2. Limited License & Use of the Service
2.1 Subscriber is granted a non-exclusive, non-transferable, limited license to access and use the Service. 2.2 Company does not review or pre-screen the Content and Company claims no intellectual property rights with respect to the Content. 2.3 Authorized Users agree not to reproduce, duplicate, copy, sell, resell or exploit access to the Service, use of the Service, or any portion of the Service, including, but not limited to the HTML, Cascading Style Sheet (“CSS”) or any visual design elements without the express written permission from Company. 2.4 Authorized Users agree not to modify, reverse engineer, adapt or otherwise tamper with the Service or modify another website so as to falsely imply that it is associated with the Service, Company, or any other software or service provided by Company. 2.5 Authorized Users agree that they will not knowingly use the Service in any manner which may infringe copyright or intellectual property rights or in any manner which is unlawful, offensive, threatening, libelous, defamatory, pornographic, obscene or in violation of the terms of this Agreement. 2.6 Authorized Users agree that they will not knowingly use the Service to upload, post, host, or transmit unsolicited bulk email “Spam”, short message service “SMS” messages, viruses, self-replicating computer programs “Worms” or any code of a destructive or malicious nature. 2.7 Except for the non-exclusive license granted pursuant to this Agreement, Subscriber acknowledges and agrees that all ownership, license, intellectual property and other rights and interests in and to the Service shall remain solely with Company. 2.8 Authorized Users who configure the Service to share or make available certain Content to the public, are deemed to acknowledge and agree that everyone will have access to the Content (“Public Content”). Company reserves the right, at any time, in its sole discretion, to take any action deemed necessary with respect to Public Content that violates the terms of this Agreement, including, but not limited to, removal of such Public Content. 2.9 Company reserves the right at any time, and from time to time, to modify or discontinue, temporarily or permanently, any feature associated with the Service, with or without notice, except that Company shall provide Subscriber with 30-days notice of any modification that materially reduces the functionality of the Service. Continued use of the Service following any modification constitutes Subscriber’s acceptance of the modification. 2.10 Company reserves the right to temporarily suspend access to the Service for operational purposes, including, but not limited to, maintenance, repairs or installation of upgrades, and will endeavor to provide no less than two business days notice prior to any such suspension. Such notice shall be provided to you in advance through by way of notification within the Service, email or other notification method deemed appropriate by Company. Further, Company shall endeavor to confine planned operational suspensions with a best effort to minimize disruption to the Subscriber, but reserves the ability to temporarily suspend operations without notice at any time to complete necessary repairs. In the event of a temporary suspension, Company will use the same notification methods listed in this section to provide updates as to the nature and duration of any temporary suspension. 2.11 Subscriber grants to Company a non-exclusive, royalty free right during Subscriber’s use of the Service, to use the Confidential Information for the sole purpose of performing Company’ obligations under the Agreement in accordance with the terms of the Agreement. Such rights shall include permission for Company to generate and publish aggregate, anonymized reports on system usage and Content trends and type, provided they do not conflict with Section 4.1.
3. Access to the Service
3.1 Subscriber is only permitted to access and use the Service if he/she is an Authorized User or a Registered Client. Authorized Users are required to provide their full legal name, a valid email address, and any other information reasonably requested by the Service. 3.2 Each Authorized User will be provided with a unique identifier to access and use the Service (“Username”). The Username shall only be used by the Authorized User to whom it is assigned, and shall not be shared with, or used by any other person, including other Authorized Users. 3.3 The initial Administrator shall be the Originating Subscriber with authority to administer the subscription and designate additional Authorized Users and/or Administrators. Each subscription may designate multiple Authorized Users as Administrator. Any Administrator shall be deemed to have the authority to manage the subscription and any Authorized Users. The Administrator will deactivate an active Username if the Administrator wishes to terminate access to the Service for any Authorized User. 3.4 Administrators are responsible for all use of the Service by Authorized Users on the list of active Authorized Users associated with their subscription to the Service. 3.5 As between Company and the Subscriber, any Content uploaded or posted to the Service remains the property of the Subscriber. Upon Cancellation or Termination of Service as discussed in Section 10 below, Company shall only be responsible for the return of Content directly to the Administrator or a designated Authorized User in the event that the Administrator is unable to be reached. 3.6 All access to and use of the Service via mechanical, programmatic, robotic, scripted or any other automated means not provided as part of the Service is strictly prohibited. 3.7 Authorized Users are permitted to access and use the Service using an Application Program Interface (“API”) subject to the following conditions: (a) any use of the Service using an API, including use of an API through a third-party product that accesses and uses the Service, is governed by these Terms of Service; (b) Company shall not be liable for any direct, indirect, incidental, special, consequential or exemplary damages, including but not limited to, damages for loss of profits, goodwill, use, data or other intangible losses (even if Company has been advised of the possibility of such damages), resulting from any use of an API or third-party products that access and use the Service via an API; (c) Excessive use of the Service using an API may result in temporary or permanent suspension of access to the Service via an API. Company, in its sole discretion, will determine excessive use of the Service via an API, and will make a reasonable attempt to warn the Authorized User prior to suspension; and (d) Company reserves the right at any time to modify or discontinue, temporarily or permanently, access and use of the Service via an API, with or without notice.
4.1 Each party agrees to treat all Confidential Information as confidential and not to use or disclose such Confidential Information except as necessary to perform its obligations under this Agreement. 4.2 Company and any third party vendors and hosting partners it utilizes to provide the Service shall hold Content in strict confidence and shall not use or disclose Content except (a) as required to perform their obligations under this Agreement; (b) in compliance with Section 7 of this Agreement, or (c) as otherwise authorized by you in writing.
5. Security and Access
5.1 Company is responsible for providing a secure method of authentication and accessing its Service. Company will provide mechanisms that: (a) allow for user password management (b) transmit passwords in a secure format (c) protect passwords entered for purposes of gaining access to the Service by utilizing code that follows password management best practices. 5.2 Subscriber will be responsible for protecting the security of usernames and passwords, or any other codes associated to the Service, and for the accuracy and adequacy of personal information provided to the Service. 5.3 Subscriber will implement policies and procedures to prevent unauthorized use of usernames and passwords, and will promptly notify Company upon suspicion that a username and password has been lost, stolen, compromised, or misused. 5.4 At all times, Company, and any third party vendors and hosting partners it utilizes to provide the Service, will: (a) use information security best practices for transmitting and storing your Content, adhering to industry standards; (b) employ information security best practices with respect to network security techniques, including, but not limited to, firewalls, intrusion detection, and authentication protocols, vulnerability and patch management; (c) ensure its host facilities maintain industry standards for security and privacy; and (d) within thirty (30) days of a request by Subscriber, provide Subscriber with an audit report or industry standard successor report or a comparable description of its security measures in respect of the infrastructure used to host the Service and the Content. In order to obtain such a report, Subscriber must enter into an agreement with the third party provider of the report. 5.5 Company shall report to Subscriber, with all relevant details (except those which could prejudice the security of data uploaded by other customers), any event that Company reasonably believes represents unauthorized access to, disclosure of, use of, or damage to Content (a “Security Breach”). Company shall make such report within 72 hours after learning of the Security Breach. 5.6 In the event of a Security Breach, Company shall (a) cooperate with Subscriber to identify the cause of the breach and to identify any affected Content; (b) assist and cooperate with Subscriber in investigating and preventing the recurrence of the Security Breach; (c) assist and cooperate with Subscriber in any litigation or investigation against third parties that Subscriber undertake to protect the security and integrity of Content; and (d) use commercially reasonable efforts to mitigate any harmful effect of the Security Breach.
6. EU Data Protection
The parties agree to comply with the provisions of the Data Processing Addendum set out in Exhibit A.
7. Legal Compliance
7.1 Company maintains that its primary duty is to provide the Service and to protect the Content to the extent the law allows. Company reserves the right to provide the Confidential Information to third parties as required and permitted by law (such as in response to a subpoena or court order), and to cooperate with law enforcement authorities in the investigation of any criminal or civil matter. If Company is required by law to make any disclosure of the Confidential Information that is prohibited or otherwise constrained by this Agreement, then Company will provide Subscriber with prompt written notice (to the extent permitted by law) prior to such disclosure so that the Subscriber may seek a protective order or other appropriate relief. Subject to the foregoing sentence, Company may furnish that portion (and only that portion) of the Confidential Information that it is legally compelled or otherwise legally required to disclose.
8. Managed Backup and Archiving
8.1 Company’s managed backup services must be designed to facilitate restoration of Content to the server or device from which the Content originated in the event the primary data is lost or corrupted. Company shall ensure recovery of lost or corrupted Content at no cost to you. Following any cancellation or termination of Service for any reason, Subscriber shall have ninety days to retrieve any and all Content.
9. Payment, Refunds and Subscription Changes
9.1 Subscribers with paid subscriptions will provide Company with a valid credit card for payment of the applicable subscription fees. All subscription fees are exclusive of all federal, state, provincial, municipal or other taxes which Subscribers agree to pay based on where the Subscriber is primarily domiciled. In addition to any fees, the Subscriber may still incur charges incidental to using the Service, for example, charges for Internet access, data roaming, and other data transmission charges. 9.2 Subscribers with monthly paying subscriptions will be in advance each 30 days. Annual Subscribers will thereafter be charged annually on the anniversary date of the initial subscription charge. All charges are final and non-refundable, including payments made by Annual Subscribers. 9.3 No refunds or credits will be issued for partial periods of service, upgrade/downgrade refunds, or refunds for periods unused with an active subscription, including, but not limited to, instances involving the removal of a Subscriber. 9.4 There are no charges for canceling a subscription, and paying subscriptions cancelled prior to the end of their current billing cycle will not be charged again in the following cycle. 9.5 The amount charged on the next billing cycle will be automatically updated to reflect any changes to the subscription, including upgrades or downgrades. Subscription changes, including downgrades, may result in loss of access to Content, features, or an increase or reduction in the amount of available capacity for Content provided by the Service. 9.6 All prices are subject to change upon notice. Such notice may be provided by an e-mail message to the Administrator, or in the form of an announcement on the Service. 9.7 Subscriber is responsible for paying all taxes associated with the subscription to the Service. If Company has the legal obligation to pay or collect taxes for which Subscriber is responsible under this section, the appropriate amount shall be invoiced to and paid by Subscriber, unless Subscriber provides Company with a valid tax exemption certificate authorized by the appropriate taxing authority. 9.8 Any and all payments by or on account of the compensation payable under this Agreement shall be made free and clear of and without deduction or withholding for any taxes. If the Subscriber is required to deduct or withhold any taxes from such payments, then the sum payable shall be increased as necessary so that, after making all required deductions or withholdings, Company receives an amount equal to the sum it would have received had no such deduction or withholding been made.
10. Cancellation and Termination
10.1 Administrators are solely responsible for canceling subscriptions. An Administrator may cancel their subscription at any time by accessing the Service and visiting Dashboard as applicable. For security reasons, cancellations shall only be performed by an Administrator using the account cancellation URL within the Service. The Administrator may be directed, within the Service, to call support to complete the cancellation. Cancellations shall not be accepted by any other means. 10.2 Company in its sole discretion has the right to suspend or discontinue providing the Service to any Subscriber without notice for actions that are (a) in material violation of this Agreement and (b) create a Security Emergency. 10.3 If (i) Authorized Users use the Service to materially violate this Agreement in a way that does not create a Security Emergency; (ii) Company provides Subscriber with commercially reasonable notice of this violation; (iii) Company uses commercially reasonable efforts to discuss and resolve the violation with Subscriber; and (iv) despite the foregoing, the violation is not resolved to Company’s reasonable satisfaction within thirty (30) days of such notice, then Company reserves the right to suspend access to the Service. 10.4 As required by Section 8 above (“Managed Backup and Archiving”), upon cancellation or termination of a subscription, Content is made available to the Administrator or a designated Authorized User. Following a period of no less than ninety (90) days from the cancellation or termination of a subscription, all Content associated with such subscription will be irrevocably deleted from the Service. All Escrowed Data, if any, will continue to remain available for a period of six months upon cancellation or termination of a subscription in accordance with the terms of the Escrow Agreement.
11. Limitation of Liability
11.1 Except in the case of a violation by Company of its obligations under Section 4 above (“Confidentiality”), Section 5 above (“Security and Access”), and Section 8 above (“Managed Backup and Archiving”), and except as provided in Section 13.2 below (“Indemnification”), Company shall not be liable for and Subscriber waives the right to claim any loss, injury, claim, liability or damage of any kind resulting in any way from the Services provided to Subscriber by Company. 11.2 SUBSCRIBER AGREES THAT THE LIABILITY OF COMPANY ARISING OUT OF ANY CLAIM IN ANY WAY CONNECTED WITH THE SERVICE WILL NOT EXCEED THE TOTAL AMOUNT YOU HAVE PAID FOR THE SERVICE PURSUANT TO THE AGREEMENT WITHIN THE SIX MONTH PERIOD BEFORE THE DATE THE CLAIM AROSE. SUBSCRIBER FURTHER AGREES THAT COMPANY IS NOT AND WILL NOT BE LIABLE FOR ANY SPECIAL, INDIRECT, INCIDENTAL, OR CONSEQUENTIAL DAMAGES OF ANY KIND WHATSOEVER (INCLUDING WITHOUT LIMITATION, ATTORNEY FEES) RELATING TO THIS AGREEMENT. THESE DISCLAIMERS APPLY REGARDLESS OF THE FORM OF ACTION, WHETHER IN CONTRACT, TORT (INCLUDING NEGLIGENCE), STRICT LIABILITY OR OTHERWISE, WHETHER THOSE DAMAGES ARE FORESEEABLE AND WHETHER COMPANY HAS BEEN ADVISED OF THE POSSIBILITY OF THOSE DAMAGES. THESE DISCLAIMERS ARE NOT APPLICABLE TO THE INDEMNIFICATION OBLIGATION SET FORTH IN SECTION 13.2. EACH PROVISION OF THIS AGREEMENT THAT PROVIDES FOR A LIMITATION OF LIABILITY, DISCLAIMER OF DAMAGES, OR EXCLUSION OF DAMAGES IS TO ALLOCATE THE RISKS OF THIS AGREEMENT BETWEEN THE PARTIES. THIS ALLOCATION IS REFLECTED IN THE PRICING OFFERED BY COM PANY TO SUBSCRIBER AND IS AN ESSENTIAL ELEMENT OF THE BASIS OF THE BARGAIN BETWEEN THE PARTIES. EACH OF THESE PROVISIONS IS SEVERABLE FROM AND INDEPENDENT OF ALL OTHER PROVISIONS OF THIS AGREEMENT. 11.3 Subscriber will solely be responsible for any damage and/or loss of Content contained in Subscriber’s technology which occurs as a result of Subscriber’s actions, electronic equipment and/or Subscriber’s computer system.
12. Disclaimer of Warranties
12.1 COMPANY HEREBY DISCLAIMS ALL WARRANTIES OF ANY KIND, WHETHER EXPRESS, IMPLIED OR STATUTORY, INCLUDING, BUT NOT LIMITED TO THE IMPLIED WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, TITLE AND NON-INFRINGEMENT OF THIRD PARTY RIGHTS WITH RESPECT TO ANY SERVICES PROVIDED BY COMPANY. NOTHING IN THIS SECTION 12.1 SHALL MODIFY COMPANY’S OBLIGATION TO INDEMNIFY SUBSCRIBER AS REQUIRED BY SECTION 13.2(A) OF THIS AGREEMENT (“INDEMNIFICATION”). 12.2 Company makes no warranty that its services when provided to Subscriber in digital or electronic format will be compatible with Subscriber computer and/or other equipment, or that these Services will be secure or error free. Nor does Company make any warranty as to any results that may be obtained from the use of the Service. Nothing in this Section 12.2 shall modify Company’s obligations under Section 4 above (“Confidentiality”) or Section 5 above (“Security and Access”) or Company’s obligation to indemnify you as required by Section 13.2(b) of this Agreement (“Indemnification”). 12.3 Company hereby disclaims all warranties of any kind related to Subscriber’s hardware or software beyond the warranties provided by the manufacturer of Subscriber’s hardware or software.
13.1 Subscriber hereby agrees to indemnify and hold harmless Company from and against any claim, action, proceeding, loss, liability, judgment, obligation, penalty, damage, cost or expense, including attorneys’ fees, which arise from or relate to the following: a. Authorized Users’ breach of any obligation stated in this Agreement, and b. Authorized Users’ negligent acts or omissions. Company will provide prompt notice to Subscriber of any indemnifiable event or loss. Subscriber will undertake, at Subscriber’s own cost, the defense of any claim, suit or proceeding with counsel reasonably acceptable to Company. Company reserves the right to participate in the defense of the claim, suit, or proceeding, at Company’ expense, with counsel of Company’ choosing. 13.2 Company shall defend, indemnify and hold Subscriber harmless against any loss, damage or costs (including reasonable attorneys’ fees) in connection with claims, demands, suits, or proceedings (“Claims”) made or brought against Subscriber by a third party a. alleging that the Service, or use of the Service as contemplated here-under, infringes a copyright, or a trademark of a third party or involves the misappropriation of any trade secret of a third party; provided, however, that Subscriber: (a) promptly gives written notice of the Claim to Company (provided, however, that the failure to so notify shall not relieve Company of its indemnification obligations unless Company can show that it was materially prejudiced by such delay and then only to the extent of such prejudice); (b) gives Company sole control of the defense and settlement of the Claim (provided that Company may not settle any Claim unless it unconditionally releases Subscriber of all liability); and (c) provides to Company, at Company’s cost, all reasonable assistance. Company shall not be required to indemnify Subscriber in the event of: (x) modification of the Service by Subscriber in conflict with Subscriber’s obligations or as a result of any prohibited activity as set forth herein to the extent that the infringement or misappropriation would not have occurred but for such modification; (y) use of the Service in combination with any other product or service not provided by Company to the extent that the infringement or misappropriation would not have occurred but for such use; or (z) use of the Service in a manner not otherwise contemplated by this Agreement to the extent that the infringement or misappropriation would not have occurred but for such use; or b. arising out of or related to a violation by Company of its obligations under Section 4 above (“Confidentiality”) or Section 5 above (“Security and Access”),
14.1 Technical support and training are available to Authorized Users with active subscriptions, and is available by email. 14.2 Subscriber acknowledges and agrees that Company may use third party vendors and hosting partners to provide the necessary hardware, software, networking, storage, and related technology required to run the Service. 14.3 Company may provide the ability to integrate the Service with third party products and services that Subscriber may use at Subscriber’s option and risk. Access to and use of any third party products and services are subject to the separate terms and conditions required by the providers of the third party products and services. Subscriber agrees that Company has no liability arising from Subscriber’s use of any integrations or arising from the third party products and services. Company can modify or cancel the integrations at any time without notice. 14.4 Subscriber acknowledges the risk that information and the Content stored and transmitted electronically through the Service may be intercepted by third parties. Subscriber agrees to accept that risk and will not hold Company liable for any loss, damage, or injury resulting from the interception of information. The Content is stored securely and encrypted. Only Company, with strict business reasons, may access and transfer the Content and only to provide Subscriber with the Service. Company will make reasonable efforts to provide notice to Subscriber prior to such access and transfer. Company’ actions will comply with its obligations under Sections 4 and 5 of this Agreement. 14.5 The failure of either party to enforce any provision hereof shall not constitute or be construed as a waiver of such provision or of the right to enforce it at a later time. 14.6 This Agreement constitutes the entire agreement between Authorized Users and Company and governs Authorized Users use of the Service, superseding any prior agreements between Authorized Users and Company (including, but not limited to, any prior versions of this agreement). 14.7 Company reserves the right to amend this Agreement. In the event of material changes to the Agreement, Company will notify Subscribers, by email, or by other reasonable means of these changes prior to their enactment. Continued use of the Service by the Subscriber after reasonable notice will be considered acceptance of any new terms. 14.8 Neither party may assign any of its rights or obligations here-under, whether by operation of law or otherwise, without the prior written consent of the other party (which consent shall not be unreasonably withheld). Notwithstanding the foregoing, either party may assign this Agreement in its entirety without consent of the other party in connection with a merger, acquisition, corporate reorganization, or sale of all or substantially all of its assets provided the assignee has agreed to be bound by all of the terms of this Agreement. Any attempt by a party to assign its rights or obligations under this Agreement in breach of this Section shall be void and of no effect. 14.9 Governing Law and Venue. This Agreement and your relationship with Company shall be governed exclusively by, and will be enforced, construed, and interpreted exclusively in accordance with, the laws applicable in South Africa. In any action or proceeding to enforce rights under this Agreement, the prevailing party shall be entitled to recover costs and legal fees.
DATA PROCESSING ADDENDUM
To the extent that Company Processes any Subscriber Personal Data (each as defined below) and (i) the Subscriber Personal Data relates to individuals located in the EEA; or (ii) Subscriber is established in the EEA, the provisions of this Data Processing Addendum (“ DPA”) shall apply to the processing of such Subscriber Personal Data. In the event of any conflict between the remainder of the Agreement and the DPA, the DPA will prevail.
1.1. The following capitalized terms used in this DPA shall be defined as follows: (a) “Controller” has the meaning given in the GDPR. (b) “Data Protection Laws” means the EU General Data Protection Regulation 2016/679 (“GDPR“), any applicable national implementing legislation in each case as amended, replaced or superseded from time to time, and all applicable legislation protecting the fundamental rights and freedoms of persons and their right to privacy with regard to the Processing of Subscriber Personal Data. (c) “Data Subject” has the meaning given in the GDPR. (d) “European Economic Area” or “EEA” means the Member States of the European Union together with Iceland, Norway, and Liechtenstein. (e) “Processing” has the meaning given in the GDPR, and “Process” will be interpreted accordingly. (f) “Processor” has the meaning given in the GDPR. (g) “Security Incident” means any confirmed accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to, any Subscriber Personal Data. (h) “Standard Contractual Clauses” means the Standard Contractual Clauses (processors) approved by European Commission Decision C(2010)593 or any subsequent version thereof released by the European Commission (which will automatically apply). (i) “Subprocessor” means any Processor engaged by Company who agrees to receive from Company Subscriber Personal Data. (j) “Subscriber Personal Data” means the “personal data” (as defined in the GDPR) described in the Annex and any other personal data contained in the Content or that Company processes on Subscriber’s behalf in connection with the provision of the Service. (k) “Supervisory Authority” has the meaning given in the GDPR.
2. Data Processing
2.1. The Parties acknowledge and agree that for the purpose of the Data Protection Laws, the Subscriber is the Controller and Company is the Processor. 2.2 Instructions for Data Processing. Company will only Process Subscriber Personal Data in accordance with Subscriber’s written instructions. The parties acknowledge and agree that the Agreement (subject to any changes to the Service agreed between the parties) and this DPA shall be Subscriber’s complete and final instructions to Company in relation to the processing of Subscriber Personal Data. 2.3. Processing outside the scope of this DPA or the Agreement will require prior written agreement between Subscriber and Company on additional instructions for Processing. 2.4. Required consents. Where required by applicable Data Protection Laws, Subscriber will ensure that it has obtained/will obtain all necessary consents and complies with all applicable requirements under Data Protection Laws for the Processing of Subscriber Personal Data by Company in accordance with the Agreement.
3. Transfer of Personal Data
3.1. Authorized Subprocessors. Subscriber agrees that Company may use the following as Subprocessors to Process Subscriber Personal Data:
– PAYPAL: payment processor
– STRIPE: credit card charges processor
– ACTIVE CAMPAIGN: email marketing
– LIQUIDWEB: web server hosting
3.2. Subscriber agrees that Company may use subcontractors to fulfill its contractual obligations under the Agreement. Company shall notify Subscriber from time to time of the identity of any Subprocessors engaged. If Subscriber (acting reasonably) objects to a new Subprocessor on grounds related to the protection of Subscriber Personal Data only, then without prejudice to any right to terminate the Agreement, Subscriber may request that Company move the Subscriber Personal Data to another Subprocessor and Company shall, within a reasonable time following receipt of such request, use reasonable endeavors to ensure that the original Subprocessor does not Process any of the Subscriber Personal Data. If it is not reasonably possible to use another Subprocessor, and Subscriber continues to object for a legitimate reason, either party may terminate the Agreement on thirty (30) days written notice. If Subscriber does not object within thirty (30) days of receipt of the notice, Subscriber is deemed to have accepted the new Subprocessor. 3.3. Save as set out in clauses 3.1 and 3.2, Company shall not permit, allow or otherwise facilitate Subprocessors to Process Subscriber Personal Data without Subscriber’s prior written consent and unless Company: (a) enters into a written agreement with the Subprocessor which imposes equivalent obligations on the Subprocessor with regard to their Processing of Subscriber Personal Data, as are imposed on Company under this DPA; and (b) shall at all times remain responsible for compliance with its obligations under the DPA and will be liable to Subscriber for the acts and omissions of any Subprocessor as if they were Company’s acts and omissions. 3.4. International Transfers of Subscriber Personal Data. To the extent that the Processing of Subscriber Personal Data by Company involves the export of such Subscriber Personal Data to a third party in a country or territory outside the EEA, such export shall be: (i) to a country or territory ensuring an adequate level of protection for the rights and freedoms of Data Subjects as determined by the European Commission; (ii) to a third party that is a member of a compliance scheme recognized as offering adequate protection for the rights and freedoms of Data Subjects as determined by the European Commission; or (iii) governed by the Standard Contractual Clauses between the Subscriber as exporter and such third party as importer. For this purpose, the Subscriber appoints Company as its agent with the authority to complete and enter into the Standard Contractual Clauses as agent for the Subscriber on its behalf.
4. Data Security, Audits and Security Notifications
4.1 Company Security Obligations. Company will implement and maintain appropriate technical and organizational security measures to ensure a level of security appropriate to the risk, including as appropriate, the measures referred to in Article 32(1) of the GDPR. 4.2 Upon Subscriber’s reasonable request, Company will make available all information reasonably necessary to demonstrate compliance with this DPA. 4.3 Security Incident Notification. If Company becomes aware of a Security Incident, Company will (a) notify Subscriber of the Security Incident within 72 hours, (b) investigate the Security Incident and provide Subscriber (and any law enforcement or regulatory official) with reasonable assistance as required to investigate the Security Incident. 4.4 Company Employees and Personnel. Company will treat the Subscriber Personal Data as confidential, and shall ensure that any employees or other personnel have agreed in writing to protect the confidentiality and security of Subscriber Personal Data. 4.5 Audits. Company will, upon Subscriber’s reasonable request and at Subscriber’s expense, allow for and contribute to audits, including inspections, conducted by Subscriber (or a third party auditor on Subscriber’s behalf and mandated by Subscriber) provided (i) such audits or inspections are not conducted more than once per year (unless requested by a Supervisory Authority); (ii) are conducted only during business hours; (iii) are conducted in a manner that causes minimal disruption to Company’s operations and business; and (iv) Following completion of the audit, upon request, Subscriber will promptly provide Company with a complete copy of the results of that audit.
5. Access Requests and Data Subject Rights
5.1 Data Subject Rights. Where applicable, and taking into account the nature of the Processing, Company will use reasonable endeavors to assist Subscriber by implementing appropriate technical and organizational measures, insofar as this is possible, for the fulfillment of Subscriber’s obligation to respond to requests for exercising Data Subject rights laid down in the Data Protection Laws.
6. Data Protection Impact Assessment and Prior Consultation
6.1 To the extent required under applicable Data Protection Laws, Company will provide Subscriber with reasonably requested information regarding its Service to enable Subscriber to carry out data protection impact assessments or prior consultations with any Supervisory Authority, in each case solely in relation to Processing of Subscriber Personal Data and taking into account the nature of the Processing and information available to Company.
7.1 Deletion or return of data. Subject to 7.2 below, Company will, at Subscriber’s election and within 90 (ninety) days of the date of termination of the Agreement: (a) make available for retrieval all Subscriber Personal Data Processed by Company (and delete all other copies of Subscriber Personal Data Processed by Company following such retrieval); or (b) delete the Subscriber Personal Data Processed by us. 7.2 Company and its Subprocessors may retain Subscriber Personal Data to the extent required by applicable laws and only to the extent and for such period as required by applicable laws and always provided that Company ensures the confidentiality of all such Subscriber Personal Data and shall ensure that such Subscriber Personal Data is only Processed as necessary for the purpose(s) specified in the applicable laws requiring its storage and for no other purpose.
8. Governing law
8.1 This DPA shall be governed by, and construed in accordance with the laws of the nation of South Africa. Each of the parties irrevocably submits for all purposes (including any non-contractual disputes or claims) to the non-exclusive jurisdiction of the courts in South Africa.
Details of the Processing of Subscriber Personal Data This Annex includes certain details of the processing of Subscriber Personal Data as required by Article 28(3) of the GDPR.
Subject matter and duration of the Processing of Subscriber Personal Data
The subject matter and duration of the Processing of the Subscriber Personal Data are set out in the Agreement and this DPA.
The nature and purpose of the Processing of Subscriber Personal Data
The Subscriber Personal Data will be subject to the following basic processing activities: transmitting, collecting, storing and analyzing data in order to provide the Service to the Subscriber, and any other activities related to the provision of the Service or specified in the Agreement.
The types of Subscriber Personal Data to be processed
The Subscriber Personal Data concern the following categories of data: names; email addresses; personal and professional information; and any other personal data provided by the Subscriber in connection with its use of the Service.
The categories of data subject to whom the Subscriber Personal Data relates
Any categories of individuals whose data the Subscriber extracts, transfers, and/or loads onto the Service, which may include but is not limited to:
Registered Clients; and
Past, present and prospective clients, business relationship contacts, and outside counsel contacts of the Subscriber.
The obligations and rights of the Subscriber
The obligations and rights of the Subscriber are as set out in this DPA.
Our Service does not address anyone under the age of 18 (“Children”). By providing us with your data, you warrant to us that you are at least 18 years of age.
We do not knowingly collect personally identifiable information from anyone under the age of 18. If you are a parent or guardian and you are aware that your Children has provided us with Personal Data, please contact us. If we become aware that we have collected Personal Data from children without verification of parental consent, we take steps to remove that information from our servers.
It is very important that the information we hold about you is accurate and up to date. Please let us know if at any time your personal information changes by emailing us at email@example.com or by updating your data in your account dashboard.
Personal Data means data about a living individual who can be identified from those data (or from those and other information either in our possession or likely to come into our possession).
Usage Data is data collected automatically either generated by the use of the Service or from the Service infrastructure itself (for example, the duration of a page visit).
Cookies are small pieces of data stored on a User’s device.
Data Processor (or Service Provider) means any person (other than an employee of the Data Controller) who processes the data on behalf of the Data Controller. We may use the services of various Service Providers in order to process your data more effectively.
Data Subject is any living individual who is the subject of Personal Data.
The User is the individual using our Service. The User corresponds to the Data Subject, who is the subject of Personal Data.
3.WHAT DATA DO WE COLLECT ABOUT YOU
We collect several different types of information for various purposes to provide and improve our Service. This may include:
Psychometric Data may include the results of the following tests: Myers-Briggs Type Indicator, 16 Personalities, Jung Personality Test, Love Languages Test, Belbin Team Role Test, DISC, Ennegeagram.
Identity Data may include your first name, maiden name, last name, username, marital status, title, date of birth and gender.
Contact Data may include your billing address, delivery address, email address and telephone numbers.
Financial Data may include your bank account and payment card details.
Transaction Data may include details about payments between us and other details of purchases made by you.
Technical Data may include your login data, internet protocol addresses, browser type and version, browser plug-in types and versions, time zone setting and location, operating system and platform and other technology on the devices you use to access this site.
Profile Data may include your username and password, purchases or orders, your interests, preferences, feedback and survey responses.
Usage Data may include information about how you use our website, products and services.
Marketing and Communications Data may include your preferences in receiving marketing communications from us and our third parties and your communication preferences.
We may also process Aggregated Data from your personal data but this data does not reveal your identity and as such in itself is not personal data. An example of this is where we review your Usage Data to work out the percentage of website users using a specific feature of our site. If we link the Aggregated Data with your personal data so that you can be identified from it, then it is treated as personal data.
During coaching sessions you or your coach may take notes and these may contain sensitive data which you have provided. We require your explicit consent to retain these and you will find in your account preferences there is a separate agreement indicator covering this point.
Where we are required to collect personal data by law, or under the terms of the contract between us and you do not provide us with that data when requested, we may not be able to perform the contract (for example, to deliver goods or services to you). If you don’t provide us with the requested data, we may have to cancel a product or service you have ordered but if we do, we will notify you at the time.
We may process your personal data without your knowledge or consent where this is required or permitted by law.
We do not carry out automated decision making or any type of automated profiling.
4.HOW WE COLLECT YOUR PERSONAL DATA
We collect data about you through a variety of different methods including:
Direct interactions: You may provide data by filling in forms on our site (or otherwise) or by communicating with us and /or your coach (if applicable) by mail, phone, email or otherwise, including when you:
buy our products or services;
sign up for a membership;
create an account on our site;
subscribe to our services or publications;
request resources or marketing be sent to you;
give us feedback.
Automated technologies or interactions: As you use our site, we may automatically collect Technical Data about your equipment, browsing actions and usage patterns. We collect this data by using cookies, server logs and similar technologies. We may also receive Technical Data about you if you visit other websites that use our cookies.
Third parties or publicly available sources: We may receive data from third parties (some or all of whom may be based outside the EU) including, by way of example: analytics providers such as Google, advertising networks such as Facebook search information providers such as Google , Yahoo, Bing, etc., and providers of technical, payment and delivery services, such as data brokers or aggregators.
5.HOW WE USE YOUR PERSONAL DATA
We will only use your personal data when legally permitted. The most common uses of your personal data are:
To provide and maintain our Service;
To notify you about changes to our Service;
To allow you to participate in interactive features of our Service when you choose to do so;
To provide customer support;
To gather analysis or valuable information so that we can improve our Service;
To monitor the usage of our Service;
To detect, prevent and address technical issues;
Where we need to perform the contract between us;
Where it is necessary for our legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interests;
Where we need to comply with a legal or regulatory obligation;
To provide you with news, special offers and general information about other goods, services, subscriptions, and events which we offer that are similar to those that you have already purchased or enquired about provided (if you are an EU resident) you have consented, or unless you have opted not to receive such information
Generally, we do not rely on consent as a legal ground for processing your personal data, other than in relation to sending marketing communications to you via email or text message. You have the right to withdraw consent to marketing at any time by emailing us at firstname.lastname@example.org
Purposes for processing your personal data
We may process the following categories of personal data about you:
We process Communication Data (which includes any communication that you send us whether through the contact form(s) on our website, through email, text, social media messaging, social media posting or any other means of communication) for the purposes of communicating with you, for fulfilling our contractual obligations to you, for record keeping and for the establishment, pursuance or defense of legal claims. Our lawful bases for this processing are our contractual right and obligation, our legitimate interests which in this case are to reply to communications sent to us, to keep records and to establish, pursue or defend legal claims.
We process Customer Data (including data such as your name, title, billing address, delivery address email address, phone number, contact details, purchase details and your card details, and information relating to purchases of goods and/or services) in order to fulfill the terms of our contracts with you, to supply the goods and/or services you have purchased and to keep records of such transactions. Our lawful basis for this processing is the performance of a contract between you and us and/or taking steps at your request to enter into such a contract.
We process User Data (including data about how you use our website and any online services, together with whatever data you post for publication on our website or through other online services, to operate our website and ensure that useful, relevant content is provided to you, to ensure the security of our website, to maintain backups of our website and/or databases and to enable publication and administration of our website and other online services and business. Our lawful basis for this processing is our legitimate interests to enable us to properly operate and manage our website and our business.
We process Technical Data (including data gathered by our analytics tracking system about your use of our website and online services such as your IP address, your login data, browser details, duration of visits to pages on our site, page views and navigation paths, the number of times you use our website, time zone settings and other data about the technology and devices used to access our website) to analyze use of our website and other online services, to administer and protect our business and website, to deliver relevant website content and advertisements to you and to understand the effectiveness of our advertising. Our lawful basis for this processing are our legitimate interests in properly operating and managing our website and our business; in growing our business and in determining marketing and content strategies.
We process Marketing Data (including data about your preferences in receiving marketing from us and our third parties and your communication preferences) to enable you to benefit from our offers, promotions, and incentive programs and to deliver useful, relevant website content and advertisements to you and measure or understand such advertising’s effectiveness. Our lawful bases for this processing are our legitimate interests which in studying and analyzing how customers use our products and services, and to develop and grow our products, services, and our business and in determining our marketing strategies.
We may use all of the above data types to deliver relevant website content and advertisements to you (including Facebook adverts or other display advertisements) and to measure or understand the effectiveness of the advertising we serve you. Our lawful ground for this processing is legitimate interests which is to grow our business. We may also use such data to send other marketing communications to you. Our lawful ground for this processing is either consent or legitimate interests in assuring the stability, growth and success of our business.
We may process your personal data to send you marketing communications is either your consent or our legitimate interests (namely to grow our business).
Under applicable regulations, we may send marketing communications if you have made a purchase or asked for information from us about our goods or services or agreed to receive marketing communications provided that you have not subsequently opted out of receiving such communications. Further, if you are a business, we may send you marketing emails without your consent. You can opt out of receiving marketing emails from us at any time.
We will get your express opt-in consent before we share your personal data with any third party for marketing purposes.
You can ask us or third parties to stop sending you marketing messages at any time by logging into the system and checking or unchecking relevant boxes to adjust your marketing preferences OR by following the opt-out links on any marketing message sent to you or OR by emailing us at email@example.com at any time
Where you opt out of receiving our marketing communications, this will not apply to personal data provided to us as a result of purchases, warranty registration, or certain other transactions.
Google AdWords remarketing service is provided by Google Inc.
You can opt-out of Google Analytics for Display Advertising and customize the Google Display Network ads by visiting the Google Ads Settings page: http://www.google.com/settings/ads
Google also recommends installing the Google Analytics Opt-out Browser Add-on – https://tools.google.com/dlpage/gaoptout – for your web browser. Google Analytics Opt-out Browser Add-on provides visitors with the ability to prevent their data from being collected and used by Google Analytics.
For more information on the privacy practices of Google, please visit the Google Privacy Terms web page: http://www.google.com/intl/en/policies/privacy/
Facebook remarketing service is provided by Facebook Inc.
Facebook adheres to the Self-Regulatory Principles for Online Behavioral Advertising established by the Digital Advertising Alliance. You can also opt-out from Facebook and other participating companies through the Digital Advertising Alliance in the USA http://www.aboutads.info/choices/, the Digital Advertising Alliance of Canada in Canada http://youradchoices.ca/ or the European Interactive Digital Advertising Alliance in Europe http://www.youronlinechoices.eu/, or opt-out using your mobile device settings.
We will only use your personal data for the purposes for which we collected it, and other purposes for which we determine that we have a lawful basis to do so. If you wish to find out more about how the processing for the new purpose is compatible with the original purpose, please email us at firstname.lastname@example.org
If we need to use your personal data for a purpose unrelated to the purpose for which we collected the data, we will notify you and we will explain the legal ground of processing.
6. DISCLOSURES OF YOUR PERSONAL DATA
From time to time, it may be necessary that we share your personal data with the parties set out below for the purposes set out in the table in paragraph 4 above:
Service providers who provide IT and system administration services.
Professional advisers including lawyers, bankers, auditors and insurers who provide consultancy, banking, legal, insurance and accounting services.
Tax, regulatory and other authorities who require reporting of processing activities in certain circumstances.
Third parties to whom we sell, transfer, or merge parts of our business or our assets.
We require all third parties to whom we transfer your data to respect the security of your personal data and to treat it in accordance with the law. We only allow such third parties to process your personal data for specified purposes and in accordance with our instructions.
7. INTERNATIONAL TRANSFERS
Your information, including Personal Data, may be transferred to — and maintained on — computers located outside of your state, province, country or other governmental jurisdiction where the data protection laws may differ than those from your jurisdiction.
If you are located outside South Africa and choose to provide information to us, please note that we transfer the data, including Personal Data, to South Africa and process it there. We may also transfer to and process the data in the United States and other Jurisdictions where our servers, and processors are located.
8. DATA SECURITY
We have established appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorized way, altered or disclosed. In addition, we limit access to your personal data to those employees, agents, contractors and other third parties who have a business need to know such data. They will only process your personal data on our instructions and they are subject to a duty of confidentiality.
We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.
9. DATA RETENTION
We will only retain your personal data for as long as necessary to fulfill the purposes for which we collected it, including for the purposes of satisfying any legal, accounting, or reporting requirements, resolving disputes, and enforcing our legal agreements and policies.
We may also retain Usage Data for internal analysis purposes. Usage Data is generally retained for a shorter period of time, except when this data is used to strengthen the security or to improve the functionality of our Service, or we are legally obligated to retain this data for longer time periods.
To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorized use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements.
By law we have to keep basic information about our customers (including Contact, Identity, Financial and Transaction Data) for as much as six years after they cease being customers for tax purposes.
In some circumstances you can ask us to delete your data: see below for further information.
In some circumstances we may anonymize your personal data (so that it can no longer be associated with you) for research or statistical purposes in which case we may use this information indefinitely without further notice to you.
10. YOUR LEGAL RIGHTS
We aim to take reasonable steps to allow you to correct, amend, delete, or limit the use of your Personal Data. When such functionality exists within our Service, you can update your Personal Data directly within your account settings dashboard. If you are unable to change your Personal Data, please contact us to make the required changes.
If you wish to be informed what Personal Data we hold about you and if you want it to be removed from our systems, please contact us.
Under certain circumstances, you have the right to:
Request access to your personal data.
Request correction of your personal data.
Request erasure of your personal data.
Object to processing of your personal data.
Request restriction of processing your personal data.
Request transfer of your personal data.
Right to withdraw consent.
Right to data portability (i.e., to obtain a copy of your Personal Data in a commonly use electronic format so that you can manage and move it)
We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal data (or to exercise any of your other rights). This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response.
We try to respond to all legitimate requests within one month. Occasionally it may take us longer than a month if your request is particularly complex or you have made a number of requests. In this case, we will notify you and keep you updated.
If you are not happy with any aspect of how we collect and use your data, you have the right to complain to the applicable local authority (if any), But please contact us first so that we can resolve it for you.
11. THIRD PARTY LINKS