Currently, the Conditions Générales d'Utilisation point out that the UTC is responsible of the DB. If we want to stick to that, we must sign an agreement with the UTC where we put ourselves as a processor (sous-traitant) in the meaning of the GDPR.
Another possibility would be to be directly responsible of the treatment, but we should update the CGU, and I think it's more dangerous ^^
And anyways, we must also indicate that some treatments are done by Actualités UTC, which has its own database (but these treatments are done internally to the Environnement Numérique de Travail and the terms and conditions are already documented in the Règlement Intérieur).
Currently, the Conditions Générales d'Utilisation point out that the UTC is responsible of the DB. If we want to stick to that, we must sign an agreement with the UTC where we put ourselves as a processor (sous-traitant) in the meaning of the GDPR.
Another possibility would be to be directly responsible of the treatment, but we should update the CGU, and I think it's more dangerous ^^
And anyways, we must also indicate that some treatments are done by Actualités UTC, which has its own database (but these treatments are done internally to the Environnement Numérique de Travail and the terms and conditions are already documented in the Règlement Intérieur).