Chino.io Toolkit
Terms of Service

This Chino.io Toolkit’s Terms of Service (this “Agreement”) contains the terms and conditions that govern your access to and use of the Chino.io Services and is an agreement between Chino Srl, (hereinafter referred to as “We”, “Us”, “Our”, “the Service Provider” or “Chino”) and you or the entity you represent (“You”, “Your” or “The Customer”).   These Terms of Service incorporate the Annex: Chino.io Data Processing Agreement (“Chino.io DPA”).

You represent to us that you are lawfully able to enter into contracts (e.g. you are not a minor). If you are entering into this Agreement for an entity, such as the company you work for, you represent to us that you have legal authority to bind that entity.

The contract for the activation of the Chino.io Toolkit is composed of: 

 

1. this document (Chino.io terms of service)
2. the Offer document

The Parties shall execute the contract only after having signed and accepted the before mentioned documents. In case of conflicting clauses, the Offer document shall prevail.

The contractual object is the provision of the Chino.io Toolkit, as described in the Offer document and these contractual terms.

The Chino.io Toolkit is made available through the data service provider for a charge.

The Customer is granted the non-exclusive and non-assignable temporary right for the duration of the contract to use the Chino.io Toolkit in accordance with these terms.

Due to the highly technical nature of its Service, Chino is subject to an obligation of means.

After the Registration to the Service, Your profile settings, management of subscriptions, access keys, and other personal information can be done through the use of the website customers’ area (https://console.chino.io/).

 

1. Definitions
“Registration to the Service'' is the first access to the Service made by You through the registration procedure through Our website provided by Our sales team. During registration procedure  you will choose your personal username and password, upon acceptance of these Terms and Conditions; 

“Access to the Service” means the log in with Your personal username and password through Our webpage (https://console.chino.io/login);

“Subscription to the Service” means the subscription with a payment of any of the plans available in the Service Console, upon acceptance of these Terms and Conditions.

“Content(s)” refer to any data or information uploaded by You into the Cloud; 

“Cloud” means the digital space or the technological platform (Toolkit) made available by Chino with high capacity of storage and processing data which have been uploaded;

“Service” means, collectively, the plan You have subscribed to in the Offer document;

“Users” means those employees, contractors, and end users, as applicable, authorised by You or on Your behalf to use the Services in accordance with this Agreement and Your order. For Cloud Services that are specifically designed to allow Your clients, agents, customers, suppliers or other third parties to access the Cloud Services to interact with You, such third parties will be considered “Users” subject to the terms of this Agreement and Your order;

"The Parties" means the subscribers of this Agreement.

2. Subscription, duration and renewal of the Service
The use of the Service provided by Chino is exclusively reserved to its customer, natural person (adult) or legal entity (company), prior registration to the website customers’ area.
The Subscription to the Service is not transferable to third parties.
This Agreement is valid for the Registration and the Subscription which this Agreement accompanies. It may also be referenced for any purchase that increases the quantity of the original Services subscribed, for any Cloud services options offered by Chino for the original Services subscribed, and for any renewal or auto-renewal of the Services period of the original subscription.
The Service is subscribed for a predetermined duration detailed in the Offer document. The period of time shall automatically be extended for the same period (Extended Term) at the end of the Initial Term and at the end of each Extended Term, unless You give notice to Chino to terminate this Agreement. You shall communicate Your notice of cancellation through Your web-based Management Console. The cancellation will be effective immediately and no credits will be refunded. Your data will be deleted according to the procedure described in these Terms of Service.
In case of renewal, the Service will be renewed with the options and resources in course of invoicing during the previous duration agreed between the Parties. If you want to modify your Subscription plan, You have to notify your choice through Your web-based Management Console or via email before the end of the Initial Term or each Extended Term.

3. Duty of the Customer
You confirm that you have all the necessary technical knowledge and means to ensure the correct use and administration of the Service.
You undertake to use the Service in good faith. In case of abnormal use of the Service, Chino reserves the right to terminate the Service according to the provisions of  these Terms of Service.
You are responsible for identifying and authenticating all Your Users, for approving access by such Users to the Services, for controlling against unauthorised access by them, and for maintaining the confidentiality of usernames, passwords and account information.
You are required to accept all security patches, bug fixes and updates (collectively, “Patches”) necessary for the proper function and security of the Services.
Chino is not responsible for performance or security issues encountered with the Service that result from Your failure to accept the application of Patches that are necessary for the proper function and security of the Services. 
By integrating Chino.io Toolkit on Your system, Chino grants You a temporary licence to use any proprietary content of the Toolkit, among which, but not only, logos, distinctive marks, applications, codes and any patents, with the exclusive purpose of using the Services and displaying its contents for personal and non-commercial purposes. The licence does not include the right to obtain the Software’s source code or to have the related logical and / or project documentation. The ownership of the Software is not transferred to the Customer. The licence may be revoked at any time without prior notice by Chino also, but not only, for violations of the provisions of this Agreement caused by the Customer, without any liability for loss, damage and/or temporary or permanent modification of the Content uploaded by You.
By registering to the Chino.io Toolkit , You expressly authorise Chino to send communications - via email, to the email address supplied by You at the time of registration - having technical and/or maintenance purposes related to the functioning of the Service. By any chance, You are not allowed to block information, spread through any means by Chino, related to security and proper use of cloud services.  
The Customer will keep Chino exonerated from any claim, legal action or request for compensation connected with the use of the Software by the user or a third party.

4. Acceptable use of the Service

You shall not use or permit use of the Services, including by uploading, emailing, posting, publishing or otherwise transmitting any material, including Your Content, Your Applications and Third Party content, for any purpose that may:

 

• constitute unsolicited bulk email, “junk mail”, “spam” or chain letters, according to Article 130 of the Italian Data Protection Code (D.Lgs. 30 June 2003, n. 196, Codice in materia di protezione dei dati personali);
• menace or harass any person or cause damage or injury to any person or property;
• involve the publication of any material that is false, defamatory, harassing or obscene;
• violate privacy rights or promote bigotry, terrorism, racism, hatred or harm;
• promote or manage gambling;
• constitute a sharing of any kind of computer virus;
• constitute an infringement of intellectual property or other proprietary rights, or
• otherwise violate applicable laws, ordinances or regulations. 

You are aware that Chino is not required to verify the Content that you upload, unless this is necessary to fulfil a provision of law and/or orders by a judicial or other competent authority. Chino will not operate any preventive control over any Content, not being subject to any general obligation to monitor and therefore it can not be in any way considered responsible for the nature and characteristics of the Content, nor for any errors and/or omissions of the same, as well as for any direct and/or indirect damage, caused to the Customers themselves and/or third parties due to the use of any Content. Therefore, You shall have sole responsibility for the accuracy, quality, integrity, legality, reliability, appropriateness and ownership of all of Your Content and Your Applications submitted or transmitted through the Service. You undertake to use the Service only for legitimate purposes and allowed by the applicable law, uses and customs, rules of diligence and, in any case, without violating any rights of third parties.

Chino, by the order of the competent judicial authorities, will remove or disable the access to each Content directly reported to Chino, without any responsibility for the loss of the Content. Chino also reserves the right to suspend or terminate the access to the Service without notice to the author of the infringement. 

For purposes related to the guarantee of the continuity of the Service, Chino reserves the right to keep backup copies of all the Content uploaded by You. Data deleted by You will be removed also from the backup copies as quickly as possible, according to the time required for the backup management. Chino, in accordance with the instructions provided by the Data Controller, will remove the backup copies of the Content whether the access to the Service has been terminated and/or the contents have been deleted by the Customer.

5. Service Level Agreement (SLA)

In the event that any of the components of the Service set out in the table below are unavailable or malfunctions, You must contact Chino at tech-support@chino.io.

Chino will use all reasonable endeavours to provide the compliance with the following parameters:

 

• Chino will apply all commercially reasonable efforts to deliver its services according to the Service Availability threshold of 99.9%. In case of potential incidents, we will recognize credits detailed below;
• Chino will be dedicated to monitor and update its service with all zero-day security exploits and updates, and will provide you an assistance for security and emergency issues that are blocking its service delivery 24/7;
• Other non-blocking and non-security related issues will be solved on CET working hours 9:00 – 18:00 on working days (according to Italian working calendar and public holidays); 
• Support is available via email and replies within max of 2 working days (Italian calendar) between 9:00-17:00 (Rome). Contact information is available within the Chino.io Toolkit console system. 
• Planned maintenance that may interrupt the services will be communicated at least 5 working days in advance (Italian calendar) via our systems.
  

For the purpose of the recognition of credits we will monitor our API service unavailability on a monthly basis and refund You based on the following table:

 

The availability refers only to the API availability and it does not include the Management Console availability, or other auxiliary services provided by Chino.

The planned outage is not included in the Service availability measurements.

The calculation of the service credits refundable by Chino to You for unavailability and malfunctions of the relevant component of the Service is done by Chino monitoring system.

Reimbursements made in respect of compensation under this paragraph will be provided as free Service credits from the next subscription period, following the occurrence of the unavailability or service malfunctions for which Chino may be held liable. You may make a claim by sending an email at claims@chino.io within one (1) month after the unavailability is detected and for which You would seek the compensation provided for in the terms of this paragraph.    

You confirm that the refund of service credits as set out above shall be Your exclusive remedy in relation to any malfunction or non-availability of the Service.

The total service credits paid by Chino to You in any given month shall in no circumstances exceed the price paid by You for the Service during that month.

6. Prices, payments methods, billing

The prices for the Chino Services are agreed with the Chino in the offer document. Pricing could be adjusted by Chino upon thirty (30) days notice. Changes are not retroactive.

The Offer document details Your order, pricing, and additional charges or excess volume usage. In case the Service usage exceeds the subscribed plan, You will be charged as described on the signed Offer document sent to you. The reference time period for service usage monitoring is monthly.

Chino accepts payments by credit card or SEPA direct debit. Payment is due in advance and may only be made to a full month’s, year’s or the different duration of the Service agreed between the Parties. The renewal is made in accordance with the provisions of  these Terms of Service.

Any default in payment or improper payment (including without limitation attempted payment of an incorrect or incomplete amount, or which does not contain the required references, or by means or a procedure not accepted by Chino) may be rejected by Chino.

Amounts not paid within 30 days are overdue and shall accrue interest on a daily basis at the maximum amount permitted under applicable law (Decreto Legislativo n. 192/2012 - Directive 2011/7/UE) from the due date for payment until receipt of the full amount .

7. Service usage

The Service amount of the Plan that you subscribed to is defined in the Offer Document. The Customer may increase or decrease the service amount from the next billing period. Extra usage fee are calculated monthly and billed in the current or in the next available billing cycle, in accordance with the Offer Document.

In case of unfair behaviour and abnormal usage of the services by the Customer, Chino reserves the right to add, modify and remove usage limits (as an example, but not limited to, API calls per minute max document size) on customers or on the global service in order to guarantee the SLA of the service.

This does not affect the rights to termination in accordance with these Terms of Service, but it does not entitle the Customer to compensation.

8. Personal Data Security

These Service Terms incorporate the Annex: Chino.io’s Data Processing Agreement (“DPA”), when the GDPR applies to your use of the Chino.io Service (Tookit) to process Personal Data (as defined in the DPA).

Chino will act as a Data Processor, and will act on Customer’s instruction concerning the treatment of Personal Data, as specified in the attached DPA, with the limitation set forth in  these Terms of Service. The Customer agrees to provide any notices and obtain any consents related to his use of the Service and Chino’s provision of the Service, including those related to the collection, use, processing, transfer and disclosure of Personal Data.

All data centres where personal data may be processed (stored, mirrored and back up) are located in the European Economic Area (“EEA”).

Chino will guarantee the highest standards of security for the protection of privacy and personal information of each Customer, as detailed in these Terms of Service. However, it is important that Customer notes that no computer system, as subjected to tighter control and equipped with the most advanced security measures, can be considered sheltered from violations and/or unauthorised access by third parties.

For these reasons, Chino shall not assume any responsibility for any damages suffered by the Customer or his Users as a result of the loss or the violation of personal data put in place by third parties, which are not direct consequences of Chino’s actions and / or omissions.

Since for access to the service the Customer is required to use an access credential system, the choice of a personal password to use and its safe storage is under Customer’s sole responsibility. The disclosure of the password to third parties and/or the use of accounts and/or passwords belonging to other Users, constitutes a serious breach of this Agreement, legitimising the termination of the Service without notice. In case of known or suspected violation of his/her account and/or password, the Customer has a duty to report the incident immediately to Chino via e-mail indicated in our Chino.io Toolkit.

The Customer is, at any time, entitled to monitor and/or audit to ensure that appropriate privacy and security measures described in this Agreement are met on an ongoing basis. The audit log can be downloaded from Customer’s private console at the webpage (https://console.chino.io/ ). The audit log reports all accesses and operations on Customer’s data. In this regard, Chino will cooperate with the Customer in order to ensure compliance with applicable data protection provisions. Chino will provide Customer the electronic access to the Service to allow him to delete, release, correct or block access to specific Personal Data or, if that is not practicable and to the extent permitted by applicable law, follow his detailed written instructions to delete, release, correct or block access to Personal Data.

 

9. Termination, Limitation and Suspension of Service

Either party may terminate this Agreement, without having any claim to compensation, in case of force majeure.

In any other case, You may request the termination of the Service through Your web-based Management Console. The termination will be effective from the date of the submission of the request. Therefore, the Service will be charged for the whole billing period (month, year or according to Your personalised plan) and no credits will be refunded.

Even if You have terminated the Agreement, You may always request to re-enroll before the data is permanently deleted. 

Chino provides the customer with a 30 days grace period for re-drawing the cancellation. After this grace period the Content will be removed without any responsibility by Chino.

Clients, after the termination of the contract, are invited to keep on their devices or elsewhere a copy of backup of all Contents managed through the Cloud.

Failure to comply with the duties mentioned in § 2.1 (personal conditions of the Customer), 2.2 (prohibition of transfer), 3.2 (good faith), 4.1 (forbidden uses of the Service), 4.2 (forbidden content), and 7.5 (access credentials) shall determine the termination of the Agreement, in accordance with Article 1456 of the Italian Civil Code.

Chino complies with Data Portability requirements and gives You the possibility to request all your data as bulk download at any time. Downloaded Content will be encoded in JSON format according to your API setup.

Delays in payments, if the due date has passed by more than 30 days will result in the immediate suspension of the Service. If the payment is delayed by more than 60 days the contract shall be considered terminated. Accordingly, the Chino.io Toolkit account will be deactivated and data deleted.  

10. Intellectual property

Chino Srl retains all ownership and intellectual property rights in the Chino.io Toolkit, including derivative works thereof and in anything developed or delivered by or on behalf of Chino Srl under this Agreement.

11. Ownership of the Contents

The Customer, uploading his Contents and Applications, declares to own all of them and/or any intellectual property rights in and to. The Customer assumes all responsibility regarding their use and/or disclosure, indemnifying and holding Chino safe of any possible claim in this respect. 

12. Transfer of Agreement

Chino Srl may assign this Agreement or any right or obligation of this agreement or any related Data necessary to the prosecution of the Service, without the consent of the other party, only to the successor in interest to the business whether by sale of assets, merger or otherwise.

13. Warranties

Chino will perform Chino.io's warranty work by qualified personnel and in a workmanlike manner consistent with the supporting material. To the extent permitted by law, Chino disclaims all other warranties. Chino does not warrant that the service will be uninterrupted or error free. Chino.io is provided “AS IS” and to the extent permitted by law, Chino disclaims all warranties and liability. 

Chino warrants that it will provide and deliver the Service in all material respects as described in this Agreement. If the Services provided to You were not performed as warranted, You must promptly provide written notice to Chino that describes the deficiency in the Services. 

Chino will use commercially reasonable efforts to meet the stated SLA and quality of service. However, Chino does not guarantee that (a) the services will be performed error-free or uninterrupted, or that Chino will correct all services errors, (b) the services will operate in combination with Your Content or your applications, or with any other hardware, software, systems, services or data not provided by Chino, and (c) the services will meet your requirements, specifications or expectations. You acknowledge that Chino does not control the transfer of data over communications facilities, including the internet, and that the services may be subject to limitations, delays, and other problems inherent in the use of such communications facilities. Chino is not responsible for any delays, delivery failures, or other damage resulting from such problems. Chino is not responsible for any issues related to the performance, operation or security of the services that arise from Your Content, Your applications or third party content.

For any breach of the services warranty, Your exclusive remedy and Chino’s entire liability shall be the correction of the deficient services that caused the breach of warranty, or, if Chino cannot substantially correct the deficiency in a commercially reasonable manner, You may end the deficient services and Chino will refund to you the fees for the terminated services that you prepaid to Chino for the period following the effective date of termination. 

To the extent not prohibited by law, these warranties are exclusive and all other warranties or conditions, whether express or implied, are expressly excluded, including for software, hardware, systems, networks or environments or for merchantability, satisfactory quality and fitness for a particular purpose.

14. Limitation of Liability

NEITHER PARTY SHALL BE LIABLE FOR ANY INDIRECT, INCIDENTAL, SPECIAL, PUNITIVE, OR CONSEQUENTIAL DAMAGES, OR ANY LOSS OF REVENUE OR PROFITS (EXCLUDING FEES UNDER THE AGREEMENT), DATA, OR DATA USE. CHINO’S MAXIMUM LIABILITY FOR ANY DAMAGES ARISING OUT OF OR RELATED TO THIS SERVICE AGREEMENT SHALL IN NO EVENT EXCEED, IN THE AGGREGATE, THE TOTAL AMOUNTS ACTUALLY PAID TO CHINO FOR THE SERVICE IN THE 1 (ONE) MONTH PERIOD IMMEDIATELY PRECEDING THE EVENT GIVING RISE TO SUCH CLAIM. ANY DAMAGE IN CUSTOMER'S FAVOUR AGAINST CHINO SHALL BE REDUCED BY ANY REFUND OR CREDIT RECEIVED BY CUSTOMER UNDER THE AGREEMENT AND ANY SUCH REFUND AND CREDIT SHALL APPLY TOWARDS THE LIMITATION OF LIABILITY.

15. Governing Law and Jurisdiction

This Agreement is governed by Italian law. 

Any controversy arising from this Agreement will be subject to the exclusive jurisdiction of the Court of Trento, Italy.

16. Modification of the Agreement

Chino reserves the right to update, revise, supplement, and otherwise modify this Agreement, or parts of it, and to impose new or additional rules, policies, terms, or conditions on your use of the Service, at any time.  Every modification to the terms and conditions of the Service shall be effective after the communication to You. These general conditions of the Service, and any additions, modifications or upgrades, should be examined by You and will be considered fully accepted in the event of failure to exercise the right of withdrawal, according the procedures set in these Terms of Service by the date of entry into force of the modifications or additions to the Agreement.

17. Miscellaneous

If any part of this Agreement is found void and unenforceable, it will not affect the validity of the balance of this Agreement, which shall remain valid and enforceable according to its terms.

 

---

Annex: Chino.io Data Processing Agreement

Art. 28 GDPR

(between Controller and Processor) 

This Data Processing Agreement (“DPA”) forms part of the existing “Terms of Service” (“Main Service Agreement”) between Customer and Chino, in accordance with the requirements of Data Protection Laws. This means the DPA is entered into by and between Chino (the “Data Processor”) and You (the “Data Controller”) when you electronically accept or otherwise agree or opt-in to the Terms of Service. 

The identity and contact information for the Data Processor and the Data Controller are provided in the Offer document and in the completed registration form.

1. Definitions

“GDPR” means the General Data Protection Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data.

”Applicable Data Privacy Law” means such privacy and personal data laws and all other legislation (including regulations and mandatory rules) applicable to the personal data processing conducted under this Data Processing Agreement, including national legislation (such as the Italian Personal Data Protection Code (D. Lgs 196/2003 - D. Lgs. 101/2018) and EU General Data Protection Regulation 2016/679 (GDPR), as amended from time to time.

“Personal Data” means any information relating to an identified or identifiable individual where such information is contained within Customer Data and is protected similarly as personal data or personally identifiable information under applicable Data Protection Law.

“Data Subject” means the individual to whom Personal Data relates.

“Controller” means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the Processing of Personal Data.

“Processor” means a natural or legal person, public authority, agency or other body which processes Personal Data on behalf of the Controller.

“Processing” means any operation or set of operations which is performed on Personal Data, encompassing the collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction or erasure of Personal Data.

“Instruction” means the written, documented instruction, issued by Controller to Processor, and directing the same to perform a specific action with regard to Personal Data (including, but not limited to, depersonalising, blocking, deletion, making available).

“Personal Data Breach” means a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, Personal Data transmitted, stored or otherwise processed.

2.Processing of personal data

2.1 Scope and Purpose
The purpose of this Data Processing Agreement is to comply with the requirements under Applicable Data Privacy Law on agreements between a controller and a processor.
Controller is the controller in relation to the processing regulated under this Data Protection Agreement, and Processor is the processor in relation to the processing regulated under this Data Processing Agreement.
The processing of personal data may solely be done by Processor in order to fulfil Processor’s responsibilities under this Data Processing Agreement, i.e. maintenance of the system or solving problems related to the Controller’s application.
The Processor shall not use the personal data for any other purposes than those set out in this Data Processing Agreement.

2.2 Categories and types of Personal Data
In connection with the Data Processor’s delivery of the Main Services to the Data Controller, the Data Processor, on behalf of the Data Controller, will process certain categories and types of personal data pertaining to real persons and potentially their sensitive data.
The Data Processor only performs processing activities that are necessary and relevant to perform the Main Services. 
The categories and types of Personal Data processed by the Data Processor on behalf of the Data Controller can be identification data, health data and any other personal data uploaded by the Customer to the Service.

3. Instruction

The Data Processor may only act and process the Personal Data in accordance with the documented instruction from the Data Controller (the “Instruction”), unless required by law to act without such instruction. The Instruction at the time of entering into this Data Processor Agreement (DPA) is that the Data Processor may only process the Personal Data with the purpose of delivering the Main Services as described in the Main Service Agreement. Subject to the terms of this DPA and with mutual agreement of the parties, the Data Controller may issue additional written instructions consistent with the terms of this Agreement. The Data Controller is responsible for ensuring that all individuals who provide written instructions are authorised to do so. 

The Data Controller guarantees to process Personal Data in accordance with the requirements of Data Protection Laws and Regulations. The Data Controller’s instructions for the processing of Personal Data shall comply with Applicable Law. The Data Controller will have sole responsibility for the accuracy, quality, and legality of Personal Data and the means by which it was obtained.

4. The Data Processor’s obligations

• Confidentiality 

The Data Processor shall treat all the Personal Data as strictly confidential information. The Personal Data may not be copied, transferred or otherwise processed in conflict with the Instruction, unless the Data Controller in writing has agreed. 

The Data Processor’s employees shall be subject to an obligation of confidentiality that ensures that the employees shall treat all the Personal Data under this DPA with strict confidentiality. 

Personal Data will only be made available to personnel that require access to such Personal Data for the delivery of the Main Services and this Data Processor Agreement. 

• Technical and Organisational Measures

The Processor will endeavour to take adequate technical and organisational measures against loss or any form of unlawful processing (such as unauthorised disclosure, deterioration, alteration or disclosure of personal data) in connection with the performance of processing personal data under this Data Processing Agreement.

The Processor does not guarantee that the security measures are effective under all circumstances. The Processor will endeavour to ensure that the security measures are of a reasonable level, having regard to the state of the art, the sensitivity of the personal data and the costs related to the security measures.

The Data Processor shall implement the appropriate technical and organisational measures as set out in this Agreement and in the Applicable Law, including in accordance with GDPR, article 32. The security measures are subject to technical progress and development. The Data Processor may update or modify the security measures from time-to-time provided that such updates and modifications do not result in the degradation of the overall security.

• Data protection impact assessments and prior consultation 

If the Data Processor’s assistance is necessary and relevant, the Data Processor shall assist the Data Controller in preparing data protection impact assessments in accordance with GDPR, article 35, along with any prior consultation in accordance with GDPR, article 36.

• Rights of the data subjects 

If the Data Controller receives a request from a data subject for the exercise of the data subject’s rights under the Applicable Law and the correct and legitimate reply to such a request necessitates the Data Processor’s assistance, the Data Processor shall assist the Data Controller by providing the necessary information and documentation. The Data Processor shall be given reasonable time to assist the Data Controller with such requests in accordance with the Applicable Law. 

If the Data Processor receives a request from a data subject for the exercise of the data subject’s rights under the Applicable Law and such request is related to the Personal Data of the Data Controller, the Data Processor must immediately forward the request to the Data Controller and must refrain from responding to the person directly. 

• Personal Data Breaches 

The Data Processor shall give immediate notice to the Data Controller if a breach occurs, that can lead to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of or access to, personal data transmitted, stored or otherwise processed re the Personal Data processed on behalf of the Data Controller (a “Personal Data Breach”). 

The Data Processor shall make reasonable efforts to identify the cause of such a breach and take those steps as they deem necessary to establish the cause, and to prevent such a breach from reoccurring.

• Documentation of compliance and Audit Rights

Upon request by a Data Controller, the Data Processor shall make available to the Data Controller all relevant information necessary to demonstrate compliance with this DPA, and shall allow for and reasonably cooperate with audits, including inspections by the Data Controller or an auditor mandated by the Data Controller. The Data Controller shall give notice of any audit or document inspection to be conducted and shall make reasonable endeavours to avoid causing damage or disruption to the Data Processors premises, equipment and business in the course of such an audit or inspection. Any audit or document inspection shall be carried out with reasonable prior written notice of no less than 30 days, and shall not be conducted more than once a year. 

The Data Controller may be requested to sign a non-disclosure agreement reasonably acceptable to the Data Processor before being furnished with the above.

The costs of the audit will be borne by the Controller.

• Data Transfers 

The Data Processor will not transfer processed data to countries outside the European Economic Area.

Transfers of personal data to a so-called third country or an international organisation may only be made upon a documented instruction from the Controller.

5. Sub-Processors

The Data Processor is given general authorisation to engage third-parties to process the Personal Data (“Sub-Processors”) without obtaining any further written, specific authorization from the Data Controller, provided that the Data Processor notifies the Data Controller in writing about the identity of a potential Sub-Processor (and its processors, if any) before any agreements are made with the relevant Sub-Processors and before the relevant Sub-Processor processes any of the Personal Data. If the Data Controller wishes to object to the relevant Sub- Processor, the Data Controller shall give notice hereof in writing within ten (10) business days from receiving the notification from the Data Processor. Absence of any objections from the Data Controller shall be deemed consent to the relevant Sub-Processor. 

List of Current Sub-processors:

6. Additional costs

The Data Processor is also entitled to remuneration for any time and material used to adapt and change the processing activities in order to comply with any changes to the Data Controller’s Instruction, including implementation costs and additional costs required to deliver the Main Services due to the change in the Instruction. The Data Processor is exempted from liability for non-performance with the Main Agreement if the performance of the obligations under the Main Agreement would be in conflict with any changed Instruction or if contractual delivery in accordance with the changed Instruction is impossible. This could for instance be the case; (i) if the changes to the Instruction cannot technically, practically or legally be implemented; (ii) where the Data Controller explicitly requires that the changes to the Instruction shall be applicable before the changes can be implemented; and (iii) in the period of time until the Main Agreement is changed to reflect the new Instruction and commercial terms thereof. 

7. Responsibility

Controller shall ensure that the processing of personal data pursuant to this Data Processing Agreement complies with Applicable Data Privacy Law, and ensure a legal basis for the processing of personal data which Controller, through the Data Processing Agreement, is assigning to Processor, as well as ensure that the instructions provided by Controller to Processor in relation to the processing complies with Applicable Data Privacy Law.

Processor shall assist Controller by appropriate technical and organisational measures, insofar as this is possible, for the fulfilment of the Controller’s obligations under Applicable Data Privacy Law to respond to requests from data subjects for e.g. information about or the receipt, rectification, erasure or restriction of such data subject’s personal data.

8. Duration

The Data Processing Agreement shall remain in force until the Main Service Agreement is terminated.

9. Termination

Following expiration or termination of the Agreement (above Terms of Service), the Data Processor will delete or return to the Data Controller all Personal Data in its possession as provided in the Agreement except to the extent the Data Processor is required by Applicable law to retain some or all of the Personal Data (in which case the Data Processor will archive the data and implement reasonable measures to prevent the Personal Data from any further processing). The terms of this DPA will continue to apply to such Personal Data.