Terms and Conditions as of July 1st 2020
By using the services in any manner, you agree to abide these Terms and Conditions, without limitations. Failing an amicable agreement between the two parties, judgments may be entered on the arbitrator's award in French court.
In accordance with the French Data Protection Act (loi Informatique et Libertés, n° 78-17 of 6 January 1978), it is reminded that personal data requested to the User has been notified to the French data protection authority (CNIL), see déclaration n°1851783.
ARTICLE 1 – DEFINITIONS
– These Terms and Conditions (“Terms and Conditions”) refers to these conditions
– “APITALENT” refers to the different legal entities of “STORYFOX”, an online digital services brand, and is linked to every company using this solution. APITALENT is a simplified joint-stock company with a 50 000 Euros capital, located in BOULOGNE BILLANCOURT, registered at the Trade and Companies Register (RCS) in NANTERRE, under no : 810 472 431.
– “STORYFOX” refers to the various Services offered by the company APITALENT, whose purpose is to create via smartphones professional interviews featuring collaborators, customers or partners of the user company. STORYFOX is protected and registered at the National Industrial Property Institute (INPI) under no : 4632479 (denominated bellow “STORYFOX”)
– “User Company (ies)” or “Customer” refers to the (or the various) company (ies) or user institutions using the brand “STORYFOX”, having therefore an executory contract with the company APITALENT for the use of “STORYFOX” services.
– “Services” refers to the different Services, paid or free, available to STORYFOX Users.
– “Website” refers to www.storyfox.io, website owned by the company APITALENT
– “App” refers to the mobile application allowing the user to access some services provided by the brand.STORYFOX
– “User” refers to a natural person borrowing the digital services marketed by the brand STORYFOX. The User has access to it via personal and confidential password and username, allowing the User to borrow the several services. A User is necessarily represented and whose account had been created by a User Company, unless the creation had been made by APITALENT at the behest of the User company.
– “Admin” or “Super Admin” refers to a certain type of User, who has additional rights to STORYFOX solutions and who is necessarily a collaborator of the User Company.
– “Back office” refers to the online platform allowing Admin and Super Admin from the User Company to manage the various services of STORYFOX provided to the User Company.
ARTICLE 2 – SUBJECT
The subject of the contract, completed by The Terms and Conditions, is to define the conditions in which the company APITALENT allows Customers to borrow STORYFOX solutions (mobile app and back office website). The Customer undertakes to respect and to uphold the contract and the Terms and Conditions to its Users for the entire term of the contract.
ARTICLE 3 – FINANCIAL CONDITIONS
Rates indicated on the App or on the Website are in euros (€) excl. taxes. VAT rate will be applied according to the French legal rate in effect. In case of a modification in the French VAT rate, the adaptation of prices including VAT will be immediate, without any prior notice to the User
APITALENT reserves the right to change pricing conditions at any time. However, modifications will not apply to executory contracts/subscriptions.
In case of late payment and in accordance with the Commercial Code (article L 441-6), will be required an indemnity calculated on the basis of three times the legal interest rate in effect and a fixed allowance for collection costs of 40 euros per unpaid invoice.
ARTICLE 4 – ACCESS CONDITIONS AND SERVICES INTERRUPTION
3.1. For the User Company(ies)
The contract becomes effective when general conditions and specific conditions are accepted by the client, or according to the date indicated in the specific conditions, if applicable.
The contract is concluded for a 12 months period, unless it is explicitly stipulated in the contract. The contract will then be tacitly postponed for successive periods of twelve months, unless terminated by one of the parties by giving a 3 months prior notice before the executory contract’s expiry date, by registered letter with recorded delivery.
Each contracting party may rescind the contract in the event of a breach of any of its obligations as specified in the contract by the other party, if this breach has not been remedy by the defaulting party within a deadline of thirty days with effect from the date of the written notification of the breach by registered letter with recorded delivery. This termination may be carried out without prejudice to any claim for damages.
3.2. For the User(s)
A natural person’s access to STORYFOX services as a user is free (the User Company pays for the access to services). It is carried out when the conditions below are met:
- Prior invitation to register via a User Company having an executory valid contract (or directly by APITALENT in the case of an Admin);
- Registration form filled out;
- Terms and Conditions agreed;
- Account approved by the company APITALENT.
When the registration is carried out, the User should be given in a personal capacity, a User Account.
Access to services by Users automatically ends in three cases :
- The end of the contract with the User Company that had invited the user;
- User Company’s decision (via its Admin or Super Admin) to terminate the use of the App by the User
- STORYFOX’s decision to terminate the user’s right due to a non-compliance with its obligations as defined hereunder.
ARTICLE 5 – APITALENT OBLIGATIONS
APITALENT is binding itself to the following conditions :
–Ensure, via distance and electronically, supply of services intended to film and edit professional videos.
– Ensure the User Company Admin that it is possible to access, modify or delete the videos stored in the STORYFOX servers.
APITALENT has no legal obligation to identify Users when they log in to the STORYFOX mobile application or to the www.storyfox.io website or to monitor the accuracy of content posted by Users.
APITALENT is released from any responsibility during the video capture. APITALENT and its directors are not responsible for any damages whether physical, equipement… occurred to the user during the use of the brand STORYFOX, and its services, by APITALENT.
APITALENT is not responsible for (and its consequences) the accuracy or inaccuracy of the information and content provided by other Users, website’s visitors and/or User itself. Likewise, APITALENT is not responsible for the content broadcasted by a User capable of contravening another User or third party’s rights.
APITALENT shall not be held responsible for any consequential damages, including loss of data, loss of income, loss of profits, loss of opportunity or loss of customers or for jeopardising the image due to services provided by STORYFOX. In any event, the society APITALENT’s responsibility under the contract will only be limited to the amount of the total sums that APITALENT will effectively received from the client during the contractual year preceding the event that gave rise to its responsibility, and the client will only be able to invoke APITALENT's responsibility for a period of six months from the occurrence of the event that gave rise to its responsibility. STORYFOX shall not be held responsible for any of its obligations in the event of force majeure by the jurisprudence.
ARTICLE 6 – OBLIGATIONS DE L’UTILISATEUR
When using the Services, the Customer undertakes to respect the laws and regulations in effect, and not to violate public order and the provisions of these Terms and Conditions. Generally speaking, the User has to:
– Behave honestly and respectfully towards others, APITALENT and the law. Be accurate and honest in your statements, behave fairly towards APITALENT and other users; communicate truthful and accurate information when using the STORYFOX services; to respect the moral and decorum rules and in particular not to diffuse pornographic or exhibitionist contents; remain polite and correct to other Users; not to make any statements or disseminate in any form whatsoever content that violates the rights of others or that is defamatory, offensive, or encourages violence, political, racist, and generally any content that goes against STORYFOX's business, the laws and regulations in effect, and public order; not to jeopardise the Services or the Website;
– Ensure the privacy of its passwords and/or user name as well as their regular use, namely for strict purposes of authentication to the Services. In this connexion, the User must not, and this list is not exhaustive, communicate, in any way whatsoever, its passwords and/or user name to any third party ; The User is responsible for the use of its identification elements (Username and password) by third parties, as well as for the actions or declarations made through its User Account, and guarantees "STORYFOX" against any demand in this regard.
– Provide accurate information when using STORYFOX services.
– Respect intellectual property rights and image rights. As a result, on one hand, the User is obliged to integrate in its videos only elements over which the User has an intellectual property right (images, photos, video, music, logo or any other element) or which are free of rights, and on the other hand, to abide by the legislation on image rights and therefore to have permission to use the image of third parties that the User would have filmed. Regarding the User's own image rights, the User acknowledges that it gives up its image rights for every broadcasting, on every media, for all the finalized videos it would have produced via its Storyfox account and its personal user name.
–Respect intellectual property rights relating to the content provided by STORYFOX and therefore not reproduce, use or represent in any form whatsoever, on any support whatsoever and by any media whatsoever, the logos, graphic elements, texts, photos, video and slogans of STORYFOX services and that are the exclusive intellectual property of APITALENT, unless expressly authorized by APITALENT, otherwise legal action will be taken. The User is prohibited from modifying, copying, reproducing, downloading, broadcasting, transmitting, commercially exploiting and/or distributing in any way whatsoever the Services, the pages of the www.storyfox.io website, or the computer codes from the elements composing the Services and the www.storyfox.io website. The temporary provision of the STORYFOX Platform and Content under the terms of the Agreement shall not be interpreted as the assignment or grant of any intellectual property rights to the User or the User Company. There is no provision that gives them the right to use the copyright, trademarks, domain names, patents, drawings or designs and know-how on the STORYFOX App or Website owned by APITALENT.
Every Admin undertakes to only broadcast the videos made with the express authorization of the persons filmed,especially in accordance with the image rights and on the channels validated by the persons filmed (intranet, social networks, STORYFOX platform...)
A breach of any of its obligations defined above represents a serious breach of the User's obligations. Under these conditions, APITALENT will definitively delete the User's account and may terminate the contract with the User Company.
ARTICLE 7 – USER COMPANY OBLIGATIONS
The user company undertakes the following obligations:
- Ensure APITALENT a " regular " use of the Storyfox solution by its Users, and to uphold the User's and Admin's obligations as listed in these Terms and Conditions;
- Have the necessary rights on the content, pictures, videos, texts, photos added to the videos made by its Users and broadcasted within the company, on the social networks, on its website or on any other media.
- Authorize APITALENT to use all or part of its videos for promotional communications and advertising purposes, on any support and for a period of 3 years following the end of the contract with no additional compensation. In the event of any refusal by the User Company, the latter must notify APITALENT, in writing, within five working days from the date of reception of the request by APITALENT. The fact that the User Company has the broadcasting rights, as specified above, means that the User Company guarantees APITALENT against any recourse from third parties due to the use of the videos. In any event, the customer agrees to be quoted in any APITALENT marketing or sales documents and to have its logo displayed for these purposes.
- Not to transfer to a third party the benefits of the contract, which is concluded on a personal basis.
ARTICLE 8 – Intellectual property
The User Company owns the rights to all the videos created by the Users affiliated with it from the moment the Users have assigned their image rights to it. In order to allow APITALENT to provide its services, the User Company grants APITALENT the non-transferable and non-exclusive right to reproduce, modify, adapt whole or part of the videos for the exclusive needs of the User Company.
ARTICLE 9 – Updating of the Terms and Conditions
APITALENT reserves the right to modify and update these Terms and Conditions at any time. The User will be informed of these changes as soon as they are published on STORYFOX website.
- What? - Which personal data is collected?
- Why? - What are the purposes of collecting your data?
- On which basis? - What are the legal bases for collecting your data?
- Who? - Who will receive your personal data?
- For how long? - How long will your personal data be kept?
- What are your rights? And how can you use them?
- STORYFOX's responsibility
Which personal data is collected?
1/ Data that you transmit directly to us: for example, the data transmitted when you create your account. These data are for example:
- Last name, first name, civil status;
- Email address, phone number;
- Professional data (company, job...);
- Encrypted login and password used to identify yourself on our websites or applications;
- Any other information you would like us to know.
2/ Data that we collect indirectly: these are data that are collected during our business relationship such as:
- Requests you may have made to our customer services department;
- Incidents that you have reported to us...
3/ Data we collect automatically: It is the information collected without the intervention of a human being, when you connect to our platform and our application. It is done mainly through cookies. Cookies are small text files stored in your hard drive. They are managed by your Internet browser. Cookies allow you to navigate more efficiently on a website by remembering your previous choices or by offering you relevant advertising content.
The data that STORYFOX collects are the following:
- Type of phone used (when using the mobile app)
- Type and version of the browser software used (Internet Explorer, Mozilla Firefox, Google Chrome...),
- Dates and times of connexion to our services,
- Browsing data on our services.
What about your videos?
As mentioned above, the French General Data Protection Regulation (Règlement général sur la protection des données, n°2016/679) strengthens your rights regarding your personal data. Personal data is "any information relating to an identified or recognizable person". Thus, when you post a video on our platform, some of your personal data identifying you ( last name, first name, workplace...) are communicated to people belonging to the community (ies) which you belong to.
None of the videos are put online without your consent. However, if you wish to have your video removed from our platform, a withdrawal consent request must be sent to us at the following address: firstname.lastname@example.org. As soon as we receive your claim, STORYFOX will remove your content within 72 hours.
Please note that claims must come from the people directly concerned. Thus, claims made by a third party will not be accepted (for example: claims sent on behalf of relatives, colleagues, a company...).
What are the purposes of collecting your data?
STORYFOX undertakes to minimize the collection of data. Thus, only the data necessary to provide you with the services offered are collected, excluding any unnecessary personal data.
Thus, STORYFOX processes your personal data in order to:
1/ PROVIDE OUR SERVICES :
– Create an account and a personal space (where information can be modified by yourself at any time),
– Provide you with an administration space to manage your community
– Allow you to store your videos in a secure storage space
2/ MAINTAIN AND IMPROVE OUR SERVICES: :
– Improve our platform and application to provide you with the best experience
– Improve our data processing systems.
3/ DEVELOPING NEW SERVICES:
Contact you for business or other purposes.
4/ MEASURE OUR PERFORMANCE:
Analyze the audience for both our platform and application.
5/ DETECT ANOMALIES :
Analyze problems encountered on the platform and on the application
6/ COMMUNICATE WITH YOU :
– Send you emails in order to alert you of any activity on your account,
– Contacting you as part of our matchmaking activity.
What are the legal bases for collecting your data ?
The legal basis for the collection of your data by STORYFOX is found in:
- Consent of its users. It is reminded that any user can withdraw his consent to the use of his data after notifying STORYFOX, although this will make it difficult for us to work together;
- The presence of an automatic decision making or profiling: the information collected is useful for the understanding of the algorithm used by STORYFOX;
- Legislation and regulations, allowing the data collection due to a contract being carried out or in order to conclude it;
- STORYFOX's legitimate interests, not unfairly affecting your fundamental rights and freedoms.
For how long?
Your data is kept for a 3 years period. After that, the data is archived by our services in an encrypted form and is therefore completely anonymized.
STORYFOX keeps track of the information held. Therefore, when it becomes clear that the retention of your personal data is no longer justified by legal, commercial or account management requirements, or when you have exercised your right to change or delete it, your personal data will no longer be used by our services.
Who will receive your personal data ?
Access to all or part of your data may be given to STORYFOX's technical collaborators, marketing and sales teams. However, only the technical manager and the marketing manager are able to process your data.
Access to your data by our subcontractors is established on the basis of signed contracts that stipulate their obligations regarding the protection of data privacy and safety.
The company behind the data processing of this website is STORYFOX, a simplified joint-stock company with a 50 000 Euros capital, whose registered address is located in 16 rue de Solférino - 92100 BOULOGNE BILLANCOURT, registered at the Trade and Companies Register (RCS) in NANTERRE, under no : 810 472 431, and represented by its CEO Julie MACHILLOT.
What are your rights ?
In accordance with the French Data Protection Act (loi Informatique et Libertés of January 6 1978) enhanced by the French General Data Protection Regulation (Règlement général sur la protection des données, n°2016/679, of May 25 2018), you have the right of access, the right to request the rectification, the right to object but also the right of portability and limitate the processing of your data by STORYFOX.
Please remember that you have the right to modify your data by logging in to your profile at any time.
How can you use them ?
If you have any concerns, requests or questions about your personal data, you can send us an e-mail at the following address: email@example.com.
Your Data Privacy at STORYFOX
STORYFOX takes all necessary measures, both technical and logistical, in order to protect your personal data from loss, manipulation and unauthorized access. Computer security systems are regularly updated.
If we detect a breach of personal data or any security breach involving the destruction, loss, alteration or unauthorized public disclosure of personal data, STORYFOX will immediately inform the users.
STORYFOX reminds its users that they are the ones in charge of the protection of their login and password to their personal space and that STORYFOX cannot be held responsible for any damages of any kind, directly or indirectly resulting from any fraudulent use of this site.
So please be careful and contact STORYFOX or the French data protection authority (“CNIL”) if you notice any unusual use of your personal data.
APPENDIX 2 – INFORMATION SYSTEMS SAFETY POLICY
APITALENT will have to process on behalf of its clients data of personal nature, relating directly or indirectly to a natural person.
Encryption. SSL/TLS protocol is used to encode the data transmitted via HTTPS, ensuring that it cannot be intercepted by fraudulent persons. Passwords are also encrypted.
Processing of the Customer's personal data. Personal data, including media (photo and video), are stored in our production environment only. It is not duplicated for test environments.
Right to be forgotten. Under the French General Data Protection Regulation (Règlement général sur la protection des données), a user's account may be anonymized and then archived.
Portability. An export of personal data in a usable format can be provided if requested.
Register. The following technical and organizational, material and logical measures are centralized in a document.
2.1 Physical safety measures
Access control. APITALENT teams are trained in OS access security, especially with automatic session locking. This provides an answer to the problem of a physical intrusion by borrowing the account of an Admin.
Regarding the direct access to the production data via the server is only possible by the technical team of the Provider having a private key.
Operating procedure. All the material necessary for the operation can be provided if requested.
Backups. The backups are transferred to a storage space dedicated to the backup and accessible apart from the production.
2.2 Logical safety measures
Identification and authentication. Access to the solution is made either via a Web browser or via the Mobile App; identification is performed through an encryption key.
Hosting. Client Data is hosted on a secure cloud accessible only by the APITALENT technical team.
Backups. The database is saved every 24 hours. Archives are stored in a specific space.
Malware. The solution uses a framework that prevents SQL injection, XSS and CSRF attacks. The login credentials are encrypted in the URLs. XHR requests also use a token to fight against CSRF attacks, and apart from the requests used in the registration process, they require the user's authentication key.
Lastly, each document is controlled by an ACL policy that can be configured according to the User role; this prevents any possible software intrusions.
Network systems. Network exchanges are secured with the TLS 1.2 encryption method. The SSL 3 protocol is turned off.
Tracking. Access and event logs are recorded and kept for a period of 1 year. They can be communicated at the Customer's request. The system access logs are available in file format with a daily turnover that concerns the entire platform, whereas the applicative logs are stored in a database and can be filtered in the space dedicated to the Customer.
Return/reversibility of data
In the event of a return procedure, the customer's data will be transferred in a workable format. The data will be deleted from the database once the report has been signed.
Safety incident management
The server is protected from DDOS attacks by the hosting company.
Unusual activities can be detected with real time alerts, using a monitoring system on which alert thresholds are defined.
Complete daily backup of the database guarantees data rescue beyond 24 hours.
In the event of a software or server incident, alerts are set up so that the Service Provider can be notified in real time. The service will then be restored as soon as possible.
APITALENT commits to the establishment of internal procedures to ensure that the procedures carried out are in compliance with the French Security Insurance Plan (Plan d’Assurance Sécurité, “PAS”) expectations.
A safety audit is allowed if requested. The latter can cover the network components, the platform and the services. However, the source code will not be communicated.
If a failure is detected, APITALENT commits to take corrective action within a timeframe that is proportional to the criticality threshold.