Terms and conditions of sale

Rolebase is a platform operated by Lonestone, a simplified joint stock company with share capital of 75,200 euros, whose registered office is located at 40 rue de la Tour d'Auvergne, 44200 Nantes, registered with the Paris Trade and Companies Registry under number 807 728 126, and whose intra-community VAT number is FR36807728126 (the "Service Provider").

Rolebase (the "Platform") enables any legal entity or group of individuals or companies (the "Organization") to access various services to design a new way of running an organization and managing governance on a single interface.

Various services are offered on the Platform (the "Service(s)"), including the following:

- Manage organizational design according to circles and roles

- Manage role characteristicsManage projects, checklists, measures

- Hold online meetingsThe integration of various applications (the "application(s)") ;

- Access to a search engine for data shared on the platform

The Organization, a professional within the meaning of the French Consumer Code and acting in the exercise of its profession, acknowledges that it has the required capacity to subscribe to the said Services, declares that it has read the present Conditions and appendices (the "Contract"), and has accepted them, including when these Services are provided free of charge by the Service Provider.

The Service Provider and the Organization are hereinafter referred to as the "Parties".

Section 1: Purpose of this contract

‍The Contract defines the terms and conditions governing access to the Platform and the Services requested by the Organization.

The Service Provider hereby grants to the Organization, which hereby accepts, after having fully tested the Platform and its various Services with the assistance of any expert of its choice, a right of access and use of the Platform and Services for the entire duration of the Contract, subject strictly to the terms of Article 5. This right to access and use the Platform also extends to Affiliates, under the sole responsibility of the Organization.

The Organization may not transfer or assign any of its rights and obligations under this contract without the prior written consent of the service provider.

For the purposes of proper performance of this contract, the Organization undertakes to notify the Service Provider, as soon as possible, of any change in its postal address (street address or P.O. box). The Service Provider declines all responsibility for the consequences of any failure by the Organization to communicate this information.

Section 2: Access to and use of the platform

2.1 Platform access conditions

2.1.1 Access to the organization

The Platform is accessible via the Organization Access (the "Organization Access") at the following Internet address: https: //rolebase.io/

‍The Organization can access the service from any compatible computer or mobile terminal using the credentials created for it. The Organization's access enables it to access the Platform's administration and management settings.

The access identifiers created are personal and confidential. The Organization undertakes to do everything in its power to keep these identifiers secret and not to divulge them in any way.

The Organization is fully responsible for the use of identifiers. It shall ensure that no person not authorized by the Service Provider has access to the Services available on the Platform. If the Organization becomes aware of any unauthorized access to the Services, the Organization shall immediately notify the Provider and confirm the information in a letter sent by registered mail.

The Organization shall immediately notify the service provider of any theft or loss of identifiers and confirm the information in a letter sent by registered mail.

2.1.2 Administrator access

The Organization can use its Organization Access to configure access for one or more administrators (the "Administrator(s)"). Login credentials are then determined by these users when the guest user registers.

An Administrator may, for example, open, restrict or prohibit users' access to the Platform. The Administrator opens access to the Platform by inviting member accounts (the "Member(s)").

The Organization may restrict or terminate an Administrator's access to the Platform at any time.

2.1.3 Member access

Member Access is managed via Administrator Access.

The Administrator can invite new members to join the organization. The member must then validate his or her account by registering on the Platform using the unique link sent by email.

As an exception to the provisions of the General Terms and Conditions of Use of the Platform, the Service Provider reserves all its rights against the Organization and/or its Affiliates, who act as guarantors, to the exclusion of any recourse against any Third Party, including Administrators and Members.

The Service Provider shall have the right to take legal action in any capacity, directly against the Organization and/or its Affiliates if any damage or loss is caused by the Administrators, Members and/or any Third Party, in order to ensure that the Organization and/or its Affiliates make good any prejudicial consequences caused by such Third Parties. The Organization and its Affiliates shall therefore ensure that all users of the Platform comply with its terms of use.

2.2 Technical access conditions and platform updates

The Service Provider provides the Services to the Organization via the Platform which is accessible on its server via the Internet network, 24 hours a day, 7 days a week, with the exception of scheduled maintenance periods which will be communicated in advance.

In order to ensure that the Platform functions correctly, it has been optimized for the latest versions of the Explorer, Chrome and Firefox web browsers. The Organization is entirely responsible for the proper installation and operation of its browser software.

The Provider has the right to update and make functional changes to the Platform at any time. The Service Provider informs its users of the status of the service, the latest updates, upgrades and functional modifications requiring temporary unavailability of the Services.

The Organization is also advised of technical contingencies and access interruptions that may occur. The Service Provider declines all responsibility in the event of unavailability or slowdown of the Services.

The Organization undertakes not to expose the Platform to any risk of piracy or any attempt to take advantage of a vulnerability in the Platform and its security system. The Organization implements all appropriate measures to provide reasonable assurance of prevention of the aforementioned risks and all other risks that may affect the Platform and its host.

2.3 Assistance

A help desk is available on the platform at the following email address: contact@rolebase.io

‍This service is intended to provide assistance in using the platform and to correct any bugs.

For these terms :

A "bug" is defined as any error in the design, development or programming of the Platform that prevents normal use of all or part of the Platform and/or causes an incorrect result or action when the Platform is used in accordance with the instructions.
The support service does not cover malfunctions of the Platform that are directly or indirectly related to an external cause, such as an error of use on the part of the Organization and/or any Third Party, or an incident.

However, in the event of data loss or corruption, the Organization may request the Service Provider's assistance in recovering all or part of the data. The Service Provider will analyze the feasibility of recovering the data and will invoice the Organization for the additional costs jointly agreed by the Parties.

Section 3: Plans

‍3.1 Plan details

A paid plan is available, in the form of monthly subscriptions, from the Organization (the "Plan").

The choice of Plan is the sole responsibility of the Organization. Nevertheless, the Organization may modify its subscription at any time, including during the subscription period. It is nevertheless specified that the Organization may not renege on its commitment to subscribe to a Plan, and that the Service Provider will not reimburse any fees paid by the Organization.

3.2 Subscription period

The Organization's subscription to the Plan is monthly and based on the number of active users (with an account) within the Organization. It is automatically renewed for the same duration and for an unlimited period.

If the Organization does not wish its commitment to be automatically renewed, it must follow the appropriate steps in its profile on the Platform, specifying that this termination will only take effect after expiry of the current month.

Once the subscription to a paid plan is terminated, all the Organization's data may be destroyed without notice by the service provider. Therefore, the Organization must keep a backup of this data before deleting its member account.

3.3 Subscription changes

The Organization can modify its Plan at any time, if this means adding users or upgrading to a higher Plan than the initial one.

The Organization can reduce the number of users at any time.

The reduction or increase in the number of users on the paid plan will result in invoicing on a pro rata basis for the time spent between the subscription start date and the M+1 renewal date.

Section 4: Data ownership

4.1 Data ownership

The Organization remains the owner of all data it transfers as part of its use of the Platform.

The Organization expressly authorizes the Service Provider to host this data on the server chosen by the latter and to use it for the purposes of operating the Platform and compiling statistics.

The Service Provider shall ensure that the server selected for hosting has the appropriate characteristics and facilities to ensure the integrity of data creation and storage, as well as the protection and confidentiality of the collection, storage and processing of the Organization's data.

4.2 Processing of personal data

4.2.1 Purpose, type and duration of treatment

When using the Platform, the Service Provider may need to process the following personal data: first name, last name, IP address, telephone number, photo, e-mail address.

The categories of persons concerned by this processing are all users of the Platform to whom access has been provided by the Organization in accordance with the provisions of this Agreement.

This personal data is collected from all users of the Platform, solely for :

- The provision of services to users, including help and support;
- The analysis of the use of the Services and associated statistics with a view to improving the performance of the Platform; compliance with the service provider's legal and regulatory obligations.

As soon as data is collected, the Service Provider must inform users of the data processing it intends to carry out. This information is provided by disclosing its privacy policy, available at the following address: https: //www.rolebase.io/privacy.

Data is kept for the duration of the Services and until the Contract is terminated, for whatever reason.

The service provider hereby undertakes, at the Organization's discretion :

- Delete all personal data and any existing copies thereof, unless EU or applicable national legislation requires the retention of such data.
- Return such data to the Organization within seven days. If the Organization chooses this option, it must notify the Service Provider at least fifteen (15) days prior to termination of the Contract, regardless of the cause of such termination. In the absence of notification of this choice within the aforementioned period, all the aforementioned data will be destroyed by the Service Provider without prior notice.

At any time during the performance of the contract, the Organization has the right to export the data hosted.

4.2.2 The role of the service provider

The Service Provider acts merely as a data processor of the Organization, according to the definition of this term in EU Regulation 2016/679 of April 27, 2016 and GDPR (General Data Protection Regulation), when processing personal data.

Consequently, the Organization alone determines the purposes and means of processing any personal data. Personal data will only be processed by the Service Provider on the basis of the Organization's written instructions, including with respect to any transfer of personal data to a third country or international organization, unless the Service Provider is obliged to process such data under European Union law or applicable national law; in such case, the Service Provider will inform the Organization of such legal obligation prior to commencing processing, unless such law prohibits disclosure for reasons of public interest.

If the Service Provider considers that an instruction constitutes a breach of EU Regulation 2016/679 of April 27, 2016, GDPR (General Data Protection Regulation) or any other provision of EU or applicable national data protection law, it shall immediately notify the Organization.

4.2.3 Confidentiality, security and cooperation

The service provider undertakes to ensure that its staff and service providers involved in the performance of this contract comply with the following data protection obligations:

- Not to make any copies of the documents and information entrusted to it, with the exception of those necessary for the performance of this contract or with the prior agreement of the Organization, and in general to guarantee the confidentiality of any personal data;
- Not to use the documents and data processed for purposes other than those specified in this contract;
- To take all the security measures required by Article 32 of Regulation EU 2016/679 of April 27, 2016. The adequacy of these measures is assessed with regard to the state of the art, the costs of implementation and the nature, scope, context and purposes of the processing, as well as the likelihood and seriousness of the risks posed to the rights and freedoms of individuals as a result of the processing of their personal data

In addition, the Service Provider undertakes, for the duration of the Contract :

- To assist the Organization, as far as possible, in fulfilling all its obligations with regard to requests made by persons whose personal data are processed with a view to exercising their rights under Chapter III of Regulation EU 2016/679 of April 27, 2016, including requests for access, rectification, erasure (right to be forgotten), restriction of processing, opposition or portability ;
- To make available to the Organization all information required, in order (i) to demonstrate compliance with the obligations stipulated by Article 28 of Regulation EU 2016/679 of April 27, 2016 and (ii) to enable it to carry out or have carried out audits or inspections by any Third Party retained by the Provider; and to notify the Organization of any personal data breach of which it becomes aware, by e-mail. Such notification shall be accompanied by any useful documentation to enable the Organization, if necessary, to notify the appropriate regulatory body of the breach.

4.2.4 Third-party processing

The Organization authorizes the Service Provider to use any subcontractor of its choice for the purposes of performing this contract. The Service Provider shall inform the Organization of any planned changes involving the addition or replacement of subcontractors, to enable the Organization to object to such changes. The information provided includes the processing activities that are subcontracted, the identity and contact details of the subcontractors and the dates of the subcontracting contracts. The Organization has 15 calendar days from the date of receipt of this information to express its objections. The subcontract may only be implemented if the Organization has not raised any objections within the aforementioned period.

The Service Provider undertakes to ensure that its subcontractor(s) are subject to the same data protection obligations as the Service Provider under this Agreement, it being understood that if a subcontractor fails to meet its data protection obligations, the Service Provider will be fully liable to the Organization for the subcontractor's failure to comply.

4.2.5 The Organization's commitments

The Organization undertakes :

- To respond within the time limits set out in EU Regulation 2016/679 of April 27, 2016 to any request from users exercising their data protection rights for data covered by any processing modality authorized by this contract;
- To be able to demonstrate that the persons whose personal data is collected have freely given their consent;
- To comply with all the provisions of EU Regulation 2016/679 of April 27, 2016 and national laws applicable to the processing of personal data;
- To record in writing any instructions concerning the processing of data by the service provider; and to supervise the processing, including by carrying out, at its own expense, such audits and inspections of the service provider as are necessary.
- Comply with all provisions of the GDPR (General Data Protection Regulation).

4.3 Contact details

If you have any questions, comments, suggestions or complaints, please contact contact@rolebase.io.

Section 5: Licensing and intellectual property

The service provider hereby grants the organization a personal, non-exclusive, non-transferable and non-assignable right to use the services for the duration of the contract.

The present contract does not confer on the Organization any right of ownership over the services. The temporary provision of services shall not be construed as a transfer of intellectual property rights to the Organization.

The Organization agrees to use the Platform solely for its own purposes. This license is granted for the sole purpose of enabling the Organization to use the Services in accordance with their purpose, to the exclusion of any other purpose.

The Organization shall in no event make the Services available to any Third Party, other than its Affiliates, and strictly agrees not to make any other use of the Services, such as any adaptation, modification, translation, arrangement, distribution, decompilation, this list not being exhaustive.

The Organization further undertakes not to reproduce any element of the Platform or any documentation concerning it, by any means whatsoever, in any form or on any medium whatsoever.

Section 6: Complementary services

6.1 Interoperability

The Service Provider does not guarantee the compatibility and interoperability of the Platform with the Organization's other software. The Service Provider may be required to carry out additional software development to ensure the Platform's compatibility and interoperability. This development may be carried out at the request of the Organization, and will then be invoiced by the Service Provider under conditions to be determined by the Parties.

6.2 Additional services

Additional services may be provided by the Service Provider at the request of the Organization. Such services will be agreed jointly by the Parties and will be invoiced by the Service Provider on terms agreed by the Parties.

Section 7: Liability

7.1 Obligations - Responsibility of the Organization

7.1.1 Using the platform

The Organization must ensure that its use of the Platform complies with applicable laws and regulations and the Platform's general terms and conditions of use.

The Service Provider makes no warranty to the Organization regarding the compliance of the Organization's actual or intended use of the Platform with applicable laws and regulations.

The Organization is liable to the Service Provider for the use of the Platform by Administrators, Members, Guests or any Third Party.

7.1.2 Data and content

The Service Provider does not monitor the use of the Platform by the Organization and the data and information entered by the latter and by any Third Party, including Hosts. The Service Provider declines all responsibility for such content.

Consequently, the Organization is solely responsible for the content, conditions and consequences of the dissemination or non-dissemination of content via the Platform. It must ensure compliance with all applicable legal and regulatory provisions and assume responsibility for all complaints.

The Organization undertakes not to put online content that could be prejudicial to the public interest or contrary to public morality, or that could provoke protests from third parties, or that would violate legal provisions in force.

Consequently, if the Service Provider's liability is called into question, on any grounds whatsoever, in any country whatsoever, by a third party, for any infringement of intellectual property rights, whether directly or indirectly (for example, by the Persons involved) concerning any item supplied by the Organization, by an Administrator, by a Member, by a Guest or by any Third Party, the Organization undertakes to fully indemnify the Service Provider for any direct and/or indirect economic and financial consequences (including procedural and legal costs) that may result from such claims.

The Organization must ensure that all data is sent to the Platform, and may not hold the Service Provider responsible in any way for failure to receive or loss of transmitted data. The Organization must keep backups of all data transmitted.

All data exchanged by users as part of personal messages or "discussions" on the Platform will be destroyed by the Service Provider without prior notice to the Organization. The Organization may therefore not request the Service Provider to disclose or return all or part of such data.

As part of the execution of the Contract, the Organization also has the option of extracting the data entered and generated by the Platform, under the conditions set out in the user guide. To this end, the Organization must equip itself with the tools and skills required to process this data, at its own expense.

7.1.3 Analysis and statistics

The analyses and statistics provided by the Platform are purely indicative. Consequently, the Organization is solely and entirely responsible for the consequences of using these analyses and statistics. It will not be able to call into question or invoke the responsibility of the Service Provider in any capacity whatsoever, due, for example, to the direct or indirect financial and commercial consequences of these analyses and statistics.

7.2 Obligations - Liability of the service provider

The Service Provider carries out its activity under an obligation of means and declares to the Organization that :

- The technical services covered by this Agreement, including the hosting of the Organization's data and the provision of the administration tools used to manage and operate the Platform, are provided with all the care and attention necessary to provide a reliable and good quality Service;
- To the best of the Provider's knowledge, the Services are not affected by any Third Party challenge. Consequently, should the Organization be faced with a claim, in any capacity and in any country whatsoever, from a third party, on the basis of an infringement of intellectual property rights, concerning any element of the Platform made available by the Provider, the latter undertakes to fully indemnify the Organization against the direct and/or indirect economic and financial consequences (including procedural and legal costs) that may arise from such a claim;
- The identification data of Internet users who use the Service will be immediately transmitted to the courts and/or authorities who request it; and access to any litigious content likely to violate French and/or Community law may be suspended without notice.

However, the service provider accepts no liability in the following circumstances:

- Temporary interruptions of the Services necessary for its proper operation and/or for the evolution of the computer system in order to improve its performance and/or for its maintenance;
- Operating problems or temporary interruption of the Services which are beyond its control, such as in the case of a temporary breakdown in the electricity supply or telecommunications services; or inappropriate use of the Services by its users.

In the event that the service provider is held liable, the parties agree that its liability shall be limited to the costs actually paid by the Organization under this contract.

7.3 Miscellaneous provisions

Each Party expressly undertakes to comply with the regulations applicable to its own activities. Each of the Parties further undertakes always to behave fairly and in good faith towards the other Party and users.

In any event, neither Party shall be liable for any indirect or unforeseeable loss or damage suffered by the other Party, including any loss of profits, inaccuracy or corruption of data or files, loss of sales, loss of turnover or profits, loss of customers or loss of opportunity, in any way connected with this Agreement.

Neither Party shall be liable for any delay in performance or non-performance of this Agreement due to circumstances of force majeure, as defined by the case law of the French courts.

Section 8: User fees

The Organization must pay a variable monthly fee, the amount of which is set according to the number of users active in the Organization.

The Organization may be required to pay VAT to the Service Provider in accordance with the applicable provisions of European legislation. Consequently, upon receipt of a request from the Service Provider, the Organization undertakes to provide accurate and sincere information concerning its legal and tax situation.

In the case of a monthly subscription, the monthly fee is paid on the date of subscription and thereafter on each monthly anniversary date of its subscription, as follows:

By credit card: Visa, MasterCard, American Express ;

All payment data will be exchanged in encrypted mode.

Payments made by the Organization will only be considered effective once the amounts due have been received by the Service Provider. Access to the Services will be opened as soon as the sums have been duly collected.

Failure by the Organization to pay a single instalment will result in the Organization becoming a paying member, and the number of active members will be restricted to 5. The service provider will draw up an invoice and send it to the Organization.

Section 9: Termination

In the event of a breach by one of the Parties of its contractual obligations, the Contract may be terminated ipso jure by the other Party fifteen (15) days after failure to respond to a formal notice to remedy the breach sent by registered letter with acknowledgement of receipt. The formal notice must specify the alleged breach.

Once the Contract has been terminated for any reason whatsoever (e.g. cancellation, termination or expiry), all the Organization's data may be destroyed by the Service Provider without prior notice, subject to the specific provisions concerning personal data as defined in article 4.2.1. The Organization must therefore keep a backup of this data prior to the termination of its account.

Section 10: Non-competition‍

Throughout the term of the Contract and for a period of one year following termination of the Contract for any reason whatsoever, the Organization undertakes not to develop or cause to be developed a platform likely to compete with that of the Service Provider, in any form and in any manner whatsoever, including by acquiring interests in companies having a similar activity to that of the Service Provider.

The Organization agrees not to develop or sell, or cause to be developed or sold by a third party, any platform, application or software which may compete directly or indirectly with the Platform which is the subject of this Agreement, throughout the term of the Agreement and for a period of one year after its termination, for whatever reason.

Section 11: Communication

The Organization authorizes the Service Provider to communicate the existence of this contract and the fact that it has been signed with the Organization in any medium and by any means. To this end, the Service Provider may use the Organization's logo on its website or on any other communication medium. The Service Provider must nevertheless submit the medium on which its logo is to be used to the Organization for approval prior to any correspondence or communication.

Section 12: Applicable law

This contract is governed by French law.

The‍s respective computer systems and files of the Parties constitute valid evidence in the event of a dispute between them.

Each Party may therefore validly produce as evidence, in any proceedings, data, files, programs, recordings or other items, received, issued or stored using its computer systems, on any digital or analog media, and may freely invoke them, except in the case of flagrant error.

Section 13: Disputes

In the event of a dispute concerning the interpretation, execution, non-execution or consequences of the present contract, the matter will be referred to the Commercial Court of Paris, France.