Effective Date: October 9, 2024
Terms of Service
These Terms of Service (the “TOS”) set forth the general legal terms governing the relationship between the Inbenta entity that is providing the relevant Service, and Customer as each entity is identified in the related document executed by the Parties setting forth the Services being purchased by Customer (“Order Form”). The full “Agreement” between the Parties will be composed of these TOS, the relevant Order Form, and any addenda or amendments agreed to between Inbenta and Customer for the specific purchase, and will be in full force and effect at all times Services are provided to Customer. Unless clearly stated otherwise in a relevant Order Form, the order of precedence for the parts of the Agreement will be (i) the Order Form; (ii) these TOS; (iii) the addenda or amendment, unless the amendment is signed later and states that it is intended to amend the Agreement. Inbenta and Customer are each a “Party,” or collectively “Parties” hereunder.
Each Party warrants that its respective signatories whose signatures appear on any Order Form are on the date of signature duly authorized to bind the Party to the Agreement.
1. Scope of Services. During the Term (defined in Sec. 11.1, below), and subject to the terms and conditions of the Agreement, Inbenta will deliver to Customer the Services for the Customer to use in accordance with the terms and conditions set forth in the Agreement. “Services” means Inbenta’s proprietary technology and software solutions offered in hosted form (“Platform Services”) and related professional services provided by Inbenta as agreed to by the Parties in an Order Form (“Professional Services”). Inbenta may, in its sole discretion, permit use of these TOS by an Affiliate of Customer to purchase Services, but in each such case, an Affiliate will be required to execute a separate Order Form with Inbenta that references these TOS. An “Affiliate” of a Party is any entity that directly or indirectly controls, is controlled by, or is under common control with the Party. “Control” for purposes of this definition, means direct or indirect ownership or control of more than 50% of the voting interests of the Party.
2. Fees and Payment. As consideration for the provision of the Services, Customer will pay to Inbenta the fees in accordance with the payment terms set forth herein and in the Order Form. In the event of a conflict between these payment terms and those set forth in the Order Form, the payment terms of the Order Form will control.
2.1. Payment of Fees. . Customer will pay all undisputed fees due under each invoice within thirty (30) days of the invoice date. If any invoiced fee is disputed, Customer must notify Inbenta of the disputed amount before the due date for payment of the invoice, and timely pay all undisputed amounts in the invoice. Customer will cooperate with Inbenta in its investigation of the disputed amount, including by providing a detailed explanation of the dispute and any supporting documentation requested by Inbenta. Upon completion of its investigation, Inbenta will either credit incorrect amounts on Customer’s account, or provide supporting documentation for the amounts invoiced. Customer will pay amounts found to be correctly invoiced within 30 days of being provided the supporting documentation. All Services are non-cancelable and the related fees are non-refundable when paid.
2.2. Late Charges. Inbenta reserves the right to charge, and Customer agrees to pay, a late charge equal to one and one-half percent (1.5%) per month, or the maximum amount allowed by law, whichever is lower, on any amount that is not the subject of a good faith dispute that is unpaid on the due date, and on any other outstanding balance.
2.3. Taxes. Fees identified in the Agreement do not include any applicable sales, use, VAT, and other taxes. Customer will be responsible for payment of all taxes, fees, duties and charges, and any related penalties and interest, arising from the payment of any fees hereunder (other than taxes based on Inbenta’s
gross income, for which Inbenta will be solely responsible). Customer will make all payments of fees to Inbenta free and clear of, and without reduction for, any taxes, including withholding taxes. Where Inbenta has included a tax in an invoice, such inclusion is for the convenience of the Customer and Inbenta will forward the payment to the taxing authority promptly. Customer must claim any exemption for applicable taxes at the time of execution of the Order Form and provide all necessary exemption certifications and documentation to Inbenta.
3. Access and Use
3.1. Access. During the Term of the relevant Order Form, and subject to the terms and conditions of the Agreement, including limitations or restrictions set forth in the related Order Form, Inbenta hereby grants to Customer the right to access and use the Platform Services as provided by Inbenta from Inbenta’s hosted network for Customer’s own internal business purposes (which may include allowing access to the Platform Services by Customer’s customers and prospective customers (“Users”) to facilitate interactions with such individuals). For the avoidance of doubt, nothing in the Agreement is intended to grant Customer any right, title, or interest in or to any intellectual property, nor any Intellectual Property Rights in, nor access to, any code (including in object code, source code, or any other format), databases, or other underlying components of the Services. “Intellectual Property Rights” means any right or interest in and to any current or future patent, copyright, trademark, trade secret, or service mark including moral rights, know-how, mask works, and any other work that may be the subject matter of intellectual property or industrial property rights protection of any state, country or jurisdiction, whether registrable or not.
3.2. Obligations. Customer shall:
3.2.1. Identify the Administrator Users that Customer wants to grant access and use of the Services at the initial set-up stage. Thereafter, Customer is responsible for establishing individual user accounts and account login credentials for each of Customer’s subsequent Administrator Users. Customer may only make its or its Affiliates’ employees, consultants, contractors, or agents Administrator Users. An “Administrator User” is an individual, other than a User, who Customer has named to access and use the Services on Customer’s behalf under the rights granted to Customer pursuant to the Agreement.
3.2.2. Require Administrator Users to (i) maintain the confidentiality of their account login credentials and (ii) not share their account login credentials with any other individual.
3.2.3. Be responsible for its Administrator Users and any noncompliance, with the terms of the Agreement and any and all applicable laws of any and all applicable jurisdictions.
3.2.4. Remain responsible for all use of the Services through Customer’s account, including any fees associated, regardless of whether such use or user was specifically authorized by Customer.
3.2.5. At all times use the Services in compliance with Inbenta’s Acceptable Use Policy, available at https://www.inbenta.com/compliance/acceptable-use-policy/, which is incorporated into these terms by this reference.
3.3. Integrated Services. Customer acknowledges that the Services operate on, are integrated with, or are provided using application programming interfaces (“API”) and other services. Inbenta’s provision of any Service is subject to all limitations identified as applicable to the Service (ex: API limitations or session length limitations), including at the Developer Portal: https://developers.inbenta.io/general/rate-limits/current-rate-limits, and Customer will comply with all such limitations. Where an API or other service integration is provided by companies that are not affiliated with Inbenta, Customer acknowledges that Customer may be required to install certain software applications and agree to additional terms and conditions set forth by the companies providing the integrated services in order to access the Services. Where Customer engages with its own integrator, Customer will require such integrator to implement the appropriate endpoints to track Usage Data (defined in Section 4.3, below) correctly. NOTWITHSTANDING ANY APPROVAL OF A THIRD-PARTY SERVICE IMPLEMENTATION, CUSTOMER UNDERSTANDS THAT INBENTA DOES NOT WARRANT OR GUARANTEE THESE THIRD-PARTY SERVICES NOR THAT THE THIRD-PARTY SERVICE WILL PROPERLY INTERACT WITH THE SERVICES.
4. Proprietary Rights.
4.1. Content License. “Customer Data” is any data or process that is provided by or made available, whether directly, indirectly, or through the Services, by Customer for Inbenta to access and use in the performance of the Services. Customer Data includes data that details a specific User’s use of the Services (“Report Data”), when applicable. As between the Parties, all title to and interest in Customer Data and associated Intellectual Property Rights are the exclusive property of Customer. Customer hereby grants to Inbenta, during the term of the relevant Order Form, a limited, worldwide, non-exclusive, non-transferable (except as provided in Section 13.3) license under all Intellectual Property Rights therein and thereto, to use, store, modify, and copy all Customer Data as necessary to provide the Services to Customer. Inbenta may use Report Data to report use of the Services to Customer and otherwise to improve the Services.
4.2. Services. As between the Parties, all title to and interest in the Services and associated Intellectual Property Rights are the exclusive property of Inbenta.
Except for the access and use rights expressly granted in the Agreement, no other rights are granted by Inbenta to Customer and all other rights are expressly reserved by Inbenta.
4.3. Improvements. All title to and rights in any extensions, enhancements, derivative works (as defined in 17 U.S.C. §101), improvements, or further developments to the Services created or developed in connection with performance under the Agreement, whether conceived or developed alone by either Party or jointly by the Parties, together with all associated Intellectual Property Rights (all of the foregoing, “Improvements”), will be the sole property of Inbenta. For the avoidance of doubt, and without limiting the foregoing, Improvements include any of the foregoing resulting from feedback, suggestions, or recommendations provided by Customer. Customer shall irrevocably assign, and does hereby irrevocably assign, and, if applicable, shall cause its Administrator Users to assign, to Inbenta all right, title, and interest it may have in such Improvements.
4.4. Usage Data. “Usage Data” is any performance data, statistics, and other d
ata related to the use of the Services
, and any information derived from the implementation of or use of the Services, or from inputs into the Services such as any synonyms, jargon, or other natural language processing feedback learned by the Services. Usage Data will be in a generic, anonymized, or aggregated manner that does not identify any entity or any individual. All title to and interest in Usage Data and associated Intellectual Property Rights are the exclusive property of Inbenta and, as applicable, its licensors. Customer acknowledges that Inbenta may use and reproduce Usage Data for any purposes. Inbenta will implement reasonable technical safeguards that prevent reversal of such Usage Data and implement reasonable business processes to prevent inadvertent release of Confidential Information. Usage Data will not include any information which is protected as “personal data”, “personal information”, “personally identifiable information” or similarly defined terms under any privacy law applicable to the provision of the Services (“Personal Data”).
4.5. Further Assurances. Customer agrees to cooperate with Inbenta in executing and delivering such documents and other papers in a timely manner as are necessary to carry out Inbenta’s obligations and permit its filing and prosecution of any applications for patents, copyrights or other Intellectual Property Rights. Customer shall cause its employees and agents to sign, execute, and acknowledge any and all documents and to perform such acts as may be reasonably requested by Inbenta for the purposes of perfecting the foregoing assignments and ownership rights, and enforcing and defending Intellectual Property Rights as set forth herein. Customer further agrees that its obligation to sign, execute, and acknowledge, or cause to be signed, executed, and acknowledged, when it is in its power to do so, any such documents will survive following the termination of the Agreement. Inbenta hereby agrees to reimburse Customer in reasonable, out-of-pocket expenses incurred by Customer as a result of its compliance with this Section.
4.6. Publicity/Use of Marks. Inbenta may use Customer’s name and logo on its web sites, and issue a press release or other communication, to announce Customer as a customer of Inbenta.
4.7. Use of Artificial Intelligence. Customer acknowledges that Inbenta may use artificial intelligence, machine learning, or data analytics (i.e. technologies that assist in or simulate human decision-making) for purposes including but not limited to risk assessment, statistical, trend analysis, and planning; and to make decisions, provide, and operate the Services. Without altering Customer’s ownership of its Customer Data, as stated in Section 4.1, above, Customer agrees that any information learned from Inbenta’s use of artificial intelligence, machine learning, or analytics performed on Customer Data is and remains the exclusive property of Inbenta under all applicable Intellectual Property Rights.
4.7.1. Generative AI Services. Where Customer purchases generative artificial intelligence (“GAI”) Services, Customer must have at least one existing large language model (“LLM”) to use to train the GAI, and will provide Inbenta with the API keys to such LLM to facilitate the integration. Customer acknowledges that during the provision of the GAI Services, Customer is directing Inbenta to share data with Customer’s LLM provider(s) and that if required under applicable law, Customer may have an obligation to notify its Users of the use of generative artificial intelligence tools, and that it is sharing data with Inbenta and the LLM provider(s). Customer is solely responsible for making all such required disclosures.
4.7.2. GAI Services Disclaimer. Due to the probabilistic nature of artificial intelligence and machine learning, Inbenta cannot and does not guarantee that any GAI generated responses will be 100% accurate. Customer acknowledges that GAI uses experimental technology and may sometimes provide inaccurate content, and that Customer should use discretion before relying on content provided by the GAI-powered Services. It is Customer’s responsibility to review all the source links provided along with any response generated by the GAI-powered Services, and advise Users to do the same. Notwithstanding any other language in the Agreement, Inbenta will not be liable in any way for any damages resulting from the purchase or use of the GAI-powered Services, including but not limited to any lack of availability, delays, or errors caused or related to Customer’s LLM provider(s). Inbenta will implement reasonable technical and organizational measures to keep Customer’s LLM’s API keys secure, but cannot guarantee the security of such keys from theft or authorized access or other misuse. Upon Customer’s written request, Inbenta will rotate Customer’s LLM’s API keys within five (5) business days of such request.
5. Confidentiality.
5.1. “Confidential Information” ” means information not generally known or available to the public, disclosed by or on behalf of the Discloser to the Recipient, or permitted by Discloser to be accessed by Recipient, whether directly, indirectly, or through the Services, during the Term, regardless of whether such information is labeled or otherwise identified as being confidential. Confidential Information will not include data or information which (i) was in the public domain at the time it was disclosed or falls within the public domain, except through the fault of Recipient; (ii) was known to Recipient at the time of disclosure without an obligation of confidentiality, as evidenced by Recipient’s written records; (iii) was disclosed after written approval of Discloser; or (iv) is independently developed by the Recipient without reference or access to any of the Confidential Information. The term “Discloser” refers to the Party disclosing Confidential Information, and the term “Recipient” refers to the Party receiving Confidential Information.
5.2. Each Party retains all right, title, and interest in Confidential Information that it, as the Discloser, provides to the other Party hereto. Neither Party will (i) disclose to any third party any Confidential Information of the other, except as necessary to provide the Services, or (ii) use such other Party’s Confidential Information for any purpose not specified in the Agreement. Each Party agrees to notify the other promptly of any unauthorized disclosure of such other Party’s Confidential Information and to assist it in remedying any such unauthorized disclosure or use. Recipient agrees that all persons having access to the Confidential Information of the other Party under the Agreement will be bound by confidentiality obligations at least as protective as those set forth in these TOS.
5.3. Neither Party will disclose to the other Party hereto any information which is confidential or proprietary to a third party without first obtaining the written consent of such third party.
5.4. If Confidential Information of the Discloser is required to be disclosed by the Recipient pursuant to applicable law, regulation, judicial order or other legal process, the Recipient may disclose such Confidential Information as legally required provided; however, that to the extent the Recipient is permitted to do so under applicable law, Recipient shall: (i) first provide the Discloser advance prompt written notice and an opportunity to seek confidential treatment thereof or obtain a protective order therefore, and (ii) cooperate with the Discloser to protect the Discloser’s Confidential Information at Discloser’s expense.
5.5. Upon termination of the relevant Order Form, each Party shall ensure the prompt return to the other Party or destruction of all Confidential Information of the other Party. Notwithstanding the foregoing, the Recipient will not be obligated to return or destroy Confidential Information contained in an archived computer system backup made in accordance with the Recipient’s security or disaster recovery procedures, provided that the archived copy will be erased or destroyed in the ordinary course and will remain until erased or destroyed fully subject to the obligations of confidentiality in this Agreement.
5.6. Each Party acknowledges that disclosure of the other Party’s Confidential Information by it, or breach of the provisions contained herein may give rise to irreparable injury to the other Party and such breach or disclosure may be inadequately compensable in money damages. Accordingly, each Party may seek injunctive relief against the breach or threatened breach of the foregoing undertakings. Such remedy will not be deemed to be the exclusive remedy for any such breach but will be in addition to all other remedies available at law or equity.
5.7. Customer will not disclose the contents of any Order Form without the prior written consent of the Inbenta, unless (i) such disclosure is required by law or governmental regulation
or (ii) such disclosure is made to a potential acquirer, attorney, accountant, or parent organization subject to a nondisclosure or confidentiality agreement with terms at least as restrictive as the terms contained in this Article 5.
6. Compliance with Laws and Regulations; Data Security.
6.1. General. During the term of the Agreement, each Party hereto shall comply with all federal, state, and local laws and regulations including those pertaining to data protection, privacy, and security laws, as applicable to such Party in its performance under the Agreement.
6.2. Data Security. Each Party shall maintain an industry-standard, written information security program containing physical, administrative, and technical safeguards appropriate to the size, complexity, and nature of the Party’s activities, that are designed to (i) to ensure the security and confidentiality of the Services; (ii) to protect against any anticipated threats or hazards to the security or integrity of Personal Data; and (iii) to protect against unauthorized access to or use of such information which could result in substantial harm or inconvenience to any consumer. Each Party acknowledges that the maintenance of such an information security program does not guarantee the security of information from theft or authorized access or other misuse. Customer is responsible for any security vulnerabilities and the consequences of such vulnerabilities arising from Customer’s networks, from any materials Customer provides, or from any use of the Services in a manner that is inconsistent with the terms of the Agreement.
6.3. Personal Data. The processing of Personal Data under the Agreement for those Services that processes such data is governed by Inbenta’s Data Processing Addendum, attached hereto as Exhibit A (“DPA”). Unless otherwise agreed by the Parties for specific purposes, Customer shall make their best efforts to avoid provision of any Personal Data when using the Services in interactions between or amongst Customer, Administrator Users, and Users.
7. Representations, Warranties, and Grants.
7.1. Corporation in Good Standing. Each Party represents and warrants that it is and will remain a corporation duly incorporated, validly existing and in good standing under the laws of its jurisdiction of incorporation.
7.2. Content and Consent. Customer represents and warrants to Inbenta that Customer has provided notifications to, obtained consents from, and otherwise has all rights necessary (and will continue to ensure the foregoing) to transmit, upload, permit access to, or otherwise provide any and all Customer Data.
7.3. No Third-Party Approval. Each Party represents and warrants to the other Party that its execution and performance of the Agreement throughout its duration does not and will not require consent from any third party and will not (i) violate (with the lapse of time or giving of notice or both) rights granted to any third party, or (ii) violate or otherwise interfere with the provisions of any agreement to which the Party is bound, or (iii) preclude the Party from complying with the provisions hereof, or (iv) violate any applicable law or regulation or judicial order.
7.4. Credential Sharing. To the extent Customer shares or otherwise permits Inbenta or the Services to make use of any credentials to obtain any Customer Data, Customer represents and warrants that such sharing of credentials will not violate the rights of, or any contractual obligations with, any third party.
8. DISCLAIMER OF REPRESENTATIONS AND WARRANTIES. ALL SERVICES ARE PROVIDED “AS IS” AND “WITH ALL FAULTS”. EXCEPT AS EXPRESSLY PROVIDED FOR IN THIS AGREEMENT, INBENTA DOES NOT MAKE ANY REPRESENTATIONS OR WARRANTIES, AND INBENTA HEREBY DISCLAIMS ALL REPRESENTATIONS AND WARRANTIES, ORAL OR WRITTEN, WHETHER EXPRESS, IMPLIED, STATUTORY OR OTHERWISE, RELATING TO THE SERVICES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED WARRANTIES OF MERCHANTABILITY, FITNESS FOR ANY PARTICULAR PURPOSE, TITLE, NON-INFRINGEMENT, AND ALL WARRANTIES ARISING FROM COURSE OF PERFORMANCE, COURSE OF DEALING, OR USAGE IN TRADE. INBENTA DOES NOT MAKE ANY COMMITMENT THAT THE SERVICES WILL BE UNINTERRUPTED, ACCURATE OR ERROR FREE, NOR THAT ANY CONTENT WILL BE SECURE OR NOT LOST OR ALTERED.
9. LIMITATION OF LIABILITY.
9.1. NO CONSEQUENTIAL DAMAGES. TO THE MAXIMUM EXTENT PERMITTED BY LAW, NEITHER PARTY WILL BE LIABLE OR RESPONSIBLE TO THE OTHER PARTY FOR ANY TYPE OF INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, PUNITIVE, OR CONSEQUENTIAL DAMAGES ARISING OUT OF ANY BREACH OF CONTRACT, ANY LOSS OF USE, LOST DATA, LOST PROFITS, FAILURE OF SECURITY MECHANISMS, INTERRUPTION OF BUSINESS, OR OTHERWISE UNDER THE AGREEMENT (WHETHER IN CONTRACT, TORT (INCLUDING NEGLIGENCE, BREACH OF STATUTORY DUTY, STRICT LIABILITY), OR OTHERWISE) EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.
9.2. LIMITATION OF LIABILITY. TO THE MAXIMUM EXTENT PERMITTED BY LAW, EACH PARTY’S TOTAL CUMULATIVE LIABILITY ARISING UNDER THE AGREEMENT (WHETHER IN CONTRACT, TORT (INCLUDING NEGLIGENCE, BREACH OF STATUTORY DUTY, STRICT LIABILITY), OR OTHERWISE), INCLUSIVE OF ANY PENALTY, CREDIT DUE TO CUSTOMER, OR OTHER COMPENSATION, WILL NOT EXCEED THE AGGREGATE FEES PAID OR PAYABLE BY CUSTOMER TO INBENTA WITHIN THE TWELVE (12) MONTH PERIOD IMMEDIATELY PRECEDING THE EVENT GIVING RISE TO LIABILITY. Amounts to be paid under any indemnity are obligations and not liabilities, regardless of the label placed on the underlying indemnified claim.
10. Indemnification.
10.1. Customer Indemnification. Customer shall indemnify, defend, and hold harmless Inbenta and its respective officers, directors, employees, agents, advisers, and representatives from and against any and all losses, damages, liabilities, deficiencies, claims, actions, judgments, settlements, interest, awards, penalties, fines, costs, or expenses of whatever kind, including reasonable attorneys’ fees and the cost of enforcing any right to indemnification hereunder (collectively, “Losses”) arising out of or in connection with any third-party claim, suit, action, or proceeding (each a “Third-Party Claim”) relating to (i) Customer’s provision of or Inbenta’s use, storage or copy of any Customer Data provided by Customer under this Agreement, (ii) Customer’s use of the Services, or the use by anyone accessing the Services through Customer; or (iii) Customer’s breach of any of Inbenta’s Intellectual Property Rights.
10.2. Inbenta Indemnification. Inbenta shall indemnify, defend, and hold harmless the Customer from and against all Losses arising out of or in connection with any Third-Party Claim that any Services provided by Inbenta infringes a copyright or patent or misappropriates a trade secret. Notwithstanding the foregoing, Inbenta will not be obligated to indemnify, defend, or hold harmless Customer to the extent a claim of infringement is based on: (i) portions or components of the Services that were not created by Inbenta; (ii) Customer’s or its Administrator Users’ use or modification of the Services; (ii) Customer’s failure to use corrections, enhancements, or other updates made available to Customer at no additional cost; (iii) Customer’s use of the Services in combination with any service, product, software or hardware not expressly directed or authorized by Inbenta in writing to be used with the Services; or (iv) information, direction, specifications, or materials provided by Customer or any third party on Customer’s behalf. If any portion of the Services is, or in Inbenta’s opinion is likely to be, held to constitute an infringing item, Inbenta may at its sole option and expense either: (A) procure for Customer the right to continue using the relevant Services under the terms of the Agreement; (B) replace or modify the relevant Services with equivalent functionality so that it is non-infringing, or (C) to the extent that (A) and (B) are not commercially reasonable, terminate the Agreement and refund to Customer the fees paid for such item, prorated for the remaining time left in the current Term of the relevant Order Form. THE PROVISIONS OF THIS SECTION 10 CONSTITUTE THE INDEMNIFIED PARTY’S SOLE AND EXCLUSIVE REMEDIES AND INDEMNIFYING PARTY’S ENTIRE OBLIGATION TO THE INDEMNIFIED PARTY WITH RESPECT TO INFRINGEMENT AND MISAPPROPRIATION.
10.3. Indemnification Procedure. A Party seeking indemnity under Section 10, must promptly notify the indemnifying Party of the commencement of the Third-Party Claim. Failure to promptly notify the indemnifying Party will not relieve the indemnifying Party of any duty to indemnify, except to the extent they are prejudiced by the failure. Upon proper notification, the indemnifying Party will have the right to control the defense against any such Third-Party Claims, utilizing counsel chosen in the indemnifying Party’s sole discretion. The indemnified Party may participate in any such defense, at its own expense, by separate counsel of its choice. The indemnifying Party will obtain the prior written approval of the indemnified Party before ceasing to defend against any Third-Party Claim or entering into any settlement, adjustment, or compromise of the claim involving any terms other than payment of money. The indemnified Party will reasonably cooperate with the indemnifying Party in the provision of any such defense by providing to the indemnifying Party all information, assistance, and authority as may reasonably be requested by the indemnifying Party.
11. Term, Termination and Suspension.
11.1. Term. The term of these TOS will begin upon the Effective Date and continue for so long as any Order Form remains active (“Term”).
11.2. Termination and Suspension.
11.2.1. Termination for Material Breach. In the event of a material breach of any part of the Agreement by either Party hereto, the other Party may provide written notice to the breaching Party (the “Breach Notice”) specifying the nature of the breach. If such breach is not cured to the reasonable satisfaction of the non-defaulting Party within thirty (30) days after service of the Breach Notice, the nonbreaching Party may terminate any relevant Order Form affected by the breach immediately by providing written notice of termination to the breaching Party.
11.2.2. Suspension for Material Breach. Inbenta reserves the right to suspend Customer’s access to and use of the Services during any period when Customer is in material breach of the Agreement, or when Inbenta deems suspension necessary to protect data. Inbenta also reserves the right to suspend or terminate access to and use of the Services if access to or use of any necessary third-party services or products are suspended or terminated. Inbenta will not be liable to Customer nor any third party for such suspension. Customer acknowledges and agrees that the foregoing is reasonable for the protection of Inbenta’s Intellectual Property Rights.
11.2.3. Bankruptcy. Either Party may terminate this Agreement upon written notice to the other Party if the other Party (and Inbenta may immediately suspend access to the Services if Customer) (i) becomes insolvent; (ii) files, submits, initiates, agrees to or is subject to any bankruptcy petition, conservatorship, request or petition for appointment of a receiver, or demand or application for voluntary or involuntary dissolution or similar proceeding; or (iii) makes a general assignment for the benefit of its creditors.
11.3. Effects of Termination.
11.3.1. Access and Use Rights. The licenses and any other rights granted in Article 3 will immediately terminate for the relevant Order Form(s). Customer will immediately and permanently discontinue use of all relevant Services. Customer will ensure that it has retrieved all Customer Data saved to Customer’s knowledge base from the Services prior to the termination date.
11.3.2. Other Order Forms. Termination of Inbenta’s provision of Services under one Order Form will not affect provision of Services under any other Order Forms associated with the TOS.
11.4. Surviving Rights. The expiration or termination of the Agreement will not release or discharge either Party from any liabilities, obligations, debts, or liabilities set forth herein which (i) the Parties have expressly agreed herein will survive any such expiration or termination or (ii) previously accrued or remain to be performed or by their nature would be intended to be applicable following any such expiration or termination. The rights and obligations set forth in Article 2 (Fees and Payment), Article 4 (Proprietary Rights), Article 5 (Confidentiality), Article 6 (Compliance with Laws and Regulations; Data Security), Article 8 (Disclaimer of Representations and Warranties), Article 9 (Limitation of Liability), Article 10 (Indemnification), Section 11.3 (Effects of Termination), this Section 11.4 (Surviving Rights), and Article 13 (General) will survive termination or expiration of the Agreement for any reason. Termination or expiration of the Agreement will not be deemed a waiver of any claims arising from activities occurring prior to the effective date of termination or expiration.
12. Compliance.
12.1. Policies; Laws. Each Party will maintain written policies and procedures requiring its employees and contractors to comply with all applicable laws relating to bribery, corruption, anti-money-laundering, and other laws relating to ethical and sustainable business practices, and will comply with all applicable laws relating to use of the Services.
12.2. International Trade. Each Party will comply with all economic sanctions, export control laws, and other restrictive trade measures administered by the U.S. and other applicable governments. Each Party understands and acknowledges that it is solely responsible for its own compliance with such laws whenever applicable. Customer further understands and acknowledges that it will not directly or indirectly export, import, sell, disclose, or otherwise transfer any Services to any country or party subject to such restrictions, and that it is solely responsible for obtaining any license(s) to export, re-export, or import the Services that may be required.
13. General.
13.1. Entire Agreement; Modification; Headings. The Agreement, including all attachments hereto, forms the entire agreement between the Parties. All prior agreements, commitments, statements, and discussions are merged into and superseded by the Agreement. No waiver, alteration or modification of any of the provisions hereof will be binding unless made in writing and signed by the Parties. The headings contained in the Agreement are for convenience of reference only and will not be considered in construing the Agreement.
13.2. Severability. If any term or provision of the Agreement is invalid, illegal, or unenforceable in any jurisdiction, such invalidity, illegality, or unenforceability will not affect the enforceability of any other term or provision of the Agreement, or invalidate or render unenforceable such term or provision in any other jurisdiction. Upon a determination that any term or provision is invalid, illegal, or unenforceable, the Parties will negotiate in good faith to modify the Agreement to give effect the original intent of the Parties as closely as possible in order that the transactions contemplated hereby are consummated as originally contemplated to the greatest extent possible
13.3. Assignment. The Agreement will be binding upon and inure to the benefit of the Parties and their respective successors and assigns. Neither the Agreement nor any rights or obligations hereunder may be assigned or otherwise transferred by either Party without the prior written consent of the other Party (which consent will not be unreasonably withheld). Notwithstanding the forgoing, either Party may assign the Agreement and its rights and obligations hereunder to an Affiliate, or to another party (that is not a competitor of the other Party hereto) in connection with the transfer or sale of all or substantially all of the business of such Party, whether by merger, sale of stock, sale of assets, or otherwise, upon providing written notice thereof without needing the other Party’s consent. Any unauthorized attempted assignment will be null and void and of no force or effect.
13.4. WAIVER OF JURY TRIAL. CUSTOMER AND INBENTA ARE AGREEING TO IRREVOCABLY
GIVE UP ANY RIGHTS TO LITIGATE CLAIMS IN A COURT BEFORE A JURY.
13.5. Dispute Escalation. Dispute Escalation. Prior to filing a claim in any court or engaging in any arbitration or mediation with a third-party referee
13.6. , the Parties will first escalate any claim, dispute, or controversy arising between Customer and Inbenta under the Agreement or relating in any way to the delivery of Services, to senior management of each Party. The senior managers will have authority to resolve the dispute and will meet at such times and places as agreed to between them to discuss the issues and resolutions for not less than 30 days. If no resolution is agreed to during this time, the aggrieved Party may proceed with filing its claim with the courts.
13.7. The provisions of Section 13.5 will not be interpreted to restrict either Party’s rights under Section 5.6 or Section 11.2.
13.8. Governing Law. All matters arising out of or relating to the Agreement are governed by and construed in accordance with the internal laws of the State of Texas without giving effect to any choice or conflict of law provision or rule (whether of the State of Texas or any other jurisdiction) that would cause the application of the laws of any jurisdiction other than those of the State of Texas. The application of the United Nations Convention on Contracts for the International Sale of Goods to this Agreement is expressly excluded. Each Party consents to the exclusive jurisdiction of the federal and state courts of the State of Texas and venue in the courts in Allen, Texas to settle all disputes or claims arising out of or in connection with the Agreement.
13.9. No Waiver. No waiver by any Party of any of the provisions hereof will be effective unless explicitly set forth in writing and signed by the Party so waiving. Except as otherwise set forth in the Agreement, no failure to exercise, or delay in exercising, any right, remedy, power, or privilege arising from the Agreement will operate or be construed as a waiver thereof; nor will any single or partial exercise of any right, remedy, power, or privilege hereunder preclude any other or further exercise thereof or the exercise of any other right, remedy, power, or privilege.
13.10. Relationship of the Parties. The relationship between the Parties is that of independent contractors. Nothing contained in the Agreement will be construed as creating any agency, partnership, joint venture, or other form of joint enterprise, employment, or fiduciary relationship between the Parties, and neither Party has authority to contract for nor bind the other Party in any manner whatsoever.
13.11. No Third-Party Beneficiaries. . Except as set forth herein, the Agreement is for the sole benefit of the Parties hereto and their respective successors and permitted assigns and nothing herein, express or implied, is intended to or will confer upon any third party any legal or equitable right, benefit, or remedy of any nature whatsoever.
13.12. Force Majeure. Notwithstanding any provision contained herein to the contrary, neither Party will be deemed to be in default hereunder for failing to perform its obligations under the Agreement if such failure is the result of any (i) act, neglect or default of the other Party; or (ii) embargo, war, act of terror, riot, incendiary, fire, flood, earthquake, epidemic or pandemic, public health emergency or other calamity, act of God, or governmental act or the necessity of complying with any governmental order. If any event in subsection (ii), above, continues for a period in excess of thirty (30) days, either Party will have the right to terminate the Agreement by providing the other Party with a written notice of its desire to terminate the Agreement at least thirty (30) days prior to the effective date of any such termination.
13.13. Notices. All notices required under this Agreement will be sent to the addresses on the signature page of these TOS, and, if the notice relates to an Order Form, to any additional notice addresses listed in such Order Form, to the attention of the signatories, with a copy to the Legal Department of the Party. All notices under the Agreement will be deemed given: (i) when delivered by hand; (ii) 1 business day after being sent by commercial overnight courier with written verification of receipt; or (iii) 5 days after being sent by registered or certified mail, return receipt requested, postage prepaid. Either Party may from time to time change its address for notification purposes by giving the other Party written notice of the new address and the date upon which it will become effective. If no address is provided, then notice delivered to the Party’s headquarters to the attention of the Legal Department will be deemed effective.
———- End of Terms of Service ———-
EXHIBIT A:
INBENTA DATA PROCESSING ADDENDUM
This Global Data Processing Addendum (“DPA“) constitutes an integral part of all Agreements by and between Inbenta and Customer, as each Party is identified in the relevant agreement document(s) including each fully executed order or statement of work, or under any services agreement or similar agreement. This DPA reflects the Parties’ agreement with regard to the Processing of Personal Data in accordance with the requirements of Data Protection Laws.
This DPA is effective on the Effective Date of the TOS, and amends, supersedes and replaces any prior agreement relating to data processing or data protection the Parties have entered into. Capitalized terms used but not defined herein have the meaning provided in the TOS
1. DEFINITIONS
In this DPA, the following terms will have the meanings set out below and cognate terms will be construed accordingly for this exhibit only:
“Applicable Data Protection Laws” means all worldwide data protection, data security and privacy laws, rules, and regulations, applicable to the Personal Data Processed in the delivery of the Services.
“Controller” means the Party who, alone or jointly with others, determines the purposes and means of the Processing of Personal Data.
“Data Subject Rights” means all rights granted to Data Subjects under the Applicable Data Protection Laws.
“Customer Representative Data” means Personal Data concerning the Customer’s employees and other personnel Processed by Inbenta pursuant to or in connection with the Agreement.
“Data Subject” meansthe identifiable natural person whose Personal Data is being Processed.
“EEA” means the European Economic Area.
“Personal Data” means any of Customer’s information which is protected as “personal data”, “personal information” or “personally identifiable information” or similarly defined terms under Applicable Data Protection Laws.
“Processor” means the Party who Processes Personal Data on behalf of the Controller.
“Processing” or “Processes” means any operation or operations performed on Personal Data, whether or not by automated means, during the provision of Services.
“Restricted Transfer” means the transfer of Personal Data where (1) Customer originally held the Personal Data in, or imported the Personal Data from, the EEA, Switzerland, or the UK, or Customer is otherwise subject to the GDPR, FADP or UK GDPR in relation to such Personal Data, (2) the Personal Data will be received by Inbenta outside of the EEA, Switzerland, or the UK, as applicable, and (3) the transfer would be prohibited by Applicable Data Protection Law in the absence of Standard Contractual Clauses or another adequate transfer mechanism as approved by the relevant regulatory authority.
“Security Breach” means any unauthorized or unlawful access to, or acquisition, alteration, use, disclosure or destruction of Personal Data stored on Inbenta’s equipment or in Inbenta’s facilities resulting in loss, disclosure, or alteration of Personal Data.
“Services” means the services provided to Customer by Inbenta involving the processing of Personal Data on behalf of Customer, as identified in the Agreement.
“Special Category Data” means Personal Data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, genetic data, biometric data, data concerning health or data concerning a natural person’s sex life or sexual orientation.
“Subprocessor” means any third party (including any Inbenta Affiliates, but excluding an employee of Inbenta or any of its sub-contractors) engaged by or on behalf of Inbenta or any Inbenta Affiliate to Process Personal Data on behalf of Customer or Affiliates in connection with the Agreement.
“User” means any individuals who use the Services that Customer has purchased pursuant to the Agreement, including its customers and prospective customers.
“User Data” means all Personal Data of Users.
The terms, “Commission“, “Member State“, and “Supervisory Authority” will have the same meaning as in the Applicable Data Protection Laws, and their cognate terms will be construed accordingly. The word “include” will be construed to mean include without limitation, and cognate terms will be construed accordingly.
2. AUTHORITY
2.1. Roles of the Parties. The Parties acknowledge and agree that:
2.1.1. in relation to the Processing of Personal Data while providing the Services, Customer is the Controller and Inbenta is the Processor; and
2.1.2. in relation to the Processing of Customer Representative Data, Inbenta is an independent Controller and will independently determine the means and purposes of that Processing.
2.2. Controlling Agreement. This DPA supplements the Agreement and in the event of any conflict between the terms of this DPA and the terms of the Agreement, the terms of this DPA prevail.
3. PROCESSING OF CUSTOMER REPRESENTATIVE DATA
3.1. Compliance with laws. Inbenta will comply with all Applicable Data Protection Laws in the Processing of Customer Representative Data.
3.2. Purpose limitation. Without prejudice to the generality of the foregoing, Inbenta will not Process Customer Representative Data for any purpose other than the purposes for which it was collected, namely the identification of representatives of the Customer for the purposes of controlling access to its systems and the data they contain, fulfilling its contractual obligations to the Customer, maintain and improving its services and systems, and fulfilling any relevant regulatory obligations.
3.3. Details of Processing Activities.The subject matter, duration of the Processing, the nature and purpose of the Processing, the types of Customer Representative Data and categories of Data Subjects Processed under this DPA are further specified in Appendix 1 – Part A of this DPA.
4. PROCESSING OF USER DATA
4.1. Compliance with laws. Both parties will comply with all Applicable Data Protection Laws in the Processing of User Data.
4.2. Purpose limitation. Without prejudice to the generality of the foregoing, Inbenta will not Process User Data other than on the Customer’s documented instructions unless Processing is required by Applicable Data Protection Laws to which Inbenta is subject, in which case Inbenta will, to the extent permitted by Applicable Data Protection Laws, inform Customer of such legal requirement.
4.3. Customer’s instructions and obligations. Without prejudice to the generality of clause 4.1, Customer will provide any required notice to Users of the Processing. Customer warrants that its instructions to Inbenta for the Processing of User Data pursuant to this DPA comply with the Applicable Data Protection Laws. Customer instructs Inbenta to Process User Data as reasonably necessary for the provision of the Services and consistent with the Agreement; and represents that it is and will at all relevant times remain duly and effectively authorized to give the instruction set out herein.
4.4. Details of Processing Activities. The subject matter, duration of the Processing, the nature and purpose of the Processing, the types of User Data and categories of Data Subjects Processed under this DPA are further specified in Appendix 1 – Part B of this DPA
4.5. Excluded Personal Data. It is not in the Parties’ intention that the Services will be used to collect and otherwise process financial or payment information, or any Special Category Data, concerning Users. Customer acknowledges that Inbenta provides an obfuscation tool that can be enabled by Customer which will serve to mask Personal Data identified by the Customer once the information has been provided by the User through the Services. Customer will ensure that it takes all reasonable steps to prevent Users from providing financial or payment information, or any Special Category Data, concerning Users through use of the Services; and, to the extent such information is provided by a User, Customer will ensure it deletes such information immediately. Additionally, Customer will not include Personal Data of any kind in its knowledge content provided by Customer for the use of the Services, unless otherwise explicitly agreed to in writing by Inbenta with appropriate amendments made to this DPA to the extent necessary.
5. INBENTA’S OBLIGATIONS
5.1. Confidentiality. Inbenta will ensure that its personnel engaged in the Processing of Personal Data are informed of the confidential nature of the Personal Data, have received appropriate training on their responsibilities and have executed written confidentiality agreements. Inbenta will ensure that such confidentiality obligations survive the termination of the personnel engagement. Inbenta will ensure that access to Personal Data is limited to those personnel performing Services in accordance with the Agreement on a need-to-know basis.
5.2. Data Subject Requests. Inbenta will, to the extent legally permitted, promptly notify Customer if Inbenta receives a request from a Data Subject to exercise a Data Subject Request relating to User Data. Inbenta will assist the Customer by implementing reasonable technical and organizational measures, insofar as this is possible, to fulfil Customer’s obligation to respond to requests for exercising Data Subject Rights. To the extent Customer, in its use of the Services, does not have the ability to address a Data Subject Request, Inbenta will upon Customer’s written request provide commercially reasonable assistance to Customer in responding to such Data Subject Request, to the extent Inbenta is legally permitted to do so and the response to such Data Subject Request is required under Applicable Data Protection Laws. To the extent legally permitted, Customer will be responsible for any costs arising from Inbenta’s provision of such assistance.
5.3. Supervisory Authority Requests. Inbenta will assist Customer in addressing any communications and abiding by any advice or orders from the Supervisory Authority relating to User Data within the timeframe specified by the Supervisory Authority, to the extent required under Applicable Data Protection Laws.
5.4. Disclosure to Third Parties. Inbenta will not disclose User Data to third parties except as permitted by this DPA or the Agreement, unless Inbenta is legally required to disclose User Data, in which case Inbenta will, to the extent legally permitted, notify Customer in writing and liaise with Customer before complying with such disclosure request.
5.5. Data Protection Impact Assessment. Upon Customer’s request, Inbenta will provide Customer with reasonable cooperation and assistance needed to fulfil Customer’s obligation under Applicable Data Protection Laws to carry out a data protection impact assessment related to Customer’s use of the Services, to the extent Customer does not otherwise have access to the relevant information, and to the extent such information is available to Inbenta.
5.6. Retention. Inbenta will retain User Data in accordance with its data retention policy as otherwise required by Customer for Processing, or as required under the applicable law. At the termination of this DPA, or upon Customer’s written request, Inbenta will either delete or return User Data to Customer, unless legal obligations require storage of User Data.
5.7. Security. Inbenta will maintain appropriate administrative, physical, and technical safeguards intended for protection of the security, confidentiality, and integrity of User Data, as such measures are set out in Appendix 2 of this DPA. Inbenta monitors compliance with these safeguards. In assessing the appropriate level of security, Inbenta will take account in particular of the risks that are presented by Processing, in particular from a Security Breach.
6. THIRD PARTY CERTIFICATION AND AUDITS
6.1. Certifications. Upon Customer’s written request at reasonable intervals, but in any event no more than annually, and subject to the confidentiality obligations set forth in the Agreement, Inbenta will make available to Customer (or Customer’s independent, third-party auditor that is not a competitor of Inbenta) a copy of Inbenta’s then most recent third-party audits or certifications, as applicable.
6.2. Audits. Customer may contact Inbenta to request an audit of Inbenta’s procedures relevant to the protection of Personal Data, but only to the extent required under Applicable Data Protection Laws, and at Customer’s sole expense. Such audit will be conducted by an independent third party reasonably acceptable to Inbenta. Before the commencement of any such on-site audit, Customer and Inbenta will mutually agree upon the scope, timing, and duration of the audit, in addition to the reimbursement rate for which Customer will be responsible. Such audits will not occur more than annually, unless requested by a Supervisory Authority. The results of the inspection and all information reviewed during such inspection will be deemed Inbenta’s confidential information and will be protected by the auditor in accordance with the confidentiality obligations set forth in the Agreement. Notwithstanding any other terms, the auditor may only disclose to Customer specific violations of the DPA, if any, and the basis for such findings, and will not disclose any of the records or information reviewed during the inspection to Customer.
7. SUB-PROCESSING
7.1. General Consent.. Customer acknowledges and agrees that (a) Inbenta’s Affiliates may be retained as Subprocessors; and (b) Inbenta and Inbenta’s Affiliates respectively may engage third-party Subprocessors in connection with the provision of the Services subject to the conditions noted in this section. As a condition of engaging Subprocessors, Inbenta or the Inbenta Affiliate will enter into a written agreement with each Subprocessor containing data protection obligations, including security measures, not less protective than those in this DPA with respect to the protection of User Data to the extent applicable to the nature of the services provided by such Subprocessor.
7.2. Consent to Subprocessor Engagement. Customer acknowledges and agrees that Inbenta may engage Subprocessors to Process Personal Data. A current list of Inbenta’s Subprocessors is provided at the following URL: https://www.inbenta.com/compliance/security-and- privacy/#Privacyandprotectionofpersonallyidentifiableinformation.
Without prejudice to Section 7.3, Customer generally authorizes the engagement as Subprocessor of any other third parties.
7.3. Notification of New Subprocessors and Customer Objection. During the term of the Agreement, Inbenta will update its current Subprocessor list at the URL identified in Section 7.2 periodically to reflect any changes. Inbenta will strive to notify Customer if it adds or removes Subprocessors at least fifteen (15) days prior to any changes if Customer provides Inbenta with written instructions and an appropriate email address for such notification. Customer may object to Inbenta’s use of a new Subprocessor by notifying Inbenta promptly in writing within ten (10) business days after receipt of Inbenta’s notice of appointment of Subprocessor, provided such objection is based on reasonable grounds, such as the violation of Applicable Data Protection Laws or the weakening of the security of the User Data. In the event Customer objects to a new Subprocessor, as permitted in the preceding sentence, the Parties agree to discuss commercially reasonable alternative solutions in good faith. If the Parties cannot reach a resolution within sixty (60) days from the date of Inbenta’s receipt of Customer’s written objection, Customer may discontinue the use of the affected Services by providing written notice to Inbenta. In the absence of timely and valid objection by Customer, such Subprocessor may be commissioned to process User Data.
7.4. Liability. Inbenta will be liable for the acts and omissions of its Subprocessors to the same extent Inbenta would be liable if performing the services of each Subprocessor directly under the terms of this DPA, except as otherwise set forth in the Agreement.
8. SECURITY BREACH
8.1. If Inbenta becomes aware of a Security Breach, Inbenta will without undue delay: (a) notify Customer of the Security Breach; (b) investigate the Security Breach and provide Customer with information about the Security Breach; and (c) take reasonable steps to mitigate the effects and to minimize any damage resulting from the Security Breach. Inbenta’s obligation to report or respond to a Security Breach under this Section is not and will not be construed as an acknowledgement by Inbenta of any fault or liability with respect to the Security Breach.
8.2. Notification(s) of Security Breaches, if any, will be delivered to one or more of Customer’s business, technical or administrative contacts by any means Inbenta selects, including via email. It is Customer’s sole responsibility to ensure it maintains accurate contact information on Inbenta’s support systems at all times.
9. LIMITATION OF LIABILITY
Inbenta and all of its Affiliates’ liability taken together in the aggregate arising out of or related to this DPA (including the SCCs) will be subject to the exclusions and limitations of liability set forth in the Agreement. The liability described in the SCCs will in no event exceed the limitations set forth in the Agreement, and that under no circumstances and under no legal theory, whether in contract, tort, negligence, or otherwise, will Inbenta or its Affiliates, officers, directors, employees, agents, service providers, suppliers, or licensors be liable to Customer or any third party for any lost profits, lost sales of business, lost data, business interruption, loss of goodwill, or for any type of indirect, incidental, special, exemplary, consequential or punitive loss or damages, regardless of whether such Party has been advised of the possibility of or could have foreseen such damages. For the avoidance of doubt, this section will not be construed as limiting the liability of either Party with respect to claims brought by Data Subjects.
10. RESTRICTED TRANSFERS
10.1. To the extent Personal Data is provided to Inbenta in the EEA, UK or Switzerland by Customer or its representatives , except for the circumstances set out below, Inbenta will not transfer to, or carry out any processing of Personal Data in a country outside the EEA, UK or Switzerland unless the country has been recognized by the European Commission, UK or Switzerland as having an adequate level of data protection. Transfers to or processing of Personal Data relating to EU, UK or Swiss Data Subjects carried out in the United States are subject to Inbenta’s participation and self-certification to the E.U.-U.S. Data Privacy Framework, Swiss-U.S. Data Privacy Framework, and UK Extension to the EU-U.S. Data Privacy Framework. As such, there are no circumstances in which a Restricted Transfer is carried out between the Customer as Exporter and Inbenta as Importer.
10.2. If the adequacy decisions for the E.U.-U.S. and Swiss-U.S. Data Privacy Frameworks and/or UK Extension to the E.U.-U.S. Data Privacy Framework are invalidated, or if Inbenta no longer participates in the E.U.-U.S. and Swiss-U.S. Data Privacy Frameworks and/or UK Extension, then, as of the moment of invalidation or withdrawal from the Frameworks, transfers of Personal Data from Customer to Inbenta are subject to the Standard Contractual Clauses annexed to the European Commission’s Implementing Decision 2021/914 of 4 June 2021 (“SCC”), hereby incorporated reference into this Agreement, and/or the UK Addendum to the SCCs issued by the Office of the Information Commissioner (ICO), hereby incorporated by reference into this Agreement.
11. OBLIGATIONS POST-TERMINATION
Termination or expiration of this DPA will not discharge the Parties from their obligations meant to survive the termination or expiration of this DPA.
12. SEVERABILITY
Any provision of this DPA that is prohibited or unenforceable in any jurisdiction will, as to such jurisdiction, be ineffective to the extent of such prohibition or unenforceability without invaliding the remaining provisions hereof, and any such prohibition or unenforceability in any jurisdiction will not invalidate or render unenforceable such provision in any other jurisdiction. The Parties will attempt to agree upon a valid and enforceable provision that is a reasonable substitute and will incorporate such substitute provision into this DPA.
APPENDIX 1 – DETAILS OF PROCESSING
Part A – Customer Representative Data
Subject matter of the processing
Identification of Customer’s representatives for the purpose of granting or denying access to Inbenta’s systems and keeping records of their access.
Duration of the processing
While this Agreement is in force, as long as Customer continues to receive Services and access Inbenta’s systems.
Nature of the processing
Collection, storage, organization, structuring, access, restriction, alteration, erasure, destruction.
Purpose of the processing
Identity verification to control access to the Inbenta systems and the data they contain, fulfilling the contractual obligations, maintaining and improving the services and systems.
Type of personal data
Name, business email, IP Address (or equivalent when accessed through a mobile device), time and date of access, length of session, location.
Categories of data subjects
Employees and other personnel of Customer.
Part B – User Data
Subject matter of the processing
Provision of the Services, as defined in the Agreement and selected by Customer:
Duration of the processing
While this Agreement is in force, as long as Users use the Services that Customer has licensed pursuant to the Agreement and made available for access, use, or communication with such individuals.
Nature of the processing
Collection, storage, organization, structuring, access, restriction, alteration, erasure, destruction.
Purpose of the processing
Providing electronic customer communication services to Users that Customer has licensed pursuant to the Agreement.
Type of Personal Data
Identity and contact data (such as name, gender, address, email address, phone numbers), IP address, session ID, purchase history, opinions, User questions, conversation histories, time and date of access, length of session, location, and other additional data fields, which may not include bank account or other Special Categories of Data that Customer notifies Inbenta will be relevant to the provision of Services.
Categories of data subjects
Users.
APPENDIX 2
Technical and Organizational Measures Related to Information Security. Inbenta maintains appropriate technical and organizational measures designed to protect Personal Data against accidental, unauthorized, or unlawful destruction, loss, alteration, disclosure, or access, and to provide an appropriate security level for the risk represented by the processing and the nature of the data to be protected.
Accordingly, Inbenta has implemented an Information Security and Information Privacy Management System compliant with ISO 27001, ISO 27017, and ISO 27701 standards which include, among others, the following measures:
- Data access policies and procedures to check that access to Inbenta’s computer systems is done through individual users and passwords, such as limiting data access to those employees who strictly require it to perform their job.
- Backup copies, where appropriate, of the personal data processed by the controllers that require availability and integrity.
- Ongoing surveillance and monitoring of systems and networks to detect and minimize the impact of any malfunction or threat.
- Logging of user and administrator events and activities.
- Security configurations and perimeter protection systems in the network to avoid intrusions, as well as antivirus protection of its computer systems.
- Registry of security incidents and mechanisms and procedures for the notification of security breaches have been established.
- Physical access control and protection of the equipment, people, and facilities where the data controller is being processed.
- In case of managing support or documents with the controller’s personal data, these are duly stored in cabinets or spaces equipped with locking devices.
- A code of conduct, including prevention of criminal behavior and good practices in security and data privacy.
- A training and awareness platform in information security and data privacy for all Inbenta staff, including phishing simulations and phishing prevention training.
- A Continuity Plan that grants the possibility of restoring the availability of and access to personal data quickly, in the event of a physical or technical incident, within the timeframes required to meet the business commitments the parties are bound to by means of the service contract.
- Contractual clauses and agreements with all sub-processors, including providing sufficient commitments to implement appropriate technical and organizational measures for processing to meet the requirements of the applicable regulations and protect the rights of data subjects.
- Application of privacy principles by design and by default.