תנאי השירות
Acceptable Use Policy
Acceptable Use Policy
Use of the Services is subject to this Acceptable Use Policy.
Capitalized terms have the meaning stated in the applicable agreement between Customer and Survey On Tablet.
Customer agrees not to, and not to allow third parties to use the Services:
- to violate, or encourage the violation of, the legal rights of others (for example, this may include allowing Customer End Users to infringe or misappropriate the intellectual property rights of others in violation of the Digital Millennium Copyright Act);
- to engage in, promote or encourage illegal activity;
- for any unlawful, invasive, infringing, defamatory or fraudulent purpose (for example, this may include phishing, creating a pyramid scheme or mirroring a website);
- to intentionally distribute viruses, worms, Trojan horses, corrupted files, hoaxes, or other items of a destructive or deceptive nature;
- to interfere with the use of the Services, or the equipment used to provide the Services, by customers, authorized resellers, or other authorized users;
- to disable, interfere with or circumvent any aspect of the Services;
- to generate, distribute, publish or facilitate unsolicited mass email, promotions, advertisings or other solicitations (“spam”); or
- to use the Services, or any interfaces provided with the Services, to access any other Survey On Tablet product or service in a manner that violates the terms of service of such other Survey On Tablet product or service.
Survey On Tablet License Agreement
Survey On Tablet License Agreement
This Survey On Tablet License Agreement (the "Agreement") is made and entered into by and between Survey On Tablet and the entity agreeing to these terms ("Customer"). "Survey On Tablet" means Survey On Tablet Limited, with offices at TechHub, 4-5 Bonhill Str, EC2A4BX London, UK and registration address at 220 Oval Road, Dagenham, RM109EJ, UK.
This Agreement is deemed accepted and is effective as of the date Customer received access to Survey On Tablet services (the "Effective Date"). If you are accepting on behalf of Customer, you represent and warrant that: (i) you have full legal authority to bind Customer to this Agreement; (ii) you have read and understand this Agreement; and (iii) you agree, on behalf of Customer, to this Agreement. If you do not have the legal authority to bind Customer, please do not click to accept. This Agreement governs Customer's access to and use of the Service. For an offline variant of this Agreement, you may contact Survey On Tablet for more information.
1. Provision of the Services.
1.1 Services Use. Subject to this Agreement, during the Term, Customer may: (a) use the Services, (b) integrate the Services into any Application that has material value independent of the Services, and (c) use any Software provided by Survey On Tablet as part of the Services. Customer may not sublicense or transfer these rights except as permitted under the Assignment section of the Agreement.
1.2 Console. Survey On Tablet will provide the Services to Customer. As part of receiving the Services, Customer will have access to the Admin Console, through which Customer may administer the Services.
1.3 Facilities. All facilities used to store and process an Application and Customer Data will adhere to reasonable security standards no less protective than the security standards at facilities where Survey On Tablet processes and stores its own information of a similar type. Survey On Tablet has implemented at least industry standard systems and procedures to (i) ensure the security and confidentiality of an Application and Customer Data, (ii) protect against anticipated threats or hazards to the security or integrity of an Application and Customer Data, and (iii) protect against unauthorized access to or use of an Application and Customer Data.
1.4 Data Location. Survey On Tablet may process and store the Customer Data anywhere Survey On Tablet or its agents maintain facilities. By using the Services, Customer consents to this processing and storage of Customer Data. Under this Agreement, Survey On Tablet is merely a data processor.
1.5 Accounts. Customer must have an Account and a Token (if applicable) to use the Services, and is responsible for the information it provides to create the Account, the security of the Token and its passwords for the Account, and for any use of its Account and the Token. If Customer becomes aware of any unauthorized use of its password, its Account or the Token, Customer will notify Survey On Tablet as promptly as possible. Survey On Tablet has no obligation to provide Customer multiple Tokens or Accounts.
1.6 New Applications and Services. Survey On Tablet may: (i) make new applications, tools, features or functionality available from time to time through the Services and (ii) add new services to the "Services" definition from time to time (by adding them at the URL set forth under that definition), the use of which may be contingent upon Customer’s agreement to additional terms.
1.7 Modifications.
a. To the Services. Survey On Tablet may make commercially reasonable updates to the Services from time to time. If Survey On Tablet makes a material change to the Services, Survey On Tablet will inform Customer, provided that Customer has subscribed with Survey On Tablet to be informed about such change.
b. To the Agreement. Survey On Tablet may make changes to this Agreement, including pricing (and any linked documents) from time to time. Unless otherwise noted by Survey On Tablet, material changes to the Agreement will become effective 30 days after they are posted, except if the changes apply to new functionality in which case they will be effective immediately. If Customer does not agree to the revised Agreement, please stop using the Services. Survey On Tablet will post any modification to this Agreement to the Terms URL.
c. To the Data Processing and Security Terms. Survey On Tablet may only change the Data Processing and Security Terms where such change is required to comply with applicable law, applicable regulation, court order, or guidance issued by a governmental regulator or agency, where such change is expressly permitted by the Data Processing and Security Terms, or where such change:
(i) is commercially reasonable;
(ii) does not result in a degradation of the overall security of the Services;
(iii) does not expand the scope of or remove any restrictions on Survey On Tablet’s processing of Customer Personal Data, as described in Section 5.2 (Scope of Processing) of the Data Processing and Security Terms; and
(iv) does not otherwise have a material adverse impact on Customer’s rights under the Data Processing and Security Terms.
If Survey On Tablet makes a material change to the Data Processing and Security Terms in accordance with this Section, Survey On Tablet will post the modification to the URL containing those terms.
1.8 Service Specific Terms and Data Processing and Security Terms. The Service Specific Terms and Data Processing and Security Terms are incorporated by this reference into the Agreement.
2. Payment Terms.
2.1 Free Trial/Quota. Certain Services may be provided to Customer without charge subject to a separate agreement.
2.2 Billing. Survey On Tablet will issue an invoice to Customer for all agreed services in accordance with the agreed payment terms. Customer will pay all Fees in the currency set forth in the invoice. Customer will pay all Fees in accordance with the payment terms applicable to the Service. Survey On Tablet's measurement of Customer’s use of the Services is final. Survey On Tablet has no obligation to provide multiple bills.
2.3 Taxes. Customer is responsible for any Taxes, and Customer will pay Survey On Tablet for the Services without any reduction for Taxes. If Survey On Tablet is obligated to collect or pay Taxes, the Taxes will be invoiced to Customer, unless Customer provides Survey On Tablet with a timely and valid tax exemption certificate authorized by the appropriate taxing authority. In some states the sales tax is due on the total purchase price at the time of sale and must be invoiced and collected at the time of the sale. If Customer is required by law to withhold any Taxes from its payments to Survey On Tablet, Customer must provide Survey On Tablet with an official tax receipt or other appropriate documentation to support such withholding.
2.4 Invoice Disputes & Refunds. To the fullest extent permitted by law, Customer waives all claims relating to Fees unless claimed within sixty days after charged (this does not affect any Customer rights with its credit card issuer). Refunds (if any) are at the discretion of Survey On Tablet and will only be in the form of credit for the Services. Nothing in this Agreement obligates Survey On Tablet to extend credit to any party.
2.5 Delinquent Payments. Late payments may bear interest at the rate of 1.5% per month (or the highest rate permitted by law, if less). Survey On Tablet reserves the right to suspend Customer’s Account, for any late payments.
3. Customer Obligations.
3.1 Compliance. Customer is solely responsible for its Applications, Projects, and Customer Data and for making sure its Applications, Projects, and Customer Data comply with the AUP. Survey On Tablet reserves the right to review the Application, Project, and Customer Data for compliance with the AUP. Customer is responsible for ensuring all Customer End Users comply with Customer’s obligations under the AUP, the Service Specific Terms, and the restrictions in Sections 3.3 and 3.5 below.
3.2 Privacy. Customer will obtain and maintain any required consents necessary to permit the processing of Customer Data under this Agreement.
3.3 Restrictions. Customer will not, and will not allow third parties under its control to: (a) copy, modify, create a derivative work of, reverse engineer, decompile, translate, disassemble, or otherwise attempt to extract any or all of the source code of the Services (subject to Section 3.4 below and except to the extent such restriction is expressly prohibited by applicable law); (b) use the Services for High Risk Activities; (c) sublicense, resell, or distribute any or all of the Services separate from any integrated Application; (d) create multiple Applications, Accounts, or Projects to simulate or act as a single Application, Account, or Project (respectively) or otherwise access the Services in a manner intended to avoid incurring Fees; (e) unless otherwise set forth in the Service Specific Terms, use the Services to operate or enable any telecommunications service or in connection with any Application that allows Customer End Users to place calls or to receive calls from any public switched telephone network; or (f) process or store any Customer Data that is subject to the International Traffic in Arms Regulations maintained by the Department of State. Unless otherwise specified in writing by Survey On Tablet, Survey On Tablet does not intend uses of the Services to create obligations under HIPAA, and makes no representations that the Services satisfy HIPAA requirements. If Customer is (or becomes) a Covered Entity or Business Associate, as defined in HIPAA, Customer will not use the Services for any purpose or in any manner involving Protected Health Information (as defined in HIPAA) unless Customer has received prior written consent to such use from Survey On Tablet.
3.4 Third Party Components. Third party components (which may include open source software) of the Services may be subject to separate license agreements. To the limited extent a third party license expressly supersedes this Agreement, that third party license governs Customer’s use of that third party component.
3.5 Documentation. Survey On Tablet may provide Documentation for Customer’s use of the Services. The Documentation may specify restrictions (e.g. attribution or HTML restrictions) on how the Applications may be built or the Services may be used and Customer will comply with any such restrictions specified.
3.6 DMCA Policy. Survey On Tablet provides information to help copyright holders manage their intellectual property online, but Survey On Tablet cannot determine whether something is being used legally or not without their input. Survey On Tablet responds to notices of alleged copyright infringement and terminates accounts of repeat infringers according to the process set out in the U.S. Digital Millennium Copyright Act. If Customer thinks somebody is violating Customer’s or Customer End Users’ copyrights and wants to notify Survey On Tablet, Customer can contact Survey On Tablet here: http://www.surveyontablet.com/contact
4. Suspension and Removals.
4.1 Suspension/Removals. If Customer becomes aware that any Application, Project, or Customer Data violates the AUP, Customer will immediately suspend the the Application and/or remove the relevant Customer Data (as applicable). If Customer fails to suspend or remove as noted in the prior sentence, Survey On Tablet may specifically request that Customer do so. If Customer fails to comply with Survey On Tablet’s request to do so within twenty-four hours, then Survey On Tablet may disable the Project or Application, and/or disable the Account (as may be applicable) until such violation is corrected.
4.2 Emergency Security Issues. Despite the foregoing, if there is an Emergency Security Issue, then Survey On Tablet may automatically suspend the offending Application, Project, and/or Account. Suspension will be to the minimum extent required, and of the minimum duration, to prevent or resolve the Emergency Security Issue. If Survey On Tablet suspends an Application, Project, or the Account, for any reason, without prior notice to Customer, at Customer’s request, Survey On Tablet will provide Customer the reason for the suspension as soon as is reasonably possible.
5. Intellectual Property Rights; Use of Customer Data; Feedback.
5.1 Intellectual Property Rights. Except as expressly set forth in this Agreement, this Agreement does not grant either party any rights, implied or otherwise, to the other’s content or any of the other’s intellectual property. As between the parties, Customer owns all Intellectual Property Rights in Customer Data and the Application or Project (if applicable), and Survey On Tablet owns all Intellectual Property Rights in the Services and Software.
5.2 Use of Customer Data. Survey On Tablet will not access or use Customer Data, except as necessary to provide the Services to Customer.
5.3 Customer Feedback. If Customer provides Survey On Tablet Feedback about the Services, then Survey On Tablet may use that information without obligation to Customer, and Customer hereby irrevocably assigns to Survey On Tablet all right, title, and interest in that Feedback.
6. Technical Support Services
6.1 By Customer. Customer is responsible for technical support of its Applications and Projects.
6.2 By Survey On Tablet. Subject to payment of applicable support Fees, Survey On Tablet will provide TSS to Customer during the Term in accordance with the TSS Guidelines.
7. Deprecation of Services
7.1 Discontinuance of Services. Subject to Section 7.2, Survey On Tablet may discontinue any Services or any portion or feature for any reason at any time without liability to Customer.
7.2 Deprecation Policy. Survey On Tablet will announce if it intends to discontinue or make backwards incompatible changes to the Services. Survey On Tablet will use commercially reasonable efforts to continue to operate those Services versions and features without these changes for at least one year after that announcement, unless (as Survey On Tablet determines in its reasonable good faith judgment):
(i) required by law or third party relationship (including if there is a change in applicable law or relationship), or
(ii) doing so could create a security risk or substantial economic or material technical burden.
The above policy is the "Deprecation Policy."
8. Confidential Information.
8.1 Obligations. The recipient will not disclose the Confidential Information, except to Affiliates, employees, agents or professional advisors who need to know it and who have agreed in writing (or in the case of professional advisors are otherwise bound) to keep it confidential. The recipient will ensure that those people and entities use the received Confidential Information only to exercise rights and fulfill obligations under this Agreement, while using reasonable care to keep it confidential.
8.2 Required Disclosure. Notwithstanding any provision to the contrary in this Agreement, the recipient may also disclose Confidential Information to the extent required by applicable Legal Process; provided that the recipient uses commercially reasonable efforts to: (i) promptly notify the other party of such disclosure before disclosing; and (ii) comply with the other party’s reasonable requests regarding its efforts to oppose the disclosure. Notwithstanding the foregoing, subsections (i) and (ii) above will not apply if the recipient determines that complying with (i) and (ii) could: (a) result in a violation of Legal Process; (b) obstruct a governmental investigation; and/or (c) lead to death or serious physical harm to an individual. As between the parties, Customer is responsible for responding to all third party requests concerning its use and Customer End Users’ use of the Services.
9. Term and Termination.
9.1 Agreement Term. The “Term” of this Agreement will begin on the Effective Date and continue until the Agreement is terminated as set forth in Section 9 of this Agreement. Except as otherwise set forth on a written form, this Agreement will automatically renew for a period equal to such initial term unless either party notifies the other in writing of its intent not to renew at least ninety (90) days prior to expiration of the then-current term.
9.2 Termination for Breach. Either party may terminate this Agreement for breach if: (i) the other party is in material breach of the Agreement and fails to cure that breach within thirty days after receipt of written notice; (ii) the other party ceases its business operations or becomes subject to insolvency proceedings and the proceedings are not dismissed within ninety days; or (iii) the other party is in material breach of this Agreement more than two times notwithstanding any cure of such breaches. In addition, Survey On Tablet may terminate any, all, or any portion of the Services or Projects, if Customer meets any of the conditions in Section 9.2(i), (ii), and/or (iii).
9.3 Termination for Inactivity. Survey On Tablet reserves the right to terminate the Services for inactivity, if, for a period exceeding 180 days, Customer: (a) has failed to access the Admin Console; (b) storage resources or an Application has not served any requests;
9.4 Termination for Convenience. Customer may stop using the Services at any time. Customer may terminate this Agreement for its convenience at any time on prior written notice and upon termination, must cease use of the applicable Services. Survey On Tablet may terminate this Agreement for its convenience at any time without liability to Customer.
9.5 Effect of Termination. If the Agreement is terminated, then: (i) the rights granted by one party to the other will immediately cease; (ii) all Fees owed by Customer to Survey On Tablet are immediately due upon receipt of the final invoice; (iii) Customer will delete the Software, any Application, Instance, Project, and any Customer Data; and (iv) upon request, each party will use commercially reasonable efforts to return or destroy all Confidential Information of the other party.
10. Publicity. Customer is permitted to state publicly that it is a customer of the Services, consistent with the Trademark Guidelines. If Customer wants to display Survey On Tablet Brand Features in connection with its use of the Services, Customer must obtain written permission from Survey On Tablet through the process specified in the Trademark Guidelines. Survey On Tablet may include Customer’s name or Brand Features in a list of Survey On Tablet customers, online or in promotional materials. Survey On Tablet may also verbally reference Customer as a customer of the Services. Neither party needs approval if it is repeating a public statement that is substantially similar to a previously-approved public statement. Any use of a party’s Brand Features will inure to the benefit of the party holding Intellectual Property Rights to those Brand Features. A party may revoke the other party’s right to use its Brand Features under this Section with written notice to the other party and a reasonable period to stop the use.
11. Representations and Warranties. Each party represents and warrants that: (a) it has full power and authority to enter into the Agreement; and (b) it will comply with all laws and regulations applicable to its provision, or use, of the Services, as applicable. Survey On Tablet warrants that it will provide the Services in accordance with the applicable SLA (if any).
12. Disclaimer. EXCEPT AS EXPRESSLY PROVIDED FOR IN THIS AGREEMENT, TO THE MAXIMUM EXTENT PERMITTED BY APPLICABLE LAW, SURVEY ON TABLET AND ITS SUPPLIERS DO NOT MAKE ANY OTHER WARRANTY OF ANY KIND, WHETHER EXPRESS, IMPLIED, STATUTORY OR OTHERWISE, INCLUDING WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR USE AND NONINFRINGEMENT. SURVEY ON TABLET AND ITS SUPPLIERS ARE NOT RESPONSIBLE OR LIABLE FOR THE DELETION OF OR FAILURE TO STORE ANY CUSTOMER DATA AND OTHER COMMUNICATIONS MAINTAINED OR TRANSMITTED THROUGH USE OF THE SERVICES. CUSTOMER IS SOLELY RESPONSIBLE FOR SECURING AND BACKING UP ITS APPLICATION, PROJECT, AND CUSTOMER DATA. NEITHER SURVEY ON TABLET NOR ITS SUPPLIERS, WARRANTS THAT THE OPERATION OF THE SOFTWARE OR THE SERVICES WILL BE ERROR-FREE OR UNINTERRUPTED. NEITHER THE SOFTWARE NOR THE SERVICES ARE DESIGNED, MANUFACTURED, OR INTENDED FOR HIGH RISK ACTIVITIES.
13. Limitation of Liability.
13.1 Limitation on Indirect Liability. TO THE MAXIMUM EXTENT PERMITTED BY APPLICABLE LAW, NEITHER PARTY, NOR SURVEY ON TABLET’S SUPPLIERS, WILL BE LIABLE UNDER THIS AGREEMENT FOR LOST REVENUES OR INDIRECT, SPECIAL, INCIDENTAL, CONSEQUENTIAL, EXEMPLARY, OR PUNITIVE DAMAGES, EVEN IF THE PARTY KNEW OR SHOULD HAVE KNOWN THAT SUCH DAMAGES WERE POSSIBLE AND EVEN IF DIRECT DAMAGES DO NOT SATISFY A REMEDY.
13.2 Limitation on Amount of Liability. TO THE MAXIMUM EXTENT PERMITTED BY APPLICABLE LAW, NEITHER PARTY, NOR SURVEY ON TABLET’S SUPPLIERS, MAY BE HELD LIABLE UNDER THIS AGREEMENT FOR MORE THAN THE AMOUNT PAID BY CUSTOMER TO SURVEY ON TABLET UNDER THIS AGREEMENT DURING THE TWELVE MONTHS PRIOR TO THE EVENT GIVING RISE TO LIABILITY.
13.3 Exceptions to Limitations. These limitations of liability do not apply to breaches of confidentiality obligations, violations of a party’s Intellectual Property Rights by the other party, indemnification obligations, or Customer's payment obligations.
14. Indemnification.
14.1 By Customer. Unless prohibited by applicable law, Customer will defend and indemnify Survey On Tablet and its Affiliates against Indemnified Liabilities in any Third-Party Legal Proceeding to the extent arising from: (i) any Application, Project, Instance, Customer Data or Customer Brand Features; or (ii) Customer’s, or Customer End Users’, use of the Services in violation of the AUP.
14.2 By Survey On Tablet. Survey On Tablet will defend and indemnify Customer and its Affiliates against Indemnified Liabilities in any Third-Party Legal Proceeding to the extent arising solely from an Allegation that use of (a) Survey On Tablet’s technology used to provide the Services (excluding any open source software) or (b) any Survey On Tablet Brand Feature infringes or misappropriates the third party’s patent, copyright, trade secret, or trademark.
14.3 Exclusions. This Section 14 will not apply to the extent the underlying Allegation arises from:
a. the indemnified party’s breach of this Agreement;
b. modifications to the indemnifying party’s technology or Brand Features by anyone other than the indemnifying party;
c. combination of the indemnifying party’s technology or Brand Features with materials not provided by the indemnifying party; or
d. use of non-current or unsupported versions of the Services or Brand Features;
14.4 Conditions. Sections 14.1 and 14.2 will apply only to the extent:
a. The indemnified party has promptly notified the indemnifying party in writing of any Allegation(s) that preceded the Third-Party Legal Proceeding and cooperates reasonably with the indemnifying party to resolve the Allegation(s) and Third-Party Legal Proceeding. If breach of this Section 14.4(a) prejudices the defense of the Third-Party Legal Proceeding, the indemnifying party’s obligations under Section 14.1 or 14.2 (as applicable) will be reduced in proportion to the prejudice.
b. The indemnified party tenders sole control of the indemnified portion of the Third-Party Legal Proceeding to the indemnifying party, subject to the following: (i) the indemnified party may appoint its own non-controlling counsel, at its own expense; and (ii) any settlement requiring the indemnified party to admit liability, pay money, or take (or refrain from taking) any action, will require the indemnified party’s prior written consent, not to be unreasonably withheld, conditioned, or delayed.
14.5 Remedies.
a. If Survey On Tablet reasonably believes the Services might infringe a third party’s Intellectual Property Rights, then Survey On Tablet may, at its sole option and expense: (a) procure the right for Customer to continue using the Services; (b) modify the Services to make them non-infringing without materially reducing their functionality; or (c) replace the Services with a non-infringing, functionally equivalent alternative.
b. If Survey On Tablet does not believe the remedies in Section 14.5(a) are commercially reasonable, then Survey On Tablet may suspend or terminate Customer’s use of the impacted Services.
14.6 Sole Rights and Obligations. Without affecting either party’s termination rights, this Section 14 states the parties’ only rights and obligations under this Agreement for any third party's Intellectual Property Rights Allegations and Third-Party Legal Proceedings.
15. U.S. Federal Agency Users. The Services were developed solely at private expense and are commercial computer software and related documentation within the meaning of the applicable Federal Acquisition Regulations and their agency supplements.
16. Miscellaneous.
16.1 Notices. All notices must be in writing and addressed to the other party’s legal department and primary point of contact. The email address for notices being sent to Survey On Tablet’s Legal Department is info@surveyontablet.com. Notice will be treated as given on receipt as verified by written or automated receipt or by electronic log (as applicable).
16.2 Assignment. Neither party may assign any part of this Agreement without the written consent of the other, except to an Affiliate where: (a) the assignee has agreed in writing to be bound by the terms of this Agreement; (b) the assigning party remains liable for obligations under the Agreement if the assignee defaults on them; and (c) the assigning party has notified the other party of the assignment. Any other attempt to assign is void.
16.3 Change of Control. If a party experiences a change of Control (for example, through a stock purchase or sale, merger, or other form of corporate transaction): (a) that party will give written notice to the other party within thirty days after the change of Control; and (b) the other party may immediately terminate this Agreement any time between the change of Control and thirty days after it receives that written notice.
16.4 Force Majeure. Neither party will be liable for failure or delay in performance to the extent caused by circumstances beyond its reasonable control.
16.5 No Agency. This Agreement does not create any agency, partnership or joint venture between the parties.
16.6 No Waiver. Neither party will be treated as having waived any rights by not exercising (or delaying the exercise of) any rights under this Agreement.
16.7 Severability. If any term (or part of a term) of this Agreement is invalid, illegal, or unenforceable, the rest of the Agreement will remain in effect.
16.8 No Third-Party Beneficiaries. This Agreement does not confer any benefits on any third party unless it expressly states that it does.
16.9 Equitable Relief. Nothing in this Agreement will limit either party’s ability to seek equitable relief.
16.10 U.S. Governing Law.
a. For U.S. City, County, and State Government Entities. If Customer is a U.S. city, county or state government entity, then the Agreement will be silent regarding governing law and venue.
b. For U.S. Federal Government Entities. If Customer is a U.S. federal government entity then the following applies: ALL CLAIMS ARISING OUT OF OR RELATING TO THIS AGREEMENT OR THE SERVICES WILL BE GOVERNED BY THE LAWS OF THE UNITED STATES OF AMERICA, EXCLUDING ITS CONFLICT OF LAWS RULES. SOLELY TO THE EXTENT PERMITTED BY FEDERAL LAW: (I) THE LAWS OF THE STATE OF CALIFORNIA (EXCLUDING CALIFORNIA’S CONFLICT OF LAWS RULES) WILL APPLY IN THE ABSENCE OF APPLICABLE FEDERAL LAW; AND (II) FOR ALL CLAIMS ARISING OUT OF OR RELATING TO THIS AGREEMENT OR THE SERVICES, THE PARTIES CONSENT TO PERSONAL JURISDICTION IN, AND THE EXCLUSIVE VENUE OF, THE COURTS IN SANTA CLARA COUNTY, CALIFORNIA.
c. For All Other Entities. If Customer is any entity not set forth in Section 16.10(a) or (b) then the following applies: ALL CLAIMS ARISING OUT OF OR RELATING TO THIS AGREEMENT OR THE SERVICES WILL BE GOVERNED BY CALIFORNIA LAW, EXCLUDING THAT STATE’S CONFLICT OF LAWS RULES, AND WILL BE LITIGATED EXCLUSIVELY IN THE FEDERAL OR STATE COURTS OF SANTA CLARA COUNTY, CALIFORNIA, USA; THE PARTIES CONSENT TO PERSONAL JURISDICTION IN THOSE COURTS.
16.11 Amendments. Except as set forth in Section 1.7(b) or (c), any amendment must be in writing, signed by both parties, and expressly state that it is amending this Agreement.
16.12 Survival. The following Sections will survive expiration or termination of this Agreement: 5, 8, 9.5, 13, 14, and 16.
16.13 Entire Agreement. This Agreement sets out all terms agreed between the parties and supersedes all other agreements between the parties relating to its subject matter. In entering into this Agreement, neither party has relied on, and neither party will have any right or remedy based on, any statement, representation or warranty (whether made negligently or innocently), except those expressly set out in this Agreement. The terms located at a URL referenced in this Agreement and the Documentation are incorporated by reference into the Agreement. After the Effective Date, Survey On Tablet may provide an updated URL in place of any URL in this Agreement.
16.14 Conflicting Terms. If there is a conflict between the documents that make up this Agreement, the documents will control in the following order: the Agreement, and the terms at any URL.
16.15 Definitions.
·"Account" means Customer’s account at the Survey On Tablet website.
·"Admin Console" means the online console(s) and/or tool(s) provided by Survey On Tablet to Customer for administering the Services.
·"Affiliate" means any entity that directly or indirectly Controls, is Controlled by, or is under common Control with a party.
·"Allegation" means an unaffiliated third party’s allegation.
·"Application(s)" means any web or other application Customer creates using the Services, including any source code written by Customer to be used with the Services, or hosted in an Instance.
·"AUP" means the acceptable use policy set forth for the Services.
·"Brand Features" means the trade names, trademarks, service marks, logos, domain names, and other distinctive brand features of each party, respectively, as secured by such party from time to time.
·"Committed Purchase(s)" have the meaning set forth in the Service Specific Terms.
·"Confidential Information" means information that one party (or an Affiliate) discloses to the other party under this Agreement, and which is marked as confidential or would normally under the circumstances be considered confidential information. It does not include information that is independently developed by the recipient, is rightfully given to the recipient by a third party without confidentiality obligations, or becomes public through no fault of the recipient. Subject to the preceding sentence, Customer Data is considered Customer’s Confidential Information.
·"Control" means control of greater than fifty percent of the voting rights or equity interests of a party.
·"Customer Data" means content provided to Survey On Tablet by Customer (or at its direction) via the Services under the Account.
·"Customer End Users" means the individuals Customer permits to use the Application.
·"Data Processing and Security Terms" means the terms set forth at the section Data Processing and Security Terms.
·"Documentation" means the Survey On Tablet documentation (as may be updated from time to time) in the form generally made available by Survey On Tablet to its customers for use with the Services including the following: (a) Survey On Tablet Review Analytics; (b) Survey On Tablet Surveys; (c) Survey On Tablet Marketing Tools.
·"Emergency Security Issue" means either: (a) Customer’s or Customer End Users’ use of the Services in violation of the AUP, which could disrupt: (i) the Services; (ii) other customers’ or their customer end users’ use of the Services; or (iii) the Survey On Tablet network or servers used to provide the Services; or (b) unauthorized third party access to the Services.
·"Fee Trial Period" means a calendar month or another period specified by Survey On Tablet in the Admin Console.
·“Feedback” means feedback or suggestions about the Services provided to Survey On Tablet by Customer.
·"Fees" means the applicable fees for each Service and any applicable Taxes. The Fees for each Service are set forth in a separate agreement.
·"High Risk Activities" means uses such as the operation of nuclear facilities, air traffic control, or life support systems, where the use or failure of the Services could lead to death, personal injury, or environmental damage.
·"HIPAA" means the Health Insurance Portability and Accountability Act of 1996 as it may be amended from time to time, and any regulations issued under it.
·"Indemnified Liabilities" means any (i) settlement amounts approved by the indemnifying party; and (ii) damages and costs finally awarded against the indemnified party and its Affiliates by a court of competent jurisdiction.
·"Intellectual Property Rights" means current and future worldwide rights under patent, copyright, trade secret, trademark, and moral rights laws, and other similar rights.
·"Legal Process" means a data disclosure request made under law, governmental regulation, court order, subpoena, warrant, governmental regulatory or agency request, or other valid legal authority, legal procedure, or similar process.
·"Package Purchase" means Customer’s commitment to purchase a specified package of the Services over a specified period of time, whether Customer uses those Services or not. A Package Purchase may be made using the Admin Console or the Ordering Document (if applicable).
·"Project" means a grouping of resources for Customer, and via which Customer may use the Services. Projects are more fully described in the Documentation.
·"Service Specific Terms" means the terms specific to one or more Services.
·"Services" means the services all services provided by Survey On Tablet (including any associated APIs); and TSS.
·"SLA" means the Service Level Agreement as applicable to: (a) Survey On Tablet Review Analytics; (b) Survey On Tablet Surveys; (c) Survey On Tablet Marketing Tools.
·"Software" means any downloadable tools, software development kits or other such proprietary computer software provided by Survey On Tablet in connection with the Services, which may be downloaded by Customer, and any updates Survey On Tablet may make to such Software from time to time.
·"Taxes" means any duties, customs fees, or taxes (other than Survey On Tablet’s income tax) associated with the purchase of the Services, including any related penalties or interest.
·"Term" has the meaning set forth in Section 9 of this Agreement.
·/span>"Terms URL" means the following URL set forth at the current webpage.
·"Third-Party Legal Proceeding" means any formal legal proceeding filed by an unaffiliated third party before a court or government tribunal (including any appellate proceeding).
·"Token" means an alphanumeric key that is uniquely associated with Customer’s Account.
·"Trademark Guidelines" means Survey On Tablet’s Guidelines for Third Party Use of Survey On Tablet Brand Features.
·"TSS" means the technical support service provided by Survey On Tablet to the administrators under the TSS Guidelines.
·"TSS Guidelines" means Survey On Tablet’s technical support services guidelines then in effect for the Services.
Service Specific Terms
Service Specific Terms
Capitalized terms not defined in these Service Specific Terms have the meaning set forth in the Survey On Tablet License Agreement between Customer and Survey On Tablet or the Survey On Tablet Reseller Agreement between Reseller and Survey On Tablet (as applicable, "Agreement"). For the purpose of these Service Specific Terms, if the Agreement is the Survey On Tablet Reseller Agreement, then for that Agreement: (i) the term "Customer" means Customer and/or Reseller based on which entity is accessing the applicable Service, and (ii) the term "Customer" means "Reseller".
1. Survey On Tablet Review Analytics.
The following terms apply only to the Survey On Tablet Review Analytics Service:
1.1 In order to provide the Services Survey On Tablet gathers, stores, analyzes, displays and uses a variety of information, including without limitation (i) publicly available content such as reviews and hotel rankings posted on third party web sites, feedback and information provided by guests at Customer facilities, posts from social media sites and forums, news articles, blog posts, photos and videos, and (ii) commercially available data regarding businesses in Customer’s industry (such as hotel occupancy rates, average daily rates and revenue per available room) (collectively “Third Party Content”). Some Third Party Content is public information (such as online hotel reviews) and other Third Party Content is proprietary to its creators (such as industry research data). Third Party Content may be owned by the people or entities that publish such content, or by other parties.
1.2 Customer acknowledges that (i) Survey On Tablet aggregates Third Party Content from various public web sites (including Survey On Tablet sites) and from commercial databases, and (ii) Third Party Content may be obtained by Survey On Tablet or licensed to Survey On Tablet by third parties subject to copyright and other restrictions on re-use or redistribution. Customer understands the foregoing and agrees that it is requesting Survey On Tablet to aggregate and present both publicly available and proprietary Third Party Content to Customer and its Users.
1.3 Survey On Tablet shall use good faith efforts to provide comprehensive and accurate Services to Customer, however, Survey On Tablet cannot assure that all relevant hotel reviews, videos, images, blog entries, article postings, references and other information will be found or delivered, or that irrelevant hotel reviews, videos, images, blog entries, article postings, references and other information will not be delivered. From time to time delivery of the Services may be delayed due to scheduled or unscheduled maintenance or factors beyond Survey On Tablet’s control, and Survey On Tablet’s failure to deliver the Services in such event or events shall not constitute a breach of the Agreement.
1.4 Customer shall provide Survey On Tablet with the following prior to the commencement of Services: (i) applicable hotel name(s), (ii) hotel website(s), (iii) the name of Customer’s competitors, and (iv) e-mail addresses of all End Users.
1.5 Customer acknowledges that Survey On Tablet aggregates and provides, but does not generate, the content underlying the Services, and that information furnished by Provider represents the opinions of others and may contain inaccuracies, libelous material, profanity, and pornography. Survey On Tablet may block certain comments using specific keywords, and Customer will have the ability to control the blocking of key-words.
1.6 Survey On Tablet does not guarantee any specific results from the use of the Service.
2. Survey On Tablet Surveys.
The following terms apply only to the Survey On Tablet Surveys
2.1 The Services may include tablet systems and other hardware installed in Customer facilities. Hardware is configured to be used only with the Services. Hardware may not be reconfigured, used to run any other applications, or used for any other purpose. Customer may purchase the hardware or lease it from Survey On Tablet, as specified in the Service Order Form. If leased, all hardware remains the property of Survey On Tablet (or its third party equipment provider) and must be returned to Survey On Tablet within 15 days following termination of the applicable Services. Customer who does not return the hardware within this time period will be billed Survey On Tablet’s cost to replace the hardware.Customer Data may be stored transiently or cached anywhere where Survey On Tablet or its agents maintain facilities.
2.2 Certain Services requires the use of Guest Personal Data (as defined in the Privacy Policy). Customer hereby grants Survey On Tablet a nonexclusive and nontransferable right to access, use, store and process the Guest Personal Data collected via the Services and otherwise from the Customer, solely for the purposes of providing those Services to Customer during the term of and in accordance with this Agreement.
2.3 Certain Services permit Customer to send email, SMS and other messages to their guests. The sending of commercial messages is regulated by law, including US CAN-SPAM and the Telephone Consumer Privacy Act. Customer acknowledges and agrees that it is responsible for complying with all applicable laws, published rules and policies regarding communication with its guests. Customer represents and warrants that it has obtained written or electronic opt-in permission from each guest to send messages to that guest, and agrees that if a guest opts out of a specific form of messaging from Customer (e.g. SMS), Customer will update the Services accordingly. Customer may not send any messages to a guest through the Services unless such messages are directly related to the type of information the guest has opted-in to receive from Customer. Survey On Tablet will notify Customer if it becomes aware of any violation or perceived violation of applicable laws, published rules and policies, and Customer is immediately obligated to correct any actual violation. Survey On Tablet may suspend Customer’s use of messaging features in the Services until a violation is cured. The Customer agrees that any email lists that they use to distribute survey invitations are based on an existing relationship with the survey respondent or that the person that owns the email address has agreed to participate in a survey. Customer will remain responsible for ensuring that it complies with all applicable laws, rules and regulations when communicating with its guests via the Services and will keep Survey On Tablet fully indemnified in accordance with this Agreement in respect of any breach of this Agreement.
2.4 Customer shall not solicit Respondents by use of means which might reasonably be expected to impair or unduly influence the judgment of the Respondent and therefore the accuracy or veracity of the Respondent’s use of the Application. Practices that are deemed likely to so impair or influence a response include, without limitation:
(i)
Compensation payable to the reviewer which is dependent on the content of the
response or which constitutes an immoderate incentive;
(ii) Exerting pressure on Respondents to alter or withdraw a response,
including through unjustified threat of legal action;
(iii) Offering incentives for positive responses, or for changing negative
responses;
(iv) Soliciting or knowingly publishing responses created by people other than
hotel guests, or by insiders or other parties affiliated with Customer;
and
(v) Soliciting responses only from guests already identified as satisfied or
otherwise likely to post a positive response.
Customer will inform Survey On Tablet of the nature
and extent of its planned promotions which increase or are intended to increase
the volume or nature of responses.
2.5 The Application shall be used for lawful purposes only. No material shall be posted on, transmitted or reproduced by a Customer which violates or infringes in any way upon the rights of others, which is unlawful, threatening, abusive, defamatory, invasive of privacy or publicity rights, vulgar, obscene, profane, indecent or otherwise objectionable, which encourages conduct that would constitute a criminal offense, gives rise to civil liability or otherwise violates any law.
2.6 The Application contains copyrighted material, trademarks and other proprietary information including, but not limited to, text, software, photos, video, graphics, music and sound. Survey On Tablet owns the copyright to the selection, coordination, arrangement and enhancement of such content, as well as in the content original to it. Each third party content provider owns the copyright for content original to it. No Customer may modify, publish, transmit, participate in the transfer or sale, create derivative works, reveal or display publicly or in any way exploit, any of the content of the Application, in whole or in part, without the express written permission of Survey On Tablet. Except as otherwise expressly permitted under copyright law, no copying, redistribution, publication or commercial exploitation of downloaded material from the Application will be permitted without the express-written permission of Survey On Tablet and any other copyright owner. In the event of any permitted copying, redistribution or publication of copyrighted material, no changes in or deletion of author attribution, trademark, legend or copyright notice shall be made. Each Customer acknowledges that he or she does not acquire any ownership rights by downloading copyrighted material.
2.7 No material protected by copyright, trademark or other proprietary right shall be uploaded, posted or otherwise made available by a Customer, including a Respondent, either via the Application or through the use of any other means, without the express permission of the owner of the copyright, trademark or other proprietary right and the burden of determining that any material is not protected by copyright rests with the Customer. The Customer shall be solely liable for any damages resulting from any infringement of copyrights, proprietary rights, or any other harm resulting from any uploading, posting or submission.Each Customer represents and warrants that Customer has ownership or other authority to post any sound, image, text, or other material it posts via the Application. Each Customer hereby grants to Survey On Tablet, it's successors, assigns and licensees, an irrevocable, royalty-free license to use, reproduce, modify, adapt, publish, translate, perform, create derivative works from, and display any message or other content of any nature whatsoever, in whole or in part, provided by Customer in the course of, or arising out of, the Application, and to incorporate such content in other works in any form, media or technology now known or hereinafter developed.
2.8 Any Customer that offers rewards or incentives to survey respondents, must in good faith, try to honor this commitment. The Customer must provide information about offering rewards to respondents and comply with all applicable laws and regulations. Survey On Tablet has the right to pass all contact information about the Customer on to the survey Respondent.
2.9 Respondents should never provide information that they do not feel comfortable providing to an Customer. Once a Respondent fills out a survey or form through the Application, Customer can download that data and Survey On Tablet has absolutely no control over what the Customer does with that data. It is the Respondents responsibility to know what information they are providing, and who they are providing it to.
2.10 The Customer Agreement, Privacy Policy, and other terms of service may be changed without notice by Survey On Tablet, and use of the Application constitutes agreement with and acceptance of any such changes.
2.11 The Customer agrees that Survey On Tablet’s liability under this Agreement shall be limited to the amount the Customer has paid its use of the Application.
2.12 The Application is intended for survey creators and Respondents of the age of majority. The Application may not be used by, or to collect information from, minor children, according to laws in the minor's locality, without parental permission. Customer shall in no case use the Application to collect information from children under age 13 without parental permission. Customer agrees to defend, indemnify, and hold harmless the Survey On Tablet Parties from any liability related to use of the Application in a manner inconsistent with this Agreement.
2.13 CUSTOMER AGREES NOT TO CIRCUMVENT SURVEY ON TABLET’S PRIVACY OR SECURITY MEASURES FOR SURVEY TAKERS. If for any reason Customer tries to violate the survey responders' privacy, Customer agrees to hold harmless, defend, and indemnify the Survey On Tablet Affiliates for any liability to other Customers or third parties, including all attorney's fees incurred by the Survey On Tablet Parties as a result of Customer's actions. This agreement by Customer to defend, indemnify, and hold harmless the Survey On Tablet Parties is in addition to any other legal rights or remedies they may have under any other part of this Agreement or under the law.
2.14 Survey On Tablet does not guarantee any specific results from the use of the Service.
3. Survey On Tablet Marketing Tools.
The following terms apply only to the Survey On Tablet Marketing Tools:
3.1 The Services may integrate third-party services (for example, Twitter or Facebook) allowing Customer to post information to web sites outside the Services. Customer, and each User, agrees to inform itself of the terms and conditions of each of these integrated third-party services prior to use, and abide by such terms and conditions if Customer utilizes such integrated services.
3.2 Certain Services permit Customers to send email, SMS and other messages to their guests. The sending of commercial messages is regulated by law, including CAN-SPAM and the Telephone Consumer Privacy Act. SMS messaging is further regulated by mobile service carriers (“Carriers”) and by the policies and best practices of the Mobile Marketing Association and the CTIA, which collectively impose requirements regarding the integrity of SMS content and compliance with acceptable use policies. Customer acknowledges and agrees that it is responsible for complying with all applicable laws, published rules and policies regarding communication with its guests. Customer represents and warrants that it has obtained written or electronic opt-in permission from each guest to send messages to that guest, and agrees that if a guest opts out of a specific form of messaging from Customer (e.g. SMS), Customer will update the Services accordingly. Customer may not send any messages to a guest through the Services unless such messages are directly related to the type of information the guest has opted-in to receive from Customer. Survey On Tablet will notify Customer if it becomes aware of any violation or perceived violation of applicable laws, published rules and policies, and Customer is immediately obligated to correct any actual violation. Survey On Tablet may suspend Customer’s use of messaging features in the Services until a violation is cured. Customer will remain responsible for ensuring that it complies with all applicable laws, rules and regulations when communicating with its guests via the Services and will keep Survey On Tablet fully indemnified in accordance with Section 8 of this Agreement in respect of any breach of this Section 6(g).
3.3 No material protected by copyright, trademark or other proprietary right shall be uploaded, posted or otherwise made available by a Customer, including a Respondent, either via the Application or through the use of any other means, without the express permission of the owner of the copyright, trademark or other proprietary right and the burden of determining that any material is not protected by copyright rests with the Customer. The Customer shall be solely liable for any damages resulting from any infringement of copyrights, proprietary rights, or any other harm resulting from any uploading, posting or submission.Each Customer represents and warrants that Customer has ownership or other authority to post any sound, image, text, or other material it posts via the Application. Each Customer hereby grants to Survey On Tablet, it's successors, assigns and licensees, an irrevocable, royalty-free license to use, reproduce, modify, adapt, publish, translate, perform, create derivative works from, and display any message or other content of any nature whatsoever, in whole or in part, provided by Customer in the course of, or arising out of, the Application, and to incorporate such content in other works in any form, media or technology now known or hereinafter developed.
3.4 Survey On Tablet does not guarantee any specific results from the use of the Service.
4. Third Party Additional Terms
4.1 HolidayCheck. Customer's use of the the Survey On Tablet’s integration service with HolidayCheck, which may include associated media, printed materials, and "online" or electronic documentation (individually and collectively, "Products"), provided by Survey On Tablet in conjunction with Survey On Tablet Services is subject to the terms and conditions set forth here: http://www.holidaycheck.com/terms_of_use.php.
Data Processing and Security Terms
Data Processing and Security Terms
The Customer agreeing to these terms (“Customer”) and Survey On Tablet Ltd., (as applicable, “Survey On Tablet”) have entered into a Survey On Tablet Service License Agreement. These Data Processing and Security Terms, including the Appendices (collectively, the “Terms”) are entered into by Customer and Survey On Tablet as of the Terms Effective Date and supplement the Survey On Tablet Service License Agreement.
1. Introduction
These Terms reflect the parties’ agreement with respect to terms governing the processing of Customer Personal Data under the Survey On Tablet Service License Agreement.
2. Definitions
2.1 Capitalized terms used but not defined in these Terms have the meanings set out in the Survey On Tablet Service License Agreement. In these Terms, unless expressly stated otherwise:
Additional Products means products, services and applications (whether made available by Survey On Tablet or a third party) that are not part of the Services, but that may be accessible via the Admin Console or otherwise, for use with the Services.
Agreement means the Survey On Tablet Service License Agreement, as supplemented by these Data Processing and Security Terms, and as may be further amended from time to time in accordance with the Survey On Tablet Service License Agreement.
Customer Personal Data means the personal data that is contained within the Customer Data.
Data Incident means (a) any unlawful access to Customer Data stored in the Services or systems, equipment, or facilities of Survey On Tablet or its Subprocessors, or (b) unauthorized access to such Services, systems, equipment, or facilities that results in loss, disclosure, or alteration of Customer Data.
Data Protection Legislation means, as applicable: (a) any national provisions adopted pursuant to the Directive that are applicable to Customer and/or any Customer Affiliates as the controller(s) of the Customer Personal Data; and/or (b) the Federal Data Protection Act of 19 June 1992 (Switzerland).
Directive means Directive 95/46/EC of the European Parliament and of the Council on the Protection of Individuals with Regard to the Processing of Personal Data and on the Free Movement of Such Data.
EEA means the European Economic Area.
Survey On Tablet Group means those Survey On Tablet Affiliates involved in provision of the Services to Customer.
Instructions means Customer’s written instructions to Survey On Tablet consisting of the Agreement, including instructions to Survey On Tablet to provide the Services as set out in the Agreement; instructions given by Customer via the Admin Console and otherwise in its use of the Services; and any subsequent written instructions given by Customer to Survey On Tablet and acknowledged by Survey On Tablet.
Model Contract Clauses or MCCs mean the standard contractual clauses (processors) for the purposes of Article 26(2) of Directive 95/46/EC for the transfer of personal data to processors established in third countries which do not ensure an adequate level of data protection.
Safe Harbor Certification means a current certification to the U.S. Department of Commerce Safe Harbor framework requirements as set out at: http://export.gov/safeharbor/eu/eg_main_018475.asp, or any replacement framework or URL from time to time.
Security Measures has the meaning given in Section 6.1 (Security Measures) of these Terms.
Subprocessors means (a) all Survey On Tablet Group entities that have logical access to, and process, Customer Personal Data (each, a “Survey On Tablet Group Subprocessor”), and (b) all third parties (other than Survey On Tablet Group entities) that are engaged to provide services to Customer and that have logical access to, and process, Customer Personal Data (each, a "Third Party Subprocessor").
Third Party Auditor means a qualified and independent third party auditor, whose then-current identity Survey On Tablet will disclose to Customer.
2.2 The terms “personal data”, “processing”, “data subject”, “controller” and “processor” have the meanings given to them in the Directive. The terms “data importer” and “data exporter” have the meanings given to them in the Model Contract Clauses.
3. Term
These Terms will take effect on the Terms Effective Date and, notwithstanding expiry or termination of the Survey On Tablet Service License Agreement, will remain in effect until, and automatically terminate upon, deletion by Survey On Tablet of all data as described in Section 7 (Data Correction, Blocking, Exporting, and Deletion) of these Terms.
4. Data Protection Legislation
The parties agree and acknowledge that the Data Protection Legislation may apply to the processing of Customer Personal Data.
5. Processing of Customer Personal Data
5.1 Controller and Processor. If the Data Protection Legislation applies to the processing of Customer Personal Data, then as between the parties, the parties acknowledge and agree that: (a) Customer is the controller of Customer Personal Data under the Agreement; (b) Survey On Tablet is a processor of such data; (c) Customer will comply with its obligations as a controller under the Data Protection Legislation; and (d) Survey On Tablet will comply with its obligations as a processor under the Agreement. If under the Data Protection Legislation a Customer Affiliate is considered the controller (either alone or jointly with the Customer) with respect to certain Customer Personal Data, Customer represents and warrants to Survey On Tablet that Customer is authorized: (i) to give the Instructions to Survey On Tablet and otherwise act on behalf of such Customer Affiliate in relation to such Customer Personal Data as described in these Terms, and (ii) to bind the Customer Affiliate to these Terms. Appendix 1 sets out a description of the categories of data that may fall within Customer Personal Data and of the categories of data subjects to which that data may relate.
5.2 Scope of Processing. Survey On Tablet will only process Customer Personal Data in accordance with the Instructions, and will not process Customer Personal Data for any other purpose.
5.3 Additional Products. Customer acknowledges that if it installs, uses, or enables Additional Products, then the Services may allow such Additional Products to access Customer Data as required for the interoperation of those Additional Products with the Services. The Agreement does not apply to the processing of data transmitted to or from such Additional Products. Such Additional Products are not required to use the Services.
6. Data Security; Security Compliance; Audits
6.1 Security Measures. Survey On Tablet will take and implement appropriate technical and organizational measures to protect Customer Data against accidental or unlawful destruction or accidental loss or alteration, or unauthorized disclosure or access, or other unauthorized processing, as detailed in Appendix 2 (the "Security Measures"). Survey On Tablet may update or modify the Security Measures from time to time provided that such updates and modifications do not result in the degradation of the overall security of the Services. Customer agrees that it is solely responsible for its use of the Services, including securing its account authentication credentials, and that Survey On Tablet has no obligation to protect Customer Data that Customer elects to store or transfer outside of Survey On Tablet’s and its Subprocessors’ systems (e.g., offline or on-premise storage).
6.2 Security Compliance by Survey On Tablet Staff. Survey On Tablet will take appropriate steps to ensure compliance with the Security Measures by its employees, contractors and Subprocessors to the extent applicable to their scope of performance.
6.3 Data Incidents. If Survey On Tablet becomes aware of a Data Incident, Survey On Tablet will promptly notify Customer of the Data Incident, and take reasonable steps to minimize harm and secure Customer Data. Notification(s) of any Data Incident(s) will be delivered to the email address provided by Customer in the Agreement (or in the Admin Console) or, at Survey On Tablet’s discretion, by direct Customer communication (e.g., by phone call or an in-person meeting). Customer acknowledges that it is solely responsible for ensuring that the contact information set forth above is current and valid, and for fulfilling any third party notification obligations. Customer agrees that “Data Incidents” do not include: (i) unsuccessful access attempts or similar events that do not compromise the security or privacy of Customer Data, including pings, port scans, denial of service attacks, and other network attacks on firewalls or networked systems; or (ii) accidental loss or disclosure of Customer Data caused by Customer’s use of the Services or Customer’s loss of account authentication credentials. Survey On Tablet’s obligation to report or respond to a Data Incident under this Section will not be construed as an acknowledgement by Survey On Tablet of any fault or liability with respect to the Data Incident.
7. Data Correction, Blocking, Exporting, and Deletion
During the Term, Survey On Tablet will provide Customer with the ability to correct, block, export and delete Customer Data in a manner consistent with the functionality of the Services and in accordance with the terms of the Agreement. Once Customer deletes Customer Data via the Services such that the Customer Data cannot be recovered by Customer (the “Customer-Deleted Data”), Survey On Tablet will delete the Customer-Deleted Data within a maximum period of 180 days, unless applicable legislation or legal process prevents it from doing so. On the expiry or termination of the Agreement (or, if applicable on expiry of any post-termination period during which Survey On Tablet may agree to continue providing access to the Services), after a recovery period of up to 30 days following such expiry or termination, Survey On Tablet will thereafter delete the Customer-Deleted Data within a maximum period of 180 days, unless applicable legislation or legal process prevents it from doing so.
8. Access; Export of Data
During the Term, Survey On Tablet will make available to Customer the Customer Data in a manner consistent with the functionality of the Services and in accordance with the terms of the Agreement. To the extent Customer, in its use and administration of the Services during the Term, does not have the ability to amend or delete Customer Data (as required by applicable law), or migrate Customer Data to another system or service provider, Survey On Tablet will, at Customer’s reasonable expense, comply with any reasonable requests by Customer to assist in facilitating such actions to the extent Survey On Tablet is legally permitted to do so and has reasonable access to the relevant Customer Data.
9. Data Privacy Contact for Survey On Tablet Services
Survey On Tablet’s Data Privacy Contact for Survey On Tablet Service can be contacted by Customer administrators at: http://www.surveyontablet.com/contact (or via such other means as Survey On Tablet may provide).
10. Data Transfers
10.1 Data Location and Transfers. Survey On Tablet may store and process the relevant Customer Data anywhere Survey On Tablet or its Subprocessors maintain facilities in accordance with the Service Specific Terms.
10.2 Transfers of Data Out of the EEA. If the storage and processing of Customer Data (as set out in Section 10.1 above) involves transfers of Customer Personal Data out of the EEA, and Data Protection Legislation applies to those transfers, Survey On Tablet will:
10.2.1 ensure that the transfers are made in accordance with the Safe Harbor Agreement; and/or
10.2.2 ensure that Survey On Tablet Ltd as the data importer of Customer Personal Data enters into Model Contract Clauses with Customer (or an authorized Customer Affiliate) as the data exporter of such data, if Customer so requests, and that the transfers are made in accordance with any such Model Contract Clauses; and/or
10.2.3 adopt an alternative solution that achieves compliance with the terms of the Directive for transfers of personal data to a third country, and ensure that the transfers are made in accordance with such solution.
10.3 Data Center Information. Survey On Tablet will make available to Customer information about the countries in which data centers used to store Customer Personal Data are located.
11. Subprocessors
11.1 Subprocessors. Survey On Tablet may engage Subprocessors to provide limited parts of the Services, subject to the restrictions in these Terms.
11.2 Subprocessing Restrictions. Survey On Tablet will ensure that Subprocessors only access and use Customer Data in accordance with Section 10.1 (Data Location and Transfers) and terms of the Agreement and that they are bound by written agreements that require them to provide at least the level of data protection required by the following, as applicable pursuant to Section 10.2 (Transfers of Data Out of the EEA): (a) any Safe Harbor Certification maintained by Survey On Tablet Subprocessors; (b) any Model Contract Clauses entered into by Survey On Tablet Ltd and Customer (or an authorized Customer Affiliate); and/or (c) any alternative compliance solution adopted by Survey On Tablet.
11.3 Consent to Subprocessing. Customer consents to Survey On Tablet subcontracting the processing of Customer Data to Subprocessors in accordance with the Agreement. If the Model Contract Clauses have been entered into as described above, Customer (or, if applicable, an authorized Customer Affiliate) consents to Survey On Tablet Ltd subcontracting the processing of Customer Data in accordance with the terms of the Model Contract Clauses.
11.4 Additional Information. the written request of the Customer, Survey On Tablet will provide additional information regarding Subprocessors and their locations. Any such requests must be sent to Survey On Tablet’s Data Privacy Contact for Survey On Tablet Service, the contact details of which are set out in Section 9 (Data Privacy Contact for Survey On Tablet Service) above.
11.5 Termination. If the Model Contract Clauses have been entered into by the parties: (i) Survey On Tablet will, at least 15 days before appointing any new Third Party Subprocessor, inform Customer of the appointment (including the name and location of such subprocessor and the activities it will perform) either by sending an email to Customer or via the Admin Console; and (ii) if Customer objects to Survey On Tablet's use of any new Third Party Subprocessors, Customer may, as its sole and exclusive remedy, terminate the Survey On Tablet Service License Agreement by giving written notice to Survey On Tablet within 30 days of being informed by Survey On Tablet of the appointment of such subprocessor.
12. Liability Cap
If Survey On Tablet Ltd and Customer (or an authorized Customer Affiliate) enter into Model Contract Clauses as described above, then, subject to the remaining terms of the Agreement relating to liability (including any specific exclusions from any limitation of liability), the total combined liability of Survey On Tablet and its Affiliates, on the one hand, and Customer and its Affiliates, on the other hand, under or in connection with the Agreement and all those MCCs combined will be limited to the maximum monetary or payment-based liability amount set out in the Agreement.
13. Third Party Beneficiary
Notwithstanding anything to the contrary in the Agreement, where Survey On Tablet Ltd is not a party to the Agreement, Survey On Tablet Ltd will be a third party beneficiary of Section 6.5 (Auditing Security Compliance), Section 11.3 (Consent to Subprocessing), and Section 12 (Liability Cap) of these Terms.
14. Priority
Notwithstanding anything to the contrary in the Agreement, to the extent of any conflict or inconsistency between these Terms and the remaining terms of the Agreement, these Terms will govern.
Appendix 1: Categories of Personal Data and Data Subjects
1 Categories of Personal Data. Data relating to individuals provided to Survey On Tablet via the Services, by (or at the direction of) Customer.
2 Data Subjects. Data subjects include the individuals about whom data is provided to Survey On Tablet via the Services by (or at the direction of) Customer.
Appendix 2: Security Measures
As of the Terms Effective Date, Survey On Tablet will take and implement the Security Measures set out in this Appendix. Survey On Tablet may update or modify such Security Measures from time to time provided that such updates and modifications do not result in the degradation of the overall security of the Services.
1. Data Center and Network Security
(a) Data Centers.
Infrastructure. Survey On Tablet uses geographically distributed data centers. Survey On Tablet stores all production data in physically secure data centers.
Redundancy. Infrastructure systems have been designed to eliminate single points of failure and minimize the impact of anticipated environmental risks. Dual circuits, switches, networks or other necessary devices help provide this redundancy. The Services are designed to allow Survey On Tablet to perform certain types of preventative and corrective maintenance without interruption. All environmental equipment and facilities have documented preventative maintenance procedures that detail the process for and frequency of performance in accordance with the manufacturer’s or internal specifications. Preventative and corrective maintenance of the data center equipment is scheduled through a standard change process according to documented procedures.
Power. The data center electrical power systems are designed to be redundant and maintainable without impact to continuous operations, 24 hours a day, 7 days a week. In most cases, a primary as well as an alternate power source, each with equal capacity, is provided for critical infrastructure components in the data center. Backup power is provided by various mechanisms such as uninterruptible power supplies (UPS) batteries, which supply consistently reliable power protection during utility brownouts, blackouts, over voltage, under voltage, and out-of-tolerance frequency conditions. If utility power is interrupted, backup power is designed to provide transitory power to the data center, at full capacity, for up to 10 minutes until the diesel generator systems take over. The diesel generators are capable of automatically starting up within seconds to provide enough emergency electrical power to run the data center at full capacity typically for a period of days.
Server Operating Systems. Survey On Tablet servers use a Linux based implementation customized for the application environment. Data is stored using proprietary algorithms to augment data security and redundancy.
Businesses Continuity. Survey On Tablet replicates data over multiple systems to help to protect against accidental destruction or loss.
(b) Networks and Transmission.
Data Transmission. Data centers are typically connected via high-speed private links to provide secure and fast data transfer between data centers. This is designed to prevent data from being read, copied, altered or removed without authorization during electronic transfer or transport or while being recorded onto data storage media. Survey On Tablet transfers data via Internet standard protocols.
External Attack Surface. Survey On Tablet employs multiple layers of network devices and intrusion detection to protect its external attack surface. Survey On Tablet considers potential attack vectors and incorporates appropriate purpose built technologies into external facing systems.
Intrusion Detection. Intrusion detection is intended to provide insight into ongoing attack activities and provide adequate information to respond to incidents. Survey On Tablet intrusion detection involves:
1.tightly controlling the size and make-up of Survey On Tablet’s attack surface through preventative measures;
2.employing intelligent detection controls at data entry points; and
3.employing technologies that automatically remedy certain dangerous situations.
Incident Response. Survey On Tablet monitors a variety of communication channels for security incidents, and Survey On Tablet’s security personnel will react promptly to known incidents.
Encryption Technologies. Survey On Tablet makes HTTPS encryption (also referred to as SSL or TLS connection) available.
2. Access and Site Controls
(a) Site Controls.
On-site Data Center Security Operation. Survey On Tablet’s stores data at third-party-owned data centers that maintain an on-site security operation responsible for all physical data center security functions 24 hours a day, 7 days a week. The on-site security operation personnel monitor closed circuit TV (CCTV) cameras and all alarm systems. On-site security operation personnel perform internal and external patrols of the data center regularly.
Data Center Access Procedures. Survey On Tablet stores data at third-party-owned data centers that maintains formal access procedures for allowing physical access to the data centers. The data centers are housed in facilities that require electronic card key access, with alarms that are linked to the on-site security operation. All entrants to the data center are required to identify themselves as well as show proof of identity to on-site security operations. Only authorized employees, contractors and visitors are allowed entry to the data centers. Only authorized employees and contractors are permitted to request electronic card key access to these facilities. Data center electronic card key access requests must be made through e-mail, and requires the approval of the requestor’s manager and the data center director. All other entrants requiring temporary data center access must: (i) obtain approval in advance from the data center managers for the specific data center and internal areas they wish to visit; (ii) sign in at on-site security operations; and (iii) reference an approved data center access record identifying the individual as approved.
On-site Data Center Security Devices. Survey On Tablet’s stores data at third-party-owned data centers that employ an electronic card key and biometric access control system that is linked to a system alarm. The access control system monitors and records each individual’s electronic card key and when they access perimeter doors, shipping and receiving, and other critical areas. Unauthorized activity and failed access attempts are logged by the access control system and investigated, as appropriate. Authorized access throughout the business operations and data centers is restricted based on zones and the individual’s job responsibilities. The fire doors at the data centers are alarmed. CCTV cameras are in operation both inside and outside the data centers. The positioning of the cameras has been designed to cover strategic areas including, among others, the perimeter, doors to the data center building, and shipping/receiving. On-site security operations personnel manage the CCTV monitoring, recording and control equipment. Secure cables throughout the data centers connect the CCTV equipment. Cameras record on site via digital video recorders 24 hours a day, 7 days a week. The surveillance records are retained for up to 30 days based on activity.
(b) Access Control.
Infrastructure Security Personnel. Survey On Tablet has, and maintains, a security policy for its personnel, and requires security training as part of the training package for its personnel. Survey On Tablet’s personnel are responsible for the ongoing monitoring of Survey On Tablet’s security infrastructure, the review of the Services, and responding to security incidents.
Access Control and Privilege Management. Customer’s administrators must authenticate themselves via a central authentication system or via a single sign on system in order to administer the Services.
Internal Data Access Processes and Policies – Access Policy. Survey On Tablet’s internal data access processes and policies are designed to prevent unauthorized persons and/or systems from gaining access to systems used to process personal data. Survey On Tablet designs its systems to (i) only allow authorized persons to access data they are authorized to access; and (ii) ensure that personal data cannot be read, copied, altered or removed without authorization during processing, use and after recording. The systems are designed to detect any inappropriate access. Survey On Tablet employs a centralized access management system to control personnel access to production servers, and only provides access to a limited number of authorized personnel. LDAP, Kerberos and a proprietary system utilizing RSA keys are designed to provide Survey On Tablet with secure and flexible access mechanisms. These mechanisms are designed to grant only approved access rights to site hosts, logs, data and configuration information. Survey On Tablet requires the use of unique user IDs, strong passwords, two factor authentication and carefully monitored access lists to minimize the potential for unauthorized account use. The granting or modification of access rights is based on: the authorized personnel’s job responsibilities; job duty requirements necessary to perform authorized tasks; and a need to know basis. The granting or modification of access rights must also be in accordance with Survey On Tablet’s internal data access policies and training. Approvals are managed by workflow tools that maintain audit records of all changes. Access to systems is logged to create an audit trail for accountability. Where passwords are employed for authentication (e.g., login to workstations), password policies that follow at least industry standard practices are implemented. These standards include password expiry, restrictions on password reuse and sufficient password strength. For access to extremely sensitive information (e.g. credit card data), Survey On Tablet uses hardware tokens.
3. Data
(a) Data Storage, Isolation and Logging. Survey On Tablet stores data in a multi-tenant environment on third-party-owned servers. The data and file system architecture are replicated between multiple geographically dispersed data centers. Survey On Tablet also logically isolates the Customer’s data. The Customer will be given control over specific data sharing policies. Those policies, in accordance with the functionality of the Services, will enable Customer to determine the product sharing settings applicable to Customer End Users for specific purposes. Customer may choose to make use of certain logging capability that Survey On Tablet may make available via the Services.
(b) Decommissioned Disks and Disk Erase Policy. Certain disks containing data may experience performance issues, errors or hardware failure that lead them to be decommissioned (“Decommissioned Disk”). Every Decommissioned Disk is subject to a series of data destruction processes (the “Disk Erase Policy”) before leaving Survey On Tablet’s premises either for reuse or destruction. Decommissioned Disks are erased in a multi-step process and verified complete by at least two independent validators. The erase results are logged by the Decommissioned Disk’s serial number for tracking. Finally, the erased Decommissioned Disk is released to inventory for reuse and redeployment. If, due to hardware failure, the Decommissioned Disk cannot be erased, it is securely stored until it can be destroyed. Each facility is audited regularly to monitor compliance with the Disk Erase Policy.
4. Personnel Security
Survey On Tablet personnel are required to conduct
themselves in a manner consistent with the company’s guidelines regarding
confidentiality, business ethics, appropriate usage, and professional
standards. Survey On Tablet conducts reasonably appropriate backgrounds checks to the
extent legally permissible and in accordance with applicable local labor law
and statutory regulations.
Personnel are required to execute a confidentiality agreement and must
acknowledge receipt of, and compliance with, Survey On Tablet’s confidentiality and privacy
policies. Personnel are provided with security training. Personnel handling
Customer Data are required to complete additional requirements appropriate to
their role (eg., certifications). Survey On Tablet’s personnel will not process
Customer Data without authorization.
5. Subprocessor Security
Prior to onboarding Subprocessors, Survey On Tablet conducts an audit of the security and privacy practices of Subprocessors to ensure Subprocessors provide a level of security and privacy appropriate to their access to data and the scope of the services they are engaged to provide. Once Survey On Tablet has assessed the risks presented by the Subprocessor, then subject to the requirements set out in Section 11.2 (Subprocessing Restrictions) of these Terms, the Subprocessor is required to enter into appropriate security, confidentiality and privacy contract terms.
EU Model Contract Clauses
EU Model Contract Clauses
By using Survey On Tablet Services, you confirm that you (or the legal entity you declare to legally represent) accept these terms as a "data exporter" within the meaning of Commission Decision 2010/87/EU, and if it is determined you (or the legal entity you declare to legally represent) are not to be a data exporter, the Model Contract Clauses below between the parties will not apply.
You represent and warrant that:
i.you have full legal authority to agree to the terms presented above on behalf of the legal entity accepting these terms;
ii.you have read and understood these terms; and
iii.you agree, on behalf of that entity, to these terms.
Survey On Tablet Services
Standard
Contractual Clauses (processors)
for the purposes of Article 26(2) of Directive 95/46/EC for the transfer of
personal data to processors established in third countries which do not ensure
an adequate level of data protection
the non-Survey On Tablet legal entity accepting the Clauses (the “Data Exporter”)
And
Survey On Tablet
Ltd
4-5 Bonhill Str, EC2A4BX London, United Kingdom
(the
“Data Importer”)
each a “party”; together “the parties”,
HAVE AGREED on the following Contractual Clauses (the “Clauses”) in order to adduce adequate safeguards with respect to the protection of privacy and fundamental rights and freedoms of individuals for the transfer by the Data Exporter to the Data Importer of the personal data specified in Appendix 1.
The Clauses (including Appendices 1 and 2) are effective from the date the non-Survey On Tablet entity has executed a valid “Survey On Tablet Service License Agreement” with “Data Processing and Security Terms” (collectively the “Services Agreement”) or is otherwise an authorized customer affiliate under such Services Agreemen. A “Survey On Tablet Service License Agreement” means a Survey On Tablet Service License Agreement entered into with Survey On Tablet Ltd. “Data Processing and Security Terms” means terms incorporated by reference in the Survey On Tablet Service License Agreement or otherwise subsequently agreed between the parties to that agreement that set forth certain terms in relation to the protection and processing of personal data.
If you are representing on behalf of the Data Exporter, you represent and warrant that: (i) you have full legal authority to bind your employer, or the applicable entity, to these terms and conditions; (ii) you have read and understand the Clauses; and (iii) you agree, on behalf of the party that you represent, to the Clauses. The Clauses shall automatically expire on the termination or expiry of the Data Processing and Security Terms. The parties agree that where Data Exporter has been presented with these Clauses such presentation shall constitute execution of the entirety of the Clauses by both parties, subject to the effective date described above.
Clause 1
Definitions
For the purposes of the Clauses:
- (a) ‘personal data’, ‘special categories of data’, ‘process/processing’, ‘controller’, ‘processor’, ‘Data Subject’ and ‘Supervisory Authority’ shall have the same meaning as in Directive 95/46/EC of the European Parliament and of the Council of 24 October 1995 on the protection of individuals with regard to the processing of personal data and on the free movement of such data;
- (b) ‘the Data Exporter’ means the controller who transfers the personal data;
- (c) ‘the Data Importer’ means the processor who agrees to receive from the Data Exporter personal data intended for processing on his behalf after the transfer in accordance with his instructions and the terms of the Clauses and who is not subject to a third country’s system ensuring adequate protection within the meaning of Article 25 (1) of Directive 95/46/EC;
- (d) ‘the Subprocessor’ means any processor engaged by the Data Importer or by any other subprocessor of the Data Importer who agrees to receive from the Data Importer or from any other subprocessor of the Data Importer personal data exclusively intended for processing activities to be carried out on behalf of the Data Exporter after the transfer in accordance with his instructions, the terms of the Clauses and the terms of the written subcontract;
- (e) ‘the applicable data protection law’ means the legislation protecting the fundamental rights and freedoms of individuals and, in particular, their right to privacy with respect to the processing of personal data applicable to a data controller in the Member State in which the Data Exporter is established;
- (f) ‘technical and organisational security measures’ means those measures aimed at protecting personal data against accidental or unlawful destruction or accidental loss, alteration, unauthorised disclosure or access, in particular where the processing involves the transmission of data over a network, and against all other unlawful forms of processing.
Clause 2
Details of the transfer
- The details of the transfer and in particular the special categories of personal data where applicable are specified in Appendix 1 which forms an integral part of the Clauses.
Clause 3
Third-party beneficiary clause
- 1. The Data Subject can enforce against the Data Exporter this Clause, Clause 4(b) to (i), Clause 5(a) to (e), and (g) to (j), Clause 6(1) and (2), Clause 7, Clause 8(2), and Clauses 9 to 12 as third-party beneficiary.
- 2. The Data Subject can enforce against the Data Importer this Clause, Clause 5(a) to (e) and (g), Clause 6, Clause 7, Clause 8(2), and Clauses 9 to 12, in cases where the Data Exporter has factually disappeared or has ceased to exist in law unless any successor entity has assumed the entire legal obligations of the Data Exporter by contract or by operation of law, as a result of which it takes on the rights and obligations of the Data Exporter, in which case the Data Subject can enforce them against such entity.
- 3. The Data Subject can enforce against the Subprocessor this Clause, Clause 5(a) to (e) and (g), Clause 6, Clause 7, Clause 8(2), and Clauses 9 to 12, in cases where both the Data Exporter and the Data Importer have factually disappeared or ceased to exist in law or have become insolvent, unless any successor entity has assumed the entire legal obligations of the Data Exporter by contract or by operation of law as a result of which it takes on the rights and obligations of the data exporter, in which case the Data Subject can enforce them against such entity. Such third-party liability of the Subprocessor shall be limited to its own processing operations under the Clauses.
- 4. The parties do not object to a Data Subject being represented by an association or other body if the Data Subject so expressly wishes and if permitted by national law.
Clause 4
Obligations of the Data Exporter
The Data Exporter agrees and warrants:
- (a) that the processing, including the transfer itself, of the personal data has been and will continue to be carried out in accordance with the relevant provisions of the applicable data protection law (and, where applicable, has been notified to the relevant authorities of the Member State where the Data Exporter is established) and does not violate the relevant provisions of that State
- (b) that it has instructed and throughout the duration of the personal data processing services will instruct the data importer to process the personal data transferred only on the Data Exporter’s behalf and in accordance with the applicable data protection law and the Clauses;
- (c) that the data importer will provide sufficient guarantees in respect of the technical and organisational security measures specified in Appendix 2 to this contract;
- (d) that after assessment of the requirements of the applicable data protection law, the security measures are appropriate to protect personal data against accidental or unlawful destruction or accidental loss, alteration, unauthorised disclosure or access, in particular where the processing involves the transmission of data over a network, and against all other unlawful forms of processing, and that these measures ensure a level of security appropriate to the risks presented by the processing and the nature of the data to be protected having regard to the state of the art and the cost of their implementation.
- (e) that it will ensure compliance with the security measures;
- (f) that, if the transfer involves special categories of data, the Data Subject has been informed or will be informed before, or as soon as possible after, the transfer that its data could be transmitted to a third country not providing adequate protection within the meaning of Directive 95/46/EC;
- (g) to forward any notification received from the data importer or any Subprocessor pursuant to Clause 5(b) and Clause 8(3) to the data protection supervisory authority if the Data Exporter decides to continue the transfer or to lift the suspension;
- (h) to make available to the Data Subjects upon request a copy of the Clauses, with the exception of Appendix 2, and a summary description of the security measures, as well as a copy of any contract for sub-processing services which has to be made in accordance with the Clauses, unless the Clauses or the contract contain commercial information, in which case it may remove such commercial information;
- (i) that, in the event of sub-processing, the processing activity is carried out in accordance with Clause 11 by a Subprocessor providing at least the same level of protection for the personal data and the rights of Data Subject as the Data Importer under the Clauses; and
- (j) that it will ensure compliance with Clause 4(a) to (i).
Clause 5
Obligations of the Data Importer[1]
The Data Importer agrees and warrants:
- (a) to process the personal data only on behalf of the Data Exporter and in compliance with its instructions and the Clauses; if it cannot provide such compliance for whatever reasons, it agrees to inform promptly the Data Exporter of its inability to comply, in which case the Data Exporter is entitled to suspend the transfer of data and/or terminate the contract;
- (b) that it has no reason to believe that the legislation applicable to it prevents it from fulfilling the instructions received from the Data Exporter and its obligations under the contract and that in the event of a change in this legislation which is likely to have a substantial adverse effect on the warranties and obligations provided by the Clauses, it will promptly notify the change to the Data Exporter as soon as it is aware, in which case the Data Exporter is entitled to suspend the transfer of data and/or terminate the contract;
- (c) that it has implemented the technical and organisational security measures specified in Appendix 2 before processing the personal data transferred;
- (d) that it will promptly notify the Data Exporter about:
·(i) any legally binding request for disclosure of the personal data by a law enforcement authority unless otherwise prohibited, such as a prohibition under criminal law to preserve the confidentiality of a law enforcement investigation;
·(ii) any accidental or unauthorised access; and
·(iii) any request received directly from the Data Subjects without responding to that request, unless it has been otherwise authorised to do so;
- (e) to deal promptly and properly with all inquiries from the Data Exporter relating to its processing of the personal Data Subject to the transfer and to abide by the advice of the supervisory authority with regard to the processing of the data transferred;
- (f) at the request of the Data Exporter to submit its data-processing facilities for audit of the processing activities covered by the Clauses which shall be carried out by the Data Exporter or an inspection body composed of independent members and in possession of the required professional qualifications bound by a duty of confidentiality, selected by the Data Exporter, where applicable, in agreement with the supervisory authority;
- (g) to make available to the Data Subject upon request a copy of the Clauses, or any existing contract for sub-processing, unless the Clauses or contract contain commercial information, in which case it may remove such commercial information, with the exception of Appendix 2 which shall be replaced by a summary description of the security measures in those cases where the Data Subject is unable to obtain a copy from the Data Exporter;
- (h) that, in the event of sub-processing, it has previously informed the Data Exporter and obtained its prior written consent;
- (i) that the processing services by the Subprocessor will be carried out in accordance with Clause 11;
- (j) to send promptly a copy of any Subprocessor agreement it concludes under the Clauses to the Data Exporter.
Clause 6
Liability
- 1. The parties agree that any Data Subject, who has suffered damage as a result of any breach of the obligations referred to in Clause 3 or in Clause 11 by any party or Subprocessor is entitled to receive compensation from the Data Exporter for the damage suffered.
- 2. If a Data Subject is not able to bring a claim for compensation in accordance with paragraph 1 against the Data Exporter, arising out of a breach by the Data Importer or his Subprocessor of any of their obligations referred to in Clause 3 or in Clause 11, because the Data Exporter has factually disappeared or ceased to exist in law or has become insolvent, the Data Importer agrees that the Data Subject may issue a claim against the Data Importer as if it were the Data Exporter, unless any successor entity has assumed the entire legal obligations of the Data Exporter by contract or by operation of law, in which case the Data Subject can enforce its rights against such entity.The Data Importer may not rely on a breach by a Subprocessor of its obligations in order to avoid its own liabilities.
- 3. If a Data Subject is not able to bring a claim against the Data Exporter or the Data Importer referred to in paragraphs 1 and 2, arising out of a breach by the Subprocessor of any of their obligations referred to in Clause 3 or in Clause 11 because both the Data Exporter and the Data Importer have factually disappeared or ceased to exist in law or have become insolvent, the Subprocessor agrees that the Data Subject may issue a claim against the data Subprocessor with regard to its own processing operations under the Clauses as if it were the Data Exporter or the Data Importer, unless any successor entity has assumed the entire legal obligations of the Data Exporter or Data Importer by contract or by operation of law, in which case the Data Subject can enforce its rights against such entity. The liability of the Subprocessor shall be limited to its own processing operations under the Clauses.
Clause 7
Mediation and jurisdiction
- 1. The Data Importer agrees that if the Data Subject invokes against it third-party beneficiary rights and/or claims compensation for damages under the Clauses, the Data Importer will accept the decision of the Data Subject;
·(a) to refer the dispute to mediation, by an independent person or, where applicable, by the supervisory authority;
·(b) to refer the dispute to the courts in the Member State in which the Data Exporter is established.
- 2. The parties agree that the choice made by the Data Subject will not prejudice its substantive or procedural rights to seek remedies in accordance with other provisions of national or international law.
Clause 8
Cooperation with supervisory authorities
- 1. The Data Exporter agrees to deposit a copy of this contract with the supervisory authority if it so requests or if such deposit is required under the applicable data protection law.
- 2. The parties agree that the supervisory authority has the right to conduct an audit of the Data Importer, and of any Subprocessor, which has the same scope and is subject to the same conditions as would apply to an audit of the Data Exporter under the applicable data protection law.
- 3. The Data Importer shall promptly inform the Data Exporter about the existence of legislation applicable to it or any Subprocessor preventing the conduct of an audit of the Data Importer, or any Subprocessor, pursuant to paragraph 2. In such a case the Data Exporter shall be entitled to take the measures foreseen in Clause 5(b).
Clause 9
Governing Law
- The Clauses shall be governed by the law of the Member State in which the Data Exporter is established.
Clause 10
Variation of the contract
- The parties undertake not to vary or modify the Clauses. This does not preclude the parties from adding clauses on business related issues where required as long as they do not contradict the Clause.
Clause 11
Sub-Processing
- 1. The Data Importer may subcontract any of its processing operations performed on behalf of the Data Exporter under the Clauses without the prior written consent of the Data Exporter. Where the Data Importer subcontracts its obligations under the Clauses, it shall do so only by way of a written agreement with the Subprocessor which imposes the same obligations on the Subprocessor as are imposed on the Data Importer under the Clauses. Where the Subprocessor fails to fulfil its data protection obligations under such written agreement the Data Importer shall remain fully liable to the Data Exporter for the performance of the Subprocessor’s obligations under such agreement.
- 2. The prior written contract between the Data Importer and the Subprocessor shall also provide for a third-party beneficiary clause as laid down in Clause 3 for cases where the Data Subject is not able to bring the claim for compensation referred to in paragraph 1 of Clause 6 against the Data Exporter or the Data Importer because they have factually disappeared or have ceased to exist in law or have become insolvent and no successor entity has assumed the entire legal obligations of the Data Exporter or Data Importer by contract or by operation of law. Such third-party liability of the Subprocessor shall be limited to its own processing operations under the Clauses.
- 3. The provisions relating to data protection aspects for sub-processing of the contract referred to in paragraph 1 shall be governed by the law of the Member State in which the Data Exporter is established.
- 4. The Data Exporter shall keep a list of sub-processing agreements concluded under the Clauses and notified by the Data Importer pursuant to Clause 5(j), which shall be updated at least once a year. The list shall be available to the Data Exporter’s data protection supervisory authority.
Clause 12
Obligation after the termination of personal data processing services
- 1. The parties agree that on the termination of the provision of data processing services, the Data Importer and the Subprocessor shall, at the choice of the Data Exporter, return all the personal data transferred and the copies thereof to the Data Exporter or shall destroy all the personal data and certify to the Data Exporter that it has done so, unless legislation imposed upon the Data Importer prevents it from returning or destroying all or part of the personal data transferred. In that case, the Data Importer warrants that it will guarantee the confidentiality of the personal data transferred and will not actively process the personal data transferred anymore.
- 2. The Data Importer and the Subprocessor warrant that upon request of the Data Exporter and/or of the supervisory authority, it will submit its data processing facilities for an audit of the measures referred to in paragraph 1.
Appendix 1
to the Standard Contractual Clauses
This Appendix forms part of the Clauses
Data Exporter
- The Data Exporter is the non-Survey On Tablet legal entity that is a party to the Clauses.
Data Importer
- The Data Importer is Survey On Tablet Ltd, a global provider of a variety of technology services for businesses.
Data Subjects
- The personal data transferred concern the following categories of data subjects: Data subjects include the individuals about whom data is provided to Survey On Tablet via the Services by (or at the direction of) Data Exporter.
Categories of data
- The personal data transferred concern the following categories of data: Data relating to individuals provided to Survey On Tablet via the Services by (or at the direction of) Data Exporter.
Special categories of data (if appropriate)
- The personal data transferred concern the following special categories of data: Data relating to individuals provided to Survey On Tablet via the Services by (or at the direction of) Data Exporter.
Processing operations
The personal data transferred will be subject to the following basic processing activities:
- Scope of Processing.
·The Clauses reflect the parties’ agreement with respect to the processing and transfer of personal data specified in this Appendix pursuant to the provision of the Services. Personal data may be processed only to comply with Instructions (as defined in the Data Processing and Security Terms). The Data Exporter instructs the Data Importer to process personal data in countries in which the Data Importer or its Subprocessors maintain facilities.
- Term of Data Processing.
·Data processing will be for the term specified in the Data Processing and Security Terms. Such term will automatically terminate upon the deletion by the Data Importer of all data as described in the Data Processing and Security Terms.
- Data Deletion.
·During the term of the Services Agreement, the Data Importer will provide the Data Exporter with the ability to delete the Data Exporter’s personal data from the Services in accordance with the Services Agreement. After termination or expiry of the Services Agreement, the Data Importer will delete the Data Exporter’s personal data in accordance with the Services Agreement.
- Access to Data.
·During the term of the Services Agreement, the Data Importer will provide the Data Exporter with access to, and the ability to correct, block, and export the Data Exporter’s personal data from the Services in accordance with the Services Agreement.
- Subprocessors.
·The Data Importer may engage Subprocessors to provide parts of the Services. The Data Importer will ensure Subprocessors only access and use the Data Exporter’s personal data to provide the Services and not for any other purpose.
Appendix 2
to the Standard Contractual Clauses
This Appendix forms part of the Clauses.
Description of the technical and organisational security measures implemented by the Data Importer in accordance with Clauses 4(c) and 5(c) (or document/legislation attached):
The Data Importer currently abides by the security standards in this Appendix 2. The Data Importer may update or modify these security standards from time to time provided such updates and modifications will not result in a degradation of the overall security of the Services during the term of the Services Agreement.
- 1.Data Center & Network Security.
·(a) Data Centers.
·Infrastructure. The Data Importer stores data in third-party-owned data centers that maintains geographically distributed data centers. The Data Importer stores all production data in physically secure data centers.
·Redundancy. Infrastructure systems have been designed to eliminate single points of failure and minimize the impact of anticipated environmental risks. Dual circuits, switches, networks or other necessary devices help provide this redundancy. The Services are designed to allow the Data Importer to perform certain types of preventative and corrective maintenance without interruption. All environmental equipment and facilities have documented preventative maintenance procedures that detail the process for and frequency of performance in accordance with the manufacturer’s or internal specifications. Preventative and corrective maintenance of the data center equipment is scheduled through a standard change process according to documented procedures.
·Power. The data center electrical power systems are designed to be redundant and maintainable without impact to continuous operations, 24 hours a day, and 7 days a week. In most cases, a primary as well as an alternate power source, each with equal capacity, is provided for critical infrastructure components in the data center. Backup power is provided by various mechanisms such as uninterruptible power supplies (UPS) batteries, which supply consistently reliable power protection during utility brownouts, blackouts, over voltage, under voltage, and out-of-tolerance frequency conditions. If utility power is interrupted, backup power is designed to provide transitory power to the data center, at full capacity, for up to 10 minutes until the diesel generator systems take over. The diesel generators are capable of automatically starting up within seconds to provide enough emergency electrical power to run the data center at full capacity typically for a period of days.
·Server Operating Systems. The Data Importer servers use a Linux based implementation customized for the application environment. Data is stored using proprietary algorithms to augment data security and redundancy.
·Businesses Continuity. The Data Importer stores data in third-party-owned data centers that replicate data over multiple systems to help to protect against accidental destruction or loss. The Data Importer has designed and regularly plans and tests its business continuity planning/disaster recovery programs.
·(b) Networks & Transmission.
·Data Transmission. Survey On Tablet stores data in third-party-owned data centers that are typically connected via high-speed private links to provide secure and fast data transfer between data centers. This is designed to prevent data from being read, copied, altered or removed without authorization during electronic transfer or transport or while being recorded onto data storage media. The Data Importer transfers data via Internet standard protocols.
·External Attack Surface. The Data Importer stores data in third-party-owned data centers that employ multiple layers of network devices and intrusion detection to protect its external attack surface.
·Intrusion Detection. Intrusion detection is intended to provide insight into ongoing attack activities and provide adequate information to respond to incidents. The Data Importer intrusion detection involves:
·1. Tightly controlling the size and make-up of the Data Importer’s attack surface through preventative measures;
·2. Employing intelligent detection controls at data entry points; and
·3. Employing technologies that automatically remedy certain dangerous situations.
·Incident Response. The Data Importer stores data in third-party-owned data centers that monitors a variety of communication channels for security incidents, and The Data Importer’s security personnel will react promptly to known incidents.
·Encryption Technologies. The Data Importer makes HTTPS encryption (also referred to as SSL or TLS connection) available.
- 2. Access and Site Controls.
·(a) Site Controls.
·On-site Data Center Security Operation. The Data Importer stores data in third-party-owned data centers that maintain an on-site security operation responsible for all physical data center security functions 24 hours a day, 7 days a week. The on-site security operation personnel monitor Closed Circuit TV (CCTV) cameras and all alarm systems.
·Data Center Access Procedures. The Data Importer stores data in third-party-owned data centers that maintain formal access procedures for allowing physical access to the data centers. The data centers are housed in facilities that require electronic card key access, with alarms that are linked to the on-site security operation. All entrants to the data center are required to identify themselves as well as show proof of identity to on-site security operations. Only authorized employees, contractors and visitors are allowed entry to the data centers.
·On-site Data Center Security Devices. The Data Importer stores data in third-party-owned data centers that employ an electronic card key and/or biometric access control system that is linked to a system alarm.
·(b) Access Control.
·Infrastructure Security Personnel. The Data Importer has, and maintains, a security policy for its personnel, and requires security training as part of the training package for its personnel. The Data Importer’s infrastructure security personnel are responsible for the ongoing monitoring of the Data Importer’s security infrastructure, the review of the Services, and responding to security incidents.
·Access Control and Privilege Management. The Data Exporter’s administrators must authenticate themselves via a central authentication system or via a single sign on system in order to administer the Services.
·Internal Data Access Processes and Policies – Access Policy. The Data Importer’s internal data access processes and policies are designed to prevent unauthorized persons and/or systems from gaining access to systems used to process personal data. The Data Importer designs its systems to: (i) only allow authorized persons to access data they are authorized to access; and (ii) ensure that personal data cannot be read, copied, altered or removed without authorization during processing, use and after recording. The systems are designed to detect any inappropriate access.The Data Importer employs a centralized access management system to control personnel access to production servers, and only provides access to a limited number of authorized personnel. LDAP, Kerberos and a proprietary system utilizing RSA keys are designed to provide the Data Importer with secure and flexible access mechanisms. These mechanisms are designed to grant only approved access rights to site hosts, logs, data and configuration information. The Data Importer requires the use of unique user IDs, strong passwords, two factor authentication and carefully monitored access lists to minimize the potential for unauthorized account use. The granting or modification of access rights is based on: the authorized personnel’s job responsibilities; job duty requirements necessary to perform authorized tasks; and a need to know basis. The granting or modification of access rights must also be in accordance with The Data Importer’s internal data access policies and training. Approvals are managed by workflow tools that maintain audit records of all changes. Access to systems is logged to create an audit trail for accountability. Where passwords are employed for authentication (e.g., login to workstations), password policies that follow at least industry standard practices are implemented. These standards include password expiry, restrictions on password reuse and sufficient password strength. For access to extremely sensitive information (e.g., credit card data), the Data Importer uses hardware tokens.
- 3. Data.
·(a) Data Storage, Isolation & Logging.
·The Data Importer stores data in a multi-tenant environment on third-party-owned servers. The data and file system architecture are replicated between multiple geographically dispersed data centers. The Data Importer also logically isolates the Data Exporter’s data, and the Data Exporter will be given control over specific data sharing policies. Those policies, in accordance with the functionality of the Services, will enable the Data Exporter to determine the product sharing settings applicable to end users for specific purposes. The Data Exporter may choose to make use of certain logging capability that the Data Importer may make available via the Services.
·(b) Decommissioned Disks and Disk Erase Policy.
·Certain disks containing data may experience performance issues, errors or hardware failure that lead them to be decommissioned (“Decommissioned Disk”). Every Decommissioned Disk is subject to a series of data destruction processes (the “Disk Erase Policy”) before leaving the Data Importer’s premises either for reuse or destruction. Decommissioned Disks are erased in a multi-step process and verified complete by at least two independent validators. The erase results are logged by the Decommissioned Disk’s serial number for tracking. Finally, the erased Decommissioned Disk is released to inventory for reuse and redeployment. If, due to hardware failure, the Decommissioned Disk cannot be erased, it is securely stored until it can be destroyed. Each facility is audited regularly to monitor compliance with the Disk Erase Policy.
- 4. Personnel Security.
·The Data Importer personnel are required to conduct themselves in a manner consistent with the company’s guidelines regarding confidentiality, business ethics, appropriate usage, and professional standards. The Data Importer conducts reasonably appropriate backgrounds checks to the extent legally permissible and in accordance with applicable local labor law and statutory regulations.
·Personnel are required to execute a confidentiality agreement and must acknowledge receipt of, and compliance with, the Data Importer’s confidentiality and privacy policies. Personnel are provided with security training. Personnel handling customer data are required to complete additional requirements appropriate to their role (eg., certifications). The Data Importer’s personnel will not process customer data without authorization.
- 5. Subprocessor Security.
·Prior to onboarding Subprocessors, the Data Importer conducts an audit of the security and privacy practices of Subprocessors to ensure Subprocessors provide a level of security and privacy appropriate to their access to data and the scope of the services they are engaged to provide. Once the Data Importer has assessed the risks presented by the Subprocessor, the Subprocessor is required to enter into appropriate security, confidentiality and privacy contract terms.
- 6. Data Privacy Office.
·The Data Privacy Office of the Data Importer can be contacted by the Data Exporter’s administrators at: http://www.surveyontablet.com/contact (or via such other means as may be provided by the Data Importer).
Version 1.1
[1] Mandatory requirements of the national legislation applicable to the data importer which do not go beyond what is necessary in a democratic society on the basis of one of the interests listed in Article 13(1) of Directive 95/46/EC, that is, if they constitute a necessary measure to safeguard national security, defence, public security, the prevention, investigation, detection and prosecution of criminal offences or of breaches of ethics for the regulated professions, an important economic or financial interest of the State or the protection of the data subject or the rights and freedoms of others, are not in contradiction with the standard contractual clauses. Some examples of such mandatory requirements which do not go beyond what is necessary in a democratic society are, inter alia, internationally recognised sanctions, tax-reporting requirements or anti-money-laundering reporting requirements.
Technical Support Services Guidelines
Technical Support Services Guidelines
The following technical support services guidelines ("Guidelines") apply to support services for Customers:
- Survey On Tablet License Agreement
- Survey On Tablet Review Analytics License Agreement
- Survey On Tablet Surveys License Agreement
- Survey On Tablet Marketing ToolsLicense Agreement
entered into by and between Survey On Tablet and Customer (as may be applicable, the "Agreement") if that support is committed under the Agreement. Capitalized terms not defined herein have the meaning set forth in the Agreement.
1. Support Request Submission
1.1 Customer Efforts to Fix Errors . Prior to making a request to Survey On Tablet, Customer will use reasonable efforts to fix any error, bug, malfunction or network connectivity defect without escalation to Survey On Tablet. Thereafter, a Customer Contact may submit a written request for technical support through the Survey On Tablet for Support Center.
1.2 Characterization of Requests . Customer designates priority upon submission of Requests. Upon receiving a request, Survey On Tablet will determine whether the request is a "Service Unusable," "Standard Request" or a "Feature Request." Any such determination made by Survey On Tablet is final and binding on Customer. Survey On Tablet reserves the right to change Customer’s priority designation if Survey On Tablet believes that Customer’s designation is incorrect and will inform Customer of any such change in its response to the support Request. Customer may appeal any such reclassification to Survey On Tablet's Support management for review through any available support channel.
1.3 Procedures for Acknowledgement and Resolution of Requests . When making a Request, Customer will provide all requested diagnostic information and assist Survey On Tablet Support Personnel as may be required to resolve a Request.
1.4 Request Acknowledgement . Survey On Tablet may respond to a Request by acknowledging receipt of the Request. Customer acknowledges and understands that Survey On Tablet may be unable to provide answers to, or resolve all, Requests.
1.5 Feature Requests . If Survey On Tablet deems a Request to be a Feature Request, Survey On Tablet will log such Request for consideration to add to a future update or release of the Services and will consider the matter closed. Survey On Tablet is under no obligation to respond to or resolve any Feature Request or to include any such Feature Request in any future update or release.
1.6 Building Applications . For clarity, Survey On Tablet will not have any obligation to write or build any Applications or write code to facilitate Applications.
1.7 Alpha and Beta . Although Survey On Tablet has no obligation to provide TSS for Alpha or Beta versions, features, or functionality of the Services, we will consider Requests at these development stages on a case-by-case basis.
2. Accessing Support
2.1 Designated Support Contacts . Customer will provide first-level support to Customer End Users. Survey On Tablet will provide second-level support to Customer only. If Customer wishes to change its Designated Contacts, it will notify Survey On Tablet via the Survey On Tablet for Support Center at least 5 Business Days prior to the change. If on the date these updated Guidelines were first posted Customer has more Designated Contacts than are set forth under the applicable Support level under Section 4 below, the current Contacts will continue to be allowed until the expiration of the current license term for the applicable Services under the Agreement.
2.2 Support Hours and Target Initial Response Times . Survey On Tablet will process Requests during the Hours of Operation, unless otherwise indicated in these Guidelines. Any Requests received outside of the Hours of Operation will be logged and processed during the next Business Day.
3. General Provisions
3.1 Maintenance . To ensure optimal performance of the Services, Survey On Tablet performs periodic Maintenance. In most cases, Maintenance will have limited or no negative impact on the availability and functionality of the Services. If Survey On Tablet expects planned Maintenance to negatively affect the availability or functionality of the Services, Survey On Tablet will use commercially reasonable efforts to provide at least 7 days advance notice of the Maintenance. In addition, Survey On Tablet may perform emergency unscheduled Maintenance at any time. If Survey On Tablet expects such emergency unscheduled Maintenance to negatively affect the availability or functionality of the Services, Survey On Tablet will use commercially reasonable efforts to provide advance notice of such Maintenance. Maintenance notices noted above will be provided via the Survey On Tablet for Support Center.
3.2 Language Support Generally . The parties agree that all support provided by Survey On Tablet pursuant to these Guidelines will be provided in the English language except as set forth in Section 3.3 below.
5. Definitions
5.1 "Business Day" means any day during the Hours of Operation.
5.2 "Business Hours" means 09:00 to 17:00 on Monday to Friday GMT except for regional holidays.
5.3 "Designated Contacts" means administrators or technical employees designated by Customer who are allowed to contact Survey On Tablet for technical support.
5.4 "Feature Request" means a Request by a Contact to incorporate a new feature or enhance an existing feature of the Services that is currently not available as part of the existing Services.
5.5 Survey On Tablet for Support Center is currently located at http://www.surveyontablet.com/profile/support (or such other URL that may be provided by Survey On Tablet).
5.6 "Survey On Tablet Support Personnel" mean the Survey On Tablet representatives responsible for handling technical support requests.
5.7 "Hours of Operation" means 17:00 on Sunday to 17:00 on Friday GMT, except for holidays in local time for each region documented in the Survey On Tablet for Support Center.
5.8 "Maintenance" means maintenance work that is performed on hardware or software delivering the Services.
5.9 "Request" means a request from a designated Contact to Survey On Tablet Support Personnel for technical support to resolve a question or problem report regarding the Services.
5.10 "Services" are defined in the Agreement.
5.11 "Service Unusable" is any situation where Customer, adhering to published technical guidelines for and documented correct usage of the Services, is unable to access or use the Services for the majority of its Customer End Users for a period of time greater than fifteen (15) minutes.
5.12 "Standard Request" means a Request made by Customer to Survey On Tablet that is not a Service Unusable Request or Feature Request.
5.13 "Priority" means the level of impact a Request is having on Customer’s operations and is used to establish initial target response times.
Data Processing Amendment to Survey On Tablet (effective 25 May 2018)
This Data Processing Amendment will take effect from 25 May 2018 (when the EU’s General Data Protection Regulation comes into force).
Data Processing Amendment to Survey On Tablet (effective 25 May 2018)
(Version 1.0)
The Customer agreeing to these terms (“Customer”) and Survey On Tablet LTD (“Survey On Tablet”) have entered into one or more Survey On Tablet Agreement(s) (as defined below) and/or Complementary Product Agreements(s) (as defined below) (each, as amended from time to time, an "Agreement").
This Data Processing Amendment to Survey On Tablet including its appendices (the “Data Processing Amendment”) will, as from the Amendment Effective Date (as defined below), be effective and replace any previously applicable data processing amendment or any terms previously applicable to privacy, data processing and/or data security.
- 1. Introduction.
- This Data Processing Amendment reflects the parties’ agreement with respect to the terms governing the processing and security of Customer Data under the applicable Agreement.
- 2. Definitions.
- 2.1. Capitalized terms used but not defined in this Data Processing Amendment have the meanings given elsewhere in the applicable Agreement. In this Data Processing Amendment, unless stated otherwise:
- “Additional Products” means products, services and applications that are not part of the Services but that may be accessible, via the Admin Console or otherwise, for use with the Services.
- “Additional Security Controls” means security resources, features, functionality and/or controls that Customer may use at its option and/or as it determines. “Additional Security Controls” may include the Admin Console and other features and functionality of the Services such as two factor authentication, security key enforcement and monitoring capabilities.
- “Advertising” means online advertisements displayed by Survey On Tablet to End Users, excluding any advertisements Customer expressly chooses to have Survey On Tablet or any of its Affiliates display in connection with the Services under a separate agreement (for example, Google AdSense advertisements implemented by Customer on a website created by Customer using any Survey On Tablet functionality within the Services).
- “Affiliate” means any entity controlling, controlled by, or under common control with a party, where “control” is defined as: (a) the ownership of at least fifty percent (50%) of the equity or beneficial interests of the entity; (b) the right to vote for or appoint a majority of the board of directors or other governing body of the entity; or (c) the power to exercise a controlling influence over the management or policies of the entity.
- “Agreed Liability Cap” means the maximum monetary or payment-based amount at which a party’s liability is capped under the applicable Agreement, either per annual period or event giving rise to liability, as applicable.
- “Alternative Transfer Solution” means a solution, other than the Model Contract Clauses, that enables the lawful transfer of personal data to a third country in accordance with Article 45 or 46 of the GDPR (for example, the EU-U.S. Privacy Shield).
- "Amendment Effective Date” means, as applicable:
- (a) 25 May 2018, if Customer clicked to accept or the parties otherwise agreed to this Data Processing Amendment in respect of the applicable Agreement prior to or on such date; or
- (b) the date on which Customer clicked to accept or the parties otherwise agreed to this Data Processing Amendment in respect of the applicable Agreement, if such date is after 25 May 2018.
- “Audited Services” means the Services (as defined below), unless the Survey On Tablet Services Summary indicates otherwise.
- “Services for Survey On Tablet” means the Services for Survey On Tablet, as described in the Survey On Tablet Services Summary and irrespective of the Survey On Tablet edition comprising such services.
- “Customer Data” means data submitted, stored, sent or received via the Services by Customer, its Affiliates or End Users.
- “Customer Personal Data” means personal data contained within the Customer Data.
- “Data Incident” means a breach of Survey On Tablet’s security leading to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to, Customer Data on systems managed by or otherwise controlled by Survey On Tablet. “Data Incidents” will not include unsuccessful attempts or activities that do not compromise the security of Customer Data, including unsuccessful log-in attempts, pings, port scans, denial of service attacks, and other network attacks on firewalls or networked systems.
- “Domain” means the primary domain and any secondary domains managed by Customer within the Admin Console.
- “EEA” means the European Economic Area.
- “European Data Protection Legislation” means, as applicable: (a) the GDPR; and/or (b) the Federal Data Protection Act of 19 June 1992 (Switzerland).
- “Full Activation Date” means: (a) if this Data Processing Amendment is incorporated into the applicable Agreement by reference, the Amendment Effective Date; or (b) if the parties otherwise agreed to this Data Processing Amendment, the eighth day after the Amendment Effective Date.
- “GDPR” means Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC.
- “Survey On Tablet’s Third Party Auditor” means a Survey On Tablet-appointed, qualified and independent third party auditor, whose then-current identity Survey On Tablet will disclose to Customer.
- “Survey On Tablet Agreement” means: one or more order form(s) specifying that Survey On Tablet will provide Services under a Master Agreement, combined with any other agreement under which Survey On Tablet agrees to provide the Services for Survey On Tablet to Customer.
- “Survey On Tablet Services Summary” means the then-current description of the Services for Survey On Tablet (as may be updated by Survey On Tablet from time to time in accordance with the Survey On Tablet Agreement).
- “ISO 27001 Certification” means ISO/IEC 27001:2013 certification or a comparable certification, as related to the Audited Services.
- “ISO 27017 Certification” means ISO/IEC 27017:2015 certification or a comparable certification, as related to the Audited Services.
- “ISO 27018 Certification” means ISO/IEC 27018:2014 certification or a comparable certification, as related to the Audited Services.
- “Model Contract Clauses” or “MCCs” means the standard data protection clauses for the transfer of personal data to processors established in third countries which do not ensure an adequate level of data protection, as described in Article 46 of the GDPR.
- “Non-European Data Protection Legislation” means data protection or privacy legislation other than the European Data Protection Legislation.
- “Notification Email Address” means the email address(es) designated by Customer in the Admin Console or the Order Form to receive certain notifications from Survey On Tablet.
- “Security Documentation” means all documents and information made available by Survey On Tablet under Section 7.5.1 (Reviews of Security Documentation).
- “Security Measures” has the meaning given in Section 7.1.1 (Survey On Tablet’s Security Measures).
- “Services” means the following services, as applicable: (a) the Services for Survey On Tablet.
- “SOC 2 Report” means a confidential Service Organization Control (SOC) 2 Report (or a comparable report) on Survey On Tablet subprocessors’ systems examining logical security controls, physical security controls, and system availability, as produced by Survey On Tablet subprocessors’ Third Party Auditor in relation to the Audited Services.
- “SOC 3 Report” means a Service Organization Control (SOC) 3 Report (or a comparable report), as produced by Survey On Tablet’s Third Party Auditor in relation to the Audited Services.
- “Subprocessors” means third parties authorized under this Data Processing Amendment to have logical access to and process Customer Data in order to provide parts of the Services and related technical support.
- “Term” means the period from the Amendment Effective Date until the end of Survey On Tablet’s provision of the Services under the applicable Agreement, including, if applicable, any period during which provision of the Services may be suspended and any post-termination period during which Survey On Tablet may continue providing the Services for transitional purposes.
- 2.2. The terms “personal data”, “data subject”, “processing”, “controller”, “processor” and “supervisory authority” as used in this Data Processing Amendment have the meanings given in the GDPR, and the terms “data importer” and “data exporter” have the meanings given in the Model Contract Clauses, in each case irrespective of whether the European Data Protection Legislation or Non-European Data Protection Legislation applies.
- 3. Duration of Data Processing Amendment. This Data Processing Amendment will take effect on the Amendment Effective Date and, notwithstanding expiry of the Term, remain in effect until, and automatically expire upon, deletion of all Customer Data by Survey On Tablet as described in this Data Processing Amendment.
- 4. Scope of Data Protection Legislation.
- 4.1 Application of European Legislation. The parties acknowledge and agree that the European Data Protection Legislation will apply to the processing of Customer Personal Data if, for example:
- (a) the processing is carried out in the context of the activities of an establishment of Customer in the territory of the EEA; and/or
- (b) the Customer Personal Data is personal data relating to data subjects who are in the EEA and the processing relates to the offering to them of goods or services in the EEA or the monitoring of their behaviour in the EEA.
- 4.2 Application of Non-European Legislation. The parties acknowledge and agree that Non-European Data Protection Legislation may also apply to the processing of Customer Personal Data.
- 4.3 Application of Data Processing Amendment. Except to the extent this Data Processing Amendment states otherwise, the terms of this Data Processing Amendment will apply irrespective of whether the European Data Protection Legislation or Non-European Data Protection Legislation applies to the processing of Customer Personal Data.
- 5. Processing of Data.
- 5.1 Roles and Regulatory Compliance; Authorization.
- 5.1.1. Processor and Controller Responsibilities. If the European Data Protection Legislation applies to the processing of Customer Personal Data, the parties acknowledge and agree that:
- (a) the subject matter and details of the processing are described in Appendix 1;
- (b) Survey On Tablet is a processor of that Customer Personal Data under the European Data Protection Legislation;
- (c) Customer is a controller or processor, as applicable, of that Customer Personal Data under the European Data Protection Legislation; and
- (d) each party will comply with the obligations applicable to it under the European Data Protection Legislation with respect to the processing of that Customer Personal Data.
- 5.1.2. Authorization by Third Party Controller. If the European Data Protection Legislation applies to the processing of Customer Personal Data and Customer is a processor, Customer warrants to Survey On Tablet that Customer’s instructions and actions with respect to that Customer Personal Data, including its appointment of Survey On Tablet as another processor, have been authorized by the relevant controller.
- 5.1.3. Responsibilities under Non-European Legislation. If Non-European Data Protection Legislation applies to either party’s processing of Customer Personal Data, the parties acknowledge and agree that the relevant party will comply with any obligations applicable to it under that legislation with respect to the processing of that Customer Personal Data.
- 5.2 Scope of Processing.
- 5.2.1 Customer’s Instructions. By entering into this Data Processing Amendment, Customer instructs Survey On Tablet to process Customer Personal Data only in accordance with applicable law: (a) to provide the Services and related technical support; (b) as further specified via Customer’s use of the Services (including the Admin Console and other functionality of the Services) and related technical support; (c) as documented in the form of the applicable Agreement, including this Data Processing Amendment; and (d) as further documented in any other written instructions given by Customer and acknowledged by Survey On Tablet as constituting instructions for purposes of this Data Processing Amendment.
- 5.2.2 Survey On Tablet’s Compliance with Instructions. As from the Full Activation Date, Survey On Tablet will comply with the instructions described in Section 5.2.1 (Customer’s Instructions) (including with regard to data transfers) unless EU or EU Member State law to which Survey On Tablet is subject requires other processing of Customer Personal Data by Survey On Tablet, in which case Survey On Tablet will inform Customer (unless that law prohibits Survey On Tablet from doing so on important grounds of public interest) via the Notification Email Address. For clarity, Survey On Tablet will not process Customer Personal Data for Advertising purposes or serve Advertising in the Services.
- 5.3. Additional Products. If Survey On Tablet at its option makes any Additional Products available to Customer in accordance with the Additional Product Terms (if applicable), and if Customer opts to install or use those Additional Products, the Services may allow those Additional Products to access Customer Personal Data as required for the interoperation of the Additional Products with the Services. For clarity, this Data Processing Amendment does not apply to the processing of personal data in connection with the provision of any Additional Products installed or used by Customer, including personal data transmitted to or from such Additional Products. Customer may use the functionality of the Services to enable or disable Additional Products, and is not required to use Additional Products in order to use the Services.
- 6. Data Deletion.
- 6.1. Deletion During Term. Survey On Tablet will enable Customer and/or End Users to delete Customer Data during the applicable Term in a manner consistent with the functionality of the Services. If Customer or an End User uses the Services to delete any Customer Data during the applicable Term and the Customer Data cannot be recovered by Customer or an End User (such as from the “trash"), this use will constitute an instruction to Survey On Tablet to delete the relevant Customer Data from Survey On Tablet’s systems in accordance with applicable law. Survey On Tablet will comply with this instruction as soon as reasonably practicable and within a maximum period of 180 days, unless EU or EU Member State law requires storage.
- 6.2. Deletion on Term Expiry. Subject to Section 6.3 (Deferred Deletion Instruction), on expiry of the applicable Term Customer instructs Survey On Tablet to delete all Customer Data (including existing copies) from Survey On Tablet’s systems in accordance with applicable law. Survey On Tablet will comply with this instruction as soon as reasonably practicable and within a maximum period of 180 days, unless EU or EU Member State law requires storage. Without prejudice to Section 9.1 (Access; Rectification; Restricted Processing; Portability), Customer acknowledges and agrees that Customer will be responsible for exporting, before the applicable Term expires, any Customer Data it wishes to retain afterwards.
- 6.3. Deferred Deletion Instruction. To the extent any Customer Data covered by the deletion instruction described in Section 6.2 (Deletion on Term Expiry) is also processed, when the applicable Term under Section 6.2 expires, in relation to an Agreement with a continuing Term, such deletion instruction will only take effect with respect to such Customer Data when the continuing Term expires. For clarity, this Data Processing Amendment will continue to apply to such Customer Data until its deletion by Survey On Tablet.
- 7. Data Security.
- 7.1. Survey On Tablet’s Security Measures, Controls and Assistance.
- 7.1.1. Survey On Tablet’s Security Measures. Survey On Tablet will implement and maintain technical and organizational measures to protect Customer Data against accidental or unlawful destruction, loss, alteration, unauthorized disclosure or access as described in Appendix 2 (the “Security Measures”). As described in Appendix 2, the Security Measures include measures to encrypt personal data; to help ensure ongoing confidentiality, integrity, availability and resilience of Survey On Tablet’s systems and services; to help restore timely access to personal data following an incident; and for regular testing of effectiveness. Survey On Tablet may update or modify the Security Measures from time to time provided that such updates and modifications do not result in the degradation of the overall security of the Services.
- 7.1.2. Security Compliance by Survey On Tablet Staff. Survey On Tablet will take appropriate steps to ensure compliance with the Security Measures by its employees, contractors and Subprocessors to the extent applicable to their scope of performance, including ensuring that all persons authorized to process Customer Personal Data have committed themselves to confidentiality or are under an appropriate statutory obligation of confidentiality.
- 7.1.3. Additional Security Controls. In addition to the Security Measures, Survey On Tablet will make the Additional Security Controls available to: (a) allow Customer to take steps to secure Customer Data; and (b) provide Customer with information about securing, accessing and using Customer Data.
- 7.1.4. Survey On Tablet’s Security Assistance. Customer agrees that Survey On Tablet will (taking into account the nature of the processing of Customer Personal Data and the information available to Survey On Tablet) assist Customer in ensuring compliance with any of Customer’s obligations in respect of security of personal data and personal data breaches, including if applicable Customer’s obligations pursuant to Articles 32 to 34 (inclusive) of the GDPR, by:
- (a) implementing and maintaining the Security Measures in accordance with Section 7.1.1 (Survey On Tablet’s Security Measures);
- (b) making the Additional Security Controls available to Customer in accordance with Section 7.1.3 (Additional Security Controls);
- (c) complying with the terms of Section 7.2 (Data Incidents); and
- (d) providing Customer with the Security Documentation in accordance with Section 7.5.1 (Reviews of Security Documentation) and the information contained in the applicable Agreement including this Data Processing Amendment.
- 7.2. Data Incidents.
- 7.2.1. Incident Notification. If Survey On Tablet becomes aware of a Data Incident, Survey On Tablet will: (a) notify Customer of the Data Incident promptly and without undue delay; and (b) promptly take reasonable steps to minimize harm and secure Customer Data.
- 7.2.2. Details of Data Incident. Notifications made pursuant to this section will describe, to the extent possible, details of the Data Incident, including steps taken to mitigate the potential risks and steps Survey On Tablet recommends Customer take to address the Data Incident.
- 7.2.3. Delivery of Notification. Notification(s) of any Data Incident(s) will be delivered to the Notification Email Address or, at Survey On Tablet’s discretion, by direct communication (for example, by phone call or an in-person meeting). Customer is solely responsible for ensuring that the Notification Email Address is current and valid.
- 7.2.4. No Assessment of Customer Data by Survey On Tablet. Survey On Tablet will not assess the contents of Customer Data in order to identify information subject to any specific legal requirements. Customer is solely responsible for complying with incident notification laws applicable to Customer and fulfilling any third party notification obligations related to any Data Incident(s).
- 7.2.5. No Acknowledgment of Fault by Survey On Tablet. Survey On Tablet’s notification of or response to a Data Incident under this Section 7.2 (Data Incidents) will not be construed as an acknowledgement by Survey On Tablet of any fault or liability with respect to the Data Incident.
- 7.3. Customer’s Security Responsibilities and Assessment.
- 7.3.1. Customer’s Security Responsibilities. Customer agrees that, without prejudice to Survey On Tablet’s obligations under Section 7.1 (Survey On Tablet’s Security Measures, Controls and Assistance) and Section 7.2 (Data Incidents):
- (a) Customer is solely responsible for its use of the Services, including:
- (i) making appropriate use of the Services and the Additional Security Controls to ensure a level of security appropriate to the risk in respect of the Customer Data;
- (ii) securing the account authentication credentials, systems and devices Customer uses to access the Services; and
- (iii) backing up its Customer Data; and
- (b) Survey On Tablet has no obligation to protect Customer Data that Customer elects to store or transfer outside of Survey On Tablet’s and its Subprocessors’ systems (for example, offline or on-premise storage), or to protect Customer Data by implementing or maintaining Additional Security Controls except to the extent Customer has opted to use them.
- 7.3.2. Customer’s Security Assessment.
- (a) Customer is solely responsible for reviewing the Security Documentation and evaluating for itself whether the Services, the Security Measures, the Additional Security Controls and Survey On Tablet’s commitments under this Section 7 (Data Security) will meet Customer’s needs, including with respect to any security obligations of Customer under the European Data Protection Legislation and/or Non-European Data Protection Legislation, as applicable.
- (b) Customer acknowledges and agrees that (taking into account the state of the art, the costs of implementation and the nature, scope, context and purposes of the processing of Customer Personal Data as well as the risks to individuals) the Security Measures implemented and maintained by Survey On Tablet as set out in Section 7.1.1 (Survey On Tablet’s Security Measures) provide a level of security appropriate to the risk in respect of the Customer Data.
- 7.4. Security Certifications and Reports. Survey On Tablet will do the following to evaluate and help ensure the continued effectiveness of the Security Measures:
- (a) using subprocessors which maintain ISO 27001 Certification, ISO 27017 Certification and ISO 27018 Certification; and
- (b) using subprocessors which update SOC 2 Report and SOC 3 Report at least once every 18 months.
- 7.5. Reviews and Audits of Compliance.
- 7.5.1. Reviews of Security Documentation. In addition to the information contained in the applicable Agreement including this Data Processing Amendment, Survey On Tablet will make available for review by Customer the following documents and information to demonstrate compliance by Survey On Tablet with its obligations under this Data Processing Amendment:
- (a) the Survey On Tablet’s and/or subprocessors’ certificates issued in relation to the ISO 27001 Certification, the ISO 27017 Certification and the ISO 27018 Certification;
- (b) the Survey On Tablet’s and/or subprocessors’ then-current SOC 3 Report; and
- (c) the Survey On Tablet’s and/or subprocessors’ then-current SOC 2 Report, following a request by Customer in accordance with Section 7.5.3(a).
- 7.5.2. Customer’s Audit Rights.
- (a) If the European Data Protection Legislation applies to the processing of Customer Personal Data, Survey On Tablet will allow Customer or an independent auditor appointed by Customer to conduct audits (including inspections) to verify Survey On Tablet’s compliance with its obligations under this Data Processing Amendment in accordance with Section 7.5.3 (Additional Business Terms for Reviews and Audits). Survey On Tablet will contribute to such audits as described in Section 7.4 (Security Certifications and Reports) and this Section 7.5 (Reviews and Audits of Compliance).
- (b) If Customer has entered into Model Contract Clauses as described in Section 10.2 (Transfers of Data Out of the EEA), Survey On Tablet will, without prejudice to any audit rights of a supervisory authority under such Model Contract Clauses, allow Customer or an independent auditor appointed by Customer to conduct audits as described in the Model Contract Clauses in accordance with Section 7.5.3 (Additional Business Terms for Reviews and Audits).
- (c) Customer may also conduct an audit to verify Survey On Tablet’s compliance with its obligations under this Data Processing Amendment by reviewing the Security Documentation (which reflects the outcome of audits conducted by Survey On Tablet’s Third Party Auditor).
- 7.5.3. Additional Business Terms for Reviews and Audits.
- (a) Customer must send any requests for reviews of the SOC 2 Report under Section 7.5.1(c) or audits under Section 7.5.2(a) or 7.5.2(b) to Survey On Tablet’s Data Protection Team as described in Section 12 (Data Protection Team; Processing Records).
- (b) Following receipt by Survey On Tablet of a request under Section 7.5.3(a), Survey On Tablet and Customer will discuss and agree in advance on: (i) the reasonable date(s) of and security and confidentiality controls applicable to any review of the SOC 2 Report under Section 7.5.1(c); and (ii) the reasonable start date, scope and duration of and security and confidentiality controls applicable to any audit under Section 7.5.2(a) or 7.5.2(b).
- (c) Survey On Tablet may charge a fee (based on Survey On Tablet’s reasonable costs) for any review of the SOC 2 Report under Section 7.5.1(c) and/or audit under Section 7.5.2(a) or 7.5.2(b). Survey On Tablet will provide Customer with further details of any applicable fee, and the basis of its calculation, in advance of any such review or audit. Customer will be responsible for any fees charged by any auditor appointed by Customer to execute any such audit.
- (d) Survey On Tablet may object in writing to an auditor appointed by Customer to conduct any audit under Section 7.5.2(a) or 7.5.2(b) if the auditor is, in Survey On Tablet’s reasonable opinion, not suitably qualified or independent, a competitor of Survey On Tablet, or otherwise manifestly unsuitable. Any such objection by Survey On Tablet will require Customer to appoint another auditor or conduct the audit itself.
- 7.5.4. No Modification of MCCs. Nothing in this Section 7.5 (Reviews and Audits of Compliance) varies or modifies any rights or obligations of Customer or Survey On Tablet LLC under any Model Contract Clauses entered into as described in Section 10.2 (Transfers of Data Out of the EEA).
- 8. Impact Assessments and Consultations. Customer agrees that Survey On Tablet will (taking into account the nature of the processing and the information available to Survey On Tablet) assist Customer in ensuring compliance with any obligations of Customer in respect of data protection impact assessments and prior consultation, including if applicable Customer’s obligations pursuant to Articles 35 and 36 of the GDPR, by:
- (a) providing the Additional Security Controls in accordance with Section 7.1.3 (Additional Security Controls) and the Security Documentation in accordance with Section 7.5.1 (Reviews of Security Documentation); and
- (b) providing the information contained in the applicable Agreement including this Data Processing Amendment.
- 9. Data Subject Rights; Data Export.
- 9.1. Access; Rectification; Restricted Processing; Portability. During the applicable Term, Survey On Tablet will, in a manner consistent with the functionality of the Services, enable Customer to access, rectify and restrict processing of Customer Data, including via the deletion functionality provided by Survey On Tablet as described in Section 6.1 (Deletion During Term), and to export Customer Data.
- 9.2. Data Subject Requests.
- 9.2.1. Customer’s Responsibility for Requests. During the applicable Term, if Survey On Tablet receives any request from a data subject in relation to Customer Personal Data, Survey On Tablet will advise the data subject to submit his/her request to Customer, and Customer will be responsible for responding to any such request including, where necessary, by using the functionality of the Services.
- 9.2.2. Survey On Tablet’s Data Subject Request Assistance. Customer agrees that (taking into account the nature of the processing of Customer Personal Data) Survey On Tablet will assist Customer in fulfilling any obligation to respond to requests by data subjects, including if applicable Customer’s obligation to respond to requests for exercising the data subject’s rights laid down in Chapter III of the GDPR, by:
- (a) providing the Additional Security Controls in accordance with Section 7.1.3 (Additional Security Controls); and
- (b) complying with the commitments set out in Section 9.1 (Access; Rectification; Restricted Processing; Portability) and Section 9.2.1 (Customer’s Responsibility for Requests).
- 10. Data Transfers.
- 10.1. Data Storage and Processing Facilities. Customer agrees that Survey On Tablet may, subject to Section 10.2 (Transfers of Data Out of the EEA), store and process Customer Data in the United States and any other country in which Survey On Tablet or any of its Subprocessors maintains facilities.
- 10.2. Transfers of Data Out of the EEA.
- 10.2.1. Survey On Tablet’s Transfer Obligations. If the storage and/or processing of Customer Personal Data (as set out in Section 10.1 (Data Storage and Processing Facilities)) involves transfers of Customer Personal Data out of the EEA and the European Data Protection Legislation applies to the transfers of such data (“Transferred Personal Data”), Survey On Tablet will:
- (a) if requested to do so by Customer, ensure that Survey On Tablet LLC as the data importer of the Transferred Personal Data enters into Model Contract Clauses with Customer as the data exporter of such data, and that the transfers are made in accordance with such Model Contract Clauses; and/or
- (b) offer an Alternative Transfer Solution, ensure that the transfers are made in accordance with such Alternative Transfer Solution, and make information available to Customer about such Alternative Transfer Solution.
- 10.2.2 Customer’s Transfer Obligations. In respect of Transferred Personal Data, Customer agrees that:
- (a) if under the European Data Protection Legislation Survey On Tablet reasonably requires Customer to enter into Model Contract Clauses in respect of such transfers, Customer will do so; and
- (b) if under the European Data Protection Legislation Survey On Tablet reasonably requires Customer to use an Alternative Transfer Solution offered by Survey On Tablet, and reasonably requests that Customer take any action (which may include execution of documents) strictly required to give full effect to such solution, Customer will do so.
- 10.3. Data Center Information. Information about the locations of Survey On Tablet data centers is available upon request to support@surveyontablet.com (as may be updated by Survey On Tablet from time to time).
- 10.4 Disclosure of Confidential Information Containing Personal Data. If Customer has entered into Model Contract Clauses as described in Section 10.2 (Transfers of Data Out of the EEA), Survey On Tablet will, notwithstanding any term to the contrary in the applicable Agreement, ensure that any disclosure of Customer's Confidential Information containing personal data, and any notifications relating to any such disclosures, will be made in accordance with such Model Contract Clauses.
- 11. Subprocessors.
- 11.1. Consent to Subprocessor Engagement. Customer specifically authorizes the engagement of Survey On Tablet’s Affiliates as Subprocessors. In addition, Customer generally authorizes the engagement of any other third parties as Subprocessors (“Third Party Subprocessors”). If Customer has entered into Model Contract Clauses as described in Section 10.2 (Transfers of Data Out of the EEA), the above authorizations will constitute Customer’s prior written consent to the subcontracting by Survey On Tablet LLC of the processing of Customer Data if such consent is required under the Model Contract Clauses.
- 11.2. Information about Subprocessors. Information about Subprocessors, including their functions and locations, is available upon request to support@surveyontablet.com (as may be updated by Survey On Tablet from time to time in accordance with this Data Processing Amendment).
- 11.3. Requirements for Subprocessor Engagement. When engaging any Subprocessor, Survey On Tablet will:
- (a) ensure via a written contract that:
- (i) the Subprocessor only accesses and uses Customer Data to the extent required to perform the obligations subcontracted to it, and does so in accordance with the applicable Agreement (including this Data Processing Amendment) and any Model Contract Clauses entered into or Alternative Transfer Solution adopted by Survey On Tablet as described in Section 10.2 (Transfers of Data Out of the EEA); and
- (ii) if the GDPR applies to the processing of Customer Personal Data, the data protection obligations set out in Article 28(3) of the GDPR, as described in this Data Processing Amendment, are imposed on the Subprocessor; and
- (b) remain fully liable for all obligations subcontracted to, and all acts and omissions of, the Subprocessor.
- 11.4. Opportunity to Object to Subprocessor Changes.
- (a) When any new Third Party Subprocessor is engaged during the applicable Term, Survey On Tablet will, at least 30 days before the new Third Party Subprocessor processes any Customer Data, inform Customer of the engagement (including the name and location of the relevant subprocessor and the activities it will perform) either by sending an email to the Notification Email Address or via the Admin Console.
- (b) Customer may object to any new Third Party Subprocessor by terminating the applicable Agreement immediately upon written notice to Survey On Tablet, on condition that Customer provides such notice within 90 days of being informed of the engagement of the subprocessor as described in Section 11.4(a). This termination right is Customer’s sole and exclusive remedy if Customer objects to any new Third Party Subprocessor.
- 12. Cloud Data Protection Team; Processing Records.
- 12.1. Survey On Tablet’s Cloud Data Protection Team. Survey On Tablet’s Cloud Data Protection Team can be contacted by Customer’s Administrators at support@surveyontablet.com (while Administrators are signed in to their Admin Account) and/or by Customer by providing a notice to Survey On Tablet as described in the applicable Agreement.
- 12.2. Survey On Tablet’s Processing Records. Customer acknowledges that Survey On Tablet is required under the GDPR to: (a) collect and maintain records of certain information, including the name and contact details of each processor and/or controller on behalf of which Survey On Tablet is acting and, where applicable, of such processor’s or controller's local representative and data protection officer; and (b) make such information available to the supervisory authorities. Accordingly, if the GDPR applies to the processing of Customer Personal Data, Customer will, where requested, provide such information to Survey On Tablet via the Admin Console or other means provided by Survey On Tablet, and will use the Admin Console or such other means to ensure that all information provided is kept accurate and up-to-date.
- 13. Liability.
- 13.1. Liability Cap. If Model Contract Clauses have been entered into as described in Section 10.2 (Transfers of Data Out of the EEA), the total combined liability of either party and its Affiliates towards the other party and its Affiliates under or in connection with the applicable Agreement and such Model Contract Clauses combined will be limited to the Agreed Liability Cap for the relevant party, subject to Section 13.2 (Liability Cap Exclusions).
- 13.2. Liability Cap Exclusions. Nothing in Section 13.1 (Liability Cap) will affect the remaining terms of the applicable Agreement relating to liability (including any specific exclusions from any limitation of liability).
- 14. Third Party Beneficiary. Notwithstanding anything to the contrary in the applicable Agreement, where Survey On Tablet is not a party to such Agreement, Survey On Tablet will be a third party beneficiary of Section 7.5 (Reviews and Audits of Compliance), Section 11.1 (Consent to Subprocessor Engagement) and Section 13 (Liability) of this Data Processing Amendment.
- 15. Effect of Amendment. To the extent of any conflict or inconsistency between the terms of this Data Processing Amendment and the remainder of the applicable Agreement, the terms of this Data Processing Amendment will govern. Subject to the amendments in this Data Processing Amendment, such Agreement remains in full force and effect. For clarity, if Customer has entered more than one Agreement, this Data Processing Amendment will amend each of the Agreements separately.
Appendix 1: Subject Matter and Details of the Data Processing
Subject Matter
Survey On Tablet’s provision of the Services and related technical support to Customer.
Duration of the Processing
The applicable Term plus the period from expiry of such Term until deletion of all Customer Data by Survey On Tablet in accordance with the Data Processing Amendment.
Nature and Purpose of the Processing
Survey On Tablet will process Customer Personal Data submitted, stored, sent or received by Customer, its Affiliates or End Users via the Services for the purposes of providing the Services and related technical support to Customer in accordance with the Data Processing Amendment.
Categories of Data
Personal data submitted, stored, sent or received by Customer, its Affiliates or End Users via the Services may include the following categories of data: user IDs, email, documents, presentations, images, calendar entries, tasks and other data.
Data Subjects
Personal data submitted, stored, sent or received via the Services may concern the following categories of data subjects: End Users including Customer’s employees and contractors; the personnel of Customer’s customers, suppliers and subcontractors; and any other person who transmits data via the Services, including individuals collaborating and communicating with End Users.
Appendix 2: Security Measures
As from the Amendment Effective Date, Survey On Tablet will implement and maintain the Security Measures set out in this Appendix 2 to the Data Processing Amendment. Survey On Tablet may update or modify such Security Measures from time to time provided that such updates and modifications do not result in the degradation of the overall security of the Services.
- 1. Data Center & Network Security.
- (a) Data Centers.
Infrastructure. Survey On Tablet maintains geographically distributed data centers. Survey On Tablet stores all production data in physically secure data centers.
Redundancy. Infrastructure systems have been designed to eliminate single points of failure and minimize the impact of anticipated environmental risks. Dual circuits, switches, networks or other necessary devices help provide this redundancy. The Services are designed to allow Survey On Tablet to perform certain types of preventative and corrective maintenance without interruption. All environmental equipment and facilities have documented preventative maintenance procedures that detail the process for and frequency of performance in accordance with the manufacturer’s or internal specifications. Preventative and corrective maintenance of the data center equipment is scheduled through a standard change process according to documented procedures.
Power. The data center electrical power systems are designed to be redundant and maintainable without impact to continuous operations, 24 hours a day, and 7 days a week. In most cases, a primary as well as an alternate power source, each with equal capacity, is provided for critical infrastructure components in the data center. Backup power is provided by various mechanisms such as uninterruptible power supplies (UPS) batteries, which supply consistently reliable power protection during utility brownouts, blackouts, over voltage, under voltage, and out-of-tolerance frequency conditions. If utility power is interrupted, backup power is designed to provide transitory power to the data center, at full capacity, for up to 10 minutes until the diesel generator systems take over. The diesel generators are capable of automatically starting up within seconds to provide enough emergency electrical power to run the data center at full capacity typically for a period of days.
Server Operating Systems. Survey On Tablet servers use a Linux based implementation customized for the application environment. Data is stored using proprietary algorithms to augment data security and redundancy. Survey On Tablet employs a code review process to increase the security of the code used to provide the Services and enhance the security products in production environments.
Businesses Continuity. Survey On Tablet replicates data over multiple systems to help to protect against accidental destruction or loss. Survey On Tablet has designed and regularly plans and tests its business continuity planning/disaster recovery programs.
· (b) Networks & Transmission.
· Data Transmission. Data centers are typically connected via high-speed private links to provide secure and fast data transfer between data centers. This is designed to prevent data from being read, copied, altered or removed without authorization during electronic transfer or transport or while being recorded onto data storage media. Survey On Tablet transfers data via Internet standard protocols.
· External Attack Surface. Survey On Tablet employs multiple layers of network devices and intrusion detection to protect its external attack surface. Survey On Tablet considers potential attack vectors and incorporates appropriate purpose built technologies into external facing systems.
· Intrusion Detection. Intrusion detection is intended to provide insight into ongoing attack activities and provide adequate information to respond to incidents. Survey On Tablet’s intrusion detection involves:
- 1. Tightly controlling the size and make-up of Survey On Tablet’s attack surface through preventative measures;
- 2. Employing intelligent detection controls at data entry points; and
- 3. Employing technologies that automatically remedy certain dangerous situations.
Incident Response. Survey On Tablet monitors a variety of communication channels for security incidents, and Survey On Tablet’s security personnel will react promptly to known incidents.
Encryption Technologies. Survey On Tablet makes HTTPS encryption (also referred to as SSL or TLS connection) available. Survey On Tablet servers support ephemeral elliptic curve Diffie-Hellman cryptographic key exchange signed with RSA and ECDSA. These perfect forward secrecy (PFS) methods help protect traffic and minimize the impact of a compromised key, or a cryptographic breakthrough.
- 2. Access and Site Controls.
- (a) Site Controls.
On-site Data Center Security Operation. Survey On Tablet’s data centers maintain an on-site security operation responsible for all physical data center security functions 24 hours a day, 7 days a week. The on-site security operation personnel monitor Closed Circuit TV (CCTV) cameras and all alarm systems. On-site Security operation personnel perform internal and external patrols of the data center regularly.
Data Center Access Procedures. Survey On Tablet maintains formal access procedures for allowing physical access to the data centers. The data centers are housed in facilities that require electronic card key access, with alarms that are linked to the on-site security operation. All entrants to the data center are required to identify themselves as well as show proof of identity to on-site security operations. Only authorized employees, contractors and visitors are allowed entry to the data centers. Only authorized employees and contractors are permitted to request electronic card key access to these facilities. Data center electronic card key access requests must be made through e-mail, and require the approval of the requestor’s manager and the data center director. All other entrants requiring temporary data center access must: (i) obtain approval in advance from the data center managers for the specific data center and internal areas they wish to visit; (ii) sign in at on-site security operations; and (iii) reference an approved data center access record identifying the individual as approved.
On-site Data Center Security Devices. Survey On Tablet’s data centers employ an electronic card key and biometric access control system that is linked to a system alarm. The access control system monitors and records each individual’s electronic card key and when they access perimeter doors, shipping and receiving, and other critical areas. Unauthorized activity and failed access attempts are logged by the access control system and investigated, as appropriate. Authorized access throughout the business operations and data centers is restricted based on zones and the individual’s job responsibilities. The fire doors at the data centers are alarmed. CCTV cameras are in operation both inside and outside the data centers. The positioning of the cameras has been designed to cover strategic areas including, among others, the perimeter, doors to the data center building, and shipping/receiving. On-site security operations personnel manage the CCTV monitoring, recording and control equipment. Secure cables throughout the data centers connect the CCTV equipment. Cameras record on site via digital video recorders 24 hours a day, 7 days a week. The surveillance records are retained for up to 30 days based on activity.
- (b) Access Control.
Infrastructure Security Personnel. Survey On Tablet has, and maintains, a security policy for its personnel, and requires security training as part of the training package for its personnel. Survey On Tablet’s infrastructure security personnel are responsible for the ongoing monitoring of Survey On Tablet’s security infrastructure, the review of the Services, and responding to security incidents.
Access Control and Privilege Management. Customer’s Administrators and End Users must authenticate themselves via a central authentication system or via a single sign on system in order to use the Services. Each application checks credentials in order to allow the display of data to an authorized End User or authorized Administrator.
Internal Data Access Processes and Policies – Access Policy. Survey On Tablet’s internal data access processes and policies are designed to prevent unauthorized persons and/or systems from gaining access to systems used to process personal data. Survey On Tablet aims to design its systems to: (i) only allow authorized persons to access data they are authorized to access; and (ii) ensure that personal data cannot be read, copied, altered or removed without authorization during processing, use and after recording. The systems are designed to detect any inappropriate access. Survey On Tablet employs a centralized access management system to control personnel access to production servers, and only provides access to a limited number of authorized personnel. LDAP, Kerberos and a proprietary system utilizing SSH certificates are designed to provide Survey On Tablet with secure and flexible access mechanisms. These mechanisms are designed to grant only approved access rights to site hosts, logs, data and configuration information. Survey On Tablet requires the use of unique user IDs, strong passwords, two factor authentication and carefully monitored access lists to minimize the potential for unauthorized account use. The granting or modification of access rights is based on: the authorized personnel’s job responsibilities; job duty requirements necessary to perform authorized tasks; and a need to know basis. The granting or modification of access rights must also be in accordance with Survey On Tablet’s internal data access policies and training. Approvals are managed by workflow tools that maintain audit records of all changes. Access to systems is logged to create an audit trail for accountability. Where passwords are employed for authentication (e.g., login to workstations), password policies that follow at least industry standard practices are implemented. These standards include password expiry, restrictions on password reuse and sufficient password strength. For access to extremely sensitive information (e.g., credit card data), Survey On Tablet uses hardware tokens.
- 3. Data.
- (a) Data Storage, Isolation & Authentication.
Survey On Tablet stores data in a multi-tenant environment on Survey On Tablet-owned servers. Data, the Services database and file system architecture are replicated between multiple geographically dispersed data centers. Survey On Tablet logically isolates data on a per End User basis at the application layer. Survey On Tablet logically isolates each Customer’s data, and logically separates each End User’s data from the data of other End Users, and data for an authenticated End User will not be displayed to another End User (unless the former End User or an Administrator allows the data to be shared). A central authentication system is used across all Services to increase uniform security of data.
Customer will be given control over specific data sharing policies. Those policies, in accordance with the functionality of the Services, will enable Customer to determine the product sharing settings applicable to End Users for specific purposes. Customer may choose to make use of certain logging capability that Survey On Tablet may make available via the Services, products and APIs. Customer agrees that its use of the APIs is subject to the API Terms of Use. Survey On Tablet agrees that changes to the APIs will not result in the degradation of the overall security of the Services.
- (b) Decommissioned Disks and Disk Erase Policy.
Certain disks containing data may experience performance issues, errors or hardware failure that lead them to be decommissioned (“Decommissioned Disk”). Every Decommissioned Disk is subject to a series of data destruction processes (the “Disk Erase Policy”) before leaving Survey On Tablet’s premises either for reuse or destruction. Decommissioned Disks are erased in a multi-step process and verified complete by at least two independent validators. The erase results are logged by the Decommissioned Disk’s serial number for tracking. Finally, the erased Decommissioned Disk is released to inventory for reuse and redeployment. If, due to hardware failure, the Decommissioned Disk cannot be erased, it is securely stored until it can be destroyed. Each facility is audited regularly to monitor compliance with the Disk Erase Policy.
- 4. Personnel Security.
Survey On Tablet personnel are required to conduct themselves in a manner consistent with the company’s guidelines regarding confidentiality, business ethics, appropriate usage, and professional standards. Survey On Tablet conducts reasonably appropriate backgrounds checks to the extent legally permissible and in accordance with applicable local labor law and statutory regulations.
Personnel are required to execute a confidentiality agreement and must acknowledge receipt of, and compliance with, Survey On Tablet’s confidentiality and privacy policies. Personnel are provided with security training. Personnel handling Customer Data are required to complete additional requirements appropriate to their role (eg., certifications). Survey On Tablet’s personnel will not process Customer Data without authorization.
- 5. Subprocessor Security.
Before onboarding Subprocessors, Survey On Tablet conducts an audit of the security and privacy practices of Subprocessors to ensure Subprocessors provide a level of security and privacy appropriate to their access to data and the scope of the services they are engaged to provide. Once Survey On Tablet has assessed the risks presented by the Subprocessor, then subject always to the requirements set out in Section 11.3 (Requirements for Subprocessor Engagement) of this Data Processing Amendment, the Subprocessor is required to enter into appropriate security, confidentiality and privacy contract terms.