SFBX

General terms and conditions of use for the AppConsent® solution, available in 3 offers: AppConsent® Enterprise, AppConsent® Standard, AppConsent® Essential and AppConsent® Free.

AppConsent®, the Consent Management Platform (CMP) built and distributed by SFBX, is a comprehensive, high-performance trusted third-party solution. It enables digital players to optimize their consent rates and ensure a qualitative, personalized user experience.

With AppConsent®, customers can collect, prove, centralize and distribute user consents across all their digital channels.

These terms and conditions of use (the "Terms and Conditions") describe the conditions under which SFBX, a SAS under French law with a capital of €88,240, registered with the Bordeaux Trade and Companies Registry under number 831 303 896, whose registered office is at 14 Place Canteloup 33800 Bordeaux, represented by Mr. Alain Levy, duly authorized for the purposes hereof in his capacity as Chairman, may provide the Client with the services resulting from its CMP.

The subscription and access to the offers of the AppConsent® solution published by SFBX by the Customer implies the Customer's express and unreserved acceptance of these Terms and Conditions and agrees to be bound by them. 

SFBX may modify these Terms and Conditions at any time.

SFBX shall inform Clients of such changes by e-mail or any other form of communication accepted by the Clients, taking care to respect a notice period.

Article 1 - Definitions

The following terms have the following meanings in these General Conditions unless otherwise specified.

CGU: the present General Conditions of Use.

Digital channels: refers to the Customer's applications and databases, under its responsibility, to which Consents are communicated within the framework of the SaaS Service.

Customer: refers to an individual or legal entity, a consumer as defined by the French Consumer Code, who has subscribed to and uses one of the AppConsent® solution offers thanks to an Identifier.

Account : consolidated set of customer data including raw data and files uploaded by the customer as part of the consent process for users of its websites or mobile applications.

Consent : means any free, specific, informed and unambiguous expression of will by which the User accepts, by a declaration or by a clear positive act, that personal data concerning him/her may be processed as defined by the Personal Data Regulations, which must be obtained prior to the installation by the Customer of cookies or tracers on the Visitor's Terminal.

AppConsent contract®refers to the legal document to be signed by the Customer after the 14-day trial period, in order to formalize legally the subscription and use of the AppConsent®. This document will govern the relationship between the Customer and the Service Provider.

Data: refers to any information or document that the Customer registers on his/her Account, and in the context of the application of contracts, any user data collected as part of the consent process.

Commitment : refers to the set of commitments constituted by the opening of an AppConsent® account by the Customer and his acceptance of these General Terms and Conditions.

Host: external service provider from whom SFBX subcontracts the hosting of the AppConsent® Solution and Customer Data.

Identifier: combination of user name and password required by the Customer to connect to his Account and access the AppConsent® Platform back office.

Consent Notice: The notice owned by the Service Provider containing the legal information required to obtain Consent and provided by the Service Provider to the Customer as a deliverable upon completion of the SaaS Service installation and implementation Services.

New Versions: refers to all functional and/or technical evolutions of the Platform developed at the initiative of the Service Provider as part of the SaaS Service, to enhance the Platform and meet needs that can be shared between SaaS Service customers and new obligations under the Personal Data Regulations.

Partner: organization with which the Customer agrees to share Data for the purpose of using and paying for the Provider's Saas Service.

AppConsent platform®Saas service to which the customer must connect from a cell phone, tablet or personal computer in order to use AppConsent® consent management solutions. Refers to the set of computer programs based on a permissioned blockchain or any other equivalent technology, of which the Service Provider owns the intellectual property or has licensed the necessary intellectual property rights, responding in a standard way to the needs of Saas Service customers, including New Versions developed and deployed automatically by the Service Provider.

Service provider: Saas service provider, i.e. SFBX.

Proof: refers to the extraction from the Platform of information relating to a User's Consent.

Regulation Personal Data: means the law of January 6, 1978 known as "Informatique & Libertés", as amended by law no. 2018-493 of June 20, 2018, and any associated or substitute implementing texts, and European Regulation no. 2016/679 of April 27, 2016 applicable as of May 25, 2018 (hereinafter EU Regulation 2016/679).

SaaS Service : refers to the collection, management and automatic tracking of Consent on the Platform for the Site(s).

Site : refers to the Customer's website(s), mobile site(s), application(s) or software (such as Chatbot).

AppConsent solution® AppConsent ® Solution: refers to the intermediation and consent management services offered by SFBX, which enables the Customer to store, administer and share the consents of Users of its services (websites or applications) with partners in compliance with Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of Data. It is available in 4 offers providing specific functionalities according to the Customer's needs: AppConsent® Enterprise, Standard, Essential and Free.

Correspondence table: refers to the reconciliation, enabling a User to be identified, between the identifier assigned by the Service Provider to a Consent and the User's personal data associated with his Terminal and collected on the Site. The blockchain thus contains the identifier assigned to the User, but not the User's personal data (IP address, MAC number, etc.).

Terminal : refers to the computer, smartphone, IOT, or any other device on which it would be technically possible to collect consent, used by the User to access the Site.

Users: refers to any natural person, end customer of the Customer or simple Internet user, accessing the Customer's Site with their Terminal and benefiting from the Services.

Article 2 - Characteristics of the services offered by SFBX

SFBX provides its Clients with a trusted third party solution to collect, prove, centralize and distribute the Consents collected from Users across all their digital channels. AppConsent® is a Consent Management Platform (CMP).

The customer must connect to the Internet (SaaS solution) and then to the Platform to use the AppConsent® solution.

Following the deployment of the JavaScript/TAG script (synchronous or asynchronous) or other technologies (iOS and Android SDK) allowing the execution of webApps ("Notice") on the Client's websites, mobile or apps, the latter is ready to comply with the collection of consents and their management

The Platform respects the GDPR, the guidelines and recommendations of the CNIL and integrates the IAB standards (IAB Framework) in its latest versions but also our own non-IAB Framework.

It therefore allows the User's consent to be collected for a specific purpose, in a clear and unambiguous manner, and to be able to prove it, but also, if the User so wishes, to withdraw his consent at any time.  

The design of all Consent Notices are customizable via the back office. Predefined templates are also available. 

The information is available via REST APIs so that the Customer can query the status of consent before triggering a specific marketing action and if necessary expose the evidence.

These APIs can therefore also be used to propagate the Consents to the Customer's IS, CRM or DMP via the management console (integration required).

The platform also manages the propagation of Consents through sites/groups or the web. Concretely, depending on the settings made during the "setup" phase, a Consent can be collected for a Site A, a group of Sites (A+B+...) and/or any Site. In this way, the Consents of the Users can remain valid only on the perimeter of the Customer. In this case, the withdrawal of Consent will be symmetrical.

The Platform's technology is based on a private blockchain developed by SFBX, the consents as well as all mutations (acceptance/refusal/withdrawal/modifications...) are stored in secure, immutable and auditable ledgers.

The SaaS Customer will be able to deliver proof of Consent collection and User's choices regarding preferences upon request by a regulator or User.

The Platform is designed in its foundations respecting the concepts of Privacy by Default and Privacy by Design. Thus its default behavior will always make the decision that protects the personal data of the Users, as well as the Treatments.

The AppConsent® solution is available in 4 offers:AppConsent® Enterprise,AppConsent® Standard,AppConsent® Essential andAppConsent® Free, the characteristics of which are detailed on the SFBX.io website and included in these GTC.

The AppConsent® solution and offers may be modified as a result of improvements or updates without prior notice to the customer.

Article 3 - Legal capacity

By proceeding to the creation of his Account, the Customer declares that he is of legal age and able to enter into a contract.

In the case of incapacitated persons and minors, the Customer declares that he is legally authorized to represent them, either that he has parental authority or that he has been appointed as legal representative by a court decision. The Customer undertakes to provide proof of this at AppConsent®'s first request. 

For any person working for a legal entity, the latter declares that it is authorized to bind the company it represents.

Article 4 - Registration, Account creation, connection to AppConsent® solutions and Trial period

To access the AppConsent® Platform, the customer must subscribe to one of the 4 offers on the SFBX.io website and provide the following information to activate the SaaS service:

  • Company name,
  • Postal address and country,
  • Siret and RCS numbers,
  • Intracommunity VAT number,
  • Name of the legal representative,
  • Name and surname of the contact person,
  • Bank details :
    • Credit card: Credit card number, name on the card, validity date and CVV code
    • Direct debit and bank transfer: Bank identification statement
  • Volume in MAU/VU
  • Choice of the monthly price of the offer according to the volume
  • Email (Login)
  • Password (creation)

By subscribing to an offer, the Customer accepts the General Terms of Use of the solution and the Privacy Policy.

A verification email is sent to the address provided to activate the Account and access the platform.

The platform is common to all 4 AppConsent® offerings.

The AppConsent® Platform, for technical reasons, automatically collects the unique identification number of the device (IP and/or IMEI) used to create the Account and of other devices subsequently authorized by the Customer to connect to the Account.

Bank and billing details are neither stored nor managed by SFBX, but by its Stripe partner: https://stripe.com/fr, whose privacy policy and T&Cs are as follows: https://stripe.com/fr/privacy .

The Customer is responsible for keeping his login and password.

The Client undertakes to immediately inform SFBX of any loss and/or disclosure of his/her login or password.

Access to AppConsent® solutions can be achieved by means of a digital identity authentication process (such as a PIN code or other) which guarantees the Customer secure access to his Account in addition to the e-mail address and password chosen when the Account was created.

Following registration and subscription to the offer, the Customer has a 14-day trial period during which he has access to all the features of the Solution permitted by the offer to which he has subscribed.

Following this 14-day trial period, the Customer will have to sign the Agreement framing the relationship between the Customer and the Service Provider in order to legally formalize the subscription to the offer.

Article 5 - Use of AppConsent® solutions and Data processing

Access to the AppConsent® platform and conditions of use are the same for customers of all 4AppConsent® offers.

The Customer has the right to access the Platform from its fixed or mobile equipment using the Identifiers provided to the Customer and in its custody. The Identifiers are intended to restrict access to the Platform to the Customer's administrators authorised by the Customer to manage the Customer's account, to protect the integrity and availability of the Platform and the integrity, availability and confidentiality of Users' data.

The Identifiers are personal and confidential. They are managed by the Customer. The Customer undertakes to do everything possible to ensure that its administrators keep the Identifiers confidential and respect the security instructions.

The Customer is fully responsible for the materials and the Credentials and for the implementation of adequate security measures.

SFBX grants the Client, for the duration of the Contract, a personal, non-exclusive, non-assignable and non-transferable right to use the Platform, for the purposes of the activity of its website(s) or mobile applications.

For the performance of the Services, the Parties implement a processing of Users' personal data for which the Customer is qualified as the data controller and the Service Provider as the data processor in accordance with article 28 of GDPR (hereinafter the "Users' Processing").

The purpose of User Processing is to manage the Visitor's consent to the installation of cookies or tracers on his Terminal.

The data processed for this purpose are :

  • identification data, i.e. the attribution of a unique identifier to each Visitor in order to keep the characteristics relating to his consent;
  • IP address ;
  • MAC address
  • IMEI number
  • IDFA number
  • connection data.

The nature of the operations carried out on Users' personal data is defined below:

  • Hosting
  • Consent operations
  • Consent Management Operations
  • Operations related to the withdrawal of consent
  • Data archiving
  • Destruction of documents
  • Realization of statistics

The Platform automatically collects, manages, tracks and stores Consents on behalf of the Customer, which are time-stamped and unchangeable. At the time of collection, each Consent is collected in accordance with the Consent Notice and linked to a User by the implementation of the correspondence table.

Article 6 - Financial conditions

This service is subject to a charge in accordance with the terms and conditions of the offer described on the SFBX.io website and included in these GTC.

Payments are made by monthly direct debit to the customer's credit card or by direct debit to the customer's bank account by the Stripe partner.

The customer's banking and billing information is administered and stored by Stripe's partner https://stripe.com/fr, whose privacy policy and terms and conditions are available at https://stripe.com/fr/privacy, and not by SFBX.

SFBX shall not be liable for any breach or improper handling of the Client Data by the Stripe Partner.

The Client is obliged to inform SFBX in the event of non-compliance or breach by the Stripe Partner of its obligations to manage its Data.

Article 7 - Data Security

The hosting of the AppConsent® Platform and Data complies with the highest standards of protection and security.

The Data that the Customer registers in his AppConsent® Account is encrypted.

SFBX and its Host cannot decrypt the Data.

The Customer may at any time upload, download or delete the Data in his account, under his sole responsibility.

SFBX guarantees that in the Client Account Data only the email, and the encrypted password are stored and that they :

- are kept in accordance with the authorizations granted by the Client;

- are hosted, saved and secured according to the best technical standards in force in order to prevent any attempt of diversion or accidental loss;

- are available, accessible and portable at any time at the first request of the Customer;

- are strictly confidential and are not communicated to third parties except with the prior authorization of the Client, in cases provided for by law or in the event of a judicial requisition.

The AppConsent® platform undertakes not to make any copies of the Data, other than for technical reasons.

Only an SFBX administrator is authorized to work on the Encrypted Data for well-defined technical needs: maintenance and update of the AppConsent Platform.

The customer's banking and billing information is not administered or hosted by SFBX but by its Stripe partner: https://stripe.com/fr, whose privacy policy and T&Cs are as follows: https://stripe.com/fr/privacy.

SFBX shall not be held responsible for any breach of security of the Client Data by the Stripe Partner.

The Client is obliged to inform SFBX in the event of non-compliance or breach by the Stripe Partner of its obligations to protect its Data.

Article 8 - Duration of the appointment

The SaaS Service takes effect from the time the Customer subscribes to the Offer for an indefinite period.

The Customer may terminate the commitment at any time by cancelling the offer subscribed to on the Platform and under the conditions set out in the contract. The termination will be effective at the end of the current billing period.

SFBX may, as of right, terminate the commitment at any time in the event of non-compliance by the Client with the obligations set forth in these general terms and conditions, in accordance with the contractual terms and conditions.

Article 9 - Effects of the end of the appointment

The end of the commitment leads to the closing of the Account and the archiving of the Data.

SFBX guarantees the Portability of Data to the Client (return or transfer) or their deletion in the cases provided for by law, as soon as possible.

The restitution will be made by providing a link to download the Data, in json format. This link will be available for 10 days after the effective termination date.

Beyond that, the Customer's data will be deleted without further notice.

Article 10 - Suspension of access to the Account

SFBX reserves the right to suspend access to the Account in the event of non-compliance with any of the clauses contained in these GTC or in the signed contract.

Access will be restored once the Customer has remedied the deficiencies that caused the suspension.

Article 11 - Client's obligations

The Customer is solely and entirely responsible for the Processing of User Data in accordance with the consent obtained through the AppConsent® Solution.

The Customer is aware that the Data may be regulated in terms of use or be protected by property rights. The Customer is therefore solely responsible for the use of the Data.

The Customer undertakes to respect the rights of third parties, in particular personal rights, intellectual or industrial property rights such as copyright, patent rights, designs and models or trademarks.

Article 12 - Obligations of SFBX

The obligation undertaken by SFBX is an obligation of means.

In this context, SFBX undertakes to take all the necessary care and diligence to provide a quality service in accordance with the practices of the profession.

SFBX shall endeavour to provide 24-hour access to the Platform, every day of the year, except in the event of force majeure, as defined by law, in the event of breakdowns, failures due to the Host, or maintenance operations necessary for the proper functioning of the Platform.

In case of absolute necessity, SFBX reserves the right to interrupt access to the Platform in order to carry out technical maintenance or improvement work to ensure the proper functioning of its services, regardless of the time and duration of the work.

Interruptions in service shall not entitle the Customer to any compensation.

Article 13 - Responsibility of SFBX

The Customer acknowledges that he is aware of all his obligations and, more generally, of all the conditions relating to the use of AppConsent® solutions.

Under no circumstances and to the extent permitted by law, SFBX may be held responsible, directly or indirectly, for any prejudice caused to the Customer or a third party as a result of the use of AppConsent® solutions, regardless of the cause.

In the same way and within the same limits, SFBX may not be held directly or indirectly liable for any prejudice caused to the Customer or a third party as a result of the non-availability or malfunction of AppConsent® solutions, whatever the cause or duration.

SFBX does not assume responsibility for compensation of direct or indirect, material or immaterial damages caused by the use of AppConsent® solutions.

This clause is considered essential and determining by SFBX which would not have contracted without it.

Article 14 - Right of withdrawal

In accordance with article L.221-18 of the French Consumer Code, any consumer Customer, within the meaning of the Consumer Code, has a period of 14 days to exercise his right of withdrawal, without having to give any reason or pay any fees or penalties.

The withdrawal period expires 14 days after subscription to AppConsent® services and corresponds to the trial period.

To exercise this right of withdrawal, the Client must notify SFBX of his decision to withdraw by means of an unambiguous statement, either on the platform, or by e-mail: dataprotection@SFBX.io, or by post to the following address SFBX SAS - 15 Place Canteloup 33800 Bordeaux FRANCE.

In order for the withdrawal period to be respected, it is sufficient for the member to send SFBX his or her communication concerning the exercise of the right of withdrawal before the expiration of the withdrawal period.

Article 15 - General

The nullity of one of the clauses of the Contract in application of a law, a regulation or following a decision of a competent court which has become final shall not entail the nullity of the other clauses of these General Conditions which shall retain their full effect and scope between the parties.

The fact that SFBX does not take advantage at a given time of any of the clauses of these General Terms and Conditions and/or of a breach by the Client of any of its contractual obligations may not be interpreted as a waiver by SFBX of its right to take advantage at a later date of any of the said clauses or contractual obligations.

Article 16 - Applicable law and jurisdiction

This Agreement is governed in its entirety by French law.

In the event of a dispute arising from the interpretation or performance of this Contract, the undersigned shall endeavour to settle it amicably before taking any legal action.

The Customer who is a consumer is informed that he may in any case have recourse to conventional mediation, in particular with the National Consumer Mediator (www.mediation-conso.fr), or to any other alternative dispute resolution method.

In case of persistent disagreement on the interpretation or execution of this Agreement, exclusive jurisdiction is attributed to the Courts of Bordeaux.

What is Ad4good?

Ad4good is the first solidarity advertising network. If you accept personalised advertising on our site, you will be helping to finance some forty associations in need.

See the full list of associations on the Ad4good website

The Ad4good network is implementing 3 actions to ensure its mission:

  • Partnership between publishers and Ad4Good: part of the publisher's inventory is reserved for the distribution of solidarity ads. These ads are monetised by Ad4good, which then donates 50% of its margin to associations.
  • Partnership between advertisers and associations: each advertisement broadcast by the advertiser during an " Ad4Good" labelled campaign campaign generates a donation for the partner association of the campaign.
  • Partnership between publishers and associations: Ad4good offers publishers the opportunity to provide visibility to partner associations by reserving unused advertising space.

To allow the associations to continue their actions, you can accept in general or set the detail by allowing Store and/or access information on a terminal and Personalised advertising.

Ad4good, partner of the CMP AppConsent® for responsible and ethical advertising

We are partners with the Ad4good network, the first solidarity-based advertising network that brings together some forty associations.

See the full list of associations on the Ad4good website

The Ad4good network is implementing 3 actions to ensure its mission:

  • Partnership between publishers and Ad4Good: part of the publisher's inventory is reserved for the distribution of solidarity ads. These ads are monetised by Ad4good, which then donates 50% of its margin to associations.
  • Partnership between advertisers and associations: each advertisement broadcast by the advertiser during a campaign labelled "Ad4Good generates a donation for the partner association of the campaign.
  • Partnership between publishers and associations: Ad4good offers publishers the opportunity to provide visibility to partner associations by reserving unused advertising space.

What does this mean for your audience?

By opting in to the AppConsent® Xchange Solidaire offer, your participation will be mentioned on the first screen of your consent form.
If a user refuses collection for advertising purposes, a reminder screen will be displayed so that they can change their choices if they wish to be an actor of change towards more ethical advertising.

What are the eligibility criteria?

As a pre-requisite, your website must carry advertising. Once you have registered with AppConsent® Xchange Solidaire, you must have a significant amount of responsible advertising on your website (at least 20%).

The AppConsent® Xchange Solidaire offer allows you to take part in a more responsible advertising ecosystem focused on solidarity and environmental preservation.