Last modified: 11 April 2018
If You are acting on behalf of a corporation or other legal entity (“Corporation”), You represent that You are authorized to act on behalf of such Corporation and that Your acceptance of the Terms creates a legally enforceable obligation of the Corporation. As used herein, “You” and “Your” refer to you and, where applicable, any Corporation on behalf of which you are acting.
PLEASE READ THE TERMS BEFORE EXECUTING A SERVICE FORM, USING THE SERVICES OR OPENING AN ACCOUNT. IF YOU DO NOT AGREE TO THE TERMS, YOU MUST NOT EXECUTE A SERVICE FORM, USE THE SERVICES OR OPEN AN ACCOUNT IN ANY MANNER WHATSOEVER.
1. THE SERVICES
1.1 Subject to Your compliance with the obligations under the Terms, we will provide You with access to the Services, for the duration set forth in the Service Form.
1.2 A Service Form is considered executed, and legally valid and binding upon the parties, when You have provided a signed Service Form (containing all necessary information) and we have accepted such Service Form.
1.3 By using the Services, You represent that: (a) You are at least 13 years old; (b) Your use of the Services will comply with the Terms and all laws and regulations applicable to Your use of the Services; (c) all information that You submit or post in order to use the Services is accurate (including without limitation, any registration information pursuant to Section 2 below), and that You will maintain the accuracy of such information at all times. If we are informed or have reason to believe that You are not eligible to use the Services or that You become ineligible or that the information you provided to us is not accurate, Your use of the Services may suspended or terminated without prior notice, and Your account may be suspended and/or deleted, at our sole discretion.
2.1 To access the Services, You must create a user account in the Platform (or we will create it for You). It is not permitted for multiple people to share an account, Your account may only be used by You.
2.2 If You are a Corporation, You may provide access to Projects for existing or new users, for the number of users included in the license and as specified in the Service Form. You will be deemed to have taken any action that You permit, assist or facilitate any person or entity to take related to the Terms, Content or use of the Services in relation to any Project. You are responsible for Your and any users’ use of Content and the Services in any Project.
2.3 The registration process may require You to provide information regarding, but not limited to, Your full name, e-mail address and phone number and, if You are a Corporation, basic company information and/or any other information we deem necessary. By registration to the Services, You represent and warrant that all registration information that You submit is accurate and truthful, and You agree to update and maintain the accuracy of such information at all times.
2.4 Each account is to be associated with a valid email address and account credentials. You are responsible for ensuring the confidentiality of Your account and password and for restricting access to Your account.
3.1 Subject to the terms and conditions of the Terms and applicable Service Form(s) and payment of all fees applicable to the license and Services, Peltarion hereby grants to You a worldwide, non-exclusive, non-transferable, non-sublicensable, fully revocable and limited licence during the term set forth in the Service Form to access and use the Services.
3.2 The license is granted for access and use by You and, if You are a Corporation, by the users (which may include Your authorized officers, employees, agents and subcontractors) as specified in the Service Form. The Services may only be used by users and You shall be fully liable and responsible under the Terms for any act or omission of users in any Project.
3.3 You shall, and shall ensure that anyone on Your behalf shall, (a) not sell, lease, transfer, assign, sublicense or distribute the Services, or any part thereof; (b) not reverse engineer, decompile, disassemble, or otherwise reduce to human-perceivable form the Services or any part thereof; (c) not modify, revise, enhance, or alter the Services or any part thereof; (d) not use the Services to advertise malicious content, spyware, cause of security breached, trojans or the like; (e) not copy, emulate or make derivative works, or allow copies, emulations or derivative works of the Services or any part of any of the foregoing to be made; (f) not indirectly use, access, launch or activate the Services and any program, code or any other technology, content, software, materials and/or documentation belonging to Peltarion, through or from, or otherwise incorporate them in, any software, application, site or other means; (g) not create or attempt to create a substitute or similar service or platform to the Services, through use of, or reference or access to, the Services or any of Peltarion’s intellectual property rights; and (h) not record via video, photograph, take screenshots, or otherwise make available the structure of the Services (platform, user interface, etc.) or tutorial videos of Peltarion to third parties.
We will use commercially reasonable efforts to ensure the Services’ availability. We will not be liable for: (a) scheduled downtime; or (b) any unavailability caused directly or indirectly by circumstances beyond our reasonable control, including without limitation, (i) force majeure events; (ii) Internet service provider or public telecommunications network failures or delays, or denial of service attacks; (iii) a fault or failure of Your or a user’s computer systems or networks; or (iv) any breach by You, or by any user in any Project, of the Terms.
5. TECHNICAL SUPPORT
If the Service Form states that the Terms includes an SLA, You are entitled to technical support by us as specified in the applicable SLA. If the Service Form does not include provision of support services, such services may, at our sole discretion and convenience, be provided to You in connection with the Services by us via email, from time to time, subject to the Terms. Without derogating from any provision herein, any support services provided to You by us are provided “as is” and on an “as available basis” and any implementation thereof by You shall be made at your own risk and responsibility.
6.1 You acknowledge and agree that You are responsible for the development, transmission, operation, maintenance and use of Content. You are further responsible for ensuring (a) that Content does not infringe any rights, title and ownership of any third party; (b) that Content does not contain content that Peltarion may deem unethical; (c) that Content is not unlawful or promotes unlawful activities; and (d) that You have obtained, and for maintaining, all rights, license and clearances necessary to utilize the Services as provided under the Terms, and to provide Content to Peltarion and any users and/or third parties through the Services, to the extent applicable.
6.2 We have the right to refuse or remove Content that, in our sole discretion, violates the Terms.
7. PAYMENT OBLIGATIONS
7.1 For the grant of the license and the provision of the Services, You shall pay Peltarion the fees set forth in any applicable Service Form(s). Upon execution by You and us, each Service Form is non-cancellable, and fees are non-refundable, except as provided in the Terms.
7.2 Except as expressly set forth in the applicable Service Form, subscription fees are invoiced annually in advance. The agreed subscription fee will be fixed for the duration of the payment term, however, subscription fees are subject to change at the end of a payment term.
7.3 You will pay (or reimburse Peltarion as the case may be) for all taxes related to or arising out of the Terms, including any sales, use, excise, gross receipts, property, privilege, value-added, or other federal, state or local taxes or tariffs (including any interest or penalties thereto) now in force or enacted in the future, except for those taxes collected from Peltarion and based on Peltarion’s income. You may not withhold or set off any fees due to Peltarion hereunder.
7.4 Peltarion may suspend the provision of the Services or any part thereof, if any fees due to be paid by You under the Terms are overdue, and Peltarion has given You at least fourteen (14) days written notice, following the amount becoming overdue, of its intention to suspend the Services on this basis.
8.1 We may suspend You and/or any user’s access to Projects, accounts and the Services (in whole or in part) if:
(a) We consider that You, or any user in a Project, are in breach of the Terms (including payment obligations under Section 7.1 and Your obligations under Section 6.1); or
(b) You become subject to any bankruptcy or company reconstruction, goes into liquidation or similar proceeding, otherwise may be considered to be insolvent.
8.2 If we suspend access to Projects, accounts and the Services (in whole or in part), You remain responsible for all fees and charges, as set out in the Service Form, that You incur during the period of suspension.
9. INTELLECTUAL PROPERTY RIGHTS
9.1 All right, title and interest in and to the Services (including the Platform), or any part thereof, including associated intellectual property rights, evidenced by or embodied in and/or attached, connected, or related to the any of the foregoing, from the moment of its creation, are and will remain the sole and exclusive owned property of Peltarion (or its licensors, as the case may be). The Terms do not convey any right, title or interest in and to the Services (including the Platform), except for the license granted in accordance with the Terms.
9.2 Subject to Section 9.3 and the Terms, we acknowledge and agree that we obtain no right, title or ownership in and to Content or Model, including any intellectual property rights which subsist in that Content and Model. You agree that You are responsible for protecting and enforcing such rights and that we have no obligation to do so on Your behalf.
9.3 You grant to us a non-exclusive, sub-licensable, royalty free, worldwide, perpetual and irrevocable license to use Content, Model and metadata originating from, and any method used by You in relation to, the training, development, creation and/or deployment of a Model and Your use of the Service (a) solely as necessary to provide the Services and to allow Peltarion to perform under, and in accordance with the Terms and any Service Form; and, excluding personal data; and (b) to compile aggregated statistics, reports and research for internal or marketing use and for development, improvements and/or evaluation of existing and/or additional or modified services, features and functionality with respect to the Services.
9.4 You may submit feedback, comments and ideas about the Services, including comments and ideas on how to improve the Services. If You provide feedback to us, all such feedback will be the sole and exclusive property of Peltarion. You hereby irrevocably assign and transfer to Peltarion all of Your right, title and interest in and to all feedback including all intellectual property rights therein. Peltarion shall have the right to, partly or in full, assign or license the rights acquired under this Section 9.4, and shall further have the right to freely use, adapt, amend or otherwise modify the feedback. By submitting feedback, You agree that the disclosure is gratuitous, unsolicited and without restriction and will not place Peltarion under any fiduciary or other obligation, and that Peltarion is free to use the feedback without any additional compensation to You, and/or to disclose the feedback on a non-confidential basis or otherwise to anyone.
10. WARRANTIES AND DISCLAIMER OF WARRANTIES
10.1 Each party represents and warrants to the other that (a) it has full power and authority to enter into the Terms, (b) the execution and delivery of the Terms has been duly authorised and (c) that it will, in all material respects, comply with applicable laws in the performance of the Terms and the usage of the Services.
10.2 We represent and warrant that the Services will be rendered using sound, professional practices and in a competent and professional manner.
10.4 EXCEPT AS SET FORTH IN SECTIONS 10.1 AND 10.2, PELTARION MAKES NO REPRESENTATIONS OR WARRANTIES OF ANY KIND, WHETHER EXPRESS OR IMPLIED OR OTHERWISE REGARDING THE USE, THE INABILITY TO USE OR OPERATE, OR THE RESULTS OF THE USE OF OPERATION OF THE SERVICES AND DISCLAIM ALL OTHER WARRANTIES, INCLUDING (A) OF SATISFACTORY QUALITY, FITNESS FOR A PARTICULAR PURPOSE, NON-INFRINGEMENT OR (B) THAT THE SERVICES WILL BE UNINTERRUPTED, ERROR FREE OR FREE OR HARMFUL COMPONENTS, AND (C) THAT CONTENT WILL BE SECURE OR NOT OTHERWISE LOST OR DAMAGED. PELTARION DOES NOT MAKE ANY REPRESENTATIONS REGARDING THE BENEFITS OR RESULTS THAT YOU OR ANY THIRD PARTIES SHALL OBTAIN FROM THE SERVICES.
11.1 You shall defend, indemnify and hold harmless Peltarion and its officers, directors, shareholder, employees, affiliates and agents from and against all costs, damages, losses and expenses, including reasonable attorneys’ fees and other legal expenses, arising from any third-party claim that: (a) Content and/or Model violates any third party rights, including without limitation, infringement or violation of the intellectual property rights or privacy rights of such third party; (b) Content is in violation with Section 6.1; (c) that You failed to obtain any necessary permit, license or consent in connection with the Terms; and/or (d) if You are a Corporation, stems from Your violation or alleged violation of any of Your warranties under the Terms.
11.2 As a condition to the defence and indemnity set forth above, Peltarion shall give You prompt notice of any such claim made against it and You shall be entitled, by written notice to such Peltarion, to assume sole control of the defence of any such claim, suit or proceeding, including appeals, negotiations and any settlement or compromise thereof, at its own expense, provided that (a) no settlement, consent order or consent judgment which involves any placement of a financial burden or admission of any liability or wrongdoing, act or omission on the part of Peltarion may be agreed to by You without Peltarion’s prior written consent; and (b) You shall keep Peltarion informed of the status and progress of such claim, the defence thereof and/or settlement negotiations with respect thereto. Peltarion shall give You all reasonable assistance, at Your cost and expense, necessary in connection with such defence.
12. LIMITATION OF LIABILITY
12.1 A party’s aggregate liability under the Terms will not exceed the aggregate fees actually paid by You to us under the Terms during the twelve (12) months period immediately preceding the date upon which the applicable cause of action arose.
12.2 Neither party will be liable for indirect, special, incidental or consequential damages including loss of profit, revenues, goodwill or loss resulting from business interruption or loss of data arising in connection with the Terms or the usage of the Services.
12.3 Nothing in these Terms shall operate to exclude or restrict either party’s liability for (a) any damage caused by wilful misconduct or gross negligence; (b) any specific indemnity undertakings under Section 11; (ii) any breach of payment obligations under Section 7.1; or (iii) any damage caused by breach of the confidentiality undertakings set forth in Section 16.
12.4 Further, we will not be responsible for any compensation or damages arising in connection with Your inability to use the Services as a result of any termination or suspension of the Terms or Your use of or access to the Services.
12.5 You accept full and sole responsibility for developing and implementing a satisfactory full data backup and a disaster recovery capability facilitating complete data recovery including restoration or reconstruction of all its lost or altered files data or programs, and the security of all Your Confidential Information, Content and personal data.
12.6 YOU ACKNOWLEDGE THAT THE SERVICES ARE PERFORMED VIA THE PLATFORM AUTOMATICALLY, BASED, INTER ALIA, ON THE SPECIFICATIONS AND CRITERIA PROVIDED BY YOU. AS SUCH, YOU SHALL HAVE NO CLAIM AGAINST PELTARION IN CONNECTION WITH THE RESULT OF THE SERVICES AND MODEL.
13. TERM AND TERMINATION
13.1 The Terms shall enter into force when accepted by You and will continue for the period set forth under the Service Form, unless terminated earlier as provided in the Terms or the Service Form.
13.2 You may terminate the Terms for convenience by providing notice to us. We may terminate the Terms for convenience with three (3) months’ notice before the end of a payment term.
13.3 We may terminate the Terms, for cause, by giving written notice to You, if You materially breach Your obligations under the Terms and such breach is incapable of remedy, or, if the breach is capable of remedy and You do not remedy the breach within fourteen (14) days of notice of such breach. If we have suspended You in accordance with Section 8.1, You will be deemed to be in material breach of the Terms.
14. EFFECTS OF TERMINATION
14.1 Upon the Termination Date (a) all rights and the license granted herein, and any Service Form, shall terminate immediately; (b) each party shall promptly return to the other party, or destroy and certify in writing to the other party of the destruction of all Confidential Information; (c) You shall immediately cease to use the Services and shall purge from its systems and websites any traces of the Services; (d) You shall remit in full all payments due to Peltarion according to the Terms and all Service Forms (i.e. we will not refund any subscription fees prepaid by You for a period following the Termination Date), and following such final payment, neither party will be entitled to receive any payment from the other party.
14.2 You are solely responsible for retrieving Content and Model(s) from the Services prior to the Termination Date. For 90 days following the Termination Date and subject to additional fees payable by You to Peltarion, You may retrieve any remaining Content and Model(s) from the Services. Unless we are required to keep Content, Model or any other information, we will delete Your account, Content and Model within 90 days after the Termination Date. After such period the information cannot be recovered or recreated.
15. SECURITY AND DATA PROTECTION
15.1 The Services are subject to security measures in line with industry best practice and we will take any reasonable steps and precautions against security breaches.
15.2 If and to the extent that You are a Corporation and Content contains personal data, within the meaning of applicable data privacy laws (including the General Data Protection Regulation, as supplemented, varied and/or amended), the Data Processing Agreement, Annex 1, applies to such processing of personal data. The parties acknowledge that Peltarion is a blind service provider and that it will not be able to control what Content that You upload to the Services and use in connection with the Services. You are thereby responsible for informing us of the existence of personal data within Content, in the Service Form or by notice to us.
15.4 Peltarion is the data controller for personal data relating to Your account (such as contact details and credentials). We will process such personal data in accordance with the privacy notice provided to You when You registered Your account.
16.1 Neither party shall disclose any Confidential Information to any third party other than employees, agents and/or independent contractors to whom disclosure is reasonably required provided that such individuals and entities have agreed, under an executed agreement, to keep such information confidential in the same or a substantially similar manner as provided for in the Terms. Neither party will use any Confidential Information except as expressly permitted by, or as required to achieve the purposes of the Terms. Each party will take reasonable security precautions to protect and safeguard the Confidential Information of the disclosing party against any unauthorized use, disclosure, transfer or publication, with at least the same degree of care and precaution as it uses to protect its own Confidential Information of a similar nature, but in no event with less than reasonable care.
16.2 A party shall notify the other party upon discovery of any unauthorized use or disclosure of Confidential Information and take reasonable steps to regain possession of the Confidential Information and prevent further unauthorized actions or breach of the Terms. Nothing in the Terms shall prevent a receiving party from disclosing Confidential Information it received hereunder pursuant to a binding order of a government agency or a court, provided that the receiving party (a) notifies the disclosing party of such release or disclosure with as much notice as reasonably possible so that such disclosing party may seek a protective order or other appropriate remedy; and (b) uses reasonable efforts to limit such release or disclosure only to the extent required.
16.3 The provisions of this Section 16 shall continue in force for a period of five (5) years following the termination or expiration of the Terms, or indefinitely, with respect to any Confidential Information which constitutes a trade secret or remains in receiving party’s possession.
17.1 Entire agreement
The Terms and the policies incorporated by reference constitute the entire agreement between You and us regarding the subject matter of the Terms. The Terms supersedes all prior or contemporaneous representations, understandings, agreements, or communications between You and us, whether written or verbal, regarding the subject matter of the Terms.
We may change the Services from time to time and/or modify the Terms at any time. We will notify You of any material change of the Services. If You continue to use the Services after such notification, You agree to the change. If You do not agree, then You may not continue to use the Services. If we require some action from You (such as active acceptance) of modifications to the Terms, You may be unable to continue the use of the Services until You have taken such action.
17.3 Force Majeure
We will not be liable for any delay or failure to perform any obligation under the Terms where the delay or failure results from any cause beyond our reasonable control, including labour disputes or other industrial disturbances, electrical or power outages, utilities or other telecommunications failures, earthquake, storms or other elements of nature, blockages, embargoes, riots, acts or orders of government, acts of terrorism, or war, including if such event(s) applies to a subcontractor to us.
None of the parties may use or disclose the other party’s company name and trade mark externally for promotional purposes, unless otherwise agreed.
17.5 Relationship of the Parties
The parties are independent contractors. The Terms does not create a partnership, franchise, joint venture, agency, fiduciary or employment relationship between the parties.
We may provide any notice to You under the Terms by sending a message to the email address then associated with Your account. Notices we provide by email will be effective when we send the email. It is Your responsibility to keep Your email address current. You will be deemed to have received any email sent to the email address associated with Your account.
To give us notice under the Terms, You must contact us by e-mail to email@example.com.
17.7 Severability, no waiver, and survival
If any provision of the Terms is held invalid or unenforceable, that provision will be construed to reflect the parties’ original intent. The remaining provisions of the Terms will remain in full force and effect. Any failure on of Peltarion to enforce any provision of the Terms will not constitute a present or future waiver of such provision nor limit our right to enforce such provision at a later time. Terms and conditions contained in the Terms that are expressed or by their sense and context are intended to survive the expiration or termination of the Terms (including, the confidentiality undertakings under Section 16 and the data protection clauses under Section 15) shall so survive.
17.8 Governing law and dispute resolution
17.8.1 Except to the extent You are a natural person and applicable mandatory local law provides otherwise, the Terms (including the access, usage and delivery of the Service) shall be governed and construed in all respects in accordance with the substantive laws of Sweden without regard to its principles governing conflicts of laws.
17.8.2 Subject to Section 17.8.3, any dispute, controversy or claim arising out of or in connection with the Terms, or the breach, termination or invalidity thereof, shall be finally settled by arbitration in accordance with the Arbitration Rules of the Arbitration Institute of the Stockholm Chamber of Commerce (SCC). The Rules for Expedited Arbitrations shall apply, unless the SCC in its discretion determines, taking into account the complexity of the case, the amount in dispute and other circumstances, that the Arbitration Rules shall apply. In the latter case, the SCC shall also decide whether the Arbitral Tribunal shall be composed of one or three arbitrators. The seat of arbitration shall be Stockholm, Sweden. The language to be used in the arbitral proceedings shall be the English language.
17.8.3 If You are a natural person, any dispute, controversy or claim arising out of or in connection with the Terms, or the breach, termination or invalidity thereof, shall be settled by Swedish general courts, with Stockholm city court as the first instance, unless applicable mandatory local law provides otherwise.
“Confidential Information” means any and all information disclosed, provided or made accessible by, or on behalf of, one party to the other party which is not in the public domain, or regarding past, present, or future business plans, technical, financial or other proprietary or confidential information of the disclosing party, or which, given the nature of the information or material, or the circumstances surrounding the disclosure or provision, reasonably should be understood to be confidential or proprietary, as well as improvements, derivatives, upgrades, updates, and know-how related thereto. Confidential Information does not include information that: (i) is already or becomes generally known or available to the general public through no act or omission by the receiving party in breach of the Terms; (ii) is already known to the receiving party at the time of disclosure without breaching any confidentiality obligation, as such may be evidenced in the receiving party’s written records; (iii) is rightfully disclosed to the receiving party by a third party, who is not, to the knowledge of the receiving party, in breach of an obligation of confidentiality; or (iv) is independently developed by the receiving party without use of, reference to, any of the Confidential Information of the disclosing party, as such may be evidenced in the receiving party’s written records.
“Content” means any data that You have uploaded to the Services, including machine images, text, audio, graphics, photo, video and/or audio material or combination thereof.
“Data Processing Agreement” means the data processing agreement attached as Annex 1 to the Terms.
“Model” means a machine learning model uploaded or created and developed by You by using the Services or, where a machine learning model has been trained, developed and created on the basis of a pre-trained model or topology made available by Peltarion on the Platform (i.e. as is included in the Services), that has achieved a level of originality required to confer copyrights to You.
“Platform” means the cloud platform available at peltarion.com.
“Project” means any project initiated and/or held by Your Corporation on the Platform to which Your users, as specified in the Service Form, have been provided access.
“Service Form” means a transaction document identifying terms for the Services (including if applicable any technical support services) and license, such as, the number of users, the applicable subscription fee and payment terms, and Service term.
“Services” means the Platform and the machine learning software which will be provided by Peltarion to You as a software-as-a-service via the internet in accordance with the Terms and the Service Form. The Services include any core and surrounding software, pre-trained machine learning model and topology, any documentation, technical and user manuals and other materials and tutorials made available on the Platform by Peltarion.
“Termination Date” means expiration or termination of the Terms and/or any Service Form for any reason.
“Terms” means these terms and conditions (including all annexes and policies incorporated by reference) and the Service Form.
DATA PROCESSING AGREEMENT
This Data Processing Agreement (the “DPA”) forms part of the Terms under which Peltarion AB (“Peltarion”) makes available the Services to the Corporation as specified in the Service Form (the “Controller”).
1.1 This DPA shall only apply if and to the extent Content uploaded in Projects to the Services contains any personal data within the meaning of Applicable Legislation. The Controller is aware of that the Services are cloud based. Hence, personal data is only stored and processed by Peltarion if, and to the extent, the Controller, or users in the Controller’s Projects, submits personal data to the Services.
1.2 The Controller acknowledge that Peltarion will not be able to control what Content the Controller uploads to the Services. The Controller is responsible for informing Peltarion of the existence of personal data (including any special categories of personal data) within Content, in the Service Form or by notice to Peltarion.
1.3 The Controller is the data controller in relation to the processing of the personal data. Peltarion is a data processor, processing the personal data on behalf of the Controller.
2.1 Unless otherwise defined below, terms used in this DPA shall have the meanings given to them in the Applicable Legislation (as defined below) and in the Terms.
“Applicable Legislation” means (i) until and including 24 May 2018, the Swedish Personal Data Act (1998:204) (DPA), (ii) from and including 25 May 2018, the GDPR and (iii) any applicable supplementary legislation to the PDA or the GDPR.
“Data” means any personal data (as defined in Applicable Legislation) contained in Content uploaded by the Controller, or any user under a Project, to the Services.
“GDPR” means Regulation (EU) 2016/679 of the European Parliament and the Council as amended, supplemented and/or varied from time to time.
3. INSTRUCTIONS AND DETAILS OF THE PROCESSING
3.1 Peltarion shall process Data in accordance with the Controller’s written instructions. The Parties agree that that this DPA is the Controller’s complete and final instructions to Peltarion in relation to processing of Data.
3.2 Any additional instructions by the Controller must be in writing and may be subject to additional fees payable by the Controller to Peltarion for carrying out such instructions. The Controller is entitled to terminate the Terms in accordance with Section 13 of the Terms if Peltarion declines to follow instructions requested by the Controller.
3.3 In the event that Peltarion considers that any additional instruction violates Applicable Legislation, Peltarion shall refrain from acting on such instructions and shall promptly notify the Controller thereof and await amended instructions.
3.4 Details of the processing of Data:
(a) Purpose of the processing. The purpose of the processing is to provide the Services in accordance with the Terms.
(b) Nature of the processing. Hosting, storage and provision of the Services and technical support.
(c) Duration of the processing. During the term set out in the Service Form, unless otherwise instructed by the Controller.
(d) Type of personal data. Any Data that the Controller includes in Content (in the form of data sets).
(e) Categories of data subjects. Any categories of data subjects that the Controller includes in Content.
3.5 Peltarion shall not process the Data for any other purposes or in any other way than as instructed by the Controller in writing.
4. THE CONTROLLER’S OBLIGATION TO PROCESS DATA LAWFULLY
The Controller shall obtain explicit and legally valid consents from each data subject for the processing of the Data or ensure that another legal ground recognized under Applicable Legislation applies for processing of the Data. The Controller shall further meet all other obligations of a controller under Applicable Legislation (including requirements to properly inform the data subjects of the processing of the Data).
5. SECURITY MEASURES
5.1 The Services are subject to security measures in line with industry best practice and Peltarion will take any reasonable steps and precautions against security breaches.
5.2 Peltarion has implemented and will maintain appropriate technical and organizational measures to protect the Data. The security measures shall ensure that the Data is protected against destruction, modification and proliferation. Peltarion shall further ensure that each system, in which Data is processed, is protected against unauthorized access and that access events are logged and traceable.
5.3 Peltarion shall ensure (a) that only authorized employees who need access to the Data in order for Peltarion to provide the processing services under this DPA have access to the Data, (b) that the authorized employees process the Data only in accordance with this DPA and the Controller’s instructions and (c) that each authorized employee is bound by a confidentiality undertaking towards Peltarion in relation to the Data.
5.4 If Peltarion becomes aware of a personal data breach, Peltarion will notify the Controller without undue delay and will take reasonable steps to mitigate the effects of the personal data breach. Furthermore, taking into account the nature of processing and the information available to Peltarion, Peltarion will assist the Controller in ensuring compliance with the Controller's obligations to (a) document any personal data breach, (b) notify the applicable supervisory authority of any personal data breach and (c) communicate such personal data breaches to the data subjects, in accordance with Applicable Legislation. Any assistance provided by Peltarion under this Section 5.4 shall be at the sole cost of the Controller.
6. PELTARION’S OBLIGATIONS TO ASSIST
6.1 Taking into account the nature of the processing, Peltarion shall assist the Controller with the fulfilment of the Controller’s obligation to ensure that the data subjects may exercise their rights under Applicable Legislation by ensuring appropriate technical and organizational measures. The Controller acknowledges that, given that the Data is uploaded to the Services in complete data sets, it is not technically possible for Peltarion to erase, correct or restrict the processing of specific pieces of Data in a data set. If a data subject requests that the Controller erases, corrects or restricts the processing of specific pieces of Data in a data set, the Controller must erase the data set from the Services and upload a new data set excluding the relevant pieces of Data. Any assistance provided by Peltarion under this Section 6.1 shall be at the sole cost of the Controller.
6.2 If a data subject, supervisory authority or any third party requests information from Peltarion regarding the processing of Data, Peltation will refer such request to the Controller and await further instructions from the Controller. Peltarion may not represent, or act on behalf of, the Controller in relation to any data subjects, supervisory authority or third party.
6.3 Taking into account the nature of processing and the information available to Peltarion, Peltarion shall further assist the Controller in relation to the Controller’s obligations to ensure security of the processing, carry out impact assessments regarding data protection and participate in prior consultations. Any assistance provided by Peltarion under this Section 6.3 shall be at the sole cost of the Controller.
7.1 Peltarion may engage third parties to process Data or any part thereof on its behalf (“Sub-Processor”). Peltarion’s website lists the Sub-Processors currently engaged.
7.2 If Peltarion intends to appoint or replace a Sub-Processor, Peltarion will notify the Controller in writing at least 30 days before the appointment of the Sub-Processor. The notification shall contain information on such Sub-processor’s (a) name and contact information, (b) provision of services to Peltarion and (c) location for processing of Data. If the Controller objects to the appointment of the Sub-Processor, Peltarion shall inform the Controller of whether the Sub-Processor, despite the objection, will be appointed by Peltarion. If so, the Controller may terminate this DPA and the Terms in accordance with Section 13 of the Terms.
7.3 Peltarion will enter into a written agreement with every Sub-Processor pursuant to which the Sub-Processor undertakes obligations at least reflecting those undertaken by Peltarion under this DPA. Notwithstanding the foregoing, in exceptional cases and when the circumstances so require, the Controller consents to Peltarion entering into a Sub-Processor’s standard form data processing agreement for the processing of Data, provided that such agreement meets all requirements under Applicable Legislation. In such case, Peltarion shall notify the Controller thereof in connection with the notification pursuant to Section 7.2.
8. TRANSFERS TO THIRD COUNTRIES
8.1 The Processor may transfer Data outside the EU/EEA. If Peltarion transfers Data outside the EU/EEA, or engages a Sub-Processor to process Data outside of the EU/EEA, Peltarion shall ensure that at least one of the following prerequisites is fulfilled:
(a) the receiving country has an adequate level of protection of personal data as decided by the European Commission,
(b) the transfer is subject to the European Commission’s standard contractual clauses for transfer of personal data to third countries, or
(c) for transfers to the United States, the receiving legal entity is certified under the EU-U.S. Privacy Shield.
8.2 In the event of a transfer of Data outside the EU/EEA initiated by Peltarion, Peltarion shall demonstrate that a valid legal ground applies to the transfer.
9.1 Any information provided or made available by Peltarion to the Controller under this Section 9 is deemed Confidential Information and may not be disclosed by the Controller, unless Peltarion has approved such disclosure in writing.
9.2 Peltarion will make available to the Controller all information necessary to demonstrate its compliance with the obligations laid in this DPA. Peltarion will, at its own cost, use external auditors to verify the adequacy of its security measures. Audits will be performed on a regular basis, or when considered necessary by Peltarion, and result in an audit report. Peltarion will make available the most current audit report upon the Controller’s request.
9.3 The Controller shall, with at least 20 days’ written notice, be entitled to carry out an audit of Peltarion’s processing of Data, if the Controller has reason to believe that Peltarion fails to comply with this DPA. Peltarion undertakes to assist the Controller and disclose all information necessary for the Controller to carry out such an audit. Any on-site audit shall be performed by an independent third party agreed between the parties and be subject to the confidentiality and security restrictions as deemed necessary by Peltarion. The Controller shall carry all costs for an audit.
10. RETURN AND DELETION OF DATA
You may retrieve Data from the Services up until the Termination Date. For 90 days following the Termination Date and subject to additional fees payable by the Controller to Peltarion, the Controller may retrieve any remaining Data from the Services. Peltarion will delete any and all Data from the Services no later than 90 days after the Termination Date.
This DPA shall, notwithstanding the term of the Terms, enter into effect when Peltarion commences to process Data on behalf of the Controller and shall terminate when the Controller has retrieved Data and/or Peltarion has erased Data in accordance with Section 10 above.
1.2 The legal framework for processing of your Personal Data is set out in the EU General Data Protection Regulation 2016/679, as amended, supplemented and/or varied from time to time, and other applicable national legislation in relation to processing of personal data (“Applicable Legislation”).
2. ROLES AND OBLIGATIONS
2.2 You acknowledge that we will not be able to control what Content You upload to the Services and use in connection with the Services. You are responsible for informing us of the existence of Content Personal Data (including any special categories of Personal Data), in the Service Form or by notice to us.
2.3 For the purposes of Applicable Legislation, You are the person who decides what Content Personal Data is collected and how is it used. This means that you are obliged to comply with any and all requirements under Applicable Legislation in relation to use of Content Personal Data when using the Services, and related collection and storage of Content Personal Data.
2.4 We, and our subcontractors, process Content Personal Data on your behalf, solely for the purposes of providing the Service to you (including for developing and testing changes or additions to features, functionality or security of the Service and similar services) and for no other purpose whatsoever. We claim no rights to your Content Personal Data, and You can choose to delete all your Content Personal Data at any time. When processing Content Personal Data for this limited purpose, we act as a data processor under Applicable Legislation and commit to the obligations set out in Section 3 below.
2.5 In addition to our processing of your Content Personal Data, as set out above in this Section 2, we will also process certain Personal Data relating to you as a user. When processing such user Personal Data, we act as a controller under Applicable Legislation. You have received mandatory information on our processing of such user Personal Data when registering a user account at the Platform.
3. OUR OBLIGATIONS AS PROCESSOR
3.1 When processing your Content Personal Data, we will:
(a) Process the Content Personal Data only for the purposes of providing the Service to you (including for developing and testing changes or additions to features, functionality or security of the Service and similar services), and for no other purposes whatsoever.
(b) Always grant you access and full control and ownership to your Content Personal Data.
(c) Keep the Content Personal Data confidential, limit access to it on a need-to-know basis, and not disclose it to any third party, except as permitted in Section 4 below.
(d) Comply with all Applicable Legislation with respect to the processing of your Content Personal Data.
(e) Maintain appropriate technical and organization security standards to protect your Content Personal Data from accidental or unlawful destruction, loss, damage, modification, disclosure or unauthorised access, both in relation to transmission of your Content Personal Data over a network (however, we will not be liable for any circumstances attributable to your internet service provider or telecommunication networks providers) and to storage of your Content Personal Data.
(f) Ensure that any engaged subcontractor is contractually obliged to observe the same legal obligations and to protect your Content Personal Data in the same way as we do, by executing appropriate data processing agreements. Peltarion’s website lists the Sub-Processors currently engaged.
3.2 We may anonymize your Content Personal Data (meaning that it can no longer identify any data subject) and may also aggregate it with other anonymized Content Personal Data, for our analysis and improvement of the Service and the use thereof by our customers, or development of new services. When doing so, it will no longer be considered Content Personal Data for the purposes of this Section 3.
4. SHARING CONTENT PERSONAL DATA WITH THIRD PARTIES
4.1 We may share your Content Personal Data with a subcontractor when needed to supply the Service to you, for e.g. purposes of storage of Content Personal Data or troubleshooting and correction of any defects in the Service.
4.2 We may have to disclose your Content Personal Data to government, public authorities, statutory or regulatory bodies and enforcement bodies, when compelled to do so under any mandatory obligation under Applicable Laws, such as a court order. We will seek to protect your Content Personal Data to the extent possible but ultimately will have to comply with any such mandatory obligation.
5. TRANSFER OF YOUR PERSONAL DATA OUTSIDE THE EEA
We will only transfer and process your Content Personal Data to and in a country outside the European Economic Area (EEA) where we have ensured that such transfer and processing outside the EEA is legal under Applicable Legislation, e.g. by (i) executing EU standard data protection clauses with the recipient of the Content Personal Data, or (ii) ensuring that the country has an adequate level of protection of Personal Data, as decided by the EU Commission, or (iii) for transfers to and processing in the USA, ensuring that the recipient holds self-certifying registrations under the EU-U.S. and the Swiss-U.S. Privacy Shield Frameworks administered by the U.S. Department of Commerce's International Trade Administration.
6. FOR HOW LONG DO WE STORE YOUR PERSONAL DATA?
We will store your Content Personal Data until you delete/retrieve it, however in no event longer than 90 days after termination of the Terms.