Effective starting: May 25, 2018
THIS AGREEMENT GOVERNS YOUR ACQUISITION AND USE OF OUR SERVICES.
BY ACCEPTING THIS AGREEMENT, EITHER BY REGISTERING ON WWW.DESACTION.ORG OR BY CLICKING A BOX INDICATING YOUR ACCEPTANCE OR BY EXECUTING AN ORDER FORM OR ANY OTHER DOCUMENTATION THAT REFERENCES THIS AGREEMENT, YOU AGREE TO THE TERMS OF THIS AGREEMENT. IF YOU ARE ENTERING INTO THIS AGREEMENT ON BEHALF OF A COMPANY OR OTHER LEGAL ENTITY, YOU REPRESENT THAT YOU HAVE THE AUTHORITY TO BIND SUCH ENTITY AND ITS AFFILIATES TO THESE TERMS AND CONDITIONS, IN WHICH CASE THE TERMS “YOU” OR “YOUR” SHALL REFER TO SUCH ENTITY AND ITS AFFILIATES. IF YOU DO NOT HAVE SUCH AUTHORITY, OR IF YOU DO NOT AGREE WITH THESE TERMS AND CONDITIONS, YOU MUST NOT ACCEPT THIS AGREEMENT AND MAY NOT USE THE SERVICES.
This Agreement was last updated on 25th May, 2018. It is effective between You and Us as of the date of Your acceptance of this Agreement.
The parties hereby agree to the following with respect to Your use, and DES Action USA’s provision, of the Service (as defined below).
“Affiliate” means any entity that directly or indirectly controls, is controlled by, or is under common control with the subject entity. “Control,” for purposes of this definition, means direct or indirect ownership or control of more than 50% of the voting interests of the subject entity.
“Agreement” means this Terms of service.
“Malicious Code” includes but not restricted to code, files, scripts, agents or programs intended to do harm or any unlawful activities, including, for example, viruses, worms, time bombs and Trojan horses.
“Services” means the products and services that are ordered by You or provided to You under a subscription fee, and made available online by Us. “Services” exclude applications owned by third parties.
“User” means an individual who is authorized by You to use a Service, for whom You have purchased a subscription (or in the case of any Services provided by Us without charge, for whom a Service has been provisioned), and to whom You (or, when applicable, Us at Your request) have supplied a user identification and password (for Services utilizing authentication). Users may include, for example, Your employees, consultants, contractors and agents, and third parties with which You transact business.
“We”, “Us” or “Our” means DES Action USA.
“You” or “Your” means the company or other legal entity for which you are accepting this Agreement, and Affiliates of that company.
Provision of Purchased Services. We will (a) make the Services and content available to You pursuant to this Agreement, (b) provide applicable support for the Services to You at no additional charge, (c) use commercially reasonable efforts to make the online Services available 24 hours a day, 7 days a week, except for: (i) planned downtime, and (ii) any unavailability caused by circumstances beyond Our reasonable control, including, for example, an act of God, act of government, flood, fire, earthquake, civil unrest, act of terror, strike or other labor problem (other than one involving Our employees), Internet service provider failure or delay, or denial of service attack.
USE OF SERVICES AND CONTENT
Subscriptions. Unless otherwise provided, (a) Services and access to content are purchased as subscriptions, (b) subscriptions may be added during a subscription term at the same pricing as the underlying subscription pricing, prorated for the portion of that subscription term remaining at the time the subscriptions are added, and (c) any added subscriptions will terminate on the same date as the underlying subscriptions.
Usage Limits. Services and content are subject to usage limits, including, for example, the quantities. Unless otherwise specified, (a) a quantity refers to Users, and the Service or content may not be accessed by more than that number of Users, (b) a User’s password may not be shared with any other individual, and (c) except otherwise provided for, a User identification may only be reassigned to a new individual replacing one who will no longer use the Service or content. If You exceed a contractual usage limit, We may work with You to seek to reduce Your usage so that it conforms to that limit. If, notwithstanding Our efforts, You are unable or unwilling to abide by a contractual usage limit, You will subscribe for additional quantities of the applicable Services or content promptly upon Our request, and/or pay any invoice for excess usage.
Your Responsibilities. You will (a) be responsible for Users’ compliance with this Agreement, (b) be responsible for the accuracy, quality and legality of Your Data (as defined below) and the means by which You acquired Your Data, (c) use commercially reasonable efforts to prevent unauthorized access to or use of Services and content, and notify Us promptly of any such unauthorized access or use, (d) use Services and content only in accordance with this Agreement and applicable laws and government regulations. You will not (a) make any Service or content available to, or use any Service or content for the benefit of, anyone other than You or Users, unless expressly permitted by us, (b) sell, resell, license, sublicense, distribute, make available, rent or lease any Service or content, or include any Service or content in a service bureau or outsourcing offering, (c) use our Service to store or transmit infringing, libelous, or otherwise unlawful or tortious material, or to store or transmit material in violation of third-party privacy rights, (d) use our Service to store or transmit Malicious Code, (e) interfere with or disrupt the integrity or performance of any Service or third-party data contained therein, (f) attempt to gain unauthorized access to any Service or content or its related systems or networks, (g) permit direct or indirect access to or use of any Service or content in a way that circumvents a contractual usage limit, or use any of Our Services to access or use any of Our intellectual property except as permitted under this Agreement, (h) copy a Service or any part, feature, function or user interface thereof, (i) copy content except as permitted herein, (j) frame or mirror any part of any Service or content, other than framing on Your own intranets or otherwise for Your own internal business purposes or as permitted under this Agreement, (k) access any Service or content in order to build a competitive product or service or to benchmark with any product or service, or (l) reverse engineer any Service. Any use of the Services in breach of this Agreement, by You or Users that in Our judgment threatens the security, integrity or availability of Our services, may result in Our immediate suspension of the Services, however We will use commercially reasonable efforts under the circumstances to provide You with notice and an opportunity to remedy such violation or threat prior to such suspension.
THIRD PARTY PRODUCTS OR SERVICES
Although we do use some third-party products for functionality on our site, we do not offer third-party services to You. Any acquisition by You of such products or services, and any exchange of data between You and any such third party provider, product or service is solely between You and the applicable provider. We do not warrant or support third party Applications or products or services, whether or not they are designated by Us as “certified” or otherwise.
FEES AND PAYMENT FOR PURCHASED SERVICES
Fees. You will pay all fees specified upon registration other than for free trial. Except as otherwise specified herein or in plan, (i) fees are based on subscriptions purchased and not actual usage, (ii) payment obligations are non-cancelable and fees paid are non-refundable, and (iii) quantities purchased cannot be decreased during the relevant subscription term.
Invoicing and Payment. You will provide Us with valid and updated credit card information, or with a valid purchase order or alternative document reasonably acceptable to Us. If You provide credit card information to Us, You authorize Us to charge such credit card for all Purchased Services for the initial subscription term and any renewal subscription term(s). Such charges shall be made in advance, either monthly or annually or in accordance with any different billing frequency agreed upon. If You specify that payment will be by a method other than a credit card, We will invoice You in advance. Unless otherwise agreed, invoiced charges are payable in advance or immediately upon receipt of invoice. You are responsible for providing complete and accurate billing and contact information to Us and notifying Us of any changes to such information.
Suspension of Service. If any amount owing by You under this or any other agreement for Our services is 60 or more days overdue (or 10 or more days overdue in the case of amounts You have authorized Us to charge to Your credit card), We may, without limiting Our other rights and remedies, suspend Our services to You until such amounts are paid in full.
Taxes. Our fees do not include any taxes, levies, duties or similar governmental assessments of any nature, including, for example, value-added, sales, use or withholding taxes, assessable by any jurisdiction whatsoever (collectively, “Taxes”). You are responsible for paying all Taxes associated with Your purchases hereunder whether leviable on You or Us. If We have the legal obligation to pay or collect Taxes for which You are responsible under this Section, We will invoice You and You will pay that amount unless You provide Us with a valid tax exemption certificate authorized by the appropriate taxing authority. For clarity, We are solely responsible for taxes assessable against Us based on Our income, property and employees.
Future Functionality. You agree that Your purchases are not contingent on the delivery of any future functionality or features, or dependent on any oral or written public comments made by Us regarding future functionality or features.
PROPRIETARY RIGHTS AND LICENSES
Reservation of Rights. Subject to the limited rights expressly granted hereunder, We and Our licensors and content Providers reserve all of Our/their right, title and interest in and to the Services and content, including all of Our/their related intellectual property rights. No rights are granted to You hereunder other than as expressly set forth herein.
Access to and Use of content. You have the right to access and use applicable content subject to the terms of this Agreement.
License to Use Feedback. You grant to Us and Our Affiliates a worldwide, perpetual, irrevocable, royalty-free license to use and incorporate into Our and/or Our Affiliates’ services any suggestion, enhancement request, recommendation, correction or other feedback provided by You or Users relating to the operation of Our or Our Affiliates’ services.
Your Data. We acknowledge that all intellectual property rights in Your Data are and will remain the property of You and/or the relevant Data Subjects, as the case may be; and that We shall have no rights in or to Your Data other than the right to Process it for the purposes set out in this Agreement.
Use of Your brand: We may include Your name and logo as a reference for marketing or promotional purposes on Our website or in public and private conversations with our existing or potential customers. We will do this subject to Your standard trademark usage guidelines as provided on Your website or to Us by You.
Definition of Confidential Information. “Confidential Information” means all information disclosed by a party (“Disclosing Party”) to the other party (“Receiving Party”), whether orally or in writing, that is designated as confidential or that reasonably should be understood to be confidential given the nature of the information and the circumstances of disclosure. Your Confidential Information includes Your Data; Our Confidential Information includes the Services and content; and Confidential Information of each party includes the terms and conditions of this Agreement (including pricing), as well as business and marketing plans, technology and technical information, product plans and designs, and business processes disclosed by such party. However, Confidential Information does not include any information that (i) is or becomes generally known to the public without breach of any obligation owed to the Disclosing Party, (ii) was known to the Receiving Party prior to its disclosure by the Disclosing Party without breach of any obligation owed to the Disclosing Party, (iii) is received from a third party without breach of any obligation owed to the Disclosing Party, or (iv) was independently developed by the Receiving Party.
The Receiving Party will use the same degree of care that it uses to protect the confidentiality of its own confidential information of like kind (but not less than reasonable care) to (i) not use any Confidential Information of the Disclosing Party for any purpose outside the scope of this Agreement and (ii) except as otherwise authorized by the Disclosing Party in writing, limit access to Confidential Information of the Disclosing Party to those of its and its Affiliates’ employees and contractors who need that access for purposes consistent with this Agreement and who have signed confidentiality agreements with the Receiving Party containing protections not materially less protective of the Confidential Information than those herein. Neither party will disclose the terms of this Agreement or any Order Form to any third party other than its Affiliates, legal counsel and accountants without the other party’s prior written consent, provided that a party that makes any such disclosure to its Affiliate, legal counsel or accountants will remain responsible for such Affiliate’s, legal counsel’s or accountant’s compliance with this “Confidentiality” section. Notwithstanding the foregoing, We may disclose the terms of this Agreement and any applicable details to a subcontractor or third party Application Provider to the extent necessary to perform Our obligations to You under this Agreement, under terms of confidentiality materially as protective as set forth herein.
Compelled Disclosure. The Receiving Party may disclose Confidential Information of the Disclosing Party to the extent compelled by law to do so, provided the Receiving Party gives the Disclosing Party prior notice of the compelled disclosure (to the extent legally permitted) and reasonable assistance, at the Disclosing Party’s cost, if the Disclosing Party wishes to contest the disclosure.
REPRESENTATIONS AND DISCLAIMERS
Representations. Each party represents that it has validly entered into this Agreement and has the legal power to do so.
Disclaimers. EXCEPT AS EXPRESSLY PROVIDED HEREIN, WE DO NOT MAKE ANY WARRANTY OF ANY KIND, WHETHER EXPRESS, IMPLIED, STATUTORY OR OTHERWISE, AND WE SPECIFICALLY DISCLAIM ALL IMPLIED WARRANTIES, INCLUDING ANY IMPLIED WARRANTY OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE OR NON-INFRINGEMENT, TO THE MAXIMUM EXTENT PERMITTED BY APPLICABLE LAW. CONTENT AND BETA SERVICES ARE PROVIDED “AS IS,” EXCLUSIVE OF ANY WARRANTY WHATSOEVER. EACH PARTY DISCLAIMS ALL LIABILITY AND INDEMNIFICATION OBLIGATIONS FOR ANY HARM OR DAMAGES CAUSED BY ANY THIRD-PARTY HOSTING PROVIDERS.
You will defend Us against any claim, demand, suit or proceeding made or brought against Us by a third party alleging that any of Your Data infringes or misappropriates such third party’s intellectual property rights, or arising from Your use of the Services or content in violation of the Agreement and You will indemnify Us from any damages, attorney fees and any costs finally awarded against Us as a result of, or for any amounts paid by Us under a settlement approved by You in writing of, a Claim Against Us, provided We (a) promptly give You written notice of the Claim Against Us, and (b) give You all reasonable assistance, at Your expense.
LIMITATION OF LIABILITY
IN NO EVENT SHALL OUR AGGREGATE LIABILITY TOGETHER WITH ALL OF OUR AFFILIATES ARISING OUT OF OR RELATED TO THIS AGREEMENT EXCEED UNITED STATES DOLLAR 1 (ONE) FOR THE SERVICES GIVING RISE TO THE LIABILITY. THE FOREGOING LIMITATION WILL APPLY WHETHER AN ACTION IS IN CONTRACT OR TORT AND REGARDLESS OF THE THEORY OF LIABILITY. IN NO EVENT WILL WE OR OUR AFFILIATES HAVE ANY LIABILITY ARISING OUT OF OR RELATED TO THIS AGREEMENT FOR ANY LOST PROFITS, REVENUES, GOODWILL, OR INDIRECT, SPECIAL, INCIDENTAL, CONSEQUENTIAL, COVER, BUSINESS INTERRUPTION OR PUNITIVE DAMAGES, WHETHER AN ACTION IS IN CONTRACT OR TORT AND REGARDLESS OF THE THEORY OF LIABILITY.
1.1 The following definitions and rules of interpretation apply in this Clause.
Appropriate Technical and Organisational Measures: has the meaning given to such term in Data Protection Legislation (including, as appropriate, the measures referred to in Article 32(1) of the GDPR).
Authorised Person: the personnel authorised on Your behalf to provide instructions to Us in relation to the Processing provisions in this Clause.
Business Day: a day other than a Saturday, Sunday or public holiday in India when banks are open for business.
Business Purpose: the provision of the Services.
Data: any data or information, in whatever form, including but not limited to images, still and moving, and sound recordings.
Data Controller: has the meaning given to such term in Data Protection Legislation.
Data Processor: has the meaning given to such term in Data Protection Legislation.
Data Protection Legislation: means the Data Protection Acts 1988 and 2003 and Directive 95/46/EC, any other applicable law or regulation relating to the processing of personal data and to privacy (including the E-Privacy Directive and the European Communities (Electronic Communications Networks and Services) (Privacy and Electronic Communications) Regulations 2011 (“E-Privacy Regulations”), as such legislation shall be amended, revised or replaced from time to time, including by operation of the General Data Protection Regulation (EU) 2016/679 (“GDPR”) (and laws implementing or supplementing the GDPR, and laws amending or supplementing the E-Privacy Regulations).
Data Protection Officer: a data protection officer appointed pursuant to Data Protection Legislation.
Data Subject: an individual who is the subject of Personal Data (including any User).
Delete: to remove or obliterate Personal Data such that it cannot be recovered or reconstructed.
EEA: European Economic Area.
GDPR: General Data Protection Regulation (EU) 2016/679.
Normal Business Hours: 9.00 am to 5.00 pm in Mumbai, India.
ODPC: Office of the Data Protection Commissioner, Canal House, Station Road, Portarlington, Co. Laois, R32 AP23, Ireland.
Our System: any information technology system or systems owned or operated by Us to which Your Data is delivered or on which the Services are performed.
Personal Data: has the meaning set out in Data Protection Legislation and relates only to personal data, or any part of such personal data, in respect of which You are the Data Controller, and in respect of which We are the Data Processor.
Personal Data Breach: means any “personal data breach” as defined in the GDPR in respect of the Personal Data which is caused by Us.
Processed Data: any of Your Data that has been Processed by Us.
Processing: has the meaning given to such term in Data Protection Legislation, and Processed and Process shall be interpreted accordingly.
Representatives: a Party’s employees, officers, representatives, advisers or subcontractors involved in the provision or receipt of the Services.
Restricted Transfer: any transfer of Personal Data to countries outside of the EEA which are not subject to an adequacy decision by the European Commission, where such transfer would be prohibited by Data Protection Legislation.
Security Features: any security feature, including any encryption, pseudonymisation, key, PIN, password, token or smartcard.
Specific Instructions: instructions meeting the criteria set out in Clause 2.1 of this Section.
Standard Contractual Clauses: the contractual clauses dealing with the transfer of Personal Data outside the EEA, which have been approved by (i) the European Commission under Data Protection Legislation, or (ii) by the ODPC or an equivalent competent authority under Data Protection Legislation.
Sub-processor: has the meaning given to such term in Clause 12.1 of this Section.
Term: the duration of the provision of the Services
Your Data: the Your Data (NPD) and Your Data (PD).
Your Data (NPD): all Data uploaded during the Term by You or any User from time to time in respect of use of the Services other than Your Data (PD).
Your Data (PD): the Personal Data uploaded during the Term by You or any User from time to time in respect of use of the Services, and any other Personal Data Processed by Us on behalf of You or any User.
2.1 We shall not act on any specific instructions given by You from time to time during the Term in respect of Processing unless they are:
2.2.1 in writing (including by electronic means); and
2.2.2 given by an Authorised Person
2.3 We shall Process Your Data (PD) for the Business Purpose only and in compliance with Your instructions from time to time, which may be:
2.3.1 Specific Instructions; or
2.3.2 the general instructions set out in this Agreement unless required to do otherwise by law, in which case, where legally permitted, We shall inform You of such legal requirement before Processing.
2.4 The types of Personal Data to be Processed pursuant to this Agreement shall include (but shall not be limited to) Personal Data uploaded by you or other Users through use of the Services, and may be any information, data or materials provided or utilized by you or Users in connection with the Services, including, without limitation, user credentials, and any other Personal Data contained in your or User’s websites, applications or in tests created by you or a User in connection with the Services; and the categories of Data Subject to whom such Personal Data relates shall include Users.
3.1 We shall:
3.1.1 only make copies of the Your Data to the extent reasonably necessary for the Business Purpose (which, for clarity, may include for generating logs in relation to your use of the Services, back- up, mirroring (and similar availability enhancement techniques), security, disaster recovery and testing the Services); and
3.1.2 not extract, reverse-engineer, re-utilise, use, exploit, redistribute, re-disseminate, copy or store Your Data other than for the Business Purpose.
3.2 We shall notify You in writing without delay of any situation or envisaged development that shall in any way change the ability of Us to Process Your Data (PD) as set out in this Agreement.
3.3 In general, Your Data and any logs created by us relating to Your Data will be kept and stored for 60 days from the date of upload/creation, after which point it will then be automatically deleted by Us. Notwithstanding this, we shall, at Your cost and taking into account the nature of Our Processing of Personal Data, promptly comply with any written request from You requiring Us to amend, transfer or Delete any of Your Data in advance of the expiration of this 60 day period. You may also retrieve and delete Your Data using our API.
3.4 At Your request and cost, We shall provide to You a copy of all Your Data held by Us in a commonly used format.
3.5 At Your request and cost, taking into account the nature of Our Processing of the Personal Data and the information available, We shall provide to You such information and such assistance as You may reasonably require, and within the timescales reasonably specified by You, to allow You to comply with Your obligations under Data Protection Legislation, including but not limited to assisting You to:
3.5.1 comply with Your own security obligations with respect to the Personal Data;
3.5.2 discharge Your obligations to respond to requests for exercising Data Subjects’ rights with respect to the Personal Data;
3.5.3 comply with Your obligations to inform Data Subjects about serious Personal Data Breaches;
3.5.4 carry out data protection impact assessments and audit data protection impact assessment compliance with respect to the Personal Data; and
3.5.5 the consultation with the ODPC following a data protection impact assessment, where a data protection impact assessment indicates that the Processing of the Personal Data would result in a high risk to Data Subjects.
3.6 Any proposal by Us to in any way use or make available Your Data other than as provided for pursuant to this Agreement shall be subject to prior written approval of You.
3.7 You acknowledge that We are under no duty to investigate the completeness, accuracy or sufficiency of (i) any instructions received from You, or (ii) any Your Data.
3.8 You shall:
3.8.1 ensure that You are entitled to transfer Your Data (PD) to Us so that We may lawfully process and transfer (if applicable) Your Data (PD) in accordance with this Agreement;
3.8.2 ensure that the relevant Data Subjects have been informed of, and have given their consent to, such use, processing, and transfer as required by Data Protection Legislation;
3.8.3 notify Us in writing without delay of any situation or envisaged development that shall in any way influence, change or limit the ability of Us to process Your Data (PD) as set out in this Agreement;
3.8.4 ensure that Your Data (PD) that You instructs Us to Process pursuant to this Agreement is:
(a) obtained lawfully, fairly and in a transparent manner in relation to the Data Subject (including in respect of how consent is obtained);
(b) collected and processed for specified, explicit and legitimate purposes, and not further processed in a manner incompatible with those purposes;
(c) adequate, relevant and limited to what is necessary in relation to the purposes for which it is processed;
(d) accurate, and where necessary kept up to date;
(e) erased or rectified without delay where it is inaccurate, having regard to the purposes for which they are processed;
(f) kept in a form which permits identification of Data Subjects for no longer than is necessary for the purposes for which the Personal Data are processed (subject to circumstances where Personal Data may be stored for longer periods insofar as it will be processed solely for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes, and subject to the implementation of Appropriate Technical and Organisational Measures);
(g) processed in a manner that ensures appropriate security of the Personal Data, including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage, using Appropriate Technical and Organisational Measures; and
3.8.5 provide such information and such assistance to Us as We may reasonably require, and within the timescales reasonably specified by Us, to allow Us to comply with Our obligations under Data Protection Legislation.
3.9 Your Data (PD) passed to Us for Processing shall not be kept by You for a period that is longer than necessary.
4.1 We shall take reasonable steps to ensure the reliability of all Our employees who have access to Your Data (PD), and to ensure that such employees have committed themselves to a binding duty of confidentiality in respect of Your Data (PD).
5.1 We shall keep at Our normal place of business records (including in electronic form) relating to all categories of Processing activities carried out on behalf of You, containing:
5.1.1 the general description of the security measures taken in respect of the Personal Data, including details of any Security Features and the Appropriate Technical and Organisational Measures;
5.1.2 the name and contact details of Us; any sub-supplier; and where applicable Our representatives; and where applicable any Data Protection Officer appointed by Us;
5.1.3 the categories of Processing by Us on behalf of You; and
5.1.4 details of any non-EEA Personal Data transfers, and the safeguards in place in respect of such transfers.
6.1 Subject to Clause 6.2, 6.3 and 6.5, and to the extent required by Data Protection Legislation, You shall have the right to examine and review the use by Us of Your Data provided to Us by You only for the purpose of ascertaining that Your Data has been used and Processed in accordance with the terms of this Agreement.
6.2 An audit under this Clause 6 shall be carried out on the following basis: (i) You must first contact Us by email asking for evidence of compliance with Our obligations under this Agreement, and We shall respond to such email within 30 Business Days; (ii) if We have not responded to Your email with a response which is reasonably satisfactory to You within such 30 Business Day period then, no more than once in any twelve (12) month period and during Normal Business Hours during the course of one Business Day You may audit Our Processing of Your Personal Data at a location agreed by Us. You shall bear the reasonable expenses incurred by Us in respect of any such audit and any such audit shall not interfere with the normal and efficient operation of Our business. We may require, as a condition of granting such access, that You (and representatives of You) enter into reasonable confidentiality undertakings with Us.
6.3 The scope of any examination and review by You of the use by Us of the Personal Data shall be agreed in writing prior to the commencement of any such examination and review.
6.4 In the event that the audit process determines that We are materially non-compliant with our obligations under this Section, You may, by notice in writing, deny further access to Your Data.
6.5 To the extent permitted under Data Protection Legislation, We may demonstrate Our and, if applicable Our Sub-processors’, compliance with Our obligations under this Section through Our compliance with a certification scheme or code of conduct approved under Data Protection Legislation.
Data Subject Requests
7.1 Taking into account the nature of Our Processing of the Personal Data and at Your cost, We shall assist You by employing Appropriate Technical and Organisational Measures, insofar as this is possible, in respect of the fulfilment of Your obligations to respond to requests from a Data Subject exercising his/her rights under Data Protection Legislation.
7.2 We shall, at Your cost, notify You as soon as reasonably practicable if We receive:
7.2.1 a request from a Data Subject for access to that person’s Personal Data (relating to the Services);
7.2.2 any communication from a Data Subject (relating to the Services) seeking to exercise rights conferred on the Data Subject by Data Protection Legislation in respect of Personal Data; or
7.2.3 any complaint or any claim for compensation arising from or relating to the Processing of such Personal Data.
7.3 We shall not disclose the Personal Data to any Data Subject or to a third party other than at the request of You, as provided for in this DPA, or as required by law in which case We shall to the extent permitted by law inform You of that legal requirement before We discloses the Personal Data to any Data Subject or third party.
7.4 We shall not respond to any request from a Data Subject except on the documented instructions of You or an Authorised Person or as required by law, in which case We shall to the extent permitted by law inform You of that legal requirement before We respond to the request.
Data Protection Officer
8.1 We shall appoint a Data Protection Officer, if required to do so pursuant to Data Protection Legislation, and provide You with the contact details of such Data Protection Officer.
8.2 You shall appoint a Data Protection Officer, if required to do so pursuant to Data Protection Legislation, and provide Us with the contact details of such Data Protection Officer.
9.1 We shall, in accordance with Our requirements under Data Protection Legislation, implement Appropriate Technical and Organisational Measures to safeguard the Your Data (PD) from unauthorised or unlawful Processing or accidental loss, alteration, disclosure, destruction or damage, and that, having regard to the state of technological development and the cost of implementing any measures (and the nature, scope, context and purposes of Processing, as well as the risk to Data Subjects), such measures shall be proportionate and reasonable to ensure a level of security appropriate to the harm that might result from unauthorised or unlawful Processing or accidental loss, alteration, disclosure, destruction or damage and to the nature of the Personal Data to be protected.
9.2 We shall ensure that Your Data provided by You can only be accessed by persons and systems that are authorised by Us and necessary to meet the Business Purpose, and that all equipment used by Us for the Processing of Your Data shall be maintained by Us in a physically secure environment.
9.3 You shall make a back-up copy of Your Data as often as is reasonably necessary and record the copy on media from which Your Data can be reloaded in the event of any corruption or loss of Your Data.
10.1 We shall promptly inform You if any of Your Data is lost or destroyed or becomes damaged, corrupted, or unusable, or if there is any accidental, unauthorised or unlawful disclosure of or access to any of Your Data. In such case, We will use Our reasonable endeavours to restore Your Data at Your expense (save where the incident was caused by Our negligent act or omission, in which case it will be at Our expense), and will comply with all of Our obligations under Data Protection Legislation in this regard.
10.2 We must inform You of any Personal Data Breaches, or any complaint, notice or communication in relation to a Personal Data Breach, without undue delay. Taking into account the nature of Our Processing of the Personal Data and the information available to Us and at Your cost We will provide sufficient information and assist You in ensuring compliance with Your obligations in relation to notification of Personal Data Breaches (including the obligation to notify Personal Data Breaches to the ODPC within seventy two (72) hours), and communication of Personal Data Breaches to Data Subjects where the breach is likely to result in a high risk to the rights of such Data Subjects. Taking into account the nature of Our Processing of the Personal Data and the information available to Us and at Your cost, We shall co-operate with You and take such reasonable commercial steps as are directed by You to assist in the investigation, mitigation and remediation of each such Personal Data Breach.
11.1 A Restricted Transfer may not be made by Us (other than transfers to our Affiliates and by any agents and contractors for the purposes of performing the Services, and You shall endeavour to obtain explicit consent from relevant Data Subjects in respect of such potential transfers) without the prior written consent of You (such consent not to be unreasonably withheld, delayed or conditioned), and if such consent has been obtained (or is unnecessary), such Restricted Transfer may only be made where there are Appropriate Technical and Organisational Measures in place with regard to the rights of Data Subjects (including but not limited to the Standard Contractual Clauses, Privacy Shield, binding corporate rules, or any other model clauses approved by the ODPC).
11.2 Subject to Clause 11.3, in the event of any Restricted Transfer by Us to a contracted Sub- processor, to any Affiliate of You or otherwise (“Data Importer”) for which your consent has been obtained (or is unnecessary), We and You shall procure that (i) You (where the Restricted Transfer is being made at the request of You) or Us acting as agent for and on behalf of You (where the Restricted Transfer is being made at the request of Us), and (ii) the Data Importer, shall enter into the Standard Contractual Clauses in respect of such Restricted Transfer.
11.3 Clauses 11.1 or 11.2 shall not apply to a Restricted Transfer if other compliance steps (which may include, but shall not be limited to, obtaining explicit consents from Data Subjects) have been taken to allow the relevant Restricted Transfer to take place without breach of applicable Data Protection Legislation.
12.1 At this time, DES ACTION USA has no sub-processors.
13.1 We warrant and undertake to You that:
13.1.1 We will Process Your Data in compliance with our obligations under Data Protection Legislation;
13.1.2 We will maintain Appropriate Technical and Organisational Measures against the unauthorised or unlawful Processing of Your Data (PD) and against the accidental loss or destruction of, or damage to, Your Data (PD); and
13.1.3 We will discharge Our obligations under this Section with all due skill, care and diligence.
13.2 You hereby warrant and undertake that:
13.2.1 You have complied with and shall comply with Your obligations under Data Protection Legislation;
13.2.2 You have the right to transfer (or to authorise Users to transfer) Your Data (PD) to Us in accordance with the terms of this Agreement;
13.2.5 Your instructions that are set out in this Section accurately reflect the instructions of the Data Controller to the extent that We are a Data Processor on behalf of the Data Controller;
13.2.6 You shall and shall cause, appropriate notices to be provided to, and valid consents to be obtained from, Data Subjects, in each case that are necessary for Us to Process (and have Processed by Sub-processors) Personal Data under or in connection with this Agreement, including Processing outside the EEA on the basis of any of the legal conditions for such transfer and Processing set out in Clause 11 above;
13.2.6 You shall and shall cause, appropriate notices to be provided to, and valid consents to be obtained from, Data Subjects, in each case that are necessary for Us to Process (and have Processed by Sub-processors) Personal Data under or in connection with this Agreement, including Processing outside the EEA on the basis of any of the legal conditions for such transfer and Processing set out in Clause 11 above;
13.2.7 You shall not, by act or omission, cause Us to violate any Data Protection Legislation, notices provided to, or consents obtained from, Data Subjects as a result of Us or Our Sub-processors Processing the Personal Data; and
13.2.8 notwithstanding anything contained in this Agreement, You shall pay in immediately available funds Our costs incurred or likely to be incurred, at Our option in advance under this Section (where matters are to be at Your cost).
14.1 You (the “Indemnifying Party”) agree to indemnify and keep indemnified and defend at Your own expense Us (the “Indemnified Party”) against all costs, claims, damages or expenses incurred by the Indemnified Party or for which the Indemnified Party may become liable due to any failure by the Indemnifying Party or its employees or agents to comply with any of its obligations under this Section and/or under Data Protection Legislation.
14.2 If any third party makes a claim against the Indemnified Party, or notifies an intention to make a claim against the Indemnified Party, the Indemnified Party shall: (i) give written notice of the claim against the Indemnified Party to the Indemnifying Party as soon as reasonably practicable; (ii) not make any admission of liability in relation to the claim against Indemnified Party without the prior written consent of the Indemnifying Party; (iii) at the Indemnifying Party’s request and expense, allow the Indemnifying Party to conduct the defence of the claim against the Indemnified Party including settlement; and (iv) at the Indemnifying Party’s expense, co-operate and assist to a reasonable extent with the Indemnifying Party’s defence of the claim against the Indemnified Party.
Limitation of liability
15.1 Unless required to do so by the ODPC or any other competent supervisory authority, We shall not make any payment or any offer of payment to any Data Subject in response to any complaint or any claim for compensation arising from or relating to the Processing of Your Data, without the prior written agreement of You.
15.2 You acknowledge and agree that We are reliant on You for direction as to the extent to which We are entitled to use and process Your Data (PD). Consequently, We will not be liable for any claim brought by a Data Subject arising from any action or omission by Us, to the extent that such action or omission resulted directly from Your instructions and/or the transactions contemplated by this Section.
Consequences of termination on Your Data.
Upon termination or expiry of this Agreement, at the choice of You, We shall Delete or return all Your Data to You and Delete existing copies of Your Data, unless legally required/entitled to store Your Data for a period of time. If You make no such election within a ten (10) day period of termination or expiry of this Agreement, We may Delete any of Your Data in our possession; and if You elect for destruction rather than return of Your Data, We shall as soon as reasonably practicable ensure that all Your Data is Deleted from Our System, unless legally required/entitled to store Your Data for a period of time.
TERM AND TERMINATION
Term of Agreement. This Agreement commences on the date You first accept it and continues until all subscriptions hereunder have expired or have been terminated.
Term of Purchased Subscriptions. The term of each subscription shall be as per the subscription plan selected by you. Except as otherwise specified, subscriptions will automatically renew for additional periods equal to the expiring subscription term or one year (whichever is shorter), unless You give Us notice of non-renewal at least 30 days before the end of the relevant subscription term.
Termination. This Agreement shall stand terminated at the end of the subscription period unless the Services are renewed. We may terminate Our services or access to our website at any time without notice (i) if You materially breach any provisions of this Agreement (ii) if You cease to do business, or otherwise terminate your business operations without a successor; or (iii) if You are subject of a petition in bankruptcy or any other proceeding relating to insolvency, receivership, liquidation or assignment for the benefit of creditors, or (iv) if We are required to do so by Law. If You wish to terminate this Agreement, You may simply stop using Our services or stop accessing Our website.
Refund or Payment upon Termination. Fees once paid under this Agreement shall not be refundable to You under any circumstances. You will not be entitled to any payment upon termination of this Agreement either by You or by Us.
Surviving Provisions. The sections titled “Fees and Payment”, “Proprietary Rights and Licenses”, “Confidentiality”, “Disclaimers”, “Mutual Indemnification”, “Limitation of Liability”, “Refund or Payment upon Termination”, “Removal of content and Non-DES ACTION USA Applications”, “Surviving Provisions” and “General Provisions” will survive any termination or expiration of this Agreement.
WHO YOU ARE CONTRACTING WITH, NOTICES, GOVERNING LAW AND JURISDICTION
General. You are contracting with DES Action, a 501(3)(c) under MedShadow Foundation, under this Agreement.
Governing Law and Jurisdiction.
(a) Save as set out in part (b) of this clause: (i) this Agreement shall be construed and governed by the laws of USA; (ii) in the event of any conflicts between foreign law, rules and regulations, the governing law shall prevail; (iii) each party agrees to submit to the exclusive and personal jurisdiction of the Courts located in New York, USA; and (iv) the United Nations Convention on Contracts for the International Sale of Goods and the Uniform Computer Information Transactions Act shall not apply to this Agreement.
(b) All matters relating to the “Data Protection” section of this Agreement and Data Protection Legislation (as defined therein) shall be (i) construed and governed by the laws of Ireland; and (ii) subject to the jurisdiction of the Courts of Ireland.
Notices. Any notice under this Agreement or related to Our services should be addressed to: DES Action USA, 178 Columbus Avenue, #237182, New York, NY 10023. All notices related to this Agreement will be in writing and will be effective upon (a) personal delivery, (b) the third Business Day after mailing, or (c), on the day of sending by email. All notices to You will be addressed to the relevant billing contact designated by You.
The obligations owed by Us under this Agreement shall be owed to You solely by Us and the obligations owed by You under this Agreement shall be owed solely to Us.
Anti-Corruption. You agree that You have not received or been offered any illegal or improper bribe, kickback, payment, gift, or thing of value from any of Our employees or agents in connection with this Agreement. Reasonable gifts and entertainment provided in the ordinary course of business do not violate the above restriction. If You learn of any violation of the above restriction, You will use reasonable efforts to promptly notify Us.
Entire Agreement and Order of Precedence. This Agreement is the entire agreement between You and Us regarding Your use of Services and content and supersedes all prior and contemporaneous agreements, proposals or representations, written or oral, concerning its subject matter. Except as otherwise provided herein, no modification, amendment, or waiver of any provision of this Agreement will be effective unless in writing and signed by the party against whom the modification, amendment or waiver is to be asserted. The parties agree that any term or condition stated in Your purchase order or in any other of Your order documentation is void.
Assignment. Neither party may assign any of its rights or obligations hereunder, whether by operation of law or otherwise, without the other party’s prior written consent (not to be unreasonably withheld); provided, however, either party may assign this Agreement in its entirety (together with all Order Forms), without the other party’s consent to its Affiliate or in connection with a merger, acquisition, corporate reorganization, or sale of all or substantially all of its assets. Subject to the foregoing, this Agreement will bind and inure to the benefit of the parties, their respective successors and permitted assigns.
Relationship of the Parties. The parties are independent contractors. This Agreement does not create a partnership, franchise, joint venture, agency, fiduciary or employment relationship between the parties.
Third-Party Beneficiaries. There are no third-party beneficiaries under this Agreement.
Waiver. No failure or delay by either party in exercising any right under this Agreement will constitute a waiver of that right.
Severability. If any provision of this Agreement is held by a court of competent jurisdiction to be contrary to law, the provision will be deemed null and void, and the remaining provisions of this Agreement will remain in effect.