Protection of personal data
Solutions in the OPEN BEE Portal range are implemented in accordance with the European personal data protection regulation (Regulation 2016/679).
10.1. OPEN BEE data controller: OPEN BEE acts as controller of Authorised Users’ personal data. This data is processed exclusively to enable access to the Solution (if it is accessible in SaaS mode) and to track access to content. Every Designated User has a right to access and correct their personal data. The Designated User can also request the deletion thereof, but in this case, they will no longer be able to access the Solution. Designated Users’ personal data is kept for the term of the contractual relationship between OPEN BEE and the Client.
10.2. OPEN BEE data processor: OPEN BEE acts as the Client’s processor of personal data (hereinafter “PD”) contained in documents and information of any kind belonging to the Client and managed by an OPEN BEE Portal Solution in SaaS mode. Accordingly, OPEN BEE undertakes to:
a) take any necessary precautions to maintain the confidentiality and security of PD and particularly prevent it from being distorted, damaged or disclosed to unauthorised third parties; more generally, OPEN BEE undertakes to implement appropriate technical and organisational measures to protect PD against accidental or unlawful destruction, accidental loss, alteration, unauthorised dissemination or access; OPEN BEE undertakes to ensure that all persons required to process PD for which it is liable comply with these measures.
b) not grant, rent, assign or otherwise disclose to a third party all or part of the PD, whether in return for payment or free of charge.
c) not use PD for purposes other than the functioning of the Solution ordered by the Client.
d) delete as quickly as possible any content belonging to the Client as soon as they so request in writing
e) reply as quickly as possible to any request from the Client regarding content managed by a Solution to enable it to take account, within the given time limits, of any requests from data subjects (right of access, right of correction, right of destruction, etc.).
f) inform the Client in writing of any modification or change concerning them that could have an impact on PD.
g) not sub-contract the provision of services relating to a Solution to a third party without the Client’s permission. Accordingly, the Client is informed and accepts that OPEN BEE Portal is hosted by the company Orange Business Services, on servers located in mainland France.
h) in case of authorised sub-contracting, make its own sub-contractor comply with all the obligations that it is required to comply with in accordance with this clause via contract clauses.
i) not transfer PD outside the European Economic Area or to a country that is not recognised by the European Commission as having a sufficient level of protection, unless this transfer is governed by standard European Commission contract clauses or binding company rules. The client can get on a simple request to its Open Bee solution reseller the list and localisation of datacentres used for data hosting when hosting is located out of the European Economic Area.
j) if OPEN BEE has reason to believe or has become convinced of the existence of a security flaw, loss or alteration of documents, OPEN BEE undertakes to (i) report the existence of this incident to the Client as quickly as possible, (ii) not disclose the existence of this incident, (iii) assist the Client, at no extra cost, with putting in place actions intended to resolve this flaw.