Logo Oodrive
Logo Oodrive
Le plus haut niveau de sécurité
Collaboration Souveraine et securisée
Signature
Sauvegarde

Prices

Industries
Partners
Check out our case studies
About
Resources

SecNumCloud

Request a demo

Contract published on March 23, 2026

Terms of Service

Learn more
Logo Oodrive Work, Link to Oodrive Work page
  1. Article 1. Definitions
  2. Article 2. Object
  3. Article 3. Duration and renewal
  4. Article 4. Service operation
  5. Article 5. Support services
  6. Article 6. Security
  7. Article 7. Connection
  8. Article 8. Intellectual property rights
  9. Article 9. Oodrive’s obligations
  10. Article 10. Client’s obligations
  11. Article 11. Financial conditions
  12. Article 12. Price adjustment
  13. Article 13. Liability
  14. Article 14. Insurance
  15. Article 15. Data restoration
  16. Article 16. Personal data
  17. Article 17. Audit
  18. Article 18. Confidentiality
  19. Article 19. Termination of breach
  20. Article 20. Jurisdiction and applicable law
  21. Article 21. Oodrive personnel & compliance
  22. Article 22. General provisions

Between

Oodrive, a simplified joint-stock company (SAS) with a capital of 309,126 euros, having its registered office at 26 rue du Faubourg Poissonnière, 75010 Paris, and registered with the Paris Trade and Companies Register (RCS) under No.

432735082 (hereinafter referred to as “Oodrive” or the “Service Provider“).

 And

The Client.

Oodrive and the Client are individually referred to as a “Party” and collectively as the “Parties“.

The use of the Service implies acceptance of these terms. Any contrary stipulation, not recorded in a writing accepted by Oodrive, is deemed unwritten. In particular, the Client’s general purchasing conditions are automatically excluded from the Contract and are not enforceable, even if they are attached to a Purchase Order issued by the Client concerning the Service and/or its options.

In the event of contradiction, incompatibility or discrepancy between the contractual documents, the parties agree that the following hierarchy shall apply, in the following order of priority:

  • These general terms and conditions and its appendices (hereinafter the “Contract”);
  • Purchase orders (hereinafter the “Purchase Order”).

Article 1. Definitions

Authorized Contact: refers to the Client’s representative designated by the Client for the purpose of managing relations with Oodrive, including reporting Anomalies. Oodrive will only consider requests originating from the Authorized Contact. The Client may also designate a substitute in the event of unavailability.

Client: refers to Oodrive’s contracting party.

Contract: refers to the set of contractual documents binding the Parties, consisting of the Purchase Order, these General Terms and Conditions of Service, any special terms and conditions, and any other document explicitly accepted by the Parties

Data Controller: refers to the natural or legal person, public authority, agency, or other body that, alone or jointly with others, determines the purposes and means of the Processing.

Incident Priority Level 0 (“Very High”): Incidents having very serious impacts on the Client’s normal operations for Production Use, causing complete unavailability or a major performance reduction of a critical business component of the Client’s Solution, preventing the Client from performing urgent and critical work for its business operations, and for which no workaround is available.

Incident Priority Level 1 (“High”): Incidents having a serious impact on the Client’s normal operations for Production Use, preventing the Client from performing tasks important to its business operations.

Incident Priority Level 2 (“Moderate”): Incidents having a moderate impact on the Client’s normal operations for Production Use, preventing the Client from performing tasks of minor importance.

Incident Priority Level 3 (“Low”): Incidents that do not have a significant impact on the Client’s normal operations.

Personal Data: refers to any information relating to an identified or identifiable natural person (hereinafter “Data Subject”); An “identifiable natural person” is a natural person who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier, or to one or more factors specific to their physical, physiological, genetic, mental, economic, cultural, or social identity

Processing: refers to any operation or set of operations performed, whether or not by automated means, on Personal Data or sets of Personal Data, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination, or any other form of making available, alignment or combination, restriction, erasure, or destruction.

Processor (as defined by the GDPR): refers to the natural or legal person, public authority, agency, or other body that processes Personal Data on behalf of the Data Controller.

Purchase Order : refers to the written document by which the Client places an order for the Service, and which includes the amount of the corresponding fees and subscriptions. It is subject to these Terms of Use.

Quote: refers to the written document provided by Oodrive to the Client to inform them of the price of the service.

SaaS: A service hosted on Oodrive’s servers that allows remote access via the internet, subject to a usage fee.

Server: refers to Oodrive’s IT infrastructure hosting the Service, onto which the Client’s files are uploaded for the purposes of the Contract.

Service: refers to the service provided to the Client under the Contract

Support Services: refers to any service not included within the scope of the Service subscription, such as (non-exhaustive list) project management, the organization of and participation in monitoring and steering committees, the installation of updates and patches on client workstations, the customization of the application, or the integration of the Service with the Client’s tools

Article 2. Object

This document (hereinafter referred to as the “Contract”) sets forth the terms and conditions under which Oodrive provides the Service to the Client.

Article 3. Duration and renewal

This Contract shall take effect on the date of signature by the last Party and shall remain in effect for a term of twenty-four (24) months.
At the end of the initial term, the subscription to the Service shall automatically renew for additional terms of the same duration. Either Party may terminate the Contract by registered letter with acknowledgment of receipt, provided that two (2) months’ notice is given prior to the end of the current term. Downsell requests affecting the subscription amount and/or a reduction in services must be communicated by the Client to Oodrive in writing at least two (2) months prior to the Contract anniversary date and will take effect only after the Contract anniversary date.

Article 4. Service

The Service developed by Oodrive allows for the use of an online file storage and sharing system. The Client can thus save their files to a storage space provided on Oodrive’s servers, and proceed, whenever they wish, to retrieve or share them with third parties of their choice, meaning allowing third parties to access them from their workstation.

The Service requires that the Client has a computer compatible with the Service and an electronic communications network. It is the Client’s responsibility to ensure the compatibility of their infrastructure with the Service.

The data processed by the Client is stored through the Service on the Server, located in French territory (Metropolitan France). Considering the confidential nature of the stored data, Oodrive guarantees exclusive access to the aforementioned data to the Client and ensures compliance with all the provisions of the Contract by its potential Subcontractors.

The Client is solely responsible for the quality, integrity, completeness, and relevance of the data and files until they are saved in the storage space provided on Oodrive’s servers under the Contract, it being understood that Oodrive does not have access to the recorded data and files.

The Technical Compatibility Guide for the software is available upon request.

Article 5. Support

The provision of the Service may be accompanied by Support Services.

Support Services must be ordered before their execution. The man/days ordered as part of the Support Services must be consumed within twelve (12) months following their order.

When Support Services are performed in whole or in part at the Client’s premises, Oodrive undertakes to ensure that its staff complies with the Client’s internal regulations as well as all standards, regulations, and procedures in force at the Client’s premises related to the Services rendered, particularly regarding security, health, hygiene, or environment standards.

Article 6. Security

Oodrive undertakes to take all necessary measures, in accordance with the state of the art and technology, to protect the security of the Client’s files and data which are regularly backed up via the Service.

This obligation of security is understood as a reinforced obligation of means for Oodrive.

Oodrive undertakes to notify the Client without undue delay of any security breach that may affect the performance of the Contract.

Article 7. Connection

Access to the Service is authorized only upon use of the username and password provided by Oodrive, which the Client agrees to keep confidential. The Client sets user credentials. Passwords are not provided by Oodrive; as such, Oodrive does not have access to passwords set by users.

Each user is asked to generate their own initial password, which must be strong, and has the option to change it at any time.

This password management by the end user applies only to access to the solution achieved through integration with the Client’s corporate directory (via LDAP or SAML).

Any connection to the Service using the Client’s login credentials is deemed to have been made by the Client.

In the event of unlawful use, hacking, or counterfeiting of the Service by the Client, Oodrive reserves the right to suspend access to the Service after prior notification to the Client, except in cases of emergency, it being understood that such suspension shall not give rise to any compensation for the Client and is without prejudice to the amounts due under the Contract.

Article 8. Intellectual property rights

The Client acknowledges Oodrive’s intellectual property rights in all documentation provided by Oodrive, in the Oodrive brand, and more generally in the Service.

For the entire duration of the Contract and worldwide, Oodrive grants the Client a remote, personal, non-exclusive, and non-transferable right to use the Service for the purpose of storing the Cl’s data under the terms set forth in the Contract.

Ownership of the Client’s Data and Files

All data and files stored by the Client in the storage space made available to them on Oodrive’s servers for the purposes of performing the Contract remain the full property of the Client.

The Client assumes full responsibility and indemnifies Oodrive against any claims by third parties regarding the data and files stored by the Client in the storage space made available to them on Oodrive’s servers for the purposes of performing the Contract, and thereby releases Oodrive from any obligation to verify such matters.

Ownership of the Service

The Service, including in particular the technologies, algorithms, computer codes, know-how, trade secrets, and models, is and remains the exclusive property of Oodrive. This license does not entail any transfer of ownership rights to the Service.

Oodrive warrants that it is the owner of the property rights to the Service and its documentation.

Export Restrictions

In any event, the Service may not be used in countries subject to sanctions or restrictive measures by France, the European Union, or the United States.

Article 9. Oodrive’s obligations

Oodrive provides telephone assistance by simple call from the Client to the telephone number provided by Oodrive from Monday to Friday from 9:00 am to 6:00 pm (Paris time) excluding French public holidays. The purpose of this hotline is to analyze any problems the Client may encounter in using the Services and to assist in resolving them.

Telephone assistance is available only to Authorized Interlocutors.

  • Silver (included in the subscription price)
  • Gold (paid option, provides access to after-hours support with dedicated SLAs)
  • Platinum (paid option, provides access to after-hours support with dedicated SLAs and support personnel)

Service levels are described in the Service Level Agreement (SLA), available on request.

Article 10. Client’s obligations

It is the Client’s responsibility to analyse the functional and technical characteristics of the Service and the Server beforehand, to check that they meet the Client’s own requirements, and then to set up the IT resources needed to access the Service and the Server, and to control access to the hardware by third parties.

The Client is responsible for all persons accessing the Service.

The Client must use the Service in compliance with all applicable laws and regulations. Consequently, the Client is strictly forbidden to use the Service to store, in any form whatsoever, files whose content is in breach of applicable laws and regulations.

The Client undertakes to comply with Oodrive’s internal regulations and code of ethics when accessing Oodrive’s premises, particularly in the context of audits, meetings or steering committees.

Article 11. Financial conditions

Amounts due are payable in advance. The first invoice will be issued upon the last Party’s signature of the Contract. 

If the Client pays by direct debit, payment of the amounts due will be made by debit, each month, from the Client’s bank account. The amounts due are payable upon presentation of direct debit notices filed with the paying institution designated by the Client.

In the event of failure to pay by direct debit, the Client must pay the amounts due annually by bank transfer or money order.

In the event of a request to include a Purchase Order reference on invoices, the Client agrees to provide said Purchase Order, in accordance with the quote issued by the Service Provider, prior to the next billing date. This administrative procedure does not in any way replace the commitment period specified in the Contract. If the Purchase Order is not received within thirty (30) days, the Service Provider reserves the right to invoice the subscription without a reference on the invoice and in accordance with the contractual terms.

Furthermore, in accordance with Article L.441-10 of the French Commercial Code, any amount due under the Contract that is not paid by its exact due date shall automatically accrue interest, without any formalities, at a rate of three (3) times the statutory interest rate and for the number of days of delay.

In the event of non-payment of an installment, for any reason whatsoever, the amount due shall automatically be increased, in accordance with Article L.441-5 of the Commercial Code, by a fixed indemnity of forty (40) euros for collection costs.

In the event of non-payment by the Client within fifteen (15) days after a formal notice sent by the Service Provider to the Client via registered mail with return receipt requested and remaining without effect, the Service will be suspended and the Contract may be terminated at the Client’s fault, with all amounts already received remaining the property of Oodrive. The Client shall then be liable to Oodrive for any unpaid monthly installments remaining due until the expiration of the irrevocable period of use of the Service defined in the Purchase Order.

Article 12. Price adjustment

The price invoiced to the Client will be reviewed annually on the anniversary date of the Contract. It is agreed between the Parties that on the anniversary date, prices will be increased according to the formula below and will automatically apply to all Services performed after the price revision date.

The price adjustment will be based on the following formula:

P1 = P0*(1+y)^n

Where:

P1 is the new annual price,

P0 is the previous annual price (excluding exceptional discounts),

y is set at 5%,

n is the number of years that have elapsed since the last price increase.

Furthermore, the Service Provider reserves the right to revise the pricing terms at any time. In such a case, the Service Provider must first notify the Client in writing. If the Client refuses, the Client may terminate the Contract by providing thirty (30) days’ notice prior to the new pricing terms taking effect .

Article 13. Liability

Each of the Parties assumes responsibility for the consequences resulting from its own faults, errors or omissions, as well as for the faults, errors or omissions of any Subcontractors causing direct damage to the other Party. 

Oodrive cannot under any circumstances be held responsible for any inadequacy between the Service or the Server and the needs, expressed or otherwise, of the Client. It is the Client’s responsibility to acquaint himself/herself, directly or through any service provider of his/her choice, with the functional and technical characteristics of the Service.

Oodrive’s potential liability in connection with the provision of the Service is limited solely to direct damage proven by the Client and resulting exclusively and directly from Oodrive’s faulty non-performance of its contractual obligations. Under no circumstances can Oodrive be held responsible for the nature and content of the data and files stored and hosted via the Service. Consequently, Oodrive has no recourse against the Client in the event of any action whatsoever brought by a third party based on the nature or content of the data and files. The Client is solely responsible for saving, storing, sharing, sending or destroying files and assumes all consequences thereof.

Furthermore, Oodrive may not under any circumstances be held liable for any indirect damage such as, in particular, the loss or alteration of files or data other than those stored on the Server, loss of profits and customers, loss of income or reputation, loss of use and/or other unforeseeable indirect damage, even if Oodrive was informed of the possibility of such damage occurring.

The Parties may never claim to limit their liability for bodily injury or any damage caused by fraud or gross negligence as defined by case law.

Apart from the cases laid down in the previous paragraph, the liability of each Party under the Contract, per year, is limited to the amount collected by Oodrive during the last twelve (12) months of the Contract, prior to the occurrence of the damage.  Under no circumstances may the Clients hold Oodrive liable more than twelve (12) months after the damage occurred.

When the Client uses the legal notifications feature (hereinafter “Legal Notifications”) by which it makes its own GTUs available to its end users by means of a checkbox, it acknowledges and accepts that Oodrive cannot be held liable in any way for the legality of the General Terms of Use (hereinafter “GTU”) drafted and made available by the Client to its own users.

Article 14. Insurance

Oodrive declares that it has taken out insurance covering its professional civil liability towards its Clients. Oodrive undertakes to provide a certificate on request.

Article 15. Data restoration

The procedure for returning data to the Client is described in the document “Data return plan” available on request from Oodrive. Oodrive offers two (2) reversibility methods:

  • Method 1: Extraction of data by the Client. This method can be carried out at any time by the Client without the intervention of Oodrive and does not entail any additional cost for the Client.
  • Method 2: Delivery of all data by Oodrive in a specific format according to the Client’s request.

Subject to any technical and/or legal constraints, method 2 or any other form of reversibility will be subject to an estimate drawn up by Oodrive.

Data reversibility may take place up to ninety (90) days from the termination of the Contract at the Client’s request; a destruction report will be signed by the Parties to formalize this return.

Article 16. Personal data

Information on the Processing of Personal Data by the Service Provider

The Client is advised that the Service Provider may process Personal Data of the Client’s employees or potential partners in connection with billing and collection management, marketing, and sales prospecting. The Personal Data processed is hosted exclusively in Metropolitan France or within the European Union and is retained for the legally required period. Data Subjects may exercise their rights of access, rectification, erasure, restriction, and objection regarding their Personal Data by sending an email to privacy@oodrive.com .

Processing of Personal Data in Connection with the Use of the Services

In connection with the use of the Services, the Service Provider will process Personal Data on behalf of the Client. In this capacity, the Client is the Data Controller and the Service Provider is the Client’s Data Processor.

The Parties declare that they will take all necessary measures to comply with their legal and regulatory obligations regarding the protection of Personal Data, in particular Law No. 78-17 of January 6, 1978 (hereinafter the “Data Protection Act”) as well as Regulation (EU) 2016/679 on data protection (hereinafter the “GDPR”).

Obligations of the Service Provider

The Service Provider undertakes to process Personal Data in accordance with the Contract, and where applicable, any documented instructions issued by the Client, without using such data for its own purposes, as well as to process it fairly and lawfully, in accordance with the principles set forth in Articles 5 and 6 of the GDPR, and to preserve its confidentiality.

Rights of Data Subjects

The Service Provider undertakes to assist the Client in responding to any request by Data Subjects to exercise their rights, and/or any request for information from supervisory authorities, government agencies, or courts authorized to make such a request.

The Service Provider’s DPO may be contacted at the following address: privacy@oodrive.com.

In particular, the Service Provider must, no later than ten (10) business days from the Client’s request, provide all information and take all necessary actions to enable the Client to comply with a request to exercise rights made by a Data Subject pursuant to Articles 12 through 23 of the GDPR.

The Service Provider agrees to promptly notify the Client of any request addressed directly to it, and more generally of any event affecting the processing of Personal Data, and to expressly inform the Client before complying with any request from a Data Subject or a government agency / jurisdiction authorized to make such a request, unless a duly justifiable legal exception prohibits such notification to the Client.

Retention Period for Personal Data

The Personal Data subject to Processing shall be processed only for the duration of the Contract, but may be deleted prior to the end of said Contract upon the Client’s written request.

Upon termination of the Contract, or where applicable when the Service Provider’s retention of the Personal Data subject to Processing is no longer legitimate, or when the duration of the Processing is coming to an end, the Service Provider undertakes to return the Personal Data to the Client, or to destroy it, in accordance with the Client’s instructions, as soon as possible and in compliance with the terms of the Contract, unless applicable law requires its retention.

Security

The Service Provider undertakes to take all necessary precautions, given the nature of the Personal Data and the risks posed by the Processing, to preserve the security of the Personal Data and, in particular, to prevent it from being distorted, damaged, or accessed by unauthorized third parties.

In this context, the Service Provider undertakes to implement all appropriate technical and organizational security and confidentiality measures, to document these measures, and to be able to provide proof of them. Cryptographic mechanisms (signature, encryption) compliant with the ANSSI RGS standard are used for the protection of personal data.

The Service Provider undertakes to ensure that only its personnel authorized to process Personal Data for the purposes of performing the Contract have access to it, strictly limited to what is necessary for the performance of their duties, and that its personnel undertake to respect the confidentiality of Personal Data.

Technical and Organizational Measures

The Service Provider undertakes to implement the organizational and technical measures necessary to ensure the security, confidentiality, and protection of personal data and information processed in connection with the services provided. In this regard, the measures include, but are not limited to:

  • Cybersecurity Insurance: The Service Provider maintains insurance covering risks related to cybersecurity and data protection.
  • Data Encryption: All data is encrypted, both in transit and at rest, to prevent unauthorized access.
  • Privacy by Design: The Service Provider incorporates privacy considerations from the very design of its services and solutions, in accordance with the principles of data protection by design and by default.
  • Regular Penetration Tests: Penetration tests (“pentests”) are conducted regularly to identify and subsequently address potential security vulnerabilities in the Provider’s systems.
  • Data Anonymization: The Service Provider applies personal data anonymization techniques to minimize the risk of identifying data subjects.
  • Video Surveillance: The Service Provider uses video surveillance systems to protect its premises and critical infrastructure, in compliance with applicable laws regarding privacy and data confidentiality.
  • Awareness: The Service Provider educates its employees on the essential principles of the GDPR from the moment they are on-boarded and regularly tests their knowledge.

These measures are regularly reviewed and adjusted in line with technological and regulatory developments to ensure an optimal level of security.

Location of Personal Data

The Service Provider undertakes not to transfer, and ensures that any Subprocessors do not transfer, Personal Data to a third country outside the EU that does not provide an adequate level of protection or has not been the subject of an adequacy decision as provided for in Article 45 of the GDPR.

Subcontracting

The Client is hereby notified that the Service Provider uses Subprocessors in connection with the provision of the Services. The list of Subprocessors is attached as an appendix to this Contract.

The Service Provider undertakes not to engage new Subprocessors without first informing the Client.

The Service Provider undertakes not to replace an existing Subprocessor without first informing the Client. In the event of the replacement of an existing Subprocessor, the Client may raise reasonable objections, which the Service Provider undertakes to review.

The Service Provider undertakes to impose by contract on any Subcontractors the same obligations regarding the protection of Personal Data as those set forth in this Contract. In particular, the Service Provider undertakes to assure the Client that its Subcontractors provide sufficient guarantees regarding the implementation of appropriate technical and organizational measures in accordance with the GDPR and the French Data Protection Act, and that the Subcontractors are prohibited from subcontracting without the prior and express consent of the Service Provider.

The Service Provider acknowledges that it is fully liable to the Client if its Subcontractors fail to fulfill their obligations regarding the protection of Personal Data.

Notifications in the Event of a Personal Data Breach

In the event of incidents or breaches involving Personal Data that affect the Processing, the Service Provider undertakes to inform the Client as soon as possible and, if possible, within forty-eight (48) business hours of becoming aware of the incident, and to take all appropriate corrective measures. In particular, the Service Provider undertakes to communicate to the Client as soon as possible all information at its disposal regarding the circumstances surrounding the security incident, including the nature and scope of the Personal Data affected, the number of Data Subjects, the likely consequences, and the technical circumstances in which the incident occurred.

Support for the Data Controller

The Service Provider undertakes to cooperate with the Client and to take any measures required by the French Data Protection Act / the GDPR, and/or reasonably requested by the Client, particularly in the event of an inspection by the CNIL.

The Service Provider undertakes to maintain a record listing the Processing operations carried out on behalf of the Client in its capacity as a Processor.

The Service Provider agrees to provide the Client with all necessary information to demonstrate compliance with the obligations set forth in all applicable laws and regulations regarding the protection of Personal Data and as provided for in this Contract. Certain confidential information, such as security procedures, will be made available only during an on-site consultation at the Service Provider’s premises.

The Service Provider shall immediately inform the Data Controller if, in its opinion, an instruction constitutes a violation of the GDPR or other provisions of applicable laws and regulations relating to the protection of Personal Data.

The Service Provider undertakes to provide all reasonable assistance to the Client in connection with any impact assessments relating to the protection of Personal Data, or in connection with proceedings conducted by a supervisory authority.

Except in specific cases, and in particular in response to a request from a supervisory authority, the Service Provider shall not disclose information regarding a Personal Data breach to the public or to any third party.

Finally, the Service Provider undertakes to cooperate with the Client in the event of an inspection by the CNIL, or any administrative or judicial authority, concerning the Processing of Personal Data carried out in connection with the use of the Services.

Appointment of a DPO

The Service Provider declares      to have appointed a Data Protection Officer (“DPO”), responsible for matters relating to the Personal Data subject to Processing. The DPO shall ensure that the Processing of Personal Data carried out under the Contract complies with the French Data Protection Act/the GDPR.

The DPO can be contacted via the email address privacy@oodrive.com.

Client’s Commitments

The Client alone and independently determines the categories of Data Subjects affected by the Processing it carries out. As such, the Client undertakes to obtain the consent of the Data Subjects if necessary, and to be able to provide proof thereof.

The Client, in its capacity as Data Controller, ensures that the information provided for in Articles 13 and 14 of the GDPR and Article 32 of the French Data Protection Act has been communicated to individuals in accordance with the required procedures.

The Client agrees not to use the Services provided under the Contract to process “sensitive” Personal Data as defined in Articles 9 and 10 of the GDPR and Article 8(1) of the French Data Protection Act.

Failing this, any processing of “sensitive” Personal Data must be reported to the Service Provider in writing in advance and shall be carried out under the Client’s sole responsibility.

Notifications

The notifications, communications, and alerts provided for in this article shall be sent by the Service Provider to the Client’s DPO if the DPO’s contact information has been provided to Oodrive or, failing that, to the billing address for the Service:

Article 17. Audit

At its request, the Client may, at its own expense, no more than one (1) time per Contract year, conduct or have conducted an audit to verify the Service’s compliance with the terms of the Contract.

This annual audit will not be billed by Oodrive for a fixed duration of one (1) day per year. Any additional days will be billed to the Client based on a quote.

The Client must notify Oodrive in writing of its intention to conduct an audit, providing thirty (30) days’ notice.

This audit may be conducted either by the Client’s internal audit department or by an independent third-party firm, not in competition with Oodrive, selected by the Client and subject to a confidentiality obligation.

Oodrive will cooperate in good faith with the auditor and provide the auditor with the information, documents, or explanations necessary to conduct the audit. Depending on the level of confidentiality of the information in question, Oodrive may transfer it, make it available on-site, or anonymize it.

At the conclusion of the audit engagement, a report will be prepared through mutual consultation. Based on this report, the Parties will decide whether it is appropriate to establish an action plan. Under no circumstances may this action plan impose contractual obligations on the Service Provider that were not provided for in this Contract prior to the audit.

Article 18. Confidentiality

Each party undertakes, throughout the term of the Contract and for a period of five (5) years following the termination of the contractual relationship, for any reason whatsoever, not to disclose to a third party, whether for free or for a fee, in any form whatsoever, without the prior written consent of the other party, any information, documents, or data made available to it by the other party or obtained in the course of the performance of the Contract, concerning in particular the activities, commercial, advertising, or financial policies, management or organizational plans, IT applications, technical resources, or traffic on the other party’s website (hereinafter the “Confidential Information”), it being noted that Oodrive does not have access to the data and files stored in the storage space made available to the Client on its servers.

However, the following are not included within the scope of such Confidential Information:

  • Items provided by one party to the other party for the purpose of public disclosure;
  • Information, documents, or data that were in the public domain or that become part of the public domain without any fault on the part of the party that received them from the other party.

Consequently, each party expressly undertakes to:

  • Take all necessary measures to prevent the direct or indirect disclosure of Confidential Information to any person other than its employees or collaborators;
  • Maintain, or ensure that its employees and collaborators maintain, the strictest confidentiality regarding all Confidential Information;
  • Use the Confidential Information only within the scope of the Contract;
  • Return all Confidential Information to the other party upon simple request, as soon as the Contract ends, for any reason whatsoever;
  • Destroy any reproduction, whether in whole or in part, identical or derivative, of the Confidential Information upon termination of the Contract for any reason whatsoever.

The Parties may disclose Confidential Information when required to do so by applicable laws and regulations. Each Party agrees to immediately notify the other Party of any request for disclosure of Confidential Information transmitted in connection with the performance of the Contract by a French or foreign administrative, governmental, or judicial authority, unless prohibited by applicable law.

In the event of subcontracting, Oodrive may disclose Confidential Information to its Subcontractor(s) to the extent strictly necessary for the performance of this Contract. Oodrive undertakes to ensure that its Subcontractors comply with the obligations set forth in this Article.

Article 19. Termination of breach

In the event of a breach by one of the Parties of the obligations under the Contract, which has not been remedied within a period of fifteen (15) days from the sending by the non-defaulting Party to the defaulting Party of a registered letter with acknowledgment of receipt notifying the breach with precision, the non-defaulting Party may assert the automatic termination of this Contract without further judicial formality, without prejudice to any damages it may claim.

At the end of the Contract or in the event of early termination of the Contract, for any reason whatsoever, the Client shall have a period of three (3) months from the effective date of termination or cessation, to preserve, by its own means and resources, all files and data stored through the Service. However, all other functionalities of the Service will be blocked as of the effective date of termination of the Contract.

After the expiry of the above deadline, Oodrive will not retain any trace of the Client’s files and data.

Article 20. Jurisdiction and applicable law

The Contract is governed by French law.

Any dispute between the Parties arising from the formation, interpretation, performance, termination, or cancellation of the Contract shall be subject to an attempt at amicable settlement. Failing that, the dispute shall be brought before the competent court in Paris, even in the event of multiple defendants or third-party claims.

Article 21. Oodrive personnel & compliance

Oodrive undertakes to comply with the provisions of article L8221-1 of the French Labour Code concerning the prohibition of concealed work.

Oodrive certifies on its honour that the services are carried out with employees who are regularly employed with regard to articles L1221-10, L3243-2 and R 3243-1 of the French Labour Code and that in the event of the employment of employees of foreign nationality, the latter will be in a regular situation, authorising them to carry out a professional activity in France.

Failing this, Oodrive irrevocably undertakes to indemnify the Client against all consequences arising from a breach of the aforementioned obligations.

The Parties recognize the importance of social and environmental responsibility (SER) in their business activities and agree to jointly undertake to promote sustainable and socially responsible business practices.

 The Parties undertake to comply with all applicable laws, regulations and standards relating to CSR, including, but not limited to, the United Nations Guiding Principles on Business and Human Rights and the United Nations Sustainable Development Goals.

Each Party undertakes to implement internal policies and procedures to ensure compliance with CSR standards.

The Parties recognize the importance of environmental protection and commit to reducing their environmental footprint as much as possible. They agree to promote environmentally sustainable practices in the course of their business activities.

The Parties recognize the importance of social responsibility toward their employees, suppliers, customers, and society at large.

Each Party undertakes to promote fair working conditions, respect human rights, combat discrimination, and contribute positively to the well-being of employees

Article 22. General provisions

Amendments

Any amendment to any of these provisions shall take effect only after being set forth in an amendment duly signed by the Parties.

Assignment

Oodrive reserves the right to assign all or part of its obligations to any third party of its choice. In such a case, Oodrive undertakes to notify the Client no later than fifteen (15) days prior to the assignment.

Commercial References

The Client authorizes Oodrive to mention the Client as a commercial reference and to reproduce the Client’s brand and logo, particularly on its commercial documents, website, and social media, for the purpose of promoting Oodrive’s business and products.

Force Majeure

In the event of force majeure, the performance of the affected obligations under this Contract shall be suspended for the duration of the force majeure event and to the extent that such performance is prevented thereby. Force majeure shall mean only an event recognized as such under French law and the case law of the French courts and tribunals, namely an event beyond the control of the affected Party, which could not reasonably have been foreseen at the time this Agreement was entered into and whose effects could not be avoided by appropriate measures.

Independence of the Parties

The Client acts in its own name and on its own behalf as an independent contractor. It has neither the power nor the authority to bind Oodrive in any way. No provision of the Contract may be interpreted as creating, between the Client and Oodrive, a principal-agent relationship, a subsidiary relationship, or an employer-employee relationship.

Invalidity

In the event that any provision of the Contract is invalid, the remaining provisions shall remain in force. The Parties shall then agree to adopt a new provision to replace the invalid provision.

No Waiver

The failure of either Party to enforce any provision of the Contract shall in no event be deemed a waiver of the rights it holds under the Contract, unless otherwise agreed in writing by the Parties.