August 23, 2023

Secure Privacy Product Terms Of Service

These Terms of Service apply to the use of Secure Privacy Products (as herein defined). For the purposes of these Terms of Service, the term “Products”, shall collectively refer to the products and services that are ordered by You online through a link or via an Order Form referencing this Agreement, whether on a trial or paid basis, and made available online by Us, via the applicable subscriber login link and other web pages designated by Us, including, individually and collectively, the applicable Software, updates, API, Documentation, and all applicable Associated Services that You have purchased or deployed.

Terms of Service for Products

These Terms of Service constitute a binding contract on you and govern your use of and access to the products by you, employees and end-users in connection with a paid or free trial subscription to the services.

By accepting this Agreement, either by signing up to the Service or End-User to access or use the service, You agree to be bound by this Agreement. If You are entering into this Agreement on behalf of a company, organization or another legal entity (an “Entity”), You are agreeing to this Agreement for that Entity and representing to Secure Privacy that You have the authority to bind such Entity and its Affiliates to this Agreement, in which case the terms “Subscriber,” “You,” “Your” or a related capitalized term herein shall refer to such Entity and its Affiliates. If You do not have such authority, or if You do not agree with this Agreement, You must not accept this Agreement and may not use any of the Services.

1.1. Definitions

The following terms have the following meanings:

Account means any accounts or instances created by or on behalf of Subscriber or affiliate within the Services.

Affiliate means, with respect to a Party, any entity that directly or indirectly controls, is controlled by, or is under common control with such Party, whereby “control” (including, with correlative meaning, the terms “controlled by” and “under common control”) means the possession, directly or indirectly, of the power to direct, or cause the direction of the management and policies of such person, whether through the ownership of voting securities, by contract, or otherwise.

Agreement means the Terms of Service for products together with any and all Supplemental Terms, any Data Processing Agreement and Order Forms along with the Secure Privacy Policy available on Our Site.

Applicable Data Protection Law means EU General Data Protection Regulation (or a successor thereto).

API means the application programming interfaces developed and enabled by Secure Privacy that permit Subscribers to scan, access and use certain functionality provided by the Services, including, without limitation, the REST API that enables the interaction with the Services automatically through HTTP requests and the application development API that enables the integration of the Services with other web applications.

Associated Services means products, services, features and functionality designed to be used in conjunction with the Services but not included in the Service Plan to which You subscribe, including, without limitation, integrations and applications created or developed by Secure Privacy or its Affiliates. For the avoidance of doubt, none of the Services or any other product, service, feature or functionality that is expressly stated to be governed by any alternative license, agreement or terms shall be deemed an Associated Service.

Beta Services means a product, service or functionality provided by Secure Privacy that may be made available to You to try at Your option at no additional charge which is clearly designated as beta, pilot, limited release, non-production, early access, evaluation or by a similar description.

Confidential Information means all information disclosed by Secure Privacy to You, or by You to Secure Privacy, which is in tangible form and labelled “confidential” (or with a similar label) or which a reasonable person would understand to be confidential given the nature of the information and circumstances of disclosure, including, but not limited to, information relating to Secure Privacy’s security policies and procedures. For the purposes of this Agreement, all Service Data shall be deemed Confidential Information. Notwithstanding the foregoing, Confidential Information shall not include information that (a) was already known to the receiving Party at the time of disclosure by the disclosing Party; (b) was or is obtained by the receiving Party from a third party not under an obligation of confidentiality with respect to such information; (c) is or becomes generally available to the public other than by violation of this Agreement or another valid agreement between the Parties; or (d) was or is independently developed by the receiving Party without the use of the disclosing Party’s Confidential Information.

Consulting Services means consulting and professional services (including any training, development or implementation services) provided by Secure Privacy or its authorized subcontractors as indicated on an Order Form or other written documents such as a statement of work “SOW”, as defined below.

Documentation means the user guides, online help, release notes, training materials, and other documentation produced by Secure Privacy or the Subscriber regarding the use or operation of the SAAS Services.

End-User means any person or entity other than Subscriber who is using a Service.

Order Form means any of Secure Privacy’s standard forms of sales order or any valid quote for Services and/or services issued by Secure Privacy and that sets forth the SAAS Services and/or services to be purchased or licensed, the price of each, and any mutually agreed additional terms and conditions.

Personal Data means any information relating to an identified or identifiable natural person (“data subject”).

Personnel means employees and/or non-employee service providers and contractors of Secure Privacy engaged by the Secure Privacy in connection with performance hereunder.

Service(s) means the products and services that are ordered by You online through a link or via an Order Form referencing this Agreement, whether on a trial or paid basis, and made available online by Us, via the applicable subscriber login link and other web pages designated by Us, including, individually and collectively, the applicable Software, updates, API, Documentation, and all applicable Associated Services that You have purchased.

Service Data means the data Secure Privacy processes on Your behalf in accordance with the Data Processing Agreement.

Service Plan means varied plans offered by us which you can subscribe to. Each plan entitles you to use certain specified features of the Services. Currently, we offer the following  Service Plans: Basic, Plus, Business and Enterprise.

Site means secureprivacy.ai and all the websites on its subdomains.

Subscription Term means the period for which You have agreed to subscribe to and use a Service with respect to any website.

Third Party Services means third party products, applications, services, software, networks, plugins, systems, directories, websites, databases and information obtained separately by You and which a Service links to, or which You may connect to or enable in conjunction with a Service, including, without limitation, Third Party Services which may be integrated directly into Your Account by You or at Your direction.

1.2. General Conditions; Access to and use of the services

1.2.1 During the Subscription Term and subject to compliance by You and End-Users with this Agreement, You have the limited right to access and use a Service consistent with the Service Plan(s) that You subscribe to, together with all applicable Deployed Associated Services, for Your internal business purposes. We will (a) make the Services and Service Data available to You pursuant to this Agreement and the applicable Order Forms; (b) provide applicable standard customer support for the Services to You at no additional charge as detailed on the applicable Site and Documentation and/or upgraded support if purchased; (c) use commercially reasonable efforts to make the Services available 24 hours a day, 7 days a week, except (i) during planned downtime for upgrades and maintenance of the Services (of which We will use commercially reasonable efforts to notify You in advance both through Our Site and a notice to Your Account owner and Agents) (“Planned Downtime”); and (ii) for any unavailability caused by circumstances beyond Our reasonable control, including, for example, an act of God, act of government, flood, fire, earthquake, civil unrest, act of terror, strike or other labor problem (other than one involving Our employees), Internet service provider failure or delay, Third Party Services, or acts undertaken by third parties, including without limitation, denial of service attack (“Force Majeure Event”). Secure Privacy reserves the right to monitor and periodically audit Your use of the Secure Privacy Services to ensure that Your use complies with the Agreement and the Service Plan restrictions on Our Site. Should Secure Privacy discover that You are not in compliance with the Agreement or the Service Plan restrictions on Our Site, Secure Privacy reserves the right to charge You, and You hereby agree to pay for, said usage in addition to other remedies available to Us.

1.2.2 You may not use the Services to provide customer service, support or other outsourced business process services on behalf of more than one third party (other than Affiliates) through a single Account. Without limiting the foregoing, Your right to access and use the API is also subject to the restrictions and policies implemented by Secure Privacy from time to time with respect to the API as set forth in the Documentation or otherwise communicated to You in writing.

1.2.3 A high speed Internet connection is required for proper transmission of the Services. You are responsible for procuring and maintaining the network connections that connect Your network to the Services, including, but not limited to, “browser” software that supports protocols used by Secure Privacy, including the Transport Layer Security (TLS) protocol or other protocols accepted by Secure Privacy, and to follow procedures for accessing services that support such protocols. We are not responsible for notifying You or End-Users of any upgrades, fixes or enhancements to any such software or for any compromise of data, including Service Data, transmitted across computer networks or telecommunications facilities (including but not limited to the Internet) which are not owned, operated or controlled by Secure Privacy. We assume no responsibility for the reliability or performance of any connections as described in this section.

1.2.4 In addition to complying with the other terms, conditions and restrictions set forth below in this Agreement, You agree not to (a) license, sublicense, sell, resell, rent, lease, transfer, assign, distribute, time share or otherwise commercially exploit or make the Services available to any third party except in furtherance of Your internal business purposes as expressly permitted by this Agreement; (b) use the Services to Process data on behalf of any third party other than Agents or End-Users; (c) modify, adapt, reverse engineer or hack the Services or otherwise attempt to gain unauthorized access to the Services or related systems or networks; (d) falsely imply any sponsorship or association with Secure Privacy, (e) use the Services in any unlawful manner, including, but not limited to, violation of any person’s privacy rights; (f) use the Services to send unsolicited or unauthorized bulk mail, junk mail, spam, pyramid schemes or other forms of duplicative or unsolicited messages; (g) use the Services to store or transmit files, materials, data, text, audio, video, images or other content that infringes third party’s intellectual property rights; (h) use the Services in any manner that interferes with or disrupts the integrity or performance of the Services and its components; (i) attempt to decipher, decompile, reverse engineer or otherwise discover the source code of any Software making up the Services; (j) use the Services to knowingly post, transmit, upload, link to, send or store any content that is unlawful, racist, hateful, abusive, libellous, obscene, or discriminatory; (k) use the Services to knowingly post transmit, upload, link to, send or store any viruses, malware, trojan horses, time bombs, or any other similar harmful software (“Malicious Software”); (l) use or launch any automated system that accesses a Service (e.g. bot) in a manner that sends more request messages to a Service server in a given period of time than a human can reasonably produce in the same period by using a conventional on-line web browser; or (m) attempt to use, or use the Services in violation of this Agreement.

1.2.5 In addition to Our rights as set forth herein, We reserve the right, in Our reasonable discretion, to temporarily suspend Your access to and use of a Service if We suspect or detect any Malicious Software connected to Your Account or to the use of a Service by You or End-Users.

1.2.6 You acknowledge that Secure Privacy may modify the features and functionality of the Services during the Subscription Term at any time and at its sole discretion.

1.2.7 You may not access the Services if You are a direct competitor of the Secure Privacy, except with Secure Privacy’s prior written consent. You may not access the Services for the purposes of monitoring performance, availability, functionality, or for any benchmarking or competitive purposes.

1.2.8 If You register for a free trial for any of the Services, We will make such Services available to You on a trial basis free of charge until the earliest of (a) the end of the free trial period for which You registered to use the applicable Service(s); (b) the start date of any subscription to such Service purchased by You for such Service(s); or (c) termination of the trial by Us at our sole discretion. Additional trial terms and conditions may appear on the trial registration web page. Any such additional terms and conditions are incorporated into this Agreement by reference and are legally binding.

Any service data you enter into a service, and any configurations or customizations made to a service by or for you, during your free trial will be permanently lost unless you purchase a subscription to the same service as covered by the trial or otherwise purchase the applicable service before the end of the free trial period.

1.2.9 From time to time, We may make Beta Services available to You at no charge. You may choose to try such Beta Services at Your sole discretion. Beta Services are intended for evaluation purposes only and not for production use, are not subject to regular customer support, and may be subject to additional terms that will be presented to You. Beta Services are not considered “Services” under this Agreement; however, all restrictions, Our reservation of rights and Your obligations concerning the Services, and the use of any Third Party Services shall apply equally to Your use of Beta Services. Unless otherwise stated, any Beta Services trial period will expire upon the earliest of one year from the trial start date or the date that a version of the Beta Services becomes generally available without the applicable Beta Services designation. We may discontinue Beta Services at any time at Our sole discretion and may make them never generally available. We assume no liability for any harm or damage arising out of or in connection with a Beta Service.

1.2.10. The consent provided by your visitors is stored in your account as part of your subscription with us. You should be aware that we store the consent given by your visitors for a limited period of time. We remove the consent stored in your account after 12 months from the date of storing such consent. You acknowledge that you may need to renew the consent given by you visitors after the storage period for consent ends.

1.2.11. You shall acknowledge that the number of consents stored in your account shall be determined based on the Service Plan you subscribe to. Accordingly, for Basic, Plus, and Business Plans you shall be able to store 100.000 consents per account per month, whereas for Enterprise Plan you shall be entitled to store 1.000.000 consents per account per month.

1.3. Confidentiality; Security and Privacy

1.3.1 Subject to the express permissions set forth in this Agreement, each Party will protect each other’s Confidential Information from unauthorized use, access or disclosure in the same manner as it protects its own Confidential Information, but no less than with reasonable care. Except as otherwise expressly permitted pursuant to this Agreement, each of us may use each other’s Confidential Information solely to exercise our respective rights and perform our respective obligations under this Agreement and shall disclose such Confidential Information (a) solely to the Personnel who have a need to know such Confidential Information for such purposes and who are bound to maintain the confidentiality of, and not misuse, such Confidential Information; (b) as necessary to comply with an order or subpoena of any administrative agency or court of competent jurisdiction; or (c) as reasonably necessary to comply with any applicable law or regulation. The provisions of this Section shall supersede any non-disclosure agreement by and between the Parties that would purport to address the confidentiality and security of the Service Data and such an agreement shall have no further force or effect with respect to the Service Data.

1.3.2 Secure Privacy will maintain reasonable administrative, physical, and technical safeguards for the protection of the security, confidentiality and integrity of Service Data. Those safeguards will include, but will not be limited to, measures for preventing access, use, modification or disclosure of the Service Data by the Personnel except (a) to provide the Services and prevent or address service, support or technical problems; (b) for compliance with this Agreement or applicable law; or (c) as You expressly permit in writing.

1.3.3 To the extent Service Data constitutes Personal Data, You and the Secure Privacy hereby agree that You shall be deemed to be the data controller and the relevant entity in Secure Privacy shall be deemed to be the data processor as those terms are understood under the Applicable Data Protection Law. Unless otherwise specifically agreed to by Secure Privacy, Service Data may be hosted by Secure Privacy or their respective authorized third-party service providers in the EU, the US or other locations around the world. Under no circumstances will any entity in Secure Privacy be deemed a data controller with respect to Service Data under the Applicable Data Protection Law or any relevant law or regulation of any Member State as defined in the Applicable Data Protection Law. Personal Data is processed in accordance with our Privacy Policy.

1.3.4 You agree that Secure Privacy and the subprocessors that are utilized by Secure Privacy to assist in providing the Services to You shall have the right to access Your Account and to use, modify, reproduce, distribute, display and disclose Service Data to the extent necessary to provide the Services, including, without limitation, in response to Your support requests. Any subprocessors utilized by the Secure Privacy will only be given access to Your Account and Service Data as is reasonably necessary to provide the Services and will be subject to confidentiality obligations which are commercially reasonable and substantially consistent with the standards described.

1.3.5 You acknowledge that Secure Privacy uses essential cookies for the application to function. We reserve the right to make changes in these Terms of Service or our Privacy Policy regarding cookies at any time. Currently, Secure Privacy uses the following types of cookies:

  1. ss-id cookies – temporary cookies for getting information during your session on the websites on how you use them. These cookies last only until the end of your session on the websites. They get deleted when you leave the websites.
  2. ss-pid – persistent cookies for getting information during your session on the websites on how you use them. These cookies stay on your computer after the end of your session and use the collected data to improve your experience when you return to the websites.
  3. _lr_uf_ - essential cookie used by Logrocket in our application for support and debugging purposes. Used to store basic information about the user’s session(s).
  4. _lr_tabs_ - essential cookie used by Logrocket in our application for support and debugging purposes. Used to store basic information about the user’s session(s).
  5. _lr_hb_ - essential cookie used by Logrocket in our application for support and debugging purposes. Used to store basic information about the user’s session(s).

1.3.6 You acknowledge that Secure Privacy uses local storage for the service to function on a website. We reserve the right to make changes in these Terms of Service or our Privacy Policy regarding cookies at any time. Currently, Secure Privacy uses the following types of local storage:
1. s_e_c_u_r_e_k_e_y – to record the preferences selected when the consent or declines the use of services and cookies.

1.3.7. Secure Privacy will process your personal data for the purpose of execution of these Terms of Service and the Data Processing Addendum and for providing customer support. The categories of personal data to be processed include your email address and your personal name.

1.4. Intellectual Property Rights

Each Party shall retain all rights, title and interest in and to all its respective patents, inventions, copyrights, trademarks, domain names, trade secrets, know-how and any other intellectual property and/or proprietary rights (collectively, “Intellectual Property Rights”). The rights granted to You, Agents and End-Users to use the Service(s) under this Agreement do not convey any additional rights in the Service(s) or in any Intellectual Property Rights associated therewith. Subject only to limited rights to access and use the Service(s) as expressly stated herein, all rights, title and interest in and to the Services and all hardware, Software and other components of or used to provide the Services, including all related Intellectual Property Rights, will remain with Secure Privacy and belong exclusively to Secure Privacy. Secure Privacy shall have a free, worldwide, transferable, sub-licensable (through multiple layers), assignable, irrevocable and perpetual license to implement, use, modify, commercially exploit, and/or incorporate into the Services or otherwise use any suggestions, enhancement requests, recommendations or other feedback We receive from You, Agents, End-Users, or other third parties acting on Your behalf.

You agree that Secure Privacy may use your name and logo, regardless of whether registered as a trademark, on Secure Privacy’s Websites and as a part of a general list of Secure Privacy's customers for use and reference in corporate, promotional and marketing materials. You hereby expressly acknowledge and agree that our use of your name and logo does not constitute an infringement of your rights, including intellectual property rights. 

When you cease to use our Services, we may, at our sole discretion, remove your name and logo from Secure Privacy’s Websites and from our general list of customers for use and reference in corporate, promotional and marketing materials. Notwithstanding the foregoing, we may, at our sole discretion, continue using your name and logo, provided that we expressly refer to you as our past customer, on Secure Privacy’s Websites and as a part of a general list of customers for use and reference in corporate, promotional and marketing materials.

1.5. Third-Party Services

Secure Privacy may use Third Party Services as part of the Service. Your access and use of Third Party services are governed solely by the terms and conditions of such Third Party Services, and We do not endorse, are not responsible or liable for, and make no representations as to any aspect of such Third Party Services, including, without limitation, their content or the manner in which they handle, protect, manage or Process data (including Service Data) or any interaction between You and the provider of such Third Party Services. We cannot guarantee the continued availability of such Third Party Service features, and may cease enabling access to them without entitling You to any refund, credit, or Third Party compensation, if, for example and without limitation, the provider of a Third Party Service ceases to make the Third Party Service available for interoperation with the corresponding Service in a manner acceptable to Us. You irrevocably waive any claim against Secure Privacy with respect to such Third Party Services. We are not liable for any damage or loss caused or alleged to be caused by or in connection with Your enablement, access or use of any such Third Party Services, or Your reliance on the privacy practices, data security processes or other policies of such Third Party Services. You may be required to register for or log into such Third Party Services on their respective websites. By enabling any Third Party Services, You are expressly permitting Secure Privacy to disclose Your Login, as well as Service Data as necessary to facilitate the use or enablement of such Third Party Services.

1.6. Billing Plan Modifications and Payments

1.6.1 Unless otherwise indicated on an Order Form referencing this Agreement, all charges associated with Your access to and use of a Service are due in full upon commencement of Your Subscription Term, with respect to the time the Service is purchased, subscribed to or otherwise deployed for. If You fail to pay Your Subscription Charges or other charges indicated on any Order Form within five (5) business days of Our notice to You that the payment is due or delinquent, or if You do not update your payment information upon Our request, in addition to Our other remedies, We may suspend or terminate your access to and use of such a Service by You, your Agents and End-Users.

1.6.2 We will automatically upgrade your account to the next plan when your account has hit the maximum number of documented website visitors.

1.6.3 If your account is upgraded to a more expensive plan, any incremental Subscription Charges associated with such Subscription Upgrade will be prorated over the remaining period of Your then current Subscription Term, charged to Your Account and due and payable upon the implementation of such a Subscription Upgrade. In any future Subscription Term, Your Subscription Charges will reflect any such Subscription Upgrades.

1.6.4 No refunds or credits for Subscription Charges or other fees or payments will be provided to You if You elect to downgrade Your Service Plan. Downgrading Your Service Plan may cause loss of content, features, or capacity of the Service as available to You under Your Account, and Secure Privacy does not accept any liability for such loss or disruption.

1.6.5 Unless otherwise stated, Our charges do not include any taxes, levies, duties or similar governmental assessments, including value-added or sales taxes (collectively “Taxes”).

1.6.6 If You pay by credit card or certain other payment instruments, the Services provide an interface to the Account owner to change credit card information (e.g. upon card renewal). The Account owner will receive a receipt upon each receipt of payment, or they may obtain a receipt from within the Services to track subscription status. You hereby authorize the payment provider to bill Your credit card or other payment instrument in advance on a periodic basis in accordance with the terms of the Service Plan for the Services and for the periodic Subscription Charges applicable to the Deployed Associated Services to which You subscribe until Your subscription to the Services terminates, and You agree to pay any Subscription Charges so incurred.

1.7. Cancellation and Termination

1.7.1 Either Party may elect to terminate Your Account and subscription to a Service as of the end of Your then current Subscription Term by providing notice, in accordance with this Agreement, thirty (30) calendar days preceding the end of such a Subscription Term. Unless Your Account and subscription to a Service are so terminated, Your subscription to a Service (including any and all Deployed Associated Services) will renew for a Subscription Term equivalent in length to the then expiring Subscription Term.

1.7.2 No refunds or credits for Subscription Charges or other fees or payments will be provided to You if You elect to terminate Your subscription to the Service or cancel Your Account prior to the end of Your then effective Subscription Term.

1.7.3 We reserve the right to modify, suspend or terminate the Services (or any part thereof), Your Account or Your and/or Agents’ or End-Users’ rights to access and use the Services, and remove, disable and discard any Service Data at any time if We believe that You or End-Users have violated this Agreement.

1.7.4 A Party may terminate this Agreement for cause (a) upon thirty (30) calendar days’ written notice to the other Party of a material breach if such a breach remains uncured at the expiration of that notice period; or (b) if the other Party becomes the subject of a petition in bankruptcy or any other proceeding related to insolvency, receivership, liquidation or assignment for the benefit of creditors.

1.7.5 Upon request by You made within thirty (30) calendar days after the effective date of the termination or expiration of this Agreement, We will make Service Data available to You for export or download as provided in the Documentation. After such a 30-day period, We will have no obligation to maintain or provide any Service Data, and, as set forth in the Documentation, we will have the right to delete or destroy all copies of Service Data in Our systems or otherwise in Our possession or control, unless doing so is prohibited by law.

1.7.6 Secure Privacy can terminate Your Account with immediate effect due to a breach of these Terms of Service or the Website Terms of Service.

1.8. Representations, Warranties and Disclaimers

1.8.1 Each Party represents that it has voluntarily and validly entered into this Agreement and has the legal power to do so.

1.8.2 Except as specifically set forth herein, the sites and the services, including all server and network components are provided on an “as is” and “as available” basis, without any warranties of any kind, express or implied, to the fullest extent permitted by law, and we expressly disclaim any and all warranties, whether express or implied, including, but not limited to, any implied warranties of merchantability, title, fitness for a particular purpose, and non-infringement. You acknowledge that we do not warrant that the services will be uninterrupted, timely, secure, error-free or free from viruses or other malicious software, and no information or advice obtained by you from us or through the services shall create any warranty not expressly stated in this agreement. 

1.8.3 You hereby acknowledge and agree that configuring the cookie banner which is provided to you as part of the Services, including the cookie & tracking blocking functionality is at Your sole responsibility and that we do not bear any liability for incorrectly configured, or any malfunctioning of the cookie banner and/or cookie & tracking blocking functionality.

1.8.4 You expressly acknowledge and agree that the use of our services is your sole responsibility and is at your discretion. You acknowledge and understand that the purpose of the services is to make your compliance process more efficient. Secure Privacy will never apply the law to your facts and/or act in the capacity of being a legal advisor. We are not a law firm or legal consulting firm and do not perform services performed by an attorney or other personnel that have acquired legal accreditation. Our services are not specific, direct, and do not propose a course of action. As a result, you acknowledge and accept that our services can under no circumstances be construed as legal advice.

1.9. Limitation of Liability and Indemnification

1.9.1 Under no circumstances and under no legal theory (whether in contract, tort, negligence or otherwise) shall we, or our affiliates, officers, directors, employees, agents, service providers, suppliers or licensors be liable to you or any third party for any lost profits, lost sales or business, lost data, business interruption, loss of goodwill, or for any type of indirect, incidental, special, exemplary, consequential or punitive loss or damages, or any other loss or damages incurred by you or any third party in connection with this agreement, the services or consulting services, regardless of whether we have been advised of the possibility of or could have foreseen such damages.

1.9.2 Notwithstanding anything to the contrary in this agreement, Secure Privacy’s aggregate liability to you or any third party arising out of this agreement or otherwise in connection with any subscription to, or use or employment of the services, shall in no event exceed the subscription charges for such services paid by you during the twelve (12) months prior to the first event or occurrence giving rise to such liability. 

1.9.3 Secure Privacy provides a tool for collecting and managing user consent on websites. This tool is provided ‘as is’ and without warranty of any kind, express or implied. You understand that compliance with applicable data protection law is a multifaceted matter, which is reflected in all processes and areas of operation of your business, not only on your website. Moreover, a user consent management mechanism on a website alone does not guarantee full compliance of the website with applicable data protection law or any other state, national or international law. Therefore, Secure Privacy does not guarantee and is not liable for the compliance of your website and/or your business and data processing activities, for which user consent is collected, with applicable data protection law, and it is your sole responsibility to ensure such compliance. 

1.9.4  It is at our discretion to decide when to delete user consents from our storage. Users may also decide to delete the consents at any time. We expressly disclaim any liability for the deletion of consents from our storage carried out either by us or the user.

1.9.5 Any claims or damages that You may have against Secure Privacy shall only be enforceable against Secure Privacy and not any other entity or its officers, directors, representatives or partners.

1.9.6 You agree to defend, indemnify and hold harmless Secure Privacy, its affiliates and their respective directors, officers, employees and partners from and against all claims and expenses, including attorneys’ fees, arising out of the use of the Websites by you. Secure Privacy reserves the right to take over the exclusive defense of any claim for which we are entitled to indemnification under this section. In such event, you shall provide Secure Privacy with such cooperation as is reasonably requested by Secure Privacy.

1.10 Governing Law and Dispute Resolution

These Terms of Use are governed by and construed in accordance with the laws of Denmark. Any disputes arising out of these Terms of Use shall be settled by the courts of Copenhagen, Denmark.

2.0 Subprocessors

Secure Privacy uses certain subprocessors and content delivery networks to assist in providing the Services.

What is a Subprocessor:

A subprocessor is a third party data processor engaged by Secure Privacy who has or potentially will have access to or process Service Data (which may contain Personal Data). Secure Privacy engages different types of subprocessors to perform various functions as explained in the tables below.

Due Diligence:

Secure Privacy undertakes to use a commercially reasonable selection process by which it evaluates the security, privacy and confidentiality practices of proposed subprocessors that will or may have access to or process Service Data.

Infrastructure Subprocessors – Service Data Storage

Secure Privacy owns or controls access to the infrastructure that Secure Privacy uses to host Service Data submitted to the Services, other than as set forth below. Currently, the Secure Privacy production systems for the Services are located in the EU (Netherlands).

Entity CountryEntity TypeEntity Name
NetherlandsCloud Service ProviderMicrosoft Azure

Service-Specific Subprocessors

Secure Privacy works with certain third parties to provide specific functionality within the Services. The list of subprocessors is available at https://secureprivacy.ai/subprocessors. In order to provide the relevant functionality these subprocessors access Service Data. Their use is limited to the indicated Services and purposes.

 Content Delivery Networks

As explained above, Secure Privacy’s Services may use content delivery networks (“CDNs”) to provide the Services, for security purposes, and to optimize content delivery. CDNs do not have access to Service Data but are commonly used systems of distributed services that deliver content based on the geographic location of the individual accessing the content and the origin of the content provider. Website content served to website visitors and domain name information may be stored with a CDN to expedite transmission, and information transmitted across a CDN may be accessed by that CDN to enable its functions. The following describes the use of CDNs by Secure Privacy’s Services.

Description of CDN ServicesCDN LocationServices Using CDNCDN Provider
Cloudflare’s services include a content distribution network, a domain name system network, web content optimization, web application firewall, internet protocol reputation filtering, and distributed denial of service attack prevention.GlobalAll ServicesCloudflare

Data Deletion Policy

Secure Privacy’s Data Deletion Policy (which is set out under the clause “Account Cancellation or Termination”) describes how our Subscribers’ Service Data is deleted in connection with the cancellation, termination or migration of an Account within the Secure Privacy’s Services detailed herein.

Service Data Deletion due to Account Cancellation or Termination

Two (2) years after your Account for one of the Services provided by us is cancelled or terminated; or, one (1)  year after your trial has ended for one of the Services (assuming that you have not purchased a subscription to that Service), an automated process will begin that permanently deletes your Service Data for the cancelled Service.

DATA PROCESSING ADDENDUM

This Data Processing Agreement (DPA) is an addendum to the Terms of Use between Secure Privacy and the Subscriber (Agreement). The provision of the Secure Privacy services (the “Services”) involves the Processing of Personal Data by Secure Privacy on behalf of the Subscriber. The provisions of this DPA govern the Processing of Personal Data by Secure Privacy for all services provided under this Agreement.

The Parties agree that for any Personal Data Processed as a result of or pursuant to the Agreement, Secure Privacy shall be the Data Processor and shall Process Personal Data on behalf of the Subscriber and shall not do anything which may put the Subscriber in breach of applicable Data Protection Legislation.

Definitions

“Personal Data” means any information relating to an identified or identifiable natural person (“Data Subject”); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person; 

 “Processing” means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction; 

 “Data Processor” means a natural or legal person, public authority, agency, or another body that processes personal data on behalf of the controller; 

 “Data Protection Legislation” means all applicable laws and regulations relating to the Processing of Personal Data and privacy, including the EU’s General Data Protection Regulation (2016/679/EC), and all laws and regulations implementing or made under them and any amendment or re-enactment of them; 

 “Personal Data Breach” means a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to, Personal Data transmitted, stored or otherwise processed. 

“Subprocessor” means any Data Processor engaged by Secure Privacy in the Processing of Personal Data. 

Instructions

The Subscriber hereby instructs Secure Privacy to Process Personal Data for the purpose of provision of SAAS Service. The SAAS Service is a service whereby Subscriber asks Secure Privacy to host a cookie/plugin consent management solution on Subscriber’s websites. Secure Privacy's Processing of Personal Data primarily concerns the following: Secure Privacy makes its cookie consent solution available to Subscriber and the Subscriber gets access, configure the solution and install it on their website to make it operational. Secure Privacy must process Personal Data on behalf of the Subscriber in accordance with the purpose stated in the Data Processing Agreement. Secure Privacy may not use Personal Data for any other purpose. The Personal Data may be Processed only on instructions from the Subscriber. The following types of Personal Data are being Processed: Email address, IP address, Name of contact person. 

Subprocessors

Secure Privacy works with Subprocessors to provide specific functionalities within the SAAS Services. The Subprocessors are available at https://secureprivacy.ai/subprocessors. In order to provide the relevant functionality, these Subprocessors may access Personal Data. Their use is limited to the indicated Services and purposes. By accepting this Data Processing Agreement, Subscriber authorises the use of the above Subprocessors for the processing. Secure Privacy shall inform Subscriber of any intended changes concerning the addition or replacement of other Subprocessers at least 30 days in advance, thereby giving Subscriber sufficient time to be able to object to such changes prior to the engagement of the concerned Subprocessor. Secure Privacy shall provide Subscriber with the information necessary to enable Subscriber to exercise the right to object. If Subscriber notifies Secure Privacy of such objection, the parties will discuss the concerns in good faith with a view to achieving a commercially reasonable resolution. If Subscriber’s objection cannot be reasonably accomodated, Secure Privacy will either not appoint the new Subprocessor, or permit Subscriber to suspend or terminate the affected Service without liability to either party.

Secure Privacy may not – without the Subscriber’s specific and written authorisation – use the individual Subprocessors for any “other” Processing than agreed or have the described Processing be carried out by another Subprocessor. Secure Privacy uses Microsoft as it Datacenter operator with data located in the Netherlands. The security measures implemented by Microsoft Azure and used by Secure Privacy data centre include, but are not limited to data encryption, malware protection, background checks, penetration testing, intrusion detection, and audits. The rest of the measures are listed in the Microsoft Azure Security Documentation available on https://docs.microsoft.com/en-us/azure/security/

Where Secure Privacy engages a Subprocessor, it shall do so by way of a contract which imposes on the Subprocessor the same data protection obligations as the ones imposed on Secure Privacy under this DPA. Secure Privacy shall remain fully responsible for each Subprocessor’s compliance with the obligations of this DPA and for any acts or omissions of such Subprocessor that cause Secure Privacy to breach any of its obligations under this DPA.

Subscriber Responsibilities

Compliance with laws. The Subscriber shall comply with the Data Protection Legislation with respect to Processing of Personal Data and the instructions for Processing of Personal Data given to Secure Privacy. The Subscriber acknowledges and agrees that it is solely responsible for: (i) ensuring that its instructions for Processing of Personal Data given to Secure Privacy comply with the Data Protection Legislation; (ii) the legality, quality, and accuracy of collected Personal Data; (iii) complying with all the applicable transparency and lawfulness requirements under Data Protection Legislation with respect to the collection and use of Personal Data; (iv) ensuring that the transfer of Personal Data to Secure Privacy for the purpose of processing is lawful.

Proper installation of the cookie solution. The Subscriber acknowledges and agrees that it shall be solely responsible for the proper installation and use of the cookie consent solution. Secure Privacy shall not be responsible for Subscriber’s non-compliance with Data Protection Legislation arising as a result of improperly installed or used cookie consent solution.

Secure Privacy Obligations

Compliance with Subscriber’s instructions. Secure Privacy shall only process personal data exclusively for the performance of the Services and in accordance with the written instructions of Subscriber in accordance with this DPA.

Conflict of laws. If Secure Privacy becomes aware that any law to which Secure Privacy is subject prevents Secure Privacy from complying with such instructions or requires the Processing of Personal Data other than as instructed by Subscriber, Secure Privacy shall inform Subscriber of the legal requirements before Processing, unless that law prohibits such information on important grounds of public interest. Secure Privacy shall immediately inform Subscriber if, in its opinion, an instruction infringes Data Protection Legislation. Secure Privacy must ensure that any natural person acting under the authority of Secure Privacy who has access to Personal Data does not act outside the instructions.

Personnel. Secure Privacy shall ensure that access to Personal Data is limited to those members of its personnel and Subprocessors who need access to Personal Data to meet Secure Privacy’s obligations under this DPA and in the case of any access by any personnel, such part or parts of the Personal Data as is strictly necessary for the performance of the duties of the personnel. Secure Privacy shall ensure that all personnel: (i) are informed of the confidential nature of Personal Data; (ii) have undertaken training relating to the handling of Personal Data; and (ii) are aware of both the Secure Privacy duties and their personal duties and obligations under Data Protection Legislation and the Agreement and the DPA. In addition, Secure Privacy shall take reasonable steps to ensure the reliability of any members of personnel that have access to the Personal Data.

Subprocessors Compliance. Secure Privacy must ensure that each Subprocessor is compliant with the data processing requirements as set by the Data Protection Legislation. If the subprocessor is located in a third country, Secure Privacy must ensure that such country is safe according to the Data Protection Legislation. If a Subprocessor is not located in such a country, Secure Privacy must ensure that the Subprocessor provides appropriate safeguards according to Article 46 of the GDPR, particularly in the form of standard contract clauses, or in the form of binding corporate rules according to Article 47 of the GDPR.

Security measures. Secure Privacy shall ensure that any Personal Data is subject to appropriate technical and organizational measures against unauthorized or unlawful processing of the Personal Data and against accidental loss or destruction of, or damage to, the Personal Data in accordance with any applicable Data Protection Legislation. Secure Privacy shall take all measures required under Article 32 of the GDPR to ensure a level of security appropriate to the risks of varying likelihood and severity to the rights and freedoms of natural persons.

Assistance. Secure Privacy shall provide reasonable assistance to Subscriber, in accordance with and as set forth in applicable Data Protection Legislation, in respect of Subscriber’s compliance with (i) the security of the Processing; (ii) the notification of a Personal Data Breach to the competent supervisory authority; (iii) the communication of the Personal Data Breach to the Data Subject; (iv) the carrying out of an assessment of the impact of the envisaged processing operations on the protection of Personal Data; and (v) prior consultations to the competent supervisory authority, taking into account the nature of the Processing undertaken by Secure Privacy and the information available to Secure Privacy. Furthermore, Secure Privacy must assist Subscriber in complying with any obligations resting upon Subscriber under applicable law in force from time to time where Secure Privacy’s assistance is implied or where Secure Privacy’s assistance is necessary for the Subscriber’s compliance with their obligations, including responding to data subject requests. Should Secure Privacy receive such requests, they must immediately provide the Subscriber with access to the requests and associated data.

Personal data breaches. If Secure Privacy has become aware of a potential or actual Personal Data Breach, Secure Privacy must immediately notify Subscriber in writing. This notification must as a minimum include information about the nature of the Personal Data Breach identified and, if possible, the categories of persons (data subjects) affected as well as the number of data subjects affected, the categories of Personal Data concerned and the number of Personal Data records concerned as well as the mitigating measures taken or suggested by Secure Privacy in respect of the Personal Data Breach identified.

Data Transfers. Secure Privacy shall not transfer any Personal Data to locations outside the European Economic Area or to a third country, a territory or one or more specified sectors within a third country, or an international organization against the provisions of the Data Protection Legislation without the consent of the Subscriber. Any transfer or Personal Data to a third country or an international organization by Secure Privacy must take place in compliance with the requirements of the Data Protection Legislation, including Chapter V of the GDPR.  

Maintenance of records. Secure Privacy shall maintain complete and accurate records and information related to Processing of Personal Data on behalf of the Subscriber to demonstrate its compliance with this DPA and make available to Subscriber information reasonably necessary to demonstrate compliance with Secure Privacy’s Personal Data Processing obligations under the Terms of Use and this DPA and in accordance with the SAAS Services purchased by the Subscriber.

Audits. Secure Privacy shall allow for audits by the Subscriber or a third-party auditor designated by them to check out the compliance of Secure Privacy with this Agreement. The right to audit shall not extend to the facilities of Subprocessors or other third parties that Secure Privacy engages with for the purpose of providing its Services. The Subscriber or the designated third-party auditor will not be given access to the Personal Data of other Secure Privacy customers. The Subscriber shall announce the date and time of the audit and the name of the third-part auditor, if any, at least 90 days before the proposed time and date. Secure Privacy may object to the proposed date and time and the proposed third-party auditor. In the case of an objection of the date and time, Secure Privacy shall propose multiple dates and time no later than 120 days after the initial notification. If Secure Privacy objects to the third-party auditor, the Subscriber may propose another one. Secure Privacy and the Subscriber shall sign a written agreement on the engagement of a third-party auditor to conduct the audit on behalf of the Subscriber. The mutually agreed-upon third-party auditor shall be subject to an executed written confidentiality agreement between the third-party auditor and Secure Privacy. Secure Privacy shall ensure that the Subscriber is able to verify Secure Privacy’s compliance with the Data Protection Legislation. Subscriber may use the audit reports only for the purposes of meeting its regulatory audit requirements and/or confirming compliance with the requirements of this DPA. The audit reports shall constitute confidential information of the parties under the Terms of Use. This right to audit may be exercised but not more than once a year. Subscriber may, once per the calendar year, demand documentation of Secure Privacy’s continuous assessment of its authorized Subprocessors.

Deletion or return of personal data. Secure Privacy shall erase all Personal Data being Processed on behalf of Subscriber as well as any copies thereof 30 days after the termination of the account. At the choice of Subscriber, Secure Privacy shall delete or return all Personal Data to Subscriber after the end of the provision of the Services relating to processing unless Secure Privacy is required to retain the Personal Data by any applicable law.