Personalize selling with product rec quizzes 👉
Get free ebook
TOOLS
NEW- Enterprise
- Pricing
TEMPLATES
BY TEAM
BY GOAL
BY WORKFLOW
Support
COMPANY
BLOG
Master Enterprise Agreement
Master Enterprise Agreement
MEA
v.5
This Master Enterprise Agreement is entered into in Barcelona (Spain) between the customer identified in the applicable Order Form (“Client”), and TYPEFORM SL, a Spanish corporation registered at C/ Pallars 108, Aticco - Typeform, 08018 — Barcelona (Spain) and holder of the Tax Identification Number B-65831836 (“TYPEFORM”), and is effective as of the Effective Date. For purposes of this Master Enterprise Agreement, TYPEFORM and Client shall also be jointly referred to as the “Parties” and individually as a “Party”.
1. Definitions
All capitalized terms used in this Agreement shall have the meaning given to them below:
Account(s): shall mean the personalized access to the Services (including the Software) given to the Authorized Users.
Actions: shall collectively refer to any claim, proceeding, demand, suit, or action.
Add-on(s): has the meaning set forth in Section 3.8.(i) below.
Affiliate: an entity that Controls, is Controlled by, or under common Control with, a Party.
Agreement: shall jointly refer to this MEA together with its Schedules, as well as any Order Form(s) executed by the Parties from time to time.
API Calls: the number of requests directly or indirectly sent by Client through the Software’s Application Programming Interface —or APIs— aimed at ensuring the intercommunication between the databased processed by means of the Software and a database processed by another software program.
Associated Undertakings: shall be understood to refer to either Party’s Affiliates, officers, directors, employees, agents and/or licensors.
Authorized Minute(s): the maximum number of minutes of video to be collected and/or processed on behalf of Client by TYPEFORM by means of the Software, when any such Software is the SaaS ‘VideoAsk’. For purposes of this Agreement, ‘video processing’ shall be understood to refer to any new content generated by either the Client or Client’s respondents consisting in (i) video (including any audio); or (i) audio. Contents generated by Client’s respondents will be considered for purposes of Authorized Minute(s) limitations as long as said contents are effectively submitted by them.
Authorized Response(s):the maximum number of responses to be collected on behalf of Client by TYPEFORM by means of the Software, when any such Software is the SaaS ‘typeform’. For purposes of this Agreement, ‘response´ shall be construed as any submission to a form owned by Client regardless of the contents and its file size.
Authorized User(s): the users within the Client’s own entity (i.e., excluding other companies that are part of the Client’s Group of companies, and any Client’s contractors or externals) that are allowed to use the Services (including the Software), in accordance with the relevant Order Form(s).
Beta Services: has the meaning in Section 3.4 below.
CCPA: means the California Consumer Privacy Act of 2018.
Client IP: has the meaning set forth in Section 10.2 below.
Confidential Information: shall be understood as any piece of non-public information, as further identified in Section 12.1 below.
Control: shall mean, in respect of an entity, the ability to (a) govern its financial and operational policies; (b) appoint or dismiss the majority of the board members; or (c) directly or indirectly own the majority of its voting rights.
DPA: the Data Processing Agreement attached as Schedule 11.1.
Effective Date: the date specified in the ‘Contract Start Date’ section of the first Order Form entered into by the Parties.
GDPR: refers to Regulation (EU) no. 2016/679, of the European Parliament and of the Council, of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data.
Group: it shall be understood that there is a ‘group’ whenever a Party exercises Control over a third-party entity or person.
HIPAA: the US Health Insurance Portability and Accountability Act of 1996.
Losses: shall collectively refer to losses, settlements, damages, liabilities, judgements, obligations, fines or sanctions, costs, and expenses (including reasonable attorney’s fees).
Material(s): shall refer to any contents made available to Client as a result of the provision of the Services or, otherwise, through the Site, regardless of whether they are intended to be used with or somehow related to the Services. Without limitation, ‘Materials’ shall cover the Site, as well as the platform design and interface, any documents, manuals or information delivered to or otherwise made available to Client from time to time.
MEA: shall refer to this Master Enterprise Agreement together with any of its Schedules, but excluding any Order Form(s) executed by the Parties.
Order Form(s): means any licensing and service order sent by Client and accepted by TYPEFORM.
SCCs: refers to the Standard Contractual Clauses attached to this MEA as Schedule 11.1.
Services: the services provided by TYPEFORM or by third parties appointed by TYPEFORM, as further detailed in Section 3 of this MEA and in the applicable Order Form(s). Services may include SSO , as ordered in the corresponding Order Form.
Site: platform accessible through the Internet where the Services are made available to Client, as updated from time to time and as further identified in the applicable Order Form(s).
Software: shall be understood as the software as a service (SaaS) identified in the Order Form(s) and accessible through the Site. The Software is a next-generation cloud-based application for data collection and analysis, and the tool upon which TYPEFORM provides its Services.
SSO: refers to an authentication method allowing Authorized User(s) to authenticate (log in) to multiple products, including the Software, with one set of login credentials (i.e. Single Sign-On).
Term: shall mean the period of time during which TYPEFORM shall render the Services, as determined in the corresponding Order Form(s). For clarification purposes, this MEA shall be for an undefined period of time in accordance with Section 9.1 below, whereas each Order Form shall be for the Term specified therein as further provided in Section 9.2 below.
TYPEFORM IP: has the meaning set forth in Section 10.1 below.
2. Scope of this MEA
2.1. Object. The subject matter of this MEA, the terms of which are to be incorporated by reference into any Order Form(s) executed by the Parties from time to time, is to set forth the framework under which TYPEFORM will provide its Services to the Client and, to that effect, authorize the Client the use of the Software, the Materials, and other proprietary rights as detailed in the Order Form(s).
2.2. Order Form(s). During the term of this MEA, Client may submit to TYPEFORM orders for the provision of the Services. Said orders shall be reviewed by TYPEFORM and, once agreed and executed by the Parties, attached to this MEA. Each Order Form constitutes a separate and independent agreement for the provision of the Services (which covers the use of the Software, as detailed in Section 3 below), effective as of the date specified therein. Termination of one or all Order Form(s) shall not result in the termination of this MEA or any other then-current Order Forms. Likewise, termination of this MEA shall not result in the termination of any then-current Order Form(s), which shall remain in full force and effect in accordance with their respective terms and conditions.
2.3. Prevalence. In the event of any conflict between the provisions of this MEA and an Order Form(s), the terms of the Order Form(s) at issue shall take precedence, followed by this MEA, and finally by its Schedules.
3. Services
General
3.1. Services. In consideration of this Agreement, TYPEFORM will provide the Client with the possibility to use the Software and related Services (including, when applicable, SSO to collect, store and analyze data. Client shall be responsible for meeting any human and material resources (including, without limitation, complying with any hardware or software requirements) needed to use the Software and the Services correctly and safely, as these requirements are communicated to Client from time to time.
If SSO is requested by the Client, integration with the Client’s identity provider (IDP) will be required, leading this to the Client having to provide TYPEFORM with the following details to configure and enable the integration: IDP issuer URI, single sign-on IDP URL, and signature certificate. Setting up and further activation of SSO will be punctually performed by TYPEFORM as soon as the corresponding Order Form has been fully executed by the Parties, and requires the cooperation of the Client in obtaining and confirming the above-mentioned data sets. Parties acknowledge and agree that SSO is dependent on Client using an IDP supporting SAML, OAuth or OpenID, and SSO may not work on IDPs other than the ones referred above.
3.2. Ancillary Services. Subject to Client fully and timely complying with the obligations set forth in the Agreement and as part of the Services, TYPEFORM shall provide Client with technical support and assistance services in accordance with industry good practices and standards, by means of email the Help Center (https://www.typeform.com/help/ and/or https://www.videoask.com/help), the Contact Forms specially generated to serve Typeform or VideoAsk requests (https://www.typeform.com/help/contact/ and https://www.videoask.com/fn5pz0q1v, respectively), and/or by means of email dedicated to VideoAsk-related issues (support@videoask.com).
3.3. Customization. Unless otherwise agreed in writing by the Parties, the Services (including, for clarification purposes, the Site and the Software), the Beta Services and any Materials are provided on an ‘as is’ basis, and have not been created or prepared to meet any specific requirements of the Client. Client shall be responsible for ensuring that it meets any material resources (including, without limitation, complying with any hardware or software requirements). If requested by Client and if mutually agreed by the Parties in writing, TYPEFORM may provide reasonable software customization services and/or new functionalities for the Software.
3.4. Beta Services. Client may be offered to take part in early access programs to use so-called alpha or beta versions of the Software or, in general, the Services or Materials (“Beta Services”). Beta Services may not work in accordance with the documentation or Materials provided to Client, or contain errors, defects or bugs, as Client acknowledges and agrees. Beta Services are not covered under any SLAs commitments under the Agreement, and TYPEFORM does not make any sort of representation and warranty, and disclaims any liabilities. Beta Services may be discontinued at any time, for no reason and without prior notice, and nothing in this Agreement shall be construed as requiring TYPEFORM to release Beta Services as part of its regular Services.
Authorization to use the Software for the Services and Software Provisions
3.5. Authorization. Subject to the payment of the Price and to Client fully and timely complying with obligations set forth in this Agreement, TYPEFORM shall provide the Services to Client and its Authorized Users, including any access to the Software strictly necessary for the Services. The authorization in this Section shall only cover the Client organization, and is granted for Client’s business purposes only, excluding third parties or other parties directly or indirectly related to the Client. Reselling or leasing of the Software and/or the Services is strictly forbidden.
For the avoidance of doubt, the rights granted to Client under this Agreement result in the ability to use as part of the Services the Software functionalities —as periodically made available and/or upgraded by TYPEFORM— by the number of Accounts identified in the Order Form(s). Client shall create Accounts (or, as the case may be, designate those Accounts already existing that should fall within the scope of each Order Form) and specific workspaces to enable Authorized Users collaboration, and TYPEFORM shall ensure that one of the Accounts —acting as the admin Account— is granted rights to control contents created by the rest of Accounts in such workspace(s).
3.6. Affiliates. Notwithstanding anything to the contrary in the Agreement and provided that this MEA is in full force and effect, Affiliates of Client may benefit from the Services as long as TYPEFORM and said Affiliate(s) execute self-standing Order Form(s) in accordance with this MEA. Any such Order Form(s), which shall detail the Services at issue to be rendered by TYPEFORM, shall be fully subject to the terms of the MEA, which shall be construed, as the case may be, as referring to the Affiliate(s) instead of the Client.
3.7. Software modifications. Client acknowledges that TYPEFORM may update from time to time the Software, and that such updates may result in changes in its ‘look & feel’ and/or functionality. Software modifications shall not substantially impact the essential functionalities of the Software. TYPEFORM will make its best efforts to provide reasonable prior notice to Client. TYPEFORM will provide, implement, configure, install, support, and maintain at its own cost and expense any and all updates, upgrades, enhancements, improvements, releases, corrections, bug fixes, patches, and modifications to the Software. The authorization referred to in Section 3.5 above shall be automatically extended or automatically cover, as the case may be, to any modification of the Software.
3.8. Usage limits. Client shall only use the Software as a utility of the Services provided by TYPEFORM, and in full compliance with the conditions set forth in this Agreement, including those concerning the number of Authorized Users, Authorized Responses, Authorized Minutes, and API Calls, as identified in the corresponding Order Form, if any such limitations apply. In the event that Client intends to collect information covered under HIPAA, it shall notify TYPEFORM about this circumstance to assess the opportunity to offer HIPAA-compliant services and sign a Business Associate Agreement, which shall be attached to the applicable Order Form. Unless a Business Associate Agreement is signed, Client shall not submit information subject to HIPAA requirements, and TYPEFORM makes no representations and warranties, and disclaims any liability, about the Services meeting any obligations under HIPAA.
For purposes of this Section:
(i) Number of Authorized Users, Authorized Responses and/or Authorized Minutes may be increased at any time by purchasing one-off add-on packages (“Add-on(s)”), subject to the conditions set forth in the applicable Order Form or subject to a further mutual agreement of the Parties. Add-ons are valid upon activation and shall run for 30-day periods of time unless otherwise agreed by the Parties. Client shall not be entitled to ask for a prorated refund of any unused Add-ons it may have at the end of the Term or the validity period at issue;
(ii) TYPEFORM will provide the Services to the number of Authorized Users as identified in each relevant Order Form, all of which may use the Software provided that the number actually and concurrently using the Services at a given time does not exceed the number of Authorized Users;
(iii) Unless otherwise defined in the applicable Order Form, Authorized Responses and/or Authorized Minute(s) are set forth per contractual year; and
(iv) In the event that the Authorized Responses or Authorized Minute limits are reached, TYPEFORM shall not be required to collect, store and/or process any response in excess of said limits.
3.9. Obligations regarding the creation and use of Accounts. Accounts created by Authorized Users on behalf of Client shall be subject to the following obligations:
(i) Passwords to use the Accounts shall neither be shared with any third-party nor within Client’s organization (e. g. by sharing passwords inside Client’s own entity, or with other companies part of its Group). Passwords shall not be written down for recovery purposes or any other purposes whatsoever. For clarification purposes, the Software is licensed in accordance with the terms and conditions in each applicable Order Form when it comes to number of licensed users (Authorized Users), and it cannot be used simultaneously by two different users. If Client suspects that the Account or the passwords have been compromised, it shall promptly notify TYPEFORM by filling the Contact Forms (https://www.typeform.com/help/contact/ and https://www.videoask.com/fn5pz0q1v, respectively;
(ii) In order to set up the Account, Client shall submit true, current, complete, and accurate information, as requested. Client shall update from time to time the information submitted, as appropriate. Client shall ensure that it can deliver Authorized Users’ data to TYPEFORM;
(iii) The Account shall be used in accordance with the law and public order. In particular, Client shall not access, use or interact with the Software, the Site and/or the Services by/to: (a) Using interfaces other than the ones provided by TYPEFORM; (b) Host files only, or otherwise as a file hosting system; (c) Use responses and media within the responses to create web pages or online resources using the direct links to the media; (d) Carry out any sort of action that might lead to a disruption in the Site, Software and/or Services operations and stability; (e) Avoiding, bypassing, removing, deactivating, impairing, descrambling or otherwise tampering the security measures, usage rules or other protection measures implemented by TYPEFORM, as well as the restricted features or functionalities available for given Software categories other than the one licensed to Client are holding, or to attempt to do any of those actions; (f) Using any metatags or other hidden text or metadata, as well as forge headers or otherwise manipulate identifiers to disguise the origin of any content transmitted through the Software; (g) Using, displaying, mirroring, or framing the Software, any individual element of those, the layout and design of any of their portion, or the intellectual property rights and other proprietary rights of TYPEFORM; (h) Reverse engineering, decompiling or disassembling the Software; (i) Interfering with, or attempting to interfere with, the access of any user, host or network, including, without limitation, sending a virus or other harmful software, overloading, flooding, spamming, or mail-bombing the Software; (j) The Services are not prepared for collecting credit card or other payment information unless the specific question blocks are used. Therefore, Client is required to collect these kinds of information by using the corresponding question blocks in the Software; (k) Carrying out activities such as vulnerability scanning, load testing, penetration tests or bypassing our security measures in any intended way, as well to ¡ monitor the availability, performance or functionality of the Services or the Software, or for benchmarking purposes. In the event that Client is interested in performing a penetration test, it shall (I) let TYPEFORM know in advance about its intention to carry out a penetration test, no less than fifteen (15) days in advance in respect of the date in which Client intends to carry out said penetration test; and (II) sign a release form, as proposed by TYPEFORM, releasing TYPEFORM of any liabilities and damages the penetration test may cause to it (or to any of its clients’) infrastructure, data and/ or business. For clarification purposes, and given that TYPEFORM is periodically carrying out penetration tests, Client shall only be authorized to conduct one (1) penetration test per contractual year; (l) Collect credit card information (unless using the specific features provided as part of the Software), passwords or similar login credentials; and/or (m) Sending any unsolicited or unauthorized electronic commercial communications, chain letters, or other form of non-authorized solicitation (spam), or being engaged in scamming, phishing or other similar activities. Without limiting any other rights, TYPEFORM shall be entitled to early terminate for cause and without any liability and/or reimbursement obligations to Client in the event that Client is involved in any sort of activity referred to in this paragraph m).
(iv) For clarification purposes, a breach of the terms of the Agreement by an Authorized User (including the obligations in this Section 3.9 by Client and/or the Authorized User) shall be deemed as a breach by Client; and
(v) Software may include contents other than Materials. Said materials are solely for Client’s use in connection with the Services, and their legality, accuracy, and completeness are the sole responsibility of the party that have uploaded them to or provided as part of the Software. Reuse of the materials may be subject to specific terms and conditions or license terms, and Client is responsible to obtain any required licenses or authorizations, and to comply with any licenses or terms and conditions applicable to them.
4. General provisions
4.1. Provision of the Services. Client’s cooperation. Services shall be provided by TYPEFORM in a professional and workmanlike manner, consistent with the MEA and the applicable Order Form(s).
Client shall provide complete, true and accurate information necessary for the Services, and it shall provide its reasonable cooperation in order to allow TYPEFORM to render the contracted Services.
4.2. Services activity. Client acknowledges that, in order to ensure compliance with legal obligations, prevent phishing or fraud or when unlawful content is reported to TYPEFORM, TYPEFORM may be required to review Client’s activity, and contents and responses used in connection with the Services. For the avoidance of doubt, Parties agree that TYPEFORM has no obligation to monitor or review any content submitted by Client.
TYPEFORM shall have the right to modify, prevent access to, delete, or refuse to host, display or make available those contents that are believed to violate the law or this Agreement, either by the way in which said contents are used as analyzed on their own or by the way they interoperate with other contents, entities or people. Except for those cases in which the contents at issue could automatically trigger TYPEFORM’s liability under applicable law or when it is necessary to act diligently to prevent harm to others, TYPEFORM will notify Client in advance about its intention to act against said contents and give Client reasonable time to respond and take any necessary actions. Failure to do so, will entitle TYPEFORM to remove the contents without being held liable to Client for any Losses.
4.3. Suspension of Services. Subject to Section 9.3.b) below, TYPEFORM may, without limiting other rights and remedies it may be entitled to, suspend the provision of the Services (including access to the Software) requested by Client in the event Client substantially breaches the obligations under this Agreement. In particular and without limitation, TYPEFORM may opt to exercise the rights under this Section should Client fails to meet its payment obligations in accordance with Section 5 below, until any due amounts and interests are paid in full by Client.
4.4. Materials. TYPEFORM may regularly provide Client with Materials which may include, without limitation, documentation, either in hard copy or electronically, concerning the Services. That documentation shall only be used by Authorized Users consistently with the rights and obligations arising from the Agreement, and Client shall cease in their use and return or destroy any copies it may have to TYPEFORM upon termination of the relevant Term. Materials are proprietary and confidential information by TYPEFORM and/or third parties and any use in breach of this Agreement or for the benefit of any person other than Authorized Users constitutes a breach of confidentiality obligations under this MEA and intellectual property rights.
4.5. Training & Software operation. Except as provided otherwise in the corresponding Order Form(s), the provision of the Services by TYPEFORM will not include any training activities.
4.6. Third parties’ Services and Software. Links to external webpages and resources. The Services may interoperate with other services, platforms or software applications provided by third parties not related to TYPEFORM. Client acknowledges and agrees that TYPEFORM shall not have any obligation to defend, indemnify or otherwise hold harmless Client (or Client’s Associated Undertakings) for third parties’ actions, or lack of action, in the event that Client decides to use those third parties’ services, platforms or software applications, and that TYPEFORM is in no event obliged to grant, ensure or maintain access, interoperability and functionality of the said third parties’ services, platforms or software applications. For clarification purposes, should the Service interoperate with any third parties’ software applications, platforms or services, Client acknowledges that such third party might gain access to, without limitation, information regarded as ‘personal data’ under applicable law or otherwise confidential, and TYPEFORM shall in no event be found liable for the processing of personal data made by said third parties.
The Services, Site or Software may include links or references to other webpages or resources owned by third parties. TYPEFORM does not endorse them or, otherwise, approve them. TYPEFORM does not make any representations nor offers any warranties about said webpages or resources, and it shall not be held liable to Client or any Client’s Associated Undertakings.
4.7. Source code & object code. To the maximum extent permitted by law and except when expressly authorized in writing by an empowered representative of TYPEFORM, Client, while being beneficiary of the Services or thereafter, shall not have any rights to access nor to use the Software, Site or Services for purposes not expressly authorized under the corresponding Order Form.
Client shall not, in whole or in part, directly or indirectly by means of third parties or contractors, access to the Software’s source and/or object codes, or dissemble, decompile, reproduce, or copy, transform, adapt, modify, improve, create successive versions, develop updates, or adapt the Software, as well as correct any of its errors. Additionally, and subject to applicable law, Client shall not disclose or gain access to the Software’s source code, instructions or sequences, or algorithms, even when any such actions are found to be necessary or convenient to ensure use of the Software by Client. Client warrants and represents that it will not, either directly or indirectly, attempt to access to the source and/or object codes, or remove or circumvent any security measures put in place for the protection of said codes.
4.8. Malware and viruses. TYPEFORM shall use reasonable endeavors to implement industry good practices and standards aimed at preventing any known malware, viruses and other software programs potentially damaging computer systems or aimed at gaining access to Client’s systems. Client (and its Authorized Users) shall also use reasonable endeavors to implement industry good practices and standards to prevent any damages related to said malicious software programs.
4.9. Audit rights. Client acknowledges and agrees that TYPEFORM —or any third party appointed by TYPEFORM— may inspect and monitor the use of the Services —including the Software— by Client to verify compliance with this Agreement. Client shall provide TYPEFORM with its reasonable assistance and cooperation it may need to conduct the verifications mentioned in this Section.
5. Remuneration
5.1. Price. Client will pay to TYPEFORM without reduction or set off the fees specified in each Order Form, as well as any fees for any Add-on(s) purchased by Client from time to time (the “Price”). The Price will be paid in full upon the execution of each Order Form, or upon the start date of each billing cycle as set forth in each Order Form, or upon the placement of an Add-on request. Client shall not be entitled to any full or partial refund.
5.2. Expenditures. Except otherwise agreed in the applicable Order Form(s), Client shall reimburse all reasonable travel, accommodation and out-of-pocket expenses incurred by TYPEFORM arising out of the provision of the Services different than the standard ones identified in Section 3 above, as those additional services are identified in the Order Form(s) or expressly requested by Client.
5.3. Price increases and updates. TYPEFORM shall be entitled to increase the Price by a 10%, as a maximum amount, once in any 12-month period and shall notify Client of any such price increases.
5.4. Taxes. Client is responsible for paying all taxes associated with its subscription to the Services. If TYPEFORM has the legal obligation to pay or collect taxes for which Client is responsible, the appropriate amount shall be invoiced to and paid by Client, unless Client provides us with a valid tax exemption certificate authorized by the appropriate tax authority.
5.5. Overdue payments. Client shall pay TYPEFORM interests at a rate equal to the interest rate applied by the European Central Bank to its most recent main refinancing operation before the natural semester in which Client is in default increased by 8 percentage points. Additionally, Client shall pay TYPEFORM a €40 (forty euro) penalty for late payment management costs, plus any other costs actually faced by TYPEFORM in excess of such figure.
The lack of payment within the terms agreed in this MEA or, where applicable, the relevant Order Form shall result in the cancellation of any discounts granted to the Client in all the then-current Order Forms, which shall be invoiced and immediately due and payable by Client.
6. Representations and Warranties
6.1. Mutual representations and warranties. Each Party warrants and represents that: (i) it has full power and authority to enter into this Agreement, and that all shareholder and board approvals, consents and permissions necessary for entering into the Agreement, if any, have been obtained; (ii) the execution of this Agreement and the performance of its terms and conditions do not and will not violate any laws, rules, regulations, directives and governmental requirements of its jurisdiction; and (iii) it shall comply with all laws, rules, regulations, directives and governmental requirements which apply to its performance of its obligations under this Agreement.
6.2. Representations and warranties of the Client. In addition to any other representations and warranties set forth in other sections of the MEA, Client warrants and represents that (i) it will use the Services in accordance with the provisions of this Agreement, in particular and without limitation, observing at all times the limitations in Section 3.5 to 3.9 above as well as any reasonable instructions delivered by TYPEFORM —or by an authorized representative of TYPEFORM— from time to time; (ii) any contents or data used in connection with the Services will be uploaded, processed or otherwise used and acquired having obtained any necessary approvals, authorizations or licenses, and complying with any applicable laws, rules, regulations, directives and governmental requirements in the field of privacy, intellectual property and/or image rights; and (iii) with respect to Section 6.2.(ii), it shall provide its reasonable cooperation in the event that TYPEFORM requires any evidence to prove before competent authorities and/or courts about the satisfaction of the requirements or consents referred therein.
6.3. Representations and warranties of TYPEFORM. In addition to any other representations and warranties set forth in other sections of the MEA, TYPEFORM warrants and represents that: (i) the Services will be provided in a professional and workmanlike manner; and (ii) TYPEFORM owns all right, title and interest in, or otherwise has full right and authority to permit the use of, the Software, Site and Services; and that the Software, Site and Services do not and will not infringe upon or violate any United States of America or European Union third party right, including without limitation any patent, copyright, trademark, trade secret, or other proprietary or intellectual property rights. The representations and warranties included in Sections 6.1 and 6.3 shall not be understood to be made in respect of any Beta Services released and/or offered by TYPEFORM from time to time.
6.4. EXCLUSION OF REPRESENTATIONS AND WARRANTIES BY TYPEFORM. TO THE FULLEST EXTENT PERMITTED BY APPLICABLE LAW AND EXCEPT FOR THE REPRESENTATIONS AND WARRANTIES PROVIDED UNDER SECTION 6.1 AND 6.3 ABOVE, THE SERVICES (INCLUDING THE SOFTWARE AND THE SITE, AND THE BETA SERVICES) AND THE MATERIALS ARE PROVIDED ON AN ‘AS IS,’ ‘WITH ALL FAULTS,’ AND ‘AS AVAILABLE’ BASIS. TYPEFORM AND ITS ASSOCIATED UNDERTAKINGS DISCLAIM ALL WARRANTIES OR CONDITIONS, EXPRESS OR IMPLIED, NOT EXPRESSLY PROVIDED IN THIS MEA INCLUDING, BUT NOT LIMITED TO, (A) THE IMPLIED WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, AND NON-INFRINGEMENT; (B) THAT THE SOFTWARE, SERVICES, SITE AND/OR MATERIALS WILL BE UNINTERRUPTED OR ERROR-FREE, THAT ANY OF THEIR DEFECTS WILL BE CORRECTED, OR THAT THEY —OR THE SERVERS THAT MAKE THEM AVAILABLE—WILL BE FREE OF VIRUSES OR OTHER HARMFUL COMPONENTS; OR (C) THAT ANY DESCRIPTIONS OF THE SOFTWARE, SERVICES, SITE AND/OR MATERIALS ARE ACCURATE, RELIABLE, CURRENT OR COMPLETE.
7. Indemnities
7.1. Mutual indemnification. Subject to Sections 7.2 and 7.3 below, each Party shall defend, indemnify and hold harmless the other Party and its Associated Undertakings from and against any and all losses, settlements, damages, liabilities, judgements, obligations, fines or sanctions, costs, and expenses (including reasonable attorney’s fees) (collectively “Losses”), arising out of any claim, proceeding, demand, suit or action (collectively “Actions”) brought by a third party related to: (i) a breach of the representations and warranties or obligations under this Agreement by the indemnifying Party; or (ii) the gross negligence or willful misconduct by the indemnifying Party.
Indemnifying Party shall have no obligation to indemnify as set forth in this Section 7 in connection with any Losses for which indemnified Party has an obligation to indemnify the indemnifying Party pursuant to this Section 7, as to which Losses each Party shall indemnify the other Party to the extent of its respective liability for such Losses.
7.2. TYPEFORM indemnification
Breach of Intellectual Property or Other Proprietary Rights
TYPEFORM will defend Client against all Losses arising out of a breach of Section 6.3.(ii) above. These indemnification obligations shall not apply in the event that: (i) the Software is modified by Client or its Authorized Users, if such Action and/or Losses would not have occurred but for such modification, (ii) Client fails to substantially follow any reasonable instructions delivered by TYPEFORM or its designee for purposes of updating or modifying the Software to avoid any such infringement, if such Action and/or Losses would not have occurred but for such combination; (iii) the Software is used in combination with another software, equipment, data or device not expressly requested, recommended or approved by TYPEFORM, if such Action and/or Losses would not have occurred but for such combination; and/or (iv) the Action and/or Losses relates to Beta Services.
If the Software becomes, or is likely to become, the subject of an Action, then TYPEFORM, at its sole option and expense, shall be entitled to (a) procure for the Client the right to continue using the Software, provided that, if any such option is chosen, TYPEFORM shall ensure that Client can use the Software with identical or similar functionalities, so that the Service is not substantially downgraded; or (b) replace or modify the allegedly infringing portion of the Software to avoid infringement without reducing the Software’s overall functionality. In the event that options (a) and (b) above are not commercially reasonable, TYPEFORM shall be entitled to terminate the affected Order Form(s) and the MEA and refund to Client any and all pre-paid, unused Price for the terminated portion of the Term. Client acknowledges and agrees that the implementation by TYPEFORM of any of the actions set forth in this Section shall not result in Client being entitled to claim for any damages or liabilities under the Agreement, except to the extent that Client has effectively been subject to an Action (and has experienced any Losses) because of TYPEFORM’s breach of Section 6.3.(ii) above, as to which TYPEFORM’s liability shall be subject to the provisions in the paragraph above.
7.3. Indemnification procedures. (i) The Party seeking to be indemnified under this Section 7 shall provide the indemnifying Party prompt written notice of the Action (provided that any failure to so notify the indemnifying Party will not relieve the indemnifying Party from any liability or obligation that it may have under this Section 7, except to the extent of any material damage to the indemnifying Party resulting from such failure); (ii) the indemnifying Party shall have primary control of the investigation, defense, negotiation and settlement of the Action; provided that the Party receiving indemnification may at its expense join in the defense of the matter with counsel of its choice; and (iii) the Party receiving indemnification shall provide the indemnifying Party all reasonable and necessary cooperation, at the indemnifying Party’s expense, in the defense of such Action. The indemnifying Party may not settle any Action without the indemnified Party’s prior written consent, such consent not to be unreasonably withheld, unless such settlement (x) involves only the payment of money damages by the indemnifying Party; and (y) includes a complete release of the Party receiving indemnification. Any other settlement will be subject to the prior written consent of the Party receiving indemnification (which consent shall not be unreasonably withheld).
8. Limitation of Liability
8.1. IN NO EVENT WILL A PARTY AND ITS ASSOCIATED UNDERTAKINGS BE LIABLE TO THE OTHER PARTY (AND/OR ITS ASSOCIATED UNDERTAKINGS) FOR ANY INDIRECT, INCIDENTAL, SPECIAL, CONSEQUENTIAL, PUNITIVE OR EXEMPLARY DAMAGES, INCLUDING, BUT NOT LIMITED TO, DAMAGES FOR LOSS OF ACTUAL OR ANTICIPATED PROFITS, LOST REVENUES, GOODWILL, DATA OR OTHER INTANGIBLE LOSSES (EVEN IF A PARTY HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES OR SUCH DAMAGES WERE FORESEEABLE). TO THE MAXIMUM EXTENT PERMITTED UNDER APPLICABLE LAW, THIS LIMITATION WILL APPLY TO ALL CLAIMS UNDER ALL THEORIES OF LAW AND EQUITY.
8.2. TO THE MAXIMUM EXTENT PERMITTED UNDER APPLICABLE LAW, IN NO EVENT WILL TYPEFORM’S (OR TYPEFORM’S ASSOCIATED UNDERTAKINGS’) AGGREGATE OR CUMULATIVE LIABILITY TO THE CLIENT FOR DIRECT DAMAGES OR UNDER THIS AGREEMENT (INCLUDING UNDER SECTION 7 ABOVE OR ANY OTHER CONTRACTUAL OBLIGATIONS), TORT (INCLUDING NEGLIGENCE AND STATUTORY DUTY) OR OTHERWISE EXCEED (I) WITH RESPECT TO EITHER PARTY’S BREACH OF CONFIDENTIALITY OR PRIVACY OBLIGATIONS, AND/OR THE INDEMNIFICATION OBLIGATIONS UNDER SECTION 7 ABOVE, TWO (2) TIMES THE PRICE PAID OR PAYABLE BY CLIENT TO TYPEFORM UNDER THE APPLICABLE ORDER FORM(S) TO WHICH THE DAMAGE RELATES DURING THE TWELVE (12) MONTH PERIOD PRECEDING THE EVENTS FIRST GIVING RISE TO ANY SUCH LIABILITY; OR (II) IN RESPECT OF ALL OTHER MATTERS, THE PRICE PAID OR PAYABLE BY CLIENT TO TYPEFORM UNDER THE APPLICABLE ORDER FORM(S) TO WHICH THE DAMAGE RELATES DURING THE TWELVE (12) MONTH PERIOD PRECEDING THE EVENTS FIRST GIVING RISE TO ANY SUCH LIABILITY.
8.3. Limitation and/or exclusion of liability and warranties may be limited in certain jurisdictions. To the extent that the limitations and exclusions in Sections 6, 7 and 8 cannot be enforced or are considered void or illegal, either in whole or in part, said Sections shall be construed and enforced in the sense of limiting the scope, duration and/or extent of the liability and/or warranty provision at issue. Nothing in this Agreement shall be understood to limit or exclude Client’s liability for Price owed in excess of any liability caps hereunder.
9. Term and Termination
9.1. Term. This MEA comes into effect on the Effective Date and shall be in force unless terminated by any Party by providing thirty (30) calendars day prior notice.
For the avoidance of doubt and despite a termination of this MEA in accordance with this Section 9, Parties acknowledge and agree that the terms and conditions of this MEA shall subsist and remain fully in force for as long as there is an Order Form in force between the Parties, as the provisions of this MEA are incorporated by reference to any Order Form(s) in accordance with Section 2.1 above.
9.2. Order Form(s) Term. Unless otherwise specified in the relevant Order Form, Order Forms shall come into effect in the date specified therein, and shall automatically renew at the end of each Term for consecutive terms equal to the duration of the Term unless early terminated in writing by either of the Parties by giving thirty (30) calendar days prior notice. In particular, auto-renewal shall not apply to any Consulting Services, set-up fees for SSO Services, or any Add-Ons placed by the Client.
9.3. Termination. A Party may also terminate the MEA and/or an Order Form: (a) When it is expressly authorized to do so under this MEA; (b) In the event that a Party breaches the Agreement, provided that the Party requesting the termination is not in breach of any of its obligations and gives written prior notice to the breaching Party of at least fifteen (15) calendar days, it being understood, however, that non-substantial and remediable breaches shall give the right to the Party in default to remedy any such breach within fifteen (15) days from the date on which the other Party notifies its will to terminate the Agreement. Should the breach not been remedied during that period of time, the Agreement shall be deemed automatically terminated, and the Party in bonis shall not be required to send further termination notice. For clarification purposes, it is expressly mentioned that this provision entitles to either Party to terminate, at the same time and under the conditions set forth herein, any MEA and any Order Form(s) then-current; (c) To the maximum extent permitted by law, in case Client becomes insolvent or bankrupt, or similar insolvency proceedings are instituted against the assets of Client; and (d) In the event that Client suffers any verified change of Control without TYPEFORM’s prior written consent, as long as the third-party Controlling Client is a competitor of TYPEFORM; or (e) In the event of a force majeure event (as this term is defined in Section 13.3 below) lasts longer than sixty (60) consecutive days, the Party not experiencing the force majeure event may terminate this Agreement upon written notice to the other Party.
9.4. Consequences of termination. Upon termination of the MEA and/or an Order Form(s) in place, all rights and obligations will cease to have effect and will terminate. In particular but without limitation, Client will not receive any further Services from TYPEFORM and, accordingly, shall immediately cease in the use of the Software and destroy any Materials it may have access to. For the avoidance of doubt and unless the Client expressly requests to cancel its Accounts (action that will trigger the deletion of all data collected through the Software), termination of the relevant Order Form shall result in (i) the accounts covered under such Order Form being downgraded to ‘freemium’ Accounts and being fully subject to the terms and conditions published from time to time in the Site; (ii) Client being entitled to continue receiving the services which are available to all clients for free, and using the Software in the ‘freemium’ functionalities, as made available to any free user of the Software, and as provided by TYPEFORM from time to time.
Termination shall not affect those provisions that, given their scope or nature, should survive the termination of the MEA or an Order Form, as well as any Parties’ obligation arising during the Term and not timely and totally performed by the Parties, such as Client’s payment obligations.
TYPEFORM shall be entitled to request from Client the issuance of a certificate executed by an empowered representative of Client stating that Client has ceased in the use of the Software and that any and all copies of the Materials have been destroyed.
10. Intellectual Property
10.1 Intellectual property of TYPEFORM. All intellectual property rights made available through the Site (including, without limitation, the Software and the Materials, as well as any other logos, trademarks, trade names, copyrights, copyrightable materials, trade dresses, patents, industrial designs, design patents, and any goodwill associated thereof) provided to or made available to Client are owned by TYPEFORM or, as the case may be, by third parties that have licensed them to TYPEFORM (“TYPEFORM IP”). Nothing in this Agreement shall be understood to transfer any ownership rights over TYPEFORM IP, nor any rights to use the TYPEFORM IP other than those expressly granted herein or necessary to perform the rights and obligations set forth in the Agreement. Except as provided under this Agreement, Client shall not use any TYPEFORM IP without TYPEFORM’s prior written permission. All rights in TYPEFORM IP not specifically granted hereunder are reserved.
10.2 Intellectual property of Client. Except as expressly set forth herein, all right, title and interest in and to any Client logo, trademark, trade name, copyright, data (including personal data), copyrightable material, trade dress, patent, industrial design right, design patent or other intellectual property or proprietary rights, and all goodwill associated with the foregoing (collectively, the “Client IP”), are each the exclusive property of Client and/or the third parties that have licensed Client any such rights. Any and all materials uploaded by Client to the Services shall be considered Client IP and remain the sole and exclusive property of Client, and TYPEFORM does not claim any ownership over Client IP.
TYPEFORM shall not use any Client IP without Client’s prior written permission, it being understood, however, that (i) TYPEFORM shall be entitled to use Client IP to perform the obligations under this Agreement only; (ii) Client grants TYPEFORM a non-exclusive, worldwide, limited license to any de-identified data part of the Client IP to study and improve the Services and publish any findings; and (iii) personal data collected when third parties browsing the Site or the Software may be collected by TYPEFORM for its own business purposes as long as TYPEFORM complies with the applicable laws and regulations.
Client understands and agrees that certain Client IP combined with the Software and/or the Services (e.g. the look and feel chosen by the Client and the questions being submitted by the Client) will be publicly available, and other people may be able to access them.
10.3 Collaboration duties. Parties shall notify each other immediately of any actual or suspected breach of any intellectual property rights held by the other Party, and shall provide said Party all information it may have on the breach as well as all reasonable cooperation that it may be request for purposes of taking actions or measures to protect their rights.
11. Data Protection
11.1. Data processing. The processing of personal data through the Software or as a result of the provision of the Services shall be subject to the provisions included in the Data Processing Agreement (“DPA”) attached as Schedule 11.1, which lists the obligations to which TYPEFORM is subject to in accordance with the GDPR.
For clarification purposes, Client is informed that the structure, questions and design of any forms, questionnaires, quizzes or alike part of the Services is made public and anyone having a link to the form will be able to retrieve this information. For clarification purposes, this section refers to the questions and structure of the form, but not the responses submitted to a specific form, questionnaire or quiz.
11.2. Data of the Parties’ representatives. Information concerning Client’s representatives included in the Agreement will be processed by TYPEFORM for performing the rights and obligations laid down herein being, thus, the legal basis of the processing the performance of the Agreement, complying with legal duties and obligations, and the legitimate interests of TYPEFORM in performing this agreement and preventing fraud (being in this latter case the impact for data subjects very reduced, given the data being processed). Those processing are strictly necessary to achieve the objects of the present contractual relationship. Personal data will only be processed as long as necessary to perform the obligations of this Agreement, and only those third parties providing IT support and legal services to TYPEFORM will gain access to it. Data may be transferred to processors located in the United States of America, in which case TYPEFORM shall only hand said data to processors that have undertaken to comply with the GDPR. Data subjects may request from TYPEFORM access to and rectification or erasure of their personal data, or restriction of processing concerning said data or to object to processing as well as the right to data portability. Likewise, they may lodge a complaint with the Spanish Data Protection Agency (www.agpd.es). TYPEFORM’s Data Protection Officer may be contacted at: https://www.typeform.com/help/submit-ticket/ or by means of gdpr@typeform.com.
12. Confidentiality
12.1 Scope. “Confidential Information” means any non-public information that relates to the actual or anticipated business or research and development of a Party; technical data, trade secrets or know-how, including, but not limited to, research, product plans or other information regarding products or services and markets therefor; customer lists and customers; software, developments, inventions, processes, formulas, technology, designs, drawing, engineering, or hardware configuration information; the Materials; and/or marketing, finances or other business information. Confidential Information does not include information that (i) is known to the receiving Party at the time of disclosure to it by disclosing Party as evidenced by written or electronic records of receiving Party; (ii) has become publicly known and made generally available through no wrongful act of receiving Party or a third party; (iii) receiving Party rightfully obtains from a third-party who has the right to transfer or disclose it, without default or breach of this Agreement; (iv) has been independently developed by receiving Party without reliance on disclosing Party’s Confidential Information; or (v) information regarded 'personal' under privacy laws, which shall be fully subject to the SCCs attached thereto. Confidential Information may also include third parties’ information under Control of disclosing Party and disclosed under the contractual relationship set forth herein.
12.2 Limitations. Receiving Party shall (i) keep secret and maintain the Confidential Information as confidential and hold the Confidential Information in trust for the exclusive benefit of disclosing Party; (ii) not use the Confidential Information for any purpose whatsoever other than as permitted under the Agreement; (iii) not disclose or permit disclosure of any Confidential Information of disclosing Party to any person or entity not a party to this Agreement, other than officers, employees or contractors of receiving Party who (x) are required to have the information in order to carry out the Services, (y) are apprised of the confidential nature of the Confidential Information; and (z) execute a confidentiality agreement restricting disclosure of the Confidential Information in a manner consistent with the provisions of this Agreement or otherwise be subject to preexisting written obligations of confidentiality no less protective than the provisions of this Agreement, provided that receiving Party shall be responsible for breaches of this Agreement by its officers, employees and contractors; and (iv) exercise all reasonable measures to protect the secrecy of and avoid disclosure or use of Confidential Information of disclosing Party in order to prevent it from falling into the public domain or the possession of persons other than those persons authorized under this Agreement to have any such information. Such measures shall include, without limitation, the degree of care that receiving Party utilizes to protect its own Confidential Information of a similar nature, but not less than a reasonable degree of care. Receiving Party shall promptly notify disclosing Party of any misuse, misappropriation, or unauthorized disclosure of Confidential Information of disclosing Party which may come to receiving Party’s attention.
12.3. Notice of compelled disclosure. If receiving Party is required by legal process or under any applicable law, rule or regulation, to disclose any of disclosing Party’s Confidential Information, then prior to such disclosure, receiving Party will give prompt written notice to disclosing Party so that it may seek a protective order or other appropriate relief. In the event that the disclosing Party is unable to obtain a protective order or other appropriate remedy, or if it so directs the receiving Party, the receiving Party shall furnish only that portion of the Confidential Information that the receiving Party is advised by written opinion of its counsel is legally required to be furnished by it and shall exercise its reasonable best efforts to obtain reliable assurance that confidential treatment shall be accorded to such Confidential Information.
12.4. Termination. Upon the termination of this Agreement and at disclosing Party’s written request, the Receiving Party shall promptly return to the disclosing Party all copies, whether in written, electronic or other form of media, of the disclosing Party’s Confidential Information, or destroy all such copies and certify in writing to the disclosing Party that such Confidential Information has been destroyed and that receiving Party does not retain any Confidential Information. Notwithstanding the foregoing, the receiving Party shall not need to destroy electronic archives and backups made in the ordinary course of business where it would be commercially impracticable to do so; provided that any such Confidential Information retained shall remain subject to the obligations of confidentiality set forth herein.
12.5. General. Receiving Party agrees that all Confidential Information will remain the sole property of disclosing Party, and it further agrees to take all reasonable precautions to prevent any unauthorized disclosure of such Confidential Information. Without disclosing Party’s prior written approval, receiving Party will not directly or indirectly disclose to anyone any commercial information relating to this Agreement, such as without limitation, prices, fees and services.
13. General provisions
13.1. Entire Agreement. This MEA, its schedules and each Order Form constitute the entire agreement between the Parties concerning the subject-matter and they supersede all prior proposals, agreements, understandings, or other communications between the Parties, oral or written, regarding such subject matters.
13.2. No waiver. Any waiver to the rights set forth by this Agreement will need to be made in writing in order to be valid. Waivers shall always be interpreted in a restrictive manner and, thus, shall not affect any other rights under the present contractual relationship even where said rights are found to be similar or related to the waived right/s. Lack of action or enforcement of the rights granted under the Agreement shall not be construed as a waiver, unless confirmed thereafter in accordance with the prior paragraph.
13.3. Force Majeure. Neither Party shall be held responsible for failure or delay o perform all or any part of this Agreement due to flood, fire, earthquake, draught, war, or any other events, which could not be predicted, controlled, avoided, or overcome by the relative Party. However, the Party affected by the force majeure event shall inform the other Party of its occurrence in writing as soon as possible and confirm their inability to perform their obligations set out in the Agreement, and it shall further use reasonable efforts which are consistent with accepted practices in the industry to resume performance as soon as practicable under the circumstances. Notwithstanding Sections 9.1, 9.2 and 9.3 above, the duration of this Agreement shall be automatically renewed for a period of time equivalent to the one during which the Parties were unable to perform their obligations due to occurrence of the force majeure event.
13.4. Assignment of the Agreement. Neither Party may assign or transfer, by operation of law or otherwise, this Agreement, or any of its rights under this Agreement or delegate any of its duties contained therein to any third party without the other Party’s prior written consent; except pursuant to a transfer of all or substantially all of such Party’s business and assets to which this Agreement relates, whether by merger, sale of assets, sale of stock, or otherwise, which shall not require the other Party’s consent. Any attempted assignment or transfer in violation of the foregoing shall be void. This Agreement shall inure to the benefit of and be binding upon any permitted successors or assigns.
13.5. No third-party beneficiary. Nothing in the MEA or any Order Form(s), express or implied, shall not be construed as conferring upon any person other than the Parties and their permitted successors or assigns any legal or equitable right, benefit or remedy of any nature under or by reason of this Agreement, notwithstanding Affiliate’s right to execute an Order Form with TYPEFORM under the terms and conditions in Section 3.6 above.
13.6. Independent contractors. The Agreement sets forth a commercial relationship between the Parties and, thus, it is the express intention of the Parties to perform the rights and obligations set forth herein as independent business entities, with separate legal personality and without confusion or association with their business or assets.
13.7. Integration of Sections. The illegality, invalidity or nullity of any of the sections of this Agreement will not affect the validity of its other provisions, provided, always, the Parties’ rights and obligations are not affected in an essential manner. ‘Essential’ shall be construed as any situation that harms the interests of any of the Parties, or that affects the object of the MEA as detailed in Section 2 above. Such sections are to be replaced or integrated into others that, in accordance with law, correspond to the objective of the substituted sections.
13.8. Export controls. Client warrants and represents that neither Client nor its Authorized User(s) (i) are subject to any embargo by the United States of America, the United Kingdom and/or the European Union; and (ii) when using the Services, they will comply with any export control and embargo regulations imposed by the United States of America, the United Kingdom and/or the European Union, including the ones preventing access to the Services by certain individuals or entities.
13.9. Notices and communications. All notices and communications made by the Parties must be in writing in English to the addresses specified below, and shall be served by (i) personal delivery with written confirmation of receipt; (ii) certified mail with acknowledgement of receipt; or (iii) any other mean providing evidence of receipt by the addressee, including e-mail.
To TYPEFORM
Addressed to: Sales Dept.
Address: Pallars 108, Aticco - Typeform
08018 – Barcelona (Spain)
E-mail: sales@typeform.com AND legal@typeform.com
To Client
Address: As specified in the heading
E-mail: Account acting as admin.
Any changes to the addresses and contact persons shall be immediately notified to the other Party. Any notification sent to the addresses mentioned above, as amended from time to time, shall be deemed valid.
14. Miscellanea
14.1. Reporting. If Client provides TYPEFORM with feedback about the Services (including the use of the Software), TYPEFORM may use that feedback and improve the Services, the Site or the Software without any obligation to compensate Client.
14.2. Use of Logo. TYPEFORM may use Client’s trade name and trademarks on its website and any other promotional materials produced by TYPEFORM from time to time. To this extent, Client grants TYPEFORM a non-exclusive, non-sublicensable, royalty-free, worldwide license to use said intellectual property, it being understood, however, that TYPEFORM shall use said intellectual property in accordance with the industry standards and shall follow any reasonable instructions Client may give it from time to time.
14.3. Non-solicitation. During the term of this MEA and six (6) months thereafter, Client shall refrain to directly or indirectly make any offer of employment, or establish any other contractual relationship with TYPEFORM’s employees for purposes of conducting any activity directly or indirectly related to the Service. In the event of breach of this provision, Client shall pay TYPEFORM as a penalty an amount equal to three times the gross yearly salary of each employee approached by Client, regardless of whether Client has end up hiring or otherwise contracting said employee or not. For the avoidance of doubt, Parties acknowledge that the six-month term set forth in this Section shall start upon termination of any then current Order Form(s), should said Order Form(s) terminate after the termination date of this MEA. This provision shall not, however, restrict either Party from making any non-targeted general public solicitation for employees not specifically directed at any employee(s), and provided further that no Party shall be restricted from employing any employee who responds to any such non-targeted general public solicitation.
14.4. Anticorruption. TYPEFORM is committed to the prevention of and fight against bribery and all sorts of corruption. As part of this goal, TYPEFORM created and enforces strict policies in line with both Spanish and European Union legal requirements and with the industry good practices, and offers mandatory training to raise awareness of these unacceptable behaviors. Should a TYPEFORM’s employee, Affiliate, agent, subcontractor or other person acting on its behalf approaches Client (or a Client’s Associated Undertakings or third parties) and offers, promises or gives anything of value, or makes a bribe, rebate, payoff, influence payment, facilitation payment, kickback, or other unlawful payment or action (regardless of whether this action is aimed at obtaining or retaining business, gain any unfair advantage, or influence any act or decision or a private or public entity or individual), Client is kindly asked to submit a complaint to the internal investigation body by emailing reports@typeform.com.
Client agrees to provide reasonable assistance and cooperation in any investigation related to potential violations of TYPEFORM’s anticorruption policies or the applicable anti-corruption laws and regulations.
14.5. Signature. This Agreement has been pre-executed by TYPEFORM to ease contract closing and management. Any non-agreed changes to its wording introduced by Client or a third-party shall be considered null and void, and shall not bind TYPEFORM, unless those have been negotiated by and between the Parties and both of them sign the new version of the Agreement.
15. Governing Law and Jurisdiction
15.1. The rights and obligations of the Parties under the contractual relationship set forth herein shall be governed and construed in accordance with Spanish law, without reference to conflict of laws principles.The Parties agree to submit all conflicts arising from or related to this contractual relationship to the courts in Barcelona (Spain), and they waive any other jurisdiction to which they may be entitled to.
************
Data Processing Agreement
This Data Processing Agreement (“DPA”) is entered into in Barcelona (Spain) between TYPEFORM SL, a Spanish corporation registered at C/ Pallars 108 (Aticco - Typeform), 08018 - Barcelona (Spain) and holder of the Tax Identification Number B-65831836 (“TYPEFORM”), and the Client (as this term is defined in the Agreement to which this DPA is appended to), and is effective as of the date of signature. For purposes of this DPA, TYPEFORM and Client shall also be jointly referred to as the “Parties” and individually as a “Party”.
Recitals
I-. Whereas the Parties have entered into a business relationship which results in TYPEFORM processing information on behalf of and under the instructions delivered from time to time by Client. For purposes of this DPA, the above-mentioned relationship shall be referred to as the “Services”. The type of data that TYPEFORM will be processing and the categories of data subject are identified, in respect of each data processing, in each Order Form signed by the Parties;
II-. Whereas, said information may include data defined under the GDPR as ‘personal’, as it may concern identified or identifiable individuals; and
III-. Whereas, it is in the interest of both Parties to set forth the terms and conditions under which TYPEFORM, acting as ‘data processor’, shall process personal data in respect of which Client is regarded as ‘data controller’, as further provided in this DPA.
Clauses
1. General
1.1. ‘Data controller’, ‘data processor’, ‘data subject’, ‘personal data’, ‘processing’ shall have the meaning set forth in the GDPR or in any other applicable European data protection law.
1.2. Any capitalized words not specifically defined in this DPA shall have the meaning ascribed to them in the Agreement.
2. Processing of data
2.1. TYPEFORM shall process any personal data it may have access to because of the provision of the Services in accordance with the documented instructions provided by Client from time to time. Should a Union or Member State law to which TYPEFORM is subject requires TYPEFORM to process personal data —including the international transfer of personal data—, TYPEFORM shall inform Client of that legal requirement before processing, unless that law prohibits such information on important grounds of public interest.
2.2. Should TYPEFORM have reasonable grounds to believe that a documented instruction given by Client infringes the GDPR or any other applicable EU data protection law or regulation, it shall put said instruction on hold and immediately notify Client. At its sole risk and without TYPEFORM being responsible or liable to Client for any losses, Client will be entitled to order TYPEFORM to perform any such instruction despite the concerns raised by TYPEFORM, as long as it reconfirms its instruction in writing.
For purposes of this DPA, it shall be understood that a ‘documented instruction’ includes, without limitation, (i) any instruction delivered by Client by means of any durable media, such as a letter or email; (ii) any instruction electronically sent by Client when using the software provided as part of the Services (i.e. by using the interface part of the software and the features made available through it); (iii) any instructions orally transmitted by Client, as long as they are subsequently confirmed in writing; or (iv) the provisions of the DPA.
2.3. For clarification purposes and given its position of data controller, Client warrants and represents that it will timely and sufficiently perform its obligations under the applicable privacy laws, such as inform data subjects (e. g. respondents to the forms, etc.) and obtain their consent (where appropriate).
3. Confidentiality duty
3.1. TYPEFORM shall ensure that all employees authorized to process personal data have committed to confidentiality or are under an appropriate statutory obligation of confidentiality.
4. Sub-processors
4.1. TYPEFORM shall be entitled to seek the assistance of its affiliates TYPEFORM US LLC, conducting business in the US and having registered address at Spaces 95, 3rd St. 2nd Floor - San Francisco, CA 94103 (United States of America); TYPEFORM UK Limited, a company incorporated in England and Wales with registered office at 9th Floor, 107 Cheapside, London, EC2V 6DN (United Kingdom); and Typeform DE GmbH, a company incorporated in Germany with registered office at EdisonStr. 63 - 12459 Berlin (Germany). These companies are providing engineering, marketing & sales and customer success support services. Additionally, TYPEFORM shall be entitled to engage Amazon Web Services Inc., a US entity with registered address at 2021 Seventh Ave., Seattle -- Washington 98121 (United States of America) for the provision of hosting services; Cloudflare Inc., a US entity with registered address at 101 Townsend St., San Francisco -- California 94107 (USA) for security & fraud prevention; Google Inc., a US entity with registered address at 1600 Amphitheatre Parkway Mountain View -- California 94043 (USA), for supporting the processing of tickets raised by respondents; and Zendesk Inc., a US company with registered address at 1019 Market Street San Francisco, -- California 94103 (USA), for the processing of customer success tickets.
4.2. In the event that TYPEFORM intends to replace one subprocessor by other or contract new subprocessors to provide Client with the Services, Client shall be entitled to reasonably oppose to such change in the non-extendable term of fifteen (15) calendar days and, if Client exercises any such right, TYPEFORM shall be entitled to early terminate the contractual relationship set forth in for the provision of the Services and in any applicable order form(s) by providing fifteen (15) days prior notice. ‘Reasonable oppose’ shall be interpreted as any challenge based on the potential or actual failure to meet the legal requirements set forth by the GDPR by the sub-processor to be appointed.
4.3. TYPEFORM shall enter into written agreements with any sub-processors engaged in the provision of the Services including the safeguards and guarantees required by the GDPR, particularly in respect of implementing the security measures required in the GDPR.
4.4. The Client shall subscribe to the emailing list available at https://help.typeform.com/hc/en-us/articles/360029617191-What-other-companies-do-we-share-data-with- in order to receive notifications for changes in the sub-processor list pursuant to Section 4.
5. Data subjects’ rights
5.1. Taking into account the nature of the processing, TYPEFORM shall assist Client by appropriate technical and organizational measures, insofar as this is possible, for the fulfilment of Client's obligation to respond to requests for exercising the data subject's rights laid down in Chapter III of the GDPR, if applicable.
5.2. For the avoidance of doubt, TYPEFORM shall convey to Client any request data subjects may address directly to TYPEFORM together with all relevant information, if any, so that Client can formally contact and answer to data subjects.
6. Security measures
6.1. TYPEFORM shall implement appropriate technical and organizational measures to ensure a level of security appropriate to the risk, as those measures are further detailed in Annex II.
6.2. Taking into account the nature of processing and the information available to TYPEFORM, TYPEFORM shall reasonably assist Client in compliance with the security obligations set forth by Article 32 of the GDPR.
7. Assistance and data breaches
7.1. In addition to the duty set forth in Section 6 above, TYPEFORM shall also provide, subject to the nature of processing and information available to TYPEFORM, assistance in complying with obligations set forth in Articles 32 to 36 of the GDPR, if applicable.
7.2. With respect to data breaches, TYPEFORM shall notify Client without undue delay upon TYPEFORM becoming aware of a personal data breach affecting personal data and, in any event, within the deadlines set forth under the GDPR. TYPEFORM shall provide Client with sufficient information to allow it to meet any obligations to report or inform competent authorities or data subjects. TYPEFORM shall reasonably cooperate with Client and take such reasonable commercial steps as are directed by Client to assist in the investigation, mitigation and remediation of each such data breach. For the avoidance of doubt, Client shall be the only Party responsible for both filing any reports required under applicable law and notifying data subjects, and Client shall defend, indemnify and hold TYPEFORM harmless of any and all costs (including attorney’s fines), fines or sanctions, or any damages that lack of action on Client side may cause.
8. Termination
8.1. In respect of each Service contracted by Client and unless the Order Form for said Service is renewed, Client shall decide whether it wants TYPEFORM to delete or return personal data, unless Union or Member State law requires storage of the personal data.
8.2. The Client is advised that deletion of the account provided as part of the Services shall always result in deletion of personal data, and its request to delete the account shall be understood as a request to delete data under this Section 8.
9. Audit rights
9.1. TYPEFORM shall make available to Client all information necessary to demonstrate compliance with the obligations laid down in this DPA and allow for and contribute to audits, including inspections, conducted by Client or another auditor mandated by Client who is not a direct or indirect competitor of TYPEFORM.
9.2. Parties agree that the obligation to provide information demonstrating compliance with this DPA may be satisfied by TYPEFORM making available to Client copies of the audit reports and/or certifications undergone by TYPEFORM, such as ISO27001 or SOC2 certificates. In the event that these documents do not reasonably address Client’s concerns, Parties agree that Client may only conduct up to one (1) audit per year, unless there are reasonable grounds to believe that TYPEFORM is not performing the obligations laid down in this DPA. Audits shall only be carried out during normal business hours, and Client shall bear all costs unless TYPEFORM is found to be in a material breach of this DPA.
10. International transfer of personal data
10.1. In the event that the Client is neither subject to the GDPR, nor located in the EEA, nor the transfer can be legally performed in accordance with the GDPR (because such transfer falls under an adequacy decision passed by the European Commission or can be otherwise performed under the GDPR on the basis of BCR, a certification mechanism or under a legally binding instrument), Client and TYPEFORM hereby enter into the SCCs, module 4, as a mechanism to ensure the adequate protection of personal data being transferred outside the EEA.
10.2. Should the Client be based in the United Kingdom, the Parties declare that the transfer of data from the United Kingdom to Spain or from Spain to the United Kingdom shall not be construed as an international transfer of personal data, considering the adequacy decisions passed on this subject. Annex III shall apply in respect of any onward transfers.
10.3. Client hereby authorizes to the transfer of data to the sub-processors listed in Section 4 above, it being understood that any such transfer shall be performed to the extent that TYPEFORM enters into a written contract with the sub-processors setting forth the obligations to be implemented by the sub-processors in respect of the transfer of data (e.g. SCCs, module 3; or, should Client be an entity subject to the UK GDPR, the SCCs amended as specified in Annex III), and Client has the right to oppose any future changes or amendments of the sub-processors by following the same steps mentioned in Section 4 above. Should Client exercise any such right, TYPEFORM shall be entitled to early terminate the contractual relationship set forth for the provision of the Services and in any applicable order form(s) by providing fifteen (15) days prior notice. For purposes of the SCCs:
Clause 7 (Docking Clause) shall not apply;
Option 2 in Clause 9 (general written authorization) is chosen. Option 2 shall be construed in the light of the provisions of this DPA;
Clause 11 (Optional Language) shall not apply; and
In Clause 13, 17 and 18, Spanish law shall be the applicable law, and the competent courts and authorities of the Kingdom of Spain shall be the ones competent to solve any disputes connected with the SCCs.
11. CCPA
11.1 In the event that Client provides TYPEFORM with Personal Information that should be processed in accordance with the CCPA, Parties agree that this DPA shall be construed in the light of said piece of legislation. In this respect, the Parties agree that Client is a ‘business’ and TYPEFORM a ‘service provider’ as those terms are defined in the CCPA. Both Parties shall comply with the provisions of the CCPA, and the SCCs. In particular, TYPEFORM will not retain, use, or disclose Personal Information for any purpose other than for the specific purpose of TYPEFORM’s performance of the Services, or as otherwise permitted by the CCPA. Personal Information means any personal information, as that term is defined in the CCPA, provided to TYPEFORM for the provision of the Services.
12. Miscellanea
12.1. Independent contractors. The DPA sets forth a commercial relationship between the Parties and, thus, it is the express intention of the Parties to perform the rights and obligations set forth herein as independent business entities, with separate legal personality and without confusion or association with their business or assets.
12.2. Applicable law and competent courts. The rights and obligations of the Parties under the contractual relationship set forth herein shall be governed and construed in accordance with Spanish law, without reference to conflict of laws principles. The Parties agree to submit all conflicts arising from or related to this contractual relationship to the courts in Barcelona (Spain), and they waive any other jurisdiction to which they may be entitled to.
**************
ANNEX I
A. LIST OF PARTIES
Data exporter(s): TYPEFORM, as identified in the relevant Order Form to which these SCCs are appended to. TYPEFORM’s Data Protection Officer can be contacted at: gdpr@typeform.com, or in the postal address mentioned at the heading of the MEA.
Data importer(s): The Client, as identified in the relevant Order Form to which these SCCs are appended to.
B. DESCRIPTION OF TRANSFER
Categories of data subjects whose personal data is transferred – as described in each applicable Order Form.
Categories of personal data transferred – as described in the Order Form.
Sensitive data transferred (if applicable) and applied restrictions or safeguards that fully take into consideration the nature of the data and the risks involved, such as for instance strict purpose limitation, access restrictions (including access only for staff having followed specialised training), keeping a record of access to the data, restrictions for onward transfers or additional security measures – as described in the Order Form, and subject to the security measures described in Annex II.
The frequency of the transfer (e.g. whether the data is transferred on a one-off or continuous basis) – Continuous basis.
Nature of the processing – data collection, saving, organization, hosting, deletion. Making the data available to the data importer following its requirements / petitions.
Purpose(s) of the data transfer and further processing –Provision of customer service services, as further detailed in the MEA.
The period for which the personal data will be retained, or, if that is not possible, the criteria used to determine that period: data will be retained for as long as the data importer requires the services. For transfers to (sub-) processors, also specify subject matter, nature and duration of the processing – same as above.
C. COMPETENT SUPERVISORY AUTHORITY – the Spanish Data Protection Agency.
ANNEX II
TECHNICAL AND ORGANISATIONAL MEASURES INCLUDING TECHNICAL AND ORGANISATIONAL MEASURES TO ENSURE THE SECURITY OF THE DATA
Information Security Program (“ISP”)
TYPEFORM will maintain an ISP designed to (i) help secure personal data against accidental or unlawful loss, access or disclosure; (ii) identify reasonably foreseeable and internal risks to security and unauthorized access; and (iii) minimize security risks, including through risk assessment and regular testing. The ISP will include the following measures:
Network Security
TYPEFORM will maintain access and transmission controls and policies to manage access to the network, including the use of authentication controls, firewalls or intrusion detection systems to ensure that only the authorized individual have access to the systems and data is transmitted without compromise to the correct recipients. TYPEFORM will maintain security incident response plans to handle potential security incidents.
Physical Security
Physical components are housed in facilities (“Facilities”) controlled by an ISO 27001 certified company (i.e. Amazon Web Services) or in Facilities which meet or exceed all of the following physical security requirements.
Physical Access Controls and Limited Access. Access to the Facilities is granted to those employees and contractors who have a legitimate business need for such access privileges. When an employee or contractor no longer has a business need for the access privileges assigned to him/her, the access privileges are promptly revoked.
Personal Data Security. Controls for the Protection of Personal Data.
Taken care in the control “Privacy by design & by default”. TYPEFORM will maintain appropriate technical and organizational measures for protection of the security (including protection against unauthorized or unlawful processing and against accidental or unlawful destruction, loss or alteration or damage, unauthorized disclosure of, or access to, personal data), confidentiality and integrity of personal data appropriate to the risk, including inter alia as appropriate: (i) the pseudonymization and encryption of personal data; (ii) the ability to ensure the ongoing confidentiality, integrity, availability and resilience of processing systems and services; (iii) the ability to restore the availability and access to personal data in a timely manner in the event of a physical or technical incident; (iv) a process for regularly testing, assessing and evaluating the effectiveness of technical and organizational measures for ensuring the security of the processing; and (v) the principles of privacy by design and by default to ensure that processes and systems are designed such that the collection and processing if data are limited to what is necessary for the identified purpose. Such principles comprises for personal data the limit of collection, processing, accuracy and quality, minimization of objectives, de-identification, deletion & disposal at the end of processing, proper management of temporary files, retention periods & processing transmission controls. TYPEFORM regularly monitors compliance with these measures, and will not materially decrease the overall security of the data processing services during the term of the relevant Order Form.
Temporary files: Temporary files training & awareness will be included in TYPEFORM training & awareness program for employees.
Business Continuity and Disaster Recovery
TYPEFORM will maintain a business continuity and disaster recovery plan based on risk. Recovery plan are tested at least annually.
Employee security
TYPEFORM will have signed confidentiality agreements with the employees and contractors. Also, all employees and contractors will have a common way to report incidents approved by the organization and they will undergo at least an annual security awareness training.
Ongoing Evaluation
TYPEFORM must reassess and update their security policies on a periodic basis. Changes must be documented.
Sub-processors
Sub-processors shall implement the same security measures described in this Annex II.
ANNEX III
International Data Transfer Addendum to the EU Commission Standard Contractual Clauses
This Addendum has been issued by the Information Commissioner for Parties making Restricted Transfers. The Information Commissioner considers that it provides Appropriate Safeguards for Restricted Transfers when it is entered into as a legally binding contract.
Part 1: Tables
Table 1: Parties
Start date | As specified in the applicable Order Form | |
The Parties | Exporter (who sends the Restricted Transfer) | Importer (who receives the Restricted Transfer) |
Parties’ details | Full legal name: Typeform SL Trading name (if different): N/A Main address (if a company registered address): As specified in the Order Form Official registration number (if any) (company number or similar identifier): As specified in the Order Form | Full legal name: As specified in the Order Form Trading name (if different): As specified in the Order Form Main address (if a company registered address): As specified in the Order Form Official registration number (if any) (company number or similar identifier): As specified in the Order Form |
Key Contact | Full Name (optional): N/A Job Title: N/A Contact details including email: dpo@typeform.com | Full Name (optional): N/A Job Title: N/A Contact details including email: As specified in the Order Form |
Table 2: Selected SCCs, Modules and Selected Clauses
As stipulated in section 10.4 of the DPA.
Table 3: Appendix Information
Appendix Information: means the information which must be provided for the selected modules as set out in the Appendix of the EU SCCs (other than the Parties), and which is set out in the DPA.
Table 4:
Neither party may end this Addendum when the approved Addendum changes.
Part 2: Mandatory Clauses
Entering into this Addendum
Each Party agrees to be bound by the terms and conditions set out in this Addendum, in exchange for the other Party also agreeing to be bound by this Addendum.
Although Annex 1A and Clause 7 of the Approved EU SCCs require signature by the Parties, for the purpose of making Restricted Transfers, the Parties may enter into this Addendum in any way that makes them legally binding on the Parties and allows data subjects to enforce their rights as set out in this Addendum. Entering into this Addendum will have the same effect as signing the Approved EU SCCs and any part of the Approved EU SCCs.
Interpretation of this Addendum
Where this Addendum uses terms that are defined in the Approved EU SCCs those terms shall have the same meaning as in the Approved EU SCCs. In addition, the following terms have the following meanings:
Addendum | This International Data Transfer Addendum which is made up of this Addendum incorporating the Addendum EU SCCs. |
Addendum EU SCCs | The version(s) of the Approved EU SCCs which this Addendum is appended to, as set out in section ‘Table 2’, including the ‘Appendix Information. |
Appendix Information | As set out in Table 3. |
Appropriate Safeguards | The standard of protection over the personal data and of data subjects’ rights, which is required by UK Data Protection Laws when you are making a Restricted Transfer relying on standard data protection clauses under Article 46(2)(d) UK GDPR. |
Approved Addendum | The template Addendum issued by the ICO and laid before Parliament in accordance with s119A of the Data Protection Act 2018 on 2 February 2022, as it is revised under Section 18. |
Approved EU SCCs | The Standard Contractual Clauses set out in the Annex of Commission Implementing Decision (EU) 2021/914 of 4 June 2021. |
ICO | The Information Commissioner. |
Restricted Transfer | A transfer which is covered by Chapter V of the UK GDPR. |
UK | The United Kingdom of Great Britain and Northern Ireland. |
UK Data Protection Laws | All laws relating to data protection, the processing of personal data, privacy and/or electronic communications in force from time to time in the UK, including the UK GDPR and the Data Protection Act 2018. |
UK GDPR | As defined in section 3 of the Data Protection Act 2018. |
This Addendum must always be interpreted in a manner that is consistent with UK Data Protection Laws and so that it fulfils the Parties’ obligation to provide the Appropriate Safeguards.
If the provisions included in the Addendum EU SCCs amend the Approved SCCs in any way which is not permitted under the Approved EU SCCs or the Approved Addendum, such amendment(s) will not be incorporated in this Addendum and the equivalent provision of the Approved EU SCCs will take their place.
If there is any inconsistency or conflict between UK Data Protection Laws and this Addendum, UK Data Protection Laws applies.
If the meaning of this Addendum is unclear or there is more than one meaning, the meaning which most closely aligns with UK Data Protection Laws applies.
Any references to legislation (or specific provisions of legislation) means that legislation (or specific provision) as it may change over time. This includes where that legislation (or specific provision) has been consolidated, re-enacted and/or replaced after this Addendum has been entered into.
Hierarchy
Although Clause 5 of the Approved EU SCCs sets out that the Approved EU SCCs prevail over all related agreements between the parties, the parties agree that, for Restricted Transfers, the hierarchy in Section 10 will prevail.
Where there is any inconsistency or conflict between the Approved Addendum and the Addendum EU SCCs (as applicable), the Approved Addendum overrides the Addendum EU SCCs, except where (and in so far as) the inconsistent or conflicting terms of the Addendum EU SCCs provides greater protection for data subjects, in which case those terms will override the Approved Addendum.
Where this Addendum incorporates Addendum EU SCCs which have been entered into to protect transfers subject to the General Data Protection Regulation (EU) 2016/679 then the Parties acknowledge that nothing in this Addendum impacts those Addendum EU SCCs.
Incorporation of and changes to the EU SCCs
This Addendum incorporates the Addendum EU SCCs which are amended to the extent necessary so that:
together they operate for data transfers made by the data exporter to the data importer, to the extent that UK Data Protection Laws apply to the data exporter’s processing when making that data transfer, and they provide Appropriate Safeguards for those data transfers;
Sections 9 to 11 override Clause 5 (Hierarchy) of the Addendum EU SCCs; and
this Addendum (including the Addendum EU SCCs incorporated into it) is (1) governed by the laws of England and Wales and (2) any dispute arising from it is resolved by the courts of England and Wales, in each case unless the laws and/or courts of Scotland or Northern Ireland have been expressly selected by the Parties.
Unless the Parties have agreed alternative amendments which meet the requirements of Section 12, the provisions of Section 15 will apply.
No amendments to the Approved EU SCCs other than to meet the requirements of Section 12 may be made.
The following amendments to the Addendum EU SCCs (for the purpose of Section 12) are made:
References to the “Clauses” means this Addendum, incorporating the Addendum EU SCCs;
In Clause 2, delete the words:
“and, with respect to data transfers from controllers to processors and/or processors to processors, standard contractual clauses pursuant to Article 28(7) of Regulation (EU) 2016/679”;
Clause 6 (Description of the transfer(s)) is replaced with:
“The details of the transfers(s) and in particular the categories of personal data that are transferred and the purpose(s) for which they are transferred) are those specified in Annex I.B where UK Data Protection Laws apply to the data exporter’s processing when making that transfer.”;
Clause 8.7(i) of Module 1 is replaced with:
“it is to a country benefitting from adequacy regulations pursuant to Section 17A of the UK GDPR that covers the onward transfer”;
Clause 8.8(i) of Modules 2 and 3 is replaced with:
“the onward transfer is to a country benefitting from adequacy regulations pursuant to Section 17A of the UK GDPR that covers the onward transfer;”
References to “Regulation (EU) 2016/679”, “Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (General Data Protection Regulation)” and “that Regulation” are all replaced by “UK Data Protection Laws”. References to specific Article(s) of “Regulation (EU) 2016/679” are replaced with the equivalent Article or Section of UK Data Protection Laws;
References to Regulation (EU) 2018/1725 are removed;
References to the “European Union”, “Union”, “EU”, “EU Member State”, “Member State” and “EU or Member State” are all replaced with the “UK”;
The reference to “Clause 12(c)(i)” at Clause 10(b)(i) of Module one, is replaced with “Clause 11(c)(i)”;
Clause 13(a) and Part C of Annex I are not used;
The “competent supervisory authority” and “supervisory authority” are both replaced with the “Information Commissioner”;
In Clause 16(e), subsection (i) is replaced with:
“the Secretary of State makes regulations pursuant to Section 17A of the Data Protection Act 2018 that cover the transfer of personal data to which these clauses apply;”;
Clause 17 is replaced with:
“These Clauses are governed by the laws of England and Wales.”;
Clause 18 is replaced with:
“Any dispute arising from these Clauses shall be resolved by the courts of England and Wales. A data subject may also bring legal proceedings against the data exporter and/or data importer before the courts of any country in the UK. The Parties agree to submit themselves to the jurisdiction of such courts.”; and
The footnotes to the Approved EU SCCs do not form part of the Addendum, except for footnotes 8, 9, 10 and 11.
Amendments to this Addendum
The Parties may agree to change Clauses 17 and/or 18 of the Addendum EU SCCs to refer to the laws and/or courts of Scotland or Northern Ireland.
If the Parties wish to change the format of the information included in Part 1: Tables of the Approved Addendum, they may do so by agreeing to the change in writing, provided that the change does not reduce the Appropriate Safeguards.
From time to time, the ICO may issue a revised Approved Addendum which:
makes reasonable and proportionate changes to the Approved Addendum, including correcting errors in the Approved Addendum; and/or
reflects changes to UK Data Protection Laws;
The revised Approved Addendum will specify the start date from which the changes to the Approved Addendum are effective and whether the Parties need to review this Addendum including the Appendix Information. This Addendum is automatically amended as set out in the revised Approved Addendum from the start date specified.
If the ICO issues a revised Approved Addendum under Section 18, if any Party selected in Table 4 “Ending the Addendum when the Approved Addendum changes”, will as a direct result of the changes in the Approved Addendum have a substantial, disproportionate and demonstrable increase in:
its direct costs of performing its obligations under the Addendum; and/or
its risk under the Addendum,
and in either case it has first taken reasonable steps to reduce those costs or risks so that it is not substantial and disproportionate, then that Party may end this Addendum at the end of a reasonable notice period, by providing written notice for that period to the other Party before the start date of the revised Approved Addendum.
The Parties do not need the consent of any third party to make changes to this Addendum, but any changes must be made in accordance with its terms.