PowerPack Services for Microsoft Business Applications

Terms of Service for PowerTeam LLC. (DBA PowerObjects)

THESE TERMS OF SERVICE, INCLUDING ANY MODIFICATIONS MADE TO THEM (IN ACCORDANCE WITH SECTION 3.28 OR 3.31 BELOW) FROM TIME TO TIME, CONSTITUTE AN AGREEMENT BETWEEN US AND YOU THAT GOVERNS YOUR ACQUISITION AND USE OF OUR SERVICES.  IF YOU REGISTER FOR A FREE TRIAL FOR OUR SERVICES, THE APPLICABLE PROVISIONS OF THIS AGREEMENT WILL ALSO GOVERN THAT FREE TRIAL.

BY ACCEPTING THIS AGREEMENT, EITHER BY CLICKING A BOX INDICATING YOUR ACCEPTANCE OR BY EXECUTING AN ORDER FORM (AS DEFINED BELOW) THAT REFERENCES THIS AGREEMENT, YOU AGREE TO THE TERMS OF THIS AGREEMENT. IF YOU ARE ENTERING INTO THIS AGREEMENT ON BEHALF OF A COMPANY OR OTHER LEGAL ENTITY, YOU REPRESENT THAT YOU HAVE THE AUTHORITY TO BIND SUCH ENTITY AND ITS AFFILIATES TO THESE TERMS AND CONDITIONS, IN WHICH CASE THE TERMS “YOU” OR “YOUR” SHALL REFER TO SUCH ENTITY AND ITS AFFILIATES. IF YOU DO NOT HAVE SUCH AUTHORITY, OR IF YOU DO NOT AGREE WITH THESE TERMS AND CONDITIONS, YOU MUST NOT ACCEPT THIS AGREEMENT AND MAY NOT USE THE SERVICES. THIS AGREEMENT IS EFFECTIVE BETWEEN YOU AND US AS OF THE EFFECTIVE DATE (AS DEFINED BELOW).

IF ANY PORTION OF THE SERVICES REQUIRES YOU TO REGISTER, YOU MUST COMPLETE THE REGISTRATION PROCESS BY PROVIDING US WITH CURRENT, COMPLETE AND ACCURATE INFORMATION AS PROMPTED BY THE APPLICABLE REGISTRATION FORM. YOU ARE ENTIRELY RESPONSIBLE FOR ANY AND ALL ACTIVITIES THAT OCCUR UNDER YOUR ACCOUNT.  YOU MAY NOT ACCESS THE SERVICES IF YOU ARE OUR DIRECT COMPETITOR, EXCEPT WITH OUR PRIOR WRITTEN CONSENT. IN ADDITION, YOU MAY NOT ACCESS THE SERVICES FOR PURPOSES OF MONITORING THEIR AVAILABILITY, PERFORMANCE OR FUNCTIONALITY, OR FOR ANY OTHER BENCHMARKING OR COMPETITIVE PURPOSES.

1. Introduction

The parties agree that these Terms of Service (“ToS”) govern Customer’s use of the PowerObjects PowerPack Services and set forth their obligations with respect to the processing and security of Your Data and Personal Data by the Services. The parties also agree that, unless a separate Professional Services agreement exists, these ToS govern the provision of Professional Services and the processing and security of Support Data and Personal Data in connection with that provision.  The parties also agree that the separate PowerPacks End User License Agreement (“EULA”) governs the Licensing of the PowerPack Solutions and any Software provided by us to use the Services. Separate terms, including different licensing, privacy and security terms, govern Customer’s use of Non-PowerObjects Products.

2. Definitions

We,” “Us” or “Our” means PowerTeam LLC. DBA PowerObjects, or its Affiliate that is listed in the applicable Order Form.

You” or “Your” means the company or other legal entity for which You are accepting this Agreement, and Affiliates of that company or entity which have signed Order Forms.

Solution” means any of the PowerPack Software Solutions published by Us that are ordered by You under an Order Form or provided to You under a free trial.

Service” means any Online Services made available by Us as part of the PowerPack Solutions that are ordered by You under an Order Form or provided to You under a free trial.

Agreement” means these Terms of Service, as the same may be amended or modified (in accordance with Section 3.28 or 3.31 below) from time to time.

ToS” means these Terms of Service.

EULA” means the PowerPacks End User License Agreement

Brands” means, with respect to either party, the name, trade name, trademarks and icons of such party.

Documentation” means the applicable usage guides and policies, as updated from time to time, accessible via https://www.powerobjects.com or login to the applicable Service.

Effective Date” means the date that You accept this Agreement.

Initial Term” shall have the meaning set forth in Section 3.4 below.

Renewal Term” shall have the meaning set forth in Section 3.4 below.

Term” shall have the meaning set forth in Section 3.4 below.

Order Form” means an ordering document or online order specifying the Services or Solutions to be provided hereunder that is entered into between You and Us or any of Our Affiliates, including any addenda and supplements thereto. By entering into an Order Form hereunder, an Affiliate agrees to be bound by the terms of this Agreement as if it were an original party hereto.

Third-Party Application” means a Web-based, mobile, offline or other software application functionality that is provided by You or a third party and interoperates with a Service.

Instance” means any Microsoft Business Applications service or environment.

Malicious Code” means code, files, scripts, agents or programs intended to damage the operation of another’s computer or property of another, including, for example, viruses, worms, time bombs, cancelbots and Trojan horses.

External User” means a user of an Online Service that is not an employee, onsite contractor, or onsite agent of Customer or its Affiliates.

Beta” means preview, beta or other pre-release features, Solutions, and Services offered by Us for optional evaluation.

Your Data” means all data, including all text, sound, video, or image files, and software, that are provided to Us by You, or on Your behalf of, through use of the Services and Solutions. Your Data does not include Support Data.

Personal Data” means any information relating to an identified or identifiable natural person.  An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

Professional Services” means Our technical support and consulting services (e.g., for data migration) related to any PowerPack Service.

General Data Protection Regulation” or “GDPR” means Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC.

GDPR Terms” means the terms in Section 7 Attachment, under which We make binding commitments regarding its processing of Personal Data as required by Article 28 of the General Data Protection Regulation.

Standard Contractual Clauses” means the standard data protection clauses for the transfer of personal data to processors established in third countries which do not ensure an adequate level of data protection, as described in Article 46 of the GDPR. The Standard Contractual Clauses are in Section 6 Attachment.

Subprocessor” means other processors used by Us to process data.

Support Data” means all data, including all text, sound, video, image files, or software, that are provided to Microsoft by or on behalf of Customer (or that Customer authorizes Microsoft to obtain from an Online Service) through an engagement with Microsoft to obtain technical support for Online Services covered under this agreement.

The terms “data subject”, “processing”, “processor”, and “supervisory authority” as used herein have the meanings given in the GDPR and the terms “data importer” and “data exporter” have the meanings given in the Standard Contractual Clauses.

3. General Services Terms
3.1 Free Trail

If You register for a free trial, We will make one or more Services available to You on a trial basis free of charge until the earlier of:

  • The end of the one (1) month free trial period for which You registered, or
  • The start date of any paid subscriptions ordered by You for such Service(s).

A free trial shall be limited to up to one (1) month. In addition, We may further limit, suspend, or terminate a free trial in Our sole discretion if We believe that Your activities are creating problems, possible legal liabilities, or acting inconsistently with the letter or spirit of this Agreement or Our policies.  Additional free trial terms and conditions (beyond those set forth in this Agreement) may appear on the free trial registration web page. Any such additional terms and conditions are incorporated into this Agreement by reference and are legally binding.

Any data You enter into the PowerPacks during Your free trial will be permanently lost unless You purchase a subscription to the same services as those covered by the free trial or export such data (if applicable) before the end of the free trial period.

Support during the free trial shall not be provided on a 24×7 basis and shall be limited as set forth on Our website. Please review the applicable Service’s Documentation during the Free Trial period so that You become familiar with the features and functions of the Services before You make Your purchase.

NOTWITHSTANDING SECTION 3.12, DURING THE FREE TRIAL THE SERVICES ARE PROVIDED “AS-IS” WITHOUT ANY WARRANTY.

3.2 Services

If You have ordered a paid subscription for Services, We will:

  • Make the subscribed Services available to You pursuant to these Terms of Service and the applicable Order Forms.
  • Provide applicable standard support for the Services to You at no additional charge, and/or upgraded support if purchased, in each case as described on Our website.
  • Use commercially reasonable efforts to make the Services available 24 hours a day, 7 days a week, except for:
    • planned downtime (of which We shall give advance electronic notice as provided in the documentation), and
    • any force majeure event described in Section 15 below.
3.3 Fees and Payments

Our Services are priced on a Per User basis and ALL the users of your Instance(s) MUST be licensed. You agree to pay the subscription fee for all users on your Instance(s). We might, at our sole discretion, make Services available to You for Your Non-Production Instance(s) at no additional cost. This must be requested via Our Support channels once You have subscribed to the Services.

You agree to pay all fees set forth in the Order Forms, for the length of the Term. You will provide Us with valid and updated credit card information (if You are paying by credit card), or with a valid purchase order or alternative document reasonably acceptable to Us. Except as otherwise specified herein or in an Order Form,

  • Fees are based on Services and subscriptions purchased and not actual usage,
  • Payment obligations are non-cancelable, and fees paid are non-refundable, and
  • Quantities purchased cannot be decreased during the relevant Term.

Invoices will be made available to You on or about the first day of each month for that month’s PowerPacks (unless otherwise specified in the Order Forms). Invoices are to be paid within 30 days of the invoice date. If You are paying by credit card, payment for the PowerPacks is on a pre-paid basis and You are charged on a periodic basis, for the PowerPacks and You are responsible for maintaining accurate and current credit card information. If credit card charges for the Services are denied for any reason, use of the PowerPacks may be terminated.

A one and one-half percent (1.5%) monthly service charge (or the highest amount permissible by law, if less) is payable on all overdue balances that are outstanding more than thirty (30) days after the date of the invoice. The service charge is in addition to the overdue balance.

You shall pay or reimburse Us (at Our election) for any costs of collecting any amount past due hereunder, including reasonable attorneys’ fees and collection agency fees.

We reserve the right to increase or modify fees for each Renewal Term for the Services. All fees are exclusive of, and You are responsible for, applicable federal, state, or local sales, use, excise or other applicable taxes, other than taxes on Our net income.  You shall pay or reimburse Us for any such taxes and We may add any such taxes to invoices We submit to You.

You agree that Your subscription for Services is not contingent on the delivery of any future functionality or features, or dependent on any oral or written public comments made by Us or Our agents regarding future functionality or features.

3.4 Term

This Agreement will commence upon the Effective Date and continue for the term set forth in the Order Form (the “Initial Term”) unless terminated earlier pursuant to Section 3.5 below. If no Initial Term is presented during the Registration Process, the Initial Term shall be deemed to commence on the Effective Date and end on the day before the one (1) month anniversary of the Effective Date.

Following the Initial Term, this Agreement shall renew automatically for consecutive periods equivalent to the longer of a) Initial Term or b) calendar month, unless You inform Us in writing at least five (5) days prior to the end of the Term of Your intent to terminate the Agreement upon completion of the Term. Upon request, You shall acknowledge the commencement of each Renewal Term in writing; provided, that failure to acknowledge shall not affect the existence of the Renewal Term.

3.5 Termination

Either party may terminate this Agreement immediately by:

  • Upon written notice to the other party in the event such other party has committed a material breach of this Agreement that remains uncured thirty (30) days after initial written notice of such breach, and
  • If the other party becomes the subject of a petition in bankruptcy or any other proceeding relating to insolvency, receivership, liquidation or assignment for the benefit of creditors.

You may also terminate this Agreement at any time without cause upon by notifying the Company in writing or phone call at least ten (5) days’ prior to the 1st of the month, or you can terminate by going into the Solution and click “Unsubscribe”. Upon receipt of notice of termination from the User, the license and the User’s access to the Service(s) shall expire on the last day of the month

Provided that if such termination without cause occurs during the Initial Term (but not during a Renewal Term), You shall pay to Us an early termination fee in an amount equal to the fees that would be due for Services hereunder for the lesser of (a) six (6) months, and (b) the remainder of the Initial Term.  We will invoice You for such early termination fee upon receipt of Your notice of early termination.

We may also terminate this Agreement immediately if

  • You fail to pay any outstanding invoice and do not cure such failure within five (5) days of the due date, or
  • due to any breach by You of the terms of this Agreement.

If this Agreement is terminated by Us in accordance with this Section, You will pay any unpaid fees covering the remainder of the Term of all Order Forms. In no event will termination relieve You of Your obligation to pay any fees payable to Us for the period prior to the effective date of termination.

Immediately, but in any event within twenty-four (24) hours upon expiration or any termination, You shall remove all materials, tags and code placed on Your website or Instance as part of the Services and Solutions.

3.6 License

So long as You are in full compliance with this Agreement, We grant to You during the Term a limited, revocable, non-exclusive, non-transferable, non-sublicensable license to access and use the Services, and any Solutions (“Software”) provided by Us to access the Services, solely for purposes of (as applicable) communicating with, engaging with and delivering content to, end users.

Immediately, but in any event within twenty-four (24) hours upon expiration or any termination, You shall remove all materials, tags and code placed on Your website or Instance as part of the PowerPacks.

3.7 License to Use Feedback

You grant to Us, Our licensors and Our respective Affiliates a worldwide, perpetual, irrevocable, royalty-free license to use and incorporate into Our, Our licensors and/or Our respective Affiliates’ services any suggestion, enhancement request, recommendation, correction or other feedback provided by You or Users relating to the operation of Our, Our licensor’s or Our respective Affiliates’ Services and Solutions.

Immediately, but in any event within twenty-four (24) hours upon expiration or any termination, You shall remove all materials, tags and code placed on Your website or Instance as part of the PowerPacks.

3.8 License to Host Your Data and Use Third-Party Applications

You grant Us, Our licensors and Our respective Affiliates and applicable contractors a worldwide, limited-term license to host, copy, transmit and display Your Data, and any Third-Party Applications and program code for use by You with the Services, as reasonably necessary for Us and Our licensors to provide the Services in accordance with this Agreement. Subject to the limited licenses granted herein, We acquire no right, title or interest from You or Your licensors under this Agreement in or to any of Your Data, Third-Party Application or such program code.

3.9 Usage Restrictions

You will not

  • modify, decompile, disassemble or reverse engineer, or cause or permit any other party to modify, decompile, disassemble or reverse engineer, Software, and/or Services;
  • sublicense any of Our or Our licensor’s intellectual property to third parties or sell, resell, rent, sublicense or lease the Services or any Solutions to third parties;
  • attempt to gain unauthorized access to any Service or its related systems or networks, or otherwise violate the license grant or restrictions set forth in Section 6 above;
  • use the Services to store or transmit Malicious Code or infringing, libelous, or otherwise unlawful or tortious material, or to store or transmit material in violation of third-party privacy rights;
  • interfere with or disrupt the integrity or performance of the Services or third-party data contained therein;
  • attempt to gain unauthorized access to the Services or their related systems or networks;
  • alter, copy, move or delete any tags or code placed as part of the Services except as provided for in Section 5;
  • place tags on website pages not pre-approved by Us in writing;
  • permit direct or indirect access to or use of any Services in a way that circumvents a contractual usage limit, or use any Services to access or use any of Our or Our licensor’s intellectual property, except as permitted under this Agreement, an Order Form, or the Documentation; or
  • misappropriate any Services or Solutions, or use the Services or Solutions, to create competing products or services, or modify Our or Our licensor’s intellectual property or use any of Our or Our licensor’s intellectual property unless otherwise permitted herein or otherwise agreed to by Us in a signed writing.

Any use of the Services in breach of this Agreement, Documentation or Order Forms, by You or Users that in Our judgment threatens the security, integrity or availability of the Services, may result in Our immediate suspension of the Services.

3.10 Compliance with this Agreement and Laws

You shall

  • as required by applicable law, provide notice to Your customers and obtain consent if required for use of the Services or any related technology (such as, regarding monitoring features), in Your privacy policy and as otherwise required;
  • be responsible for Your employees, subcontractors, representatives and agents that use the Services provided hereunder;
  • comply with any limitations or restrictions agreed between the parties; and
  • use the Services in compliance with all applicable laws, rules and regulations.
3.11 Confidential Information

We and You understand and agree that in connection with the negotiation and performance of this Agreement, each party may have had or gain access to or may have been or be exposed to, directly or indirectly, private or confidential information of the other party, including, but not limited to, trade secrets, computer programs and code, scripts, algorithms, features and modes of operation, inventions (whether or not patentable), techniques, processes, methodologies, schematics, testing procedures, software design and architecture, design and function specifications, analysis and performance information, documentation, details of its products and services, know-how, ideas, and technical, business, financial or marketing information, models, pricing, plans and strategies, as well as names and expertise of, and information relating to, vendors, employees, consultants, customers and prospects and any other information that the receiving party reasonably should know is confidential t reasonably should be understood to be confidential given the nature of the information and the circumstances of disclosure (“Confidential Information”).

Each party agrees to hold and treat all Confidential Information of the other party in confidence and will protect the Confidential Information using reasonable efforts, but in any event not less than the same degree of care as such party uses to protect its own Confidential Information of like nature.

The Confidential Information will not, without the prior written consent of the other party, be disclosed to any third party except that the receiving party may disclose the Confidential Information or portions thereof to

  • its directors, officers, employees, subcontractors, agents and representatives on a need-to-know basis, so long as each such recipient agrees to be bound in writing to maintain the confidentiality of such information upon terms no less restrictive than those set forth herein, or;
  • as may be required by law, applicable regulation or judicial process, provided, however, that if the receiving party is required to disclose such Confidential Information under this clause (b), the receiving party shall promptly notify the disclosing party, in writing, of such pending disclosure and consult with the disclosing party prior to such disclosure as to the advisability of seeking a protective order or other means of preserving the confidentiality of the Confidential Information.

Notwithstanding anything contained herein to the contrary, Confidential Information does not include any information that

  • at the time of the disclosure or thereafter is lawfully obtained from publicly available sources generally known by the public (other than as a result of a disclosure by the receiving party or its representatives);
  • is available to the receiving party on a non-confidential basis from a source that is not and was not bound by a confidentiality agreement with respect to the Confidential Information, or;
  • has been independently acquired or developed by the receiving party without violating its obligations under this Agreement or under any federal or state law, and without using any Confidential Information.

This Section shall supersede any previous agreement relating to confidential treatment and/or non-disclosure of Confidential Information; provided, however, that any information disclosed pursuant to that earlier agreement shall be deemed to be Confidential Information and protected under the terms of this Agreement as if this Agreement had been in place at the time of such disclosures.

3.12 Warranties

You represent and warrant that

  • You have the right to enter into this Agreement and perform Your obligations hereunder in the manner contemplated by this Agreement and the person accepting this Agreement has the power and authority to bind You,
  • This Agreement does not and shall not during the Term conflict with any other agreement entered into by You,
  • use of the Services (or any results of the Services, including but not limited to the collection of any customer data) by You will not violate any applicable law or Your privacy policy, and
  • You own (or have been duly licensed to use) all rights in Your Brands required in order to grant the licenses granted herein.

We represent and warrant that the Services will conform substantially to the description of them contained in the applicable Documentation. This limited warranty is subject to the following limitations:

  • it applies only during the Term (“Warranty Period”);
  • any implied warranties, guarantees, or conditions not able to be disclaimed as a matter of law will last only during the Warranty Period;
  • this limited warranty does not cover problems caused by accident, abuse or use of the Services in a manner inconsistent with this Agreement, or resulting from events beyond Our reasonable control;
  • this limited warranty does not apply to problems caused by the failure to meet minimum system requirements; and
  • this limited warranty does not apply to downtime or other interruption in access to the Services.

If You notify Us within the Warranty Period that a Service does not meet the limited warranty, then We will, at Our option, either

  • return the amount paid for the Service during (i) the Term or (ii) the three (3) month prior to delivery of notice to Us, whichever is less, or;
  • update such Service to make it conform. These are Your only remedies for breach of the limited warranty, unless other remedies are required to be provided under applicable law.

DURING ANY FREE TRIAL THE SERVICE(S) IS PROVIDED “AS-IS” WITHOUT ANY WARRANTY.

EXCEPT AS EXPRESSLY PROVIDED HEREIN, NEITHER PARTY MAKES ANY WARRANTY OF ANY KIND, WHETHER EXPRESS, IMPLIED, STATUTORY OR OTHERWISE, AND EACH PARTY SPECIFICALLY DISCLAIMS ALL IMPLIED WARRANTIES, INCLUDING ANY IMPLIED WARRANTY OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE OR NON-INFRINGEMENT, TO THE MAXIMUM EXTENT PERMITTED BY APPLICABLE LAW. WE DO NOT WARRANT, GUARANTEE OR MAKE ANY REPRESENTATIONS REGARDING THE USE, THE RESULTS OF THE USE OR THE BENEFITS OF THE SERVICE(S), OR ANY INFORMATION CONTAINED THEREIN OR OTHERWISE PROVIDED PURSUANT TO THIS AGREEMENT.

WE DO NOT WARRANT THAT THE SERVICE(S) ARE ERROR-FREE, THAT THEIR OPERATION WILL BE UNINTERRUPTED, OR THAT SERVICE(S) WILL MEET ANY PARTICULAR USER REQUIREMENTS. WITHOUT LIMITING THE GENERALITY OF THE FOREGOING, THE COMPANY MAKES NO WARRANTY AND PROVIDES NO ASSURANCE THAT THE SERVICES(S) WILL MEET CERTIFICATION REQUIREMENTS OF ANY REGULATORY AUTHORITY OR OTHER ASSOCIATION LICENSING AGENCY, WITHIN OR OUTSIDE OF THE UNITED STATES

OUR PERSONNEL ARE NOT AUTHORIZED TO MAKE ANY EXPANSION, MODIFICATION OR ADDITION TO THIS LIMITATION OR THE EXCLUSION OF WARRANTIES IN THIS AGREEMENT. OUR EXPRESS WARRANTIES WILL NOT BE ENLARGED, DIMINISHED OR AFFECTED BY, AND NO OBLIGATION OR LIABILITY WILL ARISE OUT OF, OUR RENDERING TECHNICAL OR OTHER ADVICE IN CONNECTION WITH THE SERVICE(S).

3.13 Limitation of Liability

EXCEPT FOR YOUR LIABILITY ARISING OUT OF YOUR USE OF THE SERVICES OR SOFTWARE IN VIOLATION OF SECTIONS 3.6, 3.9 OR 3.10 ABOVE, OR FOR EITHER PARTY’S LIABILITY ARISING OUT OF A VIOLATION OF SECTION 3.11 ABOVE, IN NO EVENT SHALL EITHER PARTY BE LIABLE FOR ANY INDIRECT, INCIDENTAL, SPECIAL, CONSEQUENTIAL OR PUNITIVE DAMAGES, INCLUDING BUT NOT LIMITED TO LOST PROFITS, LOSS OR DELAY OF USE, LOSS OF BUSINESS, LOSS OF REVENUE, OR LOSS OF DATA, ARISING OUT OF OR IN RELATION TO THIS AGREEMENT OR THE SERVICES. NEITHER PARTY SHALL BE LIABLE FOR ANY ACTS OR OMISSIONS OF THIRD PARTIES.

IN NO EVENT SHALL WE BE LIABLE FOR ANY CAUSE OR CLAIM WHATSOEVER ARISING OUT OF OR RELATED TO THIS AGREEMENT IN EXCESS OF THE AMOUNTS WE HAVE BEEN PAID HEREUNDER DURING THE TWELVE (12) MONTH PERIOD IMMEDIATELY PRECEDING THE DATE ON WHICH THE CAUSE OF ACTION AROSE.

THE FOREGOING LIMITATIONS AND EXCLUSIONS WILL APPLY REGARDLESS OF WHETHER THE CAUSE OF ACTION ARISES IN CONTRACT, IN TORT OR OTHERWISE AND NOTWITHSTANDING THE FAILURE OF THE ESSENTIAL PURPOSE OF ANY REMEDY OR NEGLIGENCE. IN THE EVENT THAT APPLICABLE LAW DOES NOT ALLOW THE LIMITATION OF LIABILITY AS SET FORTH ABOVE, THESE LIMITATIONS WILL BE DEEMED MODIFIED SOLELY TO THE EXTENT NECESSARY TO COMPLY WITH APPLICABLE LAW.

YOU EXPRESSLY ACKNOWLEDGE AND AGREE THAT WE HAVE SET OUR PRICES AND ENTERED INTO THIS AGREEMENT IN RELIANCE UPON THE LIMITATIONS OF LIABILITY SPECIFIED HEREIN, WHICH ALLOCATE THE RISK BETWEEN US AND YOU AND FORM A BASIS OF THE BARGAIN BETWEEN THE PARTIES.

3.14 Indemnity

We will defend You against any claim, demand, suit or proceeding made or brought against You by a third party alleging that any Service infringes or misappropriates such third-party’s intellectual property rights (a “Claim Against You”), and will indemnify You from any damages, attorney fees and costs finally awarded against You as a result of, or for amounts paid by You under a settlement approved by Us in writing of, a Claim Against You, provided You

  • promptly give Us written notice of the Claim Against You,
  • give Us sole control of the defense and settlement of the Claim Against You (except that We may not settle any Claim Against You unless it unconditionally releases You of all liability), and
  • give Us all reasonable assistance, at Our expense.

If We receive information about an infringement or misappropriation claim related to a Service, We may, in Our discretion and at no cost to You, (i) modify the Services so that they are no longer claimed to infringe or misappropriate, without breaching Our warranties under Section 13(b) above, (ii) obtain a license for Your continued use of that Service in accordance with this Agreement, or (iii) terminate Your subscriptions for that Service upon thirty (30) days’ written notice and refund You any prepaid fees covering the remainder of the term of the terminated subscriptions. The above defense and indemnification obligations do not apply to the extent a Claim Against You arises from Your Data, or Your use of the Services in violation of this Agreement, the Documentation or applicable Order Forms.

You will defend Us against any claim, demand, suit or proceeding made or brought against Us by a third party alleging that any of Your Data infringes or misappropriates such third-party’s intellectual property rights, or arising from Your use of the Services or Software in violation of the Agreement, the Documentation, the Order Forms or applicable law (each a “Claim Against Us”), and You will indemnify Us from any damages, attorney fees and costs finally awarded against Us as a result of, or for any amounts paid by Us under a settlement approved by You in writing of, a Claim Against Us, provided We (a) promptly give You written notice of the Claim Against Us, (b) give You sole control of the defense and settlement of the Claim Against Us (except that You may not settle any Claim Against Us unless it unconditionally releases Us of all liability), and (c) give You all reasonable assistance, at Your expense.

This Section 3.14 states the indemnifying party’s sole liability to, and the indemnified party’s exclusive remedy against, the other party for any type of intellectual property infringement or misappropriation claim described in this Section 3.14.

3.15 Force Majeure

The parties shall not be liable to each other or any other person for any delay or failure in the performance of this Agreement (other than payment obligations) or for loss or damage of any nature whatsoever suffered by such party due to disruption or unavailability of communication facilities, utility or Internet service provider failure or delay, denial of service attack, acts of war, acts of terrorism, acts of vandalism, lightning, fire, strike, unavailability of energy sources or any other causes beyond the party’s reasonable control.

3.16 Login

You shall maintain Your login name(s) and password(s) for the Services, if any, in confidence and shall not share the login information with any third party. You shall be responsible for any and all activity on the login, regardless of whether such activity was performed or approved by You.

3.17 Independent Applications

From time to time, third-party software applications, plug in or other add-on online applications that integrate, interoperate or interact with Our Services (“Applications”) may become available. If You choose to install, access or enable an Application, You agree that the Third-Party Application provider may acquire access to Your account data and information data as required for the interoperation or integration of such Application and Applications are not maintained, monitored, tested, controlled, endorsed, provided, verified, validated or reviewed by Us.

Accordingly, such Applications are governed by their own terms and conditions and are not considered Services under this Agreement. You assume full responsibility for any damages, losses, costs, or harms arising from the use of or inability to use such Applications.

To the extent permitted by law, We disclaim all liabilities with respect to Your use of or inability to use such Applications and the performance or non-performance of such Applications (including direct, indirect, incidental, punitive or consequential damages).

We have no obligation to monitor such Applications and do not control or endorse the content, messages or information found in such Applications and specifically disclaim any liability with regard to such content, messages or information. We do not monitor or control the limitations, suspension or termination of such Applications and specifically disclaims any liability with regard to such limitations, suspension or termination.

3.18 Beta Solutions

From time to time, We may make services or functionality available to You to try at Your option at no additional charge, which is clearly designated as beta, pilot, limited release, developer preview, non-production, evaluation, or by a similar description (collectively, “Beta Services”).

You may choose to try such Beta Services or not in Your sole discretion. Beta Services are intended for evaluation purposes and not for production use, are not supported, and may be subject to additional terms. Beta Services are not considered “Services” under this Agreement, however, all restrictions, Our reservation of rights and Your obligations concerning the Services, and use of any related Applications, shall apply equally to Your use of Beta Services.

Unless otherwise stated, any Beta Services trial period will expire upon the earlier of one year from the trial start date or the date that a version of the Beta Services becomes generally available without the applicable Beta Services designation. We may discontinue Beta Services at any time in Our sole discretion and may never make them generally available.

WE OFFER BETA SERVICES “AS-IS” AND WILL HAVE NO LIABILITY FOR ANY HARM OR DAMAGE ARISING OUT OF OR IN CONNECTION WITH A BETA SERVICE.

3.19 Other Information

You acknowledge that

  • non-personally identifiable data, transcripts and information generated by the Services may be used by Us and Our licensors and contractors for purposes such as, but not limited to, troubleshooting, optimization and tuning, system improvements, customer support and reporting, and
  • We and Our licensors and contractors and service providers may, in Our and their sole discretion, review, modify, relocate, remove or otherwise eliminate any content or other material sent through or otherwise included in the Services by a User or anyone on behalf of or for the benefit of a User in the event such content is not in compliance the terms or conditions of this Agreement.
3.20 Misuse of Communications

The Services contain message and communication facilities designed to enable You to communicate with others. You agree to use the Services only to post, send, and receive messages and material that are proper and permitted by applicable law. By way of example, and not as a limitation, You agree that when using the Services, You will not

  • violate any law, statute, ordinance or regulation,
  • violate any patent, trademark, trade secret, copyright, right to privacy, publicity, or other proprietary right of any party,
  • reverse engineer, decompile, disassemble or translate or otherwise attempt to derive the source code of any part of Our or Our contractor’s systems,
  • use the Services in connection with contests, pyramid schemes, chain letters, junk email, spamming or any duplicative or unsolicited messages (commercial or otherwise) or to commit fraud,
  • defame, abuse, harass, stalk, threaten or otherwise violate the legal rights (such as rights of privacy and publicity) of others,
  • send or otherwise make available any inappropriate, profane, defamatory, obscene, abusive, racist, indecent or unlawful topic, name, material or information,
  • send or otherwise make available any information or material that may constitute or encourage conduct that is a criminal offense or civil wrong (e.g., insider trading information about a company or proprietary or confidential information of a third party),
  • impersonate any person or entity or make any false statements regarding any agency or affiliation with any entity or create a false identity,
  • send, or otherwise make available files that contain images, photographs, software or other data or material protected by copyright, trademark, trade secret or other intellectual property laws (or by rights of privacy or publicity) unless You own or control the rights thereto or have received all necessary consent to do the same,
  • use any material or information, including images or photographs, which are made available through the Services in any manner that infringes any copyright, trademark, patent, trade secret, or other intellectual property right of any party,
  • send files that contain Malicious Code,
  • falsify or delete any copyright management information, such as author attributions, legal or other proper notices or proprietary designations or labels of the origin or source of software or other material that is sent, or
  • provide material support or resources (or conceal or disguise the nature, location, source or ownership of material support or resources) to any organization designated as a foreign terrorist organization by the U.S. government.

We have no obligation to monitor the Services. However, We reserve the right to review materials sent through the Services and to remove any materials in Our sole discretion.

We do not control or endorse the content, messages or information found in any Services and, therefore, We specifically disclaim any liability with regard to such content, messages or information.

Without limiting other remedies, We may limit, suspend, or terminate the Services and Your accounts, delay or remove Your content, or use other technical and legal measures to stop You from causing harm, if We believe that Your activities are creating problems, possible legal liabilities, or acting inconsistently with the letter or spirit of this Agreement or Our policies.

3.21 Export Compliance

The Services and other technology We make available, and derivatives thereof may be subject to export laws and regulations of the United States and other jurisdictions. Each party represents that it is not named on any U.S. government denied-party list. You shall not permit Users to access or use any Service or Content in a U.S. embargoed country (currently Cuba, Iran, North Korea, Sudan, Syria or Crimea) or in violation of any U.S. export law or regulation.

3.22 Waiver

No failure to enforce any term of this Agreement shall constitute a waiver of such term in the future unless such waiver so provides by its terms.

3.23 Severability

If any provision of this Agreement is held to be invalid or unenforceable, the remaining provisions of this Agreement will remain in full force and the unenforceable provision shall be interpreted so as to render it enforceable while approximating the parties’ intent as closely as possible.

3.24 Entire Agreement; Order of Precedence

This End User License Agreement is the entire agreement between You and Us regarding Your use of Our Solutions and supersedes all prior and contemporaneous agreements, proposals or representations, written or oral, concerning its subject matter. Except as otherwise provided in Section 3.31 below, no modification, amendment, or waiver of any provision of this Agreement will be effective unless in writing and signed/accepted by the party against whom the modification, amendment or waiver is to be asserted. The parties agree that any term or condition stated in Your purchase order or in any other of Your order documentation (excluding Order Forms) is void. In the event of any conflict or inconsistency among the following documents, the order of precedence shall be: (1) the applicable Order Form, (2) this Agreement, and (3) the Documentation.

3.25 Governing Law, Jurisdiction and venue

This Terms of Service shall for all purposes be governed by and interpreted in accordance with the laws of the State of Minnesota as those laws are applied to contracts entered into, and to be performed entirely in Minnesota by Minnesota residents. Any legal suit, action or proceeding arising out of, or relating to this Agreement, shall be commenced in a federal court in Minneapolis, Minnesota or in state court in Hennepin County, Minnesota, and each party hereto irrevocably submits to the personal and exclusive jurisdiction and venue of any such court in any such suit, action or proceeding and waives any right which it may have to transfer or change the venue of any such suit, action or proceeding, except that in connection with any suit, action or proceeding commenced in a state court, each party retains the right to remove such suit, action or proceeding to federal court to the extent permissible.

3.26 High Risk Activities

The services are not fault-tolerant and are not designed or intended for use or resale as on-line control equipment or in hazardous environments requiring fail-safe performance, such as in the operation of nuclear facilities, aircraft navigation or aircraft communication systems, mass transit, air traffic control, direct life support machines, dedicated emergency call handling systems (e.g. In connection with an emergency 911 call center, as opposed to a voip application that processes calls which include emergency 911 calls) or weapons systems, in which the failure of a product could lead directly to death, personal injury, or severe physical or environmental damage (“high risk activities”).

If You use a service for high risk activities, You do so at Your own risk and You assume all responsibility and liability for such use to. You agree that We, Our affiliates, Our successors and all of their respective officers, directors, employees, licensors, suppliers and authorized providers will not be liable for any claims or damages arising from or related to use of the services for high risk activities to the maximum extent such limitation or exclusion is permitted by applicable law.

3.27 Miscellaneous

We have the right to discontinue the Services at any time through notice to You at Our sole discretion.

This Agreement shall be binding and shall inure to the benefit of the parties hereto and their respective successors and permitted assigns.

This Agreement (including the Order Forms) may not be assigned by You (whether by operation of law or otherwise) without Our prior written consent, such consent not to be unreasonably withheld.  We may assign this Agreement (including the Order Forms) without Your consent or notice to You.

No failure by either party to exercise or enforce any rights under this Agreement shall act as a waiver of such rights.

The parties are independent contractors. This Agreement does not create a partnership, franchise, joint venture, agency, fiduciary or employment relationship between the parties.

If any provision of this Agreement is held to be invalid or unenforceable, the remaining provisions of this Agreement will remain in full force and the unenforceable provision shall be interpreted so as to render it enforceable while approximating the parties’ intent as closely as possible.

3.28 Modifications

Modifications to this agreement may be made by Us at any time. The modified agreement will be effective immediately upon posting on Our website and You agree to the new posted agreement by continuing the use of the services. We will use reasonable efforts to notify You of modifications that are material to Your use of the Solutions, which notice may be provided by email or a notification posted to Your account. If You do not agree with the modified agreement, Your only remedy is to (a) discontinue using the services and related software, as well as any free trial (if applicable), and (b) terminate this agreement in accordance with its terms, in which case We shall refund to You any prepaid fees. The headings in this agreement are for purposes of reference only and shall not limit or otherwise affect the meaning hereof.

3.29 Notices

All notices under this Agreement must be given in writing and delivered either by hand, e-mail (receipt confirmed in the case of notices from You to Us), certified mail (return receipt requested, postage pre-paid), facsimile (with evidence of a successful transmission), or nationally recognized overnight delivery service. All delivery charges pre-paid. Notices from Us to You shall be provided to the contact information We have on file for You.

Notices from You to Us shall be provided to PowerTeam LLC., 718 Washington Ave N, Suite #101
Minneapolis, MN 55401, United States of America. Attn: Chief Financial Officer or if by email, to support@hcl-powerobjects.com. All such notices to Us shall be effective on the date actually received, or in the case of mailed notices, three (3) business days (or seven (7) business days in the case of an international mailing) after such mailing.

The above addresses/contact information may be changed at any time by giving prior written notice as above provided.

4. Data Protection Terms
4.1 Scope

The terms in this section (“Data Protection Terms”) apply to all Services.

Beta Services may employ lesser or different privacy and security measures than those typically present in the Services. Unless otherwise noted, Beta Services are governed by the Section 3.18 of the Terms of Service, and You should not use Beta Services to process Personal Data or other data that is subject to legal or regulatory compliance requirements.  The following terms in this section (“Data Protection Terms”) do not apply to Beta Services:  Processing of Personal Data; GDPR and Data Security.

Section 5 includes the terms that apply to Professional Services, including privacy and security of Support Data and Personal Data in connection with the provision of those services. Therefore, unless expressly made applicable in Section 5, the terms in this section (“Data Protection Terms”) do not apply to the provision of Professional Services.

4.2 Processing of Your Data; Ownership

Your Data will be used or otherwise processed only to provide You the Online Services including purposes compatible with providing those services. We will not use or otherwise process Your Data or derive information from it for any advertising or similar commercial purposes. As between the parties, You retain all right, title and interest in and to Your Data. We acquire no rights in Your Data, other than the rights You grant to Us to provide the Services to You. This paragraph does not affect Our rights in software or services We licenses to You.

4.3 Disclosure of Your Data

We will not disclose Your Data outside of PowerObjects or its controlled subsidiaries and affiliates except (1) as You direct, (2) as described in the Terms of Service, or (3) as required by law.

We will not disclose Your Data to law enforcement unless required by law. If law enforcement contacts Us with a demand for Your Data, We will attempt to redirect the law enforcement agency to request that data directly from You. If compelled to disclose Your Data to law enforcement, We will promptly notify You and provide a copy of the demand unless legally prohibited from doing so.

Upon receipt of any other third-party request for Your Data, We will promptly notify You unless prohibited by law. We will reject the request unless required by law to comply. If the request is valid, We will attempt to redirect the third party to request the data directly from You.

We will not provide any third party: (a) direct, indirect, blanket or unfettered access to Your Data; (b) platform encryption keys used to secure Your Data or the ability to break such encryption; or (c) access to Your Data if We are aware that the data is to be used for purposes other than those stated in the third-party’s request.

In support of the above, We may provide Your basic contact information to the third party.

4.4 Processing of Personal Data; GDPR

Personal Data provided to Us by You, or on Your behalf of, through use of the Services is also Your Data. Pseudonymized identifiers may also be generated through Your use of the Services and are also Personal Data. To the extent We are a processor or subprocessor of Personal Data subject to the GDPR, the GDPR Terms in Section 7 govern that processing and the parties also agree to the following terms in this sub-section (“Processing of Personal Data; GDPR”):

4.4.1 Processor and Controller Roles and Responsibilities

You and Us agree that You are the controller of Personal Data and We are the processor of such data, except when

  • You act as a processor of Personal Data, in which case Microsoft is a subprocessor or;
  • stated otherwise in the Service-specific terms.

We will process Personal Data only on documented instructions from You. You agree that our PowerPacks End User Licensing Agreement and Terms of Service along with Your use and configuration of features in the Services and Solutions are Your complete and final documented instructions to Us for the processing of Personal Data. Any additional or alternate instructions must be agreed to according to the process for amending this agreement.  In any instance where the GDPR applies and You are a processor, You warrant to Us that Your instructions, including appointment of Us as a processor or subprocessor, have been authorized by the relevant controller.

4.4.2 Processing Details

The parties acknowledge and agree that:

  • The subject-matter of the processing is limited to Personal Data within the scope of the GDPR;
  • The duration of the processing shall be for the duration of Your right to use the Online Service and until all Personal Data is deleted or returned in accordance with Your instructions or the terms of this Agreement;
  • The nature and purpose of the processing shall be to provide the Services pursuant to Your License;
  • The types of Personal Data processed by the Services include those expressly identified in Article 4 of the GDPR; and
  • The categories of data subjects are Your representatives and end users, such as employees, contractors, collaborators, and customers.

4.4.3 Data Subject Rights; Assistance with Requests

We will make available to You in a manner consistent with the functionality of the Service and Our role as a processor Personal Data of data subjects and the ability to fulfill data subject requests to exercise their rights under the GDPR. We shall comply with reasonable requests by You to assist with Your response to such a data subject request. If Microsoft receives a request from Your data subject to exercise one or more of its rights under the GDPR in connection with a Service for which We are a data processor or subprocessor, We will redirect the data subject to make its request directly to You. You will be responsible for responding to any such request including, where necessary, by using the functionality of the Service. We shall comply with reasonable requests by You to assist with Your response to such a data subject request.

4.4.4 Records of Processing Activities

We shall maintain all records required by Article 30(2) of the GDPR and, to the extent applicable to the processing of Personal Data on behalf of You, make them available to You upon request.

4.5 Data Security

Taking into account the state of the art, the costs of implementation and the nature, scope, context and purposes of Processing as well as the risk of varying likelihood and severity for the rights and freedoms of natural persons, We shall in relation to Personal Data implement appropriate technical and organizational measures to ensure a level of security appropriate to that risk, including, as appropriate, the measures referred to in Article 32(1) of the GDPR.

In assessing the appropriate level of security, We shall take account in particular of the risks that are presented by Processing, in particular from a Personal Data Breach.

4.5.1 Security Practices and Policies

We will implement and maintain appropriate technical and organizational measures to protect Your Data and Personal Data.  Those measures shall be set forth in our Security Policy. We will make that policy available to You, along with descriptions of the security controls in place for the Services and other information reasonably requested by You regarding Our security practices and policies.

4.5.2 Your Responsibilties

You are solely responsible for making an independent determination as to whether the technical and organizational measures for a Service meets Your requirements, including any of its security obligations under the GDPR or other applicable data protection laws and regulations. You acknowledge and agree that (taking into account the state of the art, the costs of implementation, and the nature, scope, context and purposes of the processing of its Personal Data as well as the risks to individuals) the security practices and policies implemented and maintained by Us provide a level of security appropriate to the risk with respect to its Personal Data. You are responsible for implementing and maintaining privacy protections and security measures for components that You provide or controls (such as your devices or Instances).

4.6 Security Incident Notification

If We become aware of a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to Your Data or Personal Data while processed by Us (each a “Security Incident”), We will promptly and without undue delay (1) notify You of the Security Incident; (2) investigate the Security Incident and provide You with detailed information about the Security Incident; (3) take reasonable steps to mitigate the effects and to minimize any damage resulting from the Security Incident.

Notification(s) of Security Incidents will be delivered to one or more of Your contacts as configured on each applicable Service by any means We select, including via email. It is Your sole responsibility to ensure Your contacts maintain accurate contact information on each applicable Services configuration. You are solely responsible for complying with Your obligations under incident notification laws applicable to You and fulfilling any third-party notification obligations related to any Security Incident.

We shall make reasonable efforts to assist Customer in fulfilling Your obligation under GDPR Article 33 or other applicable law or regulation to notify the relevant supervisory authority and data subjects about such Security Incident.

Our obligation to report or respond to a Security Incident under this section is not an acknowledgement by Us of any fault or liability with respect to the Security Incident.

You must notify Us promptly about any possible misuse of Your accounts or authentication credentials or any security incident related to a Service.

4.7 Data Transfes and Location

4.7.1 Data Transfers

Except as described elsewhere in the Terms of Service, Your Data and Personal Data that We processes on Your behalf may be transferred to, and stored and processed in, the United States or any other country in which We or Our Subprocessors operate. You appoint Us to perform any such transfer of Your Data and Personal Data to any such country and to store and process Your Data and Personal Data as required to provide the Services.

All transfers of Your Data out of the European Union, European Economic Area, and Switzerland by the Services shall be governed by the Standard Contractual Clauses in Section 6, unless You have opted out of those clauses.

We will abide by the requirements of European Economic Area and Swiss data protection law regarding the collection, use, transfer, retention, and other processing of Personal Data from the European Economic Area and Switzerland. All transfers of Personal Data to a third country or an international organization will be subject to appropriate safeguards as described in Article 46 of the GDPR and such transfers and safeguards will be documented according to Article 30(2) of the GDPR.

4.7.2 Location of Your Data at Rest

For the Services, We will store Your Data at rest within certain major geographic areas (each, a Geo). When You configure a Service, You select an available Geo where Your Data at rest will be stored. We will not transfer the Your Data outside of Your selected Geo except as authorized by You for Support purposes.

We do not control or limit the regions from which You or Your end users may access or move Your Data.

4.8 Data Retention and Deletion

Our Services store and make Your Data available as detailed on each Service documentation. We do not permanently store any Personal Data as part of Our Services. All Personal Data processed as part of Our Services is kept for a maximum of 30 days, or until completely processed by the Service and transferred to your Instance. After that, Personal Data is deleted from Our Services and cannot be recovered.

At all times during the term of Your subscription, You will have the ability to access, extract and delete Your Data stored in each Service. Except for free trials, We will retain Your Data that remains stored in Our Services in a limited function account for 30 days after expiration or termination of Your subscription so that You may extract the data. After the 30-day retention period ends, We will delete Your Data, unless We are permitted or required by applicable law to retain such data or authorized in this agreement.

THE SERVICE MAY NOT SUPPORT RETENTION OR EXTRACTION OF SOFTWARE PROVIDED BY YOU. WE HAVE NO LIABILITY FOR THE DELETION OF YOUR DATA OR PERSONAL DATA AS DESCRIBED IN THIS SECTION.

4.9 Processor Confidentiality Commitment

We will ensure that our personnel engaged in the processing of Your Data and Personal Data (i) will process such data only on instructions from You, and (ii) will be obligated to maintain the confidentiality and security of such data even after their engagement ends.

4.10 Notice and Controls on use of Subprocessors

We may hire third parties to provide certain limited or ancillary services on our behalf. You consent to the engagement of these third parties and Our Affiliates as Subprocessors.

The above authorizations will constitute Your prior written consent to the subcontracting by Us of the processing of Your Data and Personal Data if such consent is required under the Standard Contractual Clauses or the GDPR Terms.

We are responsible for our Subprocessors compliance with Our obligations in these Terms of Service. When engaging any Subprocessor, We will ensure via a written contract that the Subprocessor may access and use Your Data or Personal Data only to deliver the services We have retained them to provide and is prohibited from using Your Data or Personal Data for any other purpose. We will ensure that Subprocessors are bound by written agreements that require them to provide at least the level of data protection required of Us by this Agreement.

You consent to the use of those Subprocessors already engaged by Us or Our Affiliates at the Effective Date of this Agreement. From time to time, We may engage new Subprocessors. We will give You notice of any new Subprocessor at least 14-days in advance of providing that Subprocessor with access to Your Data or Personal Data. If You do not approve of a new Subprocessor, then You may terminate any subscription for the affected Service without penalty by providing, before the end of the relevant notice period, written notice of termination that includes an explanation of the grounds for non-approval. After termination, We will remove payment obligations for any subscriptions for the terminated Service from subsequent invoices to You.

4.11 How to Contact Us

If You believe that We are not adhering to Our privacy or security commitments, You may contact customer support by e-mailing  support@hcl-powerobjects.com, phone us on (+1)866-770-3355 or mail us:

PowerObjects
Attn: Chief Information Officer
718 Washington Ave N, Suite #101
Minneapolis, Minnesota 55401 USA

5. Professional Services Terms

Professional Services are provided subject to the “Professional Services Terms” below. If, however, Professional Services are included in a separate agreement, then the terms of that separate agreement will apply.

The Professional Services to which this section applies are not PowerPack Services, and the rest of the Terms of Service, as well as any data processing terms, do not apply unless expressly made applicable by the Professional Services Terms below.

5.1 Support Data

5.1.1 Processing of Support Data

Support Data will be used and otherwise processed only to provide You with technical support, including purposes compatible with providing technical support. We will not use or otherwise process Support Data or derive information from it for advertising or similar commercial purposes without Your permission. As between the parties, You retain all right, title and interest in and to Support Data. We acquires no rights in Support Data, other than the rights You grants to Us to provide support to You.  This paragraph does not affect Our rights in software or services We licenses to You.

5.1.2 Processing of Personal Data included in Support Data; GDPR

Personal Data provided to Us by You, or on Your behalf of, in connection with the provision of technical support is also Support Data. To the extent We are a processor or subprocessor of Personal Data subject to the GDPR, the GDPR Terms in Section 7 Attachment govern that processing and the parties also agree to the following terms in this sub-section (“Processing of Personal Data included in Support Data; GDPR”):

5.1.2.1 Processor and Controller Roles and Responsibilities

You and Us agree that You are the controller of Personal Data included in Support Data and We are the processor of such data, except when You acts as a processor of Personal Data, in which case We are a subprocessor.  However, You and Us agree that We are the data controller for business contact information or other Personal Data that may be collected at the same time as Support Data but is needed to maintain the business relationship with You.  We will process Personal Data only on documented instructions from You. You agree that our PowerPacks End User Licensing Agreement and Terms of Service along with Your use of Professional Services are Your complete and final documented instructions to Us for the processing of Personal Data. Any additional or alternate instructions must be agreed to according to the process for amending the Terms of Service agreement.  In any instance where the GDPR applies and You are a processor, You warrant to Us that Your instructions, including appointment of Us as a processor or subprocessor, have been authorized by the relevant controller.

5.1.2.2 Processing of Personal Data included in Support Data

The parties acknowledge and agree that:

  • The subject-matter of the processing is limited to Personal Data within the scope of the GDPR;
  • The duration of the processing shall be for the duration of Your right to receive technical support and until all Personal Data is deleted or returned in accordance with Your instructions or the Terms of Service;
  • The nature and purpose of the processing shall be to provide technical support pursuant to your licensing agreement;
  • The types of Personal Data processed in connection with the provision of technical support include those expressly identified in Article 4 of the GDPR; and
  • The categories of data subjects are Your representatives and end users, such as employees, contractors, collaborators, and customers.

For data subject requests and records of processing activities related to Support Data, and Personal Data included therein, We will abide by the applicable obligations set forth in the “Data Subject Rights; Assistance with Requests” and “Records of Processing Activities” provisions in the Data Protection Terms section of the Terms of Service.

5.1.3 Security of Support Data

We will implement and maintain technical and organizational measures to protect Support Data. If We become aware of a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to Support Data while processed by Us, We will abide by the obligations set forth in the “Security Incident Notification” provision in the Data Protection Terms section of the Terms of Service.

5.1.4 Data Location aand Transfer

Support Data that We processes on Your behalf may be transferred to, and stored and processed in, the United States or any other country in which Microsoft or its Affiliates or Subprocessors operate. You appoints Us to perform any such transfer of Support Data to any such country and to store and process that data to provide technical support.

5.1.5 Other Support Data Commitmets

5.1.5.1 Disclosure

The disclosure of Support Data by Us to third parties is governed by the same restrictions and procedures that govern Your Data set forth in the “Disclosure of Your Data” provision in the Data Protection Terms section of the Terms of Service.

5.1.5.2 Deletion of Return

We will delete or return all copies of Support Data, and Personal Data included therein, after the business purposes for which the Support Data was collected or transferred have been fulfilled or earlier upon Your request.

5.1.5.3 Use of Subprocessors

The use of Subprocessors in connection with the provision of technical support for Our Services is governed by the same restrictions and procedures that govern its use of Subprocessors in connection with the Services set forth in the “Use of Subprocessors” provision in the Data Protections Terms section of the Terms of Service.

5.2 Other Professional Services Terms

5.2.1 Processing of Personal Data

To the extent We are a processor or subprocessor of Personal Data, not included within Support Data, in connection with the provision of Professional Services, We make the commitments in the GDPR Terms in Section 7 Attachment to all customers effective May 25, 2018.

5.2.2 Obligations of the Parties

We warrant that all Professional Services will be performed with professional care and skill. If We fail to do so and You notify Us within 90 days of the date of performance, then We will either re-perform the Professional Services or return the price paid for them as Your sole remedy for breach of the Professional Services warranty.

You will perform your applicable responsibilities and obligations to support Our performance of the Professional Services, as specified in the description of each Professional Service.

5.2.3 Limitation of Liability

To the extent permitted by applicable law, each party’s total liability for all claims relating to Professional Services will be limited to the amounts You were required to pay for the Professional Services or the limitation of liability for the Service with which the Professional Services are offered, whichever is greater. In no event will either party be liable for indirect, incidental, special, punitive, or consequential damages, including loss of use, loss of profits, or interruption of business, however caused or on any theory of liability in relation to the Professional Services. No limitation or exclusions will apply to liability arising out of either party’s (1) confidentiality obligations; or (2) violation of the other party’s intellectual property rights.

5.2.4 Fixes

“Fixes” are Solution or Service fixes, modifications or enhancements, or their derivatives, that We either releases generally (such as updates) or that We provides to You to address a specific issue. Each Fix is licensed under the same terms as the Solution or Service to which it applies. If a Fix is not provided for a specific Solution or Service, any use terms We provide with the Fix will apply.

5.2.5 Services Deliverables

“Services Deliverables” means any computer code or materials other than Products or Fixes that We leave with Customer at the conclusion of Our performance of Professional Services. We grant You a non-exclusive, non-transferable, perpetual license to reproduce, use, and modify the Services Deliverables solely for Your internal business purposes, subject to the terms and conditions in the End User License Agreement.

5.2.6 Third-Party Technology

You are solely responsible for any Third-Party software or technology that you install or use with the Services, Solutions, Fixes, or Services Deliverables.

5.2.7 Affiliates’ Rights

You may sublicense the rights to use Services Deliverables to your Affiliates, but your Affiliates may not sublicense these rights. You are liable for ensuring your Affiliates’ compliance with the terms of this Notice and your licensing agreement.

6. Attachment – The Standard Contractual Clauses (Processors)

Execution of the licensing agreement by You includes execution of this Attachment, which is countersigned by PowerTeam Inc (DBA PowerObjects). To opt out of the “Standard Contractual Clauses”, Customer must send the following information to Us in a written notice:

  • the full legal name of the Customer and any Affiliate that is opting out;
  • a statement that Customer (or Affiliate) opts out of the Standard Contractual Clauses.

In countries where regulatory approval is required for use of the Standard Contractual Clauses, the Standard Contractual Clauses cannot be relied upon under European Commission 2010/87/EU (of February 2010) to legitimize export of data from the country, unless Customer has the required regulatory approval.

Beginning May 25, 2018 and thereafter, references to various Articles from the Directive 95/46/EC in the Standard Contractual Clauses below will be treated as references to the relevant and appropriate Articles in the GDPR.

For the purposes of Article 26(2) of Directive 95/46/EC for the transfer of personal data to processors established in third countries which do not ensure an adequate level of data protection, Customer (as data exporter) and PowerTeam Inc (as data importer, whose signature appears below), each a “party,” together “the parties,” have agreed on the following Contractual Clauses (the “Clauses” or “Standard Contractual Clauses”) in order to adduce adequate safeguards with respect to the protection of privacy and fundamental rights and freedoms of individuals for the transfer by the data exporter to the data importer of the personal data specified in Appendix 1.

Clause 1: Definitions

(a) ‘personal data’, ‘special categories of data’, ‘process/processing’, ‘controller’, ‘processor’, ‘data subject’ and ‘supervisory authority’ shall have the same meaning as in Directive 95/46/EC of the European Parliament and of the Council of 24 October 1995 on the protection of individuals with regard to the processing of personal data and on the free movement of such data;

(b) ‘the data exporter’ means the controller who transfers the personal data;

(c) ‘the data importer’ means the processor who agrees to receive from the data exporter personal data intended for processing on his behalf after the transfer in accordance with his instructions and the terms of the Clauses and who is not subject to a third country’s system ensuring adequate protection within the meaning of Article 25(1) of Directive 95/46/EC;

(d) ‘the subprocessor’ means any processor engaged by the data importer or by any other subprocessor of the data importer who agrees to receive from the data importer or from any other subprocessor of the data importer personal data exclusively intended for processing activities to be carried out on behalf of the data exporter after the transfer in accordance with his instructions, the terms of the Clauses and the terms of the written subcontract;

(e) ‘the applicable data protection law’ means the legislation protecting the fundamental rights and freedoms of individuals and, in particular, their right to privacy with respect to the processing of personal data applicable to a data controller in the Member State in which the data exporter is established;

(f) ‘technical and organisational security measures’ means those measures aimed at protecting personal data against accidental or unlawful destruction or accidental loss, alteration, unauthorised disclosure or access, in particular where the processing involves the transmission of data over a network, and against all other unlawful forms of processing.

Clause 2: Details of the transfer

The details of the transfer and in particular the special categories of personal data where applicable are specified in Appendix 1 below which forms an integral part of the Clauses.

Clause 3: Third-party beneficiary clause

1. The data subject can enforce against the data exporter this Clause, Clause 4(b) to (i), Clause 5(a) to (e), and (g) to (j), Clause 6(1) and (2), Clause 7, Clause 8(2), and Clauses 9 to 12 as third-party beneficiary.

2. The data subject can enforce against the data importer this Clause, Clause 5(a) to (e) and (g), Clause 6, Clause 7, Clause 8(2), and Clauses 9 to 12, in cases where the data exporter has factually disappeared or has ceased to exist in law unless any successor entity has assumed the entire legal obligations of the data exporter by contract or by operation of law, as a result of which it takes on the rights and obligations of the data exporter, in which case the data subject can enforce them against such entity.

3. The data subject can enforce against the subprocessor this Clause, Clause 5(a) to (e) and (g), Clause 6, Clause 7, Clause 8(2), and Clauses 9 to 12, in cases where both the data exporter and the data importer have factually disappeared or ceased to exist in law or have become insolvent, unless any successor entity has assumed the entire legal obligations of the data exporter by contract or by operation of law as a result of which it takes on the rights and obligations of the data exporter, in which case the data subject can enforce them against such entity. Such third-party liability of the subprocessor shall be limited to its own processing operations under the Clauses.

4. The parties do not object to a data subject being represented by an association or other body if the data subject so expressly wishes and if permitted by national law.

Clause 4: Obligations of the data exporter

The data exporter agrees and warrants:

(a) that the processing, including the transfer itself, of the personal data has been and will continue to be carried out in accordance with the relevant provisions of the applicable data protection law (and, where applicable, has been notified to the relevant authorities of the Member State where the data exporter is established) and does not violate the relevant provisions of that State;

(b) that it has instructed and throughout the duration of the personal data processing services will instruct the data importer to process the personal data transferred only on the data exporter’s behalf and in accordance with the applicable data protection law and the Clauses;

(c) that the data importer will provide sufficient guarantees in respect of the technical and organisational security measures specified in Appendix 2 below;

(d) that after assessment of the requirements of the applicable data protection law, the security measures are appropriate to protect personal data against accidental or unlawful destruction or accidental loss, alteration, unauthorised disclosure or access, in particular where the processing involves the transmission of data over a network, and against all other unlawful forms of processing, and that these measures ensure a level of security appropriate to the risks presented by the processing and the nature of the data to be protected having regard to the state of the art and the cost of their implementation;

(e) that it will ensure compliance with the security measures;

(f) that, if the transfer involves special categories of data, the data subject has been informed or will be informed before, or as soon as possible after, the transfer that its data could be transmitted to a third country not providing adequate protection within the meaning of Directive 95/46/EC;

(g) to forward any notification received from the data importer or any subprocessor pursuant to Clause 5(b) and Clause 8(3) to the data protection supervisory authority if the data exporter decides to continue the transfer or to lift the suspension;

(h) to make available to the data subjects upon request a copy of the Clauses, with the exception of Appendix 2, and a summary description of the security measures, as well as a copy of any contract for subprocessing services which has to be made in accordance with the Clauses, unless the Clauses or the contract contain commercial information, in which case it may remove such commercial information;

(i) that, in the event of subprocessing, the processing activity is carried out in accordance with Clause 11 by a subprocessor providing at least the same level of protection for the personal data and the rights of data subject as the data importer under the Clauses; and

(j) that it will ensure compliance with Clause 4(a) to (i).

Clause 5: Obligations of the data importer

The data importer agrees and warrants:

(a) to process the personal data only on behalf of the data exporter and in compliance with its instructions and the Clauses; if it cannot provide such compliance for whatever reasons, it agrees to inform promptly the data exporter of its inability to comply, in which case the data exporter is entitled to suspend the transfer of data and/or terminate the contract;

(b) that it has no reason to believe that the legislation applicable to it prevents it from fulfilling the instructions received from the data exporter and its obligations under the contract and that in the event of a change in this legislation which is likely to have a substantial adverse effect on the warranties and obligations provided by the Clauses, it will promptly notify the change to the data exporter as soon as it is aware, in which case the data exporter is entitled to suspend the transfer of data and/or terminate the contract;

(c) that it has implemented the technical and organisational security measures specified in Appendix 2 before processing the personal data transferred;

(d) that it will promptly notify the data exporter about:

  • any legally binding request for disclosure of the personal data by a law enforcement authority unless otherwise prohibited, such as a prohibition under criminal law to preserve the confidentiality of a law enforcement investigation,
  • any accidental or unauthorised access, and
  • any request received directly from the data subjects without responding to that request, unless it has been otherwise authorised to do so;

(e) to deal promptly and properly with all inquiries from the data exporter relating to its processing of the personal data subject to the transfer and to abide by the advice of the supervisory authority with regard to the processing of the data transferred;

(f) at the request of the data exporter to submit its data processing facilities for audit of the processing activities covered by the Clauses which shall be carried out by the data exporter or an inspection body composed of independent members and in possession of the required professional qualifications bound by a duty of confidentiality, selected by the data exporter, where applicable, in agreement with the supervisory authority;

(g) to make available to the data subject upon request a copy of the Clauses, or any existing contract for subprocessing, unless the Clauses or contract contain commercial information, in which case it may remove such commercial information, with the exception of Appendix 2 which shall be replaced by a summary description of the security measures in those cases where the data subject is unable to obtain a copy from the data exporter;

(h) that, in the event of subprocessing, it has previously informed the data exporter and obtained its prior written consent;

(i) that the processing services by the subprocessor will be carried out in accordance with Clause 11; and

(j) to send promptly a copy of any subprocessor agreement it concludes under the Clauses to the data exporter.

Clause 6: Liability

1. The parties agree that any data subject who has suffered damage as a result of any breach of the obligations referred to in Clause 3 or in Clause 11 by any party or subprocessor is entitled to receive compensation from the data exporter for the damage suffered.

2. If a data subject is not able to bring a claim for compensation in accordance with paragraph 1 against the data exporter, arising out of a breach by the data importer or his subprocessor of any of their obligations referred to in Clause 3 or in Clause 11, because the data exporter has factually disappeared or ceased to exist in law or has become insolvent, the data importer agrees that the data subject may issue a claim against the data importer as if it were the data exporter, unless any successor entity has assumed the entire legal obligations of the data exporter by contract of by operation of law, in which case the data subject can enforce its rights against such entity.

The data importer may not rely on a breach by a subprocessor of its obligations in order to avoid its own liabilities.

3. If a data subject is not able to bring a claim against the data exporter or the data importer referred to in paragraphs 1 and 2, arising out of a breach by the subprocessor of any of their obligations referred to in Clause 3 or in Clause 11 because both the data exporter and the data importer have factually disappeared or ceased to exist in law or have become insolvent, the subprocessor agrees that the data subject may issue a claim against the data subprocessor with regard to its own processing operations under the Clauses as if it were the data exporter or the data importer, unless any successor entity has assumed the entire legal obligations of the data exporter or data importer by contract or by operation of law, in which case the data subject can enforce its rights against such entity. The liability of the subprocessor shall be limited to its own processing operations under the Clauses.

Clause 7: Mediation and jurisdiction

1. The data importer agrees that if the data subject invokes against it third-party beneficiary rights and/or claims compensation for damages under the Clauses, the data importer will accept the decision of the data subject:

(a) to refer the dispute to mediation, by an independent person or, where applicable, by the supervisory authority;
(b) to refer the dispute to the courts in the Member State in which the data exporter is established.

2. The parties agree that the choice made by the data subject will not prejudice its substantive or procedural rights to seek remedies in accordance with other provisions of national or international law.

Clause 8: Cooperation with supervisory authorities

1. The data exporter agrees to deposit a copy of this contract with the supervisory authority if it so requests or if such deposit is required under the applicable data protection law.

2. The parties agree that the supervisory authority has the right to conduct an audit of the data importer, and of any subprocessor, which has the same scope and is subject to the same conditions as would apply to an audit of the data exporter under the applicable data protection law.

3. The data importer shall promptly inform the data exporter about the existence of legislation applicable to it or any subprocessor preventing the conduct of an audit of the data importer, or any subprocessor, pursuant to paragraph 2. In such a case the data exporter shall be entitled to take the measures foreseen in Clause 5 (b).

Clause 9: Governing Law

The Clauses shall be governed by the law of the Member State in which the data exporter is established.

Clause 10: Variation of the contract

The parties undertake not to vary or modify the Clauses. This does not preclude the parties from adding clauses on business related issues where required as long as they do not contradict the Clause.

Clause 11: Subprocessing

1. The data importer shall not subcontract any of its processing operations performed on behalf of the data exporter under the Clauses without the prior written consent of the data exporter. Where the data importer subcontracts its obligations under the Clauses, with the consent of the data exporter, it shall do so only by way of a written agreement with the subprocessor which imposes the same obligations on the subprocessor as are imposed on the data importer under the Clauses. Where the subprocessor fails to fulfil its data protection obligations under such written agreement the data importer shall remain fully liable to the data exporter for the performance of the subprocessor’s obligations under such agreement.

2. The prior written contract between the data importer and the subprocessor shall also provide for a third-party beneficiary clause as laid down in Clause 3 for cases where the data subject is not able to bring the claim for compensation referred to in paragraph 1 of Clause 6 against the data exporter or the data importer because they have factually disappeared or have ceased to exist in law or have become insolvent and no successor entity has assumed the entire legal obligations of the data exporter or data importer by contract or by operation of law. Such third-party liability of the subprocessor shall be limited to its own processing operations under the Clauses.

3. The provisions relating to data protection aspects for subprocessing of the contract referred to in paragraph 1 shall be governed by the law of the Member State in which the data exporter is established.

4. The data exporter shall keep a list of subprocessing agreements concluded under the Clauses and notified by the data importer pursuant to Clause 5 (j), which shall be updated at least once a year. The list shall be available to the data exporter’s data protection supervisory authority.

Clause 12: Obligation after the termination of personal data processing services

1. The parties agree that on the termination of the provision of data processing services, the data importer and the subprocessor shall, at the choice of the data exporter, return all the personal data transferred and the copies thereof to the data exporter or shall destroy all the personal data and certify to the data exporter that it has done so, unless legislation imposed upon the data importer prevents it from returning or destroying all or part of the personal data transferred. In that case, the data importer warrants that it will guarantee the confidentiality of the personal data transferred and will not actively process the personal data transferred anymore.

2. The data importer and the subprocessor warrant that upon request of the data exporter and/or of the supervisory authority, it will submit its data processing facilities for an audit of the measures referred to in paragraph 1.

Appendix 1 to the Standard Contractual Clauses

Data exporter: Customer is the data exporter. The data exporter is a user of the Services as defined in the section of the Terms of Service entitled “Data Protection Terms.”

Data importer: The data importer is PowerTeam Inc, a global producer of software and services.

Data subjects: Data subjects include the data exporter’s representatives and end-users including employees, contractors, collaborators, and customers of the data exporter. Data subjects may also include individuals attempting to communicate or transfer personal information to users of the services provided by data importer.

Categories of data: The personal data transferred includes web form submissions, documents and other data in an electronic form in the context of the Services.

Processing operations: The personal data transferred will be subject to the following basic processing activities:

a. Duration and Object of Data Processing. The duration of data processing shall be for the term designated under the applicable licensing agreement between data exporter and the data importer entity to which these Standard Contractual Clauses are annexed. The objective of the data processing is the performance of Online Services.

b. Scope and Purpose of Data Processing. The scope and purpose of processing personal data is described in the Security Practices and Policies section of the Terms of Service. The data importer operates a global network of Online Services, and processing may take place in any jurisdiction where data importer or its sub-processors operate such facilities.

c. Customer Data Access. For the term designated under the applicable volume licensing agreement data importer will at its election and as necessary under applicable law implementing Article 12(b) of the EU Data Protection Directive, either: (1) provide data exporter with the ability to correct, delete, or block Customer Data, or (2) make such corrections, deletions, or blockages on its behalf.

d. Data Exporter’s Instructions. For Online Services, data importer will only act upon data exporter’s instructions as conveyed in the Terms of Service.

e. Customer Data Deletion or Return. Upon expiration or termination of data exporter’s use of Online Services, it may extract Customer Data and data importer will delete Customer Data, each in accordance with the Terms of Service applicable to the agreement.

Subcontractors: The data importer may hire other companies to provide limited services on data importer’s behalf, such as providing customer support. Any such subcontractors will be permitted to obtain Customer Data only to deliver the services the data importer has retained them to provide, and they are prohibited from using Customer Data for any other purpose.

Appendix 2 to the Standard Contractual Clauses

Description of the technical and organizational security measures implemented by the data importer in accordance with Clauses 4(d) and 5(c):

1. Personnel. Data importer’s personnel will not process Customer Data without authorization. Personnel are obligated to maintain the confidentiality of any Customer Data and this obligation continues even after their engagement ends.

2. Data Privacy Contact. The data privacy officer of the data importer can be reached at the following address:

PowerTeam LLC
Attn: Chief Privacy Officer
718 Washington Ave N, Suite #101
Minneapolis, MN 55401 USA

3. Technical and Organization Measures. The data importer has implemented and will maintain appropriate technical and organizational measures, internal controls, and information security routines intended to protect Customer Data, as defined in the Security Practices and Policies section of the Terms of Service, against accidental loss, destruction, or alteration; unauthorized disclosure or access; or unlawful destruction as follows: The technical and organizational measures, internal controls, and information security routines set forth in the Security Practices and Policies section of the Terms of Service are hereby incorporated into this Appendix 2 by this reference and are binding on the data importer as if they were set forth in this Appendix 2 in their entirety.

Signature of PowerTeam Inc appears on the following page.

Signing the Standard Contractual Clauses, Appendix 1 and Appendix 2 on behalf of the data importer:
James D Sheehan
Senior Vice President
PowerTeam LLC (DBA PowerObjects)

7. Attachment – European Union General Data Protection Regulation Terms

We make the commitments in these GDPR Terms, to all customers effective May 25, 2018. These commitments are binding upon Us with regard to You regardless any other agreement that references this attachment.

For purposes of these GDPR Terms, You and Us agree that You are the controller of Personal Data and We are the processor of such data, except when You act as a processor of Personal Data, in which case We are a subprocessor.  These GDPR Terms apply to the processing of Personal Data, within the scope of the GDPR, by Us on behalf of You.  These GDPR Terms do not limit or reduce any data protection commitments We make to You in the Terms of Service or other agreement between You and Us. These GDPR Terms do not apply where We are a controller of Personal Data.

7.1 Relevant GDPR Obligations: Articles 28, 32, and 33

We shall not engage another processor without prior specific or general written authorization from You.  In the case of general written authorization, We shall inform You of any intended changes concerning the addition or replacement of other processors, thereby giving You the opportunity to object to such changes.  (Article 28(2))

Processing by Us shall be governed by these GDPR Terms under European Union (hereafter “Union”) or Member State law and are binding on Us with regard to You. The subject-matter and duration of the processing, the nature and purpose of the processing, the type of Personal Data, the categories of data subjects and Your obligations and Your rights are set forth in Your licensing agreement, including these GDPR Terms. In particular, We shall:

  • process the Personal Data only on documented instructions from You, including with regard to transfers of Personal Data to a third country or an international organization, unless required to do so by Union or Member State law to which We are subject; in such a case, We shall inform Customer of that legal requirement before processing, unless that law prohibits such information on important grounds of public interest;
  • ensure that persons authorized to process the Personal Data have committed themselves to confidentiality or are under an appropriate statutory obligation of confidentiality;
  • take all measures required pursuant to Article 32 of the GDPR;
  • respect the conditions referred to in paragraphs 1 and 3 for engaging another processor;
  • taking into account the nature of the processing, assist You by appropriate technical and organizational measures, insofar as this is possible, for the fulfilment of Your obligation to respond to requests for exercising the data subject’s rights laid down in Chapter III of the GDPR;
  • assist You in ensuring compliance with the obligations pursuant to Articles 32 to 36 of the GDPR, taking into account the nature of processing and the information available to Us;
  • at Your choice, delete or return all the Personal Data to You after the end of the provision of services relating to processing, and delete existing copies unless Union or Member State law requires storage of the Personal Data;
  • make available to You all information necessary to demonstrate compliance with the obligations laid down in Article 28 of the GDPR and allow for and contribute to audits, including inspections, conducted by You or another auditor mandated by You.

We shall immediately inform You if, in its opinion, an instruction infringes the GDPR or other Union or Member State data protection provisions.  (Article 28(3))

Where We engage another processor for carrying out specific processing activities on Your behalf, the same data protection obligations as set out in these GDPR Terms shall be imposed on that other processor by way of a contract or other legal act under Union or Member State law, in particular providing sufficient guarantees to implement appropriate technical and organizational measures in such a manner that the processing will meet the requirements of the GDPR.  Where that other processor fails to fulfil its data protection obligations, We shall remain fully liable to You for the performance of that other processor’s obligations.  (Article 28(4))

Taking into account the state of the art, the costs of implementation and the nature, scope, context and purposes of processing as well as the risk of varying likelihood and severity for the rights and freedoms of natural persons, You and Us shall implement appropriate technical and organizational measures to ensure a level of security appropriate to the risk, including inter alia as appropriate:

  • the pseudonymization and encryption of Personal Data;
  • the ability to ensure the ongoing confidentiality, integrity, availability and resilience of processing systems and services;
  • the ability to restore the availability and access to Personal Data in a timely manner in the event of a physical or technical incident; and
  • a process for regularly testing, assessing and evaluating the effectiveness of technical and organizational measures for ensuring the security of the processing. (Article 32(1))

In assessing the appropriate level of security, account shall be taken of the risks that are presented by processing, in particular from accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to Personal Data transmitted, stored or otherwise processed.  (Article 32(2))

Both parties shall take steps to ensure that any natural person acting under the authority of either party who has access to Personal Data does not process them except on instructions from You, unless he or she is required to do so by Union or Member State law.  (Article 32(4))

We shall notify You without undue delay after becoming aware of a personal data breach. (Article 33(2)). Such notification will include that information a processor must provide to a controller under Article 33(3) to the extent such information is reasonably available to Us.