Terms of Service
This Business Service Agreement ("Agreement") is made and entered into on 27th April 2021 ("Effective Date") between:
1) MOBIWEB LIMITED, a company incorporated under the laws of Hong Kong, having its registered offices at 111, How Ming Street, Futura Plaza, Room 2103, Kwun Tong, Hong Kong, under Registration Number: 1920854, ("MobiWeb"), duly represented by the signee,
and;
2) you ("You", "Your", "Customer", "The company" or "Company" duly represented by you.
Hereinafter, individually referred to as "Party" and both collectively referred to as "Parties".
The Agreement consists of (i) this document and (ii) the following Annexes:
- Annex 1 - Service Level Agreement
- Annex 2 - Quotation of Service
- Annex 3 - Contact Details
1 Definitions
"MobiWeb Network" means the portion of network of routers, switches and communication channels that are owned or controlled by MobiWeb and used to provide the Service.
"Applicable Laws and Codes" shall mean all (a) laws and regulations, (b) rights of any person, and (c) rules, codes and guidelines promulgated by any Regulator, that may apply to MO or MT messages sent pursuant this Agreement or the Company Service that deploys any part of the Services.
"Chargeable Event" means SMS or HLR Lookup request sent by the Company to MobiWeb which is subject to Successful Submit by MobiWeb to destination Operator. SMS sent to multiple recipients or multiple HLR lookup requests shall be billed separately for each recipient.
"Company Service" means any service offered by the Company or any other person or entity that uses Services provided by MobiWeb under this Agreement.
"Effective Date" means the date set forth in the initial paragraph of this Agreement.
"Intellectual Property Rights" means all intellectual property rights under the laws of Hong Kong and any other nation including, without limitation, all patent rights, copyrights, trade secrets, trademarks, trade names and other proprietary rights.
"Network Operator" means a mobile network operator which is directly or indirectly engaged in the performance of any of the Services.
"Protocol Specification" means the protocols to be used by the Company in order to access the Services, as made available by MobiWeb.
"Regulator" means any relevant regulator or other authority, voluntary or otherwise, including, without limitation, (a) the relevant Data Protection Authorities in the country where the Company markets or provides its Services, (b) any other legally empowered body or person having relevant powers or remit.
"Service/s" means products, software, services, websites, telecommunications and messaging services as provided to the Company by MobiWeb.
"Service Interface" means the method to be used by the Company to connect to the Platform;
"SMS" and "Messages" mean short message service, i.e. concise messages containing personalized or specialized content, or other information, sent directly to/from mobile phones, pagers, or other mobile devices using the MobiWeb Service. An SMS shall be a message of the standard 160 maximum character length using 7-bit representation (140 bytes length).
"HLR Lookup" means Home Location Register Lookup service, i.e. a request sent by MobiWeb to the SS7/GSM network to request details of a mobile phone subscriber that is authorized to use the GSM core network.
"Term" shall have the meaning set forth in Section 8 of this Agreement.
"Successful Submit" means MobiWeb accepts the SMS sent from Company and is confirmed by a successful submit response sent to Company. If Company receives failure response from MobiWeb, then the SMS will not be treated as a successful delivery.
2 Service Description
MobiWeb provides global SMS Messaging Delivery and HLR Service to Company. The related coverage and prices are defined in the Annex 2 "Quotation of Service".
3 Obligations of Company
3.1 The Company undertakes to MobiWeb as follows:
- to connect only to the Service Interface specified for the Company, using only the names and passwords as made available by MobiWeb;
- to comply with MobiWeb's Protocol Specifications, compliance being a condition of MobiWeb performing its obligations under this Agreement;
- to ensure that the technical coordinators and other staff of the Company follow the service administration and fault reporting procedures as made available by MobiWeb;
- to comply with, and to ensure that Company Content and Company Services are used in a manner which complies with all Applicable Laws and Codes and Network Operator requirements, as they exist and as they change from time to time; and
- to supply to MobiWeb complete and accurate instructions, and such Company Content and Company data (if any) as may be required for the performance of the relevant Services, in accordance with such timescales as MobiWeb may reasonably require.
3.2 Message Aggregation and Transmission. Company shall be solely responsible for Company's aggregation, transmission and all other activities in connection with the Company Services and MobiWeb shall have no liability or responsibility with respect thereto.
3.3 Spam Prevention. Company will use reasonable commercial efforts to prevent spam (as such term is commonly understood) and abusive or illegal content from reaching mobile device users. In the event one of the Parties receives complaints regarding usage of the Service for the purpose of sending spam, illegal or abusive content, the Party shall immediately notify the other Party and both Parties will work diligently and in good faith to identify the source of such activity and to stop such activity as soon as practicable. Both Parties shall cooperate in identifying, and bringing appropriate legal action against such activity. The Parties shall coordinate all other lawful actions reasonably requested to stop such activity and prevent the shutdown of the Service. MobiWeb reserves the right to filter and refuse messages from Company that contain objectionable content, and to refuse to deliver messages intended for receipt by mobile users who have requested MobiWeb not to send any messages to their mobile device. Company acknowledges that third party content may be displayed, duplicated, distributed or made available through the MobiWeb Services, and that MobiWeb does not control such content nor makes any warranty whatsoever regarding such content. MobiWeb specifically disclaims any warranty that such content will not infringe or misappropriate any intellectual property right of a third party, constitute false, deceptive or unfair advertising or disparagement under applicable law, or fail to comply with applicable laws or regulations. Under no circumstances will MobiWeb be liable for, nor will any indemnification rights on the part of MobiWeb arise out of or in connection with such third-party content, including any claim that such use constitutes unsolicited messages or violates anti-spam or privacy laws or regulations.
3.4 Virus Prevention. Company shall ensure that the Company Service shall not contain any (a) viruses, worms, Trojan horses, or any other code that might disrupt, disable, harm, erase memory, or otherwise impede the operation or functionality or any MobiWeb or Network Operator software, firmware, hardware, wireless device, computer system, or network; (b) traps, time bombs, or other code that would disable any software based on the elapsing of a period of time, advancement to a particular date or other numeral; or (c) code that would permit any third party to interfere with or surreptitiously access any end user personal information.
3.5 MobiWeb may request:
- Evidence from Company of compliance with Sections 3.1 through 3.4 above, and
- Provision by the Company of reasonable volume forecasts, end user support information and information concerning new Company Services.
Company agrees to comply with any such request as soon as reasonably practicable and with such degree of detail as MobiWeb may reasonably require, on the condition that any forecasts given will not be contractually binding and/or oblige Company to purchase and/or order the Services.
3.6 Compliance and Regulators
In the event that any Network Operator or Regulator:
- advises MobiWeb that Company is or has been in breach of any of the Applicable Laws and Codes or a Network Operator rule or requirement, then MobiWeb shall be entitled to act on any request or recommendation by such Network Operator or Regulator to withhold any sums payable to Company until Company pays to the Network Operator or Regulator (as the case may be) all sums due to meet fines, administrative charges or other sums payable to the Network Operator or Regulator, plus any costs or expenses incurred by MobiWeb in connection with the matter giving rise to the breach.
- makes (i) a charge, fine, penalty or debit against MobiWeb, or (ii) any deduction from sums otherwise payable to MobiWeb for one or more actual or alleged events the liability for which (if proven) would have arisen out of a breach of Clause 3.1 or 3.3 above or constituted a breach of any of the Applicable Laws and Codes, then MobiWeb shall be entitled to recover from Company the amount thereof, plus any costs or expenses incurred by MobiWeb in connection with such liability or the relevant charge, fine, debit or deduction.
If a Regulator is investigating or otherwise dealing with an alleged breach of Applicable Laws and Codes relating to the Company Service or its promotion, MobiWeb shall be entitled to request that the Regulator deals directly with the Company, and the Company agrees:
- to provide to the Regulator such information as is requested by the Regulator or MobiWeb;
- to provide full cooperation to the Regulator and MobiWeb in connection with the investigation;
- that it shall comply with and be solely responsible for any sanction or charge imposed by the Regulator in respect of the breach; and
- to provide as soon as is practicable written acceptances and undertakings in such form as MobiWeb or the Regulator may specify as to:
- (i) its acceptance of full responsibility for the Company Service and its promotion; and
- (ii) any other matters referred to in this Clause 3.6 or that are specified by the Regulator
4 Service Charges, Price Changes and Billing
4.1 Service Charges. Company agrees to pay MobiWeb the Service fees, the one-time activation and other charges as indicated on the Quotation of Service ("Quote(s)") in Annex 2 or otherwise due hereunder (collectively, "Service Charges"). Service Charges exclude any applicable excise, gross receipts, sales, regulatory, value-added and privilege taxes, duties, fees or assessments (other than general income and real property taxes) which may be imposed by any government or governmental authority on the Service. Taxes ("Taxes"), if applicable, shall be paid by Company. Company agrees indemnify and hold MobiWeb harmless from liability of any kind arising from Company's failure to pay any Taxes. Company may provide MobiWeb with a valid tax exemption forms under applicable law that may exempt Company from the payment of certain Taxes that would otherwise be paid by Company. Customer shall be responsible for all Taxes that are not covered by a valid tax exemption certificate provided to MobiWeb. MobiWeb reserves the right to adjust Service Charges at any time after the Effective Date. The adjusted Service Charges will be applicable one (1) day after MobiWeb has given notice to Company.
4.2 Payment. All Service Charges and other fees shall be prepaid in EURO (€). All Service Charges shall be exclusive of any taxes including but not limited to VAT. Bank charges for currency exchange and money transfer to MobiWeb must be paid by the Company.
4.3 Payment Dispute Resolution:
4.3.1 In the event of an invoice dispute, Company must contact MobiWeb in writing within fifteen (15) days of receipt of the invoice. Any dispute notification received by MobiWeb beyond this fifteen (15) day period will not be accepted. The Parties agree to the payment dispute resolution procedures set forth below:
4.3.2 Dispute must not block the undisputed portion of the payment.
4.3.3 Both Parties shall exercise reasonable efforts to resolve the dispute from receiving the dispute notification. In the event that Parties fail to resolve the payment dispute within thirty (30) days after the dispute notification, the dispute shall be settled according to the procedure set out in Section 13.3 herein.
4.4 Price changes. Price changes can occur at any time and are effective immediately after being sent to the designated e-mail Address for Price Changes Notification as this is specified in Table A. The new prices become an integral part of this Agreement and Company accepts that it replaces any previous notified price.
5 Service Level Agreement
5.1 MobiWeb will use commercially reasonable efforts to meet the Service Level Agreement (SLA) for the Service as set forth in Annex 1. The SLA is described in Annex 1 and may be changed by MobiWeb from time to time; however, MobiWeb agrees to provide Company with reasonable advance notice of any material changes to the SLA that may affect Service. Should Company object to such material SLA changes, Company will have the right to terminate the Agreement without penalty.
6 Warranties
6.1 MobiWeb provides Services under this Agreement and warrants that it will, for the duration of the Term, perform its Services in accordance with this Agreement, including the Annexes, the Table A and in accordance with generally accepted industry standards.
6.2 MobiWeb represents and warrants to Company that it has the right to provide Company the Service, and that it is an entity, duly organized, validly existing and in good standing under the laws of its origin and the places in which it provides the Service(s), with all requisite power to enter into and perform its obligations under this Agreement in accordance with its terms.
6.3 MobiWeb warrants and represents that it owns the full right, title, and interest (or valid license rights) in all of the intellectual property embodied in the Service and therefore, the commercial use of the Service by the Company will not infringe any patent, copyright, trade secret, trademark, or other intellectual property right of a third party.
6.4 Except as expressly stated in the Agreement and in the related SLA, MobiWeb does not warrant that the Service will be continuous or uninterrupted, secure, error-free or that all defects in the Service will be corrected. No oral or written information or advice given by MobiWeb or MobiWeb's authorized representatives will create a warranty or in any way increase the scope of this warranty.
6.5 Limitation on Warranty. EXCEPT AS EXPRESSLY SET FORTH IN THIS AGREEMENT AND IN THE RELATED SLA, THE SERVICE WILL BE PROVIDED TO COMPANY ON AN "AS IS" BASIS, AND MOBIWEB EXPRESSLY DISCLAIMS ALL WARRANTIES OF ANY KIND, EXPRESS, IMPLIED OR STATUTORY, INCLUDING, WITHOUT LIMITATION, ANY IMPLIED WARRANTIES OF PERFORMANCE, MERCHANTABILITY, FITNESS FOR PARTICULAR USE OR PURPOSE, OR NON-INFRINGEMENT.
7 Limitation of Liability and Indemnities
7.1 Limitation of Liability. In no event will MobiWeb be liable for any incidental, punitive, indirect or consequential damages (including without limitation on any lost revenue or lost profits) or for any loss of technology, loss of data, or interruption or loss of use of Service or any other similar claims by Company or related to Company's business, even if MobiWeb is advised of the possibility of such damages.
7.2 Maximum Liability. Notwithstanding anything to the contrary in this Agreement, MobiWeb's entire liability arising from or relating to this Agreement or the subject matter hereof under any legal theory (whether in contract, tort, indemnity or otherwise) shall not exceed the lower of the amounts actually received by MobiWeb hereunder during the one hundred twenty (120) day period immediately preceding the date on which such liability arises and the amount of five thousand EUR.
7.3 Indemnification. Each Party shall indemnify the other for any bodily injuries to persons or damage to real or personal property to the extent attributable to the negligence or willful misconduct of its personnel or those of its affiliates and contractors, or their presence in the other Party's facility. Company, at its own expense, will indemnify, defend, and hold harmless MobiWeb, its directors, its managerial board, its affiliates, and its employees from and against all losses, damages, liabilities, settlements, costs and expenses arising out of or related to any claim, demand, suit, action, or proceeding initiated by a third party arising out of or relating to any Company Service, or any breach of the Agreement by Company.
The provisions of this Section 7 will survive one year's time after the termination of this Agreement.
8 Term
The term of this Service Agreement is a period of one (1) year from the Effective Date ("Initial Term"), unless earlier terminated per Section 9. After this Initial Term, this Service Agreement shall be automatically renewed every year for subsequent one-year terms (each a "Renewal Term"), unless earlier terminated per Section 9, or unless terminated by either Party by a prior written notice delivered to the non-terminating party no less than thirty (30) days prior to the expiration of the then current term.
5 Service Level Agreement
5.1 MobiWeb will use commercially reasonable efforts to meet the Service Level Agreement (SLA) for the Service as set forth in Annex 1. The SLA is described in Annex 1 and may be changed by MobiWeb from time to time; however, MobiWeb agrees to provide Company with reasonable advance notice of any material changes to the SLA that may affect Service. Should Company object to such material SLA changes, Company will have the right to terminate the Agreement without penalty.
9 Suspension and Termination
9.1 MobiWeb may in its sole discretion suspend provision of the Services at any time in the event that:
- MobiWeb is obliged or advised to comply with an order, instruction or request of the government, Regulator, Network Operator, court or other competent authority;
- MobiWeb has cause to believe in its reasonable opinion that the Company is in breach of any of its obligations under the Agreement;
- the services of one or more of the Network Operators upon which the provision of Services hereunder is dependent suspends its provision of those services to MobiWeb under the terms of its or their relevant agreement(s) with MobiWeb; or
9.2 This Agreement may also be terminated as follows:
- by mutual agreement of the Parties; or
- by one of the Parties, with immediate effect, when the other Party is in material breach of the Agreement and does not or is not capable or remedying such breach within thirty (30) days of receipt of a written notice or such effect; or
- by MobiWeb if Company has not settled any overdraft amounts within fifteen (15) days late, after having received written notice thereof;
- by one of the Parties, with immediate effect, if the other Party becomes bankrupt or insolvent or if that other Party enters into any composition or arrangement with its creditors and that other Party is not able to ensure performance of its obligations under the Agreement by a guarantee from a first class bank, payable on first written demand; or
- by written notice of either Party to the other in the event that this Agreement becomes technically or commercially impracticable and the other Party is not capable of remedying such problems within sixty (60) days of receipt of a written notice to such effect.
10 Confidentiality
10.1 The Parties undertake not to disclose to third parties any service, product, system, market, subscribers, other Company's or company information relating to the other Party ("Confidential Information"), unless this information is in the public domain or unless on the need to know basis to subcontractors. In the latter case, the Company will be informed in advance by MobiWeb. MobiWeb information shall be used only for the implementation of the Service Agreement. The Parties undertake to impose the same obligations on persons employed by them.
10.2 The Receiving Party shall hold all Confidential Information in confidence during the Term of this Agreement and for an additional one (1) year following the termination of this Agreement. During that period, the Receiving Party shall use at least the same degree of care as it uses with regard to its own proprietary or confidential information to prevent the disclosure, unauthorized use or publication of Confidential Information. The Receiving Party shall not be required to hold in confidence any Confidential Information which is made public by the Disclosing Party or a third party.
10.3 A Receiving Party may disclose Confidential Information if such disclosure is in response to an order or request from a court, or a regulatory body; provided, however, that before making such disclosure, the Receiving Party shall, to the extent permitted by law, make all reasonable efforts to give the Disclosing Party advance reasonable notice and opportunity to object to the order or request, and/or to obtain a court order to protect the Confidential Information to be disclosed.
10.4 Save as otherwise required by applicable law or regulations or otherwise by any governmental or regulatory authority, each party hereto shall observe strict confidentiality as to all information relating to, and the business affairs of, the other party as may come within its knowledge and no party hereto shall make any announcement in relation to this Agreement or the transaction or arrangements hereby contemplated or referred to herein or any matter ancillary thereto without the prior consent in writing of the other party.
The provisions of this Section 10 will survive one year's time after the termination of this Agreement.
11 Protection of Proprietary Rights
11.1 No Transfer of Rights. Company acknowledges and agrees that pursuant to this Agreement no right, title, or interest in MobiWeb Network and Service, or any related intellectual property, is transferred or licensed. Notwithstanding the foregoing, each Party agrees to make available to the other Party information, device, software and the like to the extent necessary for the Parties to fulfill the obligations as required by the Agreement herein. Any software developed by a Party incidental to the performance of this Agreement shall be owned exclusively by the developing Party and may be used by or for the benefit of the developing party except with the developing Party's express written permission to the contrary.
11.2 Information Protection. All substantive data processed, distributed and disseminated by MobiWeb Service or by Company shall, as between the Parties, belong to the originating Party or the originating mobile user. EACH PARTY MAKES NO REPRESENTATION OR WARRANTY OF ANY KIND REGARDING THE DATA CONTENT, OR REGARDING ANY INTERACTIVE ACTIONS OR OMISSIONS BY OR ON BEHALF OF MOBILE USERS, AND HEREBY DISCLAIMS ANY RESPONSIBILITY IN CONNECTION THEREWITH.
12 Force Majeure
If one of the Parties cannot fulfill the Service Agreement due to unexpected or extraordinary circumstances beyond the control of the Parties, such as of natural catastrophe, acts of the government, acts of war or terrorism, fire, explosion, epidemics, strike, lockout or persistent failure of power supply, the Service Agreement is suspended for the Party in question for as long as the situation continues. If the situation continues for more than one (1) month, the Service Agreement can be terminated by the other Party by fourteen (14) days written notice in advance.
13 Miscellaneous Provisions
13.1 No Assignment. Company will not assign, transfer or pledge this Agreement, or any interest, license or rights of any kind herein, in any manner whether voluntarily or by operation of law, without the prior written consent of MobiWeb, and any attempt to do so without such consent will be void. Notwithstanding the foregoing, MobiWeb shall be allowed to assign this Agreement without the Company's prior consent in the event of a merger, acquisition or other business combination where MobiWeb is not the surviving party, so long as the successor in interest to MobiWeb agrees to assume all obligations under this Agreement. Subject to the foregoing, this Agreement will be binding upon and inure to the benefit of the Parties and their successors and assigns.
13.2 Independent Contractors. In performing this Agreement, each of the Parties will operate as, and have the status of, an independent contractor. This Agreement does not create any agency, employment, partnership, joint venture, franchise or other similar or special relationship between the Parties. Neither Party will have the right or authority to assume or create any obligations or to make any representations, warranties or commitments on behalf of the other Party or its affiliates, whether express or implied, or to bind the other Party or its affiliates in any respect whatsoever.
13.3 Choice of Law and Dispute Resolution. This Agreement will be governed by and construed under, and the legal relations between the Parties hereto will be determined in accordance with, the laws of the Hong Kong, excluding its conflict of law rules. The Parties agree that the United Nations Convention on Contracts for the International Sale of Goods is specifically excluded from application to this Agreement. Disputes that cannot be solved amicably as provided herein shall be finally settled by arbitration according to the American Arbitration Association (AAA) Rules by one or more arbitrators appointed in accordance with such Rules. Venue of arbitration shall be the city of Hong Kong, Hong Kong and the language shall be English.
13.4 Injunctive Relief. MobiWeb and Company acknowledge and agree that breach of their obligations under this Agreement may cause irreparable harm for which recovery of money damages would be inadequate, and that the Parties will therefore be entitled to obtain timely injunctive relief to protect their rights under this Agreement, in addition to any and all remedies available to the Parties in equity and at law.
13.5 Attorneys' Fees. The prevailing party in any action brought in connection with this Agreement will be entitled to recover its reasonable attorneys' fees and costs from the non-prevailing party.
13.6 Severability. If any provision of this Agreement or portion thereof is determined by a court of competent jurisdiction, or declared under any law, rule or regulation of any government having jurisdiction over the Parties hereto, to be invalid, illegal or otherwise unenforceable, then such provision will, to the extent permitted by the court or government not be voided but will instead be construed to give effect to its intent to the maximum extent permissible under applicable law and the remainder of this Agreement will remain in full force and effect according to its terms.
13.7 Rules of Construction. The captions or headings in this Agreement are strictly for convenience and shall not be considered in interpreting this Agreement or as amplifying or limiting any of its content. Unless expressly defined herein, words having well known technical or trade meanings shall be so construed. All listing of items shall not be taken to be exclusive, but shall include other items, whether similar or dissimilar to those listed, as the context reasonably requires. This Agreement has been fully negotiated between and jointly drafted by the Parties. This Agreement will be fairly interpreted in accordance with its terms and without any strict construction in favor of or against either Party. This Agreement is in the English language only, which language will be controlling in all respects. No translation, if any, of this Agreement into any other language will be of any force or effect in the interpretation of this Agreement or in determination of the interests of either Party hereto. Furthermore, the Parties agree that all correspondence, notices, orders, claims, suits and other communication between the Parties hereto will be written or conducted in English.
13.8 Entire Agreement. This Agreement, including any annexes attached hereto and the Table A, constitutes the entire agreement of the Parties concerning its subject matter and supersedes any and all prior or contemporaneous, written or oral negotiations, correspondence, understandings and agreements between the Parties respecting the subject matter of this Agreement.
13.9 Modification. No supplement, modification or amendment to this Agreement will be binding unless evidenced by a writing signed by the Party against whom it is sought to be enforced. Any terms and conditions in any purchase order or other instrument issued by Company in connection with this Agreement which is additional to or inconsistent with this Agreement will not be binding on MobiWeb.
13.10 Waiver. No waiver of any provision or consent to any action will constitute a waiver of any other provision or consent to any other action, whether or not similar. No waiver or consent will constitute a continuing waiver or consent or commit a party to provide a waiver in the future except to the extent specifically set forth in writing. Any waiver given by a party will be null and void if the party requesting such waiver has not provided a full and complete disclosure of all material facts relevant to the waiver requested. No waiver will be binding unless executed in writing by the party making the waiver.
13.11 Execution; Counterparts. This Agreement will not be binding in whole or in part upon the Parties unless and until duly executed by or on behalf of both Parties hereto, in which event this Agreement will be effective as of the Effective Date. This Agreement may be executed in any number of counterparts, each of which shall be enforceable against the Parties actually executing such counterparts, and all of which together shall constitute one instrument.
13.12 Deposits. Except as otherwise required by law, deposits do not accrue interest. All deposits will be held by MobiWeb in accordance with the applicable law governing such deposit.
13.13 Maintenance Notifications.
13.13.1 Scheduled Maintenance. MobiWeb may, upon two (2) business days' notice, suspend the provision of all or any of the Services to the Company during the Maintenance Window (defined below), in order to maintain, test or configure the Services, to upgrade hardware or software, increase capacity or to perform such other non-emergency work as MobiWeb may determine is necessary or appropriate ("Scheduled Maintenance"). The Maintenance Window means 12:00 a.m. to 6:00 a.m. (local time) and certain scheduled weekends, as required (the "Maintenance Window"). Scheduled Maintenance may degrade the quality of Services or cause an Outage.
13.13.2 Emergency Maintenance. MobiWeb may, without notice, perform work at any time to correct, replace or repair network conditions which are likely to cause an Outage, and which require immediate correction ("Emergency Maintenance"). Emergency Maintenance while being conducted, may degrade the quality of the Services or cause an Outage.
13.14 History Records in Statistics. MobiWeb will use reasonable efforts to include Detailed Statistics and History of Transactions on a web Portal and shall leave such Records for at least for four (4) months. MobiWeb may remove such History Data at any time without notice thereafter.
Annex 1 - Service Level Agreement & Support
MobiWeb will provide the other party with 24x7 support in respect of any and all defects and delays in the Services. Each Party will ensure that at least one (1) dedicated employee will be responsible for providing Support to the other Party.
1. Network Availability
MobiWeb will ensure that MobiWeb's Network will be generally available 99.95% of the time, in the manner, and with the exceptions, set forth below. Availability is a measure of the time during which the Party's Network is operational and may be utilized to deliver Services. General availability of the Party's Network will be calculated each six month (the first such six month period beginning on the Effective Date of the Agreement), as a percentage based on the fraction below:
(Total Service - Unplanned Outage) / Total Service
Where:
"Total Service" means total number of minutes during the relevant six month period, less the total number of minutes constituting Exclusions for such period.
"Unplanned Outage" means total number of minutes that the party's Network is unavailable in a six month period not counting Exclusions.
"Exclusion(s)" means unavailability of the Party's Network for one or more of the following reasons:
- Any scheduled maintenance for which each Party gives prior notice. Each Party will use commercially reasonable efforts to schedule all planned downtime during non-peak hours.
- Any unavailability caused by circumstances beyond Party's reasonable control, including without limitation, acts of God, acts of government, flood, fire, earthquakes, civil unrest, acts of terror, strikes or other labor problems (other than those involving Party's employees), computer, telecommunications, Internet Company or hosting facility failures or delays involving hardware, software or power systems not within Party's possession or reasonable control, and network intrusions.
In addition:
"Committed Amount" means a number of minutes equal to the Total Service minutes multiplied by 99.9%.
2. Remedy
Should MobiWeb fails to meet the availability service level specified in Section 1, above, Company will be entitled to request a sufficient resolution of the unavailability of MobiWeb's Network.
3. Hotline and Help Desk
Each Party may contact other party's Help Desk via email or telephone for Faults as defined in Annex 3 and Table A.
4. Priority levels
Faults reported by each Party will be allocated a priority level in accordance with the severity of the problem:
- A priority one (P1) problem consists of a Fault which renders the whole or a critical portion of the Service unavailable. This applies to total outage of the Party's Network or rejection of more than 20% of incoming Messages from the Other Party.
- A priority two (P2) problem consists of a Fault causing acute operational problems creating significant business impact (e.g. considerable service restriction like the rejection of less than 20% but more than 5% of incoming Messages from the Party).
- A priority three (P3) problem consists of a Fault which causes non-acute operational problem (e.g. delays in sending the Messages to the Party).
- A priority four (P4) problem consists of any other type of Faults.
For purposes of this Annex, "Fault" shall mean nonconformity of the Service with the Availability targets or other operational problems which result in a failure of the Service.
5. Fault Response
One Party shall inform the other Party concerning any reproducible Fault reported, to prepare an action plan and to fix any reproducible Fault within the following estimated time frames:
Stage/Priority | P1 | P2 | P3 | P4 |
---|---|---|---|---|
Initial response time | 1 hour | 2 hours | 24 hours | 48 hours |
Target Restoration (work around) | 2 hours | 5 hours | 2 working days | 3 working days |
Target Resolution | 24 hours | 2 working days | 3 working days | 4 working days |
"Initial Response Time" means the target time of Party to notify of a Fault once it becomes known to the other Party or to respond to One Party’s notification to the other Party of a Fault.
"Target Restoration" means the target time to find a temporary workaround for the reported Fault. A temporary workaround is a solution which substantially restores regular Service, although some non-material problems may persist.
6. Notifications
Parties shall ensure the relevant departments are informed as the data on Appendix 3.
7. General Terms
7A SMS Messaging: MobiWeb will terminate messages to mobile terminals as fast as commercially possible as soon as the handsets of such users are ready to receive the messages. However, due to factors beyond its control, Each Party does not guarantee minimum latency on submitting the messages to the destination operator nor final delivery to the mobile terminal. If messages sent by a Party cannot be delivered to the intended users they will be stored for a maximum of 24 hours after which time they may be deleted.
7B HLR Lookup: MobiWeb will execute HLR Lookup requests to the SS7/GSM network as fast as commercially possible. However, due to factors beyond its control, MobiWeb does not guarantee minimum latency on submitting the requests to the HLR database nor the accuracy of the results returned.
7C Customer Support Services: Any service interruption/breakdown in One Party’s connectivity to the other Party’s SMSC shall be reported immediately by phone or email to enable the Other Party to take reasonable steps to assist and co-operate with the Party, wherever possible, in restoring such technical faults. Technical breakdowns will be analyzed jointly by Parties. Parties will be responsible only for elements that are in its direct control and will try to solve the problem and restore service as quickly as possible.
7D Support. Each Party shall provide the other Party with full support via email, messenger, and telephone. Each Party shall respond to all email requests within twelve (12) hours while most of requests will be resolved within less than thirty (30) minutes.
7E Network Reach. Parties maintain at all times a current list of mobile operators being covered. Parties reserve the right to alter the list adding or deleting operators, as appropriate. While Parties will cover as many mobile operators as commercially practicable, Parties does not undertake, represent or warrant that any particular mobile operator will continue to be reachable by each Party’s Service at any time in the future. The current list of mobile operators is available for assessment on request.
Annex 2 - Quotation of Service
Company has negotiated the pricelist of the Service and the pricelist is deemed to be satisfactory for the destinations of interest.
1. SMS DELIVERY SERVICE
The prices for SMS messaging delivery to different regions/countries are provided separately by email.
Prices can be downloaded by the designated control panel already communicated to Company.
Price List Provided Separately
2. HLR LOOKUP SERVICE
The standard prices for HLR Lookup requests are provided separately by email.
Prices can be downloaded by the designated control panel already communicated to Company.
Price List Provided Separately
Annex 3 - Contact Details
MOBIWEB LIMITED | |
---|---|
MobiWeb's Address: | 111, How Ming Street, Futura Plaza, Room 2103, Kwun Tong, |
Telephone Number for Customer Support | +44 203 318 3618 |
E-mail for Customer Support Requests: | support@solutions4mobiles.com |
CLIENT DATA PROCESSING AGREEMENT
This Data Processing Agreement for the Data Protection (the “Agreement”) of Data Processed is made and entered into on 27th April 2021 ("Effective Date") between:
1) MOBIWEB LIMITED, a company incorporated under the laws of Hong Kong, having its registered offices at 111, How Ming Street, Futura Plaza, Room 2103, Kwun Tong, Hong Kong, under Registration Number: 1920854, ("MobiWeb"), duly represented by the signee,
and;
2) you ("You", "Your", "Customer", "The company" or "Company" duly represented by you.
The Data Processing Agreement consists of (i) this document and (ii) the following Annexes:
- Annex 1 - Details of Processing of Company Personal Data
- Annex 2 - Standard Contractual Clauses
WHEREAS:
- The Effective Date shall be the date on which this Agreement is signed by the Company and MobiWeb.
- The Parties have entered into a services agreement, the "Wholesale SMS and Voice Messaging Agreement" (hereinafter "Main Agreement".
- Due to the Main Agreement, MobiWeb will process Personal Data for the Company, for the purpose of the conveyance of SMS messages and Voice messages, on behalf of the Company, as defined in the Main Agreement.
- Under EU regulation 2016/679 "GDPR", depending on the role of the Company, MobiWeb will act accordingly:
- When the Company is the Data Controller, MobiWeb will be the Data Processor of the Company.
- The Company is the Data Controller that controls Personal Data, collecting consent, managing consent-revoking, enabling right to access to Data Subjects.
- MobiWeb is the Data Processor, that processes Personal Data on behalf of and under the instruction of the Company (Data Controller) and MobiWeb transfers Personal Data to a Sub-Processor for the purpose of provision of the Services as set forth in the Main Agreement.
- When the Company is the Data Processor or the Data Sub-Processor, MobiWeb will be the Data Sub-Processor of the Company.
- The Company is the Data Processor that processes Personal Data on behalf of and under the instruction of the Data Controller or is the Data Sub-Processor that processes Personal Data on behalf of and under the instruction of the Data Processor that processes Personal Data on behalf of the Data Controller.
- MobiWeb is the Data Sub-Processor, that processes Personal Data on behalf of and under the instruction of the Company and MobiWeb transfers Personal Data to a Sub-Processor for the purpose of provision of the Services as set forth in the Main Agreement.
- When the Company is the Data Controller, MobiWeb will be the Data Processor of the Company.
NOW THEREFORE, THE PARTIES HEREBY AGREE AS FOLLOWS:
ARTICLE 1 - DEFINITIONS
Words and phrases used in this Agreement have the following meanings:
Agreement: The present Data Processing Agreement and all Annexes hereto.
Main Agreement: The Master Agreement.
GDPR: The EU General Data Protection Regulation (EU) 2016/679 is a regulation in EU law on data protection and privacy for all individuals within the European Union. It replaces the prior Data Protection Directive (95/46/EC) of 1995.
Data Controller: The natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of Personal Data; where the purposes and means of such processing are determined by Union or Member State law, the Data Controller or the specific criteria for its nomination may be provided for by Union or Member State law. Furthermore, Data Controller controls Personal Data, collecting consent, managing consent-revoking, enabling right to access to Data Subjects.
Data Processor: The natural or legal person, public authority, agency or other body which processes Personal Data on behalf of the Data Controller. Furthermore, Data Processor processes Personal Data on behalf of and under the instruction of the Data Controller.
Data Sub-Processor: A Processor engaged by the Data Processor, for the purpose of carrying out specific processing activities on behalf of the Data Controller.
Data Protection Law(s): the local and international data regulation(s) and legislation(s) that are in force in any part of the world.
Data Subject(s): An identifiable natural person, one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
EEA: The European Economic Area.
Personal Data Breach: A breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, personal data transmitted, stored or otherwise processed.
Service(s): The conveyance of SMS messages and Voice messages, provisioned by MobiWeb to the Company, as defined in the Main Agreement.
Personal Data: Any information relating to a Data Subject.
Data Processing: Any operation or set of operations which is performed on Personal Data or on sets of Personal Data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
Processing Instructions: The instruction(s) as set forth by the Data Controller to the Data Processor, for Data Processing of Personal Data of Data Subjects, for the purpose of Data Processor, provisioning Services to the Data Controller.
Data Provider: The Company, a controller (or, where permitted, a processor) that transfers personal data to MobiWeb for the provisioning of Services to the Company.
ARTICLE 2 - SUBJECT
2.1 This Agreement forms part of the Master Agreement between MobiWeb and Company for the purpose of MobiWeb provisioning Services to the Company to reflect the Parties' agreement with regard to the Data Processing of Personal Data.
2.2 By signing the Agreement, Company enters into this Agreement on behalf of itself and, to the extent required under applicable Data Protection Laws and GDPR, if and to the extent MobiWeb processes Personal Data that the Company provides and therefore qualifies as a Data Provider (Data Controller, Data Processor or Data Sub-Processor).
2.3 In the course of providing the Services to the Company pursuant to the Agreement, MobiWeb may Process Personal Data on behalf of the Company and the Parties agree to comply with the following provisions with respect to any Personal Data, each acting reasonably and in good faith.
ARTICLE 3 - PERSONAL DATA PROCESSING
3.1 MobiWeb shall process Personal Data provided by the Company on behalf and in accordance to the written instructions of the Company, unless required otherwise by applicable Laws.
3.2 Company shall, in its use of the Services provisioned by MobiWeb, Process Personal Data in accordance with the requirements of Data Protection Laws and GDPR. For the avoidance of doubt, Company's instructions for the Processing of Personal Data shall comply with Data Protection Laws and GDPR. Company shall have sole responsibility for the accuracy, quality, legitimacy and legality of Personal Data Processing and the means by which Company acquired Personal Data.
3.3 The subject-matter of Personal Data Processing by MobiWeb is the provision and performance of the Services pursuant to the Agreement and Master Agreement. The purpose of the Processing, the types of Personal Data and categories of Data Subjects Processed under this Agreement are further specified in Annex 1 of this Agreement.
3.4 The Company hereby instructs MobiWeb to carry out part of the Processing.
3.5 In the event that MobiWeb believes that the Company's instructions conflict with Data Protection Laws and GDPR, MobiWeb will inform the Company and the company will amend the instructions accordingly. MobiWeb will not carry any processing instructions that conflict with GDPR and any Data Protection Laws.
ARTICLE 4 - PERSONNEL
4.1 MobiWeb shall ensure that its personnel engaged in the Processing of Personal Data are informed of the confidential nature of the Personal Data, have received appropriate training on their responsibilities and have executed written confidentiality agreements. MobiWeb shall ensure that such confidentiality obligations survive the termination of the personnel engagement and the Agreement.
4.2 MobiWeb shall take commercially reasonable steps to ensure the reliability of any MobiWeb personnel engaged in the Processing of Personal Data.
4.3 MobiWeb shall ensure that MobiWeb's access to Personal Data is limited to those personnel who require such access to perform the Agreement.
4.4 MobiWeb's Data Protection Team may be reached at dataprotection@solutions4mobiles.com or +442035198570.
ARTICLE 5 - OBLIGATIONS
5.1 MobiWeb shall assist the Company in providing retrieval access, correction, delete and block to Personal Data processed to Data Subjects and Authorities, allowing Data Subjects to exercise their rights under GDPR and Data Protection Laws.
5.2 MobiWeb shall assist the Company in meeting its GDPR obligations in relation to the security of Processing, the notification of Personal Data Breaches and data protection impact assessments.
5.3 MobiWeb shall inform the Company immediately upon becoming aware of requests received directly by Data Subjects and Authorities.
5.4 MobiWeb shall provide information and data to the Company, to assist the Company in meeting its GDPR obligations.
5.5 MobiWeb shall delete or return all Personal Data to the Company as requested at the end of the Agreement, unless required for the performance of Services or required by applicable Laws and Regulations.
5.6 MobiWeb shall process Personal Data only to provide Company with the Services as described in the Master Agreement.
5.7 MobiWeb shall provide at all times sufficient guarantees for its compliance with the requirements of the GDPR.
5.8 MobiWeb shall treat the Personal Data as strictly confidential, ensuring personnel authorised access and secure processing.
5.9 MobiWeb shall ensure data availability and restoration functionality to the Company.
ARTICLE 6 - AUDIT AND COMPLIANCE
6.1 MobiWeb shall cooperate with Authorities in accordance with GDPR requirements.
6.2 MobiWeb shall inform the Company immediately upon becoming aware of requests received by Authorities.
6.3 MobiWeb shall allow for and shall contribute to audits and inspections conducted by a Company appointed auditor. Subject to reasonable prior notice from Company to MobiWeb, the appointed auditor may enter the rooms or locations where the personal data is processed by MobiWeb and inspect, audit any relevant records, processes and systems, and copy any relevant Personal Data records to verify compliance with GDPR and Data Protection Laws.
6.4 Company agrees to pay any and all costs of the full audit processes that are initiated by the Company and audit processes initiated by Authorities due to services provisioned by MobiWeb to the Company, including costs of involved third-parties (auditors, data centres, etc.) and MobiWeb (personnel compensation, traveling expenses, etc.).
6.5 Company agrees that MobiWeb shall combine several audits in one single audit, in order to limit any impact on MobiWeb and third-parties' operations.
6.6 MobiWeb shall fully cooperate and make available to Company on its demand all information that is necessary to demonstrate compliance with the GDPR obligations and obligations under this Agreement.
ARTICLE 7 - SECURITY AND DATA PROTECTION
7.1 MobiWeb shall take appropriate organizational and technical measures and policies to ensure security of Personal Data Processing and meet sufficient guarantees of protection and security standards, including measures aimed at protecting Personal Data against accidental or unlawful destruction or accidental loss, alteration, unauthorised disclosure or access, in particular where the Processing involves the transmission of Personal Data over a network, and against all unlawful forms of Processing.
ARTICLE 8 - PERSONAL DATA BREACH
8.1 MobiWeb maintains security incident management policies and procedures and shall notify Company without undue delay after becoming aware of the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to Company Data, including Personal Data, transmitted, stored or otherwise Processed by MobiWeb or its Sub-Processors of which MobiWeb becomes aware. MobiWeb shall make reasonable endeavours to identify the cause of such Personal Data Breach Incident and take those steps as MobiWeb deems necessary and reasonable in order to remediate the cause of such an Incident to the extent the remediation is within MobiWeb's reasonable control. The obligations herein shall not apply to incidents that are caused by Company, Company's Systems (Software and Hardware) or Company's Personnel.
ARTICLE 9 - SUB-PROCESSORS
9.1 Company agrees that MobiWeb shall use Sub-Processors for the provision and performance of the Services pursuant to the Agreement and Master Agreement. MobiWeb shall ensure that Sub-Processors involved in the Processing of Personal Data shall be capable of providing necessary operational and technical level to comply with the requirements of GDPR and Data Protection Laws.
9.2 MobiWeb shall inform the Company of any intended changes concerning the addition or replacement of other Sub-Processors, thereby giving the Company the opportunity to consent or object to such changes through written material or electronic form. MobiWeb shall not execute changes without the written consent of the Company.
9.3 The Company will fully indemnify and hold MobiWeb harmless against all direct and indirect losses, claims, damages, fees and expenses incurred as a result of delays in Company's consent to Sub-Processor changes proposed by MobiWeb.
ARTICLE 10 - LIABILITY AND INDEMNITY
10.1 The Company shall indemnify and hold MobiWeb harmless against claims by Data Controllers, Data Processors, Data Sub-Processors, Data Subjects and/or penalties or fines imposed by an authority for which MobiWeb might become liable, due to an attributable failure by the Company to comply with the obligations under this Agreement and/or applicable Data Protection Laws.
10.2 MobiWeb shall indemnify and hold the Company harmless against claims by Data Controllers, Data Processors, Data Sub-Processors, Data Subjects and/or penalties or fines imposed by an authority for which the Company might become liable, due to an attributable failure by MobiWeb to comply with the obligations under this Agreement and/or applicable Data Protection Laws.
10.3 Company agrees to be held liable against all expenses, losses, costs and damages arising due to an attributable failure by the Company to comply with the obligations under this Agreement and/or applicable Data Protection Laws.
10.4 The Company shall have full and sole liability for all damages resulting from a failure on its part to comply with the Agreement, GDPR and Data Protection Laws. Company shall indemnify and hold MobiWeb harmless against all expenses, losses, costs and damages arising therefrom. Should any person to whom personal data relates lodge a claim for compensation against MobiWeb and such claim is due to the Company's failure to comply with the provisions of this Agreement, GDPR or Data Protection Laws, the Company agrees to assist and intervene in MobiWeb's defence upon MobiWeb's request and shall indemnify and hold MobiWeb harmless from and against all expenses, losses, costs and damages.
10.5 Any limitations of liability agreed elsewhere shall not apply to this Agreement.
ARTICLE 11 - APPLICABLE LAW AND JURISDICTION
11.1 This Agreement shall be governed by the laws of Switzerland and any dispute concerning the implementation or interpretation of this Agreement that cannot be settled amicably between the parties shall be submitted to a federal or state court of law having jurisdiction in Geneva, Switzerland.
ARTICLE 12 - DURATION
12.1 This Agreement will enter into effect on the Effective Date and will remain effective regardless termination of the Agreement. Upon the Company's request, MobiWeb shall return or destroy the Personal Data, unless required for the performance of Services or required by applicable Laws and Regulations. If MobiWeb is required to retain Personal Data, MobiWeb shall inform the company and both Parties agree to cooperate towards the best possible solution for both Parties. If the Master agreement is terminated, this Data Processing Agreement will expire automatically.
ARTICLE 13 - AFTER DATA PROCESSING TERMINATION
13.1 MobiWeb shall guarantee the confidentiality of the Personal Data transferred and will not Process the Personal Data of the Company after the termination of the Agreement.
13.2 MobiWeb agrees to allow and to contribute to audits and inspections, subject to Article 6 of this Agreement.
ARTICLE 14 - ORDER OF PRECEDENCE
14.1 In the event of a conflict between the provisions of this Agreement and those of the Master Agreement in respect of the Processing and Protection of Data, the provisions of this Agreement will prevail. Except as expressly modified herein, all terms and conditions of the Agreement shall remain in full force and effect.
ANNEX 1: DETAILS OF PROCESSING OF COMPANY PERSONAL DATA
This Annex 1 includes certain details of the Processing of Company Personal Data as required by Article 28(3) GDPR.
SUBJECT OF THE PROCESSING OF COMPANY PERSONAL DATA
The subject matter of the Processing of the Company Personal Data are set out in the Master Agreement and this Agreement.
THE NATURE AND PURPOSE
The Processor Processes the Personal Data made available to it by the Controller for the sole purpose of the implementation of the contractual relationship for the provision of the Service, in particular
- The on boarding and maintenance of the Controller as a customer of the Processor.
- The ongoing communication with the Controller throughout the contractual relationship with regards to existing business as well as future opportunities.
- The conduct of billing/charging processes on behalf of the Controller with respect to messages that were sent to recipients.
- Including but not limited to, for the purposes of sending SMS for the purpose of delivering One-Time PINs, Marketing, Notifications, Surveys, Security, Support, Consultancy, Operations etc.
DATA SUBJECT AND PERSONAL DATA
The following Data Subject and Personal Data categories are Processed by the Processor during the contractual relationship:
- Data Subject: Controller's officers and employees.
Personal Data: Details and other data of natural persons in the Customer's company usually used in business relations including, but not limited to, first name, surname, academic degree, date of birth, address, phone and fax number, e-mail address, job title, signing rights, etc. - Data Subject: Recipients who received messages from the Controller.
Personal Data: Such information necessary for delivering messages to recipients of the Controller, such as the MSISDN of the recipient, IMSI, Location data, Access codes, Full name, Financial information, Contact information, Address, Phone number, E-mail address, Communications metadata, Content (such as message body, sender, voice and video media, images, sound) etc.
PROCESSING DURATION AND DATA RETENTION
The Processor shall retain and such Personal Data provided to it by the Controller only for as long as the relevant data set is required for the fulfilment of the contractual relationship for the provision of the Service, or to comply with legal/regulatory (in particular commercial and fiscal) or contractual (e.g. with Operators) obligations applicable to the Processor and its business, whichever is the longer. Depending on the purpose for which the relevant Personal Data set was provided, the relevant data retention periods will vary. After the lapse of the applicable period, the relevant Personal Data provided will be automatically erased, unless the deletion is practically not possible due to technical limitations, in which case the Personal Data will be blocked from further use.
ANNEX 2 - STANDARD CONTRACTUAL CLAUSES
If applicable according to Article 5.6 of the Data Processing Agreement ("DP Agreement") by agreeing to this contract, the Processor is entering into EU Standard Contractual Clauses with Controller as set out in this Annex 2.
For the purposes of Article 26(2) of Directive 95/46/EC for the transfer of personal data to processors established in third countries.
HAVE AGREED on the following Contractual Clauses (the Clauses) in order to adduce adequate safeguards with respect to the protection of privacy and fundamental rights and freedoms of individuals for the transfer by the data exporter to the data importer of the personal data specified in Annex 1.
AGREE that references in the Clauses to Directive 95/46/EC shall be replaced by reference to the corresponding sections in the General Data Protection Regulation (EU) 2017/679 (GDPR) at the time the GDPR will become applicable and Directive 95/46/EC will be repealed.
CLAUSE 1 DEFINITIONS
For the purposes of the Clauses:
- 'personal data', 'special categories of data', 'process/processing', 'controller', 'processor', 'data subject' and 'supervisory authority' shall have the same meaning as in Directive 95/46/EC of the European Parliament and of the Council of 24 October 1995 on the protection of individuals with regard to the processing of personal data and on the free movement of such data ( 1 );
- 'the data exporter' means the controller who transfers the personal data;
- 'the data importer' means the processor who agrees to receive from the data exporter personal data intended for processing on his behalf after the transfer in accordance with his instructions and the terms of the Clauses and who is not subject to a third country's system ensuring adequate protection within the meaning of Article 25(1) of Directive 95/46/EC;
- 'the sub-processor' means any processor engaged by the data importer or by any other sub-processor of the data importer who agrees to receive from the data importer or from any other sub-processor of the data importer personal data exclusively intended for processing activities to be carried out on behalf of the data exporter after the transfer in accordance with his instructions, the terms of the Clauses and the terms of the written subcontract;
- 'the applicable data protection law' means the legislation protecting the fundamental rights and freedoms of individuals and, in particular, their right to privacy with respect to the processing of personal data applicable to a data controller in the Member State in which the data exporter is established;
- 'technical and organisational security measures' means those measures aimed at protecting personal data against accidental or unlawful destruction or accidental loss, alteration, unauthorised disclosure or access, in particular where the processing involves the transmission of data over a network, and against all other unlawful forms of processing.
CLAUSE 2 DETAILS OF THE TRANSFER
The details of the transfer and in particular the special categories of personal data where applicable are specified in Annex 1 which forms an integral part of the Clauses.
CLAUSE 3 THIRD-PARTY BENEFICIARY CLAUSE
- The data subject can enforce against the data exporter this Clause, Clause 4(b) to (i), Clause 5(a) to (e), and (g) to (j), Clause 6(1) and (2), Clause 7, Clause 8(2), and Clauses 9 to 12 as third-party beneficiary.
- The data subject can enforce against the data importer this Clause, Clause 5(a) to (e) and (g), Clause 6, Clause 7, Clause 8(2), and Clauses 9 to 12, in cases where the data exporter has factually disappeared or has ceased to exist in law unless any successor entity has assumed the entire legal obligations of the data exporter by contract or by operation of law, as a result of which it takes on the rights and obligations of the data exporter, in which case the data subject can enforce them against such entity.
- The data subject can enforce against the sub-processor this Clause, Clause 5(a) to (e) and (g), Clause 6, Clause 7, Clause 8(2), and Clauses 9 to 12, in cases where both the data exporter and the data importer have factually disappeared or ceased to exist in law or have become insolvent, unless any successor entity has assumed the entire legal obligations of the data exporter by contract or by operation of law as a result of which it takes on the rights and obligations of the data exporter, in which case the data subject can enforce them against such entity. Such third-party liability of the sub-processor shall be limited to its own processing operations under the Clauses.
- The parties do not object to a data subject being represented by an association or other body if the data subject so expressly wishes and if permitted by national law.
CLAUSE 4 OBLIGATIONS OF THE DATA EXPORTERS
The data exporter agrees and warrants:
- that the processing, including the transfer itself, of the personal data has been and will continue to be carried out in accordance with the relevant provisions of the applicable data protection law (and, where applicable, has been notified to the relevant authorities of the Member State where the data exporter is established) and does not violate the relevant provisions of that State;
- that it has instructed and throughout the duration of the personal data-processing services will instruct the data importer to process the personal data transferred only on the data exporter's behalf and in accordance with the applicable data protection law and the Clauses;
- that the data importer will provide sufficient guarantees in respect of the technical and organisational security measures specified in the DP Agreement;
- that after assessment of the requirements of the applicable data protection law, the security measures are appropriate to protect personal data against accidental or unlawful destruction or accidental loss, alteration, unauthorised disclosure or access, in particular where the processing involves the transmission of data over a network, and against all other unlawful forms of processing, and that these measures ensure a level of security appropriate to the risks presented by the processing and the nature of the data to be protected having regard to the state of the art and the cost of their implementation;
- that it will ensure compliance with the security measures;
- that, if the transfer involves special categories of data, the data subject has been informed or will be informed before, or as soon as possible after, the transfer that its data could be transmitted to a third country not providing adequate protection within the meaning of Directive 95/46/EC;
- to forward any notification received from the data importer or any sub-processor pursuant to Clause 5(b) and Clause 8(3) to the data protection supervisory authority if the data exporter decides to continue the transfer or to lift the suspension;
- to make available to the data subjects upon request a copy of the Clauses and a summary description of the security measures, as well as a copy of any contract for sub-processing services which has to be made in accordance with the Clauses, unless the Clauses or the contract contain commercial information, in which case it may remove such commercial information;
- that, in the event of sub-processing, the processing activity is carried out in accordance with Clause 11 by a sub-processor providing at least the same level of protection for the personal data and the rights of data subject as the data importer under the Clauses; and
- that it will ensure compliance with Clause 4(a) to (i).
CLAUSE 5 OBLIGATIONS OF THE DATA IMPORTER
The data importer agrees and warrants:
- to process the personal data only on behalf of the data exporter and in compliance with its instructions and the Clauses; if it cannot provide such compliance for whatever reasons, it agrees to inform promptly the data exporter of its inability to comply, in which case the data exporter is entitled to suspend the transfer of data and/or terminate the contract;
- that it has no reason to believe that the legislation applicable to it prevents it from fulfilling the instructions received from the data exporter and its obligations under the contract and that in the event of a change in this legislation which is likely to have a substantial adverse effect on the warranties and obligations provided by the Clauses, it will promptly notify the change to the data exporter as soon as it is aware, in which case the data exporter is entitled to suspend the transfer of data and/or terminate the contract;
- that it has implemented the technical and organisational security measures specified in DP Agreement before processing the personal data transferred;
- that it will promptly notify the data exporter about:
- any legally binding request for disclosure of the personal data by a law enforcement authority unless otherwise prohibited, such as a prohibition under criminal law to preserve the confidentiality of a law enforcement investigation;
- any accidental or unauthorised access; and
- any request received directly from the data subjects without responding to that request, unless it has been otherwise authorised to do so;
- to deal promptly and properly with all inquiries from the data exporter relating to its processing of the personal data subject to the transfer and to abide by the advice of the supervisory authority with regard to the processing of the data transferred;
- at the request of the data exporter to submit its data-processing facilities for audit of the processing activities covered by the Clauses which shall be carried out by the data exporter or an inspection body composed of independent members and in possession of the required professional qualifications bound by a duty of confidentiality, selected by the data exporter, where applicable, in agreement with the supervisory authority;
- to make available to the data subject upon request a copy of the Clauses, or any existing contract for sub-processing, unless the Clauses or contract contain commercial information, in which case it may remove such commercial information, in which case shall be replaced by a summary description of the security measures in those cases where the data subject is unable to obtain a copy from the data exporter;
- that, in the event of sub-processing, it has previously informed the data exporter and obtained its prior written consent;
- that the processing services by the sub-processor will be carried out in accordance with Clause 11;
- to send promptly a copy of any sub-processor agreement it concludes under the Clauses to the data exporter.
CLAUSE 6 LIABILITY
- The parties agree that any data subject, who has suffered damage as a result of any breach of the obligations referred to in Clause 3 or in Clause 11 by any party or sub-processor is entitled to receive compensation from the data exporter for the damage suffered.
- If a data subject is not able to bring a claim for compensation in accordance with paragraph 1 against the data exporter, arising out of a breach by the data importer or his sub-processor of any of their obligations referred to in Clause 3 or in Clause 11, because the data exporter has factually disappeared or ceased to exist in law or has become insolvent, the data importer agrees that the data subject may issue a claim against the data importer as if it were the data exporter, unless any successor entity has assumed the entire legal obligations of the data exporter by contract of by operation of law, in which case the data subject can enforce its rights against such entity. The data importer may not rely on a breach by a sub-processor of its obligations in order to avoid its own liabilities.
- If a data subject is not able to bring a claim against the data exporter or the data importer referred to in paragraphs 1 and 2, arising out of a breach by the sub-processor of any of their obligations referred to in Clause 3 or in Clause 11 because both the data exporter and the data importer have factually disappeared or ceased to exist in law or have become insolvent, the sub-processor agrees that the data subject may issue a claim against the data sub-processor with regard to its own processing operations under the Clauses as if it were the data exporter or the data importer, unless any successor entity has assumed the entire legal obligations of the data exporter or data importer by contract or by operation of law, in which case the data subject can enforce its rights against such entity. The liability of the sub-processor shall be limited to its own processing operations under the Clauses.
CLAUSE 7 MEDIATION AND JURISDICTION
- The data importer agrees that if the data subject invokes against it third-party beneficiary rights and/or claims compensation for damages under the Clauses, the data importer will accept the decision of the data subject:
- to refer the dispute to mediation, by an independent person or, where applicable, by the supervisory authority;
- to refer the dispute to the courts in the Member State in which the data exporter is established.
- The parties agree that the choice made by the data subject will not prejudice its substantive or procedural rights to seek remedies in accordance with other provisions of national or international law.
CLAUSE 8 COOPERATION WITH SUPERVISORY AUTHORITIESS
- The data exporter agrees to deposit a copy of this contract with the supervisory authority if it so requests or if such deposit is required under the applicable data protection law.
- The parties agree that the supervisory authority has the right to conduct an audit of the data importer, and of any sub-processor, which has the same scope and is subject to the same conditions as would apply to an audit of the data exporter under the applicable data protection law.
- The data importer shall promptly inform the data exporter about the existence of legislation applicable to it or any sub-processor preventing the conduct of an audit of the data importer, or any sub-processor, pursuant to paragraph 2. In such a case the data exporter shall be entitled to take the measures foreseen in Clause 5(b).
CLAUSE 9 GOVERNING LAW
The Clauses shall be governed by the law of the Member State in which the data exporter is established.
CLAUSE 10 VARIATION OF THE CONTRACT
The parties undertake not to vary or modify the Clauses. This does not preclude the parties from adding clauses on business related issues where required as long as they do not contradict the Clause.
CLAUSE 11 SUB-PROCESSING
- The data importer shall not subcontract any of its processing operations performed on behalf of the data exporter under the Clauses without the prior written consent of the data exporter. Where the data importer subcontracts its obligations under the Clauses, with the consent of the data exporter, it shall do so only by way of a written agreement with the sub-processor which imposes the same obligations on the sub-processor as are imposed on the data importer under the Clauses. Where the sub-processor fails to fulfil its data protection obligations under such written agreement the data importer shall remain fully liable to the data exporter for the performance of the sub-processor's obligations under such agreement.
- The prior written contract between the data importer and the sub-processor shall also provide for a third-party beneficiary clause as laid down in Clause 3 for cases where the data subject is not able to bring the claim for compensation referred to in paragraph 1 of Clause 6 against the data exporter or the data importer because they have factually disappeared or have ceased to exist in law or have become insolvent and no successor entity has assumed the entire legal obligations of the data exporter or data importer by contract or by operation of law. Such third-party liability of the sub-processor shall be limited to its own processing operations under the Clauses.
- The provisions relating to data protection aspects for sub-processing of the contract referred to in paragraph 1 shall be governed by the law of the Member State in which the data exporter is established.
- The data exporter shall keep a list of sub-processing agreements concluded under the Clauses and notified by the data importer pursuant to Clause 5(j), which shall be updated at least once a year. The list shall be available to the data exporter's data protection supervisory authority.
CLAUSE 12 OBLIGATION AFTER THE TERMINATION OF DATA-PROCESSING SERVICES
- The parties agree that on the termination of the provision of data-processing services, the data importer and the sub-processor shall, at the choice of the data exporter, return all the personal data transferred and the copies thereof to the data exporter or shall destroy all the personal data and certify to the data exporter that it has done so, unless legislation imposed upon the data importer prevents it from returning or destroying all or part of the personal data transferred. In that case, the data importer warrants that it will guarantee the confidentiality of the personal data transferred and will not actively process the personal data transferred anymore.
- The data importer and the sub-processor warrant that upon request of the data exporter and/or of the supervisory authority, it will submit its data-processing facilities for an audit of the measures referred to in paragraph 1.
You can read more about our Data Security Policy here.
You can read our Privacy Policy here.
More Information
If you are still looking for more information then you can contact us through one of the following contact methods:
For information inquiries about terms of service please contact us at support@solutions4mobiles.com.
For information inquiries about Privacy Policy located here or our Data Security Policy here, please contact us at dataprotection@solutions4mobiles.com.