Terms and Conditions

DIGICAL SAS — TERMS & CONDITIONS

Strategic AI Implementation Consulting Services

Effective Date: 01/01/26

1. PARTIES, SCOPE, AND DEFINITIONS

1.1 Parties

These Terms and Conditions ("Terms") govern the relationship between:

Provider: Digical, a French Simplified joint stock company, registered at 141 avenue Félix Faure, 75015 Paris, France,

SIRET [insert], represented by its legal representative ("Digical," "we," "us," "our").

Client: The business entity or individual entering into an engagement with Digical ("you," "your," "Client").

1.2 Services

Digical provides strategic AI implementation consulting services ("Services"), including but not limited to:

AI readiness diagnostics and maturity assessments
Strategic AI roadmap development and governance design
Multi-agent system architecture and implementation
Process automation design and deployment
AI model evaluation, selection, and integration
Change management and team enablement
Ongoing optimization and strategic advisory

Services are delivered through engagement tiers (Foundation, Business, Enterprise) as described on www.digical.fr and formalized in Statements of Work ("SOW") or Order Forms ("Orders").

1.3 Engagement Model

Digical operates as a strategic consulting partner, not a task-based agency or subscription service. Our approach combines:

Strategic advisory: Executive-level guidance on AI adoption, governance, and roadmap design
Hands-on implementation: Direct execution of AI systems, automation workflows, and integrations
Team enablement: Knowledge transfer, training, and internal capability building
Ongoing optimization: Continuous improvement through weekly reviews and quarterly operating plans

1.4 Precedence

In case of conflict, documents are interpreted in this order:

Signed Order Form or SOW
Data Processing Addendum (DPA)
Service Level Agreement (SLA), if applicable
These Terms & Conditions

2. ELIGIBILITY AND ACCOUNT REQUIREMENTS

2.1 Business Use Only

Services are provided exclusively for business-to-business (B2B) purposes. You represent that:

You are a legal entity or individual with full legal capacity to contract
You have authority to bind your organization to these Terms
Your use of Services is for legitimate business purposes only
You meet our minimum engagement criteria: €100K+ monthly revenue, digital-first operations, 10+ employees (unless otherwise agreed)

2.2 Account Security

You are responsible for:

Maintaining confidentiality of all account credentials
Restricting access to authorized personnel only
Implementing two-factor authentication (2FA) where available
Promptly notifying Digical of any unauthorized access or security breach
All activity occurring under your account credentials

3. ENGAGEMENT PROCESS AND PHASES

3.1 Standard Engagement Flow

Phase 1: Discovery (Week 1)

Strategic kickoff call
Stakeholder interviews
Preliminary scope alignment
Engagement tier selection

Phase 2: Diagnostic (Weeks 2-4)

AI readiness assessment
Process mapping and gap analysis
Risk identification and mitigation planning
90-day roadmap development
Go/no-go decision point

Phase 3: Deployment (Weeks 5-12)

Pilot implementations with QA gates
System integration and testing
Team training and documentation
Iterative refinement based on performance data

Phase 4: Optimization (Ongoing)

Weekly strategic reviews
KPI tracking and reporting
Continuous improvement cycles
Quarterly operating plans

3.2 Engagement Tiers

Foundation (€3,997/month):

Single-function implementation
Monthly strategic reviews
Slack collaboration channel
Standard documentation and SOPs

Business (€7,997/month):

Cross-functional rollout
Weekly strategic reviews
Priority Slack support
Advanced analytics and reporting
Quarterly operating plans

Enterprise (€14,997/month):

Multi-team architecture
Twice-weekly strategic reviews
Dedicated implementation lead
Custom governance frameworks
Executive advisory access
Compliance support (GDPR, SOC 2, HIPAA)

3.3 Minimum Engagement Terms

Diagnostic Phase: 30 days (no long-term commitment required)

Implementation Commitments:

Foundation: 90-day minimum (quarterly billing)
Business: 180-day minimum (biannual billing)
Enterprise: 12-month minimum (annual or quarterly billing)

Early Termination: If Client terminates before minimum term without cause, Client pays 50% of remaining contract value as liquidated damages (not a penalty), reflecting Digical's reasonable anticipated losses from resource reallocation, opportunity cost, and project-specific investments.

4. FEES, PAYMENT TERMS, AND INVOICING

4.1 Fee Structure

Monthly Retainer: Engagement tier fees are billed monthly in advance or per agreed billing cycle (quarterly/annual).

Project-Based Fees: Custom implementations beyond tier scope are quoted separately and billed per SOW milestones.

Implementation Fees: One-time setup/onboarding fees may apply (typically €2,000-€5,000 depending on complexity).

4.2 Currency and Taxes

All fees in EUR (€) unless otherwise stated
Prices exclude VAT and other applicable taxes
Client is responsible for all taxes, duties, and levies (excluding Digical's income taxes)
Reverse charge mechanism applies for EU B2B clients outside France (provide valid VAT number)

4.3 Payment Terms

Standard Terms: Net 15 days from invoice date

Accepted Methods:

Bank transfer (SEPA/SWIFT)
Credit card (via Stripe)
Payment platforms as mutually agreed

Late Payment: Overdue amounts accrue interest at the statutory French rate (3× legal interest rate per Article L.441-6 of the French Commercial Code, currently ~12-15% annually) plus €40 administrative recovery fee per Article D.441-5. Persistent non-payment may result in service suspension or termination.

4.4 Price Adjustments

Tier Pricing: Published tier rates may be updated annually with 60 days' notice. Active engagements continue at contracted rates through current term.

Project Pricing: Fixed-price SOWs are not subject to adjustment unless scope changes trigger a formal Change Request (see §5.4).

Currency Fluctuations: For non-EUR invoices, material exchange rate changes (>10% vs. contract date) may trigger renegotiation.

5. SCOPE, DELIVERABLES, AND CHANGE MANAGEMENT

5.1 Scope Definition

The scope of Services is defined in:

The applicable engagement tier description (www.digical.fr)
The signed SOW or Order Form
The 90-day roadmap agreed during Diagnostic phase

Out-of-Scope Work: Any deliverables, integrations, or activities not explicitly listed in the SOW require a separate written agreement and may incur additional fees.

5.2 Deliverables

Standard Deliverables (all tiers):

AI readiness diagnostic report
90-day implementation roadmap
Process documentation and SOPs (≥90% coverage of implemented workflows)
Weekly/monthly strategic review summaries
Access to implemented systems and integrations

Tier-Specific Deliverables:

Business/Enterprise: Quarterly operating plans, KPI dashboards, governance documentation
Enterprise: Compliance audit trails, executive briefings, custom training materials

Delivery Timeline: Per SOW milestones or within agreed implementation phases. Material delays beyond Digical's reasonable control (force majeure, Client non-cooperation) extend timelines proportionally.

5.3 Acceptance and Revisions

Acceptance Period: Client has 10 business days from deliverable submission to provide written acceptance or request revisions.

Revision Rounds: Each deliverable includes up to 2 rounds of revisions within scope. Additional revisions may be billed at Digical's then-current hourly rate (€150-€250/hour depending on resource seniority).

Deemed Acceptance: If Client does not respond within 10 business days, deliverable is deemed accepted.

5.4 Change Requests

Process:

Client submits written change request via Slack or email
Digical evaluates impact on scope, timeline, and cost
Digical provides written quote and revised timeline within 5 business days
Change Order executed upon mutual written agreement
Work proceeds only after signed Change Order and, if applicable, payment of change fees

Material Changes: Substantive scope expansions (>20% of original SOW value or timeline) require formal Change Order with updated fees and milestones.

Minor Adjustments: Small refinements within existing deliverable scope are accommodated without Change Orders (good-faith collaboration).

6. CLIENT OBLIGATIONS AND COOPERATION

6.1 Access and Resources

Client will provide Digical with timely:

Information Access:

Business process documentation
Technical architecture details
Data schemas and API documentation
Compliance requirements and constraints
Stakeholder availability for interviews/reviews

System Access:

Admin or least-privilege access to relevant systems (CRMs, automation platforms, cloud infrastructure, analytics tools)
API keys, OAuth credentials, or service accounts as needed
Two-factor authentication (2FA) enabled on all shared accounts

Personnel Availability:

Designated project sponsor for strategic decisions (weekly availability minimum)
Subject matter experts (SMEs) for process mapping and validation
Technical resources for integration support

6.2 Cooperation Timeline

Response Standard: Client will respond to Digical requests for information, decisions, or access within 5 business days of written request.

Delays: If Client fails to provide required inputs within 10 business days of a written request, Digical may:

Pause the engagement (timeline extended accordingly, no fee adjustment)
Escalate to Client's executive sponsor
Terminate for cause per §10.3 if persistent non-cooperation

6.3 Decision Authority

Client will:

Designate a single authorized representative with decision-making authority on strategic matters
Provide timely approvals on roadmap milestones, architecture decisions, and go-live checkpoints
Avoid contradictory directives from multiple stakeholders (Digical works with designated lead)

Indecision Clause: If Client fails to make required strategic decisions within 15 business days of Digical's written request, and such delay materially impedes project progress, Digical may:

Make reasonable recommendations and proceed based on best practices (with documented rationale)
Pause engagement until decision is made
Terminate for legitimate cause per §10.4 if project becomes unfeasible

6.4 Obstruction and Material Breach

Client actions that constitute material breach include:

Frequent pivot requests that negate completed work (>3 substantive direction changes without Change Orders)
Refusal to provide required access or information after written notice
Assigning inadequate or unqualified personnel despite Digical's documented concerns
Overriding Digical's security/compliance recommendations without written assumption of risk

Remedy: Digical will issue written warning specifying breach and 10-day cure period. If unresolved, Digical may terminate for cause per §10.3.

7. SYSTEM ACCESS, CREDENTIALS, AND SECURITY PROTOCOLS

7.1 Access Purpose and Scope

Digical requires access to Client systems solely to:

Implement, configure, and optimize AI/automation workflows
Integrate systems and APIs
Monitor performance and troubleshoot issues
Train Client personnel on deployed solutions

Access is limited to least-privilege principle (minimum permissions necessary for Services).

7.2 Credential Management

Client Obligations:

Provide credentials via secure methods (password managers, encrypted channels)
Use service accounts or role-based access (not personal accounts) where possible
Revoke access to systems no longer in scope
Maintain audit logs of Digical access activities

Digical Obligations:

Store credentials securely (encrypted vaults, no plaintext storage)
Never share credentials with unauthorized third parties (except approved subprocessors, see §8.2)
Log all administrative actions performed using Client credentials
Remove/rotate credentials immediately upon termination or Client request

7.3 Security Standards

Digical maintains:

Zero-trust architecture: No hardcoded secrets, encrypted connections (TLS 1.2+)
Access controls: Multi-factor authentication (MFA) on Digical accounts, role-based permissions
Secrets management: HashiCorp Vault or equivalent for credential storage
Vulnerability management: Regular security patches, dependency scanning
Incident response: Documented breach notification procedures (see §7.5)

7.4 Data Handling

Processing Location: All processing occurs within Client's infrastructure or approved cloud regions (EU/EEA unless otherwise agreed).

Data Minimization: Digical accesses only data necessary for Services. No unnecessary data extraction or long-term storage.

No External Storage: Digical does not store Client production data on Digical-controlled systems except:

Temporary caching for development/testing (deleted within 30 days)
Anonymized analytics for performance monitoring (no PII)
As required for specific Services (e.g., data pipeline implementation) with explicit Client approval

7.5 Security Incidents

Notification: Digical will notify Client within 72 hours of discovering a security incident affecting Client data or systems.

Response: Digical will reasonably cooperate with Client's incident response procedures and provide available forensic data.

Liability: See §17 for liability allocation. Digical's security measures are reasonable but not a guarantee against all threats.

7.6 Termination of Access

Upon engagement termination or written Client request, Digical will:

Remove access to all Client systems within 5 business days
Delete Client credentials from Digical systems
Provide written confirmation of access removal
Transfer any residual access (e.g., API keys in deployed systems) to Client control

8. INTELLECTUAL PROPERTY AND OWNERSHIP

8.1 Deliverables Ownership

Work-for-Hire Transfer: Upon full payment of all fees, Client receives:

Exclusive ownership of all custom deliverables created specifically for Client under the engagement, including:
- Custom AI agent configurations and prompts
- Automation workflows and integrations
- Data models and schemas
- Client-specific documentation and SOPs
- Governance frameworks and policies
Where legally permissible under French law, such deliverables are deemed "works made for hire" owned by Client from creation.
Where work-for-hire doctrine does not apply, Digical hereby assigns to Client all economic rights (exploitation rights under French IP law), including reproduction, adaptation, distribution, and public communication rights, worldwide, in perpetuity, for all uses related to Client's business.

Moral Rights: Digical waives enforcement of moral rights (droit moral) to the extent permitted under French law (Article L121-1 CPI), except for right of attribution if work is published externally.

8.2 Pre-Existing IP and Tools

Digical Retains:

All rights in pre-existing frameworks, methodologies, templates, and tools ("Digical Tools")
Knowledge, techniques, and best practices developed prior to or outside the engagement
Generalized improvements to Digical Tools derived from engagement (no Client-specific data)

License to Client: Client receives a non-exclusive, worldwide, royalty-free, perpetual license to use Digical Tools as embedded in deliverables for Client's internal business purposes. No right to:

Resell, sublicense, or distribute Digical Tools to third parties
Reverse-engineer or extract Digical Tools for separate use
Use Digical Tools to provide services to Client's own customers (no white-label rights)

8.3 Open-Source and Third-Party Components

Deliverables may incorporate open-source software or third-party libraries governed by separate licenses (MIT, Apache 2.0, GPL, etc.). Such components remain subject to their original licenses. Digical will:

Document all third-party dependencies in deliverable documentation
Use only permissive licenses (MIT, Apache, BSD) for production deployments unless Client approves copyleft licenses (GPL)
Not indemnify for third-party component licensing issues (see §18.2 for IP indemnity scope)

8.4 Client Materials

Client Retains: All rights in materials, data, content, and IP provided by Client ("Client Materials").

License to Digical: Client grants Digical a limited, non-exclusive, worldwide license to use Client Materials solely to perform the Services during the engagement term. License terminates upon engagement end (except for archival/legal compliance purposes).

8.5 Portfolio and Marketing Rights

Default Portfolio License: Digical may publicly reference Client as a client and use non-confidential deliverables(screenshots, anonymized case studies, high-level descriptions) for marketing, portfolio, and promotional purposes.

Opt-Out: Client may opt out by providing written notice to hello@digical.fr. Opt-out applies prospectively; existing portfolio materials may remain published unless Client requests removal.

Confidential Projects: Engagements marked "confidential" in the SOW exclude portfolio rights. Digical may reference Client name only with prior written approval.

8.6 Residual Knowledge

Digical may retain and use residual knowledge gained from the engagement (general concepts, techniques, non-confidential insights) for its own business purposes, provided no Client Confidential Information (§19) is disclosed.

9. ACCEPTABLE USE AND COMPLIANCE

9.1 Prohibited Uses

Client will not use Services or Digical-provided access to:

Legal Violations:

Violate any applicable law, regulation, or third-party right (IP, privacy, consumer protection)
Facilitate illegal activities (fraud, money laundering, CSAM, terrorism)
Violate export control or sanctions laws (OFAC, EU sanctions)

Harmful Activities:

Distribute malware, ransomware, or malicious code
Conduct unauthorized penetration testing or security attacks
Scrape, harvest, or mine data without authorization
Circumvent security measures or access controls
Reverse-engineer platform APIs or services beyond permitted scope

Platform Abuse:

Violate terms of service of integrated third-party platforms (Google, Slack, OpenAI, etc.)
Engage in spam, phishing, or unsolicited commercial communications
Create fake accounts or misleading content
Use Digical systems to compete with Digical's services

9.2 Compliance Obligations

Client Responsibilities:

Ensure all data provided to Digical complies with applicable privacy laws (GDPR, CCPA)
Obtain necessary consents for data processing and AI model training
Comply with industry-specific regulations (HIPAA, PCI-DSS, FCA) if applicable
Provide accurate compliance requirements documentation during Diagnostic phase

Digical Responsibilities:

Design systems aligned with stated compliance requirements
Implement reasonable security measures per industry standards
Provide documentation supporting Client's compliance audits
Execute Data Processing Addendum (DPA) for GDPR/UK GDPR compliance (see §13)

9.3 AI-Specific Compliance

Model Outputs: Client acknowledges that AI models may produce:

Inaccurate, incomplete, or hallucinated outputs
Potentially biased results reflecting training data patterns
Content requiring human review before reliance

Human-in-the-Loop: Digical implements human oversight checkpoints for high-stakes AI decisions (governance gates, approval workflows). Client must not bypass such controls without documented assumption of risk.

Regulatory Compliance: Client is responsible for ensuring AI use complies with emerging regulations (EU AI Act, local AI laws). Digical will provide reasonable cooperation for compliance assessments.

10. TERM, SUSPENSION, AND TERMINATION

10.1 Engagement Term

Initial Term: As specified in the SOW or Order Form (typically 90 days for Foundation, 180 days for Business, 12 months for Enterprise).

Renewal:

Month-to-month engagements: Auto-renew unless either party provides 30 days' written notice of non-renewal
Term engagements: Require explicit written renewal agreement (no auto-renewal)

10.2 Cancellation by Client

During Diagnostic Phase (first 30 days): Client may terminate without penalty. Fees paid for Diagnostic are non-refundable but no further fees owed.

After Minimum Commitment: Client may provide written notice of non-renewal at least 30 days before current term end. Engagement concludes at term end; no early termination without cause.

Early Termination Without Cause: If Client terminates before minimum term without Digical breach, Client pays 50% of remaining contract value as liquidated damages (reasonable pre-estimate of Digical's losses, not a penalty).

10.3 Termination for Cause (Material Breach)

Either party may terminate immediately upon written notice if the other party:

Client Breach:

Fails to pay undisputed fees within 30 days of due date
Violates Acceptable Use Policy (§9.1) after warning
Fails to provide required cooperation per §6 after 10-day cure notice
Commits material breach of confidentiality (§19) or security obligations (§7)

Digical Breach:

Abandons the engagement (no substantive work for 30+ days without justification)
Commits material breach of confidentiality (§19)
Materially fails to meet SOW milestones without reasonable justification and refuses to cure

Cure Period: Breaching party has 10 business days from written notice to cure breach. If cured, termination is withdrawn. If not cured, non-breaching party may terminate immediately.

10.4 Termination for Legitimate Cause (Unfeasibility)

Digical may terminate if:

Project becomes technically unfeasible due to Client's system limitations or data quality issues that were not disclosed during Diagnostic and cannot reasonably be remediated
Client's persistent indecision or contradictory directives (§6.3) make project completion impossible despite good-faith attempts to resolve
Material changes in Client's business (acquisition, pivot, insolvency) render SOW objectives moot
Safety/legal risks emerge that make continuation inadvisable (regulatory prohibition, IP infringement claims)

Procedure: Digical provides 20 business days' written notice specifying unfeasibility reasons and opportunity to resolve. If unresolved, termination proceeds.

Effect: Client pays fees for work completed to date (pro-rated). No early termination penalty. Deliverables completed to date transfer per §8.1.

10.5 Suspension of Services

Digical may temporarily suspend Services (without terminating) if:

Fees are overdue >15 days (resume upon payment)
Client's system access is revoked or credentials expire (resume upon restoration)
Security incident requires temporary shutdown (resume when safe)
Force majeure event prevents performance (resume when practicable)

Notice: Digical provides 48 hours' notice where practicable, except for security/legal emergencies (immediate suspension permitted).

10.6 Effect of Termination

Upon termination for any reason:

Fees:

All unpaid fees through termination date become immediately due
For termination for cause by Digical: Client pays 100% of remaining contract value
For termination for cause by Client: Digical refunds any prepaid fees for unperformed work (pro-rated)
For termination for legitimate cause: Pro-rated settlement per §10.4

Access:

Digical's access to Client systems ceases within 5 business days
Client's access to Digical collaboration tools (Slack, project management) ceases within 90 days (grace period for retrieval)

Deliverables:

Completed deliverables transfer ownership per §8.1 (if fees paid)
In-progress deliverables: Digical provides work product in current state (as-is, no completion obligation)
Digical Tools and pre-existing IP revert per §8.2 (license terminates if fees unpaid)

Data:

Digical deletes Client data from Digical systems within 30 days (except legal/archival retention)
Client must retrieve materials from collaboration channels before 90-day expiration (§12)

Survival:

§8 (IP), §11 (Refunds), §13 (Privacy), §17 (Liability), §18 (Indemnities), §19 (Confidentiality), §22 (Disputes) survive termination

11. REFUND POLICY

11.1 General Rule: No Refunds

Services and fees are non-refundable except as expressly stated in these Terms. This reflects the consulting nature of Services (knowledge work, strategic advice, custom implementations).

Rationale: Digical commits resources, foregoes other opportunities, and delivers ongoing value throughout engagement. Refunds would unjustly enrich Client for value already received.

11.2 Diagnostic Phase Exception

30-Day Diagnostic: If Client terminates during the first 30 days (Diagnostic phase), Diagnostic fees are non-refundable but no further fees are owed. This allows risk-free initial assessment.

11.3 Discretionary Refunds

Digical may, in its sole discretion, grant partial refunds or credits if:

Deliverable is materially defective and Digical cannot cure within reasonable time
Digical fails to meet explicit SOW milestones due to Digical's fault (not Client delay or force majeure)
Extraordinary circumstances warrant goodwill gesture

Conditions:

Refund request must be submitted in writing within 30 days of issue
Digical determines refund amount and may deduct administrative fees (typically 10-20% of refunded amount)
If refund granted, ownership rights in affected deliverables do not transfer to Client; Client must cease use and delete/destroy such deliverables
Refund does not waive other Client obligations (confidentiality, IP, indemnities)

11.4 Chargebacks Prohibited

Client agrees to resolve all payment disputes through Digical's dispute resolution process (§22) and not initiate chargebacks without first providing Digical 30 days' written notice and opportunity to cure. Unjustified chargebacks constitute material breach and Client remains liable for:

Original fees owed
Chargeback fees and processing costs
Reasonable legal fees incurred to contest chargeback

12. COLLABORATION CHANNELS AND DATA RETENTION

12.1 Communication Tools

Digical provides Client with access to collaboration tools for project coordination:

Standard Tool: Slack workspace channel (one channel per active engagement)

Alternatives: Microsoft Teams, email, project management tools as mutually agreed

Purpose: File exchange, asynchronous communication, milestone tracking, knowledge sharing

12.2 Channel Lifecycle

During Engagement: Channel remains active for duration of engagement.

Post-Engagement Grace Period (90 days): After engagement completion or termination, channel remains read-only accessible for 90 days to allow:

Client to export/download project files, documentation, and conversation history
Final questions/handoff discussions
Administrative closeout

Archival Period (up to 12 months): After 90-day grace period, channel may be archived (inactive but retained) for Digical's legal/compliance purposes for up to 12 additional months.

Deletion: After archival period (minimum 15 months total post-engagement), channel and contents may be permanently deleted.

12.3 Client Export Obligations

Client is solely responsible for exporting/downloading:

Project documentation and deliverables
Conversation history and decisions
Shared files and media

Digical provides reasonable export assistance during 90-day grace period but is not liable for:

Client's failure to export materials before deletion
Data loss after grace period expiration
Cost or effort to recreate deleted materials

Export Tools: Slack/Teams native export features, manual download, or Digical-provided export scripts (best-effort basis).

12.4 Voluntary Exit Trigger

If Client initiates termination (cancellation, non-renewal, termination for convenience), 90-day grace period begins immediately upon termination effective date.

13. PRIVACY, DATA PROTECTION, AND GDPR COMPLIANCE

13.1 Data Controller vs. Processor Roles

Dual Roles:

Business Contact Data: Each party is an independent data controller for business contact information (names, emails, phone numbers of representatives) used for account management, invoicing, and communications.
Client Personal Data in Services: Where Digical processes personal data on Client's behalf and documented instructions to perform the Services (e.g., implementing CRM automations, processing customer data), Digical acts as a data processor and Client is the data controller.

13.2 Data Processing Addendum (DPA)

For processing where Digical is a processor, the parties will execute a Data Processing Addendum (DPA)incorporating:

EU GDPR Article 28 standard terms (processor obligations, security, subprocessing, data subject rights, breach notification)
UK GDPR Addendum (if processing UK personal data)
Standard Contractual Clauses (SCCs) or UK International Data Transfer Addendum (IDTA) (if data transfers outside EEA/UK)

DPA Execution: DPA is provided upon engagement signature or Client request. If not yet signed, the DPA Placeholder Terms in Annex A apply.

13.3 Data Transfers and Localization

Default Processing Locations:

EU/EEA: Digical processes within EU/EEA where possible (France, Germany, Ireland)
Approved Third Countries: US (under EU-US Data Privacy Framework for compliant vendors), UK, Switzerland

Subprocessors: Digical may use approved subprocessors (cloud providers, AI/ML services) listed at https://www.digical.fr/subprocessors. Client consents to such subprocessors subject to:

30 days' notice of new subprocessor additions
Client right to object on reasonable data protection grounds
Equivalent data protection obligations imposed on subprocessors

Data Residency Requests: If Client requires specific data residency (e.g., "EU-only processing"), this must be specified in SOW and may incur additional costs.

13.4 Security Measures (GDPR Article 32)

Digical implements appropriate technical and organizational measures, including:

Technical Safeguards:

Encryption in transit (TLS 1.2+) and at rest where supported
Access controls and authentication (MFA, RBAC)
Regular vulnerability scanning and patching
Secure development practices (code review, dependency scanning)

Organizational Safeguards:

Staff confidentiality agreements and data protection training
Incident response and breach notification procedures
Vendor risk assessments for subprocessors
Data minimization and retention policies

Limitations: Security measures are reasonable for risk level but not absolute guarantees. Client is responsible for its own system security and access governance.

13.5 Data Subject Rights Support

If Client receives data subject access requests (DSARs) or other GDPR rights requests related to personal data processed by Digical, Digical will:

Reasonably cooperate to facilitate Client's response (e.g., provide data extracts, delete personal data)
Respond to such requests within 30 days of Client's written instruction (or faster if legally required)
Charge reasonable fees for extensive or repeated requests exceeding Digical's DPA obligations

Direct Requests: If Digical receives DSAR directly from data subject, Digical will promptly redirect to Client (as data controller) unless legally prohibited.

13.6 Breach Notification

If Digical discovers a personal data breach affecting Client data, Digical will:

Notify Client within 72 hours of discovery (email to designated contact + Slack if urgent)
Provide available details: nature of breach, affected data categories, approximate number of data subjects, likely consequences, mitigation measures taken
Cooperate reasonably with Client's breach investigation and regulatory notification obligations

Client's Obligations: Client (as data controller) is responsible for:

Notifying supervisory authorities (DPA) within 72 hours if required
Notifying affected data subjects if required
Client's own breach response and remediation

13.7 Data Retention and Deletion

Retention During Engagement: Digical retains Client data only as long as necessary to perform Services.

Post-Engagement Deletion:

Client production data: Deleted within 30 days of termination (except as needed for legal/compliance, see below)
Collaboration channel data: Per §12 lifecycle (90-day grace + up to 12-month archive)
Invoices, contracts, SOWs: Retained per French legal requirements (10 years for accounting records)

Legal/Compliance Exceptions: Digical may retain data longer where required by:

French accounting/tax law (10 years)
Legal hold or litigation obligations
Regulatory investigation or audit (duration of proceeding)

Deletion Verification: Upon Client request, Digical will provide written confirmation of data deletion (excludes legally retained data).

13.8 Privacy Policy

For details on Digical's privacy practices as data controller (business contacts, website visitors, marketing), see: https://www.digical.fr/privacy

14. INFORMATION SECURITY STANDARDS

(Incorporating §7 access protocols + additional enterprise security commitments)

14.1 Security Framework

Digical maintains an information security management system (ISMS) aligned with:

ISO 27001 principles (logical/physical access controls, encryption, vulnerability management)
SOC 2 Type II readiness (for Enterprise clients requiring audit reports)
OWASP Top 10 mitigation for web application security
CIS Controls for infrastructure hardening

14.2 Security Measures Summary

Control AreaMeasures Implemented

Access ControlMulti-factor authentication (MFA), role-based access control (RBAC), least-privilege principle, annual access reviews

EncryptionTLS 1.3 for data in transit, AES-256 for data at rest (where supported), encrypted backups

Secrets ManagementHashiCorp Vault or AWS Secrets Manager, no hardcoded credentials, credential rotation policies

Vulnerability ManagementQuarterly vulnerability scans, automated dependency scanning (Snyk/Dependabot), patch management SLA (critical: 7 days, high: 30 days)

Incident Response24/7 monitoring, documented incident response plan, breach notification per §13.6

Business ContinuityDaily backups, disaster recovery plan (RTO: 24 hours, RPO: 4 hours), annual DR testing

Vendor RiskSecurity assessments of subprocessors, contractual data protection obligations, ongoing monitoring

14.3 Client Responsibilities

Client is responsible for:

Own system security: Firewalls, endpoint protection, network segmentation
Access governance: Timely revocation of terminated employee access, MFA enforcement
Secure configuration: Hardening of systems/services provided to Digical for integration
Incident reporting: Promptly notify Digical of security incidents affecting shared systems

Shared Responsibility Model: Security is a shared responsibility. Digical secures its operations; Client secures its infrastructure.

14.4 Security Audits and Certifications

Enterprise Clients: May request evidence of security controls, including:

SOC 2 Type II report (if available; Digical provides attestation of readiness if audit not yet completed)
Completed security questionnaires (e.g., CAIQ, SIG)
Penetration test summary reports (redacted for confidentiality)

Frequency: Security documentation provided annually or upon reasonable request (max 2 requests per year to avoid undue burden).

15. SERVICE AVAILABILITY, CHANGES, AND MAINTENANCE

15.1 Service Availability

No Uptime SLA (Unless Specified): Services are provided on a best-efforts basis. Digical does not guarantee uninterrupted availability unless a Service Level Agreement (SLA) is executed separately.

Typical Availability: Digical targets >99% uptime for critical production systems but is not liable for downtime except as specified in SLA.

15.2 Planned Maintenance

Digical may perform scheduled maintenance on systems/tools with:

7 days' advance notice for major upgrades (>4 hour expected downtime)
24 hours' notice for minor maintenance (<1 hour expected downtime)
No notice for emergency security patches (performed immediately)

Maintenance Windows: Typically conducted outside EU business hours (weekends, evenings CET/CEST) where possible.

15.3 Service Modifications

Feature Changes: Digical may modify, enhance, or deprecate features of Digical Tools and platforms with 30 days' notice to active clients.

Impact Mitigation: Digical will provide migration paths or alternatives for deprecated features affecting Client's deployed systems.

Client-Specific Systems: Custom implementations built for Client are not subject to unilateral changes without Client approval (except security patches or bug fixes).

15.4 Third-Party Platform Changes

Services rely on third-party platforms (OpenAI, Google, Slack, AWS, etc.). Changes to third-party APIs, pricing, or terms may necessitate adjustments to Services.

Digical will:

Monitor third-party platform changes
Notify Client of material impacts within 10 business days of discovery
Propose alternative solutions if third-party platform becomes unavailable or economically unviable

Client Obligations:

Accept reasonable alternatives proposed by Digical
Pay for additional costs if third-party pricing increases materially (>20%) subject to renegotiation

16. WARRANTIES AND DISCLAIMERS

16.1 Digical's Limited Warranties

Digical warrants that:

Authority: Digical has the legal authority to enter this agreement and provide Services.
Professional Standards: Services will be performed in a professional and workmanlike manner consistent with industry standards for AI implementation consulting.
Compliance: Deliverables will not knowingly violate applicable laws or third-party IP rights (subject to indemnity in §18).
Malware-Free: Deliverables will not knowingly contain malware, backdoors, or malicious code at time of delivery.

Remedy for Breach: If Digical breaches these warranties, Digical's sole obligation is to re-perform defective Services or refund fees paid for defective deliverables (Digical's choice). Client must notify Digical of breach within 30 days of discovery.

16.2 Disclaimers (To Maximum Extent Permitted by Law)

AS-IS BASIS: Except for warranties in §16.1, Services and deliverables are provided "AS IS" without any warranty of any kind.

DISCLAIMED WARRANTIES (express or implied):

Merchantability: Fitness for a particular purpose
Non-Infringement: (except as covered by indemnity in §18)
Title: (except for IP transfer in §8.1)
Accuracy, Completeness, or Reliability: Of AI outputs, data analysis, or recommendations
Uninterrupted or Error-Free Operation: Of systems or integrations
Specific Results or Outcomes: (revenue increases, cost savings, performance improvements)

AI/ML Specific Disclaimers:

No Guarantee of Accuracy: AI models may produce inaccurate, incomplete, or hallucinated outputs. Human review is required before relying on AI decisions.
No Guarantee of Performance: Model accuracy, precision, recall, and other metrics may vary based on data quality, use case, and external factors.
No Guarantee of Compliance: While Digical designs for stated compliance requirements, Client is responsible for ensuring AI use complies with all applicable regulations (EU AI Act, industry-specific rules).

Creative/Strategic Outcomes: Digical does not warrant that strategic recommendations, creative designs, or business process optimizations will achieve specific financial outcomes or competitive advantages.

16.3 Allocation of Risk

These disclaimers reflect the inherent uncertainties in AI/ML consulting and the shared responsibility model. Client assumes risk of:

Business decisions based on AI outputs or Digical recommendations
Regulatory compliance for AI use in Client's specific industry/jurisdiction
Integration with Client's legacy systems or third-party platforms
Data quality issues affecting AI model performance

17. LIABILITY LIMITATIONS AND DAMAGES CAP

17.1 Aggregate Liability Cap

TO THE MAXIMUM EXTENT PERMITTED BY LAW, each party's total aggregate liability arising out of or related to these Terms or the Services, whether in contract, tort (including negligence), or otherwise, is limited to the total fees paid by Client to Digical in the 12 months preceding the first claim.

Examples:

If Client paid €96,000 in past 12 months and claims €200,000 in damages → Digical's liability capped at €96,000
If multiple claims arise → Cap applies to the aggregate total of all claims, not per claim

17.2 Exceptions to Cap (Unlimited Liability)

The liability cap does NOT apply to:

Death or Personal Injury: Caused by either party's negligence
Fraud or Willful Misconduct: Intentional wrongdoing or fraudulent misrepresentation
Gross Negligence: Reckless disregard for duties (to extent not excludable under French law)
IP Indemnity Obligations: Under §18.2 (Digical's IP indemnification)
Data Breaches Due to Digical Gross Negligence: Breaches caused by Digical's intentional or reckless violation of security obligations (§7, §14)
Statutory Liabilities: That cannot be excluded under mandatory French law (e.g., Article 1231-3 French Civil Code)

17.3 Excluded Damages (No Liability)

NEITHER PARTY IS LIABLE FOR:

Indirect or Consequential Damages: Including lost profits, lost revenue, lost business opportunities, lost data, loss of goodwill, reputational harm, or cost of substitute services
Special or Punitive Damages: Exemplary or punitive damages of any kind

EVEN IF:

The party has been advised of the possibility of such damages
The limited remedies fail of their essential purpose

Examples of Excluded Damages:

Client deploys AI system; system error causes €1M revenue loss → Digical not liable for lost revenue (indirect damage)
Deliverable delay causes Client to miss market opportunity worth €500K → Digical not liable for opportunity cost (consequential damage)
Data breach harms Client's reputation → Digical not liable for reputational harm (excluded unless gross negligence)

17.4 Mitigation Obligation

Both parties must:

Mitigate damages: Take reasonable steps to minimize losses
Provide notice: Notify other party of potential claims within 60 days of discovery
Cooperate: Reasonably cooperate to investigate and resolve disputes

Failure to mitigate may reduce recoverable damages.

17.5 Allocation of Risk Rationale

These limitations reflect:

The consulting nature of Services (knowledge work, not guaranteed outcomes)
The shared responsibility for AI implementation success (Digical provides expertise; Client controls business context, data, and decisions)
The fee structure (monthly retainers vs. risk-adjusted pricing for unlimited liability)
Market standards for professional services liability

Client acknowledges that without these limitations, Digical would need to charge substantially higher fees or require liability insurance that would make Services economically unviable.

18. INDEMNIFICATION OBLIGATIONS

18.1 Client Indemnification of Digical

Client will indemnify, defend, and hold harmless Digical, its officers, directors, employees, contractors, and agents ("Digical Indemnitees") from and against any third-party claims, demands, actions, losses, damages, liabilities, costs, and expenses (including reasonable attorneys' fees) arising from or related to:

a) Client Materials: Any claim that Client Materials (data, content, trademarks, IP provided by Client) infringe, misappropriate, or violate third-party intellectual property rights or privacy rights.

b) Client's Use of Services: Any claim arising from Client's use of Services or deliverables in violation of:

Applicable law (GDPR, consumer protection, securities, export controls)
Third-party platform terms of service
These Terms (including Acceptable Use Policy §9)

c) Client's Business Operations: Claims arising from Client's products, services, or business operations that are independent of Digical's deliverables (e.g., product liability, consumer fraud, employment disputes).

d) Client's Instructions: Claims arising from Digical's compliance with Client's specific written instructions or requirements, where such instructions cause legal violations or harm (except where Digical should have reasonably known instructions were unlawful).

e) Unauthorized Modifications: Claims arising from Client's modifications to deliverables after delivery, if such modifications cause the infringement or harm.

f) Client Breach: Material breach of Client's obligations under §6 (Cooperation), §7 (Security), §9 (Acceptable Use), or §19 (Confidentiality).

Exclusions: Client has no indemnity obligation where claim arises solely from Digical's gross negligence, willful misconduct, or breach (such claims fall under §18.2).

18.2 Digical Indemnification of Client

Digical will indemnify, defend, and hold harmless Client, its officers, directors, employees, and agents ("Client Indemnitees") from and against third-party claims alleging that Digical-created deliverables (as provided to Client, unmodified) infringe or misappropriate third-party intellectual property rights (copyrights, patents, trade secrets, trademarks).

Conditions:

Claim must relate to deliverables created by Digical under the engagement (not Client Materials, open-source components, or third-party tools)
Client must provide prompt written notice of claim (within 30 days of receipt)
Digical has sole control of defense and settlement (Client cooperates reasonably)
Client has not modified deliverables in ways that cause the alleged infringement

Exclusions (Digical has NO indemnity obligation if infringement arises from):

Client Materials or Instructions: Use of Client-provided content, data, or specifications
Combination: Deliverables combined with non-Digical materials in ways not contemplated by SOW
Modification: Client's modifications to deliverables after delivery
Continued Use After Notice: Client's continued use after Digical notifies Client to cease use
Third-Party Components: Open-source software or third-party libraries governed by separate licenses (§8.3)
Non-Compliance with Usage Restrictions: Client's use beyond licensed scope (§8.2)

18.3 Remedies for IP Infringement

If deliverable is subject to infringement claim or Digical reasonably believes it may be, Digical may, at its option:

Obtain License: Procure right for Client to continue using deliverable
Replace: Provide functionally equivalent non-infringing alternative
Modify: Modify deliverable to make it non-infringing while preserving substantial functionality
Refund and Terminate: Refund fees paid for infringing deliverable (pro-rated for time used) and terminate license to such deliverable

Client's Obligations Upon Termination: Client must immediately cease using infringing deliverable and delete/destroy all copies.

Sole Remedy: This §18.2 indemnity and remedies constitute Client's sole and exclusive remedy for third-party IP infringement claims related to deliverables.

18.4 Indemnification Procedure

Party seeking indemnification ("Indemnitee") must:

Promptly notify indemnifying party ("Indemnitor") of claim in writing (within 30 days of receipt)
Provide reasonable cooperation: Documents, information, testimony as requested
Grant control: Allow Indemnitor sole control of defense and settlement (subject to below)

Indemnitor must:

Acknowledge or reject indemnity obligation within 15 days of notice
Assume defense: Retain counsel and conduct defense at Indemnitor's expense
Keep Indemnitee informed: Provide regular updates on defense progress

Settlement Restrictions:

Indemnitor may not settle claims that require Indemnitee to admit fault, pay money, or accept non-monetary obligations without Indemnitee's prior written consent (not to be unreasonably withheld)

Indemnitee's Rights:

If Indemnitor fails to assume defense within 30 days or conducts defense inadequately, Indemnitee may assume defense and recover costs from Indemnitor
Indemnitee may participate in defense with own counsel at Indemnitee's expense (not Indemnitor's)

Failure to Notify: Late notice does not void indemnity unless Indemnitor is materially prejudiced by delay.

19. CONFIDENTIALITY OBLIGATIONS

19.1 Definition of Confidential Information

"Confidential Information" means all non-public information disclosed by one party ("Discloser") to the other party ("Recipient"), whether orally, in writing, or electronically, that:

a) Is marked as "Confidential," "Proprietary," or similar designation, or

b) Would reasonably be understood to be confidential given its nature and circumstances of disclosure, including:

Business strategies, roadmaps, financial data, pricing, customer lists
Technical information: source code, algorithms, architectures, API credentials, data schemas
Deliverables and work product (prior to public release)
Terms of the engagement (SOW, pricing, scope) except as needed for legal/financial reporting

Mutual Confidentiality: Both parties owe confidentiality obligations under these Terms.

19.2 Exclusions from Confidential Information

Information is NOT Confidential if Recipient can demonstrate it:

Was publicly known at time of disclosure (through no breach by Recipient)
Becomes publicly known after disclosure through no breach by Recipient
Was already known to Recipient prior to disclosure (documented evidence)
Is independently developed by Recipient without use of or reference to Discloser's Confidential Information (documented evidence)
Is rightfully received from a third party without confidentiality obligations and without breach of such third party's obligations
Is approved for release by Discloser in writing

19.3 Obligations of Recipient

Recipient must:

Maintain confidentiality: Protect Confidential Information using at least the same degree of care as Recipient uses for its own confidential information, but no less than reasonable care.
Limit access: Disclose Confidential Information only to employees, contractors, and advisors ("Representatives") who:
- Have a legitimate need to know to perform Services or exercise rights under these Terms
- Are bound by written confidentiality obligations at least as protective as these Terms
Limit use: Use Confidential Information solely to:
- Digical: Perform Services under the engagement
- Client: Receive and use Services and deliverables
Protect from disclosure: Take reasonable measures to prevent unauthorized disclosure (encryption, access controls, physical security).

19.4 Permitted Disclosures

Recipient may disclose Confidential Information if:

a) Legal Compulsion: Required by law, regulation, court order, or government authority, provided Recipient:

Provides prompt written notice to Discloser (unless legally prohibited)
Discloses only the minimum information required
Cooperates reasonably with Discloser's efforts to obtain protective order or confidential treatment

Examples: Subpoena, tax audit, regulatory investigation, securities disclosure requirements

b) Professional Advisors: Disclosure to attorneys, accountants, auditors, insurers, or investors under written confidentiality obligations (standard professional duties or NDA).

c) Subprocessors (Digical only): Digical may disclose Client Confidential Information to approved subprocessors (§13.3) under equivalent confidentiality obligations.

19.5 Term of Confidentiality

Duration: 5 years from the date of disclosure for all Confidential Information, except:

Trade Secrets: Obligations continue as long as information qualifies as a trade secret under applicable law (potentially perpetual).

Post-Termination: Confidentiality obligations survive engagement termination per §10.6.

19.6 Return or Destruction

Upon engagement termination or Discloser's written request, Recipient must:

Return or destroy all Confidential Information in tangible form (documents, media, devices)
Delete all electronic copies from systems (including backups, archives, cloud storage)
Certify compliance in writing within 30 days of request

Exceptions (Recipient may retain):

Archival copies required for legal compliance, audit, or backup purposes (subject to continued confidentiality)
Residual knowledge in Representatives' unaided memories (subject to §8.6 residual knowledge rights and no deliberate memorization)

No Return of Client Data: Client Confidential Information processed by Digical in providing Services (e.g., client lists, customer data) is handled per §13.7 (data retention) and DPA, not this return obligation.

19.7 No Rights Granted

Disclosure of Confidential Information does not grant Recipient:

Any license or ownership rights in Confidential Information
Any obligation to enter business relationship or continue engagement
Any representation or warranty regarding accuracy, completeness, or legality of Confidential Information

As-Is: Confidential Information is provided "as is" without warranty.

19.8 Equitable Relief

Both parties acknowledge that breach of confidentiality may cause irreparable harm not adequately compensable by monetary damages. Therefore:

Discloser is entitled to seek injunctive or equitable relief to prevent or remedy breach, without posting bond
Such relief is in addition to (not in lieu of) any other remedies available at law or in equity

20. FORCE MAJEURE

20.1 Definition

"Force Majeure Event" means an event or circumstance beyond a party's reasonable control that prevents or materially delays performance of obligations under these Terms, including:

Natural Disasters: Earthquake, flood, fire, hurricane, pandemic, epidemic

Government Actions: War, terrorism, civil unrest, strikes, embargoes, government shutdown, changes in law or regulation that make performance illegal or impracticable

Infrastructure Failures: Widespread internet outages, power grid failures, telecom disruptions (not localized ISP issues)

Third-Party Platform Failures: Material outages of critical third-party services (AWS, Google Cloud, OpenAI API) lasting >48 hours, provided such failures are not caused by the party claiming force majeure

Exclusions (NOT Force Majeure):

Financial inability to perform (insolvency, cash flow problems, economic downturn affecting party's business)
Failure of party's own systems due to inadequate maintenance or capacity planning
Labor disputes involving party's own employees (unless industry-wide strike)
Failure of party's subcontractors/suppliers (unless those subcontractors are experiencing force majeure)
Pandemic/epidemic if occurring >6 months prior (party had time to adapt)

20.2 Effect on Obligations

Suspension, Not Termination: Force Majeure Event suspends affected obligations for the duration of the event, but does not excuse obligations entirely or terminate the engagement.

Affected Party Must:

Notify other party promptly (within 5 business days of Force Majeure Event onset) in writing with:
- Description of event
- Expected impact on performance
- Estimated duration
- Mitigation efforts undertaken
Mitigate impact: Use commercially reasonable efforts to:
- Resume performance as soon as practicable
- Minimize delay or disruption
- Implement workarounds or alternative solutions
Provide updates: If Force Majeure Event continues >30 days, provide weekly status updates

Non-Affected Party May:

Suspend its own corresponding obligations (e.g., Client may suspend payment if Digical cannot perform due to Force Majeure)
Terminate engagement if Force Majeure Event continues >90 days and materially prevents performance (see §20.3)

20.3 Termination for Prolonged Force Majeure

If Force Majeure Event prevents material performance for >90 consecutive days, either party may terminate the engagement upon 30 days' written notice.

Effect:

Engagement terminates without liability for non-performance due to Force Majeure
Client pays for work completed to date (pro-rated)
No early termination penalties apply
Termination provisions in §10.6 apply

20.4 Allocation of Costs

Each party bears its own costs arising from Force Majeure Event (no reimbursement or fee reduction unless agreed).

Fee Adjustments: If Force Majeure Event prevents Digical performance for >30 days in a given month, Client may request pro-rated fee adjustment for that month (e.g., 50% fee if Digical was unable to perform for 15 days). Reasonable request not to be unreasonably denied.

21. NOTICES AND COMMUNICATIONS

21.1 Notice Requirements

All formal notices under these Terms (termination, breach, force majeure, indemnity) must be:

In writing (email acceptable, no verbal notices), and

Sent to:

For Client:

Email and physical address specified in Order Form or SOW
If none specified: Email to primary contact provided during onboarding

For Digical:

Email: hello@digical.fr
Physical: Digical SAS, 141 avenue Félix Faure, 75015 Paris, France

21.2 Method of Delivery

Notices may be sent via:

Email (to addresses above)
Registered mail (lettre recommandée avec accusé de réception) for France-based parties
Courier (DHL, FedEx) with tracking for international delivery
Electronic signature platform (DocuSign, HelloSign) for contractual documents

Email Sufficiency: Email is legally sufficient for all notices unless party specifically requires registered mail in the Order Form.

21.3 Effective Date of Notice

Notice is deemed received:

Email: On the business day sent if sent before 5:00 PM CET/CEST recipient's time zone, otherwise next business day
Registered mail: On the date of delivery confirmation (accusé de réception)
Courier: On the date of delivery per tracking confirmation

Business Day: Monday-Friday, excluding French national holidays (for Digical) or Client's country holidays (for Client).

21.4 Routine Communications

Day-to-day operational communications (project updates, file sharing, questions) may use:

Slack/Teams channels
Project management tools
Email to working contacts

Such communications are not formal notices and do not trigger contractual deadlines (e.g., breach cure periods, termination).

21.5 Change of Contact Information

Either party may update contact information by providing 15 days' advance written notice to the other party. Updated contacts apply to future notices only.

22. GOVERNING LAW AND DISPUTE RESOLUTION

22.1 Governing Law

These Terms and any disputes arising out of or related to them are governed by the laws of France, without regard to conflicts of law principles.

Exclusion of CISG: The United Nations Convention on Contracts for the International Sale of Goods (CISG) does not apply.

Consumer Protection: These Terms govern business-to-business (B2B) services only. Consumer protection laws (Code de la consommation) do not apply. Client represents it is purchasing Services for business purposes.

22.2 Exclusive Jurisdiction

The courts of Paris, France have exclusive jurisdiction over any disputes arising out of or related to these Terms, the Services, or the engagement.

Waiver of Objections: Both parties waive any objections to venue or jurisdiction in Paris courts, including inconvenient forum (forum non conveniens).

Exceptions: Either party may seek:

Injunctive relief in any court of competent jurisdiction to prevent breach of confidentiality (§19) or IP infringement (§8)
Enforcement of judgment in any jurisdiction where the other party has assets

22.3 Pre-Litigation Dispute Resolution

Before filing litigation, parties agree to attempt good-faith resolution through:

Step 1 - Informal Negotiation (30 days):

Party raising dispute sends written Dispute Notice specifying issue, proposed resolution, and legal basis
Parties' designated representatives (executives or legal counsel) meet (in person or video) within 15 days to discuss resolution
If resolved, parties execute written settlement agreement

Step 2 - Mediation (Optional, 60 days):

If negotiation fails, either party may propose mediation by neutral third-party mediator
Mediator selected by mutual agreement or, if parties cannot agree within 10 days, appointed by Centre de Médiation et d'Arbitrage de Paris (CMAP)
Each party bears its own costs; mediator fees split 50/50
Mediation must conclude within 60 days of mediator appointment
Non-binding: Settlement reached only if both parties agree in writing

Step 3 - Litigation:

If mediation fails or either party declines mediation, parties may proceed to litigation in Paris courts per §22.2

Exception - No Delay Required For:

Injunctive relief to prevent immediate irreparable harm
Claims where limitation period (statute of limitations) expires within 90 days

22.4 Limitation Period

All claims arising out of or related to these Terms must be brought within 2 years from the date the claim accrues (when party knew or should have known of the facts giving rise to the claim).

Rationale: This is shorter than France's general 5-year limitation period (Article 2224 Civil Code) but reasonable for B2B commercial disputes.

22.5 Language

Litigation Language: Proceedings in Paris courts will be conducted in French unless court permits otherwise.

Contract Language: These Terms are drafted in English. If translated, the English version controls in case of conflict.

22.6 Costs and Attorneys' Fees

General Rule: Each party bears its own legal costs and attorneys' fees, except:

Prevailing Party Recovery: In disputes arising from:

Material breach of payment obligations (§4): Prevailing party recovers reasonable attorneys' fees and costs
IP indemnity claims (§18): Indemnitor pays defense costs per indemnity procedure
Enforcement of confidentiality (§19): Prevailing party recovers reasonable attorneys' fees and costs

French Law Compliance: Fee awards subject to French court discretion per Article 700 Code de procédure civile.

23. MISCELLANEOUS PROVISIONS

23.1 Assignment and Transfer

Client may not assign these Terms or any rights/obligations without Digical's prior written consent (not to be unreasonably withheld).

Digical may assign without consent:

To an affiliate (entity controlling, controlled by, or under common control with Digical)
In connection with a merger, acquisition, reorganization, or sale of Digical's business or assets, provided assignee assumes Digical's obligations

Notice Required: Digical must provide 30 days' written notice of assignment (except for affiliate assignments).

Effect of Prohibited Assignment: Any assignment in violation of this §23.1 is void.

23.2 Subcontracting

Digical may use subcontractors to perform Services, provided:

Subcontractors are bound by confidentiality and IP obligations at least as protective as these Terms
Digical remains fully liable for subcontractor performance as if performed by Digical
Subcontractors are disclosed to Client upon request (see also §13.3 for data processing subprocessors)

Client Approval Not Required: Except for data processing subprocessors (covered by DPA), Digical does not need Client approval for subcontractors.

23.3 No Agency or Partnership

Independent contractors: Parties are independent contractors. These Terms do not create:

Agency, partnership, joint venture, or employer-employee relationship
Authority for either party to bind the other or incur obligations on the other's behalf

No Holding Out: Neither party may represent itself as agent or partner of the other.

23.4 Severability

Invalid provisions severed: If any provision of these Terms is held invalid, illegal, or unenforceable by a court of competent jurisdiction:

That provision is severed and replaced with a valid provision that most closely approximates the intent and economic effect
Remaining provisions remain in full force and effect

Examples:

If liability cap is deemed unenforceable in certain jurisdiction → cap applies to maximum extent permitted by law in that jurisdiction
If exclusive jurisdiction clause is invalid → parties submit to jurisdiction of alternative competent court

23.5 Waiver

No implied waiver: Failure or delay by either party to exercise any right or remedy does not constitute a waiver of that right or any other right.

Written waiver required: Waivers are effective only if in writing and signed by the party granting the waiver.

No waiver of future rights: Waiver of a breach does not waive subsequent breaches of the same or different provisions.

23.6 Entire Agreement

These Terms, together with:

Signed Order Forms and SOWs
Data Processing Addendum (DPA)
Service Level Agreement (SLA), if applicable

constitute the entire agreement between the parties regarding the Services and supersede all prior or contemporaneous agreements, understandings, and communications (oral or written) regarding the subject matter.

No Reliance: Each party acknowledges it has not relied on any representation, warranty, or statement not expressly set forth in these documents.

Amendments: These Terms may be amended only by written agreement signed by authorized representatives of both parties, except as provided in §23.7 (unilateral updates).

23.7 Updates to These Terms

Digical may update these Terms for future engagements (new Orders signed after update) by:

Posting updated Terms at https://www.digical.fr/terms
Providing 30 days' advance notice via email to active clients

Effect on Active Engagements:

No retroactive changes: Updates apply only to new Orders executed after effective date
Active engagements continue under Terms in effect when Order was signed unless:
- Change is required for legal compliance (GDPR update, regulatory requirement)
- Change is for security (addressing vulnerability, fraud prevention)
- Change is bug fix or clarification that does not materially alter rights/obligations
- Both parties mutually agree in writing to apply update to active engagement

Client's Right to Object: If Digical proposes material update to active engagement, Client may:

Accept update (continue engagement under new Terms)
Reject update (continue under original Terms through current term; renewal subject to new Terms)
Terminate engagement per §10 (no early termination penalty if update is material and adverse to Client)

23.8 Survival

The following provisions survive engagement termination or expiration:

§8 (Intellectual Property) - ownership, licenses
§11 (Refunds) - payment obligations
§13 (Privacy/GDPR) - data processing obligations
§17 (Liability) - liability limitations
§18 (Indemnities) - indemnification obligations
§19 (Confidentiality) - confidentiality obligations
§22 (Disputes) - governing law, jurisdiction, dispute resolution
§23 (Miscellaneous) - general provisions

Effect: These provisions remain enforceable after termination as needed to effectuate their purpose.

23.9 Force and Effect

These Terms are legally binding upon execution of an Order Form or SOW referencing them. Execution may be:

Written signature (ink or electronic via DocuSign, HelloSign)
Email acceptance (Client's email agreeing to Terms and Order)
Conduct (Client's payment of first invoice or use of Services after Terms provided)

Order of Acceptance: Client may not modify Terms by proposing alternative terms in purchase order or other document. Digical's acceptance of payment does not constitute acceptance of Client's alternative terms.

23.10 Counterparts and Electronic Signatures

Orders and amendments may be executed in counterparts (each party signs separate copy), all of which together constitute one agreement.

Electronic signatures (DocuSign, HelloSign, Adobe Sign) are legally valid and have same effect as handwritten signatures per EU Regulation 910/2014 (eIDAS) and French law.

23.11 Interpretation

Headings: Section headings are for convenience only and do not affect interpretation.

Includes/Including: Means "includes without limitation" and "including without limitation" (not exhaustive).

May/Must: "May" indicates discretion; "must" or "will" indicates obligation.

Business Days: Monday-Friday excluding French national holidays unless otherwise specified.

Currency: All monetary amounts in EUR (€) unless otherwise stated.

Good Faith: Both parties agree to perform obligations in good faith and deal fairly with each other per French law's duty of good faith (Article 1104 Civil Code).

24. CONTACT INFORMATION

Digical

Registered Office:

141 avenue Félix Faure
75015 Paris, France

SIRET: [Insert SIRET Number]
VAT: FR [Insert VAT Number]

General Inquiries:
Email: hello@digical.fr
Website: https://www.digical.fr

Legal Notices:
Email: hello@digical.fr
(See §21 for notice requirements)

ANNEX A: DATA PROCESSING ADDENDUM (DPA) PLACEHOLDER TERMS

(Full DPA to be executed separately. These placeholder terms apply until formal DPA signed.)

A.1 Processor Obligations

Where Digical processes personal data on Client's behalf, Digical will:

Process data only on Client's documented instructions (SOW, Order, or written request)
Ensure personnel are bound by confidentiality
Implement appropriate technical and organizational security measures (§14)
Engage subprocessors only with Client's general authorization and contractual safeguards
Assist Client in responding to data subject rights requests (§13.5)
Notify Client of personal data breaches within 72 hours (§13.6)
Delete or return data upon engagement termination (§13.7)
Provide information necessary to demonstrate GDPR compliance and allow audits

A.2 Data Transfers

Transfers of personal data outside the EEA/UK are subject to:

EU Standard Contractual Clauses (SCCs) (Commission Implementing Decision 2021/914)
UK International Data Transfer Addendum (IDTA) or UK SCCs for UK personal data
Supplementary measures as needed to ensure adequate protection per Schrems II

A.3 Execution of Full DPA

Parties will execute Digical's standard Data Processing Addendum incorporating GDPR Article 28 terms within 30 days of engagement start. Until execution, these placeholder terms apply.

ACKNOWLEDGMENT OF TERMS

By executing an Order Form, Statement of Work, or using the Services, Client acknowledges that:

Client has read and understood these Terms and Conditions in their entirety
Client agrees to be bound by all provisions herein
Client has had opportunity to seek legal counsel regarding these Terms
Client represents it has authority to bind its organization to these Terms
These Terms constitute a legally binding contract enforceable under French law

Questions or concerns about these Terms?
Contact us at hello@digical.fr before executing an Order.

END OF TERMS & CONDITIONS

Document Version: 2.0
Effective Date: 01/01/2026
Last Updated: 01/01/2026
Supersedes: Version 1.0 (dated 06/06/2024)