Avassa Terms of Service Agreement
This Agreement governs the use of the Avassa Service. By placing an order that is accepted by Avassa, clicking to accept this Agreement, or using or accessing any Avassa Service, you agree to all the terms and conditions of this Agreement. If you are using Avassa Service on behalf of a company or other legal entity, then “Customer” or “you” means that entity, and you are binding that entity to this Agreement.
You represent and warrant that you have the legal power and authority to enter into this Agreement and that, if you represent a company or legal entity, this Agreement is entered into by an employee or agent with all necessary authority to bind that entity to this Agreement.
1 Definitions
1.1 “Account” means the Avassa customer account created on the Avassa web-site (avassa.io)
1.2 “Agreement” means, collectively, to all the terms, conditions, notices contained or referenced in this Terms of Service Agreement and all other operating rules, policies (including the Avassa Data Processing Addendum) and procedures that we may publish from time to time on the Website.
1.3 “Approved Countries” are member states within the EU (i.e. Austria, Belgium, Bulgaria, Croatia, Republic of Cyprus, Czech Republic, Denmark, Estonia, Finland, France, Germany, Greece, Hungary, Ireland, Italy, Latvia, Lithuania, Luxembourg, Malta, Netherlands, Poland, Portugal, Romania, Slovakia, Slovenia, Spain and Sweden), Australia, Iceland, Japan, Canada, New Zealand, Norway, Switzerland, Liechtenstein, the United Kingdom and USA.
1.4 “Authorized Users” means Customer’s employees and contractors (such as media agencies or marketing consultants) who are acting for Customer’s benefit and on its behalf.
1.5 “Avassa”, “we” or “us” means Avassa Systems AB as well as our affiliates, directors, subsidiaries, contractors, licensors, officers, and employees.
1.6 “Avassa Platform” means the edge cloud platform(s) (including the Control Tower and Edge Enforcer) created by a Customer or Authorized Users under it’s Account.
1.7 “Avassa Platform User” means an individual or entity who Customer has permitted access and use of the Avassa Platforms.
1.8 “Avassa Service” means the Avassa Platform or other applications, software, products, support and services provided by Avassa.
1.9 “Confidential Information” means code, inventions, know-how, product plans, inventions, and technical and financial information exchanged under this Agreement, that is identified as confidential at the time of disclosure or should reasonably be considered confidential based on the circumstances surrounding the disclosure and the nature of the information disclosed.
1.10 “Control Tower” means the Avassa Platform control tower software.
1.11 “Customer”, ”you” or “your” means the entity accessing, using, registering to use the Avassa Service or the customer entity, including its affiliates, set out in an Order Form.
1.12 “Documentation” means the end user technical documentation and specifications created by Avassa and provided with the Avassa Service
1.13 “Edge Enforcer” means the Avassa software installed on physical or virtual compute environments (e.g. edge computers, micro data centers,e cloud instances).
1.14 “Extended Support Services” means an extended support services ordered separately by the Customer. The scope of such Extended Support Service is defined in a separate Order Form
1.15 “Fee(s)” means the compensation paid by the Customer for the Avassa Service;
1.16 “Free Plan” means the free use of the Avassa Plaform
1.17 “Order Form” means a completed Avassa order form together with an order concerning the purchase of Avassa Service. The scope of the Services, commercial details, effective date and term length for each separate order are specified in the applicable Order Form. The Order Forms will form an inseparable part of this Agreement upon the acceptance by Avassa of such Order Form
1.18 “Party” means Avassa or the Customer
1.19 “Premium Plan” means the paid use of the Avassa Platform
1.20 “Relevant Laws” includes, but is not limited to, export control laws and regulations, economic, trade and financial sanctions laws, regulations, embargoes, restricted state lists or restrictive measures which are in force for the time being and to which Avassa is subject.
2 Account Registration and Use
A human must register your Account and the creator and users of your Account must be 18 years old or over. By registering an Account, Customer and its Authorized Users can create Avassa Platforms and access and use the Avassa Service. Account information must be accurate, current, and complete, and will be governed by Avassas’s Data Processing Addendum Customer agrees to keep this information up-to-date so that Avassa may send notices, statements, and other information by email or through Customer’s Account. Customer must ensure that any user IDs, passwords, and other access credentials for the Account and the Avassa Service are kept strictly confidential and not shared with any unauthorized person. If any Authorized User stops working for Customer, Customer must immediately terminate that person’s access to its Account. Customer will be responsible for any and all actions taken using its and its users’ accounts, passwords or access credentials. Customer must notify Avassa immediately of any breach of security or unauthorized use of its account. Accounts are granted to specific Customers and must not be shared with others.
3 Use Rights
3.1 Use of Avassa Service.
Subject to all the terms and conditions of this Agreement and full and timely payment of applicable fees, Avassa grants Customer a limited, non-exclusive, non-transferable, non-sublicensable right to use and access the Avassa Service during the Term of this Agreement.
Using the Avassa Service may require installation of the Edge Enforcer or the Control Tower on physical or virtual compute environments. In these cases, subject to the same conditions above, the rights granted in this Section further include the right to install and use the Avassa Edge Enforcer on Customers physical or virtual compute environments solely to be used as part of the Avassa Service.
3.2 Access and Use by Avassa Platform Users
Customer may permit Avassa Platform Users to access and use the Avassa Platform, provided their use remains in compliance with this Agreement. Customer will be responsible for all Avassa Platform Users’ use and access and their compliance with the terms and conditions of this Agreement.
3.3 General Restrictions
Customer must not (and must not allow a third party to):
3.3.1 rent, lease, copy, transfer, resell, sublicense, lease, time-share, or otherwise provide access to the Avassa Service to a third party (except Authorized Users and Avassa Platform Users);
3.3.2 publicly disseminate information regarding the performance of the Avassa Service (which is deemed Avassa’s Confidential Information);
3.3.3 modify or create a derivative work of the Avassa Service or any portion of it;
3.3.4 reverse engineer, disassemble, decompile, translate, or otherwise seek to obtain or derive the source code, underlying ideas, algorithms, file formats, or non-public APIs to any Avassa Service;
3.3.5 break or circumvent any security measures, rate limits, or usage tracking of the Avassa Service, or configure the Avassa Service to avoid sending events or impressions or to otherwise avoid incurring fees;
3.3.6 distribute any portion of the Avassa Service other than the Edge Enforcer or Control Tower as specifically permitted above;
3.3.7 access the Avassa Service for the purpose of building a competitive product or service or copying its features or user interface;
3.3.8 use the Avassa Service for purposes of product evaluation, benchmarking, or other comparative analysis intended for publication without Avassa’s prior written consent; or
3.3.9 remove or obscure any proprietary or other notices contained in the Avassa Service, including in any reports or output obtained from the Avassa Service.
3.3.10 use more than one Avassa Platform under the Free Plan
3.3.11 use or provide the Avassa Service in or to any other country than Approved Countries.
3.4 Customer obligations
3.4.1 Customer is responsible for all content uploaded and activity that occurs under its use of the Avassa Service;
3.4.2 Customer is responsible for maintaining the security of the Account. Avassa is not liable for any loss or damage from Customers failure to comply with this security obligation.
4 Acceptable Use Policy
4.1 The Customer shall use and ensure that its Authorized Users and Avassa Platform Users use the Avassa Service in accordance with the following applicable use policy. The Customer is solely responsible for ensuring that the Avassa Service are not used:
4.1.1 to violate, or encourage the violation of, the legal rights (including without limitation Intellectual Property Rights) of others; or
4.1.2 to engage in, promote or encourage any illegal activity;
4.1.3 to violate Relevant Laws;
4.1.4 for any unlawful, invasive, infringing, defamatory, offensive, harmful or fraudulent purpose (for example, this may include phishing, creating a pyramid scheme or mirroring a website);
4.1.5 to intentionally distribute viruses, worms, Trojan horses, corrupted files, hoaxes, or other items of a destructive or deceptive nature;
4.1.6 to violate the security or integrity of any network, computer or communications system, software application or network or computing device (such violations to include without limitation unauthorized access, interception of data or traffic or falsification of origin);
4.1.7 to interfere with the use of the Avassa Service, or the systems used to provide the Avassa Service, by others;
4.1.8 to disable, interfere with or circumvent any aspect of the Avassa Service;
4.2 Avassa reserve the right but assume no obligation to review the Customer’s use of the Avassa Service to ensure compliance with this Section 4 and to discontinue any use by the Customer of the Avassa Service and removing any infringing data of the Customer. Avassa report suspected infringing activities to officials, regulators or other appropriate third parties, including the disclosure of appropriate information regarding the Customer.
4.3 Avassa may track and analyze the usage of the Avassa Service for purposes of security and of helping Avassa improve the Avassa Service. For example, we may use this information to understand and analyze trends or track which of our features are used most often to improve product functionality.
4.4 If the Customer becomes aware that its use of the Avassa Service infringes the acceptable use policy set out herein, the Customer agrees to immediately cease the infringing use of the Avassa Service without separate notice. The Customer agrees to comply with any requests of Avassa as regards to any use of the Avassa Service that infringes the acceptable use policy set out herein.
5 Customer Data
5.1 Avassa considers the content and data Customer upload and configures in the Avassa Platform as confidential to the Customer. Avassa may only access the content and data in Customer’s Avassa Platform(s) in the following situations:
5.1.1 with Customers consent and knowledge, for support reasons. If Avassa accesses a private repository for support reasons, Avassa will only do so with the Customers consent and knowledge; or
5.1.2 when access is required for security reasons.
6 Fees and Payment Terms
6.1 Subject to change according to section 6.4 below, the rates applicable for the Avassa Service are in accordance with the Avassa standard pricelist and is available on request. Actual Fees for Avassa Service will vary depending on the Customer’s use of the Avassa Service.
6.2 The Fees for the use of the Avassa Service shall be invoiced monthly based on the Customer’s use of the Avassa Service. The Customer is responsible for paying any Fees properly due in accordance with the invoices sent by Avassa. Avassa may use the Stripe service set out in Section 6.3 below to automatically process Fees from the Customer
6.3 Avassa uses a credit card processing service provided by Stripe Payments Europe, Ltd. (https://stripe.com/) (“Stripe”) to process its credit card payments. The Customer consents to the use of the Stripe service and to the transfer of its credit card details (including any personal data contained therein) to Stripe. The Customer is familiar and agrees to be bound by any third party terms applicable to the Stripe service.
6.4 Avassa reserves the right to change the rates applicable to the Avassa Service upon 180 days notice. Continuous use of the Avassa Service will be deemed as acceptance of the new Fees.
6.5 All rates and Fees are set out without value added tax (VAT) or any other applicable sales tax, which shall be added to the rates and Fees in accordance with the then- applicable tax laws and regulations. In case a separate invoice is sent, the term of payment of each invoice shall be thirty (30) days net from the date of the invoice.
7 Support Services
7.1 All use of the Avassa Service under a Premium Plan includes web-based and email support without any guaranteed response times or service levels.
7.2 The Customer may choose to order Extended Support Services, including service level agreements, by placing a separate order. The scope, conditions and fees for Extended Support Services will be as specified in such Order Form.
8 Term and Termination
8.1 This Agreement shall enter into force when the Customer has accepted this Agreement by registering an Account or otherwise using Avassa Service and continue until terminated by either Party as set forth in this Section 8 (the “Term”). If the Avassa Service are ordered through a separate Order Form, this Agreement will become effective as stated in the Order Form.
8.2 Unless expressly set out to the contrary in the Order Form, the Agreement shall remain in force until terminated by a Party by a two (2) months’ written notice to the other Party. Unless expressly set out to the contrary in the Order Form, the Customer may terminate the order of any individual Avassa Service at any time by choosing that option at the Customer’s Account.. If a Customer terminates individual Avassa Service, the Agreement remains in force until terminated as set out in this section 8.
8.3 Each Party may terminate the Agreement in whole for cause with immediate effect upon written notice to the other Party if the other Party becomes insolvent, applies for or is adjudicated in bankruptcy or liquidation or corporate restructuring or otherwise ceases to carry on its business; or (b) the other Party is in material breach of the terms and conditions of this Agreement and fails to remedy such breach within thirty (30) days from the date of receipt of a written notice by the non- defaulting Party, such written notice detailing the breach and the intention to terminate.
8.4 Unless expressly set out to the contrary in the Order Form, upon the termination of the Agreement for any reason, any Fees owed by the Customer until the effective date of the termination shall become due.
9 Suspension
9.1 After notifying the Customer, Avassa shall have the right to suspend Customers access and use of the Avassa Service for a reasonable short period of time if such is necessary in order to perform installation, change or maintenance work in respect of the Avassa Service.
9.2 Avassa shall have the right to suspend Customers access and use of the Avassa Service due to (a) a significant data security risk to the Avassa Service, or (b) if applicable law or a court or administrative order requires Avassa to do so, or (c) if Avassa becomes aware of, or reasonably suspects, that Customer has violated the terms of this Agreement or other agreements or guidelines which maybe be associated with use of the Avassa Service, or (d) if the Avassa Service are used contrary to, or for a purpose prohibited by this Agreement, applicable laws or court or administrative orders. Avassa shall promptly notify the Customer of the suspension of the Cloud Service under this Section as well as the grounds for such suspension and shall use its commercially best efforts to resolve the issue with the Customer without undue delay.
9.3 Avassa shall always have the right to suspend the Avassa Service, if the Customer is in default with its payment of undisputed Fees due under this Agreement and does not pay such Fees despite a request to pay within fourteen (14) days calculated from the date of such request. The suspension can be continued until the Customer has paid all Fees due under this Agreement.
10 Confidential Information
10.1 Each Party (as the receiving Party) must: (a) hold in confidence and not disclose the other Party’s Confidential Information to third parties except as permitted by this Agreement; and (b) only use the other Party’s Confidential Information to fulfill its obligations and exercise its rights under this Agreement. Each Party may share the other Party’s Confidential Information with its, and its Affiliates’, employees, agents or contractors having a legitimate need to know, provided that the Party remains responsible for any recipient’s compliance with the terms of this Section 10 and that these recipients are bound to confidentiality obligations no less protective than this Section.
10.2 These confidentiality obligations do not apply to (and Confidential Information does not include) information that: (a) is or becomes public knowledge through no fault of the receiving Party; (b) was known by the receiving Party before it received the Confidential Information; (c) is rightfully obtained by the receiving Party from a third Party without breach of any confidentiality obligation; or (d) is independently developed by the receiving Party without using the disclosing Party’s Confidential Information. A Party may also disclose the other Party’s Confidential Information to the extent required by law or court order, provided it gives advanced notice (if permitted by law) and cooperates in any effort by the other Party to obtain confidential treatment for the information.
11 Disclaimer of Warranties
11.1 Avassa provides the Avassa Service “as is” and “as available,” without warranty of any kind. Without limiting this, we expressly disclaim all warranties, whether express, implied or statutory, regarding the Avassa Service including without limitation any warranty of merchantability, fitness for a particular purpose, title, security, accuracy and non-infringement.
11.2 Avassa does not warrant that the Avassa Service will meet your requirements; that the Avassa Service will be uninterrupted, timely, secure, or error-free; that the information provided through the Avassa Service is accurate, reliable or correct; that any defects or errors will be corrected; that the Avassa Service will be available at any particular time or location; or that the Avassa Service is free of viruses or other harmful components. You assume full responsibility and risk of loss resulting from your downloading and/or use of files, information, content or other material obtained from the Avassa Service.
12 Intellectual Property Rights
12.1 All rights, title and interest, including all Intellectual Property Rights in and to the Avassa Service and Documentation, and any changes thereto shall belong exclusively to Avassa or its licensors. Except for the express license to use the Avassa Service granted to the Customer under and in accordance with the terms and conditions of this Agreement, the Customer shall have no and shall not by virtue of this Agreement obtain any rights, license or interests in and to the Services or any Intellectual Property Rights pertaining thereto.
13 Indemnification
13.1 Indemnity by Avassa
13.1.1 Avassa will defend or settle any third party suit brought against Customer that the Avassa Service as made available by Avassa hereunder, infringes any copyright or misappropriate a trade secret of such third party and will pay those costs and damages finally awarded against Customer in such suit, that are specifically attributable to such claims or those amounts payable by Avassa under a settlement of such suit, provided that:
13.1.1.1 Customer promptly notifies Avassa of the claim; and
13.1.1.2 Customer cooperates with Avassa in the defense of the claim; and
13.1.1.3 Avassa has and maintains sole control of the defense and all related settlement negotiations.
13.1.2 If such claim occurs, or in Avassa’s opinion is likely to occur, Customer agrees to permit Avassa, at Avassas’s option and expense, either to procure for Customer the right to continue using the Avassa Service or to replace or modify the same so that it becomes non-infringing and provides as nearly as is reasonably possible, under the circumstances, the same capability as before. If Avassa is unable to procure such rights, or to replace or modify the Avassa Service, Avassa may terminate this Agreement, upon which the Customer agrees to cease using the Avassa Service and Avassa agrees to reimburse the Fees paid in advance by the Customer for the terminated Avassa Service, less a proportion equal to the time of use of the Avassa Service by the Customer.
13.1.3 Avassa shall have no obligation under this Section 13 for any claim based upon (a) use of other than a current, unaltered release of the Avassa Service if such infringement would have been avoided by the use of a current, unaltered release of the Avassa Service (b) use of the Avassa Service in a manner not contemplated in the Documentation or by this Agreement; or (c) use of the Avassa Service in combination with any non-Avassa-provided equipment, software or data and in which the alleged infringement would not have arisen from use of the Avassa Service itself.
13.1.4 The foregoing states the entire obligation of Licensor with respect to any infringement of intellectual property rights by the Licensed Software.
13.2 Indemnity by Customer
13.2.1 Customer shall defend, indemnify and hold harmless Avassa from all claims, costs, damages, judgments and attorney’s fees resulting from or arising out of the use of the Avassa Service and services hereunder by Avassa, or resulting from or arising out of the license granted hereunder, provided that:
13.2.1.1 Avassa promptly notify Customer of the claim; and
13.2.1.2 Avassa cooperate with Customer in the defense of the claim; and
13.2.1.3 Customer has and maintains sole control of the defense and related settlement negotiations.
14 Limitation of Liability
14.1 The total aggregate liability of a Party towards the other Party under the Agreement shall not exceed an amount equal to the Fees paid by the Customer to Avassa during the twelve (12) months preceding the event giving rise to the liability.
14.2 A Party shall not be liable for any indirect, incidental, or consequential damages such as loss of profits, revenue or business, damages caused due to decrease in turnover or production or loss, alteration, destruction or corruption of data.
14.3 The limitations of liability shall not apply to damages caused by willful misconduct or gross negligence.
15 Other Terms
15.1 Force Majeure: Avassa shall not be liable to Customer resulting from delays in the performance of Avassa Service caused by circumstances or events beyond its reasonable control, including, but not limited to, labor disputes, inability to procure export licenses, legally imposed travel restrictions, natural catastrophe and acts of God, war, civil disturbance, terrorism, shortages in materials or labor, delays in receipt of materials or products from subcontractors.
15.2 Notices: Any notice required or permitted to be given under this Agreement shall when sent by Customer be sent to notice@avassa.io and when sent by Avassa to the email address specified by Customer under the Account.
15.3 Waiver: The waiver by either Party of a breach of any provision of this Agreement shall not operate or be construed as a waiver of any other or a subsequent breach of the same or a different kind. If for any reason a court of competent jurisdiction finds any provision of this Agreement, or portion thereof, to be unenforceable, that provision of the Agreement will be enforced to the maximum extent permissible so as to effect the intent of the Parties, and the remainder of this Agreement will continue in full force and effect.
15.4 Assignment: Neither this Agreement nor any rights hereunder, in whole or in part, shall be assignable or otherwise transferable by Customer without the express written consent of Avassa, which consent shall not be unreasonable withheld or delayed. Customer shall, however, have the right to assign this Agreement without Avassa’s consent to an entity which acquires all or substantially all of its assets or merges with it. Subject to the above, this Agreement shall be binding upon and inure to the benefit of the successors and assigns of the Parties hereto.
15.5 Governing Law: This Agreement shall be governed by and interpreted under the substantive laws of Sweden. The Parties agree that this Agreement is not subject to and shall not be interpreted by the United Nations Convention on Contracts for the International Sale of Goods or any national implementation thereof.
15.6 Dispute: Any dispute, controversy or claim arising out of or in connection with this Agreement, or the breach, termination or invalidity thereof, shall be finally settled by arbitration administered by the Arbitration Institute of the Stockholm Chamber of Commerce (the “SCC Institute”). The Rules for Expedited Arbitrations of the Arbitration Institute of the Stockholm Chamber of Commerce shall apply, unless the SCC Institute, taking into account the complexity of the case, the amount in dispute and other circumstances, determines, in its discretion, that the Rules of the Arbitration Institute of the Stockholm Chamber of Commerce shall apply. In the latter case, the SCC Institute shall also decide whether the arbitral tribunal shall be composed of one or three arbitrators.
15.7 Survival: All provisions of this Agreement which by their nature should survive termination will survive termination, including, without limitation, intellectual property rights, confidentiality, warranty disclaimers, indemnity, and limitations of liability.
Avassa Data Processing Addendum
This Data Processing Addendum, including its Schedules, (“DPA”) forms part of the Terms of Service Agreement (the “Agreement”) or other written or electronic agreement between Avassa and Customer for the purchase of Avassa Service to reflect the parties’ agreement with regard to the Processing of Personal Data. By signing or accepting the Agreement, Customer enters into this DPA on behalf of itself and, to the extent required under applicable Data Protection Laws and Regulations. In the course of providing the Avassa Service to Customer pursuant to the Agreement, Avassa may Process Personal Data on behalf of Customer and the Parties agree to comply with the following provisions with respect to any Personal Data, each acting reasonably and in good faith.
DATA PROCESSING TERMS
1. DEFINITIONS
“Affiliate” means any entity that directly or indirectly controls, is controlled by, or is under common control with the subject entity. “Control,” for purposes of this definition, means direct or indirect ownership or control of more than 50% of the voting interests of the subject entity.
“Controller” means the entity which determines the purposes and means of the Processing of Personal Data.
“Customer Data” means electronic data and information submitted by or for Customer to the Avassa Service.
“Data Protection Laws and Regulations” means all laws and regulations, including laws and regulations of the European Union, the European Economic Area and their member states, Switzerland, and the United Kingdom applicable to the Processing of Personal Data under the Agreement as amended from time to time.
“Data Subject” means the identified or identifiable person to whom Personal Data relates.
“GDPR” means the Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation), including as implemented or adopted under the laws of the United Kingdom. “Personal Data” means any information relating to (i) an identified or identifiable natural person and, (ii) an identified or identifiable legal entity (where such information is protected similarly as personal data or personally identifiable information under applicable Data Protection Laws and Regulations), where for each (i) or (ii), such data is Customer Data.
“Processing” means any operation or set of operations which is performed upon Personal Data, whether or not by automatic means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
“Processor” means the entity which Processes Personal Data on behalf of the Controller.
“Sub-processor” means any Processor engaged by Avassa. “Supervisory Authority” means an independent public authority which is established by an EU Member State pursuant to the GDPR or, for the United Kingdom, the Information Commissioner’s Office (“ICO”).
2. PROCESSING OF PERSONAL DATA
2.1 Roles of the Parties.
The parties acknowledge and agree that with regard to the Processing of Personal Data, Customer is the Controller, Avassa is the Processor and that Avassa will engage Sub-processors pursuant to the requirements set forth in Section 5 “Sub-processors” below.
2.2 Customer’s Processing of Personal Data.
Customer shall, in its use of the Avassa Service, Process Personal Data in accordance with the requirements of Data Protection Laws and Regulations, including any applicable requirement to provide notice to Data Subjects of the use of Avassa as Processor. For the avoidance of doubt, Customer’s instructions for the Processing of Personal Data shall comply with Data Protection Laws and Regulations. Customer shall have sole responsibility for the accuracy, quality, and legality of Personal Data and the means by which Customer acquired Personal Data. Customer specifically acknowledges that its use of the Avassa Service will not violate the rights of any Data Subject that has opted-out from sales or other disclosures of Personal Data.
2.3 Avassa’s Processing of Personal Data.
Avassa shall treat Personal Data as Confidential Information and shall Process Personal Data on behalf of and only in accordance with Customer’s documented instructions for the following purposes: (i) Processing in accordance with the Agreement and applicable Order Form(s); (ii) Processing initiated by Customer in their use of the Avassa Service; and (iii) Processing to comply with other documented reasonable instructions provided by Customer (e.g., via email) where such instructions are consistent with the terms of the Agreement.
2.4 Details of the Processing.
The subject-matter of Processing of Personal Data by Avassa is the performance of the Avassa Service pursuant to the Agreement. The duration of the Processing, the nature and purpose of the Processing, the types of Personal Data and categories of Data Subjects Processed under this DPA are further specified in Schedule 1 (Details of the Processing) to this DPA.
3. RIGHTS OF DATA SUBJECTS
Data Subject Request. Avassa shall, to the extent legally permitted, promptly notify Customer if Avassa receives a request from a Data Subject to exercise the Data Subject’s right of access, right to rectification, restriction of Processing, erasure (“right to be forgotten”), data portability, object to the Processing, or its right not to be subject to an automated individual decision making, each such request being a “Data Subject Request”. Taking into account the nature of the Processing, Avassa shall assist Customer by appropriate technical and organizational measures, insofar as this is possible, for the fulfilment of Customer’s obligation to respond to a Data Subject Request under Data Protection Laws and Regulations. In addition, to the extent Customer, in its use of the Avassa Service, does not have the ability to address a Data Subject Request, Avassa shall upon Customer’s request provide commercially reasonable efforts to assist Customer in responding to such Data Subject Request, to the extent Avassa is legally permitted to do so and the response to such Data Subject Request is required under Data Protection Laws and Regulations. To the extent legally permitted, Customer shall be responsible for any costs arising from Avassa’s provision of such assistance.
4. AVASSA PERSONNEL
4.1 Confidentiality.
Avassa shall ensure that its personnel engaged in the Processing of Personal Data are informed of the confidential nature of the Personal Data, have received appropriate training on their responsibilities and have executed written confidentiality agreements. Avassa shall ensure that such confidentiality obligations survive the termination of the personnel engagement.
4.2 Reliability.
Avassa shall take commercially reasonable steps to ensure the reliability of any Avassa personnel engaged in the Processing of Personal Data.
4.3 Limitation of Access.
Avassa shall ensure that Avassa’s access to Personal Data is limited to those personnel performing services in accordance with the Agreement.
4.4 Data Protection Officer.
Avassa have appointed a data protection officer. The appointed person may be reached at privacy@avassa.com.
5. SUB-PROCESSORS
5.1 Appointment of Sub-processors.
Customer acknowledges and agrees that Avassa may engage third-party Sub-processors in connection with the provision of the Avassa Service. Avassa has entered into an agreement with each Sub-processor containing data protection obligations not less protective than those in the Agreement with respect to the protection of Customer Data to the extent applicable to the nature of the services provided by such Sub-processor.
5.2 List of Current Sub-processors and Notification of New Sub-processors.
Avassa shall make available to Customer the current list of Sub-processors for the Avassa. Such Sub-processor lists shall include the identities of those Sub-processors and their country of location (“Infrastructure and Sub-processor Documentation”). Customer may find on Avassa’s webpage (http://www.avassa.io/legal/ the Infrastructure and Sub-processor Documentation as well as a mechanism to subscribe to notifications of new Sub-processors for each applicable Avassa Service, to which Customer may subscribe, and if Customer subscribes, Avassa shall provide notification of a new Sub-processor(s) before authorizing any new Sub-processor(s) to Process Personal Data in connection with the provision of the applicable Avassa Service.
5.3 Objection Right for New Sub-processors.
Customer may object to Avassa’s use of a new Sub-processor by notifying Avassa promptly in writing within thirty (30) days after receipt of Avassa’s notice in accordance with the mechanism set out in Section 5.2. In the event Customer objects to a new Sub-processor, as permitted in the preceding sentence, Avassa will use reasonable efforts to make available to Customer a change in the Avassa Service or recommend a commercially reasonable change to Customer’s configuration or use of the Avassa Service to avoid Processing of Personal Data by the objected-to new Sub-processor without unreasonably burdening Customer. If Avassa is unable to make available such change within a reasonable period of time, which shall not exceed thirty (30) days, Customer may terminate the applicable Order Form(s) with respect only to those Avassa Service which cannot be provided by Avassa without the use of the objected-to new Sub-processor by providing written notice to Avassa. Avassa will refund Customer any prepaid fees covering the remainder of the term of such Order Form(s) following the effective date of termination with respect to such terminated Avassa Service, without imposing a penalty for such termination on Customer.
5.4 Liability.
Avassa shall be liable for the acts and omissions of its Sub-processors to the same extent Avassa would be liable if performing the services of each Sub-processor directly under the terms of this DPA, except as otherwise set forth in the Agreement.
6. SECURITY
6.1 Controls for the Protection of Customer Data.
Avassa shall maintain appropriate technical and organizational measures for protection of the security (including protection against unauthorized or unlawful Processing and against accidental or unlawful destruction, loss or alteration or damage, unauthorized disclosure of, or access to, Customer Data), confidentiality and integrity of Customer Data. Avassa will not materially decrease the overall security of the Avassa Service during a subscription term.
6.2 Data Protection Impact Assessment.
Upon Customer’s request, Avassa shall provide Customer with reasonable cooperation and assistance needed to fulfil Customer’s obligation under the Data Protection Laws and Regulations to carry out a data protection impact assessment related to Customer’s use of the Avassa Service, to the extent Customer does not otherwise have access to the relevant information, and to the extent such information is available to Avassa.
7. CUSTOMER DATA INCIDENT MANAGEMENT AND NOTIFICATION
Avassa maintains security incident management policies and procedures and shall notify Customer without undue delay after becoming aware of the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to Customer Data, including Personal Data, transmitted, stored or otherwise Processed by Avassa or its Sub-processors of which Avassa becomes aware (a “Customer Data Incident”). Avassa shall make reasonable efforts to identify the cause of such Customer Data Incident and take those steps as Avassa deems necessary and reasonable in order to remediate the cause of such a Customer Data Incident to the extent the remediation is within Avassa’s reasonable control. The obligations herein shall not apply to incidents that are caused by Customer or Customer’s Users.
8. DELETION OF CUSTOMER DATA
Avassa shall, to the extent allowed by applicable law, delete Customer Data in accordance with the below timeframes.
Day 0, subscription terminates.
| Day 0-14 | Day 15-90 | Day 91-180 |
| Data available | Data deleted or overwritten from production | Data deleted or overwritten from backups |
9. LIMITATION OF LIABILITY
Each party’s and all of its Affiliates’ liability, taken together in the aggregate, arising out of or related to this DPA, whether in contract, tort or under any other theory of liability, is subject to the ‘Limitation of Liability’ section of the Agreement, and any reference in such section to the liability of a party means the aggregate liability of that party and all of its Affiliates under the Agreement and all DPAs together.
10. EUROPEAN SPECIFIC PROVISIONS
10.1 GDPR.
Avassa will Process Personal Data in accordance with the GDPR requirements directly applicable to Avassa’s provision of its Avassa Service. 10.2 Data Protection Impact Assessment. Avassa shall provide reasonable assistance to Customer in the cooperation or prior consultation with the Supervisory Authority in the performance of its tasks relating to Section 6.2 of this DPA, to the extent required under the GDPR.
List of Schedules 1: Details of the Processing
SCHEDULE 1 – DETAILS OF THE PROCESSING
Avassa will Process Personal Data as necessary to perform the Avassa Service pursuant to the Agreement, as further specified in the Documentation, and as further instructed by Customer in its use of the Avassa Service.
Duration of Processing
Subject to Section 8 of the DPA, Avassa will Process Personal Data for the duration of the Agreement, unless otherwise agreed upon in writing.
Categories of Data Subjects
Customer may submit Personal Data to the Service, the extent of which is determined and controlled by Customer in its sole discretion, and which may include, but is not limited to Personal Data relating to the following categories of data subjects:
- Prospects, customers, business partners and vendors of Customer (who are natural persons)
- Employees or contact persons of Customer’s prospects, customers, business partners and vendors
- Employees, agents, advisors, freelancers of Customer (who are natural persons)
- Customer’s Users authorized by Customer to use the Avassa Service
Type of Personal Data
Customer may submit Personal Data to the Avassa Service, the extent of which is determined and controlled by Customer in its sole discretion, and which may include, but is not limited to the following categories of Personal Data:
- First and last name
- Title
- Position
- Employer
- Contact information (company, email, phone, physical business address)
- ID data
- Localisation data