TERMS AND CONDITIONS OF SERVICE

By signing and accepting the PO (as defined below), you are agreeing to the terms and conditions of service as set forth in this agreement (and together with all of its exhibits, the “Agreement”), between Immagnify Ltd., a company incorporated under the laws of Israel, with offices located at 9 HaTslil St., Ra’anana, Israel, (the “Company”) and you (the “Customer”, and each of the Company and the Customer shall be referred to herein as a “Party,” and collectively as the “Parties”). It is hereby clarified, that this Agreement shall govern the relationship between the Parties as to any of the Services provided or to be provided to Customer as set forth in each PO. In the event of any conflict between a PO and this Agreement, this Agreement shall prevail unless the PO expressly provides otherwise.

The Customer and the Company hereby agree as follows:

  1. SERVICE
  1. Services. During the Term (as defined below) of the Agreement, the Company shall provide the services as described in one or more purchase orders executed by both Parties (the "Services" and the "PO", respectively), as attached hereto as Exhibit A.
  2. The Company will make the Services available to the Customer via password-protected online access accessible by the Customer, via its application programmer interface, or as otherwise mutually agreed by the parties.  
  3. PO. Each PO is incorporated by reference hereto and will be governed by the provisions of this Agreement. The Company will perform only work that is documented in a PO. Each PO shall describe the Services, the term through which the Services shall be provided, the fees in respect of the Services, the technical requirements for such Services to be provided and the required deliverables to be provided by the Customer. In the event of inconsistency between this Agreement and a PO, the terms of this Agreement will control unless specifically stated otherwise in the PO with reference to the conflicting provision of this Agreement. Any amendment to a PO shall require the prior written consent of the Customer and the Company.
  1. REPRESENTATIONS AND WARRANTIES OF THE PARTIES

Each Party represents and warrants that:

  1. It has the power and authority to execute and deliver this Agreement.
  2. Neither the execution and delivery of this Agreement nor the performance of its obligations under this Agreement will violate any contract, agreement, court order, injunction, consent decree or law to which the Customer is subject or by which it is bound.
  3. Customer shall use the Services in accordance with the provisions of this Agreement and the guidelines provided by the Company, from time to time.
  4. Certain portions of the Services may be provided by Company's third-party licensors, and the Company’s ability to provide such information may be subject to the willingness of such licensors to continue to contract with it. Features and functions relating to the Company Property (as defined below) are provided “as is” and they may be modified, supplemented, or removed from time to time in the Company's sole discretion..
  1. CONSIDERATION
  1. Consideration. In consideration for the Services, the Customer shall pay the Company the fees set forth in each PO (the "Consideration"). The Customer will pay the Company the Consideration, within fourteen (14) days following the end of the month in which it receives a valid tax invoice furnished by the Company to the Customer, through transfer of the Consideration to a bank account, as designated by the Company.
  2. Taxes. The Customer shall bear any and all taxes in connection with any payments made to the Company pursuant to this Agreement.
  3. Offset. The Customer shall not be entitled to offset any payments due to the Company under this Agreement.
  4. Default. If the Customer defaults in payment of any sum due to the Company, the Company shall provide a written notice to the Customer. If the invoice remains unpaid for more than 30 days, then the Company may suspend further performance under the PO (s) affected by such nonpayment until the amount is paid in full by Customer.
  5. Interest. Interest will accrue on amounts past due at the daily rate of "Bank Israel" or the maximum permitted by applicable law. In any proceeding brought by the Company to collect amounts due, the Company will also receive its actual costs of collection, including reasonable attorneys' fees.
  1. TERM AND TERMINATION
  1. Term. The term of this Agreement commences on the Effective Date and continues until the first anniversary or otherwise as set forth in the PO or as provided below. The term will automatically extend for a period of one year unless either party terminates the agreement by a sixty (60) days' prior notice in writing to the other party (the “Term”).
  2. Termination for Cause. Either Party may, without prejudice to the other rights or remedies available to it, immediately terminate this Agreement if the other Party:
  1. . Fails to perform its obligations under this Agreement or any PO and such failure continues for a period of thirty (30) days following the receipt of a written notice;
  2. . Ceases to carry on its business substantially as such business was conducted on the date of this Agreement;
  3. . Institutes or suffers the institution against it of bankruptcy, reorganization, liquidation, receivership, insolvency or similar proceedings; or
  4. . Becomes generally unable to pay its debts as they become due.
  1. Effect of Termination. The Company will be paid for all Services performed and expenses incurred during the Term. If the Customer terminates a PO or the Agreement without cause while any PO remains uncompleted, the Customer shall pay any cancellation fee applicable to the affected PO, as set forth in such PO. Upon termination date of this Agreement, the Services granted herein shall immediately terminate (unless otherwise provided in the PO), and the Customer shall immediately return to the Company, or, if Company has provided a written request, destroy and permanently delete, all of the Company's documents and Confidential Information (as defined below), all of the Query Data (as defined below) and all other Services’ deliverables (as such shall be further detailed in each PO) in its possession or control.
  2. Survival. The provisions of Sections 4.3, 6, ‎‎7, 8, 9, 11.9 hereinafter shall remain in force even after the termination of this Agreement for any reason.
  1. CONFIDENTIALITY AND DATA PROTECTION
  1. The Parties undertake to keep confidential and not to disclose to anyone, the terms of this Agreement.
  2. The Customer undertakes that, during and after the Term of this Agreement, it shall keep confidential any and all Information in respect to the Company, its business and operations, and any Information related to the Customer's engagement with the Company. The Customer undertakes not to disclose to any entity or person in any way, whether for or without consideration, Information of any kind in respect to the Services provided by the Company or Information that came to the Customer's knowledge during or in connection with its engagement with the Company, whether in writing, orally, by means of magnetic media, or in any other way, other than Information received when executing the Services and Information for the benefit of the Company.

"Information" shall include, without limitation any data or information that is proprietary to the Company, whether in tangible or intangible form, in whatever medium provided, whether unmodified or modified by the Customer, whenever and however disclosed, including, but not limited to: (i) any marketing strategies, plans, financial information, or projections, operations, sales estimates, business plans and performance results relating to the past, present or future business activities of the Company; (ii) plans for products or services, and customer or supplier lists; (iii) any scientific or technical information, invention, design, process, procedure, formula, improvement, technology or method; (iv) any concepts, reports, data, know-how, works-in-progress, designs, development tools, specifications, computer software, source code, object code, flow charts, databases, inventions, information and trade secrets; (v) any other information that should reasonably be recognized as confidential information of the Company; and (vi) any information generated by the Customer that contains, reflects, or is derived from any of the foregoing. Information need not be novel, unique, patentable, copyrightable or constitute a trade secret in order to be designated Information. The Customer acknowledges that the Information is proprietary to the Company, has been developed and obtained through great efforts by the Company and that Company regards all of its Information as trade secrets.

  1. The Customer undertakes not to retain any Information of the Company, except during and for the purpose of its engagement with the Company. The Customer undertakes to return to the Company all such Information, immediately upon the Company's initial demand.
  2. In the event of termination of the Customer's engagement with the Company for any reason, the Customer shall cause that any Information of the Company under his possession or control, be returned to the Company until the date of termination of the engagement. It is hereby agreed that any document, whether written, by means of magnetic media, or any other media, which includes Information, is the sole property of the Company, whether delivered to the Customer by the Company or drafted by the Customer.
  3. The Customer agrees to limit its disclosure of Information only to those of its employees who need to know such Information and who have signed a written agreement with the Customer binding them to terms and conditions substantially similar to those of this Agreement.
  4. The obligations in this Section ‎‎5 herein, with respect to Information do not apply to information that: (a) is rightfully received from a third party lawfully in possession of the information and not subject to a confidentiality or nonuse obligation; (b) is independently developed by the Customer or its personnel, provided that the persons developing the information do not use the Information; or (c) was already known to the Customer prior to its receipt from the Company. In addition, the Customer will be allowed to disclose Information of the Disclosing Party to the extent that such disclosure is: (x) approved in writing by the Company; or (y) required by law or by the order of a court of similar judicial or administrative body, provided that the Customer gives the Company prompt notice thereof so that the Company may seek a protective order or other appropriate remedy, and further provided, that in the event that such protective order or other remedy is not obtained, Customer shall furnish only that portion of the Information which is legally required, and shall exercise all reasonable efforts required to obtain confidential treatment for such Information.
  5. In addition to the confidentiality provisions set forth above, both parties shall ensure that all personal data received, collected, disclosed, transferred, stored, processed or otherwise used in connection with this Agreement shall be in compliance with applicable data protection laws. Without derogating from the foregoing, Customer hereby agrees to comply by the terms and conditions of Exhibit B "Data Processing Exhibit", attached to this Agreement and constitutes an integral part thereof.
  1. INTELLECTUAL PROPERTY

All rights, of any kind whatsoever, including, but not limited to, intellectual property rights, copyrights, trademarks, brands, patents, trade secrets, samples, know-how and/or any other material included and/or associated with the Company's software platform for providing the Services and the operation thereof or the Services, whether said rights are registered or unregistered, are exclusively owned by the Company (collectively, the "Company's Property"). The Customer hereby acknowledges that the Customer shall have no rights of any kind in the Company's software platform and the Company. It is hereby clarified that this Agreement does not transfer any rights in the Company's Property to the Customer.

  1. QUERY DATA
  1.       All Query Data transmitted or made available through the Services is in the sole responsibility of the Customer. The Company does not control, monitor or have any detailed knowledge of the Query Data. The Company shall not be liable for the Query Data and any other information transmitted through or in connection with the Services. The Customer hereby agrees to bear all the risks associated with the use of the Query Data, and be solely responsible for all acts and omissions of anyone who has access to or otherwise uses any of the Query Data.
  2. Without derogating from the foregoing, the Customer hereby authorizes and grants the Company a non-exclusive license to use, have used, store, process, transfer, reproduce, distribute, perform, display, and create derivative works of Query Data for the purpose of providing the Service. The Customer represents and covenants that, prior to posting Query Data for purposes of the Services, the Customer has obtained all rights or licenses necessary to authorize the Company's processing of the Query Data, as may be applicable.
  3. Any use of the Query Dada shall be limited to the period of the Term.
  4. The Customer shall use the Query Data only for its internal business purposes pursuant to the purposes set forth in the PO, and shall not: (i) resell, sublicense, distribute or otherwise provide access to the Query Data to any third party; (ii) copy, modify, adapt, translate, prepare derivative works from, reverse engineer, disassemble, or decompile the Query Data or otherwise attempt to discover any source code or trade secrets related to the Services; or (iii) use the trademarks, trade names, service marks, logos, domain names and other distinctive brand features or any copyright or other proprietary rights associated with the Services for any purpose without the express written consent of the Company.
  5. For the purposes of this Agreement "Query Data" means text, reviews, comments, listing descriptions, shop names, user profiles, promotional information, listing photos, listing descriptions, usernames, data files, code, graphics, logos, photographs, illustrations, images, music, software, audio, video, files, works of authorship of any kind, and information or other materials that are posted, generated, collected, monitored, provided or otherwise made available through the Services.
  1. RELATIONSHIP OF THE PARTIES

The Company is an independent contractor and nothing in this Agreement will be construed to make either the Company or Customer partners, joint ventures, principals, agents or employees of the other. No officer, director, employee, agent, affiliate or contractor employed by the Company to perform work on Customer’s behalf under this Agreement will be deemed to be an employee, agent or contractor of Customer. Neither Party will have any right, power or authority, express or implied, to bind or make representations on behalf of the other.

  1. Limitation of Liability

TO THE MAXIMUM EXTENT PERMITTED BY APPLICABLE LAW AND EXCEPT FOR INSTANCES OF A PARTY’S OR ITS AGENT’S GROSS NEGLIGENCE OR INTENTIONAL MISCONDUCT, IN NO EVENT WILL EITHER PARTY BE LIABLE TO THE OTHER PARTY FOR ANY PUNITIVE, EXEMPLARY, MULTIPLE, INDIRECT, CONSEQUENTIAL, SPECIAL, OR LOST PROFITS DAMAGES ARISING FROM OR RELATING TO THIS AGREEMENT, WHETHER FORESEEABLE OR UNFORESEEABLE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.  CUSTOMER’S SOLE AND EXCLUSIVE REMEDY FOR ANY UNCURED BREACH BY THE COMPANY OF ITS OBLIGATIONS UNDER THIS AGREEMENT, IS TERMINATION BY WRITTEN NOTICE TO THE COMPANY, AND REFUND OF A PRORATED PORTION OF THE CONSIDERATION THAT CUSTOMER HAS PAID. THE COMPANY’S MAXIMUM LIABILITY TO CUSTOMER SHALL BE THE AMOUNTS ACTUALLY PAID TO THE COMPANY BY CUSTOMER UNDER THIS AGREEMENT IN THE SIX (6) MONTHS PRECEDING THE EVENT GIVING RISE TO CUSTOMER’S CAUSE OF ACTION. EXCEPTING LIABILITY ARISING FROM THE CUSTOMER’S GROSS NEGLIGENCE OR INTENTIONAL MISCONDUCT, CUSTOMER’S MAXIMUM LIABILITY TO THE COMPANY HEREUNDER SHALL BE TWO TIMES (2X) THE AMOUNT OF THE CONSIDERATION.

  1. DISCLAIMER OF WARRANTIES

THE SERVICES ARE PROVIDED “AS IS” AND EXCEPT FOR ANY EXPRESS REPRESENTATIONS AND WARRANTIES STATED HEREIN, NEITHER PARTY MAKES ANY ADDITIONAL REPRESENTATION OR WARRANTY OF ANY KIND, WHETHER EXPRESS, IMPLIED (EITHER IN FACT OR BY OPERATION OF LAW), OR STATUTORY, AS TO ANY MATTER WHATSOEVER AND EACH PARTY EXPRESSLY DISCLAIMS ALL IMPLIED WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, QUALITY, ACCURACY, TITLE, AND NON-INFRINGEMENT. NEITHER PARTY WILL HAVE THE RIGHT TO MAKE OR PASS ON ANY REPRESENTATION OR WARRANTY ON BEHALF OF THE OTHER PARTY TO ANY THIRD PARTY.

  1. GENERAL PROVISIONS
  1. Interpretation. The titles and headings of the various sections and paragraphs in this Agreement are intended solely for reference and are not intended for any purpose whatsoever.
  2. Assignability. The Company may assign and/or transfer and/or subrogate its rights under this Agreement to any affiliated Company, and in the event of a merger or sale of all or most of the Company's assets or shares, provided that the Customer's rights under this Agreement shall not be infringed.
  3. Publicity. The Company may reference its general business relationship with Customer for marketing purposes. Customer may not use the Company's trademarks in any marketing material without the prior written consent of the Company.
  4. Notices. All notices and demands hereunder shall be in writing and shall be served by personal service, electronic mail, or by mail, at the address of the receiving Party set forth in this Agreement (or such different address as may be designated by such Party by written notice to the other Party). The notice will have been given (a) when delivered by hand, (b) on the next business day, if delivered by a recognized overnight courier, (c) on the third business day if mailed (by certified or registered mail, return receipt requested) or (d) upon confirmed electronic mail.
  5. Entire Agreement of the Parties. The recitals, the exhibits and the applicable POs constitute an integral part of this Agreement. This Agreement constitutes the entire agreement between the Parties relating to the Services and supersedes all prior written or oral understandings, agreements or representations by or between the Parties with respect to these subjects. Any modification or waiver of this Agreement is effective only if it is in writing signed by an authorized representative of both Parties.
  6. Waiver. No delay or failure by a Party in exercising any right, power or privilege under this Agreement or any other instruments given in connection with or pursuant to this Agreement will impair any such right, power or privilege or be construed as a waiver of or acquiescence in any default. No single or partial exercise of any right, power or privilege will preclude the further exercise of that right, power or privilege or the exercise of any other right, power or privilege
  7. Force Majeure. The Company shall not be liable for any failure to perform its obligations hereunder due to a cause beyond its reasonable control, including without limitation, strike, labor or civil unrest or dispute, embargo, blockage, work stoppage, protest, war, terrorism, or acts of God such as fires, floods, electrical storms, and natural catastrophes (each a "Force Majeure"). In the event of a Force Majeure, the performance of the Company's obligations shall be suspended during the period of existence of such Force Majeure as well as the period required thereafter to resume the performance of the obligation.
  8. Counterparts. This Agreement may be executed in any number of counterparts, each of which shall be deemed an original and enforceable against the Parties actually executing such counterpart and all of which together shall constitute one and the same instrument.
  9. Severability. If any provision of this Agreement is held invalid, void, or unenforceable to any extent, that provision will be enforced to the greatest extent permitted by law and the remainder of this Agreement and application of such provision to other persons or circumstances will not be affected.
  10. No Third Party Beneficiary.  Nothing in this Agreement, expressed or implied, shall confer on any person other than the Parties hereto, or their respective permitted successors or assigns, any rights, benefits, remedies, obligations or liabilities under or by reason of this Agreement or the transactions contemplated herein.
  11. Governing Law; Place of Jurisdiction. This agreement shall be exclusively governed by the Laws of the State of Israel. Any dispute, controversy or claim arising under, out of or relating to this agreement (and subsequent amendments thereof), its valid conclusion, binding effect, interpretation, performance, breach or termination, including tort claims, shall be exclusively referred to the competent courts in Tel Aviv, Israel.
  12. The Parties hereby declare that this Agreement is the result of negotiations between them, that they have been given the opportunity to review and consult before entering into this Agreement, and that they have read this Agreement carefully, fully understood its contents and obligations thereunder, and the full offerings and meanings thereof, and they accept to undertake, unreservedly, all of their obligations and liabilities as set forth in this Agreement.

                                         

Exhibit A

PURCHASE ORDER

[to be attached in respect of each Customer]

 


Exhibit B

DATA PROCESSING EXHIBIT

This Data Processing Exhibit (the “Exhibit”) is entered into by and between Immagnify Ltd., a company number 516123320, incorporated under the laws of the State of Israel, having its registered office at 9 HaTslil St., Ra’anana, Israel (the “Company” or the "Data Processor"), forms an integral part of the Terms and Conditions of Services (the "Agreement") between the Company and the Customer (or the "Controller").

All capitalized terms shall have the meaning ascribed to them in the Agreement, unless expressly provided otherwise in this Data Processing Exhibit.  In the event of a conflict between the Agreement and this Exhibit, the terms of this Exhibit shall control over processing of Personal Data.

The Customer and the Company hereby agree as follows:

  1. DEFINITIONS
  1. "Affiliate" means an entity, whether now or in the future, that directly or indirectly through one or more intermediaries, controls, or is controlled by, or is under common control with the Company. For this purpose, "control" means ownership of at least fifty percent of the voting shares or the power to direct or cause the direction of, the management, governance or policies of an entity.
  2. "Applicable Data Protection Laws" means all applicable local, state, federal, and international privacy, including without limitation, GDPR, Israel Privacy Protection Law, 5741-1981 and the regulations promulgated thereunder, and applicable confidentiality, consumer protection, advertising, electronic mail, data security, data localization and other similar laws, rules, and regulations, whether in effect now or in the future.
  3. "Company System(s)" means any information technology systems, whether owned, contracted, rented or leased (including any third-party hosted solutions) by or on behalf of the Company.  
  4. "Controller" means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of Personal Data.
  5. "Customer System(s)" means any system whether owned, contracted, rented or leased by Customer or its Personnel uses to access Company Systems or uses to provide access to any Company Confidential Information or Processed Data.
  6. "Customer" as used in this Data Processing Exhibit shall mean collectively, the Customer party that enter into the Agreement and its affiliates.
  7. "Data Subject Requests" means any requests from a Data Subject related to access, rectification, suppression, limitation, objection, portability and erasure of Personal Data or other requests authorized under Applicable Data Protection Law.
  8. "Designated Contact" for reporting Security Events, Data Subject Requests, and unauthorized access to the Processed Data means: contact@immagnify.com and such additional contact as designated by the Company.
  9. "GDPR" means EU General Data Protection Regulation 2016/679;
  10. "Personnel" means Customer's employees, contractors, subcontractors, agents and representatives.
  11. "Processed Data" means any Personal Data Processed by the Company on behalf of the Customer pursuant to or in connection with the Agreement;
  12. "Processor" means a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller.
  13. "Security Event" means any attempt or activity that (i) is made to gain unauthorized access to Company Confidential Information or Processed Data; (ii) interferes with the operation of any Company Systems or Customer Systems containing the Company or the Company third-party data or information; or (iii) may otherwise compromise the security or privacy of Company Confidential Information or Processed Data or disclosure of Company Confidential Information or Processed Data.
  14. "Unauthorized Access" means any accidental, unauthorized or improper access to the Processed Data or to Company Confidential Information.
  15. The terms, "Data Subject", "Personal Data", "Personal Data Breach", "Processing", and "Supervisory Authority" shall have the same meaning as in the Applicable Data Protection Laws.
  1. DATA PROTECTION AND PRIVACY OF PERSONAL DATA

In addition to the other obligations set forth hereunder, Customer shall comply with the terms of this Exhibit with respect to the Processing of any Personal Data:

  1. The Customer shall comply with all Applicable Data Protection Laws as a Controller of the Processed Data; and
  2. The Customer hereby appoints the Company in relation to the processing of Personal Data and the parties agree to act in accordance with their respective obligations under this Data Processing Exhibit and consistent with the purposes of the Agreement. The Customer shall further instruct the Company how to process the Processed Data, and the Company shall not process data other than pursuant to the instructions as set forth below.
  3. The Parties shall take reasonable steps to ensure the reliability of any employee, agent or contractor who may have access to the Processed Data, ensuring in each case that access is strictly limited to those individuals who need to know or to access the relevant Processed Data, as strictly necessary for the purposes of the Agreement, and to comply with Applicable Data Protection Laws, ensuring that all such individuals are subject to confidentiality undertakings or professional or statutory obligations of confidentiality.
  4. The Customer will ensure that it has any and all authorizations, consents and certifications which are necessary under Applicable Data Protection Laws in order to control the Processing of the Personal Data as a Controller, as evidenced by its written records.
  5. The Customer shall adhere to the obligations under Applicable Data Protection Laws including, without limitation, obligations regarding (i) data protection (including data protection impact assessments as defined in the GDPR); (ii) Data Subject Requests; (iii) Security Events; (iv) data transfers outside Israel or the EEA and other adequate countries; and (v) cooperation or consultancy with the relevant regulatory or supervisory authorities.
  6. Customer will (i) use best efforts to ensure that any Processed Data that is inaccurate or incomplete is erased or rectified; (ii) ensure that all appropriate and legally required technical, physical and organizational security measures, are taken to protect the Processed Data against accidental or unlawful destruction, loss, damage, alteration or Unauthorized Access; (iii) establish an audit trail to document whether and by whom Processed Data have been entered into, modified in, or removed; and (iv) retain the Processed Data only as long as is necessary.  
  1. DATA SUBJECT RIGHTS
  1. The Customer shall provide Data Subject rights to the Data Subject as required according to the Applicable Data Protection Laws. The Company shall not be liable in respect of any claim regarding Data Subject rights.
  2. Taking into account the nature of the Processing, the Customer shall applied appropriate technical and organizational measures to respond to requests to exercise Data Subject rights under the Applicable Data Protection Laws.
  3. The Customer shall:
  1. Promptly notify the company's Designated Contact if it receives a request from a Data Subject under any Applicable Data Protection Law in respect of the Processed Data; and
  2. Ensure it responds to that request as required by Applicable Data Protection Laws.
  1. PERSONAL DATA BREACH
  1. The Customer shall notify the Company without undue delay upon becoming aware of a Personal Data Breach affecting the Processed Data. The Company shall not be liable in respect of any claim of Personal Data Breach.
  2. The Customer shall report or inform Data Subjects of the Personal Data Breach under the Applicable Data Protection Laws.
  3. The Customer shall take reasonable commercial steps in the investigation, mitigation and remediation of each such Personal Data Breach.
  1. DISCLOSURES AND SECURITY EVENTS
  1. Taking into account the state of the art, the costs of implementation and the nature, scope, context and purposes of Processing as well as the risk of varying likelihood and severity for the rights and freedoms of natural persons, the Parties shall in relation to the Processed Data implement appropriate technical and organizational measures to ensure a level of security appropriate to that risk, including, as appropriate, the measures referred to in Article 32(1) of the GDPR.
  2. In assessing the appropriate level of security, the Parties shall take account in particular of the risks that are presented by Processing, in particular from a Personal Data Breach.
  3. Customer shall report to the company's Designated Contact:
  1. Unauthorized access to Company Confidential Information or Processed Data within one (1) day of discovery of such access or earlier if required by law or regulation;
  2. Any successful Security Event affecting Company Confidential Information or Processed Data. within 24 hours upon discovery or earlier if required by law or regulation;
  3. The loss of any privacy or security certification of a Customer System or a material finding of any internal or external security assessment of a Customer System that poses a significant risk of a Security Event within five (5) days or earlier if required by law or regulation;
  1. Customer shall use best efforts to remedy any unauthorized access to Company Confidential Information or Processed Data or any Security Event in a timely manner.
  2. Customer shall be responsible for all costs to the extent caused by any unauthorized access to Company Confidential Information or Processed Data or a Security Event as described above, including those costs incurred by the Company related to investigation, remediation, fines or penalties. The Company may terminate without penalty the Agreement or any Services for breach if it determines that Customer's remediation action with regard to unauthorized access to Company Confidential Information or Processed Data or a Security Event is insufficient.
  1. THIRD PARTY PERSONNEL
  1. The Parties shall not appoint (or disclose any Processed Data to) any subprocessor unless required and authorized by the Company.
  2. The Customer shall not transfer the Processed Data to any third party.
  3. Customer will disclose the Processed Data only to those Personnel who have the need to know such Processed Data in connection with the performance of the Agreement, and shall ensure that its Personnel who provide or access Customer Systems or Processes Company Confidential Information or the Processed Data are obligated to comply with Applicable Data Protection Laws and the obligations set forth under this Data Processing Exhibit prior to accessing Customer Systems, Processed Data or the Company Confidential Information.
  4. Customer shall be solely responsible for its Personnel's compliance with the Agreement and this Data Processing Exhibit and the acts and omissions of its Personnel to the same extent as if the acts were performed by Customer.
  5. Customer agrees that if it engages a third party Personnel in connection with the performance of the Agreement, Customer shall ensure that such third party Personnel signs an agreement containing provisions substantially similar to this Data Processing Exhibit, prior to accessing Customer Systems, Processed Data or the Company Confidential Information.
  1. RECORDS/AUDITS/ASSESSMENTS

During the term of this Data Processing Exhibit and for a period of the later of seven (7) years or any regulatory requirements from the date of the termination or expiration of the Agreement or this Data Processing Exhibit, Customer shall keep records, logs, reports audit trails, and any other relevant documentation regarding the Services under the Agreement, with the exception of Personal Data (if the Services permit Customer to store any Personal Data) that will be deleted at the latest upon termination of the Agreement.

  1. COMPLIANCE
  1. If Customer is not compliant, or reasonably believes that it is not or is unable to comply with its obligations under this Data Processing Exhibit, Customer shall (i) promptly notify the Company of its non-compliance or inability to comply; (ii) conduct an assessment of the reasons for and circumstances surrounding such noncompliance; and (iii) use best efforts and take all necessary actions to achieve compliance and to mitigate the impact of its noncompliance on the Services, Processed Data and Company Confidential Information. Notwithstanding the above, the Company may suspend the Services or terminate the Agreement without penalty at any time during the period of Customer's noncompliance.
  2. A breach of this Data Processing Exhibit shall be deemed a breach of the Agreement. Customer acknowledges that, notwithstanding any other provisions of the Agreement, a material breach by Customer or its Personnel of this Data Processing Exhibit could cause irreparable harm and shall give the Company the right to (i) terminate the Agreement and all Services immediately without penalty in the event of a material breach, and (ii) pursue any remedies the Company may have in law or in equity.
  3. Customer shall indemnify and hold the Company and its affiliates harmless from and against all claims, costs, expenses, losses, damages, awards or other liability incurred by the Company or its affiliates arising out of any breach by Customer or its Personnel of any of the provisions of this Data Processing Exhibit (including all attachments) and/or Applicable Data Protection Laws. The provisions of this Data Processing Exhibit shall survive termination or expiration of the Agreement.
  1. ADDITIONAL PROVISIONS
  1. At the expiration or termination of the Agreement or when requested earlier by the Company, Customer shall (i) return to the Company, or upon the Company's written request destroy, all Company Confidential Information, as well as all copies, adaptations and independent compilations thereof in Customer's actual or constructive possession; and (ii) ensure that any device or system which stored or contained Company Confidential Information is wiped, overwritten, or removed, in accordance with all Applicable Data Protection Laws and in a manner which verifies the Company Confidential Information is rendered completely unrecoverable.
  2. Duration. This Data Processing Exhibit will remain in force as long as the Company processes data on behalf of the Customer under the Service Agreement and all exhibits.
  1. DETAILS OF THE PROCESSING
  1. Details of the Processing of the Personal Data (as required by Article 28(3) GDPR):
  1. Subject matter and duration of the processing of the Personal Data: shall be as set forth in the PO, according to the scope of Services and the Term, as both defined in the Agreement.
  2. The nature and purpose of the processing of the Personal Data:
  1. For the Company to perform its obligations pursuant to the terms and conditions;
  2. For delivery and provision of the Services to the Customer;
  3. For customer support and technical troubleshooting;
  4. To comply with applicable law, including law enforcement requests.
  1. The types of the Personal Data to be processed: name, phone number, postal address, email address, position, position details, social media URLs, employer name, employer URLs, transactions, usage details, including URLs visited, events triggered on defined actions such as page loads, clicks, logins and purchases, IP addresses, cookies, analytics data.
  2. The categories of Data Subject to whom the Personal Data relates: current, former and potential employees and subcontractors of the Customer and other authorized users of the Services.
  3. SubProcessors: the current list of sub-processors are as set forth at the Company's website.

*

 

3959148_8