Terms & Policies

Effective date: November 5th, 2020

iGenius Software Subscription Services Agreement

These terms and Conditions (“Agreement”) govern your use of the Subscription Services. iGenius, Inc. (“Company”) will provide the Subscription Services to you (“Customer”) only upon the condition that you accept the Agreement, which you can do by clicking on the checkbox marked “I Accept and agree to be bound by the terms of this Agreement and Company’s Privacy Policy during the login/set-up process through checkbox . By clicking the checkbox, you confirm that you have read and understand this Agreement and accept all of its terms. If you are accepting the terms of this Agreement on behalf of a company or other legal entity, you represent and warrant that you have the authority to bind that company or other legal entity to the terms of this Agreement, and, in such event, “Customer” will refer to that company or other legal entity. If you do not accept all the terms of this Agreement, then you must not click the checkbox and you should not access the Crystal Platform or otherwise use the Subscription Services. The date upon which you accept the terms of this Agreement is referred to as the “Effective Date”. This Agreement (including any exhibit, annex and appendix hereto) constitutes the entire agreement among the parties hereto.

1. Definitions

  • Aggregate Data” means any data that is derived or aggregated in deidentified form from (i) any Customer Materials; or (ii) Customer’s and/or its Authorized Users’ Use of the Subscription Services, including, without limitation, any usage data or trends with respect to the Subscription Services.
  • Authorized User” means an employee or contractor whom Customer has authorized to Use the Subscription Services.
  • Beta Services” means certain services or functionality designated as pilot, limited release, developer preview, non-production, evaluation, early adoption or by a similar description and made available to Customer by the Company at no additional charge for Customer to try at its option.
  • Crystal Platform” means Company’s proprietary Artificial Intelligence platform.
  • Company IP” means the Subscription Services, all underlying technology, algorithms, interfaces, databases, tools, know-how, processes, methods, information, data, data models, content, materials and Documentation used to provide or deliver the Subscription Services, all improvements, modifications or enhancements to, or derivative works based upon the foregoing (regardless of inventorship or authorship), all Intellectual Property Rights in and to any of the foregoing, and all Aggregate Data derived from the Subscription Services.
  • Customer Materials” means all information, data, content and other materials, in any form or medium, that is submitted, posted, collected, transmitted or otherwise provided by or on behalf of Customer through the Subscription Services or to Company in connection with Customer’s Use of the Subscription Services, but excluding, for clarity, Aggregate Data and any other information, data, data models, content or materials owned or controlled by Company and made available through or in connection with the Subscription Services, which constitute Company IP.
  • Data Protection Legislation” means, in the EU Member States, the GDPR and the complementary data protection laws, including any guidance and/or codes of practice issued by the relevant Data protection supervisory authority within the EU, and/or, in non-EU Member States, any applicable data protection law relating to the safeguarding and lawful processing of Personal Data;
  • Documentation” means the operator and user manuals, training materials, specifications, minimum system configuration requirements, compatible device and hardware list and other similar materials in hard copy or electronic form, if and as provided by Company to Customer (including any revised versions thereof), relating to the Subscription Services, which may be updated from time to time upon notice to Customer.
  • Intellectual Property Rights” means patent rights (including, without limitation, patent applications and disclosures), inventions, copyrights, trade secrets, know-how, data and database rights, mask work rights, and any other intellectual property rights recognized in any country or jurisdiction in the world.
  • Licensed Volume” means the limits, volume or other measurement or conditions of permitted Use for the applicable Subscription Service, depending on the Plan to which Customer subscribes, including any limits on the number of Authorized Users permitted to Use the Subscription Services based on Customer’s subscription tier.
  • Person” means any individual, corporation, partnership, trust, limited liability company, association, governmental authority or other entity.
  • "Personal Data" means any information relating to an identified or identifiable natural person; an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person. To avoid doubts, “Personal Data” has the meaning set forth in the General Data Protection Regulation EU 2016/679 ("GDPR") and any other applicable Data Protection Legislation.
  • Plan” means the specific subscription plan chosen by Customer when subscribing to the Subscription Services, and all terms and conditions applicable thereto.
  • Services” means the Support Services and the Subscription Services.
  • Subscription Services” means the products and services made available by Company to Customer pursuant to this Agreement including, without limitation, the Crystal Platform, all updates, patches, bug fixes and upgrades thereto.
  • Use” means to use and access the Subscription Services in accordance with this Agreement and the Documentation.

2. Subscription Services; Access and Use

  • Subscription Services. Upon subscribing to the Subscription Services, Customer will be asked to select the Plan that best corresponds to its needs. Customer will then be asked to create an account, agree to the terms of this Agreement, and sign up for a thirty (30) day trial free of charge (the “Trial”). Upon expiration of the Trial, the Plan will automatically be activated unless Customer terminates its subscription at least five (5) days prior to the expiration of the Trial.
  • License Grant. Upon Customer’s acceptance of and subject to Customer’s continued compliance with the terms of this Agreement, Company hereby grants Customer a limited, non-exclusive, non-transferable (except in compliance with Section 15) right and license to access the Crystal Platform and Use the Subscription Services during the Term, solely for Customer’s internal business purposes, in accordance with, and subject to, the Licensed Volume.
  • Use Restrictions. Customer will not at any time and will not permit any Person (including, without limitation, Authorized Users) to, directly or indirectly: (i) Use the Subscription Services in any manner beyond the scope of rights expressly granted in this Agreement; (ii) modify or create derivative works of the Subscription Services or Documentation, in whole or in part; (iii) reverse engineer, disassemble, decompile, decode or otherwise attempt to derive or gain improper access to any software component of the Subscription Services, in whole or in part; (iv) frame, mirror, sell, resell, rent or lease Use of the Subscription Services to any other Person, or otherwise allow any Person to Use the Subscription Services for any purpose other than for the benefit of Customer in accordance with this Agreement; (v) Use the Subscription Services or Documentation in any manner or for any purpose that infringes, misappropriates, or otherwise violates any Intellectual Property Right or other right of any Person, or that violates any applicable law including the applicable labour national laws; (vi) interfere with, or disrupt the integrity or performance of, the Subscription Services, or any data or content contained therein or transmitted thereby; or (vii) access or search the Subscription Services (or download any data or content contained therein or transmitted thereby) through the use of any engine, software, tool, agent, device or mechanism (including spiders, robots, crawlers or any other similar data mining tools) other than software or Subscription Services features provided by Company for use expressly for such purposes.
  • Authorized Users. Customer may permit Authorized Users to Use the Subscription Services, provided that (i) the Use, including the number of Authorized Users, does not exceed the Licensed Volume; and (ii) Customer ensures each Authorized User complies with all applicable terms and conditions of this Agreement, and Customer is responsible for acts or omissions by Authorized Users in connection with their Use of the Subscription Services. Customer will, and will require all Authorized Users to, use all reasonable means to secure user names and passwords, hardware and software used to access the Subscription Services in accordance with customary security protocols, and will promptly notify Company if Customer knows or reasonably suspects that any user name and/or password has been compromised. Each account for the Subscription Services may only be accessed and used by the specific Authorized User for whom such account is created. Customer will not allow any Person other than Authorized Users to Use the Subscription Services.
  • Third-Party Services. Certain features and functionalities within the Subscription Services may allow Customer and its Authorized Users to interface or interact with, access and/or use compatible third-party services, products, technology and content (collectively, “Third-Party Services”) through the Subscription Services. Company does not provide any aspect of the Third-Party Services and is not responsible for any compatibility issues, errors or bugs in the Subscription Services or Third-Party Services caused in whole or in part by the Third-Party Services or any update or upgrade thereto. Customer is solely responsible for maintaining the Third-Party Services and obtaining any associated licenses and consents necessary for Customer to use the Third-Party Services in connection with the Subscription Services.
  • Beta Services. From time to time, the Company may make Beta Services available to Customer at no charge. Customer may choose to try such Beta Services or not in Customer’s sole discretion. Beta Services are intended for evaluation purposes and not for production use. Beta Services do not form part of the “Subscription Services” under this Agreement, and they may be subject to additional terms. Notwithstanding the foregoing, Customer understands and agrees that all restrictions, Company’s reservation of rights and Customer’s obligations concerning the Subscription Services and use of any Third-Party Services in connection with the Subscription Services apply equally to Customer’s use of the Beta Services. Unless otherwise stated, any Beta Services trial period will expire upon the earlier of one (1) year from the date the Beta Services were made available to Customer, or the date that a version of the Beta Services becomes generally available to the public. The Company may discontinue any Beta Services at any time and decide not to make them publicly available in its sole discretion. Access to the Beta Services is granted “as is”, without warranties or indemnities of any kind. Customer is solely and exclusively responsible for, and Company will have no liability for any loss, harm or damage arising out of or in connection with any Beta Service, including any loss or damage to any Customer Material.

3. Fees and Payment

  • Fees. Customer will pay Company the non-refundable fees applicable to the Plan selected by the Customer, and all associated charges (“Fees”). Company reserves the right to change the Fees and institute new ones at any time, in its sole discretion. Company will use commercially reasonable efforts to communicate the revised Fees to Customer at least (30) days prior to the end of the then current term. The revised Fees will apply automatically upon renewal of Customer’s subscription, unless Customer cancels its subscription in accordance with Section 11.
  • Payments Procedure. Upon subscribing to the Subscription Services, Customer will be asked to select a payment method (credit card, debit card, or other method accepted by the Company, as specified by Company on the subscription page) and provide to Company valid, up-to-date and complete billing information associated with such payment method to allow Company to set up automatic billing for Customer’s account. Upon expiration of the Trial and each month or year thereafter, as applicable, Company will charge Customer’s selected payment method for any Fees including any applicable taxes.
  • Remedies. If Company cannot charge Customer’s selected payment method for any reason (such as expiration or insufficient funds), Company will notify Customer and attempt to charge the payment method again as Customer may update its payment method or payment method information. If seven (7) days after such failed payment, Company still has not received the Fee amounts due by Customer, Company may lock Customer’s account and suspend Customer’s subscription. If after an additional seven (7) days payment still has not been received by Company, (i) Company may immediately terminate Customer’s subscription and this Agreement without any responsibility to Customer; (ii) late charges will accrue at the rate of 1.5% per month or, if lower, the highest rate permitted by applicable law; and (iii) Customer will reimburse Company for all reasonable costs and expenses incurred (including reasonable attorneys’ fees) in collecting any late payments or interest. All payments are non-refundable and neither Party will have the right to set off, discount or otherwise reduce or refuse to pay any amounts due to the other Party under this Agreement.
  • Taxes. Customer is responsible for all sales, use, ad valorem and excise taxes, and any other similar taxes, duties and charges of any kind imposed by any federal, state, multinational or local governmental regulatory authority on any amount payable by Customer to Company hereunder, other than any taxes imposed on Company’s income. Without limiting the foregoing, in the event that Customer is required to deduct or withhold any taxes from the amounts payable to Company hereunder, Customer will pay an additional amount, so that Company receives the amounts due to it hereunder in full, as if there were no withholding or deduction.

4. Ownership

  • Aggregate Data” means any data that is derived or aggregated in deidentified form from (i) any Customer Materials; or (ii) Customer’s and/or its Authorized Users’ Use of the Subscription Services, including, without limitation, any usage data or trends with respect to the Subscription Services.
  • Authorized User” means an employee or contractor whom Customer has authorized to Use the Subscription Services.
  • Beta Services” means certain services or functionality designated as pilot, limited release, developer preview, non-production, evaluation, early adoption or by a similar description and made available to Customer by the Company at no additional charge for Customer to try at its option.

5. Confidential Information

  • As used herein, “Confidential Information” means any information that one Party (the “Disclosing Party”) provides to the other Party (the “Receiving Party”) in connection with this Agreement, whether orally or in writing, that is designated as confidential or that reasonably should be considered to be confidential given the nature of the information and/or the circumstances of disclosure. For clarity, except as otherwise specified in writing by the Company, the Company IP will be deemed Confidential Information of Company. However, Confidential Information will not include any information or materials that: (i) were, at the date of disclosure, or have subsequently become, generally known or available to the public through no act or failure to act by the Receiving Party; (ii) were rightfully known by the Receiving Party prior to receiving such information or materials from the Disclosing Party; (iii) are rightfully acquired by the Receiving Party from a third party who has the right to disclose such information or materials without breach of any confidentiality or non-use obligation to the Disclosing Party; or (iv) are independently developed by or for the Receiving Party without use of or access to any Confidential Information of the Disclosing Party.
  • The Receiving Party will maintain the Disclosing Party’s Confidential Information in strict confidence, and will not use the Confidential Information of the Disclosing Party except as necessary to perform its obligations or exercise its rights under this Agreement; provided that Company may use and modify Confidential Information of Customer in deidentified form for purposes of developing and deriving Aggregate Data. The Receiving Party will not disclose or cause to be disclosed any Confidential Information of the Disclosing Party, except (i) to those employees, representatives, or contractors of the Receiving Party who have a bona fide need to know such Confidential Information to perform under this Agreement and who are bound by written agreements with use and nondisclosure restrictions at least as protective as those set forth in this Agreement, or (ii) as such disclosure may be required by the order or requirement of a court, administrative agency or other governmental body, subject to the Receiving Party providing to the Disclosing Party reasonable written notice to allow the Disclosing Party to seek a protective order or otherwise contest the disclosure.
  • Each Party’s obligations of non-disclosure with regard to Confidential Information are effective as of the Effective Date and will expire five (5) years from the date first disclosed to the Receiving Party; provided, however, with respect to any Confidential Information that constitutes a trade secret (as determined under applicable law), such obligations of non-disclosure will survive the termination or expiration of this Agreement for as long as such Confidential Information remains subject to trade secret protection under applicable law.
  • The terms and conditions of this Agreement will constitute Confidential Information of each Party but may be disclosed on a confidential basis to a Party’s advisors, attorneys, actual or bona fide potential acquirers, investors or other sources of funding (and their respective advisors and attorneys) for due diligence purposes.

6. Support and Service Levels

  • Service Availability and Support. Company will use commercially reasonable efforts to make the Subscription Services available and provide the support services set forth in the support terms available at the end of the page (the “Support Services”). Customer acknowledges and agrees that any service levels set forth in the support terms or otherwise communicated by the Company are performance targets only and any failure of Company to meet any service level will not result in any breach of this Agreement or any payment or liability of Company to Customer.
  • Security Safeguards. Company will use commercially reasonable efforts to maintain reasonable administrative, physical, and technical safeguards designed to protect the security, confidentiality and integrity of the Customer Materials, in accordance with applicable industry standards and Company’s Privacy Policy available at https://crystal.ai/en/legal/privacy/.

7. Representations and Warranties

  • Each Party hereby represents and warrants to the other Party that: (i) it is duly organized, validly existing and in good standing under its jurisdiction of organization and has the right to enter into this Agreement and (ii) the execution, delivery and performance of this Agreement and the consummation of the transactions contemplated hereby are within the corporate powers of such Party and have been duly authorized by all necessary corporate action on the part of such Party, and constitute a valid and binding agreement of such Party.
  • Customer represents and warrants that (i) it has obtained and will continue to have, during the Term, all rights, authority and licenses necessary to access and use the Customer Materials in connection with the Subscription Services; (ii) Company’s use of the Customer Materials in accordance with this Agreement will not violate any applicable laws or regulations or cause a breach of any agreement or obligations between Customer and any third party; (iii) it will comply with all applicable federal laws, regulations and rules including those that prohibit or restrict the export or re-export of the Subscription Services or any part thereof, or any Customer Materials, outside the United States (“Export Rules”), and will complete all undertakings required by Export Rules, including obtaining any necessary export license or other governmental approval. Customer further understands that the Subscription Services and Documentation are “commercial computer software” and “commercial computer software documentation,” respectively, as such terms are used in FAR 12.212 and other relevant government procurement regulations. Any use, duplication, or disclosure of the software or its documentation by or on behalf of the U.S. government is subject to restrictions as set forth in this Agreement.
  • Company represents and warrants that, to the extent the Customer Materials include non-aggregated Personal Data, Company will process such data only for the period of time necessary to provide the Subscription Services, and in any case no longer than the Term of this Agreement, except where required under applicable law.

8. Indemnification

  • Company Indemnification. Company will defend Customer against any claim, suit or proceeding brought by a third party (“Claims”) alleging that the Subscription Services infringes or misappropriates such third party’s Intellectual Property Rights, and will indemnify and hold harmless Customer against any damages and costs awarded against Customer or agreed in settlement by Company (including reasonable attorneys’ fees) resulting from such Claim. Notwithstanding the foregoing, Company will be under no obligation to defend, indemnify or otherwise hold Customer harmless if the underlying Claim arises from or as a result of: (i) Customer’s breach of this Agreement, negligence, willful misconduct or fraud; (ii) any Customer Materials; (iii) Customer’s failure to use any enhancements, modifications, or updates to the Subscription Services that have been provided by Company or Company’s continued Use of a prior version of the Subscription Services that has been superseded by a non-infringing version subsequently released by Company; (iv) modifications to the Subscription Services by anyone other than Company; or (v) combinations of the Subscription Services with software, data or materials not provided by Company.
  • IP Remedies. If Company reasonably believes the Subscription Services (or any component thereof) could infringe any third party’s Intellectual Property Rights, Company may, at its sole option and expense, use commercially reasonable efforts to: (i) modify or replace the Subscription Services, or any component or part thereof, to make it non-infringing; or (ii) procure the right for Customer to continue Use. If Company determines that neither alternative is commercially practicable, Company may terminate this Agreement, in its entirety or with respect to the affected component, by providing written notice to Customer. In the event of any such termination, Company will refund to Customer a pro-rata portion of the Fees that have been paid for the unexpired portion. The rights and remedies set forth in this Section 8(b) will constitute Customer’s sole and exclusive remedy for any infringement or misappropriation of Intellectual Property Rights in connection with the Subscription Services.
  • Customer Indemnification. Customer will defend, indemnify and hold Company harmless against all Claims arising from (i) any Customer Materials, including, without limitation, (A) any Claim that the Customer Materials infringe, misappropriate or otherwise violate any third party’s Intellectual Property Rights or privacy or other rights; (B) any Claim that the use, provision, transmission, display or storage of Customer Materials violates any applicable law, rule or regulation; or (C) any claim relating to the quality, accuracy or performance of the Customer Materials; (ii) any of Customer’s products or services; and (iii) Use of the Subscription Services by Customer or its Authorized Users in a manner that is not in accordance with this Agreement or the Documentation, including, without limitation, any breach of the license restrictions in Section 2(c), and in each case, will indemnify and hold harmless Company against any damages and costs awarded against Company or agreed in settlement by Customer (including reasonable attorneys’ fees) resulting from such Claim.
  • Indemnification Procedures. The Party seeking defence and indemnity (the “Indemnified Party”) will promptly (and in any event no later than thirty (30) days after becoming aware of facts or circumstances that could reasonably give rise to any Claim) notify the other Party (the “Indemnifying Party”) of the Claim for which indemnity is being sought, and will reasonably cooperate with the Indemnifying Party in the defence and/or settlement thereof. The Indemnifying Party will have the sole right to conduct the defence of any Claim for which the Indemnifying Party is responsible hereunder (provided that the Indemnifying Party may not settle any Claim without the Indemnified Party’s prior written approval unless the settlement is for a monetary amount, unconditionally releases the Indemnified Party from all liability without prejudice, does not require any admission by the Indemnified Party, and does not place restrictions upon the Indemnified Party’s business, products or services). The Indemnified Party may participate in the defense or settlement of any such Claim at its own expense and with its own choice of counsel or, if the Indemnifying Party refuses to fulfill its obligation of defense, the Indemnified Party may defend itself and seek reimbursement from the Indemnifying Party.

9. DISCLAIMER

THE SERVICES AND COMPANY IP ARE PROVIDED “AS IS”, AND COMPANY MAKES NO WARRANTIES OR REPRESENTATIONS TO CUSTOMER, ITS AUTHORIZED USERS OR TO ANY OTHER PARTY REGARDING THE COMPANY IP OR THE SERVICES. TO THE MAXIMUM EXTENT PERMITTED BY APPLICABLE LAW, COMPANY HEREBY DISCLAIMS ALL WARRANTIES AND REPRESENTATIONS, WHETHER EXPRESS OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, ANY IMPLIED WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE OR NON-INFRINGEMENT, AND ANY WARRANTIES ARISING OUT OF COURSE OF DEALING OR USAGE OF TRADE. WITHOUT LIMITING THE FOREGOING, COMPANY HEREBY DISCLAIMS ANY WARRANTY THAT USE OF THE SERVICES WILL BE ERROR-FREE, BUG-FREE OR UNINTERRUPTED.

10. Limitations of Liability

  • Exclusion of Damages. EXCEPT FOR THE PARTIES’ LIABILITY FOR FRAUD OR WILLFUL MISCONDUCT AND FOR CUSTOMER’S LIABILITY FOR THE BREACH OF COMPANY’S INTELLECTUAL PROPERTY RIGHTS, THE BREACH OF THE LICENSE GRANTED TO CUSTOMER HEREUNDER, OR THE BREACH OF CUSTOMER’S PAYMENT OBLIGATIONS, IN NO EVENT WILL EITHER PARTY BE LIABLE FOR ANY INCIDENTAL, SPECIAL, EXEMPLARY, PUNITIVE OR CONSEQUENTIAL DAMAGES, OR ANY LOSS OF INCOME, DATA, PROFITS, REVENUE OR BUSINESS INTERRUPTION, OR THE COST OF COVER OR SUBSTITUTE SERVICES OR OTHER ECONOMIC LOSS, ARISING OUT OF OR IN CONNECTION WITH THIS AGREEMENT, THE COMPANY IP OR THE PROVISION OF THE SERVICES, WHETHER SUCH LIABILITY ARISES FROM ANY CLAIM BASED ON CONTRACT, WARRANTY, TORT (INCLUDING NEGLIGENCE), STRICT LIABILITY OR OTHERWISE, AND WHETHER OR NOT SUCH PARTY WAS ADVISED OF THE POSSIBILITY OF SUCH LOSS OR DAMAGE.
  • Total Liability. IN NO EVENT WILL COMPANY’S TOTAL AND AGGREGATE LIABILITY TO CUSTOMER OR ITS AUTHORIZED USERS IN CONNECTION WITH THIS AGREEMENT, THE COMPANY IP OR THE PROVISION OF THE SERVICES EXCEED THE FEES ACTUALLY PAID BY CUSTOMER TO COMPANY IN THE TWELVE (12) MONTH PERIOD PRECEDING THE EVENT GIVING RISE TO THE CLAIM, REGARDLESS OF THE LEGAL OR EQUITABLE THEORY ON WHICH THE CLAIM OR LIABILITY IS BASED, AND WHETHER OR NOT COMPANY WAS ADVISED OF THE POSSIBILITY OF SUCH LOSS OR DAMAGE.
  • Basis of the Bargain. THE PARTIES HEREBY ACKNOWLEDGE AND AGREE THAT THE LIMITATIONS OF LIABILITY IN THIS SECTION 10 ARE AN ESSENTIAL PART OF THE BASIS OF THE BARGAIN BETWEEN COMPANY AND CUSTOMER, AND WILL APPLY EVEN IF THE REMEDIES AVAILABLE HEREUNDER ARE FOUND TO FAIL THEIR ESSENTIAL PURPOSE.

11. Term and Termination

  • Term. The initial term of this Agreement begins on the Effective Date and expires at the end of the subscription period for the Plan (the “Initial Term”). Following the Initial Term, this Agreement will automatically renew for additional periods equal to the Initial Term (each, a “Renewal Term,” and together with the Initial Term, the “Term”), unless either Party cancels or terminates the subscription in accordance with Section 11(b).
  • Termination. Customer may decide to cancel its subscription at any time through its account on Company’s website or mobile application. Customer understands that such cancellation will only take effect at the end of the then current term, and no refund will be issued to Customer under any circumstances. In addition to Company’s termination rights under Sections 3(c) and 8(b) of this Agreement, Company may terminate this Agreement, effective on written notice to Customer, if Customer materially breaches this Agreement, and such breach remains uncured thirty (30) days after the date of Company’s notice to Customer.
  • Survival. This Section 11(c) and Sections 4(c), 5, 7, 8, 9, 10, 11(c), 11(d), 12, 14 and 16 survive any termination or expiration of this Agreement.

12. Trademarks

  • Customer hereby grants Company a limited, non-exclusive, royalty-free license to use and display Customer’s name, designated trademarks and associated logos (the “Customer Marks”) during the Term in connection with (i) the hosting, operation and maintenance of the Subscription Services; and (ii) Company’s marketing and promotional efforts for its products and services, including by publicly naming Customer as a customer of Company and case studies. All goodwill and improved reputation generated by Company’s use of the Customer Marks inures to the exclusive benefit of Customer. Company will use the Customer Marks in the form stipulated by Customer and will conform to and observe such standards as Customer prescribes from time to time in connection with the license granted hereunder.

13. Force Majeure

Neither Party will be responsible for any failure or delay in the performance of its obligations under this Agreement (except for any payment obligations) due to causes beyond its reasonable control, which may include, without limitation, labor disputes, strikes, lockouts, shortages of or inability to obtain energy, raw materials or supplies, denial of service or other malicious attacks, telecommunications failure or degradation, pandemics, epidemics, public health emergencies, governmental orders and acts (including government-imposed travel restrictions and quarantines), material changes in law, war, terrorism, riot, or acts of God.

14. Governing Law

This Agreement will be governed by and construed in accordance with the laws of the State of California, without regard to or application of conflict of laws rules or principles. The parties agree that the United Nations Convention on Contracts for the International Sale of Goods will not apply. All disputes under this Agreement shall be submitted to the exclusive jurisdiction of the federal or state courts located in the County of Santa Clara, California, and the parties hereby waive any objection to the jurisdiction and venue of such courts.

15. Assignment

This Agreement, or any of its rights or any materials provided hereunder, may not be assigned or otherwise transferred by either party to any other person or entity, whether by operation of law or otherwise, without the other party's express written consent, which shall not be unreasonably withheld or delayed and any such attempted assignment not permitted by either party shall be void and of no effect; provided, however, that such consent of the other party shall not be required with respect to an assignment or transfer by either party to (i) any corporate affiliate of such party; or (ii) an acquirer of all or substantially all of the assets or capital stock of such party related to this Agreement, whether through purchase, merger, consolidation or otherwise. Any permitted assignment or transfer of or under this Agreement shall be binding upon, and inure to the benefit of, the successors, executors, heirs, representatives, administrators and permitted assigns of the parties hereto.

16. General

All notices or approvals required or permitted under this Agreement will be in writing and delivered by confirmed email transmission, by overnight delivery service, or by certified mail, and in each instance will be deemed given upon receipt. This Agreement (including any exhibit, annex and appendix hereto) is the complete and exclusive understanding and agreement between the parties regarding its subject matter, and supersedes all proposals, understandings or communications between the parties, oral or written, regarding its subject matter, unless Customer and Company have executed a separate agreement governing use of the Subscription Services. The parties to this Agreement are independent contractors and this Agreement will not establish any relationship of partnership, joint venture, employment, franchise, or agency between the parties. Neither party will have the power to bind the other or incur obligations on the other’s behalf without the other’s prior written consent. All notices or approvals will be sent to 75E Santa Clara Street, 95113 San Jose for notices to the Company and to the email address associated with Customer’s account for notices to Customer. Except as expressly set forth in this Agreement, the exercise by either party of any of its remedies under this Agreement will be without prejudice to its other remedies under this Agreement or otherwise. The failure by either party to enforce any provision of this Agreement will not constitute a waiver of future enforcement of that or any other provision. Any waiver, modification or amendment of any provision of this Agreement will be effective only if in writing and signed by authorized representatives of both parties. If any provision of this Agreement is held to be unenforceable or invalid, that provision will be enforced to the maximum extent possible, and the other provisions will remain in full force and effect.

16. Subscription Services; Access and Use

1. Support Services Company will use commercially reasonable efforts to provide the following technical support services (“Support Services”):
  • Electronic support through the available chat within the administrative section of Company’s website designed to help Customer locate and correct defects in the Subscription Services, with service available 8 hours a day, from Monday to Friday.
  • Online support center available at https://resources.crystal.ai/en/ 24 hours a day, 7 days a week for self-service technical assistance including (i) viewing updates to supported platforms and hardware; and (ii) accessing product documentation, technical articles, and FAQs.
2. Response Goals Company will use commercially reasonable efforts to meet the following response goals:

Problem Severity

Problem Severity

Critical - Critical production defect* affecting all users inside the tenant
Company will acknowledge receipt of Customer’s request and assign a technician to the matter (“Respond”) within 8 business hours.
Major - A defect that causes unavailability or major performance degradation of one of the features/functionalities
Company will Respond within 24 business hours.
Minor Partial, non-critical loss of use of the service with a medium-to-low impact on your business
Company will Respond within 72 business hours.
Cosmetic - User Interface bugs.
Company will Respond within 120 business hours.

Privacy notice

iGenius, Inc., a Delaware corporation with a place of business at 75E Santa Clara Street, 95113 San Jose (hereinafter referred to as ‘we’, ‘our’, ‘us’), as Data Controller of the processing described hereinafter, takes privacy and personal data protection extremely seriously. This document has therefore been produced to provide you, also to comply with Section 13 of the General Data Protection Regulation ("GDPR"), with information on the purpose and means used to process your Personal Data which are collected when browsing on our website (https://crystal.ai - hereinafter referred to as the “Website”), using services reserved for registered users, communicating with our operators or using our live chat system (hereinafter jointly referred to as “Crystal Services”). Please note that, unless otherwise defined herein, all the capitalized words shall have the same meaning provided by Article 4 GDPR.

We may collect information about you when:
  • You request information about our services using the contact form;
  • You browse our website or use services reserved for registered users;
  • You communicate with us using the live chat.

In particular, we need to process the Personal Data which you provide when registering or requesting a service. With your consent, we can also use other information which you freely provide when registering or related to the methods you use to communicate with us (hereinafter jointly referred to as “Data”).

This Privacy Notice (along with our General Terms and Conditions applicable to related services, our Cookies Policy) sets out the basis on which your Data will be processed.

1. Which personal Data will we use?

i. Browsing data

When you visit our Website may collect, in accordance with applicable laws and where required with your consent, information relating to the devices you use and the networks you are connected to when using our services. This may include the following information: your IP address, log-in information, browser type and version, browser plug-in types and versions, operating system and platform, advertising identifier and information about your visit including the URL clickstream. We collect this information using tracking technologies including cookies (for further information please refer to our Cookie Policy).

Including cookies (for further information please refer to our Cookie Policy). We may also use third-party tools to process analytics information on our Services. Some of our analytics partners include:

ii. Data collected when using Crystal Services

To create an account on the Crystal Services or use our product demo, you/your employer must provide your full name, email, employer, and role. When you use Crystal Services, we will process the Data needed to guarantee your full enjoyment of these services, including, for example, log in data, pages visited, your requests, your communications and other additional information which you may freely provide during the usage of the Crystal Services. We may also process audio (which may contain your voice) if you use our speech recognition features.

An Important Note: This Privacy Policy does not apply to any of the personal information that our customers may process using Crystal Services as data controllers (“Customer Data”). Our customers’ respective privacy policies govern the collection and use of Customer Data. Our processing of Customer Data is governed by the contracts that we have in place with our customers, not this Privacy Policy. Any questions or requests relating to Customer Data should be directed to our customer.

2. For what purposes will we use your Data and on the basis of which legal requirements?

We will use your Data with the use of electronic systems:
  • To allow you to browse the Website and use the Crystal Services. Your Data will be used to provide you with the services requested and, more generally, to comply with all related contractual and administrative obligations.
  • To meet legal obligations or comply with any orders from legal authorities.
  • To meet our legitimate interest to anonymize, aggregate and use of Data related to your usage of the Crystal platform for the Crystal Services product enhancement.

Providing your Data is optional, but refusal to do so, in part or in full, may prevent us from correctly meeting your specific requests.

With your consent, we can also use your Data for the following purposes:

  • sending you by email newsletters, information about products and services provided by us (also about products or services different from those which you purchased), offers and promotions, and for carrying out market research.
  • Studying your preferences and the methods you use to communicate with us. In particular, in order to gain a better understanding of your tastes and interests in our products and services, we may examine, occasionally using automated systems, the information provided when you register on the Website, your use of Crystal Services, and your interest in communications and newsletters which we send you. In any case, these profiling activities are not capable of producing legal effects in your regard or of having significant effects on you as an individual.

The provision of Crystal Services and/or the handling of information which you request will not in any way be affected by whether you give consent as set out at point cd and e) above in this Section 2.

In the light of the above, the so-called “lawful basis of processing”, as per Regulation EU No. 679/2016 (General Data Protection Regulation or “GDPR”), specifically are:

  • For the purpose as per Point 2.a) above, the lawful basis is answering your requests also for contractual or pre-contractual purposes (Article 6.1.b of the GDPR);
  • For the purpose as per Point 2.a) above, the lawful basis is answering your requests also for contractual or pre-contractual purposes (Article 6.1.b of the GDPR);
  • For the purpose as per Point 2.a) above, the lawful basis is answering your requests also for contractual or pre-contractual purposes (Article 6.1.b of the GDPR);
  • For the purpose as per Point 2.a) above, the lawful basis is answering your requests also for contractual or pre-contractual purposes (Article 6.1.b of the GDPR);

3. How long will we keep your Data for?

Your Data will only be processed for the period of time strictly necessary to fulfil the purposes for which they were collected, with regard to the regulations in force.

In any case, for the purposes of marketing and/or profiling (as per points c) and d) of Section 2 above), Data regarding the details of your purchases will not be processed for a period exceeding 12 months. In the same way, the information regarding your communications with us will not be retained for a period exceeding 12 months.

4. Who will we share your Data with?

So that the activities related to the Website function properly, your personal data indicated above may be accessed by employee staff, as well as by non-employee personnel appointed by us that need to process the personal data to carry out their duties (for example, digital function, administration, and customer service).

Your Data may be shared, also for administrative purposes, with our subsidiary, parent and partner companies, for purposes of delivering the Crystal Services requested, with third party service providers involved in activities carried out by us (e.g. IT services). These parties will occupy the role of Data Processors.

We or any our assets, including the Website, may be sold, or other transactions may occur in which your personal data is one of the business assets of the transaction. In such case, your personal data may be transferred, either as part of the transaction or during any due diligence process.

Lastly, we may share information with government and law enforcement authorities and with other parties involved in, or contemplating, legal proceedings to comply with a legal obligation, when we believe in good faith that the law requires it, or where this is necessary for us or for third parties to protect our or their rights, property, safety or security.

5. Where and how we retain your personal data?

iGenius Inc. is a company governed by US law. Albeit the fact that the processing will be mainly conducted within EEA, your Data may be transferred outside the territory of the European Union, in particular to the USA, or to other countries where the level of data protection may be less stringent than that ensured by European regulations.

In any event, such transfers shall take place in compliance with appropriate guarantees for the protection of your Data and, in particular, the standard contractual clauses approved by the EU Commission in Decision No. 2010/87/EC.

Your personal data is mainly processed electronically, and in some cases also in paper format.

6. How can you modify your preferences or withdraw your consent?

You can check, modify or withdraw your consent with regard to the purposes set out in letters (d) and (e) at Section 2 above at any time. You just need to modify the settings in your settings area or contact us at the contact details below.

Do Not Track (“DNT”) is a privacy preference that users can set in certain web browsers. Please note that we do not respond to or honor DNT signals or similar mechanisms transmitted by web browsers.

”You may stop or restrict the placement of tracking technologies on your device or remove them by adjusting your preferences as your browser or device permits. See our Cookie Policy for more information. However, if you adjust your preferences, our Services may not work properly. Please note that cookie-based opt-outs are not effective on mobile applications. However, you may opt-out of personalized advertisements on some mobile applications by following the instructions for Android, iOS and others.

The online advertising industry also provides websites from which you may opt out of receiving targeted ads from data partners and other advertising partners that participate in self-regulatory programs. You can access these and learn more about targeted advertising and consumer choice and privacy by visiting the Network Advertising Initiative, theDigital Advertising Alliance, the European Digital Advertising Alliance, and the Digital Advertising Alliance of Canada.

7. Which rights can you exercise?

You may have the right under applicable law to access your personal data and, if necessary, have it amended or deleted or restricted. You may also ask us to provide some types of personal data to you, or another organisation nominated by you, in a structured and machine readable format.

You can object to the processing of your personal data in some circumstances (in particular, where we don’t have to process the information to meet a contractual or other legal requirement), at any time either through the opt-out link at the bottom of our marketing e-mails, (in case of marketing, or by contacting us at the contact details indicated below).

These rights can be limited – for example where we need your personal data (i) to comply with the law or (ii) to the interest of iGenius will prevail, or (iii) where providing your information would reveal personal data about another person.

You also have a right to complain to an EU data protection authority where you live, work or where you believe a breach may have occurred.

For more details or any privacy questions please contact us by email at legal@igenius.ai or write to us at the relevant address above. You can also contact our Data Protection Officer at igenius.dpo@legalmail.itIn accordance with Article 27 of Regulation (EU) 2016/679, iGenius Inc. has appointed iGenius S.r.l., with registered office in Via Manin, 3, 20121 Milan Italy, as its representative in the European Union.

8. How can you modify your preferences or withdraw your consent?

iGenius, Inc.
with registered office in:
75E Santa Clara Street, 95113 San Jose
Email: legal@igenius.ai
Certified email: igenius@legalmail.it

9. Children’s Privacy

The Services are not directed to children under 18 (or other age as required by local law), and we do not knowingly collect personal information from children.

If you learn that your child has provided us with personal information without your consent, you may contact us as set forth below. If we become aware that a child has provided us with personal information in violation of applicable law, we will delete any personal information we have collected, unless we have a legal obligation to keep it, and terminate the child’s account as applicable.

10. Changes to this privacy notice

This privacy notice may be amended or updated, in full or in part, which may be as a result of changes to the applicable law. We will keep you informed as required under applicable law of any substantial changes which affect how your Data is processed.

In any case, we invite you to periodically consult the updated privacy notice published on the Website.

Effective Date: This Privacy Policy was updated November 5th, 2020 and is effective as of that date

Cookie policy

This Cookie Policy is designed to inform you of this website (the ‘Website’ and also ‘we’, ‘our’, ‘us’) as to how cookies are managed. It is an integral part of our Privacy Policy, which can be found here.

1. Which personal Data will we use?

Cookies are small text files that the websites visited by the user send and record on his/her personal computer or mobile device, these cookies are then re-transmitted to the same websites upon the user's subsequent visit. Precisely because of cookies, a website remembers the user's actions and preferences (such as login data, etc.) in such a way that they do not have to be newly indicated when the user returns to visit the above-mentioned website or browse from one page to another. Therefore, cookies are used to perform computer authentications, to monitor sessions and store information concerning the activities of the users who access a website.

Cookies may also contain a unique identification code that enables a user's browsing within the website to be tracked for statistical or advertising purposes. While browsing a website, the user may also receive cookies from websites or web servers other than the one he/she is visiting (so-called "third-party" cookies) on his/her computer or mobile device. Some operations may not be able to be performed without the use of cookies, which in some cases are, therefore, technically necessary for the functioning of the above-mentioned website.There are various types of cookies, according to their characteristics and functions, and these can remain on the user's computer or mobile device for different periods of time: so-called session cookies, which are automatically deleted when the browser is closed; so-called persistent cookies, which remain on the user's devices until a predetermined deadline.

"Technical cookies", namely cookies used for the sole purpose of transmitting a communication over an electronic communications network, or used to the extent strictly necessary to provide a service explicitly requested by the user, do not require the user's consent. In other words, these are cookies that are indispensable for the operation of the website or that are necessary to perform activities requested by the user.

Among the technical cookies which do not require express consent for their use, also include:

  • "cookie analytics", where used directly by the webmaster to collect information, in aggregate form, on the number of users and how they visit the website,
  • browsing or session cookies, which ensure normal browsing and accessibility of the website (allowing, for example, to make a purchase or login to access restricted areas);

Conversely, for "profiling cookies", that is, those designed to create user profiles and used to send advertising messages in line with the preferences expressed by the same user in the context of web-browsing, the user's prior consent is required.

2. Cookies used on the website

2.1 Essential cookies

Name

Characteristics and purpose

Storage term

accept-cookie
Saves your cookie preferences when accessing the site for the first time
1 year
home-loading
Makes it possible to know if the homepage is loading or not
1 day
Local storage: LANG - access_token, debug, hello, intercom-state, user
These cookies improve the performance and functionality of the browser by storing some application data
Until removed by the user.
Session storage: intercom.played-notifications
These cookies improve the performance and functionality of the browser by storing some application data
Until the end of the session.

2.2 Third-party cookies

Source

Cookie

Characteristics and purpose

Storage term

Storage term

Google Analytics
_ga
used for tracking in Google Analytics
2 years
https://tools.google.com/dlpage/gaoptout
Company will Respond within 72 business hours.
_gid
used for tracking in Google Analytics
used for tracking in Google Analytics
https://tools.google.com/dlpage/gaoptout
used for tracking in Google Analytics
ajs_anonymous_id, ajs_group_id, ajs_user_id
used by Google Analytics to track if a user has already visited the website
2 years
https://tools.google.com/dlpage/gaoptout
Facebook
_fbp
Used by Facebook to provide a series of advertising products as real-time offers from third-party advertisers
3 months
https://www.facebook.com/policy/cookies/
Intercom
intercom-id
Integration with Intercom's technical support
1 months
https://www.intercom.com/terms-and-policies#terms
AppSumo
appsumo-modal-dismissed
Tracks preferences regarding AppSumo notifications
1 years
https://appsumo.com/privacy/

3. How to disable cookies through your browser

Most browsers are set to accept cookies by default. You can modify those settings to block cookies or to stop certain cookies from being saved to your device. There are different ways to manage cookies. Please refer to the technical guide and/or the help section of your browser to manage or change your browser settings. If you use different devices (e.g. computers, smartphones, tablets, etc.), you must ensure that each browser on each device is set to reflect your cookie preferences.We've included a few useful links to the policies of the main web browsers below:

Internet Explorer™: http://windows.microsoft.com/

Disclaimer

The information contained on https://crystal.ai website and crystal mobile app (the "Service") is for general information purposes only.

iGenius Inc. assumes no responsibility for errors or omissions in the contents on the Service.

In no event shall iGenius Inc. be liable for any special, direct, indirect, consequential, or incidental damages or any damages whatsoever, whether in an action of contract, negligence or other tort, arising out of or in connection with the use of the Service or the contents of the Service. iGenius Inc. reserves the right to make additions, deletions, or modification to the contents on the Service at any time without prior notice.

iGenius Inc. does not warrant that the Service is free of viruses or other harmful components.

External links disclaimer

https://crystal.ai website and crystal mobile app may contain links to external websites that are not provided or maintained by or in any way affiliated with iGenius Inc.

Please note that the iGenius Inc. does not guarantee the accuracy, relevance, timeliness, or completeness of any information on these external websites.

Crystal Authorized Users Terms Of Use

These Authorized Users Terms of Use (the “Terms”) govern your access and use of the products and services made available to you by iGenius, Inc. (“Company”, “us” “our”) including, without limitation, our website located at https://igenius.ai/ and the Crystal platform (collectively the “Subscription Services”). Please read them carefully. Please also review our Privacy Policy available at https://crystal.ai/en/legal/privacy/, which also governs your use of the Subscription Services, for information on how we collect, use and share your information. By using the Subscription Services, you agree to be bound by these Terms and our Privacy Policy. If you don’t agree to be bound by the foregoing, do not use the Subscription Services.

IMPORTANT NOTICE REGARDING ARBITRATION: WHEN YOU AGREE TO THESE TERMS YOU AGREE TO RESOLVE ANY DISPUTE BETWEEN YOU AND COMPANY THROUGH BINDING, INDIVIDUAL ARBITRATION RATHER THAN IN COURT. PLEASE REVIEW CAREFULLY THE “GOVERNING LAW; DISPUTE RESOLUTION” SECTION BELOW FOR DETAILS REGARDING ARBITRATION.

You are an Authorized User (as defined below) on a platform controlled by one of our customers (each a “Customer”) which could be your employer or an organization with which you have a work relationship. The Customer has provided you the access to the Subscription Services.

Customer has separately agreed to our Terms & Conditions (the “Agreement”) that permitted Customer to create and configure a workspace so that you and others could join and use the Subscription Services (each invitee granted access to the Subscription Services, including you, is an “Authorized User”).

The Agreement contains the rules governing Customers and their Authorized Users’ use of the Subscription Services.

Use Restrictions

You may use the Subscription Services only if you are 18 years old or older and capable of forming a binding contract, and not otherwise barred from using the Subscription Services under applicable law.

At any time, an Authorized User will not, directly or indirectly:

  1. use the Subscription Services in any manner beyond the scope expressly granted to you by the Customer;
  2. modify or create derivative works of the Subscription Services or documentation related to the same, in whole or in part;
  3. reverse engineer, disassemble, decompile, decode or otherwise attempt to derive or gain improper access to any software component of the Subscription Services, in whole or in part;
  4. frame, mirror, sell, resell, rent or lease use of the Subscription Services to any other person, or otherwise allow any person to use the Subscription Services for any purpose other than for the benefit of Customer in accordance with this Agreement;
  5. use the Subscription Services or the related documentation in any manner or for any purpose that infringes, misappropriates, or otherwise violates any intellectual property right or other right of any person, or that violates any applicable law;
  6. interfere with, or disrupt the integrity or performance of, the Subscription Services, or any data or content contained therein or transmitted thereby;
  7. access or search the Subscription Services (or download any data or content contained therein or transmitted thereby) using any engine, software, tool, agent, device or mechanism (including spiders, robots, crawlers or any other similar data mining tools) other than software or Subscription Services features provided by Company for use expressly for such purposes.

Customer's Obligation

You agree that it is Customer’s sole responsibility to (a) inform you and any other Authorized User of any relevant Customer policies and practices related to the use and any settings that may impact your use of the Subscription Services; and (b) respond to and resolve any dispute with you and Customer or you and any other Authorized User relating to the Subscription Services or Customer’s failure to fulfill these obligations.

IGENIUS MAKES NO REPRESENTATIONS OR WARRANTIES OF ANY KIND, WHETHER EXPRESS OR IMPLIED, TO YOU RELATING TO THE SUBSCRIPTION SERVICES, WHICH ARE PROVIDED TO YOU ON AN “AS IS” AND “AS AVAILABLE” BASIS. WITHOUT LIMITING THE FOREGOING, WE EXPLICITLY DISCLAIM ANY IMPLIED WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT AND NON-INFRINGEMENT, AND ANY WARRANTIES ARISING OUT OF COURSE OF DEALING OR USAGE OF TRADE. WE MAKE NO WARRANTY THAT THE SERVICES WILL MEET YOUR REQUIREMENTS OR BE AVAILABLE ON AN UNINTERRUPTED, SECURE, OR ERROR-FREE BASIS.

Limitation of Liability

IN NO EVENT WILL COMPANY BE LIABLE TO YOU FOR ANY LOST PROFITS OR REVENUES OR FOR ANY INDIRECT, SPECIAL, INCIDENTAL, CONSEQUENTIAL, COVER OR PUNITIVE DAMAGES HOWEVER CAUSED, WHETHER IN CONTRACT, TORT OR UNDER ANY OTHER THEORY OF LIABILITY, AND WHETHER OR NOT THE PARTY HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. TO THE MAXIMUM EXTENT PERMITTED BY APPLICABLE LAW, IN NO EVENT WILL COMPANY’S TOTAL LIABILITY ARISING OUT OF OR IN CONNECTION WITH THESE TERMS OR FROM THE USE OF OR INABILITY TO USE THE SUBSCRIPTION SERVICES EXCEED $100.

Governing Law; Dispute Resolution

We each agree that any dispute, claim or controversy arising out of or relating to these Terms or the breach, termination, enforcement, interpretation or validity thereof or the use of the Subscription Services (collectively, “Disputes”) will be resolved SOLELY BY BINDING, INDIVIDUAL ARBITRATION AND NOT IN A CLASS, REPRESENTATIVE OR CONSOLIDATED ACTION OR PROCEEDING (“Class Action Waiver”). You agree that the U.S. Federal Arbitration Act governs the interpretation and enforcement of these Terms, and that we are each waiving the right to a trial by jury or to participate in a class action. This arbitration provision shall survive termination of these Terms and if it is found to be unenforceable, then the entirety of this Dispute Resolution Section shall be null and void.

Any arbitration hearings will take place in the County of Santa Clara, California, unless we both agree to a different location. The arbitration will be conducted by the American Arbitration Association (“AAA”) under its Consumer Arbitration Rules (the “AAA Rules”) then in effect, except as modified by these Terms. The AAA Rules are available at www.adr.org or by calling 1-800-778-7879. A party who wishes to start arbitration must submit a written Demand for Arbitration to AAA and give notice to the other party as specified in the AAA Rules. The AAA provides a form Demand for Arbitration at www.adr.org. Payment of all filing, administration and arbitrator fees will be governed by the AAA Rules, and neither of us will seek to recover the administration and arbitrator fees we are each responsible for paying, unless the arbitrator finds your Dispute frivolous. If we prevail in arbitration we’ll pay all of our attorneys’ fees and costs and won’t seek to recover them from you. If you prevail in arbitration you will be entitled to an award of attorneys’ fees and expenses to the extent provided under applicable law.

As limited exceptions to the foregoing: (i) we both may seek to resolve a Dispute in small claims court if it qualifies; and (ii) we each retain the right to seek injunctive or other equitable relief from a court to prevent (or enjoin) the infringement or misappropriation of our intellectual property rights.

Assignment

You may not assign any of your rights or delegate the access to your account under these Terms, whether by operation of law or otherwise, without the prior written consent of us (not to be unreasonably withheld). We may assign these Terms in their entirety (including all terms and conditions incorporated herein by reference), without your consent, to a corporate affiliate or in connection with a merger, acquisition, corporate reorganization, or sale of all or substantially all of our assets.

Modifications

As our business evolves, we may change these Terms. If we make a material change to the Terms, we will provide you with reasonable notice prior to the change taking effect either by emailing the email address associated with your account or by messaging you through the Subscription Services. You can review the most current version of the present Terms at any time by visiting this page at the following link https://crystal.ai/en/legal/terms-and-conditions/.

Any material revisions to these Terms will become effective on the date set forth in our notice, and all other changes will become effective on the date we publish the change.

Severability

These Terms will be enforced to the fullest extent permitted under applicable law. With the exception of the Class Action Waiver in the “Governing Law; Dispute Resolution” Section above, if any provision of the Terms is held by a court of competent jurisdiction to be contrary to law, the provision will be modified and interpreted so as best to accomplish the objectives of the original provision to the fullest extent permitted by law, and the remaining provisions of the Terms will remain in effect.

Waiver

Company’s failure to enforce any right or provision of these Terms will not be considered a waiver of such right or provision. The waiver of any such right or provision will be effective only if in writing and signed by a duly authorized representative of the Company.

Termination of the account

These Terms remain effective until Customer’s subscription for you expires or terminates, or your access to the Subscription Services is terminated by Customer or us. Please contact Customer at any time and for any reason if you wish to terminate your account.

Survival

The sections titled “Limitation of Liability,” “Survival,” “Assignment”, “Severability” will survive any termination or expiration of the Terms.

Exhibit 1

This Exhibit is intended for the purpose of complying with the requirements under Article 28 of the Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 (hereinafter, the "GDPR”) and applies only in case of:
(i) EU Customers and
(ii) non-EU Customers using the Subscription Services
- for their EU businesses, or
- as part of their offer of goods or services to individuals in the EU, or
- for monitoring the behaviour of individuals as far as their behaviour takes place within the EU.

DATA PROCESSING AGREEMENT

Between
iGenius, Inc., a Delaware corporation with a place of business at 75E Santa Clara Street, 95113 San Jose (“Company”)
and
the customer, as per the definition provided in the iGenius Software Subscription Services Agreement in force between Company and the Customer ("Agreement")
Whereas

The Customer and the Company have entered into the Agreement for the Use of the System, as defined in the Terms of Service (https://crystal.ai/en/legal/terms-and-conditions/), namely to analyse Customer's Personal Data by means of machine learning and Artificial Intelligence provided through iGenius System, for the purpose of providing analytics insights. and - in order to execute said Agreement - the Company shall also perform on behalf of the Customer certain processing operations of Personal Data under the control of the Customer, which fall under the application of the European and EU national data protection legislation (hereinafter, the "Data").

The nature, duration and purpose of the processing, as well as the type of Personal Data and the categories of data subjects, are specifically identified in Annex A (hereinafter, the "Processing").

The Customer, considering the nature, object, context and purpose of the Processing and assessing the risk, in terms of probability and severity, that the Processing may entail for the rights and freedoms of the data subjects, has deemed that the Company provides sufficient guarantees to implement technical and organisational measures appropriate to the Processing, in order to meet the requirements of the GDPR and ensure the protection of the data subject's rights.

Therefore, by signing this agreement (hereinafter, the "DPA") the parties intend to regulate their mutual relations regarding the Data Processing carried out by the Company on behalf of the Customer, as per terms below.

DATA PROCESSING AGREEMENT

1. Premises and Annexes

Premises, Annexes and Appendixes form an integral part of this Agreement.

2. Premises and Annexes

2.1 Premises, Annexes and Appendixes form an integral part of this Agreement.

  • Adequacy Decision” means a decision of the European Commission on the basis of Article 45(3) of the GDPR that the laws of a given country ensure an adequate level of protection as required by the Data Protection Legislation;
  • Data Breach” means a security breach of leading to the accidental or unlawful destruction, loss, alteration, or unauthorised disclosure of, or access to the Personal Data transmitted, stored or otherwise processed;
  • Data Processor Personnel” means the officers, employees, agents, consultants, representatives and any other person that work under the authority of the Company, with the exception of the Sub-Processor's personnel;
  • Data Protection Legislation” means, in the EU Member States, the GDPR and the complementary data protection laws, including any guidance and/or codes of practice issued by the relevant Data protection supervisory authority within the EU, and/or, in non-EU Member States, any applicable data protection law relating to the safeguarding and lawful processing of Personal Data;
  • Personal Data” means any information relating to an identified or identifiable natural person; an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person. To avoid doubts, “Personal Data” has the meaning as set forth in the GDPR and any other applicable Data Protection Legislation;
  • Request” means a data subject access request or request to erase or correct its Personal Data or any other data subject request according to Articles 15-22 of the GDPR;
  • Security Breach” means any accidental, unauthorized or unlawful destruction, loss, alteration, or disclosure of, or access to the Personal Data in the course of providing the Services;
  • Special Category of Personal Data” shall have the meaning given to it in the Article 9 of the GDPR. If the Data Processor also processes those categories (as listed in Annex A), references in this Agreement to "Personal Data" includes also "Special Category of Personal Data"; and
  • Sub-Processor” means any sub-contractor to which the Company has sub-contracted, or outsourced, any of its obligations under the DPA and, in performing such obligations, the sub-processor will receive and process Personal Data of the Customer.

2.2 This DPA supersedes and extinguishes all other agreements, arrangements and understandings executed between the parties, whether written or oral, in relation to processing of Personal Data for the purposes of providing the Subscription Services.

2.3 Unless expressly agreed otherwise in writing by the parties, where there is any inconsistency between the terms of this DPA and any other privacy term of any service agreement in force between the parties, the terms of this DPA shall take precedence.

2.4 For the purposes of this DPA "data subject", "processing", "transfer (in the context of Personal Data transfers)" and "appropriate technical and organisational measures" shall be interpreted in accordance with the Data Protection Legislation, as defined above.

3. Subject Matter of the Agreement

3.1 The purpose of this DPA is to regulate - in compliance with the provisions of the GDPR - the obligations and rights of the Company and Customer with regard to the Processing.

4. Subject-Matter

4.1 The Company is authorized, as a processor acting under Customer's instruction, to process the Customer’s Personal Data to the extent necessary to provide the Subscription Services under the Agreement.

4.2 The nature of operations carried out by Company on Personal Data may be computing, and/or any such other services under the Agreement, as described in Annex A to this DPA.

4.3 The type of Personal Data and the categories of data subjects are determined and controlled by the Customer, at its sole discretion.

4.4 The processing activities are performed by Company for the duration provided in the Agreement or the duration of this DPA, if shorter.

4.5 Details of the scope of processing under this DPA are summarized in Annex A. Any changes to the processing of Personal Data under the Agreement will be reflected by the parties amending Annex A to this DPA.

5. Company Obligations

5.1 The Company undertakes to:

  • process the Personal Data uploaded and used by Customer as part of the Agreement for the delivery of the Subscription Services only as necessary to provide the services relevant to execute the Agreement and in accordance with documented instructions from the Customer. If Company is required to process the Personal Data for any other purpose by any law to which Company is subject, Company will timely inform Customer of this requirement unless prohibited by such applicable laws;
  • neither access nor use the Personal Data for any other purpose than as needed to carry out the Subscription Services relevant to execute the Agreement;
  • share the Personal Data with third parties only according to the instructions received from Customer, which may include service provider(s) approved according to section 8 below or those engaged by the Customer;
  • ensure that Data Processor Personnel authorized to process Personal Data are subject to a confidentiality obligation and receive appropriate training concerning the protection of Personal Data;
  • inform the Customer, if, in its reasonable opinion and given the information at its disposal, any of the instruction passed by Customer infringes the GDPR or other European Union or European Union Member State data protection provisions, it being acknowledged that Company shall not be obliged to undertake additional work or screening to determine if the instructions are compliant;
  • in case of requests received from a competent authority and relating to Personal Data processed hereunder, to inform Customer (unless prohibited by the applicable laws or a competent authority’s injunction), and to limit the communication of Personal Data to what the authority has expressly requested in case of a request from a EU authority. In case of any request from a non-EU authority, Company will take legal action against any disclosure of Personal Data, and refrain from disclosing the Personal Data, to the relevant authorities until a competent court of last instance has issued a final judgment ordering the disclosure.

5.2 At Customer’s written request, taking into account the nature of the processing, Company will provide Customer with reasonable assistance in relation to the Personal Data processed under this DPA:

  • conducting data protection impact assessments and consultation with competent supervisory authority and in each case solely to the extent that such assistance is necessary and relates to the processing by Company of Personal Data hereunder;
  • providing reasonable transparency about the security measures implemented by Company for its processing operations of Personal Data;
  • in so far as is possible, providing reasonable cooperation and assistance, as may be reasonably required for the purpose of responding to any Request. Such reasonable cooperation and assistance may consist of (i) communicating to Customer any Request eventually received directly from the data subject and (ii) to enable the Customer to design and deploy the technical and organizational measures necessary to answer to Requests, being the Customer, as data controller, solely responsible for responding to such requests;
  • by making available to Customer all information which Customer reasonably requests to allow it to demonstrate that the obligations set out in Article 28 GDPR relating to the appointment of processors have been met.

5.3 Company undertakes to set up technical and organizational measures to ensure the security of Personal Data according to Article 32 GDPR, which will include the technical and organizational security measures listed in Annex C, Appendix 2.

6. Personal Data Breaches

6.1 If Company becomes aware of a Security Breach impacting the Personal Data processed by Company under this DPA (such as unauthorized access, loss, disclosure or alteration of data), Company shall:

  • investigate the Security Breach and take actions to identify and mitigate the effects of the Security Breach and to remedy the Security Breach;
  • notify Customer without undue delay describing (i) the nature of the Security Breach, (ii) the likely consequences of the Security Breach, (iii) the measures taken or proposed to be taken by Company in response to the incident and shall provide its point of contact.

7. Location and Transfer of Personal Data

7.1 Customer hereby authorizes and consents to the Personal Data be processed outside of the European Union in the US or in any other country that is not subject to an Adequacy Decision by the European Commission, to the extent that the transfer is necessary to perform the processing operations under this Agreement and provided that a data transfer agreement which complies with the Standard Contractual Clauses adopted by the European Commission ("SCC"), or any other protection measures recognized as sufficient by the European Commission is implemented between the parties.

7.2 By signing this DPA, the parties enter into the SCCs controller-to-processor as set forth under Annex C to this DPA. Note that any optional standard contractual clauses are expressly not included. The parties agree that: (i) the audits described in Clause 5(f) and Clause 12(2) of the Standard Contractual Clauses shall be carried out in accordance with Section 12 of this Exhibit; (ii) pursuant to Clause 5(h) and Clause 11 of the Standard Contractual Clauses, Company may engage new Subprocessors in accordance with Section 8 of this Exhibit; and (iii) the Subprocessor agreements referenced in Clause 5(j) and certification of deletion referenced in Clause 12(1) of the Standard Contractual Clauses shall be provided only upon Company’s written request. In case of any direct conflict between the provisions under this DPA and the SCCs controller-to-processor, the latter shall prevail.

7.3 In the event that the relevant European Commission decision on SCCs controller-to-processor on which the parties has relied in authorizing the data transfer is held to be invalid, or that any supervisory authority requires transfers of personal data made pursuant to such decision to be suspended, then the parties agree to discuss in good faith and facilitate use of an alternative transfer mechanism.

8. Sub-Processing

8.1 Subject to the provisions of Section 7 “Location and transfer of Personal Data” above, Company may engage third parties to provide the Subscription Services to Customer on its behalf. Customer hereby consents to the designation of these third parties and of the Company's subsidiaries and parent company as Sub-Processors. The above mentioned authorizations shall constitute the prior written consent of the Customer to the Company's subcontracting of the Processing for the provision of the Subscription Services if such consent is required under the SCC under Annex C to this DPA. A list of Company's current Sub-Processors can be found in Annex D herein.

8.2 Company is liable for the compliance of its Sub-Processors with Company's obligations under this DPA. In the designation of these Sub-processors, Company shall ensure, by written contract, that they are authorized to access and use the Data only for the provision of the Subscription Services, with the prohibition to process Data for any other purpose.

8.3 From time to time, Company may engage new Sub-Processors. If so, Company shall send to Customer a notification (updating the website and providing the Company with mechanisms to obtain notification of the update), regarding any new Sub-Processors, at least 15 (fifteen) days before the date when Sub-processor would have access to Data. An updated list of the Company's sub-processors is available upon Customer's request.

8.4 If Customer does not approve a new Sub-Processor for objective and reasonable reasons, Customer may terminate the Agreement without penalty by providing written notice of termination within 30 (thirty) days from the Company notification referred to in Section 8.3, including an explanation of the reasons for the non-approval.

9. Customer's and Controller's Obligations

9.1 For the processing of Personal Data, Customer shall provide to Company in writing any relevant instruction.

9.1 The parties acknowledge that it is the Customer's responsibility to ensure that:

  • the processing of Data as part of the processing by Company on behalf of the Customer has an appropriate legal basis (e.g., data subject’s consent, legitimate interests, authorization from the relevant supervisory authority, as applicable, etc.);
  • any required procedure and formality (such as data protection impact assessment, notification and authorization request to the competent supervisory authority or other competent body where required) has been performed;
  • the data subjects are informed of the processing of their Personal Data in a concise, transparent, intelligible and easily accessible form, using clear and plain language as provided under the GDPR;
  • data subjects are informed of their rights, including the rights of access, rectification, deletion, limitation, portability or deletion, and shall have at all time the possibility to easily exercise their data rights as provided under the GDPR directly with Company.

10. Deletion and Return of Personal Data

10.1 Upon expiration of the Agreement, Company undertakes to delete or return, at Customer's request, any Personal Data, unless a request issued by a competent legal or judicial authority, or the applicable law of the European Union or of an European Union Member State, requires otherwise.

10.2 Company will support Customer for ensuring that the necessary operations (such as backup, transfer to a third-party solution, etc.) to the preservation of Personal Data are performed, notably before the termination or expiration of the Agreement, and before proceeding with any delete operations.

11. Liability

11.1 Company shall only be liable for damages caused by processing for which (i) it has not complied with the obligations of the GDPR specifically related to data processors or (ii) it has acted contrary to lawful written instructions of Customer. In such cases, the parties agree that the aggregate liability of Company to the Customer, under or in connection with this DPA, shall be regulated by the "Limitation of Liability" clause in provided by the Agreement.

12. Audits

12.1 Company shall make available to Customer all the information necessary to (i) demonstrate compliance with the requirements of the GDPR and (ii) enable audits to be carried out.

12.2 Such information is available in standard documentation upon Customer's request.

12.3 If the aforesaid information, report and certificate prove to be insufficient to enable Customer to demonstrate that it meets the obligations laid down by the GDPR, Company and Customer shall agree on the reasonable operational, security and financial conditions of a technical onsite inspection. In all circumstances, the conditions of this inspection must not affect the security of others clients of the Company.

12.4 Any information that is communicated to Customer pursuant to this section shall be considered as Company's confidential information under the Agreement.

12.5 Notwithstanding the foregoing, Customer is authorized to answer to competent supervisory authority requests provided that any disclosure of information is strictly limited to what is legally requested by the said supervisory authority. In such a case, and unless prohibited by applicable law, the Customer shall first consults with Company regarding any such required disclosure.

12.6 If Customer's request for information or access relates to a sub-processor of Company, or information held by a Sub-Processor of Company which Company cannot provide to Customer itself, Company will submit a request for additional information in writing to its relevant Sub-Processor(s). Customer acknowledges that access to the Sub-Processor's premises or to information about the Sub-Processor's previous independent audit reports is subject to agreement from the relevant Sub-Processor, and that Company cannot guarantee access to that Sub-Processor's premises or audit information at any particular time, or at all. The purposes of an audit pursuant to this section 12 include verifying that Company and its Sub-Processor(s) are processing Personal Data in accordance with the obligations under this section 12.

13. Effective Date and Duration

13.1 This DPA is effective from the Effective Date of the Agreement.

13.2 This DPA shall remain effective until the Agreement is terminated or expired.

14. Applicable Law

14.1 This DPA is governed, to the extent not provided for by GDPR, by the laws of the EU Member State where the Customer is based. For any controversy that may arise in relation to the interpretation and/or execution and/or termination of this DPA, the exclusive jurisdiction shall rest with the Courts provided by in the Agreement.

15. Contact Details of the Company

iGenius, Inc.
Postal address: 75E Santa Clara Street, 95113 San Jose
E-mail: legal@igenius.ai
Certified e-mail: igenius@legalmail.it
DPO e-mail: igenius.dpo@legalmail.it

Annex A

Description of Processing Activities

Nature of Processing: Use of the System, meaning Crystal.ai, the iGenius software driven by Artificial Intelligence.

Duration of Processing: Duration of the Main Contract. It must be pointed out that the Processor generally does not retain any copy of Customer's Personal Data, unless specifically requested by the Customer.

Purpose of Processing: Analyse Customer's Personal Data by means of machine learning and Artificial Intelligence provided through iGenius System, for the purpose of providing analytics insights.

Categories of Personal Data Processed: Common personal data submitted, posted, collected, transmitted or otherwise provided by or on behalf of Customer on Crystal Platform or directly to Data Exporter. The Data Importer Crystal Platform does not process any special category of data. It is the responsibility of the Data Exporter to not submit, post, collect, transmit or otherwise provide by or on behalf of Customer on Crystal Platform or directly to Data Exporter.

Data Subjects Categories: Customer Personnel, Customer clients and supplier representatives, any other third parties third parties whose personal data is submitted, posted, collected, transmitted or otherwise provided by or on behalf of Customer on Crystal Platform or directly to Data Exporter.

Annex B

Notification Form of a Data Breach to the Data Controller

  • Start and end date of the Data Breach:
  • Place of the Data Breach:
  • Categories and approximate number of Data Subjects involved:
  • Categories and approximate number of Personal Data involved:
  • Level of seriousness of the Data Breach:
  • Security measures adopted:
  • Name and contact details of the Data Protection Officer – eventually appointed by the data processor – or other contact point from which further information may be obtained:
  • Name and contact details of the Data Protection Officer – eventually appointed by the sub-data processor – or other contact point from which further information may be obtained:
  • Description of the measures that the data processor intends to undertake to remedy the Data Breach, including, if applicable, measures to mitigate the possible negative consequences:
  • Description of the probable consequences of the Data breach:

Upon request of Customer, Company is available to provide any further information necessary for the Customer to notify the infringement to the competent supervisory authority.

Annex C

Standard Contractual Clauses

Contract for the Transfer of Personal Data from Controller to Processors

For the purposes of Article 26(2) of Directive 95/46/EC for the transfer of personal data to processors established in third countries which do not ensure an adequate level of data protection

The Customer, as defined in the Agreement
(the data exporter)

And

iGenius, Inc.
(the data importer)

each a ‘party’; together ‘the parties’,

HAVE AGREED on the following Contractual Clauses (the Clauses) in order to adduce adequate safeguards with respect to the protection of privacy and fundamental rights and freedoms of individuals for the transfer by the data exporter to the data importer of the personal data specified in Appendix 1.

Clause 1: Definitions

For the purposes of the Clauses:

  • ‘personal data’, ‘special categories of data’, ‘process/processing’, ‘controller’, ‘processor’, ‘data subject’ and ‘supervisory authority’ shall have the same meaning as in Directive 95/46/EC of the European Parliament and of the Council of 24 October 1995 on the protection of individuals with regard to the processing of personal data and on the free movement of such data;
  • ‘the data exporter’ means the controller who transfers the personal data;
  • ‘the data importer’ means the processor who agrees to receive from the data exporter personal data intended for processing on his behalf after the transfer in accordance with his instructions and the terms of the Clauses and who is not subject to a third country’s system ensuring adequate protection within the meaning of Article 25(1) of Directive 95/46/EC;
  • 'the sub-processor’ means any processor engaged by the data importer or by any other sub-processor of the data importer who agrees to receive from the data importer or from any other sub-processor of the data importer personal data exclusively intended for processing activities to be carried out on behalf of the data exporter after the transfer in accordance with his instructions, the terms of the Clauses and the terms of the written subcontract;
  • ‘the applicable data protection law’ means the legislation protecting the fundamental rights and freedoms of individuals and, in particular, their right to privacy with respect to the processing of personal data applicable to a data controller in the Member State in which the data exporter is established; (f) ‘technical and organisational security measures’ means those measures aimed at protecting personal data against accidental or unlawful destruction or accidental loss, alteration, unauthorised disclosure or access, in particular where the processing involves the transmission of data over a network, and against all other unlawful forms of processing
  • 'Technical and Organisational Security Measures' means those measures aimed at protecting Personal Data against accidental or unlawful destruction or accidental loss, alteration, unauthorised disclosure or access, in particular where the Processing involves the transmission of Data over a network, and against all other unlawful forms of Processing.

Clause 2: Details of the Transfer

The details of the transfer and in particular the special categories of personal data where applicable are specified in Appendix 1 which forms an integral part of the Clauses.

Clause 3: Third-Party Beneficiary Clause

  • The data subject can enforce against the data exporter this Clause, Clause 4(b) to (i), Clause 5(a) to (e), and (g) to (j), Clause 6(1) and (2), Clause 7, Clause 8(2), and Clauses 9 to 12 as third-party beneficiary.
  • The data subject can enforce against the data importer this Clause, Clause 5(a) to (e) and (g), Clause 6, Clause 7, Clause 8(2), and Clauses 9 to 12, in cases where the data exporter has factually disappeared or has ceased to exist in law unless any successor entity has assumed the entire legal obligations of the data exporter by contract or by operation of law, as a result of which it takes on the rights and obligations of the data exporter, in which case the data subject can enforce them against such entity.
  • The data subject can enforce against the sub-processor this Clause, Clause 5(a) to (e) and (g), Clause 6, Clause 7, Clause 8(2), and Clauses 9 to 12, in cases where both the data exporter and the data importer have factually disappeared or ceased to exist in law or have become insolvent, unless any successor entity has assumed the entire legal obligations of the data exporter by contract or by operation of law as a result of which it takes on the rights and obligations of the data exporter, in which case the data subject can enforce them against such entity. Such third-party liability of the sub-processor shall be limited to its own processing operations under the Clauses.
  • The parties do not object to a data subject being represented by an association or other body if the data subject so expressly wishes and if permitted by national law.

Clause 4: Obligations of the Data Explorer

The data exporter agrees and warrants:

  • that the processing, including the transfer itself, of the personal data has been and will continue to be carried out in accordance with the relevant provisions of the applicable data protection law (and, where applicable, has been notified to the relevant authorities of the Member State where the data exporter is established) and does not violate the relevant provisions of that State;
  • that it has instructed and throughout the duration of the personal data-processing services will instruct the data importer to process the personal data transferred only on the data exporter’s behalf and in accordance with the applicable data protection law and the Clauses;
  • that the data importer will provide sufficient guarantees in respect of the technical and organisational security measures specified in Appendix 2 to this contract;
  • that after assessment of the requirements of the applicable data protection law, the security measures are appropriate to protect personal data against accidental or unlawful destruction or accidental loss, alteration, unauthorised disclosure or access, in particular where the processing involves the transmission of data over a network, and against all other unlawful forms of processing, and that these measures ensure a level of security appropriate to the risks presented by the processing and the nature of the data to be protected having regard to the state of the art and the cost of their implementation;
  • that it will ensure compliance with the security measures;
  • that, if the transfer involves special categories of data, the data subject has been informed or will be informed before, or as soon as possible after, the transfer that its data could be transmitted to a third country not providing adequate protection within the meaning of Directive 95/46/EC;
  • to forward any notification received from the data importer or any sub-processor pursuant to Clause 5(b) and Clause 8(3) to the data protection supervisory authority if the data exporter decides to continue the transfer or to lift the suspension;
  • to make available to the data subjects upon request a copy of the Clauses, with the exception of Appendix 2, and a summary description of the security measures, as well as a copy of any contract for sub-processing services which has to be made in accordance with the Clauses, unless the Clauses or the contract contain commercial information, in which case it may remove such commercial information;
  • that, in the event of sub-processing, the processing activity is carried out in accordance with Clause 11 by a sub-processor providing at least the same level of protection for the personal data and the rights of data subject as the data importer under the Clauses; and
  • that it will ensure compliance with Clause 4(a) to (i).

Clause 5: Obligations of the Data Importer

The data importer agrees and warrants:

  • to process the personal data only on behalf of the data exporter and in compliance with its instructions and the Clauses; if it cannot provide such compliance for whatever reasons, it agrees to inform promptly the data exporter of its inability to comply, in which case the data exporter is entitled to suspend the transfer of data and/or terminate the contract;
  • that it has no reason to believe that the legislation applicable to it prevents it from fulfilling the instructions received from the data exporter and its obligations under the contract and that in the event of a change in this legislation which is likely to have a substantial adverse effect on the warranties and obligations provided by the Clauses, it will promptly notify the change to the data exporter as soon as it is aware, in which case the data exporter is entitled to suspend the transfer of data and/or terminate the contract;
  • that it has implemented the technical and organisational security measures specified in Appendix 2 before processing the personal data transferred;
  • that it will promptly notify the data exporter about:
    - any legally binding request for disclosure of the personal data by a law enforcement authority unless otherwise prohibited, such as a prohibition under criminal law to preserve the confidentiality of a law enforcement investigation;
    - any accidental or unauthorised access;
    - and any request received directly from the data subjects without responding to that request, unless it has been otherwise authorised to do so;
  • to deal promptly and properly with all inquiries from the data exporter relating to its processing of the personal data subject to the transfer and to abide by the advice of the supervisory authority with regard to the processing of the data transferred;
  • at the request of the data exporter to submit its data-processing facilities for audit of the processing activities covered by the Clauses which shall be carried out by the data exporter or an inspection body composed of independent members and in possession of the required professional qualifications bound by a duty of confidentiality, selected by the data exporter, where applicable, in agreement with the supervisory authority;
  • to make available to the data subject upon request a copy of the Clauses, or any existing contract for sub-processing, unless the Clauses or contract contain commercial information, in which case it may remove such commercial information, with the exception of Appendix 2 which shall be replaced by a summary description of the security measures in those cases where the data subject is unable to obtain a copy from the data exporter;
  • that, in the event of sub-processing, it has previously informed the data exporter and obtained its prior written consent;
  • that the processing services by the sub-processor will be carried out in accordance with Clause 11;
  • to send promptly a copy of any sub-processor agreement it concludes under the Clauses to the data exporter.

Clause 6: Liability

  • The parties agree that any data subject, who has suffered damage as a result of any breach of the obligations referred to in Clause 3 or in Clause 11 by any party or sub-processor is entitled to receive compensation from the data exporter for the damage suffered.
  • If a data subject is not able to bring a claim for compensation in accordance with paragraph 1 against the data exporter, arising out of a breach by the data importer or his sub-processor of any of their obligations referred to in Clause 3 or in Clause 11, because the data exporter has factually disappeared or ceased to exist in law or has become insolvent, the data importer agrees that the data subject may issue a claim against the data importer as if it were the data exporter, unless any successor entity has assumed the entire legal obligations of the data exporter by contract of by operation of law, in which case the data subject can enforce its rights against such entity.
  • If a data subject is not able to bring a claim against the data exporter or the data importer referred to in paragraphs 1 and 2, arising out of a breach by the sub-processor of any of their obligations referred to in Clause 3 or in Clause 11 because both the data exporter and the data importer have factually disappeared or ceased to exist in law or have become insolvent, the sub-processor agrees that the data subject may issue a claim against the data sub-processor with regard to its own processing operations under the Clauses as if it were the data exporter or the data importer, unless any successor entity has assumed the entire legal obligations of the data exporter or data importer by contract or by operation of law, in which case the data subject can enforce its rights against such entity. The liability of the sub-processor shall be limited to its own processing operations under the Clauses.

Clause 7: Mediation and Jurisdiction

  • The data importer agrees that if the data subject invokes against it third-party beneficiary rights and/or claims compensation for damages under the Clauses, the data importer will accept the decision of the data subject:

    a. to refer the dispute to mediation, by an independent person or, where applicable, by the supervisory authority;

    b. to refer the dispute to the courts in the Member State in which the data exporter is established.
  • The parties agree that the choice made by the data subject will not prejudice its substantive or procedural rights to seek remedies in accordance with other provisions of national or international law.

Clause 8: Cooperation with Supervisory Authorities

  • The data exporter agrees to deposit a copy of this contract with the supervisory authority if it so requests or if such deposit is required under the applicable data protection law.
  • The parties agree that the supervisory authority has the right to conduct an audit of the data importer, and of any sub-processor, which has the same scope and is subject to the same conditions as would apply to an audit of the data exporter under the applicable data protection law.
  • The data importer shall promptly inform the data exporter about the existence of legislation applicable to it or any sub-processor preventing the conduct of an audit of the data importer, or any sub-processor, pursuant to paragraph 2. In such a case the data exporter shall be entitled to take the measures foreseen in Clause 5(b).

Clause 9: Governing Law

The Clauses shall be governed by the law of the Member State in which the data exporter is established.

Clause 10: Variation of the Contract

The parties undertake not to vary or modify the Clauses. This does not preclude the parties from adding clauses on business related issues where required as long as they do not contradict the Clause.

Clause 11: Sub-processing

  • The data importer shall not subcontract any of its processing operations performed on behalf of the data exporter under the Clauses without the prior written consent of the data exporter. Where the data importer subcontracts its obligations under the Clauses, with the consent of the data exporter, it shall do so only by way of a written agreement with the sub-processor which imposes the same obligations on the sub-processor as are imposed on the data importer under the Clauses ( 1 ). Where the sub-processor fails to fulfil its data protection obligations under such written agreement the data importer shall remain fully liable to the data exporter for the performance of the sub-processor’s obligations under such agreement.
  • The prior written contract between the data importer and the sub-processor shall also provide for a third-party beneficiary clause as laid down in Clause 3 for cases where the data subject is not able to bring the claim for compensation referred to in paragraph 1 of Clause 6 against the data exporter or the data importer because they have factually disappeared or have ceased to exist in law or have become insolvent and no successor entity has assumed the entire legal obligations of the data exporter or data importer by contract or by operation of law. Such third-party liability of the sub-processor shall be limited to its own processing operations under the Clauses.
  • The provisions relating to data protection aspects for sub-processing of the contract referred to in paragraph 1 shall be governed by the law of the Member State in which the data exporter is established.
  • The data exporter shall keep a list of sub-processing agreements concluded under the Clauses and notified by the data importer pursuant to Clause 5(j), which shall be updated at least once a year. The list shall be available to the data exporter’s data protection supervisory authority.

Clause 12: Obligation After the Termination of the Subscription Services

  • The parties agree that on the termination of the provision of processing operations for the Subscription Services, the data importer and the sub-processor shall, at the choice of the data exporter, return all the personal data transferred and the copies thereof to the data exporter or shall destroy all the personal data and certify to the data exporter that it has done so, unless legislation imposed upon the data importer prevents it from returning or destroying all or part of the personal data transferred. In that case, the data importer warrants that it will guarantee the confidentiality of the personal data transferred and will not actively process the personal data transferred anymore.
  • The data importer and the sub-processor warrant that upon request of the data exporter and/or of the supervisory authority, it will submit its data-processing facilities for an audit of the measures referred to in paragraph 1.

Appendix 1

To the Standard Contractual Clauses

This Appendix forms part of the Clauses and must be completed and signed by the parties.
The Member States may complete or specify, according to their national procedures, any additional necessary information to be contained in this Appendix 1.

Data Exporter
The Data Exporter is the Customer, as defined within the Agreement.

Data Importer
The Data Importer is iGenius, Inc.

Data Subjects
The Personal Data transferred concern the following categories of Data Subjects:
Customer Personnel, Customer clients and supplier representatives, any other third parties third parties whose personal data is submitted, posted, collected, transmitted or otherwise provided by or on behalf of Customer on Crystal Platform or directly to Data Exporter.

Categories of Data
The Personal Data transferred concern the following categories of Data:
Common personal data submitted, posted, collected, transmitted or otherwise provided by or on behalf of Customer on Crystal Platform or directly to Data Exporter.

Special Categories of Data (if appropriate)
The Data Importer Crystal Platform does not process any special category of data. It is the responsibility of the Data Exporter to not submit, post, collect, transmit or otherwise provide by or on behalf of Customer on Crystal Platform or directly to Data Exporter.

Processing operations
The Personal Data transferred will be subject to the following basic processing activities: automated collection, organisation, structuring, storage (if specifically requested by the Customer), consultation, use, disclosure to the Customer by transmission as well as alignment or combination.

Appendix 2

To the Standard Contractual Clauses

This Appendix forms part of the Clauses and must be completed and signed by the parties
Description of the Technical and Organisational Security Measures implemented by the Data Importer and its Subprocessors in accordance with Clauses 4(d) and 5(c) (or document/legislation attached)

Requirement of Information Security

The Company, which according to the DPA processes Customer's Personal Data on behalf of the Customer, shall implement appropriate technical and organisational measures as stipulated in the Applicable Data Protection Law and/or measures imposed by relevant supervisory authority pursuant to Applicable Data Protection Law or other applicable statutory law to ensure an appropriate level of security.
The Company shall assess the appropriate level of security and take into account the risks related to the processing in relation to the Subscription Services under the Agreement, including risk for accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to Customer's Person Data transmitted, stored or otherwise processed.
All transmissions of Customer's Personal Data between the Company and the Customer or between the Company or and any third party shall be done at a sufficient security level as required under applicable law, or otherwise as agreed between the parties.

Name

Role

Address

Sub-contracted Processing operations

Categories of Data Subjects

Sub-contracted categories of data

Processing location

Legal basis for the transfer pursuant to Articles 44 et seq. of the GDPR

iGenius S.r.l.
Sub-processor
Via Principe Amedeo 5, Italy
Platform maintenance services IT Support
Customers' data subject
All Personal data under the Agreement
Italy
SCC
Intercom R&D Unlimited
Sub-sub-processor
2nd Floor, Stephen Court, 18-21 Saint Stephen's Green, Dublin
Customer Support
Customers' Service users
Service usage data
Ireland
GDPR