Legal Notice and Data Management Policy

Company Identity

SecOps Forces(" SecOps Forces ")is a simplified joint-stock company registered in the Marseille Trade and Companies Register under the number 941 434 615, with its registered office at 4 Boulevard Saade, Quai Arenc Tour Le Mirabeau – 13002 MARSEILLE.

Purpose

Forces develops and makes available to its client (the "Client") a SaaS solution (the "Solution")accessible through the platform https://app.secopsforces.com  (the "Platform") designed to enhance cybersecurity posture, addressing various vulnerabilities, primarly by providing the following services (the "Services"):

-       Orchestrating phishing and security awareness training campaigns to educate and strengthen internal teams against engineering threats;

-       Protecting brand reputation and security standards by proactively identifying and mitigating risks;

-       Preventing identity the ftand impersonation through advanced monitoring and protective measures.

-       Monitoring and assessing public-facing IP addresses and detect lookalike or typosquatted domains that could be used in phishing or impersonation attacks.

-       Conducting thorough audits of Microsoft 365 services and Active Directory configurations to ensure they align with security best practices.

-       Producing KPI dashboard focused on email protection (Microsoft Defender for Office 365, Mimecast) ,identity security (Microsoft Entra), and endpoint protection (MicrosoftDefender for Endpoint). This dashboard provides clear visibility into threats, detection rates, policy effectiveness, helping security teams track performance and prioritize actions efficiently.

Contractual Documents

The contractual relationship between the Client and  SecOps Forces  is governed, in descending hierarchical order, by the following documents:

If  applicable: The  quotation (the "Quotation")

 -      It is established on  the basis of needs of the Client;

-      The Client must accept  it in writing (including by email) within 30 days of its issue. This acceptance implies acceptance of the Terms and Conditions in their  version in force at the date of the Quotation;

-      In the event of  contradiction, the Quotation shall prevail over the Terms and Conditions;

-      In the event of  contradiction, the most recent Quotation shall prevail over the oldest  one(s).

The terms and conditions (the "Terms and Conditions")

They define:

-      The terms of use of the  Services;

-      The respective  obligations of the parties.

Hierarchy with the Payment Service Provider's Terms of Service

All payments made through thePlatform are handled by the payment service provider indicated on the Platform(the "Payment Service Provider").

The Client will contract directly with the Payment Service Provider for implementation of these payments by accepting its terms and conditions, by ticking a box on thePlatform. 

If the Payment Service Provider rejects or terminates the Client’s subscription, the Client may not use theServices.

Conversely, termination of the contractual relationship between the Client and  SecOps Forces  will result in termination of the Client’s contract with the Payment Service Provider.

In the event of any contradiction between the Payment Service Provider's general terms and conditions and theTerms and Conditions, the latter shall prevail.

The Client expressly mandates  SecOps Forces  to transmit to the Payment Service Provider all instructions relating to payments made on the Platform.

Conditions of Access to the Services

In order to access the Services, the Client must meet the following cumulative conditions:

 (i)             The Client is a legal entity acting through a natural person with the power or authorization required to contract in the Client's name and on its behalf;

 (ii)           The Client is a professional, defined as any individual or legal entity acting for purposes relating to its commercial, industrial, artisanal, liberal or agricultural activity, including when acting in the name or on behalf of another professional.

Access and Subscription to the Services

The Client may subscribe the Services from two available options.

SecOps Forces  remains free to refuse any subscription request for the Services, in particular if the Client does not meet the conditions set out in the article "Conditions of Access to the Services"or if the Services prove to be incompatible with the Client's needs.

Direct Subscription to the Services with SecOps

The Client must contact and exchange with  SecOps Forces , by any written or oral means, concerning the Services to which he wishes to subscribe. This exchange may also occur following an appointment scheduled by the Client on the Platform, via the dedicated button.

During the exchanges between the parties,  SecOps Forces will present the Solution and associated Services to the Client and will consider the Client's needs in order to issue the Quotation accordingly.

SecOps Forces will send the Quotation to the Client l. Upon receipt by  SecOps Forces of the Quotation duly completed and signed by the Client,  SecOps Forces will provide the Client with a link to create its account (the “Account”)and access the Solution.

Registration on the Platform

The Client must fill in the form provided for this purpose on the Platform.

 Registration for the Services shall conclude with the booking of an appointment with SecOps, which will enable  SecOps Forces to onboard the Client and allow him to access its Account and the Services using its login and password.

 Once the Account has been created, the Client may freely create accesses for users (the "Users") up to the number provided for in the subscribed Services.

The Client remains solely responsible for creating access for Users, for setting their access rights and for their personal use of the Solution and the Services.

The Services

Description of the Services

SecOps Forces provides a 360-degree approach to email vulnerability and security, empowering the Client to opt-in for a full spectrum of protective services.  SecOps Forces offerings are designed to fortify the Client’s defenses and cultivate a resilient cybersecurity posture, including:

-       BrandProtection & Email Authentication: a Service focused on safeguarding theClient’s brand reputation and upholding security standards. This includes preventing email-based identity theft, enabling the Client to prove the legitimacy of its email senders, and rejecting non-compliant emails;

-       UserAwareness & Training:  SecOps Forces conducts targeted phishing and security awareness training campaigns to educate and empower the Client’s employees;

-       ExternalVulnerability Scanning:  SecOps Forces proactively identify external vulnerabilities by scanning the Client’s domain names (NDM)and IP addresses;

-       Audit & Configuration Services:  SecOpsForces offers expert audit and configuration services to assist with the implementation of cybersecurity best practices.

 All these services are supported by comprehensive KPIs and Dashboards, providing clear visibility into the Client’s security posture.

The Client acknowledges that theServices require an Internet connection and that the quality of the Services depends on this connection, for which  SecOps Forces is not responsible. The Client also acknowledges that in order to benefit optimally from the Solution and theServices, it must be equipped with:

-      A device equipped with a compatible operating system (such as Windows, macOS, Linux, or Chrome OS);

-      An up-to-date web browser (such asGoogle Chrome, Mozilla Firefox, Microsoft Edge, or Safari) and a stable high-speed Internet connection.

All the Services available to the Client are detailed on the Platform.

The Services that the Client has actually subscribed to are listed on the Platform, on its dashboard, and if applicable in the Quotation.

SecOps Forces reserves the right to offer any other Service.

Subscription to new Services may be initiated directly by the Client on the Platform. The Client acknowledges and agrees, however, that while an upgrade from one Services subscription plan to a more premium plan may be performed by the Client on the Platform at any time, a downgrade from a premium subscription plan to a less expensive subscription plan is not permitted during the term of the current subscription plan.

Additional Services

Maintenance of the Solution

For the duration of the Services, theClient benefits from maintenance of the Solution, in particular corrective and evolutionary maintenance. In this context, access to the Solution and/or the Platform may be limited or suspended.

Concerning corrective maintenance,  SecOps Forces makes its best efforts to provide the Client with corrective maintenance in order to correct any malfunction or bug found in the Solution.

Concerning evolutionary maintenance, the Client benefits for the duration of its subscription from evolutionary maintenance, which  SecOps Forces may carry out automatically and without prior notice, and which includes improvements to the functionalities of the Solution, and the addition of new functionalities and/or technical installations used within the framework of the Services (aiming to introduce minor or major extensions).

Access to the Solution may also be limited or suspended for planned maintenance purposes, which may include the above-mentioned corrective and evolutionary maintenance operations.

Hosting

SecOps Forces ensures, under the terms of an obligation of means, the hosting of the Solution, as well as the data produced and/or entered by/on the Solution, directly by the Client, through the intermediary of a professional hosting provider.

Technical Support

In the event of any difficulty encountered when using the Services, the Client may contact  SecOps Forces at the following address: support[@]secopsforces.com

The technical support service is available from Monday to Friday, excluding public holidays, from 9 am to 6 pm. Depending on the need identified,  SecOps Forces will estimate the response time and keep the Client informed.

Term of the Services

The Client subscribes to the Services on a subscription plan basis.

 The subscription begins on the date and for the initial period indicated on the Platform or, if applicable, in theQuotation, provided that:

-       An upgrade from one subscription plan to a more premium subscription plan shall not result in any modification to the duration of the Services;

-       Any additional Services subscribed during the term of the Services shall have their own distinct subscription anniversary date.

The term of the Services is tacitly renewed for successive periods of the same duration as the initial period(together with the initial period, the "Periods"), from date to date, unless the subscription is terminated under the conditions set out in the "Termination of the Services" article.

Financial Conditions

Price of the Services

The prices of the Services to which the Client has subscribed are indicated on the Platform and, if applicable, in the Quotation.

Any Period started is due in its entirety.

SecOps Forces is free to propose promotional offers or price reductions.

  SecOps Forces prices may be revised at anytime under the conditions of the article "Modification of the Terms andConditions".

Invoice and Payment Terms

Invoicing and payment terms of  SecOps Forces are specified on the Platform and, if applicable, in the Quotation.

The Client guarantees  SecOps Forces that it has the necessary authorizations to use this method of payment.

Consequences of Late or Non-payment

In the event of non-payment or late payment,  SecOps Forces reserves the right, from the day after the due date shown on the invoice, to:

-       immediately suspend theServices in progress until full payment has been received;

-       charge late payment interest equal to 3 times the legal interest rate, based on the amount of sums not paid by the due date, and a flat-rate indemnity of 40 euros for collection costs, without prejudice to additional compensation if the collection costs actually incurred exceed this amount;

-       where applicable, declare all sums owed by the Client to be in arrears and payable without delay.

Intellectual Property

Intellectual Property Rights on the Solution

The Solution and the Platform are the property of SecOps, as are the softwares, infrastructures, databases and content of any kind (texts, images, visuals, music, logos, trademarks, etc.) that it uses. They are protected by all intellectual property rights or database producers' rights in force. The license granted by  SecOps Forces to the Client does not entail any transfer of ownership.

The Client benefits from anon-exclusive, personal and non-transferable SaaS license to use the Solution for the duration specified in the article "Term of the Services".

 The Client agrees not to carry out any act of reverse engineering or more generally any expertise by any means whatsoever on the  SecOps Forces Solution and Services.

Intellectual Property Rights on Data Shared by the Client

The data owned by the Client and sent to  SecOps Forces for the purpose of providing the Services remain the property of the Client and are protected by all applicable intellectual property rights or database producers' rights.

Any disassembly, decompilation, decryption, extraction, reuse, copying and more generally, any act of reproduction, representation, distribution and use of any of these elements, in whole or in part, when such acts are not made necessary by the execution of the present, or when they have not been previously authorized by the Client, are strictly forbidden and may be subject to legal proceedings.

SecOpsForces hereby only benefits from a license to use the data which will be transmitted to it by the Client, for the duration of the subscription and for the sole purpose of executing theServices.

 However, SecOps Forces may freely use this data, in particular to improve its Services, it being specified that  SecOps Forces undertakes to reuse only aggregated or statistical data that does not allow the Client to be identified.

Commercial References

The parties may use their respective names, brands and logos, and refer to their respective services, as commercial references, for the duration of their contractual relationship and 3 years thereafter.

Obligations and Liability of the Client

Regarding the Provision of Information

 The Client undertakes to provide  SecOps Forces with all the information necessary for the subscription and use of the Services.

Regarding the Use of the Services

 The Client is responsible for its use, and the Users’ use, of the Services and for any information it shares in this connection. It undertakes to use the Services personally and not to allow any third party to use them in its place or on its behalf.

The Client shall refrain, and make sure that the Users refrain from using the Services for purposes other than those for which they were designed, and in particular for:

-       engage in any illegal or fraudulent activity;

-       undermine public order and morality;

-       infringe the rights of third parties in any way whatsoever;

-       violate any contractual, legislative or regulatory provision;

-       engage in any activity likely to interfere with a third party's computer system, in particular for the purpose of violating its integrity or security;

-       promote its services and/or sites or those of a third party;

-       assist or incite a third party to commit one or more of the acts or activities listed above.

 The Client also refrains, and makes sure that the Users refrain from:

-       copy, modify or misappropriate any element belonging to  SecOps Forces or any concept it exploits within the framework of the Services;

-       adopt any behavior likely to interfere with or hijack SecOps’ computer systems or undermine its computer security measures;

-       infringe the financial, commercial or moral rights and interests of SecOps;

-       market, transfer or give access in any way whatsoever to the Services, to the information hosted on the Solution or to any element belonging to SecOps.

Furthermore, the Client and the Users agree not to upload any content on the Solution (this list is not exhaustive):

-       infringing public or der or morality (pornographic, obscene, indecent, shocking or unsuitable for a family audience, defamatory, abusive, violent, racist, xenophobic or revisionist);

-       infringing the rights of third parties (infringing content, personality rights, etc.) and more generally violating a contractual, legislative or regulatory provision;

-       prejudicial to third parties in any way whatsoever;

-       misleading, deceptive or proposing or promoting illegal, fraudulent or deceptive activities;

-       harmful to the computer systems of  SecOps Forces and/or third parties.

The Client indemnifies  SecOps Forces against any claim and/or action that may be brought against it as a result of the breach of any of the Client's obligations. TheClient shall indemnify  SecOps Forces for any loss suffered and shall reimburse  SecOps Forces for any sums it may have to bear as a result.

Obligations and Liability of  SecOpsForces

 General Obligations and ServiceDelivery Timelines

SecOps Forces undertakes to provide theServices with diligence, it being specified that it is bound by an obligation of means.

SecOps Forces undertakes to comply with the regulations in force.

SecOps Forces shall use its best efforts to comply with the timetable for the provision of the Services indicated in theQuotation, if applicable. As these deadlines are provided as an indication,  SecOps Forces shall not be held liable in the event of non-compliance.

Any delay attributable to the Client shall delay the agreed delivery dates accordingly.

Regarding the Quality of the Services

SecOps Forces makes every effort to provide the Client with quality Services.

To this end, it carries out regular checks to verify the functioning and accessibility of its Services and may thus carry out maintenance under the conditions specified in the article "Maintenance of the Solution".

 However,  SecOps Forces is not liable for any temporary difficulties or impossibilities of access to itsServices which may be due to:

-       circumstancesexternal to its network (and in particular the partial or total failure of theClient's servers);

-       thefailure of equipment, cabling, services or networks not included in itsServices or not under its responsibility;

-       interruption of the Services by telecom operators or Internet service providers;

-       intervention by the Client, in particular through incorrect configuration of the Services;

-       force majeure.

Furthermore,  SecOps Forces does not guarantee that theServices, subject to constant research to improve performance and progress, will be totally freeof errors, defects or faults,

Regarding the Solution Service Level Guarantee

SecOps Forces makes its best efforts to maintain access to the Solution 24 hours a day, 7 days a week, except in the event of scheduled maintenance under the conditions defined in the "Maintenance of the Solution" article or in the event of force majeure.

Regarding Data Backup on the Solution

SecOps Forces makes its best efforts to save all data entered or produced on the Solution.

Except in the case of proven fault on the part of SecOps,  SecOps Forces is not responsible for any loss of data during maintenance operations.

Regarding Data Storage and Security

SecOps Forces provides sufficient storage capacity for the operation of the Services.

SecOps Forces makes its best efforts to ensure data security by implementing measures to protect the infrastructures and theSolution, to detect and prevent malicious acts and to recover data.

Regarding Subcontracting and assignment

SecOps Forces may use subcontractors in the performance of the Services, who are subject to the same obligations as  SecOps Forces within the framework of the irintervention. Nevertheless,  SecOpsForces remains solely responsible to the Client for the proper execution of theServices.

SecOps Forces may substitute any person who will be subrogated in all its rights and obligations under its contractual relationship with the Client. Where applicable,  SecOps Forces will inform the Client of this substitution by any written means.

Limitation of SecOps’ Liability

SecOps’ liability is limited solely to proven direct damage suffered by the Client as a result of using theServices.

With the exception of bodily injury, death and gross negligence, and subject to having made a claim by registered letter with acknowledgement of receipt, within a period of one month following the occurrence of the damage, SecOps’ liability shall not exceed the amounts it has received during the 12 months preceding the event giving rise to liability or the duration of the provision of its Services if this period is shorter, within the limit of the ceiling of its professional liability insurance.

Methods of Proof

Proof may be established by any means.

The Client is informed that the messages it has exchanged with  SecOps Forces on any support, as well as the data collected, captured and/or produced on the Solution and SecOps’ computer equipment constitute one of the admissible methods of proof, in particular to demonstrate the reality of the Services performed and the calculation of their price.

Personal Data

Processing of Personal Databy the Parties as Data Controllers

As part of their contractual relations, each party shall undertake to comply with the applicable regulations on personal data processing and, in particular, the General DataProtection Regulation (regulation EU 2016/679of the European Parliament and of the Council of 27 April 2016) and to theFrench Data Protection Act of 6 January 1978 (hereinafter referred together as the “Applicable Regulation”).

Each party processes personal data of contact person of the other party involved in the execution of the Terms, as controller within the meaning of the Applicable Regulation for the purpose of managing the contractual relations between the parties and for the duration of the subscription. These processing are carried out for the execution of the Terms and Conditions and only identification data (in particular surname, first name, email address, telephone number) are processed by the parties.

Personal data are retained during the duration strictly necessary for the purposes of managing the business relationship between the parties. The staff of each party, their control services (notably auditor) and their processors could have access to personal data.

The data subjects have the right to access, rectify, erase, restrict, object, request the portability of their personal data and the right to set guidelines on their personal data in case of death, together with the right to lodge a complaint before the competent supervisory authority.

Processing Carried Out by  SecOps Forces on Behalf of the Client Within the Framework of the Provision of the Services

Description of the Subcontracted Processing

As part of the Services,  SecOpsForces may process personal data on behalf of and for the account of theClient, in its capacity as data processor, while the Client acts as data controller within the meaning of the Applicable Data Protection Regulation. The characteristics of the processing activities are described in Appendix 1 of this Terms and Conditions.

Obligations of  SecOps Forces Towards the Client
Data Processing

SecOps Forces undertakes to process personal data solely for the purposes listed in Appendix 1 and in accordance with the Client’s documented instructions, including with regard to the transfer of data outside the European Union.  SecOps Forces agrees to inform the Client if,in its opinion, an instruction constitutes a violation of the Applicable DataProtection Regulation. Furthermore, if  SecOps Forces is required to transfer data to a third country or an international organization pursuant to applicable law under this Terms and Conditions, it shall inform the Client of such legal obligation prior to the processing, unless the relevant law prohibits such disclosure on important grounds of public interest.

Security and Confidentiality of Data

SecOps Forces undertakes to implement appropriate technical and organizational measures to ensure the security and integrity of personal data, their backup, and the restoration of their availability in the event of a physical or technical incident.  SecOps Forces shall also ensure that individuals authorized to process personal data are subject to a duty of confidentiality.

Subsequent Sub-processors

SecOps Forces is authorized to engage sub-processors (the “Subsequent Sub-processor”) listed in Appendix 1 of this Terms and Conditions to carry out specific processing activities. In the event of any changes to the list of authorized Subsequent Sub-processors,  SecOps Forces shall inform the Client in advance and in writing. Such notice must clearly identify the processing activities subcontracted, as well as the identity and contact details of theSubsequent Sub-processor. The Client shall have a period of fifteen (15) days from the date of receipt of such notice to raise any legitimate and reasoned objections. In the absence of any objections notified within that period, theClient shall be deemed to have accepted the engagement of the Subsequent Sub-processor.

The Subsequent Sub-processor shall be bound by the obligations set forth in this Terms and Conditions on behalf of and in accordance with the instructions of the Client. It is the responsibility of  SecOps Forces to ensure that the SubsequentSub-processor provides sufficient guarantees with respect to the implementation of appropriate technical and organizational measures so that the processing complies with the requirements of the Applicable Data Protection Regulation. If the Subsequent Sub-processor fails to fulfil its data protection obligations,  SecOps Forces shall remain fully liable to theClient for the performance by the Subsequent Sub-processor of its obligations.

Transfer of Personal Data Outside the European Union

SecOps Forces is authorized to transfer personal data processed under this Terms and Conditions to countries located outside the European Union, provided that appropriate safeguards, as defined under Chapter V of the aforementioned Regulation, are implemented.

Assistance and Provision of Information

SecOps Forces undertakes to assist the Client and to respond promptly to any request for information submitted by the Client, whether in connection with a data protection impact assessment or are quest made by data protection authorities or by the Client’s data protection officer.

Exercise of Data Subjects’ Rights

To the extent possible,  SecOpsForces shall assist the Client in fulfilling its obligation to respond to requests made by data subjects seeking to exercise their rights under theApplicable Data Protection Regulation. Where such requests are addressed directly to SecOps,  SecOps Forces shall promptly forward them to the Client by email, using the address provided by theClient.

Notification of Personal Data Breaches

SecOps Forces undertakes to notify the Client without undue delay after becoming aware of any personal data breach relating to the processing activities governed by this Terms and Conditions, and to provide the Client with all relevant information and documentation concerning such breach.

Return or Deletion of Data

SecOps Forces undertakes, at theClient’s option, to delete the personal data upon the termination of the Terms and Conditions or to return such data to the Client and not to retain any copythere of, unless retention is required under Applicable Data ProtectionRegulation. The Client shall have a period of one (1) month from the end of theTerms and Conditions to exercise this option. Failing such instruction within that time frame,  SecOps Forces shall delete all personal data.

Documentation

SecOps Forces shall make available to the Client, upon request, all information and documentation necessary to demonstrate compliance with its obligations and to enable the performance of audits. The Client may carry out such audits once (1) per year, at its own expense, to verify SecOps’ compliance with the obligations set forth in this clause. The Client shall provide  SecOpsForces with at least two (2) weeks’ prior written notice of the audit. The identity of the auditor must be mutually agreed upon by the parties.

SecOps Forces reserves the right to reject the proposed auditor if they are affiliated with a competing company.The audit must be conducted during SecOps’ business hours and in a manner that minimizes disruption to its operations. The audit must not, in any way: (i) compromise the technical and organizational security measures implemented by SecOps; (ii)jeopardize the security and confidentiality of data belonging to other clients of SecOps; or (iii) interfere with the proper functioning and production organization of SecOps. To the extent possible, the parties shall agree in advance on the scope of the audit. The audit report shall be provided to  SecOps Forces to allow it to submit any comments or observations in writing, which shall be appended to the final version of the audit report. Each audit report shall be treated as confidential information.

Reuse of Data by SecOps

The Client hereby authorizes  SecOpsForces to process personal data collected in the course of providing theServices (including connection and identification data) for the purpose of improving SecOps’ services. In this context,  SecOps Forces shall act as a data controller within the meaning of the Applicable Data Protection Regulation and undertakes to comply with all relevant legal provisions concerning data protection with respect to the aforementioned processing activities.

Obligations of the Client Towards SecOps

The Client undertakes to:

(a) provide  SecOps Forces with the personal data specified in Appendix 1, excluding any irrelevant, disproportionate, or unnecessary personal data, and excluding any “special category data” within the meaning of the Applicable Data Protection Regulation, unless the processing justifies such data, in which case the Client shall be responsible for establishing such justification and for implementing all appropriate measures, including prior information, obtaining consent, and ensuring security, with respect to such special category data;

(b) collect, under its own responsibility, in a lawful, fair, and transparent manner, the personal data provided to  SecOps Forces for the performance of its services, and in particular, ensure that there is a valid legal basis for such collection and that the data subjects are properly informed;

(c) maintain a record of processing activities and, more generally, comply with the principles set out in the Applicable Data Protection Regulation;

(d) ensure, both prior to and throughout the duration of the processing, compliance with the obligations set forth in the Applicable Data ProtectionRegulation.

Confidentiality

Unless otherwise agreed in writing by the other party, the parties respectively undertake to keep confidential, for the duration of their contractual relationship and 3 years thereafter, all information relating to or held by the other party, of which they may have become aware during the conclusion and performance of their contractual relationship.

This obligation does not extend to information :

-       of which the party receiving it was already aware;

-       already public at the time of communication, or which would become public without breach of this clause;

-       which has been lawfully received from a third party;

-       the communication of which would be required by judicial authorities, inapplication of laws and regulations or in order to establish the rights of a party within the framework of the contractual relationship between the parties.

Confidential information may be passed on to the parties' respective employees, Users, collaborators, trainees, agents and co-contractors, provided that they are subject to the same obligation of confidentiality.

Sanctions for Breaches

The following are essential obligations to the Client (the "Essential Obligations"):

-       payment of the price;

-       not to provide incorrect or incomplete information to SecOps;

-       to respect the usual rules of politeness and courtesy in exchanges with SecOps;

-       not to use the Services for a third party;

-       not to carry out any act of reverse engineering or more generally any expertise by any means whatsoever of  SecOps Forces tools and Services;

-       not to engage in any illegal, fraudulent or infringing activities against the rights or safety of third parties, the breach of public order or the violation of applicable laws and regulations.

In the event of a breach of any of these Essential Obligations,  SecOpsForces may:

-       suspend or terminate the Client's access to the Services;

-       warn any competent authority, cooperate with it and provide it with all information useful for the investigation and repression of illegal or illicit activities;

-       take any legal action.

These sanctions are without prejudice to any damages that  SecOps Forces may claim from the Client.

In the event of breach of any obligation other than an Essential Obligation,  SecOps Forces will request the Client by any useful written means to remedy the breach within a maximum period of 15calendar days. The Services will be terminated at the end of this period if the breach is not remedied.

Modification of the Terms and Conditions

SecOps Forces may modify its Terms and Conditions at any time and will inform the Client by any written means (and in particular by email) 2 months at least before they come into force.

The modified Terms and Conditions will apply when theClient's subscription is renewed or when new Services are subscribed.

If the Client does not accept these modifications, it must terminate its subscription in accordance with the terms and conditions set out in the "Termination of the Services" article.

If the Client uses the Services after the entry into force of the modified Terms and Conditions, SecOps Forces considers that the Client has accepted them.

Force Majeure

The parties shall not be liable for any failure or delay in the performance of their contractual obligations due to force majeure occurring during the term of their relationship. Force majeure includes:

-       any case meeting the conditions of article 1218 of the French Civil Code and recognized by jurisprudence;

-       strikes, terrorist activities, riots, insurrections, wars, government actions, epidemics, natural disasters or failure attributable to a third-party telecommunications service provider.

If one of the parties is prevented from fulfilling its obligations due to force majeure, it must inform the other party by registered letter with acknowledgement of receipt. Obligations will be suspended on receipt of the letter, and must be resumed within a reasonable time once the force majeure has ceased.

The prevented party nevertheless remains bound by the performance of obligations not affected by force majeure, and by all payment obligations.

Termination of theServices

The subscription may be terminated no later than 1 month before the end of the current Period, by:

-       The Client, by sending a request to  SecOpsForces at the following address:4 Boulevard Saade, Quai Arenc Tour Le Mirabeau – 13002 MARSEILLE, FRANCE or through the dedicated button on the Platform;  

-       SecOps, by sending an email to the Client.

Any Period started is due in full.

Upon termination of the Services, the Client no longer has access to the Solution.

The termination of the subscription has no effect on the provisions hereof which are intended to continue beyond the end of the subscription, and in particular the "IntellectualProperty" and "Confidentiality" articles.

Applicable Law and Jurisdiction

The Terms and Conditions are governed by French law.

In the event of a dispute between theClient and SecOps, and in the absence of an amicable agreement within 2 months of the first notification, the dispute will be submitted to the exclusive jurisdiction of the courts of Paris (France), except in the case of mandatory provisions to the contrary.

APPENDIX 1

Personal Data

Description of the Data Processing Carried Out by  SecOps Forces on Behalf of the Client
Purpose of the  Processing of Personal Data

Provision of the  Services as defined in this Agreement

Nature of Processing  Operations

Collection, recording,  organization, structuring, storage, adaptation or alteration, retrieval,  consultation, use, disclosure by transmission, dissemination or otherwise  making available, alignment or combination, restriction, erasure or  destruction.

Types of Personal Data  Processed

Users' connection data  to the Platform (Last name, first name, professional email address), email  address from a data breach, IP address in case of vulnerability scanning,  results of phishing campaign tests, results of training campaign tests,  Employee risk level

Categories of Data  Subjects

The Client's customers,  the Client's employees

Duration of the  Processing

Term of the contract

List of Authorized Subsequent Sub-processors
Authorized Subsequent  Sub-processors
Subcontracted Processing Activities
Location of Processing
Appropriate Safeguards for Data  Transfers Outside the EU

Microsoft  Azure - Hosting and infrastructure services  for the Platform - France (Azure France Region) Data hosted within the EU – no  transfer outside the EU

PowerDMARC - Email authentication analysis and  DMARC reporting - United States

Standard Contractual Clauses (SCCs)  and security certifications (ISO 27001, SOC 2)

Kinde - User  authentication and identity management - United States - Standard Contractual Clauses (SCCs)  and compliance with GDPR requirements

CanIPhish - Phishing simulation and security  awareness training - Germany / Australia

Data stored in Germany; for  Australian access, SCCs and GDPR-compliant hosting provided

Have I Been Pwned -  Verification of email addresses  exposed in public data breaches

United States Australia Microsoft  Azure data centre -  Standard Contractual Clauses  (SCCs); GDPR-aligned public breach data usage only

Produit
FonctionnalitésTutorialsPrix
Compagnie
A propos de nousContact
Ressources
BlogNewsletterSupport
Social
LinkedIn
Legal
LégalPolitique de confidentialitéTermes et conditions