Votre iPhone force la lecture des vidéos en plein écran.
Cela vous empêchera de profiter pleinement d'Ilini. Vous pouvez faire une mise à jour vers iOS 10, ou utiliser un ordinateur. ×
Legal Information

Data Processing Addendum

This Data Processing Addendum (“DPA”) applies to schools and organizations using Ilini. It applies as set out in clause 13 of the Agreement. In the event of any conflict between the Agreement and this DPA, this DPA shall prevail.

1. Definitions

1.1 Unless otherwise set out below, each capitalised term in this DPA shall have the meaning set out in the Agreement and the following words and expressions shall have the following meanings:

(a) “Customer Personal Data” means the personal data described here and any other personal data that Ilini processes on your behalf in connection with your use of the Service;

(b) “Data Protection Laws” means any applicable legislation protecting the fundamental rights and freedoms of persons and their right to privacy with regard to the Processing of Customer Personal Data, including without limitation the EU General Data Protection Regulation 2016/679 of the European Parliament and of the Council (“GDPR”);

(c) “European Economic Area” or “EEA” means the Member States of the European Union together with Iceland, Norway, and Liechtenstein;

(d) “Party” means each of you and Ilini;

(e) “Security Incident” means any accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, any of the Customer Personal Data;

(f) “Standard Contractual Clauses” means the Standard Contractual Clauses (processors) approved by the European Commission Decision C(2010)593 or any subsequent version thereof released by the European Commission (which will apply automatically); and

(g) “Subprocessor” means any Processor engaged by Ilini who agrees to receive from Ilini Customer Personal Data.

1.2 The terms “personal data”, “Controller”, “Processor”, “Data Subject”, “Process” and “Supervisory Authority” shall have the same meaning as set out in the GDPR.

2. Data processing

2.1 Instructions for Data Processing. Ilini will only Process Customer Personal Data in accordance with

(a) the Agreement, to the extent necessary to provide the Service to you, and

(b) the your written instructions, unless Processing is required by European Union or Member State law to which Ilini is subject, in which case Ilini shall, to the extent permitted by applicable law, inform you of that legal requirement before Processing Customer Personal Data in that way.

2.2 The Agreement (subject to any changes to the Service agreed between the Parties) and this DPA shall be your complete and final instructions to Ilini in relation to the processing of Customer Personal Data. Processing outside the scope of this DPA or the Agreement will require prior written agreement between you and Ilini on additional instructions for Processing.

2.3 Where applicable by virtue of Article 28(3)(h) of the GDPR, Ilini shall immediately notify you in the event that Ilini believes your instructions conflict with the requirements of the GDPR or other EU or Member State laws.

2.4 Right to Process. You shall ensure that Ilini (and any Subprocessors) are legally permitted to store and Process the Customer Personal Data as contemplated under the Agreement and Statements of Work, including as follows:

(a) the Processing of any Customer Personal Data will be consistent with the information communicated to the relevant Data Subjects or as otherwise necessary in accordance with applicable law; and

(b) where required by applicable Data Protection Laws, you have obtained/will obtain all necessary consents for the Processing of Customer Personal Data by Ilini in accordance with the Agreement.

3. Transfer of personal data

3.1 Authorised Subprocessors. You agree that Ilini may use the entities listed below as Subprocessors to Process Customer Personal Data: 

Name

Service

Usage and Country

Mailgun

IaaS provider

We use Mailgun for their email service.

DigitalOcean LLC.

IaaS provider

We use Digital Ocean for their compute and data storage.

Google LLC.

PaaS/SaaS provider

We use Google for G Suite, Google Cloud and Google Analytics.

Stripe, Inc.

Payment provider

We use Stripe to process payments on the platform.

PayPal Holdings, Inc.

Payment Provider

We use Paypal to process payments on the platform.

Quaderno

SaaS provider

We use Quaderno for the accounting and invoicing of our company.

3.2 You agree that Ilini may use subcontractors to fulfil its contractual obligations under the Agreement and Ilini shall notify you from time to time of the identity of any amendments to the Subprocessors it engages. If you (acting reasonably) do not approve of a new Subprocessor, then without prejudice to any right to terminate the Agreement, you may request that Ilini moves Customer Personal Data to another Subprocessor and Ilini shall, within a reasonable time following receipt of such request, use all reasonable endeavours to ensure that the Subprocessor does not Process any of the Customer Personal Data.

3.3 Save as set out in paragraphs 3.1 and 3.2, Ilini shall not permit, allow or otherwise facilitate Subprocessors to Process Customer Personal Data without your prior written consent and unless Ilini enters into a written agreement with the Subprocessor which imposes the same obligations on the Subprocessor with regard to their Processing of Customer Personal Data, as are imposed on Ilini under this DPA.

3.4 Liability of Subprocessors. Ilini shall at all times remain responsible for compliance with its obligations under the DPA and will be liable to you for the acts and omissions of any Subprocessor approved by you in accordance with paragraphs 3.1 and 3.2 as if they were the acts and omissions of Ilini.

3.5 Prohibition on Transfers of Personal Data. To the extent that the Processing of Customer Personal Data by Ilini involves the export of such Personal Data to a country or territory outside the EEA, Ilini shall ensure that:

(a) the recipient, or the country or territory in which it Processes or accesses the Personal Data, ensures an adequate level of protection for the rights and freedoms of data subjects in relation to the Processing of Customer Personal Data as determined by the European Commission; or

(b) the transfer is based on the Standard Contractual Clauses or (where relevant) the U.S. – EU Privacy Shield, or another legally recognised transfer method. If there is any inconsistency between any of the provisions of the Standard Contractual Clauses and the provisions of the Agreement, the provisions of the Standard Contractual Clauses shall prevail.

4. Data security, audits and security notifications

4.1 Ilini Security Obligations. Taking into account the state of the art, the costs of implementation and the nature, scope, context and purposes of Processing, as well as the risk of varying likelihood and severity for the rights and freedoms of natural persons, Ilini shall implement appropriate technical and organisational measures to ensure a level of security appropriate to the risk, including the measures set out here.

4.2 Security Audit. You may, upon reasonable notice, audit (either by itself or using independent third party auditors) Ilini’s compliance with the security measures set out in this DPA (including the technical and organisational measures as set out in here), including by conducting audits of Ilini’s data processing facilities. Ilini shall assist with, and contribute to any audits conducted in accordance with this paragraph 4.2.

4.3 Upon your reasonable request, Ilini shall make available all information reasonably necessary to demonstrate compliance with this DPA.

4.4 Security Incident Notification. If Ilini or any Subprocessor becomes aware of a Security Incident, Ilini will

(a) notify you of the Security Incident without undue delay,

(b) investigate the Security Incident and provide such reasonable assistance to you (and any law enforcement or regulatory official) as required to investigate the Security Incident, and

(c) take steps to remedy any non-compliance with this DPA.

4.5 Ilini Employees and Personnel. Ilini shall treat Customer Personal Data as your Confidential Information, and shall ensure that any employees or other personnel have agreed in writing to protect the confidentiality and security of Customer Personal Data.

5. Access requests and data subject rights

5.1 Data Subject Requests. Save as required (or where prohibited) under applicable law, Ilini shall notify you of any request received by Ilini or any Subprocessor from a Data Subject in respect of their personal data included in Customer Personal Data, and shall not respond to the Data Subject.

5.2 Ilini shall provide you with the ability to correct, delete, block, access or copy Customer Personal Data in accordance with the functionality of the Service.

5.3 Government Disclosure. Ilini shall notify you of any request for the disclosure of Customer Personal Data by a governmental or regulatory body or law enforcement authority (including any data protection supervisory authority) unless otherwise prohibited by law or a legally binding order of such body or agency.

6. Assistance

6.1 Where applicable, taking into account the nature of the Processing, and to the extent required under applicable Data Protection Laws, Ilini shall provide you with any information or assistance you reasonably request for the purpose of complying with any of your obligations under applicable Data Protection Laws, including:

(a) using all reasonable endeavours to assist you by implementing appropriate technical and organisational measures, insofar as this is possible, for the fulfilment your obligation to respond to requests for exercising Data Subject rights laid down in the GDPR; and

(b) providing you with reasonable assistance with any data protection impact assessments and with any prior consultations to any of your Supervisory Authorities, in each case solely in relation to Processing of Customer Personal Data and taking into account the information available to Ilini.

7. Duration and termination

7.1 Deletion of data. Subject to 7.2 and 7.3 below, Ilini shall, within 90 (ninety) days of the date of termination of the Agreement:

(a) return a complete copy of all Customer Personal Data by secure file transfer in such a format as notified by you to Ilini; and

(b) delete and use all reasonable efforts to procure the deletion of all other copies of Customer Personal Data Processed by Ilini or any Subprocessors.

7.2 Subject to section 7.3 below, you may in your absolute discretion notify Ilini in writing within 30 (thirty) days of the date of termination of the Agreement to require Ilini to delete and procure the deletion of all copies of Customer Personal Data Processed by Ilini. Ilini shall, within 90 (ninety) days of the date of termination of the Agreement:

(a) comply with any such written request; and

(b) use all reasonable endeavours to procure that its Subprocessors delete all of Customer Personal Data Processed by such Subprocessors, and, where this section 7.2 applies, Ilini shall not be required to provide a copy of Customer Personal Data to you.

7.3 Ilini and its Subprocessors may retain Customer Personal Data to the extent required by applicable laws and only to the extent and for such period as required by applicable laws and always provided that Ilini shall ensure the confidentiality of all such Customer Personal Data and shall ensure that such Customer Personal Data is only Processed as necessary for the purpose(s) specified in the applicable laws requiring its storage and for no other purpose.

Annex 1: Details of the processing of customer personal data

This page includes certain details of the processing of Customer Personal Data as required by Article 28(3) of the GDPR.

**Subject matter and duration of the Processing of Customer Personal Data**

The Processing of Customer Personal Data in connection with your access to the Service on the terms set out in the Agreement.

**The nature and purpose of the Processing of Customer Personal Data**

The provision of the Service to you.

**The types of Customer Personal Data to be processed**

Any Personal Data uploaded or created on the Service, including name, contact details, profile information, and any Personal Data contained in User Content uploaded or created on the Service.

**The categories of data subject to whom the Customer Personal Data relates**

Users.

**Your obligations and rights**

The obligations and rights of the Customer are as set out in this DPA.

Annex 2: Technical and organisational security measures

  1. Ilini maintains internal policies and procedures, or procures that its Subprocessors do so, which are designed to:

(a) secure any Personal Data Processed by Ilini against accidental or unlawful loss, access or disclosure;

(b) identify reasonably foreseeable and internal risks to security and unauthorised access to the Personal Data Processed by Ilini;

(c) minimise security risks, including through risk assessment and regular testing.

  1. Ilini will, and will use reasonable efforts to procure that its Subprocessors conduct periodic reviews of the security of their network and the adequacy of their information security program as measured against industry security standards and its policies and procedures.
  2. Ilini will, and will use reasonable efforts to procure that its Subprocessors periodically evaluate the security of their network and associated services to determine whether additional or different security measures are required to respond to new security risks or findings generated by the periodic reviews.
  3. Ilini will provide its staff with regular training on data security and privacy issues relevant to staff members’ job role.
×

S'inscrire

{{ registerForm.errors.get('form') }}
{{ registerForm.errors.get('invitation') }}

S'inscrire et rejoindre {{ invitation.team.name }}!

Oups ! Ce code d'invitation n'est pas valide.
{{ registerForm.errors.get('name') }}
{{ registerForm.errors.get('email') }}
{{ registerForm.errors.get('password') }}
Code de groupe
{{ registerForm.errors.get('teacher') }}
{{ registerForm.errors.get('receive_reminders') }}
{{ registerForm.errors.get('terms') }}
Déjà membre ? S'identifier
×
Essentiels

Mon vocabulaire
0

Tout les mots que vous cliquez, à un seul endroit


Requiert un compte gratuit

S'identifier S'inscrire ×

Classe en ligne

La classe virtuelle vous permet de donner des devoirs à vos élèves.

Demandez à vos élèves de :
- Visionner une vidéo
- Répondre au quiz de compréhension
- Rédiger une réponse à vos questions
- Télécharger, imprimer et compléter des exercices (PDF)

Vous pouvez créer autant de classes que nécessaire et inviter un nombre illimité d'élèves. Vos élèves n'ont besoin que d'un compte gratuit pour rejoindre votre classe et accéder à leurs devoirs.
×