Preliminary article. GENERAL - SCOPE OF APPLICATION

These general conditions of service apply to services offered by SNACK GROUPE and SNACK Group companies to their customers (hereinafter the "Provider").

They are systematically supplied to customers with Estimated Quotations or Orders. Acceptance of the General Terms and Conditions of Sale necessarily implies acceptance of these General Terms and Conditions of Service.

They are intended to apply to all Orders agreed with the Customer even without SNACK GROUPE having to indicate again that the GCPS apply.

They apply exclusively, regardless of any clauses that may appear in the Customer's documents, in particular any general terms and conditions of purchase. In order to be bound by any condition derogating from these GCPS or from the Quotations expressly accepted by the Service Provider, the Service Provider must have expressly agreed to such condition in writing. Acceptance of an Order supersedes all prior oral agreements and communications and constitutes a complete and binding contract between the Customer and the Service Provider, which may not be modified or cancelled without the written agreement of both Parties.

The Customer also acknowledges that, prior to any Order, the Customer has received sufficient information and advice from the Service Provider to enable the Customer to ensure that the services offered are suited to the Customer's needs.

The Customer acknowledges that, upon acceptance of the Quotation, he/she has requested all necessary information and advice from the Service Provider. A series of exchanges and even meetings have taken place between the Parties, enabling the Customer to better define its orientations and the Service Provider to refine its service proposal and formulate its offer.

• DEFINITIONS

Specifications: refers to the document describing in detail the Customer's needs and requirements in terms of interoperability, volumes and security, as well as technical constraints. These specifications are drawn up following discussions, meetings and reflections between the Customer and the Service Provider. Specifications are only drawn up if necessary. The Service Provider may assist the Customer in drawing up these specifications.

Timetable : refers to the various stages in the provision of Services.

SEO campaign: The SEO campaign for the customer's website includes the study of keywords, the creation of ads and landing pages, the proposal of a link-buying strategy (netlinking) and the monitoring and analysis of the results of the SEO actions implemented.

Customer : Any individual or legal entity, acting for professional purposes, who orders a Service.

Order: means the Quotation accepted by the Customer. It may not include any additions not expressly accepted in writing by the Service Provider.

General Terms and Conditions of Service (GTCS): refers to these contractual terms and conditions. They define the terms and conditions for the provision of services, including their preamble and appendices, as well as any modifications, extensions or renewals.

Contract: refers to the whole formed by the GCPS and the accepted Order.

Quotation: the document summarizing the scope of Services validated by the Customer, specifying the selected Services, their characteristics, the implementation approach and the Price.

A quotation is only valid for 15 days or, failing that, for the duration mentioned in the quotation.

Written document detailing the services or products offered by the company, as well as their price, the conditions of execution or delivery, and any specific terms and conditions. The quotation is provided for information only, and is only binding on the parties once it has been accepted by the customer and confirmed by the company, under the conditions stipulated.

Customer Data: refers to all information and data transmitted directly or indirectly by the Customer.

Personal Data: refers to data which, within the meaning of the General Data Protection Regulation (GDPR) n°2016/679, makes it possible to designate or identify, directly or indirectly, a natural person.

Audiovisual adaptation right: The right to synchronize a musical work with a visual work, thus creating an audiovisual work, after authorization and assignment by the rights holders.

Reproduction and performance rights: The right to fix a work on a communication medium, or to publicly broadcast a musical work on a distribution platform, whatever the medium.

Meta tag : Part of the source code of the customer's web pages, containing keywords or descriptions invisible to Internet users, but used by search engines for referencing.

Domain name : the Customer's Internet identifier.

Party: Term referring individually or collectively to the customer and the service provider.

Additional Service: An additional service, not included in the initial quotation, requested by the customer and giving rise to the issue of a new quotation.

Price: The price paid by the Customer in return for the provision of the Services as set out in the Quotation.

Services: The services described in Article 2 of these conditions, those selected by the customer being specified in the quotation.

Website: the Customer's website.

• PURPOSE OF SERVICES

The Service Provider offers its customers :

Website creation : The creation of a website or e-commerce site includes graphic and technical design, while respecting technical recommendations to optimize natural referencing (SEO). This service also includes support and advice for the organization and implementation of functionalities and content adapted to the defined communication strategy.

3D/2D development: 3D/2D development includes the creation of 2D and 3D graphics and design content, the design of 2D and 3D games, and the development of application solutions. It also includes the development of virtual reality (VR), augmented reality (AR) and real-time 3D solutions, enabling interactive and immersive experiences.

Software and Application Development: Refers to all activities linked to the design, creation, implementation and maintenance of computer programs or applications designed to run on various media (computers, smartphones, tablets, etc.). This includes analyzing requirements, writing technical specifications, developing source code, testing functionality, as well as integrating and putting solutions into production. The aim of this process is to provide tools and systems tailored to specific customer requirements, while respecting agreed deadlines and established quality standards.

Computer programming: Computer programming is the process of creating and developing software, applications or systems using programming languages. It involves writing instructions, called "code", that enable a computer or device to perform specific tasks. This process includes designing algorithms, solving problems and optimizing performance to ensure that computer programs and systems run smoothly.

Search Engine Optimization (SEO): The Search Engine Optimization (SEO) service consists of analyzing, modifying, enriching or creating new content for the website, as well as modifying, adding or deleting Meta tags. This service also includes monitoring the site's position in search engine results, as well as any other SEO-related actions specified in the customer's quotation.

Search Engine Optimization (SEA) and/or Social Ads and/or Amazon Ads-type platform: The Search Engine Optimization (SEA) and/or Social Ads and/or Amazon Ads-type platform service consists of creating and managing advertising campaigns online or on social networks. It can also include any other action mentioned in the customer's quote and related to this type of referencing.

Digital marketing: The aim of the digital marketing service is to increase the site's visibility among prospects and customers. This includes support in defining, managing and monitoring an online strategy, as well as any other action described in the customer's quote in connection with digital marketing.

IT maintenance: IT maintenance refers to all actions and procedures aimed at ensuring the proper operation, security and performance of IT systems (computers, servers, networks, software). It includes preventing, detecting and correcting malfunctions, updating software, managing hardware breakdowns, as well as optimizing and continuously improving IT infrastructures to ensure their longevity and efficiency.

Netlinking: Netlinking, or link building, is an SEO strategy that involves obtaining external links (backlinks) pointing to a website from other sites. These links serve to reinforce a site's authority and popularity in the eyes of search engines like Google, which can improve its ranking in search results.

Data performance: The data performance service aims to improve website performance by analyzing data generated or processed, such as customer data, traffic and statistics. It also includes the implementation of audience tracking tools and any other action specified in the customer's quotation.

Photo and video production or Production: This service includes writing, directing, filming, editing, and adding sound and visual elements or retouching photographs, according to the customer's brief. The distribution of this content is accompanied by strategic advice adapted to different platforms.

Community management: The community management service offers strategic support for the distribution of content on social networks, and the development of a global strategy for support and influence on these platforms.

Sound design: The sound design service consists of providing a music library, supervising music selection for all types of media, or creating original musical content for audiovisual productions. This service includes audiovisual adaptation rights, but does not include payment of reproduction and performance rights to SACEM.

Additional services: The customer may request additional services from SNACK GROUPE. These services will be the subject of a new estimate, which must be accepted by both parties.

Social ads: The Social ads service consists of creating and managing online advertising campaigns on social networks. It can also include any other action mentioned in the customer's quote and linked to this type of advertising campaign.

The Service Provider's objective is to provide its customers and their teams with its skills and genuine know-how. The Service Provider has recognized know-how in this type of service, and a quality infrastructure enabling it to meet the expectations and needs expressed by the Customer.

• QUOTE - ORDER

3.1 Acceptance of a Quotation by the Customer constitutes an Order and therefore full and unreserved acceptance of the General Terms and Conditions of Service.

Unless expressly stated otherwise, the quotation is non-binding and subject to change.

It does not constitute an offer within the meaning of the Civil Code. The Order constitutes a legally binding offer, obliging the Service Provider to enter into a contract. Unless otherwise specified in the Order, the Service Provider has 15 working days (Monday to Friday, excluding public holidays) from receipt to accept the offer. Acceptance of an Order takes the form of written confirmation of the Contract from the Service Provider (including by e-mail). In the absence of written confirmation, a Contract (subject to these terms and conditions) may take effect with the provision of Services. In this case, the Customer waives receipt of written confirmation.

3.2. The Contract is made up of, in descending order of priority: 1. the Quotation and its appendices, in particular the RGPD, 2. the General Terms and Conditions for the provision of services. The Quotation here means a Quotation without any additions, erasures or deletions by the Customer. Any addition to a Quotation, in order to be enforceable against the Service Provider, must first be expressly and handwritten accepted by the latter.

3.3 The General Terms and Conditions of Service apply in full to future Quotations, in particular for additional Services to be agreed between the Parties.

All formal declarations and notifications which the Customer must address to the Service Provider after conclusion of the Contract (deadlines, defects, termination of the Contract or reduction of payment, etc.) shall be made in writing under penalty of invalidity at the Service Provider's registered office.

3.4. Acceptance of an Order by the Customer implies final agreement between the Parties on the level of service expected and, in particular, on the price of the Services. Only the Services expressly mentioned in the Quotation are due. The Service Provider does not refuse to provide additional Services. Such Services will, however, be subject to new Orders. Not included in the price as set out in the Quotation are all extraordinary expenses incurred by the Service Provider during the course of the assignment which were not initially foreseen and which are necessary for the successful completion of the project, as well as the cost of any additional and/or unforeseen Services requested by the Customer during the course of the assignment.

3.5. Commitments made by the Customer are binding. Any modification or cancellation of an Order requires the express agreement of the Service Provider.

The same applies to the duration of the Contract: prices for Services are calculated on the basis of the costs and services to be provided. To be profitable for the Service Provider, SEO Services in particular require strict adherence to this duration. The first few months are characterized by particularly heavy and costly stages for the Service Provider, which he can only make profitable over a specific period.

However, customers are invited to inform the Service Provider of their request.

• OBLIGATIONS OF THE PARTIES

• Obligations of the Parties: The Parties undertake always to act towards the other Party with the utmost loyalty.

• Obligations of the Service Provider :

1. Quality of service: The Service Provider takes the utmost care with the Services it provides. It provides its Services in compliance with the rules of the trade and with the obligations arising from the Contract and, where applicable, from the Specifications expressly accepted. It undertakes to use commercially reasonable efforts to meet requests. The Service Provider is solely responsible for the choice of means to be deployed to accomplish its mission. The Customer undertakes to provide the Service Provider, without exception, with all access, documents and information necessary for the proper performance of the assignment. Any text supplied by the Customer must be proofread and corrected by the latter beforehand; no modification or correction whatsoever will be made by the Service Provider (applicable to the "Website Creation" service , unless a service to this effect has been explicitly agreed).

1. Competence - teams - subcontracting: The Service Provider employs qualified and competent personnel. The teams in charge of the services entrusted to the Service Provider are trained and have genuine expertise in the fields specific to their services.

The Services may be provided by a company in the SNACK group (article L233-16 of the French Commercial Code) or by any qualified subcontractor meeting the conditions of know-how and competence referred to above. The Service Provider ensures the competence and know-how of its teams. The SNACK group makes this a requirement.

1. Obligation to provide information: The Service Provider is bound by an obligation to provide information concerning the Services offered and provided. The Customer undertakes to obtain information in order to successfully complete its project, to cooperate fully with the Service Provider and its technical teams, and to methodically anticipate its needs in terms of expected functionalities or objectives, and knowledge of its competitors and target audience.

The Customer is, however, a professional in the same field of expertise and this obligation is limited accordingly.

1. Customer Data: undertakes (i) not to use or modify the Customer Data for any purpose other than that of the agreed Services, (ii) not to disclose the Customer Data to any person other than the Customer (iii) to maintain the security of the Customer Data.
2. Image rights: The Service Provider shall ensure that the members of its teams or the contributors it has chosen have all consented to the use and projected processing of their images.

1. Search Engine Optimization" "Digital Marketing" services: The Service Provider complies with the best practices specific to its activity and with the "Quality and Ethics Charter for Website Search Engine Optimization" drawn up by the Internet Positioning European Association (IPEA).

• Customer obligations :

1. Active collaboration: Customer makes a strict commitment :

• to respect the order process. The Service Provider shall not be held liable for any Services not agreed upon or for any consequences arising from the communication of erroneous or incomplete data, in particular during the drafting of any specifications.
• to transmit, at the start of the assignment, the elements requested by the Service Provider. This may include :
  
  • for the "Website Creation" Service, a minimum of its visual identity and graphic charter, textual content not produced by the Service Provider, information on the desired CTAs (Call to Action), as well as any videos, photos or illustrations to be inserted, legal notices, links to social networks to be integrated, and any legal requirements such as the RGPD or privacy policy. On a technical level, this includes the domain name, hosting, the desired deployment technique (specific languages or CMS), as well as access to third-party accounts such as Google Analytics, Google Search Console or any other tool required to manage the site.for the "Search Engine Optimization" Service, in particular all relevant information about the Website, such as its URL address, the list of keywords the Customer wishes to see used, and all information concerning the main competitors, the audience it wishes to reach or the geographical areas it wishes to focus on. If available, the Customer must provide access to the website (back-end and CMS). The Service Provider requires administrator access to the CMS, access to the server or FTP, as well as access to Google Search Console, Google Analytics, Google Tag Manager, Google My Business, hosting and, where applicable, social networks, email marketing tools, and affiliation or advertising platforms.For the "Data Performance" Service, the Customer undertakes not to restrict access to the data necessary for the proper performance of the Service.
  • for the "SEA, Social Ads, Amazon Ads and other sales platforms" Service, the Customer verifies the suitability of the keywords and/or advertising texts proposed by the Service Provider with its requirements, and ensures the legality and rights to the products proposed. The Customer must provide access to Google Ads, Google Analytics, Google Tag Manager, access to the Meta business manager account, manager or administrator access to platforms such as X Ads (Twitter), Linkedin Ads, TikTok Ads, Pinterest Ads, etc., as well as access to associated pages and accounts, tracking pixels (Facebok pixel, Linkedin Insight Tag, etc.). It must also provide access to associated pages and accounts, tracking pixels (Facebbok pixel, Linkedin Insight Tag etc.). For affiliate campaigns The Service Provider must have access to the various platforms (e.g. Awin, CJ Affiliate, Rakuten etc) reports and metrics and partner management tools. For Amazon, the Customer must provide access to Amazon Advertising, access to Seller Central or Vendor Central and access to Amazon Attribution tools. If available, access to reporting dashboards (Google Data Studio, Tableau, etc.), access to sales and CRM management systems if required, access to bid management and automation tools (Google Display, Video360, Criteo, Smartly, AdEspresso, Kenshoo or others; access to advertising billing account information (Google Ads, Facebook Ads, Amazon Advertising, etc.) to manage the budget, adjust spending, and ensure that campaigns comply with defined budget constraints.
  • for the "Production" "3D Development" Services, the Customer provides the elements and documents required for production. Where applicable, the Customer provides access to a database, access to android and iOS developer pages and Meta and other stores, any 2D Image, .png, .svg etc, any 3D model and 3D animation, materials, videos to be integrated, sounds and music, access to licenses (e.g. if the Customer exceeds the sales thresholds set by Unity, he must take out a license and provide the Service Provider with a seat). The Service Provider reserves the right to refuse any element supplied if it does not meet the technical or regulatory requirements of the project. The Service Provider reserves the right to refuse any element supplied if it does not meet the technical or regulatory requirements of the project. It undertakes to obtain the image rights of the various participants and/or contributors, and the distribution rights for any image, photo, video or music supplied to the Service Provider. If some of the participants and/or speakers do not wish or no longer wish to grant their image rights, the Customer undertakes to inform the Service Provider immediately. If such a change affects the content of the Service already carried out and the Service Provider has to repeat or modify the Service, the costs and prices associated with this modification, possible return or other, will be borne by the Customer.
  • In general, the Customer undertakes, as the project progresses, to provide the Service Provider without delay with all documents, data, information and elements required for the provision of the Services and which may be requested by the Service Provider. The Customer undertakes to notify the Service Provider of any changes to such data in good time.

The Service Provider offers a validation process for media to be processed. The Service Provider may refuse to process certain files in advance, in particular for quality reasons that it may have detected.

The provision of the agreed Services requires active collaboration between the Customer and the Service Provider. The Service Provider offers Services which can only be performed in close collaboration with the Customer. The Customer also undertakes to have the Service Provider's personnel sign the documents provided by the Service Provider for this purpose. The Service Provider may refuse access to the filming session to any person who has not signed these documents (in particular, if he so wishes, his own forms relating to image rights).

1. Preparation for the Service Provider's intervention - technical requirements. The Customer assures the Service Provider that the prerequisites requested by the Service Provider will be met. These may include security measures, availability, ergonomics for an Internet site, or measures to exclude sequential advertising (" pop-ups") and, in general, all diligence necessary for the provision of the Services. The Service Provider shall not be held liable for any failure to perform such due diligence. This may include the creation of user accounts (e.g. Google Adds, Google Analytics, etc.). Failing this, the Customer mandates the Service Provider to do so. In this case, a mandate is proposed by the Service Provider.

1. Cooperation between the Service Provider's and Customer's teams: The Customer undertakes to inform its staff or subcontractors in good time of the performance of the Service by the Service Provider and to organize good cooperation between them and the Service Provider.

He shall encourage his staff to meet deadlines so as not to hinder or delay the Service Provider's work.

The Customer acknowledges that the Service Provider does not necessarily have detailed knowledge of the Customer's professional activities. As such, any professional ambiguities or inaccuracies must either be removed or explained by the Customer as soon as they become known.

In order to facilitate the performance of the Service, the Customer shall designate a person within its organization to act as themain contact for the Service Provider, whose name and contact details shall be communicated as soon as possible. Depending on the Services agreed, the Service Provider reserves the right to request the appointment of a contact person with sufficient decision-making powers to ensure proper project management.

1. Data, photography, video, music, image rights, image rights: The Customer is (i) solely responsible for the accuracy, quality, integrity, legality, reliability and appropriateness of all data, photography, video, music, image rights, creations transmitted (ii) for the reliability and appropriateness of all such elements of the Customer; (iii) for the unauthorized access or use of any services, and shall promptly inform the Service Provider of any unauthorized access or use. The Customer warrants to the Service Provider that it holds or has been assigned or granted all rights to the media it transmits to the Service Provider for use in connection with the Service and in the performance and operation of the Service, and in particular all trademark rights, copyrights, design rights, databases, image rights, etc., especially in relation to online campaigns. ESPECIALLY FOR ONLINE CAMPAIGNS

The Customer further declares and guarantees that the form or description of the referenced links corresponds to the purpose of the Website, that the URL address corresponds exactly to the destination URL, and that the destination URL does not automatically redirect the Internet user to another website.

1. Laws and regulations : The Customer undertakes to comply with the present terms and conditions and with the laws and regulations in force relating to its activities, and not to infringe the rights of third parties or public order.

With regard to the "Referencing" Service, the Customer undertakes to maintain the content of his Website in compliance with the laws and other regulatory texts in force, and acknowledges his full responsibility for said Content.

The Customer is responsible for all activities that occur on any user accounts made available and for any users' compliance with the Contract.

Article 5. FINANCIAL CONDITIONS

5.1. Prices are agreed between the Parties on the basis of information communicated by the Customer to the Service Provider. The said price is therefore determined for the services exhaustively described in the Quotation. Prices are exclusive of VAT. The VAT rate applied will be that in force on the day of invoicing.

One-off services : Prices are payable as follows:

• a deposit corresponding to 40% of the total purchase price of the above-mentioned services is required when the order is placed;
• progress payments are made as the project progresses;
• the balance of the price is payable in cash on the day of delivery of the Service
• on receipt of invoice or by direct debit for recurring monthly or periodic services

Subscription services: A subscription may be agreed depending on the nature and duration of the Services, particularly for "Search Engine Optimization" and "Digital Marketing" Services. This price is indexed to the Syntec index and is revalued annually on the anniversary date of the Contract. Non-application of indexation does not constitute a waiver.

5.2. The following payment methods may be used:

• per sampling;
• by bank transfer ;
• by species

Payments made by the Customer will only be considered definitive once the amounts due have been received by the Service Provider. The price never includes advertising expenses, netlinking, relocation, unless otherwise stated, remuneration of third parties such as influencers or content creators, nor costs related to the purchase of links, which are paid directly by the Customer to the referrer or publisher, unless otherwise specified by the Customer.

The Customer may request an additional Service during the performance of the Service. This time-based Service is subject to additional invoicing.

Article 6. INVOICING - PAYMENT

6.1. Invoices, drawn up in one copy by the Service Provider, are payable net and without discount or rebate on the due date.

6.2. It is expressly agreed that failure to pay invoices on the due date will result in :

• the immediate payment of all sums owed to the Service Provider by the Customer, regardless of the method of payment, without prejudice to any other action that the Service Provider may be entitled to take against the Customer;
• the payment of compensation equal to 20% of the amount of the invoice price, including VAT, as damages and interest;
• late payment interest at the fixed ECB refinancing rate plus ten (10) points calculated on the amount of the invoice price inclusive of tax, will be automatically acquired by the Service Provider, without any formality or prior notice.

The aforementioned penalties are payable without the need for a reminder, without prejudice to any other action that the Service Provider may take against the Customer in this respect. In the event of late payment, any debtor shall owe the Service Provider, in addition to the late payment penalties already provided for by law and the present General Terms and Conditions of Sale, a fixed indemnity for collection costs of forty (40) euros.

6.3. In addition, the Service Provider reserves the right, in the event of non-compliance with the above payment conditions, to suspend or cancel the supply of Services ordered by the Customer and/or to suspend the performance of its obligations (even when these obligations result from separate orders). Any grievance relating to the provision or sale of a Service does not, however, authorize the Customer to refuse payment for other service proposals.

6.4. In the event of an error on an invoice issued by the Service Provider, the Customer has a period of fifteen (15) working days from dispatch of the invoice to request a correction. This request may be made in writing or by any means available to the Customer (letter or e-mail). After verification by the Service Provider, and in the event of a proven error, an adjustment credit note will be issued by the Service Provider. Disputes relating to a service are in no way suspensive of payment for other services.

It is unlawful to offset sums due for different services without the written consent of the Service Provider. The same applies to debit notes, penalties of any kind or requests for credit notes. In any event, the Service Provider must be given the opportunity to comment. It is only when these observations have been made and a written agreement has been reached between the parties that compensation between reciprocal, liquid and due claims will be enforceable within the meaning of the present article.

6.5 There are no discounts or rebates for periodic services in months with public holidays.

• SERVICE PERIMETER MODIFICATION

Any change to the scope of Service defined in the Quotation must be initiated by a change request from the Customer.

In the event of a change request, the Service Provider must promptly initiate an impact study concerning changes to costs and the Performance Schedule. The Service Provider must also provide the Customer with a proposal containing a cost estimate and a new provisional Execution Schedule, clearly indicating whether any delivery date is likely to be delayed, and if so, to provide an estimate of the delay that could be envisaged.

If the change is acceptable to both Parties and does not adversely affect the Execution Schedule or the price fixed in the Quotation, then the change will be implemented at no additional cost to the Customer.

If this is not the case, the Parties will conclude an agreement in the form of a written Amendment signed by the representatives of both Parties. The Endorsement will specify the content of the modifications, the terms and conditions of application, the pricing system adopted and the implementation deadline.

• RECEPTION - AVAILABILITY

8.1. The Customer must check that the Service provided by the Service Provider corresponds to the offer accepted within ten (10) working days of receipt of the Service. Conversely, the Customer must notify the Service Provider of any deficiencies within this period, in writing and stating the reasons therefor.

8.2. The Service is deemed to have been received, at the latest: when twenty (20) working days have elapsed since the provision of the Service; or the Customer has begun to use the elements, results of the Services, or the Service and ten (10) working days have elapsed since the provision of the Service. Receipt of the Service means, where applicable, the provision of the modified version of the development.

If no response is received from the Customer within the allotted time, the Service Provider's mission is deemed to have been completed. In the event of reservations, the Service Provider modifies the website or application, or the 3D production, to take account of these reservations. Once the website has been validated by the Customer, it is tested under Internet network conditions. In the absence of any malfunction mentioned by the Customer within 15 working days, and after a successful load conformity check, the Customer is deemed to have definitively accepted the website. The date of final acceptance of the website is set at the date following the expiry of the aforementioned 15-day period, and constitutes a tacit record of final acceptance approved by both parties without further formality. The Customer is then liable for the price still to be paid.

8.3. For the "Production" and "3D Development" Services: Within the period agreed between the Parties after presentation of the mock-up, a first copy of the project will be given to the Customer. This copy will serve as a reference for any modifications the Customer may wish to make.

Unless otherwise indicated on the Quotation, the Customer is free to request modifications to the project supplied by the Service Provider.

There is no limit to the number of modifications the customer may request, but they must be grouped together in a single request. Please note that certain specific conditions may be mentioned in the quotation, in which case they will take precedence over these general conditions.

The Customer is hereby informed that the modifications may not concern the music, the script or the structure of the special effects , and that they may not require the Service Provider to shoot again.

If the Customer wishes to make changes to these elements, or if the modifications require new image captures, a new quote will be drawn up with adjusted pricing, which must be approved and signed by the Customer.

Any errors in the information supplied by the Customer that lead to additional modifications will not give rise to a new series of free corrections. If the Customer wishes to integrate these modifications, a separate quotation will be required.

In the event of an error on the part of the Service Provider, all modifications necessary for correction will be made free of charge.

• SCHEDULE

The Services will be delivered within the timeframe specified in the Performance Schedule, which may be specified in the Quotation. Timely delivery is subject to the Customer having fulfilled all of its obligations to the Service Provider, including payment of the deposit(s) referred to in the Contract, the Customer's obligation to provide all the information required for the service, and good cooperation with the Service Provider's technical team.

In view of the nature of the Services entrusted to the Service Provider, it is agreed between the Parties that the deadlines appearing in the said Performance Schedule are indicative. The Service Provider shall use its best endeavors to comply with this Performance Schedule, but shall not be held liable for any failure to comply with certain deadlines, except in the event of gross negligence.

The importance of the Service Provider's active cooperation is also emphasized.

The Service Provider can never be held liable if the delay was caused by the delay of its suppliers, or for any cause outside the Service Provider's control (weather, accident, force majeure, etc.).

Except in the above-mentioned case, failure to meet delivery deadlines shall not give rise to any claim for damages or withholding.

• CONFIDENTIALITY - REFERENCE

The Parties agree to treat as strictly confidential all information, methods and documentation that they may come into possession of in the context of the present agreement, with regard to their respective businesses. The Parties undertake not to use such information for personal purposes and not to disclose it to third parties.

In particular, all information provided to staff, subcontractors and third parties of either Party, all documents (economic, technical, functional, organizational, etc.) and data entrusted to them and not available to the public, all discussions in which they participate and all documents issued are considered strictly confidential and constitute a substantial part of the Parties' assets.

The Parties undertake to ensure compliance with this obligation by all their corporate officers, employees, subcontractors and third-party contractors.

The parties undertake to use all appropriate means to maintain absolute secrecy concerning the methods, information and documentation of the other party to which it may have had access during the performance of the present contract.

Each Party is authorized to quote the other by way of reference, without this entailing the right to use any acronym or sign. Each Party may freely and at any time terminate this right by registered letter with acknowledgement of receipt and without notice, without the other Party being able to claim any consideration, nor to consider that it has suffered any loss, and a fortiori to claim damages.

• INTELLECTUAL PROPERTY - LICENSE

The Customer's brand as well as all content, documents, elements, knowledge, texts, visuals, images, photographs, catalogs, logos, videos, drawings, models, software, databases published in particular on its Internet Site or made available by the Customer are and remain the exclusive property of the Customer (the "Customer's Intellectual Property").

The Customer grants the Service Provider, free of charge, non-exclusive and transferable, worldwide and for the duration of the Services, the right to use its Intellectual Property, including its Website, exclusively in connection with the performance of the Servicesand, in particular, for referencing purposes.

The Customer also grants the Service Provider the right to use its trademark or logo for the purposes of referencing, presentation, communication or promotion of the Services.

The Customer authorizes the Service Provider to carry out or have carried out any modifications and/or adaptations and more particularly any compilation and creation of a derivative work of the Customer's Intellectual Property which may prove necessary due to technical, storage, hosting, referencing, compilation, presentation and/or publication constraints and for the purposes of presentation, referencing, promotion and/or advertising of the Customer.

With regard to the services offered by the Service Provider,

• Service

The Service Provider does not transfer any intellectual property to any other party in its business relations.

• Services " Search Engine Optimization " " Digital marketing "

The Service Provider retains full ownership of its copyrights arising from its Services. The use of its creations and Services shall be in accordance with the terms of the assignment and the legal and regulatory provisions in force at the time of acceptance of the quotation.

The Service Provider holds all economic and moral rights to the work produced as part of the assignment, and, unless otherwise stipulated, only grants the Customer a right of use limited to the material media in which the work appears. The Customer is only authorized to use the creation and may not, outside the scope of the assignment, communicate it to a third party, even free of charge, nor publish or reproduce it without the Service Provider's prior written consent.

Any use of the creation by the Customer, not initially planned, must be expressly authorized by the Service Provider, accompanied by remuneration to be agreed.

The Customer must hold all exploitation rights to the works or intellectual property rights provided to the Service Provider, in particular for their reproduction. This also includes all distinctive elements and graphics (drawings, trademarks, photographs, etc.) that may be used on any communication media supplied by the Service Provider.

The Service Provider undertakes not to infringe any copyright, image right, trademark or other intellectual property right belonging to third parties, whether natural persons or legal entities, in respect of the elements it supplies. The Service Provider is responsible for obtaining the rights of use necessary for the performance of the services ordered by the Customer and, if necessary, will regularize the transfer of rights in accordance with the French Intellectual Property Code. The Service Provider will then inform the Customer of any limitations concerning the rights of third parties to the creations retained.

In the event of claims or legal action by a third party, the Customer undertakes to modify the disputed elements by replacing them with original elements or elements for which the Service Provider holds the necessary rights.

• Production and 3D Development departments

The Service Provider retains all copyright and intellectual property rights to the Service and its proposals. Any reproduction, modification or use of the Service is prohibited without the prior written consent of the Service Provider, which may be subject to financial compensation.

Once the Services have been paid for in full, the Customer benefits from a right to use the Service under the conditions defined in the Quotation. Unless otherwise stipulated, this right includes unlimited distribution of the final product as delivered, with no possibility of modification or separate use of its component parts.

If the Customer wishes to obtain a partial or total transfer of copyright, the Service Provider will propose a new, adapted pricing structure. Furthermore, the Service Provider reserves the right to use extracts from the Service for promotional purposes, unless the Customer has explicitly requested confidentiality in writing.

If the Service is to remain confidential until a specific date, the Customer must inform the Service Provider, who undertakes not to distribute the Service before that date. Once this period has expired, the Service Provider is free to distribute and exploit the product as part of its promotional activities.

The Service Provider undertakes not to re-use the distinctive elements of the Service for other projects. These elements include, but are not limited to, the script, image editing, graphic elements and any original creation specific to the Customer. The Service Provider shall take care to avoid any confusion with the final product. Furthermore, the Service Provider undertakes not to use the Customer's visual identity or intellectual property rights, such as logos or trademarks, for purposes outside the scope of the service.

In the event of disagreement concerning the use of extracts from the Service, the Customer may lodge an objection by registered letter. However, the final decision as to whether or not to accept this request rests with the Service Provider.

It is specified that, unless expressly agreed otherwise, the Service Provider remains the exclusive owner of the elements created during the realization of the Service (such as rushes, etc.). These elements will only be kept for a period of six (6) months after delivery of the Service. The Service Provider is, however, at the Customer's disposal to agree on an extension of this period or the acquisition of these elements by the Customer.

• Service "website creation :

The Service Provider is the author of the software components and source codes. As such, the Service Provider is vested with all copyrights thereto, in accordance with the French Intellectual Property Code. In addition, the Service Provider declares that it has acquired all rights necessary for the use of any website components contributed by the Service Provider and for which the Service Provider is not the author.

1Assignment of copyrights on website creation. The Service Provider assigns all of its economic rights to the Customer when the website is deemed completed and the Services have been paid for in full. The Service Provider grants the Customer and any assignees the right to use and exploit the website and all of its software components and source codes for an unlimited period of time for the purposes of the Service Provider's business. This right includes the right to freely adapt and readapt all or part of the software components and source codes, without compensation, in particular for the purpose of developing new solutions. The Customer undertakes not to market to third parties the website incorporating all or part of the software components and source codes transferred, or to develop a business competing with that of the Service Provider.

Re-use of the solution and source codes by the Service Provider. The Service Provider shall be entitled to reuse all or part of the software components and source codes free of charge within the scope of its business.

Mention of the designer's name. The Service Provider will be mentioned on a page of the website called "Legal information" accessible via the footer of the website.

Warranties. The Customer warrants that it is the sole owner of the Intellectual Property Rights, in particular the content of the Website and the Domain Name and that the use of the Customer's Intellectual Property by the Service Provider for the purpose of performing the Services does not infringe, misappropriate or violate the rights of third parties including, but not limited to, the right to privacy, right of publicity, copyrights, trademarks and any other intellectual property rights. In the event of an action by a third party against the Service Provider, the Customer warrants to intervene voluntarily in the action. The Customer also warrants that it is personally responsible for obtaining all rights and authorizations necessary for the referencing of its Website, in particular for the use of keywords, and undertakes to inform the Service Provider if it does not have the necessary authorizations for the use of keywords, texts or titles.

• PERSONAL DATA

1. Ownership of Data: The Customer is the sole owner of the rights to the Data processed as part of the Services.

The Customer grants the Service Provider and its subcontractors a non-exclusive, worldwide, royalty-free, transferable license to host, cache, copy and display such Data solely for the purpose of performing the Services and exclusively in association with or in connection with the Services.

This license shall terminate automatically upon termination of the Contract, unless it is necessary to continue hosting and processing the Data, in particular in order to implement Reversibility operations.

The Customer represents and warrants that it has all necessary authorizations to use the Data in connection with the Services and that it may freely license the same to the Service Provider and its subcontractors under the terms set forth above. The Customer further represents and warrants that in creating, installing or downloading the Data as part of the Services, it does not exceed any rights that may have been granted to it in respect of all or part of the Data, and that it does not infringe any third-party rights.

The Customer undertakes to indemnify the Service Provider for any and all financial consequences that the Service Provider may incur as a result of the Customer's failure to comply with the aforementioned guarantees concerning the Data.

The Customer shall take care not to place the Service Provider, in connection with the use of the Data Services, in an awkward position which would require the Service Provider to comply with specific laws or regulations other than those expressly provided for in the Agreement.

Access to Data: Access to the Data is reserved solely for the Customer. However, the Service Provider or its subcontractors may also access the Data for the sole purpose of providing the Services. Such access to the Data by the Service Provider may only be temporary. The Service Provider must ensure that it does not damage the Data and that it does not allow any further access to the Data once the reasons for its intervention have ceased.

The Customer is hereby informed and accepts that the Service Provider may access its Data and transmit them if required to do so by an administrative or judicial authority authorized to access the Data.

Accessibility and security of data, personal data and Sensitive Data: The Customer acknowledges that the Agreement describes the conditions under which the Customer may access the Services which may enable the Customer to create, sort, modify, process Data and use said Services, which are capable of meeting the Customer's needs, in particular to enable the Customer to fulfill its obligations with respect to Personal Data and Sensitive Data. The Service Provider shall in no event be liable for the Customer's failure to comply with its legal or contractual obligations with respect to Personal Data and Sensitive Data.

The Customer is solely responsible for the creation, selection, design and use of the Data by End Users in connection with the Services. It is also solely responsible for the collection and processing of Personal Data and Sensitive Data by End Users. Where the legislation to which the Customer is subject requires the prior authorization of the persons whose Personal Data is processed, or where said legislation imposes a series of obligations on the person called upon to process said Personal Data, it is the sole responsibility of the Customer to comply with the applicable legislative provisions and to obtain any prior authorizations.

The Customer acknowledges that the Service Provider has no control over the transfer of Data via the public telecommunication networks used by the Customer to access the Services, in particular the Internet. The Customer acknowledges and accepts that the Service Provider cannot guarantee the confidentiality of the Data transferred over such public networks. Consequently, the Service Provider may not be held liable in the event of, in particular, misappropriation, capture, corruption of the Data, or any other event likely to affect the Data, occurring during its transfer to public telecommunication networks. For the purposes of this clause, the term Data includes Sensitive Data and Personal Data.

• SERVICE GUARANTEES

The Service Provider undertakes that :

• its services under normal conditions of quality and continuity;
• its services materially comply with the service description in the Quotation.
• the services developed by the Service Provider do not contain or transmit to the Customer any malicious code (with the exception of any malicious code contained in attachments downloaded by the User);
• the Service Provider guarantees that the services provided under the Contract do not infringe the rights of third parties or constitute an infringement of a pre-existing work.

• RESPONSIBILITIES

Needs not expressed by the Customer to the Service Provider, in particular in any specifications, are excluded from the scope of the Service Provider's responsibility.

Unless otherwise agreed between the parties, the Service Provider may not be held liable for any indirect loss. By express agreement between the parties, any financial or commercial loss, loss of sales, profits, data, orders or clientele, as well as any action brought against the Customer by a third party, with the exception of an action by a third party involving the implementation by the Service Provider of the warranty of eviction, shall be considered as indirect loss.

The Service Provider may not be held liable in the event of :

• use of the services in a manner not provided for or not expressly authorized by the Contract;
• modification of all or part of the services or of the information accessible via the services not carried out by the Service Provider or by one of the Authorized Service Providers designated by the latter;
• use of all or part of the services when the Service Provider, following a difficulty or for any other reason whatsoever, had recommended suspending use;
• use of the services in an environment or configuration that does not comply with the technical prerequisites indicated by the Service Provider, or in connection with third-party programs or data not expressly endorsed by the Service Provider;
• loss of Customer data following an intervention by the Customer or a third-party service provider appointed by the Customer or the Service Provider, where the Customer has not taken the precaution of backing up its data prior to this intervention when requested to do so;
• the occurrence of any damage resulting from the Customer's fault or negligence, or which the Customer could have avoided by seeking advice from the Service Provider;
• use in connection with the Services of programs not supplied or endorsed by the Service Provider and likely to affect the Services or Customer Data.

In order to assert its rights, the Customer must, under penalty of forfeiture of any action relating thereto, inform the Service Provider in writing by means of a registered letter with acknowledgement of receipt, of the existence of defects in the performance of its services within a maximum period of ten (10) days from their discovery. The Service Provider shall rectify or have rectified, at its exclusive expense and in accordance with the appropriate procedures approved by the Customer, the services deemed to be defective. In any event, should the liability of the Service Provider be accepted, the Service Provider's guarantee is limited to the amount (excluding VAT) actually paid by the Customer for the provision of the services.

For the "Production" and "3D Development" Services in particular, the Customer uses the Service provided under his or her own responsibility, and the Service Provider cannot be held liable for any direct or indirect damage arising from such use. The Service Provider assumes no responsibility if the use of the Service infringes French or foreign legislation, particularly in terms of public order or morality.

As the Product is designed according to the specifications provided by the Customer, the latter must ensure its legal conformity and suitability for the initial purpose prior to any use. The Customer undertakes to indemnify the Service Provider in the event of any disputes with third parties resulting from the use of the Service based on elements transmitted by the Customer.

The exclusions and limitations of liability set out above do not apply to claims by the Customer relating to death, personal injury and damage to health and, more generally, to any claim excluded from the scope of such liability limitation or exemption clauses by virtue of mandatory statutory provisions. The Service Provider accepts no liability for loss or damage caused by any Force Majeure event.

• REVERSIBILITY " WEBSITE DEVELOPMENT SERVICE " " SOFTWARE OR APPLICATION CREATION

In the event of expiry or termination of all or part of a service for any reason whatsoever, the Service Provider undertakes to carry out the operations that will enable the Customer to take back, or have taken back by a third party, the data resulting from the implementation of the services, under the best possible conditions in a standard format that can be read without difficulty in an equivalent environment.

The Customer will actively cooperate with the Service Provider to facilitate data recovery.

The Service Provider will ensure that the Customer can continue to use the data without interruption, either directly or with the assistance of another service provider.

These reversibility operations will take place during the time required to achieve reversibility, including after expiry or termination of the Contract if necessary.

A quotation will be drawn up prior to the start of reversibility operations. The Service Provider undertakes to provide precise details in its quotation.

• AUDIT

In the event of a major project, the Service Provider undertakes to allow its Customer or its representatives to inspect the facilities used by the Service Provider at any time it deems appropriate, subject to notifying the Service Provider and not disrupting the organization of the Service Provider's work and its personnel. It undertakes not to use any information obtained in this context for purposes other than inspection.

• NO DISCHARGE

The Customer expressly refrains, for the duration of this Agreement, and for a period of three (3) years after the expiration of this Agreement, for any reason whatsoever, from recruiting or attempting to recruit for its own benefit or that of a third party, directly or indirectly, or inducing to resign, any employee or salaried personnel of the Service Provider.

• PERSONAL DATA

The Service Provider takes the utmost care with personal data. It acts as a Subcontractor within the meaning of Article 33 of the RGPD.

All personal data collected is necessary for the conclusion and execution of the Contract and is used for the proper management of relations with the Customer, the processing of orders and the promotion of the Company's services. The personal data collected is kept for as long as is necessary for the performance of the Contract, the fulfilment by the Service Provider of its legal and regulatory obligations, or the exercise of the prerogatives granted to it by law and jurisprudence.

Access to personal data is strictly limited to the Service Provider's employees and agents, who are authorized to process such data by virtue of their position. The information collected may be communicated to third parties linked to the Service Provider by contract for the performance of subcontracted tasks necessary for order management, without the Customer's authorization being required. It is specified that, in the context of the performance of their services, third parties have only limited access to the data and are obliged to use it in compliance with the provisions of the applicable legislation on the protection of personal data. Apart from the cases set out above, the Service Provider undertakes not to sell, rent, transfer or give access to third parties to data without the Customer's prior consent, unless compelled to do so for a legitimate reason (legal obligation, fight against fraud or abuse, exercise of rights of defense, etc.). Data recipients are located entirely within the European Union or, where applicable, with foreign service providers who have signed a specific agreement with the Service Provider that strictly complies with the European Commission's standard contractual clauses.

In accordance with the applicable legal and regulatory provisions, customers have the right to access, rectify, port and delete their data, or to limit its processing. They may also, for legitimate reasons, object to the processing of data concerning them. Customers may exercise their rights, subject to production of valid proof of identity, by contacting: rgpd@snackgroupe.com. In the event of difficulty in connection with the management of his personal data, the Customer may lodge a complaint with the Commission Nationale de l'Informatique et des Libertés or any other competent authority. A data subcontracting contract is drawn up with the Customer in charge of processing.

• FORCE MAJEURE

The Parties shall not be held liable if the non-performance or delay in performance of any of their obligations as described herein is due to force majeure.

• IMPREVISION

In the event of a change in circumstances unforeseeable at the time of conclusion of the Contract, in accordance with the provisions of article 1195 of the French Civil Code, the Party which has not agreed to assume the risk of excessively onerous performance may request renegotiation of the Contract from its co-contractor.

If renegotiation fails, a single Party can only apply to the courts to have the Contract rescinded.

• FORCED EXECUTION IN KIND

In the event of either party failing to meet its obligations, the defaulting party may, in accordance with the provisions of article 1222 of the French Civil Code, one (1) month after sending a formal notice to perform which has remained unsuccessful, have the obligation performed by a third party, at the expense of the defaulting party, provided that the cost is reasonable and in line with market practice, without the need for judicial authorization, it being understood that the defaulting party may also, at its option, request in court that the defaulting party advance the sums necessary for such performance. In the event of non-performance of any of the obligations incumbent on the other party, the defaulting party may request termination of the Contract in accordance with the terms and conditions set out in the article "Termination of the Contract".

• RESOLUTION

In the event of non-compliance by either Party with the following obligations: failure to provide the service; failure to communicate the required information and acquired collaboration (4.3); failure to provide the prerequisites (4.3); timely payment (Article 5); intellectual property (Article 11). It is expressly understood that termination due to a Party's failure to meet its obligations will occur ipso jure, with formal notice resulting from the sole fact of non-performance of the obligation, without summons or performance of formalities. It is expressly agreed between the Parties that the debtor of an obligation to pay on time will be validly put in default by the mere due date of the obligation, in accordance with the provisions of article 1344 of the French Civil Code. In any event, the injured party may apply to the courts for damages.

• TOLERANCE

Any waiver, for any length of time whatsoever, of the right to invoke the existence or total or partial breach of any of the clauses of the Contract shall not constitute a modification or deletion of the said clause or a waiver of the right to invoke the benefit of or previous concomitant or subsequent breaches of the same or other clauses. Any such waiver shall only be effective if expressed in writing by the person duly authorized for that purpose.

• APPLICABLE LAW - JURISDICTION

The General Terms and Conditions of Service and all contractual relations between the Service Provider and the Customer are governed by French law. The settlement of any dispute, including international disputes, directly or indirectly related to the present contractual relationship shall be settled by the ordinary courts of Paris, France.

APPENDIX 2 - GENERAL RGPD SUBCONTRACTING CONDITIONS

The Service Provider acts for its customers as a Subcontractor within the meaning of Article 13 of the RGPD.

1. PURPOSE OF THE GENERAL CONDITIONS OF SUBCONTRACTING

The purpose of these General Terms and Conditions of Subcontracting is to define the conditions under which the Subcontractor undertakes to carry out the personal data processing operations defined below on behalf of the Data Controller.

In the context of their contractual relationship, the Parties undertake to comply with the regulations in force applicable to the processing of personal data and, in particular, Regulation (EU) 2016/679 of the European Parliament and of the Council of April 27, 2016 applicable as of May 25, 2018 (RGPD).

2. DESCRIPTION OF THE PROCESSING TO BE OUTSOURCED

The Subcontractor is authorized to process on behalf of the Controller the personal data necessary to provide the following services:

• Provision of services offered by the Service Provider ;
• Service billing;
• Ancillary activities: maintenance and development.

The nature of the operations carried out on the data is the processing of personal data and the transfer only to authorized third parties.

For the Service Provider, the purpose of the processing is: the performance of contracts concluded between the Service Provider and its customers, and the management of its staff.

The personal data processed are :

• as regards usual contacts for the proper performance of the contract: surname(s), first name(s), business telephone number, job title, business postal address, business e-mail address;
• for services: the Subcontractor uses all the data required for said services.

The categories of persons concerned are employees, customers and contacts of the Data Controller.

For the performance of the service covered by this contract, the Data Controller provides the Subcontractor with the following information:

• as regards usual contacts for the proper performance of the contract: surname(s), first name(s), business telephone number, job title, business postal address, business e-mail address;
• with regard to services: the Subcontractor uses all the data required for said services.

3. THE PROCESSOR'S OBLIGATIONS TOWARDS THE CONTROLLER
4. SUBCONTRACTOR'S GENERAL COMMITMENTS

The Subcontractor undertakes to:

• process data solely for the purpose(s) for which it is outsourced;
• process the data in accordance with the Data Controller's documented instructions contained in this contract. If the Processor considers that an instruction constitutes a breach of the GDPR or any other provision of Union or Member State law relating to data protection, it shall immediately inform the Data Controller. In addition, if the Processor is required to transfer data to a third country or to an international organization under Union law or the law of the Member State to which it is subject, it must inform the Processor of this legal obligation prior to processing, unless the relevant law prohibits such information for important reasons of public interest ;
• guarantee the confidentiality of personal data processed under this contract;
• guarantee to the Data Controller that the obligations mentioned in this contract are complied with by its personnel. In all cases, the Subcontractor shall remain responsible for compliance by any subsequent subcontractor with the obligations referred to in this contract and shall indemnify the Data Processor against any damage, loss or claim resulting from non-compliance with these obligations ;
• ensure that the persons authorized to process personal data under this contract :

• are only those persons whose functions require access to personal data for the strict performance of the tasks entrusted to them. The Subcontractor undertakes to take or adapt any internal measures in terms of internal organization or techniques to limit any dissemination of personal data to other persons;
• are committed to confidentiality or are subject to an appropriate legal obligation of confidentiality;
• receive the necessary training in the protection of personal data;
• take into account, with regard to its tools, products, applications or services, the principles of data protection by design and data protection by default;

4. SPECIFIC OBLIGATIONS IN THE CASE OF SUBCONTRACTING

The Processor may call upon another processor (hereinafter referred to as the "Subsequent Processor") to carry out specific processing activities. In this case, it shall inform the Data Controller in advance and in writing of any planned changes concerning the addition or replacement of other subcontractors. This information must clearly indicate the processing activities subcontracted, the identity and contact details of the subcontractor and the dates of the subcontracting agreement. The Data Controller has a minimum of thirty (30) days from the date of receipt of this information to present his objections. Such subcontracting may only be carried out if the Data Controller has not raised any objections within the agreed period.

The subsequent Subcontractor is required to comply with the obligations of this contract on behalf of and in accordance with the instructions of the Data Controller. It is the responsibility of the Initial Processor to ensure that the Subsequent Processor presents the same sufficient guarantees regarding the implementation of appropriate technical and organizational measures so that the processing meets the requirements of the RGPD.

5. SUBCONTRACTOR'S SPECIFIC ASSISTANCE OBLIGATIONS

The Subcontractor assists the Data Processor in carrying out the tasks entrusted to it in :

•  data protection impact assessments ;
• prior consultation with the supervisory authority.

If reasons or events raise doubts as to the Subcontractor's compliance with its personal data protection obligations, the Data Controller may audit the Subcontractor, at its discretion, but during normal business hours.

6. RIGHT TO INFORMATION

It is the responsibility of the Data Controller to provide information to data subjects at the time of data collection.

7. SPECIFIC OBLIGATIONS WHEN EXERCISING PERSONAL RIGHTS

Insofar as possible and within the scope of the tasks entrusted, the Subcontractor must help the Data Controller to fulfil its obligation to respond to requests to exercise the rights of data subjects: right of access, rectification, erasure and opposition, right to limit processing, right to data portability, right not to be the subject of an automated individual decision (including profiling).

Where data subjects make requests to the Subcontractor to exercise their rights, the Subcontractor must send these requests as soon as they are received by e-mail to the following address - e-mail: rgpd@snackgroupe.com

8. NOTIFICATION OF PERSONAL DATA BREACHES

Within the scope of the tasks entrusted to them, the Subcontractor shall notify the Data Controller of any personal data breach within a maximum of forty-eight (48) hours of becoming aware of it. This notification shall be accompanied by any useful documentation to enable the Data Controller, if necessary, to notify the breach to the competent supervisory authority.

The notification shall contain at least :

•  a description of the nature of the personal data breach including, if possible, the categories and approximate number of persons affected by the breach and the categories and approximate number of personal data records affected;
• the name and contact details of the data protection officer or other point of contact from whom further information can be obtained;
• a description of the likely consequences of the personal data breach;
• a description of the measures taken or proposed to be taken by the controller to remedy the personal data breach, including, where appropriate, measures to mitigate any negative consequences.

If, and insofar as, it is not possible to provide all this information at the same time, it may be provided in stages without undue delay.

With the consent of the Data Controller, the Subcontractor may, in the name and on behalf of the Data Controller, communicate the personal data breach to the data subject as soon as possible, where the breach is likely to result in a high risk to the rights and freedoms of an individual.

The communication to the data subject shall describe, in clear and simple terms, the nature of the personal data breach and shall contain at least:

•  a description of the nature of the personal data breach including, if possible, the categories and approximate number of persons affected by the breach and the categories and approximate number of personal data records affected;
• the name and contact details of the data protection officer or other point of contact from whom further information can be obtained;
• a description of the likely consequences of the personal data breach;
• a description of the measures taken or proposed to be taken by the Controller to remedy the personal data breach, including, where appropriate, measures to mitigate any negative consequences.

9. SAFETY MEASURES

The Subcontractor undertakes to set up in its company :

1. IT security measures designed to prevent unauthorized access to the Infrastructures on which the Data Controller's data is stored;
2. identity and access controls via an authentication system and password policy;
3. a system of physical and logical isolation between Processing Managers,
4. authentication processes for users and administrators, as well as protection measures for administration functions;
5. as part of support and assistance operations, an authorization management system based on the principles of least privilege and need-to-know, and
6. continuous data back-up to restore availability and access to personal data within an appropriate timeframe in the event of a physical or technical incident.

10. DATA DISPOSAL

On completion of the services relating to the processing of such data, the Subcontractor undertakes to make all personal data available to the Data Controller.

Once destroyed, the Subcontractor must justify the destruction of the personal data in writing.

10. REGISTER OF CATEGORIES OF PROCESSING ACTIVITIES

The Subcontractor declares that it keeps a written record of all categories of processing activities carried out on behalf of the Controller, including:

• the name and contact details of the Data Controller on whose behalf it is acting, of any subcontractors and, where applicable, of the Data Protection Officer;
• the categories of processing carried out on behalf of the Controller;
• where applicable, transfers of personal data to a third country or to an international organization, including the identification of such third country or international organization and, in the case of transfers referred to in the second subparagraph of Article 49(1) of the GDPR, documents attesting to the existence of appropriate safeguards ;
• as far as possible, a general description of the technical and organizational security measures, including among others, as appropriate :

• pseudonymization and encryption of personal data ;
• means to guarantee the ongoing confidentiality, integrity, availability and resilience of processing systems and services;
• the means to restore availability and access to personal data within an appropriate timeframe in the event of a physical or technical incident;
• a procedure for regularly testing, analyzing and evaluating the effectiveness of technical and organizational measures to ensure the security of processing.

12. CONFIDENTIALITY

The Subcontractor undertakes to guarantee the confidentiality of personal data processed under this contract.

It also ensures that all persons authorized to process personal data undertake to respect confidentiality or are subject to an appropriate legal obligation of confidentiality.

13. DOCUMENTATION

The Subcontractor shall make available to the Controller the documentation necessary to demonstrate compliance with all its obligations and to allow audits, including inspections, to be carried out by the Controller or another auditor appointed by it, and to contribute to such audits.

14. OBLIGATIONS OF THE CONTROLLER TOWARDS THE PROCESSOR

The Data Controller undertakes to:

• provide the Subcontractor with the data referred to in Article 2 ;
• document in writing any instructions concerning the processing of data by the Subcontractor ;
• ensure, beforehand and throughout the duration of the processing, that the Subcontractor complies with the obligations set out in the RGPD;
• supervise processing, including carrying out audits and inspections of the Subcontractor.