Terms and conditions

1. General information

1.1. Definitions

• “Service Provider” or “Subcontractor” as defined by the GDPR (see below): the legal entity having the status of Service Provider is Ikanbi, a limited company with company number Be 0445.248.212.
• “Beneficiary” or “Data controller” as defined by the GDPR (see below): any natural or legal person to whom the Service Provider provides services.
• “Offer”: document in which the technical and distinctive specifications of each assignment entrusted to the Service Provider by the Beneficiary are defined. Any Offer is subject to these General Terms and Conditions.
• “Assignment”: all services provided by the Service Provider to the Beneficiary as described in the Offer. Assignments are subject to these General Terms and Conditions.

1.2. Scope

The General Terms and Conditions exclusively govern all pre-contractual and contractual relations between the Service Provider and the Beneficiary. Unless expressly waived in writing, the General Terms and Conditions of the Service Provider shall take precedence over those of the Beneficiary.

In the event that an article or part of an article of the General Terms and Conditions or Special Conditions is declared null or inapplicable, this nullity will not affect the valid part of the clause nor the other provisions of the General Terms and Conditions or Special Conditions.

The non-execution of a clause of the General Terms and Conditions does not entail the waiver of it, unless such a waiver results from explicit, unambiguous and signed written communication by the Party which is waiving it. In the same way, the waiver of a right does not entail the waiver of any other right which may result from the General Terms and Conditions.

The Service Provider reserves the right to modify and update the General Terms and Conditions at any time on its website https://www.ikanbi.com or www.telesecretariat.be/conditions-generales. These modifications and updates are binding for the Beneficiary, who expressly accepts them and who must therefore regularly refer to this section to check the General Terms and Conditions in force.

2. The Service Provider’s obligations

2.1. The Service Provider agrees to perform the Assignment described in the Offer in accordance with best industry practices, the provisions of the Contract and the applicable legislation. With regard to Télésecrétariat’s business, and unless otherwise stated in the Offer, the Services are provided from Monday to Saturday between 7am and 8pm or 338 hours per month.

2.2. The Service Provider’s obligation in performing its Assignment is an obligation of means. Its liability therefore cannot be invoked solely on the basis of the results obtained.

2.3. The Service Provider’s obligation to provide advice in its area of technical competence is limited to the purpose of the Assignment, to the exclusion of any other advice, particularly legal, fiscal or accounting.

2.4. The Service Provider reserves the right to interrupt certain devices used for the performance of its Services (particularly servers) to carry out maintenance intended to optimise the equipment (for example a server or a device required for a better quality of service). In this event, the Service Provider agrees to notify the Beneficiary in writing at least 15 working days in advance and to put the system back into operation as soon as possible.

3. The Beneficiary’s obligations

3.1. In general, the Beneficiary agrees to scrupulously comply with its duty of cooperation with regards to the Service Provider. It also agrees:

•  to make available to the Service Provider all the information necessary for the performance of its Services, particularly technical information and instructions for accessing the Beneficiary’s systems.
• to notify the Service Provider of all the difficulties it encounters during the performance of the Assignment which could have an impact on the contractual commitments and, in particular, on the Service, the deadlines, the price and the progress of the Assignment.

3.2. The Beneficiary must carry out, on its own systems, excluding those of the Service Provider, any necessary backups of data, files, programs, documentation and information of any kind made during the use of the Service Provider’s infrastructure. The Beneficiary is also responsible for obtaining all the legal, regulatory and/or administrative authorisations necessary for the requirements of the Services.

4. Absence of a hierarchical relationship

The Service Provider enjoys total independence in performing its functions. The Parties expressly agree that performing an Assignment may not under any circumstances create a hierarchical relationship between the Service Provider and/or its employees and the person or persons appointed by the Beneficiary.

5. Intellectual property

5.1. Each of the Parties retains exclusive ownership of intellectual property rights, patents, know-how, methodologies, copyrights, templates (drafting templates, matrices, standard models) and, more generally, knowledge belonging to it on the date of transfer of the Offer. The intellectual property rights relating to methodologies and know-how used and/or developed by a Party when performing the Services/Deliverables remain the property of that Party.

5.2. The Service Provider shall in no case be prevented from carrying out, on its own behalf or on behalf of other Beneficiaries, Services identical or similar to those carried out within the framework of the Assignment.

6. Personal data

6.1. It is reminded that the Beneficiary is solely responsible (“Data Controller” as defined by the GDPR), excluding the Service Provider, for the personal data which it is likely to process/hold and as such is solely responsible for compliance with the obligations arising from legislation relating to privacy with regard to the processing of personal data, including the law of 8th December 1992 and, from 25th May 2018, the General Data Protection Regulation (GDPR) (the “Applicable Legislation”). Under this legislation, the Subcontractor Service Provider has a Data Protection Officer in charge of complying with the required standards. He/she also acts in the event of an incident and is contactable and informed via the email address: dpo@ikanbi.com.

6.2. The Beneficiary (the responsible party) appoints the Service Provider as a Subcontractor to process personal data (the “Data”) to ensure the provision of Services.

6.3. Purpose limitation: The Service Provider agrees to process the Data as a Subcontractor only to ensure the provision of Services and only on documented instructions from the Beneficiary, unless otherwise stipulated by European (EU) law (or that of any EU member state) applicable to the Beneficiary or Service Provider. The Service Provider shall inform the Beneficiary without delay if, in its opinion, an instruction constitutes or may constitute a violation of the law relating to the protection of personal data or any other provision of EU law or Member States’ law relating to the protection of personal data.

6.4. Transfer of data: The Service Provider shall not transfer Data (or authorise the transfer of Data) outside the European Economic Area (EEA) unless it has implemented appropriate measures to ensure that the Data will be transferred in accordance with the law relating to the protection of personal data. The Beneficiary hereby agrees to international transfers to members of the Service Provider’s Group, particularly in Morocco and Albania, following these appropriate security measures.

6.5. Processing confidentiality: The Service Provider shall ensure that any person it authorises to process Data (including the Service Provider’s staff, agents and subcontractors) (an “Authorised Person”) is subject to a strict obligation of confidentiality and prohibits any person not subject to such a duty of confidentiality from processing Data. The Service Provider shall ensure that any Authorised Person processes the Data only in accordance with the authorised Purpose.

6.6. Security: The Service Provider agrees to implement appropriate technical and organisational measures to protect the Data against (i) accidental or unlawful destruction, (ii) accidental loss, alteration, disclosure or unauthorised access, and (iii) any other security breach ((i), (ii) and (iii)) together, a “Security Incident”). These measures must include, among others, and as required:

• the pseudonymising and encryption of Personal Data;
• the means to ensure the confidentiality, integrity, availability and resilience of processing systems and services;
• the means to restore the availability and access to Personal Data in a timely manner in the event of a physical or technical incident;
• a procedure to test, analyse and regularly assess the effectiveness of technical and organisational measures to ensure secure processing.

6.7. Subcontracting: The Service Provider is prohibited from subcontracting all or part of the Data Processing to a third-party subcontractor (including but not limited to a consultant, agent or professional advisor) without having first received the written consent of the Beneficiary. The Beneficiary hereby agrees to the use of subcontractors which are part of the Service Provider’s Group.

If the Beneficiary refuses to agree to the appointment of a third-party subcontractor for reasonable reasons relating to data protection, then the Service Provider will not appoint a third-party subcontractor or the Beneficiary may choose to suspend or terminate this Agreement without penalty.

The Service Provider imposes on any third-party subcontractor the same obligations regarding the protection of Personal Data, confidentiality and/or security as those imposed on it by this clause and any clause of this contract relating to confidentiality. In the event of conflict between these clauses, the clause offering the highest level of protection, confidentiality and/or security will prevail. The Service Provider is wholly accountable to the Beneficiary for failure to comply with this clause and/or any clause of this agreement relating to confidentiality due to an act, error or negligence by the third-party subcontractor.

6.8. Impact analysis relating to the protection of personal data: If the Beneficiary decides to carry out mandatory impact analysis regarding the protection of personal data, the Service Provider must provide the Beneficiary, as much as is reasonably possible, with any assistance that the Service Provider may require in order to conduct impact analysis regarding the protection of personal data and, if necessary, consult the competent data protection authority.

In addition, if the Beneficiary believes or learns that the Data Processing it implements is likely to involve a high risk (as defined in the applicable personal data protection law, in the appropriate regulatory guides and in case law) to the rights and freedoms of the Person concerned, it must inform the Beneficiary without delay.

6.9. The right to information of the Persons Concerned: it is the responsibility of the Data Controller Beneficiary to provide the Persons Concerned by processing operations with information at the time of data collection.

6.10. Exercising the rights of the Persons Concerned: Insofar as is possible, the Subcontractor Service Provider shall assist the Data Controller Beneficiary to fulfil its obligation to respond to requests to exercise the rights of the Persons Concerned: the right of access, the right to rectification, to right to erasure, the right to object, the right to restrict processing, the right to data portability, the right not to be the subject of individual automated decision making (including profiling). When the Persons Concerned make a request to the Subcontractor to exercise their rights, the Subcontractor must send these requests as soon as they are received by email to the designated DPO of the Data Controller Beneficiary.

6.11. Security incidents: As soon as it becomes aware of a Security Incident, the Subcontractor Service Provider must inform the Beneficiary within 48 hours and provide the latter with all the information and assistance which may be requested by the Data Controller Beneficiary as soon as possible so that the Data Controller Beneficiary can fulfil its legal obligations regarding the notification of a data breach in accordance with applicable legislation (and the time limits required by it) regarding the protection of personal data.. This communication is to be sent by email from the email inbox of dpo@ikanbi.com to the person appointed DPO for the Data Controller Beneficiary. The Service Provider must take all necessary measures and actions to remedy or lessen the effects of the Security Incident and will inform the Beneficiary of all developments related to the Security Incident.

6.12. Deletion or restitution of Data: At the end of this agreement or in the event of the termination of this agreement, the Service Provider must (at the Beneficiary’s choosing) either destroy or return to the Beneficiary all Data (including all copies of Data) in its possession or under its control (including any Data processed by a third-party subcontractor), unless an EU law (or any EU Member State law) requires the retention of some or all Data, in which case the Service Provider shall isolate and apply security measures to prevent further processing of Data (except to the extent required by this law).

6.13. Compliance verification: The Service Provider authorises the Beneficiary (or any appointed third-party auditor) to verify the Service Provider’s compliance with these provisions and will make all necessary information, systems and personnel available to the Beneficiary to enable the latter (or any third-party auditor) to conduct such an audit. The Service Provider acknowledges that the Beneficiary (or any third-party auditor) may enter the premises for the purpose of carrying out this verification, provided that the Beneficiary (1) complies with a reasonable period of notice to inform the Service Provider of its intention to carry out this verification, (2) performs the audit during normal business hours and (3) takes all reasonable measures to avoid any nuisance regarding the operations carried out by the Service Provider. The Beneficiary will only exercise its right of verification once during a twelve (12) calendar month period, except (i) if required and on the instructions of a competent data protection authority or (ii) if the Beneficiary considers that a new audit is necessary because of a Security Incident suffered by the Service Provider.

6.14. The Beneficiary will guarantee and compensate the Service Provider for any damage resulting from the non-compliance by the Beneficiary of the obligations resulting from applicable legislation.

6.15. The Beneficiary irrevocably guarantees the Service Provider against any third-party action in the context of an alleged violation of applicable legislation.

6.16. When the Beneficiary provides the Service Provider with the telephone numbers of people to call, the Beneficiary agrees to comply with applicable laws regarding commercial telephone calls and, in particular, to ensure that the instructions given by the Beneficiary cannot be considered as repeated and unwanted solicitations or as commercial calls when they are referred to as non-commercial.

6.17. The Beneficiary agrees to hold harmless the Service Provider against any damages, fines, costs and expenses, including legal fees and expenses incurred by the Service Provider as the result of a claim issued by a third party following a call by the Service Provider on behalf and at the request of the Beneficiary, when this claim results from a breach by the Beneficiary of its contractual or legal obligations, particularly in breach of Chapters 1 and 4 of Title 4 of Book VI of the French Code of Economic Law.

7. Confidentiality

7.1. Both during the performance of the Assignment and after its expiry, each Party shall refrain from any act or declaration likely to affect their respective reputation and capabilities and from mutually denigrating one another in any way in the business world.

7.2. The Service Provider is expressly forbidden to use, whether directly or indirectly, resell, give, assign or communicate databases, customer addresses or any other information collected directly or indirectly during the Assignments for any objective other than those established by the Beneficiary.

8. Liability

8.1. The Service Provider’s civil liability vis-à-vis the Beneficiary is limited to the direct damage caused to the latter and up to a maximum amount corresponding to the price of the relevant Assignment and during which the event/incident occurred except in the event of wilful misrepresentation or gross negligence.

8.2. Given the characteristics of the multidirectional means of communication (in particular the internet, emails, etc.) implemented by the Service Provider within the framework of the Assignment and of which the Beneficiary states that it is perfectly aware, the Service Provider is cleared of any liability, except in the event of wilful misrepresentation or gross negligence, particularly:

• slowdowns or difficulties in accessing the Beneficiary’s systems remotely, particularly due to network saturation during certain periods;
• non-delivery of emails or discussion forum articles;
• virus contamination of the Beneficiary’s data and/or software;
• malicious third-party intrusions into the Beneficiary’s applications despite reasonable security measures taken by the Service Provider;
• damage to equipment connected to the server;
• possible misappropriations of passwords, confidential codes and, more generally, any sensitive information.

8.3. The Service Provider shall in no event be held liable for loss of production, loss of profits, loss of customers or any other indirect or immaterial damage suffered by the Beneficiary.

8.4. The Beneficiary will inform the Service Provider, by registered letter with acknowledgment of receipt and within forty-eight hours, of any incident and/or accident which could incur the Service Provider’s liability, under penalty of forfeiture.

9. Suspension and termination

9.1. If the Beneficiary does not fully comply with any of its obligations towards the Service Provider, the latter has the right to suspend or terminate, in whole or in part, the Assignment by simple notification by registered letter within fifteen (15) days after stating that it is terminating or suspending the Assignment, without prior judicial intervention being necessary. In this event, any payments or subscriptions paid by the Beneficiary will be retained by the Service Provider. The decision to suspend or terminate, if any, taken by the Service Provider on this basis is taken without prejudice to any other rights of the Service Provider resulting from agreements or the law, particularly with regards to compensation for damages.

9.2. The Service Provider is not liable for the consequences of a termination or a suspension about which the Beneficiary is notified in accordance with the aforementioned provisions.

10. Force majeure and hardship

In the event that a force majeure event occurs during the duration of the Assignment, the performance of this Assignment is to be suspended initially.

In the event of a force majeure lasting for longer than one (1) month, each of the Parties can terminate the Assignment by recorded letter with acknowledgement of receipt without the other Party being able to claim damages as a result.

The following are expressly regarded as cases of force majeure or fortuitous events, in addition to those usually accepted by case law in courts and tribunals, namely: strikes or social conflicts, the blocking of means of transport or supply, earthquakes, fires, storms and floods, power outages, wars and riots, the blockage of telecommunications, epidemics.

In the event of a situation of hardship, the Service Provider shall notify the Beneficiary of the adjustment of its prices and/or other conditions for performance which it considers necessary to compensate for the consequences of the situation of hardship. The Beneficiary will be required to make it known in writing within a month of receipt of this notification if it disputes the modification(s) proposed by the Service Provider. Failure to react within one month will be deemed as acceptance by the Beneficiary of the new prices and/or other conditions for performance notified by the Service Provider.

In the event of a dispute regarding the new prices and/or other conditions for performance within the one-month period referred to in the preceding article, the Parties will each have the right to terminate the Contract with immediate effect and without damages.

11. Jurisdiction and applicable law

11.1. Any dispute relating to the conclusion, performance, termination and interpretation of the General Terms and Conditions shall be subject to the exclusive jurisdiction of the French-speaking commercial courts of Brussels. Any dispute relating to the General Terms and Conditions is exclusively subject to Belgian law, excluding any conflict-of-law rules.