Logo eBrigade
Contact us
Start for free
Login
Logo eBrigade
Edit Content

By Objective

Optimize Staff Planning
Centralize your missions, equipment, and members
Simplify team management
Manage your operations from your mobile
Track hours, availability, and real-time statistics
Organize your events
Coordinate your interventions and on-call duties

Take Rendez-Vous ->

With an eBrigade expert

By Feature

Schedule Management
Human Resources
Document Management
Vehicle & Equipment
SMS & Notifications
Multi-organization / Branches
Statistics and Data
QR Code & Traceability
Toutes les fonctionnalités

By Modules

Mobile App
CRM
HelloAsso
Ticketing
Two-Factor Authentication
Chat
Single Sign-On (SSO)
Badge
Tous les modules

Institutional & Local Authorities

Communal reserve
Firefighters & SDIS
Civil Security
Public Hospital & SAMU
Crisis Unit
Local Authorities

Associations & Federations

Volunteering
Sports Club & Federation
Charitable Association
Student Association
Cultural & Leisure Association
Event planning

Businesses & Services

Medical Transport
Construction & Maintenance
Private Security
Event Management & Logistics
Business Services
Multi-site & Field Teams
Temporary Staffing & Assignments

Unions & Institutions

Professional Federation
Union
Mobilization & Campaigns
Political Organization
Citizen Organization

Training & Education

Training Center
CFA

NGO & Humanitarian

Cooperative & Citizen Networks
NGO
Mixed public/private mission
Emergency Mobilization

By Size

Small Entity (<200)
Medium Entity (200 <> 1500)
Large Entity (>1500)

Pricing & Comparisons

eBrigade Pricing
Market Comparison
Custom Quote

Infrastructure & Options

Setup Assistance
Health Data Hosting (HDS)
Development Request

Try gratuitement ->

No credit card required, 30-day trial with no commitment

Take Rendez-Vous ->

With an eBrigade expert

eBrigade

About
Support Center
Webinars & Videos
Blog

News & Insights

Quick Guide
What's New
Update
Partners

Try gratuitement ->

No credit card required, 30-day trial with no commitment
Contactez-nous
Commencer gratuitement
Connexion

The services provided within the framework of the commercial relationship between the Parties involve in particular the processing by the Company EBRIGADE TECHNOLOGIE (hereinafter referred to as EBRIGADE” or the “Subcontractor“) personal data belonging to the customer (hereinafter referred to as the Customer ” or the ” Data Controller “) (hereinafter referred to together as ” the Parties “).

In this context, this “Personal Data Processing Agreement” (hereinafter the “Agreement”), which is an amendment to the contract previously concluded between the Parties if applicable, is concluded between the Parties in order to determine the conditions under which EBRIGADE, which acts as a processor within the meaning of the European Data Protection Regulation EU 2016/679 applicable on May 25, 2018 (hereinafter the “GDPR”), may process personal data.

1. DEFINITIONS

For the purposes of this Agreement and notwithstanding any other definitions provided in the Agreement, the following terms shall have the meanings given below:

  • Agreement “: refers to this Data Protection Agreement supplemented by Appendix 1 “Methods of Processing Personal Data”.
  • Regulatory Authority “: refers to any competent authority for the protection of Personal Data. In France, the competent supervisory authority is the CNIL.
  • Contract “: refers to the General Terms and Conditions of Service accepted by the Data Controller.
  • Authorized Recipient “: means a member of EBRIGADE’s staff or a Subcontractor who has a legitimate need to access the Personal Data in connection with the performance of the Agreement.
  • Data “: Refers to all types of information and/or data to which the Parties have access in the context of contractual relations, regardless of the format or medium, whether or not it is Personal Data (e.g. financial data, customer data, strategic, technical, professional, administrative, commercial, legal, accounting data, etc.).
  • Personal Data ” has the meaning given to it within the meaning of Article 4 of the GDPR.
  • Sensitive Data “: has the meaning given to it within the meaning of Article 9 of the GDPR.
  • Authorized Purpose “: refers to the purpose of the Processing of Personal Data implemented by EBRIGADE, in accordance with Appendix 1 “Methods of Processing Personal Data”.
  • Instructions “: refers to all the instructions written by the Data Controller to EBRIGADE. These instructions are strictly formal and may only be considered as such to the extent that they are in writing in the form of this Agreement, an official e-mail or paper letter from a duly authorized person.
  • Third country “: refers to any State that is not a member of the European Union.
  • Data Subject “: refers to any natural person whose Personal Data is subject to Processing.
  • Security Measures “: refers to the physical, technical and organizational security measures of EBRIGADE and regularly updated in order to ensure the confidentiality, availability and integrity of Personal Data.
  • Data Protection Regulation”: refers to the regulations in force applicable to the Processing of Personal Data and, in particular:
  • Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016, applicable since 25 May 2018, known as the “General Data Protection Regulation” (hereinafter “GDPR”);
  • the “Informatique et Libertés” law n°78-17 of 6 January 1978 as amended;
  • any legislation that comes into force and may affect the Processing covered by this Agreement;
  • any best practice guide published by the competent Regulatory Authorities or the European Data Protection Board.
  • Controller “: has the meaning given to it in Article 4 of the GDPR.
  • Services “: refers to the services provided by EBRIGADE under the Contract.
  • Processor “: has the meaning given to it in Article 4 of the GDPR. EBRIGADE’s subcontractor(s) who carry out Personal Data Processing in strict accordance with the Instructions issued by the Data Controller is/are qualified as ” Sub-processor(s )”.
  • Processing “: has the meaning given to it in Article 4 of the GDPR.
  • Data Breach “: means a breach of security that accidentally or unlawfully results in access to or destruction, loss, alteration, unauthorized disclosure of Personal Data transmitted, stored or processed.

2. DURATION AND CONTRACTUAL HIERARCHY

2.1. This Agreement is effective upon the Controller’s acceptance of the Agreement and remains applicable for the duration of the Agreement.

2.2. This Agreement supersedes any applicable Personal Data protection clauses. In the event of any conflict, the Parties expressly agree that this Agreement shall prevail over the Agreement or any other agreement relating to the provision of Services.

3. APPOINTMENT AND ROLE OF EBRIGADE

3.1. The Client, in its capacity as Data Controller, designates EBRIGADE as a Data Processor to process the Personal Data in its name and on its behalf in order to achieve the Authorized Purposes referred to in Appendix 1 of this Agreement in the context of the performance of the Services.

4. WARRANTY

4.1. EBRIGADE guarantees the Client that it:

  • processes only Personal Data that is necessary for the Permitted Purposes, in accordance with the Instructions set out in Appendix 1, and refrains from processing the Personal Data for any other purpose;
  • maintains the confidentiality of Personal Data processed under this Agreement;
  • ensures that Authorized Recipients:
  1. undertake to respect the confidentiality of Personal Data or are subject to an appropriate legal obligation of confidentiality;
  2. are made aware of issues relating to the protection of Personal Data;
  • complies with the Data Protection Regulations and the Instructions issued by the Data Controller, and ensures compliance with them by the Authorised Recipients and Sub-processors;
  • takes into account, with regard to its tools, products, applications or services, the principles of data protection by design and data protection by default;
  • cooperate and comply with the instructions or decisions of any Regulatory Authority, within a time limit that allows the Client to comply with the deadlines imposed by such Authorities; and
  • does not do or omits to do anything that would cause the Customer to violate the Data Protection Regulations.

4.2. EBRIGADE uses the services of a service provider with the “Approved Health Data Host” approval provided for in Article L. 1111-8 of the Public Health Code.

5. COOPERATION AND ASSISTANCE

EBRIGADE is committed to:

  • appoint a privileged interlocutor responsible for representing it to the Client;
  • actively cooperate with the Customer to ensure compliance with the Personal Data Protection Regulations. As such, EBRIGADE undertakes to make available to the Client all reasonable means in its possession to provide information on the Processing entrusted to it and assistance in the event of a complaint, request for opinion, communication, or real or presumed security breach affecting Personal Data. EBRIGADE further undertakes not to make any public statement or announcement to any third party, including a Regulatory Authority, without first consulting the Client regarding the content of such a public statement or announcement, unless expressly provided otherwise by the law of a Member State or Third Country;
  • assist the Client in carrying out impact assessments relating to the protection of Personal Data, by providing all the information requested and necessary concerning the Processing Carried out, and in carrying out the prior consultation with the supervisory authority;
  • modify, transfer and/or delete Personal Data held by it or on its behalf by a Subprocessor, in accordance with any Written Instructions from Customer;
  • notify the Client:
  1. before performing any maintenance work on EBRIGADE’s Services that may affect the Client’s business;
  1. any advances in technology and working methods that would involve revising the Security Measures;
  • inform the Client immediately:
  1. if any Instructions issued by the Client relating to the Processing are unlawful or appear to be contrary to the doctrine and recommendations of the Regulatory Authority;

If the Processor considers that an Instruction constitutes a violation of the Data Protection Regulations, it shall immediately inform the Client. In addition, if the Processor is required to transfer data to a third country or to an international organization, under Union law or the law of the Member State to which it is subject, it must inform the Customer of this legal obligation prior to processing, unless the relevant law prohibits such information for important reasons of public interest.

  1. in the event of the occurrence of a Personal Data Breach under the conditions set out in Article 6.2 of this Agreement;

(iii) if EBRIGADE or a Subprocessor receives a complaint, notice or communication from a Regulatory Authority that directly or indirectly relates to the Processing(s) or the compliance of either Party with the Data Protection Regulations; and

(iv) if EBRIGADE or a Sub-Processor receives a complaint, notice or communication from a Data Subject in connection with the exercise of its rights.

  • to assist the Client in complying with the obligations set out in Articles 32 to 36 of the GDPR taking into account the nature of the Processing and the information made available to EBRIGADE.

6. SECURITY

6.1. EBRIGADE undertakes to the Client to:

  • ensure that appropriate technical and organizational measures have been put in place against accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to, Personal Data held or processed by it, including all measures necessary to ensure compliance with the Personal Data security requirements in the Data Protection Regulations.
  • implement the Security Measures specified in Annex 1;
  • limit access to Personal Data to only those persons acting under its authority, and only to the Personal Data that is strictly necessary for the performance of the Services subject to the Processing provided for in this Agreement;
  • ensure that its IT systems are:
  1. sufficiently protected, among other things, against viruses and the interception of Personal Data within the network
  2. able to restore the availability of and access to Personal Data within the appropriate timeframe in the event of a physical or technical incident;

6.2. In the event of the occurrence of an actual or potential Personal Data Breach affecting the Services of EBRIGADE or a Sub-processor, EBRIGADE undertakes to:

  • notify the Customer of any security breach that may result in a Personal Data Breach as soon as possible after becoming aware of the said breach by email;
  • accompany the notification with any useful documentation in order to allow the Client, if necessary, to notify the Regulatory Authority or the Data Subject of such violation. As such, EBRIGADE will specify the following points as far as possible:

(i) a description of the nature of the Personal Data Breach, including, if possible, the categories and approximate number of Data Subjects affected by the breach and the categories and approximate number of Personal Data records involved;

(ii) the name and contact details of the Data Protection Officer and/or other point of contact from which additional information may be obtained;

(iii) a description of the likely consequences of the Personal Data Breach; and

(iv) a description of the measures taken or envisaged by EBRIGADE to remedy the Personal Data Breach, including, where applicable, measures to mitigate any adverse consequences.

  • communicate the information defined above in a staggered manner and without undue delay in the event that it is not possible for EBRIGADE to provide all the information specified at the same time, or if clarifications can be provided on certain elements already communicated.

7. ACCOUNTABILITY

EBRIGADE is committed to the Client, in a logic of accountability, to:

  • regularly update the register of processing activities as provided for in Article 30 2. of the GDPR, and keep a written record of any Processing and Instructions relating to Processing carried out on behalf of the Customer;
  • regularly update the register of security breaches that is filled in by EBRIGADE as soon as a Personal Data Breach occurs, whether or not this breach has been notified to the services of the Regulatory Authority;
  • document, as far as possible, all the processes put in place by EBRIGADE in terms of the protection of Personal Data through its Security Measures.

8. RECIPIENTS OF PERSONAL DATA

8.1 EBRIGADE warrants to the Client that it:

  • restricts access to Personal Data to only Authorized Recipients and Sub-processors who need to have access to the Data;
  • ensures that Personal Data is transferred securely to Recipients and authorized subprocessors;
  • imposes on Subprocessors legally binding confidentiality and security obligations equivalent to those contained in this Agreement; and
  • ensures that Sub-processors comply with the Data Protection Regulations.

8.2. In the context of the provision of the Services, EBRIGADE may call on a sub-processor to carry out specific Processing. In this case, it shall inform the Client in advance of any envisaged changes regarding the addition and replacement of other Subprocessors. This information must clearly indicate the Processing activities subcontracted, the identity and contact details of the Sub-Processor and the dates of the sub-processing contract. The Client, informed by EBRIGADE, has a maximum period of 7 working days from the date of receipt of this information to submit objections legitimately founded in law and in fact within the time limit. EBRIGADE will only implement the subsequent subcontracting in the absence of legitimately founded objections in law and in fact on the part of the Client.

8.3. Any subsequent subcontracting performed in connection with the Services shall not relieve EBRIGADE of its responsibilities and obligations to Customer under this Agreement.

8.4 The Client hereby expressly and unreservedly authorises EBRIGADE to use the companies named in Appendix 1 as Sub-processors.

9. DATA SUBJECTS

9.1. EBRIGADE undertakes to the Client, in the context of a request to exercise rights, to:

notify the Client, by email, immediately and within a maximum period of five (5) business days of any request from a Data Subject wishing to exercise his or her rights under the Data Protection Regulations;

  • cooperate fully with the Client in order to respond, within a reasonable time frame given their nature and number, to requests from Data Subjects wishing to exercise their rights under the Data Protection Regulations, provided that the Client does not have all the elements in its possession allowing it to manage these requests for the exercise of rights; and

9.2. It is the Customer’s responsibility to provide the information to the Data Subjects at the time of collection of the Personal Data.

10. TRANSFERS TO THIRD COUNTRIES

10.1. EBRIGADE does not transfer Personal Data to third countries without the prior written consent of the Client.

10.2. EBRIGADE complies with the Instructions issued by the Customer regarding transfers of Data to Third Countries, except in the event that EBRIGADE is required, in accordance with applicable laws, to transfer Personal Data to a Third Country.

10.3. Customer hereby consents to the transfer of Personal Data to the entities and locations listed in Appendix 1, for the purposes of the strict performance of the Services, and provided that:

  • the third country is a country which, according to the European Commission, has an adequate level of protection of Personal Data; or
  • EBRIGADE meets one of the following conditions:
  1. EBRIGADE concludes or obtains from the Subprocessor an agreement on the transfer of data using the model Standard Contractual Clauses developed by the European Commission;
  1. The Subprocessor is listed in a specific agreement with the European Union that is valid; or
  1. Transfers made with the Subprocessor are subject to the exception regime referred to in Article 49 of the General Data Protection Regulation No. 2016/679.

10.4. EBRIGADE ensures that no further transfer of Personal Data to another Third Country takes place unless the Client grants its consent prior to such transfer, or that such subsequent transfer meets the requirements set out in Article 10.3 hereof.

11. OWNERSHIP OF DATA

11.1 In the context of the Processing activities, it is expressly agreed between the Parties that all Data provided by the Client to EBRIGADE remains the sole and complete property of the Client.

11.2 The anonymized statistics of use of the Services remain the full and complete property of EBRIGADE.

12. LIABILITY

12.1. EBRIGADE agrees to indemnify the Client only for direct material and immaterial damage suffered by it and resulting from a failure or negligence of EBRIGADE, its employees, its representatives or its sub-processors in the security of Personal Data.

13.2. EBRIGADE undertakes to implement all necessary and reasonable means to ensure the security of the Processing, and will therefore be liable for damages related to a security failure attributable exclusively to EBRIGADE resulting in unavailability, loss of traceability, doubt about the integrity or lack of confidentiality of Personal Data. However, it is expressly agreed between the parties that there is no such thing as zero risk in terms of safety and that EBRIGADE remains subject to an obligation of means. Nor can it be held liable for damages related to a security failure that would be attributable to the technological, software or computer choices made by the Client, in particular for reasons of budgetary restrictions, while EBRIGADE will have proposed other solutions ensuring a higher level of security and guarantees.

13.3. EBRIGADE’s liability for any costs, expenses, losses, damages or other liabilities arising out of or in connection with the breach of this Agreement (whether by EBRIGADE or its employees, representatives or subcontractors) shall not be incurred until one (1) year after the damage becomes known.

13. REVERSIBILITY

13.1. Upon the expiration or termination of the Contract for any reason whatsoever, the reversibility services offered by EBRIGADE are intended to ensure the continuity of the Client’s activity. As such, EBRIGADE undertakes, within a reasonable period of time, to comply with the instructions stipulated in Appendix 1, which may consist of either:

  • Provide the Client with the Personal Data it holds in an open format in any manner provided for in the Services Contract where applicable;
  • Anonymize all Personal Data.

13.2. The return of Personal Data is accompanied by the definitive deletion of all of the above-mentioned elements as soon as possible from the end of the Processing Process(es), unless Union law or the law of the applicable Member State provides otherwise.

13.3. In the absence of specific instructions concerning the reversibility of the Personal Data or their recovery, EBRIGADE will proceed to the definitive deletion of all the aforementioned elements as soon as possible from the end of the Processing Process(es), unless Union law or the law of the applicable Member State provides otherwise.

14. AUDIT AND CONTROL

14.1. The Client may order audits to be carried out on documents in order to ensure the level of compliance of EBRIGADE. The audit does not apply to confidential information entrusted to EBRIGADE by other customers.

14.2. The Client may order the performance of objective audits of compliance with the Data Protection Regulations on the Processing operations carried out for the purpose of performing the Services under the conditions defined below:

  • the audit is carried out by an external auditor selected jointly by the Parties for his or her expertise, independence and impartiality;
  • the selected auditor is bound to the Parties by a confidentiality agreement and/or by professional secrecy;
  • the Client notifies, in writing and subject to a minimum of fifteen (15) working days’ notice, EBRIGADE of its intention to have a compliance audit carried out;
  • In no way shall the audit carried out deteriorate or slow down the Services offered by EBRIGADE or undermine the organizational management of EBRIGADE. The audit operations must not involve actions that could potentially damage EBRIGADE’s infrastructure or interfere with the other Services provided by EBRIGADE to other customers;
  • A copy of the identical audit report is provided to the Client and to EBRIGADE following the completion of the audit mission and for which observations may be made by the Parties. This report may, if necessary, be the subject of an in-depth examination within the framework of a steering committee;
  • the costs of the compliance audit will be borne exclusively by the Client;
  • the Client may only commission compliance audits up to a maximum of one (1) audit per year; and
  • EBRIGADE will have a period of three (3) months from the communication of the audit report to correct the shortcomings and/or non-conformities observed at its own expense. If necessary, EBRIGADE may exceptionally extend this period by three (3) months after having expressly informed the Client and objectively justified such an extension.

14.3. EBRIGADE undertakes to allow the selected auditor access to its sites, facilities, documents and information necessary to assess its good level of compliance, and cooperates fully with the selected auditor in order to carry out its mission.

14.4. In the event of an audit carried out by a competent Regulatory Authority that may be of interest to the Client’s Processing, EBRIGADE undertakes to cooperate fully with the Regulatory Authority.

14.5. In the event of an audit carried out by a competent Regulatory Authority with regard to the Client, EBRIGADE undertakes to fully assist the Client with regard to the Processing carried out in the context of the Services.

15. MODIFICATION OF THE AGREEMENT

15.1. This Agreement may not be modified except in writing signed by the duly authorized representatives of each of the Parties.

15.2. In the event of any changes to the Personal Data Protection Regulations, it is agreed that the Parties may revise the provisions of this Agreement and negotiate in good faith to comply with the updated Personal Data Protection Regulations.

16. APPLICABLE LAW AND JURISDICTION

16.1. THIS AGREEMENT SHALL BE GOVERNED BY AND CONSTRUED IN ACCORDANCE WITH FRENCH LAW AND ANY DISPUTE ARISING OUT OF OR IN CONNECTION WITH THIS AGREEMENT AS TO ITS VALIDITY, INTERPRETATION OR PERFORMANCE SHALL BE SUBMITTED TO THE COURTS WITHIN THE JURISDICTION OF THE PARIS COURT OF APPEAL, AS WELL AS TO THE COMMISSION NATIONALE INFORMATIQUE ET LIBERTÉS (CNIL) TO WHICH EACH OF THE PARTIES IRREVOCABLY SUBMITS.

16.2. PRIOR TO ANY LITIGATION, THE PARTIES SHALL SEEK, IN GOOD FAITH, TO SETTLE AMICABLY ANY DISPUTES RELATING TO THE VALIDITY, INTERPRETATION, PERFORMANCE, NON-PERFORMANCE, INTERRUPTION, TERMINATION OR TERMINATION OF THIS AGREEMENT AS WELL AS THE PARTIAL OR TOTAL TERMINATION OF COMMERCIAL RELATIONS BETWEEN THE PARTIES, FOR WHATEVER CAUSE AND ON WHATEVER GROUNDS WHATSOEVER. THE PARTIES WILL HAVE TO MEET IN ORDER TO COMPARE THEIR POINTS OF VIEW AND MAKE ANY USEFUL OBSERVATIONS TO ENABLE THEM TO FIND A SOLUTION TO THE CONFLICT BETWEEN THEM.

16.3. THE PARTIES WILL ENDEAVOUR TO REACH AN AMICABLE AGREEMENT WITHIN THIRTY (30) DAYS OF THE NOTIFICATION BY ONE OF THEM OF THE NEED FOR AN AMICABLE AGREEMENT, BY REGISTERED LETTER WITH ACKNOWLEDGEMENT OF RECEIPT.

*

* *

APPENDIX 1: Methods of Processing Personal Data

A – Description of the processing of personal data

EBRIGADE is authorised to process personal data on behalf of the Client in the context of its activity as a hosting provider and SaaS solution publisher.

Information relating to the Processing, subject to this Agreement, is detailed below:

Treatment Details
Nature of the operations envisagedStorage of personal data
Purposes of the Processing Provision of the EBRIGADE Solution to Customers
Categories of personal data processedAny type of personal data processed by the Customer in the course of its activity.
Categories of data subjectsCollaborator of the ClientCollaborators of the ClientCollaborator of the Client’s service providersUser of the services offered by the Client
Duration of data retention or criteria justifying data retentionThe data is generally kept for the duration of the performance of the services.
Point of contact By email: contact@ebrigade.app

B – List of sub-processors

In the context of the Processing, EBRIGADE may use the service providers listed below.

Identity of subprocessorsCategoriesData localization Link to the Data Protection Agreement of the processor and the appropriate safeguards in case of transfer outside the EU
OVHHostGermanyhttps://us.ovhcloud.com/legal/data-processing-agreement
IONOSHostEuropehttps://www.ionos.fr/
AWSHostFrancehttps://aws.amazon.com/fr/agreement/
SendinblueMailingFrancehttps://fr.sendinblue.com/legal/termsofuse/
TrelloModuleUnited Stateshttps://help.trello.com/article/1118-trello-and-gdpr-our-commitment-to-data-privacy
Google DriveModuleIn the United States, Europe (Finland, Belgium, Dublin), and Asia (Hong Kong, Singapore, Taiwan)https://support.google.com/drive/answer/2450387?hl=fr
PipedriveRCMPUnited Stateshttps://www.pipedrive.com/en/terms-of-service
StripePaymentUnited Stateshttps://stripe.com/dpa/legal

 

 

C – Security measures


As part of the Processing, EBRIGADE has implemented the following security measures:



Technical security measures 		-Encryption of passwords and backup access folders
– Access restriction and access management policy and authorisations
-Archiving of server logs
-Filtering of suspicious IP addresses
– Security audit implemented at regular intervals
-Daily rolling backups on separate production servers
-Long-term add-on backups on AWS S3
– Use of a secure cloud (certification and approvals held by hosting providers)
Organizational security measures-Password management policy
-Backup insurance plan
-Security Testing
-Audit and logging of user actions
– Adoption of an IT charter
– Training of employees in the processing of personal data
– Signing of Data Protection Agreements with sub-processors

Saspik

The all-in-one platform for managing your teams, activities, and operations.


:round_pushpin: Made in France


Secure hosting — Protected data.

Icon-facebook Instagram Icon-linkedin Youtube

Products

Resources

Sectors

Legal / Compliance

Company

©2025, All rights reserved eBrigade Technologies