Software as a Service Agreement.
[Updated February 8th, 2021]
BETWEEN SWIPEGUIDE B.V. AND CUSTOMER
PARTIES:
1. SWIPEGUIDE B.V., a corporation under the laws of the Netherlands, having its corporate seats in John M. Keynesplein 12-46, Amsterdam, the Netherlands trade register number 62.58.47.74 (“SwipeGuide”);
and,
2. Customer.
The parties mentioned above hereinafter also to be referred to as the “Parties” and each individually as a “Party”.
CONSIDERING:
A. SwipeGuide offers to license a ready to use software application (the “Licensed Software”) to create user manuals and work instructions (the “Guides”). See www.swipeguide.com for more information. The Licensed Software is offered on a subscription basis.
B. Customer wants to use the Licensed Software for its own business purposes.
C. SwipeGuide hereby agrees to enter into a Software as a Service Agreement and the applicable Schedule A and Schedule B (the “Agreement”) with Customer in accordance with the terms and conditions of this Agreement.
NOW, THEREFORE, the Parties have agreed and agree as set forth below :
1. DEFINITIONS AND INTERPRETATION.
1.1. The definitions and rules of interpretation in this clause apply in this Agreement.
|
Data: |
All customized information which is made available by means of the Licensed Software upon request or desire of Customer, such as but not limited to personal data of customers within the meaning of the General Data Protection Regulation (“GDPR”), feedback given by customers, questionnaires, default texts, messages to customers, follow up feedback, lists of users, reports and evaluation, as well as all designs, logo’s, trademarks and tradenames that Customer requests to incorporate in the visual appearance of the Licensed Software. |
|
Effective Date: |
Means the effective date as set out under clause 7 of the Agreement. |
|
Fee: |
The fee that Customer must pay to SwipeGuide for the temporary use of the Licensed Software as provided at section 6 hereof. |
|
Force Majeure Event: |
Means an event, or a series of related events, that is outside the reasonable control of the party affected (including but not limited to failures of the internet or any public telecommunications network, hacker attacks, denial of service attacks, virus or other malicious software attacks or infections and power failures, and including any pandemic / Covid19 related events/circumstances). |
|
GDPR: |
General Data Protection Regulation (EU) 2016/679 |
|
Guides: |
Means the user manuals and work instructions created by Customer with the Licensed Software. |
|
Initial Term: |
Means the term as set out under clause 7 of the Agreement. |
|
Intellectual Property Rights: |
In particular but not limited to copyrights, trademarks, trade name rights, (un)registered design rights, database rights, patents, as well as all (enforcement) rights relating to domain names, trade secret rights, know-how, computer software, source code and technical documentation, inventions, discoveries, specifications, developments, methods, algorithms. |
|
Order Form: |
The signed confirmation of order by Customer. |
|
Personal Information: |
Information or pieces of information that could (directly or indirectly) allow individual persons to be identified. |
|
SaaS Agreement: |
This Software as a Service agreement. |
|
Schedule: |
Means the schedule which are attached to the Agreement. |
|
Service: |
Means the Licensed Software hosted by SwipeGuide. |
|
Service Level: |
Means the agreed levels concerning the performance of Services. |
|
Software: |
The computer software offered by SwipeGuide to Customer, inter alia see www.swipeguide.com for reference, including but not limited to source code, object code, net lists, design tools, user interfaces, application programming interfaces, protocols, formats, documentation, annotations. |
|
Term: |
Means the term as set out under clause 7 of the Agreement. |
|
Updates: |
Means the updated version of the Licensed Software, which SwipeGuide makes available in accordance with the Agreement, at SwipeGuide’s sole discretion. |
|
XLA: |
The Experience Level Agreement entered into by SwipeGuide and Customer upon approval of the confirmation of order. |
1.2. The headings in this Agreement do not affect its interpretation. Except where the context otherwise requires, references to clauses and Schedule are to clauses and Schedule of this Agreement.
1.3. Unless the context otherwise requires:
1.4. Words in the singular include the plural and those in the plural include the singular.
1.5. A “person” includes a natural person, corporate or unincorporated body (whether or not having separate legal personality).
2. SOFTWARE
2.1. The following Licensed Software shall be licensed to Customer in accordance with this Agreement:
- SwipeGuide’s Web solution
- SwipeGuide’s Native Apps
2.2. Updates to the Licensed Software shall be supplied, at SwipeGuides discretion, where made generally commercially available from time to time provided that it shall not include any products which are priced or marketed separately by SwipeGuide from the products identified above. SwipeGuide shall not be required to provide an Update to Customer where the provision of such Update is prohibited by contractual restrictions imposed upon SwipeGuide by its suppliers or would result in a cost of sales impact to SwipeGuide. A “cost of sales” impact for these purposes shall be deemed to mean where third party suppliers impose financial obligations on SwipeGuide for such use of their data by Customer.
3. LICENSED SOFTWARE
3.1. SwipeGuide grants to Customer upon the Effective Date, a non-exclusive and non-transferable, non-revocable license to make use of the Licensed Software during the Term of the Agreement for its own business purposes only.
3.2. Parties enter into this Agreement for the duration of 12 months, unless terminated earlier in accordance with this Agreement.
3.3. Customer will use the Licensed Software only to create Guides for its own business purpose. In case Customer would like to use the Licensed Software for other purposes, Customer will request prior written consent from SwipeGuide. Customer shall not be entitled to use the source code, or any part thereof.
3.4. Customer will get full access to the Licensed Software by means of the Internet. Neither SwipeGuide nor any of its agents, employees, licensors and subcontractors shall be liable to Customer or any other party for any claim, loss, demand or damages whatsoever (whether such claims, loss, demands or damages were foreseeable, known or otherwise) arising out of or in connection with the use of the internet while accessing the Licensed Software.
3.5. Customer, shall not:
3.6. In case SwipeGuide reasonably suspects that a user account of Customer is used in violation of any user restriction provisions in this clause or elsewhere in the Agreement, SwipeGuide is allowed to immediately block and prevent access to the account. This does not limit the right of SwipeGuide to any other remedies or attach other consequences mentioned in this Agreement or provided by law when Customer is in violation of any user restriction provisions in this clause or elsewhere in the Agreement.
4. CUSTOMER RESPONSIBILITIES
4.1. Customer shall provide information and assistance to SwipeGuide to enable SwipeGuide to deliver the Service. Upon request from SwipeGuide, Customer shall promptly deliver all information and cooperation necessary for SwipeGuide to perform the obligations under this Agreement and the XLA. Customer acknowledges that SwipeGuide’s ability to deliver the Service in the manner provided in this Agreement may depend upon the accuracy and timeliness of such information and assistance.
4.2. Customer is solely responsible for the technical operation and maintenance of its internet connection, internal network, and all other systems that are relevant or necessary for undisturbed use of the Service.
4.3. Customer guarantees not to upload any inappropriate or obscene content. Customer also guarantees to notify SwipeGuide of content of this nature. After this notification, SwipeGuide will examine the content and reserves the right to remove it.
5. ACCESS TO DATA
5.1. Parties shall enter into a separate Data Processing Agreement, which is included under Schedule B of the Agreement, to regulate the use of to regulate the processing of personal Data in relation to the use of the Licensed Software by Customer.
6. FEE
6.1. As compensation for the use of the Licensed Software, Customer shall pay SwipeGuide the fees listed in the Order Form. All prices and fees are exclusive of, and Customer shall pay, all taxes, duties, levies or fees, or other similar charges imposed on by any taxing authority (other than taxes imposed on SwipeGuide’s income), related to the Service and this Agreement, unless Customer has provided SwipeGuide with an appropriate resale or exemption certificate for the delivery location, which is the location where the Service is used by Customer. In case of changes in law such that a tax is levied that is or becomes irrecoverable with a consequent cost increase for SwipeGuide in connection to the delivery of the Service, SwipeGuide is entitled to increase its fees accordingly and retro-actively.
6.2. SwipeGuide reserves the right to change the fee for Licensed Software. Such a price change is, however, only permitted no earlier than twelve months following the Effective Date of the Agreement and only once per contractual year with a maximum of 5% of the annual fee. SwipeGuide shall inform Customer in writing of such changes at least six weeks prior to their taking effect. SwipeGuide reserves the right to sell additional features separately.
6.3. SwipeGuide shall be entitled to invoice the license fee on or after the Effective Date or, if earlier, the date of execution of this Agreement.
6.4. Customer shall pay the agreed fee as stipulated in the Order Form by means of a bank transfer (pre-payment or automated online payment) as instructed in writing by SwipeGuide. Customer shall pay the fee to SwipeGuide within 30 days after the invoice date.
6.5. If Customer fails to pay the agreed fees to SwipeGuide in accordance with the above provisions, SwipeGuide is entitled to deny Customer access to the Licensed Software, for example, by blocking user accounts provided to Customer. This does not limit the right of SwipeGuide to additional remedies as set forth in this Agreement or as available by law.
7. DURATION
7.1. This Agreement comes into effect per sign date of the Order Form (the “Effective Date”) and shall continue for a period of 12 months (the “Initial Term”). During the Initial Term termination is not possible. Unless a Party chooses not to renew as set forth in clause 7.2, after the Initial Term, the Agreement will automatically renew for an indefinite period of time, until terminated in accordance with this Agreement (the “Term”)..
7.2. Not earlier than thirty (30) days and not later than fifteen (15) days before the end of the Initial Terms, a party may provide written notice to the other Party of its choice not to renew the Agreement as a consequence of which the Agreement will automatically terminate upon the first anniversary of the Effective Date. After the Initial Term, the Agreement may be terminated upon six (6) months written notice.
7.3. A Party shall have the right to terminate this Agreement in its entirety before the end of the Term upon written notice to the other Party if such other Party is in material breach of this Agreement and has not cured such breach within ninety (90) days (or thirty (30) days with respect to any payment breach) after notice from the terminating Party requesting cure of the breach. Any such termination shall become effective at the end of such ninety (90) days (or thirty (30) days with respect to any payment breach) period unless the breaching Party has cured any such breach or default prior to the end of such period.
7.4. If the Agreement is ended for any reason whatsoever, SwipeGuide will deny Customer access to the Licensed Software immediately after termination of the 30 days notice period. In addition, if the Agreement is ended for any reason whatsoever under clause 7.2 or 7.3, SwipeGuide will not be obligated to refund any paid fees and / or invoices. Furthermore, in case of termination of this Agreement, any and all outstanding payments become directly payable and due.
7.5. A Party may terminate this Agreement with immediate effect, without any notice being required and without being liable for any damages as a result of the termination, implying that SwipeGuide is entitled to immediately deny Customer access to the Licensed Software, in case the other Party :
8. INTELLECTUAL PROPERTY
8.1. SwipeGuide is and remains the exclusive owner of all the current and future “Intellectual Property Rights” and other (propriety) rights vesting in and relating to the Licensed Software.
8.2. Customer acknowledges that, under this Agreement, it will only be allowed to use the Licensed Software for its own business purposes, and will not and shall not make any claims to the SwipeGuide’s Intellectual Property Rights.
9. INDEMNIFICATION
CUSTOMER IS SOLELY RESPONSIBLE AND LIABLE FOR ALL CONTENT, DATA, INCLUDING PERSONAL DATA, AND ACTIVITIES CONDUCTED THROUGH OR VIA THE SERVICE, OR ANY PART OR FEATURE THEREOF, BY OR ON BEHALF OF CUSTOMER, EVEN IF SUCH ACTIVITIES WERE TO OCCUR WITHOUT CUSTOMER’S PERMISSION. CUSTOMER WILL INDEMNIFY, DEFEND AND HOLD HARMLESS SWIPEGUIDE, SWIPEGUIDE’S OFFICERS, DIRECTORS, EMPLOYEES, LICENSORS AND AGENTS, FROM AND AGAINST ANY AND ALL CLAIMS, DEMANDS, AND ACTIONS, AND ANY LIABILITIES, DAMAGES, OR EXPENSES RESULTING THEREFROM, INCLUDING COURT COSTS AND REASONABLE ATTORNEY FEES, ARISING OUT OF OR RELATING TO (I) THE USE OF THE SERVICE; (II) ANY BREACH OF THE OBLIGATIONS AND/OR REPRESENTATIONS MADE BY CUSTOMER UNDER THIS AGREEMENT; OR (III) CUSTOMER’S NEGLIGENCE, ACTS OR OMISSIONS.
10. LIMITATION OF LIABILITY
10.1. SwipeGuide represents and warrants to Customer and acknowledges Customer is relying thereon, that the Licensed Software will perform substantially as stipulated in the XLA.
10.2. Although the Service has been designed with the greatest care, SwipeGuide does not guarantee that the Licensed Software will work perfectly and/or without omissions and / or will be error free in all circumstances. Customer further acknowledges that the Licensed Software is provided over the internet, as well as by means of personal devices and/or technical infrastructure of Customer for which SwipeGuide is not responsible, and thus the quality and availability of the Licensed Software may be affected by factors outside SwipeGuide’s reasonable control.
10.3. SwipeGuide is not liable for the Guides and / or any damage caused by incorrect, faulty, and/or unauthorized use of the Licensed Software by Customer, e.g. contrary to SwipeGuide’s instructions, manual or guidelines.
10.4. Customer is solely responsible for the content that is uploaded using the Licensed Software. SwipeGuide is not responsible nor liable for any content uploaded by the Customer.
10.5. SwipeGuide is not liable for the incorrectness or incompleteness of the processed Data as mentioned in Clause 4.1 and is not liable for the application thereof.
10.6. SwipeGuide is not liable for the Data provided by Customer in relation to the Service.
10.7. If and in so far as Customer is to blame for failing to observe any of its duties, or is in breach of any of its representations and warranties provided in this Agreement, Customer is liable to SwipeGuide for compensation for loss suffered or to be suffered by SwipeGuide.
10.8. If a Force Majeure Event gives rise to failure or delay in either party performing any obligation under this Agreement, the Party whose performance of its obligations under the Agreement is affected by the Force Majeure Event will promptly notify the other Party. SwipeGuide will be authorized to suspend its services fully for the duration of the Force Majeure Event. In case of suspension of services by SwipeGuide attributable to a Force Majeure Event, SwipeGuide will never be liable for any damages of Customer nor will SwipeGuide be obliged to return to Customer a proportional part of the Fee. SwipeGuide will resume its services as soon as possible.
10.9. IF AND IN SO FAR AS SWIPEGUIDE IS TO BLAME FOR FAILING TO OBSERVE ANY OF ITS DUTIES OR IS IN BREACH OF ANY OF ITS REPRESENTATIONS AND WARRANTIES PROVIDED IN THIS AGREEMENT, SWIPEGUIDE WILL ONLY BE LIABLE FOR THE DIRECT DAMAGES, WHEREBY THE MAXIMUM AMOUNT FOR WHICH SWIPEGUIDE MAY BE HELD LIABLE CANNOT EXCEED THE COMPENSATION OF THE AMOUNT THAT SWIPEGUIDE RECEIVES UNDER ITS LIABILITY INSURANCE IN THE RELEVANT CASE. IF, FOR WHATEVER REASON, NO PAYMENT IS RECEIVED FROM THE INSURER, THEN THE MAXIMUM AMOUNT FOR WHICH SWIPEGUIDE MAY BE HELD LIABLE CANNOT EXCEED THE VALUE OF THE FEES (EXCLUDING APPLICABLE TAXES AND OTHER PUBLIC AUTHORITY CHARGES) PAID BY CUSTOMER AND RECEIVED BY SWIPEGUIDEIN THE CALENDAR YEAR IN WHICH THE DAMAGES FIRST AROSE.
10.10. TO THE EXTENT ALLOWED BY APPLICABLE LAW, PARTIES WILL NOT BE LIABLE FOR ANY INDIRECT, SPECIAL, INCIDENTAL, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, DAMAGES FOR INTERRUPTION OF BUSINESS, LOSS OF BUSINESS, LOSS OF PROFITS AND LOSS OF USE OF DATA) RELATED TO OR ARISING OUT OF THIS AGREEMENT, EVEN IF A PARTY HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.
10.11. The limitations in this clause do not apply in the event of a Party’s gross negligence, wilful misconduct, or fraud.
10.12. Any right from Customer to claim damages ceases when Customer has not taken the measurements necessary to mitigate the damage or to prevent further and/or other damage. The right to claim damages will also cease if Customer did not inform SwipeGuide in detail in writing within thirty (30) calendar days after noticing the damages.
11. CONFIDENTIALITY
11.1. The Parties are obliged to observe strict confidentiality concerning all confidential information with which the Parties or persons whose services they use in the fulfilment of this Agreement come into contact. Information is considered confidential if designated as confidential by the other Party or if confidentiality results from the nature of the information. In any event, confidential information includes “personal information” and all materials, documents, ideas, data or other information that concerns the research and development, company secrets or company information of the other Party.
12. MISCELLANEOUS
12.1. This Agreement may only be amended by mutual agreement between Parties in writing.
12.2. If any provision of this Agreement shall be held by any court of competent jurisdiction to be invalid or unenforceable, (i) the invalidity or unenforceability of such provision shall have no effect upon and shall not impair the validity and enforceability of any other provision of this Agreement, and (ii) Parties shall reach agreement on the replacement of the invalid and/or unenforceable provision by a valid and enforceable provision that complies – as much as possible – with the objectives of the Parties as expressed in this Agreement.
12.3. This Agreement shall be binding upon, inure to the benefit of, and be enforceable by the Parties and their respective licensors, successors and assignees.
12.4. No Party hereto may assign this Agreement or any part hereof without the prior written consent of the other Party hereto. However, SwipeGuide may assign this Agreement to affiliated parties upon written notice to Customer.
13. GOVERNING LAW AND JURISDICTION
This Agreement shall be governed by the laws of the Netherlands. Any disputes arising under, or related to, this Agreement must be brought in the courts located in Amsterdam. The Parties hereto irrevocably consent to the exclusive subject matter jurisdiction and venue of such courts. The Parties further agree and consent to the personal jurisdiction of such courts. ANY CAUSE OF ACTION AGAINST A PARTY, EITHER IN CONTRACT, TORT OR OTHERWISE, MUST COMMENCE WITHIN ONE (1) YEAR AFTER THE CAUSE OF ACTION ACCRUES. OTHERWISE, SUCH CAUSE OF ACTION IS PERMANENTLY BARRED.
SCHEDULE A – Experience Level Agreement (XLA)
THIS XLA IS AN ATTACHMENT TO THE SOFTWARE AS A SERVICE AGREEMENT BETWEEN SWIPEGUIDE AND CUSTOMER (“SAAS AGREEMENT”). CAPITALIZED / DEFINED TERMS IN THIS XLA WILL HAVE THE MEANING SET FORTH IN THE SAAS AGREEMENT.
1. EXPERIENCE LEVEL COMMITMENT
1.1. During the Term of the Agreement, as defined in the SaaS Agreement, and with respect to the Licensed Software SwipeGuide shall ensure that the Licensed Software will be provided in accordance with the Service Levels as set out in this Schedule.
1.2. SwipeGuide shall not be liable for any failure to meet the Service Levels where such failure results from, without limitation:
1.2.1. Any breach by Licensee of the terms and condition of this Agreement;
1.2.2. Any failure of Licensee or its end user to maintain an adequate connection to the internet or other such form of connectivity which Licensee’s products require in order to access the Licensed Software;
1.2.3. Any failure or malfunction of Customer’s products which is not attributable to the Licensed Software;
1.2.4. Any failure or malfunction caused by components, factors, systems or products not directly sourced and provided by SwipeGuide; or
1.2.5. Any failure or malfunction outside SwipeGuide’s reasonable control.
2. AVAILABILITY
2.1. The availability of the software is the percentage of total possible time per month the Service is available to Customer for use. To calculate this, SwipeGuide subtracts the number of downtime minutes from the total possible minutes in a month.
2.2. SwipeGuide guarantees a 99.9% availability of its Service. Downtime is the time the service is not available to Customer for use in a given month due to incidents. Situations that don’t fall under downtime are e.g.:
- Service degradation of some parts of the SwipeGuide platform, like reduced speed of (up)loading content or sharing of guides.
- Issues related to third party apps or caused by third parties.
- Network problems external to our systems that are beyond our control.
- Scheduled downtime for platform maintenance (we will inform you as soon as necessary).
- There is a force majeure causing our services to be interrupted (e.g. forces of nature or power outages).
- Issues caused by the customer due to non-compliance with the fair use policy, as described in the SaaS Agreement.
- Deployment issues related to SwipeGuide Native Apps published outside of the standard Apple App Store and Google Play.
2.3. SwipeGuide has availability monitoring in place to keep the pulse of the platform. Customer can check the availability via the portal: status.swipeguide.com
3. RELEASE MANAGEMENT
3.1. SwipeGuide releases improvements and new functionalities to its Software on a daily basis without scheduled downtime. Our standard release window for incidental platform maintenance with scheduled downtime is between 00:00 – 03:00 CEST. On some occasions, we might need to release outside this window with scheduled downtime. In these cases, we will inform you in advance as far as possible. Releases of the SwipeGuide Native Apps will be done through the Apple App Store & Google Play. For releases of the native SwipeGuide apps through other stores separate agreements will be made.
4. SOFTWARE IMPROVEMENTS
4.1. SwipeGuide will automatically make available to Customer new versions, releases, and updates to the Service to add new features, enhance existing features, solve defects and/or errors, keep the platform up-to-date with market developments, or otherwise improve (the operation or functionality of) the Service. SwipeGuide will only support the most recent version of the Service. SwipeGuide shall make reasonable efforts to ensure that when performing such actions, the impact on Customer and its user(s) is limited.
4.2. New versions, releases, or updates will contain at least the level of functionality as set out in this Agreement and as contained in the previous version or release of the Service, and will not otherwise negatively impact the use of the Service.
4.3. For the SwipeGuide Native Apps the most recent version is available through the Apple App Store & Google Play. For releases of the SwipeGuide Native Apps through other stores separate agreements will be made.
5. INCIDENT MANAGEMENT
5.1. Every day SwipeGuide will do its best to avoid incidents to happen on the platform. When an incident might happen, we have a solid procedure in place. SwipeGuide handles incidents according to the following process.
5.2. Users with a SwipeGuide User Account can report an incident through the chat in the platform or via support@swipeguide.com. SwipeGuide needs to know at least the time of the incident, the name of the user, the steps taken getting to the incident and the possible error message. It helps to add a screenshot to illustrate the incident when relevant and communicate the system and browser used.
5.3. SwipeGuide Support confirms receipt and reproduces the incident.
5.4. SwipeGuide Support classifies the issue:
- Priority 1 = SwipeGuide is not available to end-users (picked up within 1 hour).
- Priority 2 = Service degradation meaning part of the functionality is not or in a limited way available.
- Priority 3 = an issue that only affects one or few users.
5.5. SwipeGuide Support confirms receipt and reproduces the incident.
5.6. Incident will be recovered by the SwipeGuide team. SwipeGuide support will inform the reporting user on the status of the incident recovery through chat and/or e-mail.
5.7. Reporting user tests the solution. The user tests if the incident is solved and reports back an OK to SwipeGuide support.
5.8. SwipeGuide Support closes the incident. Incidents will be closed, root-cause analysis will be done and the incident is logged for reporting to Customer.
6. SECURITY
6.1. Security is important to SwipeGuide. Although SwipeGuide doesn’t process personalized end-user data SwipeGuide aims to deliver a secure platform to its users. SwipeGuide does this through manual and automated testing before releasing new software. SwipeGuide has an authentication process in place for editor and admin users of the platform. Also, we provide the software through a secure SSL connection. SwipeGuide has a processor agreement that covers all legal aspects of handling user data. Besides this SwipeGuide performs periodical security check-ups that assesses all aspects of the platform (both technical and logical).
7. CUSTOMER SERVICE
7.1. The main customer care channel is the chat function on the SwipeGuide website and in the application. In case Customer experiences an issue, a message can be left in the chat function and we will pick it up immediately. No additional costs will be charged. Alternatively, a message can be sent to support@swipeguide.com
SCHEDULE B – Data Processing Agreement
1. DEFINITIONS
|
Agreement |
The underlying Data Processing Agreement, applicable between Parties. |
|
Data Controller |
You, who as a user makes use of our services and therefore you supply us with personal data of Data subjects. As such, you are the Controller in the sense of the GDPR. |
|
Data Processor |
We, SwipeGuide, with the following address: John M Keynesplein 12-46, 1066EP Amsterdam, The Netherlands, registered with the Chamber of Commerce under the following number: 62.58.47.74, operating as a processor of personal data with which the Controller supplies us. |
|
Data Subjects |
The persons of which personal data is collected on the basis of this data processing agreement; data subjects within the meaning of what is specified in the GDPR. |
|
GDPR |
The General Data Protection Regulation (EU) 2016/679 per 25 May 2018. |
|
Parties |
The processor and Controller referred to jointly. |
|
Personal data |
Data which can be used either directly or indirectly to identify a natural person, as intended in the GDPR. |
|
Sub Processors |
Third parties, employed by the Processor for the processing of personal data for the benefit of the Controller. |
2. BACKGROUND
2.1. The controller acts as a controller (also called a ‘data controller’), in the sense of the GDPR. This means that the purpose and the means of the processing of personal data are determined by Controller and that Controller uses this data for its own personal purposes.
2.2. The processor acts as a ‘processor’ in the sense of the GDPR. This means that Processor only processes the personal data supplied by the Controller in accordance with Controller’s written instructions, as described in this Data Processing Agreement. The processor shall not process the data for its own personal purposes.
3. EXECUTION OF PROCESSING
3.1. In the execution of the assignment, the Data Processor will handle the personal data in a careful manner and only process the personal data based on the assignment of the Data Controller, in accordance with its written instructions and in accordance with this Agreement and the GDPR.
3.2. The Data Processor will not process the personal data for any other purpose than as determined by the Data Controller. Data Processor has no control over the purpose and means of the processing of the personal data.
3.3. Data Processor and Controller each guarantee that every person acting under its authority will process the personal data lawfully and in accordance with this Agreement and the GDPR.
3.4. At the request of Data Controller, Data Processor will provide Data Controller with information about the (security) measures taken in order to comply with the obligations under the GDPR, this Agreement, and other instructions from Data Controller.
4. WARRANTY DATA CONTROLLER
4.1. Data Controller guarantees the processing of the personal data of the Data Subjects, as referred to in this Agreement, is not unlawful and does not violate the rights of others. Data Controller indemnifies Data Processor against all claims relating to this.
5. TRANSFER OF PERSONAL DATA
5.1. In principle, the Processor only processes the personal data within the confines of the European Union and the countries that have been designated by the European Commission as countries offering an adequate level of protection.
5.2. The Processor shall only pass along personal data to countries for which no adequacy decision has been taken if this is in accordance with the requirements of the GDPR. In case the consent of Data Subjects is required, the Controller shall bear the responsibility for acquiring it.
5.3. The processor shall notify the Controller in advance of any processing in another country that is not included in paragraph 1 of this article unless such processing is legally prohibited.
5.4. Article 6 - Security measures Data Processor implements all appropriate technical and organizational measures to prevent loss of personal data or any form of unlawful processing, subject to the relevant provisions of the GDPR. These measures shall guarantee an adequate level of protection of the personal data being processed, subject to the relevant provisions of the GDPR
5.5. Data Processor will at least take the following security measures:
- Encryption of digital files containing personal data.
- Security of the network connection with Secure Socket Layer (SSL) technology or a similar technology.
- Restriction of access to personal data to authorized employees.
- Annual audits of the security policy by an external party.
- Back-ups of the personal data to restore them in time in case of physical or technical incidents.
5.6. Data Processor shall provide Data Controller with all available information to provide Data Controller assistance in carrying out security measures, conducting audits and inspections, and carrying out data protection impact assessments. Any audits and / or inspections by Data Controller require prior written agreement of Data Processor.
6. SECURITY INCIDENTS
6.1. The Data Processor will report any theft, loss, misuse or other forms of data incidents, as defined in the GDPR, to the Data Controller as soon as possible. This report includes, as far as possible, at least the following: the nature of the breach, the categories, and scope of the personal data concerned, the likely consequences of the data breach, the measures the Data Processor has taken, and the contact details for Data Controller to obtain more information.
6.2. If needed, the Data Processor will fully cooperate to inform the authorities and Data Subjects about such security incidents or data breaches. In addition, the Data Processor will fully cooperate in carrying out risk assessments, analyzing the cause of the incident or breach, identifying required corrective measures and implementing those measures.
7. RETURN OF DATA
7.1. If this Agreement is ended, Data Processor will return all data, including personal data, which are processed by Data Processor based on this Agreement, to Data Controller at his request. The Data Controller must submit this request to the Data Processor within 1 month. After this period, Data Processor will safely remove or destroy all personal data, including any copies of it, unless Data Processor is legally obliged to store the (personal) data for a longer period.
8. RIGHTS OF DATA SUBJECTS
8.1. The Data Processor will assist the Data Controller with all requests which may be received from Data Subjects, such as the right to access, rectification or erasure.
8.2. If the Data Processor receives a request from a third party to provide access to the personal data based on an alleged (legal) obligation, the Data Processor will inform Data Controller in writing before he provides the third party access, so Data Controller can assess whether the request is legitimate.
9. PEOPLE WORKING UNDER THE AUTHORITY OF DATA PROCESSOR
9.1. The obligations for Data Processor arising from this Agreement also apply to those who process personal data under the authority of Data Processor, including but not limited to employees.
10. SUBPROCESSORS
10.1. The Data Processor may subcontract the processing of the personal data to external parties. Data Processor has sub-contracted (part of) the processing of the personal data to the following "Sub Processors" as indicated under Annex 1 & 2 below. Data Controller hereby authorizes the aforementioned Sub Processors. Data Processor acknowledges and agrees that the applicable legal terms as agreed between the Data Processor and the aforementioned Sub Processors are applicable in the relation between Data Processor and Sub Processors in this agreement.
10.2. The Data Processor may appoint new Sub Processors for the processing of the personal data. Data Processor will notify Data Controller of the addition or replacement of any Sub Processors. Data Processor is then also offered the possibility to object to this. In addition, the Data Controller may request an overview of all appointed Sub Processors.
11. LIABILITY
11.1 With regard to the liability and indemnification obligations of Processor under this Processor’s Agreement the stipulation in the Agreement regarding the limitation of liability applies.
11.2. Without prejudice to article 9.1 of this Processor’s Agreement, Processor is solely liable for damages suffered by Controller and/or third-party claims as a result of any Processing, in the event the specific obligations of Processor under the GDPR are not complied with or in case the Processor acted in violence of the legitimate instructions of the Controller.
11.3. This clause is also subject to provisions as stated in the SaaS Agreement.
12. NULLITY
12.1. If a part of this Agreement is deemed void or voidable, this does not change the validity of the rest of this Agreement. Any invalid provision shall be replaced by a provision that is valid and which interpretation shall be as close as possible to the intent of the invalid provision.
13. FINAL PROVISION
13.1. This Agreement can only be amended in writing.
13.2. This Agreement replaces all prior agreements between parties.
ANNEX 1 – The purpose of the Processing of Personal Data and categories of Personal Data and Data subjects
The purpose of the processing of personal data is to grant access rights to the SwipeGuide platform.
1. Categories of data subjects:
- Employees;
- Contractors;
- Registered users: we store and save data of registered license users (name + email address).
2. Categories of Personal Data regarding the following categories of data subjects:
- Name;
- Email address;
- IP Addresses. For security reasons, we process IP addresses to block them if a user has too many failed attempts of logging into the platform. We do this as we cannot identify who is trying to log in. We do not create reports on IP addresses, and they are not linked to identifiable personal data. In some rare cases, the IP address might be linked to an email address in the error log for failed log-ins.
ANNEX 2 - Sub-Processors
|
Company |
Full address |
Data & purpose |
|
Amazon Web Services (Ireland) |
Amazon Web Services EMEA SARL, 38 avenue John F. Kennedy, L-1855 Luxembourg |
Name & e-mail for the SwipeGuide Web solution |
|
Cloudinary |
20 Aharon Bart St Building C, Petach Tikva 4951448, Israel |
None, only media |
|
Hubspot |
Hubspot Inc. 25 First Street, 2nd Floor Cambridge, MA 02141, United States |
Name & e-mail for communication |
|
Intercom |
KPMG Building, 55 2nd St 4th floor, San Francisco |
Name & e-mail for user support |
|
SiSense |
SISENSE SF, INC. (formerly known as Periscope, Inc.) 1125 Mission St. San Francisco, CA 94103 |
None, only usage data |