PROFILA BRAND USER LICENSE AGREEMENT
Summary: This agreement is a formal contract between Profila and your organization and outlines certain rights and obligations for you as well as for Profila regarding your use of the Profila Platform.
This Agreement makes clear what your organization and Profila can expect and how your organization and Profila need to behave when your organization uses the Platform to interact with Consumers.
This Brand User License Agreement (henceforth “BULA” or “Agreement”) is a legally binding agreement between you, as a corporation, partnership, joint venture, limited liability company, governmental authority, unincorporated organization, trust, association, or other entity, or as an individual acting on behalf of such, or an individual that can be qualified as a “Brand” (e.g. influencers, celebrities, politicians) (“you”, “your”, “Brand”), and Profila GmbH (“Profila,” “we,” “us,” “our”), and governs your use of the Profila Platform.
Table of Contents
- Description of the Platform
- Acceptance of Terms
- Ownership of Data, Intellectual Property & Licenses
- Use Restrictions
- Compliance Measures
- Data Subject Rights or Data Rights
- Data Collection and Processing
- Data Security and Protection
- Your services and Offerings
- Our obligations to you
- Disclaimer of Warranty and Limitation of Liability
- Jurisdiction and legality of Content
- Force Majeure
- Governing Law and Court Venue
- DESCRIPTION OF THE PLATFORM
Summary: This section helps you understand how some of the Platform’s functionalities work.
The Platform is an online system that enables you to access Profila’s functionalities – as further described in this BULA – from a computer, mobile device or tablet that can access the internet.
The Platform allows you to perform numerous actions, including, but not limited to:
- viewing lists and statistics of your Connections and Subscribed Consumers;
- inviting your customers or followers to connect on Profila;
- creating Subscription Offers;
- viewing Consumer Moments and interacting with Consumers; and
- creating Brand Moments.
For more information on Profila’s functionalities, see www.profila.com.
- ACCEPTANCE OF TERMS
Summary: If you use the Platform, you agree to be bound by this BULA.
Please read this BULA carefully before accessing or using the Platform. By checking the “I accept” box during the registration process, you indicate that you have read, understood, and agreed to be bound by, the terms of this BULA. You also warrant that you are at least 18 years of age and of the legal age and capacity required under Belgian law to enter into a binding agreement. If you are signing up on behalf of a company, you warrant that you have the authority to create an account and enter into binding agreements on its behalf.
If you do not have authority to enter into this Agreement, or if you do not agree to this BULA, do not check the “I accept” box and do not use the Platform.
Summary: This section defines capitalized terms used throughout this BULA.
This makes it easier for you to read the information and interpret special terms. It will also help you to understand certain Platform-specific concepts, such as Category Quizzes and Brand Moments.
“Applicable Privacy Law” means the legislative framework that applies to a Brand’s processing of Personal Data in the course of its activities, which may depend on a Brand’s own country of establishment, a Consumer’s country or residence or nationality, or other factors; including but not limited to (i) the GDPR, (ii) the CCPA, (iii) LGDP or (iv) any other national, regional or international law in relation to privacy and Personal Data processing.
“Advertisement” means a notice or announcement sent by you for Consumers to view in the App, which may promote or publicize products, services, events or job vacancies;
“App” means the Profila mobile application available for iOS and Android that allows Consumers to perform numerous actions, including, but not limited to:
- adding Personal Data to their account;
- completing Category Quizzes;
- creating Moments;
- interacting with Brands via Subscriptions and Brand Moments;
- education on Data Rights; and
- exercising Data Rights;
“Brand” means an individual, corporation, partnership, joint venture, limited liability company, governmental authority, unincorporated organization, trust, association, or other entity, that offers or promotes products and/or services, or – in the case of individual that can be qualified as a “Brand” (e.g. influencers, celebrities, politicians, independent professionals) – promotes him or herself, in a physical or digital environment at any worldwide location;
“Brand Subscriber” means a Brand that has entered into a Subscription Contract with a Consumer, and is receiving and using Consumer Data per the Subscription Contract;
“Brand Moment” means a picture, text message, video, audio, article or any other form of (marketing) content, (promotional) offers or information about a Brand, its products or services or other (profit or non-profit) activities, as well as Brand’s responses to a Consumer Moment, or other form on digital communication between a Brand and a Consumer, that a Brand can share with a Consumer under the terms and conditions of a Subscription Contract. A Consumer can interact with or respond to a Brand Moment in the form of a view, click, or Consumer Moment, a buying signal etc.
“Brand Offerings” means a Brand Moment, any other form of brand-related content or Third-Party Offerings.
“Brand Privacy Terms” means the privacy terms and conditions as defined by a Brand that govern its processing of a Consumer’s Data, which may include part or all of their Personal Data, Categories, and/or Moments, in relation to a specific Subscription Offer. These privacy terms are made available to a Consumer as part of a Subscription Offer, and form part of a Subscription Contract once a Consumer has accepted the Subscription Offer;
“Brand-initiated Interactions” has the meaning as set out in Section 8;
“Category” or “Categories” means a category within the App in which Consumers can capture their sentiments and preferences either by including Moments or by completing Category Quizzes;
“Category Quiz” means a text- or picture-based gamified quiz based on Category topics. Quizzes gauge Consumer interests in a range of topics. Consumers keep their results, but they can be shared with you as part of a Subscription Offer;
“Consumer” means an individual user of the App who purchases, uses, or accesses goods and/or services in a physical or digital environment at any worldwide location or – in his or her relationship to a “Brand” that is an individual (e.g. influencer, celebrity, politician) – an individual who is a follower, supporter or sympathizer;
“Consumer Connection” means a Consumer that has chosen to link their profile to you in the App, allowing them to exercise their Data Rights against you and send you Consumer Moments;
“Consumer Moment” means a photo, video, or text-based message that Consumers capture via the App to give feedback on you, your products and/or services. Your Consumer Connections can share these with you and/or include them in a Category;
“CCPA” means the California Consumer Protection Act of 2018, a Californian law that grants residents of the State of California increased consumer protection and privacy rights. It allows them to exercise increased control over their Personal Data while imposing additional obligations on organizations that target the data of such residents;
“Data” means any content or information that Consumers include in the App. This includes Personal Data and Data that does not constitute Personal Data;
“Data Insights” are aggregated statistics and other information that are created from certain events logged by Profila when Consumers interact with the App and the content associated with these events. Such events are made up of varying data points such as the following depending on the specific event:
- An action. This includes actions like the following;
- Viewing and interacting with a Brand Moment, Brand Offering or Third-Party Offering;
- Exercising Data Rights towards a Brand Connection or Brand Subscriber;
- Adding Brand Connections;
- Exercising Consumer Moments;
- Filling out Quizzes;
- Information about the action, the person taking the action, and the browser/app used for it such as the following;
- Date and time of action
- Country/city (estimated from IP address or imported from user profile for logged-in users)
- Age/gender group
- Whether the action was taken from a computer or mobile device (from browser’s user agent or app attributes)
- Profila user ID
“Data Subject” means an identified or identifiable natural person whose Personal Data is processed;
“Device” means any internet-enabled computer, tablet or mobile device through which you can access the Platform;
“Documentation” means user manuals, technical manuals and any other materials (including, but not limited to, whitepapers) provided by Profila, in printed, electronic, or any other form, that describe the installation, operation, use, or technical specifications of the Platform;
“GDPR” means the General Data Protection Regulation (EU 2016/679), a European Union legal framework that applies to the processing of Personal Data of EU nationals and residents. It imposes obligations onto organizations located anywhere in the world that process the data of EU nationals or residents;
“Intellectual Property Rights” means any registered and unregistered rights granted, applied for, or otherwise now or hereafter in existence under, or related to, any patent, copyright, trademark, trade secret, database protection, or other intellectual property rights laws, and all similar or equivalent rights or forms of protection, in any part of the world;
“LGDP” means the Lei Geral de Proteção de Dados or Brazilian General Personal Data Protection Law, which was further amended by Law No. 13.853 of 8 July 2019 and which entered into force in August 2020;
“Open-Source Components” means any software component that is subject to any open-source copyright license agreement, including any Apache or any other known open source license, or other obligation, restriction or license agreement that substantially conforms to the Open Source Definition as prescribed by the Open Source Initiative or otherwise may require disclosure or licensing to any Third Party of any source code with which such software component is used or compiled;
“Payment” means a cash amount paid by you to Profila for (i) a Consumer’s interaction with your Brand Moment or other Brand Offering, or (ii) the Personal Data License granted by a Consumer to you under a Subscription Contract;
“Personal Data” is any information that relates to an identified or identifiable living individual. Different pieces of information, which collected together can lead to the identification of someone as a person, also constitute Personal Data. Personal Data includes, for example, one’s name and surname, home address, email address, identification card number and location data;
“Platform” means the Profila web-based application that enables you to access Profila’s functionalities – as further described in Section 1 of this Agreement – from a computer, tablet or mobile device that can access the internet, accessible here;
“Platform API” means any Platform application programming interfaces, including without limitation declarations, sequence, structure, organization, design, specifications, and computer code implementation of such application programming interfaces, that Profila makes available to you to enable your own consumer relationship management software to interoperate with the Platform;
“Platform API License” means the right to use the Platform API under the terms and conditions set out in Section 4;
“Platform License” means the right to use the Profila Platform under the terms and conditions set out in Section 4;
“Request Document” has the meaning as set out in Section 7 and Annex 3;
“Subscription Contract” means a legally binding agreement between each individual Profila Consumer and Brand after a Consumer accepted a Subscription Offer, which is made up of three (3) parts: (1) the Subscription Offer; (2) the Brand Privacy Terms; and (3) the Subscription Terms;
“Subscription Terms” are the general terms and conditions that apply to you and a Consumer who accepts a Subscription Offer from you. This document forms part of a Subscription Contract together with specific conditions in the Subscription Offer and can be consulted here.
“Subscription Offer” means a request from you to a Consumer to subscribe to a certain set of their Data, which may include part or all of their Personal Data, Categories, and/or Consumer Moments, in exchange for compensation or benefit which may be financial;
“Sensitive Personal Data” means a subcategory of Personal Data that is deemed sensitive by its nature and is therefore granted more protection under the privacy laws of various jurisdictions. Sensitive Data may include racial or ethnic origin, political opinions, religious or philosophical beliefs, biometric data (for example, fingerprints), or health data. This Data should be handled with particular caution;
“Third Party” means any individual, corporation, partnership, joint venture, limited liability company, governmental authority, unincorporated organization, trust, association, or other entity, other than you or Profila.
“Third-Party Content” means Data, information, applications, websites, services and other products of Third Parties, including Third-Party advertising.
- OWNERSHIP OF DATA, INTELLECTUAL PROPERTY & LICENSES
Summary: This section explains that Profila owns and gives you the right to use the Platform. It also explains that you are the owner of all Data (including Personal Data) that you provide on the Platform. Notwithstanding, all Data from your Consumers is their own, and Profila helps your Consumers manage their Personal Data.
4.1 Ownership and Intellectual Property Rights. Title, ownership and all rights (including, without limitation, Intellectual Property Rights) in and to the Platform, the Platform API, the Data Insights, its underlying technology, software, patents, know-how and associated Documentation, in whole or in part, including all improvements, enhancements, modifications, and derivative works shall remain with Profila. Except for those rights expressly granted in this BULA, no other rights are granted, whether express or implied. Profila owns and shall own all rights, title, and interest in the Platform APIs as well as their implementation, sequence, structure, and organization, and any modifications or derivatives of the Platform APIs made by or on behalf of you including without limitation, any modifications, improvements, inventions, discoveries and all associated Intellectual Property Rights.
You acknowledge and agree that the Platform, the Platform API, and the Documentation are provided under a license as set out in this Section 4 and are not sold or donated to you. You do not acquire any ownership interest in the Platform, the Platform API, or the Documentation under this Agreement or any other rights thereto, other than to use the same under the license granted and subject to all terms, conditions, and restrictions under this BULA.
Profila reserves and shall retain its entire right, title, and interest in and to the Platform, the Platform API, and the Documentation and all Intellectual Property Rights arising out of or relating to the Platform, the Platform API, the Data Insights and the Documentation, except as expressly granted to you in this Agreement.
4.2. Beta Versions. If we provide versions of the Platform or the Platform API for you to evaluate, they are not yet generally released and may contain bugs, errors, or other issues. For this reason, they may not be used in your production environments. We may also give you access to the Platform or the Platform API. Beta services are provided “AS-IS” without support or any express or implied warranty or indemnity for any problems or issues. Profila may end the beta at any time and any related data, information, and files would be lost and no longer accessible by you.
4.3 Platform License & license to Documentation. Subject to and conditioned upon your strict compliance with all terms and conditions outlined in this Agreement, Profila hereby grants to you a non-exclusive, non-transferable, non-sublicensable, limited license during the term of this Agreement to use the Platform and the Documentation, solely as outlined in this Section 4 and subject to all conditions and limitations outlined in Section 5 or elsewhere in this Agreement.
This Platform License grants you the right to:
- login to and access the Platform (accessible here), and to use the Platform for the purpose described in Section 1 of this Agreement. All copies of the Platform or the Documentation made by you
(i) will be the exclusive property of Profila;
(ii) will be subject to the terms and conditions of this Agreement; and
(iii) must include all trademark, copyright, patent, and other Intellectual Property Rights notices contained in the original; and
- use the Platform as properly installed and configured per this Agreement and the Documentation, solely as outlined in the Documentation. Profila reserves all rights in the Platform and the Documentation not expressly granted to you here;
Profila has neither control over the interactions between you and Consumers nor over what Personal Data Consumers exchange with you via the App.
4.4 Platform API License. To the extent Profila makes any such Platform APIs available to you during the Term, and conditioned upon your compliance with the terms and conditions of this Agreement, Profila agrees to the following:
- Profila hereby grants you a revocable, non-exclusive, non-transferable, worldwide, limited license to invoke and embed or have embedded into your own CRM platform(s), the available Platform APIs declarations solely to enable data communications between your own CRM platform(s), and the Platform;
- Profila will use commercially reasonable efforts to notify you of any modifications made by Profila to the Platform API;
- Profila will use commercially reasonable efforts to make any such modifications backwards compatible;
- Profila will use commercially reasonable efforts to notify you six months prior to discontinuing or making backward incompatible modifications to the Platform API; and
- Profila will use commercially reasonable efforts to ensure, where circumstances have caused the Platform APIs to infringe Third Party Intellectual Property Rights, the continued use by you by either procuring the right to use the related Intellectual Property Rights or by modifying the Platform APIs, as appropriate.
Notices under this Section 4 may be emailed to your technical representative as designated by you and provided to Profila.
Each Party acknowledges that the other Party may independently develop its own APIs and develop APIs with Third Parties, including other companies who have signed Agreements with Profila that are similar to this Agreement. Each party agrees and acknowledges that API declarations, sequence, structure, and organization may be substantially similar to the other party’s API declarations, sequence, structure, and organization due to the interoperability specifications of the Platform. If you provide Profila with any suggestions, ideas, feedback, reports, error identifications or other information related to the Platform API or the Platform (collectively, “Brand Feedback”), you hereby grant to Profila a worldwide, perpetual, irrevocable, non-terminable right and license, including the right to grant and authorize sublicenses, to use and otherwise exploit the Brand Feedback for all purposes.
4.5 Limitations. Except as expressly set forth in this Agreement, you have no right to reproduce, copy, distribute, reverse engineer, decompile, decrypt, disassemble, modify, adapt, extract or translate, in whole or in part, the Platform, Documentation, Platform APIs or any of the Platform APIs implementation.
4.6 License from you to Profila. We may use your Customers’ Data in order to (i) provide you with access to and use of the Platform, and (ii) derive statistical Data. You hereby grant Profila a limited license to use your Data or Brand Offerings as required to provide our Platform services. Notwithstanding, you will remain the owner of all the Intellectual Property Rights (such as copyright or trademarks) in any such Data or Brand Offerings; nothing in this Agreement takes away the rights you have to your own Data or Brand Offerings. This license applies to Data or Brand Offerings that you or someone on your behalf (such as your agency that places an ad or Brand Moment for you, or your service provider that manages your content for you) makes available on or in connection with any Profila service.
This license ends when your Data and Brand Offerings are fully deleted from our Platform. If you delete your Data and Brand Offerings, they will no longer be visible to Profila or Consumers, but may continue to exist on our systems due to:
- the reasonable time it takes to remove such Data or Brand Offerings from backup and other systems;
- any laws requiring Profila to retain your Data or Brand Offerings.
In this case, the content will be retained for no longer than is necessary for the purposes for which it has been retained.
Our license to deliver your Brand Offerings ends once we have stopped displaying the content in the App to Consumers. You understand, however, that:
- once displayed, your Brand Offerings will be public information (albeit limited to the Consumers you’ve directed such Brand Offerings to). It may be reshared and accessed outside of the targeted audience. If Consumers have interacted with your content (for example, reposting your Brand Offerings as a Consumer Moment), it may remain on the App.
- you consent that Profila may disclose your Brand Offerings, and all information associated with your Brand Offerings, to a governmental entity or body if we believe that disclosure would assist in a lawful investigation.
You and Profila agree that we may access, store, process and use any Data that you provide following the terms of the Brand Privacy Terms and any parameters set by you (including settings, and the terms and conditions of each specific Subscription Contract).
You agree to only provide content or information that does not violate the law nor anyone’s rights (including Intellectual Property Rights). Profila may be required by law to remove certain Data in certain countries. You also agree that your Data and Brand Offerings will be truthful.
- USE RESTRICTIONS
Summary: This section outlines actions that you are not permitted to do whilst using the Platform. Please read this carefully.
You shall not directly or indirectly:
- fill out your profile with Data that is, to the best of your knowledge, false, fraudulent, deceptive, or misleading;
- share any Brand Offerings that are, to the best of your knowledge, false, fraudulent, deceptive, or misleading;
- use any names or nicknames that infringe copyright or trademarks;
- share Data or use any names or nicknames that includes your password or purposely includes Personal Data of Third Parties or is intended to solicit such Personal Data;
- use (including make copies of) the Platform, the Platform API or the Documentation beyond the scope of the license granted under Section 4;
- modify, translate, adapt, or otherwise create derivative works or improvements, whether or not patentable, of the Platform, Platform API or Documentation or any part thereof;
- combine the Platform, Platform API or Documentation or any part thereof with, or incorporate the Platform, Platform API or Documentation or any part thereof in, any other programs, unless to the extent as allowed under the Platform API License;
- reverse engineer, disassemble, decompile, decode, or otherwise attempt to derive or gain access to the source code of the Platform, Platform API or any part thereof;
- remove, delete, alter, or obscure any trademarks or any copyright, trademark, patent, or other Intellectual Property or proprietary rights notices provided on or with the Platform, Platform API or Documentation, including any copy thereof;
- except as expressly outlined in Section 4, copy the Platform, Platform API or Documentation, in whole or in part, rent, lease, lend, sell, sublicense, assign, distribute, publish, transfer, or otherwise make available the Platform, Platform API or Documentation, or any features or functionality of the Platform or Platform API, to any Third Party for any reason, whether or not over a network or on a hosted basis, including in connection with the internet or any web hosting, wide area network (WAN), virtual private network (VPN), virtualization, time-sharing, service bureau, software as a service, cloud, or other technology or service;
- interrupt, disrupt, alter, destroy, impair, restrict, tamper with, or otherwise affect the proper operation of the Platform or Platform API in any way, including, without limitation, through the use of any malicious or unauthorized code, virus, worm, Trojan horse, malware, or program;
- use the Platform, Platform API or Documentation in any threatening, libelous, slanderous, defamatory, obscene, inflammatory, pornographic, discriminatory, or otherwise offensive manner; and
- use the Platform, Platform API or Documentation for any purpose that is illegal, unlawful, or prohibited by applicable law.
Additionally, your password protects your account, and you are solely responsible for keeping your password confidential and secure. If your password is lost or stolen, or if you believe there has been unauthorized access to your account by a Third Party, you must notify us immediately and change your password as soon as possible.
- COMPLIANCE MEASURES
Summary: You must not violate any security measures implemented to prevent misuse of the Platform.
The Platform may contain technological copy protection or other security features designed to prevent unauthorized use of the Platform, including features to protect against any use of the Platform that is prohibited under Section 5. You shall not, and shall not attempt to, remove, disable, circumvent, or otherwise create or implement any workaround to, any such copy protection or security features.
- DATA SUBJECT RIGHTS OR DATA RIGHTS
Summary: Profila allows Consumers to enforce their Data Rights against Brands like you when you process their Personal Data. This section informs you of what to expect if you receive a Data Subject Right request.
Data Subject Rights in the App. Profila allows Data Subjects to exercise any of their Data Subject Rights against a Brand within the Profila App.
When a Data Subject exercises their Data Subject Rights against you, Profila will automatically forward you an email to the privacy contact details you provide in the Platform or a direct message on the Platform with information about the Data Subject Right request (a “Request Document”, see email template in Annex 3). In cases where you receive a Request Document by email, the Data Subject will be in copy. If you have any doubts about the Consumer’s identity, you are to contact them directly via the contact details included in the Request Document.
Profila as an authorized agent. Profila is acting on behalf and only upon instruction of the Data Subject and has been authorized to submit their request via the End User License Agreement as signed between the Data Subject and Profila. Profila only provides the application through which the Data Subject exercises their Data Subject Right. You should therefore only contact the Data Subject directly with your response to the Data Subject Right request.
If you have any questions for Profila about the process of Data Subject Right requests, you may contact our privacy team at firstname.lastname@example.org.
Legal disclaimer – limitation of liability. To the fullest extent permitted by applicable law: in no event will Profila be liable for any direct, indirect, special, incidental, consequential, punitive, enhanced or exemplary damages of any kind (including, but not limited to, damages related to loss of revenue, income or profits, loss of use or data, or damages) arising out of or in any way related to a Data Subject Right request you received from Profila upon the instruction of a Consumer, your organization’s response thereto or absence of response, regardless of the form of action, whether based in contract, tort (including, but not limited to, simple negligence, whether active, passive or imputed), or any other legal theory (even if the party has been advised of the possibility of such damages and regardless of whether such damages were foreseeable).
You are fully responsible for handling any Data Subject Right request or response to any Request Document. You are solely responsible for seeking your own legal advice in relation to your obligations when processing Personal Data, as a controller, processor or otherwise as a third party.
- DATA COLLECTION AND PROCESSING
8.1. Brands as Controller – Profila as Processor
As a result of certain specific interactions that you initiate with Consumers through the Platform – such as inviting or onboarding your existing consumers to join Profila, sending out Subscription Offers to your existing consumer base, reacting to Consumer Moments and sending out Brand Moments – (hereinafter “Brand-initiated Interactions”) you might obtain access to Data, including Personal Data of Consumers.
When processing Personal Data obtained during these Brand-initiated Interactions, you are considered a data controller and Profila a data processor. Additional information on the processing of Personal Data in the framework of Brand-initiated Interactions is set out in the data processing addendum in Annex 2 to the BULA.
8.2. Brands as Controller – Profila as Controller
Each party is considered a separate and independent controller in relation to the Personal Data of each other party (e.g; its employees, contractors, director or other affiliates personnel) to which it would receive access as part of the Brand’s use of the Platform under this BULA.
8.3. General obligations in relation to data collection and processing
In the process of collecting and Processing Personal Data from Consumers, you warrant that:
- your policies for processing, transferring, soliciting, collecting, storing and forwarding of any Personal Data comply with local laws and regulations that apply to you or to your processing of Personal Data;
- you shall not process, including distributing to Profila, any Personal Data in violation of any laws or regulations and will immediately notify us of any request we make of you that you reasonably believe violates such laws or regulations;
- you will not attempt to solicit, collect, store, process or transmit any Consumer Data in excess of what the Consumer has agreed to release under the Subscription Contract;
- you will use Data released by the Consumer strictly in accordance with the Subscription Contract;
- if you want to use Data released by the Consumer for any purposes outside of the relevant Subscription Contract, you will submit a new Subscription Offer;
- you will comply with your obligations as data controller under all applicable laws and regulations, including your obligation to respond to Data Subjects Rights. By doing so, you shall delete all of a Consumer’s Personal Data you have received from us if that Consumer asks you to via the Data Subject Rights process, unless you are required to keep it by law, regulation, or separate agreement with us. You may keep aggregated data only if no information identifying a specific person could be inferred or created from it.
If your own policies or agreements on the collection and processing of Personal Data conflict with this Agreement, this Agreement shall prevail.
- DATA SECURITY AND PROTECTION
Each party warrants that it has implemented and maintains an information security program that includes appropriate administrative, technical and physical safeguards that:
- ensure the security and confidentiality of Consumer Data;
- protect against any anticipated threats or hazards to the security or integrity of Consumer Data;
- protect against unauthorized access to or use of Consumer Data that could result in substantial harm or inconvenience to any Consumer;
- ensure disposal of Consumer Data in a secure manner; and
- satisfy applicable legal or regulatory requirements with respect to information security.
In addition, you warrant the following:
- you will keep your login(s) and password(s) for accessing the Platform private. You can share them with an agent acting to operate your account in the Platform if they sign a confidentiality agreement;
- you won’t use a service provider in connection with your use of Platform unless you make them sign a contract to (a) protect any Consumer Data you obtained from us that is at least as protective as our terms and policies, (b) limit their use of that Consumer Data solely to using it on your behalf to provide services as agreed with a Consumer as part of a Subscription Contract, and not for their own purposes or any other purposes, and (c) keep it secure and confidential. You must ensure they comply with our terms and policies, and you are responsible for their non-compliance;
- you won’t sell, license, or purchase any Consumer Data obtained from us or our services;
- you won’t directly or indirectly transfer any Consumer Data that you receive from us (including anonymous, aggregate, or derived data) to any ad network, data broker or other advertising or monetization-related service. “Indirectly” means you may not, for example, transfer Consumer Data to a Third Party who then transfers the data to an ad network.
If you stop using the Platform, you must promptly delete all Consumer Data you have received from us (absent explicit consent from the Consumer to retain such Data). You can keep any account information that you included in the Platform dashboard, such as your Brand name, Brand logo and contact info, your employees name, email, current city and profile picture URL, as well as all Brand Offerings you created while using the Platform.
- YOUR SERVICES AND OFFERINGS
Summary: You are responsible for all content, including the offering of products or services, that you send within the App to Consumers via the Profila Platform. Profila cannot be held responsible for this content. Certain individuals, organisations or content is not acceptable or allowed on Profila.
10.1 General. You are able to display, include, or make available your own Brand Offerings. When publishing Brand Offerings, we use our best efforts to deliver them to the audience you specify or to achieve your desired outcome, although we cannot guarantee in every instance that your Brand Offerings will reach its intended audience or achieve your desired outcome. We cannot and do not guarantee the reach or performance that your Brand Offerings will receive, such as the number of Consumers who will see your Brand Offerings or the number of clicks your Brand Offerings will get.
You acknowledge and agree that Profila is not responsible for your Brand Offerings, including the accuracy, completeness, timeliness, validity, copyright compliance, legality, decency, quality or any other aspect thereof, but has the right to remove your Brand Offerings from the App and terminate your account if it violates any terms of this BULA.
Profila does not assume and will not have any liability or responsibility to you or any other person or entity for any Brand Offerings, nor can it be held responsible for any losses or damages of any kind incurred by you or any Consumer as a result of the Brand Offerings you share, including any goods, products, or services offered by such Brand Offerings. Any Consumer access to or use of your Brand Offerings and links are entirely at the risk of the Consumer and subject to your terms and conditions.
10.2 Prohibited Content.
Illegal products or services. Brand Offerings must not constitute, facilitate or promote illegal products, services or activities. Brand Offerings targeted to minors must not promote products, services or content that are inappropriate, illegal or unsafe, or that exploit, mislead or exert undue pressure on the age groups targeted.
Discriminatory practices. Brand Offerings must not discriminate or encourage discrimination against people based on personal attributes such as race, ethnicity, colour, national origin, religion, age, sex, sexual orientation, gender identity, family status, disability, medical or genetic condition (including physical or mental health).
Tobacco and related products. Brand Offerings must not promote the sale or use of tobacco products and related paraphernalia. Advertisements must not promote electronic cigarettes, vaporisers or any other products that simulate smoking.
Drugs and related products. Brand Offerings must not promote the sale or use of illegal, prescription or recreational drugs.
Weapons, ammunition or explosives. Brand Offerings must not promote the sale or use of weapons, ammunition or explosives. This includes ads for weapon modification accessories.
Third-Party Infringement. Brand Offerings must not contain content that infringes upon or violates the rights of any Third Party, including copyright, trademark, privacy, publicity or other personal or proprietary rights. To report content that you feel may infringe upon or violate your rights, please contact us at email@example.com.
Sensational content. Brand Offerings must not contain shocking, sensational, inflammatory or excessively violent content.
Personal attributes. Brand Offerings must not contain content that asserts or implies personal attributes. This includes direct or indirect assertions or implications about a person’s name, race, ethnic origin, religion, beliefs, age, sexual orientation or practices, gender identity, disability, medical or genetic condition (including physical or mental health), financial status, membership in a trade union or criminal record.
Misinformation. Profila prohibits Brand Offerings that include claims debunked by Third-Party fact-checkers or, in certain circumstances, claims debunked by organisations with particular expertise. Brands that repeatedly post information deemed to be false may have restrictions placed on their ability to advertise on Profila.
Controversial content. Brand Offerings must not contain content that exploits crises or controversial political or social issues for commercial purposes.
Violence and incitement. We aim to prevent potential offline harm that may be related to content on Profila. Brand Offerings must not incite or facilitate serious violence. We will remove content, disable accounts and work with law enforcement when we believe that there is a genuine risk of physical harm or direct threats to public safety.
Payday loans, payslip advances and bail bonds. Brand Offerings may not promote payday loans, payslip advances, bail bonds or any short-term loans intended to cover someone’s expenses until their next payday. Short-term loan refers to a loan of 90 days or less.
Misleading claims. Brand Offerings must not contain deceptive, false or misleading claims such as those relating to the effectiveness or characteristics of a product or service or claims setting unrealistic expectations for users such as misleading health, employment or weight loss claims.
Unacceptable business practices. Brand Offerings must not promote products, services, schemes or offers using deceptive or misleading practices, including those meant to scam people out of money or personal information.
10.3 Legality of Brand Offerings. Your Brand Offerings must comply with all applicable laws, regulations and statutes. Failure to comply may result in consequences such as the removal of your published Brand Offerings from the App and the termination of your account.
We reserve the right to reject, approve or remove any Brand Offering for any reason, in our sole discretion, including ads that negatively affect our relationship with our users or that promote content, services or activities, contrary to our competitive position, interests or advertising philosophy, including but not limited to a breach of the Use Restrictions under Section 5, or in case of prohibited or illegal content under Section 10.2 and 10.3.
10.4. Dangerous Individuals and Organisations. In an effort to prevent and disrupt real-world harm, we do not allow any organisations or individuals that proclaim a violent mission or are engaged in violence to have a presence on Profila. This includes organisations or individuals involved in the following (i) terrorist activity, (ii) organised hate, (iii) mass murder (including attempts) or multiple murder; (iv) human trafficking, organised violence or criminal activity. We also remove content that expresses support or praise for groups, leaders or individuals involved in these activities.
- OUR OBLIGATIONS TO YOU
We shall provide the Platform in a professional and workmanlike manner in accordance with commercially reasonable industry standards for similar products or services.
We may change the appearance, content, format, medium or means of access to or delivery of the Platform from time to time, including as required to comply with the requirements of Third-Party providers and any applicable law, rule or regulation.
We shall also provide you with enhancements or upgrades to the Platform from time to time. You shall implement, if applicable, any enhancement or upgrades when provided, and you shall be deemed to accept all such enhancements or upgrades at the time of such implementation.
We warrant that we have all rights necessary to provide you with the Platform. We shall provide the Platform in compliance with all applicable laws, rules and regulations. We shall obtain and maintain any necessary licenses, certificates, permits, approvals or other authorizations required by all laws, rules and regulations applicable to our provision of the Platform and our business.
- SUBSCRIPTIONS AND PAYMENTS
Summary: You may choose to pay Consumers in cash for certain interactions you choose to have with them through Profila (for example, when they accept a Subscription Offer or view content such as Brand Moments). This section outlines how Payments work.
12.1 Subscription terms and conditions. Subscriptions are governed by Subscription Terms, Brand Privacy Terms, and your own commercial terms and conditions that you can prescribe before sending out a Subscription Offer.
12.2 Terminating a subscription. A Subscription Contract cannot be terminated during the initial 14 days of the Term. After that, you can end an ongoing subscription via the Dashboard on the Platform. Ending a Subscription Contract will end all associated Subscription Contracts, and as such you will no longer be able to access Consumer Data, such as Personal Data, Consumer Moments and Category information. Profila is not responsible for any knock-on effects should you choose to terminate a Subscription Contract early.
If you end an ongoing subscription, your obligation to comply with Subscription Contracts already agreed with users, and make applicable Payments, remains.
12.3 Payments and Payment Methods
Payment credentials. When you make a payment through the Platform, you agree to provide a valid payment credential in the form of a credit card. When you have successfully added your payment credential, we will allow you to initiate a transaction using the Payments features through the Platform (e.g. after a Brand Moment campaign, or after Consumers accepted your Subscription Offers). For Payments, we currently work with our provider Stripe (accessible here). Profila reserves the right to change the Payment processor or any additional Payment processors at any time.
Authority. When you provide a payment credential to us, you confirm that you are permitted to use that payment credential. When you fund a transaction, you authorise us (and our designated payment processor) to charge the full amount to the payment credential that you designate for the transaction. You also authorise us to collect and store that payment credential, along with other related transaction information. We may also use certain payment card updater services, whose availability varies by issuer, to ensure that we have the most up-to-date information about the payment credentials we store.
Authorisation. If you pay by credit card, we may obtain a pre-approval from the issuer of the card for an amount, which may be as high as the full price of your payment. Your card will be charged at the time you initiate a payment, or shortly thereafter. If you cancel a transaction before completion, this pre-approval may result in those funds not otherwise being immediately available to you.
Failed payments. If your transaction results in an overdraft or other fee from your bank, you alone are responsible for that fee.
Pricing. Pay attention to the details of the transaction on the Platform (e.g. when creating a Brand Moment campaign, or Subscription Offer), because your total price may include taxes, fees and shipping costs, all of which you are responsible for paying.
Extra terms. You may be presented with additional terms related to a specific payment before you confirm the transaction. Those additional terms will also govern that transaction.
Our right to cancel. We may cancel any transaction if we believe that the transaction breaches the BULA, or if we believe that doing so may prevent financial loss.
Payment limitations. In order to prevent financial loss to you or to us, we may place a delay on a payment for a period of time, or limit payment credentials for a transaction, or limit your ability to make a payment, or deactivate your account.
No liability for underlying transaction. If you enter into a Subscription Contract with a Consumer and have a dispute over a Subscription Contract, we have no liability for the goods or services underlying the transaction or for how the Consumer used your donation. Our only responsibility is to handle your payment transaction. All payments are final unless otherwise required by law.
Duty to notify us. If you believe that an unauthorised or otherwise problematic transaction has taken place under your account, you agree to notify us immediately, so that we may take action to prevent financial loss. Unless you submit the claim to us within 30 days after the charge, you will have waived, to the fullest extent permitted by law, all claims against us arising out of or otherwise related to the transaction.
Technical difficulties. If you experience a technical failure or interruption of service that causes your Payment to fail, you may request that your transaction be completed at a later time.
12.4. Price and Revenue Share
The Payments for concluding Subscription Contracts with Consumers and for sharing Brand Moments are set out in the Pricing schedule in Annex 1, which may be subject to change based on Profila’s sole discretion. If you request a different arrangement in relation to Payments, please reach out to Profila at firstname.lastname@example.org.
Profila retains a 50% share of the total Payments for each Subscription Contract (as set out in the Subscription Terms) and for each Brand Moment that you share (the “Profila Share”). The other 50% of the total Payment will be transferred by Profila to you (the “Consumer Share”). Profila reserves the right to adjust the percentage of said revenue share at its sole discretion on a case-by-case basis. This may lead to a Consumer Share above 50% of the Payment, or below 50% of the Payment.
You will not be expected to fulfil any agreed Payments in the instance that a Consumer does not fulfil their obligations under the Subscription Contract, or in the instance that they abandon their contractual obligations partway through the subscription period (for example, by deleting Data that they had agreed to share with you).
12.5 Payment term. Payments offered by you are initially sent to Profila before the Consumer Share is paid out to the Consumer. We will charge the full amount to the payment credential that you designate for the transaction either at the moment you initiate the transaction, or at the end of the month in which you exercised such transaction. Profila reserves the right to charge parts of the Payment that is due at its own convenience. Payout dates are at the sole discretion of Profila, and the terms of this section are subject to change.
12.6. Additional terms.
You are required to pay for each month of a Subscription Contract, even though the Subscription Contract is terminated during a given month. If a Subscription Contract is terminated before the end of a month during the Term (albeit after the initial term of 14 days), no more Payments will be made by the Brand Subscriber for the remaining Term, starting from the month after the month wherein the termination was communicated.
Optional paid services or upgrades may be available on the Platform. When utilizing an optional paid service or upgrade, you agree to pay Profila the monthly or annual subscription fees indicated. Payments will be charged on a pre-pay basis on the day you begin utilizing the service or upgrade and will cover the use of that service or upgrade for a monthly or annual subscription period as indicated. These fees are not refundable.
For any queries regarding payouts and Payment values, please reach out to Profila at email@example.com.
You shall pay Profila all fees as agreed under the payment schedule as set out in Annex 1 to the BULA, which may be changed at Profila’s discretion from time to time.
You shall make all payments without any withholding, deduction or set-off – unless otherwise agreed between the Parties or required by law – and all fees are non-refundable and payment obligations are non-cancelable unless otherwise expressly provided herein or agreed with Profila in writing.
All fees will be payable within the time period as agreed and stated under Annex 1.
You shall also reimburse Profila for all reasonable out-of-pocket expenses and Third-Party charges incurred by us in providing the Platform, Platform API, and any services not expressly included in fees agreed under Annex 1 to the BULA. This may include consultancy work delivered by our legal, technical or marketing teams on a per hourly basis, and will be the subject or a separate master services agreement to be concluded between your Brand and Profila.
Where applicable, all fees will be inclusive of VAT and all other taxes.
In the event of late payment of fees, interest will apply immediately. Interest is set at the national bank’s standard interest rate for the year in which the invoice is sent out.
The currency of the Fees will depend on the seat of your establishment, the nationality of your Consumers or other factors and will be determined at the time of your registration or the first payment.
- DISCLAIMER OF WARRANTY AND LIMITATION OF LIABILITY
Summary: This section disclaims our legal liability for the quality, safety, and reliability of our Platform. Profila will not be held liable for any damages arising from your use of the Platform.
14.1 Disclaimer of warranty. PROFILA PROVIDES THE PLATFORM, THE PLATFORM API, AND THE DOCUMENTATION “AS IS” WITH ALL FAULTS, WITHOUT WARRANTY OF ANY KIND. TO THE MAXIMUM EXTENT PERMITTED BY LAW, ALL EXPRESS AND IMPLIED CONDITIONS, REPRESENTATIONS, AND WARRANTIES INCLUDING, WITHOUT LIMITATION, ANY IMPLIED WARRANTY OR CONDITION OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, NON-INFRINGEMENT, SATISFACTORY QUALITY, NON-INTERFERENCE, AND ACCURACY, ARE HEREBY EXCLUDED AND EXPRESSLY DISCLAIMED BY PROFILA. PROFILA DOES NOT WARRANT THAT THE PLATFORM, THE PLATFORM API, AND THE DOCUMENTATION ARE SUITABLE FOR YOUR USE, WILL OPERATE PROPERLY WITH YOUR APPLICATIONS, ARE ACCURATE OR COMPLETE, OR ARE WITHOUT ERROR OR DEFECT OR ARE FREE OF VIRUSES OR OTHER HARMFUL COMPONENTS.
14.2 Limitation of liability. PROFILA SHALL HAVE NO LIABILITY IN CONNECTION WITH OR RELATING TO THIS AGREEMENT, INCLUDING ANY OF THE LICENSES PROVIDED TO YOU IN SECTION 4 OF THE BULA, FOR DAMAGES OF ANY KIND, INCLUDING BUT NOT LIMITED TO DIRECT, INCIDENTAL, AND CONSEQUENTIAL DAMAGES, OR FOR ANY LOSS OF USE, DATA, INFORMATION, PROFITS, BUSINESS, OR GOODWILL, HOWEVER CAUSED, REGARDLESS OF THE FORM OF ACTION, WHETHER BASED IN CONTRACT, TORT (INCLUDING, BUT NOT LIMITED TO, SIMPLE NEGLIGENCE, WHETHER ACTIVE, PASSIVE OR IMPUTED), OR ANY OTHER LEGAL THEORY (EVEN IF THE PARTY HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES AND REGARDLESS OF WHETHER SUCH DAMAGES WERE FORESEEABLE), EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. NOTWITHSTANDING ANY OTHER PROVISION OF THIS AGREEMENT, PROFILA’S CUMULATIVE LIABILITY TO YOU FOR ALL CLAIMS IN CONNECTION WITH OR RELATING TO THIS AGREEMENT, INCLUDING ANY OF THE LICENSES PROVIDED TO YOU IN SECTION 4 OF THE BULA, NOT EXCEED THE HIGHER OF (i) TEN THOUSAND DOLLARS (USD 10,000), OR (ii) THE FEES PAID TO PROFILA FOR ACCESS TO AND USE OF THE PLATFORM IN THE TWELVE (12) MONTHS PRECEDING THE LAST EVENT GIVING RISE TO THE LIABILITY. THIS LIMITATION OF LIABILITY IS CUMULATIVE AND NOT PER INCIDENT. EACH PARTY ACKNOWLEDGES THAT THIS LIMITATION OF LIABILITY REFLECTS THE ALLOCATION OF RISK AND FORMS AN ESSENTIAL PART OF THE BARGAIN BETWEEN THEM.
14.3 Responsibility for use of the Platform and Documentation. You are responsible and liable for all uses of the Platform, the Platform API, and the Documentation through access thereto provided by you, directly or indirectly. Specifically, and without limiting the generality of the foregoing, you are responsible and liable for all actions and failures to take required actions with respect to the Platform and the Documentation by any other person to whom you may voluntarily or involuntarily provide access to or use of the Platform or the Documentation, whether such access or use is permitted by or in violation of this Agreement and whether such access or use is authorized by you or not.
Both you and Profila agree to keep secret any information belonging to the other party that is not in the public domain (“Confidential Information”). Confidential Information comprises of all confidential and proprietary knowledge, information and materials disclosed by either party to the other party in relation to the Platform, including, but not limited to, oral conversations, confidential product information, product specifications, project designs, know-how, marketing and commercial information, prices, financial information, patents, techniques, trade and business secrets and other proprietary and technical information and/or all information which can reasonably be considered as confidential in nature.
Each party undertakes to treat as strictly confidential the Confidential Information which it receives, or has received, from the other party.
This does not apply to information which:
- was already in the receiving party’s lawful possession before disclosure by you or Profila;
- becomes publicly known through no fault of either party;
- the receiving party can prove came into its possession independently; or
- must be revealed as part of a court decision or administrative order.
Any Confidential Information which has already been received or will be received, whether received in writing or by other means or given orally without record, disclosed in connection with this BULA is subject to the following conditions:
- the Confidential Information will be used solely for the purpose assessment of the feasibility of the Platform and/or a mutual business relationship;
- the Confidential Information will not be used for any commercial purposes without obtaining a prior written license or other prior agreement from the disclosing party;
- the Confidential Information will not be disclosed to any Third Party without prior written consent of the disclosing party;
- each party shall use at least the same standard of care to preserve and safeguard the confidential nature of the Confidential Information it receives as it uses to preserve and safeguard the confidential nature of its own Confidential Information;
- each party will not disclose the Confidential Information to its representatives other than those necessary to fulfil the purposes of this Agreement, and all such representatives to which it discloses will be made aware of the confidential nature of the information and the conditions of disclosure herein. Further, each such representative shall bear the express obligation to maintain the confidentiality of the Confidential Information disclosed under this Agreement;
- each party will not make any copy or abstract of the Confidential Information and any photograph, picture, audio-visual recording or any other similar recording of a plant or infrastructure of the other party or any company affiliated to the other party without the specific permission of such other party.
The disclosing party will always remain the exclusive owner of all rights, including, but not limited to, Intellectual Property Rights, in relation to the Confidential Information disclosed under this Agreement.
In the event of breach of any provision under this Section 15 by either party, such party shall be liable for any loss or direct damage suffered by the non-breaching party arising out of the disclosure of the Confidential Information.
Either party that breaches any provision under this Section 15 will also be held liable where such breach causes the non-breaching party irreparable damages, for which an award of damages would not be adequate. In the event of such a breach, the non-breaching party shall be entitled to seek injunctive relief or other equitable relief, without being required to post a bond or provide an undertaking.
Following termination or expiration of this Agreement under Section 19, all original copies of Confidential Information shall be retrieved and returned to the disclosing party, and each party shall notify to the other party that it has:
- destroyed all other copies of the Confidential Information, as well as material containing Data derived from this information in its possession;
- taken all reasonably practicable steps to permanently erase all Confidential Information and Data from computer media;
- procured that all representatives to whom the Confidential Information has been disclosed comply with the present provision.
Summary: You will indemnify Profila against any legal issues arising from your use or misuse of the Profila Platform. On the other hand, Profila will defend you against any Third-Party claim that the Platform infringes any Third Party’s patent or copyrights.
To the fullest extent permitted by applicable law, you will indemnify, defend and hold harmless Profila, its affiliates, and Profila’s as well as the affiliates’ respective past, present and future employees, officers, directors, contractors, consultants, equity holders, suppliers, vendors, service providers, parent companies, subsidiaries, affiliates, agents, representatives, predecessors, successors and assigns (the “Profila Parties”) from and against all claims, demands, actions, damages, losses, costs and expenses (including attorneys’ fees) that arise from or relate to: (i) your use of the Platform, the Platform API or the Documentation; (ii) your responsibilities or obligations under this Agreement; (iii) your violation of this Agreement; (iv) your violation of any rights of any other person or entity; or (v) any regulatory enforcement actions, which were initiated by your actions or omissions.
Profila will defend you against any Third-Party claim that the Platform, the Platform API or the Documentation infringes any Third Party’s patent or copyright (a “Claim”), and will indemnify you against the final judgment entered by a court of competent jurisdiction or a settlement arising out of such Claim. Profila will have no obligation for any Claim to the extent such Claim is based on (i) a modification of the Platform, the Platform API or the Documentation by you or a Third Party, or use of the Platform, the Platform API or the Documentation outside the scope of this Agreement; (ii) combination, operation, or use of the Platform, the Platform API or the Documentation with non-Profila products, software, services or business processes; (iii) Customer Data; or (iv) services you provide based on the Platform, the Platform API or the Documentation.
- promptly notify Profila in writing of the Claim (or threat thereof), and any subsequent litigation updates;
- cooperate with Profila in the defense of the Claim (including any statements to Third Parties regarding the Claim); and
- grant Profila full and exclusive control of the defense and settlement of the Claim and any subsequent appeal.
If you fail to notify Profila promptly of the Claim or provide timely subsequent litigation updates, and that failure prejudices our ability to defend, settle or respond to the Claim, then our obligation to defend or indemnify you with respect to that Claim will be reduced to the extent Profila has been prejudiced. In addition, such failure to provide prompt notification will relieve Profila of any obligation to reimburse you for your attorneys’ fees incurred prior to notification. If a Claim is made or appears likely, Profila may, at our option, (i) procure for you the right to continue using the Platform, the Platform API or the Documentation under the terms of this Agreement, or (ii) replace or modify the Platform, the Platform API or the Documentation to be non-infringing without material decrease in functionality. If Profila determines that neither of these options are reasonably available, we may terminate the Agreement upon written notice to you, and refund you a pro rata portion of the price you paid for the use of the Platform and/or the Platform API for the remainder of the unexpired term. This section states Profila’s entire obligation and your exclusive remedy regarding any Claims against you.
- JURISDICTION AND LEGALITY OF CONTENT
Summary: Your use of the Platform and the information contained within may not be legal depending on the country where you are located. You should take caution when using the Platform and information provided by Profila.
Publication of content in the App via the Profila Platform, and exercise of any functions that publish content (for example, Brand Moments and Brand Offerings) may violate the laws of the country or jurisdiction from where you are publishing this information or using the Platform.
Laws in your country or jurisdiction may not protect or allow the same kinds of speech or distribution.
Profila does not encourage the violation of any laws and cannot be responsible for any violations of such laws, should you link to this domain or use, reproduce or republish the information contained herein.
Summary: You release Profila from responsibility arising from disputes between yourself and other users of Profila’s services.
To the fullest extent permitted by applicable law, you release Profila and the other Profila Parties from responsibility, liability, claims, demands and damages (actual and consequential) of every kind and nature, known and unknown (including, but not limited to, claims of negligence), arising out of or related to disputes between yourself and users of the Platform, the Platform API or the Documentation.
Summary: Profila has the right to terminate this BULA, though some provisions will continue to be enforced.
19.1 Term. The initial term of the Platform License, the Platform API License or the License to Documentation starts on the date the Platform, the Platform API and/or the Documentation is available for your use and lasts for an unlimited duration until terminated in accordance with this BULA.
19.2 Termination by Profila. Profila may at any time suspend or terminate the Platform License, the Platform API License, your use of the Platform, the Platform API, or Documentation, and/or your rights under this Agreement if one of the following occurs:
- you have breached any material provision of this BULA. Profila also has the right to immediately suspend or terminate your use of the Platform, the Platform API or Documentation if you breach Section 4, 5, 7, 8, 9, or 15 above;
- Profila is required to do so by law or chooses to do so following legal advice;
- any partner with whom Profila offered certain components of the Platform, the Platform API or Documentation has ended its relationship with Profila or stopped offering certain components of the Platform, the Platform API or Documentation;
- Profila decides to no longer provide the Platform, the Platform API or Documentation or any part thereof generally or to users in the country in which you are resident or from which you use the service; or
- provision of the Platform, the Platform API or Documentation to you is, in Profila’s sole discretion, no longer commercially viable.
You will be notified at least thirty (30) days prior to any termination of your access to the Platform.
When Profila terminates under the any of the aforementioned conditions, you agree to immediately cease all access and use of the Platform, the Platform API, and Documentation, and all components thereof.
19.3 Termination for cause. If a party materially breaches this Agreement and does not cure that breach within thirty (30) days after receipt of written notice of the breach, the non-breaching party may terminate this Agreement for cause. Your notice letter of the breach should be sent via registered post to the following address: Profila GmbH, Office of General Counsel, addressed to Mr. Van Roey, Avenue De Roodebeek 213, 1, Brussels (1030), Belgium.
19.4 Termination for convenience. Either Party has the right to terminate this BULA by taking into account a notice period of thirty (30) days.
19.5 Effects of Termination. Termination or expiry, howsoever occurring, does not affect any accrued rights or liabilities, or the coming into force or the continuance in force of any provision which is expressly or by implication intended to come into or continue in force on or after termination or expiry.
The provisions of this Agreement which by their sense and context should survive any expiration or termination of this Agreement shall survive termination of this Agreement and shall remain binding on the parties.
You will pay any unpaid fees covering the remainder of the then-current term and related to your use of the Platform, the Platform API or Documentation.
If you stop using the Platform after termination or expiry, you should promptly delete all Consumer Data you have received from us (absent explicit consent from the Consumer to retain such Data). You can keep any account information that you included in the Platform dashboard, such as your Brand name, Brand logo and contact info, your employees name, email, current city and profile picture URL, as well as all Brand Offerings you created while using the Platform. If you cannot access such information anymore, you can send a request to Profila GmbH, Office of General Counsel, addressed to Mr. Van Roey, Avenue De Roodebeek 213, 1, Brussels (1030), Belgium, and a copy thereof to firstname.lastname@example.org
- FORCE MAJEURE
Summary: Neither you nor Profila is responsible for events beyond control and any consequences this might have.
Neither party will be held responsible for the failure to provide any of its obligations as a result of anything beyond its reasonable control.
Summary: This section outlines other important details about this BULA, including its modification and its applicability under the law.
21.2 Severability. If any provision of this Agreement is illegal or unenforceable under applicable law, the remainder of the provision will be amended to achieve as closely as possible the effect of the original term and all other provisions of this Agreement will continue in full force and effect.
21.3 Press, Publicity, Publications. Neither party shall issue or release any announcement, press release or other publicity or marketing materials relating to this Agreement or any applicable annex, or otherwise use the other party’s name, trademarks, service marks or logos without the prior written consent of the other party, except as otherwise provided herein or in the applicable annex. Profila may refer to or identify you as a user of our services by name and logo, including it in promotional materials and press releases when listing other customers of the Platform or Platform API, and may otherwise use your name, trademarks, service marks or logos as necessary to provide the Platform and the Platform API.
21.4 Important notifications. You will promptly notify Profila in writing of:
- any change to any information set forth in background or compliance checks conducted by Profila;
- any breach of this Agreement by you or any facts or circumstances that could, to the best of your knowledge, reasonably be expected to cause you to breach this Agreement;
- any merger, corporate reorganization, change of control, sale of all or substantially all assets, dissolution, liquidation, bankruptcy, insolvency or other significant corporate event or action with respect to your company; or
- any other information necessary to correct any omission with respect to, or inaccuracy of, any representation or warranty made in this Agreement.
21.5 Reimbursement of costs. If Profila is required to bring any action or suit to enforce your obligations hereunder or to pursue any remedies we may have for your violation of this Agreement or any annex, we shall be entitled to recover from you, in addition to any other rights and remedies we may have, all reasonable expenses and attorneys’ fees for such suit or enforcement.
21.7 Compliance with Laws. Profila will comply with all applicable laws when providing the services under this BULA. We may restrict the availability of the Platform, the Platform API or Documentation in any particular location or modify or discontinue Platform features to comply with applicable laws and regulations. You will comply with all applicable laws and regulations related to your receipt and use of the Platform and Platform API. You must ensure you have the right to use all features of the Platform, the Platform API and Documentation in your jurisdiction.
21.8 Assignment and Subcontracting. You will not transfer any of your rights or obligations under this Agreement to anyone else without our consent. We may assign any of our rights or delegate any of our obligations under this Agreement in our sole discretion. We may also subcontract the performance of the Platform or Platform API to Third Parties. Any such subcontract will not relieve Profila of any of its obligations under this Agreement. You may not assign this Agreement without the prior written consent of Profila.
21.9 Amendments. Any amendment to or waiver of this BULA must be made in writing and signed by Profila.
21.10 Notification. Profila may provide you with notice via mail, email and/or postings on the profila.com website or any other website used as part of the Platform. Notices to Profila should be sent to Profila GmbH, Office of General Counsel, addressed to Mr. Van Roey, Avenue De Roodebeek 213, 1, Brussels (1030), Belgium. If you have any questions or complaints, please reach out to us at email@example.com.
21.11 Reservation of Rights. Failure to enforce any right under this Agreement will not waive that right.
21.12 Summaries. The summaries addressed at Brands included at the beginning of each section of this Agreement are only for information purposes and are not part of the terms of the BULA. Profila doesn’t guarantee that they summarize each aspect of a section.
- GOVERNING LAW AND COURT VENUE
Summary: This Agreement is governed by Belgian law.
This Agreement shall be governed by Belgian law. The United Nations Convention on the International Sale of Goods shall not apply. Any disputes arising under or in connection with this Agreement shall be subject to the exclusive jurisdiction of the courts of Brussels, Belgium.
This document was last updated on 22 October 2020.
Annex 1 – Fees
Annex 2 – Data Processing Addendum
Annex 3 – Request Document
Annex 1 – Fees
Available on the website www.profila.com or upon request by contacting firstname.lastname@example.org.
Annex 2 – Data Processing Addendum
This Data Processing Addendum (hereinafter “Addendum”) forms an integral part of the Brand User License Agreement as concluded between Profila (the “Processor”) and the Brand and applies when Personal Data is Processed by the Processor under the BULA.
- Profila will be Processing Personal Data on behalf of the Brand – as Controller – pursuant to the BULA and the Brand’s use of the Platform, including when Personal Data of Consumers is Processed in the framework of Brand-initiated Interactions (as defined in the BULA);
- The Parties hereby regulate and determine the provisions concerning the Processing of Personal Data as set out in (a), in accordance with Applicable Privacy Law;
- This Addendum does not apply when Profila is a Controller.
IT IS THEREFORE AGREED AS FOLLOWS:
In this Addendum, the following words and expressions shall have the meanings set out below.
- Approved Jurisdiction means a member state of the EEA, or other jurisdiction as may be approved as having adequate legal protections for data by the European Commission currently found here: http://ec.europa.eu/justice/data-protection/international-transfers/adequacy/index_en.htm.
- Data Subject means an identified or identifiable natural person, it being understood that an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
- EEA means the member states of the European Union and Iceland, Liechtenstein and Norway.
- Personal Data Breach means a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, Personal Data transmitted, stored or otherwise Processed;
- Generally accepted terms such as “Controller”, “Personal Data”, Processor”, “Subprocessor” “Processing”, shall have the meaning as set out in the GDPR.
Any term not defined in this Addendum is defined in the BULA. For anything which is not expressly addressed in this Addendum, the general terms and conditions in the BULA apply.
- General principles for Data processing
Relationship of the Parties. The Brand is the “Controller” and Profila is the “Processor”, as such terms are defined under the General Data Protection Regulation (GDPR) with respect to the Personal Data Processed under the BULA. In some circumstances, the Brand may be a Processor, in which case the Brand appoints Profila as its Subprocessor, which shall not change the obligations of either party under this Addendum.
Brand’s Processing of Personal Data. The Brand shall, in the use of the Platform:
- comply with mandatory applicable law and Applicable Privacy Law, including maintaining all relevant and required regulatory registrations and notifications;
- ensure all instructions given by it to the Processor in respect of Personal Data shall at all times be in accordance with mandatory applicable law and Applicable Privacy Law;
- keep the amount of Personal Data provided to Profila to the minimum necessary;
- have sole responsibility for the accuracy, quality, and legality of Personal Data and the means by which the Brand acquired Personal Data.
Profila’s Processing of Personal Data. The Processor shall:
- Process the Personal Data in accordance with the Addendum;
- Process the Personal Data only on instruction from the Brand;
- notify the Brand immediately if it considers that any of the Brand’s instructions infringe Applicable Privacy Law.
- use and Process Personal Data only in so far as strictly necessary for the performance of the BULA and for any additional purpose that may be notified to the Processor by the Brand in writing;
- carry out the data Processing activities for as long as the BULA remains in force.
Details of the Processing activities carried out by the Processor, the types of Personal Data processed, and the Data Subjects concerned are further specified in Attachment A.
The Processor shall implement all appropriate technical and organisational measures to adequately protect the security of Personal Data Processed by the Processor in performance of the BULA to ensure a level of security appropriate to the risk, including, as appropriate, the measures referred to in Article 32(1) of the GDPR, and to protect Personal Data against unauthorized or unlawful Processing, accidental or unlawful destruction and damage or accidental loss, alteration, unauthorised disclosure, or access.
In assessing the appropriate level of security, the Processor shall take into account the state of the art, the costs of implementation and the nature, scope, context and purposes of the Processing, as well as the risks of varying likelihood and severity for the rights and freedoms of natural persons, in particular risks that are presented by the Processing from a Personal Data Breach.
The Processor shall only disclose Personal Data to, or allow access by, its employees or agents who have had appropriate training in data protection matters and whose use or Processing of the Personal Data is strictly necessary for the performance of the BULA.
The Processor shall ensure that these persons authorised to access or Process the Personal Data are under an obligation of confidentiality.
The Processor shall take reasonable steps to ensure that it has appropriate policies and processes in place in relation to employees or agents who have access to Personal Data disclosed to the Processor by the Brand under the BULA.
The Processor shall ensure that all employees who access or Process Personal Data are informed of its confidential nature and do not publish, disclose or divulge any of the Personal Data to any Third Party without the prior written consent of the Brand.
- REQUESTS FROM DATA SUBJECTS OR AUTHORITIES
The Processor shall promptly notify the Brand of: (a) any request from a Data Subject relating to the Brand’s obligations under Applicable Privacy Law; or (b) a request from any Third Party or regulatory authority for disclosure of Personal Data where compliance with such request is required by law.
The Processor shall at all times cooperate with and assist the Brand in relation to timely responding to and fulfilling such requests, amongst others, by taking into account the nature of the Processing, implementing appropriate technical and organisational measures, insofar as this is possible, for the fulfilment of the Brand’s obligations to respond to such requests under Applicable Privacy Law.
The Processor shall ensure that it does not respond to that request except on documented instructions of the Brand or as required by applicable law to which the Processor is subject, in which case, the Processor shall, to the extent permitted by applicable law, inform the Brand of that legal requirement before responding to the request.
- PERSONAL DATA BREACHES
The Processor shall notify the Brand without undue delay upon becoming aware of a Personal Data Breach of the occurrence thereof and, without undue delay and no later than within twenty-four (24) hours after becoming aware of it, with all relevant details reasonably available on the Personal Data Breach.
The Processor shall provide reasonable cooperation and sufficient information to the Brand in relation to the Personal Data Breach to allow the Brand to meet any obligations to report Personal Data Breaches to the data protection authorities and to inform Data Subjects under Applicable Privacy Law.
The information provided by the Processor shall, as a minimum:
- describe the nature of the Personal Data Breach, the categories and numbers of Data Subjects concerned, and the categories and numbers of Personal Data records concerned;
- communicate the name and contact details of Processor’s data protection officer or other relevant contact from whom more information may be obtained;
- describe the likely consequences of the Personal Data Breach; and
- describe the measures taken or proposed to be taken to address the Personal Data Breach.
The Processor shall co-operate with the Brand and take such reasonable steps as directed by the Brand to assist in the investigation, mitigation and remediation of each such Personal Data Breach.
- ASSISTANCE AND COMPLIANCE WITH LAWS
The Processor shall comply with all laws that apply to the Processor from time to time as a Processor of the Personal Data, including Applicable Privacy Law.
The Processor shall, upon the Brand’s first request, provide the Brand with reasonable assistance and cooperation as the Brand may request in order to ensure compliance with the latter’s obligations under Applicable Privacy Law, such as, as the case may be, any data protection impact assessments or prior consultations with the data protection authorities, taking into account the nature of the processing activities and the information available to the Processor.
The Processor shall co-operate with and make available to the Brand or, as the case may be, to any competent data protection or privacy authority, all information necessary to demonstrate compliance with the obligations laid down in Applicable Privacy Law, including information regarding the Processor’s data Processing activities.
Upon termination of the BULA, the Processor shall, within sixty (60) days after the date of such termination (“Termination Date”), return to the Brand or, at the Brand’s option, irreversibly delete and procure the deletion of all copies of Personal Data disclosed to the Processor by the Brand.
To that end, the Brand may in its absolute discretion by written notice to Processor within thirty (30) days of the Termination Date, require the Processor to (a) return a complete copy of all Personal Data to the Brand by secure file transfer in such format as is reasonably notified by the Brand to the Processor; and (b) delete and procure the deletion of all other copies of Personal Data processed by the Processor. The Processor shall comply with any such written request within thirty (30) days of the Termination Date.
The Processor may retain the Personal Data disclosed by the Brand to the extent the storage thereof is strictly required by any applicable law and only for such period as required by applicable law, and always provided that the Processor shall ensure the confidentiality of all such Personal Data and shall ensure that such Personal Data is only Processed as necessary for the purpose(s) specified in such applicable laws requiring its storage and for no other purpose.
The Processor shall provide written certification to the Brand that it has fully complied with this Section 8 within sixty (60) days of the Termination Date.
- DATA TRANSFERS
The Processor shall not transfer Personal Data to any country or territory that is not an Approved Jurisdiction, without the prior written consent of the Brand.
If, and only with the Brand’s prior consent, the Processor Processes Personal Data from the EEA or Switzerland in a jurisdiction that is not an Approved Jurisdiction, the Parties shall confirm there is a legally approved mechanism in place to allow for the international data transfer.
If the Processor intends to rely on Standard Contractual Clauses (rather than another permissible transfer mechanism), the following additional terms will apply to the Processor:
- The Standard Contractual Clauses set forth in Attachment B will apply. If such Standard Contractual Clauses are superseded by new or modified Standard Contractual Clauses, the Parties shall promptly enter into the new or modified Standard Contractual Clauses, as necessary.
If the Processor is required by a law to transfer Personal Data to any country or territory that is not an Approved Jurisdiction, the Processor shall inform the Brand of that legal requirement before transferring, unless that law prohibits such information on important grounds of public interest.
- SUBPROCESSING BY SUBCONTRACTORS
In case the Processor engages subcontractors for carrying out specific Processing activities on behalf of the Brand, the same data protection obligations as set out in this Addendum will be imposed by the Processor on the sub-contractor by way of a similar contract.
Upon the Brand’s request, the Processor shall provide to the Brand a list of all the subprocessors that have access to Personal Data under this BULA.
In any case, the Processor shall ensure that each sub-contractor:
- only carries out such processing as may be necessary from time to time in connection with the BULA; and
- complies with terms and conditions (and only sub-contract on terms and conditions) which provide an equivalent level of protection to Personal Data as set out in this Addendum.
The Processor shall remain fully responsible for the acts and omissions of any such sub-contractors in the performance of obligations under this Addendum as if they were the Processor’s own acts and omissions.
The Processor shall be solely and entirely liable for the non-compliance with its obligations under this Addendum, Applicable Privacy Law and other applicable laws.
The Processor warrants that it shall comply with any and all of its obligations resulting from this Addendum, Applicable Privacy Law and other applicable laws.
The Processor will indemnify and hold the Brand harmless from any direct damages resulting from the breach of this Addendum by the Processor or any unlawful Processing or act incompatible with this Addendum, Applicable Privacy Law or other applicable laws by the Processor. However, the Processor shall not be liable for indirect or consequential damages.
- Entire agreement & Variation
This Addendum constitutes the entire and only legally binding agreement between the Parties in relation to the Processing of Personal Data by the Processor pursuant to the BULA. No variation to these terms on behalf of the Brand can be made otherwise than in writing signed by a legally authorized representative of the Brand.
If any provision, clause or part-clause of this Addendum is held to be invalid, void, illegal or otherwise unenforceable by a judicial body, the remaining provisions of this Addendum shall remain in full force and effect to the extent permitted by law.
Details of data processing activities carried out by the Processor
This Attachment A forms part of the Addendum and describes the Processing that Profila will perform on behalf of the Brand.
Nature of Processing
The processing relates to the following activities:
- Profila is based in Switzerland, but keeps Personal Data in cloud storage per region, in order to limit the cross-region transfer of Personal Data. If you want to know more about Profila’s local Data storage options in your region, contact the Data Protection Office via the email email@example.com.
- Profila Processes Personal Data in connection with offering its services through its SaaS Platform (for Brands) and App (for Consumers).
- Profila also processes Personal Data as part of its Data Rights feature.
- Profila collects information under the direction of Brands as part of Brand-initiated Interactions (as defined in the BULA);.
- Profila also has a direct relationship with the Consumers whose Personal Data it Processed under the EULA.
Categories of Data Subjects
The Personal Data Processed concerns the following categories of Data Subjects:
- Profila Consumers (as defined in the BULA)
Categories of Personal Data
Profila can Process numerous categories of Personal Data in the App and Brand Platform. As an example, Personal Data Processed can contain but is not limited to the following categories of Personal Data, and will be defined by the information a Brand requests from the Consumer in a Subscription Offer, as well as by the Categories of Personal Data that a Consumer will be able to create and manage in its own Profila account over time:
- Name (first and last name)
- Birth date
- Country of residency and origin
- Home address, work address
- Email address
- Social media account details
- Phone number
- Languages and language proficiency
- Uphold account number
- Payment amount of Subscriptions
- Payment amount of Brand Moments
- Personal Data included in different Categories (as defined in the BULA), which might include leisure and interest data, consumption habits, living habits, etc.
- Personal Data included in different Consumer Moments (as defined in the BULA), which, on top of feedback about products, services etc, might also contain leisure and interest data, consumption habits, living habits, images and video/audio recording.
Health Data (after release of the Health Data features) or other Sensitive Personal Data.
Processing activities under the Brand-initiated Interactions
|Subscription request process
||A Brand can send a Subscription Offer (as defined in the BULA) to a Consumer with a request to obtain access to certain Categories of Personal Data as described above.
Profila will make this Subscription Offer available to the Consumer, who may accept the offer (and thereby conclude a Subscription Contract) or refuse the offer.
In the latter case, the Brand will not receive any Personal Data. In case a Subscription Contract is concluded, the Brand will be provided access to the requested Data. Profila will process Personal Data included in the Subscription Contract, as well as additional data about the Subscription Contract (e.g. date and time).
|Brand reacting to Consumer Moment
||A Brand can react to a Consumer Moment (as described in the BULA) that was sent to them in relation to one of their products and/or services. Certain Categories of Personal Data are processed as a result.
|Brand Moment (including advertisement)
||A Brand can send content (picture, video, audio, article or other marketing content) to a Consumer who accepted a Subscription Offer. A Consumer can interact with this content in the form of a view, click, or Consumer Moment as a response, a buying signal, etc. Certain Categories of Personal Data are Processed as a result, e.g. name of the Consumer, payment details (Uphold account, amount of payment).
Purposes for processing activities
The Personal Data will be Processed by the Processor for the following purposes:
|Subscription request process
||To provide a better relationship and experience between the Consumer and the Brand, and allow the Consumer to choose which Personal Data is shared with a particular Brand of their choosing.
|Brand reacting to Consumer Moment
||To provide feedback to the Consumer on a Consumer Moment they shared with a Brand.
|Brand moment (including advertisement)
||To provide the Consumer with tailored content based on their interests, as shared by the Consumer with the Brand as part of a Subscription Contract.
Duration of the Processing
Personal Data will be processed for the duration of the BULA or until otherwise requested by the Brand.
Standard Contractual Clauses (Processors)
For the purposes of Article 26(2) of Directive 95/46/EC and Article 46(2) General Data Protection Regulation 2016/679 for the transfer of personal data to processors established in third countries which do not ensure an adequate level of data protection.
Name of the data exporting organisation: …(the data exporter)
Name of the data importing organisation: …(the data importer)
each a ‘party’; together ‘the parties’,
HAVE AGREED on the following Contractual Clauses (the Clauses) in order to adduce adequate safeguards with respect to the protection of privacy and fundamental rights and freedoms of individuals for the transfer by the data exporter to the data importer of the personal data specified in Appendix 1.
For the purposes of the Clauses:
- personal data’, ‘special categories of data’, ‘process/processing’, ‘controller’, ‘processor’, ‘data subject’ and ‘supervisory authority’ shall have the same meaning as in Directive 95/46/EC of the European Parliament and of the Council of 24 October 1995 on the protection of individuals with regard to the processing of personal data and on the free movement of such data and General Data Protection Regulation 2016/679;
- ‘the data exporter’ means the controller who transfers the personal data;
- ‘the data importer’ means the processor who agrees to receive from the data exporter personal data intended for processing on his behalf after the transfer in accordance with his instructions and the terms of the Clauses and who is not subject to a third country’s system ensuring adequate protection within the meaning of Article 25(1) of Directive 95/46/EC;
- ‘the sub-processor’ means any processor engaged by the data importer or by any other sub-processor of the data importer who agrees to receive from the data importer or from any other sub-processor of the data importer personal data exclusively intended for processing activities to be carried out on behalf of the data exporter after the transfer in accordance with his instructions, the terms of the Clauses and the terms of the written subcontract;
- ‘the applicable data protection law’ means the legislation protecting the fundamental rights and freedoms of individuals and, in particular, their right to privacy with respect to the processing of personal data applicable to a data controller in the Member State in which the data exporter is established;
- ‘technical and organisational security measures’ means those measures aimed at protecting personal data against accidental or unlawful destruction or accidental loss, alteration, unauthorised disclosure or access, in particular where the processing involves the transmission of data over a network, and against all other unlawful forms of processing.
Details of the transfer
The details of the transfer and in particular the special categories of personal data where applicable are specified in Appendix 1 which forms an integral part of the Clauses.
Third-party beneficiary clause
||The data subject can enforce against the data exporter this Clause, Clause 4(b) to (i), Clause 5(a) to (e), and (g) to (j), Clause 6(1) and (2), Clause 7, Clause 8(2), and Clauses 9 to 12 as third-party beneficiary.
||The data subject can enforce against the data importer this Clause, Clause 5(a) to (e) and (g), Clause 6, Clause 7, Clause 8(2), and Clauses 9 to 12, in cases where the data exporter has factually disappeared or has ceased to exist in law unless any successor entity has assumed the entire legal obligations of the data exporter by contract or by operation of law, as a result of which it takes on the rights and obligations of the data exporter, in which case the data subject can enforce them against such entity.
||The data subject can enforce against the sub-processor this Clause, Clause 5(a) to (e) and (g), Clause 6, Clause 7, Clause 8(2), and Clauses 9 to 12, in cases where both the data exporter and the data importer have factually disappeared or ceased to exist in law or have become insolvent, unless any successor entity has assumed the entire legal obligations of the data exporter by contract or by operation of law as a result of which it takes on the rights and obligations of the data exporter, in which case the data subject can enforce them against such entity. Such third-party liability of the sub-processor shall be limited to its own processing operations under the Clauses.
||The parties do not object to a data subject being represented by an association or other body if the data subject so expressly wishes and if permitted by national law.
Obligations of the data exporter
The data exporter agrees and warrants:
||that the processing, including the transfer itself, of the personal data has been and will continue to be carried out in accordance with the relevant provisions of the applicable data protection law (and, where applicable, has been notified to the relevant authorities of the Member State where the data exporter is established) and does not violate the relevant provisions of that State;
||that it has instructed and throughout the duration of the personal data-processing services will instruct the data importer to process the personal data transferred only on the data exporter’s behalf and in accordance with the applicable data protection law and the Clauses;
||that the data importer will provide sufficient guarantees in respect of the technical and organisational security measures specified in Appendix 2 to this contract;
||that after assessment of the requirements of the applicable data protection law, the security measures are appropriate to protect personal data against accidental or unlawful destruction or accidental loss, alteration, unauthorised disclosure or access, in particular where the processing involves the transmission of data over a network, and against all other unlawful forms of processing, and that these measures ensure a level of security appropriate to the risks presented by the processing and the nature of the data to be protected having regard to the state of the art and the cost of their implementation;
||that it will ensure compliance with the security measures;
||that, if the transfer involves special categories of data, the data subject has been informed or will be informed before, or as soon as possible after, the transfer that its data could be transmitted to a third country not providing adequate protection within the meaning of Directive 95/46/EC;
||to forward any notification received from the data importer or any sub-processor pursuant to Clause 5(b) and Clause 8(3) to the data protection supervisory authority if the data exporter decides to continue the transfer or to lift the suspension;
||to make available to the data subjects upon request a copy of the Clauses, with the exception of Appendix 2, and a summary description of the security measures, as well as a copy of any contract for sub-processing services which has to be made in accordance with the Clauses, unless the Clauses or the contract contain commercial information, in which case it may remove such commercial information;
||that, in the event of sub-processing, the processing activity is carried out in accordance with Clause 11 by a sub-processor providing at least the same level of protection for the personal data and the rights of data subject as the data importer under the Clauses; and
||that it will ensure compliance with Clause 4(a) to (i).
Obligations of the data importer
The data importer agrees and warrants:
||to process the personal data only on behalf of the data exporter and in compliance with its instructions and the Clauses; if it cannot provide such compliance for whatever reasons, it agrees to inform promptly the data exporter of its inability to comply, in which case the data exporter is entitled to suspend the transfer of data and/or terminate the contract;
||that it has no reason to believe that the legislation applicable to it prevents it from fulfilling the instructions received from the data exporter and its obligations under the contract and that in the event of a change in this legislation which is likely to have a substantial adverse effect on the warranties and obligations provided by the Clauses, it will promptly notify the change to the data exporter as soon as it is aware, in which case the data exporter is entitled to suspend the transfer of data and/or terminate the contract;
||that it has implemented the technical and organisational security measures specified in Appendix 2 before processing the personal data transferred;
||that it will promptly notify the data exporter about:
||any legally binding request for disclosure of the personal data by a law enforcement authority unless otherwise prohibited, such as a prohibition under criminal law to preserve the confidentiality of a law enforcement investigation;
||any accidental or unauthorised access; and
||any request received directly from the data subjects without responding to that request, unless it has been otherwise authorised to do so;
||to deal promptly and properly with all inquiries from the data exporter relating to its processing of the personal data subject to the transfer and to abide by the advice of the supervisory authority with regard to the processing of the data transferred;
||at the request of the data exporter to submit its data-processing facilities for audit of the processing activities covered by the Clauses which shall be carried out by the data exporter or an inspection body composed of independent members and in possession of the required professional qualifications bound by a duty of confidentiality, selected by the data exporter, where applicable, in BULA with the supervisory authority;
||to make available to the data subject upon request a copy of the Clauses, or any existing contract for sub-processing, unless the Clauses or contract contain commercial information, in which case it may remove such commercial information, with the exception of Appendix 2 which shall be replaced by a summary description of the security measures in those cases where the data subject is unable to obtain a copy from the data exporter;
||that, in the event of sub-processing, it has previously informed the data exporter and obtained its prior written consent;
||that the processing services by the sub-processor will be carried out in accordance with Clause 11;
||to send promptly a copy of any sub-processor BULA it concludes under the Clauses to the data exporter.
||The parties agree that any data subject, who has suffered damage as a result of any breach of the obligations referred to in Clause 3 or in Clause 11 by any party or sub-processor is entitled to receive compensation from the data exporter for the damage suffered.
||If a data subject is not able to bring a claim for compensation in accordance with paragraph 1 against the data exporter, arising out of a breach by the data importer or his sub-processor of any of their obligations referred to in Clause 3 or in Clause 11, because the data exporter has factually disappeared or ceased to exist in law or has become insolvent, the data importer agrees that the data subject may issue a claim against the data importer as if it were the data exporter, unless any successor entity has assumed the entire legal obligations of the data exporter by contract of by operation of law, in which case the data subject can enforce its rights against such entity.
The data importer may not rely on a breach by a sub-processor of its obligations in order to avoid its own liabilities.
||If a data subject is not able to bring a claim against the data exporter or the data importer referred to in paragraphs 1 and 2, arising out of a breach by the sub-processor of any of their obligations referred to in Clause 3 or in Clause 11 because both the data exporter and the data importer have factually disappeared or ceased to exist in law or have become insolvent, the sub-processor agrees that the data subject may issue a claim against the data sub-processor with regard to its own processing operations under the Clauses as if it were the data exporter or the data importer, unless any successor entity has assumed the entire legal obligations of the data exporter or data importer by contract or by operation of law, in which case the data subject can enforce its rights against such entity. The liability of the sub-processor shall be limited to its own processing operations under the Clauses.
||The parties agree that if one party is held liable for a violation of the clauses committed by the other party, the latter will, to the extent to which it is liable, indemnify the first party for any cost, charge, damages, expenses or loss it has incurred.
Indemnification is contingent upon:
||the data exporter promptly notifying the data importer of a claim; and
||the data importer being given the possibility to cooperate with the data exporter in the defence and settlement of the claim
Mediation and jurisdiction
||The data importer agrees that if the data subject invokes against it third-party beneficiary rights and/or claims compensation for damages under the Clauses, the data importer will accept the decision of the data subject:
||to refer the dispute to mediation, by an independent person or, where applicable, by the supervisory authority;
||to refer the dispute to the courts in the Member State in which the data exporter is established.
||The parties agree that the choice made by the data subject will not prejudice its substantive or procedural rights to seek remedies in accordance with other provisions of national or international law.
Cooperation with supervisory authorities
||The data exporter agrees to deposit a copy of this contract with the supervisory authority if it so requests or if such deposit is required under the applicable data protection law.
||The parties agree that the supervisory authority has the right to conduct an audit of the data importer, and of any sub-processor, which has the same scope and is subject to the same conditions as would apply to an audit of the data exporter under the applicable data protection law.
||The data importer shall promptly inform the data exporter about the existence of legislation applicable to it or any sub-processor preventing the conduct of an audit of the data importer, or any sub-processor, pursuant to paragraph 2. In such a case the data exporter shall be entitled to take the measures foreseen in Clause 5(b).
The Clauses shall be governed by the law of the Member State in which the data exporter is established, namely …
Variation of the contract
The parties undertake not to vary or modify the Clauses. This does not preclude the parties from adding clauses on business related issues where required as long as they do not contradict the Clause.
||The data importer shall not subcontract any of its processing operations performed on behalf of the data exporter under the Clauses without the prior written consent of the data exporter. Where the data importer subcontracts its obligations under the Clauses, with the consent of the data exporter, it shall do so only by way of a written BULA with the sub-processor which imposes the same obligations on the sub-processor as are imposed on the data importer under the Clauses. Where the sub-processor fails to fulfil its data protection obligations under such written BULA the data importer shall remain fully liable to the data exporter for the performance of the sub-processor’s obligations under such BULA.
||The prior written contract between the data importer and the sub-processor shall also provide for a third-party beneficiary clause as laid down in Clause 3 for cases where the data subject is not able to bring the claim for compensation referred to in paragraph 1 of Clause 6 against the data exporter or the data importer because they have factually disappeared or have ceased to exist in law or have become insolvent and no successor entity has assumed the entire legal obligations of the data exporter or data importer by contract or by operation of law. Such third-party liability of the sub-processor shall be limited to its own processing operations under the Clauses.
||The provisions relating to data protection aspects for sub-processing of the contract referred to in paragraph 1 shall be governed by the law of the Member State in which the data exporter is established, namely …
||The data exporter shall keep a list of sub-processing BULAs concluded under the Clauses and notified by the data importer pursuant to Clause 5(j), which shall be updated at least once a year. The list shall be available to the data exporter’s data protection supervisory authority.
Obligation after the termination of personal data-processing services
||The parties agree that on the termination of the provision of data-processing services, the data importer and the sub-processor shall, at the choice of the data exporter, return all the personal data transferred and the copies thereof to the data exporter or shall destroy all the personal data and certify to the data exporter that it has done so, unless legislation imposed upon the data importer prevents it from returning or destroying all or part of the personal data transferred. In that case, the data importer warrants that it will guarantee the confidentiality of the personal data transferred and will not actively process the personal data transferred anymore.
||The data importer and the sub-processor warrant that upon request of the data exporter and/or of the supervisory authority, it will submit its data-processing facilities for an audit of the measures referred to in paragraph 1.
|On behalf of the data exporter:
||On behalf of the data importer:
|Name : [ ]
||Name : [ ]
|Title : [ ]
||Title : [ ]
to the Standard Contractual Clauses
This Appendix forms part of the Clauses and must be completed and signed by the parties.
The data exporter is (please specify briefly your activities relevant to the transfer):
The data importer is (please specify briefly activities relevant to the transfer):
The personal data transferred concern the following categories of data subjects (please specify):
Categories of data
The personal data transferred concern the following categories of data (please specify):
Special categories of data (if appropriate)
The personal data transferred concern the following special categories of data (please specify):
The personal data transferred will be subject to the following basic processing activities (please specify):
to the Standard Contractual Clauses
This Appendix forms part of the Clauses and must be completed and signed by the parties.
Description of the technical and organisational security measures implemented by the data importer in accordance with Clauses 4(d) and 5(c) (or document/legislation attached):
Annex 3 – Data Subject Right Request Document
[Explainer: when you exercise a data subject right with a specific Brand via the App, this email template will be sent by Profila to the Brand you chose. All yellow fields will be automatically filled out with information that you provided throughout the process and will be included in the template.]
Email title: Data Subject Right request – [include name of the SPECIFIC RIGHT] by [include name of Profila user]
Dear [name Brand],
This email constitutes a data subject right request as submitted by [include name of Profila user] on [include the day the request was received].
Via this email, [include name of Profila user] – who is reading along in CC –exercises his/her [include name of the SPECIFIC RIGHT] towards [name Brand].
Please find hereunder the specific information about the request:
|First and Last Name
||[include full first and last name]
||[include email or other contact details provided during process in app]
|Data Subject Right:
||[include specific right]
|Additional context (if any)
||[include info provided in step 3 by user]
||[include info from consumer registration]
|Country of Residence
||[include info from consumer registration]
Please contact [include name of Profila user] directly via the email address as shown above in contact details when you respond to this request.
Thank you in advance for confirming directly to [include name of Profila user] that your organization has received this data subject right request and will undertake the necessary action.
[include name of Profila user] is looking forward to hearing from you.
You can consult the data subject rights information folder annexed to this email, which contains information about the concept of data subjects’ rights. Please also read the legal disclaimer, which applies to this email and the data subject request that Profila has forwarded to your organization.
The Profila privacy team,
Acting as an authorized agent of [include name of Profila user]
Attachment: Data Subject Right request information folder & legal disclaimer