Data‑Processing Agreement (DPA)

Last updated: 13 May 2025

Plain‑language note – This DPA describes how CSCONSEIL processes personal data on behalf of its customers when they use the services available at datamonkeyz.com (the “Services”). It is a simplified rewrite of the original legal text. Please have qualified counsel review any final version before signature.

---

1. Parties

CSCONSEIL — sole proprietorship registered in France, SIREN 803 463 629, registered office at 42 rue de Plaisance, 92250 La Garenne‑Colombes, France ("CSCONSEIL", "Processor", "we/us"). Customer — any natural or legal person that subscribes to the Services ("Customer", "Controller", "you").

Together we are the Parties and each a Party.

This DPA replaces any earlier data‑processing clauses between the Parties.

---

2. Scope & roles

• The Customer determines why and how personal data are processed and therefore acts as Data Controller under the EU General Data Protection Regulation (GDPR).
• CSCONSEIL processes those data strictly on the Customer’s documented instructions and therefore acts as Processor.
• When CSCONSEIL processes its own business contacts (e.g. your representatives for support or billing) it acts as an independent Controller.

---

3. Definitions

Term	Meaning
Personal Data	Any information about an identified or identifiable person that the Customer uploads to or collects via the Services.
Processing	Any operation performed on Personal Data (collection, storage, analysis, deletion, etc.).
Personal‑data breach	A security incident that leads to accidental or unlawful loss, alteration, disclosure of or access to Personal Data.

---

4. Details of the processing

• Types of data – Contact details (name, email, phone, etc.), login credentials, location data, preferences and any other information the Customer chooses to collect with our crawlers.
• Data subjects – Natural persons chosen by the Customer (customers, prospects, staff, suppliers, etc.).
• Purpose – Operating the Services, i.e. automated, recurring collection of publicly available online data (via crawlers) and related automation features such as sending messages through third‑party platforms.
• Duration – For the term of the main service contract plus up to six (6) months, unless longer storage is required by law or agreed in writing.

---

5. Customer obligations (Controller)

The Customer shall:

1. Provide lawful instructions and ensure they do not involve special‑category data unless explicitly agreed.
2. Verify CSCONSEIL’s compliance with GDPR (including by audit on 15 days’ notice, during business hours and at Customer’s expense).
3. Implement appropriate security on its own systems and credentials.
4. Inform data subjects and obtain any required consent for the envisaged processing.
5. Handle data‑subject requests (access, erasure, portability, etc.).
6. Maintain a record of processing activities in its capacity as Controller.

---

6. CSCONSEIL obligations (Processor)

CSCONSEIL shall:

1. Process data only on documented instructions unless EU or French law requires otherwise (in which case we will inform you unless prohibited).

2. Apply data‑protection‑by‑design and by default in our tools.

3. Keep data confidential and ensure staff and sub‑processors are bound by the same duty.

4. Implement appropriate technical and organisational measures (encryption, access control, logging, backups, etc.) to protect Personal Data. Details are available on request.

5. Notify the Customer of any personal‑data breach without undue delay and, in any event, within 48 hours of discovery, providing sufficient information to meet regulatory duties.

6. Assist the Customer, insofar as possible, with:

   • responding to data‑subject requests,
   • performing data‑protection‑impact assessments,
   • consulting supervisory authorities,
   • breach notifications.

7. Delete or return data within six (6) months after contract end, unless law requires retention or the Customer requests a shorter or longer period.

8. Maintain a register of processing activities carried out on behalf of the Customer.

Sub‑processing

• A list of our current sub‑processors (e.g. hosting, payment, CRM providers) is available at datamonkeyz.com/legal/sub‑processors.
• We will notify you of any change at least 15 calendar days in advance. You may object by terminating the affected service within that period; unused prepaid fees will be refunded.
• We impose the same data‑protection obligations on every sub‑processor. Transfers outside the EEA rely on EU‑approved Standard Contractual Clauses or other lawful mechanisms. We remain fully liable for each sub‑processor’s performance.

---

7. Supervisory authority cooperation

Each Party will cooperate with the competent data‑protection authority ("CNIL" in France) on request.

---

8. Data‑protection officer

CSCONSEIL has appointed a DPO who can be reached at simon.rochwerg.pro@gmail.com or at the postal address above. If the Customer has a DPO, it shall share the contact details with CSCONSEIL’s DPO.

---

9. Precedence & changes

This DPA supplements the general terms of service. In the event of conflict, this DPA prevails.

We may update this DPA to reflect legal or technical changes. We will post the new version on datamonkeyz.com and give 30 days’ notice. You may terminate the Services free of charge within that period.

---

10. Signatures

By entering into the main service agreement or using the Services after the notice period, the Parties are deemed to have accepted this DPA.