Terms and conditions of use of the AppConsent Solution available in 3 offers: AppConsent Enterprise, AppConsent Standard and AppConsent Free
AppConsent, the Consent Management Platform (CMP) built and distributed by SFBX, is a complete and powerful trusted third party solution. It enables digital players to optimize their consent rates and ensure a qualitative and personalized user experience.
With AppConsent, the Client can collect, prove, centralize and distribute user consents across all its digital channels.
The subscription and access to the AppConsent solution published by SFBX by the Client implies the express and unreserved acceptance by the latter of the present General Terms and Conditions and agrees to be bound by them.
SFBX may modify these Terms and Conditions at any time.
SFBX shall inform Clients of such changes by e-mail or any other form of communication accepted by the Clients, taking care to respect a notice period.
Article 1 - Definitions
The following terms have the following meanings in these General Conditions unless otherwise specified.
CGU: the present General Conditions of Use.
Digital Channels: means the Customer's applications and databases, under its responsibility, to which the Consents are communicated in the context of the SaaS Service.
Client: means a natural or legal person, consumer as defined in the French Consumer Code, who has subscribed to and uses one of the offers of the AppConsent solution thanks to an Identifier.
Account : consolidated set of the Customer's data including raw data and files uploaded by the Customer in the context of the collection of consent from users of its websites or mobile applications.
Consent : means any free, specific, informed and unambiguous expression of will by which the User accepts, by a declaration or by a clear positive act, that personal data concerning him/her may be processed as defined by the Personal Data Regulations, which must be obtained prior to the installation by the Client of cookies or tracers on the Visitor's Terminal.
AppConsent Agreement: means the legal document that the Client will be required to sign after the 14 day trial period in order to legally formalise the subscription and use of the AppConsent Solution. This document will frame the relationship between the Client and the Service Provider.
Data: means any information or document that the Customer registers on his Account, and in the context of the application of the contracts, any user data collected in the context of the collection of consent.
Commitment : refers to the set of commitments constituted by the opening of an AppConsent account by the Customer and his acceptance of these General Conditions.
Host: external service provider to whom SFBX subcontracts the hosting of the AppConsent Solution and the Client Data.
Username: the combination of username and password required by the Customer to log in to their Account to access the back office of the AppConsent Platform.
Consent Notice: The notice owned by the Service Provider containing the legal information required to obtain a Consent and provided by the Service Provider to the Client as a deliverable at the end of the SaaS Service installation and implementation services.
New Versions: refers to all functional and/or technical evolutions of the Platform developed at the initiative of the Service Provider within the framework of the SaaS Service, to enrich the Platform and to meet needs that can be shared between SaaS Service customers and the new obligations of the Personal Data Regulation.
Partner: an organisation with which the Customer agrees to share Data for the purpose of using and paying for the provider's Saas Service.
AppConsent Platform: a SaaS service to which the Client must connect from a mobile phone, tablet or personal computer to use the AppConsent Consent Management Solutions. Means the set of computer programs based on a permissioned blockchain or any other equivalent technology, of which the Provider owns the intellectual property or has licensed the necessary intellectual property rights, meeting the needs of the Saas Service customers in a standard way, including New Versions developed and deployed automatically by the Provider.
Provider: provider of the Saas service, i.e. SFBX.
Proof: means the extraction from the Platform of information relating to a User's Consent.
Personal Data Regulation: means the law of 6 January 1978 known as "Informatique & Libertés", as amended by law no. 2018-493 of 20 June 2018, and all associated or substitute implementing texts, and European Regulation no. 2016/679 of 27 April 2016 applicable as of 25 May 2018 (hereinafter the EU Regulation 2016/679).
SaaS Service : means the automatic collection, management and tracking of Consent on the Platform for the Site(s).
Site : means the Client's website(s), mobile site(s), application(s) or software (such as Chatbot).
AppConsent Solution: refers to the intermediation and consent management services offered by SFBX that allows the Client to store, administer and share the consents of the Users of its services (websites or applications) with partners in compliance with Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of Data. It is available in 3 offers with specific functionalities according to the Customer's needs: AppConsent Enterprise, Standard and Free.
Matching table: means the reconciliation, allowing to identify a User, between the identifier assigned by the Service Provider to a Consent and the personal data of the User associated with his Terminal and collected on the Site. The blockchain thus contains the identifier assigned to the User but not his personal data (his IP address; MAC number, etc.).
Terminal : refers to the computer, smartphone, IOT, or any other device on which it is technically possible to collect consent, used by the User to access the Site.
Users: refers to any natural person, end customer of the Client or simple Internet user, accessing the Client's Site with its Terminal and benefiting from the Services.
Article 2 - Characteristics of the services offered by SFBX
SFBX provides its clients with a trusted third party solution to collect, prove, centralize and distribute the Consents collected from Users on all their digital channels. AppConsent is a Consent Management Platform (CMP).
The Customer must connect to the Internet (SaaS solution) and then to the Platform to use the AppConsent solution.
The Platform respects the RGPD, the guidelines and recommendations of the CNIL and integrates the IAB standards (IAB Framework) in its latest versions but also our own non-IAB Framework.
It therefore makes it possible to obtain the User's consent for a specific purpose, in a clear and unambiguous manner, to be able to prove it, but also, if the User so wishes, to withdraw his consent at any time.
The design of all Consent Notices are customizable via the back office. Predefined templates are also available.
The information is available via REST APIs so that the Customer can query the status of the consent before triggering a specific marketing action and if necessary expose the proof.
These APIs can therefore also be used to propagate Consents to the Customer's IS, CRM or DMP via the management console (integration required).
The platform also manages the propagation of Consents through sites/groups or web. Specifically, depending on the settings made during the setup phase, a Consent can be collected for Site A, a group of Sites (A+B+..) and/or any Site. Thus, Users' Consents can remain valid only for the Customer's perimeter. In this case, the withdrawal of Consent will be symmetrical.
The technology of the Platform is based on a private blockchain developed by SFBX, the consents as well as all the mutations (acceptance/refusal/withdrawal/modifications...) are stored in secured, immutable and auditable ledgers.
The SaaS Service Customer will be able to deliver proof of the collection of Consent as well as the User's choices regarding their preferences upon request from a regulator or the User.
The Platform is designed in its foundations respecting the concepts of Privacy by Default and Privacy by Design. Thus, its default behaviour will always take the decision that protects the personal data of the Users, as well as the Processes.
The AppConsent solution is available in 3 offers: AppConsent Enterprise, Appconsent Standard and Appconsent Free.
The AppConsent solution and offerings are subject to change as a result of improvements or updates without prior notice to the Customer.
Article 3 - Legal capacity
By creating an Account, the Customer declares that he/she is of legal age and able to enter into a contract.
In the case of incapacitated persons and minors, the Customer declares that he is legally authorised to represent them, either because he has parental authority or because he has been designated as their legal representative by a court decision. The Customer undertakes to justify this at the first request of AppConsent.
For any person working for a legal entity, the latter declares that he/she is authorised to commit the company he/she represents.
Article 4 - Registration, Account creation, connection to AppConsent solutions and Trial Period
To access the AppConsent Platform, the Customer must subscribe to one of the 3 offers on the SFBX.io website and fill in the following information in order to activate the SaaS service:
- Company name,
- Postal address and country,
- Siret and RCS numbers,
- Intracommunity VAT number,
- Name of the legal representative,
- Name and surname of the contact person,
- Bank details :
- Credit card: Credit card number, name on the card, validity date and CVV code
- Direct debit and bank transfer: Bank identification statement
- Volume in MAU/VU
- Choice of the monthly price of the offer according to the volume
- Email (Username)
- Password (creation)
A verification email is sent to the address provided to activate the Account and access the platform.
The platform is common to all 3 AppConsent offerings.
The AppConsent Platform, for technical reasons, automatically collects the unique identification number of the device (IP and/or IMEI) used to create the Account and of other devices subsequently authorized by the Customer to connect to the Account.
The Customer is responsible for keeping his login and password.
The Client undertakes to immediately inform SFBX of any loss and/or disclosure of his/her login or password.
Access to AppConsent solutions can be achieved by means of a digital identity authentication process (such as a PIN code or other) which guarantees the Customer secure access to his Account in addition to the email address and password chosen at the time of creating the Account.
Following registration and subscription to the offer, the Customer has a 14-day trial period during which he has access to all the features of the Solution permitted by the offer to which he has subscribed.
Following this 14-day trial period, the Customer will have to sign the Agreement framing the relationship between the Customer and the Service Provider in order to legally formalize the subscription to the offer.
Article 5 - Use of AppConsent solutions and Data processing
The access to the AppConsent platform and the conditions of use are the same for the customers of the 3 AppConsent offers.
The Customer has the right to access the Platform from its fixed or mobile equipment using the Identifiers provided to the Customer and in its custody. The Identifiers are intended to restrict access to the Platform to the Customer's administrators authorised by the Customer to manage the Customer's account, to protect the integrity and availability of the Platform and the integrity, availability and confidentiality of Users' data.
The Identifiers are personal and confidential. They are managed by the Customer. The Customer undertakes to do everything possible to ensure that its administrators keep the Identifiers confidential and respect the security instructions.
The Customer is fully responsible for the materials and the Credentials and for the implementation of adequate security measures.
SFBX grants the Client, for the duration of the Contract, a personal, non-exclusive, non-assignable and non-transferable right to use the Platform, for the purposes of the activity of its website(s) or mobile applications.
For the performance of the Services, the Parties implement a processing of Users' personal data for which the Client is qualified as the controller and the Provider as the processor in accordance with Article 28 of the GDPR (hereinafter the "Users' Processing").
The purpose of User Processing is to manage the Visitor's consent to the installation of cookies or tracers on his Terminal.
The data processed for this purpose are :
- identification data, i.e. the attribution of a unique identifier to each Visitor in order to keep the characteristics relating to his consent;
- IP address ;
- MAC address
- IMEI number
- IDFA number
- connection data.
The nature of the operations carried out on Users' personal data is defined below:
- Consent operations
- Consent Management Operations
- Operations related to the withdrawal of consent
- Data archiving
- Destruction of documents
- Realization of statistics
The Platform automatically collects, manages, tracks and stores Consents on behalf of the Customer, which are time-stamped and unchangeable. At the time of collection, each Consent is collected in accordance with the Consent Notice and linked to a User by the implementation of the correspondence table.
Article 6 - Financial conditions
This service is subject to payment according to the conditions of the offer described on the SFBX.io website and included in these TOS.
Payments are made by monthly direct debit on the Customer's credit card or by direct debit on the Customer's website by the partner Stripe.
SFBX shall not be liable for any breach or improper handling of the Client Data by the Stripe Partner.
The Client is obliged to inform SFBX in the event of non-compliance or breach by the Stripe Partner of its obligations to manage its Data.
Article 7 - Data Security
The hosting of the AppConsent Platform and the Data meets high standards of protection and security.
The Data that the Customer registers in his AppConsent Account is encrypted.
SFBX and its Host cannot decrypt the Data.
The Customer may at any time upload, download or delete the Data in his account, under his sole responsibility.
SFBX guarantees that in the Client Account Data only the email, and the encrypted password are stored and that they :
- are kept in accordance with the authorisations granted by the Client;
- are hosted, backed up and secured according to the best technical standards in force in order to prevent any attempt of detour or accidental loss;
- are available, accessible and portable at any time at the first request of the Customer;
- are strictly confidential and are not communicated to third parties except with the prior authorisation of the Client, in cases provided for by law or in the event of a judicial requisition.
The AppConsent platform undertakes not to make any copy of the Data, except for technical requirements.
Only an SFBX administrator is authorized to work on the Encrypted Data for well-defined technical needs: maintenance and update of the AppConsent Platform.
SFBX shall not be held responsible for any breach of security of the Client Data by the Stripe Partner.
The Client is obliged to inform SFBX in the event of non-compliance or breach by the Stripe Partner of its obligations to protect its Data.
Article 8 - Duration of the appointment
The SaaS Service takes effect from the time the Customer subscribes to the Offer for an indefinite period.
The Customer may terminate the commitment at any time by cancelling the offer subscribed to on the Platform and under the conditions set out in the contract. The termination will be effective at the end of the current billing period.
SFBX may, as of right, terminate the commitment at any time in the event of non-compliance by the Client with the obligations set forth in these general terms and conditions, in accordance with the contractual terms and conditions.
Article 9 - Effects of the end of the appointment
The end of the commitment leads to the closing of the Account and the archiving of the Data.
SFBX guarantees the Portability of Data to the Client (return or transfer) or their deletion in the cases provided for by law, as soon as possible.
The restitution will be made by providing a link to download the Data, in json format. This link will be available for 10 days after the effective termination date.
Beyond that, the Customer's data will be deleted without further notice.
Article 10 - Suspension of access to the Account
SFBX reserves the right to suspend access to the Account in the event of non-compliance with any of the clauses contained in these GTC or in the signed contract.
Access will be restored once the Customer has remedied the deficiencies that caused the suspension.
Article 11 - Client's obligations
The Client is solely and entirely responsible for the Processing of User Data according to the consent collected by the AppConsent Solution.
The Customer undertakes to respect the rights of third parties, in particular personal rights, intellectual or industrial property rights such as copyright, patent rights, designs and models or trademarks.
Article 12 - Obligations of SFBX
The obligation undertaken by SFBX is an obligation of means.
In this context, SFBX undertakes to take all the necessary care and diligence to provide a quality service in accordance with the practices of the profession.
SFBX shall endeavour to provide 24-hour access to the Platform, every day of the year, except in the event of force majeure, as defined by law, in the event of breakdowns, failures due to the Host, or maintenance operations necessary for the proper functioning of the Platform.
In case of absolute necessity, SFBX reserves the right to interrupt access to the Platform in order to carry out technical maintenance or improvement work to ensure the proper functioning of its services, regardless of the time and duration of the work.
Interruptions in service shall not entitle the Customer to any compensation.
Article 13 - Responsibility of SFBX
The Customer acknowledges that he has read and understood all of his obligations and, more generally, all of the conditions relating to the use of AppConsent solutions.
Under no circumstances and to the extent permitted by law, SFBX shall be held responsible, directly or indirectly, for any damage caused to the Client or to a third party as a result of the use of AppConsent solutions, regardless of the cause.
In the same way and within the same limits, SFBX shall not be held responsible, directly or indirectly, for any prejudice caused to the Client or to a third party due to the non-availability or malfunctioning of the AppConsent solutions, whatever the cause and duration.
SFBX does not assume responsibility for compensation of direct or indirect, material or immaterial damages caused by the use of AppConsent solutions.
This clause is considered essential and determining by SFBX which would not have contracted without it.
Article 14 - Right of withdrawal
In accordance with article L.221-18 of the French Consumer Code, any consumer Customer, within the meaning of the Consumer Code, has a period of 14 days to exercise his right of withdrawal, without having to give any reason or pay any fees or penalties.
The withdrawal period expires 14 days after the subscription to the AppConsent services and corresponds to the trial period.
To exercise this right of withdrawal, the Client must notify SFBX of his decision to withdraw by means of an unambiguous statement, either on the platform, or by e-mail: dataprotection@SFBX.io, or by post to the following address SFBX SAS - 15 Place Canteloup 33800 Bordeaux FRANCE.
In order for the withdrawal period to be respected, it is sufficient for the member to send SFBX his or her communication concerning the exercise of the right of withdrawal before the expiration of the withdrawal period.
Article 15 - General
The nullity of one of the clauses of the Contract in application of a law, a regulation or following a decision of a competent court which has become final shall not entail the nullity of the other clauses of these General Conditions which shall retain their full effect and scope between the parties.
The fact that SFBX does not take advantage at a given time of any of the clauses of these General Terms and Conditions and/or of a breach by the Client of any of its contractual obligations may not be interpreted as a waiver by SFBX of its right to take advantage at a later date of any of the said clauses or contractual obligations.
Article 16 - Applicable law and jurisdiction
This Agreement is governed in its entirety by French law.
In the event of a dispute arising from the interpretation or performance of this Contract, the undersigned shall endeavour to settle it amicably before taking any legal action.
The Customer who is a consumer is informed that he may in any case have recourse to conventional mediation, in particular with the National Consumer Mediator (www.mediation-conso.fr), or to any other alternative dispute resolution method.
In case of persistent disagreement on the interpretation or execution of this Agreement, exclusive jurisdiction is attributed to the Courts of Bordeaux.