THE SERVICES AND COMPANY IP ARE PROVIDED “AS IS”, AND COMPANY MAKES NO WARRANTIES OR REPRESENTATIONS TO CUSTOMER, ITS AUTHORIZED USERS OR TO ANY OTHER PARTY REGARDING THE COMPANY IP OR THE SERVICES. TO THE MAXIMUM EXTENT PERMITTED BY APPLICABLE LAW, COMPANY HEREBY DISCLAIMS ALL WARRANTIES AND REPRESENTATIONS, WHETHER EXPRESS OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, ANY IMPLIED WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE OR NON-INFRINGEMENT, AND ANY WARRANTIES ARISING OUT OF COURSE OF DEALING OR USAGE OF TRADE. WITHOUT LIMITING THE FOREGOING, COMPANY HEREBY DISCLAIMS ANY WARRANTY THAT USE OF THE SERVICES WILL BE ERROR-FREE, BUG-FREE OR UNINTERRUPTED.
Neither Party will be responsible for any failure or delay in the performance of its obligations under this Agreement (except for any payment obligations) due to causes beyond its reasonable control, which may include, without limitation, labor disputes, strikes, lockouts, shortages of or inability to obtain energy, raw materials or supplies, denial of service or other malicious attacks, telecommunications failure or degradation, pandemics, epidemics, public health emergencies, governmental orders and acts (including government-imposed travel restrictions and quarantines), material changes in law, war, terrorism, riot, or acts of God.
This Agreement will be governed by and construed in accordance with the laws of the State of California, without regard to or application of conflict of laws rules or principles. The parties agree that the United Nations Convention on Contracts for the International Sale of Goods will not apply. All disputes under this Agreement shall be submitted to the exclusive jurisdiction of the federal or state courts located in the County of Santa Clara, California, and the parties hereby waive any objection to the jurisdiction and venue of such courts.
This Agreement, or any of its rights or any materials provided hereunder, may not be assigned or otherwise transferred by either party to any other person or entity, whether by operation of law or otherwise, without the other party's express written consent, which shall not be unreasonably withheld or delayed and any such attempted assignment not permitted by either party shall be void and of no effect; provided, however, that such consent of the other party shall not be required with respect to an assignment or transfer by either party to (i) any corporate affiliate of such party; or (ii) an acquirer of all or substantially all of the assets or capital stock of such party related to this Agreement, whether through purchase, merger, consolidation or otherwise. Any permitted assignment or transfer of or under this Agreement shall be binding upon, and inure to the benefit of, the successors, executors, heirs, representatives, administrators and permitted assigns of the parties hereto.
All notices or approvals required or permitted under this Agreement will be in writing and delivered by confirmed email transmission, by overnight delivery service, or by certified mail, and in each instance will be deemed given upon receipt. This Agreement (including any exhibit, annex and appendix hereto) is the complete and exclusive understanding and agreement between the parties regarding its subject matter, and supersedes all proposals, understandings or communications between the parties, oral or written, regarding its subject matter, unless Customer and Company have executed a separate agreement governing use of the Subscription Services. The parties to this Agreement are independent contractors and this Agreement will not establish any relationship of partnership, joint venture, employment, franchise, or agency between the parties. Neither party will have the power to bind the other or incur obligations on the other’s behalf without the other’s prior written consent. All notices or approvals will be sent to 75E Santa Clara Street, 95113 San Jose for notices to the Company and to the email address associated with Customer’s account for notices to Customer. Except as expressly set forth in this Agreement, the exercise by either party of any of its remedies under this Agreement will be without prejudice to its other remedies under this Agreement or otherwise. The failure by either party to enforce any provision of this Agreement will not constitute a waiver of future enforcement of that or any other provision. Any waiver, modification or amendment of any provision of this Agreement will be effective only if in writing and signed by authorized representatives of both parties. If any provision of this Agreement is held to be unenforceable or invalid, that provision will be enforced to the maximum extent possible, and the other provisions will remain in full force and effect.
iGenius, Inc., a Delaware corporation with a place of business at 75E Santa Clara Street, 95113 San Jose (hereinafter referred to as ‘we’, ‘our’, ‘us’), as Data Controller of the processing described hereinafter, takes privacy and personal data protection extremely seriously. This document has therefore been produced to provide you, also to comply with Section 13 of the General Data Protection Regulation ("GDPR"), with information on the purpose and means used to process your Personal Data which are collected when browsing on our website (https://crystal.ai - hereinafter referred to as the “Website”), using services reserved for registered users, communicating with our operators or using our live chat system (hereinafter jointly referred to as “Crystal Services”). Please note that, unless otherwise defined herein, all the capitalized words shall have the same meaning provided by Article 4 GDPR.
In particular, we need to process the Personal Data which you provide when registering or requesting a service. With your consent, we can also use other information which you freely provide when registering or related to the methods you use to communicate with us (hereinafter jointly referred to as “Data”).
This Privacy Notice (along with our General Terms and Conditions applicable to related services, our Cookies Policy) sets out the basis on which your Data will be processed.
To create an account on the Crystal Services or use our product demo, you/your employer must provide your full name, email, employer, and role. When you use Crystal Services, we will process the Data needed to guarantee your full enjoyment of these services, including, for example, log in data, pages visited, your requests, your communications and other additional information which you may freely provide during the usage of the Crystal Services. We may also process audio (which may contain your voice) if you use our speech recognition features.
Providing your Data is optional, but refusal to do so, in part or in full, may prevent us from correctly meeting your specific requests.
With your consent, we can also use your Data for the following purposes:
The provision of Crystal Services and/or the handling of information which you request will not in any way be affected by whether you give consent as set out at point cd and e) above in this Section 2.
In the light of the above, the so-called “lawful basis of processing”, as per Regulation EU No. 679/2016 (General Data Protection Regulation or “GDPR”), specifically are:
Your Data will only be processed for the period of time strictly necessary to fulfil the purposes for which they were collected, with regard to the regulations in force.
In any case, for the purposes of marketing and/or profiling (as per points c) and d) of Section 2 above), Data regarding the details of your purchases will not be processed for a period exceeding 12 months. In the same way, the information regarding your communications with us will not be retained for a period exceeding 12 months.
So that the activities related to the Website function properly, your personal data indicated above may be accessed by employee staff, as well as by non-employee personnel appointed by us that need to process the personal data to carry out their duties (for example, digital function, administration, and customer service).
Your Data may be shared, also for administrative purposes, with our subsidiary, parent and partner companies, for purposes of delivering the Crystal Services requested, with third party service providers involved in activities carried out by us (e.g. IT services). These parties will occupy the role of Data Processors.
We or any our assets, including the Website, may be sold, or other transactions may occur in which your personal data is one of the business assets of the transaction. In such case, your personal data may be transferred, either as part of the transaction or during any due diligence process.
Lastly, we may share information with government and law enforcement authorities and with other parties involved in, or contemplating, legal proceedings to comply with a legal obligation, when we believe in good faith that the law requires it, or where this is necessary for us or for third parties to protect our or their rights, property, safety or security.
iGenius Inc. is a company governed by US law. Albeit the fact that the processing will be mainly conducted within EEA, your Data may be transferred outside the territory of the European Union, in particular to the USA, or to other countries where the level of data protection may be less stringent than that ensured by European regulations.
In any event, such transfers shall take place in compliance with appropriate guarantees for the protection of your Data and, in particular, the standard contractual clauses approved by the EU Commission in Decision No. 2010/87/EC.
Your personal data is mainly processed electronically, and in some cases also in paper format.
You can check, modify or withdraw your consent with regard to the purposes set out in letters (d) and (e) at Section 2 above at any time. You just need to modify the settings in your settings area or contact us at the contact details below.
Do Not Track (“DNT”) is a privacy preference that users can set in certain web browsers. Please note that we do not respond to or honor DNT signals or similar mechanisms transmitted by web browsers.
The online advertising industry also provides websites from which you may opt out of receiving targeted ads from data partners and other advertising partners that participate in self-regulatory programs. You can access these and learn more about targeted advertising and consumer choice and privacy by visiting the Network Advertising Initiative, theDigital Advertising Alliance, the European Digital Advertising Alliance, and the Digital Advertising Alliance of Canada.
You may have the right under applicable law to access your personal data and, if necessary, have it amended or deleted or restricted. You may also ask us to provide some types of personal data to you, or another organisation nominated by you, in a structured and machine readable format.
You can object to the processing of your personal data in some circumstances (in particular, where we don’t have to process the information to meet a contractual or other legal requirement), at any time either through the opt-out link at the bottom of our marketing e-mails, (in case of marketing, or by contacting us at the contact details indicated below).
These rights can be limited – for example where we need your personal data (i) to comply with the law or (ii) to the interest of iGenius will prevail, or (iii) where providing your information would reveal personal data about another person.
You also have a right to complain to an EU data protection authority where you live, work or where you believe a breach may have occurred.
For more details or any privacy questions please contact us by email at email@example.com or write to us at the relevant address above. You can also contact our Data Protection Officer at firstname.lastname@example.orgIn accordance with Article 27 of Regulation (EU) 2016/679, iGenius Inc. has appointed iGenius S.r.l., with registered office in Via Manin, 3, 20121 Milan Italy, as its representative in the European Union.
with registered office in:
75E Santa Clara Street, 95113 San Jose
Certified email: email@example.com
The Services are not directed to children under 18 (or other age as required by local law), and we do not knowingly collect personal information from children.
If you learn that your child has provided us with personal information without your consent, you may contact us as set forth below. If we become aware that a child has provided us with personal information in violation of applicable law, we will delete any personal information we have collected, unless we have a legal obligation to keep it, and terminate the child’s account as applicable.
This privacy notice may be amended or updated, in full or in part, which may be as a result of changes to the applicable law. We will keep you informed as required under applicable law of any substantial changes which affect how your Data is processed.
In any case, we invite you to periodically consult the updated privacy notice published on the Website.
The information contained on https://crystal.ai website and crystal mobile app (the "Service") is for general information purposes only.
iGenius Inc. assumes no responsibility for errors or omissions in the contents on the Service.
In no event shall iGenius Inc. be liable for any special, direct, indirect, consequential, or incidental damages or any damages whatsoever, whether in an action of contract, negligence or other tort, arising out of or in connection with the use of the Service or the contents of the Service. iGenius Inc. reserves the right to make additions, deletions, or modification to the contents on the Service at any time without prior notice.
iGenius Inc. does not warrant that the Service is free of viruses or other harmful components.
https://crystal.ai website and crystal mobile app may contain links to external websites that are not provided or maintained by or in any way affiliated with iGenius Inc.
Please note that the iGenius Inc. does not guarantee the accuracy, relevance, timeliness, or completeness of any information on these external websites.
IMPORTANT NOTICE REGARDING ARBITRATION: WHEN YOU AGREE TO THESE TERMS YOU AGREE TO RESOLVE ANY DISPUTE BETWEEN YOU AND COMPANY THROUGH BINDING, INDIVIDUAL ARBITRATION RATHER THAN IN COURT. PLEASE REVIEW CAREFULLY THE “GOVERNING LAW; DISPUTE RESOLUTION” SECTION BELOW FOR DETAILS REGARDING ARBITRATION.
You are an Authorized User (as defined below) on a platform controlled by one of our customers (each a “Customer”) which could be your employer or an organization with which you have a work relationship. The Customer has provided you the access to the Subscription Services.
Customer has separately agreed to our Terms & Conditions (the “Agreement”) that permitted Customer to create and configure a workspace so that you and others could join and use the Subscription Services (each invitee granted access to the Subscription Services, including you, is an “Authorized User”).
The Agreement contains the rules governing Customers and their Authorized Users’ use of the Subscription Services.
You may use the Subscription Services only if you are 18 years old or older and capable of forming a binding contract, and not otherwise barred from using the Subscription Services under applicable law.
At any time, an Authorized User will not, directly or indirectly:
You agree that it is Customer’s sole responsibility to (a) inform you and any other Authorized User of any relevant Customer policies and practices related to the use and any settings that may impact your use of the Subscription Services; and (b) respond to and resolve any dispute with you and Customer or you and any other Authorized User relating to the Subscription Services or Customer’s failure to fulfill these obligations.
IGENIUS MAKES NO REPRESENTATIONS OR WARRANTIES OF ANY KIND, WHETHER EXPRESS OR IMPLIED, TO YOU RELATING TO THE SUBSCRIPTION SERVICES, WHICH ARE PROVIDED TO YOU ON AN “AS IS” AND “AS AVAILABLE” BASIS. WITHOUT LIMITING THE FOREGOING, WE EXPLICITLY DISCLAIM ANY IMPLIED WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT AND NON-INFRINGEMENT, AND ANY WARRANTIES ARISING OUT OF COURSE OF DEALING OR USAGE OF TRADE. WE MAKE NO WARRANTY THAT THE SERVICES WILL MEET YOUR REQUIREMENTS OR BE AVAILABLE ON AN UNINTERRUPTED, SECURE, OR ERROR-FREE BASIS.
IN NO EVENT WILL COMPANY BE LIABLE TO YOU FOR ANY LOST PROFITS OR REVENUES OR FOR ANY INDIRECT, SPECIAL, INCIDENTAL, CONSEQUENTIAL, COVER OR PUNITIVE DAMAGES HOWEVER CAUSED, WHETHER IN CONTRACT, TORT OR UNDER ANY OTHER THEORY OF LIABILITY, AND WHETHER OR NOT THE PARTY HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. TO THE MAXIMUM EXTENT PERMITTED BY APPLICABLE LAW, IN NO EVENT WILL COMPANY’S TOTAL LIABILITY ARISING OUT OF OR IN CONNECTION WITH THESE TERMS OR FROM THE USE OF OR INABILITY TO USE THE SUBSCRIPTION SERVICES EXCEED $100.
We each agree that any dispute, claim or controversy arising out of or relating to these Terms or the breach, termination, enforcement, interpretation or validity thereof or the use of the Subscription Services (collectively, “Disputes”) will be resolved SOLELY BY BINDING, INDIVIDUAL ARBITRATION AND NOT IN A CLASS, REPRESENTATIVE OR CONSOLIDATED ACTION OR PROCEEDING (“Class Action Waiver”). You agree that the U.S. Federal Arbitration Act governs the interpretation and enforcement of these Terms, and that we are each waiving the right to a trial by jury or to participate in a class action. This arbitration provision shall survive termination of these Terms and if it is found to be unenforceable, then the entirety of this Dispute Resolution Section shall be null and void.
Any arbitration hearings will take place in the County of Santa Clara, California, unless we both agree to a different location. The arbitration will be conducted by the American Arbitration Association (“AAA”) under its Consumer Arbitration Rules (the “AAA Rules”) then in effect, except as modified by these Terms. The AAA Rules are available at www.adr.org or by calling 1-800-778-7879. A party who wishes to start arbitration must submit a written Demand for Arbitration to AAA and give notice to the other party as specified in the AAA Rules. The AAA provides a form Demand for Arbitration at www.adr.org. Payment of all filing, administration and arbitrator fees will be governed by the AAA Rules, and neither of us will seek to recover the administration and arbitrator fees we are each responsible for paying, unless the arbitrator finds your Dispute frivolous. If we prevail in arbitration we’ll pay all of our attorneys’ fees and costs and won’t seek to recover them from you. If you prevail in arbitration you will be entitled to an award of attorneys’ fees and expenses to the extent provided under applicable law.
As limited exceptions to the foregoing: (i) we both may seek to resolve a Dispute in small claims court if it qualifies; and (ii) we each retain the right to seek injunctive or other equitable relief from a court to prevent (or enjoin) the infringement or misappropriation of our intellectual property rights.
You may not assign any of your rights or delegate the access to your account under these Terms, whether by operation of law or otherwise, without the prior written consent of us (not to be unreasonably withheld). We may assign these Terms in their entirety (including all terms and conditions incorporated herein by reference), without your consent, to a corporate affiliate or in connection with a merger, acquisition, corporate reorganization, or sale of all or substantially all of our assets.
As our business evolves, we may change these Terms. If we make a material change to the Terms, we will provide you with reasonable notice prior to the change taking effect either by emailing the email address associated with your account or by messaging you through the Subscription Services. You can review the most current version of the present Terms at any time by visiting this page at the following link https://crystal.ai/en/legal/terms-and-conditions/.
Any material revisions to these Terms will become effective on the date set forth in our notice, and all other changes will become effective on the date we publish the change.
These Terms will be enforced to the fullest extent permitted under applicable law. With the exception of the Class Action Waiver in the “Governing Law; Dispute Resolution” Section above, if any provision of the Terms is held by a court of competent jurisdiction to be contrary to law, the provision will be modified and interpreted so as best to accomplish the objectives of the original provision to the fullest extent permitted by law, and the remaining provisions of the Terms will remain in effect.
Company’s failure to enforce any right or provision of these Terms will not be considered a waiver of such right or provision. The waiver of any such right or provision will be effective only if in writing and signed by a duly authorized representative of the Company.
These Terms remain effective until Customer’s subscription for you expires or terminates, or your access to the Subscription Services is terminated by Customer or us. Please contact Customer at any time and for any reason if you wish to terminate your account.
The sections titled “Limitation of Liability,” “Survival,” “Assignment”, “Severability” will survive any termination or expiration of the Terms.
This Exhibit is intended for the purpose of complying with the requirements under Article 28 of the Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 (hereinafter, the "GDPR”) and applies only in case of:
(i) EU Customers and
(ii) non-EU Customers using the Subscription Services
- for their EU businesses, or
- as part of their offer of goods or services to individuals in the EU, or
- for monitoring the behaviour of individuals as far as their behaviour takes place within the EU.
The Customer and the Company have entered into the Agreement for the Use of the System, as defined in the Terms of Service (https://crystal.ai/en/legal/terms-and-conditions/), namely to analyse Customer's Personal Data by means of machine learning and Artificial Intelligence provided through iGenius System, for the purpose of providing analytics insights. and - in order to execute said Agreement - the Company shall also perform on behalf of the Customer certain processing operations of Personal Data under the control of the Customer, which fall under the application of the European and EU national data protection legislation (hereinafter, the "Data").
The nature, duration and purpose of the processing, as well as the type of Personal Data and the categories of data subjects, are specifically identified in Annex A (hereinafter, the "Processing").
The Customer, considering the nature, object, context and purpose of the Processing and assessing the risk, in terms of probability and severity, that the Processing may entail for the rights and freedoms of the data subjects, has deemed that the Company provides sufficient guarantees to implement technical and organisational measures appropriate to the Processing, in order to meet the requirements of the GDPR and ensure the protection of the data subject's rights.
Therefore, by signing this agreement (hereinafter, the "DPA") the parties intend to regulate their mutual relations regarding the Data Processing carried out by the Company on behalf of the Customer, as per terms below.
Premises, Annexes and Appendixes form an integral part of this Agreement.
2.1 Premises, Annexes and Appendixes form an integral part of this Agreement.
2.2 This DPA supersedes and extinguishes all other agreements, arrangements and understandings executed between the parties, whether written or oral, in relation to processing of Personal Data for the purposes of providing the Subscription Services.
2.3 Unless expressly agreed otherwise in writing by the parties, where there is any inconsistency between the terms of this DPA and any other privacy term of any service agreement in force between the parties, the terms of this DPA shall take precedence.
2.4 For the purposes of this DPA "data subject", "processing", "transfer (in the context of Personal Data transfers)" and "appropriate technical and organisational measures" shall be interpreted in accordance with the Data Protection Legislation, as defined above.
3.1 The purpose of this DPA is to regulate - in compliance with the provisions of the GDPR - the obligations and rights of the Company and Customer with regard to the Processing.
4.1 The Company is authorized, as a processor acting under Customer's instruction, to process the Customer’s Personal Data to the extent necessary to provide the Subscription Services under the Agreement.
4.2 The nature of operations carried out by Company on Personal Data may be computing, and/or any such other services under the Agreement, as described in Annex A to this DPA.
4.3 The type of Personal Data and the categories of data subjects are determined and controlled by the Customer, at its sole discretion.
4.4 The processing activities are performed by Company for the duration provided in the Agreement or the duration of this DPA, if shorter.
4.5 Details of the scope of processing under this DPA are summarized in Annex A. Any changes to the processing of Personal Data under the Agreement will be reflected by the parties amending Annex A to this DPA.
5.1 The Company undertakes to:
5.2 At Customer’s written request, taking into account the nature of the processing, Company will provide Customer with reasonable assistance in relation to the Personal Data processed under this DPA:
5.3 Company undertakes to set up technical and organizational measures to ensure the security of Personal Data according to Article 32 GDPR, which will include the technical and organizational security measures listed in Annex C, Appendix 2.
6.1 If Company becomes aware of a Security Breach impacting the Personal Data processed by Company under this DPA (such as unauthorized access, loss, disclosure or alteration of data), Company shall:
7.1 Customer hereby authorizes and consents to the Personal Data be processed outside of the European Union in the US or in any other country that is not subject to an Adequacy Decision by the European Commission, to the extent that the transfer is necessary to perform the processing operations under this Agreement and provided that a data transfer agreement which complies with the Standard Contractual Clauses adopted by the European Commission ("SCC"), or any other protection measures recognized as sufficient by the European Commission is implemented between the parties.
7.2 By signing this DPA, the parties enter into the SCCs controller-to-processor as set forth under Annex C to this DPA. Note that any optional standard contractual clauses are expressly not included. The parties agree that: (i) the audits described in Clause 5(f) and Clause 12(2) of the Standard Contractual Clauses shall be carried out in accordance with Section 12 of this Exhibit; (ii) pursuant to Clause 5(h) and Clause 11 of the Standard Contractual Clauses, Company may engage new Subprocessors in accordance with Section 8 of this Exhibit; and (iii) the Subprocessor agreements referenced in Clause 5(j) and certification of deletion referenced in Clause 12(1) of the Standard Contractual Clauses shall be provided only upon Company’s written request. In case of any direct conflict between the provisions under this DPA and the SCCs controller-to-processor, the latter shall prevail.
7.3 In the event that the relevant European Commission decision on SCCs controller-to-processor on which the parties has relied in authorizing the data transfer is held to be invalid, or that any supervisory authority requires transfers of personal data made pursuant to such decision to be suspended, then the parties agree to discuss in good faith and facilitate use of an alternative transfer mechanism.
8.1 Subject to the provisions of Section 7 “Location and transfer of Personal Data” above, Company may engage third parties to provide the Subscription Services to Customer on its behalf. Customer hereby consents to the designation of these third parties and of the Company's subsidiaries and parent company as Sub-Processors. The above mentioned authorizations shall constitute the prior written consent of the Customer to the Company's subcontracting of the Processing for the provision of the Subscription Services if such consent is required under the SCC under Annex C to this DPA. A list of Company's current Sub-Processors can be found in Annex D herein.
8.2 Company is liable for the compliance of its Sub-Processors with Company's obligations under this DPA. In the designation of these Sub-processors, Company shall ensure, by written contract, that they are authorized to access and use the Data only for the provision of the Subscription Services, with the prohibition to process Data for any other purpose.
8.3 From time to time, Company may engage new Sub-Processors. If so, Company shall send to Customer a notification (updating the website and providing the Company with mechanisms to obtain notification of the update), regarding any new Sub-Processors, at least 15 (fifteen) days before the date when Sub-processor would have access to Data. An updated list of the Company's sub-processors is available upon Customer's request.
8.4 If Customer does not approve a new Sub-Processor for objective and reasonable reasons, Customer may terminate the Agreement without penalty by providing written notice of termination within 30 (thirty) days from the Company notification referred to in Section 8.3, including an explanation of the reasons for the non-approval.
9.1 For the processing of Personal Data, Customer shall provide to Company in writing any relevant instruction.
9.1 The parties acknowledge that it is the Customer's responsibility to ensure that:
10.1 Upon expiration of the Agreement, Company undertakes to delete or return, at Customer's request, any Personal Data, unless a request issued by a competent legal or judicial authority, or the applicable law of the European Union or of an European Union Member State, requires otherwise.
10.2 Company will support Customer for ensuring that the necessary operations (such as backup, transfer to a third-party solution, etc.) to the preservation of Personal Data are performed, notably before the termination or expiration of the Agreement, and before proceeding with any delete operations.
11.1 Company shall only be liable for damages caused by processing for which (i) it has not complied with the obligations of the GDPR specifically related to data processors or (ii) it has acted contrary to lawful written instructions of Customer. In such cases, the parties agree that the aggregate liability of Company to the Customer, under or in connection with this DPA, shall be regulated by the "Limitation of Liability" clause in provided by the Agreement.
12.1 Company shall make available to Customer all the information necessary to (i) demonstrate compliance with the requirements of the GDPR and (ii) enable audits to be carried out.
12.2 Such information is available in standard documentation upon Customer's request.
12.3 If the aforesaid information, report and certificate prove to be insufficient to enable Customer to demonstrate that it meets the obligations laid down by the GDPR, Company and Customer shall agree on the reasonable operational, security and financial conditions of a technical onsite inspection. In all circumstances, the conditions of this inspection must not affect the security of others clients of the Company.
12.4 Any information that is communicated to Customer pursuant to this section shall be considered as Company's confidential information under the Agreement.
12.5 Notwithstanding the foregoing, Customer is authorized to answer to competent supervisory authority requests provided that any disclosure of information is strictly limited to what is legally requested by the said supervisory authority. In such a case, and unless prohibited by applicable law, the Customer shall first consults with Company regarding any such required disclosure.
12.6 If Customer's request for information or access relates to a sub-processor of Company, or information held by a Sub-Processor of Company which Company cannot provide to Customer itself, Company will submit a request for additional information in writing to its relevant Sub-Processor(s). Customer acknowledges that access to the Sub-Processor's premises or to information about the Sub-Processor's previous independent audit reports is subject to agreement from the relevant Sub-Processor, and that Company cannot guarantee access to that Sub-Processor's premises or audit information at any particular time, or at all. The purposes of an audit pursuant to this section 12 include verifying that Company and its Sub-Processor(s) are processing Personal Data in accordance with the obligations under this section 12.
13.1 This DPA is effective from the Effective Date of the Agreement.
13.2 This DPA shall remain effective until the Agreement is terminated or expired.
14.1 This DPA is governed, to the extent not provided for by GDPR, by the laws of the EU Member State where the Customer is based. For any controversy that may arise in relation to the interpretation and/or execution and/or termination of this DPA, the exclusive jurisdiction shall rest with the Courts provided by in the Agreement.
Postal address: 75E Santa Clara Street, 95113 San Jose
Certified e-mail: firstname.lastname@example.org
DPO e-mail: email@example.com
Nature of Processing: Use of the System, meaning Crystal.ai, the iGenius software driven by Artificial Intelligence.
Duration of Processing: Duration of the Main Contract. It must be pointed out that the Processor generally does not retain any copy of Customer's Personal Data, unless specifically requested by the Customer.
Purpose of Processing: Analyse Customer's Personal Data by means of machine learning and Artificial Intelligence provided through iGenius System, for the purpose of providing analytics insights.
Categories of Personal Data Processed: Common personal data submitted, posted, collected, transmitted or otherwise provided by or on behalf of Customer on Crystal Platform or directly to Data Exporter. The Data Importer Crystal Platform does not process any special category of data. It is the responsibility of the Data Exporter to not submit, post, collect, transmit or otherwise provide by or on behalf of Customer on Crystal Platform or directly to Data Exporter.
Data Subjects Categories: Customer Personnel, Customer clients and supplier representatives, any other third parties third parties whose personal data is submitted, posted, collected, transmitted or otherwise provided by or on behalf of Customer on Crystal Platform or directly to Data Exporter.
Upon request of Customer, Company is available to provide any further information necessary for the Customer to notify the infringement to the competent supervisory authority.
For the purposes of Article 26(2) of Directive 95/46/EC for the transfer of personal data to processors established in third countries which do not ensure an adequate level of data protection
The Customer, as defined in the Agreement
(the data exporter)
(the data importer)
each a ‘party’; together ‘the parties’,
HAVE AGREED on the following Contractual Clauses (the Clauses) in order to adduce adequate safeguards with respect to the protection of privacy and fundamental rights and freedoms of individuals for the transfer by the data exporter to the data importer of the personal data specified in Appendix 1.
For the purposes of the Clauses:
The details of the transfer and in particular the special categories of personal data where applicable are specified in Appendix 1 which forms an integral part of the Clauses.
The data exporter agrees and warrants:
The data importer agrees and warrants:
The Clauses shall be governed by the law of the Member State in which the data exporter is established.
The parties undertake not to vary or modify the Clauses. This does not preclude the parties from adding clauses on business related issues where required as long as they do not contradict the Clause.
This Appendix forms part of the Clauses and must be completed and signed by the parties.
The Member States may complete or specify, according to their national procedures, any additional necessary information to be contained in this Appendix 1.
The Data Exporter is the Customer, as defined within the Agreement.
The Data Importer is iGenius, Inc.
The Personal Data transferred concern the following categories of Data Subjects:
Customer Personnel, Customer clients and supplier representatives, any other third parties third parties whose personal data is submitted, posted, collected, transmitted or otherwise provided by or on behalf of Customer on Crystal Platform or directly to Data Exporter.
Categories of Data
The Personal Data transferred concern the following categories of Data:
Common personal data submitted, posted, collected, transmitted or otherwise provided by or on behalf of Customer on Crystal Platform or directly to Data Exporter.
Special Categories of Data (if appropriate)
The Data Importer Crystal Platform does not process any special category of data. It is the responsibility of the Data Exporter to not submit, post, collect, transmit or otherwise provide by or on behalf of Customer on Crystal Platform or directly to Data Exporter.
The Personal Data transferred will be subject to the following basic processing activities: automated collection, organisation, structuring, storage (if specifically requested by the Customer), consultation, use, disclosure to the Customer by transmission as well as alignment or combination.
This Appendix forms part of the Clauses and must be completed and signed by the parties
Description of the Technical and Organisational Security Measures implemented by the Data Importer and its Subprocessors in accordance with Clauses 4(d) and 5(c) (or document/legislation attached)
Requirement of Information Security
The Company, which according to the DPA processes Customer's Personal Data on behalf of the Customer, shall implement appropriate technical and organisational measures as stipulated in the Applicable Data Protection Law and/or measures imposed by relevant supervisory authority pursuant to Applicable Data Protection Law or other applicable statutory law to ensure an appropriate level of security.
The Company shall assess the appropriate level of security and take into account the risks related to the processing in relation to the Subscription Services under the Agreement, including risk for accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to Customer's Person Data transmitted, stored or otherwise processed.
All transmissions of Customer's Personal Data between the Company and the Customer or between the Company or and any third party shall be done at a sufficient security level as required under applicable law, or otherwise as agreed between the parties.