BY CLICKING “I AGREE,” OR BY DOWNLOADING, INSTALLING, OR OTHERWISE ACCESSING OR USING OUR SERVICES, you are agreeing to the terms and conditions of service as set forth in these Terms and any and all terms of policies incorporated herein by reference, including our Privacy Policy (and together with all of its exhibits, these “Terms”), between Immagnify Ltd., a company incorporated under the laws of Israel, with offices located at 9 HaTslil St., Ra’anana, Israel, (“we”, “our” or the “Company”) and you (the “Customer”, and each of the Company and the Customer shall be referred to herein as a “Party,” and collectively as the “Parties”). It is hereby clarified, that these Terms shall govern the relationship between the Parties as to any of the Services provided or to be provided to Customer. If you do not agree to all the terms and conditions of these Terms, you may not access or use the Services.
The Customer and the Company hereby agree as follows:
- SERVICES
- During the Term (as defined below) of these terms, the Company shall provide the services as described in one or more webpages or purchase orders executed by both Parties (the “Services” and the “PO“, respectively), as attached hereto as Exhibit A.
- These Terms are applicable to all users of the Services, whether such use is free or under a paid subscription.
- Individual users who subscribe to paid Services or who are part of a Team (defined below) (each, a “Subscriber”) must also review and agree to the Terms at the time of subscription and at the time of any subsequent subscription modification. For an enterprise subscription, you must request a quote from the Company.
- The Company will make the Services available to the Customer via password-protected online access accessible by the Customer, via its application programmer interface, or as otherwise mutually agreed by the parties.
- Once delivered to the Customer, all deliverables transmitted or made available to the Customer through the Services will be in the sole responsibility of the Customer and the Company shall not control, monitor or have any detailed knowledge of any uses made in such deliverables by the Customer.
- You may access our Services via an API (Application Program Interface). Any use of the API, including use of the API through a third-party product, is bound by these Terms. We reserve the right at any time to modify or discontinue, temporarily or permanently, your access to the API (or any part thereof). To the extent allowed under law, these changes may be effective upon notice provided to you.
Fair Use Policy: Immagnify’s unlimited plans operate under a fair use policy to prevent abuse of our system. We reserve the right to monitor your usage to ensure compliance with this policy. Unlimited Users: The number of unlimited users allowed on your account is calculated based on the amount you paid divided by $240. Unlimited Emails: The number of unlimited emails allowed on your account is calculated based on the amount you paid divided by $0.08.
All accounts registered for an unlimited plan are subject to the fair use policy unless we mutually agree to different limits and outline it in a separate agreement, which will be governed by an applicable further Order Form.
- REPRESENTATIONS AND WARRANTIES OF THE PARTIES
Each Party represents and warrants that:
- It has the power and authority to execute and deliver these Terms.
- Neither the execution and delivery of these Terms nor the performance of its obligations under these Terms will violate any contract, agreement, court order, injunction, consent decree or law to which the Customer is subject or by which it is bound.
- Customer shall use the Services in accordance with the provisions of these Terms and the guidelines provided by the Company, from time to time.
- Certain portions of the Services may be provided by Company’s third-party licensors, and the Company’s ability to provide such information may be subject to the willingness of such licensors to continue to contract with it. Features and functions relating to the Company Property (as defined below) are provided “as is” and they may be modified, supplemented, or removed from time to time in the Company’s sole discretion.
- CONSIDERATION
- In consideration for the Services, the Customer shall pay the Company the fees set forth in the respective webpage (the “Consideration“). Current pricing terms and services are maintained at the following webpage: https://immagnify.com/pricing.
- Subscribers pre-pay for a set number of lookups and downloads of lookup information, which will expire at the end of the applicable subscription Term.
- Enterprise Customer will pay the Company the Consideration, within thirty (30) days following the end of the month in which it receives a valid tax invoice furnished by the Company to the Customer, through transfer of the Consideration to a bank account, as designated by the Company.
- Taxes. The Customer shall bear any and all taxes in connection with any payments made to the Company pursuant to these Terms, except for taxes which by nature are born by the Company. If the Customer is obliged to withhold any tax amounts, such withheld amounts shall be deducted from the amounts due to Company, provided that if the Company provides Customer a certificate from the Israeli tax authorities, withholding shall be made in accordance with that certificate. Upon request, Customer shall provide Company with a certificate for such paid withheld amounts.
- Offset. The Customer shall not be entitled to offset any payments due to the Company under these Terms.
- Default. If the Customer defaults in payment of any sum due to the Company, the Company shall provide a written notice to the Customer. If the invoice remains unpaid for more than 30 days following such notice, then the Company may suspend further performance under the PO (s) affected by such nonpayment until the amount is paid in full by Customer.
- Interest. Interest will accrue on amounts past due at the daily rate of “Bank Israel” or the maximum permitted by applicable law. In any proceeding brought by the Company to collect amounts due, the Company will also receive its actual costs of collection, including reasonable attorneys’ fees.
- TERM AND TERMINATION
- Term. The term of these Terms commences on the Effective Date and continues for as long as there is an active subscription, or there are any active POs between Customer and Company. (the “Term”).
- Termination for Cause. Either Party may, without prejudice to the other rights or remedies available to it, immediately terminate these Terms if the other Party:
- . Fails to perform its material obligations under these Terms or any PO and such failure continues for a period of thirty (30) days following the receipt of a written notice;
- . Ceases to carry on its business substantially as such business was conducted on the date of these Terms;
- . Institutes or suffers the institution against it of bankruptcy, reorganization, liquidation, receivership, insolvency or similar proceedings; or
- . Becomes generally unable to pay its debts as they become due.
- Effect of Termination. The Company will be paid for all Services performed and expenses incurred during the Term. If the Customer terminates a PO or these Terms without cause while any PO remains uncompleted, the Customer shall pay any cancellation fee applicable to the affected PO, as set forth in such PO. In the event that Customer has lawfully terminated these Terms or any PO for cause, in accordance with section 4.2 above, Customer shall be entitled to a refund for any prepaid fees from such termination date. Upon termination date of these Terms, the Services granted herein shall immediately terminate (unless otherwise provided in the PO), and each Party shall, upon other Party’s request shall return to the other Party, or, if the other Party has provided a written request, destroy and permanently delete, all of the other Party’s documents and Confidential Information (as defined below), all of the Query Data (as defined below) and all other Services’ deliverables (as such shall be further detailed in each PO) in its possession or control.
- Survival. The provisions of Sections 4.3, 6, 7, 8, 9, 11.9 hereinafter shall remain in force even after the termination of these Terms for any reason.
- CONFIDENTIALITY AND DATA PROTECTION
- The Parties undertake to keep confidential and not to disclose to anyone, the terms of these Terms.
- Each Party (the “Receiving Party”) undertakes that, during and after the Term of these Terms, it shall keep confidential any and all Information in respect to the other Party (the “Disclosing Party”), its business and operations, and any Information related to the Receiving Party’s engagement with the Disclosing Party. The Receiving Party undertakes not to disclose to any entity or person in any way, whether for or without consideration, Information of any kind in respect to the Services provided by the Company or Information that came to the Receiving Party’s knowledge during or in connection with its engagement with the Disclosing Party, whether in writing, orally, by means of magnetic media, or in any other way.
“Information” shall include, without limitation any data or information that is proprietary to the Company, whether in tangible or intangible form, in whatever medium provided, whether unmodified or modified by the Customer, whenever and however disclosed, including, but not limited to: (i) any marketing strategies, plans, financial information, or projections, operations, sales estimates, business plans and performance results relating to the past, present or future business activities of the Company; (ii) plans for products or services, and customer or supplier lists; (iii) any scientific or technical information, invention, design, process, procedure, formula, improvement, technology or method; (iv) any concepts, reports, data, know-how, works-in-progress, designs, development tools, specifications, computer software, source code, object code, flow charts, databases, inventions, information and trade secrets; (v) any other information that should reasonably be recognized as confidential information of the Company; and (vi) any information generated by the Customer that contains, reflects, or is derived from any of the foregoing. Information need not be novel, unique, patentable, copyrightable or constitute a trade secret in order to be designated Information. The Customer acknowledges that the Information is proprietary to the Company, has been developed and obtained through great efforts by the Company and that Company regards all of its Information as trade secrets.
- The Receiving Party undertakes not to retain any Information of the Disclosing Party, except during and for the purpose of its engagement with the Disclosing Party. The Receiving Party undertakes to return to the Disclosing Party all such Information, immediately upon the Disclosing Party’s initial demand.
- At the request of the Disclosing Party and following termination of these Terms for any reason, the Receiving Party shall cause that any Information of the Disclosing Party under its possession or control, be returned to the Disclosing Party.
- The Receiving Party agrees to limit its disclosure of Information only to those of its employees who need to know such Information and who have signed a written agreement with the Receiving Party binding them to terms and conditions substantially similar to those of these Terms.
- The Customer undertakes that it may not launch any automated systems, including without limitation, “robots,” “spiders, “offline readers,” “crawler,” “scrapper,” or any other automated systems to extract and\or export, and\or retain the disclosed information provided by the Company.
- The obligations in this Section 5 herein, with respect to Information do not apply to information that: (a) is rightfully received from a third party lawfully in possession of the information and not subject to a confidentiality or nonuse obligation; (b) is independently developed by the Receiving Party or its personnel, provided that the persons developing the information do not use the Information; or (c) was already known to the Receiving Party prior to its receipt from the Disclosing Party. In addition, the Receiving Party will be allowed to disclose Information of the Disclosing Party to the extent that such disclosure is: (x) approved in writing by the Disclosing Party; or (y) required by law or by the order of a court of similar judicial or administrative body, provided that the Receiving Party gives the Disclosing Party prompt notice thereof, unless prohibited by the compelled disclosure, so that the Disclosing Party may seek a protective order or other appropriate remedy, and further provided, that in the event that such protective order or other remedy is not obtained, the Receiving Party shall furnish only that portion of the Information which is legally required, and shall exercise all reasonable efforts required to obtain confidential treatment for such Information. In any event, the Information shall remain confidential and shall continue to be subject to these Terms.
- In addition to the confidentiality provisions set forth above, both parties shall ensure that all personal data received, collected, disclosed, transferred, stored, processed or otherwise used in connection with these Terms shall be in compliance with applicable data protection laws. Without derogating from the foregoing, each Party hereby agrees to comply by the terms and conditions of Exhibit B “Data Processing Exhibit” (the “DPA”), attached to these Terms and constitutes an integral part thereof.
- INTELLECTUAL PROPERTY
- All rights, of any kind whatsoever, including, but not limited to, intellectual property rights, copyrights, trademarks, brands, patents, trade secrets, samples, know-how and/or any other material included and/or associated with the Company’s software platform for providing the Services and the operation thereof or the Services, whether said rights are registered or unregistered, are exclusively owned by the Company (collectively, the “Company’s Property“). The Customer hereby acknowledges that the Customer shall have no rights of any kind in the Company’s software platform and the Company. It is hereby clarified that these Terms does not transfer any rights in the Company’s Property to the Customer.
- Subject to your complete and ongoing compliance with these Terms, we grants you, solely for your personal use, a limited, worldwide, non-exclusive, non-transferable, non-sublicensable, revocable license to: (i) access and use the Services and the information generated or derived from the Services; and (ii) install and use the object code copy of downloadable software if made available by us as part of the Service. Subscriber’s use of the Services is limited to: (iii) performing the requests and queries derived from the Services; (iv) communicating with any individual or entity for whom the information generated or derived from the Services is available in a manner that relates to such individual’s or entity’s (as applicable) profession, business, or employment; and (v) identifying prospective sales opportunities, researching subscriber’s existing customers and prospects, and otherwise analyzing the Lookup Information in a manner relating to subscriber’s personal, internal use.
- In exchange for use of our Services, you agree not to use the Services or any product of the Services, including the information generated or derived from the Services, for any unlawful purpose or in contravention to the laws of any nation or international regulations where the Service or product is subject to such laws or regulations, including applicable privacy laws and anti-spam laws.
- RELATIONSHIP OF THE PARTIES
The Company is an independent contractor and nothing in these Terms will be construed to make either the Company or Customer partners, joint ventures, principals, agents or employees of the other. No officer, director, employee, agent, affiliate or contractor employed by the Company to perform work on Customer’s behalf under these Terms will be deemed to be an employee, agent or contractor of Customer. Neither Party will have any right, power or authority, express or implied, to bind or make representations on behalf of the other.
- LIMITATION OF LIABILITY
TO THE MAXIMUM EXTENT PERMITTED BY APPLICABLE LAW, IN NO EVENT WILL EITHER PARTY BE LIABLE TO THE OTHER PARTY FOR ANY PUNITIVE, EXEMPLARY, MULTIPLE, INDIRECT, CONSEQUENTIAL, SPECIAL, OR LOST PROFITS DAMAGES ARISING FROM OR RELATING TO THESE TERMS, WHETHER FORESEEABLE OR UNFORESEEABLE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. EACH PARTY’S MAXIMUM LIABILITY TO THE OTHER SHALL BE THE AMOUNTS ACTUALLY PAID TO THE COMPANY BY CUSTOMER UNDER THESE TERMS IN THE THREE (3) MONTHS PRECEDING THE EVENT GIVING RISE TO CUSTOMER’S CAUSE OF ACTION. THE COMPANY SHALL HAVE NO LIABILITY FOR ANY FAILURE OR DELAY DUE TO MATTERS BEYOND OUR REASONABLE CONTROL.
- INDEMNIFICATION
You agree to defend, indemnify, and hold harmless the Company and its subsidiaries, agents, licensors, managers, and other affiliated companies, and their employees, contractors, agents, officers and directors, from and against any and all claims, damages, obligations, losses, liabilities, costs or debt, and expenses (including but not limited to attorney’s fees) arising from: (i) your use of and access to the Service; (ii) your violation of any term of this Agreement, including without limitation your breach of any of the representations and warranties above; (iii) your violation of any third-party right, including without limitation any right of privacy or Intellectual Property Rights; (iv) your violation of any applicable law.
- DISCLAIMER OF WARRANTIES
THE SERVICES ARE PROVIDED “AS IS” AND EXCEPT FOR ANY EXPRESS REPRESENTATIONS AND WARRANTIES STATED HEREIN, NEITHER PARTY MAKES ANY ADDITIONAL REPRESENTATION OR WARRANTY OF ANY KIND, WHETHER EXPRESS, IMPLIED (EITHER IN FACT OR BY OPERATION OF LAW), OR STATUTORY, AS TO ANY MATTER WHATSOEVER AND EACH PARTY EXPRESSLY DISCLAIMS ALL IMPLIED WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, QUALITY, ACCURACY, TITLE, AND NON-INFRINGEMENT. NEITHER PARTY WILL HAVE THE RIGHT TO MAKE OR PASS ON ANY REPRESENTATION OR WARRANTY ON BEHALF OF THE OTHER PARTY TO ANY THIRD PARTY.
- GENERAL PROVISIONS
- Interpretation. The titles and headings of the various sections and paragraphs in these Terms are intended solely for reference and are not intended for any purpose whatsoever.
- Assignability. Neither Party may assign these Terms, except that each Party may assign and/or transfer and/or subrogate its rights under these Terms to any affiliated Company of such Party, and in the event of a merger or sale of all or most of such Party’s assets or shares, provided that the other Party’s rights under these Terms shall not be infringed.
- Notices. All notices and demands hereunder shall be in writing and shall be served by personal service, electronic mail, or by mail, at the address of the receiving Party set forth in these Terms (or such different address as may be designated by such Party by written notice to the other Party). The notice will have been given (a) when delivered by hand, (b) on the next business day, if delivered by a recognized overnight courier, (c) on the third business day if mailed (by certified or registered mail, return receipt requested) or (d) upon confirmed electronic mail.
- Entire Agreement of the Parties. The recitals, the exhibits and the applicable POs constitute an integral part of these Terms. These Terms constitutes the entire agreement between the Parties relating to the Services and supersedes all prior written or oral understandings, agreements or representations by or between the Parties with respect to these subjects. Any modification or waiver of these Terms is effective only if it is in writing signed by an authorized representative of both Parties.
- Waiver. No delay or failure by a Party in exercising any right, power or privilege under these Terms or any other instruments given in connection with or pursuant to these Terms will impair any such right, power or privilege or be construed as a waiver of or acquiescence in any default. No single or partial exercise of any right, power or privilege will preclude the further exercise of that right, power or privilege or the exercise of any other right, power or privilege
- Force Majeure. Neither Party shall be liable for any failure to perform its obligations hereunder due to a cause beyond its reasonable control, including without limitation, strike, labor or civil unrest or dispute, embargo, blockage, work stoppage, protest, war, terrorism, or acts of God such as fires, floods, electrical storms, and natural catastrophes (each a “Force Majeure“). In the event of a Force Majeure, the performance of a Party’s obligations shall be suspended during the period of existence of such Force Majeure as well as the period required thereafter to resume the performance of the obligation.
- Counterparts. These Terms may be executed in any number of counterparts, each of which shall be deemed an original and enforceable against the Parties actually executing such counterpart and all of which together shall constitute one and the same instrument.
- Severability. If any provision of these Terms is held invalid, void, or unenforceable to any extent, that provision will be enforced to the greatest extent permitted by law and the remainder of these Terms and application of such provision to other persons or circumstances will not be affected.
- No Third Party Beneficiary. Nothing in these Terms, expressed or implied, shall confer on any person other than the Parties hereto, or their respective permitted successors or assigns, any rights, benefits, remedies, obligations or liabilities under or by reason of these Terms or the transactions contemplated herein.
- Governing Law; Place of Jurisdiction. These Terms shall be exclusively governed by the Laws of the State of Israel. Any dispute, controversy or claim arising under, out of or relating to these Terms (and subsequent amendments thereof), its valid conclusion, binding effect, interpretation, performance, breach or termination, including tort claims, shall be exclusively referred to the competent courts in Tel Aviv, Israel.
- Logos. We reserve the right to use Customer’s name and/or logos, solely for purposes of marketing and sales, including to be displayed at our website. You has the right to revoke the foregoing authorization to use the logo at any time in your sole discretion by providing us a written notice.
- The Parties hereby declare that these Terms is the result of negotiations between them, that they have been given the opportunity to review and consult before entering into these Terms, and that they have read these Terms carefully, fully understood its contents and obligations thereunder, and the full offerings and meanings thereof, and they accept to undertake, unreservedly, all of their obligations and liabilities as set forth in these Terms.
- Changes. We may change these Terms from time to time, and your continued use of or access to the Services following 30 days as of the posting of any changes to these Terms constitutes acceptance of those changes.
Last updated: November 18, 2021
Exhibit A
PURCHASE ORDER
[to be attached in respect of each Customer]
Exhibit B
DATA PROCESSING EXHIBIT
This Data Processing Exhibit (the “DPA”) is entered into by and between Immagnify Ltd., a company number 516123320, incorporated under the laws of the State of Israel, having its registered office at 9 HaTslil St., Ra’anana, Israel (the “Company” or the “Processor“), forms an integral part of the Terms and Conditions of Services (the “Terms“) between the Company and the Customer (or the “Controller“).
All capitalized terms shall have the meaning ascribed to them in the Terms, unless expressly provided otherwise in this DPA. In the event of a conflict between the Terms and this DPA, the terms of this DPA shall control over Processing of Personal Data.
The Customer and the Company hereby agree as follows:
- DEFINITIONS
- “Affiliate” means an entity, whether now or in the future, that directly or indirectly through one or more intermediaries, controls, or is controlled by, or is under common control with the Company. For this purpose, “control” means ownership of at least fifty percent of the voting shares or the power to direct or cause the direction of, the management, governance or policies of an entity.
- “Applicable Data Protection Laws” means all applicable local, state, federal, and international privacy, including without limitation, GDPR, Israel Privacy Protection Law, 5741-1981 and the regulations promulgated thereunder, and applicable confidentiality, consumer protection, advertising, electronic mail, data security, data localization and other similar laws, rules, and regulations, whether in effect now or in the future.
- “Company System(s)” means any information technology systems, whether owned, contracted, rented or leased (including any third-party hosted solutions) by or on behalf of the Company.
- “Customer” as used in this DPA shall mean collectively, the Customer party that enter into the Terms and its affiliates.
- “Data Subject Requests” means any requests from a Data Subject related to access, rectification, suppression, limitation, objection, portability and erasure of Personal Data or other requests authorized under Applicable Data Protection Law.
- “GDPR” means EU General Data Protection Regulation 2016/679;
- “Personnel” means a Party’s employees, contractors, subcontractors, agents and representatives.
- “Processed Data” means any Personal Data Processed by the Company on behalf of the Customer pursuant to or in connection with the Terms;
- “Security Event” means any attempt or activity that (i) is made to gain unauthorized access to Customer’s Confidential Information or Processed Data; (ii) interferes with the operation of any Company Systems or Customer Systems containing the Company or the Company third-party data or information; or (iii) may otherwise compromise the security or privacy of Customer’s Confidential Information or Processed Data or disclosure of Customer’s Confidential Information or Processed Data.
- “Unauthorized Access” means any accidental, unauthorized or improper access to the Processed Data or to Customer’s Confidential Information.
- The terms, “Controller”, “Processor”, “Data Subject”, “Personal Data”, “Personal Data Breach”, “Processing”, and “Supervisory Authority” shall have the same meaning as in the Applicable Data Protection Laws.
- DATA PROTECTION AND PRIVACY OF PERSONAL DATA
- The Company shall comply with all Applicable Data Protection Laws as a Processor of the Processed Data.
- The processing operations to be carried out in the performance of this DPA conform to the description set out under “Schedule I – Details of Processing” hereunder
- The Company shall process the Customer Personal Data solely pursuant to the Customer’s documented instructions, in order to supply the Services and as otherwise necessary to perform its obligations under the Terms including with regard to transfers of Customer Personal Data to a third country outside its current location
- The Customer will ensure that it has any and all authorizations, consents and certifications which are necessary under Applicable Data Protection Laws in order to control the Processing of the Personal Data as a Controller, as evidenced by its written records.
- The Company shall not Process Customer Personal Data in any country outside Israel, the UK or the EEA without the prior written consent of Customer.
- The Parties shall take reasonable steps to ensure the reliability of any employee, agent or contractor who may have access to the Processed Data, ensuring in each case that access is strictly limited to those individuals who need to know or to access the relevant Processed Data, as strictly necessary for the purposes of the Terms, and to comply with Applicable Data Protection Laws, ensuring that all such individuals are subject to confidentiality undertakings or professional or statutory obligations of confidentiality.
- The Company shall adhere to the obligations under Applicable Data Protection Laws including, without limitation, obligations regarding (i) data protection (including data protection impact assessments as defined in the GDPR); (ii) Data Subject Requests; (iii) Security Events; (iv) data transfers outside Israel or the EEA and other adequate countries; and (v) cooperation or consultancy with the relevant regulatory or supervisory authorities.
- Company will (i) use best efforts to ensure that any Processed Data that is inaccurate or incomplete is erased or rectified; (ii) ensure that all appropriate and legally required technical, physical and organizational security measures, are taken to protect the Processed Data against accidental or unlawful destruction, loss, damage, alteration or Unauthorized Access; (iii) establish an audit trail to document whether and by whom Processed Data have been entered into, modified in, or removed; and (iv) retain the Processed Data only as long as is necessary.
- DATA SUBJECT RIGHTS
- The Company shall provide Data Subject rights to the Data Subject as required according to the Applicable Data Protection Laws. The Customer shall not be liable in respect of any claim regarding Data Subject rights with regards to the processing of the Processed Data.
- Taking into account the nature of the Processing, the Company shall apply appropriate technical and organizational measures to respond to requests to exercise Data Subject rights under the Applicable Data Protection Laws.
- The Company shall:
- Promptly notify the Customer’s designated contact if it receives a request from a Data Subject under any Applicable Data Protection Law in respect of the Processed Data; and
- Ensure it responds to that request as required by Applicable Data Protection Laws.
- PERSONAL DATA BREACH
- The Company shall notify the Customer without undue delay upon becoming aware of a Personal Data Breach affecting the Processed Data. The Customer shall not be liable in respect of any claim of Personal Data Breach.
- The Company shall take reasonable commercial steps in the investigation, mitigation and remediation of each such Personal Data Breach.
- DISCLOSURES AND SECURITY EVENTS
- Taking into account the state of the art, the costs of implementation and the nature, scope, context and purposes of Processing as well as the risk of varying likelihood and severity for the rights and freedoms of natural persons, the Company shall in relation to the Processed Data implement appropriate technical and organizational measures to ensure a level of security appropriate to that risk, including, as appropriate, the measures referred to in Article 32(1) of the GDPR.
- In assessing the appropriate level of security, the Company shall take account in particular of the risks that are presented by Processing, in particular from a Personal Data Breach.
- Company shall report to the Customer’s designated contact:
- Unauthorized access to the Processed Data within one (1) day of discovery of such access or earlier if required by law or regulation;
- Any successful Security Event affecting the Processed Data within 24 hours upon discovery or earlier if required by law or regulation;
- The loss of any privacy or security certification of a Customer System or a material finding of any internal or external security assessment of a Company System that poses a significant risk of a Security Event within five (5) days or earlier if required by law or regulation;
- Company shall use best efforts to remedy any unauthorized access to the Processed Data or any Security Event in a timely manner.
- The Customer may terminate without penalty the Terms or any Services for breach if it determines that Company’s remediation action with regard to unauthorized access to Company Confidential Information or the Processed Data or a Security Event is insufficient.
- THIRD PARTY PERSONNEL
- The Company shall not appoint (or disclose any Processed Data to) any subprocessor unless required and authorized by the Customer.
- The Company shall not transfer the Processed Data to any third party.
- Company will disclose the Processed Data only to those Personnel who have the need to know such Processed Data in connection with the performance of the Terms, and shall ensure that its Personnel who provide or access Company Systems or the Processed Data are obligated to comply with Applicable Data Protection Laws and the obligations set forth under this DPA prior to accessing Company Systems or the Processed Data.
- Company shall be solely responsible for its Personnel’s compliance with the Terms and this DPA and the acts and omissions of its Personnel to the same extent as if the acts were performed by Company.
- RECORDS/AUDITS/ASSESSMENTS
During the term of this DPA and for a period of the later of seven (7) years or any regulatory requirements from the date of the termination or expiration of the Terms or this DPA, Company shall keep records, logs, reports audit trails, and any other relevant documentation regarding the Services under the Terms, with the exception of Personal Data (if the Services permit Company to store any Personal Data) that will be deleted at the latest upon termination of the Terms.
- COMPLIANCE
- If Company is not compliant, or reasonably believes that it is not or is unable to comply with its obligations under this DPA, Company shall (i) promptly notify the Company of its non-compliance or inability to comply; (ii) conduct an assessment of the reasons for and circumstances surrounding such noncompliance; and (iii) use best efforts and take all necessary actions to achieve compliance and to mitigate the impact of its noncompliance on the Services and Processed Data. Notwithstanding the above, the Customer may terminate the Terms or any PO without penalty at any time during the period of Company’s noncompliance.
- A breach of this DPA shall be deemed a breach of the Terms. Company acknowledges that, notwithstanding any other provisions of the Terms, a material breach by Company or its Personnel of this DPA could cause irreparable harm and shall give the Customer the right to (i) terminate the Terms and all Services immediately without penalty in the event of a material breach, and (ii) pursue any remedies the Customer may have in law or in equity.
- ADDITIONAL PROVISIONS
- At the expiration or termination of the Terms or when requested earlier by the Customer, Company shall (i) return to the Customer, or upon the Customer’s written request destroy, all Processed Data; and (ii) ensure that any device or system which stored or contained the Processed Data is wiped, overwritten, or removed, in accordance with all Applicable Data Protection Laws and in a manner which verifies the Proceessed Data is rendered completely unrecoverable.
- Duration. This DPA will remain in force as long as the Company processes data on behalf of the Customer under the Service Terms and all exhibits.
SCHEDULE I – DETAILS OF PROCESSING
Details of Processing of the Personal Data (as required by Article 28(3) GDPR):
Subject matter and duration of the processing of the Personal Data: shall be as set forth in the PO, according to the scope of Services and the Term, as both defined in the Terms.
The nature and purpose of the processing of the Personal Data:
- For the Company to perform its obligations pursuant to the terms and conditions;
- For delivery and provision of the Services to the Customer;
- For customer support and technical troubleshooting;
- To comply with applicable law, including law enforcement requests.
The types of the Personal Data to be processed: name, phone number, postal address, email address, position, position details, social media URLs, employer name, employer URLs, transactions, usage details, including URLs visited, events triggered on defined actions such as page loads, clicks, logins and purchases, IP addresses, cookies, analytics data.
The categories of Data Subject to whom the Personal Data relates: current, former and potential employees and subcontractors of the Customer and other authorized users of the Services.
*
3959148_8 November 18, 2021