Terms of Service
MY COACH OFFICE TERMS OF SERVICE
Effective Date: May 22, 2018
(a) “Administrator” shall mean a Subscriber (as defined in Section 1(i)) with authority to designate additional Authorized Users and/or Administrators.
(c) “Authorized User” shall mean an individual subscriber or the partners, members, employees, temporary employees, and independent contractors of an organization with a subscription to the Service who have been added to the account as users.
(d) “Confidential Information” shall mean the Content (as defined in Section 1(e)) and any information, technical data, or know-how considered proprietary or confidential by either party to this Agreement including, but not limited to, either party’s research, services, inventions, processes, techniques, strategies, frameworks, specifications, designs, drawings, diagrams, concepts, marketing, techniques, documentation, source code, customer information, personally identifiable information, pricing information, procedures, menu concepts, business and marketing plans or strategies, financial information, and business opportunities disclosed by either party before or after the Effective Date of this Agreement, either directly or indirectly in any form whatsoever, including in writing, orally, machine readable form or through access to either party’s premises.
(e) “Content” shall mean any information you upload or post to the Service and any information provided by you to Company in connection with the Service, including, without limitation, information about your Authorized Users or Registered Clients, as defined in Section 1(g).
(f) “Originating Subscriber” shall mean the Subscriber who initiated the Services offered by Company and is assumed by Company to have the sole authority to administer the subscription.
(g) “Registered Client” means an individual who has been invited to use the client-facing features of the Service in a limited capacity as a client of an Authorized User.
(h) “Service” shall mean any software or services provided by Company.
(i) “Subscriber” shall refer to the purchaser of the Services provided by Company and shall also include any present or former agent, representative, independent contractor, employee, servant, attorney and any entity or person who had authority to act on your behalf.
(j) “Security Emergency” shall mean a violation by Subscriber of this Agreement that (a) could disrupt (i) Company’s provision of the Service; (ii) the business of other subscribers to the Service; or (iii) the network or servers used to provide the Service; or (b) provides unauthorized third party access to the Service.
2. Limited License & Use of the Service
2.1 Subscriber is granted a non-exclusive, non-transferable, limited license to access and use the Service.
2.2 Company does not review or pre-screen the Content and Company claims no intellectual property rights with respect to the Content.
2.3 Authorized Users agree not to reproduce, duplicate, copy, sell, resell or exploit access to the Service, use of the Service, or any portion of the Service, including, but not limited to the HTML, Cascading Style Sheet (“CSS”) or any visual design elements without the express written permission from Company.
2.4 Authorized Users agree not to modify, reverse engineer, adapt or otherwise tamper with the Service or modify another website so as to falsely imply that it is associated with the Service, Company, or any other software or service provided by Company.
2.5 Authorized Users agree that they will not knowingly use the Service in any manner which may infringe copyright or intellectual property rights or in any manner which is unlawful, offensive, threatening, libelous, defamatory, pornographic, obscene or in violation of the terms of this Agreement.
2.6 Authorized Users agree that they will not knowingly use the Service to upload, post, host, or transmit unsolicited bulk email “Spam”, short message service “SMS” messages, viruses, self-replicating computer programs “Worms” or any code of a destructive or malicious nature.
2.7 Except for the non-exclusive license granted pursuant to this Agreement, Subscriber acknowledges and agrees that all ownership, license, intellectual property and other rights and interests in and to the Service shall remain solely with Company.
2.8 Authorized Users who configure the Service to share or make available certain Content to the public, are deemed to acknowledge and agree that everyone will have access to the Content (“Public Content”). Company reserves the right, at any time, in its sole discretion, to take any action deemed necessary with respect to Public Content that violates the terms of this Agreement, including, but not limited to, removal of such Public Content.
2.9 Company reserves the right at any time, and from time to time, to modify or discontinue, temporarily or permanently, any feature associated with the Service, with or without notice, except that Company shall provide Subscriber with 30-days notice of any modification that materially reduces the functionality of the Service. Continued use of the Service following any modification constitutes Subscriber’s acceptance of the modification.
2.10 Company reserves the right to temporarily suspend access to the Service for operational purposes, including, but not limited to, maintenance, repairs or installation of upgrades, and will endeavor to provide no less than two business days notice prior to any such suspension. Such notice shall be provided to you in advance through by way of notification within the Service, email or other notification method deemed appropriate by Company. Further, Company shall endeavor to confine planned operational suspensions with a best effort to minimize disruption to the Subscriber, but reserves the ability to temporarily suspend operations without notice at any time to complete necessary repairs. In the event of a temporary suspension, Company will use the same notification methods listed in this section to provide updates as to the nature and duration of any temporary suspension.
2.11 Subscriber grants to Company a non-exclusive, royalty free right during Subscriber’s use of the Service, to use the Confidential Information for the sole purpose of performing Company’ obligations under the Agreement in accordance with the terms of the Agreement. Such rights shall include permission for Company to generate and publish aggregate, anonymized reports on system usage and Content trends and type, provided they do not conflict with Section 4.1.
3. Access to the Service
3.1 Subscriber is only permitted to access and use the Service if he/she is an Authorized User or a Registered Client. Authorized Users are required to provide their full legal name, a valid email address, and any other information reasonably requested by the Service.
3.2 Each Authorized User will be provided with a unique identifier to access and use the Service (“Username”). The Username shall only be used by the Authorized User to whom it is assigned, and shall not be shared with, or used by any other person, including other Authorized Users.
3.3 The initial Administrator shall be the Originating Subscriber with authority to administer the subscription and designate additional Authorized Users and/or Administrators. Each subscription may designate multiple Authorized Users as Administrator. Any Administrator shall be deemed to have the authority to manage the subscription and any Authorized Users. The Administrator will deactivate an active Username if the Administrator wishes to terminate access to the Service for any Authorized User.
3.4 Administrators are responsible for all use of the Service by Authorized Users on the list of active Authorized Users associated with their subscription to the Service.
3.5 As between Company and the Subscriber, any Content uploaded or posted to the Service remains the property of the Subscriber. Upon Cancellation or Termination of Service as discussed in Section 10 below, Company shall only be responsible for the return of Content directly to the Administrator or a designated Authorized User in the event that the Administrator is unable to be reached.
3.6 All access to and use of the Service via mechanical, programmatic, robotic, scripted or any other automated means not provided as part of the Service is strictly prohibited.
3.7 Authorized Users are permitted to access and use the Service using an Application Program Interface (“API”) subject to the following conditions:
(a) any use of the Service using an API, including use of an API through a third-party product that accesses and uses the Service, is governed by these Terms of Service;
(b) Company shall not be liable for any direct, indirect, incidental, special, consequential or exemplary damages, including but not limited to, damages for loss of profits, goodwill, use, data or other intangible losses (even if Company has been advised of the possibility of such damages), resulting from any use of an API or third-party products that access and use the Service via an API;
(c) Excessive use of the Service using an API may result in temporary or permanent suspension of access to the Service via an API. Company, in its sole discretion, will determine excessive use of the Service via an API, and will make a reasonable attempt to warn the Authorized User prior to suspension; and
(d) Company reserves the right at any time to modify or discontinue, temporarily or permanently, access and use of the Service via an API, with or without notice.
4.1 Each party agrees to treat all Confidential Information as confidential and not to use or disclose such Confidential Information except as necessary to perform its obligations under this Agreement.
4.2 Company and any third party vendors and hosting partners it utilizes to provide the Service shall hold Content in strict confidence and shall not use or disclose Content except (a) as required to perform their obligations under this Agreement; (b) in compliance with Section 7 of this Agreement, or (c) as otherwise authorized by you in writing.
5. Security and Access
5.1 Company is responsible for providing a secure method of authentication and accessing its Service. Company will provide mechanisms that:
(a) allow for user password management
(b) transmit passwords in a secure format
(c) protect passwords entered for purposes of gaining access to the Service by utilizing code that follows password management best practices.
5.2 Subscriber will be responsible for protecting the security of usernames and passwords, or any other codes associated to the Service, and for the accuracy and adequacy of personal information provided to the Service.
5.3 Subscriber will implement policies and procedures to prevent unauthorized use of usernames and passwords, and will promptly notify Company upon suspicion that a username and password has been lost, stolen, compromised, or misused.
5.4 At all times, Company, and any third party vendors and hosting partners it utilizes to provide the Service, will:
(a) use information security best practices for transmitting and storing your Content, adhering to industry standards;
(b) employ information security best practices with respect to network security techniques, including, but not limited to, firewalls, intrusion detection, and authentication protocols, vulnerability and patch management;
(c) ensure its host facilities maintain industry standards for security and privacy; and
(d) within thirty (30) days of a request by Subscriber, provide Subscriber with a SSAE 16 (SOC2) audit report or industry standard successor report or a comparable description of its security measures in respect of the infrastructure used to host the Service and the Content. In order to obtain such a report, Subscriber must enter into an agreement with the third party provider of the report.
5.5 Company shall report to Subscriber, with all relevant details (except those which could prejudice the security of data uploaded by other customers), any event that Company reasonably believes represents unauthorized access to, disclosure of, use of, or damage to Content (a “Security Breach”). Company shall make such report within 72 hours after learning of the Security Breach.
5.6 In the event of a Security Breach, Company shall (a) cooperate with Subscriber to identify the cause of the breach and to identify any affected Content; (b) assist and cooperate with Subscriber in investigating and preventing the recurrence of the Security Breach; (c) assist and cooperate with Subscriber in any litigation or investigation against third parties that Subscriber undertake to protect the security and integrity of Content; and (d) use commercially reasonable efforts to mitigate any harmful effect of the Security Breach.
6. EU Data Protection
The parties agree to comply with the provisions of the Data Processing Addendum set out in Exhibit A.
7. Legal Compliance
7.1 Company maintains that its primary duty is to provide the Service and to protect the Content to the extent the law allows. Company reserves the right to provide the Confidential Information to third parties as required and permitted by law (such as in response to a subpoena or court order), and to cooperate with law enforcement authorities in the investigation of any criminal or civil matter.
If Company is required by law to make any disclosure of the Confidential Information that is prohibited or otherwise constrained by this Agreement, then Company will provide Subscriber with prompt written notice (to the extent permitted by law) prior to such disclosure so that the Subscriber may seek a protective order or other appropriate relief. Subject to the foregoing sentence, Company may furnish that portion (and only that portion) of the Confidential Information that it is legally compelled or otherwise legally required to disclose.
8. Managed Backup and Archiving
8.1 Company’s managed backup services must be designed to facilitate restoration of Content to the server or device from which the Content originated in the event the primary data is lost or corrupted. Company shall ensure recovery of lost or corrupted Content at no cost to you. Following any cancellation or termination of Service for any reason, Subscriber shall have ninety days to retrieve any and all Content.
9. Payment, Refunds and Subscription Changes
9.1 Subscribers with paid subscriptions will provide Company with a valid credit card for payment of the applicable subscription fees. All subscription fees are exclusive of all federal, state, provincial, municipal or other taxes which Subscribers agree to pay based on where the Subscriber is primarily domiciled. In addition to any fees, the Subscriber may still incur charges incidental to using the Service, for example, charges for Internet access, data roaming, and other data transmission charges.
9.2 Subscribers with monthly paying subscriptions will be in advance each 30 days. Annual Subscribers will thereafter be charged annually on the anniversary date of the initial subscription charge. All charges are final and non-refundable, including payments made by Annual Subscribers.
9.3 No refunds or credits will be issued for partial periods of service, upgrade/downgrade refunds, or refunds for periods unused with an active subscription, including, but not limited to, instances involving the removal of a Subscriber.
9.4 There are no charges for canceling a subscription, and paying subscriptions cancelled prior to the end of their current billing cycle will not be charged again in the following cycle.
9.5 The amount charged on the next billing cycle will be automatically updated to reflect any changes to the subscription, including upgrades or downgrades. Subscription changes, including downgrades, may result in loss of access to Content, features, or an increase or reduction in the amount of available capacity for Content provided by the Service.
9.6 All prices are subject to change upon notice. Such notice may be provided by an e-mail message to the Administrator, or in the form of an announcement on the Service.
9.7 Subscriber is responsible for paying all taxes associated with the subscription to the Service. If Company has the legal obligation to pay or collect taxes for which Subscriber is responsible under this section, the appropriate amount shall be invoiced to and paid by Subscriber, unless Subscriber provides Company with a valid tax exemption certificate authorized by the appropriate taxing authority.
9.8 Any and all payments by or on account of the compensation payable under this Agreement shall be made free and clear of and without deduction or withholding for any taxes. If the Subscriber is required to deduct or withhold any taxes from such payments, then the sum payable shall be increased as necessary so that, after making all required deductions or withholdings, Company receives an amount equal to the sum it would have received had no such deduction or withholding been made.
10. Cancellation and Termination
10.1 Administrators are solely responsible for canceling subscriptions. An Administrator may cancel their subscription at any time by accessing the Service and visiting Dashboard as applicable. For security reasons, cancellations shall only be performed by an Administrator using the account cancellation URL within the Service. The Administrator may be directed, within the Service, to call support to complete the cancellation. Cancellations shall not be accepted by any other means.
10.2 Company in its sole discretion has the right to suspend or discontinue providing the Service to any Subscriber without notice for actions that are (a) in material violation of this Agreement and (b) create a Security Emergency.
10.3 If (i) Authorized Users use the Service to materially violate this Agreement in a way that does not create a Security Emergency; (ii) Company provides Subscriber with commercially reasonable notice of this violation; (iii) Company uses commercially reasonable efforts to discuss and resolve the violation with Subscriber; and (iv) despite the foregoing, the violation is not resolved to Company’s reasonable satisfaction within thirty (30) days of such notice, then Company reserves the right to suspend access to the Service.
10.4 As required by Section 8 above (“Managed Backup and Archiving”), upon cancellation or termination of a subscription, Content is made available to the Administrator or a designated Authorized User. Following a period of no less than ninety (90) days from the cancellation or termination of a subscription, all Content associated with such subscription will be irrevocably deleted from the Service. All Escrowed Data, if any, will continue to remain available for a period of six months upon cancellation or termination of a subscription in accordance with the terms of the Escrow Agreement.
11. Limitation of Liability
11.1 Except in the case of a violation by Company of its obligations under Section 4 above (“Confidentiality”), Section 5 above (“Security and Access”), and Section 8 above (“Managed Backup and Archiving”), and except as provided in Section 13.2 below (“Indemnification”), Company shall not be liable for and Subscriber waives the right to claim any loss, injury, claim, liability or damage of any kind resulting in any way from the Services provided to Subscriber by Company.
11.2 SUBSCRIBER AGREES THAT THE LIABILITY OF COMPANY ARISING OUT OF ANY CLAIM IN ANY WAY CONNECTED WITH THE SERVICE WILL NOT EXCEED THE TOTAL AMOUNT YOU HAVE PAID FOR THE SERVICE PURSUANT TO THE AGREEMENT WITHIN THE SIX MONTH PERIOD BEFORE THE DATE THE CLAIM AROSE. SUBSCRIBER FURTHER AGREES THAT COMPANY IS NOT AND WILL NOT BE LIABLE FOR ANY SPECIAL, INDIRECT, INCIDENTAL, OR CONSEQUENTIAL DAMAGES OF ANY KIND WHATSOEVER (INCLUDING WITHOUT LIMITATION, ATTORNEY FEES) RELATING TO THIS AGREEMENT. THESE DISCLAIMERS APPLY REGARDLESS OF THE FORM OF ACTION, WHETHER IN CONTRACT, TORT (INCLUDING NEGLIGENCE), STRICT LIABILITY OR OTHERWISE, WHETHER THOSE DAMAGES ARE FORESEEABLE AND WHETHER COMPANY HAS BEEN ADVISED OF THE POSSIBILITY OF THOSE DAMAGES. THESE DISCLAIMERS ARE NOT APPLICABLE TO THE INDEMNIFICATION OBLIGATION SET FORTH IN SECTION 13.2. EACH PROVISION OF THIS AGREEMENT THAT PROVIDES FOR A LIMITATION OF LIABILITY, DISCLAIMER OF DAMAGES, OR EXCLUSION OF DAMAGES IS TO ALLOCATE THE RISKS OF THIS AGREEMENT BETWEEN THE PARTIES. THIS ALLOCATION IS REFLECTED IN THE PRICING OFFERED BY COM PANY TO SUBSCRIBER AND IS AN ESSENTIAL ELEMENT OF THE BASIS OF THE BARGAIN BETWEEN THE PARTIES. EACH OF THESE PROVISIONS IS SEVERABLE FROM AND INDEPENDENT OF ALL OTHER PROVISIONS OF THIS AGREEMENT.
11.3 Subscriber will solely be responsible for any damage and/or loss of Content contained in Subscriber’s technology which occurs as a result of Subscriber’s actions, electronic equipment and/or Subscriber’s computer system.
12. Disclaimer of Warranties
12.1 COMPANY HEREBY DISCLAIMS ALL WARRANTIES OF ANY KIND, WHETHER EXPRESS, IMPLIED OR STATUTORY, INCLUDING, BUT NOT LIMITED TO THE IMPLIED WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, TITLE AND NON-INFRINGEMENT OF THIRD PARTY RIGHTS WITH RESPECT TO ANY SERVICES PROVIDED BY COMPANY. NOTHING IN THIS SECTION 12.1 SHALL MODIFY COMPANY’S OBLIGATION TO INDEMNIFY SUBSCRIBER AS REQUIRED BY SECTION 13.2(A) OF THIS AGREEMENT (“INDEMNIFICATION”).
12.2 Company makes no warranty that its services when provided to Subscriber in digital or electronic format will be compatible with Subscriber computer and/or other equipment, or that these Services will be secure or error free. Nor does Company make any warranty as to any results that may be obtained from the use of the Service. Nothing in this Section 12.2 shall modify Company’s obligations under Section 4 above (“Confidentiality”) or Section 5 above (“Security and Access”) or Company’s obligation to indemnify you as required by Section 13.2(b) of this Agreement (“Indemnification”).
12.3 Company hereby disclaims all warranties of any kind related to Subscriber’s hardware or software beyond the warranties provided by the manufacturer of Subscriber’s hardware or software.
13.1 Subscriber hereby agrees to indemnify and hold harmless Company from and against any claim, action, proceeding, loss, liability, judgment, obligation, penalty, damage, cost or expense, including attorneys’ fees, which arise from or relate to the following:
a. Authorized Users’ breach of any obligation stated in this Agreement, and
b. Authorized Users’ negligent acts or omissions.
Company will provide prompt notice to Subscriber of any indemnifiable event or loss. Subscriber will undertake, at Subscriber’s own cost, the defense of any claim, suit or proceeding with counsel reasonably acceptable to Company. Company reserves the right to participate in the defense of the claim, suit, or proceeding, at Company’ expense, with counsel of Company’ choosing.
13.2 Company shall defend, indemnify and hold Subscriber harmless against any loss, damage or costs (including reasonable attorneys’ fees) in connection with claims, demands, suits, or proceedings (“Claims”) made or brought against Subscriber by a third party
a. alleging that the Service, or use of the Service as contemplated hereunder, infringes a copyright, a U.S. patent issued as of the date of final execution of this Agreement, or a trademark of a third party or involves the misappropriation of any trade secret of a third party; provided, however, that Subscriber:
(a) promptly gives written notice of the Claim to Company (provided, however, that the failure to so notify shall not relieve Company of its indemnification obligations unless Company can show that it was materially prejudiced by such delay and then only to the extent of such prejudice); (b) gives Company sole control of the defense and settlement of the Claim (provided that Company may not settle any Claim unless it unconditionally releases Subscriber of all liability); and (c) provides to Company, at Company’s cost, all reasonable assistance. Company shall not be required to indemnify Subscriber in the event of: (x) modification of the Service by Subscriber in conflict with Subscriber’s obligations or as a result of any prohibited activity as set forth herein to the extent that the infringement or misappropriation would not have occurred but for such modification; (y) use of the Service in combination with any other product or service not provided by Company to the extent that the infringement or misappropriation would not have occurred but for such use; or (z) use of the Service in a manner not otherwise contemplated by this Agreement to the extent that the infringement or misappropriation would not have occurred but for such use; or
b. arising out of or related to a violation by Company of its obligations under Section 4 above (“Confidentiality”) or Section 5 above (“Security and Access”),
14.1 Technical support and training are available to Authorized Users with active subscriptions, and is available by email or electronic support ticket, as defined at https://mycoachoffice.com/contact.
14.2 Subscriber acknowledges and agrees that Company may use third party vendors and hosting partners to provide the necessary hardware, software, networking, storage, and related technology required to run the Service.
14.3 Company may provide the ability to integrate the Service with third party products and services that Subscriber may use at Subscriber’s option and risk. Access to and use of any third party products and services are subject to the separate terms and conditions required by the providers of the third party products and services. Subscriber agrees that Company has no liability arising from Subscriber’s use of any integrations or arising from the third party products and services. Company can modify or cancel the integrations at any time without notice.
14.4 Subscriber acknowledges the risk that information and the Content stored and transmitted electronically through the Service may be intercepted by third parties. Subscriber agrees to accept that risk and will not hold Company liable for any loss, damage, or injury resulting from the interception of information. The Content is stored securely and encrypted. Only Company, with strict business reasons, may access and transfer the Content and only to provide Subscriber with the Service. Company will make reasonable efforts to provide notice to Subscriber prior to such access and transfer. Company’ actions will comply with its obligations under Sections 4 and 5 of this Agreement.
14.5 The failure of either party to enforce any provision hereof shall not constitute or be construed as a waiver of such provision or of the right to enforce it at a later time.
14.6 This Agreement constitutes the entire agreement between Authorized Users and Company and governs Authorized Users use of the Service, superseding any prior agreements between Authorized Users and Company (including, but not limited to, any prior versions of this agreement).
14.7 Company reserves the right to amend this Agreement. In the event of material changes to the Agreement, Company will notify Subscribers, by email, or by other reasonable means of these changes prior to their enactment. Continued use of the Service by the Subscriber after reasonable notice will be considered acceptance of any new terms.
14.8 Neither party may assign any of its rights or obligations hereunder, whether by operation of law or otherwise, without the prior written consent of the other party (which consent shall not be unreasonably withheld). Notwithstanding the foregoing, either party may assign this Agreement in its entirety without consent of the other party in connection with a merger, acquisition, corporate reorganization, or sale of all or substantially all of its assets provided the assignee has agreed to be bound by all of the terms of this Agreement. Any attempt by a party to assign its rights or obligations under this Agreement in breach of this Section shall be void and of no effect.
14.9 Governing Law and Venue. This Agreement and your relationship with Company shall be governed exclusively by, and will be enforced, construed, and interpreted exclusively in accordance with, the laws applicable in the State of Queensland, Australia and shall be considered to have been made and accepted in Queensland, Australia, without regard to its conflict of law provisions. All disputes under this Agreement will be resolved by the courts of Queensland, Australia, and Subscribers consent to the jurisdiction of and venue in such courts and waive any objection as to inconvenient forum. In any action or proceeding to enforce rights under this Agreement, the prevailing party shall be entitled to recover costs and legal fees.
DATA PROCESSING ADDENDUM
To the extent that Company Processes any Subscriber Personal Data (each as defined below) and (i) the Subscriber Personal Data relates to individuals located in the EEA; or (ii) Subscriber is established in the EEA, the provisions of this Data Processing Addendum (“
DPA”) shall apply to the processing of such Subscriber Personal Data. In the event of any conflict between the remainder of the Agreement and the DPA, the DPA will prevail.
1.1. The following capitalized terms used in this DPA shall be defined as follows:
(a) “Controller” has the meaning given in the GDPR.
(b) “Data Protection Laws” means the EU General Data Protection Regulation 2016/679 (“GDPR“), any applicable national implementing legislation in each case as amended, replaced or superseded from time to time, and all applicable legislation protecting the fundamental rights and freedoms of persons and their right to privacy with regard to the Processing of Subscriber Personal Data.
(c) “Data Subject” has the meaning given in the GDPR.
(d) “European Economic Area” or “EEA” means the Member States of the European Union together with Iceland, Norway, and Liechtenstein.
(e) “Processing” has the meaning given in the GDPR, and “Process” will be interpreted accordingly.
(f) “Processor” has the meaning given in the GDPR.
(g) “Security Incident” means any confirmed accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to, any Subscriber Personal Data.
(h) “Standard Contractual Clauses” means the Standard Contractual Clauses (processors) approved by European Commission Decision C(2010)593 or any subsequent version thereof released by the European Commission (which will automatically apply).
(i) “Subprocessor” means any Processor engaged by Company who agrees to receive from Company Subscriber Personal Data.
(j) “Subscriber Personal Data” means the “personal data” (as defined in the GDPR) described in the Annex and any other personal data contained in the Content or that Company processes on Subscriber’s behalf in connection with the provision of the Service.
(k) “Supervisory Authority” has the meaning given in the GDPR.
2. Data Processing
2.1. The Parties acknowledge and agree that for the purpose of the Data Protection Laws, the Subscriber is the Controller and Company is the Processor.
2.2 Instructions for Data Processing. Company will only Process Subscriber Personal Data in accordance with Subscriber’s written instructions. The parties acknowledge and agree that the Agreement (subject to any changes to the Service agreed between the parties) and this DPA shall be Subscriber’s complete and final instructions to Company in relation to the processing of Subscriber Personal Data.
2.3. Processing outside the scope of this DPA or the Agreement will require prior written agreement between Subscriber and Company on additional instructions for Processing.
2.4. Required consents. Where required by applicable Data Protection Laws, Subscriber will ensure that it has obtained/will obtain all necessary consents and complies with all applicable requirements under Data Protection Laws for the Processing of Subscriber Personal Data by Company in accordance with the Agreement.
3. Transfer of Personal Data
3.1. Authorized Subprocessors. Subscriber agrees that Company may use the following as Subprocessors to Process Subscriber Personal Data:
– PAYPAL: payment processor
– STRIPE: credit card charges processor
– ACTIVE CAMPAIGN: email marketing
– LIQUIDWEB: web server hosting
3.2. Subscriber agrees that Company may use subcontractors to fulfill its contractual obligations under the Agreement. Company shall notify Subscriber from time to time of the identity of any Subprocessors engaged. If Subscriber (acting reasonably) objects to a new Subprocessor on grounds related to the protection of Subscriber Personal Data only, then without prejudice to any right to terminate the Agreement, Subscriber may request that Company move the Subscriber Personal Data to another Subprocessor and Company shall, within a reasonable time following receipt of such request, use reasonable endeavors to ensure that the original Subprocessor does not Process any of the Subscriber Personal Data. If it is not reasonably possible to use another Subprocessor, and Subscriber continues to object for a legitimate reason, either party may terminate the Agreement on thirty (30) days written notice. If Subscriber does not object within thirty (30) days of receipt of the notice, Subscriber is deemed to have accepted the new Subprocessor.
3.3. Save as set out in clauses 3.1 and 3.2, Company shall not permit, allow or otherwise facilitate Subprocessors to Process Subscriber Personal Data without Subscriber’s prior written consent and unless Company:
(a) enters into a written agreement with the Subprocessor which imposes equivalent obligations on the Subprocessor with regard to their Processing of Subscriber Personal Data, as are imposed on Company under this DPA; and
(b) shall at all times remain responsible for compliance with its obligations under the DPA and will be liable to Subscriber for the acts and omissions of any Subprocessor as if they were Company’s acts and omissions.
3.4. International Transfers of Subscriber Personal Data. To the extent that the Processing of Subscriber Personal Data by Company involves the export of such Subscriber Personal Data to a third party in a country or territory outside the EEA, such export shall be:
(i) to a country or territory ensuring an adequate level of protection for the rights and freedoms of Data Subjects as determined by the European Commission;
(ii) to a third party that is a member of a compliance scheme recognized as offering adequate protection for the rights and freedoms of Data Subjects as determined by the European Commission; or
(iii) governed by the Standard Contractual Clauses between the Subscriber as exporter and such third party as importer. For this purpose, the Subscriber appoints Company as its agent with the authority to complete and enter into the Standard Contractual Clauses as agent for the Subscriber on its behalf.
4. Data Security, Audits and Security Notifications
4.1 Company Security Obligations. Company will implement and maintain appropriate technical and organizational security measures to ensure a level of security appropriate to the risk, including as appropriate, the measures referred to in Article 32(1) of the GDPR.
4.2 Upon Subscriber’s reasonable request, Company will make available all information reasonably necessary to demonstrate compliance with this DPA.
4.3 Security Incident Notification. If Company becomes aware of a Security Incident, Company will (a) notify Subscriber of the Security Incident within 72 hours, (b) investigate the Security Incident and provide Subscriber (and any law enforcement or regulatory official) with reasonable assistance as required to investigate the Security Incident.
4.4 Company Employees and Personnel. Company will treat the Subscriber Personal Data as confidential, and shall ensure that any employees or other personnel have agreed in writing to protect the confidentiality and security of Subscriber Personal Data.
4.5 Audits. Company will, upon Subscriber’s reasonable request and at Subscriber’s expense, allow for and contribute to audits, including inspections, conducted by Subscriber (or a third party auditor on Subscriber’s behalf and mandated by Subscriber) provided (i) such audits or inspections are not conducted more than once per year (unless requested by a Supervisory Authority); (ii) are conducted only during business hours; (iii) are conducted in a manner that causes minimal disruption to Company’s operations and business; and (iv) Following completion of the audit, upon request, Subscriber will promptly provide Company with a complete copy of the results of that audit.
5. Access Requests and Data Subject Rights
5.1 Data Subject Rights. Where applicable, and taking into account the nature of the Processing, Company will use reasonable endeavors to assist Subscriber by implementing appropriate technical and organizational measures, insofar as this is possible, for the fulfillment of Subscriber’s obligation to respond to requests for exercising Data Subject rights laid down in the Data Protection Laws.
6. Data Protection Impact Assessment and Prior Consultation
6.1 To the extent required under applicable Data Protection Laws, Company will provide Subscriber with reasonably requested information regarding its Service to enable Subscriber to carry out data protection impact assessments or prior consultations with any Supervisory Authority, in each case solely in relation to Processing of Subscriber Personal Data and taking into account the nature of the Processing and information available to Company.
7.1 Deletion or return of data. Subject to 7.2 below, Company will, at Subscriber’s election and within 90 (ninety) days of the date of termination of the Agreement:
(a) make available for retrieval all Subscriber Personal Data Processed by Company (and delete all other copies of Subscriber Personal Data Processed by Company following such retrieval); or
(b) delete the Subscriber Personal Data Processed by us.
7.2 Company and its Subprocessors may retain Subscriber Personal Data to the extent required by applicable laws and only to the extent and for such period as required by applicable laws and always provided that Company ensures the confidentiality of all such Subscriber Personal Data and shall ensure that such Subscriber Personal Data is only Processed as necessary for the purpose(s) specified in the applicable laws requiring its storage and for no other purpose.
8. Governing law
8.1 This DPA shall be governed by, and construed in accordance with the laws of the nation of Australia. Each of the parties irrevocably submits for all purposes (including any non-contractual disputes or claims) to the non-exclusive jurisdiction of the courts in Queensland, Australia.
Details of the Processing of Subscriber Personal Data This Annex includes certain details of the processing of Subscriber Personal Data as required by Article 28(3) of the GDPR.
Subject matter and duration of the Processing of Subscriber Personal Data
The subject matter and duration of the Processing of the Subscriber Personal Data are set out in the Agreement and this DPA.
The nature and purpose of the Processing of Subscriber Personal Data
The Subscriber Personal Data will be subject to the following basic processing activities: transmitting, collecting, storing and analyzing data in order to provide the Service to the Subscriber, and any other activities related to the provision of the Service or specified in the Agreement.
The types of Subscriber Personal Data to be processed
The Subscriber Personal Data concern the following categories of data: names; email addresses; personal and professional information; and any other personal data provided by the Subscriber in connection with its use of the Service.
The categories of data subject to whom the Subscriber Personal Data relates
Any categories of individuals whose data the Subscriber extracts, transfers, and/or loads onto the Service, which may include but is not limited to:
- Registered Clients; and
- Past, present and prospective clients, business relationship contacts, and outside counsel contacts of the Subscriber.
The obligations and rights of the Subscriber
The obligations and rights of the Subscriber are as set out in this DPA