THESE TERMS AND CONDITIONS (the “Agreement“) are entered into as of the date that it was accepted by the Client on the Company’s website Voicespin.com (the “Effective Date“), by and between Voicespin Ltd., a private company incorporated under the laws of the state of Israel, registration number 513983676 whose address is at 3 Tefutsot St., Givataim, Israel (the “Company”), and the company above, a company incorporated under the laws of the above country, whose address is indicated above (the “Client“). The parties may hereinafter be also collectively referred to as the “Parties“.
WHEREAS Company is in the business of providing its clients with usage of a PBX call center dialer and termination using Company’s trunk and usage of any other products as detailed in the Rate Table and/or Proposal for the purpose of operating their business; and WHEREAS the Client is a company who operates in the business of trade and wishes to receive products from the Company for its own operation, all subject to terms of this Agreement.
NOW THEREFORE, the Parties intending to be legally bound hereby agree, as follows:
In cases subject to the GDPR regulatory rules, the Company acts as a “Data Processor” (the “Processor”), and the Client acts as a “Data Controller” (“Controller”) with regard to the Personal Data processed.
1.1. Unless explicitly agreed otherwise in writing, this Agreement applies to all products as provided by the Company and to all orders placed with Company by the Client as detailed in the rate table and/or proposals Client receives from the Company (the “Rate Table” and the “Proposal“, accordingly).
1.2. This Agreement shall be deemed an inseparable part of the Rate Table and Proposal.
2.1. Any and all of Company’s products, offering, obligations (whether for established products or otherwise), support, and consultations are collectively referred herein as the “Products“.
2.2. “Transactions” shall mean any transactions executed by the Client by using Company’s Products in any manner possible. It is hereby clarified that Company is not a party to any Transaction and the Client is liable to any third party for any use of the Products.
2.3. “Fees” hereby refers to any and all fees for Products provided to Client which Company is
entitled to receive from Client under this Agreement and under the Rate Table and/or
2.4. “Commencement Date” shall mean the date in which Products are provided to Client following the completion of the initial setup and in which Client’s monthly obligation to make monthly payment of Fees will commence. Commencement Date will at no event be longer than three (3) weeks period following the Effective Date indicated herein above.
2.5. “Term” shall mean the duration of this Agreement beginning with Effective Date and until
terminated in accordance with this Agreement.
2.6. “Data Protection Legislation” is any and all data protection and privacy legislation in force in those parts of the world in which the Parties operate and/or Process the Personal Data, including but not limited to the data protection legislation of the country where each of the Parties is established, the General Data Protection Regulation (EU) 2016/679 and any legislation and/or regulation which amends, replaces, re-enacts or consolidates any of the data protection provisions.
2.7. “Personal Data” is any information relating to an identified or identifiable natural person.
2.8. “Data Subject” is the identified or identifiable natural person to whom the Personal Data relates.
2.9. “Sub-processor” is any third-party processor according to the Art. 28 Para. 2 of the GDPR that is engaged by the Processor for the purpose of processing the Personal Data.
2.10. “Recipient” is a natural or legal person, public authority, agency or another body, to which the Personal Data could be disclosed, whether a third party or not.
2.11. “Processing” any operation or set of operations which is performed on Personal Data or on sets of Personal Data, whether or not by automated means. The processing operations for the purposes of this Agreement are specified herein.
2.12. “Third Country” is any country, which is out of the European Economic Area.
2.13. “Data Controller”, “Data Processor”, “Data Subject”, “Process/Processing”, “Personal Data Breach” and “Supervisory Authority” and other relevant definitions capitalized shall be interpreted in accordance with the GDPR.
- SCOPE OF AGREEMENT: THE USE OF PRODUCTS
3.1. This Agreement governs the Client’s engagement with Company for the provision of the
Products and for their stated purpose.
3.2. Limited Use: Subject to the terms and conditions of this Agreement and the proper transfer of Company’s Fees by Client, during the Term of this Agreement, Company grants to Client a non-exclusive, nontransferable, limited-in-time right and license to use such Products, in accordance with their purpose (for Client’s self use only) and for the Term of this Agreement. Any changes to the scope of use shall be agreed in writing, which will be attached to this Agreement.
3.3. Support: subject to the terms and conditions of this Agreement and the proper transfer of
Company’s Fees by Client, during the Term of this Agreement, Company shall provide support for its Products in accordance with its standard service level terms set herein, and as may be amended from time to time subject to providing Client with prior notice of such amendment. Unless explicitly agreed otherwise in writing by the Parties, Company’s warranties (as disclaimed) and support obligations (as defined in the standard service level terms herein), set Company’s exclusive and exhaustive obligations with regards to the Products herein.
3.4. For the use of the Products, as needed, the Client will be responsible for purchasing softphones, headphones, all LAN infrastructures and will have no demands and/or complaints against the Company with regards to the aforementioned. The Client acknowledges and agrees that the Company is not responsible for any loss of database for the call recordings as part of the Products and that Client is responsible for creating a back-up for the call recordings.
4.1. Company represents that the Products will be provided in accordance with the Proposal/Rate Table.
4.2. Client undertakes to uphold the terms of this Agreement and the Proposal/Rate Table, in full compliance with any applicable laws and legislation with respect to each country it operates and/or uses the Products in it.
- INTELLECTUAL PROPERTY RIGHTS
5.1. Company shall remain the sole proprietor and owner of all Products including all intellectual property rights in the same.
5.2. The Products contain trade secrets of Company. Client undertakes and agrees not to attempt, permit, assist or act to decompile, reverse-engineer, disassemble or otherwise reduce any portion thereof to a human perceivable form, and immediately inform Company with regards of any infringement by a third party of any of its rights hereunder or otherwise. Except as provided herein, Client may not modify, adapt, translate, loan, time-share, or create any derivative works based upon the Products, Software, Products, Documentation and Deliverables, or any portion thereof.
5.3. Nothing in this Agreement shall be deemed as to confer any intellectual property rights owned by one party to the other.
- CONFIDENTIALITY, PRIVACY AND INFORMATION
6.1. Each party shall maintain reasonable measures to protect the confidentiality of the other party’s business information.
6.2. Each Party agrees that it will not, at any time during or after the Term of this Agreement, disclose or disseminate to any other person or entity, or use except as permitted by this Agreement, any information regarding the business, data, processes, technology, software or products obtained during the course of performance under this Agreement (the “Confidential Information“) of the other party unless permitted otherwise in this Agreement.
6.3. Each party agrees that in the event it should breach any of the provisions contained in this Section, then other party shall be authorized and entitled to seek from any court of competent jurisdiction (i) a temporary restraining order, (ii) preliminary and permanent injunctive relief; and (iii) an equitable accounting for all profits or benefits arising out of such breach. Such rights or remedies shall be cumulative and in addition to any other rights or remedies such party may be entitled to with accordance to any law.
6.4. Nothing contained herein will be construed to restrict or impair in any way the right of any party to disclose or communicate any information which (i) is at the time of its disclosure hereunder generally available to the public; (ii) becomes generally available to the public through no fault of the disclosing party; (iii) is, prior to its initial disclosure hereunder, in the possession of the receiving Party as evidenced in a documentary form; (iv) is required to be disclosed by court order, subpoena, self-regulatory body, regulator, or as otherwise required by applicable law or regulation; or (v) was independently developed by receiving party without use of or reference to any of disclosing party’s Confidential Information.
6.5. The provisions of this Section shall remain in effect following termination of the Agreement or expiration of the Term.
7.1. Delays: Agreed schedule or due dates for the provision of Products may be reasonably extended by the Company in light of circumstances beyond Company’s control.
7.2. No Exclusivity: Nothing herein shall limit any of the parties from providing any Products to any other party, at their own discretion and without limitation.
7.3. Valuation: Client explicitly acknowledges herein that the Fees and terms set herein represent the agreed upon terms and sums.
- TERM; DURATION; TERMINATION
9.1. Duration: This Agreement, and the payment obligations hereunder, shall be in force and effective as of the Effective Date and until this Agreement is terminated in accordance with the terms herein (the “Term ”).
9.2. Termination for Convenience: Except as indicated herein, either party may terminate this Agreement by written notice to the other party, at least 30-days prior to the termination, at its sole discretion without stating any cause for termination.
9.3. Survival of Payment Obligations: Termination of this Agreement shall not derogate from Client’s obligation to pay any outstanding Fees, including any and all Fees incurred during the provision of the Products. This obligation shall survive the termination of the Agreement for any reason whatsoever.
9.4. Breach; Termination for Breach: Either party may terminate this Agreement if the other party is in material breach of its obligations hereunder. Any breach shall be deemed a material breach hereunder if the party in breach has received written notice with regards to the breach and the breach has not been rectified within 14 days as of the date of receipt. No breach hereunder shall be deemed as such if rectified within said 14-day period.
- STANDARD SERVICE LEVEL; SLA; SUPPORT
10.1. Company will provide Client with remote support for the Products provided, all subject to the fulfillment of all Clients’ obligations herein, subject to Client providing Company with notification of any error in the Products.
10.2. Phone Support: Company shall provide a standard phone line for support and an email address for email support which are active during business hours. Company Support Email is firstname.lastname@example.org.
10.3. Company Support line: +972-37237000 / +972-37237029 ext 1 (on all other time support)
10.4. Support hours: Sunday through Friday, from 8:30 AM to 6:00 PM all in the Israel time zone.
10.5. Company support team shall employ reasonable effort and attempts to resolve the problem in the least possible amount of time it can under the circumstances.
10.6. While Company will undertake reasonable efforts to provide technical assistance under this Agreement and to rectify or provide solutions to problems reported by the Client, the Company cannot and does not guarantee that all errors are curable.
10.7. There may be times when Company will be required to include its secondary service provider in the resolution of any problems. Company will then share your information for the purpose of such support if applicable and on a need-to-know basis.
10.8. For the purpose of providing support to the Client, the Company utilizes the following two (2) severity levels to categorize reported problems:
SEVERITY 1: Major Problem
“Severity 1” means an error reported which results in the inability of the Client to use the entirety of the Products provided. Company will commence work on resolving the deficiency within two (2) hours of verbal or written notification during business hours and will engage staff accordingly until an acceptable resolution is achieved.
SEVERITY 2: Minor Problem
“Severity 2” means any error which is not under Severity 1 level as mentioned above. Company will commence work on resolving the deficiency within twenty four (24) hours of notification and
will engage staff during business hours until an acceptable resolution is achieved.
10.9. It is hereby clarified that in the event that on-site technical support is required, the Client will be responsible for travel and lodging expensed for the technical personnel subject to providing receipt for such expense by the Company.
- CLIENT’S UNDERTAKINGS
Client hereby warrants, represents and undertakes as follows:
11.1. In its performance of this Agreement, the Client and any person or entity acting on Client’s
behalf, shall comply with all applicable statutes, rules, regulations, orders or other governmental acts of any competent jurisdiction, whether foreign or domestic, as may be amended from time to time. The foregoing compliance shall be the sole and exclusive responsibility of the Client, and Company shall not have any liability, responsibility or obligations with respect to such compliance.
11.2. Client acknowledges that it bears the sole responsibility to verify the compliance of any Transaction with any applicable laws and legislations, limitations and requirement, and the Client shall bear all accountability and responsibility with respect to the Transactions.
11.3. It undertakes to be fully compliant with any reasonable and customary policies, as published or amended by Company from time to time, in accordance with technological and business advancements.
11.4. Client will not whether on his own account and/or on behalf of others, in any way, offer, solicit, interfere with and/or endeavor to entice away from Company, any of Company’s employees and/or staff and/or any person with whom Company shall has any contractual and/or
commercial relationship as an employee, and will not make offers for employment and/or anyother benefits to all of the aforementioned.
11.5. Client permits the Company to use its own discretion in providing any information it has and/or received from the Client, including any of the Confidential Information associated with the
Client in the event a third party or a governmental authority of any country formally requests the Company to do so and the Client acknowledges that the Company shall not be liable in any
manner for the distribution of such information.
- DISCLAIMER OF WARRANTY; LIMITATION OF LIABILITY
12.1. Client acknowledges that all Company’s obligations under this Agreement are provided, solely, in the capacity of a technology provider.
12.2. Client is fully responsible for all Transactions and use of Products and shall be solely liable
towards the Company and any third party for any type of implications or damages resulting from Transactions or any use of the Products conducted by the Client and/or anyone on its behalf.
12.3. Company will not be responsible for delays or partial and/or total failures in any online communications facility or other causes beyond Company’s direct control.
12.4. None of the Company, its suppliers, or any company vendor (I) will be liable to the Client or anyone on its behalf or third party, for any transaction not completed or delayed, regardless of the reason for failure, without limitation, processing or transmission errors, or (II) makes any representations or warranties regarding the quality, reliability, timeless or security of the Products or that the Products will be error-free, uninterrupted, or free from unauthorized access or not infringe third party rights.
12.5. Aside as expressly sets forth in writing in this Agreement and/or the Proposal/Rate Table, the Company provides the Products “AS-IS”, “AS-AVAILABLE” and “WITH ALL FAULTS”. The warranties expressly set forth in this agreement are the sole and exclusive warranties provided by the Company with respect to the Products. Except as otherwise set forth herein, to the maximum extent permitted by any law, the Company expressly disclaims all warranties, express or implied, with respect to the Products and Clients’ use thereof. The Client waives any and all warranties that may be implied by law, including, but not limited to, the implied warranties of merchantability and fitness for a particular purpose.
12.6. In no event will the Company or any of its respective officers, directors, employees, shareholders, affiliates, agents, successors, or assigns, nor any party involved in the creation, production or transmission related to the Products, shall be liable towards the Client or anyone on its behalf for any direct, indirect, special, punitive, incidental or consequential damages (including, without limitation, those resulting from lost profits, lost data, work stoppage, computer failure, business interruption or malfunction) arising out of the use, inability to use, or the results of use of the Products, whether based on warranty, contract, tort or any other legal theory and whether or not advised of the possibility of such damages. The Client acknowledges and agrees that the pricing for the Products would be substantially higher but for these limitations.
12.7. The Client shall, upon first request and within no more than 14 calendar days, indemnify, reimburse and hold harmless Company, its subsidiaries and affiliates, and each of their members, managers, directors, officers, agents, contractors, partners and employees, against any claim and/or lawsuit and/or demand and/or loss and/or expense incurred by Company, or reasonably expected to incur at Company’s discretion, in connection with the violation of this Agreement, including, without limitation, with the breach by Client of any representations, warranties, the use or abuse of the Products and/or resulting from any Transaction to which the Company is not a party, all upon first demand.
12.8. Neither Party hereto shall be regarded as agent of the other Party, nor shall either Party have the right to assume or otherwise create any obligations of whatsoever nature, whether express or implied, on behalf of the other Party hereto, unless otherwise expressly provided in this Agreement or in the proposal. No joint venture shall be formed by this Agreement. Employees of either Party to this Agreement shall not be regarded as employees of the other Party hereto.
12.9. Client acknowledges that Company shall not incur any liability, in any way, or otherwise bear any damages and/or expenses to any third party resulting from this Agreement.
12.10. Limitation on Claims: No claim, regardless of form, whether legal or not, arising out of this Agreement may be brought or reported by Client more than two (2) years after the cause of action is discovered or when the cause of action can reasonably expected to be discovered, the earliest among them. Furthermore, such claim cannot be brought two years after termination of Agreement.
12.11. The client herby warrants not to resell part or whole of Company’s Products to a resident
and/citizen of the state of Israel. The Client also declares that it is solely liable for all applicable taxes in any jurisdiction and agrees to immediately indemnify the Company for any expense it was demanded to pay to an Israeli or foreign tax authorities in this regard.
12.12. This section shall survive the termination of this Agreement for any reason whatsoever.
13.1. Entire Agreement: The Client acknowledges that Client has read and understood this Agreement, and hereby agrees to be bound by its terms. The client also acknowledges that it had the opportunity of obtaining professional advice regarding this Agreement at its own will and shall not have any claim regarding the legality and/or reasonable interpretation of the Agreement. Further, both Parties agree that this is the complete and exclusive statement of the Agreement between the Parties, which supersedes and merges all prior proposals, understandings and all other agreements, oral and written, between the Parties relating to this Agreement. This Agreement may not be modified or altered except by written instrument duly executed by both Parties.
13.2. Nothing in this Agreement shall be interpreted as an agreement or provision to the benefit of any third party.
13.3. Any notices or other communications which have to be given by either Party hereto to the other Party shall be made in writing and delivered by first class mail with prepaid postage, or e-mail. Procedure for dispatch and receipt of notices by e-mail shall be as follows: (1) Notices for the Company, shall be sent to the e-mail address email@example.com and notices to the Client, shall be sent to the email address Client indicated above; (2) Acceptance of the notice shall be response received by e-mail.
13.4. Applicable Law; Arbitration: This Agreement will be governed by and construed in accordance with the laws of the state of Israel. The Parties will attempt in good faith to negotiate a settlement to any claim or dispute between them arising out of or in connection with this Agreement. If the Parties fail to agree on the terms of settlement, either side may submit the dispute to confidential arbitration proceedings by a sole arbitrator in the Center for Arbitration and Dispute Resolution in 4 Berkowitz st., Tel Aviv, Israel whose decision shall be made within 30 days and shall be final and binding on both Parties. Arbitration shall be conducted in the English language. This clause explicitly sets exclusive jurisdiction to said arbitration process, and neither party shall be entitled to submit and dispute to the courts of its domicile. Each party shall bear an equal portion of the arbitration expenses.
13.5. Severability: If any provision or provisions of this Agreement shall be held to be invalid, illegal, unenforceable or in conflict with the law of any jurisdiction, the validity, legality and enforceability of the remaining provisions shall not in any way be affected or impaired thereby.
13.6. Client may not assign or sub-license without the prior written consent of Company, Client’s rights, duties, or obligations under this Agreement to any person or entity, in whole or in part.
IN WITNESS WHEREOF, the Company and Client have caused this Agreement to be signed induplicate and delivered by their duly authorized officers as of the Effective Date.
- DATA PROCESSING AGREEMENT (DPA)
14.1. For the purposes of this Agreement, determining the mutual rights and obligations of the Parties relating to the Processing of Personal Data, the Processor will process the Personal Data provided by the Controller solely on behalf of and under the written instructions of the Controller. The purposes of Processing, categories of the Personal Data and Data Subjects are specified in this Agreement.
14.2. The Parties shall not perform their obligations under this Agreement in such a way as to cause the other Party to breach any of its obligations under applicable Legislation.
14.3. The Processor shall only process the Personal Data as set forth in this Agreement, the Controller’s instructions and the applicable Data Protection Legislation.
14.4. Controller hereby authorises the Processor to process the Personal Data only on documented Instructions from the Controller. For the purposes of this Agreement and any other documented instruction sent by the Controller to the Processor during executing this Agreement shall be considered documented instructions of the Controller unless Parties agree otherwise.
14.5. The Processor shall inform the Controller if, in its opinion, the instructions provided by the Controller infringe the applicable Data Protection Legislation. In a case the Processor considers the Controller’s instructions infringe the applicable Data Protection Legislation, the Processor shall not be obliged to follow any such Instructions. The Processor may at any time inform the competent supervisory authority about the instructions, which in its opinion infringe or contradict with the applicable Data Protection Legislation. If the Controller or the competent supervisory authority proves that the contested Controller’s instructions are in line with the applicable Data Protection Legislation, the Processor will continue processing the Personal Data under such Instructions. The Processor will not be responsible for the Personal Data Processing under the incorrect or unlawful instructions.
14.6. For the purposes of Processing specified herein, the Controller authorises the Processor to transfer the Personal Data to the Recipients, including Recipients in the Third Countries, on behalf of the Controller. All claims regarding the legal grounds of the Personal Data Processing that can be obtained by the Processor shall be directly redirected to the Controller.
14.7. The Parties ensure they have implemented all the appropriate technical and organisational measures in such a manner the Personal Data Processing will meet the requirements of the GDPR regarding the protection of rights and interests of the Data Subjects.
14.8. The Controller guarantees that all the Personal Data transferred to the Processor or Processor may obtain access to were received by the Controller from the Data Subject based on the lawful grounds stipulated by the applicable Data Protection Legislation.
14.9. The Controller guarantees that it has informed all the Data Subjects of their Personal Data would be transferred to the Processor. The Controller also guarantee that it has obtained the consent for the Data Subjects to the transfer of the Personal Data to the Processor. When informing the Data Subjects, the Controller provided the Data Subjects with the corporate details of the Processor.
14.10. When Processing the Personal Data, the Processor undertakes to implement and maintain technical, organisational and security measures to ensure the Personal Data Processing complies with this Agreement and the applicable Data Protection Legislation. The Processor will take into consideration the state of the art, the implementation costs, the nature, scope, context and purposes of the Processing, and the risk to the rights and freedoms of natural persons of varying likelihood and severity, to adopt organisational and technical measures for assurance of the availability, integrity and confidentiality of the Personal Data, including as appropriate, the measures referred to in the Art. 32 of the GDPR, prevent unauthorised or accidental access to the Personal Data, their alteration, destruction or loss, unauthorised transmission, other unauthorised purposes of processing, as well as other misuse of the Personal Data.
14.11. Measures taken by the Processor to ensure a proper level of security may include the following preventive actions:
- pseudonymisation of the Personal Data;
- ensuring the ongoing confidentiality, integrity, availability and resilience of the processing systems and the services;
- restoring the availability and access to the Personal Data in a timely manner in the event of a physical or technical incident; and
- regular testing, assessing, and evaluating the effectiveness of technical and organisational measures for ensuring the security of the processing.
14.12. The Processor hereby confirms and ensures that all of its personnel and/or temporary workers, and/or other persons, including but not limited to workers authorised to process the Personal Data have committed themselves to confidentiality or are under an appropriate statutory obligation of confidentiality and will not process the Personal Data for purposes other than those specified in this Agreement.
14.13. The Processor confirms and ensures that all persons authorised by the Processor to process the Personal Data are informed of the confidential nature of the Personal Data. The Processor will take all the reasonable steps to ensure all the persons authorised by the Processor adhere to the applicable Data Protection Legislation and are aware of both the Processor’s liability and their personal liability for incorrect or unlawful Processing.
14.14. Taking into account the nature of the Processing under this Agreement, the Processor will, insofar as this is possible and to the extent the Processor is legally permitted to do so, provide the Controller with all reasonable assistance and cooperation in complying with the obligations imposed by the applicable Data Protection Legislation.
14.15. The Processor shall provide the Controller with an assistance in any event in respect of:
14.15.1. Assistance in respect of protection of the Personal Data. The Processor will, where required, reasonably assist the Controller to ensure a level of security appropriate to the existing risks and to provide the appropriate technical and organisational measures to ensure a proper level of security as specified in the Article 32 GDPR;
14.15.2. Assistance in respect of advising of Data Subjects. The Processor will, where required, reasonably assist the Controller to advise the Data Subjects when the Personal Data Breach is occurred.
14.15.3. Assistance in respect of the fulfilment of the Controller’s obligation to respond to requests for exercising the data subject’s rights. The Processor, taking into account the nature of the Processing, will assist the Controller by appropriate technical and organisational measures, insofar as this is possible, for the fulfilment of the Controller’s obligation to respond to requests for exercising the Data Subjects’ rights laid down in the GDPR. The Processor ensures that it will not respond to any such request except on the documented instructions of the Controller or as required by Applicable Legislation to which the Processor is subject. In this respect, the Processor shall, to the extent permitted by applicable Data Protection Legislation, inform the Controller of that legal requirement before the Processor responds to the request;
14.15.4. Assistance in respect of the DPIA. The Processor, within its capacity and where required, will reasonably assist the Controller to carry out DPIA;
14.15.5. Assistance in respect of the consulting with Supervisory Authority. The Processor, where required, will reasonably assist the Controller while being consulted by the Supervisory Authority if the DPIA carried out earlier indicated unmitigated high risks to the Personal Data Processing.
14.16. The Controller provides a general authorisation to the Processor to use sub-processors for the purposes of this Agreement. The Processor may choose sub-processors at its sole discretion and engage only the sub-processors that comply with the applicable Data Protection Legislation. The Processor remains fully liable to the Controller for the performance of sub- processors’ obligations as for its own obligations specified in this Agreement. On the Controller’s written requests, where reasonably required, the Processor may prepare a list of all the sub-processors engaged by the Processor and make it available to the Controller.
14.17. Where the Processor engages sub-processor for carrying out specific Processing activities on behalf of the Controller, the same data protection obligations as set out in the Agreement shall be imposed on the sub-processors by way of a contract or other legal act under applicable Data Protection Legislation, in particular providing sufficient guarantees to implement appropriate technical and organisational measures in such a manner that the Processing will meet the requirements of the applicable Data Protection Legislation. Where the sub-processor fails to fulfil its data protection obligations, the Processor shall remain fully liable to the Controller for the performance of the sub-processor’s obligations.
14.18. Due to the specific nature of the services provided by the Processor under the Agreement, the Personal Data may be sometimes processed or/and transferred to the Recipients (including sub-processors), which are registered or operate in Third Countries.
14.19. The Processor may transfer Personal Data to the Recipients including sub-processors who are registered or operate in Third Countries, only if one of the following conditions applies:
- there is an applicable decision of the European Commission that states that the Third Country, a territory or one or more specified sectors within that Third Country, where the Personal Data are to be transferred, ensures an adequate level of protection;
- the transfer may take place because the Processor has provided appropriate safeguards according to Art. 46 of the GDPR, and on condition that enforceable data subject rights and effective legal remedies for Data Subjects are available; or
- the derogations for specific situation under Art. 49 of the GDPR apply.
14.20. If the Processor, for the purposes of Processing, requires to transfer the Personal Data to any other Recipient that is registered or operates in Third Countries, the Controller shall immediately provide the Processor with the written instructions regarding the manner the Personal Data to be transferred.
14.21. The Parties agree that they have implemented all the security measures when transferring the Personal Data to Third Countries to ensure the level of security that is equal to the highest standards on the market.
14.22. In case of any information security incident that may lead to an accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, access to, or other breach of the Personal Data transmitted, stored or otherwise processed by the Processor or its sub-processors, the Processor shall immediately initiate an information security incident investigation and notify the Controller of such information security incident without undue delay but not later than during the time limit specified in the GDPR.
14.23. If the Processor or its sub-processor becomes aware of the Data Breach occurred, the Processor will send the Controller an information that the Data Breach occurred along with all other relevant information that the Processor is aware of at the moment of reporting without undue delay after the moment it became aware of it.
14.24. When informing the Controller, the Processor must provide the following minimum information:
- the nature of the incident or Data Breach;
- the Personal Data that are or could be affected;
- the established and expected consequences of the incident or Data Breach on the Personal Data; and
- the measures that were taken by the Processor or proposed to be taken.
14.25. The Processor will take all necessary measures to contain any (potential) damage and will assist the Controller with any notifications to data subjects and/or authorities. The Processor shall assist the Controller with subsequent investigation, mitigation and remediation of each Data Breach according to the Controller’s reasonable needs.
14.26. The Controller shall have the right to conduct an audit (at the Controller’s cost) of the Processor’s organisation to verify Processor’s compliance with its obligations laid down in this Agreement and stipulated by the applicable Data Protection Legislation. The costs of the audit at the Controller’s request are at the Controller’s expense, unless the findings of the audit show that the Processor has failed to comply with the provisions from the Agreement the GDPR.
14.27. The Processor shall, at the Controller’s request, provide the Controller with an access to information to the extent it is necessary to demonstrate Processor’s compliance with the applicable Data Protection Legislation and the Agreement without undue delay, but no later than within thirty (30) calendar days after receiving the Controller’s formal written request. The Processor shall not have to disclose information where the disclosure would have negative impact to its commercial secrets, confidentiality, know-how or intellectual property and/or to rights and freedoms of third parties.
14.28. Processor shall allow the Controller to carry out the audit under the following conditions:
(a) the Controller asks the Processor to carry out the audit via a written notice at least 30 (thirty) days in advance;
(b) the Controller will specify the agenda for such audit in the notification under (a);
(c) the audit shall not take place more often than once per year;
(d) the audit shall not unnecessarily burden the Processor by disturbing its operations.
14.29. The Processor undertakes to duly cooperate with the Controller during the audits, especially to make available to the Controller the documentation and technical assets to the extent it is required and does not violate the rights of the Processor.
14.30. Each Party is liable for its obligations set out in this Agreement and the applicable Data Protection Legislation. As such, each Party (the “Defending Party”) will defend, indemnify, and hold harmless the other Party and/or the other Party’s officers, directors, employees, successors, and agents (together referred to as “Protected Party”) from all claims, damages, liabilities, assessments, costs, administrative fines and other expenses (including, without limitation, reasonable attorneys’ fees and legal expenses) claimed from the Protected Party and arising out of or resulting from any claim, allegation, demand, suit, action, order or any other proceeding by a third party (including supervisory authorities) that arises out of or relates to the violation of the Defending Party’s obligations under the Applicable Legislation.
14.31. The Controller shall bear all the liability for the legality, adequacy and completeness of the Personal Data transferred to and processed by the Processor under this Agreement.
14.32. Effectiveness. This Agreement shall become valid and effective as of day of its acceptance by Client.
14.33. The Processor shall process the Personal Data until the termination of the Agreement, or until otherwise is agreed by the Parties or instructed by the Controller.
14.34. The Processor and all the sub-processors shall return or delete all the Personal Data (and all of their copies) transferred under this Agreement at the discretion of the Controller without undue delay after the termination of this Agreement and/or upon the Controller’s written request unless the Processor is obliged to archive the relevant Personal Data under applicable Data Protection Legislation. In that case, the Processor warrants that it will keep the Personal Data in a confidential manner and will not actively process the Personal Data.
14.35. Personal data processing details:
- Categories of Data Subjects – Subscribers;
- Categories of Personal Data transferred and processed – First name and last name, phone number and email, notes to end-users’ intentions, interests, hobbies, and preferences provided by customers, internal notes to intentions, interests, complaints, preferences generated during the provision of services, recorded calls, call transcriptions, and communication metadata;
- Purposes of Processing – Personal Data is being processed for the purposes of provision of the Services to be provided by the Company under the Agreement;
Processing operations – The Personal Data will be subject to the following basic processing activities by the Processor: collection or retrieval of the Personal Data from the Controller, transmission, storage, erasure or destruction of the Personal Data in order to complete the purposes specified herein.