Data Processing Agreement

Last updated : March 21, 2019

 

The Client and Dimelo SA (the “Saas Provider”) must comply with the provisions of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (hereinafter referred to as the “GDPR”)

The provisions of this “Data Processing Agreement” (“DPA”) apply to the processing of Personal Data performed as part of the SaaS Services provided.

The DPA and the Agreement are complementary and mutually explanatory.

Capitalised terms that are not defined in this DPA have the meaning assigned to them in the Agreement.

The purpose of this DPA entered into between Dimelo SA, a RingCentral company or Dimelo SA, and the Client under Article 28 of the GDPR is to set out the terms and conditions on which the SaaS Provider, in its capacity as a Data Processor and for the purposes of the SaaS Services described in the Agreement, will process Personal Data on the Client’s instructions. This DPA does not apply to the Saas Provider’s processing of Personal Data in its capacity as a data controller.

Dimelo SA may revise this DPA at any time at its sole discretion by posting the revised DPA on the dedicated webpage. However, the version of the DPA that is binding upon the Client remains the one that was effective on the date of the signature of the Agreement.

 

          1. GENERAL PRINCIPLES

1.1        For the purposes of this DPA, the Saas Provider acts as a “Data Processor” and the Client is presumed to act as a “Data Controller”. The terms “Data Processor” and “Data Controller” have the meaning assigned to them in the GDPR.

1.2        If the Client acts as a data processor on behalf of a third-party Data Controller, the Parties expressly agree that the following terms and conditions will apply:

The Client must ensure that (i) all authorisations required to enter into this DPA, including the Client’s appointment of the Saas Provider to act as a sub-processor, have been obtained from the Data Controller, (ii) a contract, which must not in any way conflict with the terms and conditions of the Agreement (including this DPA), has been entered into with the Data Controller in accordance with Article 28 of the GDPR, (iii) all instructions received by the Saas Provider from the Client under the terms of the Agreement and this DPA are consistent in all respects with the instructions given by the Data Controller, and (iv) all information provided or made available by the Saas Provider under this DPA is, where required, provided to the Data Controller in an appropriate manner;

The Saas Provider (i) processes Personal Data solely on the Client’s instructions, and (ii) will not receive any direct instructions from the Data Controller, unless the Client has ceased to exist in practice or in law without any transfer of its rights and obligations to a third-party entity; and

The Client is fully liable to the Saas Provider for the proper performance of the Data Controller’s obligations in accordance with this DPA and shall indemnify and hold the Saas Provider harmless from and against any liability for (i) any failure by the Data Controller to comply with applicable laws, and (ii) any action, claim or complaint by the Data Controller relating to the provisions of the Agreement (including this DPA) or regarding the instructions received by the Saas Provider from the Client.

1.3        The Parties acknowledge that the fulfilment of the purpose of the Agreement and the use of the SaaS Services and its functionalities in accordance with its Documentation constitute the documented instructions given by the Client.

“Documentation” means the information provided by the Saas Provider in the form of user documentation supplied with the SaaS Services and/or that may be provided in the form of an online help service.

If the Client wishes to give any additional instructions, they must be given in writing and specify the relevant purpose and the operation to be performed, it being agreed that no additional instructions may be implemented until the Client has accepted the corresponding quote issued by the Saas Provider.

The Saas Provider undertakes to inform the Client, using any available means and within five (5) days of becoming aware of the instructions, in the event that, in its opinion, the instructions received infringe the Personal Data Regulations.

1.4        The Parties note that the Client is the sole Party with control over and knowledge (in particular, of its origin) of the Personal Data processed as part of the performance of the Agreement. The Client therefore warrants that it will fulfil all of its obligations as a Data Controller.

1.5        The Saas Provider shall erase the Personal Data and any copies under the “Return of Client Data” clause of the Agreement unless it is required to retain that Personal Data under applicable laws.

1.6        The Client undertakes to give the Saas Provider the contact details of the person to be contacted for any information, communications, notices or requests under this Appendix, when the Agreement is signed. If the Client fails to provide that information, the person signing the Agreement will be deemed to be the relevant point of contact.

 

          2. SCOPE

2.1        The Saas Provider is authorised, as a Data Processor acting in accordance with the Client’s instructions, to process the Data Controller’s Personal Data to the extent required to provide the SaaS Services.

2.2        The operations performed by the Saas Provider on the Personal Data may involve data calculations, storage and/or any other service, as described in the Agreement.

2.3        The type of Personal Data and the categories of data subjects are determined and monitored by the Client, at its sole discretion. The processing operations are performed by the Saas Provider for the period agreed in the Agreement.

 

          3. OFFERING OF SERVICES

3.1        The Client is solely responsible for the use of the SaaS Services. The Client must ensure that the said use is consistent with the characteristics and the conditions required, in light of the activities and processing performed by the Data Controller and also the type of Personal Data to be processed as part of the SaaS Services including, but not limited to, cases where the SaaS Services is used to process Personal Data governed by specific regulations or rules (as is the case in some countries, for example, for health data and banking data). The Client is informed that the Saas Provider does not propose any services integrating technical and organisational measures, in particular for security purposes, specifically designed to protect the processing of health data or banking data.

3.2        If the processing performed by the Data Controller could result in a high risk to the rights and freedoms of natural persons, the Client must take due care. When assessing the risk, the following criteria must be taken into account, without limitation: a systematic and extensive evaluation of personal aspects relating to natural persons; automated decision-making producing legal effects or that could significantly affect the data subject; systematic monitoring of data subjects; processing of special categories of data or sensitive data; large-scale processing operations; linking of data; combinations of data; processing of the data of vulnerable natural persons; use of innovative new technologies to process data, that are little known to the general public.

3.3        The Saas Provider shall make available to the Client, in accordance with the provisions of the “Audits” clause, the information relating to the security measures adopted for the SaaS Services, to allow them to assess whether those measures are sufficient for the processing of the Data Controller’s Personal Data.

 

          4. COMPLIANCE WITH APPLICABLE REGULATIONS

Each Party shall comply with applicable data protection regulations, including the GDPR, as of the effective date in the European Union.

 

          5. DESCRIPTION OF DEFAULT DATA PROCESSING

5.1        Regarding Dimelo Digital

The nature of operations carried out on the Data are as follows:

      - Collection, recording, storage, retrieval, alteration, consultation, disclosing by transmission, interconnexion, correlation, erasure or destruction.

The purposes of Data Processing are:

      - Publishing content on public/private communication channels;

      - Customer Relationship Management;

      - SaaS Services User Management.

Types of Personal Data processed are:

      - Data regarding identification of individuals:

          - Surname, First name, Phone numbers, Email address, Gender, Company;

      - Data regarding personal life:

          - Content published on communication channels connected to the SaaS Services, public information on social media connected to the SaaS Services;

      - Login data:

          - Activity on the Service Software;

          - IP addresses used for login (only for SaaS Services Users).

      - The Client has the ability to store other types of Personal Data in Dimelo Digital using custom fields or contextual information. The Client ensures the sufficient and adequate legal basis to store the Custom Personal Data in Dimelo Digital

          - Categories of Data Subjects are:

      - Natural persons who communicate via the digital channels connected to the SaaS Services;

      - Users of the SaaS Services.

Data retention duration (between 1 day and 2 years) is defined by the Client, based on its needs and context, and configured in the platform by Dimelo Digital administrators.

5.2        Regarding Dimelo Communities

 

The nature of operations carried out on the data are as follows:

      - Collection, recording, storage, retrieval, alteration, consultation, disclosing by transmission, erasure or destruction.

The purpose of the Data Processing is:  

      - Online sharing space management.

Types of Personal Data processed are:

      - Data regarding identification of individuals:

          - Surname, First name, Email address;

      - Data regarding personal life:

          - Content published on the online sharing space, private messaging;

      - Login data:

          - Activity on the SaaS Services, IP addresses used for login.

      - The Client has the ability to store other types of Personal Data in Dimelo Communities using custom fields or contextual information. The Client ensures the sufficient and adequate legal basis to store the Custom Personal Data in Dimelo Communities

Categories of Data Subjects are:

      - Online sharing space contributors.

Data retention duration (between 1 day and 2 years) for inactive users is defined by the Client, based on its needs and context, and configured in the platform. Contents can be deleted in autonomy by Dimelo Communities administrators and moderators.

 

          6. SAAS PROVIDER'S OBLIGATIONS

The Saas Provider undertakes as follows:

  1. to process the Personal Data uploaded/downloaded, stored and used by the Client as part of the SaaS Services solely to the extent required to provide the SaaS Services, as described in the Agreement,
  2. not to access or use Personal Data for any purposes other those required for the performance of the SaaS Services (including for the management of Defects),
  3. to implement the technical and organisational measures required to ensure the security of the Personal Data in the context of the SaaS Services,
  4. to ensure that its employees authorised to process the Personal Data under the terms of the Agreement are bound by an obligation of confidentiality for the Personal Data,
  5. to inform the Client if, in its opinion and based on the information in its possession, any of the instructions given by the Client infringe the provisions of the GDPR or other Personal Data protection provisions in force in the European Union or in a member state of the European Union,
  6. to inform the Client if they receive requests from a competent authority relating to the Personal Data processed under the Agreement (unless it is not permitted to do so under applicable laws or an order issued by a competent authority) and not to disclose any data that has not been expressly requested by the authority.


          7. SECURITY OF PERSONAL DATA
 

7.1        Pursuant to Article 32.1 of the GDPR, the Client and the Saas Provider acknowledge that they implement appropriate technical and organisational measures to ensure a level of security appropriate to the risk. The measures implemented by the Saas Provider are listed in a specific document and the latest up-to-date version of that document will be made available to the Client on request.

7.2        The Parties agree that the Saas Provider is responsible for the security of the SaaS Services solely as regards the aspects they control. Accordingly, the Client remains responsible for the security and confidentiality of its systems and its access policy for the SaaS Services. It is up to the Client to ensure that its use of and the configuration settings for the SaaS Services at its disposal meet the requirements of the Personal Data Regulations. The Parties agree that the Saas Provider is under no obligation to protect the Personal Data stored or transferred outside of the SaaS Services by the Client or by the Saas Provider on the Client’s instructions.

 

          8. OBLIGATIONS OF THE CLIENT AND THE DATA CONTROLLER

8.1        For the processing of the Personal Data in accordance with the Agreement, the Client shall provide the following to the Saas Provider in writing: (a) all relevant instructions, and (b) any information required to allow the data processor to maintain a record of its processing activities. The Client remains solely liable for the processing of the information and instructions notified to the Saas Provider.

8.2        The Data Controller is responsible for ensuring that:

  1. the processing of the Data Controller’s Personal Data as part of the performance of the SaaS Services has a suitable legal basis (for example, the data subject’s consent, the Data Controller’s legitimate interests etc.),
  2. all procedures and formalities required have been completed (such as data protection impact assessments and the notices to be given and authorisations to be obtained from the supervisory authority overseeing the processing of Personal Data or any other competent body, where applicable),
  3. the data subjects are informed that their Personal Data will be processed, in a concise, transparent, intelligible and easily accessible form, using clear and plain language, as provided for in the GDPR,
  4. the data subjects are informed about their data subject rights set out in the GDPR and are able to exercise those rights easily at any time by contacting the Client or the Data Controller directly.

8.2        The Client is responsible for implementing appropriate technical and organisational measures to ensure the security of the resources, systems, applications and operations falling outside the scope of the Saas Provider’s responsibility, as provided for in the Agreement (in particular, all systems and software deployed and operated by the Client or the Users in connection with the SaaS Services).

 

          9. DATA SUBJECT RIGHTS - COOPERATION WITH THE CLIENT

9.1        The Data Controller is fully responsible for giving data subjects information on its rights and for ensuring compliance with those rights, including the right of access, right to rectification or erasure, the right to restrict processing and right to data portability.

9.2        The Saas Provider undertakes to forward to the Client without undue delay after receipt, any request, query or complaint received from any natural person in relation to the processing of his/her Personal Data performed under the Agreement.

9.3        In its capacity as the Data Controller, the Client remains responsible for responding to those data subject requests and the Saas Provider undertakes not to act on those requests.

9.4        The Saas Provider shall cooperate with and assist the Client to the extent reasonably required, to help the Client act on the data subject requests. That reasonable cooperation and assistance may include (a) forwarding any request received directly from a data subject to the Client, and (b) allowing the Data Controller to design and implement the technical and organisational measures required to act on those data subject requests. The Data Controller is solely responsible for the action to be taken following such a request.

The Client acknowledges and agrees that if the Saas Provider is required to use significant resources to fulfil its duty to cooperate and assist, those resources may be invoiced to the Client provided that the cost was notified to the Client and approved by the Client in advance.

9.5        Pursuant to a written request from the Client, the Saas Provider shall forward to the Client, at the Client’s own expense, all relevant information in its possession to help it meet the requirements of the Personal Data Regulations applicable to the Client in its capacity as the Data Controller relating to the Personal Data protection impact assessments conducted by and under the sole responsibility of the Client and the prior consultations of the French Data Protection Authority (CNIL) that may be required for those assessments.

 

          10. PERSONAL DATA BREACHES

10.1        If the Saas Provider becomes aware of a Personal Data security breach leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, Personal Data transmitted, stored or otherwise processed, they shall inform the Client without undue delay.

10.2        The Saas Provider shall provide the following information to the Client, without undue delay after notice of the Personal Data security breach and to the extent feasible:

      - the nature of the incident;

      - the categories and approximate number of data subjects affected by the breach;

      - the categories and approximate number of Personal Data records affected;

      - a description of the likely consequences of the Personal Data breach;

      - a description of the measures taken or proposed to be taken by the Saas Provider to address the Personal Data breach, including, where appropriate, measures to mitigate its possible adverse effects;

      - the name of the Saas Provider’s point of contact.

 

          11. LOCATION AND TRANSFERS OF PERSONAL DATA

11.1        The Saas Provider hereby informs the Client that the Client Data (including Personal Data) is hosted by the Saas Provider’s data processor: Claranet, Telehouse 3, Magny-les-Hameaux (91).

11.2        The Saas Provider may unilaterally decide to transfer Personal Data to another hosting company strictly for the purposes of the performance of the Agreement provided that the said company satisfies one of the conditions set out in Clause 12.4 and, more generally, the conditions set out in Clause 12. In any event, the Personal Data will remain at one or more sites located within the European Union.

 

          12. SUB-PROCESSING

12.1        The Client authorises the Saas Provider to use data processors to perform the Personal Data processing operations on behalf of the Client that are strictly required for the performance of the Agreement.

12.2        The Saas Provider undertakes to use data processors providing sufficient guarantees to implement appropriate technical and organisational measures to ensure that the requirements of the Personal Data Regulations are met.

12.3        The Saas Provider undertakes to procure that its data processors are contractually bound by a Personal Data protection obligation that is equivalent or more stringent than the obligation set out in this Agreement and under the Personal Data Regulations. The Saas Provider remains liable to the Client for the said data processor’s performance of its obligations.

12.4        The Saas Provider agrees to only use data processors:

      - established within an EU country or a country forming part of the European Economic Area, or

      - established in a country providing a sufficient level of protection, as decided by the European Commission under the Personal Data Regulations, or

      - holding a Privacy Shield certification, if established in the United States of America, or

      - providing appropriate safeguards under Article 46 of the GDPR.

12.5        The Saas Provider agrees to provide a list of its data processors to the Client whenever requested in writing. The Saas Provider undertakes to inform the Client of any additional data processors or replacement of a data processor, as swiftly as possible.

The Client may object in writing within thirty (30) business days of receipt of that information. The Client acknowledges and agrees that if it does not object within that period, it will be deemed to have accepted the data processor.

If the Client objects, the Saas Provider may respond to the Client by producing additional information designed to address the Client’s fears. If the Client maintains its objections, the Parties undertake to meet and discuss their continued relationship in good faith.

 

          13. LIABILITY

13.1        The Saas Provider may be held liable for loss or damage caused by processing only where (i) they have not complied with the obligations set out in the GDPR specifically directed to data processors or where (ii) they have acted outside or contrary to lawful instructions given by the Client. In such a case, the Liability clause of the Agreement will apply.

13.1        If the Saas Provider and the Client are implicated in processing performed under the Agreement that caused damage or loss to a data subject, the Client shall initially bear all of the effective compensation (or any other remedy awarded) owed to the data subject and, thereafter, claim from the Saas Provider the fraction of the compensation corresponding to the Saas Provider’s share in the liability for the damage or loss, it being specified that the clauses of the Agreement limiting its liability still apply.

 

          14. AUDITS

14.1        The Saas Provider shall make available to the Client, by email and on request, all information required to (a) demonstrate compliance with the requirements of the GDPR, and (b) conduct audits.

Additional information may be provided to the Client, pursuant to a request submitted to the Dimelo Support team.

14.2        If a service has been certified, adheres to a code of conduct or is subject to specific controls, the Saas Provider shall make available to the Client the certificates and reports from the corresponding controls, if requested in writing by the Client.

14.3        If the above-mentioned information, reports and certificates are not sufficient to allow the Client to demonstrate the fulfilment of the obligations set out in the GDPR, the Saas Provider and the Client shall meet to agree the operational, security and financial conditions of a technical on-site inspection, provided that the following conditions are satisfied:

  1. the Client must submit a written on-site audit request to the Saas Provider by registered mail with acknowledgement of receipt, justifying and documenting its request;
  2. the Saas Provider must reply to the Client, specifying the scope and conditions for the on-site audit. As the information system used for the SaaS Services is secured via a restricted-access policy, the scope of any on-site audit must be restricted to the process used by the Saas Provider to provide the SaaS Services and/or the Service, in its capacity as a data processor for the one or more Personal Data processing operations entrusted to the Saas Provider by the Client. Audits may not last for more than two (2) Business Days;
  3. the audit must be conducted by the Client’s internal auditors or by any provider selected by the Client, provided that the provider does not compete with the Saas Provider.

14.4        The auditors must make a preliminary version of the audit report available to the Saas Provider to allow them to submit their comments and the final report must take into account and address those comments. The audit report must then be sent to the Saas Provider and examined at a meeting between the Parties.

If the final audit report reveals breaches of the commitments given for the performance of the SaaS Services, the Saas Provider must propose a corrective action plan within no more than twenty (20) business days of the meeting between the Parties.

14.5        In any event, the conditions of that inspection must not affect the security of the Saas Provider’s other customers or disrupt the operation of the SaaS Services.

14.6        An additional reasonable fee may be invoiced for the above-mentioned on-site inspection and the provision of certificates and control reports.

14.7        Any information provided to the Client under this Clause that is not available on the Saas Provider’s website will be treated as confidential information owned by the Saas Provider under the terms of the Agreement. The Saas Provider may demand the conclusion of a specific non-disclosure agreement before providing that information.

14.8        Notwithstanding the foregoing, the Client is authorised to respond to any requests submitted by the competent supervisory authority, provided that any disclosure of information is strictly limited to that requested by the said authority. In such a case, the Client shall first consult the Saas Provider in relation to the requested disclosure, unless this is not permitted under applicable laws.

14.9        Unless a change in circumstances or event justifies more frequent audits, the Client may only conduct one on-site audit during the initial term of the Agreement and then one on-site audit during each period of renewal.

 

          15. RECTIFICATION, ERASURE AND RETURN OF PERSONAL DATA

15.1        The Saas Provider undertakes to rectify or complete the Client’s personal data during the entire period of the SaaS Services.

15.2        At the end of the SaaS Services (in particular, if it is terminated or not renewed), the Saas Provider undertakes to erase all Client Data reproduced, stored, hosted or otherwise used by the Client in the context of the SaaS Services in accordance with the provisions of the Agreement, unless otherwise required by a competent court or legal authority or under a law applicable in the European Union or in a member state of the European Union.

15.3        The Client is solely liable for the implementation of the operations (such as backups, transfers to third-party solutions, snapshots etc.) required to protect the Personal Data to ensure its completion, in particular before the termination or expiry of the SaaS Services, and before performing any erasure, updating or reinstallation of the SaaS Services.

15.4        In this respect, the Client is informed that the termination or expiry of the SaaS Services for any reason whatsoever (including, but not limited to, a non-renewal) and certain operations updating or reinstalling the SaaS Services may automatically involve the irreversible erasure of all Client Data reproduced, stored, hosted or otherwise used by the Client in the context of the SaaS Services, including any potential backup.

 

          16. TRANSFERS OF DATA TO THIRD COUNTRIES

16.1        If personal data is transferred to a third country which is undergoing processing or is intended for processing after that transfer, the Saas Provider shall ensure that the conditions laid down in this Appendix are complied with by the data controller and the data processor, including for onward transfers of personal data from the third country to another third country.

 

          17. CONTACTS

DIMELO S.A.

32, rue de Trévise

75 009 PARIS

Phone: +33 (0)1 77 37 27 57

Legal Representative : Stéphane LEE, Managing Director

Data Protection Officer : William-Alexandre CYPCARZ (dpo@dimelo.com)


LIST OF SAAS PROVIDER’S SUBCONTRACTORS PROCESSING PERSONAL DATA

Subprocessors common to all setups of the SaaS platforms

The Client acknowledges and accepts that the SaaS Provider will have recourse to the following subcontractors, pursuant to Article 12 “Sub-processing”.

Subprocessor Purpose of subprocessing activities SaaS platform concerned Processing location Adequate Security and Compliance measures

LanguageTooler GmbH

Karl-Liebknecht-Str. 21/22

14482 Potsdam, Germany

Orthographic and grammatical check before publication (no storage) Dimelo Digital Germany Not required (Transfer and Processing in EU)

Claranet S.A.S.

18-20 rue du Faubourg du Temple 75011 Paris

Managed services and hosting of the SaaS platforms Dimelo Digital and Dimelo Communities France Not required (Transfer and Processing in EU)

Heroku (SalesForce Inc.)

The Landmark @ One Market

San Francisco, California 94105, USA

Reverse proxy used to transfer images conveyed without encryption (no storage) Dimelo Digital Europe

Model Contractual Clauses

Privacy Shield certified

Data Processing Agreement

Mailjet S.A.S.

13-13 bis, rue de l’Aubrac

75012 Paris

Application internal Mailing system (internal notifications for DC and DD) (storage of the message content for 6 days) Dimelo Digital and Dimelo Communities France Not required (Transfer and Processing in EU)

Amazon Web Services, Inc.

410 Terry Avenue North,

Seattle, WA 98109-5210, USA

Files and attachments storage Dimelo Communities Ireland Not required (Transfer and Processing in EU)

 

Subprocessors specific to Engage Digital setup

 

Depending on the configuration (connected channels and/or configured extensions), the concerned channels or extensions companies could be Subcontractors for the Client, for the Software Editor or for each of the Parties.

 

Channels and extensions concerned which are Software Editor Subprocessors are listed below.

 

Software Service configuration Subprocessor Purpose of subprocessing activities Processing location Adequate Security measures

- Connection of a Facebook page

- or Connection of a Facebook Messenger account

- or Connection of an Instagram account

Facebook Ireland Ltd.

4 Grand Canal Square

Dublin 2 Dublin

Publication application and collection of information (published contents and public profile data) USA

Internal Model Contractual Clauses

Privacy Shield certified

- Connection of a Google plus page

- or Connection of Google Play developer account

Google Inc.

1600 Amphitheatre Parkway, Mountain View, CA, 94043, USA

Publication application and collection of information (published contents and public profile data) USA

Model Contractual Clauses

Privacy Shield certified

- In the case where the mail server for the email address connected to the SaaS platform is managed by the Software Editor (exclusive of direct connection to a Client IMAP/SMTP server)

- In the case the DC private messages feature is activated

Postmark Inc.

225 Chestnut St. Philadelphia,

PA 19106, USA

Sending / Receiving mails

(storage of mail content and metadatas for 45 days)

Sending / Receiving mails

(storage of mail content and metadatas for 45 days)

Model Contractual Clauses

Privacy Shield certified

Data Processing Agreement

Customer satisfaction surveys extension configured

SurveyGizmo

4888 Pearl East Cir, Suite 100W

Boulder, CO, USA

Management of Customer satisfaction surveys Management of Customer satisfaction surveys

Model Contractual Clauses

Privacy Shield certified

Data Processing Agreement

Customer satisfaction surveys extension configured

surveygizmo.eu

(Widgix EU Ltd.)

5 New Street Square, London, UK

Management of Customer satisfaction surveys Management of Customer satisfaction surveys  Not required (Transfer and Processing in EU)
Connection of a Twitter Account

Twitter Inc.

1355 Market Street, Suite 900

San Francisco, CA 94103, USA

Publication application and collection of information (published contents and public profile data) USA

Model Contractual Clauses

Privacy Shield certified

Connection of a Youtube account

Youtube Inc.

901 Cherry Avenue, San Bruno, California, USA

Publication application and collection of information (published contents and public profile data) USA

Model Contractual Clauses

Privacy Shield certified