Terms and conditions

Last Updated: 01 July 2024

BACKGROUND AND PURPOSE

DataSnipper, B.V. (“DataSnipper”) is a leading Intelligent Automation Platform in Excel. Automatically extract, cross-reference and validate source documents of any audit and finance procedure. Organizations use DataSnipper to:

• Multiply your efforts, while staying in control. A purpose-built automation platform to eliminate repetitive tasks at scale, while embracing new challenges and demands in the fast-changing audit and finance industry.
• Instantly extract, cross-reference and document the source of any audit finance procedure directly in Excel. Easy to share and review. Connecting the dots in one workspace drives collaboration across your organization.
• Standardize your audit and finance procedures in Excel to boost productivity and reduce risk. Implement a “common language” with a single source of truth across people, teams, and functions to increase the quality of your work.

US and Canada Customers

These Terms and Conditions (“Terms”) govern the supply and use of the Services and/or Professional Services between DataSnipper Inc., a Delaware corporation located in New York, New York, USA and Customer. All agreements between DataSnipper and Customer are subject to these Terms.  DataSnipper and Customer may be referred to herein collectively as the “Parties” or individually as a “Party”.

All other Customers

These Terms govern the supply and use of the Services and/or Professional Services between DataSnipper B.V., with a registered office in Amsterdam, the Netherlands, listed with the Commercial Register of the Chamber of Commerce under file reference number 69343861), and Customer. All agreements between DataSnipper B.V. and Customer are subject to these Terms.

Other terms are defined in other Sections of these Terms or in the relevant policies or annexes.

2. INCORPORDATED DOCUMENTS.  These Terms consist of the following documents, some listed as Annexes, others as hyper-links, which are hereby incorporated by reference: (i) Each executed Order Form; and (ii) Data Processing Agreement.

3. APPLICABILITY OF THE TERMS. Unless expressly agreed to otherwise in writing between the Parties, all offers, pilot programs, Order Forms, contracts, or agreements related to the Services shall be governed by these Terms. By using the Services, Customer agrees to be bound by these Terms. These Terms shall always take precedence over any terms and conditions of Customer, which shall not be enforceable against DataSnipper. No other terms and conditions shall be binding on DataSnipper unless accepted by it in writing. DataSnipper expressly rejects any general terms and conditions used by Customer. Customer may issue a purchase order for administrative purposes only. Additional or different terms and conditions contained in any such purchase order will be null and void and shall not bind DataSnipper.  If Customer does not accept these Terms or does not have authority to access the Services, Customer shall not access the Services or immediately discontinue any such use and access.  All transactions between DataSnipper and Customer are governed in order of priority by: (i) Order Form; (ii) Data Processing Agreement; (iii) these Terms; and (iv) any other annexes or appendices to these Terms.  If there is ever a conflict between any of the above, the terms of the agreement with the higher priority shall prevail.

4. ACCESS TO THE SERVICES

• 4.1. Pilot Program Period.  Based upon mutual agreement between the Parties, Customer may have the right to access and use the Services during a trial period (the “Pilot Program Period”). Customer expressly agrees that its access and use of the Services during the Pilot Program Period shall be governed by these Terms, including Section 16 (Limitations of Liability).    
• 4.2.  Right of Access and Use of Services. Subject to and conditioned on Customer’s payment of Fees and compliance with all of these Terms, DataSnipper hereby grants to the Customer, a worldwide, non-exclusive, non-transferable, non-sublicensable right to access and use the Services during the Subscription Term in accordance with the Customer’s Order Form and Scope of Use. The Services may be used solely by Customer. This means that use by any Third-Party, including any Affiliate of Customer, is strictly prohibited unless otherwise agreed to between the Parties.  For the avoidance of doubt, Customer shall be responsible and liable for all use and access of the Services by Users and must ensure their compliance with these Terms and DataSnipper’s policies.
• 4.3.  Right of Access and Use of Documentation.  Subject to the terms and conditions contained in these Terms, DataSnipper hereby grants to Customer a non-exclusive, non-sublicensable, non-transferable right to access and use the Documentation during the Subscription Term solely for Customer's internal business purposes in connection with its use of the Services.
• 4.4.  Use Restrictions. Customer shall not use the Services for any purposes beyond the scope of the access granted under these Terms or the relevant Order Form. Customer shall not at any time, directly or indirectly, and shall not permit any DataSnipper User to: (i) copy, modify, or create derivative works of the Services, in whole or in part; (ii) rent, lease, lend, sell, license, sublicense, assign, distribute, publish, transfer, or otherwise make available the Services; (iii) reverse engineer, disassemble, decompile, decode, adapt, or otherwise attempt to derive or gain access to any software component of the Services, in whole or in part; (iv) remove any proprietary notices from the Services; or (v) use the Services in any manner or for any purpose that infringes, misappropriates, or otherwise violates any intellectual property right or other right of any person, or that violates any applicable law.
• 4.5.  Developments.  Customer acknowledges that the DataSnipper Software constantly develops and evolves over time. DataSnipper may, at its option, make updates, such as bug fixes, modifications or improvements to the DataSnipper Software from time to time. Updates to the DataSnipper Software can be found on the DataSnipper website (currently available at https://datasnipper.canny.io/changelog). DataSnipper will provide informational updates about major changes to the DataSnipper Software through in-product chat. If DataSnipper makes updates such as bug fixes, modifications or improvements available to the Customer, the Customer is and remains responsible for installing such updates. DataSnipper may also make new applications, features, or functionalities for the DataSnipper Software available from time to time, the use of which may be contingent upon the Customer's agreement to additional terms.
• 4.6.  Reservation of Rights. DataSnipper reserves all rights not expressly granted to Customer in these Terms. Except for the limited rights and licenses expressly granted under these Terms, nothing in these Terms grants, by implication, waiver, estoppel, or otherwise, to Customer or any third party any intellectual property rights or other right, title, or interest in or to the DataSnipper IP.  
• 4.7. Suspension.  Notwithstanding anything to the contrary in these Terms, DataSnipper may temporarily suspend Customer’s and any DataSnipper User’s access to any portion or all of the Services if: (i) DataSnipper reasonably determines that (A) there is a threat or attack on any of the DataSnipper IP; (B) Customer, or any DataSnipper User, is using the DataSnipper IP for fraudulent or illegal activities; (C) subject to applicable law, Customer has ceased to continue its business in the ordinary course, made an assignment for the benefit of creditors or similar disposition of its assets, or become the subject of any bankruptcy, reorganization, liquidation, dissolution, or similar proceeding; or (D) DataSnipper’s provision of the Services to Customer or any DataSnipper User is prohibited by applicable law; or (ii) in accordance with Section 10.1.4 (iii) or 10.1.5 (any such suspension described in subclause (i), or (ii) a “Service Suspension”). DataSnipper shall use commercially reasonable efforts to provide written notice of any Service Suspension to Customer and to provide updates regarding resumption of access to the Services following any Service Suspension. DataSnipper shall use commercially reasonable efforts to resume providing access to the Services as soon as reasonably possible after the event giving rise to the Service Suspension is cured. DataSnipper will have no liability for any damage, liabilities, losses (including any loss of data or profits), or any other consequences that Customer or any DataSnipper User may incur as a result of a Service Suspension.
• 4.8.  Aggregated Statistics.  Notwithstanding anything to the contrary in these Terms, DataSnipper may monitor Customer’s use of the Services and collect and compile Aggregated Statistics. As between DataSnipper and Customer, all right, title, and interest in Aggregated Statistics, and all intellectual property rights therein, belong to and are retained solely by DataSnipper. Customer acknowledges that DataSnipper may compile Aggregated Statistics. Customer agrees that DataSnipper may (i) make Aggregated Statistics publicly available in compliance with applicable law, and (ii) use Aggregated Statistics to the extent and in the manner permitted under applicable law; provided that such Aggregated Statistics do not identify Customer or Customer’s Confidential Information. For the avoidance of doubt, DataSnipper IP includes Aggregated Statistics, but does not include Customer Data.

5. CUSTOMER OBLIGATIONS

• 5.1.  Customer Responsibilities.  Customer is responsible and liable for all uses of the Services resulting from access provided by Customer, directly or indirectly, whether such access or use is permitted by or in violation of these Terms. Without limiting the generality of the foregoing, Customer is responsible for all acts and omissions of DataSnipper Users, and any act or omission by an DataSnipper User that would constitute a breach of these Terms. Customer shall use reasonable efforts to make all DataSnipper Users aware of these Terms as applicable to such DataSnipper User’s use of the Services, and shall cause DataSnipper Users to comply with such provisions.
• 5.2.  Account Registration. Customer and DataSnipper Users must provide accurate and complete information as requested by DataSnipper for the purpose of setting up an account and providing the Services, and keep this information up to date. Failure to do so may result in incorrect output of the Services for which DataSnipper cannot be held responsible or liable. If DataSnipper reasonably suspects that certain information is not correct or outdated resulting in incorrect output of the Services, DataSnipper will notify Customer in writing, and Parties will reasonably discuss correction of the information as soon as possible. If Parties cannot agree about correction of information resulting in incorrect output of the Services, as determined by DataSnipper, each party may terminate the applicable Subscription as set forth in Section 11.3.2 hereunder. In such case termination will be the sole remedy and neither Party will be liable for damages of the other Party.  
• 5.3.  Obtaining Consents. Customer will obtain and maintain on behalf of DataSnipper all required consents from Users and Customer’s clients that are necessary for DataSnipper to provide the Services, including access and monitoring of User Data and other data.
• 5.4.  DataSnipper Software License Overage. For all DataSnipper products, DataSnipper Users will be assessed on a quarterly basis (each January, April, July, and October) based on number of Installations. Following the quarterly review, DataSnipper will notify Customer in case of any identified Overage and Customer shall have thirty (30) days after receipt of such notification to reduce and resolve the Overage. If the Overage has not been resolved during this 30-day period, DataSnipper shall – in addition to the agreed Fees - charge the Overage Fees to Customer. Both Parties will monitor the number of Installations and report any use in excess of the Licensed Installations Amount. Overage Fees accrue from the date the Overage first occurs. Overage fees will be calculated based on the actual number of Installations and per unit price as specified on the Order Form. Overage fees will be invoiced on a quarterly basis, in arrears.
• 5.5.  Customer Affiliates. Where Affiliates of Customer purchase subscriptions to the Services from DataSnipper (or an affiliate of DataSnipper) by executing an Order Form that references these Terms, such a subscription shall be deemed to form a separate agreement. For clarification: (i) Customer or Customer’s Affiliates have no rights under the agreements of other Customer Affiliates; and (ii) breach or termination by Customer or DataSnipper of any separate agreement shall not be a breach or termination under any other agreement between DataSnipper and another Customer.

6. PERSONAL DATA AND DATA PROTECTION. The Parties agree and acknowledge that they shall abide by all applicable laws relating to the collection and processing of personal data and personal information in connection with the Services. Customer agrees to indemnify and hold harmless DataSnipper against any claims of third parties relating to or arising out of the collection or processing of personal data or personal information. Customer agrees and acknowledges that by using the Services that it has read and accepted: (i) DataSnipper’s applicable DPA, as included in Annex 1, and (ii) has read DataSnipper’s privacy policy (available at: available here, which policy may be amended by DataSnipper from time to time.

7. SUPPORT AND PROFESSIONAL SERVICES

• 7.1. Support Services. DataSnipper makes available web-based support through the knowledge base (available at www.knowledge.datasnipper.com) and also email support (available at support@datasnipper.com). Additional Support Services may be available to Customer upon payment of applicable fees, as specified in Customer’s Order Form or the DataSnipper applicable price list. Any Support Services are subject to these Terms and DataSnipper’s applicable support policies. DataSnipper may also provide onboarding, implementation, and other services under these Terms. The scope, pricing, and terms of these Professional Services shall be specified in an Order Form (or any exhibit attached to the Order Form) or any other document referencing these Terms. During the Subscription Term, Customer may use, for its internal business purposes, anything delivered as part of the additional services to support its authorized use of the Services, subject to the restrictions in Section 4.4. DataSnipper’s ability to deliver additional services will depend on Customer’s reasonable and timely cooperation and the accuracy and completeness of any information from Customer needed to deliver the additional services.
• 7.2.  Delivery or Completion Periods.  In cases where DataSnipper provides Professional Services, the delivery times and dates are merely estimates and DataSnipper cannot be held liable for any damages as a result of delay in delivery of such Professional Services.  Unless otherwise agreed in writing, failure to meet delivery times or delivery dates stated shall never be considered fatal, and if the time for delivery is exceeded, Customer shall not be entitled to cancel or terminate a Subscription, or to claim any damages.  The delivery or completion periods have been established based on the expectation that there will be no obstacles for DataSnipper to perform the Professional Services or to undertake the work.
• 7.3.  Inability to Perform. If DataSnipper is unable to timely perform its obligations when providing Professional Services, DataSnipper will promptly notify the Customer of any delay and the expected period of time necessary to perform.  

8. SUBSCRIPTION TERM

• 8.1.  Subscription Term. Unless otherwise specified on the Order Form, the Subscription Term shall be two (2) years, which shall begin on the Subscription Start Date.
• 8.2.  Automatic renewal. Unless otherwise specified on the Order Form, the Subscription Term shall automatically renew for additional terms, each of which shall be of equal duration to the initial term, unless either Party gives written notice of termination to the other Party at least thirty (30) days prior to the expiration of the then-current Subscription Term.
• 8.3.  Cancellation or Termination. Customer may not cancel or earlier terminate a Subscription Term except as provided in Section 11.3.
• 8.4.  Subscription Start Date. If the Subscription Start Date is not specified in the applicable Order Form, the initial Subscription Term shall commence on the date that the Customer executes the Order Form.
• 8.5.  Written Notice. Customer must give written notice to DataSnipper via email to invoicing@datasnipper.com. Only notices of termination sent to the submitted invoicing email address or written acceptance of termination from a DataSnipper employee shall be deemed valid termination notices. DataSnipper may give written notice to Customer via email to either Customer’s billing email address or to the administrator of the DataSnipper account.

9. FEES

• 9.1. Prices and Payment Schedule.  Customer is billed according to the package, fees, and payment schedule provided in the Order Form. Customer shall pay DataSnipper the fees (“Fees”) as provided in the Order Form.
• 9.2. Taxes. All Fees are exclusive of all taxes. If DataSnipper is obligated to collect or pay taxes, the taxes will be invoiced to Customer, unless Customer provides DataSnipper with a valid tax exemption certificate authorized by the appropriate tax authority. Customer is responsible for all sales, use, and excise taxes, and any other similar taxes, duties, and charges of any kind imposed by any federal, state, or local governmental or regulatory authority on any amounts payable by Customer hereunder, other than any taxes imposed on DataSnipper’s income. If Customer is required by law to withhold any taxes from its payments to DataSnipper, Customer must provide DataSnipper with an official tax receipt or other appropriate documentation to support such payments. Any applicable taxes shall be added to Customer’s invoice.
• 9.3. Additional Services and Installations. If Customer wishes to add additional features, Add-Ons, or increase the Licensed Installations Amount in excess of the applicable Order Form, DataSnipper may charge additional Fees. These Fees will be agreed between DataSnipper and Customer and prorated to the end of the Subscription Term.
• 9.4. Price Changes. Apart from any agreed annual automatic adjustments applicable to an ongoing Subscription Term, DataSnipper shall have the sole discretion to adjust the Fees for the Services. Such price or Fee changes shall take effect upon the commencement of a new Subscription Term or a renewal term. DataSnipper shall notify Customer about any such adjustment forty-five (45) days before the adjustments become effective.
• 9.5. Inflation Increases.
• 9.5.1.  US and Canada.  Notwithstanding clause 9.4, at every 12 month intervals during a Subscription Term, the amount of any items under this Contract (including any applicable license fees) shall be adjusted in accordance with the United States Consumer Price Index (CPI) for all Urban Consumers (Professional Services) (1982-1984=100). The adjusted price of an item is calculated according to the following formula: the adjusted price is equal to the current price of the item on the date the price is adjusted, multiplied by the index figure of the calendar month that is four calendar months prior to the calendar month in which the price is adjusted, and divided by the index figure of the calendar month that is sixteen calendar months prior to the calendar month in which the price is adjusted. The price shall not be adjusted if the adjustment would lead to a lower price than the most recently valid figure.
• 9.5.2.  Rest of the World. Notwithstanding clause 9.4, at every 12 month intervals during a Subscription Term, the amount of any items under this Contract (including any applicable license fees) shall be adjusted in accordance with the Dutch Consumer Price Index (CPI) all households series (2015=100), published by Statistics Netherlands (CBS). The adjusted price of an item is calculated according to the following formula: the adjusted price is equal to the current price of the item on the date the price is adjusted, multiplied by the index figure of the calendar month that is four calendar months prior to the calendar month in which the price is adjusted, and divided by the index figure of the calendar month that is sixteen calendar months prior to the calendar month in which the price is adjusted. The price shall not be adjusted if the adjustment would lead to a lower price than the most recently valid figure.

10. PAYMENT

• 10.1. Invoice based payments. The following terms are applicable if the Customer agrees to pay for the Services by Invoice:  
• 10.1.1. Payment Method. DataSnipper’s invoices are payable to DataSnipper’s designated bank account through bank or wire transfer by the due date indicated on the Order Form or as provided in the issued invoice to Customer. The message of the payment shall include the applicable invoice number or the reference number of the invoice.
• 10.1.2. Standard Invoicing Schedule. Unless otherwise specified on the Order Form, the applicable Fees shall be invoiced for a 12-month period at the beginning of the Subscription Term. If the Subscription Term exceeds 12 months Customer shall be invoiced yearly in advance unless specified on the Order Form. Other Services (e.g., the Invoice Extraction feature) shall be invoiced in accordance with the applicable Order Form.
• 10.1.3. Invoicing Method.  Invoices shall be sent to the billing address provided by Customer. The preferred invoicing method shall be electronic invoicing via email (as pdf) or e-invoice where available. DataSnipper has the right to add a reasonable invoicing fee for traditional paper invoices sent via traditional mail.
• 10.1.4. Payment Term and Late Payments. Unless expressly agreed otherwise, Customer shall pay all invoices within thirty (30) days as provided in the invoice. If Customer fails to make any payment when due, without limiting DataSnipper’s other rights and remedies: (i) DataSnipper may charge interest on the past due amount at the rate of 1.5% per month calculated daily and compounded monthly or, if lower, the highest rate permitted under applicable law; (ii) Customer shall reimburse DataSnipper for all costs incurred by DataSnipper in collecting any late payments or interest, including attorneys' fees, court costs, and collection agency fees; and (iii) if such failure continues for thirty (30) days or more, DataSnipper may suspend Customer’s and its DataSnipper Users' access to any portion or all of the Services until such amounts are paid in full.
• 10.1.5. Invoicing Information. Customer shall provide DataSnipper with all necessary information to process each invoice, including a valid billing address. The failure by Customer to provide such information does not waive its obligation to timely pay the invoice.
• 10.2. Card based payments. The following terms are applicable if the Customer agrees to pay for the Services by Card; by Paying for the Services by card, Customer authorizes DataSnipper to automatically charge the fees for the Services on the first day of Customers’ Subscription Term, ‘Subscription Start Date’. Subsequent charges will be either on monthly or annual basis after the Subscription Start date, as specified on the order form. The first charge on the Subscription start date or any subsequent monthly or annual billing cycle is the ‘Card billing date’. If a charge is not successful on any Card billing date, for instance due to insufficient funds or incorrect card details, we will make other attempts to charge the fee on the card for the next seven (7) days. In case the final charge attempt after 7 days of the Card billing date is not successful, DataSnipper may suspend Customer’s and its DataSnipper Users' access to any portion or all of the Services until such amounts are paid in full.
• 10.3. Records. Customer agrees to maintain complete and accurate records in accordance with generally accepted accounting principles during the Subscription Term and for a period of five years after the termination or expiration of a Subscription with respect to matters necessary for accurately determining amounts due hereunder. DataSnipper may, at its own expense, on reasonable prior notice, periodically inspect and audit Customer's records with respect to matters covered by these Terms, provided that if such inspection and audit reveals that Customer has underpaid DataSnipper with respect to any amounts due and payable during the Subscription Term, Customer shall promptly pay the amounts necessary to rectify such underpayment, together with interest in accordance with Section 10.1.4. Customer shall pay for the costs of the audit if the audit determines that Customer's underpayment equals or exceeds 40% for any quarter. Such inspection and auditing rights will extend throughout the Subscription Term and for a period of five years after the termination or expiration of a Subscription.

11. TERMINATION

• 11.1. Termination. Either Party may terminate a subscription upon thirty (30) days’ advance written notice to the other Party prior to the expiration of a Subscription Term. If the termination notice is submitted later than this 30-day period prior to the end of the Subscription Term, the subscription shall renew as provided in Section 8.1 and the termination shall commence at the end of the renewed Subscription Term.
• 11.2. Termination Notice. Customer shall submit the termination notice via email currently at (invoicing@datasnipper.com). Only notices of termination sent to the submitted invoicing email address or written acceptance of termination from a DataSnipper employee shall be deemed valid termination notices.
• 11.3. Termination for Cause  
• 11.3.1.  DataSnipper may terminate an Order or Subscription, effective on written notice to Customer, if Customer: (A) has either two (2) unpaid invoices or at least one (1) unpaid invoice past due a minimum of 60 days after DataSnipper’s delivery of written notice thereof; or (B) breaches any of its obligations under Section 4.4 or Section 12.  
• 11.3.2.  Either Party may terminate an Order or Subscription, effective on written notice to the other Party, if the other Party materially breaches these Terms and such breach: (A) is incapable of cure; or (B) being capable of cure, remains uncured for 60 days after the non-breaching Party provides the breaching Party with written notice of such breach.
• 11.3.3.  Either Party may terminate an Order or Subscription, effective immediately upon written notice to the other Party, if the other Party: (A) becomes insolvent or is generally unable to pay, or fails to pay, its debts as they become due; (B) files or has filed against it, a petition for voluntary or involuntary bankruptcy or otherwise becomes subject, voluntarily or involuntarily, to any proceeding under any domestic or foreign bankruptcy or insolvency law; (C) makes or seeks to make a general assignment for the benefit of its creditors; or (D) applies for or has appointed a receiver, trustee, custodian, or similar agent appointed by order of any court of competent jurisdiction to take charge of or sell any material portion of its property or business.
• 11.4. Obligations upon Termination. Upon expiration or earlier termination of a Subscription, Customer shall immediately discontinue use of the DataSnipper IP and, without limiting Customer's obligations under Section 12, Customer shall delete, destroy, or return all copies of the DataSnipper IP and certify in writing to the DataSnipper that the DataSnipper IP has been deleted or destroyed. No expiration or termination will affect Customer's obligation to pay all Fees that may have become due before such expiration or termination or entitle Customer to any refund.  The Customer’s right to access and use the DataSnipper Software shall be set to view only access, which means that Customer will only have access to view Customer Data.
• 11.5. Surviving Terms. This Section 11.5 and Sections 12, 13, 15, 16, 17, and 18 of these Terms shall survive expiration or earlier termination of any subscription and shall continue in full force and effect.

12. CONFIDENTIALITY

• 12.1. Confidentiality Obligation. From time to time during the Subscription Term, either Party may disclose or make available to the other Party Confidential Information. Such Confidential Information includes information about its business affairs, products, confidential intellectual property, trade secrets, third-party confidential information, and other sensitive or proprietary information, whether orally or in written, electronic, or other form or media, and whether or not marked, designated, or otherwise identified as "confidential". The receiving Party shall not disclose the disclosing Party's Confidential Information to any person or entity, except to the receiving Party's Affiliates, employees, agents, contractors, or subcontractors, who have a need to know the Confidential Information for the receiving Party to exercise its rights or perform its obligations hereunder; provided that the receiving Party remains responsible for any recipient’s compliance with the terms of this Section 12 and that such recipients are bound to confidentiality obligations no less protective than those set forth herein. Notwithstanding the foregoing, each Party may disclose Confidential Information to the limited extent required (i) in order to comply with the order of a court or other governmental body, or as otherwise necessary to comply with applicable law, provided that the Party making the disclosure pursuant to the order shall first have given written notice to the other Party and made a reasonable effort to obtain a protective order; or (ii) to establish a Party’s rights under these Terms, including to make required court filings. On the expiration or termination of a Subscription Term, the receiving Party shall promptly return to the disclosing Party all copies, whether in written, electronic, or other form or media, of the disclosing Party's Confidential Information, or destroy all such copies and certify in writing to the disclosing Party that such Confidential Information has been destroyed. Each Party's obligations of non-disclosure with regard to Confidential Information are effective as of date these Terms become effective and will expire two years from the date first disclosed to the receiving Party; provided, however, with respect to any Confidential Information that constitutes a trade secret (as determined under applicable law), such obligations of non-disclosure will survive the termination or expiration of a Subscription Term for as long as such Confidential Information remains subject to trade secret protection under applicable law.
• 12.2. Equitable Relief. The Parties acknowledge that disclosing Confidential Information may cause substantial harm for which damages alone may be an insufficient remedy and breach of this Section 12, shall entitle each Party to seek equitable relief in addition to any other remedies at law.

13. INTELLECTUAL PROPERTY

• 13.1. DataSnipper IP. Customer acknowledges that, as between Customer and DataSnipper, DataSnipper and/or its licensors own all right, title, and interest, including all intellectual property rights, in and to the DataSnipper IP, including DataSnipper Technology.
• 13.2. Customer Data. DataSnipper acknowledges that, as between DataSnipper and Customer, Customer owns all right, title, and interest, including all intellectual property rights, in and to the Customer Data. Customer hereby grants to DataSnipper a non-exclusive, royalty-free, worldwide license to reproduce, distribute, and otherwise use and display the Customer Data and perform all acts with respect to the Customer Data as may be necessary for DataSnipper to provide the Services to Customer.

14. DATASNIPPER TECHNOLOGY

• 14.1. Subscription Basis. The Services are provided in the form of a local application service subscription. Customer acknowledges that it is obtaining only a limited right to use and access the DataSnipper Software and that no ownership rights are transferred to Customer under these Terms. Customer agrees that DataSnipper (or its suppliers) retain all rights, title and interest (including all Intellectual Property Rights) in and to all DataSnipper Technology and that DataSnipper reserves all rights not specifically granted under these Terms. Customer further acknowledges and agrees that it has no right to obtain a copy of the DataSnipper Software.
• 14.2. Feedback. If Customer elects to provide any suggestions, comments, improvements, information, ideas or other feedback or related materials to DataSnipper (collectively, “Feedback”), Customer hereby grants DataSnipper a worldwide, perpetual, non-revocable, sublicensable, royalty-free right and license to use, copy, disclose, license, distribute, and exploit any Feedback in any format and in any manner in its sole discretion and without any obligation, payment, or restriction based on Intellectual Property Rights or otherwise. DataSnipper will not identify Customer as the source of the Feedback. Nothing in these Terms limits DataSnipper’s right to independently use, develop, evaluate, or market products, that incorporate Feedback.

15. INDEMNIFICATION

• 15.1. DataSnipper Indemnification. DataSnipper agrees to defend and indemnify Customer from and against any and all losses, damages, liabilities, costs (including reasonable attorneys’ fees) (“Losses”) incurred by Customer resulting from any third-party claim, suit, action, or proceeding (“Third-Party Claim”) that the Services, or any use of the Services in accordance with these Terms, infringes or misappropriates such third party’s US patents, copyrights, or trade secrets, provided that Customer promptly notifies DataSnipper in writing of the claim, cooperates with DataSnipper, and allows DataSnipper sole authority to control the defense and settlement of such claim.  In response to a Third-Party Claim, if required by settlement or injunction, or if DataSnipper determines such actions are reasonably necessary to avoid liability, DataSnipper may at its in sole discretion: (i) obtain the right for Customer to continue use the affected part or portion of the Services; (ii) modify the Services or component or part thereof, to make it non-infringing; or (iii) terminate the Order Form for the affected Services and refund any subscription fees Customer has pre-paid for the terminated portion of the applicable Subscription Term. Notwithstanding the above, DataSnipper’s obligations under this Section 15.1 do not apply to the extent such infringement arises or results from: (i) Third-Party Products or combinations with such products; (ii) modification of the Services by a party other than DataSnipper or its subcontractors; or (iii) use of the Services other than in accordance with the then-most current release. DataSnipper’s obligations under this Section 15.1 shall also not apply if the Services are used in breach of these Terms, including Customer’s failure to abide by its obligations relating to Customer Data.
• 15.2. Customer Indemnification.  Customer shall indemnify, hold harmless, and, defend DataSnipper from and against any Losses resulting from any Third-Party Claim that the Customer Data, or any use of the Customer Data in accordance with these Terms, infringes or misappropriates such third party's intellectual property rights and any Third-Party Claims based on Customer's or any DataSnipper User's (i) negligence or willful misconduct; (ii) use of the Services in a manner not authorized by these Terms or the DataSnipper user policies, if any; (iii) use of the Services in combination with data, software, or technology not provided by DataSnipper or authorized by DataSnipper in writing; or (iv) modifications to the Services not made by DataSnipper, provided that Customer may not settle any Third-Party Claim against DataSnipper unless DataSnipper consents to such settlement, and further provided that DataSnipper will have the right, at its option, to defend itself against any such Third-Party Claim or to participate in the defense thereof by counsel of its own choice.
• 15.3 Conditions for Indemnification. Each Party’s defense and indemnification obligations are subject to the indemnifying Party receiving: (i) prompt written notice of the claim; (ii) the exclusive right to control and direct the investigation, defense, and settlement of the claim; and (iii) all reasonable necessary cooperation of the indemnified Party at the indemnifying Party’s expense (as to reasonable out-of-pocket costs). The indemnifying Party must not settle any claim without the indemnified Party’s prior written consent if the settlement would require the indemnified Party to admit fault, pay amounts that the indemnifying Party must pay under this Section 15 (Indemnification), or take or refrain from taking any action (other than with respect to the Services or features). The indemnified Party may participate in a claim through counsel of its own choosing at its own expense.
• 15.4. Sole remedy. THIS SECTION STATES THE SOLE AND EXCLUSIVE REMEDY OF CUSTOMER AND THE ENTIRE LIABILITY OF DATASNIPPER, OR ANY OF ITS SUPPLIERS, OFFICERS, DIRECTORS, EMPLOYEES, SHAREHOLDERS, CONTRACTORS, OR REPRESENTATIVES, WITH RESPECT TO ANY ACTUAL, THREATENED, OR ALLEGED CLAIMS THAT THE SERVICES INFRINGE, MISAPPROPRIATE, OR OTHERWISE VIOLATE ANY INTELLECTUAL PROPERTY OF ANY THIRD PARTY.

16. LIMITATIONS OF LIABILITY

• 16.1. IN NO EVENT WILL EITHER PARTY OR ITS SUPPLIERS BE LIABLE FOR ANY LOSS OF USE, LOST, INACCURATE, OR CORRUPTED DATA, INTERRUPTION OF BUSINESS, OR ANY LOSS OF INCOME, BUSINESS, SALES OR PROFITS (WHETHER ACTUAL OR ANTICIPATED), COSTS OF DELAY, REPUTATIONAL HARM, THIRD-PARTY CLAIMS, OR ANY INDIRECT, SPECIAL, INCIDENTAL, PUNITIVE, OR CONSEQUENTIAL DAMAGES OF ANY KIND HOWEVER CAUSED, EVEN IF INFORMED IN ADVANCE OF THE POSSIBILITY OF SUCH DAMAGES.
• 16.2. DATASNIPPER WILL NOT BE RESPONSIBLE OR LIABLE IN ANY MANNER FOR ANY THIRD-PARTY PRODUCTS, THIRD-PARTY CONTENT, OR NON-DATASNIPPER SERVICES (INCLUDING FOR ANY DELAYS, INTERRUPTIONS, TRANSMISSION ERRORS, SECURITY FAILURES, AND OTHER PROBLEMS CAUSED BY SUCH ISSUES) OR FOR THE USE BY CUSTOMER OF RESULTS GENERATED WITH DATASNIPPER TECHNOLOGY AND DECISIONS OR ACTIONS TAKEN (OR NOT TAKEN) BY THE CUSTOMER BASED UPON DATASNIPPER TECHNOLOGY.
• 16.3. NOTWITHSTANDING ANYTHING ELSE IN THESE TERMS TO THE CONTRARY, DATASNIPPER’S AGGREGATE LIABILITY FOR ALL CLAIMS OF ANY KIND SHALL NOT EXCEED THE TOTAL PAID BY CUSTOMER FOR THE SERVICES DURING THE TWELVE (12) MONTHS PRECEDING THE DATE ON WHICH THE DAMAGING EVENT OCCURRED. IF NO PAYMENT OBLIGATION WAS INCURRED, DATASNIPPER’S TOTAL AGGREGATE LIABILITY SHALL NOT EXCEED US$ 50. SPECIFICALLY IN CONNECTION WITH PROFESSIONAL SERVICES, DATASNIPPER’S TOTAL AGGREGATE LIABLITY SHALLY NOT EXCEED THE FEES LISTED FOR SUCH SERVICES IN THE ORDER.
• 16.4. THE LIABILITY LIMITATIONS IN THIS SECTION 16, DO NOT APPLY TO: (i) THE INDEMNITY OBLIGATIONS UNDER SECTION 15; AND (ii) CUSTOMER’S PAYMENT OBLIGATIONS AS EXPRESSLY PROVIDED IN THESE TERMS.
• 16.5. DATASNIPPER SHALL NEVER BE LIABLE FOR DAMAGES OR LOSS OF ANY NATURE WHATSOEVER CAUSED BY HACKING BY THIRD PARTIES OR VIRUS, MALWARE, OR SIMILAR ISSUES, PROVIDED THAT DATASNIPPER HAS TAKEN ALL REASONABLE SECURITY MEASURES CUSTOMARY IN THE INDUSTRY.
• 16.6. IN CASE THE APPLICABLE LAW PROHIBITS SOME OF THE LIMITATIONS OF LIABILITY IN THIS SECTION 16, THIS SECTION 16 WILL APPLY TO THE MAXIMUM EXTENT PERMITTED BY LAW.
• 16.7. THE LIMITATIONS OF LIABILITY REFERRED TO IN THIS SECTION 16 DO NOT APPLY IF THE DAMAGE OR LOSS IS THE RESULT OF FRAUD, WILFUL MISCONDUCT, OR GROSS NEGLIGENCE COMMITTED BY EITHER PARTY.

17. WARRANTY

• 17.1. Warranty. During a Subscription Term, DataSnipper warrants, for the Customer’s benefit only, that the Services shall perform materially in accordance with the applicable Documentation. Customer explicitly acknowledges and DataSnipper does not warrant that results generated using the DataSnipper Software will be error-free. Results generated by the DataSnipper Software such as, but not limited to, snips, extractions, or calculations may contain errors due to poor or insufficient quality of source documents or software errors. Customer remains responsible for checking any results generated using the DataSnipper Software and DataSnipper shall never be liable for incorrect results or the use thereof by Customer. Any warranty regarding the performance of the Services will cease to exist if the Customer does not install or properly install updates such as bug fixes, modifications or improvements as made available by DataSnipper to the Customer.
• 17.2. Claims and Remedies. Customer must notify DataSnipper in writing within thirty (30) days of discovery of a breach of warranty as set forth in Section 17.1 and include a description of the breach. If DataSnipper receives a valid warranty claim within this 30-day period, it will use commercially reasonable efforts in its discretion to repair the affected portion of the Services or reperform the applicable Services. If DataSnipper determines this remedy is not commercially reasonable, either Party may terminate the applicable Order Form with prompt written notice. Upon termination due to a warranty claim under this Section 17, Customer will receive a refund of the applicable Fees it has pre-paid for the terminated portion of the applicable Subscription Term. THIS REMEDY WILL BE THE CUSTOMER’S SOLE AND EXCLUSIVE REMEDY (AND DATASNIPPER’S SOLE LIABILITY) FOR ANY CUSTOMER CLAIM THAT IS BASED ON THE WARRANTY AS SET FORTH IN SECTION 17.1. The warranty as set forth in Section 17.1 does not cover and DataSnipper will not be responsible for: (i) any errors or malfunctioning of a view access license (as referenced in Section 11.4), which is always provided “as is”, on the date of termination of a subscription and will not be updated, improved or maintained by DataSnipper; (ii) errors in or resulting from Third-Party Products or Third-Party Content;  (iii) Customer’s misuse or failure to follow the Documentation;  or (iv) any errors or malfunctioning of free or pilot versions of the Services.  
• 17.3. WARRANTY DISCLAIMER. EXCEPT FOR THE WARRANTY AS SET FORTH IN CLAUSE 17.1, ALL DATASNIPPER TECHNOLOGY AND RELATED SERVICES ARE PROVIDED “AS IS” AND ON AN “AS AVAILABLE” BASIS. NEITHER DATASNIPPER NOR ITS SUPPLIERS MAKE ANY OTHER WARRANTIES, EXPRESS OR IMPLIED, STATUTORY OR OTHERWISE, INCLUDING BUT NOT LIMITED TO WARRANTIES OF MERCHANTABILITY, TITLE, FITNESS FOR A PARTICULAR PURPOSE, THAT CUSTOMER DATA IS PRESERVED WITHOUT LOSS OR THAT DATASNIPPER TECHNOLOGY WILL BE TIMELY, UNINTERRUPTED, OR ERROR-FREE.

18. GENERAL TERMS

• 18.1. Notice. Any notice or communication pursuant to these Terms must be in writing. Customer must send any notices under these Terms (including breach notices and indemnity claims) to DataSnipper, in English, at the following address, support@datasnipper.com, and include “Attn. Legal Department” in the subject line. DataSnipper may send notices to the email addresses on Customer’s account or, at DataSnipper’s option, to Customer’s last-known postal address. DataSnipper may also provide operational notices regarding the Services or other business-related notices through clear and conspicuous notices on DataSnipper’s website or the Services. Each Party consents to receiving electronic notices. DataSnipper is not responsible for any automatic filtering Customer or its network provider may apply to email notification.
• 18.2. Assignment. These Terms will bind and inure to the benefit of each Party’s permitted successors and assigns. Customer is not permitted to assign, delegate or otherwise transfer the Order Form, subscription, or any rights arising under these Terms, except in connection with a merger, acquisition, or other transfer of all or substantially all of Customer’s assets or voting securities. Any attempted transfer or assignment except as expressly authorized under this Section 18.2 will be void.
• 18.3. Publicity. Unless otherwise specified in the applicable Order Form, DataSnipper may use Customer’s name, logo, and trade marks to identify Customer as a customer of DataSnipper and a user of the Services on DataSnipper’s website and in other marketing materials.
• 18.4. Subcontractors. DataSnipper may use subcontractors and permit them to exercise the rights granted to DataSnipper in order to provide the Services and related services under these Terms or Order Form. These subcontractors may include, for example, DataSnipper’s hosting provider. However, subject to these Terms, DataSnipper shall remain responsible for: (i) compliance of its subcontractors with these Terms; and (ii) overall performance of the Services if and as required under these Terms.
• 18.5. Independent Contractors.  The Parties shall be deemed independent contractors. Nothing contained in these Terms or any agreement between the Parties shall be read or construed so as to constitute the relationship of principal and agent or of partnership between the Parties. Neither of the Parties may pledge or purport to pledge the credit of the other Party or make or purport to make any representations, warranties, or undertakings for the other Party, without the other Party’s express written consent.
• 18.6. Force Majeure. In no event will either Party be liable or responsible to the other Party, or be deemed to have defaulted under or breached these Terms, for any failure or delay in fulfilling or performing any term hereunder, (except for any obligations to make payments), when and to the extent such failure or delay is caused by any circumstances beyond such party's reasonable control (a "Force Majeure Event"), including (i) acts of God; (ii) flood, fire, earthquake, epidemics, or explosion; (iii) war, invasion, hostilities (whether war is declared or not), terrorist threats or acts, riot or other civil unrest; (iv) government order, law, or actions; (v) embargoes or blockades in effect on or after these Terms become effective; (vi) national or regional emergency; (vii) strikes, labor stoppages or slowdowns, or other industrial disturbances; (viii) shortage of adequate power or transportation facilities; and (ix) bankruptcy or delays on the part of suppliers or subcontractors and failure by the Customer to provide DataSnipper with the correct and complete information necessary to properly provide the Services. If a Force Majeure Event occurs either Party may temporarily suspend the performance of its obligations under these Terms.  Either Party may terminate an Order Form or subscription if a Force Majeure Event affecting the other Party continues substantially uninterrupted for a period of 90 days or more.  In the event of any failure or delay caused by a Force Majeure Event, the affected Party shall give prompt written notice to the other Party stating the period of time the occurrence is expected to continue and use commercially reasonable efforts to end the failure or delay and minimize the effects of such Force Majeure Event. Customer shall pay all Fees incurred for the Services that have already been performed by DataSnipper prior to suspension and/or termination of an Order Form or subscription due to a Force Majeure Event.
• 18.7. Export.  The Customer shall be responsible for obtaining any required export or import authorizations or permits to use the Services.
• 18.8. Amendments. Any modification or amendment to these Terms must be made in writing and executed by an authorized representative of each Party. If, during a Subscription Term, DataSnipper modifies service terms relevant to specific Services purchased under an Order Form, DataSnipper will provide notice thereof to Customer and the modified terms shall take effect upon Customer’s next renewal. If DataSnipper launches new products or optional features that require opt-in acceptance of new terms, those terms will apply upon Customer’s acceptance or use. If Customer accepts new Order Forms or an Order Form changes due to a modification, such changes will take effect immediately. However, during a Subscription Term, DataSnipper may update DataSnipper’s policies and Documentation from time to time to reflect process improvements or practice changes, provided such changes do not substantially diminish Customer’s rights or create substantial additional Customer obligations during a Subscription Term.  Such changes will take effect immediately upon the date of notice or posting on DataSnipper’s website.
• 18.9. No Waiver.  The failure to exercise, or delay in exercising, a right, power or remedy provided by an agreement or these Terms or by law shall not constitute a waiver of that right, power or remedy.  If DataSnipper waives a breach of any provision of these Terms or an agreement, this shall not operate as a waiver of a subsequent breach or that provision or as a waiver of a breach of any other provision.
• 18.10. Severability. If any provision of these Terms or any other agreement between the Parties is held to be null, void, or otherwise ineffective or invalid by a court of competent jurisdiction or an arbitral tribunal, (i) such provision shall be deemed to be restated to reflect as nearly as possible the original meaning of these Terms or agreement in accordance with applicable law, and (ii) the remaining terms, provisions, covenants and restrictions shall remain in full force and effect.
• 18.11. No Beneficiaries.  These Terms, any agreement, or any Order Form between the Parties are for the sole benefit of the Parties thereto and, except as otherwise contemplated therein, nothing therein expressed or implied shall give or be construed to give any person, other than the Parties thereto, any legal or equitable rights thereunder.
• 18.12. Entire Agreement. These Terms represent the complete and exclusive understanding between the Parties relating to its subject matter. It supersedes all prior or contemporaneous oral or written communications, proposals, and representations with respect to the DataSnipper Technology or any other subject matter covered by these Terms. Any terms provided by Customer (including as part of any purchase order or other business form used by Customer) are for administrative purposes only and have no legal effect.
• 18.13. Governing Law, Dispute Resolution, and Region-Specific Terms.
• 18.13.1. USA and Canada. If DataSnipper Inc. is the party contracting with Customer under these Terms or an Order Form:
• 18.13.1.1. Unless stated otherwise in writing, any and all agreements between the Parties, including these Terms, Order Form, or any annexes and appendices, shall be governed by and construed in accordance with the laws of the State of New York, notwithstanding conflict of law principles, and without giving effect to the United Nations Convention on the Contracts for the International Sale of Goods.  The Parties agree that any and all disputes, claims, or controversies arising out of or relating to these Terms or an agreement shall be submitted to JAMS, or its successor, for mediation, and if the matter is not resolved through mediation, then it shall be submitted to JAMS, or its successor, for final and binding arbitration. Any dispute, controversy or claim arising out of or relating to these Terms or an agreement, or the breach, termination, enforcement, interpretation or validity thereof, including the determination of the scope or applicability of this agreement to arbitrate, will be referred to and finally determined by arbitration in accordance with the JAMS Comprehensive Arbitration Rules and Procedures. The seat of the arbitration will be New York, New York. The arbitration shall be administered for a single arbitrator. The language to be used in the arbitral proceeding will be English. Judgment upon the award rendered by the arbitrator may be entered by any court having jurisdiction thereof. ANY CAUSE OF ACTION AGAINST DATASNIPPER, REGARDLESS WHETHER IN CONTRACT, TORT OR OTHERWISE, MUST COMMENCE WITHIN ONE (1) YEAR AFTER THE CAUSE OF ACTION ACCRUES. OTHERWISE, SUCH CAUSE OF ACTION IS PERMANENTLY BARRED.
• 18.13.2. Rest of the World.  If DataSnipper B.V. is the party contracting with Customer under these Terms or Order Form:
• 18.13.2.1. Unless stated otherwise in writing, any and all agreements between the Parties, including these Terms, Order Form, or any annexes and appendices, shall be governed by the laws of the Netherlands without regard to any conflict of law provisions. All disputes arising out of or relating to these Terms or an agreement will primarily be resolved by negotiation between the Parties. If such negotiations fail, any dispute, controversy or claim arising out of or relating to these Terms or an agreement, or the breach, termination or validity thereof, shall be resolved exclusively by the competent court(s) of Amsterdam, the Netherlands. If Customer is not located in the European Union, DataSnipper may, at its own discretion, deviate from the above and may – at its sole discretion - demand and Customer hereby irrevocably agrees in advance, that any dispute, controversy or claim arising out of or relating to these Terms or any agreement, or the breach, termination or validity thereof, shall be finally settled by arbitration in accordance with the arbitration rules of the International Chamber of Commerce, irrespective of the place where the contract is performed. The number of arbitrators shall be one (1). The seat of arbitration shall be Amsterdam, the Netherlands. The language of the arbitration shall be English. The arbitral proceedings and award shall be confidential.

Annex 1 – Data Processing Agreement

Between:

• “Customer”, meaning a business entity with a current contractual agreement with DataSnipper for the supply and use of the Services, Professional Services, or a user of a free pilot version of DataSnipper Software (“Controller” or “Customer”)
• DataSnipper B.V. as Licensor or DataSnipper registered on Aambeeldstraat 34, 1021 KB, Amsterdam, the Netherlands. (“Processor” or “DataSnipper”)

• 1.1 Processor undertakes to process personal data on behalf of the Controller according to the provisions laid down in this DPA. Data processing shall take place in the context of the execution of the Contract, as well as those purposes that are reasonably related to it or that are determined in Contract.
• 1.2 The data processing relates to the data processing purposes set by the Controller regarding the categories of personal data and data subjects listed in Appendix A to this DPA. Processor shall not make any independent decisions regarding the processing of personal data for other purposes.
• 1.3 The personal data to be processed on the instructions of Controller will remain the property Controller and/or the data subjects involved.

2. Obligations Processor

• 2.1 With regard to the data processing activities referred to in Article 1, the Processor shall comply with the GDPR.
• 2.2 Processor shall inform the Controller of the measures it has taken with respect to its obligations under this DPA when this is first requested by the Controller.
• 2.3 The obligations of the Processor ensuing from this DPA also apply to those who process personal data under the authority of the Processor, including but not limited to employees, in its broadest sense.
• 2.4 Processor shall immediately notify the Controller if it deems that data processing instructions are not in accordance with the GDPR.
• 2.5 Processor shall assist the Controller in the fulfilment of its legal obligations. This concerns providing assistance in fulfilling its obligations under Articles 32 to 36 of the GDPR, such as providing assistance in carrying out a Data Protection Impact Assessment (DPIA) and prior consultation in the event of high-risk data processing.

3. Obligations of Controller

• 3.1 The Controller shall:
• 3.1.1 ensure that the Processing of Personal Data complies with the GDPR;
• 3.1.2 ensure that Personal Data shall not contain any special categories of personal data as specified in article 9 GDPR or other types of sensitive personal data;
• 3.1.3 be responsible for providing the necessary notices to Data Subjects and obtaining any required consents for the Processing of Personal Data;  
• 3.1.4 ensure that a record of Processing activities under its responsibility, if required under the GDPR, is maintained;
• 3.1.5 appoint a data protection officer, if required under the GDPR, and communicate their contact details to Processor;
• 3.1.6 cooperate with the supervisory authority as needed and inform Processor of any relevant correspondence with the supervisory authority that may impact Processor's obligations.

4. Transfer of personal data

• 4.1 Processor may process personal data in countries within the European Economic Area (EEA). In addition, Processor may also transfer the personal data to a country outside the EEA, provided that the country ensures an adequate level of protection and it complies with the other obligations incumbent on it under this DPA and the GDPR.

5. Division of responsibility

• 5.1 Processor is solely responsible for the processing of the personal data under this DPA, in accordance with the instructions of Controller and under the explicit (final) responsibility of the Controller.
• 5.2 The Processor guarantees that the content, use and instruction of the processing of the personal data referred to in this DPA are not unlawful and do not infringe any third-party right.

6. Engaging sub-processors

• 6.1 Controller hereby authorises Processor to use third parties (sub-processors) when processing personal data, pursuant to this DPA, in compliance with the GDPR.
• 6.2 At the request of the Controller, the Processor will inform the Controller of the sub-processors it has engaged. The sub-processors engaged by the Processor at the time conc this DPA was signed are listed in Appendix A. The Controller has the right to object in writing, stating reasons, to any sub-processors engaged by Processor. If Controller objects to any sub-processors engaged by the Processor, the Parties will consult with each other to find a solution.
• 6.3 Processor shall impose on the sub-processors engaged by it similar or more stringent obligations as agreed between the Controller and the Processor. Processor shall be responsible for the correct observance of these obligations by sub-processors and shall be liable for any damage caused by errors on the part of these sub-processors.

7. Security

• 7.1 Processor shall make an effort to take appropriate technical and organisational measures to protect the personal data processed on behalf of the Controller against loss or against any form of unlawful processing (such as unauthorised access, alteration, modification or disclosure of the personal data).
• 7.2 Processor does not guarantee that the security is effective under all circumstances. In the absence of an explicitly defined security measure in the DPA, the Processor shall make an effort to have the security meet a level that is not unreasonable in view of the technological state of the art, the sensitivity of the personal data and the costs associated with the implementation of the security measures.

8. Data breach notification obligation

• 8.1 Processor shall, without undue delay and, where feasible, no later than 72 hours after having become aware of a personal data breach (Hereafter: “Data Breach”), notify the Controller of a Data Breach.
• 8.2 The obligation to notify applies regardless of the impact of the Data Breach. The notification shall include at minimum the information listed in Appendix B. The Processor shall report the Data Breach by e-mail to the contact person listed in Appendix B.
• 8.3 The Data Processor shall follow all instructions of the Controller and provide the cooperation necessary to eliminate the cause of the Data Breach, to prevent further damage to the data subject(s) and to prevent similar incidents in the future.
• 8.4 In accordance with Article 33 (5) of the GDPR, the Processor shall document all data breaches, including the facts about the personal data breach, its consequences and the corrective measures taken.

9.  Rights of data subjects

• 9.1 Should a data subject submit a request to the Processor to exercise their legal rights under Chapter III of the GDPR, the Processor shall immediately forward the request to the Controller and inform the data subject accordingly. The Controller shall then handle the request independently.
• 9.2 Should a data subject address a request to exercise one of their legal rights to the Controller, the Processor shall, if the Controller so requires, cooperate in the execution of this request. The Parties shall bear their own costs in this regard.

10. Secrecy and confidentiality

• 10.1 All personal data processed by the Processor on behalf of the Controller in the context of this DPA are subject to an obligation of confidentiality towards third parties. The Processor shall not use these personal data for any purpose other than that for which it has obtained them.
• 10.2 This secrecy obligation does not apply insofar as the Controller has given explicit permission to provide the personal data to third parties, provided that the disclosure of the personal data to third parties is logically necessary in view of the nature of the task assigned and the execution of this DPA, or if there is a legal obligation to provide the personal data to a third party.

11. Audit

• 11.1 The controller has the right to carry out audits by an independent third party bound by secrecy to verify compliance with the DPA.
• 11.2 This audit will only take place after the Controller has a concrete suspicion of misuse of Personal Data and has requested similar audit reports present at the Processor, assessed them and put forward reasonable arguments that justify an audit initiated by the Controller. Such an audit is justified if the similar audit reports present at the Processor do not provide any, or sufficient, evidence of the Processor's compliance with this DPA. The audit initiated by the Controller shall take place two weeks after it has been announced by the Controller, and no more than once a year.
• 11.3 Processor shall cooperate with the audit and share all information reasonably relevant to the audit as timely as possible. Processor shall ensure that the audit causes as little disruption as possible to the Processor's other activities.
• 11.4 The findings of the audit will be assessed by the Parties in mutual consultation and, as a result, may or may not be implemented by one or both Parties jointly. The costs of the audit will be borne by Controller.

12. Liability

• 12.1 The Parties respective liability for any breach of this DPA, including any damages resulting from a Personal Data Breach, shall be subject to the limitations and exclusions of liability set forth in the Contract.
• 12.2 Each Party is obliged to inform the other Party without undue delay of a (potential) liability claim or the (potential) imposition of a penalty by a Supervisory Authority, in connection with the DPA or otherwise. Parties are reasonably obliged to provide each other with information and/or support for the purpose of putting forward a defense against a (potential) liability claim or penalty, as referred to in the previous sentence. The Party that provides information and/or support shall be entitled to charge the other Party any potential reasonable costs in this respect; the Parties shall inform each other about these costs in advance as much as possible.

13. Duration, termination and deletion

• 13.1 This DPA shall enter into force upon signature by the Parties and on the date of the last signature.
• 13.2 This DPA has been entered into for the term specified in the Contract between the Parties and, in the absence thereof, for the duration of the processing of personal data of the Controller by the Data Processor.
• 13.3 Termination of this DPA will not exempt the Parties from their obligations arising from this DPA which by their nature are expected to continue after termination.
• 13.4 As soon as the DPA is terminated, for whatever reason and in whatever way, the Processor will, at the request of the Controller and within 60 business days, return all personal data in its possession in original or copy form to the Controller, and/or remove and/or destroy these original personal data and any copies thereof, if and to the extent still technically possible, unless applicable legislation requires storage of the Personal Data.
• 13.5 Processor shall on request give the Controller (written or electronic) confirmation that the deletion or return of the Personal Data has taken place.
• 13.6 Processor shall inform all Sub-processors involved in the Processing of Personal Data of a termination of this DPA and shall ensure that all Sub-processors will delete or return the Customer Personal Data.

14. Contradiction and amending the DPA

• 14.1 The order of precedence as described in the Contract is applicable in case of a contradiction between the articles of the DPA and the articles of other documents constituting the Contract.
• 14.2 Amendments to the articles of the DPA can be effected only by joint agreement between the Parties.

Appendix A: Specification of the processing of personal data

Overview of categories of personal data and data subjects:

Description of the data processing activities:

Overview of sub-processors for which specific permission has been obtained: