Data processing agreement
This document lays out the responsibilities of Priice SARL (French company registration: 751361627), hereafter
referred to as Priice, to its customers with regards to data protection in general and the European Union’s
General Data Protection Regulation (GDPR) specifically.
1. Priice as Data Processor, Definitions
- Priice is a Data Processor operating on behalf of its customers.
- Customers are individuals or organizations paying money to use the Priice service. Free trial users of the
Priice Service are not Customers and should not send Priice personal data.
- Priice's Customers are Data Controllers.
- “Personal data” means any information relating to an identified or identifiable person.
- “Data Protection Laws” means EU Directive 95/46/EC, as transposed into domestic legislation of each Member State
and as amended, replaced or superseded from time to time, including by the GDPR and laws implementing or
supplementing the GDPR.
- "Services" means the Priice's APIs (Commercial name: Strackr) (application program interface)
and the professional services provided by Priice.
- “Sub-processor” means any Data Processor engaged by Priice.
- “Data Subject” means the individual to whom Personal Data relates.
2. Processing of Personal Data
- Use of the service implies that Priice may process personal data on behalf of the Data Controller in
accordance with the requirements of Data Protection Laws. The Data Controller will ensure that instructions to
Priice for the processing of personal data comply with Data Protection Laws. The Data Controller is solely
responsibility for the accuracy, quality, and legality of Personal Data and the means by which it acquires
- The inputs to the Priice Service provided by the Data Controller are URLs and optionnal parameters. No other
data should be sent to Priice. The Data Controller bears sole responsibility for transmission of URls that
can include personnal data.
- Priice lays out a full and accurate description of its data protection practices on its website at https://strackr.com/legal/gdpr . This description is
updated from time to time as and when practices change.
3. Rights of Data Subjects
- The Data Controller is solely responsible for the collecting of all necessary consent from Data Subjects to
allow Priice to process personal data on its behalf.
- Priice will, to the extent legally permitted, promptly notify the Data Controller if it receives a request
from a Data Subject for access to, or deletion of, that person’s personal data. Priice will not respond to a
Data Subject request without the Data Controllers prior written consent except to confirm that the request
relates to the Data Controller. The Data Controller is solely responsible for completing such request as
required by law.
- Priice ensures that its personnel engaged in the processing of personal data are informed of the confidential
nature of the personal data, have received appropriate training on their responsibilities and have agreed to
confidentiality obligations that survive the termination of that persons’ employment or engagement by Priice.
- Priice shall take commercially reasonable steps to ensure the reliability of any Priice personnel engaged
in the processing of personal data and that access to personal data by Priice is limited to those Priice
personnel who require such access to perform the Services.
- Priice’s data protection officer can be reached by email at firstname.lastname@example.org
- The Data Controller agrees Priice may engage third-party Sub-processors to provide the Services and such
Sub-processors may access personal data, and appoint additional levels of Sub-processors, only for purposes of
providing the services Priice retained them to provide and not for any other purpose.
6. Security Measures
- Priice agrees to implement and maintain the administrative, technical, and physical safeguards of personal
data stored using the Services.
- Access control: Servers are only accessible through SSH keys.
- Integrity & Confidentiality: User authorisation is heavily restricted. Only members of Priice SARL
(currently the Lead developer Julien Hany) have access to the production database.
- Anonymisation: Personal data such as IP addresses are by standard, if tracked at all, anonymised.
- Encryption: The Cloud database solution is cerified ISO/IEC 27001, 27017, 27018, 27701 and in transit with TLS/SSL.
On top of that, sensitive user data such as login information, network API credentials are all encrypted using AES-256.
- Transmission Control: All requests and responses get transmitted through SSL.
- Recoverability: Recoverability is managed by a Cloud solution. Backups are performed with 2 different providers
in 2 different physical locations with a history over the last 30 days.
- Evaluation: Regular check-ups on data registration, user capacities and database scalability requirements.
7. Security Breach Management and Notification
- If Priice becomes aware of unlawful access to the Data Controller's personal data stored through the
Services, or unauthorized access to the Services resulting in loss, disclosure, or alteration of the Data
Controller's personal data (“Security Breach”), Priice will promptly: (a) notify the Data Controller of the
Security Breach; (b) investigate the Security Breach and provide the Data Controller with information known to
Priice about the Security Breach; and (c) follow its policies and procedures to mitigate the effects and to
minimize any damage resulting from the Security Breach.
- The Data Controller agrees that an unsuccessful Security Breach attempt will not be subject to Section 7.1
above. An unsuccessful Security Breach attempt is one that results in no unauthorized access to the Data
Controller's personal data or to the Services storing your Personal Data, and may include, without limitation,
pings and other broadcast attacks on firewalls or edge servers, port scans, unsuccessful log-on attempts, denial
of service attacks, packet sniffing (or other unauthorized access to traffic data that does not result in access
beyond IP addresses or headers) or similar incidents.
- Notification(s) of Security Breaches, if any, will be delivered to one or more of the Customer’s business,
technical or administrative contacts by any means Priice selects, including via email. It is Customer’s sole
responsibility to ensure it maintains accurate contact information on Priice’s support systems at all times.
- Priice’s report of and/or response to a Security Breach under this Section will not be construed as an
admission by Priice to fault or liability with respect to the Security Breach.
8. Deletion of Customer Data
- Priice agrees to delete Customer personal data in accordance with Priice’s procedures and Data Protection
- At a Customer's request, Priice will provide the Customer with a certification of deletion of personal
9. Governing Laws
- This Agreement is governed by the laws of France
10. Legal Effect
- This agreement comes into effect from the time of purchase of an Priice subscription. It expires with
cessation of the Customer's Priice subscription.