Terms & Conditions

Clause 1: Purpose

The general terms and conditions (hereinafter referred to as "GTC") described below set out the rights and obligations of CRYPT.ON IT (hereinafter referred to as the "Publisher") and the end user in connection with the subscription and use of the of the CYBERLIB Data Protect solution (hereinafter "Solution").

Any use of the solution by the end customer therefore implies unreserved acceptance of these GTC.

If the end customer or any of his users does not agree with these terms, he must not use the Solution.

The Publisher reserves the right to make any changes it deems necessary to these GTC. In such a case, the end customer will be notified of the new GTC within one month of their effective date.

Clause 2: Scope

The Solution is intended for use strictly by professionals, the imperative condition for use being that the end customer has a registration number (SIREN) for his business.

Hybrid use of one or more devices by customers who also process data for private use on those protected by the Solution is tolerated as long as it does not contravene these GTC.

The end customer and its users will not be able to claim consumer status for any reason whatsoever, as the Solution is not intended for this type of user.

The GTC apply to all possible uses of the Solution, without restriction. They prevail over any other document or agreement, with the exception of any special conditions approved by the Publisher and the end which explicitly state that they take precedence over these terms and conditions.

The GTC are applicable to the current version of the Solution and all its components (web application, heavy software client, etc.). 

This applicability is also valid for all future versions of the Solution. 


Clause no. 3: Associated rights 

Only the rights of use explicitly described below are granted. 

It is expressly pointed out that only a right of use is granted. No intellectual property rights are granted to the end customer or its users, in any form whatsoever.

These rights are granted exclusively to the end user who approves them. They are neither assignable nor transferable.

It is therefore the responsibility of the end customer's representative to ensure that all his users have explicitly accepted these GTC.

Use is authorized only on a limited number of devices, which must be clearly and uniquely declared and identified, as and when they are added, in the interface provided in the web application. application.

Use is therefore strictly forbidden on workstations not declared in the Solution interface, in any form whatsoever, including in the case of partial use of the Solution.

The distribution of all or part of the Solution in a way that would allow its use on undeclared devices is strictly forbidden. 

The presence of a part of the Solution on a device implies that this device must be explicitly declared in the interface of the Solution, and that its user has explicitly accepted the GTC.

The end-customer representative undertakes to ensure regularly, throughout the use of the Solution by its users, that the components of the Solution are only present on devices declared in the interface.

The copying and/or duplication of any component of the Solution is strictly forbidden. The Solution is equipped with a license reassignment mechanism that enables its components to be transferred from one device to another.

Use of the Solution in a malicious manner (i.e. considered illegal under applicable law), in any form whatsoever, is strictly prohibited.

End-customer users are deemed to be familiar with the applicable legislation and may not disclaim the GTC on the grounds of ignorance thereof.

For all practical purposes, it should be noted that the law applicable to these GTC is French law.

The use of the Solution is strictly limited to the nominal framework identified by its Publisher: it is intended for the employees of a professional (i.e. an entity with a SIREN number) and for the sole purpose of to improve IT protection of devices and the data stored on them. 

The reproduction of data through the Solution is authorized within the limits of that which is not protected by copyright, or that for which users have a right of use compatible with the Solution (for example, if the end customer or user concerned is the owner of the data, or if his or her owner has authorized reproduction of the data). the Solution (for example, if the end-customer or user concerned is the owner of the data, or if its owner has authorized him/her to reproduce it). 

Generally speaking, and for the purposes of clarification, the following uses are expressly considered to be abusive and will be prosecuted if found to be so: unauthorized copying and reproduction, distribution, duplication, translation, reverse engineering, disassembly and decompilation, deciphering and decryption, derivation of all or part of the source codes, rental and resale and lending in any form whatsoever.


Clause no. 4: Respective commitments of the Publisher and the end customer

The Publisher has put in place several measures to ensure a high level of robustness. These guarantees constitute a minimum set of requirements that the Publisher undertakes to maintain over time.

The Solution is hosted on a platform equipped with duplication mechanisms between geographical zones. This enables the Solution to have two copies of the backed-up data, in two locations sufficiently far apart one from the other (i.e. 500km to date, the Publisher undertaking to maintain a distance of 200km between the two hosting zones, in all circumstances).

To date, the Solution is hosted on French soil, in datacenters operated by OVH, a company incorporated under French law. The Publisher undertakes to maintain hosting and operation in equivalent conditions over time, whether with OVH and/or an equivalent operator.

The Publisher reserves the right to change the hosting provider for all or part of the Solution under the aforementioned conditions, without the end customer being able to object in any way.

The Publisher undertakes to give the end customer access to a version of the Solution whose hosting is HDS-certified, including in the event of replication. The end customer acknowledges having been informed that only the hosting is HDS certified, and that the Publisher is not certified. This guarantee is only offered as an additional measure.

Thus, the end customer remains solely and fully liable in the event that the third-party health data he processes, and for which he protects or backs up via the Solution, is disclosed as a result of a breach by one of his users, with regard to all the commitments incumbent upon them and summarized herein. of its users, with regard to all the commitments incumbent upon them and summarized herein.

The end customer is hereby informed that he/she is obliged to inform third parties whose health data he/she processes, and who may be concerned by the use of the Solution, that this data is subject to an outsourced externalized.

The end customer is also warned that this communication must be strictly and unambiguously worded: it must explicitly state that it is the end hosting that is HDS-certified, and not the Solution.

In the event of refusal by a third party whose data the end customer processes (generally its own customers/patients), the end customer undertakes to exclude the latter's data from the scope of use of the Solution.

In general, the end customer is reminded that it is his responsibility to make available to all third parties concerned by the data processing he carries out for them (generally, his own customers/patients), whether through this Solution or any other means of personal data processing. 

The Publisher undertakes to take into account the security of its platform at all stages of its life cycle:


  • The Solution has been entirely designed for secure development (i.e. all functionalities have been designed from a cyber perspective);
  • The solution has been the subject of a threat model to enable an assessment of the risks inherent in this type of technology;
  • The Solution is subject to security code reviews before any new portions of source code are incorporated;
  • The solution is subject to regular security audits and tests (at least once a year) to test its effective robustness;
  • The Solution is subject to security monitoring to identify any ongoing attacks on the platform;
  • All privileged accesses to the Solution are traced to enable subsequent analysis;
  • All staff who operate or use the Solution undergo Cybersecurity training and periodic awareness-raising sessions.

Furthermore, the Publisher undertakes to correct any vulnerability brought to its attention, according to its criticality (and immediately in the case of a critical vulnerability).

In the event of a breach of the end customer's personal data processed by the Solution, the Publisher undertakes to inform the end customer as soon as possible so that he can carry out any checks he deems necessary. necessary.

In its Solution, the Publisher undertakes to treat end-customer data strictly for the sole purpose of Cyberlib subscriptions (workstation protection including encryption, remote data backup).

The Publisher refuses to use this data for commercial purposes.

The Publisher has no access to the unencrypted data of third parties for whom the end customer uses the Solution. As the Editor does not have the encryption key to access this data, it is strictly impossible for him to access it directly. and the end customer remains solely responsible for its processing.

Nevertheless, the end customer undertakes to notify the Publisher of any security incident observed within the scope of use of the Solution, whether this concerns the Solution itself or the data processed through it.

The end customer declares that he is fully aware that the Solution cannot be considered perfectly reliable. The Publisher cannot be held responsible for an event beyond its control, which in good faith would have prevented it from to maintain the availability, integrity or confidentiality of end-customer data.

The Publisher therefore recommends that the end customer performs at least one other level of backup on his own, using a complementary means (e.g. an off-line storage disk), of the data he needs to ensure is their effective protection in terms of availability.

Clause 5: Exclusions

The Solution is provided "as is" and "as available", with all the advantages and disadvantages thereof.

The guarantees associated with the Solution are therefore strictly limited to those described below. 

The Solution does not have a "trial period". However, the end customer has the right to make a complaint within 30 calendar days of placing the order, in the event of a proven anomaly preventing him/her from enjoying the Solution, and for as long as responsibility for this anomaly can be expressly attributed to the Solution (requires written confirmation from a representative of the Publisher). the Solution, and as long as responsibility for this anomaly can be expressly attributed to the Solution (requires written confirmation from a representative of the Publisher).

It is impossible to guarantee that the Solution is and will be error-free, or that all errors can be corrected, or that the Solution will fully meet users' needs.

It is also impossible to guarantee that the Solution will be free from interruptions or unanticipated malfunctions.

The Publisher shall not be liable for loss of or damage to data, or for any damages whatsoever (including but not limited to loss of profits, loss of goodwill or market share, alteration or loss of data, or any hardware or software or intellectual property) resulting from the use of the Solution, whether normal or not in accordance with the GTC. market share, alteration or loss of data, or any hardware or software or intellectual property) resulting from the use of the Solution, whether normal or not in conformity with the GTC. 

This exclusion of liability remains valid in all circumstances, even if the end customer has notified the Publisher of a problem or anomaly relating to the Solution.

On the other hand, the Publisher undertakes to implement the necessary actions to enable the end customer to use the Solution under the nominal conditions provided for in these GTC.

In the event that the end customer is unable to use the Solution under its nominal conditions, he must notify the Publisher by any means at his disposal (in the first instance, the ticket system made available through the web interface of the Solution). through the Solution's web interface).

If it is impossible to use the channels provided, the end customer must notify the Publisher using any other possible channel (e-mail from the account manager or the contact below, etc.).

If, despite all attempts to resolve the anomaly, the use of the Solution in its nominal conditions is not possible for the end customer, the Publisher will study each situation on a case-by-case basis to determine the most appropriate proposal (temporary suspension of the subscription while the anomaly is resolved, termination of the contract, etc.). the most appropriate proposal (temporary suspension of the subscription while the fault is resolved, termination of the contract, etc.). The proposed solution remains at the sole discretion of the Publisher, without the end customer being able to demand require or make any changes to it.

The end customer is warned that this situation is only possible in cases showing an attempt on his part to use the Solution that is full, complete and in good faith. 

Thus, any situation contrary to the use of the Solution in good faith and in full (for example and without limitation: absence of Internet connection or limited network bandwidth, absence of a functional device or compatible with the Solution, lack of full or partial use of the Solution, or users not trained in IT) shall not give rise to any call into question of the contractual commitment between the Publisher and the end customer in any way whatsoever.


Clause 6: Preservation of traces

User and administrator access logs to the Solution are kept for six calendar months.

These are strictly limited to the data required for analysis purposes, and access to them is strictly limited to personnel with a need-to-know (such as regular administrators or authorized auditors on an ad hoc basis).

The end customer is hereby informed that he/she will be notified of any request concerning him/herself, his/her users or the data he/she processes through the Solution, originating from a judicial authority with binding power to impose such a decision. Except in the case where the decision is accompanied by an obligation of confidentiality preventing it from notifying him.

The end customer is hereby informed that the Publisher is under no obligation to notify him in the event of a decision by a judicial authority concerning the Solution or the data processed through it by one of the end customers, and which does not concern him himself. itself.


Clause 7: Maintaining operational conditions

The Publisher may plan interventions on the Solution for its operational maintenance. These will be limited to the shortest possible time, and the Publisher undertakes to notify the end customer of any planned intervention customer of any planned intervention involving a service interruption of more than two hours, one week in advance.

No penalty or compensation will be due for these interventions. 

The Publisher may also make any changes to the Solution that may be deemed necessary in order to comply with any applicable regulatory requirements.

In the event of a significant impact of these changes on the nominal use of the Solution, the Publisher undertakes to inform the end customer.

The Publisher has the right to terminate the end-customer's subscription to the Solution without notice and without compensation, in the event that the end-customer's use of the Solution prevents the Publisher from maintaining the Solution in operational conditions (e.g. unauthorized security audits).


Clause 8: End of contract

The end customer may terminate his subscription to the Solution by giving 3 months' notice before the annual renewal date. Notification of this cancellation request must be made by registered letter with acknowledgement of receipt. with acknowledgement of receipt, to be sent to the address shown at the foot of this document.

At the end of the end-customer's subscription to the Solution, the latter has a simple right of reversibility allowing him :


  • Maintain access to saved data for the nominal retention period allowed by the Solution, after which it will no longer be available;
  • Deactivate the security mechanisms implemented by the Solution on its users' devices, by restoring the original configuration available in the Solution's Web interface.

In the event of non-renewal of the subscription to the Solution within the aforementioned notice period, the Publisher will delete the technical data concerning the user within a maximum period of 6 months.

The Publisher will keep a copy of the commercial data for archiving purposes.

At the end of the subscription, the end-customer will no longer benefit from the Solution's "active" functionalities (updating workstation protection policies, changing the backup perimeter, accessing support tickets, etc.). tickets, etc.).

The end customer is informed that the deletion of all his data at the end of the retention period after termination of the subscription constitutes normal processing, which he expressly authorizes to be carried out through acceptance of these GTC.


Clause 9: Ownership of goods

The end customer, as the party responsible for processing the data he protects and saves via the Solution, grants the Publisher the right to reproduce such data in order to enable the Publisher to carry out the service.

This right of reproduction is not transferable, and remains intrinsically linked to the Solution, without the Publisher being able to use it for any other purpose.

Nevertheless, exclusions are provided for under the contract between the end customer and the Publisher (cf. clause no. 8), and the end customer is deemed to be fully aware of them.

In any case, the end customer remains responsible for the processing of data protected and saved by the Solution. 

The respective owners of this data are considered to be known to the end customer, who remains solely responsible for processing it in compliance with current regulations, or with any commitments he may have made to the third parties concerned. with the third parties concerned.

The contract concluded between the Publisher and the end customer is not intended to transfer any intellectual property to the end customer, in any way whatsoever and for any component of the Solution, whether software or hardware, direct (Web interface, software agent installed on devices) or indirect (trademarks, trade names, logos and showcase sites of the Publisher and the Solution). software or hardware, whether direct (Web interface, software agent installed on devices) or indirect (trademarks, trade names, logos and showcase sites of the Publisher and the Solution).

The license to use the Solution granted to the end customer is strictly limited to the terms of the contract (these GTC and any special conditions attached thereto), for the duration of the subscription to the Solution service, and only in respect of the country whose law is applicable to the present contract (in this case: France). and only in the country whose law is applicable to the present contract (in this case: France).

The end customer thus expressly acknowledges that, by virtue of the limited right of use granted to him, he has no right of assignment or transfer of the rights in question.

The end customer may therefore neither lend nor (re)sell the Solution or subscription he has, either wholly or partially, even free of charge or in the event of force majeure. 

In any event, if the end customer becomes aware of a legitimate reason requiring a transfer of his subscription (for example, in the event of a change of legal entity), he undertakes to inform the Publisher directly and as soon as possible, so that the latter can check that the subscription remains compatible with his new situation. the Publisher as soon as possible, so that the latter can check that the subscription remains compatible with the new situation.

In the event that such a transfer is not possible, the subscription will be automatically terminated on the date on which it can no longer be used under the conditions foreseen by the end customer, without the latter being able to claim any compensation. by the end customer.

Clause 10: Subscription

The end customer takes out a subscription to the Solution for a period of twelve (12) tacitly renewable months.

Each device on which he installs the Solution to benefit from the protection and backup functions must be declared in the Solution's Web interface, and counts as a valid device in the subscription.

If the end-customer declares more devices than the number allowed by his subscription, he will be asked to update his subscription to add the number of devices required for the use newly targeted by the end-customer. customer. 

If the end-customer refuses to update his subscription, the surplus devices will remain inactive and will not be able to benefit from the Solution, even if they have been fully completed in the web interface.

If the end customer accepts the change to their subscription, they will be redirected to a page to change their payment terms, in order to update their next payment due dates.

In the case of monthly installments, the subscription update will be taken into account by default for the next installment. However, the end customer may decide, when accepting the change, to activate the modification for the current month. the current month. In this case, they will also be asked to pay the difference in price for the current month.

If the end customer has opted for annual installments, the update during the subscription period will only concern the remaining duration of the current installment. This adjustment is made on the basis of the number of full months remaining between now and the end of the term. end of the term. For the current month, the end customer has the option of including it in the subscription update if he wishes to benefit immediately from the changes.


In the case of annual terms, the subscription will only be updated for the remaining duration of the current period. This adjustment is based on the number of full months remaining until the end of the term. The end customer may nevertheless decide, when accepting this change, to activate the modification as of the current month.

In all cases, the end customer undertakes to pay the new amounts due by the due date, via the payment method used when subscribing to the current subscription, or any other valid payment method linked to his/her customer account.

The prices applicable to any order at any time are those indicated on the Solution page (

https://cyberlib.fr/abonnement). These prices may be supplemented by any special conditions agreed in writing between the Publisher and the end customer.

Prices are quoted exclusive of VAT, and include the current rate of VAT.

The end customer is warned that the costs associated with the Solution only represent sums linked to it, and that he will have to pay concomitantly any other cost linked to a purchase enabling him to benefit from the Solution in its optimum conditions (legitimate operating system licenses, internet subscription, hard disk for additional backups, etc.). Solution in its optimum conditions (legitimate operating system licenses, Internet subscription, hard disk for additional backups, etc.).

All payments are due on issue of the due date, and the end customer is responsible for ensuring that payments remain honourable over time, via the means they have selected for the original due date.

In the event of blocking, refusal or delay of a payment by the selected means, the end customer is immediately notified of the anomaly by e-mail to the attention of his representative. If no action is taken within 7 days, the subscription will be suspended until the anomaly is corrected.

The end customer is hereby informed that this period of suspension of the subscription in the event of non-payment does not constitute a waiver or termination of the contract, and that he/she remains obliged to pay all outstanding instalments for the current subscription period. due for the current subscription period.

The period of suspension therefore remains in full, and any unpaid amounts will be recovered jointly and severally by any means deemed necessary.

The subscription is reactivated as soon as payment of the sums due by the end customer has been received, for the remaining subscription period between the date on which payment is received and the scheduled end date of the current subscription period. period.

The suspension period will not be subject to any deposit or refund. Nor can it give rise to a postponement of the subscription, as the days of suspension count as effective days of the current subscription.

By accepting these GTC, the end customer is therefore fully aware of these conditions, and expressly agrees to be solely responsible for any payment anomalies observed during the period of validity of his current subscription.

The Publisher nevertheless undertakes, in the event of a proven anomaly for which it is responsible and which has not enabled the end customer to honor his payment on time, to credit him with a credit note corresponding to the number of days of suspension unduly applied, and valid for deduction from the next due date, and then the one after that, until full use is made of the credit note in question. deducted from the next due date, and then the one after that, until the credit in question has been fully used.

Such an anomaly may not give rise to any compensation other than the number of days corresponding to the effective period of suspension of the subscription.

The end customer is informed that a subscription suspension means that he loses all effective access to the Solution's functionalities (device security policies, data backup, support tickets, etc.).

In the event of late payment, the Publisher reserves the legitimate right to claim the following amounts from the end customer:

  • A legal fixed indemnity for collection costs of forty (40) euros pursuant to article D.441-5 of the French Commercial Code;
  • An indemnity corresponding to the equal rate of interest plus fifteen (15) percent of the sums subject to late payment;
  • A flat-rate indemnity of fifty (50) euros per reminder sent by post;
  • Any other additional costs incurred by the Publisher against the end customer, to enable it to recover all sums due, including the above-mentioned indemnities and penalties.

Clause 11: Force majeure

The present contract between the Publisher and the end customer will be suspended in the event of an event of force majeure within the meaning of article 1218 of the French Civil Code, if the Publisher is no longer able to fulfil its contractual obligations and has notified the end customer as soon as possible by any means at his disposal.

The cases considered as force majeure for the Publisher and releasing it from its obligations under the contract are the following: generalized or focused power cuts on data hosting infrastructures or telecom networks, floods, storms, fires, earthquakes and landslides, epidemics and pandemics, strikes, labor disputes, riots, attacks, etc. or telecoms networks, floods, storms, fires, earthquakes and landslides, epidemics and pandemics, strikes, industrial disputes, riots, attacks, mobs, wars, as well as the acts of any person, entity or authority. acts of any person, entity or authority unrelated to the Publisher and which, by its actions, prevents the delivery of the service associated with the Solution in its intended conditions.

This list will be supplemented by any jurisprudence that may be adopted by French courts, without the above list being considered exhaustive.

The end customer may benefit from the force majeure clause, within the limits of the cases defined as reasonable in clause 5 (Exclusions). 

By way of reminder, any event leading to the unavailability or alteration of a device covered by the Solution shall not constitute a case of force majeure, it being understood that the very principle of the Solution is to offer data protection and recovery functionalities in such cases. data protection and recovery functionalities in such cases.

The duration of the suspension of the subscription to the Solution (and of its contractual commitments) in such cases is strictly limited to the duration of the case of force majeure.


Clause 12: Contingency management

In any case, no termination of the contract may call into question the payment of sums due under the current subscription.

In the event of unforeseen circumstances such that one of the parties finds itself upset by the burden caused, and that this clearly results in an imbalance to its disadvantage under the present contract, they undertake to consult each other in order to adjust the contract in such a way that the balance can be restored, as closely as possible to the present GCS and special conditions attached.

It is the responsibility of the party experiencing the unforeseen event to notify the other party, using any means at its disposal. Failing this, this means a registered letter with acknowledgement of receipt addressed to the other party, with its precise and justified description showing the contractual imbalance caused, and the request for renegotiation of the terms of the contract through precise and reasonable proposals.

If no agreement is reached in good faith within 45 days of receipt of this letter by the other party, the party suffering the unforeseen event may terminate the contract unilaterally, by registered letter with acknowledgement of receipt, clearly stating the attempts at negotiation and the reasons for the unilateral termination.

If the party affected is the end customer, this unilateral termination does not put an end to the obligation to pay all subscription instalments, which the customer undertakes to honor to the end, even in such a situation, the sums concerned remain fully due.

In any event, the parties involved under the present conditions declare that they have taken out an insurance policy to cover, in particular, their professional civil liability, on a continuous and regular basis for the entire duration of the present conditions. for the entire duration of the present contract.


Clause 13: Processing and personal data

The parties undertake to do everything within their respective best means to comply with regulatory obligations regarding data protection, and in particular personal data, as required by the RGPD (General Data Protection Regulation).

In this respect, the Solution processes personal data, in particular that of end-customer users. The Publisher has implemented a number of security measures to protect this data to the appropriate and expected level (access control, integrity verification, encryption, HDS certification, etc.). (access control, integrity checks, encryption, HDS certification, etc.).

The Publisher also has a Data Protection Officer (DPO), whom the customer or one of its users may contact at the following e-mail address:

dpo@cryptonit.fr 

Each of these users has the possibility of exercising a right of access, rectification, deletion, limitation, opposition and portability of this data, by contacting the DPO at the above address.

In this respect, the Publisher keeps an up-to-date register of data processing for the Solution, which is also available on request from the above address.

It is nevertheless reminded that the end customer is solely and entirely responsible for the validity, relevance and legal nature of all data entered into the Solution. The Publisher cannot be held liable be held liable in the event of any anomaly in the data with regard to the texts and regulations in force in the country where the services linked to the Solution are provided.

The end-customer releases the Publisher from all claims or complaints made against it by any user of the Solution. The end customer remains solely responsible for ensuring that the use of the Solution by each of the parties involved is in full compliance with these GTCs, as well as with all applicable laws and regulations. the present GTC, as well as all applicable laws and regulations.

In the event of an anomaly in the processing of data by the Solution, the end customer undertakes first to notify the contact point designated by the Publisher, in order to enable it to investigate the anomaly sufficiently to determine whether the anomaly is genuine. If so, the Publisher will take all necessary steps, within the reasonable limits of its capabilities, to correct the anomaly and complete the necessary formalities.

The end customer shall be fully responsible for any proceedings against the Publisher concerning a processing anomaly reported by a third party, and concerning data entered by one of its contributors within the Solution. within the Solution. 

This implies that he will bear all the costs and expenses associated with the Editor's defense, provided that the reason invoked by the third party concerns the aforementioned reason (anomaly in the data processed by the Solution and which have been entered by one of the end-customer's participants).

This obligation is conditional on the Publisher's undertaking to communicate to the end customer all elements in its possession concerning the alleged anomaly, and to inform the customer as soon as possible of any proceedings against it corresponding to the above-mentioned criteria, by registered letter with acknowledgement of receipt. by registered letter with acknowledgement of receipt.

It should be noted in particular that in the case of backed-up data (dedicated option of the Solution), the Publisher does not have "unencrypted" access to the data in question, which is stored in the form of encrypted blocks.

However, an exception is made in the case of a covered data restoration procedure, at the end customer's request. In this case, the Publisher's personnel will be able to access the data "in clear", for the time it takes to restore the data. In this specific case, the procedure is strictly supervised, with only a limited number of people within the Publisher having the rights to carry out this procedure.

The accesses in question and the activity carried out are logged, enabling us to trace the actual accesses to these data in such a situation.

As a general rule, unless duly authorized by the end customer, the Publisher and its staff shall refrain from "unencrypted" access to personal data entered into the Solution.

The Publisher also refrains from processing this data in any way other than that provided for in the Solution (protection, encryption, backup, etc.) and in particular from using it for advertising, marketing, commercial or statistical purposes, commercial or statistical purposes.

All data used for production testing by the end customer has the same security measures as production data.

`

Clause 14: Specific case of health data

This clause applies to any end-customer using the Solution to process health data (including if such use is detected by the Publisher, in the event that this type of processing has not been declared by the end-customer). customer).

Health data is a subset of personal data, and its sensitivity is such that it requires the implementation of special measures.

In this sense, all the measures specified in clause 13 apply to the protection of health data within the Solution (and in particular the HDS certification of the hosting).

The end customer acknowledges having been fully informed that only healthcare professionals duly authorized by the patients concerned are authorized to enter this type of data concerning them in the Solution.

If the end customer is responsible for processing the data in question, he acknowledges having received the necessary authorization to process it, and having been informed that obtaining this authorization is categorically necessary to lawfully process such data within the Solution.

The end customer undertakes to make full and complete mention to his customers/patients of the processing carried out by the Solution on their health data, and to be able to provide proof thereof to the Publisher on simple written request, within a within 8 days.

The end customer undertakes to respect the possibility for these persons to exercise their right to delete, oppose, access and rectify the data in question for legitimate reasons.

It is the end customer's sole responsibility to ensure that the correct information is provided to patients.

It remains the end customer's responsibility to ensure that all health data deposited in the Solution is protected in a manner appropriate to the needs associated with the data, in particular by anonymization or encryption.

Clause 15: Data breach

The end customer undertakes to inform the Publisher immediately of any suspected or proven data breach, and in particular for health data, through his usual point of contact or by contacting the following e-mail address address below:

dpo@cryptonit.fr 

The Publisher undertakes to do the same, whenever the violation in question concerns the end customer or one of its users.

Each party thus undertakes to provide the other party with all the information required to report any data breach to the competent authorities.

The end customer acknowledges having been informed by the Publisher of his obligation to follow the recommendations and good security practices in force, which can be consulted on the ANSSI website ( https://www.ssi.gouv.fr) and ANS ( https://esante.gouv.fr).

The end customer acknowledges that he/she has been informed of his/her obligation to comply with the general health information systems security policy available here : https://esante.gouv.fr/securite/pgssi-s/espace-de-publication)