These special conditions relating to the processing of personal dataspecific terms and conditions relating to the processing of personal data (hereinafter the “Data Processing Agreement”« Data Processing Agreement » or “DPA”« DPA ») aim to define the conditions under which JoynitJoynit processes personal data on behalf of the User in connection with the use of the Application.These (hereinafter referred to as the or ) aim to define the conditions under which processes personal data on behalf of the User in connection with the use of the Application.
This DPA is concluded between:This DPA is entered into between:
andand
This DPA constitutes an integral appendixintegral annex to the General Terms of UseGeneral Terms of Use and, where applicable, the General Terms of SaleGeneral Terms of Sale, accepted by the User upon registration or subscription, and applies throughout the entire period of use of the Application involving the processing of personal data.This DPA constitutes an to the and, where applicable, the , accepted by the User upon registration or subscription, and applies throughout the entire period of use of the Application involving personal data processing.
This DPA aims to define the conditions under which the Sub-processor processes personal data on behalf of the Client, in connection with the use of services offered by Joynit, in accordance with Regulation (EU) 2016/679 (GDPR).The purpose of this DPA is to define the conditions under which the Sub-processor processes personal data on behalf of the Client, in connection with the use of services offered by Joynit, in accordance with Regulation (EU) 2016/679 (GDPR).
PurposePurpose
Management of appointments organized by the Client via the appointment booking portal feature.
Management of appointments organized by the Client via the appointment booking portal feature.
Categories of Data SubjectsCategories of Data Subjects
Any natural person making an appointment request or booking with the Client via the Application's appointment booking portal feature.
Any natural person making an appointment request or booking with the Client via the Application's appointment booking portal feature.
Categories of Data ProcessedCategories of Data Processed
Data Retention Period and Fate of DataData Retention Period and Fate of Data
The retention period for appointment data can be configured by the Client via the settings of the appointment booking portal.
The retention period for appointment-related data can be configured by the Client via the settings of the appointment booking portal.
At the end of the period defined by the Client, the data is automatically and irreversibly anonymized by the platform.At the end of the period defined by the Client, the data is automatically and irreversibly anonymized by the platform.
Appointment data is not automatically deleted. Once anonymized, it no longer allows for direct or indirect identification of a natural person and falls outside the scope of the GDPR.Data from appointments is not subject to automatic deletion. Once anonymized, it no longer allows for the direct or indirect identification of a natural person and falls outside the scope of the GDPR.
PurposePurpose
Management of registrations and participation in events organized by the Client via the Joynit platform.
Management of registrations and participation in events organized by the Client via the Joynit platform.
Categories of Data SubjectsCategories of Data Subjects
Participants in events organized by the Client.
Participants in events organized by the Client.
Categories of Data ProcessedCategories of Data Processed
Data Retention Period and Fate of DataData Retention and Disposal
Data related to event participants is retained for a maximum period of five (5) years from the last event participation, then automatically and permanently deleted by the platform.
Data relating to event participants is retained for a maximum period of five (5) years from the last participation in an event, after which it is automatically and permanently deleted by the platform.
The Processor agrees to process personal data only upon documented instruction from the Client, in accordance with Article 28 of Regulation (EU) 2016/679 on the protection of personal data (GDPR).The Sub-processor undertakes to process personal data only on documented instruction from the Client, in accordance with Article 28 of Regulation (EU) 2016/679 on the protection of personal data (GDPR).
The Client's instructions include:The Client's instructions result in particular from:
These settings and actions constitute documented instructions within the meaning of Article 28 of the GDPR.These settings and actions constitute documented instructions within the meaning of Article 28 of the GDPR.
The Client acknowledges having, within the Application, the necessary functionalities allowing them to autonomously delete data associated with an appointment.The Client acknowledges having, within the Application, the necessary functionalities enabling them to independently delete data associated with an appointment.
Consequently, the Client undertakes to carry out any data deletion related to an appointment themselves via the functionalities provided for this purpose and not to request the Sub-processor to perform such operations, except in the event of a duly established technical impossibility.Consequently, the Client undertakes to carry out any data deletion related to an appointment themselves using the functionalities provided for this purpose and not to request the Sub-processor to perform such operations, except in the event of a duly verified technical impossibility.
The Client remains solely responsible for the compliance, lawfulness, and relevance of the instructions provided, as well as for the processing operations carried out using the Application.The Client remains solely responsible for the compliance, lawfulness, and relevance of the instructions provided, as well as for the processing carried out using the Application.
In the event of the Client deleting a shared calendar within the Application, the Client acknowledges and accepts that all appointments and events linked to said calendar will be automatically and permanently deleted, including the personal data associated therewith.If the Client deletes a shared calendar within the Application, the Client acknowledges and agrees that all appointments and events linked to that calendar, including associated personal data, will be automatically and permanently deleted.
The Sub-processor guarantees the confidentiality of the personal data processed and ensures that persons authorized to process them:The Sub-processor guarantees the confidentiality of the personal data processed and ensures that persons authorized to process them:
The Sub-processor implements appropriate technical and organizational measures to ensure a level of security appropriate to the risks, including:The Sub-processor implements appropriate technical and organizational measures to ensure a level of security appropriate to the risks, including:
The Client authorizes the Sub-processor to engage sub-processors, particularly for hosting, technical infrastructure, or sending communications.The Client authorizes the Sub-processor to engage further sub-processors, particularly for hosting, technical infrastructure, or sending communications.
The Processor ensures that these sub-processors provide sufficient guarantees regarding personal data protection and remains fully responsible to the Client for the fulfillment of their obligations.The Sub-processor ensures that these sub-processors provide sufficient guarantees regarding personal data protection and remains fully responsible to the Client for the performance of their obligations.
The Processor assists the Client, to the extent reasonably possible, to enable the Client to:The Sub-processor assists the Client, within its reasonable means, to enable it to:
In the event of a personal data breach, the Processor agrees to:In the event of a personal data breach, the Sub-processor undertakes to:
Upon expiration of the contractual relationship between the parties:Upon expiration of the contractual relationship between the parties:
Unless otherwise required by law, no personal data allowing the identification of a natural person is retained beyond this period.Unless otherwise legally required, no personal data allowing the identification of a natural person is retained thereafter.
Each party is responsible for complying with its obligations under the GDPR, according to its role:Each party is responsible for complying with its obligations under the GDPR, according to its role:
This DPA comes into effect on the date of the Client's acceptance of the General Terms of Use and remains applicable throughout the duration of the use of services involving personal data processing.This DPA comes into effect on the date the Client accepts the General Terms of Use and remains applicable for the entire duration of the use of services involving personal data processing.