1.5. If User violates any of these Termsof Use, User's permission to use the Platform and Services will automaticallyterminate without any refund. Company reserves the right to revoke User'saccess to and use of the Platform and Services at any time, with or withoutcause. Company also reserves the right to cease providing or to changethe Platform and Services at any time and without notice.
2.1. Services shall be rendered only toUsers who are bound by these Terms and Conditions and who comply therewith.
2.2. A User may only use the Servicesthrough API or through the dedicated web-interface assigned thereto under thePlatform and located at https://smsedge.com, access to which isconditioned upon authentication by providing unique login name and password("Personal account").
2.3. Use of the Services is conditionedupon pre-payment of the prevailing fees then if effect, all as more fully setforth in the Personal Account. Such fees may be revised from time to time byCompany at its sole discretion, without notice, and such new fees shall becomebinding and effective when appearing in the applicable segment of the PersonalAccount.
2.4. The balance of any fees paid forServices not yet used are referred to herein as "Balance". Noservice shall be render to any User unless such User's Balance is positive.
2.5. Massages may be limited in length, fortechnical or policy (including by third parties, such as telecom operators)reasons. Any Massage exceeding such limitation shall be split into two or moreseparate Massages, each of which shall be sent and charged separately.
2.6. Upon each Massage sent to a Subscriber, the Balance shall be reduced accordingly. A Massage shall be deemedsent to a Subscriber upon its delivery by the Platform to such Subscriber'stelecom operator.
3. Rules of Conduct
3.1. User hereby agrees and under takes to:
- submit and promptly provide User's true data as requiredupon registration and as may be required by the Company from time to time.
- At all times conduct User's activities in accordance withapplicable law, including, without limitation, obtaining consent from eachSubscriber for receiving Massages prior to sending ant Messages thereto in suchmanner and form as required by applicable law.
3.2. User hereby agrees andundertakes NOT to (including by choice of Alphanumeric Name):
- hold User out as sponsored by, endorsed by, or affiliatedwith the Platform;
- misrepresent User identity or impersonate any Person, or usethe Platform for any fraud or deceit;
- send any Massages without obtaining the prior writtenconsent of the Subscriber as required by applicable law;
- use the Platform and Services to:
- conduct or promote any illegal activities;
- propagandize (i) war, national and religious discord, changeof the constitutional system or territorial integrity of the countries; (ii)fascism or neo-fascism; (iii) disrespect to national and religious relics; (iv)ignorance, disregard for parents; or (v) drug use and addiction, chemicalabuse, alcoholism, smoking and other bad habits;
- Diminish, abuse or humiliate (i) any nation or race; (ii)any Person on any ground (including on ground of physical or mentalimperfections or seniority);
- promote, advertise or make available any information that isin any way, directly or indirectly (as may be determined by Company in its solediscretion) is or may be (i) unlawful, (ii) discriminatory, harmful (includingto minors), threatening, abusive, vulgar, obscene, defamatory, libelous,hateful, or racially, ethnically or otherwise objectionable; (iii) infringingthe copyright, trademark, trade secret, or other intellectual property or otherproprietary right of any Person; (iv) violating the privacy, publicity, confidentiallyor other rights of any Person; (v) false, inaccurate or misleading; (vi)containing marks for goods and services, or identifying details (e.g.: phonenumbers, names), of any Person the User is not affiliated to or engaged by;(vii) of sexual or erotic nature, or containing swear words; (viii) concerningor addressing minors (ix) promoting any telecom operator the Subscriber is notsubscribed to; or (x) promoting any service competitive with the Services orany platform competitive with the Platform.
- upload or transmit any form of virus, worm, trojan horse, orother malicious code; or
- attempt to (A) interfere with any other Person's use of thePlatform and Services, (B) modify, translate, adapt, edit, decompile,disassemble, reverse engineer, lease, rent, distribute, or otherwise transferany of the rights that User received from, or by using of, the Platform andServices, or any software programs used by Company in connection with thePlatform and Services; or (C) gain access to secured portions of the Platformand Services to which User has no permission to enter, including database,computer systems or servers; or
- use any automatic or manual process to search or harvestinformation from the Platform and Services, to interfere in any way with theproper functioning of the Platform and Services, or engage in any activity thatdisrupts, diminishes the quality of, interferes with the performance of, orimpairs the functionality of, the Platform and Services.
5. Intellectual Property
5.1. User acknowledges and agrees thatCompany and its licensors (as applicable) retain sole, full and exclusiveownership of all intellectual property rights of any kind related to thePlatform and Services, including copyrights, trademarks and other proprietaryrights ("Intellectual Property Rights"). No license is grantedhereunder to any Intellectual Property Rights. Other names that are mentionedon the Platform and Services or provided as part or in connection therewith maybe trademarks of their respective owners. Company reserves all rights that arenot expressly granted to User hereunder.
5.2. Company welcomes and encouragesfeedback, comments and suggestions for improvements to the Platform andServices ("Feedback"). User acknowledges and agrees that allFeedbacks will be solely and exclusively Company's property and User herebyirrevocably assigns to Company all right, title and interest that User may havein and to all Feedbacks, including without limitation all worldwide patentrights, copyright rights, trade secret rights, and other proprietary orintellectual property rights of any kind and nature.
6. No Warranty
6.1. User acknowledges and agrees thatCompany is not, and does not intend to, substitute User or User's management orpersonnel in any way, and is not responsible to provide any service other thanthe Services offered by the Platform. User agrees to obtain appropriateprofessional advice and to conduct User's activities as User deems required andat User's own risk and expense.
6.2. The Platform and Services areprovided "as is", without warranty of any kind, either express orimplied. Without limiting the foregoing, Company explicitly disclaims all warranties, express or implied, regarding the Platform and Services, includingany implied warranty of quality, availability, merchantability, fitness for aparticular purpose or non-infringement, and any warranties arising out ofcourse of dealing or usage of any trade, including without limitation to thePlatform and Services being free from defect or any virus, worm, trojan horseor any other malicious code. USER HEREBY RELEASES COMPANY FROM ANY DAMAGES,CLAIMS OR OTHER CAUSE OF ACTION RELATED IN ANY WAY, DIRECTLY OR INDIRECTLY, TOTHE PLATFORM AND SERVICES. COMPANY MAKES NO WARRANTY THAT THE PLATFORM ANDSERVICES WILL MEET USER'S REQUIREMENTS OR BE AVAILABLE ON AN UNINTERRUPTED,SECURE, OR ERROR-FREE BASIS. COMPANY MAKES NO WARRANTY REGARDING THE QUALITY OFTHE PLATFORM AND SERVICES AND ANY SERVICE ASSOCIATED THEREWITH, OR TO THEACCURACY, TIMELINESS, TRUTHFULNESS, COMPLETENESS OR RELIABILITY OF ANY SERVICEOBTAINED THEREBY. THE ABOVE SHALL ALSO APPLY TO ANY INFORMATION OR SERVICE USERMAY RECEIVE FROM COMPANY OR THROUGH THE PLATFORM AND SERVICES AT ANY TIME.
6.3. Without derogating from the above,User hereby acknowledges and agrees that Company, the Platform and Services mayrely from time to time on services provided by third parties, including, butnot limited to, data network providers, hosting services providers, telecomoperators etc. Any transaction may be temporarily refused, limited,interrupted, or curtailed due to government regulations or orders, networkmodifications, repairs and upgrades. COMPANY IS NOT, AND SHALL NOT BE,OBLIGATED TO PROVIDE ANY SERVICES WHERE SUCH FACTORS PREVENT IT. WITHOUTLIMITING SECTION 7 BELOW, USER AGREES THAT COMPANY SHALL NOT BE LIABLE FOR ANYLOSSES, DAMAGES, OR BUSINESS INTERRUPTIONS SUSTAINED AS A RESULT OFINTERRUPTIONS CAUSED BY DATA NETWORK PROVIDERS OR ANY OTHER THIRD-PARTYPROVIDER. Further, in case of sending multiple linked Massages the Company doesnot guarantee to the User the correctness of their sending to the Subscriber.The Company also does not guarantee the correctness of Massages sending to theSubscriber in case of Subscriber is in roaming.
6.4. User is solely and exclusivelyresponsible for all its communications and interactions with Company, Platformand Services, or any other Person with whom User may communicate, interact orengage in connection with or as a result of User's use of the Platform andServices, including Subscribers. User agrees and confirms that Company does not,and does not intend to, make any inquiries of any Person or verify theinformation any Person (including User) submits or provides using the Platformand Services or otherwise. User agrees to take precautions in allcommunications and interactions with any Person whether made on-line oroff-line.
7. Limitation of Liability
7.1. SUBJECT TO APPLICABLE LAW, IN NOEVENT SHALL COMPANY BE LIABLE TO USER OR ANY THIRD PARTY FOR ANY DAMAGE,WHETHER DIRECT, INDIRECT OR IMPLIED, INCLUDING, WITHOUT LIMITATION, INCIDENTAL,CONSEQUENTIAL, EXEMPLARY, SPECIAL, OR PUNITIVE DAMAGES, AND INCLUDING FURTHER,DAMAGES WHICH MAY ARISE IN CONNECTION WITH THE PLATFORM AND SERVICES,INCLUDING, FOR EXAMPLE, DAMAGES RESULTING FROM LOSS OF PROFITS, DATA,EMPLOYMENT OPPORTUNITIES, FROM BUSINESS INTERRUPTIONS, OR FROM THE USE ORACCESS TO, OR THE INABILITY TO USE OR TO ACCESS, THE SERVICES OR THE PLATFORMAND SERVICES. COMPANY SHALL NOT BE LIABLE FOR ANY DAMAGES ARISING FROM ANYTRANSACTION OR ENGAGEMENT BETWEEN USER AND ANY THIRD PARTY OR FOR ANYINFORMATION PROVIDED BY USER OR ANY THIRD PARTY. IN NO EVENT WILL COMPANY BELIABLE TO USER OR ANY THIRD PARTY IN CONNECTION WITH ANY ACT OR OMISSION OF ANYPERSON.
7.2. User hereby expressly agrees thatCompany shall have the right, but not the obligation, at any time or from timeto time, and at Company sole discretion, to take any action to monitor anyinteraction or engagement resulting from the use of the Platform and Servicesby User or any third party. To the full extent permitted by law, User hereby releasesCompany from any claims or liability relating in any way thereto.
7.4. THE PROVISIONS OF THIS SECTION SHALLAPPLY REGARDLESS OF THE NATURE OF ANY CLAIM, WHETHER BASED ON WARRANTY,CONTRACT, TORT, OR ANY OTHER LEGAL OR EQUITABLE THEORY, AND WHETHER OR NOTCompany IS ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.
7.5. USER AGREES THAT USER'S SOLE REMEDYFOR ANY CLAIMS ARISING IN CONNECTION WITH THE AGREEMENT IS TO DISCONTINUE USINGTHE PLATFORM AND SERVICES. IN THE EVENT THAT A COURT HAVING JURISDICTION SHALLDETERMINE THAT THE PRECEDING SENTENCE IS UNENFORCEABLE, COMPANY'S AGGREGATELIABILITY FOR ALL CLAIMS ARISING IN CONNECTION WITH THIS AGREEMENT SHALL NOTEXCEED THE AMOUNT ACTUALLY PAID BY USER FOR THE APPLICABLE CAMPAIGN.NOTWITHSTANDING, IF USER ENTERS INTO A SPECIFIC WRITTN AGREEMENT WITH THECOMPANY WHICH CONFLICTS WITH THIS SECTION, THE PROVISIONS IN THE SPECIFICAGREEMENT SHALL PREVAIL.
7.6. WITHOUT DEROGATING FROM THEGENERALITY OF THE ABOVE, IT IS SPECIFICALLY AGREED BY USER THAT, COMPANY CANNOT, IS NOT AND WILL NOT BE RESPONSIBLE IN ANY WAY FOR (i) ANY SERVICES OTHERTHAN THE SERVICES OFFERED THROUGH THE PLATFORM; OR (ii) THE QUALITY AND RESULTSOF ANY SERVICES (INCLUDING THE SERVICES OFFERED THROUGH THE PLATFORM), THEINTEGRITY OR SUITABILITY THEREOF OR FOR COMPLIANCE BY ANY PERSON (INCLUDINGUSER) WITH ANY LAW, AGREEMENT OR UNDERSTANDING, OR BREACH THEREOF.
9. Term and Termination
9.2. User may terminate the Agreement atany time by discounting using the Services and accessing the Platform. Companyshall have no liability to User upon such termination, and User shall have noclaim to Company or any Person in connection therewith, and waives any right toany refund or repayment of Balance.
13.Law and Jurisdiction
For any questions about these Termsof Use, please contact Company at firstname.lastname@example.org
2. Information about who we are
2.1 Our name is Edge Opti Tech LTD, a corporation existing under the laws of the State of Israel, Registration No. 515659878, having its registered address at Yigal Alon 94 St., Tel Aviv, Israel 6789139. Our contact email is email@example.com and our telephone number is +44 2081 232113.
3. Purpose of this policy:
4.1 If you have any concerns about how we are handling your data, you have the right to make a complaint to your data protection supervisory authority. We would, however, appreciate the chance to deal with your claims before you do so – so please contact us first if you have any claims.
5. Changes to the policy and your duty to inform us of changes:
5.1 This version was last updated on June, 2018. It is important that the personal data we hold about you is accurate and current. Please keep us informed if your personal data changes during your relationship with us.
6. Third-party links:
6.1 This website may include links to third-party websites, plug-ins and applications. We do not control these third-party websites. When you leave our website, we encourage you to read the privacy notice of every website you visit. Please note that this website is not intended for children or minors and we do not knowingly collect data relating to children or minors.
7. The data we collect about you
7.1 Personal data, or personal information, means any information about an individual from which that person can be identified. It does not include data where the identity has been removed (anonymous data). We may collect, use, store and transfer different kinds of personal data about you. We have categorized this data as follows:
Identity includes first name, last name, username and title.
Contact includes billing and delivery address, email address and contact numbers.
Financial includes bank account and payment details.
Transaction includes details about payments to and from you and other details of products and services you have purchased from us.
Technical includes internet protocol (IP) address, your login data, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform and other technology on the devices you use to access this website.
Usage includes information about how you use our website, products and services.
Marketing and Communications includes your preferences in receiving marketing from us and our third parties and your communication preferences.
8.1 We do not collect any Special Categories of Personal Data about you (this includes details about your race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, information about your health and genetic and biometric data). Nor do we collect any information about criminal convictions and offences.
9.1 Where we need to collect personal data by law, or under the terms of a contract we have with you and you do not provide that data, we may not be able to perform the contract (for example, to provide you with goods or services). In this case, we may have to cancel a product or service you have with us – however, we will notify you.
10. How do we collect your personal data?
We collect data from and about you as follows:
Direct interactions. You may give us your Identity, Contact and Financial Data by filling in electronic forms or by corresponding with us by post, phone or email. This includes personal data you provide when you: (a) apply for our products or services; (b) create an account on our website; (c) subscribe to our service or publications; (d) request marketing to be sent to you; or (e) give us some Feedback.
11. How we use your personal data
We only use your personal data when the law allows us to. Most commonly, we will use your personal data in the following circumstances:
Where we need to perform the contract we are about to enter or have entered into with you.
Where it is necessary for our legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interests.
Where we need to comply with a legal or regulatory obligation.
Generally, we do not rely on consent as the legal basis for the processing of your data, except regarding marketing offers we send you.
13.1 We want to ensure that you have choices regarding certain personal data uses, particularly around marketing and advertising. Please contact us if you want to change your marketing preferences.
Opting out. You can ask us to stop sending you marketing messages at any time by contacting us at firstname.lastname@example.org. Where you opt out of receiving these marketing messages, this will not apply to personal data provided to us as a result of a product/service purchase or other transactions.
Change of Purpose. We will only use your personal data for the purposes for which we collected it, unless we need to use it for another reason and that reason is compatible with the original purpose. If you wish to get an explanation as to how the processing for the new purpose is compatible with the original purpose, please contact email@example.com. If we need to use your personal data for an unrelated purpose, we will notify you and we will explain the legal basis which allows us to do so.
Please note that we may process your personal data without your knowledge or consent, in compliance with the above rules, where this is required or permitted by law.
14. Disclosures of your personal data
14.1 We may have to share your personal data with the parties set out below for the purposes set out in the table in paragraph 12 above.
14.2 External Third Parties including:
Professional advisers acting as processors or joint controllers including without limitation lawyers, bankers, auditors and insurers who provide services to us.
To third parties with whom we have a technology license agreement or other relationship, for the purposes such as back up, analytics and ongoing operation of the Platform and Services, (ii) if such disclosure is made to comply with applicable law or order (such as order issued by a court or an authorized administrative agency, respond to a subpoena, legal process, warrant etc); (iii) to our service providers for the purpose of providing their services.
Regulators and other authorities acting as processors or joint controllers who require reporting of processing activities in certain circumstances.
14.3 We require all third parties to respect the security of your personal data and to treat it in accordance with the law. We only permit our service providers to process your personal data for specified purposes and in accordance with our instructions. However, we do not evaluate or control any privacy practices of any third party, and will not have any liability whatsoever for any actions of any third party subsequent to disclosure.
15. International transfers
15.1 Some of our external third parties may be based outside the European Economic Area (EEA) so the processing of your personal data may involve a transfer of data outside the EEA. Whenever we transfer your personal data out of the EEA, we ensure that a similar degree of protection is afforded to it by ensuring at least one of the following safeguards is implemented:
We will only transfer your personal data to countries that have been deemed to provide an adequate level of protection for personal data by the European Commission. For further details, see European Commission: Adequacy of the protection of personal data in non-EU countries.
Where we use providers based in the US, we may transfer data to them if they are part of the Privacy Shield which requires them to provide similar protection to personal data shared between the Europe and the US. For further details, see European Commission: EU-US Privacy Shield.
16. Data security
16.1 We will only retain your personal data for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements.
16.2 To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorized use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements.
16.3 In some circumstances we may anonymize your personal data (so that it can no longer be associated with you) for research or statistical purposes. We may use this information indefinitely without further notice to you.
16.4 In the event that we are made aware of any breach of security that results in the accidental, unauthorised or unlawful destruction or unauthorised disclosure of or access to personal data we shall, among other things:
Notify you in writing immediately but not later than 72 hours after becoming aware of the breach of security , and assist you with regard to your obligation to provide information to the data subject and to provide the you with relevant information in this regard. To the extent legally possible, we may claim compensation for support services under this clause which are not attributable to failures on our part.
17. Your legal rights
You have rights under data protection laws in relation to your personal data.
Request access to your personal data. This enables you to receive a copy of the personal data we hold about you and to check that we are lawfully processing it.
Request correction of your personal data. This enables you to have any incomplete or inaccurate data we hold about you corrected.
Request erasure of your personal data. This enables you to ask us to delete or remove personal data where there is no good reason for us continuing to process it.
Object to processing of your personal data where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground as you feel it impacts on your fundamental rights and freedoms. You also have the right to object where we are processing your personal data for direct marketing purposes.
Request restriction of processing your personal data. This enables you to ask us to suspend the processing of your personal data in the following scenarios: (a) if you want us to establish the data’s accuracy; (b) where our use of the data is unlawful but you do not want us to erase it; (c) where you need us to hold the data even if we no longer require it as you need it to establish, exercise or defend legal claims; or (d) you have objected to our use of your data but we need to verify whether we have overriding legitimate grounds to use it.
Request transfer of your personal data to you or to a third party. We will provide to you, or a third party you have chosen, your personal data in a structured, commonly used, machine-readable format.
Right to withdraw consent where we are relying on consent to process your personal data.
If you wish to exercise any of the rights set out above, please contact us at firstname.lastname@example.org.
No fee usually required. You will not have to pay a fee to access your personal data (or to exercise any of the other rights). However, we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive. Alternatively, we may refuse to comply with your request in these circumstances.
What we may need from you. We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal data (or to exercise any of your other rights). This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response.
Time limit to respond. We try to respond to all legitimate requests within one month. Occasionally it may take us longer than a month if your request is particularly complex or you have made a number of requests. In this case, we will notify you and keep you updated.
18. How we process personal data of your customers, as collected by you in the scope of our services
18.1 We may further process Personal Data collected and controlled by you, or another entity, on behalf and under your supervision, for which we will act as a data processor and you shall be the controller.
18.2 You may submit personal data of your customers, processed and handled by you, the extent of which is solely determined and controlled by you in your sole discretion. Such Personal Data of your customers may include, but is not limited to; Localization Data, User IP, Contact information (Email, Phone, Skype, physical Address), First and Last Name, Company Name, Industry, as well as, First Name, Last Name and contact details (phone, email, geographical location) of your customers.
18.3 We have implemented, and maintain, appropriate technical and organizational measures, including but not limited to physical and IT measures, and organizational measures, to ensure protection of personal data processed against unauthorized or unlawful processing and against accidental loss, destruction, damage, alteration or disclosure. The technical and organizational measures are subject to technical progress and further development. In this respect, we may implement alternative adequate measures.
18.4 When purchasing our services, you hereby appoint us to process Personal Data of which you are a data controller, on your behalf, as is necessary to provide our Service, and as may subsequently be agreed by between us in writing. You represent, that Personal Data transferred to us shall only contain data that is necessary for the provision of our Services.
18.5 You shall be solely responsible to ensure that all natural persons included in Personal Data of your customers have received all necessary information regarding the your processing of their Personal Data and to ensure that all necessary consents have been duly collected, as required for us to process such Personal Data.
18.6 You hereby provide us your prior written general authorization to allow Personal Data collected by you to be subcontracted to any trusted sub-processor, as well from sub-processors to sub-contractors (including sub-processors and/or subcontractors located outside of the EEA), in conformity with the clauses stipulated in this clause 18, and the applicable data protection law and the adequate level or other appropriate safeguards shall be guaranteed. Your reserve the right to withdraw this right. However, be advised that in such an event, we may not be able to continue to provide you with the Service and the Platform.
18.8 The processing of personal data as set forth in this clause 18, will be carried out by us for the duration of the Agreement, unless otherwise notfied by you to email@example.com.
18.9 Upon expiration of the Agreement and upon your request, we will destroy copies of personal data held in our systems and confirm this to you in writing unless we are required to keep certain personal data in order to comply with applicable laws.
This Data Protection Addendum ("Addendum") forms part of the Terms and Conditions ("Principal Agreement") between: (i) Client ("Vendor"); and (ii) Edge Opti Tech LTD, a corporation existing under the laws of the State of Israel, Registration No. 515659878, having its registered address at Yigal Alon 94 St., Tel Aviv, Israel 6789139 ("Company"). The terms used in this Addendum shall have the meanings set forth in this Addendum. Capitalized terms not otherwise defined herein shall have the meaning given to them in the Principal Agreement. Except as modified below, the terms of the Principal Agreement shall remain in full force and effect. In consideration of the mutual obligations set out herein, the parties hereby agree that the terms and conditions set out below shall be added as an Addendum to the Principal Agreement. Except where the context requires otherwise, references in this Addendum to the Principal Agreement are to the Principal Agreement as amended by this Addendum.
1.1 In this Addendum, the following terms shall have the meanings set out below and cognate terms shall be construed accordingly:
"Applicable Laws" means (a) European Union or Member State laws with respect to any Company Personal Data in respect of which the Company is subject to EU Data Protection Laws; and (b) any other applicable law with respect to any Company Personal Data in respect of which the Company is subject to any other Data Protection Laws;
"Company Affiliate" means an entity that owns or controls, is owned or controlled by or is or under common control or ownership with Company;
"Company Personal Data" means any Personal Data Processed by a Contracted Processor on behalf of the Company pursuant to or in connection with the Principal Agreement;
"Contracted Processor" means Vendor or a Sub-processor;
"Data Protection Laws" means EU Data Protection Laws and, to the extent applicable, the data protection or privacy laws of any other country;
"EEA" means the European Economic Area;
"EU Data Protection Laws" means EU Directive 95/46/EC, as transposed into domestic legislation of each Member State and as amended, replaced or superseded from time to time, including by the GDPR and laws implementing or supplementing the GDPR;
"GDPR" means EU General Data Protection Regulation 2016/679;
"Restricted Transfer" means:
"Services" means the services and other activities to be supplied to or carried out by or on behalf of Vendor for Company pursuant to the Principal Agreement;
"Standard Contractual Clauses" means contractual clauses issued by the Eropean Comission fro data transfers from data controllers in the EU to proceesors established outside the EU or EEA, as can be found in https://eur-lex.europa.eu/legal-content/en/TXT/?uri=CELEX%3A32010D0087;
"Subprocessor" means any person (including any third party and, but excluding an employee of Vendor or any of its sub-contractors) appointed by or on behalf of Vendor to Process Personal Data on behalf of the Company in connection with the Principal Agreement; and
1.2 The terms, "Commission", "Controller", "Data Subject", "Member State", "Personal Data", "Personal Data Breach", "Processing" and "Supervisory Authority" shall have the same meaning as in the GDPR, and their cognate terms shall be construed accordingly.
3. Processing of Company Personal Data
3.1 Vendor shall:
- comply with all applicable Data Protection Laws in the Processing of Company Personal Data; and
- not Process Company Personal Data other than on the relevant Company documented instructions unless Processing is required by Applicable Laws to which the relevant Contracted Processor is subject, in which case Vendor shall, to the extent permitted by Applicable Laws, inform the Company of that legal requirement before the relevant Processing of that Personal Data.
3.2 The Company:
- instructs and authorizes Vendor to:
- Process Company Personal Data; and
- in particular, transfer Company Personal Data to any country or territory,
- as reasonably necessary for the provision of the Services and consistent with the Principal Agreement.
3.3 Annex 1 to this Addendum sets out certain information regarding the Contracted Processors' Processing of the Company Personal Data as required by article 28(3) of the GDPR. Company may make reasonable amendments to Annex 1 by written notice to Vendor from time to time.
4. Vendor Personnel
4.1 Vendor shall take reasonable steps to ensure the reliability of any employee, agent or contractor of any Contracted Processor who may have access to the Company Personal Data, ensuring in each case that access is strictly limited to those individuals who need to know / access the relevant Company Personal Data, as strictly necessary for the purposes of the Principal Agreement.
5.1 Vendor shall in relation to the Company Personal Data implement appropriate technical and organizational measures to ensure a level of security appropriate to that risk, including, as appropriate, the measures referred to in Article 32(1) of the GDPR.
6.1 Company authorises Vendor to appoint (and permit each Subprocessor appointed in accordance with this section 6 to appoint) Subprocessors in accordance with this section 6 and any restrictions in the Principal Agreement.
6.2 Vendor may continue to use those Subprocessors already engaged by Vendor as at the date of this Addendum, subject to Vendor meeting the obligations set out in section 6.4.
6.3 Vendor shall give Company prior written notice of the appointment of any new Subprocessor, including full details of the Processing to be undertaken by the Subprocessor. If, within 14 days of receipt of that notice, Company notifies Vendor in writing of any objections (on reasonable grounds) to the proposed appointment, Vendor shall not appoint (or disclose any Company Personal Data to) that proposed Subprocessor until reasonable steps have been taken to address the objections raised by the Company and Company has been provided with a reasonable written explanation of the steps taken.
6.4 With respect to each Subprocessor, Vendor shall:
- before the Subprocessor first Processes Company Personal Data (or, where relevant, in accordance with section 6.2), carry out adequate due diligence to ensure that the Subprocessor is capable of providing the level of protection for Company Personal Data required by the Principal Agreement;
- ensure that the arrangement between Vendor and the Subprocessor is governed by a written contract including terms which offer at least the same level of protection for Company Personal Data as those set out in this Addendum and applicable law;
- if that arrangement involves a Restricted Transfer, ensure that the Standard Contractual Clauses are at all relevant times incorporated into the agreement referred to on Section 6.3.2 aboveת before the Subprocessor first Processes Company Personal Data; and
- upon request, provide to Company for review such copies of the Contracted Processors' agreements with Subprocessors (which may be redacted to remove confidential commercial information not relevant to the requirements of this Addendum) as Company may request from time to time.
6.5 Vendor shall ensure that each Subprocessor performs its obligations hereunder, as they apply to Processing of Company Personal Data carried out by that Subprocessor, as if it were party to this Addendum in place of Vendor.
7. Data Subject Rights
7.1 Taking into account the nature of the Processing, Vendor shall assist Company by implementing appropriate technical and organisational measures, insofar as this is possible, for the fulfilment of the Company obligations, as reasonably understood by Company, to respond to requests to exercise Data Subject rights under the Data Protection Laws.
7.2 Vendor shall:
- promptly notify Company if any Contracted Processor receives a request from a Data Subject under any Data Protection Law in respect of Company Personal Data; and
- ensure that the Contracted Processor does not respond to that request except on the documented instructions of Company or as required by Applicable Laws to which the Contracted Processor is subject.
8. Personal Data Breach
8.1 Vendor shall notify Company without undue delay upon Vendor or any Subprocessor becoming aware of a Personal Data Breach affecting Company Personal Data, providing Company with sufficient information to allow Company to meet any obligations to report or inform Data Subjects of the Personal Data Breach under the Data Protection Laws.
8.2 Vendor shall co-operate with Company and take such reasonable commercial steps as are directed by Company to assist in the investigation, mitigation and remediation of each such Personal Data Breach.
9. Data Protection Impact Assessment and Prior Consultation
9.1 Vendor shall provide reasonable assistance to Company with any data protection impact assessments, and prior consultations with Supervising Authorities or other competent data privacy authorities, which Company reasonably considers to be required.
10. Deletion or return of Company Personal Data
10.1 Vendor shall promptly upon request and in any event within 7 days of the date of cessation of any Services involving the Processing of Company Personal Data (the "Cessation Date"), delete and procure the deletion of all copies of those Company Personal Data.
10.2 Vendor and each Contracted Processor may retain Company Personal Data to the extent required by Applicable Laws subject to confidentiality.
11. Audit rights
11.1 Vendor shall make available to the Company on request all information necessary to demonstrate compliance with this Addendum, and shall allow for and contribute to audits, including inspections, by the Company or an auditor mandated by the Company in relation to the Processing of the Company Personal Data by the Contracted Processors.
12. Restricted Transfers
12.1 Subject to section 12.3, the Company (as "data exporter") and each Contracted Processor, as appropriate, (as "data importer") hereby enter into the Standard Contractual Clauses in respect of any Restricted Transfer from the Company to that Contracted Processor.
12.2 The Standard Contractual Clauses shall come into effect under section 12.1 on the later of:
- the data exporter becoming a party to them;
- the data importer becoming a party to them; and
- commencement of the relevant Restricted Transfer.
13. General Terms
13.1 The parties to this Addendum hereby submit to the choice of jurisdiction stipulated in the Principal Agreement with respect to any disputes or claims howsoever arising under this Addendum, including disputes regarding its existence, validity or termination or the consequences of its nullity.
13.2 In the event of the Principal Agreement containing any limitation of liability of Vendor’s liability towards Company, this limitation of liability shall continue to be in full force and effect, except with respect to any damages borne by Company regarding the subject matter hereof, with respect to which, Vendor’s liability shall not be limited.
13.3 This Addendum and all non-contractual or other obligations arising out of or in connection with it are governed by the laws of the country or territory stipulated for this purpose in the Principal Agreement.
13.4 Nothing in this Addendum reduces Vendor's obligations under the Principal Agreement in relation to the protection of Personal Data or permits Vendor to Process (or permit the Processing of) Personal Data in a manner which is prohibited by the Principal Agreement. In the event of any conflict or inconsistency between this Addendum and the Standard Contractual Clauses, the Standard Contractual Clauses shall prevail.
13.5 With regard to the subject matter of this Addendum, in the event of inconsistencies between the provisions of this Addendum and any other agreements between the parties, including the Principal Agreement and including (except where explicitly agreed otherwise in writing, signed on behalf of the parties) agreements entered into or purported to be entered into after the date of this Addendum, the provisions of this Addendum shall prevail.
13.6 Should any provision of this Addendum be invalid or unenforceable, then the remainder of this Addendum shall remain valid and in force. The invalid or unenforceable provision shall be either (i) amended as necessary to ensure its validity and enforceability, while preserving the parties’ intentions as closely as possible or, if this is not possible, (ii) construed in a manner as if the invalid or unenforceable part had never been contained therein.
IN WITNESS WHEREOF, this Addendum is entered into and becomes a binding part of the Principal Agreement.