Aleph only needs to sign a data processing agreement when we are asked to provide our expertise and conduct searches using our internal tools or using the Aleph Search Dark license purchased by the client.

When clients use the license on their own, Aleph does not require a data processing agreement and the client assumes sole liability for their use of the product.

(…)

Through this agreement, the system’s controller provides the service provider with written authorisation to conduct these operations.

This allows the service provider to prove to authorities that it is entitled to carry out these operations and has not violated articles 323-3 and 323-3-1 of the French Penal Code.

(…)

Aleph is charged with indexing, identifying, collecting, and storing data which was almost certainly obtained illegally from the company’s information system.

Aleph must therefore receive authorisation from the company that has experienced a data breach to demonstrate our good faith in searching for leaks.

The data processing agreement proves that Aleph is not conducting this search for our own purposes but to fulfil a contract.

(…)

Moreover, these data processing agreements serve to demonstrate the legitimate grounds expressly required by article 323-3 of the French Penal Code concerning cybersecurity technology.

(…)

Excerpt from Aleph’s document on the legal framework..

Contact us to receive our full document on the legal framework!

In partnership with the SHITF avocats law firm

Service providers that conduct searches for data breaches must ensure they comply with prevailing provisions in France regarding the protection of personal data and particularly the GDPR.

This is even more important when the surveillance or search mission involves one or more key people in the company.

GDPR compliance is required of Aleph as a data processor and of our client as the data controller.

Of course, Aleph advises our clients on the steps needed to ensure compliance. See our full document on the legal framework to learn more about this topic.

But the organisation that contracts Aleph’s services or uses our technology via a license remains solely responsible for ensuring its personal data processing is compliant, even more so regarding aspects for which they are the sole data controller.

(…)

Excerpt from Aleph’s document on the legal framework..

Contact us to receive our full document on the legal framework!

In partnership with the SHITF avocats law firm