- GoodData offers certain business intelligence reporting tools and platform technology (including software, hardware, products, processes, algorithms, user interfaces, know-how, techniques, designs and other tangible or intangible technical materials or information (collectively referred to as “GoodData Technology”), via hosted web services (referred to as “Subscription Services”);
- You seek to participate in the online offering of GoodData’s Subscription Services, which are free of charge as GoodData FREE (the “Program”), and to create a branded service offering that includes the Subscription Services as described herein.
(a) Program Overview. As part of the Program and during the Term of this Agreement, (i) You will be granted the right to provide access and provision certain portions of the Subscription Services to Your customer base, (ii) You will be authorized to provide training to Your customers as reasonably necessary for Your customers’ use of such Subscription Services, and (iii) GoodData will provide operational infrastructure, integration, and support for the Subscription Services as outlined in the Schedule A hereto, or as otherwise agreed to in writing between the parties from time to time. To the extent that You access the Subscription Services for Your own internal use, You shall be deemed “Your customer” for purposes of this Agreement.
(b) Documentation.“Documentation” means the online product documentation, user instructions and help files made available to You by GoodData as part of the Subscription Services, as may be updated from time to time by GoodData and located at: https://help.gooddata.com, or a designated successor site.
(c) Technical Support Services. You are entitled to receive technical support services from trained GoodData personnel (“Support”), to the extent set forth in Schedule B.
(d) Compliance with Law. You will comply with all applicable laws in operating Your business, undertaking all Program activities, and marketing the GoodData Technology and Subscription Services. You will not engage in any deceptive or unethical trade practices or any act which might harm GoodData’s reputation or the reputation of the GoodData Technology or Subscription Services. You will not make any representations or warranties regarding the GoodData Technology and Subscription Services beyond those contained in GoodData’s then-current standard customer agreement or published materials made available to You as part of the Program.
2. License Grant.
(b) Restrictions. You shall not (i) copy, edit, modify, adapt, translate, port, reproduce (except as necessary for installation), distribute, transfer, lend, sell, sublicense, assign or otherwise transfer any of the GoodData Technology, or any component thereof; (ii) prepare any derivative work based upon the GoodData Technology or any component thereof; (iii) reverse engineer, disassemble, or decompile the GoodData Technology or any component thereof, or attempt to discover or disclose the source code of the GoodData Technology or any component thereof except as permitted by applicable law notwithstanding this prohibition; (iv) encumber, time-share, rent, or lease the rights granted under this Agreement; (v) remove, obscure, or alter any notice of intellectual property rights present on or in the GoodData Technology or any component thereof; (vi) use the GoodData Technology or any component thereof in excess of general platform limits described in the Documentation, or for any purpose not authorized or contemplated under this Agreement; or (vii) authorize or permit any person or entity to do any of the foregoing. You may not use the Subscription Services or authorize any customer to use the Subscription Services except for Your customer’s internal business purposes. You shall not engage in, and shall contractually restrict each customer from engaging in any of the following activities: (A) sending spam or otherwise duplicative or unsolicited messages in violation of applicable laws; (B) sending or storing infringing, obscene, threatening, libelous, or otherwise unlawful or tortious material, including material harmful to children or violative of third party privacy rights; (C) sending or storing material containing software viruses, worms, Trojan horses or other harmful computer code, files, scripts, agents or programs; (D) interfering with or disrupting the integrity or performance of the Subscription Services or the data contained therein, or unreasonably burdens the infrastructure utilized by GoodData to deliver the Subscription Services; or (E) attempting to gain unauthorized access to the Subscription Services or its related systems or networks. You expressly acknowledge and agree that You and Your customers shall not submit to or process via the Subscription Services, and GoodData shall neither accept nor have any liability to You or Your customers for, any data that is Personal Information (as defined below), any Protected Health Information subject to the Health Insurance Portability and Accountability Act (“HIPAA”) (where “Protected Health Information” or “PHI” has the meaning set forth in HIPAA), or any “Special Category of Data” as defined under Article 9 of the EU’s General Data Protection Regulation (“GDPR”), unless and until You purchase the GoodData platform and services package intended for the processing and distribution of such data. As used herein, “Personal Information” means an individual’s first name and last name or first initial and last name in combination with any one or more of the following data elements that relate to such individual: (i) Social Security number; (ii) driver’s license number or state-issued identification card number; or (iii) financial account number, or credit or debit card number, with or without any required security code, access code, personal identification number or password, that would permit access to a resident’s financial account. GoodData may immediately and upon notice suspend all or portion of Your or Your customer’s access to the Subscription Services (without any liability to You or Your customer in connection with such suspension), if GoodData has a good faith belief that You or Your customer has breached the restrictions in this Section.
(c) GDPR Data Processing Addendum. As a condition for GoodData providing the Subscription Services, You agree to the terms and conditions of the Data Processing Addendum, which are attached and incorporated into this Agreement as Schedule C.
(d) Trademark License. Each party hereby grants to the other, subject to the terms and conditions set forth in this Agreement, a temporary, limited, nonexclusive, non-transferable, worldwide license, without the right to sublicense, to use, during the Term of this Agreement, their respective trademarks, service marks and logos (collectively referred to as “Marks”) on their respective web sites and in mutually agreed-upon collateral sales materials. You will only use and display GoodData’s Marks and copyrighted information in accordance with the applicable guidelines provided by GoodData. If Mark owner notifies the other party that its use of the Marks is not in compliance with Mark owner’s trademark policies or requirements or this Agreement, then the other party will promptly take such reasonable corrective action as reasonably directed by the Mark owner. Each party will ensure that proper trademark and copyright notices are displayed at all times in association with the Marks and copyrighted materials, including any such use or display on the other party’s web site. Neither party may adopt any Mark that is confusingly similar to the other party’s Marks. All of the benefit and goodwill associated with a party’s use of the other party’s Marks will inure entirely to the Mark owner.
(e) Updates to Subscription Services. GoodData reserves the right, in its sole and absolute discretion, to make necessary unscheduled deployments of changes, updates or enhancements to the Subscription Services at any time. GoodData may add or remove functionalities or features and may suspend or stop a Subscription Service altogether.
(f) Tools, SDKs, and Other Software. GoodData may, in its sole discretion, make available to You for Your convenience certain software tools, software development kits (SDKs), and similar software for download (“Other Software”). Such Other Software are not deemed GoodData Technology, or Subscription Services, and such Other Software will be separately licensed to You. To the extent any Other Software contains components authored by third parties and licensed to GoodData, they may be subject to additional terms, which terms may be set forth in the third party notice file(s) that may accompany the software. You acknowledge and agrees that Your use such Other Software is subject to Your compliance with any such additional terms.
3. Confidential Information.
(a) Confidential Information Defined. As used herein, “Confidential Information” means non-public information provided under this Agreement that the party disclosing the information designates at the time of disclosure as being confidential, or, if disclosed orally or visually, is identified as such prior to disclosure, or which, under the circumstances surrounding the disclosure, the receiving party knows or has reason to know should be treated as confidential without the need to be marked as such. Without limiting the foregoing, Confidential Information shall include any information regarding a party’s financial condition, business opportunities, plans for development of future products, unreleased versions of products, know-how, technology, customer information, and customer data. The GoodData Technology and GoodData Subscription Services shall be deemed GoodData Confidential Information. Notwithstanding the foregoing, nothing received by a receiving party shall be construed as Confidential Information which: (i) is generally available to the public without breach of this Agreement; (ii) is lawfully obtained from a third party without a duty of confidentiality; (iii) is known to the receiving party prior to such disclosure; or (iv) is, at any time, developed by the receiving party independent of any such disclosure(s) from the disclosing party and the receiving party can reasonably show such independence.
(b) Non-Disclosure. The receiving party shall not disclose the disclosing party’s Confidential Information to any third party and may only use the disclosing party’s Confidential Information for performing and exercising its rights under this Agreement. Both parties shall protect Confidential Information from disclosure or misuse by using the same degree of care as for their own confidential information of like importance, but shall at least use reasonable care. Further, both parties agree to have each of their employees or independent contractors with access to any Confidential Information agree to be bound by an enforceable agreement that provides for the protection of the Confidential Information from any unauthorized use or disclosure to at least the same extent as does this Agreement. Each receiving party agrees to promptly notify the disclosing party upon learning of any unauthorized disclosure of the disclosing party’s Confidential Information, and shall provide reasonable assistance to the disclosing party to remedy and contain such breach. In connection therewith, You agree to provide any such notice to GoodData at email@example.com. The foregoing notwithstanding, a receiving party may disclose the other party’s Confidential Information if the information is required by law to be disclosed in response to a valid order of a court of competent jurisdiction or authorized government agency, provided that the receiving party must give the disclosing party prompt written notice and obtain or allow for a reasonable effort by the disclosing party to obtain a protective order prior to disclosure.
(c) Feedback. From time to time, GoodData may request that You provide GoodData with verbal and/or written suggestions, comments or other feedback related to GoodData’s existing or prospective GoodData Technology or Subscription Services, including, without limitation, design input, and troubleshooting or other assistance provided in response to support requests (collectively, “Feedback”). You and Your customers are not obligated to provide GoodData with Feedback. You hereby assign to GoodData all right, title and interest in and to such Feedback. All Feedback is provided “AS IS.” You make no warranties whatsoever about any Feedback.
4. Intellectual Property Rights.
(a) Ownership. No title is granted, express or implied, nor shall title be deemed assigned, to You hereunder to any of GoodData’s intellectual property, or any intellectual property of GoodData’s associates and licensors; except for the limited license expressly granted in this Agreement, GoodData retains all right, title, and interest, including all copyright, trade secret, patent, trademark and other proprietary rights, in and to GoodData’s Marks, and in and to the GoodData Technology, and all modifications, enhancements, and other works derivative of the GoodData Technology.
(b) Ownership and Use of Customer Data. You or customer shall own and retain ownership of all right, title, and interest in and to the Customer Data. “Customer Data” means any and all data and information that is entered or loaded into the Subscription Services by or for a customer. You shall ensure that GoodData has the right to access and use Your customers’ account information and any data they upload to the Subscription Services for the purposes of delivering the Subscription Services, responding to any technical problems, troubleshooting and testing. Except as may be otherwise agreed by the parties in writing, access to Your customers’ data will be strictly limited to the GoodData operations team. AFTER TERMINATION OF THE GOODDATA FREE SUBSCRIPTION SERVICES, ANY CUSTOMER DATA ENTERED INTO THE SUBSCRIPTION SERVICES MAY BE PERMANENTLY LOST UNLESS YOU: (A) PURCHASE A PAYING SUBSCRIPTION SERVICE OR (B) EXPORT THE CUSTOMER DATA FROM THE GOODDATA TECHNOLOGY BEFORE THE END OF THE GOODDATA FREE SUBSCRIPTION SERVICES TERM.
5. Provisioning of Customers.
(a) Right to Provide Access. During the Term of this Agreement, GoodData hereby grants You a limited, non-exclusive, revocable license to provide Your customers with access to the Subscription Services as an embedded offering within Your product. You hereby agree not to make the Subscription Services available as a stand-alone offering. GoodData expressly reserves the right to market and provide the Subscription Services itself or through other resellers, distributors, licensees or agents, and You shall not be entitled to any commission or compensation whatsoever in relation to the marketing or provision of the Subscription Services by GoodData or its resellers, distributors or agents.
(c) Security Procedures. Subject to 5(b) above, GoodData shall use commercially reasonable efforts to maintain administrative, physical, and technical safeguards reasonably designed for the protection of the security, confidentiality and integrity of Customer Data as processed by the Subscription Services, taking into consideration GoodData’s size, resources and nature and scope of its activities.
(d) Subscription Service Notices. GoodData may, in its discretion, share Your contact information with third party service providers for the purposes of providing You or Your designated customers with information about maintenance schedules and the Subscription Service. In the event You choose to opt-out of such messages, or do not register to receive communications, GoodData shall not be responsible for any issues, errors, defects in the Subscription Services that could have been avoided by Your opting out of receipt of such notices.
(e) Account Passwords. You will generate and grant password(s) to each of Your customers for such customer’s access to and use of the Subscription Services. GoodData will not incur any liability to You if customer fails to maintain the confidentiality of its password for the Subscription Services. You agree to immediately notify GoodData of any unauthorized use of the Subscription Services by contacting GoodData at: firstname.lastname@example.org.
6. Responsibility for Transmitted Data. GoodData shall not have any responsibility or liability for the deletion by You of any messages, Customer Data or other communications or other content maintained or transmitted to or from You. Specifically, You agree that GoodData shall not be held responsible for any electronic communications and/or Customer Data which are lost, altered, intercepted or stored without authorization during the transmission of any data across networks not owned and/or operated by GoodData.
7. Fees and Payment.
(a) Taxes. You will be responsible for and will indemnify and hold GoodData harmless against all international, federal, state and local taxes of any government, including, but not limited to, sales and use tax (exclusive of taxes on GoodData’s net income), duties and assessments arising on or measured by amounts payable to GoodData or arising on or measured by amounts sold by You. If any applicable law requires You to withhold amounts from any payments to GoodData: (a) You shall effect such withholding, remit such amounts to the appropriate authorities and promptly furnish GoodData with tax receipts evidencing the payments of such amounts; and (b) in the event GoodData is required to remit the withholding, GoodData shall make such payment, and the sum payable by You upon which the deduction or withholding is based shall be increased to the extent required such that GoodData receives the gross amount owed by You notwithstanding such withholding.
(b) No Set-Off. You will not set-off or offset against GoodData’s invoices amounts that You claim are due to You by GoodData or any amounts resulting from any billing or collection disputes between You and a customer. You will bring any claims or causes of action You may have in a separate action and waive any rights You may have to offset, set-off, or withhold payment for the Subscription Services delivered by GoodData.
(c) Currency Control. You represent and warrant that, as of the Effective Date of this Agreement, no currency control laws applicable in countries other than the United States where You conduct the activities under the Agreement prevent the payment to GoodData of any sums due under this Agreement. If any such laws come into effect and the local government of the Territory does not permit that payment be made in United States Dollars, You will notify GoodData immediately, and if so instructed by GoodData, deposit all monies due GoodData to the account of GoodData in a local bank of GoodData’s choice in the affected country.
(a) Your Obligations: Subject to the remainder of this Section, You shall: (i) defend any claim, action, suit or proceeding (each, a “Claim”) brought against GoodData by a third party to the extent that it is based upon a claim related to: (A) that transfer of Customer Data and its processing and use by GoodData as contemplated by this Agreement violates any laws or obligations to which You are a party or by which You are bound or otherwise arising out of use of Your Customer Data in connection the Subscription Services, (B) Your branded service offering, (C) Your distribution of the Subscription Services, or (D) other materials supplied by You or Your customers for use alongside the Subscription Services (including, without limitation, any product related documentation that is not GoodData Technology); and (ii) indemnify GoodData from any resulting liabilities, losses, damages, fines, penalties, judgments, settlement amounts, costs and expenses incurred by GoodData in connection with such Claim(s), provided that GoodData (AA) promptly provides You with notice of such claim; (BB) allows You control over the defense thereof and related settlement negotiations; and (CC) reasonably cooperates in response to Your requests for assistance. GoodData may not settle or compromise such a claim without Your prior written consent. GoodData has no indemnity obligations to You.
9. Limited Warranty; Limitation of Liability.
(a) Warranties. You represent and warrant that You have the legal authority to enter into this Agreement.
(b) TO THE EXTENT PERMITTED BY LAW, THE GOODDATA TECHNOLOGY AND SUBSCRIPTION SERVICES ARE PROVIDED “AS IS” WITHOUT ANY WARRANTY WHATSOVER, AND GOODDATA EXPRESSLY DISCLAIMS AND EXCLUDES, ON BEHALF OF ITSELF AND ITS AFFILIATES AND LICENSORS, ANY AND ALL WARRANTIES WHETHER EXPRESS, IMPLIED OR STATUTORY, INCLUDING, WITHOUT LIMITATION ANY WARRANTY OF NON-INFRINGEMENT, MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, SATISFACTORY QUALITY, TITLE, OR QUIET ENJOYMENT. GOODDATA DOES NOT MAKE ANY WARRANTY THAT ANY OF THE GOODDATA TECHNOLOGY OR SUBSCRIPTION SERVICES WILL BE FREE FROM ERRORS OR VIRUSES, UNINTERRUPTED, OR AVAILABLE AT ANY PARTICULAR TIME OR ANY WARRANTY ABOUT THE RELIABILITY, AVAILABILITY, ACCURACY, SECURITY OF DATA, OR ACHIEVEMENT OF ANY RESULTS IN CONNECTION WITH ANY OF THE GOODDATA TECHNOLOGY, SUBSCRIPTION SERVICES OR THIS AGREEMENT. GOODDATA DOES NOT WARRANT THAT ANY OF THE GOODDATA TECHNOLOGY OR SUBSCRIPTION SERVICES WILL MEET YOUR OR YOUR CUSTOMER’S NEEDS OR REQUIREMENTS OR ANY ERRORS WILL BE CORECTABLE OR CORRECTED.
(c) YOU ACKNOWLEDGE THAT GOODDATA CANNOT CONTROL THE TRANSMISSION OR FLOW OF DATA TO OR FROM THE INTERNET OR THROUGH SOFTWARE OR EQUIPMENT OPERATED OR CONTROLLED BY THIRD PARTIES (INCLUDING BUT NOT LIMITED TO CLOUD SERVICE PROVIDERS SUCH AS AWS) AND ACTIONS OR INACTIONS OF THIRD PARTIES AND THAT THIRD PARTIES CAN INTRODUCE MALWARE OR ORTHER HARMFUL SOFTWARE OR IMPAIR OR DISRUPT USE OF THE INTERNET OR THE SUBSCRIPTION SERVICES OR OBTAIN UNAUTHORIZED ACCESS TO YOUR CUSTOMER DATA OR YOUR INFORMATION TECHNOLOGY SYSTEMS. GOODDATA CANNOT GUARANTEE THAT SUCH EVENTS AND ACTIONS WILL NOT OCCUR. GOODDATA DISCLAIMS ANY AND ALL LIABILITY RESULTING FROM OR RELATED TO SUCH EVENTS AND ACTIONS, INCLUDING UNAUTHORIZED ACCESS TO AND USE OF YOUR CUSTOMER DATA AND INFORMATION TECHNOLOGY SYSTEMS. WITHOUT LIMITATION, GOODDATA SHALL NOT BE LIABLE FOR SUCH EVENTS AND ACTIONS OR ANY RESULTING DISCLOSURE, TRANSMISSION, FLOW, CORRUPTION OR ERASURE OF CUSTOMER DATA OR CONTENT USED, ACCESSED, UPLOADED, INTERFACED WITH, TRANSMITTED, RECEIVED OR STORED ON THE THIRD PARTY HARDWARE OR THROUGH THE SUBSCRIPTION SERVICES BY THIRD PARTIES OR THE INTRODUCTION OF SOFTWARE MALWARE OR OTHER HARMFUL CODE. TO THE MAXIMUM EXTENT PERMITTED BY APPLICABLE LAW, AND EXCEPT FOR YOUR INDEMNIFICATION OBLIGATIONS, BREACH OF THE CONFIDENTIALITY OBLIGATIONS OR VIOLATION OF GOODDATA OR ITS LICENSOR’S INTELLECTUAL PROPERTY RIGHTS, IN NO EVENT SHALL EITHER PARTY BE LIABLE FOR ANY SPECIAL, INCIDENTAL, INDIRECT OR CONSEQUENTIAL DAMAGES WHATSOEVER (INCLUDING WITHOUT LIMITATION, DAMAGES OR LOSS OF BUSINESS PROFITS, BUSINESS INTERRUPTION, LOSS OF BUSINESS INFORMATION, LOSS OF DATA, OR ANY OTHER PECUNIARY LOSS) RESULTING FROM OR ARISING OUT OF OR IN CONNECTION WITH THIS AGREEMENT, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGES AND NOTWITHSTANDING ANY FAILURE OF THE ESSENTIAL PURPOSE OF THIS AGREEMENT OR ANY LIMITED REMEDY HEREUNDER.
(c) EXCEPT FOR YOUR INDEMNIFICATION OBLIGATIONS OR A VIOLATION OF GOODDATA OR ITS LICENSOR’S INTELLECTUAL PROPERTY RIGHTS, EACH PARTY’S AGGREGATE LIABILITY HEREUNDER SHALL IN NO EVENT EXCEED THE AMOUNT OF SUBSCRIPTION SERVICE FEES PAID OR PAYABLE BY YOU DURING THE TWELVE (12) MONTH PERIOD IMMEDIATELY PRIOR TO THE EVENT GIVING RISE TO THE LIABILITY, OR $500, WHICHEVER IS GREATER.
10. Suspension and Termination.
(a) Term. This Agreement shall commence on the Effective Date set forth above and shall remain in effect until the termination or expiration of the term set forth in Schedule A (the “Term”). Notwithstanding any provision to the contrary in this Agreement, GoodData, in its sole and absolute discretion, reserves the right to: modify or amend any provision in this Agreement or Schedule A; terminate this Agreement or Schedule A for any reason or no reason, at its convenience; or discontinue offering GoodData Free or any reason or no reason, at its convenience.
(b) Suspension. GoodData reserves the right to temporarily suspend Your access to the Subscription Services at any time in GoodData’s sole and absolute discretion, in the event that You violate this Agreement, with or without notice, without incurring liability of any kind and without cause for maintenance purposes. You acknowledge that if Your access to the Subscription Services is suspended, You may no longer have access to the Customer Data. GoodData reserves the right, in its sole and absolute discretion, to deactivate, change and/or require You to change Your user account that You may obtain through the Subscription Services for any reason. GoodData may exercise such right at any time, with or without prior notice. GoodData will not assume or have any liability for any action or inaction with respect to Your use of the Subscription Services other than to the extent authorized in this Agreement.
(c) Termination by You. You may terminate this Agreement upon thirty (30) days’ written notice to GoodData.
(d) Effect of Termination. Upon termination or expiration of this Agreement all rights and licenses granted to You hereunder, including, without limitation, the right to use GoodData’s Marks, shall immediately cease and You shall return or destroy Confidential Information in Your possession or control. Within thirty (30) days of any termination, You shall, upon request, deliver a certificate signed by an executive officer attesting to compliance with the foregoing. Following termination or expiration, GoodData shall have no obligation to maintain or provide You with copies of Customer Data. Termination of this Agreement shall not limit either party from pursuing any other remedies available to it, including injunctive relief, nor shall such termination relieve any obligation to pay all fees that have accrued or are otherwise owed under this Agreement. The parties’ rights and obligations under Sections 3, 4, and 6-11 shall survive the expiration or earlier termination of this Agreement.
(a) Change to This Agreement. GoodData reserves the right to revise this Agreement from time to time. If applicable, GoodData may date and post the most current version of the Agreement on the GoodData website. Any changes will be effective upon posting the revised version of this Agreement (or such later effective date as may be indicated at the top of the posted Agreement, if any). Your continued access or use of any portion of the Subscription Services constitutes Your acceptance of such changes. If You do not agree to any of the changes, GoodData is not obligated to keep providing the Subscription Services, and You must stop using the Subscription Services.
(b) Governing Law. The parties agree to first seek to amicably manage and resolve misunderstandings or disputes by escalating the same to their respective executives for timely consideration. This Agreement will be governed by and construed, interpreted and enforced in accordance with the laws of the state of California. The 1980 United Nations Convention on Contracts for the Sales of Goods will not apply to this Agreement.
(c) Compliance with Law. You shall comply with all applicable laws in connection with Your use of and access to GoodData Technology and Subscription Services, including without restriction, all applicable anti-corruption laws and regulations (“Anti-Corruption Laws”) including but not limited to the United States Foreign Corrupt Practices Act (“FCPA”) and/or the UK Bribery Act, irrespective of whether You are legally subject to it. You shall not cause GoodData to violate the FCPA, the UK Bribery Act or any Anti-Corruption Laws in connection with the activities conducted on behalf of GoodData under the Agreement or any other activities involving the GoodData (collectively, the “Activities”). You shall not, in connection with the Activities, pay, offer, promise, or authorize the payment or transfer of anything of value, directly or indirectly, to any other person or entity for the purpose of improperly obtaining or retaining business, for any other advantage for GoodData, or for any other purpose prohibited by the FCPA, UK Bribery Act or any Anti-Corruption Laws.
(d) Assignment. This Agreement shall inure to the benefit of and be binding upon the parties and their respective successors and permitted assigns.
(e) Binding on Successors. This Agreement shall inure to the benefit of and be binding upon the parties and their respective successors and permitted assigns.
(f) Severability. If any provision or part of this Agreement is determined by a court of competent jurisdiction to be illegal, invalid, or unenforceable, the parties intend that the court will modify the provision to the minimum extent necessary to make it valid and enforceable, or if it cannot be made valid and enforceable, the parties intend that the court will sever and delete the illegal, invalid, or unenforceable provision or part from this Agreement. Any change to or deletion of a provision or part of this Agreement under this Section will not affect the validity or enforceability of the remaining provisions of this Agreement, which will continue in full force and effect.
(g) Waiver of Breach. No delay or omission by either party to exercise any right or power arising upon the other party’s nonperformance or breach will impair that right or power or be construed as a waiver of it. Any waiver must be in writing and signed by the waiving party. A waiver on one occasion will not be construed as a waiver of any subsequent event of nonperformance or breach.
(h) Injunctive Relief. Any breach of the confidentiality or intellectual property rights terms under this Agreement by either party hereunder will result in harm and economic loss to the other party not compensable by monetary damages. Either party shall be entitled to seek an injunction against such breach or threatened breach, in addition to other legal or equitable remedies, and without the need to post a bond or other financial security for such injunctive relief.
(i) Force Majeure. Except for the obligation to make payments, performance under this Agreement shall be postponed automatically to the extent that either party is prevented from meeting its obligations by causes beyond its reasonable control, including labor and government authorities.
(j) Notices and Consent to Electronic Communication. You consent to receiving electronic communications and notifications from GoodData in connection with the Subscription Services and the Agreement. You agree that any such communication will satisfy any applicable legal communication requirements, including that such communications be in writing. GoodData may provide You with notices regarding the Subscription Services, including changes to this Agreement and Schedule A, by email to the email address that Your registered with (and/or other alternate email address associated with Your account if provided), or by regular mail. It is Your responsibility to keep Your email address current. Your will be deemed to have received any email sent to the email address then associated with Your account when GoodData sends the email. In the event You do not wish to accept any material change to the Subscription Services, or to this Agreement, You will have the right, as Your sole remedy, to terminate this Agreement with thirty (30) days’ written notice. All notices and requests in connection with this Agreement required be given by You to GoodData shall be given in writing to: Attn: General Counsel, GoodData Corporation, 1 Post St., Suite 400, San Francisco, CA 94014.
(k) No Agency. The parties acknowledge that each is an independent contractor and nothing herein constitutes a joint venture, partnership, or distributor relationship. You have no right to distribute or resell the Subscription Services as a standalone product, You have no right to vary any policies, conditions, representations or warranties made by GoodData, and neither party has the right to bind or act for the other as agent or in any capacity except as expressly provided in writing by amendment to this Agreement. The relationship under this Agreement shall not create any legal partnership, franchise relationship, distributor relationship, or other form of legal association between the parties that would impose a liability between the parties or to third parties.
(l) Entire Agreement. This Agreement, including all schedules and attachments, contains the complete and exclusive statement of the agreement between the parties with respect to the subject matter herein. The terms and conditions of this Agreement shall prevail over any purchase order submitted by You.
(m) Counterparts. This Agreement may be signed in counterparts and by facsimile, each of which shall be considered an original document, but together which shall constitute one complete document.
(n) Export Controls. The GoodData Technology is provided subject to the U.S. Export Administration Regulations and the regulations of other jurisdictions (e.g., the European Union). Diversion contrary to applicable law is prohibited. Without limiting the foregoing, You agree that (i) You are not, and You are not acting on behalf of, any person who is a citizen, national, or resident of, or who is controlled by the government of any country to which the United States or other applicable government body has prohibited export transactions (e.g., Iran, North Korea, etc.); (ii) You are not, and You are not acting on behalf of, any person or entity listed on a relevant list of persons to whom export is prohibited (e.g., the U.S. Treasury Department list of Specially Designated Nationals and Blocked Persons, the U.S. Commerce Department Denied Persons List or Entity List, etc.); and (iii) You will not use any GoodData Technology for, and will not permit any GoodData Technology to be used for, any purpose prohibited by applicable law.
(o) Controlling Language. This Agreement has been prepared and executed in the English language only, which language will be controlling in all respects. Any translations of the provisions of this Agreement into any other language are for reference only and will have no legal or other effect. Any notice that is required or permitted to be given by one party to the other under this Agreement must be in the English language and in writing. All proceedings related to this Agreement will be conducted in the English language.
(p) Arbitration. Any dispute, claim or controversy arising out of or relating to this Agreement (including all the Exhibits) or the breach, termination, enforcement, interpretation or validity thereof, including the determination of the scope or applicability of this agreement to arbitrate, shall be determined by arbitration in San Francisco, California, before one arbitrator. The arbitration shall be administered by JAMS pursuant to its Comprehensive Arbitration Rules and Procedures. Judgment on the Award may be entered in any court having jurisdiction. This clause shall not preclude parties from seeking provisional remedies in aid of arbitration from a court of appropriate jurisdiction. The arbitrator may, in the award, allocate all or part of the costs of the arbitration, including the fees of the arbitrator and the reasonable attorneys’ fees of the prevailing party (as defined by California Civil Code Section 1717).
(q) Governmental Approval Obligations. You shall, at Your own expense, obtain and arrange for the maintenance in full force and effect of all governmental approvals, stamps, consents, licenses, authorizations, declarations, filings, and registrations as may be necessary or advisable for the performance of all the terms and conditions of this Agreement, including, but not limited to, all approvals which may be required to realize the intent and purpose of this Agreement.
BY CLICKING “I ACCEPT,” YOU PERSONALLY REPRESENT AND WARRANT THAT (I) YOU ARE AUTHORIZED BY YOUR COMPANY OR OTHER ENTITY TO ENTER INTO THIS AGREEMENT ON ITS BEHALF; (II) HAVE READ AND UNDERSTAND THIS AGREEMENT; AND (III) ACCEPT THIS AGREEMENT ON YOUR COMPANY OR OTHER ENTITY’S BEHALF.
PROGRAM SCHEDULE – GOODDATA FREE
1. PRODUCT OFFERING
GOODDATA FREE includes the following:
|GOODDATA FREE Workspace
Workspace Customer Data Size of up to 100MB per Workspace
|GOODDATA FREE Support
GOODDATA FREE Support for 6 months from the effective date of this Schedule A
2. NO FEES, PRODUCT TERMS, CONDITIONS, AND RESTRICTIONS
2.1. GOODDATA FREE. GOODDATA FREE entitles You to general system access to GoodData’s analytics platform, the related platform infrastructure, user interface capabilities, and GOODDATA FREE Support, each in accordance with Documentation and within the limits prescribed by Section 3.4 of this Schedule A, free of any charge. GoodData reserves the right, in its sole and absolute discretion, to terminate GOODDATA FREE or modify, update, or change the terms and conditions of this offering.
2.2. GOODDATA FREE Workspaces. Subject to the terms and conditions of the Agreement and this Schedule A, You are entitled to access and use five (5) GOODDATA FREE Workspaces, free of any charge. GOODDATA FREE Workspaces are limited to: (a) Workspace Customer Data Size of up to 100MB per Workspace; (b) daily Workspace Data Upload Rate of four (4) uploads; and (c) computational power level that permits the processing of up to two (2) simultaneous individual reports.
2.3. Data Source. Amazon Redshift, Snowflake, and Google BigQuery are the only data sources from which You may load data to GoodData FREE Workspaces. You may also load data to GOODDATA FREE Workspaces from CSV files.
2.4. Platform Limits. Unless further limited under this Schedule A, or otherwise set forth herein, Your usage of GOODDATA FREE s subject to the applicable technical limits outlined in GoodData’s Platform Limits: https://help.gooddata.com/display/doc/Platform+Limits. The provisions relating to Data Warehouse Store, Data Transformation, and Workspace Loading are not applicable to GOODDATA FREE. Where Your usage exceeds Platform Limits (“Excess Usage”), GoodData is not liable for impact on product performance and may limit your Excess Usage to in accordance with Platform Limits.
2.5. **Other Limitations on GOODDATA FREE. **
2.5.1. Availability. GoodData will make commercially-reasonable efforts to makes the Services available with minimal downtime, but it makes no guarantees of uptime availability for GOODDATA FREE.
2.5.2. Services. GoodData does not offer configuration services, data backup and restore functionalities, or lifecycle management (LCM) for GOODDATA FREE.
2.5.3. Brazil customers. If you are located in Brazil and are currently a customer, or become a customer, of TOTVS S.A., and wish to purchase Subscription Services in conjunction with Your purchase of TOTVS S.A. services, You are rendered ineligible for GOODDATA FREE. GoodData reserves the right, in its sole and absolute discretion, to terminate the Agreement and assist You to purchase the Subscription Services through TOTVS S.A.
2.5.4. Upgrades and Downgrades. If You have purchased Subscription Services in the last twelve (12) months, You are rendered ineligible for GOODDATA FREE. GoodData reserves the right, in its sole and absolute discretion, to terminate the Agreement.
2.6. Overage. If Your use of GOODDATA FREE exceeds the limitations set forth herein, including without limitation the 100MB per Workspace Customer Data Size, daily Workspace Data Upload Rate, or computational power, or otherwise negatively impacts others’ use of GOODDATA FREE, then GoodData will provide a notice by e-mail to the email and headquarters registration address designated by You. You have the options of (a) reducing Your use of GOODDATA FREE to within the limitations set forth herein, or (b) upgrading to GOODDATA GROWTH, which requires payment at the fee schedule to be provided in the notice. If, within 15 days after GoodData’s notice, You have not reduced the level of Your use of GOODDATA FREE as set forth herein, GoodData will invoice You the amount commensurate with Your usage level of the GoodData platform and Workspaces, and You hereby agree to pay for such use under GOODDATA GROWTH fee schedule. Once You have been upgraded to GOODDATA GROWTH, You are not eligible for GOODDATA FREE for twelve (12) months following Your upgrade.
2.7. No back-up. GoodData is not responsible for back-up of Your Subscription Services or Customer Data.
2.8. Termination for Inactivity. GoodData reserves the right to terminate Your access to the GoodData platform and the GOODDATA FREE Workspaces if there is no upload or report computation activity for thirty (30) consecutive days.
You may stop using GoodData FREE any time by sending an email to email@example.com. GoodData reserve the right to modify, amend, or terminate this Schedule A (including, without limitation, discontinue offering GOODDATA FREE) in its sole and absolute discretion.
4.1. Workspaces delivers the analytics service to each User. All Workspace limitations are otherwise subject to the Platform Limits outlined in Section 3.4 of this Schedule A.
4.2. Workspace Data Upload Rate means the daily average of the number of Customer Data uploads into a Workspace measured on a monthly basis.
4.3. Users mean Your customers, their employees, consultants, contractors, or agents who are authorized by Your or Yours Affiliates to access and use the Subscription Services and who have been supplied user identifications and passwords by You for such purpose, in accordance with this Schedule A.
4.4. Workspace Customer Data Size means the total size of Customer Data uncompressed stored analytic data in the Workspace database. Technical artifacts like indexes, projections, and caches are not included.
You shall directly address all of Your customer or users’ support requests. GoodData will address Your support requests in accordance with Schedule B of the Agreement. GOODDATA FREE Support is only provided for up to six consecutive months following the effective date of this Schedule. In no event will GoodData provide GOODDATA FREE Support after six months from the Effective Date, regardless of the Term of the Agreement and even if Your account is inactivated and then reactivated for any reason.
GOODDATA FREE - SUPPORT POLICY
1. Scope of Support.
1.1. You shall be responsible for providing basic “First Level” support to Your Users, including receipt of initial support calls and basic problem identification and diagnosis. In the event that You, after providing basic support, are unable to resolve technical issues, GoodData shall provide You with reasonable back-up support in accordance with this GoodData Support Policy. GoodData support services (“Support”) are intended to assist You in troubleshooting and resolving specific issues relating to You and Your Users’ use of the Subscription Services. GoodData will partner with You in the resolution of issues directly involving the Subscription Services that You are unable to resolve. You are expected to fulfill reasonable troubleshooting tasks as recommended by GoodData Support staff.
1.2. Support does not include assistance with or support for non-GoodData products, services or technologies, including databases, computer networks, communications systems, computers, hard drives, networks or printers.
1.3. You may obtain Support through a variety of contact methods, which include access to online product forums (knowledge base), online Support requests, and email Support requests. GoodData reserves the right to request access to a User’s Subscription Service environment to help troubleshoot any issues, and GoodData may not be able to troubleshoot the issue if such access is not approved by You. GoodData will use commercially reasonable efforts to provide Support, and does not guarantee that it will fix any or all Subscription Services defects or make changes to the Subscription Services.
1.4. In connection with GoodData’s data center operations, You specifically consent to and grant GoodData’s worldwide service personnel the express right to access, troubleshoot and provide technical support or implementation services related to any Customer Data that is stored, managed and processed in GoodData’s data centers.
1.5. GoodData reserves the right to modify, change and update this Support Policy at any time, at its sole and exclusive discretion. GoodData will provide You notice of material changes to this Support Policy on the GoodData Support portal. Your continued use of the Subscription Services after receiving such notice shall constitute your acceptance of any such changes to this Support Policy.
2. Contacting GoodData Support.
2.1. Online Support Portal.
You will have login access to the GoodData Support portal, which provides access to the Documentation, and an online form for submitting Support tickets. The GoodData Support portal is located at https://support.gooddata.com.
2.2. Email Support.
GoodData will provide You with access to Support via email. Support tickets are created for all requests received at firstname.lastname@example.org, or https://support.gooddata.com/hc/en-us/requests/new?ticket_form_id=582387.
3. How Requests Are Logged and Tracked.
For each specific Support request, the GoodData Support team creates a Support ticket and assigns a Support request number. If You call or email with several different issues, GoodData may create different Support request numbers to track each individual issue. Responses to Support emails are automatically logged with the original request.
GOODDATA DATA PROCESSING ADDENDUM WITH CONTROLLERS/GOODDATA CUSTOMERS
1. DEFINITIONS. All capitalized terms used in this Addendum shall have the meanings given to them below:
1.1 Applicable Data Protection Law: means all applicable international, federal, national and state privacy and data protection laws that apply to the processing of Personal Data that is the subject matter of the Agreement (including, where applicable, European Data Protection Law and the CCPA).
1.2 CCPA: CCPA: the terms and conditions relating to compliance with the California Consumer Privacy Act of 2018, Cal. Civil Code § 1798.100 et seq.
1.3 Controller: means the entity that determines the purposes and means of the processing of Personal Data, and for the purposes of this Agreement means Customer.
1.4 European Data Protection Law: means the EU General Data Protection Regulation 2016/679 ("GDPR") and any applicable national laws made under the GDPR.
1.5 Personal Data: means any information relating to an identified or identifiable natural person; an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
1.6 Processor: means an entity that processes Personal Data on behalf of the Controller or its subscribers.
1.7 Standard Contractual Clauses: means the standard contractual clauses for the transfer of personal data to processors established in third countries, pursuant to the European Commission Decision C(2010)593, as attached at Annex A.
2. DATA PROTECTION
2.1 Relationship of the Parties: As between the Parties, Customer is the Controller and appoints GoodData as a Processor to process the Personal Data described in Appendix 1 to Annex A (the "Data").
2.2 Purpose limitation: GoodData shall process the Data as a Processor only for the purposes described in Appendix 1 to Annex A, and strictly in accordance with the documented instructions of Customer (the "Permitted Purpose"). In no event shall GoodData process the Data for its own purposes or those of any third party. Customer agrees and acknowledges that Customer will confer with GoodData and will obtain GoodData’s prior written consent before Customer loads any Data deemed to be included in “Special Categories of Personal Data” under GDPR (e.g. data consisting of racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, genetic data, biometric data, data concerning health or data concerning a natural person's sex life or sexual orientation) onto GoodData’s data processing platform.
2.3 International transfers of Data: GoodData will at all times provide an adequate level of protection for the Data, wherever processed, in accordance with the requirements of Applicable Data Protection Law. Without limiting the generality of the foregoing, GoodData shall not process or transfer any Data originating from the European Economic Area (EEA) in or to a territory which has not been designated by the European Commission as providing an adequate level of data protection or a territory that is not subject to a bilateral arrangement such as the EU-US Privacy Shield that provides a legal basis for Data transfers based on GoodData’s adherence to applicable Privacy Shield principles unless: (i) it has first obtained Customer's prior written consent; and (ii) it executes and complies with its obligations under the Standard Contractual Clauses attached at Annex A (including its Appendices), which shall form an integral part of this Agreement. In the event of any conflict between the Standard Contractual Clauses and this Agreement, the Standard Contractual Clauses shall control and supersede.
2.4 Confidentiality of processing: GoodData shall keep strictly confidential all Personal Data that it processes on behalf of Customer. GoodData shall ensure that any person that it authorises to process the Data (including GoodData's staff, agents and subcontractors) (an "Authorised Person") shall be subject to a strict duty of confidentiality (whether a contractual duty or a statutory duty), and shall not permit any person to process the Data who is not under such a duty of confidentiality. GoodData shall ensure that only Authorised Persons will have access to, and process, the Data, and that such access and processing shall be limited to the extent strictly necessary to achieve the Permitted Purpose. GoodData accepts responsibility for any breach of this Agreement caused by the act, error or omission of an Authorised Person.
2.5 Prohibition on Selling Information of California residents: For avoidance of doubt, GoodData is a Service Provider and not a Third Party as described in the CCPA. Therefore, GoodData shall not: (i) sell the Personal Information, (ii) retain, use, or disclose the Personal Information for any purpose other than providing the services specified in the Agreement or for a Business Purpose. Specifically, GoodData shall not retain, use, or disclose the Personal Information for a Commercial Purpose, or (iii) retain, use, or disclose the Personal Information outside of the direct business relationship between GoodData and Company. Notwithstanding anything in the Addendum or any related order form or other document, the parties acknowledge and agree that Company’s provision of access to Personal Information is not part of and explicitly excluded from the exchange of consideration, or any other thing of value, between the parties. (Capitalized terms used in this Section 2.5 shall have the meaning set forth in the CCPA.)
2.6 Security: GoodData shall implement appropriate technical and organisational measures to protect the Data from (i) accidental or unlawful destruction, and (ii) loss, alteration, unauthorised disclosure of, or access to the Data (a "Security Incident"). At a minimum, such measures shall include the security measures identified in Appendix 2 to Annex A, and as further described in the Documentation to the Agreement.
2.7 Subcontracting: GoodData shall not subcontract any processing of the Data to a third party sub-Processor without the prior written consent of Customer. Notwithstanding the foregoing, Customer consents to GoodData engaging third party sub-Processors to process the Data listed at https://www.gooddata.com/subprocessors. If Customer objects to GoodData's appointment of a new third party sub-Processor on reasonable grounds relating to the protection of the Data, then either GoodData will not appoint the sub-Processor or the parties will promptly confer and discuss alternative arrangements to enable GoodData to continued processing of Data. In all cases, GoodData shall impose the same data protection terms on any sub-Processor it appoints as those provided for by this Agreement and GoodData shall remain fully liable for any breach of this Agreement that is caused by an act, error or omission of its sub-Processor.
2.8 Cooperation and Individuals' rights: To extent Customer is unable to directly respond to a privacy inquiry made by a data subject itself, GoodData shall then provide all reasonable and timely assistance to Customer to enable Customer to respond to: (i) any request from an individual to exercise any of its rights under Applicable Data Protection Law; and (ii) any other correspondence, enquiry or complaint received from an individual, regulator, court or other third party in connection with the processing of the Data. In the event that any such communication is made directly to GoodData, GoodData shall promptly inform Customer providing full details of the same and shall not respond to the communication unless specifically required by law or authorized by Customer.
2.9 Data Protection Impact Assessment: If GoodData believes or becomes aware that its processing of the Data is likely to result in a high risk to the data protection rights and freedoms of individuals, it shall promptly inform Customer of the same. GoodData shall provide Customer with all such reasonable and timely assistance as Customer may require in order to conduct a data protection impact assessment, and, if necessary, to consult with its relevant data protection authority.
2.10 Security Incidents: Upon becoming aware of a Security Incident, GoodData shall inform Customer without undue delay (and, in any event, within five (5) business day unless otherwise required sooner under applicable laws) and shall provide all such timely information and cooperation as Customer may reasonably require in order for Customer to fulfil its data breach reporting obligations under (and in accordance with the timescales required by) Applicable Data Protection Law and relevant contractual obligations owed by Customer to its users and subscribers. GoodData shall further take all such measures and actions as are necessary to remedy or mitigate the effects of the Security Incident and shall keep Customer informed of all developments in connection with the Security Incident. GoodData shall not notify any third parties of a Security Incident affecting the Data unless and to the extent that: (a) Customer has agreed to such notification, and/or (b) notification is required to be made by GoodData under Applicable Data Protection Laws.
2.11 Deletion or return of Data: Upon termination or expiry of the Agreement, GoodData shall (at Customer's election) destroy or enable Customer to retrieve all Data (including all copies of the Data) in its possession or control (including any Data subcontracted to a third party for processing). Unless agreed to otherwise in the underlying agreement between the Parties, GoodData shall enable Customer to retrieve Customer’s Data within thirty (30) days of Customer’s request. GoodData shall delete all Data within the GoodData platform within thirty (30) days of the termination of this Addendum or the Agreement, or upon Customer’s written request. This requirement shall not apply to the extent that GoodData is required by applicable law to retain some or all of the Data, in which event GoodData shall isolate and protect the Data from any further processing except to the extent required by such law.
2.12 Compliance Assessments: No more than once per year, solely for the purpose of meeting its audit requirements under Article 28, section 3(h) of the GDPR or its obligations under 5(f) and 12(2) of the Standard Contract Clauses, Customer may request an audit in writing. GoodData shall then permit Customer (or its appointed third-party auditors) to review GoodData’s SOC-2, Type II or similar audit report and relevant security and compliance documentation, including but not limited to self-assessment questionnaires and security testing results. GoodData shall also respond to any written audit questions submitted to it by Customer. Customer will be entitled to this information once in any twelve (12) calendar month period, except if and when required by the instruction of a competent data protection authority. The Customer agrees that these reports and other documentation will be used as the primary and only mechanism to audit and inspect GoodData’s processing activities, unless Customer is required to perform an on-site audit by the applicable data protection authority, or if GoodData materially fails to comply with GDPR negatively impacting Customer’s Data. In the event that Customer requires an on-site audit of the procedures relevant to the protection of Customer Personal Data, then such audits requested must meet the following requirements:
2.12.1 Any audit must be requested with at least one month's notice and include a detailed audit plan that describes the proposed scope, duration, reimbursement rates, and start date of the audit which the parties must mutually agree upon prior to the commencement of an audit. Audit requests must be sent to email@example.com.
2.12.2 The auditor must execute a written GoodData-form confidentiality agreement prior to conducting the audit.
2.12.3 The audit must be conducted during regular business hours, subject to GoodData’s policies, and may not unreasonably interfere with GoodData's business activities.
2.12.4 Customer will reimburse GoodData for any time expended at its then-current reasonable professional services and support rates, made available to Customer upon request. All reimbursement rates will be reasonable and take into account the resources expended by GoodData.
2.12.5 For all audits, Customer must immediately notify GoodData with information regarding any suspected or actual non-compliance revealed during an audit. Any information resulting or derived from any audit under this Section 2.12 including any Customer analyses, notes, assessments or other materials in whatever form or media constitute GoodData Confidential Information subject to applicable protections defined in the Agreement.
2.13 General cooperation to remediate: In the event that Applicable Data Protection Law, or a data protection authority or regulator, provides that the transfer or processing of Personal Data under this Addendum is no longer lawful or otherwise permitted, then the Parties shall agree to remediate the processing (by amendment to this Addendum or otherwise) in order to meet the necessary standards or requirements. If GoodData is unable to remediate the processing within the applicable cure period set forth in the Agreement, then Customer will be entitled to terminate the Agreement (and any other agreement between the Parties relating to the provision of services by GoodData to Customer) in accordance with Section 11 (or Termination provision) of the Agreement.
3.1 The obligations placed upon the GoodData under this Addendum shall survive so long as GoodData and/or its sub-Processors process Personal Data on behalf of Customer.
Standard Contractual Clauses
For the purposes of Article 26(2) of Directive 95/46/EC for the transfer of personal data to processors established in third countries which do not ensure an adequate level of data protection, the entity identified as “You” in the Agreement (referred to herein as "Customer" or “the data exporter”) and GoodData Corporation (referred to herein as “GoodData” or “the data importer”) (each, a “party”; together “the parties”) HAVE AGREED on the following Contractual Clauses (the “Clauses”) in order to adduce adequate safeguards with respect to the protection of privacy and fundamental rights and freedoms of individuals for the transfer by the data exporter to the data importer of the personal data specified in Appendix 1.
For the purposes of the Clauses:
'personal data', 'special categories of data', 'process/processing', 'controller', 'processor', 'data subject' and 'supervisory authority' shall have the same meaning as in the applicable data protection law on the protection of individuals with regard to the processing of personal data and on the free movement of such data.
'the data exporter' means the controller who transfers the personal data.
'the data importer' means the processor who agrees to receive from the data exporter personal data intended for processing on his behalf after the transfer in accordance with his instructions and the terms of the Clauses and who is not subject to a third country's system ensuring adequate protection within the meaning of Article 25(1) of Directive 95/46/EC.
'the subprocessor' means any processor engaged by the data importer or by any other subprocessor of the data importer who agrees to receive from the data importer or from any other subprocessor of the data importer personal data exclusively intended for processing activities to be carried out on behalf of the data exporter after the transfer in accordance with his instructions, the terms of the Clauses and the terms of the written subcontract.
'the applicable data protection law' means the legislation protecting the fundamental rights and freedoms of individuals and, in particular, their right to privacy with respect to the processing of personal data applicable to a data controller in the Member State in which the data exporter is established.
'technical and organizational security measures' means those measures aimed at protecting personal data against accidental or unlawful destruction or accidental loss, alteration, unauthorized disclosure or access, in particular where the processing involves the transmission of data over a network, and against all other unlawful forms of processing.
2. Details of the transfer
The details of the transfer and in particular the special categories of personal data where applicable are specified in Appendix 1 which forms an integral part of the Clauses.
3. Third-party beneficiary clause
3.1 The data subject can enforce against the data exporter this Clause, Clause 4(b) to (i), Clause 5(a) to (e), and (g) to (j), Clause 6(1) and (2), Clause 7, Clause 8(2), and Clauses 9 to 12 as third-party beneficiary.
3.2 The data subject can enforce against the data importer this Clause, Clause 5(a) to (e) and (g), Clause 6, Clause 7, Clause 8(2), and Clauses 9 to 12, in cases where the data exporter has factually disappeared or has ceased to exist in law unless any successor entity has assumed the entire legal obligations of the data exporter by contract or by operation of law, as a result of which it takes on the rights and obligations of the data exporter, in which case the data subject can enforce them against such entity.
3.3 The data subject can enforce against the subprocessor this Clause, Clause 5(a) to (e) and (g), Clause 6, Clause 7, Clause 8(2), and Clauses 9 to 12, in cases where both the data exporter and the data importer have factually disappeared or ceased to exist in law or have become insolvent, unless any successor entity has assumed the entire legal obligations of the data exporter by contract or by operation of law as a result of which it takes on the rights and obligations of the data exporter, in which case the data subject can enforce them against such entity. Such third-party liability of the subprocessor shall be limited to its own processing operations under the Clauses.
3.4 The parties do not object to a data subject being represented by an association or other body if the data subject so expressly wishes and if permitted by national law.
4. Obligations of the data exporter
The data exporter agrees and warrants:
(a) that the processing, including the transfer itself, of the personal data has been and will continue to be carried out in accordance with the relevant provisions of the applicable data protection law (and, where applicable, has been notified to the relevant authorities of the Member State where the data exporter is established) and does not violate the relevant provisions of that State;
(b) that it has instructed and throughout the duration of the personal data processing services will instruct the data importer to process the personal data transferred only on the data exporter's behalf and in accordance with the applicable data protection law and the Clauses;
(c) that the data importer will provide sufficient guarantees in respect of the technical and organizational security measures specified in Appendix 2 to this contract;
(d) that after assessment of the requirements of the applicable data protection law, the security measures are appropriate to protect personal data against accidental or unlawful destruction or accidental loss, alteration, unauthorized disclosure or access, in particular where the processing involves the transmission of data over a network, and against all other unlawful forms of processing, and that these measures ensure a level of security appropriate to the risks presented by the processing and the nature of the data to be protected having regard to the state of the art and the cost of their implementation;
(e) that it will ensure compliance with the security measures;
(f) that, if the transfer involves special categories of data, the data subject has been informed or will be informed before, or as soon as possible after, the transfer that its data could be transmitted to a third country not providing adequate protection within the meaning of Directive 95/46/EC;
(g) to forward any notification received from the data importer or any subprocessor pursuant to Clause 5(b) and Clause 8(3) to the data protection supervisory authority if the data exporter decides to continue the transfer or to lift the suspension;
(h) to make available to the data subjects upon request a copy of the Clauses, with the exception of Appendix 2, and a summary description of the security measures, as well as a copy of any contract for sub-processing services which has to be made in accordance with the Clauses, unless the Clauses or the contract contain commercial information, in which case it may remove such commercial information;
(i) that, in the event of subprocessing, the processing activity is carried out in accordance with Clause 11 by a subprocessor providing at least the same level of protection for the personal data and the rights of data subject as the data importer under the Clauses; and
(j) that it will ensure compliance with Clause 4(a) to (i).
5. Obligations of the data importer
The data importer agrees and warrants:
(a) to process the personal data only on behalf of the data exporter and in compliance with its instructions and the Clauses; if it cannot provide such compliance for whatever reasons, it agrees to inform promptly the data exporter of its inability to comply, in which case the data exporter is entitled to suspend the transfer of data and/or terminate the contract;
(b) that it has no reason to believe that the legislation applicable to it prevents it from fulfilling the instructions received from the data exporter and its obligations under the contract and that in the event of a change in this legislation which is likely to have a substantial adverse effect on the warranties and obligations provided by the Clauses, it will promptly notify the change to the data exporter as soon as it is aware, in which case the data exporter is entitled to suspend the transfer of data and/or terminate the contract;
(c) that it has implemented the technical and organizational security measures specified in Appendix 2 before processing the personal data transferred;
(d) that it will promptly notify the data exporter about:
(i) any legally binding request for disclosure of the personal data by a law enforcement authority unless otherwise prohibited, such as a prohibition under criminal law to preserve the confidentiality of a law enforcement investigation,
(ii) any accidental or unauthorized access, and
(iii) any request received directly from the data subjects without responding to that request, unless it has been otherwise authorized to do so;
(e) to deal promptly and properly with all inquiries from the data exporter relating to its processing of the personal data subject to the transfer and to abide by the advice of the supervisory authority with regard to the processing of the data transferred;
(f) at the request of the data exporter to submit its data processing facilities for audit of the processing activities covered by the Clauses which shall be carried out by the data exporter or an inspection body composed of independent members and in possession of the required professional qualifications bound by a duty of confidentiality, selected by the data exporter, where applicable, in agreement with the supervisory authority;
(g) to make available to the data subject upon request a copy of the Clauses, or any existing contract for subprocessing, unless the Clauses or contract contain commercial information, in which case it may remove such commercial information, with the exception of Appendix 2 which shall be replaced by a summary description of the security measures in those cases where the data subject is unable to obtain a copy from the data exporter;
(h) that, in the event of subprocessing, it has previously informed the data exporter and obtained its prior written consent;
(i) that the processing services by the subprocessor will be carried out in accordance with Clause 11; and
(j) to send promptly a copy of any subprocessor agreement it concludes under the Clauses to the data exporter.
6.1 The parties agree that any data subject, who has suffered damage as a result of any breach of the obligations referred to in Clause 3 or in Clause 11 by any party or subprocessor is entitled to receive compensation from the data exporter for the damage suffered.
6.2 If a data subject is not able to bring a claim for compensation in accordance with paragraph 6.1 against the data exporter, arising out of a breach by the data importer or his subprocessor of any of their obligations referred to in Clause 3 or in Clause 11, because the data exporter has factually disappeared or ceased to exist in law or has become insolvent, the data importer agrees that the data subject may issue a claim against the data importer as if it were the data exporter, unless any successor entity has assumed the entire legal obligations of the data exporter by contract or by operation of law, in which case the data subject can enforce its rights against such entity.
6.3 The data importer may not rely on a breach by a subprocessor of its obligations in order to avoid its own liabilities.
6.4 If a data subject is not able to bring a claim against the data exporter or the data importer referred to in paragraphs 6.1 and 6.2, arising out of a breach by the subprocessor of any of their obligations referred to in Clause 3 or in Clause 11 because both the data exporter and the data importer have factually disappeared or ceased to exist in law or have become insolvent, the subprocessor agrees that the data subject may issue a claim against the data subprocessor with regard to its own processing operations under the Clauses as if it were the data exporter or the data importer, unless any successor entity has assumed the entire legal obligations of the data exporter or data importer by contract or by operation of law, in which case the data subject can enforce its rights against such entity. The liability of the subprocessor shall be limited to its own processing operations under the Clauses.
7. Mediation and jurisdiction
7.1 The data importer agrees that if the data subject invokes against it third-party beneficiary rights and/or claims compensation for damages under the Clauses, the data importer will accept the decision of the data subject:
(a) to refer the dispute to mediation, by an independent person or, where applicable, by the supervisory authority;
(b) to refer the dispute to the courts in the Member State in which the data exporter is established.
7.2 The parties agree that the choice made by the data subject will not prejudice its substantive or procedural rights to seek remedies in accordance with other provisions of national or international law.
8. Cooperation with supervisory authorities
8.1 The data exporter agrees to deposit a copy of this contract with the supervisory authority if it so requests or if such deposit is required under the applicable data protection law.
8.2 The parties agree that the supervisory authority has the right to conduct an audit of the data importer, and of any subprocessor, which has the same scope and is subject to the same conditions as would apply to an audit of the data exporter under the applicable data protection law.
8.3 The data importer shall promptly inform the data exporter about the existence of legislation applicable to it or any subprocessor preventing the conduct of an audit of the data importer, or any subprocessor, pursuant to paragraph 8.2. In such a case the data exporter shall be entitled to take the measures foreseen in Clause 5 (b).
9. Governing Law
The Clauses shall be governed by the law of the Member State in which the data exporter is established, namely ___________.
10. Variation of the contract
The parties undertake not to vary or modify the Clauses. This does not preclude the parties from adding clauses on business related issues where required as long as they do not contradict the Clause.
11.1 The data importer shall not subcontract any of its processing operations performed on behalf of the data exporter under the Clauses without the prior written consent of the data exporter. Where the data importer subcontracts its obligations under the Clauses, with the consent of the data exporter, it shall do so only by way of a written agreement with the subprocessor which imposes the same obligations on the subprocessor as are imposed on the data importer under the Clauses. Where the subprocessor fails to fulfil its data protection obligations under such written agreement the data importer shall remain fully liable to the data exporter for the performance of the subprocessor's obligations under such agreement.
11.2 The prior written contract between the data importer and the subprocessor shall also provide for a third-party beneficiary clause as laid down in Clause 3 for cases where the data subject is not able to bring the claim for compensation referred to in paragraph 1 of Clause 6 against the data exporter or the data importer because they have factually disappeared or have ceased to exist in law or have become insolvent and no successor entity has assumed the entire legal obligations of the data exporter or data importer by contract or by operation of law. Such third-party liability of the subprocessor shall be limited to its own processing operations under the Clauses.
11.3 The provisions relating to data protection aspects for subprocessing of the contract referred to in paragraph 11.1 shall be governed by the law of the Member State in which the data exporter is established, namely ___________.
11.4 The data exporter shall keep a list of subprocessing agreements concluded under the Clauses and notified by the data importer pursuant to Clause 5 (j), which shall be updated at least once a year. The list shall be available to the data exporter's data protection supervisory authority.
12. Obligation after the termination of personal data processing services
12.1 The parties agree that on the termination of the provision of data processing services, the data importer and the subprocessor shall, at the choice of the data exporter, return all the personal data transferred and the copies thereof to the data exporter or shall destroy all the personal data and certify to the data exporter that it has done so, unless legislation imposed upon the data importer prevents it from returning or destroying all or part of the personal data transferred. In that case, the data importer warrants that it will guarantee the confidentiality of the personal data transferred and will not actively process the personal data transferred anymore.
12.2 The data importer and the subprocessor warrant that upon request of the data exporter and/or of the supervisory authority, it will submit its data processing facilities for an audit of the measures referred to in paragraph 12.1.
Appendix 1 to the Standard Contractual Clauses
This Appendix forms part of the Clauses and must be completed and signed by the parties.
The Member States may complete or specify, according to their national procedures, any additional necessary information to be contained in this Appendix.
Each data exporter is either a member of the Customer group of companies whose ultimate parent company is Customer, or a subscriber of Customer's products and services. The Customer group of companies provides and operates the Customer’s products and services.
Each data exporter wishes to appoint the data importer to provide it with data processing services. The role of the data importer, the nature of the data processing services it will provide, the categories of data that it will process, and the protections it will apply to protect those data are set out in the Appendices 1 and 2 to these Clauses.
The data importer is a service provider which processes Personal Data upon the instruction of the data exporter in accordance with the terms of the agreement between Customer and data importer relating to the provision of services by data importer to Customer.
The personal data transferred concern the following categories of data subjects:
Data exporter may transfer Personal Data to data importer, the extent of which is determined and controlled by data exporter in its sole discretion, and which may include, but is not limited to Personal Data relating to the following categories of data subjects:
- Prospects, customers, business partners and vendors of data exporter (who are natural persons);
- Employees or contact persons of data exporter’s prospects, customers, business partners and vendors; and
- Employees, agents, advisors, freelancers of data exporter (who are natural persons).
Categories of data
The personal data transferred concern the following categories of data:
Data exporter may transfer Personal Data to data importer, the extent of which is determined and controlled by data exporter in its sole discretion, and which may include, but is not limited to the following categories of Personal Data:
- First and last name
- Contact information (company, email, phone, physical business address)
- ID data
- Professional life data
- Personal life data (including but not limited to home addressed, personal phone numbers, resumes, attendance records, bank details, medical information)
- Connection data
- Localization data
Special categories of data (if appropriate)
The personal data transferred concern the following special categories of data: n/a
The personal data transferred will be subject to the following basic processing activities:
The objective of Processing of Personal Data by the data importer is the performance of the data importer’s services pursuant to the agreement between Customer and the data importer relating to the provision of services by the data importer to Customer.
Appendix 2 to the Standard Contractual Clauses
This Appendix forms part of the Clauses and must be completed and signed by the parties.
Description of the technical and organizational security measures implemented by the data importer in accordance with Clauses 4(d) and 5(c) (or document/legislation attached):
1. Physical Access Controls: the data importer shall take reasonable measures to prevent physical access, such as security personnel and secured buildings and factory premises, to prevent unauthorized persons from gaining access to personal data.
2. System Access Controls: the data importer shall take reasonable measures to prevent personal data from being used without authorization. These controls shall vary based on the nature of the processing undertaken and may include, among other controls, authentication via passwords and/or two-factor authentication, documented authorization processes, documented change management processes and/or, logging of access on several levels.
3. Data Access Controls: the data importer shall take reasonable measures to provide that personal data is accessible and manageable only by properly authorized staff, direct database query access is restricted and application access rights are established and enforced to ensure that persons entitled to use a data processing system only have access to the personal data to which they have privilege of access; and, that personal data cannot be read, copied, modified or removed without authorization in the course of processing. In addition to the access control rules set forth in Sections 1-3 above, data importer implements an access policy under which access to its system environment, to personal data and other data by authorized personnel only.
4. Transmission Controls: the data importer shall take reasonable measures to ensure that it is possible to check and establish to which entities the transfer of personal data by means of data transmission facilities is envisaged so personal data cannot be read, copied, modified or removed without authorization during electronic transmission or transport.
5. Input Controls: the data importer shall take reasonable measures to provide that it is possible to check and establish whether and by whom personal data has been entered into data processing systems, modified or removed. Data importer shall take reasonable measures to ensure that (i) the personal data source is under the control of data exporter; and (ii) personal data integrated into data importer’s systems is managed by secured file transfer from the data importer and data subject.
6. Data Backup: the data importer shall ensure that back-ups are taken on a regular basis, are secured, and encrypted when storing personal data to protect against accidental destruction or loss when hosted by data importer.
7. Logical Separation: the data importer shall ensure that data from the data exporter is logically segregated on the data importer’s systems to ensure that personal data that is collected for different purposes may be processed separately.