InContexto Terms of Use Agreement

This Terms of Use Agreement (the “TOU”) is between Wojciech Pomykała, with an address at Woronicza 33B, 02-640 Warsaw, Poland (“InContexto” or the ”Platform”) and the customer agreeing to these terms (“Customer”). InContexto and the Customer are each referred to as a “Party” and collectively as the “Parties.” This TOU governs access to and use of the Services and any Beta Services, if applicable. This TOU, any Service Specific Terms, and the Data Processing Agreement are collectively referred to as the “Agreement.”

By clicking “I agree,” or subscribing and using the Services, you agree to the Agreement as a Customer.

1. Definitions

  1. “Account Data” means the account and contact information submitted to InContexto in order for the Customer to create an account on the Platform.
  2. “Adhocs” means any additional features, components, services, or functionalities for use with certain Services.
  3. “Agreement” means, collectively, this TOU, the Data Processing Agreement, and any Service Specific Terms entered into by the Parties.
  4. “Claim” means a claim by a third party, including a regulatory penalty.
  5. “Confidential Information” means information disclosed by one Party to the other Party that is identified as confidential at the time of disclosure or should be reasonably known by the Receiving Party to be Confidential Information due to the nature of the information disclosed and the circumstances surrounding the disclosure. Any performance information relating to the Service and the terms and conditions of this Agreement shall be deemed Confidential Information of InContexto without any marking or further designation.
  6. “Customer Data” means Stored Data, Account Data, and messages, comments, structured data, images, and other content submitted to or generated by the Services by the Customer.
  7. “Data Processing Agreement” means the data processing agreement set out in Appendix A of this Agreement.
  8. “Data Processor” means a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller, i.e. InContexto.
  9. “Data Protection Laws” consist, in particular, of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC, i.e., the General Data Protection Regulation (hereinafter referred to as the ‘GDPR’), and any other relevant data protection and privacy legislation which is applicable during the term of this Agreement, insofar as the same relates to the provisions and obligations of this Agreement.
  10. “Disclosing Party” means the Party disclosing Confidential Information to the other Party.
  11. “EEA” means European Economic Area.
  12. “Effective Date” means the date this TOU is entered into by the Parties, through the purchasing of a subscription by the Customer.
  13. “Feedback” means any feedback, comments, or suggestions on the Services or Beta Services that Customer may send InContexto. Feedback may include oral or written comments, suggestions, error reports, and analysis.
  14. “Fees” means the amounts invoiced to Customer by InContexto.
  15. “Initial Services Term” means the term for the applicable Services beginning on the Provisioning Date and continuing for the duration set forth on the Order Form.
  16. “Intellectual Property Rights” means current and future worldwide rights under patent, copyright, trade secret, trademark, moral rights, and other similar rights.
  17. “Personal Data, “Process,” and “Processing” have the meaning given to those terms in the Data Protection Laws.
  18. “Provisioning Date” is the date upon which InContexto makes the Services available to Customer.
  19. “Receiving Party” means the Party receiving Confidential Information from the other Party.
  20. “Renewal Term” means, unless otherwise agreed to in writing by the Parties, the renewal term of the same duration as the Initial Services Term or preceding Renewal Term.
  21. “Saved Content”: Refers to phrases and sentences that Customers of the Service choose to store or retain for personal use through the Service. Saved Content is considered private and confidential, and it is not shared with other users or third parties, unless otherwise specified in accordance with this agreement.
  22. “Security Measures” means the technical and organizational security measures implemented by InContexto for the applicable Services
  23. “Services” means the services subscribed to by Customer
  24. “Services Term” means the Initial Services Term and all Renewal Terms for the applicable Services.
  25. “Service Limits” means rate, storage, End User, or other limits on Customers’ use of the.
  26. “Software” means the software provided as part of the Services, either directly by InContexto or through third-party distribution channels such as app stores.
  27. “Stored Data” means the files uploaded to the Services by Customer.
  28. “Subcontractor” means an entity to whom InContexto subcontracts any of its obligations under the Agreement.
  29. “Taxes” means any sales, use, value-added, goods and services, consumption, excise, local stamp, or other tax (including but not limited to ISS, CIDE, PIS, CONFINS), duty or other charge of any kind or nature excluding tax that is based on InContexto’s net income, associated with the Services or Software, including any related penalties or interest.
  30. “Term” means the term of the Agreement, which will begin on the Effective Date and continue until the earlier of: (i) the end of all applicable Services Terms; or (ii) the Agreement is terminated as set forth herein.
  31. “Withholding Taxes” mean any income taxes that are imposed on InContexto or Customer’s reseller in which Customer is required by law to withhold or deduct on the payment to InContexto or Customer’s reseller.

2. Services

Provision. The Agreement governs access to, and use of the Services, and any associated Software. Customer may access and use the Services in accordance with the Agreement. Users of this service may save phrases and sentences for personal use (“Saved Content”). Saved Content is considered private and confidential and shall not be shared with other users or third parties.

Service Specific Terms. Certain Services, or portions thereof, may be subject to additional terms, including third-party terms and conditions, that are specific to the particular Services and are set forth in the Service Specific Terms. By accessing or using Services covered by any Service Specific Terms, you agree to the applicable Service Specific Terms. If there is a conflict between these Terms and the Service Specific Terms, the Service Specific Terms will control with respect to the applicable Services or portions thereof.

Modifications. InContexto may update the Services from time to time. If InContexto changes the Services in a manner that materially reduces their functionality it will notify the Customer and Customer may provide notice within 15 days of the change to terminate the Agreement. InContexto may add additional features to enhance the user experience of the Services at no additional charge however, these free features may be withdrawn without further notice.

3. Subscriptions

Services Term. The Services are sold on a subscription basis. InContexto will deliver the Services throughout the Services Term.

4. Customer Obligations

Provisioning. Customer has to register for Customer account in order to subscribe to access or use the Services. Account information must be accurate, current, and complete, and Customer agrees to keep this information up-to-date.

Responsibility. Customer is responsible for maintaining the confidentiality of passwords, accounts, and access to accounts. InContexto’s responsibilities do not extend to the internal management or administration of the Services for Customer accounts.

User Data Responsibility. Customers must exercise caution when highlighting or saving any personal or sensitive data while using this service. As certain aspects of the service entail the transmission of data to third-party entities for processing, users are hereby advised that they must refrain from sending personal data through the platform. The responsibility for ensuring that no content containing personal or sensitive information is saved or transmitted lies solely with the Customer.

Content Usage and Copyright Responsibility. Customers are obliged to ensure that they possess the requisite rights to the content they browse and save through the platform. It is expressly acknowledged that the InContexto does not undertake any verification of the legality of the content accessed or preserved by users. Consequently, Customers are required to exercise due diligence and remain aware of any copyright and intellectual property right restrictions, taking all necessary measures to avoid any infringement thereof.

Restrictions. Customer will not:

  1. sell, resell, or lease the Services, Software, or End User Licenses; reverse engineer the Services or Software, or attempt or assist anyone else to do so, unless this restriction is prohibited by law;
  2. reverse engineer the Services or Software, or attempt or assist anyone else to do so;
  3. violate or circumvent any Service Limits of the Services or otherwise configure the Services to avoid Service Limits;
  4. access the Services for the purpose of building a competitive product or service or copying its features or user interface;
  5. use the Services for evaluation, benchmarking, or other comparative analysis intended for publication without prior written consent;
  6. remove or obscure any proprietary or other notices contained in the Services, including in any reports or output obtained from the Services;
  7. use or permit the Services to be used for any illegal or misleading purpose.


Compliance
. Customer will comply with laws and regulations applicable to Customer’s use of the Services. Customer will not take any action that would cause InContexto to violate EU Data Protection Laws, or any other applicable data protection, intellectual property, antibribery, anticorruption, or anti-money laundering law. Customer must satisfy itself that: (i) the Services are appropriate for its purposes, taking into account the nature of the Customer Data; and (ii) the technical and organizational requirements applicable to InContexto under EU Data Protection Laws or other data protection laws, if applicable, are satisfied by the Security Measures and the Agreement.

Third Party Apps and Integrations. Some parts of the Services depend on third-party APIs. The application incorporates third-party services to perform essential functions such as translations, interpretations, and payment processing. InContexto does not guarantee the uptime or availability of such APIs. If the Customer uses any third-party service or applications, such as a service that uses an API, with the Services:

  1. InContexto will not be responsible for any act or omission of the third party, including the third party’s access to or use of Customer Data;
  2. InContexto does not warrant or support any service provided by the third party. Customer will comply with any API limits associated with the Services plan purchased by Customer.

Data Sharing: Customers should be aware that information they highlight or input into the application may be shared with third-party services to facilitate core functionalities. It is strongly advised that Customer refrain from sharing personal or sensitive information through the application.
Service Dependencies: The functionality of various features within the application relies on the availability and performance of third-party services. In the event that a third-party service becomes unavailable, certain features of the application may be impacted.

5. Customer Data

Customer Data Use. This Agreement constitutes Customer’s instructions to InContexto to process Customer Data. InContexto, InContexto personnel and its Subcontractors will only process, access, use, store, and transfer Customer Data as Customer instructs in order to deliver the Services and to fulfil InContexto’s obligations in the Agreement. If Customer accesses or uses multiple Services, Customer acknowledges and agrees that InContexto may transfer Customer Data between those Services. The processing by InContexto in the provision of Services under this Agreement shall be regulated in accordance with the terms of the Data Processing Agreement (Appendix A).

Security Measures. InContexto is built with multiple layers of security to protect your data which is stored on Google Cloud Platform and the other SubProcessors, as applicable and as listed in the Data Processing Agreement (Appendix A) and their industry-leading servers, ensuring maximum security and durability.

Aggregate/Anonymous Data. Customer agrees that InContexto will have the right to generate aggregate and anonymous data based on Customer’s use of the Services and this data is owned by InContexto. InContexto may use this data for its business purposes during or after the term of this Agreement (including without limitation to develop and improve InContexto ’s products and services and to create and distribute reports and other materials). For clarity, InContexto will not disclose any aggregate or anonymous data externally in a manner that could reasonably identify Customers.

6. Backup and Data Recovery Clause

Data Preservation and Recovery Measures. The application employs data preservation and recovery methods, including the utilization of “point-in-time recovery” database features, to safeguard and restore Customer’s data to the best of its abilities.

No Guarantees of Infallibility. Customers are hereby informed that the application’s data backup mechanisms, including “point-in-time recovery,” do not provide absolute guarantees of infallibility. Customers are strongly advised against inputting sensitive or critical data into the application, understanding that unforeseen circumstances may affect data preservation and recovery.

Customer Responsibility for Data. It is the Customer’s sole responsibility to maintain external copies of any valuable or critical information they input into the application. The application and its owner shall not be held liable for any data loss, regardless of the circumstances, and Customers expressly acknowledge and accept this limitation of liability.

Compliance with Applicable Laws. Customers shall use the application in accordance with all applicable laws and regulations, including those governing data protection and privacy.

Amendment and Notice. The application and its owner reserve the right to amend this Backup and Data Recovery Clause at any time. Customers will be provided with notice of any changes to this clause, and continued use of the application after such notice shall constitute acceptance of the revised terms.

Contact Information. For inquiries or concerns related to data preservation, recovery, or any other matters, Customers may contact contact@incontexto.com.

7. Confidentiality

Use and Non-Disclosure. Except as expressly authorized herein, the Receiving Party will hold in confidence and not use or disclose any Confidential Information. Each Party, as the Receiving Party, will: (i) take reasonable measures to protect the Disclosing Party’s Confidential Information including at least those measures it takes to protect its own confidential information of a similar nature; and (ii) not disclose Confidential Information to any third parties. A Party may disclose Confidential Information to its employees, advisors and consultants who have a need to know the Confidential Information, if that employee, advisor, or consultant is bound to restrictions at least as protective of the other Party’s Confidential Information as those set forth in this Agreement.

Exceptions. Confidential Information does not include information that: (i) is or becomes generally known or available to the public, through no act or omission of the Receiving Party; (ii) was known, without restriction, prior to receiving it from the disclosing Party; (iii) is rightfully acquired from a third party who has the right to disclose it and who provides it without restriction as to use or disclosure; (iv) or is independently developed without access to any Confidential Information of the Disclosing Party. InContexto reserves the right to disclose any information including Customer Data or Confidential Information to competent public authorities upon request.

8. Payment

Fees. Customer will pay InContexto all applicable Fees, in the currency and pursuant to the payment terms indicated by InContexto. Customer authorizes InContexto, to charge Customer for all applicable Fees using Customer’s selected payment method, and Customer will issue the required purchasing documentation. Fees are non-refundable except as otherwise specifically permitted in the Agreement.

Payment. Customer will pay InContexto invoices on the payment interval set by InContexto. InContexto may suspend or terminate the Services if Fees are past due. Customer will provide complete and accurate billing and contact information to InContexto or to Customer’s reseller. Primary payments are accepted via credit cards. Alternative payment methods may be offered based on the capabilities of the designated Merchant of Record, Paddle.

Auto-renewal. If the Customer has already provided a payment method for Payment of Fees, and the Customer’s Account is set to Auto-Renewal, InContexto will automatically charge the Fees at the end of every month or according to any other Payment Terms agreed.

Subscription Model. The service operates under a subscription model, which may include monthly, annual, or other periodic frequencies. Some offerings may also feature trial periods.

Recurring Billing. Customers are subject to automatic billing in accordance with their selected subscription plan. It is imperative for Customers to maintain up-to-date payment information to prevent any disruption in service.

Refund Policy. Refunds are generally not granted for services rendered. Exceptions for refunds may be considered in cases of prolonged and significant technical disruptions preventing Customers from accessing or deriving substantial benefits from the core functionalities of the service, with minor or brief issues being excluded.

Price Changes. InContexto reserves the right to modify the pricing of the services with prior notification. Such price adjustments will apply to all customers from their subsequent billing period.

Cancellations. Customers have the option to terminate their subscription at any time. However, subscription cancellations become effective only at the conclusion of the Customers’s current billing cycle to ensure uninterrupted service until that time.

Failed Payments. In cases of repeated failed payment attempts, the Customer’s subscription will be transitioned to a “cancelled” status. The specific number of failed payment attempts leading to this action is not fixed and is at my discretion.

Taxes and Payment-related Concerns. All matters pertaining to taxation and other intricacies related to payments are competently handled by the designated Merchant of Record, which, in this scenario, is Paddle.

9. Suspension and deletion

Of Customer Accounts and Customer Data. If a Customer: (a) violates the Agreement; (b) uses the Services in a manner that InContexto reasonably believes will cause it liability, or in an illegal manner, then InContexto may suspend, delete or terminate the applicable Customer Account including any aspect of the Services and Customer Data.

Of the Services. InContexto may suspend Customer’s access to the Services if: (i) Customer’s account is overdue; or (ii) Customer has exceeded any Service Limits. InContexto may also suspend Customer’s access to the Services or remove Customer Data if it determines that: (a) Customer has breached any portion of this Agreement. InContexto will have no liability for taking action as permitted above. For the avoidance of doubt, Customer will remain responsible for payment of fees during any suspension period. However, unless this Agreement has been terminated, InContexto will cooperate with Customer to promptly restore access to the Services once it verifies that Customer has resolved the condition requiring suspension.

10. Intellectual Property Rights

Reservation of Rights. Except as expressly set forth herein, the Agreement does not grant: (a) InContexto any Intellectual Property Rights in Customer Data; or (b) Customer any Intellectual Property Rights in the Services or InContexto trademarks and brand features. For the sake of clarity, this also includes the InContexto software that powers it, logos, trademarks, graphics, and other branded elements. Unauthorized use, reproduction, or distribution of any of this content is strictly prohibited. Customer acknowledges that it is obtaining only a limited right to use the Services and that irrespective of any use of the words “purchase”, “sale” or similar terms, no ownership rights are transferred to Customer under this Agreement.

Limited Permission. Customer grants InContexto only the limited rights that are reasonably necessary for InContexto to deliver the Services. This limited permission also extends to Subcontractors or Data Processors.

Feedback. InContexto may use, modify, and incorporate into its products and services, license and sublicense, any Feedback that Customer or End Users may provide without any obligation to Customer. Customer agrees to: (i) and hereby does, assign to InContexto all right, title, and interest in any Feedback; and (ii) provide InContexto any reasonable assistance necessary to document and maintain InContexto’s rights in the Feedback. For all inquiries, feedback, concerns, and official correspondence, please reach out to contact@incontexto.com

11. Term and Termination

Agreement Term. The Agreement will remain in effect for the Term.

Termination. InContexto may terminate the Agreement if: (i) the other Party is in material breach of the Agreement and fails to cure that breach within thirty days after receipt of written notice; or (ii) the other Party ceases its business operations or becomes subject to insolvency proceedings and the proceedings are not dismissed within ninety days. InContexto may terminate this Agreement and suspend Customer’s access to the Services if required to do so by law or for an egregious violation by Customer. The Customer may terminate the Agreement giving InContexto 30 days’ notice in writing.

Effects of Termination. If the Agreement terminates:

  1. except as set forth in this Section, the rights and licenses granted by InContexto to Customer will cease immediately;
  2. InContexto will delete any Customer Accounts and Stored Data in Customer’s account.

12. Indemnification

By Customer. Customer will indemnify defend and hold InContexto harmless from and against all liabilities, damages, and costs (including settlement costs and reasonable lawyer fees) arising out of any Claim against InContexto and its Affiliates regarding:

  1. Customer Data;
  2. Customer’s use of the Services in violation of the Agreement.

13. Disclaimers and Limitations

General. The services, software, and any related documentation are provided “as is” and on an “as available” basis. To the fullest extent permitted by law, except as expressly stated in the agreement, InContexto and its affiliates, suppliers, and distributors make no warranty of any kind, whether express, implied, statutory, or otherwise, including warranties of merchantability, fitness for a particular use, or non-infringement. InContexto makes no representation, warranty, or guarantee that services will meet Customer’s requirements or expectations, that customer data will be accurate, complete, or preserved without loss, or that the services will be timely, uninterrupted, or error-free. InContexto will not be responsible or liable in any manner for any customer properties, Customer Data, third-party products, third-party content, or non-InContexto services (including for any delays, interruptions, transmission errors, security failures, and other problems caused by these items). Customer is responsible for using the services or software in accordance with the terms set forth herein and backing up any stored data on the services.

Limitation of Liability. To the fullest extent permitted by law, InContexto and its affiliates, suppliers, and distributors will not be liable under the agreement for (i) indirect, special, incidental, consequential, exemplary, or punitive damages, or (ii) loss of use, data, business, revenues, or profits (in each case whether direct or indirect), even if the party knew or should have known that such damages were possible and even if a remedy fails of its essential purpose. To the fullest extent permitted by law, InContexto’s aggregate liability under the agreement will not exceed the amount paid by Customer to InContexto hereunder during the six months prior to the event giving rise to liability.

14. Miscellaneous

Governing Law. This Agreement and any dispute or claim (including non-contractual disputes or claims) arising out of or in connection with it or its subject matter or formation shall be governed by and construed in accordance with the laws of Poland.

Jurisdiction. Any disputes arising out of or related to this Agreement shall be finally settled under the Arbitration Rules of the Court of Arbitration at the Polish Chamber of Commerce in Warsaw in force on the date of commencement of the proceeding by an arbitrator or arbitrators appointed in accordance with the said Rules.

Severability. If any provision or part-provision of this Agreement is or becomes invalid, illegal or unenforceable, it shall be deemed deleted, but that shall not affect the validity and enforceability of the rest of this Agreement.

Notices. Any notice or other communication given to a party under or in connection with this Agreement or its Schedules shall be in writing. Writing includes email.

Electronic Signature. This Agreement may be electronically signed.

Assignment. Customer may not assign or transfer the Agreement or any rights or obligations under the Agreement.

No Agency relationship. InContexto and Customer are independent contractors.

Subcontracting. Customer consents to InContexto ‘s appointment of Subcontractors, including processors, to perform the Services. InContexto will remain liable for all acts or omissions of its Subcontractors or Data Processors, and for any subcontracted obligations.

Force Majeure. Except for payment obligations, neither InContexto nor Customer will be liable for inadequate performance to the extent caused by a condition that was beyond the Party’s reasonable control (for example, natural disaster, act of war or terrorism, riot, labour condition, governmental action, and Internet disturbance).

Appendix A: Data Processing Agreement

Agreement entered into on whose provisions come into effect fully on the date of the electronic signature by both Parties identified below, between:
 
PARTIES
 
Customer (hereinafter the “Data Controller”)
 
and
 
InContexto (hereinafter referred to as the “Data Processor” or “Processor”)
 
The Data Controller and the Data Processor are individually referred to as a “Party” and collectively referred to as the “Parties”.
 
BACKGROUND
 

Whereas:

  1. The Data Processor provides Services to the Data Controller as part of their contractual relationship regulated by the TOU Agreement, (hereinafter referred to as the ‘TOU’) which currently governs their relationship including that related to the protection and management of data.
  2. In providing the Services, the Data Processor may collect, use or otherwise process Personal Data sourced from the Data Controller within the meaning of Data Protection Laws.
  3. The Parties are aware that Regulation (EU) 2016/679 of the European Parliament and of the Council of the 27th of April 2016 on the protection of natural persons with regard to the processing of Personal Data and on the free movement of such data (General Data Protection Regulation), hereinafter referred to a GDPR, is the new global bar for privacy rights, security and compliance, entering into force on May 25 2018.
  4. The Parties agree to enter into this Data Processing Agreement, hereinafter referred to as the DPA, which regulates the data protection obligations of the Parties when processing Personal Data and governs the relationship between the Parties in respect of the processing of Personal Data, and this in order to ensure compliance with the GDPR and other applicable law.
  5. The conditions contained within this DPA supplement any TOU in respect of the aspects related to the processing of data and supersede any provisions of the Principal Agreement in the event of a conflict.
  6. Any terms not defined in this DPA shall have the meaning set forth in the TOU.

NOW THEREFORE BOTH PARTIES AGREE AS FOLLOWS:

DEFINITIONS

  1. The following definitions and rules of interpretation apply within this agreement:
    Anonymous Data” means Personal Data that has been processed in such a manner that it can no longer be attributed to an identified or identifiable natural person.
  2. The terms “Data Controller”, “Data Subject”, “Personal Data Breach”, “Data Processor”, “Consent”, “Third Party” shall have the same meaning given to these terms in the GDPR.
    Data Protection Officer” means the person nominated from time to time to hold the responsibility within Data Processor related to the protection of data, if and where applicable.
    EEA” means, for the purposes of this DPA, the European Economic Area and Switzerland.
    Effective Date” means the effective date of this Data Processing Agreement shall be the date at which this Agreement has been accepted by both Parties, whichever is the earlier.
    Instruction” means a direction or request for action, either in writing, in textual form (e.g. by email) or by using a software or online tool, issued by the Data Controller to the Data Processor and directing the Data Processor to perform an action with regard to Personal Data, including but not limited to the correction, blocking and deletion of Personal Data, which instruction may thereafter be amended, supplemented or replaced by the Data Controller by separate written or text form instruction.
    Legitimate Business Interest” means a reason that enables the Processing of Personal Data which is necessary for the performance of a contract or provision of an agreed Service.
    Services” means any product or service provided by the Data Processor to the Data Controller pursuant to the TOU.
    Special Categories of Personal Data” mean Personal Data which reveals:
    – Racial or ethnic origin;
    – Political opinions;
    – Religious
    – Philosophical beliefs
    – Trade union membership;
    – Genetic data;
    – Biometric data;
    – Data concerning Health;
    – Data concerning Sex Life;
    – Data concerning Sexual Orientation.
    Standard Contractual Clauses” means the standard contractual clauses set forth in EU Commission Implementing Decision (EU) 2021/914 of 4 June 2021 as may be amended or superseded from time to time;
    Subprocessor” means any person (including any third party but excluding an employee of the Data Processor) engaged by the Data Processor to assist in fulfilling its obligations with respect to its obligations pursuant to this DPA.
    Supervisory Authority” shall mean the relevant supervisory authority with responsibility for privacy or data protection matters in the jurisdiction in which the Personal Data subject to this DPA agreement is held.
    Technical and Organisational Measures” means those measures aimed at protecting Personal Data against accidental or unlawful destruction or accidental loss, alteration, unauthorised disclosure or access, in particular where the processing involves the transmission of data over a network, and against all other unlawful forms of processing, such measures being appropriate to the risks involved.
    Third Party” means an individual or corporate entity other than the Parties.
  3. This DPA covers all Affiliates of the respective Party.
  4. References to clauses and schedules are to the clauses and schedules of this DPA; references to paragraphs are to paragraphs of the relevant schedule to this DPA.
  5. The heads given to any Clause, schedule or paragraph shall not affect the interpretation of this DPA.
  6. A person includes an individual, corporate, or unincorporated body (whether or not having separate legal personality) and that person’s legal and personal representatives, successors or permitted assigns.
  7. A reference to a company shall include any company, corporation or other body corporate, wherever and however incorporated or established.
  8. Words in the singular shall include the plural and vice versa.
  9. A reference to one gender shall include a reference to the other genders.
  10. The word “include” shall be construed to mean include without limitation.
  11. A reference to a statute or statutory provision is a reference to it as it is in force for the time being, taking account of any amendment, extension, or reenactment and includes any subordinate legislation for the time being in force made under it.
  12. A reference to writing or written shall be in the form of either a letter or email.
  13. The language of this Agreement shall be the English language and for the purposes of interpretation, the provisions as they are stated in English shall be those which are considered binding.


TERM

  1. This DPA shall commence on the Effective Date and shall continue throughout the entire duration of any applicable, valid agreement covering the provision of Services which is still in force between the Data Controller and the Data Processor.
  2. Except for the changes made by this DPA, the TOU remains unchanged and in full force and effect. If there is any conflict between this DPA and the Agreement, this DPA shall prevail to the extent of that conflict.


TYPE AND PURPOSE OF USE OF DATA

  1. The Data Processor agrees to Process the Personal Data held by the Data Controller only on documented instructions of the Data Controller, as set out within the TOU, unless required to do so by European Union or Polish law to which the Data Processor is subject. In this case, the Data Processor shall inform the Data Controller of that legal requirement before processing, unless the law prohibits this on important grounds of public interest.
  2. The Data Processor shall immediately inform the Data Controller if, in the Data Processor’s opinion, instructions given by the Data Controller infringe applicable European Union or Polish legal data protection provisions.
  3. The Data Controller agrees that the Data Processor’s Authorised Employees shall be granted access by the Data Controller to such Personal Data in the course of the provision of the Services and, in so doing take on the role of persons acting under the authority of the Data Processor.
  4. Personal Data shall only be processed for the purposes listed in this DPA and shall not be further processed in a manner that is incompatible with those purposes.

PROCESSING OF PERSONAL DATA

  1. The Data Controller is solely responsible for the accuracy, quality and legality of:
    – the Personal Data provided to the Data Processor by or on behalf of the Data Controller,
    – the means by which the Data Controller has acquired any such Personal Data, and
    – the Instructions it provides to the Data Processor regarding the Processing of such Personal Data.
  2. The Data Controller shall not provide or make available to Processor any Personal Data in violation of the DPA or otherwise inappropriate for the nature of the Services, and shall indemnify Processor from all claims and losses in connection therewith.


DATA RETENTION

  1. Personal Data will be retained by the Data Processor in accordance with the Data Retention Policy of the Data Processor applicable at the time, a copy of which can be made available to the Controller, upon request.
  2. The Data Processor shall hold the Controller’s Personal Data only as long as is necessary to provide the Services, including administration, accounting, marketing and reporting in the context of a Legitimate Business Interest, and subject to:
    – the rights of a Data Subject in terms of the Data Protection Law, such as requests for data access or deletion;
    – any legal requirement for data retention as specified in any other law of Poland;
    – a request by an authorised Governmental or regulatory authority for an additional retention period.


DATA CONTROLLER’S OBLIGATIONS & RIGHTS

  1. The Data Controller shall be responsible for assessing whether Personal Data can be processed lawfully and for safeguarding the rights of the Data Subjects. The Data Controller shall ensure in its area of responsibility that the necessary legal requirements are so that the Processor can provide the agreed services in a way that does not violate any legal regulations.


DATA PROCESSOR’S OBLIGATIONS

  1. In fulfilling its obligations, the Data Processor shall:
    – Ensure that persons authorised to Process the Personal Data (including but not limited to the Data Processor’s Authorised Employees) have committed themselves to confidentiality or are under an appropriate statutory obligation of confidentiality and that the said confidentiality obligations are effectively implemented and enforced;
    – Not engage any SubProcessors to perform any processing of Personal Data, except for the current SubProcessors listed in the Schedule A to this DPA, without informing the Controller of any intended changes concerning the addition or replacement of other processors, thereby giving the Controller the opportunity to object and terminate their Service;
    – Where the Data Processor engages a SubProcessor for carrying out specific processing activities on behalf of the Controller, it shall do so by way of a contract which imposes on the SubProcessor the same data protection obligations set out in this DPA;
    – Where that SubProcessor fails to fulfil its data protection obligations, the Data Processor shall remain fully liable to the Data Controller for the performance of that SubProcessor’s obligations and for any breach of this DPA, and shall notify the Data Controller of any failure by the SubProcessor to fulfil its contractual obligations;
    – Assist the Data Controller, by way of appropriate Technical and Organisational Measures, insofar as this is possible, for the fulfilment of the Controller’s obligation to respond to requests for exercising the Data Subject’s rights laid down in Chapter III of the GDPR, taking into account the nature of the processing;
    – Inform the Data Controller of any Personal Data Breach (including any suspected Personal Data Breach) that the Data Processor becomes aware of, irrespective of whether or not the Personal Data Breach was caused directly or indirectly by the Data Processor;
    – At the choice of the Data Controller, delete or return all the Personal Data to the Controller after the end of the provision of services relating to processing in terms of the DPA, and delete existing copies unless EU or Polish law requires storage of the Personal Data;
    – Make available to the Data Controller all reasonable information necessary to demonstrate compliance with the obligations laid down in this DPA;
    – Carry out regular tests and self-audits ensuring that the processing of the Data Controller’s Personal Data conforms with the provisions of this DPA;
    – Allow for and contribute to reasonable audits, including inspections, conducted by the Data Controller or another auditor mandated by the Data Controller for the purpose of and to the extent required for verifying whether the Data Processor complies with Data Protection Laws and the contractually agreed measures in this DPA;
    – Inform the Data Controller, as soon as possible, in text form (including by email) of any requests from any third parties (including the concerned Data Subjects or from a Supervisory Authority) in any way relating to the Data Controller‘s Personal Data. In case the Data Processor receives any Data Subject access requests and/or any other claims on the basis of any rights under Data Protection Law in connection with the Personal Data covered by this DPA, the Data Processor shall refer the concerned data subject directly to the Controller.


SUBPROCESSORS

  1. The Data Controller acknowledges, agrees and is hereby providing a general written authorisation allowing the Processor to engage SubProcessors to access and Process Personal Data in connection with the Services and solely on the instructions of the Data Processor in line with Article 28 GDPR.
  2. A list of the Data Processor’s current SubProcessors is listed in Schedule A of this DPA.
  3. In line with the same Article 28, GDPR, at least ten (10) days before instructing any Third Party, other than the current SubProcessors, to access or participate in the Processing of Personal Data as SubProcessors, the Data Processor will notify the Data Controller of such a change and:
    – Should the Data Controller object, Data Processor warrants to allow the Controller to terminate its use of the Services without loss as long as this is done within ten (10) days of receipt by Controller of the aforementioned notice;
    – Termination shall not relieve Data Controller of any fees previously owed to Data Processor under the TOU or any other Agreement signed between the Parties.
    – If the Data Controller does not object to the engagement of a SubProcessor in accordance with this Section of the DPA within ten (10) days of notice by the Data Processor, such Third Party will be deemed a SubProcessor for the purposes of this DPA.
  4. In any case, the objection by the Data Controller to the engagement of a potential SubProcessor shall be based on reasonable grounds relating to data protection.
  5. The Data Processor shall, through implementation of a contract with the SubProcessor, ensure that every SubProcessor is subject to obligations regarding the Processing of Personal Data that are equal to, and no less onerous than, those to which the Data Processor is subject under this DPA.
  6. At the Data Controller’s request, the Data Processor shall provide a copy of the agreement in place with the SubProcessor and any subsequent amendments to the Data Controller. To the extent necessary to protect business secrets or other confidential information, including personal data, the Data Processor may redact the text of the agreement prior to sharing the copy of the same.
  7. The Data Processor shall agree a third-party beneficiary clause within the agreement with the SubProcessor whereby – in the event that the Data Processor has factually disappeared, ceased to exist in law or has become insolvent – the Data Controller shall have the right to terminate the SubProcessor contract and to instruct the SubProcessor to erase or return the Personal Data.


RIGHTS OF DATA SUBJECTS

  1. The Parties recognize and acknowledge the rights of Data Subjects to their Personal Data as defined within Data Protection Law including rights of access, rectification, restriction of Processing, erasure, data portability, restriction or cessation of Processing, withdrawal of consent to Processing, and/or objection (such requests individually and collectively “Data Subject Request(s)”).
  2. The Data Processor shall, to the extent permitted by law, promptly notify the Controller upon receipt of a request by a Data Subject to exercise any of these Data Subject’s rights.
  3. The Data Processor shall, at the request of the Controller, and taking into account the nature of the Processing applicable to any Data Subject request, apply appropriate Technical and Organisational Measures to assist the Controller in complying with the Controller’s obligation to respond to such Data Subject Request and/or in demonstrating such compliance, where possible, provided that:
    – The Controller is itself unable to respond without the Data Processor’s assistance and
    – The Data Processor is able to do so in accordance with all applicable laws, rules, and regulations.


TRANSFERRING DATA OUTSIDE THE EEA

  1. The Data Processor is located within the European Economic Area (EEA), and shall endeavour to process the Data Controller’s Personal Data within the EEA. The Data Controller however authorises the storage of Personal Data to locations outside of the EEA.
  2. Where the Personal Data is processed by the Data Processor and/or SubProcessors in a manner which constitutes a transfer in accordance with the terms of the GDPR, the Data Processor shall ensure that such transfer of data to a third country or an international organisation shall be done only on the basis of documented instructions from the Data Controller or in order to fulfil a specific requirement under EU or Polish law to which the Data Processor is subject.
  3. The Data Controller agrees that where the Data Processor engages a SubProcessor in accordance with Clause 8, for carrying out specific processing activities on behalf of the Data Controller, and those processing activities involve a transfer of Personal Data outside of the EEA, the Data Processor and SubProcessor shall ensure compliance with the provisions of the GDPR by using Standard Contractual Clauses, provided the conditions for the use of those Standard Contractual Clauses are met.
  4. Where the Data Processor effects a data transfer outside the EEA in accordance with Clause 10.2, the Data Processor binds itself that this Personal Data will be stored and processed in conformity with Data Protection Laws and that all appropriate Technical and Organisational Measures are taken by the Data Processor and its SubProcessors, if any, to ensure that data protection obligations at least as onerous as those set out in this DPA shall be imposed on that Sub Processor.


THIRD-PARTY REQUESTS FOR DISCLOSURE OF PERSONAL DATA

  1. Unless prohibited by applicable law, the Data Processor shall promptly notify the Data Controller of:
    – Any request for the transfer of Personal Data covered by the DPA, by any governmental, regulatory, Supervisory Authority;
    – Any request for access received directly from a Third Party;
    – Any requirement by law, court order, warrant, subpoena, or other legal judicial process to disclose any Personal Data to any person or entity other than the Controller.
  2. The Data Processor shall provide all reasonable assistance to the Data Controller, to enable the Data Controller to respond, object or challenge any such demands, inquiries, communications, requests, or complaints and to meet applicable statutory or regulatory deadlines.


SECURITY

  1. Taking into account the state of the art, the costs of implementation and the nature, scope, context and purposes of Processing as well as the risk of varying likelihood and severity for the rights and freedoms of natural persons, the Data Processor shall implement appropriate Technical and Organisational Measures to protect any Personal Data that may be processed on behalf of the Data Controller against accidental destruction or loss or unlawful forms of processing.
  2. The Data Controller is responsible for reviewing the information made available by the Data Processor relating to data security and making and independent determination as to whether the Measures meet the Data Controller’s requirements and legal obligations under Data Protection Laws. The Data Controller acknowledges that the Technical and Organisational Measures are subject to technical progress and development and that the Data Processor may update or modify the Technical and Organisational Measures it has in place provided that such updates and modifications do not result in the degradation of the overall security of the Services.
  3. The Data Processor shall keep the Data Controller’s Personal Data logically separate to Personal Data Processed on behalf of any other Third Party or its own behalf.


RELIABILITY OF PERSONNEL

  1. The Parties shall take all reasonable steps to ensure the reliability of any Authorized Employees and staff of SubProcessors who may have access to the Data Controller’s Personal Data, ensuring in each case that access is limited to those individuals who need to know and to access the relevant Personal Data, as necessary for the purposes of the TOU.
  2. The Data Processor shall ensure that all Authorized Employees and SubProcessors are made aware of the confidential nature of the Personal Data and have executed confidentiality agreements that prevent them from disclosing or otherwise Processing, both during and after their engagement with the Data Processor, any Personal Data except in accordance with their obligations in connection with the Services and as may be enforced by relevant laws.


PERSONAL DATA BREACH AND NOTIFICATION

  1. In the event of a Personal Data Breach, the Data Processor shall cooperate with and assist the Data Controller for the Data Controller to comply with its obligations as arising under the GDPR.
  2. In the event of a Personal Data Breach concerning Personal Data processed by the Data Controller, the Data Controller shall agree to inform the Data Processor in writing upon it becoming aware of any Personal Data Breach within 72 hours, and the Data Processor shall assist the Data Controller in notifying the Personal Data Breach to the relevant Supervisory Authority.
  3. In the event of a Personal Data Breach concerning Personal Data processed by the Data Processor, the Data Processor shall without undue delay inform the Controller in writing upon it or any SubProcessor becoming aware of any Personal Data Breach.
  4. The notification as considered in Clause 14.3 shall include:
    – a detailed description of the Personal Data Breach;
    – the type of data that was the subject of the Personal Data Breach;
    – the identity of each affected person (or, where not possible, the approximate number of Data Subjects and of Personal Data records concerned);
    – the name and contact details of the Data Processor’s Data Protection Officer, where applicable, or other point of contact where more information can be obtained;
    – a description of the likely consequences of the Personal Data Breach;
    – a description of the measures taken or proposed to be taken by the Data Processor to address the Data Breach, including, where appropriate, measures to mitigate its possible adverse effects;
  5. The Data Processor agrees to provide the Controller with any and all information reasonably necessary for the compliance with the Controller’s own obligations pursuant to the GDPR.
  6. The Data Processor agrees to cooperate with the Controller or their representatives and take such reasonable commercial steps to assist in the investigation, mitigation, and remediation of each such Personal Data Breach.
  7. The Parties shall not release or publish any filing, communication, notice, press release, or report concerning any Personal Data Breach without the other Party’s written approval.


MODIFICATIONS & NOTICES

  1. Notices sent in pursuit of this DPA are to be effected in writing, sent to the official place of business of the Party concerned or to its then current registered office address, or via email addressed to the principle contact of record for the Data Controller.
  2. The Parties undertake to keep each other informed of any change in the contact details of the person to whom notices are to be sent.


NONCOMPLIANCE & TERMINATION

  1. In the event that the Data Processor is in breach of its obligations under this DPA, the Data Controller may instruct the Data Processor to suspend the processing of the Personal Data until the latter complies with the Clauses of this DPA or the DPA is terminated. The Data Processor shall promptly inform the Data Controller in case it is unable to comply with the Clauses of this DPA, for whatever reason.
  2. The Data Controller shall be entitled to terminate the DPA insofar as it concerns the processing of personal data in accordance with these Clauses if:
    – The processing of Personal Data by the Data Processor has been suspended by the Data Controller pursuant to Clause 16.1. and if compliance with these Clauses is not restored within a reasonable time and in any event within one month following suspension;
    – The Data Processor is in substantial or persistent breach of these Clauses or its obligations under the GDPR;
    – The Data Processor fails to comply with a binding decision of a competent court or the competent supervisory authority/ies regarding its obligations pursuant to these Clauses or the GDPR.
  3. The Data Processor shall be entitled to terminate the DPA insofar as it concerns processing of personal data under these Clauses where, after having informed the Data Controller that its instructions infringe applicable legal requirements in accordance with Clause 3.2, the Data Controller insists on compliance with the instructions. On termination of the Services or termination of the DPA in accordance with Clause 16, the Data Processor shall:
    – Upon the Data Controller’s request, furnish the Data Controller with all of the Data Controller’s Personal Data under its control in a format priorly agreed by the Parties which is appropriate to facilitate its use by the Data Controller
    – Subject to the then applicable data retention policy, securely delete any of the Data Controller’s Personal Data in its possession.


FORCE MAJEURE

  1. The Parties shall have no liability to each other under this DPA if they are prevented from or delayed in performing their obligations under this Agreement, or from carrying on their business, by acts, events, omissions or accidents beyond their reasonable control, including, without limitation, strikes, lockouts or other industrial disputes, failure of a utility service or transport or telecommunications network, act of God, war, riot, civil commotion, malicious damage, compliance with any law or governmental order, rule, regulation or direction, accident, breakdown of plant or machinery, fire, flood, storm or default of suppliers or subcontractors, provided that the other Party is notified of such an event and its expected duration.


WAIVER

  1. A waiver of any right under this DPA is only effective if it is in writing and it applies only to the Party to whom the waiver is addressed and to the circumstances for which it is given.
  2. Unless specifically provided otherwise, rights arising under this DPA are cumulative and do not exclude rights provided by law.


SEVERANCE

  1. If any provision (or part of a provision) of this DPA is found by any court or administrative body of competent jurisdiction to be invalid, unenforceable, or illegal, the other provisions shall remain in force.
  2. If any invalid, unenforceable or illegal provision would be valid, enforceable or legal if some part of it were deleted, the provision shall apply with whatever modification is necessary to give effect to the commercial intention of the Parties.


GOVERNING LAW, JURISDICTION AND DISPUTE RESOLUTION

  1. This DPA and any disputes or claims arising out of or in connection with it or its subject matter or formation (including noncontractual disputes or claims) are governed by, and construed in accordance with, the laws of Poland.
  2. Any disputes arising out of or related to this Agreement shall be finally settled under the Arbitration Rules of the Court of Arbitration at the Polish Chamber of Commerce in Warsaw in force on the date of commencement of the proceeding by an arbitrator or arbitrators appointed in accordance with the said Rules.

SCHEDULE A

SUBPROCESSORS

The table below defines a list of SubProcessors.

Name

Nature of Services SubContracted

Google Cloud Platform

Data storage, database hosting, container hosting, logging services, load balancers.

Amazon Cognito

Manages user authentication and collects account details.

Paddle

Oversees payment processing, capturing all payment and billing details.

© 2024 InContexto.com