General terms and conditions
Welcome to the Jungle Solutions

MASTER SUBSCRIPTION AGREEMENT

1. OBJECT OF THE AGREEMENT

1.1. Purpose. Welcome to the Jungle is an all-in-one recruitment platform that enables companies to inter alia (i) showcase their employer brand, (ii) publish job openings, (iii) source candidates, and (iv) manage applications through an integrated Applicant Tracking System (ATS) (together the “Services”). This Master Subscription Agreement (“MSA”) sets out each Party’s rights and obligations in connection with the provision and use of the Services.

1.2. Parties. This MSA is entered into by and between (i) the relevant Welcome to the Jungle contracting entity (the "WTTJ Entity"), and (ii) the Customer, each as identified in the applicable Order Form. The WTTJ Entity and the Customer are each a "Party" and together the "Parties".

For the purposes of this MSA, any reference to “Welcome to the Jungle” or “WTTJ” shall mean the relevant WTTJ Entity.

1.3. Authority. The individual executing an Order Form represents and warrants that they have full authority to bind the Customer.

1.4. Contractual Documents. The Parties’ agreement comprises: (i) one or more Order Forms, (ii) this MSA (including Schedules), and (iii) any Service Specific Terms incorporated by reference (together, the “Agreement”).

1.5. Order of precedence. In the event of any conflict or inconsistency between the contractual documents, they shall prevail in the following order (highest to lowest) : (i) the applicable Order Form(s), (ii) the relevant Schedules and/or Service Specific Terms (where relevant), and (iii) this MSA.

1.6. Changes to this MSA. WTTJ may update this MSA from time to time. When WTTJ makes a material change to this MSA, WTTJ will notify the Customer of such change. The Customer may object to the material changes by providing written notice to WTTJ within thirty (30) days from the date of such notification. In case the Customer validly objects, the modified version of the MSA shall not apply to the Parties’ contractual relationship, and the Parties shall discuss in good faith the consequences of such objection and the appropriate next steps.

2. DEFINITIONS

2.1. Active Recruitment:  means an ongoing recruitment process for an open position on the platform. Each Active Recruitment occupies one (1) recruitment slot and grants access to the full range of recruitment functionalities, including job publication, sourcing, applicant tracking, and candidate management. A recruitment slot is freed and may be reused immediately when the corresponding position is closed or deactivated by the Customer.

2.2. Agreement: has the meaning ascribed to it above.

2.3. Aggregated Data: means Customer data that is: (i) anonymized by removing any personal or other information so the data is in no way attributable to a specific customer or any individual; (ii) combined with other data; and (iii) presented in a way that does not reveal the Customer’s or any individual’s identity.

2.4 Artificial Intelligence (AI): means, for the purposes of this Agreement, any machine based  system, tool or functionality made available by WTTJ as part of the Services that use algorithms or models (including machine learning techniques) to process data or other inputs and automatically generate outputs such as candidate recommendations, ranking or matching suggestions, extracted or structured information (including from resumes/CVs), summaries or drafted content (including Job Posting text).

2.5. Authorised User: designates employees, agents and independent contractors of the Customer who are authorized by the latter to access and use the Services in accordance with this Agreement.

2.6. Company Profile Page: refers to the page on the Website that presents, in particular, the Customer’s company profile, the Job postings and the Customer Content.

2.7. Confidential Information: means any non-public information disclosed by or on behalf of a Party (the “Disclosing Party”) to the other Party (the “Receiving Party”), in any form, that is (i) marked or identified as confidential, or (ii) should reasonably be understood to be confidential given the nature of the information and the circumstances of disclosure. Confidential Information includes, without limitation, business, financial, technical and product information, the Terms of this Agreement, and any non-public security measures or technical details relating to the Services. Confidential Information does not include information that the Receiving Party can demonstrate: (a) is or becomes publicly available through no breach of the Agreement; (b) was lawfully known by the Receiving Party without restriction before disclosure; (c) is lawfully received from a third party without restriction; or (d) is independently developed without use of the Disclosing Party’s Confidential Information.

2.8. Customer Content: means any data or materials the Customer, the Authorized Users or WTTJ on the Customer’s behalf, enter or upload to the Services.

2.9. Data Protection Regulation: means (i) Regulation (EU) 2016/679 (GDPR) and French law No. 78‑17 of 6 January 1978 as amended (including any implementing or successor legislation); (ii) where applicable, the UK General Data Protection Regulation (UK GDPR) and the UK Data Protection Act 2018.

2.10. Effective Date: means the date of signature of the Order Form  means the date on which the Agreement comes into effect, as specified in the Order Form.

2.11. Fees: means all applicable fees described in the Order Form(s).

2.12. Independent Controller: means a Party that determines the purposes and means of Processing Personal Data independently from the other Party, and not on behalf of the other Party, as such terms are defined under the applicable Data Protection Laws.

2.13. Intellectual Property Rights: means current and future worldwide rights under patent, copyright, trade secret, trademark, moral rights, and other similar rights.

2.14. Job Posting: means any publication of a job offer, regardless of its nature, by the Customer in order to fill a vacant position, appearing on the Company Profile Page.

2.15. Order Form: means the written document (including any quote or subscription document) executed by the Parties that incorporates or references this Agreement and sets out the Services purchased, the Term, any usage limits, and the Fees.

2.16. Personal Data: refers to any information relating to an identified or identifiable natural person.

2.17. Processor (or “Data Processor”): means an entity that Processes Personal Data on behalf of another entity acting as Controller, as such terms are defined under the applicable Data Protection Laws.

2.18. Services: refers to all services provided by WTTJ to the Customer, identified in the applicable Order Form(s), under this Agreement.

2.19. Service Specific Terms: means terms and conditions applicable to the Customer’s use of the Specific Services (hereinafter “SST”) set out in the Order Form.

2.20. Term: means, collectively, the initial Period and each Renewal Period.

2.21. Website: means WTTJ’s website(s) through which the Services are made available, including any local domains used by WTTJ, accessible at https://www.welcometothejungle.com/en.

 

3. SUBSCRIPTION AND USE OF THE SERVICES

3.1. Subscription. This MSA governs the subscription to the Services in accordance with an Order Form setting out the Services subscribed to in detail. Each Order Form shall specify the applicable Subscription Plan, the scope of the Services, the Term, usage limits, and the applicable Fees. The Customer may not downgrade its subscription plan (or reduce the scope of the Services or any usage limits) during the applicable Term.

3.2. License grant. Subject to the Customer’s payment of the Fees and compliance with this Agreement, WTTJ grants the Customer a limited, non-exclusive, non-transferable, non-sublicensable right during the Term to access and use the Services for the Customer’s internal business purposes.

3.3. Restrictions. The Customer shall not, and shall not permit any third party to, (i) reverse engineer, decompile, or attempt to derive source code from the Services (except to the extent permitted by applicable mandatory law); (ii) copy, modify, translate, or create derivative works of the Services except as expressly permitted; (iii) use the Services to store or transmit malicious code; (iv) interfere with or disrupt the integrity or performance of the Services; (v) access the Services to build or benchmark a competing product; (vi) use the Services in violation of applicable law.

3.4. Suspension. WTTJ may suspend (in whole or in part) the Customer’s access to the Services where (i) required by law, (ii) WTTJ reasonably believes that the Customer’s use poses a security risk, could adversely impact the Services or other customers, or violates applicable law, or (iii) the Customer fails to pay any undisputed Fees after the due date, following written notice where reasonably practicable. WTTJ will restore access promptly once the reason for suspension is resolved.

3.5. Service updates. Customer acknowledges that WTTJ may update, modify or discontinue certain features of the Services from time to time to correct errors, enhance functionality, improve performance, or address security or legal requirements, provided that such changes do not materially and adversely alter the core functionality of the Services subscribed under the applicable Order Form. Any updates or modifications made in accordance with this Section shall be considered part of the “Services”.

3.6. Third-Party Services and Third-Party Materials. The Services may incorporate, depend on, or make available components provided by third parties, including third-party software, tools, libraries, and other products or Services (including open-source software) that may be subject to separate third-party terms (“Third-Party Services”). WTTJ does not control and shall not be responsible for the content, features, performance, availability, security, or functionality of any Third-Party Services, nor for any changes made by third parties to such Third-Party Services. Customer’s use of Third-Party Services may be subject to the applicable third-party terms, and Customer shall comply with such terms where required.
 

4. CUSTOMER’S OBLIGATIONS

4.1. Account security. The Customer is responsible for maintaining the confidentiality of login credentials and for all activities carried out using its accounts. The Customer will promptly notify WTTJ of any known or suspected unauthorized access.

4.2. Customer responsibilities. The customer is solely responsible for (i) Customer Content and its accuracy, legality and appropriateness; (ii) ensuring that Job Postings and recruitment practices comply with applicable laws (including employment and anti-discrimination laws); and (iii) obtaining all rights, notices, consents, and authorizations required to provide Customer Content and allow WTTJ to Process it to provide the Services.

4.3. Usage limits and fair use.  Where the Order Form or SST sets usage limits, including Active Recruitment limits, the Customer shall strictly comply with such limits. WTTJ may apply technical controls to enforce such limits and protect the Services.

If the Customer exceeds the agreed limits, WTTJ will, at its sole discretion, either (i) invoice additional fees as specified in the Order Form or as otherwise made available to the Customer by WTTJ , or (ii) automatically upgrade the Customer's subscription plan to the next appropriate tier to accommodate the Customer's actual usage. Any such upgrade shall take effect immediately and the pricing applicable to the upgraded subscription plan shall be the pricing in effect at the time of the upgrade.

5. WTTJ OBLIGATIONS

5.1. Provision of Services. WTTJ will provide the Services in accordance with the Agreement and applicable law.

5.2. Authority and non-infringement warranty. WTTJ represents and warrants it has sufficient right, title and interest in the Services to provide them, and that its execution and performance of this Agreement does not violate any obligation to a third party.

5.3. Support. Where support is included, WTTJ will provide support as described in the Order Form and/or the applicable SST. Support may be delivered through standard channels and subject to reasonable usage.

6. TERM, RENEWAL, TERMINATION

6.1. Term. Unless otherwise agreed in the Order Form, the Agreement starts on the Effective Date and continues for the Initial Term specified in the Order Form.

6.2. Automatic Renewal. After the Initial Term, this Agreement renews automatically for successive periods of one (1) year (each a "Renewal Term"), unless either Party gives written notice of non-renewal at least one (1) month before the end of the Initial Term or the then-current Renewal Term.
The Agreement will renew at the subscription plan level in effect at the time of renewal, including any plan upgrade applied under Section 4.3, and at the then-current pricing for such plan.  

6.3. Termination for material breach. Either Party may terminate the Agreement if the other Party materially breaches the Agreement and fails to cure such breach within thirty (30) days after written notice. If the breach cannot reasonably be cured, termination may be effective immediately upon notice.

6.4. Termination for Reputational Harm. In addition to any other termination rights under the Agreement, WTTJ may terminate the applicable Order Form and/or the Agreement with immediate effect by written notice if the Customer, or any of its representatives, causes, directly or indirectly, material harm to WTTJ’s reputation, brand, image, values, or legitimate business interests (the “Reputational Harm”).

6.5. Examples. Reputational Harm may include, without limitation: (i) public statements, publications or conduct attributable to the Customer that are reasonably likely to negatively affect WTTJ’s image or values; (ii) unlawful, discriminatory, hateful, or abusive content or practices associated with the Customer’s use of the Services; (iii) misuse of the Services or Website that WTTJ reasonably considers capable of causing reputational damage; or (iv) any breach of the Acceptable Use Policy. 

6.6. Effect of termination. Upon termination or expiration of this Agreement, WTTJ shall cease providing the Services. If this Agreement is terminated due to the Customer’s material breach, all Fees accrued and unpaid as of the effective termination date shall become immediately due and payable. If this Agreement is terminated due to WTTJ’s material breach, WTTJ shall refund Fees on a pro-rata basis for the unused portion of the Term, as of the effective termination date.

6.7. Data export. Upon written request and subject to the Customer being up-to-date with payments, WTTJ will provide a commercially reasonable export of Customer Content in accordance with WTTJ’s standard process.

6.8. Deletion. Following the end of the Term and the expiration of any post-termination data export period set out in the SST and/or DPA, WTTJ may delete Customer Content in accordance with its retention policies, the DPA, and applicable law.

7. FEES

7.1. Fees and invoicing. The Customer shall pay (i) the Fees set out in the Order Form, and (ii) any additional fees incurred due to exceeding usage limits as provided in Section 4.3, in the currency specified in the Order Form.

Unless otherwise stated, invoices for subscription Fees are issued at the start of the Initial Term and on each anniversary date. Additional fees for usage limit overages may be invoiced separately as incurred or included in the next periodic invoice. All invoices are payable within thirty (30) days of the invoice date. 

Any discount applies only for the period specified in the Order Form and does not apply to Renewal Terms. 

7.2. Taxes. Fees are exclusive of taxes. The Customer is responsible for applicable VAT, sales taxes, and withholding taxes. Where withholding applies, the Customer shall gross up payments unless prohibited by law.

7.3. Late payment; suspension. If the Customer fails to pay an undisputed invoice when due, WTTJ may (i) charge late fees and/or interest as permitted by applicable law, (ii) recover reasonable collection costs where permitted, and (iii) suspend the Services, in case of a delay exceeding thirty (30) days, following a notice.

7.4. Price changes for renewals. Unless prohibited by law, WTTJ may change Fees applicable to a Renewal Term by giving the Customer reasonable advance notice before the renewal date. Updated Fees apply only to the next Renewal Term unless otherwise agreed in writing.

8. INTELLECTUAL PROPERTY

8.1. WTTJ IP. WTTJ retains all right, title and interest in and to the Services and related Intellectual Property Rights. Those rights include but are not limited to websites (design and layout), trademark and logos, systems, software, databases, and WTTJ content.  No rights are granted except as expressly set forth.
8.2. Prohibited use. Any unauthorised use constitutes an infringement under applicable intellectual property laws.

8.3 Customer IP. Customer retains all rights, title, and interest in its Customer Content, and this Agreement does not grant Welcome to the Jungle any rights to Customer Content or the Intellectual Property Rights embodied in Customer Content except for the limited rights expressly set forth in this Agreement.

8.4. Customer Content licence. During the Term, Customer grants WTTJ a worldwide, non-transferable, non-exclusive licence over Customer Content, including but not limited to the Customer’s corporate name, trade name, trademark and logo,  for the purpose of providing the Services and making Customer Content available online, including on the Website, WTTJ’s social networks, communications and newsletters.

8.5. Aggregated Data. Notwithstanding anything to the contrary, WTTJ will be free (during and after the Term hereof) to, without any obligation to the Customer, collect, develop, create, extract, compile, synthesize, analyze, and commercialize statistics, benchmarks, measures, and other information based on Aggregated Data.

9. WARRANTIES & LIABILITY

9.1. Standard of care. WTTJ will use commercially best efforts (obligation of means) to provide the Services and to make them available on a 24/7 basis, subject to planned maintenance, emergency maintenance and events outside WTTJ’s reasonable control. Where reasonably practicable, planned maintenance will be scheduled during off-peak hours. Service uptime information may be made available at https://status.welcometothejungle.com/ (or any successor page notified by WTTJ).

9.2. No outcome guarantee. The Customer acknowledges that recruitment outcomes depend on multiple factors outside WTTJ’s control. Accordingly, WTTJ does not guarantee any specific recruitment results, including the number or quality of applications, time-to-hire, or that any Job Posting will be filled.

9.3. Customer responsibility for content. The Customer remains solely responsible for Customer Content, including the legality, accuracy and compliance of Job Postings and recruitment communications with applicable law.

9.4. Liability limitation. To the maximum extent permitted by law : 

• (a) neither Party shall be liable for indirect or consequential losses (loss of profit, revenue, goodwill, business interruption, etc.);<

• (b) each Party’s total aggregate liability arising out of or in connection with this Agreement (whether in contract, tort (including negligence), breach of statutory duty, or otherwise) shall not exceed the total Fees paid or payable under the applicable Order Form.

10. DATA PROTECTION

10.1. Compliance. Each Party shall comply with Data Protection Laws.

10.2. DPA. Where required, the Parties agree that the Data Processing Agreement (“DPA”) attached as Schedule  applies and forms part of the Agreement. Depending on the Services, WTTJ may act as a Processor and/or the Parties may act as Independent Controllers for certain processing activities.

11. CONFIDENTIALITY

11.1. Use limitation. Each Party will protect the other Party’s Confidential Information using reasonable care and will use it only as necessary to perform under the Agreement.

11.2. Compelled disclosure. The receiving Party may disclose Confidential Information if required by law or court order, provided it gives prompt notice where legally permitted.

11.3. Duration. These confidentiality obligations apply during the Term and for two (2) years thereafter.

 

12. ARTIFICIAL INTELLIGENCE FEATURES

​​12.1. Scope. WTTJ may make available, as part of the Services, certain functionalities based on Artificial Intelligence (AI), machine learning, or similar technologies (the “AI Features”). AI Features are features relying on AI. The AI Features may include, without limitation: (a) candidate ranking and matching suggestions to help identify potentially relevant candidates for a given job opening; (b) drafting assistance to help generate, refine, or improve Job Posting content; and (c) resume/CV parsing and data extraction to structure information from resumes/CVs uploaded into the ATS or otherwise processed through the Services.

12.2. Inputs and Outputs. For the purposes of this Section : 

• “Input” means content submitted by the Customer or Authorized Users to AI Features (including any Personal Data contained in such content).

• “Output” means the results generated by the AI Features based on the Input (including suggested text, extracted fields, rankings, or summaries).

12.3. Customer responsibility. The Customer remains responsible for (i) the legality and appropriateness of Inputs, (ii) having a valid basis and necessary notices/rights to submit Inputs (including Personal Data), and (iii) reviewing Outputs before using, publishing, or communicating them. Outputs may be inaccurate, incomplete, or unsuitable for the Customer’s purposes.

12.4. Human oversight. The Customer acknowledges that AI Features are intended to support decision-making and do not automatically execute hiring decisions. The Customer shall ensure that hiring-related decisions involve meaningful human review and are not made solely on the basis of Outputs.

12.5. Data minimization; sensitive data. The Customer shall apply data minimization and should not intentionally submit special category data (or equivalent sensitive data) to AI features. 

12.6. Non-uniqueness. The Customer acknowledges that Outputs may not be unique and that similar outputs may be generated for other customers or users (including where similar inputs are provided).

12.7. Safety measures. WTTJ may apply reasonable safeguards and usage controls to AI Features and may restrict or suspend AI Features in case of misuse or legal risk.

 

13. FORCE MAJEURE

​​13.1. Force Majeure. Neither Party shall be liable for failure or delay in performing its obligations (except payment obligations for undisputed Fees) due to events beyond its reasonable control, including natural disasters, acts of war or terrorism, labor disputes, government actions, and outages affecting internet, telecommunications or hosting providers not attributable to the affected Party.

13.2. Notice and mitigation. The affected Party will notify the other Party as soon as reasonably practicable and will use reasonable efforts to mitigate the effects and resume performance.

13.3. Extended force majeure. If a Force Majeure event materially prevents performance for more than ninety (90) consecutive days, either Party may terminate the affected Order Form by written notice, without liability except for Fees accrued for Services performed up to termination.

 

14. COMPLIANCE

​​14.1. Compliance with laws. Each Party shall comply with applicable laws.

14.2. Sanctions; Export. The Customer represents it will not use the Services in violation of applicable sanctions or export control laws.

 

15. MISCELLANEOUS

​​15.1. Assignment. The Customer may not assign, transfer, novate, subcontract or otherwise transfer any of its rights or obligations under this Agreement (in whole or in part) without WTTJ’s prior written consent. WTTJ may assign, transfer or novate this Agreement and/or any Order Form without the Customer’s consent to (i) any Affiliate, or (ii) any successor entity in connection with a merger, reorganization, change of control, or a sale of all or substantially all of WTTJ’s assets or the business to which this Agreement relates. WTTJ will give the Customer prior written notice of such assignment (or, where not reasonably practicable, prompt notice), and WTTJ shall remain responsible for performance of the Services until the Effective Date of the assignment.

15.2. Subcontractors. WTTJ may use subcontractors to perform the Services, provided WTTJ remains responsible for their performance under the Agreement.

15.3. Notices. Notices must be sent:

To the Customer: by email to the administrator's address as identified in the Services and/or by email to WTTJ's commercial contact.

To WTTJ: by email at contact@wttj.co.

15.4. Severability; waiver. If any provision of this Agreement is held to be invalid, illegal or unenforceable by a competent court, that provision shall be deemed modified to the minimum extent necessary to make it valid, legal and enforceable (and, where such modification is not possible, severed), and the remaining provisions shall remain in full force and effect. No failure or delay by either Party in exercising any right, power or remedy under this Agreement shall operate as a waiver of such right, power or remedy, nor shall any single or partial exercise of any right, power or remedy preclude any other or further exercise of that or any other right, power or remedy.

15.5. Entire agreement. This Agreement constitutes the entire agreement between the Parties relating to its subject matter and supersedes all prior or contemporaneous discussions, negotiations and understandings, whether written or oral.

 

16. GOVERNING LAW AND JURISDICTION

16.1. France (WTTJ France). Where the WTTJ contracting entity identified in the applicable Order Form is Welcome to the Jungle France (WTTJ France), this Agreement shall be governed by French law, and the Commercial Court of Paris (Tribunal de commerce de Paris) shall have exclusive jurisdiction over any dispute arising out of or in connection with the Agreement.

16.2. United Kingdom (WTTJ UK). Where the WTTJ contracting entity identified in the applicable Order Form is Welcome to the Jungle UK (WTTJ UK), this Agreement shall be governed by the laws of England and Wales, and the courts of England and Wales sitting in London shall have exclusive jurisdiction over any dispute arising out of or in connection with the Agreement.

16.3. United States (WTTJ US). Where the WTTJ contracting entity identified in the applicable Order Form is Welcome to the Jungle US (WTTJ US), this Agreement shall be governed by the laws of the State of New York, excluding its conflict of laws rules, and the state and federal courts located in New York shall have exclusive jurisdiction over any dispute arising out of or in connection with the Agreement.

Schedule 1 - Services Specific Terms

1. Employer Branding - Production of Creations

PREAMBLE

This schedule applies only to Customers who have subscribed to the production of Creations as mentioned in the Order Form.

Creations: means the final content produced by WTTJ for the benefit of the Customer, and more particularly the photographs and videos appearing on the Company Showcase. The Creations are not part of the Customer Content.

Participants: means any person appearing in the Creations.

 

1.1 DESCRIPTION OF THE SERVICE

WTTJ carries out photo shoots and/or filming to produce the Creations for publication on the Customer's company profile on the Website, under the conditions specified in the Order Form.

 

1.2 FILMING

Within five (5) business days following the signature of the Order Form mentioning the purchase of production of Creations, WTTJ contacts the Customer to schedule the filming. The Customer may postpone the filming date only once, provided that WTTJ is notified by email at least ten (10) business days in advance.

 

1.3 CREATIONS

The Customer provides WTTJ with all necessary information at least ten (10) days before the filming. WTTJ delivers the Creations within ten (10) business days following the filming.

Unless otherwise stated in the Order Form, only revisions related to technical defects are accepted. Any other modification must be accepted by WTTJ and may incur additional costs. Once validated for publication, no further modification is possible.

1.4 IMAGE RIGHTS

The Customer guarantees that it has obtained all necessary rights from the Participants to appear in the Creations for the entire Term of the Agreement.

 

1.5 USE OF THE CREATIONS

Subject to full payment of the Fees, WTTJ grants the Customer a personal and non-transferable license to use the Creations, solely for their publication on the Website during theTerm of the Agreement.

Any use of the Creations outside the Website (social networks, advertising, Customer's website, etc.) requires WTTJ's prior written consent and may be subject to additional billing.

The Customer is not authorized to modify the final version of the Creations.

WTTJ guarantees that it holds the rights to the Creations and will not grant a license to any third party for the Creations created for the Customer.

The Customer is solely responsible for compliance with its obligations during any authorized distribution of the Creations, particularly concerning the author's moral rights and the rights of the Participants.

 

1.6 STORAGE OF THE CREATIONS

The Customer has twelve (12) months from the filming date to request delivery of the Creations. After this period, WTTJ has no obligation to store them.

 

2. Job booster 

2.1 DESCRIPTION OF THE FEATURE

If expressly mentioned in the Order Form, the Customer will have the possibility to promote one or more Job Postings via the "Job Booster" feature on the Website. This feature allows the Customer to promote Job Postings through dedicated slots (the "Boosts") which will guarantee improved placement of the Job Posting on certain pages of the website. These Boosts may be activated at any time during the current contractual year, for a period of thirty (30) consecutive days after which they expire. Any Boost not used during the current contractual year will be lost for the following year.

WTTJ will determine the placement and positioning of the Job Postings promoted by the Customer on the Website.

2.2 LIMITATION OF WARRANTY

WTTJ does not guarantee any results from the use of the Job Booster feature and in particular: (i) regarding the volume of applications, (ii) regarding the fact that candidates will meet the hiring criteria, or (iii) regarding the volume of hires that will result from it.

3. Sourcing 

3.1 ACCESS TO THE FEATURE

If expressly mentioned in the Order Form evidencing the subscription to the sourcing service, the Customer will benefit from access license(s) to features allowing them in particular to view candidates' CVs (the "Sourcing"). The Customer undertakes to comply with the number of licenses provided in the Order Form. The licenses are individual.

3.2 CUSTOMER'S OBLIGATIONS

In the context of using Sourcing, the Customer undertakes to:

• preserve the confidentiality of information relating to candidates and in particular that contained in CVs. The Customer is prohibited from using this information for purposes other than recruitment and is prohibited from communicating this information to third parties. The Customer acknowledges that information concerning candidates' openness to new professional opportunities is strictly confidential and undertakes not to disclose it to third parties, in any form whatsoever, without the prior written consent of the candidate concerned;

• not extract candidate data or use it in any way without having obtained their prior consent via the dedicated feature;

• not contact candidates for purposes other than those related to recruitment for the job posting for which they have agreed to be contacted;

• in general, comply with the Acceptable Use Policy;

• not use automated means to retrieve, extract, access, modify, download, query or collect information from the Website, except in cases where this is strictly authorized by WTTJ.

In case of non-compliance with these obligations, WTTJ reserves the right to suspend or terminate the Customer's access to the Services.

3.3 PERSONAL DATA

The Parties acknowledge and agree that they will act as separate and independent data controllers with respect to the personal data they process for the purposes of carrying out the Sourcing processing purpose.

As such, each Party undertakes to (i) comply with all applicable legal and regulatory provisions, in particular Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 (hereinafter, the "GDPR"), (ii) implement and maintain technical and organizational measures to ensure the protection of personal data against any unauthorized or unlawful access as well as against any breach, loss, unauthorized disclosure or accidental destruction, and (iii) alert the other Party if any of these events occur, so that the latter can alert the relevant natural persons.

Schedule 2 - Data Processing Agreement - DPA

PREAMBLE

This Data Processing Agreement ("DPA") forms an integral part of the agreement entered into between Welcome to the Jungle (hereinafter "WTTJ" or the "Company") and the Customer (hereinafter the "Customer"), and sets out the terms applicable to the processing of Personal Data in connection with the services provided by WTTJ (hereinafter the "Services").

This DPA and the Master Subscription Agreement (hereinafter the "MSA") are complementary. In the event of any conflict regarding data protection, this DPA shall prevail.

Depending on the Services subscribed to by the Customer, WTTJ may act as a Processor (acting on the Customer's instructions) or as an Independent Controller (pursuing its own, separate purposes). This DPA distinguishes between these two roles and sets out each Party's obligations accordingly.

Only the provisions of this DPA that relate to the Services identified in the applicable Order Form shall apply.

 

ARTICLE 1 – DEFINITIONS

Capitalised terms used in this DPA have the meanings set out below.

The terms "Personal Data", "Processing", "Purpose", "Data Subject", "Processor", "Controller", "Personal Data Breach" and any other term relating to data protection shall have the meaning attributed to them by the Data Protection Legislation, and in particular by Article 4 of the EU General Data Protection Regulation and, where applicable, by the corresponding provisions of the UK GDPR.

"Data Protection Legislation" means all laws and regulations applicable to the Processing of Personal Data, and in particular Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (hereinafter the "GDPR"), as well as Law No. 78-17 of 6 January 1978 on information technology, data files and civil liberties, as amended. This definition also includes, where applicable, the United Kingdom General Data Protection Regulation (hereinafter the "UK GDPR") and the UK Data Protection Act 2018, as well as the California Consumer Privacy Act (hereinafter the "CCPA") as amended by the California Privacy Rights Act, to the extent that such regulations are applicable.

"Services" means all services provided by WTTJ to the Customer as specified in a quotation or any order document issued by or on behalf of the Customer.

"Sub-Processor" means any third party engaged by the Processor to carry out specific Processing activities on behalf of the Controller.

All other terms defined in the MSA shall retain their meaning in this DPA, unless expressly provided otherwise.

 

---

 

PART 1: PROCESSING ACTIVITIES WHERE WELCOME TO THE JUNGLE ACTS AS CONTROLLER

ARTICLE 2 – SCOPE AND ROLES

This Part 1 applies to the Sourcing Service. Each Party acts as an Independent Controller within the meaning of Article 4(7) of the GDPR, independently determining the purposes and means of its own Processing.

 

2.1. Processing activities carried out by WTTJ

WTTJ builds, manages and makes available to the Customer a Sourcing tool comprising a candidate profile database, for the purpose of facilitating connections between candidates and recruiters.

The categories of data processed include identification, contact, professional, educational and job-search preference data.

 

2.2. Processing activities carried out by the Customer

The Customer accesses the database, reviews candidate profiles, contacts selected candidates and manages the recruitment process independently, for the purpose of filling vacant positions and building a talent pool.

The Customer alone determines the legal basis for such Processing and remains solely responsible for compliance with its obligations under the Data Protection Legislation.

 

2.3. Independence of the Parties

The Parties expressly acknowledge that they each act as Independent Controllers. Neither Party acts on behalf of the other, nor receives instructions from the other, with respect to the Processing activities carried out in connection with the Sourcing Service.

 

ARTICLE 3 – COMMON OBLIGATIONS OF THE PARTIES

Each Party undertakes to comply with all of its obligations as a Controller under the Data Protection Legislation, and in particular the following.

 

3.1. Lawfulness and transparency

Each Party shall process Personal Data in a lawful, fair and transparent manner.

Each Party shall maintain an accessible privacy policy informing Data Subjects of the collection and use of their Personal Data, the purposes pursued, the applicable legal basis, the recipients of the data and their rights.

 

3.2. Purpose limitation and data minimisation

Each Party shall collect Personal Data for specified, explicit and legitimate purposes only, and shall not process such data in a manner incompatible with those purposes.

Each Party shall limit data collection to what is adequate, relevant and necessary in relation to the purposes pursued.

 

3.3. Accuracy and storage limitation

Each Party shall ensure the accuracy and currency of Personal Data, and shall retain it in identifiable form no longer than is necessary for the purposes pursued.

 

3.4. Security measures

Each Party shall implement appropriate technical and organisational measures to ensure a level of security appropriate to the risk, in accordance with the Data Protection Legislation.

In particular, the Customer shall protect its login credentials for the Sourcing Service and shall not share them with unauthorised persons.

 

3.5. Rights of data subjects

Each Party shall put in place the procedures necessary to enable Data Subjects to exercise their rights under the Data Protection Legislation, and shall respond to such requests within the prescribed time limits.

Where a Party receives a request relating to Processing carried out by the other Party, it shall forward the request without undue delay and no later than within forty-eight (48) hours.

 

3.6. Personal data breaches

In the event of a Personal Data Breach affecting Personal Data processed in the context of the Sourcing Service and likely to result in a risk to the rights and freedoms of Data Subjects, each Party shall notify the competent supervisory authority within the prescribed time limits and shall inform Data Subjects where the risk is high, in accordance with the Data Protection Legislation.

The Party that identifies the breach shall notify the other Party without undue delay, to enable each Party to assess its own notification obligations.

 

3.7. Record of processing activities

Each Party shall maintain and keep up to date a record of processing activities carried out under its responsibility, in accordance with the Data Protection Legislation.

 

3.8. Requests from supervisory authorities

Where a Party receives a request for information from a competent supervisory authority, it shall inform the other Party without undue delay (unless prohibited by law) and shall cooperate reasonably to enable the other Party to respond to the extent it is concerned.

 

ARTICLE 4 – SPECIFIC OBLIGATIONS OF THE CUSTOMER

4.1. Informing data subjects

The Customer shall inform the candidates it contacts via the Sourcing Service of the use of their Personal Data for recruitment purposes, in accordance with the Data Protection Legislation, including a reference to the fact that their data was obtained through the WTTJ platform.

 

4.2. Lawful use

The Customer shall use the Sourcing Service exclusively for legitimate recruitment purposes. The Customer shall refrain from extracting, copying or creating its own database from Personal Data processed in the context of the Sourcing Service, using such data for commercial prospecting, or disclosing it to unauthorised third parties.

The Customer acknowledges that information regarding candidates' openness to new professional opportunities is strictly confidential and undertakes not to disclose it to third parties without the prior written consent of the candidate concerned.

The Customer undertakes to comply with the Product Terms of Use (hereinafter the "Terms of Use") and to ensure compliance therewith by all of its employees having access to the Service. The Terms of Use, available in the Legal Centre, set out the rules governing use of the Product, permitted uses and prohibited conduct. Any breach of the Terms of Use by an employee of the Customer shall be deemed a breach committed by the Customer itself, which shall assume full liability therefor.

 

---

 

PART 2: PROCESSING ACTIVITIES WHERE WELCOME TO THE JUNGLE ACTS AS PROCESSOR

ARTICLE 5 – SCOPE AND STATUS OF THE PARTIES

This Part 2 applies to the following Services, in the context of which WTTJ processes Personal Data on behalf of the Customer and in accordance with its instructions:

1. the Employer Branding Service ("Company Profile"), enabling the Customer to publish content relating to its employer brand; and
2. the ATS Service, enabling the Customer to manage its Job Offers and applications.

The Customer acts as Controller and alone determines the purposes and essential means of such Processing. WTTJ acts as Processor and processes Personal Data solely for the purpose of providing the Services.

 

ARTICLE 6 – OBLIGATIONS OF THE CONTROLLER

The Customer, acting as Controller, acknowledges and warrants that it complies with all of its obligations under the Data Protection Legislation, and in particular the following.

 

6.1. Provision of data and lawfulness of processing

The Customer warrants that it provides WTTJ with the Personal Data necessary for the provision of the Services in a manner compliant with the Data Protection Legislation, and in particular that it has provided mandatory information to Data Subjects and holds an appropriate legal basis for each Processing activity entrusted to WTTJ.

The Customer warrants that all of its instructions relating to Processing operations entrusted to WTTJ are given in accordance with the Data Protection Legislation and that each Data Subject has been duly informed of the purposes of the Processing, of their rights and of the recipients of their Personal Data, including WTTJ in its capacity as Processor.

 

6.2. Documentation of instructions

The Customer shall document in writing any instruction relating to the Personal Data Processing operations entrusted to WTTJ pursuant to this DPA.

 

6.3. Information and exercise of data subjects' rights

It is the Controller's responsibility to provide information to Data Subjects at the time of collection of Personal Data.
The Customer shall respond, within the time limits prescribed by the Data Protection Legislation, to requests to exercise rights submitted by Data Subjects in respect of the Processing operations entrusted to WTTJ.

The Customer may request WTTJ's assistance in responding to such requests, in accordance with Article 7.6 of this DPA.

 

6.4. Cooperation with supervisory authorities

The Customer shall respond without undue delay to requests from any competent supervisory authority relating to the Processing entrusted to WTTJ and shall notify WTTJ of such requests where they concern the Services, in order to enable WTTJ to cooperate with the Customer in responding to the authority.

 

ARTICLE 7 – OBLIGATIONS OF THE PROCESSOR

7.1. Processing on instructions and compliance

WTTJ shall process Personal Data solely on the documented instructions of the Customer. The initial instructions consist of the MSA, this DPA and its Sub-Schedules, as well as the settings defined by the Customer in the Services interface.

Where WTTJ considers that an instruction constitutes a breach of the Data Protection Legislation, it shall immediately inform the Customer. The Customer shall have fifteen (15) business days to amend, withdraw or confirm the instruction. In the absence of a response, WTTJ shall suspend execution of the instruction concerned.

The Processor undertakes to cooperate with any competent supervisory authority in the event of a request for information and to comply with any recommendation issued by the relevant supervisory authority in relation to the Processing operations.

In the event of any legal, administrative or judicial prohibition that may prevent the Processor from carrying out the Processing operations, the Processor shall notify the Controller and may terminate the Agreement, without the Controller being entitled to hold the Processor liable or claim damages in connection therewith.

 

7.2. Cooperation and assistance

The Processor shall reasonably assist the Controller in carrying out data protection impact assessments and conducting prior consultation with the supervisory authority.

Such requests shall be reasonable having regard to the objective pursued, both in terms of human and financial cost, and may be subject to a separate quotation where applicable.

 

7.3. Authorised recipients and confidentiality

WTTJ warrants that persons authorised to process Personal Data are bound by an appropriate confidentiality obligation. Each member of staff having access to Personal Data is subject to a confidentiality clause in their employment contract.

WTTJ shall ensure that persons authorised to process Personal Data have received appropriate training on the Data Protection Legislation and security.

 

7.4. Sub-Processing

The Controller provides the Processor with general written authorisation to engage its current Sub-Processors as listed in Sub-Schedule 2.

In the event of any intended addition or replacement of a Sub-Processor, the Processor shall inform the Controller in advance and in writing. Such notification shall clearly indicate the Processing operations concerned, the identity and contact details of the Sub-Processor, any transfers of Personal Data outside the European Union and the appropriate safeguards adopted to govern such transfers.

The Controller shall have a period of thirty (30) calendar days from the date of notification to raise objections. The sub-processing may only proceed if the Controller has not raised a written objection within such period.

In the event of a duly justified written objection submitted within the prescribed period by recorded delivery, the Processor shall take into account the Controller's observations by either:

• requiring the Sub-Processor to comply with the Controller's reasonable requests; 

   

• proposing an alternative Sub-Processor, in which case the Controller shall have fifteen (15) calendar days to raise a further objection; or 

   

• offering the Controller the option to terminate the Agreement, without the Controller being entitled to hold the Processor liable or claim damages.

Each Sub-Processor shall be bound by the obligations of this DPA on behalf of and in accordance with the instructions of the Controller. The Processor shall ensure that each Sub-Processor provides sufficient guarantees regarding the implementation of appropriate technical and organisational measures such that the sub-processed Processing meets the requirements of the Data Protection Legislation.

The Processor shall remain fully liable to the Controller for each Sub-Processor's performance of its obligations in respect of the sub-processed Processing operations.

 

7.5. Transfers of Personal Data

Any transfer of Personal Data to a country outside the European Union or to an international organisation by the Processor shall only be carried out on the basis of documented instructions from the Controller, or to comply with a specific requirement of EU or Member State law, and shall be carried out in accordance with Chapter V of the GDPR.

The Controller agrees that where the Processor engages a Sub-Processor in accordance with Article 7.4 and the Processing activities involve a transfer of Personal Data outside the EU, the Processor and the relevant Sub-Processor shall ensure compliance with Chapter V of the GDPR prior to commencing the Processing, either by:

• verifying that the recipient country benefits from an adequacy decision by the European Commission; or 
• implementing standard contractual clauses issued by the European Commission (including any updates thereto), provided the conditions for use of such clauses are met.

 

7.6. Exercise of data subjects' rights

To the extent possible, the Processor shall assist the Controller in fulfilling its obligation to respond to Data Subject rights requests as set out in Chapter III of the EU GDPR or the UK GDPR.

Where Data Subjects submit requests directly to the Processor, the Processor shall forward them without undue delay by email to a designated contact of the Controller.

 

7.7. Record of processing activities

The Processor shall maintain an up-to-date record of all Personal Data Processing activities carried out on behalf of the Controller, in accordance with Article 30(2) of the GDPR, and shall make such record available to the Customer upon first request.

 

7.8. Notification of personal data breaches

The Processor shall notify the Controller of any Personal Data Breach without undue delay and no later than forty-eight (48) hours after becoming aware thereof.

Such notification shall be accompanied by all relevant documentation to enable the Controller, where necessary, to notify the breach to the competent supervisory authority and, where applicable, to Data Subjects.

The Processor shall inform the Controller of the identified causes of the breach and shall take all measures it deems necessary and reasonable to remedy the source of the breach, where such remedy falls within the Processor's control.

 

7.9. Security measures

The Processor shall implement appropriate technical and organisational measures to ensure a level of security appropriate to the Processing activities. The measures implemented by the Processor are set out in Schedule 3 – Security Measures.

In particular, the Processor shall ensure that measures are in place to:

• ensure the confidentiality, integrity, availability and traceability of the Controller's data, and maintain written documentation describing the technical and organisational security measures implemented for this purpose;

   

• enable the detection, resolution and notification, within the time limits required by the Data Protection Legislation, of security incidents and Personal Data Breaches;

   

• restore the availability and accessibility of the Controller's data in the event of a physical or technical incident; and

• ensure that the Controller's data is accessible and readable only by staff duly authorised by virtue of their role and responsibilities.

The Processor declares and warrants that the security measures implemented are in no event lower than those required by the Data Protection Legislation or those that a reasonable operator in the same field would have implemented.

 

7.10. Documentation and audit

The Processor shall make available to the Controller all documentation necessary to demonstrate compliance with its obligations and to enable audits (a maximum of one (1) per year), including inspections, by the Controller or a mandated auditor at the Controller's sole expense, and shall cooperate with such audits.

Any audit request shall be submitted to the Processor by recorded delivery with a minimum notice period of forty-five (45) calendar days prior to the anticipated audit date.

Any audit exceeding one (1) person-day per year shall be subject to additional charges.

 

7.11. Data return and deletion

Upon termination of the Services, the Processor shall destroy or anonymise all Personal Data processed on behalf of the Controller.

The Controller may request that the Processor retain certain Personal Data, in particular photographs and videos, in order to reactivate its Company Profile in the event of a new subscription, for a maximum period of two (2) years.

The Processor may, where applicable and prior to destruction or anonymisation, assist the Controller in recovering certain Personal Data in a specific format, subject to the Controller's prior approval of a quotation setting out the cost of such service.

 

---

 

PART 3: COMMON PROVISIONS

ARTICLE 8 – TERM OF THE DPA

This DPA shall enter into force on the date of signature and shall remain in force until the Processor ceases to process Personal Data on behalf of the Controller.

 

ARTICLE 9 – DATA PROTECTION OFFICER

Welcome to the Jungle has appointed a Data Protection Officer (DPO) in accordance with Article 37 of the GDPR, who may be contacted at the following address: privacy@welcometothejungle.com.

Where the Controller has also appointed a DPO, the Controller shall communicate the DPO's contact details to the Processor upon first request.

 

ARTICLE 10 – LIABILITY

Any limitation of liability applicable under the Agreement shall also apply to this DPA, without prejudice to the individual liability that the Controller or the Processor may incur towards any Data Subject or competent supervisory authority, in particular pursuant to Article 82 of the GDPR.

 

ARTICLE 11 – GOVERNING LAW

This DPA shall be governed by the law applicable to the Agreement to which it is annexed, as set out in the MSA.

 

ARTICLE 12 – DISPUTE RESOLUTION

In the absence of an amicable resolution, any dispute or claim relating to the validity, interpretation, performance and/or termination of this DPA shall be subject to the exclusive jurisdiction of the courts designated in the MSA to which it is annexed.

 

 

Sub-schedule 1: Details of Processing Operations

Within the framework of the signed Contract and DPA, WTTJ acts as Processor following Client instructions for processing operations applicable to Services actually subscribed by the Client and as indicated within the Order Form.

Sub-schedule 2: List of Sub-processors

Schedule 3 - Security Measures

The Personal Data security measures that the Processor must implement in the context of the Processing operations include, on a non-exhaustive basis, the following measures:

• all of the Processor's staff must be trained and regularly informed of developments in data security and Personal Data protection;

• in order to protect the confidentiality of Personal Data, the Processor must include in the employment contracts signed by staff members having access to Personal Data a clause requiring such staff members to acknowledge their duty to protect the confidentiality of all Personal Data they access pursuant to this DPA;

• only authorised staff members may access Personal Data, provided that such access is necessary. Measures to prevent unauthorised persons from accessing Personal Data must be put in place;

• a method of accessing Personal Data must be developed, and an adequate level of authorisation must be required;

• all access to Personal Data must be protected by an authentication system enabling identification, and an access log must be maintained. The Processor must implement an appropriate password policy for access to Personal Data. Where technically feasible, multi-factor authentication (MFA) and/or single sign-on (SSO) are mandatory;

• all electronic media and software on which Personal Data is stored must be regularly updated and protected against malware and unauthorised access, using protective software (such as antivirus software) and an advanced security policy (e.g. bug bounty programme);

• Personal Data must not be stored in environments (such as the internet) accessible to third parties that have not been authorised by the Processor;

• appropriate security measures (e.g. firewalls) must be put in place at the interface between environments accessible to third parties and the company's storage areas, together with measures to counter cyber-attacks threatening the security of Personal Data;

• the transmission of Personal Data must always be carried out through encrypted communication services;

• the environment (servers, Personal Data storage systems, etc.) in which Personal Data is stored on behalf of the Controller must be physically protected and access thereto must be controlled and limited to authorised staff members only;

• Personal Data must be deleted using appropriate methods. The deletion of Personal Data stored in an electronic environment must render recovery of the Personal Data impossible. Personal Data in physical storage (documents, etc.) must be destroyed using appropriate methods or equipment (e.g. shredder).