests, respectively for the duration of the present, and for three years after its termination, unless :

• the data subject exercises his or her right to have his or her data deleted, as described below ; or
• a longer retention period is permitted or required by law or regulation.

Access to personal data is strictly limited to SeeZam®'s administrative agents. External service providers are subject to a confidentiality obligation and may only use the data in accordance with the contractual provisions with SeeZam® and the applicable legislation. Apart from the above-mentioned cases, SeeZam® will not sell, rent, transfer or give access to third parties without the prior consent of the data subject, unless compelled to do so for a legitimate reason (legal obligation, fight against fraud or abuse, exercise of rights of defence, etc.).

In the event that a transfer of data is necessary outside the European Union, the following safeguards will be taken to ensure a sufficient level of protection for the User's information :

• The country of the recipient(s) will provide an adequate level of protection by decision of the European Commission ; or
• The recipient(s) adheres to the Privacy Shield Principles ; or
• The transfer will be framed, in accordance with the requirements of European Regulation No. 2016/679/EU of 27 April 2016, by standard protection clauses adopted by the European Commission.

SeeZam® undertakes to use its best efforts to apply technical and organisational measures to protect personal data and to put in place all means to ensure the confidentiality and security of personal data, so as to prevent damage, deletion or access by unauthorised parties. In doing so, SeeZam® undertakes to comply with the laws of Luxembourg, in particular the amended laws of 2 August 2002 (on the protection of individuals with regard to the processing of personal data), of 30 May 2005 (on specific provisions for the protection of individuals with regard to the processing of personal data in the electronic communications sector) and of 28 July 2011 on data protection in the electronic communications sector.

In accordance with the law of 30 May 2005 (data protection and electronic communications) as amended, and the European Regulation n°2016/679/EU of 27 April 2016, any data subject has the right to access, rectify, portability and erasure of his or her data or to limit the processing. Data subjects may also, on legitimate grounds, object to the processing of their data.

Any person directly concerned may, subject to the production of valid proof of identity, exercise his or her rights by sending an e-mail to «dpo[at]seezam.com» or by sending a letter for the attention of the Data Protection Officer of SeeZam® to «Protection des données personnelles - SeeZam S.A. - 60A, rue de Bettembourg - L-5811 Fentange - Grand-Duché de Luxembourg».

The User declares that he/she is fully aware of the characteristics, risks and constraints related to the collection and storage of his/her personal data by SeeZam®.

SeeZam®'s responsibility is limited to the use of all means at its disposal to ensure the security of the User's personal data and of any person concerned. The User remains solely and exclusively responsible for the protection of his/her personal data on his/her own Terminal.

Unless otherwise agreed in writing, the User authorizes SeeZam® to use its name, trademark, logo, as a commercial reference, on any medium and in any form whatsoever, for the duration of the Services and beyond, for a period of three (3) years.

17.2 DATA DESCRIPTION

Commercial Data

SeeZam® stores and processes the full names, telephone numbers and mobile phone numbers of Client contacts («Business Data») for the purposes of, among other things, notifying Clients of any events requiring action by SeeZam® (including events related to the use of SeeZam®, tracking of support requests and updates) or otherwise managing the relationship with the Client (including billing and payment for the Services), or ensuring SeeZam®'s compliance with applicable laws and regulations.

The bank details of the Clients transmitted in the context of the renewal of the subscription to the paid Services will be communicated to the organisation in charge of the online payment procedure for SeeZam®, which has all the required authorisations and meets the latest security rules in this area (the «Payment Provider»).

User Data

Data such as surname, first name, e-mail address, mobile phone number and other data such as country of residence or any other information provided on the registration form provided for this purpose] or provided by the Customer and concerning the User (the «User Data»), will subsequently be visible and modifiable by the User when logging in.

User Data is subject to editable parameters. Except for the User's name and e-mail address, User Data is not unintelligible in form by SeeZam® because it is encrypted with the User's own keys, which SeeZam® does not possess.

SeeZam® does not process any sensitive data and collects as the only personal information of the Users an explicit identifier (first name. Last name) or not (FCVGT1245) and an explicit email address (prénom.nom@NomEntreprise.com) or not (musterman@yahoo.de). The User can change his email address at any time.

The User with the communicating trunk function may share information with other Users. The User will be able to determine whether or not certain Data that he or she has chosen to provide to complete his or her profile will be visible to other Users.

Safe Deposit Box Data

SeeZam® has opted for the highest security rules, the application of a level that guarantees personal secrecy and an encryption that ensures the confidentiality of its Members' confidential or secret data.

SeeZam® is not able to decipher and become aware of the contents of Members' safes, including any personal data that may be contained in such safes (the «Safe Data»).

17.3 RESPONSIBILITY FOR PROCESSING

The Member acting as data controller

The User and/or the Client as the case may be is/are responsible for the processing (within the meaning of the RGPD) of Commercial Data, User Data as well as Safe Data processed in the context of the use by Members of the Services, the Website or the Tools. SeeZam® will act as a subcontractor within the meaning of the RGPD in relation to such processing of Data.

The Member warrants that all Data (in particular User Data and Safe Data) communicated to or made available to SeeZam® or added to a safe has been collected and transferred in compliance with the Data Protection Legislation.

The Member agrees to fulfill all obligations as a data controller and to indemnify and hold harmless SeeZam® from all claims and disputes relating to such obligations or to the warranties given in respect of the Data.

SeeZam® acting as the data controller

SeeZam® is a controller under the GDPR of Business Data and User Data only when SeeZam® processes them for its own purposes, including when the processing is necessary for the performance of the General Terms and Conditions (e.g. for payment and billing purposes), when it is necessary for SeeZam® to comply with its legal and regulatory obligations or to respond to requests and requirements of public authorities, or when the processing is necessary for the purposes of SeeZam®'s legitimate business interests (such as litigation management, customer management, or business development)

Member agrees to provide reasonable assistance to SeeZam® in fulfilling its obligations as a data controller. This assistance may include, upon request by SeeZam®, providing specific information to Users regarding SeeZam®'s processing of their data.

17.4 SEEZAM®'S OBLIGATIONS AS DATA CONTROLLER

Disclosure of Data

In order to accomplish the purposes described in Article 17.2 and 17.3 and for which SeeZam® acts as data controller, SeeZam® :

• may communicate certain Data to external subcontractors or service providers (in particular the Payment Provider); and
• may be compelled to disclose any readable or intelligible content (email, login, trunk name) to comply with applicable laws or if, in good faith, SeeZam® believes that such action is necessary, including, but not limited to, in connection with legal or administrative proceedings, to enforce these Terms and Conditions, to respond to claims of infringement of third party rights, to protect the rights or interests of SeeZam®, its Members, or the public.

Data Security

SeeZam® takes all precautionary measures to ensure the security of the Business Data and User Data in relation to which it may be considered responsible for processing within the limits of the purposes referred to above in Article 17.2 and 17.3. However, it cannot rule out all the risks associated with the use of the Internet.

Rights of the persons concerned

SeeZam® allows Members whose personal data is processed by SeeZam® as a data controller to exercise their rights under the GDPR to the extent that such exercise is not limited by the technical characteristics of the Services offered by SeeZam®.

These rights consist of :

• access to the Data and to information concerning the processing thereof ;
• rectification of incorrect or incomplete Data ;
• the deletion of Data under conditions ;
• opposition to the processing of Data based on the legitimate interests of SeeZam® ;
• the possibility to receive the Data and to transmit them to another controller insofar as the legitimacy of the processing is based on the performance of a contract and the processing is automated ;
• the limitation of the processing of the Data under certain conditions.

To exercise these rights, the Member may contact SeeZam® via the online forms.

Data Retention

SeeZam® will retain Data only for as long as is necessary for the relevant processing activity and/or for the period of data retention permitted under applicable law.

17.5 SEEZAM®'S OBLIGATIONS AS A SUBCONTRACTOR

The following provisions apply for the processing of Data for which SeeZam® acts as a processor within the meaning of the GDPR.

SeeZam® undertakes, within the strict limits of what its Services technically allow to :

• process Data only in accordance with the terms of the order form or the General Terms and Conditions and on the documented instruction of the Member responsible for the processing ;
• ensure that the persons authorized to process the Data are subject to confidentiality ;
• to take appropriate technical and organisational measures for the security of the Data and to assist the Member responsible for the processing, to fulfil (i) its own obligations related to the security of the Data as described in Articles 32 to 26 of the GDPR and (ii) its obligation to respond to requests from individuals concerned by the processing of their data to exercise their rights ;
• comply with the instructions of the Member responsible for processing regarding the return or deletion of the Data at the end of the contract, unless such instructions contradict the applicable law ;
• provide the Member responsible for the processing, at its request, with the information strictly necessary to demonstrate compliance with its obligations as a processor and to allow audits to be carried out in this respect (the number of audits being limited to one per year).
• SeeZam® undertakes not to use any other subcontractor without prior notice to the Member responsible for the processing, it being specified that on the date of acceptance of these General Terms and Conditions, SeeZam® is authorized to use a payment service provider, IT service providers in Belgium and the Grand Duchy of Luxembourg and a service provider for the hosting of the Data located in the Grand Duchy of Luxembourg

In the course of its business, SeeZam® may disclose unencrypted User names and email addresses only to persons to whom SeeZam® subcontracts certain work related to the operation of the Website.

SeeZam® will ensure that each of its subcontractors is bound by the same personal data protection obligations as SeeZam® under this Article. SeeZam® will remain responsible for the performance of its obligations as a processor when processing is carried out by one of SeeZam®'s processors.