DATA PROCESSING AGREEMENT

(Last updated: January 1, 2024)(Last updated: January 1, 2024)

‍‍

These special conditions relating to the processing of personal dataspecific terms and conditions relating to the processing of personal data (hereinafter the “Data Processing Agreement”« Data Processing Agreement » or “DPA”« DPA ») aim to define the conditions under which JoynitJoynit processes personal data on behalf of the User in connection with the use of the Application.These (hereinafter referred to as the or ) aim to define the conditions under which processes personal data on behalf of the User in connection with the use of the Application.

This DPA is concluded between:This DPA is entered into between:

  • JoynitJoynit, mobile and web application published by Linp Linp (hereinafter the Application), a simplified joint-stock company with a share capital of 2,284 euros, whose registered office is located at 128 rue de la Boétie, 75008 Paris, registered with the Trade and Companies Register under number 829 046 853, acting as SubprocessorProcessor within the meaning of Regulation (EU) 2016/679 on the protection of personal data (hereinafter "Joynit" or "the Subprocessor""Joynit" or "the Processor")

andand

  • Any natural person aged 16 or overindividual aged 16 or older or legal entitylegal entity installing, accessing, and using Joynit to organize appointments and/or events and, in doing so, processing personal data via the functionalities offered by the Application, acting as a Data ControllerData Controller within the meaning of the GDPR (hereinafter the"User""User", the "Users", "the Client""Users", "the Client" or "You""You").

This DPA constitutes an integral appendixintegral annex to the General Terms of UseGeneral Terms of Use and, where applicable, the General Terms of SaleGeneral Terms of Sale, accepted by the User upon registration or subscription, and applies throughout the entire period of use of the Application involving the processing of personal data.This DPA constitutes an to the and, where applicable, the , accepted by the User upon registration or subscription, and applies throughout the entire period of use of the Application involving personal data processing.

‍‍

2. Purpose2. Purpose

This DPA aims to define the conditions under which the Sub-processor processes personal data on behalf of the Client, in connection with the use of services offered by Joynit, in accordance with Regulation (EU) 2016/679 (GDPR).The purpose of this DPA is to define the conditions under which the Sub-processor processes personal data on behalf of the Client, in connection with the use of services offered by Joynit, in accordance with Regulation (EU) 2016/679 (GDPR).

‍‍

3. Description of Entrusted Processing Activities3. Description of Entrusted Processing Operations

3.1 Processing No. 1 – Appointment Booking via the Reservation Portal3.1 Processing Operation No. 1 – Appointment Booking via the Reservation Portal

PurposePurpose
Management of appointments organized by the Client via the appointment booking portal feature.
Management of appointments organized by the Client via the appointment booking portal feature.

Categories of Data SubjectsCategories of Data Subjects
Any natural person making an appointment request or booking with the Client via the Application's appointment booking portal feature.
Any natural person making an appointment request or booking with the Client via the Application's appointment booking portal feature.

Categories of Data ProcessedCategories of Data Processed

  • Last name
  • First name
  • Email address
  • Phone number if the field is enabled
  • Additional information freely defined by the Client via the settings of the appointment booking portal

Data Retention Period and Fate of DataData Retention Period and Fate of Data
The retention period for appointment data can be configured by the Client via the settings of the appointment booking portal.
The retention period for appointment-related data can be configured by the Client via the settings of the appointment booking portal.

At the end of the period defined by the Client, the data is automatically and irreversibly anonymized by the platform.At the end of the period defined by the Client, the data is automatically and irreversibly anonymized by the platform.

Appointment data is not automatically deleted. Once anonymized, it no longer allows for direct or indirect identification of a natural person and falls outside the scope of the GDPR.Data from appointments is not subject to automatic deletion. Once anonymized, it no longer allows for the direct or indirect identification of a natural person and falls outside the scope of the GDPR.

3.2 Processing No. 2 – Management of Event Participants3.2 Processing No. 2 – Management of Event Participants

PurposePurpose
Management of registrations and participation in events organized by the Client via the Joynit platform.
Management of registrations and participation in events organized by the Client via the Joynit platform.

Categories of Data SubjectsCategories of Data Subjects
Participants in events organized by the Client.
Participants in events organized by the Client.

Categories of Data ProcessedCategories of Data Processed

  • Last name
  • First name
  • Email address

Data Retention Period and Fate of DataData Retention and Disposal
Data related to event participants is retained for a maximum period of five (5) years from the last event participation, then automatically and permanently deleted by the platform.
Data relating to event participants is retained for a maximum period of five (5) years from the last participation in an event, after which it is automatically and permanently deleted by the platform.

4. Client Instructions4. Client Instructions

The Processor agrees to process personal data only upon documented instruction from the Client, in accordance with Article 28 of Regulation (EU) 2016/679 on the protection of personal data (GDPR).The Sub-processor undertakes to process personal data only on documented instruction from the Client, in accordance with Article 28 of Regulation (EU) 2016/679 on the protection of personal data (GDPR).

The Client's instructions include:The Client's instructions result in particular from:

  • of this Data Processing Agreement (DPA);
  • the Terms and Conditions of Use and, where applicable, the General Terms and Conditions of Sale;
  • settings made by the Client within the Application, including settings related to retention periods and data anonymization methods;
  • manual actions performed by the Client via the functionalities made available to them, such as the use of the dedicated deletion button allowing for the deletion of data associated with an appointment.

These settings and actions constitute documented instructions within the meaning of Article 28 of the GDPR.These settings and actions constitute documented instructions within the meaning of Article 28 of the GDPR.

The Client acknowledges having, within the Application, the necessary functionalities allowing them to autonomously delete data associated with an appointment.The Client acknowledges having, within the Application, the necessary functionalities enabling them to independently delete data associated with an appointment.

Consequently, the Client undertakes to carry out any data deletion related to an appointment themselves via the functionalities provided for this purpose and not to request the Sub-processor to perform such operations, except in the event of a duly established technical impossibility.Consequently, the Client undertakes to carry out any data deletion related to an appointment themselves using the functionalities provided for this purpose and not to request the Sub-processor to perform such operations, except in the event of a duly verified technical impossibility.

The Client remains solely responsible for the compliance, lawfulness, and relevance of the instructions provided, as well as for the processing operations carried out using the Application.The Client remains solely responsible for the compliance, lawfulness, and relevance of the instructions provided, as well as for the processing carried out using the Application.

In the event of the Client deleting a shared calendar within the Application, the Client acknowledges and accepts that all appointments and events linked to said calendar will be automatically and permanently deleted, including the personal data associated therewith.If the Client deletes a shared calendar within the Application, the Client acknowledges and agrees that all appointments and events linked to that calendar, including associated personal data, will be automatically and permanently deleted.

5. Confidentiality5. Confidentiality

The Sub-processor guarantees the confidentiality of the personal data processed and ensures that persons authorized to process them:The Sub-processor guarantees the confidentiality of the personal data processed and ensures that persons authorized to process them:

  • undertake to respect confidentiality,
  • are subject to an appropriate legal or contractual obligation.

6. Data Security6. Data Security

The Sub-processor implements appropriate technical and organizational measures to ensure a level of security appropriate to the risks, including:The Sub-processor implements appropriate technical and organizational measures to ensure a level of security appropriate to the risks, including:

  • the management of authorizations and access,
  • the securing of technical infrastructures and environments,
  • regular backups,
  • protection mechanisms against unauthorized access.

7. Sub-processors7. Further Sub-processors

The Client authorizes the Sub-processor to engage sub-processors, particularly for hosting, technical infrastructure, or sending communications.The Client authorizes the Sub-processor to engage further sub-processors, particularly for hosting, technical infrastructure, or sending communications.

The Processor ensures that these sub-processors provide sufficient guarantees regarding personal data protection and remains fully responsible to the Client for the fulfillment of their obligations.The Sub-processor ensures that these sub-processors provide sufficient guarantees regarding personal data protection and remains fully responsible to the Client for the performance of their obligations.

8. Assistance to the Controller8. Assistance to the Data Controller

The Processor assists the Client, to the extent reasonably possible, to enable the Client to:The Sub-processor assists the Client, within its reasonable means, to enable it to:

  • respond to requests for exercising the rights of data subjects (access, rectification, erasure),
  • comply with its obligations set out in Articles 32 to 36 of the GDPR.

9. Personal Data Breach9. Personal Data Breach

In the event of a personal data breach, the Processor agrees to:In the event of a personal data breach, the Sub-processor undertakes to:

  • notify the Client without undue delay after becoming aware of it,
  • provide useful information to enable the Client to fulfill its notification obligations to the supervisory authority and, where applicable, to the data subjects.

10. Disposition of Data at the End of the Contractual Relationship10. Disposition of Data at the End of the Contractual Relationship

Upon expiration of the contractual relationship between the parties:Upon expiration of the contractual relationship between the parties:

  • appointment data is maintained only in anonymized form, in accordance with the parameters defined by the Client;
  • data relating to event participants is deleted in accordance with the duration defined in Article 3.2.

Unless otherwise required by law, no personal data allowing the identification of a natural person is retained beyond this period.Unless otherwise legally required, no personal data allowing the identification of a natural person is retained thereafter.

11. Responsibility11. Responsibility

Each party is responsible for complying with its obligations under the GDPR, according to its role:Each party is responsible for complying with its obligations under the GDPR, according to its role:

  • the Client as Controller,
  • Joynit as Processor.

12. Effective Date12. Effective Date

This DPA comes into effect on the date of the Client's acceptance of the General Terms of Use and remains applicable throughout the duration of the use of services involving personal data processing.This DPA comes into effect on the date the Client accepts the General Terms of Use and remains applicable for the entire duration of the use of services involving personal data processing.