1.1. Datatrics is a company that operates in the digital marketing and digital communications industry and has developed and designed a Software as a Service (SaaS) which it makes available to the Client via its Platform (as defined below). The Client knows and has carefully checked the features of the Platform and considers them suitable for its needs. The Platform is a tool reserved to professional users (as opposed to consumers) and the Client undertakes to use it exclusively in connection with its professional business (and not in a capacity of consumer).
(1) 2FA: has the meaning set out in clause 4.2.
(2) AddOns: has the meaning set forth in Section 3.6 and means the integrations available here: https://datatrics.com/product/...;
(3) AddOns Provider: has the meaning as set out in clause 3.6.
(4) API: has the meaning set out in clause 4.3.
(5) Beta: has the meaning set out in clause 8.4.
(6) Billing Period: has the meaning set out in clause 7.2.
(7) Client: means the legal entity that makes use of the Platform, the Website and/or the Services provided by Datatrics;
(8) Confidential Information: has the meaning set out in clause 10.1.
(9) Datatrics: means the private limited liability company incorporated under the laws of The Netherlands (“besloten vennootschap”) Datatrics B.V., registered at the Chamber of Commerce (“Kamer van Koophandel”) under number 60772824;
(10) Datatrics Disabling Device: means any software, hardware or other technology, device or means (including any back door, time bomb, time out, drop dead device, software routine or other disabling device) used by Datatrics or its designee to disable Client’s access to or use of the Services automatically with the passage of time or under the positive control of Datatrics or its designee.
(11) Datatrics Indemnitee: has the meaning set out in clause 12.2.
(12) Deliverables: has the meaning set out in clause 3.2.
(13) Effective Date: means the date upon which the Client starts to use the Services.
(14) Feedback(s): has the meaning set out clause 15.10.
(15) Force Majeure: means force majeure as defined in article 6:75 of the Dutch Civil Code. Force majeure shall in any event include circumstances which cannot be attributed to Datatrics and which do not fall within its sphere of risk, such as: new laws, rules, government measures and regulations which impede or restrict its obligations in relation to the Services (including software or any other IT related failures), strikes, fire, floods, lightning, windstorm, acts of God, natural or nuclear disasters, energy supply faults, disease on an unusual scale including but not limited to COVID-19 or any variant thereof, wars or threats of war and/or terrorist attacks or actions.
(16) Free Plan: has the meaning set out in clause 3.5.
(17) Intellectual Property Rights: means any and all intellectual property rights and related rights, including but not limited to copyrights, database rights, design rights, domain names, know how, patents, trademarks, trade name rights, trade secrets.
(18) Offer: means the offer in respect of the Services sent by Datatrics to the Client.
(19) One Time Services: has the meaning set out in clause 3.2.
(20) Party(ies): means Datatrics and the Client individually or collectively considered.
(21) Platform: means the platform on which the Services are made available to the Client by Datatrics;
(22) Personal Data: has the meaning set out in clause 11.2.
(23) Platform: means the IT hosting platform for the Services. The Client accesses the Services via the Platform.
(24) Pricing Plan: means the type of account (including the related applicable pricing) that the Client has subscribed to for using the Services via the Platform depending on the exact Services that the Client wishes to make use of. The current available options are available at the Pricing Page (as defined below).
(25) Pricing Page: means the webpage available at https://datatrics.com/pricing on which the pricing of Datatrics is set out or any other means by which the pricing of Datatrics is provided to the Client.
(26) Professional Services: has the meaning set out in clause 3.2.
(27) Registration Form: means the registration form that is to be filled in by the Client when purchasing the Services.
(28) Resultant Data: has the meaning set out in clause 11.3.
(29) Services: means the services (including the Platform) provided by Datatrics to the Client via the Platform, by means of which the Client can bring data from various internal and external sources together in one central environment, in order to centralize internal and external data sources, to create unique customer profiles, to predict customer needs by means of algorithms and machine learning, to create relevant and personalized customer journeys, to provide automated dynamic content through different platforms and/or to advance online conversions by means of more relevant, personalized content.
(30) Sessions: means the session that Datatrics monitors and records every single time someone visits Client’s website. A session starts right away when someone loads a page and ends after 30 minutes of inactivity. If a new activity is registered after this period, it counts as a new session.
(31) SOW: has the meaning set out in clause 3.2.
(32) Subcontractor: has the meaning set out in clause 3.7.
(33) Term: has the meaning set out in clause 6.1.
(35) Website: means the website made available by Datatrics through the URL https://www.datatrics.com and all underlying pages.
3. LICENSEAND SERVICES
3.4. Improvements. The Client recognizes that Datatrics is always innovating and finding ways to improve the Platform and the Services with new features. Therefore, the Client agrees that the Platform and Services may change from time to time, and no warranty, representation or other commitment is given in relation to the continuity of any functionality of the Platform and the Services. In any case, Datatrics will take all reasonable commercial efforts to inform the Client in advance of any changes that may result in a substantial reduction in the level and overall quality of the Platform and Services.
3.6. AddOns, Plugins, and Integrations. Datatrics in its absolute discretion may make available additional features, functionality, and services offered by third-party providers (“AddOns”) with the Platform. Client’s use of AddOns is subject to a separate agreement between Client and the third-party licensor of that AddOn (“AddOns Provider”) and Datatrics is not and in no event will be considered as a party to, or a third-party beneficiary of, such agreement. Client’s use of the AddOn is strictly at Client’s risk. The AddOn Provider is solely responsible for that AddOn, its content, performance and security and the privacy and security of any of Client data processed or affected, directly or indirectly, by the AddOn. Neither Datatrics nor any of Datatrics affiliates make any warranties, express or implied, as to the AddOns, their security, legality, performance, accuracy, or reliability. Datatrics disclaims any liability in connection with any claims that Client or any other party may have relating to any AddOn or Client’s use of that AddOn. By subscribing to or purchasing an AddOn, the Client represents and warrants that (i) it has the right to directly transfer Personal Data to the AddOn Provider; (ii) only if applicable, it grants Datatrics permission to share Client Personal Data and Resultant Data with the AddOn Provider as necessary in order to provide Client the AddOn; and (iii) it has all permission to use them and to transfer any information related their use to Datatrics. Datatrics disclaims any responsibility as to AddOn Provider’s use or misuse of Client Personal Data and Resultant Data.
3.7. Subcontractors. Datatrics may from time to time in its discretion engage third parties to perform Services (each a “Subcontractor”).
4. SECURITY AND API
4.1. Registration, username and password. To use the Services on the Platform, the Client is first required to fill in the Registration Form and to register for an account. The Client must secure access to its account using an email address and password. The password must be kept strictly confidential and the email account adequately secured. Datatrics may assume that all actions undertaken from the Client’s account after logging in with the Client’s email address and password is authorized and supervised by the Client. This means that the Client is liable for these actions, and the Client indemnify Datatrics from any and all claims and damages resulting from that use. In the event the Client knows or has reasons to assume that the email address and password are used by someone else, the Client should immediately notify Datatrics thereof in writing, notwithstanding the Client’s own obligation to take measures to prevent any (further) damages. The Client may include personal data in its account and warrants that the information entered therein or provided when registering for the Services is complete, up to date and accurate.
4.2. 2FA.The Platform support logins using two-factor authentication (“2FA”), which is known to reduce the risk of unauthorized use of or access to the Platform. The Client agrees to conform to the use of the 2FA software that is provided by Datatrics, and to keep its software up to date to support 2FA. Client agrees to instruct its employees on the importance of complying with 2FA security requirements. Datatrics therefore will not be responsible for any damages, losses or liability to Client or anyone else if any event leading to such damages, losses or liability would have been prevented by the use of 2FA.
5. USE POLICY
5.1. Compliance with laws. It is not permitted to use the Services for any purpose that violates the laws of The Netherlands or any other applicable law or regulation.
5.3. Violation. Should Datatrics discover that the Client violates any of the above, or receives a complaint alleging the same, Datatrics will issue a warning to the Client. If the warning does not lead to an resolution acceptable by Datatrics, then Datatrics may intervene to end the violation and may immediately suspend or terminate the provision of the Services to the Client. In urgent cases, to be determined at the sole discretion of Datatrics, Datatrics may intervene and immediately suspend or terminate the provision of the Services to the Client without warning.
5.4. Prevention to avoid damage or jeopardy. If in the opinion of Datatrics the continued functioning of the Platform is actually (or under threat of) being damaged or jeopardized, for example through excessive transmission of data, leaks of personal data or virus activity, Datatrics may take all steps it deems reasonably necessary to end or avert such damage or jeopardy, including suspending or terminating the Services provided to the Client.
5.5. No liability for results of the use of the Services. The Client acknowledges that any results that can be achieved by using the Services are dependent on the proper use of the Services by the Client and the way in which the Client decides to use the Services in order to achieve its goals. Datatrics therefore only has the obligation to make the Services available to the Client (which the Client can then use in accordance with its individual goals) and cannot warrant any results (such as, but not limited to, a conversion uplift/ROI) to be achieved from making use of the Services. Datatrics is in no event liable or responsible for the achievement or non-achievement of any Client intended results from using of the Services, irrespective of whether Datatrics has been made aware of these intended results in advance by the Client.
5.6. Third party rights. The Client warrants that the use of the Services by the Client and the sharing of information via the Platform by the Client when making use of the Services does not infringe any third party rights, such as, but not limited to, rights to personal data, confidential data files, video, text, music, software, logos, design material and/or any other third party intellectual property rights.
6. TERM AND TERMINATION
6.2. Renewal. After the initial Term as set out in the Offer, as indicated in the previous clause, the provision of the Services is silently renewed with successive terms of the same period. The Client can terminate the use of the Services by the end of the relevant Term set out in the Offer (or of any extended Term) with a notice period of one (1) calendar month by (i) clicking “Cancel subscription” under the heading “Billing” in the Platform, and (ii) deleting the online tracking the online tracking pixel before the end of the relevant Term. The Client is aware and accepts that the failure to perform even one of these two conditions will cause the automatic and silent renewal of the Services for successive terms of the same period.
6.3. Upgrade or downgrade. The Client is allowed at any time to upgrade its Pricing Plan in relation to the Services (for example by going from a standard pricing plan to a premium pricing plan) via the Platform by adding additional modules. The Client can only downgrade its Pricing Plan in relation to the Services by terminating added modules at the end of the term indicated in the Offer (or at the end of any extended term), taking into account the formalities set out in this clause 6.
6.4. Termination for convenience. Datatrics is entitled to terminate the provision of the Service at any time and for any reason taking into account a notice period of one month.
a) the Client does not comply with the applicable law when using the Services;
b) the Client infringes or Datatrics has reason to believe that the Client infringes Datatrics’ Intellectual Property Rights or in the event of a third party alleges that the Client has infringed the Intellectual Property Rights of such third party;
c) the Client breaches its payment obligations under clause 7 or commits any other material breach; and/or,
d) the Client applies or files for a moratorium (in Dutch: surseance van betaling) or for a bankruptcy.
6.6. Termination of the Free Plan. Datatrics and Client may at any time terminate a Free Plan effective immediately upon written notice to the Client.
a) all rights, licenses, consents and authorizations granted by either Party to the other hereunder will immediately terminate;
b) Client will immediately lose access to Client Data; it will be Client’s sole responsibility to ensure that Client Data are exported from the Platform during the applicable Term;
c) The Client shall stop all use of the Services, including but not limited to deactivating the use of all synchronisation activities such as deleting the online tracking pixel from all web properties of the Client and disconnecting all channels;
d) Client shall immediately cease all use of any Services and (i) at Datatrics’ written request destroy all documents and tangible materials containing, reflecting, incorporating or based on Datatrics Confidential Information; and (ii) permanently erase Datatrics’ Confidential Information from all systems Client directly or indirectly controls;
e) Datatrics may disable all Client access to the Platform and Services;
6.8. Charge use of Services prior to termination date. The Client shall be charged for all use of the Services prior to the termination date.
6.9. No refunds or compensations. Datatrics will never be held to refund any money received, or be liable for any compensation regarding the cancellation, rescission or other termination of the Services. Amounts invoiced by Datatrics before the termination remain unaffected and will be due immediately upon termination.
7. SUBSCRIPTION FEE AND PAYMENT
7.1. Subscription Fee. Datatrics offers various subscriptions, as described in the Offer and/or on the Website. The use of the Services is subject to a subscription fee, as stated in the Offer and/or on the Website, which includes an agreed amount of monthly traffic sessions and features. The applicable subscription fee may vary according to the (additional) Services used.
7.2. Billing Period. The Client undertakes to pay, during the Term mentioned in the Offer, on a monthly basis (the “Billing Period”) a recurring subscription fee, as specified in the initial purchase order or any subsequent purchase order submitted by you. Datatrics is allowed to bill in advance.
7.3. Monthly Sessions. The Client is aware and accepts that Datatrics will monitor and record the monthly number of Sessions on the Client’s website. If Datatrics detects that on the Client’s website there is a monthly overuse (= more sessions than the amount agreed), an additional fee – as specified in the Offer and/or on the Pricing Page - will be applied for each extra 10.000 Sessions. Therefore, at the end of each Billing Period, the subscription fees will be adjusted to reflect any additionally used number of Sessions. The Client authorizes Datatrics to automatically charge the Client for the additional fees applicable to any additionally used number of Sessions at the end of the corresponding Billing Period. The Client can at any given time gain insight into and check the actual number of Sessions used by it on the Platform.
7.4. Payment Method. Payment is possible through direct debit payments, by making a wire transfer to the bank account of Datatrics, or as explained further on the Website and in the Services.
7.5. GoCardless. Datatrics uses GoCardless to process the Client’s Direct Debit payments. More information on how GoCardless processes personal data and data protection rights, including the Client’s right to object, is available at https://gocardless.com/privacy
7.6. Electronic invoicing. The Client agrees with electronic invoicing.
7.7. VAT and Euros. All amounts mentioned by Datatrics are exclusive of VAT and in euros.
7.8. Payment period. Datatrics handles a payment period of thirty (30) calendar days. The Client is obliged to pay the fees within the agreed thirty (30) calendar days payment period. The end of this payment period is a fatal deadline and the Client will immediately be in default, without further notice being required, if the datal deadline is not met.
7.9. Failure to Pay. In the case the Client fails to pay within the above-mentioned payment period, Datatrics is allowed to suspend (partly or fully) and/or to terminate the provision of the Services. Also, the Client is obliged to pay the commercial legal interest rate for the outstanding amount on the basis of article 6:119a of the Dutch Civil Code. This is owed from the first day after expiration of the payment period, without requiring a notice of default. The Client is also held to pay full compensation for all extrajudicial and judicial (collection) costs, including but not limited to costs for attorneys, bailiffs and debt collection agencies. Datatrics is entitled to charge 15% of the outstanding amount to the Client, with a minimum of EUR 40,-, without prejudice to Datatricsʼ right to charge the Client for the actual costs and/or damages suffered if these actual costs and/or damages exceed the aforementioned chargeable 15% of the outstanding amount.
7.10. Annual Subscription. If the Client subscribed for an annual subscription Pricing Plan with a monthly payment, the Client may be entitled to a discount. In this case if the payment is made by (i) credit card and if the Client fails to pay the subscription fee for five (5) times or (ii) wire transfer and the Client fails to pay the subscription fee, and this breach is not cured within fifty-five (55) calendar day starting from the due date of the invoice, Datatrics shall have the right to:
a) suspend the performance of the Platform and Services without further notice and without incurring any obligation or liability to the Client or any other person by reason of such suspension and the block the access and the use of the Services;
b) charge the total discount (if any) benefited by the Client over the annual subscription;
c) charge over the period that the subscription fee is outstanding, an extra 50% of the subscription fee; and
d) terminate the provision of the Services to the Client;
7.12. Amendment of prices and fees. Datatrics may unilaterally change its prices and the agreed subscription fee or introduce fees for the Free Plan at any time. Datatrics shall announce via the Platform any such changes at least thirty (30) calendar days before they take effect. If the Client does not accept such change, the Client can terminate (in Dutch: opzeggen) the use of the Services until the date that the change takes effect (i.e. until 30 calendar days after the change has been announced through the Services). Use of the Services after the date on which the change has taken effect shall constitute the Client’s acceptance of such change.
8. SLA, SUPPORT AND BETA
8.1. Performance of the Services. Datatrics uses reasonable commercial efforts to ensure the availability of the Platform. Datatrics does not provide any specific guarantees as to the availability of the Platform or the performance of the Services, unless separately agreed upon between Datatrics and the Client in writing, for example, if applicable, in a service level agreement.
8.2. Maintenance. Datatrics actively maintains the Platform. Maintenance can take place at any time, even if this may negatively impact the availability of the Services. Maintenance is announced in advance by Datatrics whenever possible.
8.3. Support. If a Client has subscribed to a Free Plan, Datatrics will not provide any direct support to the Client, but online manuals and other documentation is available at: www.datatrics.com/pricing. If a Client has subscribed to a paid Pricing Plan, and depending on the exact purchased subscription Pricing Plan, Datatrics undertakes to provide technical assistance related to the proper functioning of the Services using one of the following procedures:
A) Standard Support: Datatrics will provide the Client with Standard Support services in accordance with the terms and conditions available at www.datatrics.com/pricing.
B) Premium Support. Datatrics will provide the Client with Premium Support services in accordance with the terms and conditions available at www.datatrics.com/pricing.
C) Enterprise Support: Datatrics will provide the Client with Enterprise Support services in accordance with the terms and conditions available at www.datatrics.com/pricing.
9. INTELLECTUAL PROPERTY RIGHTS
9.1. Intellectual Property Rights. The Services, the Platform, the Website and all accompanying software as well as all information, images, audio-visual material and texts are protected by the Intellectual Property Rights of Datatrics and/or its licensors. None of these items may be copied or used without prior written permission of Datatrics, except and to the extent permitted by mandatory law.
9.2. Use of Services. The Client obtains the right to use the Services, which right of use shall always be non-exclusive, non-transferable and non-sublicensable, and under the condition precedent of payment of the applicable fees (Article 8). The Client may use the Services solely in, and on behalf of, its own company or organization and for the intended use only.
9.3. Information. Information the Client stores or processes using the Services is and remains the property of the Client and the Client’s risk and responsibility. In as far as necessary, Datatrics receives a license to use this information in relation to (the operating of) the Services, including for any future aspects or improvements thereof.
9.4. Trade names, trademarks and logos. The Client is not authorized to use Datatricsʼ trade name(s), trademark(s) and/or logo(s), also not in the context of promotional activities, including listing on the Client’s website, without Datatricsʼ prior written consent. Datatrics is a registered trademark.
11. PRIVACY AND DATA PROTECTION
11.3. Resultant Data. As established between the Parties, Datatrics holds all rights to the use of statistical information, data and related analyses in aggregate form, deriving from the Clients’ use of the Platform and the Services (“Resultant Data”). The Resultant Data is in aggregate and or anonymized form and does not include Personal Data. The Client expressly authorizes Datatrics to use the Resultant Data in order to improve the functioning of the Platform and the Services or for statistical information that may be published in aggregate form.
12. REPRESENTATIONS AND WARRANTIES AND INDEMNIFICATION
12.1. Client’s Representation and Warranties. The Client represents and warrants: (i) that all Client’s materials, contents of the messages, data and information provided by the Client to Datatrics is complete, accurate and updated; (ii) that the Client is entitled to authorize, and does authorize Datatrics to exercise all rights necessary to be able to provide the Services to the Client via the Platform; and (iii) Client’s materials, contents of the messages, data, and information provided by Client when using the Services and the Platform do not violate any applicable law or regulation.
12.2. Client’s Indemnification. The Client shall indemnify, defend and hold harmless (in Dutch: vrijwaren en schadeloos stellen) Datatrics and its subcontractors and affiliates, and each of its and their respective officers, directors, employees, successors and assigns (each a “Datatrics Indemnitee”) from and against any all damages, losses, liabilities, costs, charges and expenses, including any legal fees and expenses, incurred or suffered by such Datatrics Indemnitee:
13. LIMITATION OF LIABILITY
13.4. Obligation to report damages. Damages may only be claimed if reported by the Client in writing to Datatrics no longer than two months after discovery thereof by the Client.
13.6. Force Majeure. In case of a Force Majeure event (which shall in any event also include Covid-19 or any variants thereof and/or any other pandemic and any measures taken by the government or any other local authority in that respect), Datatrics cannot be held to compensate damages suffered by the Client and Datatrics is entitled to suspend or terminate the provision of the Services.
14. GOVERNING LAW AND JURISDICTION
15.2. Terms of Client. Applicability of any terms of the Client, including the Client’s terms and conditions of purchase, is hereby expressly rejected.
15.5. Communication. The version of any communication and/or (monitored) information as recorded by Datatrics shall be deemed to be authentic, unless the Client supplies proof to the contrary.
a) the Offer;
b) the SOW (if any);
d) the Data Processing Agreement;
e) the Annexes, whereby an Annex with an earlier number shall prevail over any Annexes with a later number (e.g. 1 shall prevail over 2, and 2 shall prevail over 3 etc.), unless the Annex with the later number expressly states that it takes precedence over (an inconsistent or conflicting term in) the Annex with an earlier number.
15.10. Feedback. The Client may provide or Datatrics may ask the Client to provide suggestions, comments, input or other feedback regarding the Datatrics Platform and the Services (“Feedback”). If the Client provides Datatrics with any Feedback, then you grant Datatrics a perpetual, irrevocable, royalty-free, non-exclusive, worldwide, sublicensable, and transferable license to use, reproduce, publicly display, distribute, modify, and publicly perform the Feedback as Datatrics sees fit. Any Feedback the Client chooses to provide is given entirely voluntarily. The Client is aware and accepts that it will not receive any compensation for its Feedback, and that Datatrics may use any Feedback Client provides to improve the Datatrics Platform and the Services or to develop new features and services.
DATA PROCESSING AGREEMENT
The Data Processing Agreement reflects the agreements of the parties on the processing of Client Personal Data as governed by European and Domestic Legislation.
2.1 All capitalized terms in the Data Processing Agreement shall have the following meanings:
“Additional Instructions” refers to the additional instructions which reflect the Parties' agreement on the additional conditions governing the processing of certain data in relation to certain Processor Services.
“Client Personal Data” refers to the personal data processed by Datatrics on behalf of the Client in the provision of the Processor Services.
“Data Breach” refers to a breach of Datatrics security leading to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of or access to Client Personal Data on systems managed or otherwise controlled by Datatrics.
“EEA” refers to the European Economic Area.
“European and Domestic Legislation” refers to the GDPR and the EU Member State legislation applicable to the processing of Client Personal Data.
“GDPR” refers to Regulation (EU) 2016/679 of the European Parliament and of the Council dated 27 April 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data, repealing Directive 95/46/EC.
“Security Documentation” refers to any security certification or documentation that Datatrics makes available in relation to the Processor Services as referred to in Appendix 2.
“Security Measures” has the meaning set out in Section 7.1.1. (Security Measures on Datatrics systems).
“Sub-processors” refers to the third parties authorized under this Data Processing Agreement to process Client Personal Data in order to provide part of the Processor’s Services and/or any related technical support and described in Appendix 3.
“Subsidiary” refers to a legal entity belonging to a corporate group, which directly or indirectly controls has control or is controlled by another party.
“Supervisory Authority” refers to a "supervisory authority" as defined in the GDPR.
“Transfer Mechanisms” refers to a binding decision issued by the European Commission allowing the transfer of personal data from the EEA to a third country whose domestic law provides an adequate level of personal data protection. Where such binding decision is not available or effective, this definition refers to the EU Standard Contract Clauses approved as needed by the European Commission for the transfer of personal data, as well as the Binding Corporate Rules (BCRs).
2.2 The terms “Personal Data”, "Data Subject”, “Processor”, “Controller” and “Processing” have the meanings indicated in the GDPR.
2.3 The terms “include” and “included” are illustrative and are not the only examples of a particular concept.
2.4 Any reference to a law, regulation, statute, or other legislative act is a reference to these as amended or reformulated as required.
2.5 If this Data Processing Agreement is translated into another language and there is any discrepancy between the English text and the translated text, the English text shall prevail.
4.2 Additional Instructions. During the Term, the Client may provide Datatrics with Additional Instructions, which Datatrics may not refuse without just cause if such Additional Instructions are necessary to permit compliance of the Client with any European or domestic legislation. In all other cases, Datatrics has the faculty to negotiate the content of the Additional Instructions with the Client and will be under no obligation to implement them until an agreement is reached. Once both Parties have confirmed the Additional Instructions, these shall be considered integral part of this Data Processing Agreement.
4.3 Costs due to Additional Instructions. The Additional Instructions and/or supplements, amendments or reductions thereto shall not lead to any additional costs to Datatrics; if this is not the case, the Client acknowledges and accepts that all costs directly or indirectly due to the adjustment by Datatrics to the Additional Instructions, shall be at the exclusive expense of the Client.
5. PROCESSING OF DATA
5.1 Roles, responsibilities and instructions. The Parties acknowledge and agree that: (a) Appendix 1 describes the subject matter and details of the processing of Client Personal Data; (b) Datatrics acts as Data Processor or, depending on the circumstances, as Sub-Data Processor of the Client Personal Data under European and Domestic Legislation; (c) Client acts as Controller or Processor, as applicable, of Client Personal Data under European and Domestic Legislation; and (d) each Party shall comply with the obligations applicable to it under European and Domestic Legislation with respect to Client Personal Data.
5.2 Authorization by the third Controller. If the Client acts as Processor on behalf of a Subsidiary of the Client or other Controller, Client represents and warrants Datatrics that the instructions and actions of the former in relation to Client Personal Data, including the appointment of Datatrics, have been authorized by the respective Controller.
5.4 Datatrics compliance with the instructions. Datatrics shall comply with the instructions given in Section 5.3 unless the European or National Legislation to which it is subject requires Datatrics to conduct different or further processing of Client Personal Data (e.g., transfer of Personal Data to a third country or international organization), in which case Datatrics shall promptly inform Client at the Notification E-mail Address (unless such legislation prohibits Datatrics from doing so on significant grounds of public interest).
6. RETURN OR DELETION OF DATA
7. DATA SECURITY
7.1 Security measures and assistance by Datatrics.
7.1.1 Security Measures on Datatrics systems. Datatrics shall adopt and maintain technical and organizational measures to protect Client Personal Data from accidental or unlawful destruction, loss, alteration, unauthorized disclosure or access as described in Appendix 2. Taking into account the state of the art and the costs of implementation, as well as the nature, scope, context and purpose of the processing carried out through the Processor Services, as well as the variability, likelihood and severity of the risk to the rights and freedoms of natural persons, Appendix 2 shall at all times include security measures: (a) to help ensure the ongoing confidentiality, integrity, availability and resilience of Datatrics systems and services; (b) to help restore personal data promptly following an incident; and (c) to periodically verify effectiveness of the measures. Datatrics may update or amend the Security Measures from time to time, provided that such updates and modifications do not lead to degradation of the overall security of Processor Services.
7.1.2 Security Measures for Datatrics personnel. Datatrics shall take appropriate steps to ensure compliance with the Security Measures by all persons operating under its authority, including its employees and Subprocessors, insofar as applicable to the scope of their services, including assurances that all persons authorized to process Client Personal Data have signed non-disclosure agreements or are subject to appropriate statutory obligations to of confidentiality in accordance with European and Domestic Legislation.
7.1.3 Datatrics data security assistance. Datatrics shall reasonably assist the Client in ensuring compliance with any obligations regarding the security of personal data and personal data breaches, including (if applicable) the obligations of the Controller pursuant to Articles 32 to 34 of the GDPR, through:
(a) the implementation and maintenance of Security Measures in accordance with Section 7.1.1.;
(b) the implementation of the provisions of Section 7.2; and
(c) providing the Client with Security Documentation in accordance with Section 7.5.1 and the information provided for in this Data Processing Agreement.
7.2 Data Breach.
7.2.1 Due Diligence. Datatrics adopts due diligence in monitoring the security of Client Personal Data processed in the provision of the Processor Services.
7.2.2 Data Breach Notification. In the event Datatrics becomes aware of a Data Breach, Datatrics shall: (a) inform the Client of the Data Breach without undue delay; and (b) promptly take reasonable steps to mitigate any damage and secure the Client Personal Data; (c) cooperate with the Client in the investigation of the causes and gravity of the Data Breach.
7.2.3. Data Breach Details. Notifications made pursuant to Section 7.2.2 shall describe the details of the incident (also through additional notifications), including the categories and approximate number of Data Subjects involved and the personal data records affected, the potential risks to the Data Subjects and the steps that the Datatrics has taken or recommends the Client adopts to address the Data Breach and mitigate its effects. If it is not possible to provide the above specific information within the time allowed, Datatrics shall explain the reasons for the delay to the Client, in any case providing the Client with any initial information concerning the breach for the purposes of the related notification.
7.2.4 Data Breach Notification. Datatrics shall deliver notification of any Data Breach to the Notification E-mail Address.
7.3 Client security responsibility and assessment.
7.3.1 Client Security Responsibilities. Without prejudice to the obligations of Datatrics under Sections 7.1 and 7.2, the Client acknowledges that it is the sole party responsible for the use of the Processor Services, including the protection of authentication credentials, systems and devices used by the Client to access the Processor Services.
7.4 Security Certification. To evaluate and help ensure the continued effectiveness of the Security Measures, Datatrics may, at its sole discretion, supplement the Security Measures and Security Documentation with certifications (e.g., ISO27001), codes of conduct and/or certification procedures.
7.5 Checks and Audits.
7.5.1 Security Documentation Review. In order to demonstrate Datatrics compliance with its obligations under this Data Processing Agreement, Datatrics shall make information on the technical, organizational and security measures available to the Client, in addition to any other information available and necessary for Client compliance with regulations, and which should be formally requested in writing by the Client for compliance with its legal obligations and to demonstrate the adoption of adequate technical and organizational measures.
7.5.2 Client Audit Rights. The parties agree that: (a) Datatrics shall contribute to the inspection and audit activities the Client wishes to conduct, either directly or through a third party appointed by the latter; (b) such activities shall be conducted with a view to safeguarding normal Datatrics operations; (c) the use of the information which the Client and any third party appointed by the Client should become aware of during the audit must be previously regulated by a specific non-disclosure agreement.
7.5.3 Further Conditions for Audits. To conduct an audit: (a) the Client shall send the request for audit to Datatrics pursuant to Section 7.5.2(a) as described in Section 12.1, giving notice of at least 90 (ninety) calendar days, it being understood that such activities may not be conducted by the Client more than once (1 time) per year and, in any case, if less than 12 (twelve) months have passed since the last audit by the Client; (b) upon receipt of a request pursuant to Section 7.5.3(a) from the Client, Datatrics undertakes to discuss and agree in advance on the start date, scope and duration, security and confidentiality controls applicable to the audit pursuant to Section 7.5.2(a); (c) nothing in this Data Processing Agreement shall require the Datatrics to disclose or grant access by the Client or third-party auditor to: (i) data of any other client of Datatrics; (ii) any Datatrics internal accounting or financial information; (iii) any Datatrics trade secret or know-how; (iv) any information that could compromise the security of Datatrics systems or premises; or cause Datatrics to breach its obligations under European and Domestic Legislation or its security obligations toward the Client or third parties; or (v) any information to which the Client or third-party auditor seeks access for reasons other than the fulfillment in good faith of the Client’s obligations under European and Domestic Legislation; (d) audits shall be subject to a confidentiality agreement between all parties involved.
7.5.4 Costs. The Client acknowledges and accepts that its costs due to the conduction of audits pursuant to this Section 7.5 (such as, for example, the costs of Client personnel and Client external consultants) shall be at its exclusive expense.
8. DATA PROTECTION IMPACT ASSESSMENTS AND PRIOR CONSULTATION
Datatrics agrees (considering the nature of the processing and the information available to Datatrics) to provide the Client with any reasonable assistance in ensuring compliance with any obligations of the Client regarding data protection impact assessment and prior consultation, including any obligations of the Client pursuant to articles 35 and 36 of the GDPR. The Client shall be responsible to the extent legally permitted for any costs and expenses arising from any such assistance by Datatrics.
9. RIGHTS OF DATA SUBJECTS
9.1 Response to Data Subject requests. Datatrics ensures adequate protection of the rights of Data Subjects, assisting the Client in the fulfillment of its obligation to follow up requests from Data Subjects to exercise their rights, even if such requests are received by Datatrics. In this event, Datatrics will invite the Data Subject to submit their communication directly to the Client and the Client will be responsible for responding to such request.
9.2 Datatrics assistance in Data Subject requests. Datatrics agrees (considering the nature of the Client Personal Data processing) to provide reasonable assistance to the Client in the fulfillment of its obligations regarding their rights pursuant to Chapter III GDPR through: (a) where possible, the provision of specific functionalities in the Processor Services; (b) compliance with the commitments pursuant to Section 9.1 (Response to Data Subject requests). The Client shall be responsible to the extent legally permitted for any costs and expenses arising from any such assistance by Datatrics.
10. DATA TRANSFERS
10.1 Data storage and processing facilities. The Client agrees and authorizes Datatrics to process (also through Subprocessors) Client Personal Data both within and outside the EEA, provided that such processing is supported by suitable Transfer Procedures, to be indicated in Appendix 3.
11.1 Authorization to use Subprocessors. The Client shall grant a general authorization to use Subprocessors for provision of the Processor Services.
11.2 Authorized Subprocessors. The Sub-processors currently engaged by Datatrics and authorized by the Client are available in Appendix 3 of this Data Processing Agreement.
If the Client does not object to the engagement of a third party in accordance with Section 11.4(b), that third party will be deemed an Authorized Subcontractor for the purposes of this Data Processing Agreement.
12. DATATRICS CONTACTS
12.1 Datatrics Contacts. The Client may contact Datatrics with regard to all aspects of this Data Processing Agreement through a) firstname.lastname@example.org; or b) the email addresses used by Datatrics during provision of the Processor Services to receive certain notifications from the Client concerning this Data Processing Agreement.
13.2 Existing agreements. The Parties agree that this Data Processing Agreement shall replace any existing data processing agreement or similar document that the parties may have previously entered into in connection with the Service.
Appendix 1: Details of Data Processing
Nature and Purpose of Processing
The provision of the Datatrics Platform and of the Services. The Services offered by Datatrics are a SaaS by means of which the Client can bring data from various internal and external sources together in one central environment, in order to:
- centralize internal and external data sources;
- create unique users and customers profiles;
- predict customers and users’ needs by means of algorithms and machine learning;
- create relevant and personalized customer and user journeys;
- provide automated dynamic content through different platforms; and/or
- create relevant and personalized content.
Datatrics shall process Client Personal Data in order to provide the Processor Services in accordance with the instructions contained in the Data Processing Agreement. The Client Personal Data shall be used as a starting point for predictions in order to allow the Client to:
- show relevant content to its users and customers;
- profile its users and customers;
- carry out direct marketing activities to its users and customers;
- link together data (bases) of its users and customers;
- create personalized contents for its users and customers.
Duration of processing
Categories of personal data and Categories of data subjects
Depending on the Processor Services, Client Personal Data may include the following:
Special Category of Personal Data processed (if applicable)
Datatrics does not want to, nor does it intentionally, collect or process any Special Category of Personal Data as defined under Article 9 of the GDPR in connection with the provision of the Datatrics Platform and of the Services.
Appendix 2: Security measures
As from the Date of Effect, Datatrics shall implement and maintain the Security Measures set out at the following link: https://www.datatrics.com/gdpr-and-data-privacy
Datatrics may periodically update or amend the following Security Measures, provided that such updates and amendments do not lead to a deterioration of the overall security of the Processor Services or in any case to a decrease in the security level agreed.
Appendix 3: Sub processors
Part of the activities that allow Datatrics to provide the Processor Services may be delegated to Sub processors: