General terms and conditions of use

These Cryptopass General Terms and Conditions of Use (thereafter « T&Cs ») is signed between Ercom SAS (“Ercom”) and yourself (also identified thereafter as the “End User”). It governs your use of the Cryptopass solution, (including any Cryptopass application edited by Ercom and installed by yourself on a terminal) to secure communications (audio call, video, instant messaging, file transfers) between End Users (thereafter, all together, the “Solution”).

Please read carefully the following before accessing the Solution or using it. The provisions of this T&Cs constitute a binding legal agreement between Ercom and yourself. You can only use the Solution because you have been designated as an End User by an entity that has signed an agreement with Ercom or a distributor authorized by Ercom (thereafter the “Client”). Your acceptance of the T&Cs before any use of the Solution is required under the contract concluded by the Client, and you certify that you are authorized to legally bind the client to the present provisions as far as you are concerned.

By installing an application which gives access to the Solution from a terminal, by accessing the Solution (by using a mobile application) and/or by using the Solution in any way, you acknowledge having read and understood the present T&Cs and accept to be bound by its terms. Otherwise, you must uninstall any Cryptopass application and refrain from using the Solution.

The T&Cs are without effect on the contract terms binding directly Ercom or an authorized distributor of the Solution to the Client. Where in one of these contracts reference is made to the End User License Agreement (EULA), this reference now refers to these T&Cs.

1.          User rights
Subject to other T&Cs provisions, during the term of the contract concluded by the Customer and Ercom or an authorized distributor, Ercom grants to the End Users of a Client a limited, non-exclusive, non-transferable license which cannot be granted as a sub-license, to use the Solution in object code only, and exclusively on behalf of the Client, in conformity with the applicable documentation provided by Ercom on the use of the Solution (thereafter the “Documentation”). The Client must use the Solution and the Documentation only for legal, authorized and acceptable purposes and for internal purposes only. Any use of the Solution in a way not expressly authorized herein is strictly forbidden.

In this T&Cs, the term Solution designates all the software elements in object code, graphic materials, and brands, composing the Solution and the corrections and updates thereof when provided by Ercom.

2.          Restrictions
The End User shall not : (i) use the Solution, in whole or part, in any other way than those expressly authorized in these T&Cs ; (ii) use whole or part of the Solution on equipment, products or systems not mentioned in the Documentation or through software (including Web browsers) not authorized or not recommended; (iii) modify (including by porting, adaptation, translation, and creation of derived work) all or part of the Cryptopass applications proposed by Ercom at the time of the installation to access the Solution from a terminal; (iv) use all or part of the Solution in a way contrary to applicable laws, and as such, not to use the Solution for illegal purposes or in an illegal manner; (v) enable the use or the access to the Solution to individuals who cannot be considered as End Users, or to enable a person who cannot be considered anymore as an End User to continue using the Solution; (vi) publish or make available to third parties in any other way the results of the performance, functional or security evaluations of all or part of the Solution without the prior written authorization of Ercom; and (vii) modify, dissimulate or remove the legal provisions contained in all or part of the Solution and (viii) use the Solution in connection with ultra-hazardous activities, or any activity for which failure or breakdown might result in serious damages to goods, death or grievous bodily injury.

3.          Title and ownership
3.1       All the elements which constitute the Solution when installing or accessing it, and which are later provided for an update remain Ercom’s property (or the property of one of its distributors or licensors). This concerns in particular the software codes regardless of their form, and the elements associated (libraries, routines, firmware, APIs, licenses) or otherwise incorporated within the Solution (including any graph, user interface, logo, text…).

3.2       Those elements, which cannot be used independently of the whole Solution, are generally protected by intellectual property and/or secret or commercial property international laws and conventions. Consequently, any use of the Solution or of one of its elements beyond the licensed rights and capacities in contradiction with your contractual commitment could be considered by Ercom not only as a breach of contract, but also as counterfeiting likely to generate civil and/or criminal litigations.

3.3       These T&Cs grants you a license to use the Solution, but does not constitute an assignment, transfer or sale of the Solution.

3.4       It is possible that the software incorporated in the Solution contain some code generally distributed under a license said “Open source” or “Free”. Ercom respects the particular obligations of this type of license, and inserts in the code of its software and in its technical documentation the paternity references required by such licenses. If required, you can, through the intermediary of the Client, ask us how you can be given the source code by addressing us a request.

3.5       Ercom reserves the right to ensure the corrective operations, updates, maintenance, and evolution of the Solution (or to have designated third parties ensuring the corrective operations, updates, maintenance and evolution of the Solution). Thus you do not have the right to carry out or to have a third party carrying out corrective operations, debugging, updates, etc. You must not decompile and disassemble the software, carry reverse engineering or try to discover or reconstitute the source code, the algorithms, the format of files or the programming interface, in any way, in conformity with article L.122-6-1-IV of the French Intellectual Property Code. If, in compliance with the law, you need technical information to allow for the interoperability of the monitoring software with other computer programs designed independently, you must first ask us in writing the elements that you want to have at your disposal.

3.6       In the hypothesis that you would suggest to Ercom improvements concerning the characteristics, functionalities or operation of the Solution, and that we would respond favorably, the developments and evolutions will be Ercom’s sole property.

4.          Client’s data
4.1       All data, of any nature, that the End User shares through the Solution are, except if not immediately transmitted, only stored on the End User’s terminal. If a message isn’t immediately transmitted, we store it on our servers for a maximum period of seven (7) days to ensure its transmission. After that period, the message is deleted automatically from our servers.

Audio call and video are not stored on our servers.

4.2       All data, of any nature, that you share through the Solution are considered as belonging to the Client. Ercom could not in any way be blamed by an End User concerning an issue of ownership of a shared data via the Solution, especially after the deletion or the inaccessibility of the data by the End User (notably following the terminal loss, theft or destruction in which data are saved).

4.3       You undertake to respect the whole legislation applicable to the data that you communicate securely through the Solution and you forbid to communicate data whose collection, treatment, exploitation, and duration or stocking conditions are illegal, unfair or harm in any way third parties’ rights or the interests of the nation.

4.4       Ercom can, by virtue of its existing legal and regulatory obligations, be ordered by injunction to communicate Client’s usage data (information on communications made by the End User via the solution) as defined in 7.1 and / or Client’s data stocked on our servers to ensure the transmission, as defined in 4.1. As Ercom cannot technically deliver these data, nor provide the technical means allowing the authorities or their agents to proceed to the decryption of these data, the Client, and yourself after being asked by the Client, agree to help Ercom following any valid request of the competent authorities, and, if necessary to give them the data requested or the means allowing access to the said data, and that in a way that will exonerate Ercom from any responsibility. In case of any default from the Client or End User, the Client will hold Ercom harmless from any liability.

4.5       Cryptopass is a solution to secure communications that provides an end-to-end encryption service for communications subject to the regulations applicable to dual-use goods and products using or integrating cryptographic means. End Users must ensure with the Customer that they are authorized to use the Cryptopass Service or to hold the Cryptopass application in the country where they are located, including in the transit zone. Ercom shall in no event be liable for the consequences thereof.

4.6       The supply of the Solution under a license does not constitute in any way a back-up or safeguard service. It is therefore strongly recommended to save the data and information on your terminal before using them with the Solution. Ercom rejects all responsibility for any loss of data or information caused by the absence of back-up on the terminal by the Client or End User.

5.          Duration
These T&Cs are applicable following the contract concluded by the Customer and Ercom or an authorized Ercom distributor for the use of the Solution. It continues as long as the Customer’s contract remains in force, and the End User remains entitled to use the Solution. At the end of the contract benefiting the Customer, the End User can no longer access and use the Solution.

6.          Warranties and liability
6.1       Conditions applicable to the warranties that may be granted by Ercom as part of the use of the Solution are set out in the contract entered into directly between the Client and Ercom of an authorized distributor.

6.2       In case any dysfunction or error arises, the End Users must contact the Client’s administrator (or account manager). The latter is, under the Client’s contract, responsible to contact a First Level Support center. In no instance Ercom shall directly provide any support or maintenance services to End Users.

6.3       Subject to warranties that may be granted to the End Users as a result of the terms of the contract concluded by the Client, the End User acknowledges that the Solution is made available “as is”.

6.4       To the fullest extent permitted by law, Ercom and its suppliers cannot be held to any liability vis-a-vis the End User, for indirect, special and punitive damage, nor any immaterial or intangible damage such as shortfalls, loss of opportunity, commercial losses, loss of revenue or profit, loss of customers, disorganization, and its resources and procedures, waste of time, loss, inaccuracy or corruption of files or data, cost of data or database recovery, obtaining a product, a software, a service or a substitution technology.

6.5       In no event the aggregate liability of Ercom, for the whole compensable losses suffered by the End Users of a given Client, shall exceed the liability cap set out in the contract entered into between the Client and Ercom or the authorized distributor if any, and in no event Ercom shall indemnify End Users directly.

7.          Personal Data
7.1       The Solution is managed by Ercom at the Client’s request. All personal data of End Users collected or processed by Ercom via the Solution are processed in accordance with the applicable regulations on personal data processing and, in particular, the Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 (“GDPR”) and the law of 6 January 1978 as amended.

7.2       In order to enable the subscription to the Solution, the Client sends us the e-mail address of the person who manages the rights of the End Users of the Solution (the “Administrator”), in order to transmit to him, by e-mail, a link and a password allowing him to access the administration interface of the Solution (the “Personal Data of the Administrator”). The first and last name of the Administrator can also be communicated to us by the Client as an option in order to personalize access to the administration interface. It is the Client’s responsibility at this time to inform the Administrator of the indirect collection made.

7.3       In order to activate and manage the access rights of End Users, Ercom needs to have at its disposal some personal data (the “End Users Personal Data”). In order to achieve this, the Administrator declares the Users’ authorized accounts on the administration interface by entering the authorized users’ mobile phone numbers. It is the Client’s responsibility at this time to inform the End Users of the indirect collection made. During the first connection, the mobile number of the End Users are collected in order to confirm their registration with the Client. In addition, during the use of the Solution, Ercom may collect End Users usage data or metadata (For example, which mobile number exchanges with which other mobile number, and when).

7.4       All Personal Data are stored in France only, in Ercom’s servers and/or, when relevant, in the servers of the Ercom partner’s ensuring the technical availability of the Solution. They are used by Ercom or its partner only to enable performance of the Client’s contract and availability of the Solution to End Users. They are neither transferred nor assigned in any manner whatsoever. They are stored by Ercom, in conditions ensuring their security and integrity, during the term of the license and a subsequent period of 12 months thereafter for invoicing, follow-up and customer relationship management purposes, except for End Users usage data (metadata) which are kept for a period of 12 months from the date of their recording.

7.5       All data subjects who consider that Personal Data concerning them have been collected and/or are being processed by Ercom may send a request for access, rectification, deletion or transmission of these data, as well as for limitation or opposition to their processing, and withdraw their consent to the processing of these data by email to the address dpo@ercom.fr. If these data subject consider that their rights concerning their personal data have not been respected, they can also lodge a complaint with a supervisory authority, such as the CNIL in France.

7.6       Before using the Solution, the Administrator and End Users must read and agree to the Cryptopass Privacy Policy, which specifically details the collection and processing of Personal Data.

8.          Applicable law and competent jurisdiction
8.1       These T&Cs are governed by French law and shall be interpreted in accordance with this law.

8.2       Any dispute or claim arising out of or in connection with these T&Cs shall exclusively be brought to the commercial court of Paris, regardless of the plurality of defendants or action by third parties.

Version 3.0

Protection des données : pourquoi et comment RSSI et DSI doivent-ils collaborer ?