Last updated: 20 February 2024

PrivIQ Terms of Service & DPA

These Terms of Service along with any other terms and policies referenced herein, and are incorporated herein by reference and form an integral part hereof, as amended from time to time (these “Terms”) constitute a legally binding agreement as of the Effective Date (as defined below), governing your access to, and the use of www.priviq.com and any related website owned or operated by PrivIQ (the “Sites”), and the use of, and registration with, PrivIQ Service (defined below) through the Sites, a mobile application or through any other means.

These Terms are between Compliance Technology Solutions BV (Lepelstraat 14, 1018XM Amsterdam, the Netherlands) (“PrivIQ”, “us”, “we” or “our”) and you, either individually, or on behalf of your employer or any other entity which you represent (“you” or “your”). PrivIQ may use its affiliates and third-party service providers to process and/or collect payment from you. In case you represent your employer or another entity, you hereby represent that (i) you have full legal authority to bind your employer or such entity (as applicable) to these Terms; and (ii) after reading and understanding these Terms, you agree to these Terms on behalf of your employer or the respective entity (as applicable), and these Terms shall bind your employer or such entity (as the case may be).

PLEASE NOTE THAT YOU ARE DEEMED AS AN AUTHORIZED REPRESENTATIVE OF YOUR EMPLOYER OR AN ENTITY (AS APPLICABLE): (I) IF YOU ARE USING YOUR EMPLOYER OR AN ENTITY’S EMAIL ADDRESS IN REGISTERING INTO THE SERVICE; AND (II) IF YOU ARE AN ADMIN (AS DEFINED BELOW).

AS ELABORATED IN SECTION 2 BELOW, THERE ARE VARIOUS TYPES OF USERS FOR THE SERVICE, THUS, EXCEPT WHERE INDICATED OTHERWISE “YOU” SHALL REFER TO CUSTOMER AND ALL TYPES OF USERS. YOU ACKNOWLEDGE THAT THESE TERMS ARE BINDING, AND YOU AFFIRM AND SIGNIFY YOUR CONSENT TO THESE TERMS, BY EITHER: (I) CLICKING ON A BUTTON OR CHECKING A CHECKBOX FOR THE ACCEPTANCE OF THESE TERMS; OR (II) REGISTERING TO, USING OR ACCESSING THE SERVICE, SITES OR PrivIQ MOBILE APPLICATION, WHICHEVER IS EARLIER (THE “EFFECTIVE DATE”).

IF YOU DO NOT AGREE TO COMPLY WITH, AND BE BOUND BY, THESE TERMS OR DO NOT HAVE AUTHORITY TO BIND YOUR EMPLOYER OR ANY OTHER ENTITY (AS APPLICABLE), PLEASE DO NOT ACCEPT THESE TERMS OR ACCESS OR USE THE SERVICE OR THE SITES OR PrivIQ MOBILE APPLICATION.

1. Our Service.

1.1. Our Service.

PrivIQ is a SaaS data privacy management tool that provides a clear and concise data privacy compliance management solution that covers 10 global privacy regulations, and in addition a non-regulation specific version. The management solution helps you to compose and maintain an overview and registration of data privacy aspects (including but not limited to organization, procedures and data), we assume that you obtain your own legal advice to ensure that you comply with all relevant data privacy laws and regulations.

1.2. Modification or Discontinuation of the Service.

We may add, modify or discontinue any feature, functionality or any other tool, within the Service and/or Sites, at our own discretion and without further notice, however, if we make any material adverse change in the core functionality of the Service, then we will notify you by posting an announcement on the Sites and/or via the Service or by sending you an email.

1.3. No Contingency on Future Releases and Improvements.

You hereby acknowledge that your purchase of the Service is not contingent on the delivery by us of any future release of any functionality or feature, including without limitation, the continuance of a certain Service beyond its current Subscription Term or dependent on any public comments we make, orally or in writing, regarding any future functionality or feature.

1.4. Ability to Accept Terms.

If you, access and use the Sites and/or the Service, you represent and warrant that you are at least 18 years old. The Sites and/or Service are only intended for individuals aged eighteen (18) years or older. We reserve the right to request proof of age at any stage so that we can verify compliance with this paragraph.

1.5. Technical Support and Committed Uptime.

You will be entitled to technical support and an uptime commitment, in accordance with the Service Level Agreement available on the legal page, as may be updated by PrivIQ from time to time.

1.6. Additional Services.

Customer may choose to purchase additional services to be provided by PrivIQ, subject to the PrivIQ Additional Services Terms.

1.7. No Advice.

Our services do not include the rendering of any advice, unless and to the extent a separate consultancy agreement has been entered into.

2. Account Registration and Administration.

2.1. Account Registration.

To register to the Service for the first time, you shall create an account with the Service. By creating an account (“Account”) and registering to the Service you become, either individually or on behalf of your employer or any entity, on behalf of whom you created the Account, PrivIQ customer (the “Customer”). The first user of the Account is automatically assigned as the Account administrator (the “Admin”).

2.2. Your Registration Information.

When creating an Account or when you are added into an Account and creating your user profile (the “User Profile”), you:

• Agree to provide us with accurate, complete, and current registration information about yourself;
• Acknowledge that it is your responsibility to ensure that your password remains confidential and secure;
• Agree that you are fully responsible for all activities that occur under your User Profile and password; and
• Undertake to promptly notify us in writing if you become aware of any unauthorized access or use of your Account or User Profile and/or any breach of these Terms. Customer will be solely responsible and liable for any losses, damages, liability and expenses incurred by us or a third party, due to any unauthorized usage of the Account by either you or any other User or third party on your behalf.
•  

2.3. User Verification.

You understand and agree that we may require you to provide information that may be used to confirm your identity and help ensure the security of your Account and/or User Profile. In the event that you or the Admin lose access to an Account or otherwise request information about an Account, we reserve the right to request from you or such Admin (as the case may be) any verification we deem necessary before restoring access to or providing information about such Account.

2.4. Account Admins.

The Admin(s) of an Account are, severally and jointly, deemed as the authorized representatives of the Customer, and any decision or action made by any Admin, is deemed as a decision or action of Customer. An Admin may assign or add other members of the Account as Admins, which possess important privileges and controls over the use of the Service and the Account, including, without limitation:

• control your (and other Users) use of the Account;
• purchase, upgrade or downgrade the Service;
• create, monitor or modify Users’ actions and permissions.

You also acknowledge that your Account can become managed by a representative of the entity that owns or controls the email address domain with which your Account was created or registered.

2.5. Other Users.

There are several types of Account users, such as Compliance and Task users, all of whom are defined within the Service and referred to herein as “Authorized Users”, and collectively with the Admin, the “Users”. The features and functionalities available to the Users are assigned and determined by the Account Admin(s).

2.6. Responsibility for Authorized Users.

Customer is solely liable and responsible for understanding the settings, privileges and controls for the Service and for controlling whom Customer permits to become a User and what are the settings and privileges for such User, including without limitation, the right for a User to invite other Users, the right to incur charges on the Account, the right to access, etc. Customer is responsible for the activities of all of its Users. Further, Customer acknowledges that any action taken by a User of Customer’s Account, is deemed by us as an authorized action by Customer, hence Customer shall have no claim in this regard.

3. Your Customer Data.

3.1. Customer Data.

Customer Data is any data, file attachments, text, images, reports, personal information, or any other content, that is uploaded or submitted, transmitted or otherwise made available, to or through the Service by you or any User and is processed by us on Customer’s behalf (the “Customer Data”). For the avoidance of doubt, Anonymous Information (as defined below) is not regarded as Customer Data. Customer retains all right, title, interest and control, in and to the Customer Data, in the form submitted to the Service. Subject to these Terms, Customer grants us a worldwide, royalty-free, limited license to access, use, process, copy, distribute, perform, export, and display the Customer Data, and solely to the extent that reformatting Customer Data for display in the Service constitutes a modification or derivative work, the foregoing license also includes the right to make modifications and derivative works. The afore-mentioned license is hereby granted solely:

• to maintain and provide you the Service;
• to prevent or address technical or security issues and resolve support requests;
• to investigate when we have a good faith belief, or have received a complaint alleging, that such Customer Data is in violation of these Terms;
• to comply with a valid legal subpoena, request, or other lawful process; and
• as expressly permitted in writing by you.
•  

3.2. Responsibility for Customer Data Compliance.

You represent and warrant that:

• you have or have obtained all rights, licenses, consents, permissions, power and/or authority, necessary to grant the rights granted herein, for any Customer Data that you submit, post or display on or through the Service;
• the Customer Data is in compliance with, and subject to, our Acceptable Use Policy; and
• the Customer Data you submit, your use of such Customer Data, and our use of such Customer Data, as set forth in these Terms, do not and shall not (a) infringe or violate any patents, copyrights, trademarks or other intellectual property, proprietary or privacy, data protection or publicity rights of any third party; (b) violate any applicable local, state, federal and international laws, regulations and conventions, including those related to data privacy and data transfer and exportation (the “Laws”); (c) violate any of your or third party’s policies and terms governing the Customer Data. Other than our security and data protection obligations expressly set forth in Section 5, we assume no responsibility or liability for Customer Data, and you shall be solely responsible for Customer Data and the consequences of using, disclosing, storing, or transmitting it. It is hereby clarified that PrivIQ shall not monitor and/or moderate the Customer Data and there shall be no claim against PrivIQ of not acting so.
•  

 3.3. No Sensitive Data.

You shall not submit to the Service any data that is protected under a special legislation and requires a unique treatment, including, without limitations,

• categories of data enumerated in European Union Regulation 2016/679, Article 9(1) or any similar legislation or regulation in other jurisdiction;
• any protected health information subject to the Health Insurance Portability and Accountability Act (“HIPAA”), as amended and supplemented, or any similar legislation in other jurisdiction, unless Customer and PrivIQ separately enter into a HIPAA Business Associate Agreement; and
• credit, debit or other payment card data subject to PCI DSS or any other credit card schemes.

4. Intellectual Property Rights; License.

4.1. Our Intellectual Property.

The Service and Sites, inclusive of materials, such as software, application programming interface, design, text, editorial materials, informational text, photographs, illustrations, audio clips, video clips, artwork and other graphic materials, and names, logos, trademarks and services marks (excluding Customer Data), any and all related or underlying technology and any modifications, enhancements or derivative works of the foregoing (collectively, “PrivIQ Materials”), are the property of PrivIQ and its licensors, and may be protected by applicable copyright or other intellectual property laws and treaties. As between you and PrivIQ, PrivIQ retains all right, title and interest, including all intellectual property rights, in and to the PrivIQ Materials.

4.2. Customer Reference.

Customer acknowledges and accepts that PrivIQ has the right to use Customer’s name and logo to identify Customer as a customer of PrivIQ or User of the Service, on PrivIQ’s website, marketing materials or otherwise by public announcements. Customer may revoke such right, at any time, by contacting support@priviq.com

4.3. Your Access and Use Rights.

Subject to the terms and conditions of these Terms, and your compliance thereof, and specifically in strict compliance with our Acceptable Use Policy, we grant you a limited, worldwide, non-exclusive, non-transferable right to access and use the Service and Sites, during the applicable Subscription Term, solely for Customer’s internal purposes.

4.4. Use Restrictions.

Except as expressly permitted in these Terms, you may not, and shall not allow an Authorized User or any third party to:

• give, sell, rent, lease, timeshare, sublicense, disclose, publish, assign, market, resell, display, transmit, broadcast, transfer or distribute any portion of the Service or the Sites to any third party, including, but not limited to your affiliates, or use the Service in any service bureau arrangement;
• circumvent, disable or otherwise interfere with security-related features of the Sites or Service or features that prevent or restrict use or copying of any content or that enforce limitations on use of the Service or Sites;
• reverse engineer, decompile or disassemble, decrypt or, attempt to derive the source code of, the Service or Sites, or any components thereof;
• copy, modify, translate, patch, improve, alter, change or create any derivative works of the Service or Sites, or any part thereof;
• take any action that imposes or may impose (at PrivIQ’s sole discretion) an unreasonable or disproportionately large load on the PrivIQ infrastructure or infrastructure which supports the Sites or Service;
• interfere or attempt to interfere with the integrity or proper working of the Service or Sites, or any related activities;
• remove, deface, obscure, or alter PrivIQ’s or any third party’s identification, attribution or copyright notices, trademarks, or other proprietary rights affixed to or provided as part of the Service or Sites, or use or display logos of the Service or Sites without PrivIQ’s prior written approval;
• use the Service or Sites for competitive purposes, including to develop or enhance a competing service or product; or
• encourage or assist any third party (including other Authorized Users) to do any of the foregoing.
•  

4.5. API Use.

We may offer an application programming interface that provides additional ways to access and use the Service (“API“). Such API is considered a part of the Service, and its use is subject to all these Terms. Without derogating from Sections 4.1 through 4.4 hereof, you may only access and use our API for Customer’s internal business purposes, in order to create interoperability and integration between the Service and other products, services or systems you and/or Customer use internally.

When using the API, you should follow our relevant developer guidelines. We reserve the right at any time to modify or discontinue, temporarily or permanently, your and/or Customer’s access to the API (or any part of it) with or without notice. The API is subject to changes and modifications, and you are solely responsible to ensure that your use of the API is compatible with the current version.

5. Privacy and Security.

5.1. Security.

PrivIQ implements reasonable security measures and procedures to assist in protecting your Customer Data. You can learn more on our security measures and procedures on our Security Page, as updated from time to time.

5.2. Privacy Policy.

As a part of accessing or using the Service and the Sites, we may collect, access, use and share certain Personal Data (as defined in the Privacy Policy) from, and/or about, you. Please read our Privacy Policy, which is incorporated herein by reference, for a description of such data collection and use practices.

5.3. Data Processing Agreement (“DPA”).

By using the Service, Customer also accepts our Data Processing Agreement, which governs the Processing of Personal Data (as both terms are defined in the DPA) on Customer’s behalf, where such Personal Data is subject to the General Data Protection Regulation 2016/679 (the “GDPR”).

5.4. Anonymous Information.

Notwithstanding any other provision of these Terms, we may collect, use and publish Anonymous Information (defined below) relating to your use of the Service and/or Sites, and disclose it for the purpose of providing, improving and publicizing our products and services, including the Sites and Service, and for other business purposes. “Anonymous Information” means information which does not enable identification of an individual, such as aggregated and analytics information. PrivIQ owns all Anonymous Information collected or obtained by PrivIQ.

6. Subscription Term, Renewal and Fees Payment.

6.1. Order Form.

Our order form may be completed and placed in various ways, among which, an online form or in-product screens or any other mutually agreed upon offline form delivered by the Customer, including via mail, email or any other electronic or physical delivery mechanism (the “Order Form”). Such Order Form will list, at the least, the Service ordered, subscription plan, term and the associated fees.

6.2. Subscription Term.

The Service is provided on a subscription basis for the term specified in your Order Form, in accordance with the respective subscription plan purchased under such Order Form (the “Subscription Term” and the “Subscription Plan”, respectively, and collectively the “Subscription”).

6.3. Subscription Fees.

In consideration for the provision of the Service (except for Trial Service), Customer shall pay us the applicable fees per the purchased Subscription, as set forth in the applicable Order Form (the “Subscription Fees”). Unless indicated otherwise, Subscription Fees are stated per region (US dollars, Euros, British Pounds, South African Rands). Customer hereby authorizes us, either directly or through our payment processing service or our affiliates, to charge such Subscription Fees via Customer’s selected payment method, upon due date. Unless expressly set forth herein, the Subscription Fees are non-cancellable and non-refundable. We reserve the right to change the Subscription Fees at any time, upon notice to Customer if such change may affect Customer’s existing subscriptions upon renewal. In the event of failure to collect the Fees owed by Customer, we may, at our sole discretion (but shall not be obligated to) retry to collect at a later time, and/or suspend or cancel the Account, without notice.

6.4. Failure to Pay Fees. 

You acknowledge that continued access to the Services is contingent upon your timely payment of Subscription Fees. If you fail to pay the Subscription Fees, we may discontinue the Services and deny your access to the PrivIQ Software. We may also terminate this Agreement if you don’t cure such failure to pay within forty-five (45) days of receiving written notice of our intent to terminate. 

6.5. Taxes.

The Subscription Fees are exclusive of any and all taxes (including without limitation, value added tax, sales tax, use tax, excise, goods and services tax, etc.), levies, or duties, which may be imposed in respect of these Terms and the purchase or sale, of the Service hereunder (the “Taxes”), except for Taxes imposed on our income. If Customer is located in a jurisdiction which requires Customer to deduct or withhold Taxes or other amounts from any amounts due to us, please notify us, in writing, promptly and we shall join efforts to avoid any such Tax withholding, provided, however, that in any case, Customer shall bear the sole responsibility and liability to pay such Tax and such Tax should be deemed as being added on top of the Subscription Fees, payable by Customer.

6.6. Subscription Upgrade.

During the Subscription Term, Customer may upgrade its Subscription Plan by either:

• upgrading to a higher type of Subscription Plan;
• adding add-on features and functionalities; and/or
• upgrading to a longer Subscription Term (collectively, “Subscription Upgrades”). Some Subscription Upgrades or other changes may be considered as a new purchase, hence will restart the Subscription Term and some won’t, as indicated within the Service and/or the Order Form. Upon a Subscription Upgrade, Customer will be billed for the applicable increased amount of Subscription Fees, at our then-current rates (unless indicated otherwise in an Order Form), either: (1) prorated for the remainder of the then-current Subscription Term, or (2) whenever the Subscription Term is being restarted due to the Subscription Upgrade, then the Subscription Fees already paid by Customer will be reduced from the new upgraded Subscription Fees, and the difference shall be due and payable by Customer upon the date on which the Subscription Upgrade was made.
•  

6.7. Adding Users.

Unless agreed otherwise in an Order Form, any changes to the number of Users within a certain Account, shall be billed on a prorated basis for the remainder of the then-current Subscription Term. We will bill Customer, either upon the Users Increase or at the end of the applicable month, as communicated to Customer.

6.8. Excessive Usage.

We shall have the right, including without limitation where we, at our sole discretion, believe that Customer and/or any of its Users, have misused the Service or otherwise use the Service in an excessive manner compared to the anticipated standard use (at our sole discretion), to offer the Subscription in different pricing and/or impose additional restrictions as for the upload, storage, download and use of the Service, including, without limitation, restrictions on Third Party Services, network traffic and bandwidth, size and/or length of content, quality and/or format of content, sources of content, volume of download time, etc.

6.9. Billing.

As part of registering, or submitting billing information, to the Service, Customer agrees to provide us with updated, accurate and complete billing information, and Customer authorizes us (either directly or through our affiliates, or other third parties) to charge, request and collect payment (or otherwise charge, refund or take any other billing actions) from Customer’s payment method or designated banking account, and to make any inquiries that we (or our affiliates and/or third-parties acting on our behalf) may consider necessary to validate Customer’s designated payment account or financial information, in order to ensure prompt payment, including for the purpose of receiving updated payment details from Customer’s credit card company or banking account (e.g., updated expiry date or card number as may be provided to us by Customer’s credit card company).

6.10. Discounts and Promotions.

Unless expressly stated otherwise in a separate legally binding agreement, if Customer received a special discount or other promotional offer, Customer acknowledges that upon renewal of its Subscription, PrivIQ will renew such Subscription, at the full applicable Subscription Fee at the time of renewal.

6.11. Payment through Reseller.

If Customer purchased a Service from a reseller or distributor authorized by us (“Reseller”), then to the extent there is any conflict between these Terms and the agreement entered between Customer and the respective Reseller, including any purchase order (“Reseller Agreement”), then, as between Customer and PrivIQ, these Terms shall prevail. Any rights granted to Customer and/or any of the other Users in such Reseller Agreement which are not contained in these Terms, apply only in connection with the Reseller. In that case, Customer must seek redress or realization or enforcement of such rights solely with the Reseller and not PrivIQ. For clarity, Customer’s and its Users’ access to the Service is subject to our receipt from Reseller of the payment of the applicable Fees paid by Customer to Reseller. Customer hereby acknowledges that at any time, at our discretion, the billing of the Subscription Fees may be assigned to us, such that Customer shall pay us directly the respective Subscription Fees.

7. Refund Policy; Chargeback.

7.1. Refund Policy.

If Customer is not satisfied with its initial purchase of a Service, Customer may terminate such Service by providing us a written notice, within 30 days of having first ordered such Services (the “Refund Period”). In the event that Customer terminates such initial purchase of a Service, within the Refund Period, we will refund Customer the pro rata portion of any unused and unexpired Subscription Fees pre-paid by Customer in respect of such terminated period of the Subscription, unless such other sum is required by applicable law, in the same currency we were originally paid (the “Refund”).

The Refund is applicable only to the initial purchase of the Service by Customer and does not apply to any additional purchases, upgrades, modification or renewals of such Service. Please note that we shall not be responsible to Refund any differences caused by change of currency exchange rates or fees that Customer was charged by third parties, such as wire transfer fees. After the Refund Period, the Subscription Fees are non-refundable and non-cancellable. To the extent permitted by law, if we find that a notice of cancellation has been given in bad faith or in an illegitimate attempt to avoid payment for Services actually received and enjoyed, we reserve our right to reject Customer’s Refund request. Subject to the foregoing, upon termination by Customer under this Section 8.1 all outstanding payment obligations shall immediately become due for the used Subscription Term and Customer will promptly remit to PrivIQ any fees due to PrivIQ under these Terms.

 7.2. Non-Refundable Services.

Certain Services may be non-refundable. In such event we will identify such Services as non-refundable, and Customer shall not be entitled, and we shall not be under any obligation, to terminate the Service and give a Refund.

7.3. Chargeback.

If, at any time, we record a decline, chargeback or other rejection of a charge of any due and payable Subscription Fees on Customer’s Account (“Chargeback”), this will be considered as a breach of Customer’s payment obligations hereunder, and Customer’s use of the Service may be disabled or terminated and such use of the Service will not resume until Customer re-subscribes for any such Service, and pay any applicable Subscription Fees in full, including any fees and expenses incurred by us and/or any Third Party Service for each Chargeback received (including handling and processing charges and fees incurred by the payment processor), without derogating from any other remedy that may be applicable to us under these Terms or applicable law. 

8. Trial Service; Pre-Released Services.

8.1. Trial Service.

We may offer, from time to time, part or all of our Services on a free, no-obligation trial version (“Trial Service”). The term of the Trial Service shall be as communicated to you, within the Service, in an Order Form, unless terminated earlier by either Customer or us, for any reason or for no reason. We reserve the right to modify, cancel and/or limit this Trial Service at any time and without liability or explanation to you. In respect of a Trial Service that is a trial version of the Subscription Plan (the “Trial Subscription”), upon termination of the Trial Subscription, we may change the Account web address at any time without any prior written notice.

8.2. Pre-Released Services.

Note that we may offer, from time to time, certain Services in an Alpha or Beta versions (the “Pre-Released Services”) and we use best endeavors to identify such Pre-Released Services as such. Pre-Released Services are Services that are still under development, and as such they may be inoperable or incomplete, and may contain bugs, suffer disruptions and/or not operate as intended and designated, more than usual.

8.3. Governing Terms of Trial Service and Pre-Released Services.

The Trial Service and Pre-Released Services are governed by these Terms, provided that notwithstanding anything in these Terms or elsewhere to the contrary, in respect of Trial Service and Pre-Released Services

• such services are licensed hereunder on as “As-Is”, “With All Faults” “As Available” basis, with no warranties, express or implied, of any kind;
• the indemnity undertaking by us set forth in Section 14.2 herein shall not apply; and
• IN NO EVENT SHALL THE TOTAL AGGREGATE LIABILITY OF PrivIQ, ITS AFFILIATES OR ITS THIRD-PARTY SERVICE PROVIDERS, UNDER, OR OTHERWISE IN CONNECTION WITH, THESE TERMS (INCLUDING THE SITES, THE SERVICE AND THE THIRD PARTY SERVICES), EXCEED US$100.

We make no promises that any Trial Service and/or Pre-Released Services will be made available to you and/or generally available.

9. Term and Termination; Suspension.

9.1. Term.

These Terms are in full force and effect, commencing upon the Effective Date, until the end of the Service underlying the Account, either paid or unpaid, unless terminated otherwise in accordance with these Terms.

9.2. Termination for Cause.

Either Customer or we may terminate the Service and these Terms, upon written notice, in case that (a) the other party is in material breach of these Terms and to the extent, curable, fails to cure such breach, within a reasonable cure period, which shall not be less than 10 days following a written notice from by the non-breaching party; or (b) ceases its business operations or becomes subject to insolvency proceedings and the proceedings are not dismissed within 45 days.

9.3. Termination by Customer.

Customer may terminate its Subscription to the Service by cancelling the Service and, whereby such termination shall not derogate from Customer’s obligation to pay applicable Subscription Fees except where such termination is made within the Refund Period. In accordance with Section 8 above, unless mutually agreed otherwise by Customer and us in a written instrument, the effective date of such termination will take effect at the end of the then-current Subscription Term, and Customer’s obligation to pay the Subscription Fees throughout the end of such Subscription Term shall remain in full force and effect, and Customer shall not be entitled to a refund for any pre-paid Subscription Fees.

9.4. Effect of Termination of Service.

Upon termination or expiration of these Terms, Customer’s Subscription and all rights granted to you hereunder shall terminate, and we may change the Account’s web address. It is Customer’s sole liability to export the Customer Data prior to such termination or expiration, whereafter we will delete all Customer’s data, upon confirmation received of export. Unless expressly indicated herein otherwise, the termination or expiration of these Terms shall not relieve Customer from its obligation to pay due Subscription Fees.

9.5. Survival.

Section 2.6 (Responsibility for Authorized Users), 3 (Customer Data), 5 (Privacy and Security), 6 (Subscription Term, Renewal and Fees Payment) in respect of unpaid Subscription Fees, 8.3 (Governing Terms of Trial Services and Pre-Released Services), 9 (Term and Termination; Suspension), 10 (Confidentiality), 11 (Warranty Disclaimer), 12 (Limitations of Liability), 14 (Indemnification), 19 (Governing Law and Jurisdiction; Class Action Waiver and Arbitration) and 20 (General Provisions), shall survive the termination or expiration of these Terms, and continue to be in force and effect in accordance with their applicable terms.

9.6. Suspension.

Without derogating from our termination rights above, we may decide to temporarily suspend the Account and/or a User Profile (including any access thereto) and/or our Service, in the following events:

• we believe, at our sole discretion, that you or any third party, are using the Service in a manner that may impose a security risk, may cause harm to us or any third party, and/or may raise any liability for us or any third party;
• we believe, at our sole discretion, that you or any third party, are using the Service in breach of these Terms or applicable Law;
• Customer’s payment obligations, in accordance with these Terms, are or are likely to become, overdue; or
• Customer’s or any of its Users’ breach of the Acceptable Use Policy.

The afore-mentioned suspension rights are in addition to any remedies that may be available to us in accordance with these Terms and/or applicable Law. 

10. Confidentiality.

10.1. Confidential Information.

In connection with these Terms and the Service (including the evaluation thereof), each party (“Disclosing Party”) may disclose to the other party (“Receiving Party”), non-public business, product, technology and marketing information, including without limitation, customers lists and information, know-how, software and any other non-public information that is either identified as such or should reasonably be understood to be confidential given the nature of the information and the circumstances of disclosure, whether disclosed prior or after the Effective Date (the “Confidential Information”). For the avoidance of doubt,

• Customer Data is regarded as Customer’s Confidential Information, and
• our Site, Service, Trial Service and/or Pre-Released Services, inclusive of their underlying technology, and their respective performance information, as well as any data, reports and materials we provided to you in connection with your evaluation or use of the Service, are regarded as our Confidential Information.

Confidential Information does not include information that (a) is or becomes generally available to the public without breach of any obligation owed to the Disclosing Party; (b) was known to the Receiving Party prior to its disclosure by the Disclosing Party without breach of any obligation owed to the Disclosing Party; (c) is received from a third party without breach of any obligation owed to the Disclosing Party; or (d) was independently developed by the Receiving Party without any use or reference to the Confidential Information.

10.2. Confidentiality Undertakings by the Receiving Party.

The Receiving Party will

• take at least reasonable measures to prevent the unauthorized disclosure or use of Confidential Information, and limit access to those employees, affiliates, service providers and agents, on a need to know basis and who are bound by confidentiality obligations at least as restrictive as those contained herein; and
• not use or disclose any Confidential Information to any third party, except as part of its performance under these Terms and as required to be disclosed to legal or financial advisors to the Receiving Party or in connection with a due diligence process that the Receiving Party is undergoing, provided that any such disclosure shall be governed by confidentiality obligations at least as restrictive as those contained herein.

•  

10.3. Compelled Disclosure.

Notwithstanding the above, Confidential Information may be disclosed pursuant to the order or requirement of a court, administrative agency or other governmental body; provided, however, that to the extent legally permissible, the Receiving Party shall make best efforts to provide prompt written notice of such court order or requirement to the Disclosing Party to enable the Disclosing Party to seek a protective order or otherwise prevent or restrict such disclosure.

11. Warranty Disclaimer.

NOTWITHSTANDING ANYTHING IN THESE TERMS OR ELSEWHERE TO THE CONTRARY AND TO THE FULLEST EXTENT PERMITTED BY APPLICABLE LAW:

11.1. EXCEPT AS EXPRESSLY SET FORTH HEREIN, THE SITES AND THE SERVICE ARE PROVIDED ON AN “AS IS”, “WITH ALL FAULTS” AND “AS AVAILABLE” BASIS, AND WITHOUT WARRANTIES OF ANY KIND. WE AND OUR AFFILIATES, SUBCONTRACTORS, AGENTS AND VENDORS (INCLUDING, THE THIRD-PARTY SERVICE PROVIDERS, HEREBY DISCLAIM ANY AND ALL REPRESENTATIONS AND WARRANTIES OF ANY KIND, INCLUDING WITHOUT LIMITATION, WARRANTIES AND/OR REPRESENTATIONS OF MERCHANTABILITY, FUNCTIONALITY, TITLE, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT, WHETHER EXPRESS, IMPLIED OR STATUTORY.

11.2. WE AND OUR VENDORS DO NOT WARRANT, AND EXPRESSLY DISCLAIM ANY WARRANTY OR REPRESENTATION THAT THE SERVICE AND SITES, INCLUDING THE ACCESS THERETO AND USE THEREOF, WILL BE UNINTERRUPTED, TIMELY, SECURED, ERROR FREE, THAT DATA WON’T BE LOST, THAT DEFECTS WILL BE CORRECTED, OR THAT THE SITES AND/OR SERVICE ARE FREE FROM VIRUSES OR OTHER HARMFUL CODE. WE AND OUR VENDORS FURTHER DISCLAIM ANY AND ALL LIABILITY OR RESPONSIBILITY FOR ANY DELAYS, FAILURES, INTERCEPTION, ALTERATION, LOSS, OR OTHER DAMAGES THAT YOU AND/OR YOUR DATA (INCLUDING CUSTOMER DATA) MAY SUFFER, THAT ARE BEYOND OUR CONTROL.

11.3. EXCEPT AS EXPRESSLY SET FORTH HEREIN, WE DO NOT WARRANT, AND EXPRESSLY DISCLAIM ANY WARRANTY OR REPRESENTATION (I) THAT OUR SERVICE (OR ANY PORTION THEREOF) IS COMPLETE, ACCURATE, OF ANY CERTAIN QUALITY, RELIABLE, SUITABLE FOR, OR COMPATIBLE WITH, ANY OF YOUR CONTEMPLATED ACTIVITIES, DEVICES, OPERATING SYSTEMS, BROWSERS, SOFTWARE OR TOOLS (OR THAT IT WILL REMAIN AS SUCH AT ANY TIME), OR COMPLY WITH ANY LAWS APPLICABLE TO YOU; AND/OR (II) REGARDING ANY CONTENT, INFORMATION, REPORTS OR RESULTS THAT YOU OBTAIN THROUGH THE SERVICE AND/OR THE SITES. 

12. Limitation of Liability.

NOTWITHSTANDING ANYTHING IN THESE TERMS OR ELSEWHERE TO THE CONTRARY AND TO THE FULLEST EXTENT PERMITTED BY APPLICABLE LAW:

12.1. IN NO EVENT SHALL EITHER PARTY HERETO AND ITS AFFILIATES, SUBCONTRACTORS, AGENTS AND VENDORS (INCLUDING, THE THIRD-PARTY SERVICE PROVIDERS), BE LIABLE UNDER, OR OTHERWISE IN CONNECTION WITH THESE TERMS FOR (I) ANY INDIRECT, EXEMPLARY, SPECIAL, CONSEQUENTIAL, INCIDENTAL OR PUNITIVE DAMAGES; (II) ANY LOSS OF PROFITS, COSTS, ANTICIPATED SAVINGS; (III) ANY LOSS OF, OR DAMAGE TO DATA, USE, BUSINESS, REPUTATION, REVENUE OR GOODWILL; AND/OR (IV) THE FAILURE OF SECURITY MEASURES AND PROTECTIONS, WHETHER IN CONTRACT, TORT OR UNDER ANY OTHER THEORY OF LIABILITY OR OTHERWISE, AND WHETHER OR NOT SUCH PARTY HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES IN ADVANCE, AND EVEN IF A REMEDY FAILS OF ITS ESSENTIAL PURPOSE.

12.2. EXCEPT FOR THE INDEMNITY OBLIGATIONS OF EITHER PARTY UNDER SECTION 14 (INDEMNIFICATION) HEREIN, YOUR PAYMENT OBLIGATIONS HEREUNDER OR BREACH OF OUR ACCEPTABLE USE POLICY BY EITHER YOU OR IN CASE OF A CUSTOMER, ANY OF THE USERS UNDERLYING ITS ACCOUNT, IN NO EVENT SHALL THE TOTAL AGGREGATE LIABILITY OF EITHER PARTY, ITS AFFILIATES, SUBCONTRACTORS, AGENTS AND VENDORS (INCLUDING, THE ITS THIRD-PARTY SERVICE PROVIDERS), UNDER, OR OTHERWISE IN CONNECTION WITH, THESE TERMS (INCLUDING THE SITES AND THE SERVICE), EXCEED THE TOTAL AMOUNT OF FEES ACTUALLY PAID BY YOU (IF ANY) DURING THE 12 CONSECUTIVE MONTHS PRECEDING THE EVENT GIVING RISE TO SUCH LIABILITY. THIS LIMITATION OF LIABILITY IS CUMULATIVE AND NOT PER INCIDENT.

13. Specific Laws; Reasonable Allocation of Risks.

13.1. Specific Laws.

Except as expressly stated in these Terms, we make no representations or warranties that your use of the Service is appropriate in your jurisdiction. Other than as indicated herein, you are responsible for your compliance with any local and/or specific applicable Laws, as applicable to your use of the Service.

13.2. Reasonable Allocation of Risks.

You hereby acknowledge and confirm that the limitations of liability and warranty disclaimers contained in these Terms are agreed upon by you and us and we both find such limitations and allocation of risks to be commercially reasonable and suitable for our engagement hereunder, and both you and we have relied on these limitations and risk allocation in determining whether to enter these Terms. 

14. Indemnification.

14.1. By Customer.

Customer hereby agrees to indemnify, defend and hold harmless PrivIQ and its affiliates, officers, directors, employees and agents from and against any and all claims, damages, obligations, liabilities, losses, reasonable expenses or costs (collectively, “Losses”) incurred as a result of any third party claim arising from

• Customer’s and/or any of its Users’, violation of these Terms or applicable Law; and/or
• Customer Data, including the use of Customer Data by PrivIQ and/or any of its subcontractors, infringes or violates, any third party’s rights, including, without limitation, intellectual property, privacy and/or publicity rights.
•  

14.2. By PrivIQ.

PrivIQ hereby agrees to defend Customer, its affiliates, officers, directors, and employees, in and against any third party claim or demand against Customer, alleging that Customer’s authorized use of the Service infringes or constitutes misappropriation of any third party’s copyright, trademark or registered patent (the “IP Claim”), and we will indemnify Customer and hold Customer harmless against any damages and costs finally awarded on such IP Claim by a court of competent jurisdiction or agreed to via settlement we agreed upon, including reasonable attorneys’ fees.

PrivIQ’s indemnity obligations under this Section 14 shall not apply if:

• the Service (or any portion thereof) was modified by Customer or any of its Users or any third party, but solely to the extent the IP Claim would have been avoided by not doing such modification;
• (ii) if the Service is used in combination with any other service, device, software or products, including, without limitation, Third Party Services, but solely to the extent that such IP Claim would have been avoided without such combination; and/or
• (iii) any IP Claim arising or related to, the Customer Data or to any events giving rise to Customer’s indemnity obligations under Section 14.1 above. Without derogating from the foregoing defense and indemnification obligation, if PrivIQ believes that the Service, or any part thereof, may so infringe, then PrivIQ may in its sole discretion: (a) obtain (at no additional cost to you) the right to continue to use the Service; (b) replace or modify the allegedly infringing part of the Service so that it becomes non-infringing while giving substantially equivalent performance; or (c) if PrivIQ determines that the foregoing remedies are not reasonably available, then PrivIQ may require that use of the (allegedly) infringing Service (or part thereof) shall cease and in such an event, Customer shall receive a prorated refund of any Subscription Fees paid for the unused portion of the Subscription Term.

THIS SECTION 14.2 STATES PrivIQ’S SOLE AND ENTIRE LIABILITY AND YOUR EXCLUSIVE REMEDY, FOR ANY INTELLECTUAL PROPERTY INFRINGEMENT OR MISAPPROPRIATION BY PrivIQ AND/OR ITS SERVICE AND UNDERLYING TECHNOLOGY.

14.3. Indemnity Conditions.

The defense and indemnification obligations of the indemnifying party under this Section 14 are subject to:

• the indemnified party shall promptly provide a written notice of the claim for which an indemnification is being sought, provided that such indemnitee’s failure to do so will not relieve the indemnifying party of its obligations under this Section 14, except to the extent the indemnifying party’s defense is materially prejudiced thereby;
• the indemnifying party being given immediate and exclusive control over the defense and/or settlement of the claim, provided, however that the indemnifying party shall not enter into any compromise or settlement of any such claim that that requires any monetary obligation or admission of liability or any unreasonable responsibility or liability by an indemnitee without the prior written consent of the affected indemnitee, which shall not be unreasonably withheld or delayed; and
• the indemnified party providing reasonable cooperation and assistance, at the indemnifying party’s expense, in the defense and/or settlement of such claim and not taking any action that prejudices the indemnifying party’s defense of, or response to, such claim.

15. Third Party Components within Our Service

This section is under review and will be available shortly. 

16. Export Controls; Sanctions.

The Service may be subject to the Netherlands, E.U. or foreign export controls, Laws and regulations, or sanctions (the “Export Controls”), and you acknowledge and confirm that:

• you are not located or use, export, re-export or import the Service (or any portion thereof) in or to, any person, entity, organization, jurisdiction or otherwise, in violation of the Export Controls;
• you are not: (a) organized under the laws of, operating from, or otherwise ordinarily resident in a country or territory that is the target of comprehensive U.S. or E.U. economic or trade sanctions (b) identified on a list of prohibited or restricted persons, such as the U.S. Treasury Department’s List of Specially Designated Nationals and Blocked Persons or the E.U. list of sanctioned persons and institutions, or (c) otherwise the target of U.S. and or E.U. sanctions. Customer is solely responsible for complying with applicable Export Controls and sanctions which may impose additional restrictions, prohibitions or requirements on the use, export, re-export or import of the Services and/or the Customer Data; and
• Customer Data is not controlled under the U.S. International Traffic in Arms Regulations or similar Laws in other jurisdictions, or otherwise requires any special permission or license, in respect of its use, import, export or re-export hereunder.
•  

17. Modifications.

Occasionally we may make changes to these Terms for valid reasons, such as adding new functions or features to the Service, technical adjustments, typos or error fixing, for legal or regulatory reasons or for any other reasons as we deem necessary, at our sole discretion. When we make material changes to these Terms, we’ll provide Customer with notice as appropriate under the circumstances, e.g., by displaying a prominent notice within the Service or by sending Customer an email. Your continued use of the Service after the changes have been implemented will constitute your acceptance of the changes. 

18. USA Government Use.

If Customer is part of a USA Government agency, department or otherwise, either federal, state or local (a “Government Customer”), then Government Customer hereby agrees that the Service under these Terms qualifies as “Commercial Computer Software” and “Commercial Computer Software Documentation”, within the meaning of Federal Acquisition Regulation (“FAR”) 2.101, FAR 12.212, Defense Federal Acquisition Regulation Supplement (“DFARS”) 227.7201, and DFARS 252.227-7014. Government Customer further agrees that the terms of this Section 19 shall apply to Customer. Government Customer’s technical data and software rights related to the Service include only those rights customarily provided to the public as specified in these Terms in accordance with FAR 12.212, FAR 27.405-3, FAR 52.227-19, DFARS 227.7202-1 and General Services Acquisition Regulation (“GSAR”) 552.212-4(w) (as applicable). In no event shall source code be provided or considered to be a deliverable or a software deliverable under these Terms. We grant no license whatsoever to any Government Customer to any source code contained in any deliverable or a software deliverable. If a Government Customer has a need for rights not granted under the Terms, it must negotiate with us to determine if there are acceptable terms for granting those rights, and a mutually acceptable written addendum specifically granting those rights must be included in any applicable agreement. Any unpublished-rights are reserved under applicable copyright laws. Any provisions contained in these Terms that contradict any Law applicable to a Government Customer, shall be limited solely to the extent permitted under such applicable Law. 

19. Governing Law and Jurisdiction; Class Action Waiver and Mandatory Arbitration.

19.1. Governing Law; Jurisdiction.

These Terms and any action related thereto will be exclusively governed and interpreted by and under the laws of the Netherlands, without giving effect to any conflicts of laws principles that require the application of the law of a different jurisdiction. Courts of competent jurisdiction located in Amsterdam, the Netherlands, shall have the sole and exclusive jurisdiction and venue over all controversies and claims arising out of, or relating to, these Terms. You and us mutually agree that the United Nations Convention on Contracts for the International Sale of Goods does not apply to these Terms. Notwithstanding the foregoing, PrivIQ reserves the right to seek injunctive relief in any court in any jurisdiction.

19.2. Class Action Waiver.

WHERE PERMITTED UNDER APPLICABLE LAW, YOU AND PrivIQ AGREE THAT EACH PARTY MAY BRING CLAIMS AGAINST THE OTHER PARTY ONLY IN YOUR OR ITS INDIVIDUAL CAPACITY AND NOT AS A PLAINTIFF OR CLASS MEMBER IN ANY PURPORTED CLASS OR REPRESENTATIVE ACTION. Unless both you and PrivIQ mutually agree, no arbitrator or judge may consolidate more than one person’s claims or otherwise preside over any form of a representative or class proceeding.

19.3. Arbitration.

To the extent permitted under applicable Law, you and PrivIQ hereby irrevocably agree to the following provisions:

19.3.1 Dispute resolution and Arbitration.

Any dispute, claim, or controversy between you and us arising in connection with, or relating in any way to, these Terms (whether based in contract, tort, statute, fraud, misrepresentation, or any other legal theory, and whether the claims arise during or after the termination or expiration of these Terms) will be determined solely by mandatory binding arbitration. In arbitration there is no judge or jury, and court review of an arbitration award is limited. However, an arbitrator can award on an individual basis the same damages and relief as a court (including injunctive and declaratory relief or statutory damages) and must follow the terms of these Terms as a court would.

19.3.2 Exception.

Notwithstanding clause 19.3.1 above, you and PrivIQ both agree that nothing herein will be deemed to waive, preclude, or otherwise limit either of our rights, at any time, to seek injunctive relief in a court of law. In addition to the above, notwithstanding clause 19.3.1 above, PrivIQ may file a suit in a court of law against you to address intellectual property infringement claims.

19.3.3 Arbitration Process Rules.

Either you or we may start arbitration proceedings. Any arbitration between you and us will be finally settled under the Rules of Arbitration of the International Chamber of Commerce (the “ICC”) then in force (the “ICC Rules”) by one arbitrator appointed in accordance with the ICC Rules. The arbitration will take place in Amsterdam, the Netherlands, and shall be conducted in the English language and unless otherwise required by a mandatory law of any jurisdiction, the law to be applied in any arbitration shall be the law of the Netherlands, without regard to choice or conflicts of law principles. The arbitration proceedings shall be conducted on an expedited basis and shall result in an award within no more than 60 days. The arbitration shall be conducted on a confidential basis. The award of the Arbitrator shall be final and binding on the parties. The arbitration award shall be enforceable in any court of competent jurisdiction. Any motion to enforce or vacate an arbitration award under this agreement shall be kept confidential to the maximum extent possible.

19.3.4 Special Statute of Limitation.

Any arbitration must be commenced by filing a demand for arbitration within 2 years after the date the party asserting the claim first knows or reasonably should know of the act, omission, or default giving rise to the claim; and there shall be no right to any remedy for any claim not asserted within that time period. If applicable law prohibits such limitation period for asserting claims, any claim must be asserted within the shortest time period permitted by applicable Law.

19.3.5 Notice; Process.

A party who intends to seek arbitration must first send a written notice of the dispute to the other, by certified mail or express courier (signature required), or in the event that we do not have a physical address on file for you, by electronic mail (“Dispute Notice”). The Dispute Notice must

• describe the nature and basis of the claim or dispute; and
• set forth the specific relief sought.

We agree to use good faith efforts to resolve the claim directly, but if we do not reach an agreement to do so within 30 days after the Dispute Notice is received, you or we may commence an arbitration proceeding. During the arbitration, the amount of any settlement offer made by you or us shall not be disclosed to the arbitrator until after the arbitrator makes a final decision and award, if any. Without derogating from the generality of the confidentiality protection under Section 19.3.3 above, all documents and information disclosed in the course of the arbitration shall be kept strictly confidential by the recipient and shall not be used by the recipient for any purpose other than for purposes of the arbitration or the enforcement of the arbitrator’s decision and award and shall not be disclosed except in confidence to persons who have a need to know for such purposes or as required by applicable Law. Except as required to enforce the arbitrator’s decision and award, neither you nor we shall make any public announcement or public comment or originate any publicity concerning the arbitration, including, but not limited to, the fact that the parties are in dispute, the existence of the arbitration, or any decision or award of the arbitrator. 

20. General Provisions.

20.1. Translated Versions.

These Terms were written in English and translated into other languages for your convenience. If a translated (non-English) version of these Terms conflicts in any way with their English version, the provisions of the English version shall prevail.

20.2. Force Majeure.

Neither us nor you will be liable by reason of any failure or delay in the performance of its obligations on account of events beyond the reasonable control of a party, which may include denial-of-service attacks, interruption or failure of the Internet or any utility service, failures in third-party hosting services, strikes, shortages, riots, fires, acts of God, war, terrorism, pandemics, and governmental action.

20.3. Relationship of the Parties; No Third-Party Beneficiaries.

The parties are independent contractors. These Terms and the Service provided hereunder, do not create a partnership, franchise, joint venture, agency, fiduciary or employment relationship between the parties. There are no third-party beneficiaries to these Terms.

20.4. Notice.

We shall use your contact details that we have in our records, in connection with providing you notices, subject to this Section 20.4. Our contact details for any notices are detailed below. You acknowledge notices that we provide you, in connection with these Terms and/or as otherwise related to the Service, shall be provided as follows: via the Service, including by posting on our Sites or posting in your account, text, in-app notification, e-mail, phone or first class, airmail, or overnight courier. You further acknowledge that an electronic notification satisfies any applicable legal notification requirements, including that such notification will be in writing.

Any notice to you will be deemed given upon the earlier of:

• receipt; or
• 24 hours of delivery.

Notices to us shall be provided to PrivIQ, Attn: General Counsel, at legal@priviq.com or sent to Lepelstraat 14, 1018XM Amsterdam, the Netherlands.

20.5. Assignment.

These Terms, and any and all rights and obligations hereunder, may not be transferred or assigned by you without our written approval, provided that you may assign these Terms to your successor entity or person, resulting from a merger, acquisition, or sale of all or substantially all of your assets or voting rights, except for an assignment to a competitor of PrivIQ, and provided that you provide us with prompt written notice of such assignment and the respective assignee agrees, in writing, to assume all of your obligations under these Terms. We may assign our rights and/or obligations hereunder and/or transfer ownership rights and title in the Service to a third party without your consent or prior notice to you. Subject to the foregoing conditions, these Terms shall bind and inure to the benefit of the parties, their respective successors, and permitted assigns. Any assignment not authorized under this Section 20.5 shall be null and void.

20.6. Severability.

These Terms shall be enforced to the fullest extent permitted under applicable Law. If any provision of these Terms is held by a court of competent jurisdiction to be contrary to law, the provision will be modified by the court and interpreted so as best to accomplish the objectives of the original provision to the fullest extent permitted by law, and the remaining provisions of these Terms will remain in effect.

20.7. No Waiver.

No failure or delay by either party in exercising any right under these Terms will constitute a waiver of that right. No waiver under these Terms will be effective unless made in writing and signed by an authorized representative of the party being deemed to have granted the waiver.

 21. Data Processing Addendum (“DPA”).

By using the Service, Customer also accepts our Data Processing Addendum, which governs the Processing of Personal Data (as both terms are defined in the DPA) on Customer’s behalf.

This Data Processing Addendum (“Addendum”) forms part of the Terms of Service.

Where there is any conflict between and the Terms of Service and the terms of this Addendum, the terms of this Addendum shall prevail. Except where the context requires otherwise, references in this Addendum to the Terms of Service are to the Terms of Service, as amended by and including this Addendum.

The Parties agree as follows:

21.1. Scope

The following clauses will only apply to the extent that Data Protection Legislation applies to Protected Data (both as defined below).

21.2. Definitions

21.2.1. Appropriate Safeguards: means such legally enforceable mechanism(s) for transfers of Personal Data outside the European Economic Area as may be permitted under Data Protection Legislation from time to time.

21.2.2. Controller: has the meaning given to that term in Data Protection Legislation.

21.2.3. Data Protection Legislation: means any applicable Dutch or EU law, statute, regulation or sub-ordinate legislation and all policies, codes of conduct, direction, policy rule or order issued by any regulatory body having jurisdiction over a party that is from time to time in force, relating to data protection, privacy and the processing of personal data, including:

(a) the GDPR from the date the GDPR applies (as set out in Article 99 Entry into force and application) and/or (a) the GDPR from the date the GDPR applies (as set out in Article 99 Entry into force and application) and/or

(b) any corresponding or equivalent national laws or regulations from the date that they come into force.

21.2.4. Data Subject: has the meaning given to it in Data Protection Legislation.

21.2.5. EU: The European Union.

21.2.6. GDPR: means the General Data Protection Regulation (EU) 2016/679.

21.2.7. Member State: A member state of the EU.

21.2.8. Personal Data: has the meaning given to that term in Data Protection Legislation.

21.2.9. Personal Data Breach: A breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, any Protected Data on systems managed by or otherwise controlled by PrivIQ, excluding unsuccessful attempts or activities that do not compromise the security of the Protected Data.

21.2.10. Processing or processing: has the meaning given to that term in Data Protection Legislation and related terms such as ‘process’ have corresponding meanings.

21.2.11. Processor: has the meaning given to that term in Data Protection Legislation.

21.2.12. Protected Data: means Personal Data processed by PrivIQ on behalf of the Customer as a Processor in connection with the provision of the Services.

21.2.13. Services: means the services provided by PrivIQ to the Customer pursuant to the Terms of Service.

21.2.14. Sub-Processor: another processor engaged by PrivIQ for carrying out processing activities in respect of the Protected Data as part of the Services.

21.2.15. Supervisory Authority: An independent public authority which is established by a Member State pursuant to Article 51 of the GDPR.

The definitions in this clause should, as far as possible, be interpreted in accordance with the GDPR.

21.3. General

21.3.1. The Annexes form part of this Addendum and shall have effect as if set out in full in the body of this Addendum. Any reference to this Addendum includes the Annexes.

21.3.2. The Customer has engaged PrivIQ to perform and deliver the Services which may require PrivIQ to process Personal Data on behalf of the Customer as a Processor.

21.3.3. Annex A (“Details of Processing”) contains details about the processing of Protected Data by PrivIQ.

21.4. Instructions by Controller

21.4.1. PrivIQ agrees that it shall only carry out processing of Protected Data on the documented instructions of the Customer as set out in this Addendum and Annex A (“Details of the Processing”), as updated from time to time upon written agreement between the parties (including with regard to the transfer of Personal Data to a third country or an international organisation).

21.4.2. PrivIQ may process the Protected Data outside of the instructions of the Customer if PrivIQ is required to do so by EU or Member State law to which PrivIQ is subject; in such a case, PrivIQ shall to the extent permitted by law inform the Customer of that legal requirement before processing.

21.5. Security

21.5.1. PrivIQ shall implement appropriate technical and organisational measures to ensure a level of security appropriate to the risk, taking into account the state of the art, the costs of implementation and the nature, scope, context and purposes of processing as well as the risk of varying likelihood and severity for the rights and freedoms of natural persons.

21.5.2. PrivIQ shall in assessing the appropriate level of security take into account in particular the risks that are presented by processing, in particular from accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to Personal Data transmitted, stored or otherwise processed.

21.6. Confidentiality

21.6.1. PrivIQ shall ensure that persons authorised by them to process the Protected Data have committed themselves to confidentiality or are under an appropriate statutory obligation of confidentiality.

21.7. Cooperation and Information

21.7.1. PrivIQ shall provide such information and assistance to the Customer as the Customer may reasonably require to allow it to comply with requirements of the GDPR, including, information and assistance relating to the security of processing, notification of Personal Data Breaches to the Supervisory Authority, communication of a Personal Data Breach to the Data Subject (where required), data protection impact assessments and/or prior consultation with a Supervisory Authority regarding high risk processing.

21.8. Requests

21.8.1. PrivIQ shall promptly assist the Customer by appropriate technical and organisational measures, insofar as this is possible, for the fulfilment of the Customer’s obligation to respond to requests for exercising the Data Subject’s rights laid down in Chapter III of the GDPR.

21.9. Data Breach

21.9.1. PrivIQ shall notify the Customer of any Personal Data Breach, promptly upon becoming aware of such Personal Data Breach.

21.9.2. In the case of a Personal Data Breach PrivIQ will assist the Customer in meeting its obligations under Articles 33 and 34 of the GDPR to inform the competent Supervisory Authority and Data Subjects. As the Controller, the Customer is solely responsible for complying with its notification obligations for Personal Data Breaches under Data Protection Legislation.

21.10. Sub-Processors

21.10.1. The Customer acknowledges and agrees that PrivIQ engages Sub-Processors to provide certain services. The Customer provides general consent to the engagement of such Sub-Processors. The current Sub-Processors are set out in Annex B.

21.10.2. PrivIQ will notify the Customer of the appointment of any new Sub-Processor or changes to any existing Sub-Processor. The Customer may object to the appointment of or any change in the Sub-Processor where it has reasonable grounds for doing so and in such circumstances PrivIQ shall be entitled to address the objection through one of the following options at its sole discretion:

(i) cease to use the relevant Sub-Processor;

(ii) take steps suggested by the Customer to address the objection;

(iii) terminate or allow the Customer to terminate the Services.

21.10.3. PrivIQ may only subcontract the processing of Protected Data under this Addendum to a Sub-Processor if PrivIQ has imposed legally binding contractual terms substantially the same as those contained in this Addendum on the Sub-Processor. The Customer acknowledges and agrees that it has no right to audit and inspect a Sub-Processor’s facilities and premises and that PrivIQ shall not be obliged to include such rights in its agreements with Sub-Processors.

21.11. Audits AND Compliance

21.11.1. Upon reasonable request of the Customer, PrivIQ agrees to make available to the Customer all information necessary to demonstrate compliance with the obligations laid down in this Addendum and the Data Protection Legislation and allow for and contribute to audits, including inspections, conducted by the Customer or another auditor mandated by the Customer subject to clause 21.11.2.

21.11.2. The Customer shall give PrivIQ reasonable prior notice of any information request, audit or inspection and ensure that such audit or inspection is undertaken during normal business hours for PrivIQ and with minimal disruption to PrivIQ. The Customer shall ensure that all information obtained or generated by the Customer pursuant to clause 21.11.1 is kept strictly confidential (save for disclosure to a Supervisory Authority or as otherwise required by applicable law). The Customer shall pay PrivIQ’s reasonable costs for assisting with the provision of information and allowing for and contributing to inspections and audits.

21.11.3. PrivIQ may object to any third-party auditor appointed by the Customer to conduct any audit or inspection under clause 21.11.1 if the auditor is not in PrivIQ’s reasonable opinion, suitably qualified or independent. Nothing in clause 21.11.1 gives the Customer any right to access any data of any other customer of PrivIQ or any information that could cause PrivIQ to breach its obligations under Data Protection Legislation and/or its confidentiality or privacy obligations to any third party.

21.12. Data retention and Disposal

2.12.1. PrivIQ shall at the express choice of the Customer and upon the end of the provision of Services relating to processing, either return to the Customer or delete or destroy all copies of the Protected Data in PrivIQ’s possession or control and if the Customer requests, certify to the Customer that it has done so, unless EU or Member State law requires the storage of the Protected Data.

21.13. Data Transfers

13.1. PrivIQ shall not transfer Protected Data outside of the European Economic Area unless there are Appropriate Safeguards in place and any transfer shall be in accordance with Data Protection Legislation.

21.14. Amendments

21.14.1. PrivIQ may amend this Addendum at any time where required to comply with any applicable laws or where such amendments do not result in a material reduction in the protection of the Protected Data and do not breach Data Protection Legislation.

21.15. Liability

21.15.1. PrivIQ’s liability under this Addendum shall be subject to the exclusions and limitations set out in the Agreement.

21.16. Entry into force and duration

21.16.1. This Addendum will enter into force upon signing by both parties of the Agreement.

21.16.2. This Addendum will remain in effect until the Agreement is terminated.

Annex A – Details of the Processing

Detailed description of the Processing – The processing of Personal Data to the extent necessary in the provision of the Services (including the subject-matter, nature and purpose).

Duration of the Processing – The term of the Agreement and until deletion of all Protected Data by PrivIQ.

Types of Personal Data processed – Personal Data relating to individuals that is provided to PrivIQ via the Services by or at the direction of the Customer including without limitation, names, addresses, contact details, online identifiers and login details.

Categories of Data Subjects – Individuals about whom Personal Data is provided to PrivIQ via the Services by or at the direction of the Customer.

Annex B – Sub Processors

Last updated: 20 February 2024