Your partner in e-commerce success
Unleash your potential with Lengow. Our platform adapts to your business, whatever your sector
Companies
Retailers
Brands
Enterprise companies
Agencies
Industries
Fashion
Beauty
High tech
Home and garden
Luxury
B2B
Departments
Marketing
Marketplace
Tech
Your challenges
One platform. Endless possibilities.
Innovative features and integrations to unleash your business potential
Capabilities
Overview
Product data Management
Order Management
Syndication & Feed Management
Use cases
Sell on marketplaces
Product Ads
Product content syndication
Web-to-store
Dynamic Search Ads
Live commerce
Repricing
Integrations
Sources
Destinations
Find your next marketplace
API
Your e-commerce resources
Dedicated tools to follow the latest industry news and trends
Expert knowledge
Guides, white papers and webinars
Case Studies
Blog
Webinars
Case studies
Pimkie Success Story
Nespresso Success Story
Miliboo Success Story
All case studies
Our range of offers
Scalable options to adapt to your needs
Offers
Marketplace Offer
Product Ads Offer
Netrivals - Price Intelligence Offer
Professional Services
L'Oréal Luxe Success Story
Productpine Success Story
Design Bestseller Success Story
Who are we?
Find out everything about our company and team of experts
Company
Ecosystem
Newsroom
Career
Lengow life
Join us
Events
Version 26.07.2022
As part of the performance of the LENGOW AGREEMENT-SOLUTION, LENGOW may be required to process personal data of INTERNET USERS and USERS on behalf of the CLIENT. In this context, LENGOW acknowledges that it acts as Processor and the CLIENT acknowledges that it acts as Controller within the meaning of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (“GDPR”).
The PARTIES acknowledge that the protection of personal data is paramount and therefore undertake to comply with the relevant legislation in force.
Pursuant to Article 28.3 of the GDPR, according to which the processing carried out by a processor is governed by a contract setting out the subject matter and duration of the processing, the nature and purpose of the processing, the type of personal data processed, categories of data subjects and the obligations and rights of the controller, the PARTIES have come together to agree on the following.
In this Agreement (“Agreement”), capitalized words and phrases are defined in the AGREEMENT-SOLUTION or have the meanings set out in the Agreement.
The terms “Personal Data”, “ Controller”, “Processor”, “Data Subject(s)”, “Personal data breach”, “Processing”, “Supervisory Authority” and “Data Protection Officer” have the same meaning as that provided for in the GDPR and their related terms must be interpreted accordingly.
II.1 The purpose of the Agreement is to determine the conditions under which LENGOW carries out the Processing of Personal Data on behalf of the CLIENT, as well as the respective obligations of the PARTIES.
The Processing of Personal Data carried out by LENGOW on behalf of the CLIENT is detailed in the Appendix of the Agreement (“DESCRIPTION OF THE PROCESSING”).
II.2 The PARTIES agree that they will provide each other with all relevant information to comply with the obligations under the Agreement.
The duration of the Processing of Personal Data corresponds to the duration as determined in the Appendix.
IV.1. Processor’s obligations
LENGOW agrees to:
IV.2 Obligations of the Controller
The CLIENT undertakes to send and document in writing any additional instructions concerning the processing of Personal Data by LENGOW.
The CLIENT makes the following necessary information available to LENGOW:
The CLIENT warrants that the Personal Data processed through the LENGOW SOLUTION are collected and processed in accordance with the GDPR.
In accordance with European and French legislation on the protection of personal data, and in particular the GDPR, before any use of the LENGOW SOLUTION by the CLIENT and throughout the term of the CONTRACT, the CLIENT ensures LENGOW that:
The guarantees given by the CLIENT to LENGOW under this article are all essential conditions of the AGREEMENT-SOLUTION, without which LENGOW would not have contracted.
LENGOW is authorised to use another processor (hereinafter the “LENGOW Sub-Processor”) to carry out specific processing activities.
The CLIENT acknowledges and agrees that for the purposes of the AGREEMENT-SOLUTION, LENGOW regularly uses other technical service providers which may have the capacity of LENGOW Sub-Processor and process Personal Data on behalf of LENGOW. The CLIENT can access the updated list of LENGOW Sub-Processors by clicking here. The CLIENT shall have fifteen (15) calendar days from the date of receipt of such information to object, provided that such objection shall be based on objective and reasonable grounds.
LENGOW Sub-Processors are required to comply with the obligations of this Agreement on behalf of and in accordance with the CLIENT’s instructions. It is LENGOW’s responsibility to ensure that LENGOW Sub-Processors provide the same adequate guarantees for implementing appropriate technical and organisational measures such that the processing will meet the requirements of the GDPR.
If the LENGOW Sub-Processor fails to fulfil its Personal Data protection obligations, LENGOW shall remain fully liable towards the CLIENT for the performance by the LENGOW Sub-Processor of its obligations.
All the rights that the Data Subjects have over their Personal Data, namely the rights of access, rectification, erasure and opposition, the right to restrict processing, the right to data portability, the right not to be the subject of automated individual decision-making (including profiling), must be exercised by said Data Subjects directly and exclusively with the CLIENT, LENGOW undertaking to comply with any written and lawful instructions from the CLIENT in this regard.
When Data Subjects exercise their rights concerning their Personal Data with LENGOW, unless otherwise agreed by LENGOW in writing, LENGOW will promptly send such requests by email to the CLIENT.
LENGOW undertakes to inform the CLIENT, as soon as possible after becoming aware of it, of any Breach of Personal Data when this breach results, accidentally or unlawfully, in the unauthorised access or disclosure, alteration, loss or destruction of Personal Data. It will then be the responsibility of the CLIENT to inform, if applicable, (i) the Supervisory Authority to which it reports and (ii) the Data Subjects.
At the first request of the CLIENT, LENGOW will provide in writing all the elements necessary for the notification of the Personal Data Breach by the CLIENT to the competent supervisory authority in its possession, namely:
Where, and in so far as, it is not possible for LENGOW to provide the CLIENT with all this information at the same time, LENGOW agrees to provide this information to the CLIENT in stages as soon as possible.
In the event of reporting and notification obligations to the competent supervisory authorities and/or Data Subjects resulting from a Personal Data Breach, the PARTIES shall, upon request, provide support and information to the other PARTY
The PARTIES shall cooperate, insofar as necessary, in carrying out data protection impact assessments and prior consultations of the competent supervisory authority; If a supervisory authority communicates with a PARTY regarding the Processing carried out by either PARTY of the CLIENT’s Personal Data under the Agreement or this CONTRACT, the PARTY having communicated with the supervisory authority shall inform the other PARTY as soon as possible. The PARTIES shall cooperate to the extent reasonably necessary to comply with their obligations to respond to requests from the Supervisory Authority. The PARTIES shall each bear the respective reasonable costs relating to the fulfilment of these obligations, it being specified that in the event of enhanced assistance from one or other of the PARTIES, the latter shall discuss in good faith the sharing of the costs relating thereto.
LENGOW undertakes to implement appropriate security measures in order to secure the Personal Data and ensure its integrity, availability and confidentiality. As such, LENGOW has formalised a Security Policy describing the security measures put in place. This Security Policy is available on request from LENGOW.
X.1 Data of INTERNET USERS
During the performance of the AGREEMENT-SOLUTION, LENGOW will delete or, in any event, automatically anonymize all the Personal Data of INTERNET USERS in its possession within a maximum period of six (6) months from their collection via the LENGOW SOLUTION.
At the end of the AGREEMENT-SOLUTION, LENGOW undertakes to destroy or, in any case, anonymize all the Personal Data of INTERNET USERS which remain in its possession within two (2) months after the end of the CONTRACT, unless Union or Member State law requires storage of the Personal Data.
X.2 Data of USERS:
At the end of the AGREEMENT-SOLUTION, LENGOW will delete, or anonymize the Personal Data of USERS from its information systems within 30 days of the end of the AGREEMENT-SOLUTION, unless administrative or legal obligations otherwise require.
LENGOW makes available to the CLIENT the documentation necessary to demonstrate compliance with all its obligations and to allow, within the limit of one audit per contractual year, for audits to be carried out by the CLIENT, or another independent auditor appointed by it and which must have been subject to prior and written validation by LENGOW, and to contribute to these audits. These audits will be carried out remotely on the basis of the information requested by the CLIENT from LENGOW in order to demonstrate the procedures and documentation put in place by LENGOW to comply with the GDPR. All costs incurred by the CLIENT in connection with such audit shall be borne exclusively by the CLIENT.
The CLIENT shall communicate to LENGOW in advance, and at least two (2) months in advance, any request for an audit, the date of the audit and the name and contact details of the persons in charge of the audit. This period may be reduced to fifteen (15) days in the event of a Personal Data Breach. As the audit is carried out remotely, LENGOW will work in good faith with the auditor and will provide it with any information, documents or explanations necessary for carrying out the audit in connection with the processing operations carried out within the framework of the performance of the CONTRACT. Under no circumstances may the audit have as its direct or indirect purpose or effect, disrupting the activities of LENGOW or accessing or affecting in any way whatsoever, the elements, property of LENGOW, protected under intellectual property or business secrecy.
The CLIENT acknowledges and agrees that LENGOW may transfer Personal Data outside the EEA or to an international organisation on the sole condition that one of the appropriate protection measures as provided for in Chapter V of the GDPR are effectively put in place.
These measures include:
The Agreement and any underlying instrument constitute the entire agreement between the PARTIES with respect to the subject matter of this Agreement and supersede all previous agreements or representations, oral or written, relating to that subject matter.
In the event of discrepancies between the Agreement, the AGREEMENT-SOLUTION and any other agreement between the PARTIES, the provisions of the Agreement shall prevail, if they are related to the Processing of Personal Data.
The Agreement and all disputes arising out of or relating to it shall be construed, governed by and executed in accordance with French law. Each PARTY irrevocably consents to the exclusive jurisdiction of the Nantes courts (44200) over all disputes and claims under the Agreement and all actions to enforce such claims or to obtain damages or other remedies in connection with such claims, except to the extent otherwise required by applicable data protection law.
The description of the processing of Personal Data carried out by LENGOW under the CONTRACT is presented in the table below:
Processing of Personal Data of USERS
Processing of Personal Data of INTERNET USERS in the event of management of orders
Processing of Personal Data of INTERNET USERS in the event of activation of the TRACKING option
Processing carried out
Categories of personal data processed
Purposes for which Personal Data are processed on behalf of the CLIENT
Management of the INDIVIDUAL ACCOUNT of the USERS
Transfer of Personal Data from INTERNET USERS to the CLIENT as part of the management of orders for the CLIENT’s PRODUCTS
Production of STATISTICS on behalf of the CLIENT, including the number of visits to the CLIENT’s Site, the number of PRODUCT purchases, the number of views and/or clicks of INTERNET USERS.
Storage of Personal Data
Duration of performance of the CONTRACT increased by 30 days
Maximum 6 months from the collection of Personal Data via the LENGOW SOLUTION
Growth of online sales
Saving time and simplifying the process
Internationalisation with a simplified strategy