General terms and conditions of sale

Last updated: 1st June 2023

These general terms and conditions of sale, together with the quote (the “Quote”) constitute the agreement (the “Agreement”) under which AXA Climate (the “Service Provider”) will provide the customer, as identified in the Quote, (the “Customer”) with the Services. By signing the Quote, the Customer agrees to be bound by these terms and conditions which supersede and replace any terms and conditions issued by the Customer, which are hereby excluded and inapplicable.

1. Definitions – Terms which are capitalized shall have the meanings given to them in this Article or elsewhere in this Agreement.

Authorised User(s)” means the employees of the Customer and its Affiliates, the independent consultants of the Customer and its Affiliates and the employees of temporary work agencies of the Customer who will be authorised by the Customer and its Affiliates to use the Climate School, within the limits set out in the Agreement.

Climate School” means an online learning experience made of microlearning on the sustainable transition created by the Service Provider and as described at: https://axaclimate.notion.site/Climate-School-catalog-EN-03a0af5d3f0e4365b80b4a71d798282c

EdApp Platform” means the e-leaning platform developed, hosted and maintained by EdApp, accessible in SaaS mode pursuant to EdApp Services Levels, on which the Climate School is hosted.

Fees” means the fees payable by the Customer in consideration for the Services as detailed in the Quote.

Intellectual Property Rights” means all intellectual property rights (copyright and related rights) or industrial property rights (trademarks, business names, domain names, patents, designs and models) of the Parties, whether or not they are registered, throughout the world and for the period of their validity.

“Licence” means the personal non-assignable, non-transferable and non-exclusive license of access and use of the Climate School granted to the Customer for its Authorised Users.

Rustici Platform” means the platform called “Content Controller” developed, hosted and maintained by Rustici, on which the SCORM files of the Climate School are hosted.

Services” means the License granted in the conditions detailed in the Quote.

Service Levels” means the expected values (in terms of uptime, response time, correction time or else) in relation to the EdApp Platform as set out in Article 13.

Party/Parties” means individually or jointly the Customer and/or the Service Provider.

Tax” means any tax, including all state / national and local taxation, corporate tax, business tax, goods and services tax, value added tax, ad valorem tax, capital gains tax, withholding tax, stamp duty, customs and other import and export duties, levies and charges, and all penalties, charges, costs and additions to tax as imposed by any government, government agency, statutory body or any revenue authorities in respect of all the fees, charges, interests and expenses arising from this Agreement.

Term” means the duration for which the Customer is authorised to access and use the Climate School, as specified in the Quote.

1. License

The Service Provider grants the Customer the License in consideration of the payment of the Fees by the Customer, for the number of Authorised User, as described in the Quote. The Customer undertakes that the Authorised Users will use the Climate School in compliance with the Climate School’s terms of use, privacy policy and the terms and conditions of this Agreement.

2. Intellectual property rights on the Climate School

The Climate School constitutes protected copyrighted material and valuable trade secrets of AXA Climate. Ownership of the Climate School including any intellectual property embodied therein (and in particular, all information, materials, tools, techniques, including but not limited to unpatented inventions, drawings, videos, presentations, quiz, methods, data, documents, instruction and training manuals), remains the property of the Service Provider or its licensor(s) at all times, which shall retain all Intellectual Property Rights, whether registered or not, therein. As a consequence, this Agreement does not convey, assign or transfer title or ownership of the Climate School.

The Customer, its Affiliates and any Authorised User shall not:

  1. use the Climate School for the purpose of building a competitive product, competitive product means any product or service that is being developed or sold by the Customer and is of the same general type, performs similar function, may be substituted for or is intended or used for the same purpose as the Climate School;
  2. copy, reproduce, represent, adapt, correct, arrange, translate, integrate, transcribe, extract, summarize, distribute, modify, or create any derivative works of the Climate School, including any component, part, feature, function, user interface, or graphic thereof, in any manner or form, by any means, according to any current or future technology, for any other purpose or destination, on any media.

3. Warranties

The Service Provider will provide the Services with reasonable skill and care. The Service Provider possesses and shall maintain resources and expertise to provide the Services in accordance with the terms and conditions of this Agreement. The Service Provider further warrants that it will provide the Services in a manner consistent with general industry standards reasonably applicable to the provision thereof.

Notwithstanding the above the Climate School is provided on an “as is”, and “as available” basis and without any further warranties of any kind. Except as expressly stated in this Agreement, implied warranties of fitness for a particular purpose, non-infringement, and suitability of information and functionality are expressly excluded and the Service Provider hereby expressly disclaims any liabilities of whatever nature in relation thereto. The Service Provider will take all reasonable steps to ensure the accuracy of the information provided, it being specified that the Service Provider cannot guarantee the accuracy of all such information, which may be evolving, prospective or resulting from interpretations made by third parties. The Customer acknowledges that it has been informed of the content of the Climate School to date, via the existing Climate School catalogue and enters into this Agreement with full knowledge of the said content.

4. Fees and Taxes

The Customer shall pay the Fees in accordance with the number of Authorised Users described in the Quote. All Fees and additional charges are always exclusive of any Value Added Tax or other applicable Tax. In the event that any Tax is applicable to payments under this Agreement, the Customer shall pay to the Service Provider an additional amount to ensure that the Service Provider receives, net of Tax, the actual amount of Fees. Such additional amount should include but not limit to the withholding taxes applicable in the Customer’s jurisdiction. The Parties shall cooperate with each other to accurately determine any Tax liability arising from this Agreement and to minimize such liability, to the extent legally permissible and to the extent that such cooperation is not detrimental to either Party. The Parties shall each provide and make available to the other Party any tax invoices, tax exemption certificates, tax residence certificates and/ or any other relevant information as reasonably requested by either Party.

In the event of payments not received from Customer by the due date, any sum due to Service Provider will bear automatic late payment interest, starting on the day after the payment period’s expiry date equal to the key interest rate applied by the European Central Bank, plus 10 points. In addition, pursuant to Articles L. 441-6 and D. 441-5 of the French commercial Code, Customer shall pay a fixed allowance of forty (40) euros for recovery costs per invoice.

5. Term and termination

This Agreement shall come into force at the signing date of the Quote and shall remain in effect for the Term indicated in the Quote.

This Agreement may be terminated as of right by either Party in case of a breach of any term of the Agreement. Early termination shall take place thirty (15) days after a formal notice to remedy has been sent to the breaching Party by registered mail with acknowledgement of receipt and has remained without effect.

6. Confidentiality

Confidential Information” means, without limitation, all information and data communicated –in writing and/or orally– by one Party to the other Party in connection with the performance of this Agreement, including, without limitation whether in whole or in part, reports, interpretations, forecasts, analyses, know-how, market information, marketing plans, studies, notes and other documents. Each Party undertakes on its behalf (and in the name and on behalf of its corporate officers, employees and subcontractors) to keep the Confidential Information strictly confidential, implement adequate security and safety measures using the same means and procedures as those used for their own Confidential Information. Each Party will be entitled to disclose Confidential Information strictly as required by any court of competent jurisdiction, or by a governmental or regulatory authority or where there is a legal duty or requirement to disclose. Confidentiality shall remain in force for the Term and for a period of three (3) years after its expiration or termination or any longer period as may be required by law.

7. Data privacy

Depending on which platform the Climate School is hosted as selected by the Customer, either Clause 7.1 or 7.2 will apply.

7.1 If the Climate School is hosted on the EdApp Platform, the provisions of Annex 1 and 2 (Data Processing Addendum) shall apply in relation to the Parties’ obligations relating to any processing of personal data for the performance of the Agreement and the Services.

7.2 If the Climate School is hosted on the Rustici Platform the following provisions shall apply. The Parties agree to act as distinct data controllers for the performance of their own personal data processing activities, complying with the applicable laws and regulations, including but not limited to the EU General Data Protection Regulation (EU 2016/679) (“GDPR”). The Customer undertakes to inform its Authorised Users, according to the GDPR, of the personal data processing conducted by the Service Provider under this Agreement through its data processor (RUSTICI) for the purposes of providing the Services (IP address retained for the duration necessary to provide the Services, within the limit of 30 days).

8. Force majeure

In no event shall either Parties be liable to the other for any delay or failure to perform caused by a force majeure event through no fault from the Party claiming relief. Force majeure is the occurrence of unpredictable and irresistible event beyond the control of the Party claiming relief including, but not limited to, when they present these characteristics: acts of the public enemy; wars; fires; floods; epidemics; and quarantine restrictions. In case of force majeure event, each Party shall exercise all reasonable efforts to mitigate the extent of such delay or failure. Performance times under this Agreement shall be considered extended for a period of time equivalent to the time lost because of any delay which is excusable under this Article. If any such force majeure event continues for a period of more than thirty (30) business days, either Parties shall have the option of terminating the Agreement or any order as of right and without formality, upon written notice to the other.

9. Liability

The obligations of the Service Provider hereunder shall qualify as “obligations de moyens” (duty of care) under French law. The Service Provider shall be liable only in cases of direct damages. The Service Provider shall not be liable for any indirect, incidental, special, consequential, punitive damages or loss of profits arising out of, or in connection with, this Agreement or the performance or breach thereof. The Customer acknowledges that the Climate School is not a substitute for professional advice. The Customer assumes full responsibility for the access and use of the Climate School by Authorised Users and the data contained in the Climate School.

Notwithstanding any other provision, the Service Provider’s entire liability arising out of or under this Agreement is capped at an amount equal to the Fees paid by the Customer in relation to this Agreement.

10. Governing law and jurisdiction

The Agreement will be governed by and interpreted in accordance with the laws of France. The Courts of Paris shall have exclusive jurisdiction to decide all disputes relating to the Agreement.

11. Miscellaneous

Assignment / Subcontracting – Either Party shall not assign any right or interest under this Agreement without the prior written consent of the other Party. The Service Provider shall have the right to sub-contract any of its obligations under this Agreement either in whole or in part, at any time and without Customer’s consent. In any event, the Service Provider shall remain responsible for the proper delivery of the Climate School by its subcontractors and remain the sole interlocutor of the Customer.

Commercial referencing – Each Party may use the other Party’s name, logo or trademarks as a commercial reference and/or communicate about the existence of the Agreement without the other Party’s express prior consent.

No Waiver of Rights – Unless otherwise provided in this Agreement, the failure of either Party at any time to enforce any right available to it under this Agreement or otherwise with respect to any breach or failure by the other Party shall not be construed as a waiver of that right with respect to any other breach or failure by the other Party.

Interpretation and Entire Agreement – This Agreement constitutes the entire agreement between the Parties with respect to the subject matter hereto and replaces any previous proposals, correspondence, declarations of intent or other communications, whether written or oral. The Annexes form part of the Agreement and shall have effect as if set out in full in the body of the Agreement.

Electronic Signature – The Parties may sign this Agreement by using an electronic signature. The Parties agree that the electronic signature expresses the consent for this Agreement to be legally binding to the Parties and to serve as evidence on the same account as a hand-signed paper document.

12. Compliance & Ethics obligations

12.1. Corporate Responsibility

The Customer acknowledges that the Service Provider adheres to certain principles and practices aiming at doing business in a socially responsible manner by promoting sustainable development in its business as more fully set forth in the AXA Compliance and Ethics Guide (https://www.axa.com/en/press/publications/compliance-ethics-guide). The Service Provider encourages its suppliers to be socially and environmentally responsible. The Service Provider may therefore, at its discretion, not renew this Agreement and/or, subject to applicable laws, implement an AXA Group-wide prohibition on entering into future contracts with the Customer in the event the Service Provider determines, after discussion with the Customer, that the Customer’s practices are contrary to the principles and practices set forth in the AXA Compliance and Ethics Guide. In addition, as part of the Service Provider’s principles and practices of sustainable development, the Service Provider requires its customers to observe the following three main specific International Labour Organization (ILO) principles: (i) refrain from using, or accepting that their own suppliers and subcontractors make use of child labour (under 15 years of age) or forced labour; (ii) ensure staff safe and healthy working conditions and environment, respecting individual and collective liberties; and (iii) promote non-discrimination (sex, race, religion or political conviction) as regards staff recruitment and management. In the event that the Service provider notifies the Customer or the Customer becomes aware that any of its business practices are contrary to such ILO principles, the Customer agrees to remedy the practice in question and notify the Service Provider of such remediation. If the Customer does not appropriately address this matter or commits further violations, the Service Provider may terminate this Agreement for convenience, as of right and without formality, without liability or indemnity of any kind to the Customer.

12.2. Anti-Bribery.

Customer acknowledges that Service Provider: (i) is committed to abide by the applicable laws and regulations prohibiting corruption and influence peddling (together: “Corruption”)[1]; and (ii) has implemented and will maintain within its organization policies, that prohibit any such actions by its officers, employees, affiliates, agents, subcontractors, and any other third parties acting on its behalf. The Parties represent, warrant and covenant that, in connection with the Agreement:

  • neither the Parties, nor their officers, employees, affiliates, agents, subcontractors, nor any other third party acting on their behalf, have committed or will commit any Bribery of the other Party’s officer, employee, affiliate, agent, subcontractor, or any other third parties acting on its behalf; and
  • the Parties have implemented and will maintain adequate anti-Bribery policies and controls in place to prevent and detect Bribery throughout their organization, whether committed by their officers, employees, affiliates, agents, subcontractors or any other third parties acting on their behalf.

In particular, the Parties shall refrain from promising, offering, or granting to any person, directly or indirectly, any undue advantage so that such person performs or refrain from performing any act within the scope of its functions in the performance of this Agreement; or in order to make such person using its real or supposed influence over a third party in order to obtain any advantage.

To the extent permitted by the applicable law, each Party shall notify the other Party immediately upon becoming aware or upon becoming reasonably suspicious that an activity carried out in connection with the Agreement has contravened or may have contravened this Article or any anti-Bribery law or regulation.

Each Party may at any-time request evidence of the other Party’s compliance with its obligations under this Article.

If either Party has reasons to believe that the other Party is not complying with the obligations contained in this Article, such Party may suspend the performance of the Agreement until the other Party provides reasonable evidence that it has not committed or is not about to commit a breach. The Party that has suspended performance of the Agreement shall in no event be liable for any damage or loss caused to the other Party.

Breach of this clause by each Party shall be deemed a material breach of this Agreement and each Party may terminate the Agreement with immediate effect upon written notice – as of right and without any judicial authorization – if during the Term of the Agreement the other Party is convicted of an act of Bribery or fails to comply with this Article or any anti-Bribery law or regulation even if not connected to the Agreement. To the extent permitted by the applicable law, the defaulting Party shall indemnify the other Party, its officers, employees, affiliates, agents, subcontractors, or any other third party acting on its behalf, against any losses, liabilities, damages, costs (including legal fees) and expenses incurred by, or awarded against these indemnified parties as a result of any breach of this Article.

12.3. Sanctions

Either Party shall not be bound by any obligation and shall not provide any service and under this Agreement when the implementation of such an obligation or the supply of such service would expose it to a sanction, prohibition or restriction resulting from a resolution of the United Nations organization, and/or to the economic or commercial sanctions provided for by the laws or regulations enacted by the European Union, France, the United Kingdom or the United States of America or by any other national law providing for such measures.

12.4. Conflict of interest

The Customer undertakes to inform the Service Provider of any situation likely to create a conflict of interest for the Service Provider. The Service Provider undertakes to declare any potential conflict of interest with the Customer. Notwithstanding the foregoing, the parties acknowledge that Service Provider providing services to a Customer Competitor or other Third Party shall not, of itself, create a conflict of interest.

13. EDAPP Services Levels Agreement

EdApp is AXA Climate’s subcontractor and provides the access to the EdApp Platform in accordance with the following services levels agreement.

EdApp is contractually committed to use commercially reasonable efforts, being no less than accepted industrial standards in this regard, to ensure that the EdApp Services are available to Customer 99.9% of the time in any calendar month. However, in case of unavailability of the EdApp Platform, AXA Climate will not be held directly liable by the Customer.

Category Level Criteria Response Time Resolution Time
Critical Issue is deemed too critical and needs to be resolved immediately. Critical impact on > 20% users Immediate Within 12hrs
Serious Issue impacts major functionality and/ or has risk impacts Serious impact on > 10% users 24hrs 12 – 72hrs
Minor Issue requires attention however there is no functional or risk Minor impact on > 5% users 72hrs 72hrs – 1 week
Trivial Issue is trivial and does not pose any immediate risk 96hrs In line with release schedule

ANNEX 1: DATA PROTECTION (APPLICABLE FOR EDAPP PLATFORM ONLY)

The purpose of this Annex is to set forth the conditions under which AXA Climate, where it accesses, receives and/or processes Personal Data from Customer, shall act as Data Processor (or “Processor”) on behalf of Customer, acting as Data Controller (or “Controller”). As part of their contractual relations, the Parties undertake to comply with any Data Privacy Applicable Laws and Regulations and, in particular, the Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 (hereinafter “the General Data Protection Regulation” or “GDPR”).

I. Definitions

Capitalized terms not otherwise defined in the Agreement or in this Annex, shall have the meaning given in the GDPR and further interpretations provided by the Supervisory Authorities, as understood under chapter VI of the GDPR including: Personal Data, Processing, Purpose, or Personal Data Breach among others.

Controller Personal Data” means any Personal Data made available or transferred by Controller to the Processor and any Personal Data that the Processor processes as Processor as defined by the Data Privacy Applicable Laws and Regulations in the framework of this Agreement.

Data Privacy Applicable Laws and Regulations” means any laws or binding rules, statute, ordinance, regulation, order or opinion of any supervisory authority regarding data protection or privacy, in particular the Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 (hereinafter “the General Data Protection Regulation” or “GDPR”).

Data Subject Rights” means every right given by the Data Privacy Applicable Laws and Regulations to the Data Subjects affected by the Processing activities of this Agreement, including: right of access, rectification, deletion and opposition, right to limitation of the Processing, right to portability, and right to not being subject to an automated individual decision-making.

II. Obligations of the Parties

Processor shall comply with Controller’s documented and lawful instructions regarding Controller Personal Data as described in the Agreement and in the data privacy specifications that may be attached hereto. The Processor shall inform the Data Controller if, in its opinion, an instruction infringes the Data Privacy Applicable Laws and Regulations. The Processor shall process Personal Data only on instruction of the Controller, and on behalf of the Controller.

Within the conditions set out in this Annex, the Processor undertakes to:

  • Assist Controller in satisfying the legal obligations related to the protection of Controller Personal Data, notably by supplying to Controller any information necessary for the fulfilment of any required formalities, or the demonstration of its compliance with the obligations laid down in this Annex, and in the Data Privacy Applicable Laws and Regulations,
  • Unless provided otherwise by applicable law, inform Controller of any request or order issued by a public authority (e.g. data protection authority, courts, police) concerning directly or indirectly Controller Personal Data;
  • Implement the appropriate technical and organizational measures, insofar as this is possible, notably those required for the fulfilment of Controller’s obligation to respond to requests for exercising the Data Subject Rights;
  • Take steps to ensure that any natural person acting under its authority who has access to Controller Personal Data does not process them except on instructions from the Controller, unless such person is required to do so by the Data Privacy Applicable Laws and Regulations;
  • Not disclose, sell, assign or lease Controller’s personal data.

III. Special Categories of Data

The Parties acknowledge that under no circumstances the Controller will transfer to the Processor or ask the Processor to process Special Categories of Data, including sensitive data.

IV. International Transfer of Personal Data

Controller Personal Data may be transferred, including for Processing, hosting or granting remote access purposes, with prior written consent of Controller, outside of the European Economic Area (EEA) or countries that have been deemed as offering an adequate protection by the European Commission.  In case the recipient is located outside the EU/EEA, Processor: (i) has implemented the necessary measures, such as signing the last version of EU standard contractual clauses agreed by the EU Commission, (ii) has implemented appropriate safeguards such as supplementary security measures.

For the sake of this Annex, the following Sub-Processor is deemed to have received consent from the Controller:

EdApp Pty Ltd based in Australia.

Should Processor intend to change the data processing authorized location, Processor shall obtain the Controller’s prior written approval.

V. Sub-Processing

The Processor may use a Sub-Processor to carry out specific processing activities. The Processor shall inform the controller in advance and in writing of any envisaged change regarding the addition or replacement of Sub-Processor. The Controller shall have a period of 15 days from the date of receipt of this information to raise reasonable objections. Such subcontracting may be carried out only if the Controller has not objected within the agreed time limit. For the sake of this Annex, the following Sub-Processors are deemed to have received consent from the Controller:

EdApp Pty Ltd based in Australia.

Processor also commits that it shall ensure that the Sub-Processor will comply with all the obligations contained in this Annex and in the Data Privacy Applicable Laws and Regulations, which shall be established through a specific agreement or similar arrangement (“Sub-Processing Agreement”).

VI. Confidentiality of Personal Data

The Parties agree that Controller Personal Data shall be treated, by nature, as confidential information. Persons authorised to process the personal data have committed themselves to confidentiality or are under an appropriate statutory obligation of confidentiality.

VII. Retention, Return and Destruction of Personal Data

Processor shall not retain Controller Personal Data longer than the duration of the Agreement, augmented of any applicable mandatory retention period (such as applicable statute of limitations). The Parties agree that upon the expiration of this duration, the Processor will delete Personal Data and any copies thereof unless Controller expresses its choice, in writing and, within thirty (30) days after expiration, of a return of Personal data under a readable format.

VIII. Personal Data Security

The Processor will provide sufficient guarantees to implement appropriate technical and organisational measures to preserve the security of the Controller Personal Data and, in particular, prevent their alteration and damage, or access by non-authorized third-parties.

IX. Personal Data Breach

Processor shall notify in written to the Controller without undue delay after becoming aware of any Personal Data Breach. Said notification shall be sent along with any necessary documentation to allow Controller, where necessary, to notify this Personal Data Breach to the competent Supervisory Authority. The Processor shall provide all the necessary information to the Controller, in order for the latter to comply with article 33.3 of the GDPR. Where, and in so far as, it is not possible to provide the information at the same time as the written notification of the Personal Data Breach, the information may be provided in phases without undue further delay. In case of Personal Data Breach, Processor shall proceed as quickly as possible to mitigate any adverse impact and to prevent similar Personal Data Breaches from occurring in the future.

X. Audit

Controller may audit Processor in order to assess Processor’s compliance with the obligations under this Annex, at the cost of the Controller, with a three (3) month prior written notice and not more than once every 12 months. The notice shall mention the identity of the auditor third-party considered by the Controller (the “Proposed Auditor”), which shall be impartial and independent. After receiving such notice, the Processor will have the possibility to reasonably object within one (1) month to the Proposed Auditor. In such hypothesis, the Parties will negotiate in good faith to choose a neutral auditor third party.

XI. Liability

Regardless of any contrary provision, the liability of the Processor towards the Controller for any acts or omissions relating to its obligations with regard to the processing of Persona Data under this Annex/the Agreement, the confidentiality thereof and/or the Data Privacy Applicable Laws and Regulations will be limited to the total Fees payable under the Agreement within the last twelve months (the “Personal Data Liability Cap”).

Processor will be solely liable (within the limits of the Personal Data Liability Cap) for the damage caused by its processing activities, when it has not complied with Data Privacy Applicable Laws and Regulations or this Annex.

XII. Data Subjects Rights and Mutual assistance

The Controller will provide data subjects with information required under the Data Privacy Applicable Laws and Regulations. The Controller will answer to executing the requests of Data Subject Rights. Processor shall assist the Controller in executing the requests of Data Subject Rights, where applicable. When the Data Subject Rights are requested directly to the Processor by the Data Subject, Processor shall transfer these requests upon receipt, by e-mail to Controller. In case of a control or a claim investigated by a competent Supervisory Authority regarding the Data Processing within the framework of the Agreement/this Annex, the Parties agree to cooperate in good faith. The Processor will use commercially reasonable efforts to provide the relevant information, that could have been requested by the Supervisory Authority, to the Controller.  Any non-commercially reasonable costs relating to assistance by the Processor will be borne by the Controller.

XIII. Duration

The provisions of this Annex will stay in force between the Parties for the duration of the Agreement.

XIV. Applicable law

All the provisions of this Annex are subject to French law.

ANNEX 2: DESCRIPTION OF PERSONAL DATA PROCESSING ACTIVITIES

The table(s) below shall be filled-in and duplicated for each Processing activity of Controller Personal Data undertaken by the Processor and shall be attached to the Agreement.

The content of each table acts as written instructions from the Controller. Processor undertakes to only process Controller Personal Data according to these instructions, and only on behalf of the Controller. All localizations, and Sub-Processors, listed in the table hereafter, shall be considered as authorized by the Controller.

Purpose of the Processing Delivering online training
Nature of the Processing hosting
Type of processed Personal Data Name, surname, and email address
Categories of Data Subjects Customer’s employees
Location of Data Processing Europe
Duration of the Data Processing Activity (active archiving) Agreement term
Personal Data Retention Period (intermediary archiving) 5 years (statutory limitation)
Technical and organizational measures implemented by the Processor AXA Group IT standards
Sub-Processors list (including affiliates within the same Group) EdApp / Australia

[1] As defined in AXA Code Compliance & Ethics Code (https://www.axa.com/en/press/publications/compliance-ethics-guide)