Updated: 2023-06-22
These General Terms of Use govern all of the different uses of the Platform and have purpose of defining the rights and obligations in the context of the use of the Platform. These terms are supplemented by the Agreement defining use of the Services.
Any use whatsoever of the Platform entails compulsory acceptance by you (the Client) without reservation of these General Terms of Use.
1. Definitions.
The terms listed hereinafter shall have, in the context of these General Terms of Use, the following definitions:
- Account means account created on the Platform by Mainlink in the interests of the Client following procedure under these General Terms of Use and controlled by a Primary User with dedicated rights of administrator, also created by Mainlink.
- Agreement means License Agreement, all attachments to it, these General Terms of Use, Data Processing Agreement and Privacy Policy between the Client and Mainlink for the provision of and access to the Services.
- Client means a party which has subscribed to one of the Services offered by Mainlink under the Agreement.
- Cloud Infrastructure means the licensed software, and the computing, storage, networking and other hardware and software infrastructure used in providing the Services.
- Datasets means different data files transmitted to the Platform and used within the Services.
- Intellectual Property Rights means all patents, rights to inventions, utility models, copyright and related rights, trademarks, service marks, trade, business and domain names, rights in trade dress or get-up, rights in goodwill or to sue for passing off, unfair competition rights, rights in designs, rights in computer software, database rights, semi-conductor topography rights, moral rights, rights in confidential information (including know-how and trade secrets) and any other intellectual property rights, in each case whether registered or unregistered and including all applications for and renewals or extensions of such rights, and all similar or equivalent rights or forms of protection in any part of the world.
- Platform means cloud platform (Mainhive) offered byMainlink utilizing smart tech aimed at secure data collection and implementation of automatization.
- Primary User means a person who is duly authorized by the Client to act as a representative of the Client on the Account with the rights of administrator.
- Services means Subscription to the Platform for specific period as specified in detail in respective Agreement.
- Subcontractor means any person or business entity that contracts to perform part or all of the obligations of Mainlink.
- Subscription means non-exclusive, non-transferable right to access and use of the Services, as ordered by the Client, subject to the Agreement.
- Third Party License means licenses from third parties governing third party software embedded or used in the Platform.
- User means individual with permission obtained by the Primary User to access and use the Services within the defined and assigned limits.
2. Provision of the Services.
2.1. The Platform shall be accessed through an active internet connection. The Client shall be fully responsible for its information technology infrastructure used internally, whether operated directly by the Client or through the use of third-party services, which may involve third-party fees (such as internet service provider charges), as well as for all equipment necessary to access the Platform, e.g. computer, internet modem, etc. In addition, in case of using third-party services, the Client shall retain sole responsibility for complying with any third-party provider terms, including its privacy policy.
2.2. Mainlink, at its absolute discretion, may engage a Subcontractor to perform some or all of the obligations of Mainlink under this Agreement and in that case shall be fully responsible for work done by its Subcontractors within the scope of this Agreement as it is work done by its own employees.
2.3. The Services may include certain components and/or technology, developed and owned by the third parties, which are governed by license agreements executed between Mainlink and the respective third party owners. Use of such components and/or technology by the Client shall be governed by such Third Party License terms specifically identified in Annex 1.
2.4. The Platform is designed to be available 24/7, except in cases of force majeure, technical incidents or interventions made necessary for the proper functioning of the Services. Mainlink shall reserve a right at any time and from time to time to update, develop, modify, temporarily or permanently, the Services at its sole discretion. Whenever reasonably practicable, Mainlink shall provide the Client with advance notice of such maintenance. The Client shall acknowledge that, from time to time, Mainlink may need to perform emergency maintenance without providing the Client advance notice, during which time Mainlink may temporarily suspend the Client’s access to, and use of, the Services.
3 Registration procedure.
3.1. Once the Agreement is signed, Mainlink shall create the Account and appoint the Primary User in accordance with the Client’s instructions.
3.2. In order to complete registration procedure on the Platform, the Primary User shall receive email notification from Mainlink to complete a sign-up form. Upon completing the registration process, the Primary User shall receive the email confirming successful registration to the Platform.
3.3. The Primary User shall be responsible for the assignment of other Client’s Users to the Account. Once the Primary User is fully registered to the Platform, it shall acquire a right to permit additional Users to access and use the Services, grant them authorizations and assign activities within the limits strictly specified, if any. In order to enable additional Users to access and use the Services, the Primary User shall send notification to each of them requesting to complete the sign-up form. Upon completing the registration process, each additional User shall receive the email confirming successful registration to the Platform.
3.4. The information requested during the registration process is subject to the Privacy Policy, which is incorporated by reference herein in its entirety.
3.5. Upon completing the registration process and depending on the need, the Users shall be able to use the same login credentials or create individual ones.
3.6. The Client, Primary User and each other User are obliged to use reasonable means to protect the Account information, passwords and other login credentials and promptly notify Mainlink of any known or suspected unauthorized access or use of the Services. Under no circumstance shall Mainlink be held liable in the event that the Client is subject to identity theft or any User’s Account details are lost or otherwise made available to any third party.
3.7. The Primary User shall be responsible for removing additionally added Users from the Platform, when necessary.
3.8. The Account of the Client shall be deactivated once the Agreement is terminated. Mainlink shall proceed as swiftly as possible to deactivate the Account and shall send to the Client the email confirming the closure of its Account. All data (Datasets, etc.) related to respective Account shall be stored as agreed in Data Processing Agreement (Annex 2) or defined in the Privacy Policy.
4. General responsibilities of the Client.
4.1. The Client acknowledges that its access and use of the Services on the Platform shall be cloud based, or web based, only, and that no software shall be installed on any servers or other computer equipment owned.
4.2. The Client shall not use the Services for or upload to the Platform anything unlawful, misleading, malicious or discriminatory. The Client shall not upload, post, reproduce or distribute any information, software or other material protected by copyright, privacy rights, or any other Intellectual Property Rights without first obtaining the permission of the owner of such rights.
4.3. The Client shall not perform or attempt to perform any actions that would interfere with the proper working of Cloud Infrastructure, Platform and Services.
4.4. The Client shall not transfer, sell, license, sublicense or make the functionality of any Services available to any third party; shall not remove, modify or conceal any Services identification, copyright, proprietary, intellectual property notices or other marks; shall not reverse engineer, decompile, decrypt, disassemble, modify or make derivative works of the Services; shall not use the Services in order to build a competitive product or services.
4.5. The Client shall have sole and full responsibility for the accuracy, quality, integrity, legality, reliability, appropriateness, and Intellectual Property Rights or right to use the Datasets transmitted to the Account. The Client grants to Mainlink a non-exclusive, worldwide, royalty-free license to store, record, transmit, maintain, use, copy, perform and display the Datasets to the extent reasonably necessary to carry out its obligations under Agreement.
4.6. The Client shall be fully responsible for the activity that occurs under its Account and for Primary User and each Users’ compliance with Agreement.
5. Representations and warranties.
5.1. Neither Mainlink nor any of its licensors or other suppliers warrant or guarantee that operation of the Services shall be uninterrupted, virus-free or error-free, nor shall Mainlink or any of its Subcontractors be liable for unauthorized alteration, theft or destruction of the Client’s data (Datasets, etc.) contained.
5.2. The Client acknowledges that Mainlink does not control the transfer of data over communications facilities, including the internet, and that the Services may be subject to limitations, delays and other problems inherent in the use of such communications facilities. Mainlink shall not be responsible for any delays, delivery failures or other damage resulting from such problems. Mainlink expressly disclaims all other representations or warranties, whether express, implied or statutory, regarding the Services, including any warranties of merchantability, title, fitness for a particular purpose and infringement. No representation or other affirmation of fact, regarding the Services shall be deemed a warranty for any purpose or give rise to any liability of Mainlink whatsoever. The Client acknowledges that it has relied on no warranties other than the express warranty in these General Terms of Use.
6. Limitation of liability.
6.1. Except for payment obligations, neither party shall be responsible for failure to perform its obligations due to an event or circumstances beyond its reasonable control (force majeure).
6.2. Mainlink’s entire liability for all claims related to the Agreement shall not exceed the amount of any actual direct damages incurred by the Client limited to the amount paid (if recurring charges, limited to 12 months’ charges) for the Service that is subject of the claim, regardless of the basis of the claim, except damages that cannot be limited under applicable laws. Mainlink shall not be liable for special, incidental, exemplary, indirect or economic consequential damages, or lost profits, business, value, revenue, goodwill or anticipated savings. These limitations apply collectively to the Mainlink, its affiliates, contractors, sub-processors, suppliers.
6.3. The Client is solely responsible for its use of any data published on the Platform using the Account. Mainlink shall not be held liable for any damage caused by the use of all or part of the data published on the Platform by the Client.
7. Indemnification.
7.1. The Client shall defend any action or proceeding against, as well as indemnify and hold Mainlink, its affiliates, officers, directors, employees, agents, legal representatives, licensors, subsidiaries, joint ventures and suppliers, harmless from all liabilities, costs, expenses, damages and losses (including any direct, indirect or consequential losses, loss of profit, loss of reputation and all interest, penalties and legal and other professional costs and expenses), including reasonable attorneys’ fees, that may be incurred by any of them due to:
7.1.1. any breach (or, as to defense obligations only, alleged breach) by the Client of any term, condition, representation or warranty under the Agreement and/or the Third Party License;
7.1.2. gross negligence, willful misconduct or fraudulent actions of the Client;
7.1.3. any breach of the Agreement by the affiliates, employees, suppliers or contractors of the Client;
7.1.4. the Client’s violation of any rights, including data privacy and Intellectual Property Rights;
7.1.5. violation of any applicable laws, rules or regulations by the Client.
8. Intellectual property.
8.1. The Client acknowledges that Services are provided on a non-exclusive basis. Nothing shall be deemed to prevent or restrict Mainlink’s ability to provide the Services or other technology, including any features or functionality first developed for the Client, to other parties.
8.2. The Client acknowledges that all Intellectual Property Rights over and in respect of the Platform used for creation of Account by Mainlink and any developments or modifications thereof belong and shall belong to Mainlink and the Client shall have no rights in or to the Platform used for creation of Account by Mainlink and any developments or modifications thereof other than the right to use the Account in accordance with Agreement.
8.3. The Services contain proprietary and confidential information of Mainlink and its licensors. Except to the extent licenses are expressly granted hereunder, each party and each party’s licensors, respectively, retains all right, title and interest in and to all patent, trademark, trade secret rights, inventions, copyrights, know‑how and trade secrets in and to that party’s respective products and services. Mainlink retains all Intellectual Property Rights and interest in and to any work product created by Mainlink in the course of providing Services under the Agreement, and to all suggestions, ideas, enhancement requests, feedback, code, recommendations or other information provided by the Client or any third party relating to the Services.
8.4. Except for data (Datasets, etc.) published by the Client, it is noted that brands, logos, slogans, graphic elements, photographs, animations, videos, software, solutions, databases and texts created, published or recorded by Mainlink are the exclusive property of Mainlink, and therefore cannot be reproduced, used or represented without express prior authorization.
8.5. Notwithstanding anything to the contrary herein, Mainlink shall have the right to collect and analyze Datasets and other information relating to the provision, use and performance of various aspects of the Services (including, without limitation, information concerning Datasets and data derived therefrom), and Mainlink, during and after the term hereof, (i) shall be free to use such data to improve and enhance the Services and for other development, diagnostic, statistical and corrective purposes; and (ii) shall have the right to compile and sell to the public any and all data, including the results derived from analyzing Datasets, provided that such information and data is adequately masked and anonymized and does not identify Client, Primary User, Users or any person whose data Mainlink process as Clients’ data processer, as the case may be. Mainlink retains all Intellectual Property Rights in such information.
9. General terms.
9.1. Mainlink may, at its sole discretion, modify, update, add to, discontinue, remove or otherwise change these General Terms of Use at any time. Each such modification shall take immediate effect upon notification to the Client.
9.2. Mainlink may provide the Client with notices by email, updating its website or other reasonable means now known or hereinafter developed.
9.3. In the event of any difficulty of interpretation among any of the titles appearing in the article headings, and any one of the articles themselves, the titles shall be declared non-existent.
9.4. If any one of the stipulations of these General Terms of Use should be found to be null in the light of a legislative or regulatory provision in force and/or court decision with the authority of a final ruling, it shall be deemed unwritten, but this shall not in any way affect the validity of the other clauses, which shall remain fully applicable.
9.5.The Agreement shall be governed by, and construed in accordance with, the substantive laws of the Republic of Lithuania.
9.6. All disputes which might arise in connection with the Agreement which cannot be amicably resolved within thirty (30) calendar days after notification by one party to the other party – shall be finally settled by arbitration in the Vilnius Court of Commercial Arbitration in accordance with its Rules of Arbitration. The arbitral tribunal shall be composed of a sole arbitrator, unless agreed otherwise. The seat of arbitration shall be in Vilnius city, Lithuania. The language of the arbitration procedure shall be English. All procedural documents shall be served via parties‘ emails, indicated in the requisites.
Annex 1
List of applicable Third Party Licenses
- Power BI
- ArcGIS for PowerBI
- Apple app developer
- Android app developer
- AWS
- Azure
Annex 2
Data Processing Agreement
This Data Processing Agreement (“DPA”) reflects the agreement between you and Mainlink with respect to the terms governing the Processing of Personal Data subject to Data Protection Laws in connection with Mainlink’s provision of the Services to you, understanding that Mainlink, acting as a Data Processor, shall Process Personal Data of you, acting as a Data Controller.
Mainlink offers to the Client Services, part of which is a Platform utilizing smart tech aimed at secure data Processing. The Client by the usage of the Platform functionalities has the power, as Data Controller, to determine the purposes and means of Personal Data Processing.
The terms of DPA shall only apply to you in case of an active subscription to the Services offered by Mainlink under the Agreement and shall remain in force as long as you use Mainlink Services to Processes the Personal Data under the Agreement. By entering into the Agreement with Mainlink and/or by providing the Personal Data to Mainlink while using Services, you instruct Mainlink to process such Personal Data.
1. Definitions.
Agreement means the License Agreement, all attachments to it, General Terms of Use, this Data Processing Agreement and Privacy Policy between the Client (Data Controller) and Mainlink (Data Processor) for the provision of and access to the Services.
Data Controller means the Client that by the usage of the Services determines the purposes and means of the Processing of Personal Data.
Data Processor means Mainlink that offers Services allowing to Process Personal Data on behalf of the Data Controller.
Data Protection Laws means all mandatory laws applicable to the Processing of Personal Data under the Agreement, including without limitation to the EU Regulation 2016/679 “On the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation)” (“GDPR”).
Data Subject means a natural person to whom Personal Data relates.
Personal Data means any information about, or related to, an identifiable individual. It includes any information that can be linked to an individual or used to directly or indirectly identify an individual, natural person. In this DPA, “Personal Data” shall mean Personal Data controlled by the Data Controller.
Personal Data Breach means any breach of Personal Data security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, the Personal Data transmitted, stored or otherwise processed.
Process or Processing means, with respect to Personal Data, any operation or set of operations performed upon Personal Data or sets of Personal Data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
Services means services purchased by Data Controller under the Agreement.
Sub-processor means any third party data processor engaged by Data Processor who receives Personal Data from Data Processor for Processing on behalf of Data Controller and in accordance with Data Controller’s instructions (as communicated by Data Processor) and the terms of its written subcontract.
All capitalized terms not defined herein shall have the meanings given in the General Terms of Use.
2. Responsibilities.
2.1. Data Processor’s responsibilities:
2.1.1. to Process the Personal Data for the purposes and in the scope determined in Annex 1 to this DPA or Data Controller instructions provided by virtue of using the settings and other functionalities of the Platform only as necessary to perform the Data Processor’s obligations under the Agreement, in compliance with all applicable Data Protection Laws. Data Processor shall not accumulate nor make copies of the Data Controller’s Personal Data, unless it is necessary for the purposes discussed in this DPA and/ or in the Agreement or unless such data is anonymized or aggregated as per clause 8.3 of this DPA.
2.1.2. to promptly notify the Data Controller if the Data Processor reasonably believes that the Data Controller’s instructions are inconsistent with Data Protection Laws and in such event, the Data Processor is entitled to refuse Processing of Personal Data that it believes to be in violation of any law or regulation;
2.1.3. to implement and maintain appropriate technical and organizational measures to protect Personal Data against a Personal Data Breach, provided that such measures shall take into account the state of the art, the costs of implementation and the nature, scope, context and purposes of Processing, as well as the risk of varying likelihood and severity for the rights and freedoms of natural persons, so as to ensure a level of security appropriate to the risks represented by the Processing and the nature of the Personal Data to be protected;
2.1.4. to notify Data Controller without undue delay, but no later than within 24 (twenty-four) hours, after becoming aware of Personal Data Breach affecting Data Controller’s Personal Data and indicate (if allowed) the nature of the Personal Data Breach, the categories and approximate number of the Personal Data records affected by the Personal Data Breach, a name, surname and contact details of the person who is able to provide additional information. Also, Data Processor shall cooperate with Data Controller by taking such commercially reasonable steps as are directed by Data Controller to assist in the investigation, mitigation and remediation of any such Personal Data Breach under the applicable Data Protection Laws;
2.1.5. to assist Data Controller as reasonably needed to respond to requests from supervisory authorities, Data Subjects or others by providing information related to Data Processor’s Processing of Personal Data. In the event Data Processor receives such requests directly, it shall inform the Data Controller in a timely manner;
2.1.6. if required by Data Protection Laws, court order, subpoena, or other legal or judicial process to Process Personal Data other than in accordance with the Data Controller’s instructions, to notify the Data Controller of any such requirement before Processing the Personal Data (if possible);
2.1.7. to not lease, sell, distribute, or otherwise encumber Personal Data unless mutually agreed to by separate written agreement;
2.1.8. to provide such information and any other assistance within its powers as the Data Controller reasonably requests (taking into account the nature of Processing and the information reasonably available to the Data Processor) in relation to compliance by the Data Controller with its obligations under Data Protection Laws;
2.1.9. to take reasonable steps to ensure that access to the Personal Data by its employees and any Sub-processor is strictly limited to those individuals who need to know / access the relevant Personal Data, ensuring that all such individuals are subject to contractual confidentiality obligations.
2.2. Data Controller’s responsibilities:
The Data Controller shall ensure that its activities performed by using the Platform and/or the Services are in compliance with the Data Protection Laws applicable to the Data Controller. Without limiting the generality of the foregoing, the Data Controller shall:
2.2.1. use the Services, including Platform settings and other functionalities for determination of Personal Data Processing purposes and means, in compliance with the Data Protection Laws;
2.2.2. ensure all instructions given to the Data Processor directly or by usage of the settings and other functionalities of the Platform in respect of the Processing of Personal Data are at all times in accordance with the Data Protection Laws;
2.2.3. ensure all Personal Data provided to Data Processor has been collected in accordance with the Data Protection Laws and that Data Controller has all the rights and legitimate grounds to provide such Personal Data to Data Processor. For the avoidance of doubt, the Data Controller shall have sole responsibility for the accuracy, quality, and legality of Personal Data and the means by which Data Controller acquired Personal Data;
2.2.4. keep the amount of Personal Data provided to Data Processor while using Services to the minimum necessary in relation to the Services and in line with the Data Protection Laws;
2.2.5. ensure that Personal Data retention terms that the Data Controller determines by means of settings and other functionalities of the Platform are in compliance with the Data Protection Laws applicable to Data Controller.
3. Rights of Data Subjects.
3.1. The Data Processor shall, to the extent legally permitted, promptly notify the Data Controller if it receives a request from Data Subject for access to, rectification, portability, objection, restriction or erasure of such Data Subject’s Personal Data. Unless required by Data Protection Laws, the Data Processor shall not respond to any such Data Subject request without Data Controller’s prior written consent except to confirm that the request has been received. The Data Processor shall provide such information and cooperation and take such action within its powers as the Data Controller reasonably requests in relation to Data Subject request.
4. Sub-processing of Personal Data.
4.1. The Data Controller hereby grants its general authorization for Data Processor to engage Sub-processors to assist Data Processor in providing the Services and Processing Personal Data. The list of Sub-processors engaged by the Data Processor at the date hereof is attached for information purposes as Annex 2. The Data Processor shall take reasonable steps to ensure that the Sub-processors agree to act only on the Data Processor’s instructions when Processing the Personal Data (which instructions shall be consistent with Data Controller’s Processing instructions to Data Processor), and agree to protect the Personal Data to a standard consistent with the requirements of this DPA. The Data Processor is entitled to unilaterally update the list of Sub-processors by including Sub-processors to be appointed at least thirty (30) days prior to the date on which the Sub-processor shall commence Processing Personal Data, and shall inform of such updated list of Sub-processors the Data Controller.
4.2. The Data Processor shall remain liable to the Data Controller for the subcontracted Processing services of any of its Sub-processors.
5. Transfer of Personal Data.
5.1. The Data Processor may not transfer or authorize the transfer of Personal Data to countries outside the European Union (“EU”) and/or the European Economic Area (“EEA”) without the prior written consent of the Data Controller. If Personal Data Processed under this DPA is transferred from a country within the EEA to a country outside the EEA, the parties shall ensure that the Personal Data is adequately protected. To achieve this, the parties shall, unless agreed otherwise, rely on EU adequacy decision or EU approved standard contractual clauses for the transfer of Personal Data.
6. Security.
6.1. The Data Processor shall have the right to modify technical and organizational measures during the term of this DPA, as long as they continue to comply with the Data Protection Laws, supervisory authorities’ guidelines, recommendations or approved standards/ certificates
7. Audit.
7.1. The Data Controller shall be entitled to audit (including inspections) the Data Processor with regard to compliance with the provisions of this DPA, in particular the implementation of the technical and organisational measures.
7.2. In order to carry out inspections in accordance with section above, the Data Controller is entitled to request that the Data Processor provides all records and information in relation to the Processing of Personal Data after timely advance notification in accordance with clause 7.4, at the expense of the Data Controller, without disruption of the course of business and under strict secrecy of the Data Processor’s business and trade secrets.
7.3. The Data Processor is entitled, at its own discretion and taking into account the Data Controller’s legal obligations, not to disclose information which is sensitive with regard to the Data Processor’s business or if the Data Processor would be in breach of statutory or other contractual provisions as a result of its disclosure. The Data Controller is not entitled to get access to data or information about the Data Processor’s other clients, cost information, quality control and contract management reports, or any other confidential information of the Data Processor.
7.4. The Data Controller shall inform the Data Processor in good time (usually at least two weeks in advance) of all circumstances in relation to the performance of the audit. The Data Controller may carry out not more than one audit per calendar year.
8. Retention and destruction of Personal Data.
8.1. The Data Controller determines the retention terms by means of settings and other functionalities of the Platform. The Data Processor shall not retain the Personal Data longer than determined so by the Data Controller, except for retention of Personal Data in order to ensure compliance of the Data Processor’s Processing activities with legal and regulatory obligations (e.g. audit, accounting and statutory retention terms), handling disputes, and for the establishment, exercise or defence of legal claims in the countries where Data Processor does business.
8.2. The Data Processor and Sub-processors, if any, shall, at the choice of the Data Controller delete or return all Personal Data (including copies thereof) Processed pursuant to this DPA, upon termination of Data Controller’s access to and use of the Services in accordance with the procedures and timeframes set out in the Agreement. This requirement shall not apply to the extent Data Processor is required by applicable law to retain some or all of the Personal Data, or to Personal Data it has archived on back-up systems. In that case, Data Processor warrants that it will guarantee the confidentiality of the Personal Data and will not process the Personal Data anymore unless it is required to do so by applicable laws or to ensure functioning of the Platform.
8.3. The Data Processor reserves the right to anonymize or aggregate the Personal Data in such a way that it is no longer possible to identify individual Data Subjects, and to use them in this form for the purpose of needs-based designing, machine-learning, developing and optimizing as well as rendering of the Services agreed as per the Agreement. It is agreed that anonymized and according to the above requirement aggregated Personal Data is not considered Personal Data for the purposes of this DPA.
9. Term and termination.
9.1. The term and termination of this DPA shall be governed by the term and termination provisions of the Agreement. Termination of the Agreement automatically results in termination of this DPA.
10. Liability.
10.1. The Data Processor’s liability under this DPA shall be governed by the disclaimers and limitations of liability provided for in the Agreement.
10.2. The Data Controller shall defend any action or proceeding against, as well as indemnify and hold the Data Processor, its affiliates, officers, directors, employees, agents, legal representatives, licensors, subsidiaries, joint ventures and suppliers harmless against any third party claims, liabilities, costs, expenses, damages and losses (including any direct, indirect or consequential losses, loss of profit, loss of reputation and all interest, penalties and legal and other professional costs and expenses), including reasonable attorneys’ fees in relation to Data Controller’s Personal Data, arising due to breach of this DPA or Data Protection Laws by the Data Controller.
10.3. The Data Controller undertakes to indemnify the Data Processor upon first request against any damages, including all possible fines imposed on the Data Processor or legal fees or other expenses suffered by the Data Processor, if such damage has been suffered due to the Data Controller’s breach of this DPA or Data Protection Laws.
11. Final provisions.
11.1. In case individual provisions of this DPA are ineffective or become ineffective or contain a gap, the remaining provisions shall remain unaffected. The parties undertake to replace the ineffective provision by a legally permissible provision which comes closest to the purpose of the ineffective provision and that thereby satisfies the requirements of Data Protection Laws.
11.2. In case of conflicts between this DPA and other arrangements of the parties, in particular the Agreement, the provisions of this DPA shall prevail.
11.3. This DPA shall be governed by, and construed in accordance with, the substantive laws of the Republic of Lithuania. Any disputes arising out of this DPA shall be solved as indicated in the Agreement.
Annex 1 to the DPA
INSTRUCTIONS FOR THE PROCESSING OF PERSONAL DATA
1. General Notes
The Data Processor hereby undertakes to process Personal Data according to the processing instructions documented by the Data Controller and set out in this Annex and the DPA. In case the Data Processor has not received the instructions for Processing required for the fulfilment of its obligations under the DPA and further Processing, the Data Processor shall promptly notify the Data Controller of the same and may cease the Processing until the instructions are provided.
2. The Purpose of Personal Data Processing:
2.1. Collection of Personal Data from devices
2.2 Analysis (preparation of report and/or comparison) of Personal Data
2.3. Alerts management
2.4. Administration of Data Controller Account
2.5. Provision of technical support
3. Categories of data subjects:
3.1. Primary Users
3.2. Users
3.3. Data Controller customers
4. Types of Personal Data: Primary User’s name, surname, email, phone number, role and language; Users name, surname, email, phone number, language, Data Controller customer’s device ID, address (location), consumption metrics, time stamps, error codes;
5. Nature of Processing of the Personal Data: collection, recording, adaptation, alteration, storage, erasure.
6. Place of Processing of the Personal Data: Data Processor servers located in European Union.
7. Processing/storage period of the Personal Data: the Data Controller determines the retention terms by means of settings and other functionalities of the Platform.
All Personal Data shall be kept for one month after termination of the Services (except log files and data backup as described below) and shall be erased or anonymized on the first business day of a succeeding month:
- LOG FILES.
The Data Processor maintains a log file of all actions that are initiated or facilitated using the Services to capture, record and store data concerning the transaction. Such files will be deleted or anonymized once it is no longer necessary to fulfill the purposes for which it was collected and processed, but not longer than one year after termination of the Services.
- DATA BACKUP.
The Data Processor copies or archives the data used within the Services for the purpose of being able to restore them in case of original data is lost or corrupted. The Data Backup is kept for 3 months from the date of collection and will then be automatically deleted.
Access to Log Files and Data Backup is restricted to those who administer the Platform (authorized personnel and subcontractors), except that the Data Processor may use and disclose this information to third parties in response to legal process or law enforcement inquiries, abuse of the Platform, or violation of any General Terms of Use or contractual provision the Data Controller may have with the Data Processor.
Annex 2 to the DPA
List of approved Sub-Processors
Pursuant to the DPA, the Data Controller approves the following Sub- Processors used by the Data Processor:
- Amazon Web Services
- NFQ Technologies
- Exacaster
- Addendum
- Xoomworks