General terms and conditions
Welcome to the Jungle Solutions

MASTER SUBSCRIPTION AGREEMENT

1. OBJECT OF THE AGREEMENT

1.1. Purpose. Welcome to the Jungle is an all-in-one recruitment platform that enables companies to inter alia (i) showcase their employer brand, (ii) publish job openings, (iii) source candidates, and (iv) manage applications through an integrated Applicant Tracking System (ATS) (together the “Services”). This Master Subscription Agreement (“MSA”) sets out each Party’s rights and obligations in connection with the provision and use of the Services.

1.2. Parties. This MSA is entered into by and between (i) the relevant Welcome to the Jungle contracting entity (the "WTTJ Entity"), and (ii) the Customer, each as identified in the applicable Order Form. The WTTJ Entity and the Customer are each a "Party" and together the "Parties".

For the purposes of this MSA, any reference to “Welcome to the Jungle” or “WTTJ” shall mean the relevant WTTJ Entity.

1.3. Authority. The individual executing an Order Form represents and warrants that they have full authority to bind the Customer.

1.4. Contractual Documents. The Parties’ agreement comprises: (i) one or more Order Forms, (ii) this MSA (including Schedules), and (iii) any Service Specific Terms incorporated by reference (together, the “Agreement”).

1.5. Order of precedence. In the event of any conflict or inconsistency between the contractual documents, they shall prevail in the following order (highest to lowest) : (i) the applicable Order Form(s), (ii) the relevant Schedules and/or Service Specific Terms (where relevant), and (iii) this MSA.

1.6. Changes to this MSA. WTTJ may update this MSA from time to time. When WTTJ makes a material change to this MSA, WTTJ will notify the Customer of such change. The Customer may object to the material changes by providing written notice to WTTJ within thirty (30) days from the date of such notification. In case the Customer validly objects, the modified version of the MSA shall not apply to the Parties’ contractual relationship, and the Parties shall discuss in good faith the consequences of such objection and the appropriate next steps.

2. DEFINITIONS

2.1. Active Recruitment:  means an ongoing recruitment process for an open position on the platform. Each Active Recruitment occupies one (1) recruitment slot and grants access to the full range of recruitment functionalities, including job publication, sourcing, applicant tracking, and candidate management. A recruitment slot is freed and may be reused immediately when the corresponding position is closed or deactivated by the Customer.

2.2. Agreement: has the meaning ascribed to it above.

2.3. Aggregated Data: means Customer data that is: (i) anonymized by removing any personal or other information so the data is in no way attributable to a specific customer or any individual; (ii) combined with other data; and (iii) presented in a way that does not reveal the Customer’s or any individual’s identity.

2.4 Artificial Intelligence (AI): means, for the purposes of this Agreement, any machine based  system, tool or functionality made available by WTTJ as part of the Services that use algorithms or models (including machine learning techniques) to process data or other inputs and automatically generate outputs such as candidate recommendations, ranking or matching suggestions, extracted or structured information (including from resumes/CVs), summaries or drafted content (including Job Posting text).

2.5. Authorised User: designates employees, agents and independent contractors of the Customer who are authorized by the latter to access and use the Services in accordance with this Agreement.

2.6. Company Profile Page: refers to the page on the Website that presents, in particular, the Customer’s company profile, the Job postings and the Customer Content.

2.7. Confidential Information: means any non-public information disclosed by or on behalf of a Party (the “Disclosing Party”) to the other Party (the “Receiving Party”), in any form, that is (i) marked or identified as confidential, or (ii) should reasonably be understood to be confidential given the nature of the information and the circumstances of disclosure. Confidential Information includes, without limitation, business, financial, technical and product information, the Terms of this Agreement, and any non-public security measures or technical details relating to the Services. Confidential Information does not include information that the Receiving Party can demonstrate: (a) is or becomes publicly available through no breach of the Agreement; (b) was lawfully known by the Receiving Party without restriction before disclosure; (c) is lawfully received from a third party without restriction; or (d) is independently developed without use of the Disclosing Party’s Confidential Information.

2.8. Customer Content: means any data or materials the Customer, the Authorized Users or WTTJ on the Customer’s behalf, enter or upload to the Services.

2.9. Data Protection Regulation: means (i) Regulation (EU) 2016/679 (GDPR) and French law No. 78‑17 of 6 January 1978 as amended (including any implementing or successor legislation); (ii) where applicable, the UK General Data Protection Regulation (UK GDPR) and the UK Data Protection Act 2018.

2.10. Effective Date: means the date of signature of the Order Form  means the date on which the Agreement comes into effect, as specified in the Order Form.

2.11. Fees: means all applicable fees described in the Order Form(s).

2.12. Independent Controller: means a Party that determines the purposes and means of Processing Personal Data independently from the other Party, and not on behalf of the other Party, as such terms are defined under the applicable Data Protection Laws.

2.13. Intellectual Property Rights: means current and future worldwide rights under patent, copyright, trade secret, trademark, moral rights, and other similar rights.

2.14. Job Posting: means any publication of a job offer, regardless of its nature, by the Customer in order to fill a vacant position, appearing on the Company Profile Page.

2.15. Order Form: means the written document (including any quote or subscription document) executed by the Parties that incorporates or references this Agreement and sets out the Services purchased, the Term, any usage limits, and the Fees.

2.16. Personal Data: refers to any information relating to an identified or identifiable natural person.

2.17. Processor (or “Data Processor”): means an entity that Processes Personal Data on behalf of another entity acting as Controller, as such terms are defined under the applicable Data Protection Laws.

2.18. Services: refers to all services provided by WTTJ to the Customer, identified in the applicable Order Form(s), under this Agreement.

2.19. Service Specific Terms: means terms and conditions applicable to the Customer’s use of the Specific Services (hereinafter “SST”) set out in the Order Form.

2.20. Term: means, collectively, the initial Period and each Renewal Period.

2.21. Website: means WTTJ’s website(s) through which the Services are made available, including any local domains used by WTTJ, accessible at https://www.welcometothejungle.com/en.

 

3. SUBSCRIPTION AND USE OF THE SERVICES

3.1. Subscription. This MSA governs the subscription to the Services in accordance with an Order Form setting out the Services subscribed to in detail. Each Order Form shall specify the applicable Subscription Plan, the scope of the Services, the Term, usage limits, and the applicable Fees. The Customer may not downgrade its subscription plan (or reduce the scope of the Services or any usage limits) during the applicable Term.

3.2. License grant. Subject to the Customer’s payment of the Fees and compliance with this Agreement, WTTJ grants the Customer a limited, non-exclusive, non-transferable, non-sublicensable right during the Term to access and use the Services for the Customer’s internal business purposes.

3.3. Restrictions. The Customer shall not, and shall not permit any third party to, (i) reverse engineer, decompile, or attempt to derive source code from the Services (except to the extent permitted by applicable mandatory law); (ii) copy, modify, translate, or create derivative works of the Services except as expressly permitted; (iii) use the Services to store or transmit malicious code; (iv) interfere with or disrupt the integrity or performance of the Services; (v) access the Services to build or benchmark a competing product; (vi) use the Services in violation of applicable law.

3.4. Suspension. WTTJ may suspend (in whole or in part) the Customer’s access to the Services where (i) required by law, (ii) WTTJ reasonably believes that the Customer’s use poses a security risk, could adversely impact the Services or other customers, or violates applicable law, or (iii) the Customer fails to pay any undisputed Fees after the due date, following written notice where reasonably practicable. WTTJ will restore access promptly once the reason for suspension is resolved.

3.5. Service updates. Customer acknowledges that WTTJ may update, modify or discontinue certain features of the Services from time to time to correct errors, enhance functionality, improve performance, or address security or legal requirements, provided that such changes do not materially and adversely alter the core functionality of the Services subscribed under the applicable Order Form. Any updates or modifications made in accordance with this Section shall be considered part of the “Services”.

3.6. Third-Party Services and Third-Party Materials. The Services may incorporate, depend on, or make available components provided by third parties, including third-party software, tools, libraries, and other products or Services (including open-source software) that may be subject to separate third-party terms (“Third-Party Services”). WTTJ does not control and shall not be responsible for the content, features, performance, availability, security, or functionality of any Third-Party Services, nor for any changes made by third parties to such Third-Party Services. Customer’s use of Third-Party Services may be subject to the applicable third-party terms, and Customer shall comply with such terms where required.
 

4. CUSTOMER’S OBLIGATIONS

4.1. Account security. The Customer is responsible for maintaining the confidentiality of login credentials and for all activities carried out using its accounts. The Customer will promptly notify WTTJ of any known or suspected unauthorized access.

4.2. Customer responsibilities. The customer is solely responsible for (i) Customer Content and its accuracy, legality and appropriateness; (ii) ensuring that Job Postings and recruitment practices comply with applicable laws (including employment and anti-discrimination laws); and (iii) obtaining all rights, notices, consents, and authorizations required to provide Customer Content and allow WTTJ to Process it to provide the Services.

4.3. Usage limits and fair use.  Where the Order Form or SST sets usage limits, including Active Recruitment limits, the Customer shall strictly comply with such limits. WTTJ may apply technical controls to enforce such limits and protect the Services.

If the Customer exceeds the agreed limits, WTTJ will, at its sole discretion, either (i) invoice additional fees as specified in the Order Form or as otherwise made available to the Customer by WTTJ , or (ii) automatically upgrade the Customer's subscription plan to the next appropriate tier to accommodate the Customer's actual usage. Any such upgrade shall take effect immediately and the pricing applicable to the upgraded subscription plan shall be the pricing in effect at the time of the upgrade.

5. WTTJ OBLIGATIONS

5.1. Provision of Services. WTTJ will provide the Services in accordance with the Agreement and applicable law.

5.2. Authority and non-infringement warranty. WTTJ represents and warrants it has sufficient right, title and interest in the Services to provide them, and that its execution and performance of this Agreement does not violate any obligation to a third party.

5.3. Support. Where support is included, WTTJ will provide support as described in the Order Form and/or the applicable SST. Support may be delivered through standard channels and subject to reasonable usage.

6. TERM, RENEWAL, TERMINATION

6.1. Term. Unless otherwise agreed in the Order Form, the Agreement starts on the Effective Date and continues for the Initial Term specified in the Order Form.

6.2. Automatic Renewal. After the Initial Term, this Agreement renews automatically for successive periods of one (1) year (each a "Renewal Term"), unless either Party gives written notice of non-renewal at least one (1) month before the end of the Initial Term or the then-current Renewal Term.
The Agreement will renew at the subscription plan level in effect at the time of renewal, including any plan upgrade applied under Section 4.3, and at the then-current pricing for such plan.  

6.3. Termination for material breach. Either Party may terminate the Agreement if the other Party materially breaches the Agreement and fails to cure such breach within thirty (30) days after written notice. If the breach cannot reasonably be cured, termination may be effective immediately upon notice.

6.4. Termination for Reputational Harm. In addition to any other termination rights under the Agreement, WTTJ may terminate the applicable Order Form and/or the Agreement with immediate effect by written notice if the Customer, or any of its representatives, causes, directly or indirectly, material harm to WTTJ’s reputation, brand, image, values, or legitimate business interests (the “Reputational Harm”).

6.5. Examples. Reputational Harm may include, without limitation: (i) public statements, publications or conduct attributable to the Customer that are reasonably likely to negatively affect WTTJ’s image or values; (ii) unlawful, discriminatory, hateful, or abusive content or practices associated with the Customer’s use of the Services; (iii) misuse of the Services or Website that WTTJ reasonably considers capable of causing reputational damage; or (iv) any breach of the Acceptable Use obligations. 

6.6. Effect of termination. Upon termination or expiration of this Agreement, WTTJ shall cease providing the Services. If this Agreement is terminated due to the Customer’s material breach, all Fees accrued and unpaid as of the effective termination date shall become immediately due and payable. If this Agreement is terminated due to WTTJ’s material breach, WTTJ shall refund Fees on a pro-rata basis for the unused portion of the Term, as of the effective termination date.

6.7. Data export. Upon written request and subject to the Customer being up-to-date with payments, WTTJ will provide a commercially reasonable export of Customer Content in accordance with WTTJ’s standard process.

6.8. Deletion. Following the end of the Term and the expiration of any post-termination data export period set out in the SST and/or DPA, WTTJ may delete Customer Content in accordance with its retention policies, the DPA, and applicable law.

7. FEES

7.1. Fees and invoicing. The Customer shall pay (i) the Fees set out in the Order Form, and (ii) any additional fees incurred due to exceeding usage limits as provided in Section 4.3, in the currency specified in the Order Form.

Unless otherwise stated, invoices for subscription Fees are issued at the start of the Initial Term and on each anniversary date. Additional fees for usage limit overages may be invoiced separately as incurred or included in the next periodic invoice. All invoices are payable within thirty (30) days of the invoice date. 

Any discount applies only for the period specified in the Order Form and does not apply to Renewal Terms. 

7.2. Taxes. Fees are exclusive of taxes. The Customer is responsible for applicable VAT, sales taxes, and withholding taxes. Where withholding applies, the Customer shall gross up payments unless prohibited by law.

7.3. Late payment; suspension. If the Customer fails to pay an undisputed invoice when due, WTTJ may (i) charge late fees and/or interest as permitted by applicable law, (ii) recover reasonable collection costs where permitted, and (iii) suspend the Services, in case of a delay exceeding thirty (30) days, following a notice.

7.4. Price changes for renewals. Unless prohibited by law, WTTJ may change Fees applicable to a Renewal Term by giving the Customer reasonable advance notice before the renewal date. Updated Fees apply only to the next Renewal Term unless otherwise agreed in writing.

8. INTELLECTUAL PROPERTY

8.1. WTTJ IP. WTTJ retains all right, title and interest in and to the Services and related Intellectual Property Rights. Those rights include but are not limited to websites (design and layout), trademark and logos, systems, software, databases, and WTTJ content.  No rights are granted except as expressly set forth.
8.2. Prohibited use. Any unauthorised use constitutes an infringement under applicable intellectual property laws.

8.3 Customer IP. Customer retains all rights, title, and interest in its Customer Content, and this Agreement does not grant Welcome to the Jungle any rights to Customer Content or the Intellectual Property Rights embodied in Customer Content except for the limited rights expressly set forth in this Agreement.

8.4. Customer Content licence. During the Term, Customer grants WTTJ a worldwide, non-transferable, non-exclusive licence over Customer Content, including but not limited to the Customer’s corporate name, trade name, trademark and logo,  for the purpose of providing the Services and making Customer Content available online, including on the Website, WTTJ’s social networks, communications and newsletters.

8.5. Aggregated Data. Notwithstanding anything to the contrary, WTTJ will be free (during and after the Term hereof) to, without any obligation to the Customer, collect, develop, create, extract, compile, synthesize, analyze, and commercialize statistics, benchmarks, measures, and other information based on Aggregated Data.

9. WARRANTIES & LIABILITY

9.1. Standard of care. WTTJ will use commercially best efforts (obligation of means) to provide the Services and to make them available on a 24/7 basis, subject to planned maintenance, emergency maintenance and events outside WTTJ’s reasonable control. Where reasonably practicable, planned maintenance will be scheduled during off-peak hours. Service uptime information may be made available at https://status.welcometothejungle.com/ (or any successor page notified by WTTJ).

9.2. No outcome guarantee. The Customer acknowledges that recruitment outcomes depend on multiple factors outside WTTJ’s control. Accordingly, WTTJ does not guarantee any specific recruitment results, including the number or quality of applications, time-to-hire, or that any Job Posting will be filled.

9.3. Customer responsibility for content. The Customer remains solely responsible for Customer Content, including the legality, accuracy and compliance of Job Postings and recruitment communications with applicable law.

9.4. Liability limitation. To the maximum extent permitted by law : 

• (a) neither Party shall be liable for indirect or consequential losses (loss of profit, revenue, goodwill, business interruption, etc.);<

• (b) each Party’s total aggregate liability arising out of or in connection with this Agreement (whether in contract, tort (including negligence), breach of statutory duty, or otherwise) shall not exceed the total Fees paid or payable under the applicable Order Form.

10. DATA PROTECTION

10.1. Compliance. Each Party shall comply with Data Protection Laws.

10.2. DPA. Where required, the Parties agree that the Data Processing Agreement (“DPA”) attached as Schedule  applies and forms part of the Agreement. Depending on the Services, WTTJ may act as a Processor and/or the Parties may act as Independent Controllers for certain processing activities.

11. CONFIDENTIALITY

11.1. Use limitation. Each Party will protect the other Party’s Confidential Information using reasonable care and will use it only as necessary to perform under the Agreement.

11.2. Compelled disclosure. The receiving Party may disclose Confidential Information if required by law or court order, provided it gives prompt notice where legally permitted.

11.3. Duration. These confidentiality obligations apply during the Term and for two (2) years thereafter.

 

12. ARTIFICIAL INTELLIGENCE FEATURES

​​12.1. Scope. WTTJ may make available, as part of the Services, certain functionalities based on Artificial Intelligence (AI), machine learning, or similar technologies (the “AI Features”). AI Features are features relying on AI. The AI Features may include, without limitation: (a) candidate ranking and matching suggestions to help identify potentially relevant candidates for a given job opening; (b) drafting assistance to help generate, refine, or improve Job Posting content; and (c) resume/CV parsing and data extraction to structure information from resumes/CVs uploaded into the ATS or otherwise processed through the Services.

12.2. Inputs and Outputs. For the purposes of this Section : 

• “Input” means content submitted by the Customer or Authorized Users to AI Features (including any Personal Data contained in such content).

• “Output” means the results generated by the AI Features based on the Input (including suggested text, extracted fields, rankings, or summaries).

12.3. Customer responsibility. The Customer remains responsible for (i) the legality and appropriateness of Inputs, (ii) having a valid basis and necessary notices/rights to submit Inputs (including Personal Data), and (iii) reviewing Outputs before using, publishing, or communicating them. Outputs may be inaccurate, incomplete, or unsuitable for the Customer’s purposes.

12.4. Human oversight. The Customer acknowledges that AI Features are intended to support decision-making and do not automatically execute hiring decisions. The Customer shall ensure that hiring-related decisions involve meaningful human review and are not made solely on the basis of Outputs.

12.5. Data minimization; sensitive data. The Customer shall apply data minimization and should not intentionally submit special category data (or equivalent sensitive data) to AI features. 

12.6. Non-uniqueness. The Customer acknowledges that Outputs may not be unique and that similar outputs may be generated for other customers or users (including where similar inputs are provided).

12.7. Safety measures. WTTJ may apply reasonable safeguards and usage controls to AI Features and may restrict or suspend AI Features in case of misuse or legal risk.

 

13. FORCE MAJEURE

​​13.1. Force Majeure. Neither Party shall be liable for failure or delay in performing its obligations (except payment obligations for undisputed Fees) due to events beyond its reasonable control, including natural disasters, acts of war or terrorism, labor disputes, government actions, and outages affecting internet, telecommunications or hosting providers not attributable to the affected Party.

13.2. Notice and mitigation. The affected Party will notify the other Party as soon as reasonably practicable and will use reasonable efforts to mitigate the effects and resume performance.

13.3. Extended force majeure. If a Force Majeure event materially prevents performance for more than ninety (90) consecutive days, either Party may terminate the affected Order Form by written notice, without liability except for Fees accrued for Services performed up to termination.

 

14. COMPLIANCE

​​14.1. Compliance with laws. Each Party shall comply with applicable laws.

14.2. Sanctions; Export. The Customer represents it will not use the Services in violation of applicable sanctions or export control laws.

 

15. MISCELLANEOUS

​​15.1. Assignment. The Customer may not assign, transfer, novate, subcontract or otherwise transfer any of its rights or obligations under this Agreement (in whole or in part) without WTTJ’s prior written consent. WTTJ may assign, transfer or novate this Agreement and/or any Order Form without the Customer’s consent to (i) any Affiliate, or (ii) any successor entity in connection with a merger, reorganization, change of control, or a sale of all or substantially all of WTTJ’s assets or the business to which this Agreement relates. WTTJ will give the Customer prior written notice of such assignment (or, where not reasonably practicable, prompt notice), and WTTJ shall remain responsible for performance of the Services until the Effective Date of the assignment.

15.2. Subcontractors. WTTJ may use subcontractors to perform the Services, provided WTTJ remains responsible for their performance under the Agreement.

15.3. Notices. Notices must be sent:

To the Customer: by email to the administrator's address as identified in the Services and/or by email to WTTJ's commercial contact.

To WTTJ: by email at contact@wttj.co.

15.4. Severability; waiver. If any provision of this Agreement is held to be invalid, illegal or unenforceable by a competent court, that provision shall be deemed modified to the minimum extent necessary to make it valid, legal and enforceable (and, where such modification is not possible, severed), and the remaining provisions shall remain in full force and effect. No failure or delay by either Party in exercising any right, power or remedy under this Agreement shall operate as a waiver of such right, power or remedy, nor shall any single or partial exercise of any right, power or remedy preclude any other or further exercise of that or any other right, power or remedy.

15.5. Entire agreement. This Agreement constitutes the entire agreement between the Parties relating to its subject matter and supersedes all prior or contemporaneous discussions, negotiations and understandings, whether written or oral.

 

16. GOVERNING LAW AND JURISDICTION

16.1. France (WTTJ France). Where the WTTJ contracting entity identified in the applicable Order Form is Welcome to the Jungle France (WTTJ France), this Agreement shall be governed by French law, and the Commercial Court of Paris (Tribunal de commerce de Paris) shall have exclusive jurisdiction over any dispute arising out of or in connection with the Agreement.

16.2. United Kingdom (WTTJ UK). Where the WTTJ contracting entity identified in the applicable Order Form is Welcome to the Jungle UK (WTTJ UK), this Agreement shall be governed by the laws of England and Wales, and the courts of England and Wales sitting in London shall have exclusive jurisdiction over any dispute arising out of or in connection with the Agreement.

16.3. United States (WTTJ US). Where the WTTJ contracting entity identified in the applicable Order Form is Welcome to the Jungle US (WTTJ US), this Agreement shall be governed by the laws of the State of New York, excluding its conflict of laws rules, and the state and federal courts located in New York shall have exclusive jurisdiction over any dispute arising out of or in connection with the Agreement.

Schedule 1 - Services Specific Terms

1. Employer Branding - Production of Creations

PREAMBLE

This schedule applies only to Customers who have subscribed to the production of Creations as mentioned in the Order Form.

Creations: means the final content produced by WTTJ for the benefit of the Customer, and more particularly the photographs and videos appearing on the Company Showcase. The Creations are not part of the Customer Content.

Participants: means any person appearing in the Creations.

 

1.1 DESCRIPTION OF THE SERVICE

WTTJ carries out photo shoots and/or filming to produce the Creations for publication on the Customer's company profile on the Website, under the conditions specified in the Order Form.

 

1.2 FILMING

Within five (5) business days following the signature of the Order Form mentioning the purchase of production of Creations, WTTJ contacts the Customer to schedule the filming. The Customer may postpone the filming date only once, provided that WTTJ is notified by email at least ten (10) business days in advance.

 

1.3 CREATIONS

The Customer provides WTTJ with all necessary information at least ten (10) days before the filming. WTTJ delivers the Creations within ten (10) business days following the filming.

Unless otherwise stated in the Order Form, only revisions related to technical defects are accepted. Any other modification must be accepted by WTTJ and may incur additional costs. Once validated for publication, no further modification is possible.

1.4 IMAGE RIGHTS

The Customer guarantees that it has obtained all necessary rights from the Participants to appear in the Creations for the entire Term of the Agreement.

 

1.5 USE OF THE CREATIONS

Subject to full payment of the Fees, WTTJ grants the Customer a personal and non-transferable license to use the Creations, solely for their publication on the Website during theTerm of the Agreement.

Any use of the Creations outside the Website (social networks, advertising, Customer's website, etc.) requires WTTJ's prior written consent and may be subject to additional billing.

The Customer is not authorized to modify the final version of the Creations.

WTTJ guarantees that it holds the rights to the Creations and will not grant a license to any third party for the Creations created for the Customer.

The Customer is solely responsible for compliance with its obligations during any authorized distribution of the Creations, particularly concerning the author's moral rights and the rights of the Participants.

 

1.6 STORAGE OF THE CREATIONS

The Customer has twelve (12) months from the filming date to request delivery of the Creations. After this period, WTTJ has no obligation to store them.

 

2. Job booster 

2.1 DESCRIPTION OF THE FEATURE

If expressly mentioned in the Order Form, the Customer will have the possibility to promote one or more Job Postings via the "Job Booster" feature on the Website. This feature allows the Customer to promote Job Postings through dedicated slots (the "Boosts") which will guarantee improved placement of the Job Posting on certain pages of the website. These Boosts may be activated at any time during the current contractual year, for a period of thirty (30) consecutive days after which they expire. Any Boost not used during the current contractual year will be lost for the following year.

WTTJ will determine the placement and positioning of the Job Postings promoted by the Customer on the Website.

2.2 LIMITATION OF WARRANTY

WTTJ does not guarantee any results from the use of the Job Booster feature and in particular: (i) regarding the volume of applications, (ii) regarding the fact that candidates will meet the hiring criteria, or (iii) regarding the volume of hires that will result from it.

3. Sourcing 

3.1 ACCESS TO THE FEATURE

If expressly mentioned in the Order Form evidencing the subscription to the sourcing service, the Customer will benefit from access license(s) to features allowing them in particular to view candidates' CVs (the "Sourcing"). The Customer undertakes to comply with the number of licenses provided in the Order Form. The licenses are individual.

3.2 CUSTOMER'S OBLIGATIONS

In the context of using Sourcing, the Customer undertakes to:

• preserve the confidentiality of information relating to candidates and in particular that contained in CVs. The Customer is prohibited from using this information for purposes other than recruitment and is prohibited from communicating this information to third parties. The Customer acknowledges that information concerning candidates' openness to new professional opportunities is strictly confidential and undertakes not to disclose it to third parties, in any form whatsoever, without the prior written consent of the candidate concerned;

• not extract candidate data or use it in any way without having obtained their prior consent via the dedicated feature;

• not contact candidates for purposes other than those related to recruitment for the job posting for which they have agreed to be contacted;

• in general, comply with the recruitment charter;

• not use automated means to retrieve, extract, access, modify, download, query or collect information from the Website, except in cases where this is strictly authorized by WTTJ.

In case of non-compliance with these obligations, WTTJ reserves the right to suspend or terminate the Customer's access to the Services.

3.3 PERSONAL DATA

The Parties acknowledge and agree that they will act as separate and independent data controllers with respect to the personal data they process for the purposes of carrying out the Sourcing processing purpose.

As such, each Party undertakes to (i) comply with all applicable legal and regulatory provisions, in particular Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 (hereinafter, the "GDPR"), (ii) implement and maintain technical and organizational measures to ensure the protection of personal data against any unauthorized or unlawful access as well as against any breach, loss, unauthorized disclosure or accidental destruction, and (iii) alert the other Party if any of these events occur, so that the latter can alert the relevant natural persons.

Schedule 2 - Data Processing Agreement - DPA

PREAMBLE

This Data Processing Agreement (the "DPA") details the respective obligations of the Parties regarding Personal Data Processing implemented by Welcome to the Jungle on behalf of the Client within the framework of the Services.

The details of Processing operations for each of the Services appear in Sub-Annex 1 - "Details of Processing operations".

Only the stipulations of this document relating to Services actually subscribed by the Client within the Order Form are applicable to the Parties.

DEFINITIONS

The terms "personal data", "data processing", "purpose", "data subject", "processor", "data controller", and any other term relating to data protection have the meaning attributed to them by the GDPR, particularly as defined in article 4.

For the purposes of this DPA, certain additional terms specific to services and personal data processing are capitalized and have the meanings defined below. The definitions mentioned in the Contract also remain applicable to these terms.

"DPA" means this Data Processing Agreement (and its Sub-Annexes), concluded between WTTJ and the Client.

"Personal Data Regulation" means the applicable regulation regarding Personal Data Processing and, particularly, regulation (EU) 2016/679 of the European Parliament and Council of April 27, 2016 ("GDPR"), as well as law no. 78-17 of January 6, 1978 relating to information technology, files and freedoms, in its amended version;

"Data Controller" means the Client insofar as it determines the Purposes and means of Processing operations performed on Personal Data within the framework of its use of Services under the conditions provided for in this DPA;

"Processor" means WTTJ, when it processes Personal Data on behalf of and on instructions from the Client under the conditions provided for in this DPA.

"Sub-processor" means any subsequent processor engaged by the Processor to conduct certain Processing activities.

1. DESCRIPTION OF PROCESSING

The Processor is authorized to process on behalf of the Data Controller the Personal Data necessary for providing the Services subject to the Contract.

The nature of Processing operations implemented within the framework of this DPA, their legal basis, their Purpose(s), the Personal Data subject to Processing operations, the categories of Data Subjects, the duration and location of Processing, are described in Sub-Annex 1 - "Details of Processing operations".

2. DPA DURATION

This DPA comes into effect upon signature of the Order Form by the Client and remains in effect for the duration of the Contract.

3. DATA CONTROLLER OBLIGATIONS

The Data Controller acknowledges and warrants:

1. providing the Processor with Personal Data necessary for providing Services, in compliance with Personal Data Regulation;
   
   
2. documenting in writing any instruction concerning Personal Data Processing operations entrusted to the Processor under this DPA;
   
   
3. that all its instructions relating to Processing operations are given in compliance with Personal Data Regulation provisions and that any Data Subject has been informed of the Purpose of said Processing operations, their rights and recipients of Personal Data;
   
   
4. that it will respond, within the timeframes provided by Personal Data Regulation, to requests for exercising rights by any Data Subject concerning Processing operations entrusted to the Processor;
   
   
5. ensuring, beforehand and during all Processing operations, compliance by the Processor with its obligations under Personal Data Regulation;
   
   
6. that it will not ask the Processor to process sensitive Personal Data as defined in Article 9 of the GDPR;
   
   
7. that it will respond, as soon as possible to requests from any competent supervisory authority, where applicable.

 

4. PROCESSOR OBLIGATIONS

The Processor undertakes to:

1. perform Personal Data Processing operations only on instructions from the Data Controller and for the sole Purposes identified in Sub-Annex 1 "Details of Processing operations";
   
   
2. if it considers that an instruction from the Data Controller constitutes a violation of Personal Data Regulation, immediately inform the Data Controller, the latter then acknowledging being solely responsible for changing said instruction to make it compliant and guaranteeing the Processor against any recourse in this regard;
   
   
3. guarantee confidentiality of Personal Data subject to Processing operations within the framework of this DPA;
   
   
4. ensure that persons authorized to perform Personal Data Processing operations under this DPA:
   - undertake to respect confidentiality or are subject to an appropriate legal confidentiality obligation; and
   - receive necessary training in Personal Data protection;
   
   
5. take into account, regarding its tools, products, applications or services, the principles of Personal Data protection by design and Personal Data protection by default;
   
   
   
6. implement and maintain precise documentation outlining technical and organizational protection and confidentiality measures surrounding Personal Data as well as their access;
   
   
7. inform its employees of their responsibility concerning Personal Data protection, particularly regarding confidentiality of this data;
   
   
8. in case of possible legal, administrative or judicial prohibition that could prevent it from performing Processing operations, the Processor will inform the Data Controller and may then terminate the Contract, without the Data Controller being able to question the Processor's responsibility or request damages;
   
   
9. cooperate with any competent supervisory authority in case of information request from it and comply with any CNIL recommendation relating to Processing operations.
   
   
10. Sub-processing
    The Processor is authorized by the Data Controller to use Sub-processors to conduct certain specific Processing operations. The Sub-processors used by the Processor are described in Sub-Annex 2 - "Sub-processing".
    
    The Processor informs the Data Controller beforehand and in writing of any planned change regarding addition or replacement of other Sub-processors. This information must clearly indicate the sub-contracted Processing operations, the identity and contact details of the Sub-processor, any Personal Data transfers outside the European Union and appropriate means adopted by the Processor to frame such transfers.
    
    The Data Controller has a period of fifteen (15) calendar days from the date of sending this information to present its objections. Sub-processing can only be performed if the Data Controller has not issued a written objection during this period.
    
    In case of duly justified objection in writing and sent within the time limit by registered letter with acknowledgment of receipt by the Data Controller concerning the choice of a new Sub-processor, the Processor will take into account the Data Controller's remarks either:
    - by asking the Sub-processor to comply with reasonable requests from the Data Controller;
    - by proposing a new Sub-processor to the Data Controller, in which case the Data Controller will have fifteen (15) calendar days to formulate a new written objection if necessary;
    - by offering the Data Controller the possibility to terminate the Contract, without the Data Controller being able to question the Processor's responsibility or request damages.
    
    The Sub-processor is required to respect the obligations of this Sub-processing Contract on behalf of and according to instructions from the Data Controller. It is the Processor's responsibility to ensure that any Sub-processor presents sufficient guarantees regarding implementation of appropriate technical and organizational measures so that sub-contracted Processing operations meet GDPR requirements.
    
    The Processor remains fully responsible to the Data Controller for performance by any Sub-processor of its obligations under sub-contracted Personal Data Processing operations.
    
    
11. Personal data transfers
    Any transfer of Personal Data to a third country to the European Union or an international organization by the Processor is only performed based on documented instructions from the Data Controller or to satisfy a specific requirement of European Union law or member state law to which the Processor is subject and is performed in compliance with chapter V of the GDPR or regulation (EU) 2018/1725.
    
    The Data Controller agrees that when the Processor recruits a Sub-processor in accordance with Article 10 and the concerned processing activities involve a transfer of Personal Data outside the European Union, the Processor and concerned Sub-processor will guarantee compliance with chapter V of the GDPR, prior to implementing the concerned Processing operations, either:
    - by verifying that the destination country for Personal Data benefits from an adequacy decision from the European Commission; or
    - by providing appropriate guarantees framing said transfer through signature of standard contractual clauses issued by the European Commission (including any updates to them), provided that the conditions for using said standard contractual clauses are met.
    
    
12. Data subject information rights
    

    It is the Data Controller's responsibility to provide information to Data Subjects concerned by Processing operations at the time of Personal Data collection.

13. Exercise of data subject rights
    

    To the extent possible, the Processor assists the Data Controller in fulfilling its obligation to respond to requests for exercising Data Subject rights: right of access, portability, rectification, erasure and objection, right to processing limitation, right to data portability, right not to be subject to individual automated decision-making (including profiling).

    When Data Subjects exercise directly with the Processor requests for exercising their rights on their Personal Data subject to Processing, the Processor addresses these requests without delay by email to a Data Controller contact point.

14. Personal data breach notification
    

    The Processor notifies the Data Controller of any Personal Data Breach as soon as possible and, at the latest, forty-eight (48) hours after becoming aware of it. This notification is accompanied by any useful documentation to allow the Data Controller, if necessary, to notify this Personal Data Breach to the competent supervisory authority and, where applicable, to Data Subjects.

    The Processor will inform the Data Controller of identified causes of this Personal Data Breach and take all measures that seem necessary and reasonable to remedy the origin of this Personal Data Breach when this repair is under the Processor's control.

15. Processor assistance in data controller compliance
    The Processor may reasonably assist the Data Controller for:
    - conducting data protection impact assessments, and
    - conducting prior consultation with the supervisory authority.
    
    

    These requests must be reasonable regarding the pursued objective, both in terms of human and financial cost they may represent for the Processor, and may be subject to a complementary quote where applicable.

16. Security measures
    The Processor undertakes to implement the technical and organizational measures outlined in Annex 3 - "Security measures" to guarantee an appropriate level of security for Personal Data Processing.
    
    The Processor must at all times have technical and organizational measures to prevent unauthorized access to Personal Data and use of Personal Data for Purposes other than those agreed between the Parties.
    
    The Processor declares and warrants that security measures taken are in no case inferior to those required by Personal Data Regulation or those that a person exercising the same activity as the Processor would have reasonably taken for protecting Personal Data against unauthorized access or use.
    
    In cases where the Processor has obtained prior authorization from the Data Controller for transmitting Personal Data to a third party, the Processor must again take appropriate security measures allowing secure transmission of Personal Data.
    
    
17. Personal data fate
    At the end of service provision relating to Personal Data Processing, the Processor undertakes to destroy or anonymize all Personal Data processed on behalf of the Data Controller.
    
    The Data Controller may ask the Processor to retain certain Personal Data, particularly photos and videos, to be able to reactivate its Company Profile in the event of subscribing to a new subscription, within a maximum period of 2 years.
    
    The Processor may, where applicable and before the destruction or anonymization provided above, assist the Data Controller so that the latter can recover certain Personal Data in a particular format, after validation by the latter of a quote detailing the price of such service.
    
    
18. Record of processing activities
    The Processor declares to keep in writing a record of processing activities including details of Processing performed on behalf of the Data Controller and including:
    
    - the name and contact details of the Data Controller on whose behalf it acts, any Sub-processors and, where applicable, the DPO of each of the Parties;
    
    - categories of Processing operations performed on behalf of the Data Controller;
    where applicable, Personal Data transfers to a third country or international organization, including identification of this third country or international organization and documents attesting to the existence of appropriate guarantees for framing said transfer;
    
    - to the extent possible, a general description of technical and organizational security measures, including among others, according to needs:
    > pseudonymization and encryption of Personal Data;
    > means to guarantee constant confidentiality, integrity, availability and resilience of Processing systems and services; 
    > means to restore availability of Personal Data and access to it within appropriate timeframes in case of physical or technical incident;
    > a procedure to regularly test, analyze and evaluate effectiveness of technical and organizational measures to ensure Processing security.
    
    
    
19. Documentation
    The Processor keeps at the Data Controller's disposal the documentation necessary to demonstrate compliance with all its obligations and to allow audits (maximum one (1) audit per year), including inspections, by the Data Controller or another auditor it has mandated at its sole expense, and contribute to these audits.
    
    To be admissible, any audit request must be addressed to the Client with notice sent by registered letter with acknowledgment of receipt of at least forty-five (45) calendar days before the provisional audit date. Any audit that would mobilize the Processor for a duration exceeding one (1) man-day per year will be subject to additional billing.
    
    

5. DATA PROTECTION OFFICER

• The Processor has designated, in accordance with Article 37 of the GDPR, a DPO reachable at privacy@wttj.co.
• In case the Data Controller has also designated a DPO, the Data Controller will communicate the contact details of the latter to the Processor upon first request.

6. LIABILITY

Any limitation of liability applicable under the Contract also applies to this DPA, without prejudice to individual liability that the Data Controller or Processor could incur towards any Data Subject or competent supervisory authority, particularly under Article 82 of the GDPR.

7. APPLICABLE LAW

By express agreement between the Parties, this Annex is subject to French law, excluding any other legislation.

8. DISPUTE RESOLUTION

In the absence of amicable resolution, the Parties undertake to submit any dispute or contestation relating to the validity, interpretation, execution and/or breach of this DPA to the exclusive jurisdiction of the Courts of the Paris Court of Appeal jurisdiction.

Sub-schedule 1: Details of Processing Operations

Within the framework of the signed Contract and DPA, WTTJ acts as Processor following Client instructions for processing operations applicable to Services actually subscribed by the Client and as indicated within the Order Form.

Sub-schedule 2: List of Sub-processors

Schedule 3 - Security Measures

Security measures for Personal Data that the Processor must take within the framework of Processing operations include, non-exhaustively, the following measures:

• all Processor personnel must be trained and regularly informed of developments in security and Personal Data protection;
• to protect Personal Data confidentiality, the Processor must include, within employment contracts signed by personnel members having access to Personal Data, a clause requiring these personnel members to acknowledge their duty to protect confidentiality of all Personal Data they access under the Sub-processing Contract;
• only authorized personnel members may have access to Personal Data, provided this access is necessary. Prevention measures for Personal Data access by unauthorized persons must be implemented;
• a Personal Data access method must be developed, and adequate authorization level must be required;
• Any access to Personal Data must be protected by an authentication system allowing identification and an access log must be maintained. The Processor must implement a password policy adapted to Personal Data access. When technically possible, MFA and/or SSO are mandatory.
• any electronic media and software on which Personal Data is stored must be regularly updated and protected against malware and unauthorized access, using protective software (such as antivirus) and advanced security policy (bug bounty for example);
• Personal Data must not be stored within environments (such as Internet) accessible to third parties and which are not subject to Processor authorization;
• adequate security measures (e.g. firewalls etc.) must be implemented at the interface between environments accessible to third parties and company storage areas, as well as measures to fight virtual attacks threatening Personal Data security;
  
  
• Personal Data transmission must always be performed through encrypted communication services;
• the environment (servers, Personal Data storage systems, etc.) for storing Personal Data on behalf of the Data Controller must be physically protected and access to it must be controlled and limited to authorized personnel members only;
• Personal Data is deleted using adequate methods. Deletion of Personal Data stored in an electronic environment must make any Personal Data recovery impossible. Personal Data subject to physical storage (documents etc.) are destroyed using adequate methods or equipment (shredder etc.).