Terms and Conditions
Last Updated On 09-Mar-2023
Terms and Conditions includes:
- Subject and terminology
1.1. These Terms and Conditions (hereinafter “T&C”) outline the rules and regulations for the use of Aurumity Limited’s website aurumity.com (hereinafter “Website”) and digital development and marketing services.
1.2. Aurumity Limited is registered at: Inomenon Ethnon, 44, Orthodoxou Tower, 6042, Larnaca, Cyprus.
1.3. The following terminology applies to these T&C: “Client”, “You”, “Your” refers to you, the person accessing this website and accepting these T&C. “Company”, “We”, “Our”, “Us”, refers to our Company. “Party”, “Parties”, refers to both the Client and the Company, or either the Client or the Company.
1.4. All terms refer to the offer, acceptance and consideration of payment necessary to undertake the process of Our assistance to the Client in the most appropriate manner, whether by formal meetings of a fixed duration, or any other means, for the express purpose of meeting the Client’s needs in respect of provision of the Company’s stated services, in accordance with and subject to, prevailing law of Republic of Cyprus. Any use of the above terminology or other words in the singular, plural, capitalisation and/or he/she or they, are taken as interchangeable and therefore as referring to same.
1.5. By accessing the Website we assume you accept these T&C in full. Do not continue to use the Website if you do not accept all of the T&C stated on this page.
3.1. Unless otherwise stated, We and/or Our licensors own the intellectual property rights for all materials of theWebsite. All intellectual property rights are reserved. You may view and/or print pages from the Website for Your own personal use subject to restrictions set in these T&C.
3.2. You must not:
- republish material;
- sell, rent or sub-license material;
- reproduce, duplicate or copy material.
3.3. Redistribute content from Us (unless content is specifically made for redistribution).
- User comments
4.1. Certain parts of the Website offer the opportunity for users to post and exchange opinions, information, material and data (“Comments”) in areas of the Website. The Company does not screen, edit, publish or review Comments prior to their appearance on the Website and Comments do not reflect the views or opinions of the Company, its agents or affiliates. Comments reflect the view and opinion of the person who posts such view or opinion. To the extent permitted by applicable laws the Company shall not be responsible or liable for the Comments or for any loss cost, liability, damages or expenses caused and or suffered as a result of any use of and/or posting of and/or appearance of the Comments on the Website.
4.2. We reserve the right to monitor all Comments and to remove any Comments which it considers in its absolute discretion to be inappropriate, offensive or otherwise in breach of these T&C.
4.3. You warrant and represent that:
- you are entitled to post the Comments on the Website and have all necessary licenses and consents to do so;
- the Comments do not infringe any intellectual property right, including without limitation copyright, patent or trademark, or other proprietary right of any third party;
- the Comments do not contain any defamatory, libelous, offensive, indecent or otherwise unlawful material or material which is an invasion of privacy;
- the Comments will not be used to solicit or promote business or custom or present commercial activities or unlawful activity.
4.4. You hereby grant to Us a non-exclusive royalty-free license to use, reproduce,
edit and authorize others to use, reproduce and edit any of Your Comments in any and all forms, formats or media.
5.1. The following organizations may link to the Website without prior written approval:
- government agencies;
- search engines;
- news organizations;
- online directory distributors when they list us in the directory may link to the Website in the same manner as they hyperlink to the websites of other listed businesses; and
- systemwide Accredited Businesses except soliciting non-profit organizations, charity shopping malls, and charity fundraising groups which may not hyperlink to the W
5.2. These organizations may link to Our home page, to publications or to other Website information so long as the link: (a) is not in any way misleading; (b) does not falsely imply sponsorship, endorsement or approval of the linking party and its products or services; and (c) fits within the context of the linking party’s site.
5.3. We may consider and approve in Our sole discretion other link requests from the following types of organizations:
- commonly-known consumer and/or business information sources;
- community sites;
- associations or other groups representing charities, including charity giving sites,
- online directory distributors;
- internet portals;
- accounting, law and consulting firms whose primary clients are businesses; and
- educational institutions and trade associations.
5.4. We will approve link requests from these organizations if we determine that: (a) the link would not reflectunfavorably on us or Our accredited businesses (for example, trade associations or other organizations representing inherently suspect types of business, such as work-at-home opportunities, shall not be allowed to link); (b) the organization does not have an unsatisfactory record with us; (c) the benefit to us from the visibility associated with the hyperlink outweighs the absence of the Company; and (d) where the link is in the context of general resource information or is otherwise consistent with editorial content in a newsletter or similar product furthering the mission of the organization.
5.5. These organizations may link to Our home page, to publications or to other website information so long as the link: (a) is not in any way misleading; (b) does not falsely imply sponsorship, endorsement or approval of the linking party and it products or services; and (c) fits within the context of the linking party’s site.
5.6. If you are among the organizations listed in paragraph above and are interested in linking to the Website, you must notify Us. Please include Your name, Your organization name, contact information (such as a phone number and/or email address) as well as the URL of Your website, a list of any URLs from which you intend to link to the Website,and a list of the URL(s) on the Website to which you would like to link. Allow 1-2 weeks for a response.
5.7. Approved organizations may hyperlink to the Website as follows:
- by use of Our corporate name; or
- by use of the uniform resource locator (Web address) being linked to; or
- by use of any other description of the Website or material being linked to that makes sense within the context and format of content on the linking party’s site.
5.8. No use of the Company’s logo or other artwork will be allowed for linking absent a trademark license agreement.
6.1. Without prior approval and express written permission, you may not create frames around Our web pages or use other techniques that alter in any way the visual presentation or appearance of the Website.
- Reservation of rights
7.1. We reserve the right at any time and in its sole discretion to request that you remove all links or any particular link to the Website. You agree to immediately remove all links to the Website upon such request. We also reserve the right to amend these T&C and its linking policy at any time.
7.2. By continuing to link to the Website, you agree to be bound to and abide by these linking T&C.
- Removal of links
8.1. If You find any link on the Website or any linked website objectionable for any reason, You may contact Us about this. We will consider requests to remove links but will have no obligation to do so or to respond directly to You.
8.2. Whilst we endeavor to ensure that the information on the Website is correct, We do not warrant its completeness or accuracy; nor do We commit to ensuring that the Website remains available or that the material on the Website is kept up to date.
- Content liability
9.1. We shall have no responsibility or liability for any content appearing on Your website. You agree to indemnify and defend us against all claims arising out of or based upon Your website. No link(s) may appear on any page on Your website or within any context containing content or materials that may be interpreted as libelous, obscene or criminal, or which infringes, otherwise violates, or advocates the infringement or other violation of, any third party rights.
10.1. To the maximum extent permitted by applicable law, We exclude all representations, warranties and conditions relating to the Website and the use of the Website (including, without limitation, any warranties implied by law in respect of satisfactory quality, fitness for purpose and/or the use of reasonable care and skill).
10.2. Nothing in this disclaimer will:
- limit or exclude Our or Your liability for death or personal injury resulting from negligence;
- limit or exclude Our or Your liability for fraud or fraudulent misrepresentation;
- limit any of Our or Your liabilities in any way that is not permitted under applicable law; or
- exclude any of Our or Your liabilities that may not be excluded under applicable law.
10.3. The limitations and exclusions of liability set out in this Section and elsewhere in this disclaimer: (a) are subject to the preceding paragraph; and (b) govern all liabilities arising under the disclaimer or
in relation to the subject matter of this disclaimer, including liabilities arising in contract, in tort
(including negligence) and for breach of statutory duty.
10.4. To the extent that the Website and the information and some services on the Website are provided free of charge, We will not be liable for any loss or damage of any nature.
10.5. All the information on the Website is published in good faith and for general information purpose only. We don’t make any warranties about the completeness, reliability and accuracy of this information. Any action You take upon the information You find on the Website is strictly at Your own risk. We will not be liable for any losses and/or damages in connection with the use of the Website.
10.6. From the Website, You can visit other websites by following hyperlinks to such external sites. While We strive to provide only quality links to useful and ethical websites, We have no control over the content and nature of these sites. These links to other websites do not imply a recommendation for all the content found on these sites. Site owners and content may change without notice and may occur before We have the opportunity to remove a link which may have gone “bad”.
10.7. Please be also aware that when You leave the Website, other sites may have different privacy policies and terms which are beyond Our control. Please be sure to check privacy policies of these sites as well as their terms before engaging in any business or uploading any information.
- Confidential information
11.1. Parties agree to maintain as confidential and not disclose the confidential information to any third party and will not use any confidential information for any purpose other than for the performance of its obligations under this T&C.
11.2. Confidential information includes oral or written information that is a commercial secret of the Party, including electronic media in originals and copies, including all data, plans, programs, estimates, other information, documents and materials that have become known to the other Party.
11.3. Parties agree to use all reasonable efforts to prevent any unauthorized disclosure of the confidential information disclosed under this T&C.
11.4. Confidential information does not include information that (a) has been made public by an act or omission by other parties; (b) Parties receive from an unrelated third party without restriction on disclosure and without breach of a nondisclosure obligation; (c) Parties knew prior to receiving such information; (d) We develop independently without using of confidential information; (e) has been transferred by Us to third parties only for the implementation of this T&C.
- Force majeure circumstances
12.1. Each of the Parties shall be exempted from liability for non-fulfilment of obligations under the T&C, if this failure was caused by circumstances of force majeure beyond their control, which arose after the accepting of the T&C and which could not be avoided or eliminated, such as: war, decrees of state bodies that substantially worsen conditions for the implementation of the T&C or make it impossible to fully or partially fulfill them; fire, flood, earthquake and other natural disasters; technical accidents with harsh consequences, epidemics and other circumstances. The Party for which it became impossible to perform the T&C in connection with force majeure circumstances must immediately notify the other Party of the occurrence of such circumstances and the termination of such circumstances or their consequences.
12.2. Within one day after the emergence of such circumstances or the beginning of the effect of their consequences, the Parties shall in writing agree on the period for which the T&C is terminated. If such circumstances or their consequences continue for a period longer than the period agreed by the Parties, then each Party will have the right to refuse further fulfilment of its obligations under the T&C, in which case neither Party has the right to demand compensation by the other Party for losses, including lost profits.
13.1. Although most changes are likely to be minor, We may change Our T&C, prices and the description of orders, from time to time, and in Our sole discretion. We encourage visitors to frequently check the Website for any changes.
13.2. Your continued use the Website or services after any change will constitute Your acceptance of such change.
- Governing law and jurisdiction
14.1. This T&C and the relationship between the Client and Us shall be governed by and construed in accordance with the Law of Republic of Cyprus; the Client and We agree to submit to the exclusive jurisdiction of the Courts of Republic of Cyprus.
- Contact information
15.1. If you have any questions about this T&C, please contact us via email firstname.lastname@example.org or phone +35797753088.
Addendum 1 “Data Processing Agreement”
Last Updated On 09-Mar-2023
Capitalized terms used in this Data Processing Agreement (hereinafter “DPA”) are defined in this section or the section of the Agreement they were first used.
1.1. “Controller” means entity that determines the purposes and means of the processing of Personal Data.
1.2 “GDPR” means General Data Protection Regulation 2016/679 of the European Parliament and of the Council on the protection of natural persons with regard to the processing of Personal Data and on the free movement of such data.
1.3 “Personal Data” means any information relating to an identified or identifiable natural person.
1.4 “Personal Data Breach” means a breach of security of the Services leading to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to Personal Data.
1.5 “Processor” means an entity that processes Personal Data on behalf of a Controller.
1.6 “Services” means the services as defined in Agreement.
1.7. “Subprocessor” means any person appointed by or on behalf of the Company to Process Personal Data on behalf of the Company in connection with the Terms and Conditions.
1.8 “Term” means the period from the DPA effective date until the end of the Company’s provision of the Services in the Agreement.
2.1. The Processor has agreed to provide the Services to the Controller in accordance with the terms of the Agreement. In providing the Services, the Processor shall process Customer Data on behalf of the Controller. Customer Data may include Personal Data. The Processor will process and protect such Personal Data in accordance with the terms of this DPA.
3.1. In providing the Services to the Controller pursuant to the terms of the Agreement, the Processor shall process Personal Data only to the extent necessary to provide the Services in accordance with both the terms of the Agreement and the Controller’s instructions documented in the Agreement and this DPA.
- Duration of this DPA
4.1. The Client and the Company acknowledge that for the purpose of the Data Protection Legislation, the Client is the Controller, and the Company is the Processor.
4.2. The duration of this DPA will take effect on the Terms and Conditions effective date and, notwithstanding expiry of the Term, will remain in effect until, and automatically expire upon, deletion of all Client’s data by the Company as described in this DPA.
- Processor Obligations
5.1. The Processor may collect, process or use Personal Data only within the scope of this DPA.
5.2. The Processor confirms that it shall process Personal Data on behalf of the Controller and shall take steps to ensure that any natural person acting under the authority of the Processor who has access to Personal Data shall only process the Personal Data on the documented instructions of the Controller.
5.3. The Processor shall promptly inform the Controller, if in the Processor’s opinion, any of the instructions regarding the processing of Personal Data provided by the Controller, breach any applicable data protection laws.
5.4. The Processor shall ensure that all employees, agents, officers and contractors involved in the handling of Personal Data: (i) are aware of the confidential nature of the Personal Data and are contractually bound to keep the Personal Data confidential; (ii) have received appropriate training on their responsibilities as a data processor; and (iii) are bound by the terms of this DPA.
5.5. The Processor shall implement appropriate technical and organisational procedures to protect Personal Data, taking into account the state of the art, the costs of implementation and the nature, scope, context and purposes of processing as well as the risk of varying likelihood and severity for the rights and freedoms of natural persons.
5.6. The Processor shall implement appropriate technical and organisational measures to ensure a level of security appropriate to the risk, including inter alia as appropriate: (i) the pseudonymisation and encryption of Personal Data; (ii) the ability to ensure the on-going confidentiality, integrity, availability and resilience of processing systems and services; (iii) the ability to restore the availability and access to Personal Data in a timely manner in the event of a physical or technical incident; (iv) a process for regularly testing, assessing and evaluating the effectiveness of technical and organisational measures for ensuring the security of the processing. In accessing the appropriate level of security, account shall be taken in particular of the risks that are presented by processing, in particular from accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to Personal Data transmitted, stored or otherwise processed.
5.7. The technical and organisational measures detailed in Exhibit 2 shall be at all times adhered to as a minimum security standard. The Controller accepts and agrees that the technical and organisational measures are subject to development and review and that the Processor may use alternative suitable measures to those detailed in the attachments to this DPA.
5.8. The Controller acknowledges and agrees that, in the course of providing the Services to the Controller, it may be necessary for the Processor to access the Personal Data to respond to any technical problems or Controller queries and to ensure the proper working of the Services. All such access by the Processor will be limited to those purposes.
5.9. Where Personal Data relating to an EU Data Subject is transferred outside of the EEA it shall be processed in accordance with the provisions of the Standard Contractual Clauses, unless the processing takes place: (i) in a third country or territory recognised by the EU Commission to have an adequate level of protection; or (ii) by an organisation located in a country which has other legally recognised appropriate safeguards in place, such as the EU-US Privacy Shield or Binding Corporate Rules.
5.10. Taking into account the nature of the processing and the information available to the Processor, the Processor shall assist the Controller by having in place appropriate technical and organisational measures, insofar as this is possible, for the fulfilment of the Controller’s obligation to respond to requests for exercising the Data Subject’s rights and the Controller’s compliance with the Controller’s data protection obligations in respect of the processing of Personal Data.
- Controller Obligations
6.1. The Controller represents and warrants that it shall comply with the terms of the Agreement, this DPA and all applicable data protection laws.
6.2. The Controller represents and warrants that it has obtained any and all necessary permissions and authorisations necessary to permit the Processor, its Affiliates and Sub-Processors, to execute their rights or perform their obligations under this DPA.
6.3. The Controller is responsible for compliance with all applicable data protection legislation, including requirements with regards to the transfer of Personal Data under this DPA and the Agreement.
6.4. All Affiliates of the Controller who use the Services shall comply with the obligations of the Controller set out in this DPA.
6.5. The Controller shall implement appropriate technical and organisational procedures to protect Personal Data, taking into account the state of the art, the costs of implementation and the nature, scope, context and purposes of processing as well as the risk of varying likelihood and severity for the rights and freedoms of natural persons. The Controller shall implement appropriate technical and organisational measures to ensure a level of security appropriate to the risk, including inter alia as appropriate: (i) the pseudonymisation and encryption of Personal Data; (ii) the ability to ensure the on-going confidentiality, integrity, availability and resilience of processing systems and services; (iii) the ability to restore the availability and access to Personal Data in a timely manner in the event of a physical or technical incident; (iv) a process for regularly testing, assessing and evaluating the effectiveness of technical and organisational measures for ensuring the security of the processing. In accessing the appropriate level of security account shall be taken in particular of the risks that are presented by processing, in particular from accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to Personal Data transmitted, stored or otherwise processed.
6.6. The Controller shall take steps to ensure that any natural person acting under the authority of the Controller who has access to Personal Data only processes the Personal Data on the documented instructions of the Controller.
6.7. The Controller may require correction, deletion, blocking and/or making available the Personal Data during or after termination of the Agreement. The Processor will process the request to the extent it is lawful and will reasonably fulfil such request in accordance with its standard operational procedures to the extent possible.
6.8. The Controller acknowledges and agrees that some instructions from the Controller, including destruction or return of data, assisting with audits, inspections or DPIAs by the Processor, may result in additional fees. In such case, the Processor will notify the Controller of its fees for providing such assistance in advance, unless otherwise agreed.
- Collecting, Processing of Data under the DPA
7.1. The Controller will comply with its obligations under the Data Protection Laws in respect of its collecting and processing of Personal Data and any processing instructions it issues to Processor. Controller represents that it has all rights, consents, and authorizations necessary for Processor to process Personal Data pursuant to Data Protection Laws and the Agreement.
7.2. The Controller authorizes Processor, in providing its Services, to collect, process or use Personal Data in accordance with applicable laws and only within the scope of this DPA.
7.3. The Processor will comply with its processor obligations under General Data Protection Regulation and will process Personal Data in accordance with Controller’s instruction.
7.4. The Processor confirms that it shall process Personal Data on behalf of the Controller and shall take steps to ensure that any natural person acting under the authority of the Processor who has access to Personal Data shall only process the Personal Data on the documented instructions of the Controller.
- Technical and Organizational Security Measures
8.1. Prior to the commencement of any processing, Processor shall implement, establish and maintain all necessary technical and organizational security measures to protect against Personal Data Breaches and to preserve the security and confidentiality of Personal Data processed on behalf of Controller. Processor shall present and document these technical and organizational security measures for inspect by Controller. Such technical and organizational security measures shall become the foundation of the Services and are subject to technical progress and development.
8.2. Controller is responsible for using and configuring the Services to enable Controller to comply with Data Protection Laws, including implementing their own appropriate and adequate technical and organizational measures. Controller shall provide Processor with a copy of such measures and notify in writing of any modifications. In the event that Processor use Controller devices, laptops, or computers, Controller shall present and document all technical and organizational security measure for inspection by Processor. Such technical and organizational security measures shall become the foundation of the Services and are subject to technical progress and development.
9.1. Upon becoming aware, and no later than 72 hours after becoming aware, of a Personal Data Breach, Processor will notify Controller without undue delay and will provide information relating to the Personal Data Breach as reasonably requested by Controller Processor will use reasonable efforts and methods to assist Controller in mitigating, where possible, the adverse effects of any Personal Data Breach.
9.2. Processor shall assist Controller in complying with the obligations concerning the security of Personal Data, reporting requirements for data breaches, data protection impact assessments and prior consultations. The obligation to report a Personal Data Breach immediately to Controller.
- Deletion and Return of Data
10.1. Pursuant to the Agreement, Processor will delete (after the notification of Controller or return to Controller all Personal Data that may be in possession as provided in the Agreement except to the extent Processor is required by law to retain any Personal Data. Processor further agrees: any copies or duplicates of Personal Data shall not be created without the knowledge or instruction of Controller or as described above.
11.1. The Processor may outsource part of the processing activities pursuant to this DPA to Subprocessors that, as far as legally required, shall be subject to the contractual obligations resulting from art. 28 par. 4GDPR. The Processor shall bear full responsibility and liability for the activities of its Subprocessors.
11.2. The Controller acknowledges and agrees that: (i) Affiliates of the Processor may be used as Sub-processors; and (ii) the Processor and its Affiliates respectively may engage Sub-processors in connection with the provision of the Services.
11.3. All Sub-processors who process Personal Data in the provision of the Services to the Controller shall comply with the obligations of the Processor set out in this DPA.
11.4. Where Sub-processors are located outside of the EEA, the Processor confirms that such Sub-processors: (i) are located in a third country or territory recognised by the EU Commission to have an adequate level of protection; or (ii) have entered into Standard Contractual Clauses with the Processor; or (iii) have other legally recognised appropriate safeguards in place, such as the EU-US Privacy Shield or Binding Corporate Rules.
11.5. The Processor shall make available to the Controller the current list of Sub-processors which shall include the identities of Sub-processors and their country of location. During the term of this DPA, the Processor shall provide the Controller with prior notification, via email, of any changes to the list of Sub-processor(s) who may process Personal Data before authorising any new or replacement Sub-processor(s) to process Personal Data in connection with the provision of the Services.
11.6. The Controller may object to the use of a new or replacement Sub-processor, by notifying the Processor promptly in writing within ten (10) Business Days after receipt of the Processor’s notice. If the Controller objects to a new or replacement Sub-processor, and that objection is not unreasonable, the Controller may terminate the Agreement or applicable Statement of Work with respect to those Services which cannot be provided by the Processor without the use of the new or replacement Sub-processor. The Processor will refund the Controller any prepaid fees covering the remainder of the term of the Agreement (or applicable Statement of Work) following the effective date of termination with respect to such terminated Services.
- Data Transfers
12.1. Processor may transfer and process Personal Data as requested by Controller in other locations around the world where Processor and its sub-processors maintain operations as necessary to provide services under the Agreement and this DPA.
12.2. Where Personnel Data is transferred from the European Economic Area (“EEA”) and/or Switzerland to a member of Processor’s group of companies located in a country not recognized by the European Commission or the Swiss Federal Data Protection Authority as providing an adequate level of protection for Personal Data, Controller appoints Processor to enter into the Standard Contractual Clauses on Controller’s behalf with such Processor entity based outside of the EEA and Switzerland and involved in the processing of Personal Data. Processor will provide a copy of those Clauses to Controller upon Controller’s written request.
- Duties of Processor
13.1. Processor is not obligated to appoint a Data Protection Officer. Processor’s primary contact for requests under this DPA are as follows:
13.2. Processor and any person acting under its authority who has access to personal data, shall not process that data unless on instructions from Controller, which includes the powers granted in this Agreement, unless required to do so by law.
- Processing Records
14.1. Controller acknowledges that Controller is required under Data Protection Laws to (i) collect and maintain records of certain information, including the name and contact details of each processor and/or controller on behalf of which Processor is acting, and where applicable, of such Processor’s or Controller’s local representative and data protection officer; and (ii) make such information available to the supervising authorities.
14.2. Accordingly, should GDPR apply to the processing of Controller Personal Data, Controller will, where requested, provide such information to ensure that all information provided is kept accurate and up-to-date.
- Limitations of Liability
15.1. Parties agree that the total combined liability limit (including indemnifications of any kind) to one another shall be set as provided under the terms of the Agreement as executed between the Parties.
- Compliance, Cooperation and Response
16.1. In the event that the Processor receives a request from a Data Subject in relation to Personal Data, the Processor will refer the Data Subject to the Controller unless otherwise prohibited by law. The Controller shall reimburse the Processor for all costs incurred resulting from providing reasonable assistance in dealing with a Data Subject request. In the event that the Processor is legally required to respond to the Data Subject, the Controller will fully cooperate with the Processor as applicable.
16.2. The Processor will notify the Controller promptly of any request or complaint regarding the processing of Personal Data, which adversely impacts the Controller, unless such notification is not permitted under applicable law or a relevant court order.
16.3. The Processor may make copies of and/or retain Personal Data in compliance with any legal or regulatory requirement including, but not limited to, retention requirements.
16.4. The Processor shall reasonably assist the Controller in meeting its obligation to carry out data protection impact assessments (DPIAs), taking into account the nature of processing and the information available to the Processor.
16.5. The parties acknowledge that it is the duty of the Controller to notify the Processor within a reasonable time, of any changes to applicable data protection laws, codes or regulations which may affect the contractual duties of the Processor. The Processor shall respond within a reasonable timeframe in respect of any changes that need to be made to the terms of this DPA or to the technical and organisational measures to maintain compliance. If the parties agree that amendments are required, but the Processor is unable to accommodate the necessary changes, the Controller may terminate the part or parts of the Services which give rise to the non-compliance. To the extent that other parts of the Services provided are not affected by such changes, the provision of those Services shall remain unaffected.
16.6. The Controller and the Processor and, where applicable, their representatives, shall cooperate, on request, with a supervisory data protection authority in the performance of their respective obligations under this DPA.
- Term and Termination
17.1. The Processor will only process Personal Data for the term of the DPA. The term of this DPA shall coincide with the commencement of the Agreement and this DPA shall terminate automatically together with termination or expiry of the Agreement.
17.2. The Processor shall at the choice of the Controller, upon receipt of a written request received within 30 days the end of the provision of the Solution and Services relating to processing, delete or return Personal Data to the Controller. The Processor shall in any event delete all copies of Personal Data in its systems within 6 months of the effective date of termination of the Agreement unless: (i) applicable law or regulations require storage of the Personal Data after termination; or (ii) partial personal data of the Customer is stored in backups, then such personal data shall be deleted from backups up 1 year after the effective date of termination of the Agreement.
Personal data processing purposes and details
Data Processing Purposes: Digital development and marketing.
Duration of Processing: Throughout the Term of Terms and Conditions.
Nature of Processing: The Personal Data is processed in accordance with the Terms and Conditions.
Personal Data Categories: Identity Data, Contact Data.
Data Subject Types: Clients.
The Processor’s legal basis for processing Personal Data outside the EU: Standard Contractual Clauses between the Client as Controller and the Company as Processor.
Standard contractual clauses
Clause 1. Definitions
For the purposes of the Clauses:
(a) ‘personal data’, ‘special categories of data’, ‘process/processing’, ‘controller’, ‘processor’, ‘data subject’ and ‘supervisory authority’ shall have the same meaning as in Directive 95/46/EC of the European Parliament and of the Council of 24 October 1995 on the protection of individuals with regard to the processing of personal data and on the free movement of such data;
(b) ‘the data exporter’ means Controller;
(c) ‘the data importer’ means Processor;
(d) ‘the sub-processor’ means any processor engaged by the data importer or by any other sub-processor of the data importer who agrees to receive from the data importer or from any other sub-processor of the data importer personal data exclusively intended for processing activities to be carried out on behalf of the data exporter after the transfer in accordance with his instructions, the terms of the Clauses and the terms of the written subcontract;
(e) ‘the applicable data protection law‘ means the legislation protecting the fundamental rights and freedoms of individuals and, in particular, their right to privacy with respect to the processing of personal data applicable to a data controller in the Member State in which the data exporter is established;
(f) ‘technical and organisational security measures’ means those measures aimed at protecting personal data against accidental or unlawful destruction or accidental loss, alteration, unauthorised disclosure or access, in particular where the processing involves the transmission of data over a network, and against all other unlawful forms of processing.
Clause 2. Details of the transfer
The details of the transfer and in particular the special categories of personal data where applicable are specified in Annex 1 which forms an integral part of the Clauses.
Clause 3. Third-party beneficiary clause
- The data subject can enforce against the data exporter this Clause, Clause 4(b) to (i), Clause 5(a) to (e), and (g) to (j), Clause 6(1) and (2), Clause 7, Clause 8(2), and Clauses 9 to 12 as third-party beneficiary.
- The data subject can enforce against the data importer this Clause, Clause 5(a) to (e) and (g), Clause 6, Clause 7, Clause 8(2), and Clauses 9 to 12, where the damage caused by processing, only where it has not complied with obligations of the Data Protection Laws, specifically directed to the data importer or where it has acted outside or contrary to lawful instructions of the data exporter or in cases where the data exporter has factually disappeared or has ceased to exist in law unless any successor entity has assumed the entire legal obligations of the data exporter by contract or by operation of law, as a result of which it takes on the rights and obligations of the data exporter, in which case the data subject can enforce them against such entity.
- The data subject can enforce against the sub processor this Clause, Clause 5(a) to (e) and (g), Clause 6, Clause 7, Clause 8(2), and Clauses 9 to 12, in cases where both the data exporter and the data importer have factually disappeared or ceased to exist in law or have become insolvent, unless any successor entity has assumed the entire legal obligations of the data exporter by contract or by operation of law as a result of which it takes on the rights and obligations of the data exporter, in which case the data subject can enforce them against such entity. Such third-party liability of the sub processor shall be limited to its own processing operations under the Clauses.
- The parties do not object to a data subject being represented by an association or other body if the data subject so expressly wishes and if permitted by national law.
Clause 4. Obligations of the data exporter
The data exporter agrees and warrants:
(a) that the processing, including the transfer itself, of the personal data has been and will continue to be carried out in accordance with the relevant provisions of the applicable data protection law (and, where applicable, has been notified to the relevant authorities of the Member State where the data exporter is established) and does not violate the relevant provisions of that State;
(b) that it has instructed and throughout the duration of the personal data processing services will instruct the data importer to process the personal data transferred only on the data exporter’s behalf and in accordance with the applicable data protection law and the Clauses;
(c) that the data importer will provide sufficient guarantees in respect of the technical and organisational security measures specified in this Agreement;
(d) that after assessment of the requirements of the applicable data protection law, the security measures are appropriate to protect personal data against accidental or unlawful destruction or accidental loss, alteration, unauthorised disclosure or access, in particular where the processing involves the transmission of data over a network, and against all other unlawful forms of processing, and that these measures ensure a level of security appropriate to the risks presented by the processing and the nature of the data to be protected having regard to the state of the art and the cost of their implementation;
(e) that it will ensure compliance with the security measures;
(f) that, if the transfer involves special categories of data, the data subject has been informed or will be informed before, or as soon as possible after, the transfer that its data could be transmitted to a third country not providing adequate protection within the meaning of Directive 95/46/EC;
(g) to forward any notification received from the data importer or any sub processor pursuant to Clause 5(b) and Clause 8(3) to the data protection supervisory authority if the data exporter decides to continue the transfer or to lift the suspension;
(h) to make available to the data subjects upon request a copy of the Clauses, and a summary description of the security measures, as well as a copy of any contract for sub processing services which has to be made in accordance with the Clauses, unless the Clauses or the contract contain commercial information, in which case it may remove such commercial information;
(i) that, in the event of sub processing, the processing activity is carried out in accordance with Clause 11 by a sub processor providing at least the same level of protection for the personal data and the rights of data subject as the data importer under the Clauses; and
(j) that it will ensure compliance with Clause 4(a) to (i).
Clause 5. Obligations of the data importer
The data importer agrees and warrants:
(a) to process the personal data only on behalf of the data exporter and in compliance with its instructions and the Clauses; if it cannot provide such compliance for whatever reasons, it agrees to inform promptly the data exporter of its inability to comply, in which case the data exporter is entitled to suspend the transfer of data and/or terminate the contract;
(b) that it has no reason to believe that the legislation applicable to it prevents it from fulfilling the instructions received from the data exporter and its obligations under the contract and that in the event of a change in this legislation which is likely to have a substantial adverse effect on the warranties and obligations provided by the Clauses, it will promptly notify the change to the data exporter as soon as it is aware, in which case the data exporter is entitled to suspend the transfer of data and/or terminate the contract;
(c) that it has implemented the technical and organisational security measures specified in this Agreement before processing the personal data transferred;
(d) that it will promptly notify the data exporter about:
(i) any legally binding request for disclosure of the personal data by a law enforcement authority unless otherwise prohibited, such as a prohibition under criminal law to preserve the confidentiality of a law enforcement investigation,
(ii) any accidental or unauthorised access, and
(iii) any request received directly from the data subjects without responding to that request, unless it has been otherwise authorised to do so;
(e) to deal promptly and properly with all inquiries from the data exporter relating to its processing of the personal data subject to the transfer and to abide by the advice of the supervisory authority with regard to the processing of the data transferred;
(f) at the request of the data exporter to submit its data processing facilities for audit of the processing activities covered by the Clauses which shall be carried out by the data exporter or an inspection body composed of independent members and in possession of the required professional qualifications bound by a duty of confidentiality, selected by the data exporter, where applicable, in agreement with the supervisory authority;
(g) to make available to the data subject upon request a copy of the Clauses, or any existing contract for sub processing, unless the Clauses or contract contain commercial information, in which case it may remove such commercial information, which shall be replaced by a summary description of the security measures in those cases where the data subject is unable to obtain a copy from the data exporter;
(h) that, in the event of sub processing, it has previously informed the data exporter and obtained its prior written consent;
(i) that the processing services by the sub processor will be carried out in accordance with Clause 11;
(j) to send promptly a copy of any sub processor agreement it concludes under the Clauses to the data exporter.
Clause 6. Liability
- The parties agree that any data subject, who has suffered damage material or non-material as a result of any breach of the obligations referred to in Clause 3 or in Clause 11 by any party or sub processor is entitled to receive compensation from the data exporter or the data importer for the damage suffered. For the purpose of this clause it is clarified that the data exporter shall be liable for the damage caused by processing which infringes the Data Protection Laws. The data importer shall be liable for the damage caused by processing only where it has not complied with obligations of the Data Protection Laws, specifically directed to the data importer or where it has acted outside or contrary to lawful instructions of the data exporter.
- If a data subject is not able to bring a claim for compensation in accordance with paragraph 1 against the data exporter, arising out of a breach by the data importer or his sub processor of any of their obligations referred to in Clause 3 or in Clause 11, because the data exporter has factually disappeared or ceased to exist in law or has become insolvent, the data importer agrees that the data subject may issue a claim against the data importer as if it were the data exporter, unless any successor entity has assumed the entire legal obligations of the data exporter by contract of by operation of law, in which case the data subject can enforce its rights against such entity.
The data importer may not rely on a breach by a sub processor of its obligations in order to avoid its own liabilities.
- If a data subject is not able to bring a claim against the data exporter or the data importer referred to in paragraphs 1 and 2, arising out of a breach by the sub processor of any of their obligations referred to in Clause 3 or in Clause 11 because both the data exporter and the data importer have factually disappeared or ceased to exist in law or have become insolvent, the sub processor agrees that the data subject may issue a claim against the data sub processor with regard to its own processing operations under the Clauses as if it were the data exporter or the data importer, unless any successor entity has assumed the entire legal obligations of the data exporter or data importer by contract or by operation of law, in which case the data subject can enforce its rights against such entity. The liability of the sub processor shall be limited to its own processing operations under the Clauses.
- Notwithstanding the above provisions in case which more than one data exporter or data importer, or both a data exporter and a data importer are involved in the same processing and where they are, under paragraphs 1, 2 and 3 of Article 82 of the GDPR responsible for any damage caused by processing, each data exporter or data importer shall be held liable for the entire damagein order to ensure effective compensation of the data subject.
Clause 7. Mediation and jurisdiction
- The data importer agrees that if the data subject invokes against it third-party beneficiary rights and/or claims compensation for damages under the Clauses, the data importer will accept the decision of the data subject:
(a) to refer the dispute to mediation, by an independent person or, where applicable, by the supervisory authority;
(b) to refer the dispute to the courts in the Member State in which the data exporter is established.
- The parties agree that the choice made by the data subject will not prejudice its substantive or procedural rights to seek remedies in accordance with other provisions of national or international law.
Clause 8. Cooperation with supervisory authorities
- The data exporter agrees to deposit a copy of this Agreement with the supervisory authority if it so requests or if such deposit is required under the applicable data protection law.
- The parties agree that the supervisory authority has the right to conduct an audit of the data importer, and of any sub processor, which has the same scope and is subject to the same conditions as would apply to an audit of the data exporter under the applicable data protection law.
- The data importer shall promptly inform the data exporter about the existence of legislation applicable to it or any sub processor preventing the conduct of an audit of the data importer, or any sub processor, pursuant to paragraph 2. In such a case the data exporter shall be entitled to take the measures foreseen in Clause 5 (b).
Clause 9. Governing Law
The Clauses shall be governed by the law of the Member State in which the data exporter is established, namely the Republic of Cyprus.
Clause 10. Variation of the contract
The parties undertake not to vary or modify the Clauses. This does not preclude the parties from adding clauses on business related issues where required as long as they do not contradict the Clause.
Clause 11. Sub processing
- The data importer shall not subcontract any of its processing operations performed on behalf of the data exporter under the Clauses without the prior written consent of the data exporter. Where the data importer subcontracts its obligations under the Clauses, with the consent of the data exporter, it shall do so only by way of a written agreement with the sub processor which imposes the same obligations on the sub processor as are imposed on the data importer under the Clauses. Where the sub processor fails to fulfil its data protection obligations under such written agreement the data importer shall remain fully liable to the data exporter for the performance of the sub processor’s obligations under such agreement.
- The prior written contract between the data importer and the sub processor shall also provide for a third-party beneficiary clause as laid down in Clause 3 for cases where the data subject is not able to bring the claim for compensation referred to in paragraph 1 of Clause 6 against the data exporter or the data importer because they have factually disappeared or have ceased to exist in law or have become insolvent and no successor entity has assumed the entire legal obligations of the data exporter or data importer by contract or by operation of law. Such third-party liability of the sub processor shall be limited to its own processing operations under the Clauses.
- The provisions relating to data protection aspects for sub processing of the contract referred to in paragraph 1 shall be governed by the law of the Member State in which the data exporter is established, namely the law of the Republic of Cyprus.
- The data exporter shall keep a list of sub processing agreements concluded under the Clauses and notified by the data importer pursuant to Clause 5 (j), which shall be updated at least once a year. The list shall be available to the data exporter’s data protection supervisory authority.
Clause 12. Obligation after the termination of personal data processing services
- The parties agree that on the termination of the provision of data processing services, the data importer and the sub processor shall, at the choice of the data exporter, return all the personal data transferred and the copies thereof to the data exporter or shall destroy all the personal data and certify to the data exporter that it has done so, unless legislation imposed upon the data importer prevents it from returning or destroying all or part of the personal data transferred. In that case, the data importer warrants that it will guarantee the confidentiality of the personal data transferred and will not actively process the personal data transferred anymore.
- The data importer and the sub processor warrant that upon request of the data exporter and/or of the supervisory authority, it will submit its data processing facilities for an audit of the measures referred to in paragraph 1.
Addendum 2 “Service Agreement”
Last Updated On 09-Mar-2023
1.1. This Service Agreement (hereinafter “Agreement”) is made between the Client and Us, under which the Client has agreed to engage Us into digital development and marketing services (hereinafter “Services”) for website or web application (hereinafter “Application”) for the Client, and We have agreed to fulfill an order in accordance with this Agreement.
1.2. On the basis of the Agreement, the Client instructs, and the We assumes the obligation to perform Services, and the Client agrees and undertakes to accept and pay for the work performed under this Agreement.
1.3. The list of works performed, the requirements for them, as well as the terms of implementation are agreed by the Parties before the initiation of work on the Agreement and presented in the order description on the Website.
- Our responsibilities and rights
2.1. We agree to fulfill the Services order presented in the order description on the Website or based on Our offer to the Client.
2.2. We shall obtain access to and rights to use the Client’s server (hereinafter “Server”) and to other services, that are directly related to the terms of this Agreement.
2.3. We have the right, on behalf of Client, to register with services that are directly related to related to the terms of this Agreement. At the same time, after registration, access to the service will be granted to the Client, who has the full right to change the password after gaining access.
2.4. We are not responsible for any failures of the Server or any hacker attacks on the Application, as well as for any consequences or damage arising of these reasons. We are not responsible for the failure of the Application after the development of the Application and the termination of this Agreement, which may arise due to incorrect operation of the installed CMS, CRM, templates, scripts, modules, plug-ins, codes or other software installed on the Application by Us.
2.5. We can give to the Client very generic documents for Application as a starting point. If the Client has any concerns and believes that the documents provided do not meet the Client’s needs, the Client will get in touch with a legal expert to draft his documents. By using these documents, the Client acknowledges the fact that We are not responsible in any way for any damages that the Client’s business may incur due to these documents.
2.6. We shall include on the Application all copyright or other notices as requested by the Client.
2.7. We have the right to transfer part of the work or all work to third parties with whom We have an agreement and provide them with access rights to the Server, Application or other services.
2.8. The timeline for Services is presented in the order description starting from the date when We receive the payment from the Client. This timeline may vary with the mutual written consent of the Parties.
2.9. We have rights to cancel orders if the Client didn’t proceed with payment of this order.
- The Client’s responsibilities and rights
3.1. The Client shall provide and send instructions to Us by email or chat.
3.2. Client shall provide Us with all materials for Services in order to fulfill the order. The Client is responsible for all proprietary rights to these materials.
3.3. All materials must be provided by the Client in a timely manner on the date when We receive the payment from the Client.
3.4. The Client agrees to place the Website link on the Client’s Application and screenshots and links of the Client’s Application to Our portfolio and social networks.
3.5. Upon completion of work, the Client will change the passwords of access to the Application, to the Server and other passwords, which have been provided to Us.
3.6. The Client agrees to be in Our subscription list to get all the updated and relevant information and news from Us. At any time, the Client may unsubscribe from Our subscription list through email.
4.1. The Client agrees to pay Us the amounts in accordance with the order description.
4.2. If there is a dispute with regard to whether work was actually completed or whether an invoice is properly payable, the amount of the invoice in dispute shall not be due until the dispute is resolved.
4.3. The maximum compensation that We will have to pay to the Client in case of contentious issues should not exceed the actual amount that We received from the Client based on this Agreement.
5.1. Termination of the current Agreement is explained as the written confirmation of the Client about the acceptance of Services. If the Client does not respond to Us within 10 days, then the Services are considered accepted.
5.2. Termination of the Agreement does not exempt the Parties from liability for its violation, which occurred during the validity of the Agreement.
5.3. Each Party has the right to terminate the Agreement by written notifying the other Party in 5 days before the termination of the Agreement.
5.4. After the termination of the Agreement, We have the right not to refund the whole paid amount to the Client for Services. We shall refund only the amount for Services which has not been provided yet at the moment of the request.