SaaS订阅协议

Posted: September 2, 2021

Effective: September 2, 2021 – July 4, 2023

您可在此处查看最新协议。

This SaaS Agreement (“Agreement“) is entered into by and between Digify set forth below (“Company“) and the entity or person placing an order for or accessing any Services (“Customer” or “you”). If you reside in the United States and Canada, you are entering into this contract with Digify, Inc. If you reside outside of the United States and Canada you are entering into this contract with Digify Pte Ltd, a company registered in Singapore. If you are accessing or using the Services on behalf of your company, you represent that you are authorized to accept this Agreement on behalf of your company, and all references to “you” or “Customer” reference your company.

This Agreement permits Customer to purchase subscriptions to online software-as-a-service products and other services from Company pursuant to any Company ordering documents, online registration, order descriptions or order confirmations referencing this Agreement (“Order Form(s)“) and sets forth the basic terms and conditions under which those products and services will be delivered. This Agreement will govern Customer’s initial purchase on the Effective Date as well as any future purchases made by Customer that reference this Agreement. Each Service is provided on a subscription basis for a set term designated on the Order Form (each, a “Subscription Term“).

Modifications to this Agreement: From time to time, Company may modify this Agreement. Unless otherwise specified by Company, changes become effective for Customer upon renewal of Customer’s current Subscription Term (as defined below) or entry into a new Order Form. Company will use reasonable efforts to notify Customer of the changes through communications via Customer’s account, email or other means. Continued use of the Services after the updated version of this Agreement goes into effect will constitute Customer’s acceptance of such updated version. If the Customer objects to such changes, Customer may terminate the applicable Subscription Term and receive as its sole remedy a refund of any fees Customer has pre-paid for use of the applicable Services for the terminated portion of the Subscription Term.

BY INDICATING YOUR ACCEPTANCE OF THIS AGREEMENT OR ACCESSING OR USING ANY SERVICES, YOU ARE AGREEING TO BE BOUND BY ALL TERMS, CONDITIONS, AND NOTICES CONTAINED OR REFERENCED IN THIS AGREEMENT. IF YOU DO NOT AGREE TO THIS AGREEMENT, PLEASE DO NOT USE ANY SERVICES. FOR CLARITY, EACH PARTY EXPRESSLY AGREES THAT THIS AGREEMENT IS LEGALLY BINDING UPON IT.

  1. SAAS SERVICES

    1. Subject to the terms of this Agreement and during the Subscription Term specified in an applicable order, Company will use commercially reasonable efforts to provide Customer the Services in accordance with this Agreement and the Service Level Terms at Schedule 1. As part of the registration process, Customer will identify an administrative user name and password for Customer’s Company account.

    2. If Customer receives free access or a trial or evaluation subscription to the Service (a “Trial Subscription“), then Customer may use the Services in accordance with the terms and conditions of this Agreement for a period of seven (7) days or such other period granted by Company (the “Trial Period“). Trial Subscriptions are permitted solely for Customer’s use to determine whether to purchase a paid subscription to the Services. Trial Subscriptions may not include all functionality and features accessible as part of a paid Subscription Term. If Customer does not enter into a paid Subscription Term, this Agreement and Customer’s right to access and use the Services will terminate at the end of the Trial Period. Company has the right to terminate a Trial Subscription at any time for any reason. NOTWITHSTANDING ANYTHING TO THE CONTRARY IN THIS AGREEMENT, Company WILL HAVE NO WARRANTY, INDEMNITY, SUPPORT, OR OTHER OBLIGATIONS WITH RESPECT TO TRIAL SUBSCRIPTIONS.

  2. RESTRICTIONS AND RESPONSIBILITIES

    1. Customer will not (a) use the Services in excess of the scope of use specified in an applicable Order Form, or (b) directly or indirectly: reverse engineer the Services or any software, documentation or data related to the Services (“Software”); modify, translate, or create derivative works based on the Services or any Software; (c) use the Services or any Software for timesharing or service bureau purposes; or (d) remove any proprietary notices or labels.

    2. Customer represents, covenants, and warrants that Customer will use the Services only in compliance with this Agreement and all applicable laws and regulations. Customer hereby agrees to indemnify and hold harmless Company against any damages, losses, liabilities, settlements and expenses (including without limitation costs and attorneys’ fees) in connection with any claim or action that arises from an alleged violation of the foregoing or otherwise from Customer’s use of Services (including but not limited to content Customer uses in conjunction with the Services). Although Company has no obligation to monitor Customer’s use of the Services, Company may do so and may prohibit any use of the Services it believes may be in violation of the foregoing.

    3. Customer shall be responsible for obtaining and maintaining any equipment and ancillary services needed to connect to, access or otherwise use the Services, including, without limitation, modems, hardware, servers, software, operating systems, networking, web servers and the like (collectively, “Equipment”), other than the provided equipment (if any) specified in Exhibit A. Customer shall also be responsible for maintaining the security of the Equipment, Customer account, passwords and files, and for all uses of Customer account or the Equipment with or without Customer’s knowledge or consent.

    4. The Service is subject to the scope of use specified in the applicable Order Form. Customer agrees that it is solely responsible for the nature and content of all materials, works, data, statements, and other visual, graphical, video, written or audible communications of any nature submitted by Customer or otherwise used through its Account. Customer agrees not to use or permit the use of the Service: (a) to communicate any message or material that is defamatory, harassing, libelous, threatening, or obscene; (b) in a way that violates or infringes upon the intellectual property rights or the privacy or publicity rights of any person or entity or that may otherwise be unlawful or give rise to civil or criminal liability; (c) in any manner that is likely to damage, disable, overburden, or impair the Service or interfere in any way with the use or enjoyment of the Service by others; (d) to introduce any Malware or other malicious activity in Customer’s use of the Service; (e) in violation of any export law or regulation; or (f) in any way that constitutes or encourages conduct that could constitute a criminal offense.

    5. Each party acknowledges it is responsible to comply with all applicable requirements of the General Data Protection Regulation (GDPR) and any national implementing laws, regulations and secondary legislation, as amended or updated from time to time. The Parties acknowledge that:

      1. If the Company processes any personal data on the Customer’s behalf when performing its obligations under this Agreement, the Customer is the data controller and the Company is the data processor for the purposes of the GDPR;

      2. The Data Processing Addendum attached hereto in Schedule 2 to this Agreement sets out the parties’ obligations under the GDPR; and

      3. The personal data may be transferred or stored outside the EU or the country where the Customer and the authorized users are located in order to carry out the Service and the Company’s other obligations under this Agreement.

    6. Company may at any time suspend any use of the Service and/or remove or disable any content as to which Company reasonably and in good faith believes is in violation of this Agreement. Company agrees to provide Customer with notice of any such suspension or disablement before its implementation unless such suspension or disablement is necessary to comply with legal process, regulation, order or prevent imminent harm to the Service or any third party, in which case Company will notify Customer to the extent allowed by applicable law of such suspension or disablement as soon as reasonably practicable thereafter.

  3. CONFIDENTIAL INFORMATION AND PROPRIETARY RIGHTS.

    1. Either party has disclosed, or may disclose, business, technical or financial information relating to its business (“Confidential Information.”) Confidential Information of Company includes non-public information regarding features, functionality and performance of the Service. Confidential Information of Customer includes non-public data provided by Customer to Company to enable the provision of the Services (“Customer Data.”) A party receiving confidential information (“Receiving Party”) from the party disclosing Confidential Information (“Disclosing Party”) agrees: (a) to take reasonable precautions to protect such Confidential Information, and (b) not to use (except in performance of the Services or as otherwise permitted in this Agreement) or divulge to any third person any such Confidential Information. The obligations of confidentiality stated in this section shall survive for five (5) years from the last date Customer uses the Service.

    2. The Disclosing Party agrees that the foregoing shall not apply with respect to any information that: (a) the information is or becomes generally available to the public; or (b) was in its possession or known by it prior to receipt from the Disclosing Party; or (c) was rightfully disclosed to it without restriction by a third party; or (d) was independently developed without use of any Confidential Information of the Disclosing Party; or (e) is required to be disclosed by law.

    3. Notwithstanding the foregoing, each Party may disclose Confidential Information to the limited extent required: (a) to comply with the order of a court or other governmental body, or as otherwise necessary to comply with applicable law, provided that the party making the disclosure pursuant to the order shall first have given written notice to the other party and made are a reasonable effort to obtain a protective order; or (b) to establish a party’s rights under this Agreement, including to make required court filings; or (c) in confidence, to legal counsel, consultants, accountants, banks, and financing sources, and their advisors; (d) the terms and conditions of this Agreement in confidence, in connection with an actual or proposed merger, acquisition, or similar transaction; or (e) to respond to an emergency which Company believes in the good faith should be disclosed to assist in preventing the death or serious bodily injury of any person or material damage to property.

    4. Company shall own and retain all right, title and interest in and to (a) the Services and Software, including all improvements, enhancements or modifications thereto, (b) any software, applications, inventions or other technology developed in connection with Implementation Services, and (c) all intellectual property rights related to any of the foregoing.

    5. Company shall have the right to collect and analyze data and other information relating to the provision, use and performance of various aspects of the Services and development of related systems and technologies.

  4. PAYMENT OF FEES

    1. Customer will pay Company the fees specified in the applicable Order Form (the “Fees”). If Customer believes that Company has billed Customer incorrectly, Customer must contact Company no later than 30 days after the closing date on the first billing statement in which the error or problem appeared, in order to receive an adjustment or credit. Inquiries should be directed to Company’s customer support department.

    2. Fees are due and payable thirty (30) days after the date of the invoice, unless (a) Customer is paying via Credit Card or (b) otherwise specified in the applicable Order Form. Unpaid amounts are subject to a finance charge of 1.5% per month on any outstanding balance, or the maximum permitted by law, whichever is lower, plus all expenses of collection and may result in immediate termination of Service. Customer shall be responsible for all taxes associated with Services other than taxes based on Company’s net income. All fees are non-cancelable and non-refundable, except where expressly set forth in Section 7 (IP Indemnification).

    3. If Customer is paying via Credit Card, and agreeing to purchase any Services, Customer hereby authorizes Company (or its designee) to automatically charge Customer’s Credit Card on the same date of each calendar month (or the closest prior date, if there are fewer days in a particular month) during the Subscription Term for all fees in accordance with the applicable Order Form. Customer acknowledges and agrees that the amount billed and charged each month may vary depending on Customer’s use of the Services and may include subscription fees for the remainder of Customer’s applicable billing period and overage fees for the prior month.

  5. RENEWALS, TERM AND TERMINATION

    1. Subject to earlier termination as provided below, this Agreement is effective as of the Effective date. It shall remain in effect unless terminated; provided that this Agreement shall automatically terminate upon the earlier of (a) the termination or expiration of all Subscription Terms or (b) termination as provided in Section 5.2 below. Unless otherwise specified on the applicable Order Form, each Subscription Term will automatically renew for additional period of the initial Subscription Term specified on the order form unless either party gives the other written notice of termination before the expiration of the then-current Subscription Term.

    2. Either party may terminate this if the other party materially breaches any of the terms or conditions of this Agreement and such breach remains uncured following thirty (30) days written notice to the other party. Customer will pay in full for the Services up to and including the last day on which the Services are provided. Upon any termination, Company will make all Customer Data available to Customer for electronic retrieval for a period of thirty (30) days, but thereafter Company may, but is not obligated to, delete stored Customer Data. All sections of this Agreement which by their nature should survive termination will survive termination, including, without limitation, accrued rights to payment, confidentiality obligations, warranty disclaimers, and limitations of liability.

  6. WARRANTY AND DISCLAIMER

    Company warrants that (a) the Services will confirm with the applicable documentation, and (b) the Services will be delivered in a professional and workmanlike manner. Services may be temporarily unavailable for scheduled maintenance or for unscheduled emergency maintenance, either by Company or by third-party providers, or because of other causes beyond Company’s reasonable control, but Company shall use reasonable efforts to provide advance notice in writing or by e-mail of any scheduled service disruption. HOWEVER, COMPANY DOES NOT WARRANT THAT THE SERVICES WILL BE UNINTERRUPTED OR ERROR FREE; NOR DOES IT MAKE ANY WARRANTY AS TO THE RESULTS THAT MAY BE OBTAINED FROM USE OF THE SERVICES. EXCEPT AS EXPRESSLY SET FORTH IN THIS SECTION, THE SERVICES ARE PROVIDED “AS IS” AND COMPANY DISCLAIMS ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT.

  7. IP INDEMNIFICATION

    1. Company will defend Customer against any third party claim that the Service infringes a patent, registered trademark, or copyright of a third party, or misappropriates a trade secret (to the extent that such misappropriation is not the result of Customer’s actions) (“Claim Against Customer“), and will indemnify Customer for the resulting costs and damages finally awarded against Customer to such third party by a court of competent jurisdiction or agreed to in settlement. To the extent permitted by law, Company will have no liability to Customer under this Section 7.1 for any Claim Against Customer that arises out of: (a) any unauthorized use, reproduction, or distribution of the Service by Customer; (b) use of the Service in combination with any other software or equipment not supported by Company; or (c) any modification or alteration of the Service by anyone other than Company without the written approval of Company. In the event of a Claim Against Customer pursuant to this Section 7.1, Company may (at Company’s option and expense): (i) obtain for Customer the right to continue using the Service; (ii) modify the Service to make it non-infringing; or (iii) if subsections (i) and (ii) are not commercially viable (as determined by Company in its sole discretion), terminate this Agreement and refund Customer on a pro-rated basis any Fees pre-paid to Company for the corresponding unused period of the Service.

    2. As a condition of receiving an indemnification under this Agreement, Customer will provide Company with (i) prompt written notice of the claim; (ii) complete control over the defense and settlement of the claim (provided, that the Company will not settle any claim without the Customer’s prior written permission, which will not be unreasonably withheld, delayed or conditioned, in the event the settlement fails to unconditionally release the Customer from all liability pertaining to such claim); and (iii) such assistance in connection with the defense and settlement of the claim, at the Customer’s expense, as the Company may reasonably request.

  8. LIMITATION OF LIABILITY

    NOTWITHSTANDING ANYTHING TO THE CONTRARY, NEITHER PARTY SHALL BE RESPONSIBLE OR LIABLE FOR ANY INDIRECT, EXEMPLARY, INCIDENTAL, SPECIAL OR CONSEQUENTIAL DAMAGES; OR FOR ANY AMOUNTS THAT, TOGETHER WITH AMOUNTS ASSOCIATED WITH ALL OTHER CLAIMS, EXCEED THE FEES PAID BY CUSTOMER TO COMPANY FOR THE SERVICES UNDER THIS AGREEMENT IN THE 12 MONTHS PRIOR TO THE ACT THAT GAVE RISE TO THE LIABILITY, IN EACH CASE, WHETHER OR NOT COMPANY HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.

  9. PUBLICITY

    1. Press Releases. Neither party will issue any press release or similar publicity regarding the parties’ relationship under this Agreement without the other’s written approval.

    2. Identification of Customer. Company may identify Customer, by name and by logo, as a customer of the Services on Company’s website and other marketing materials.

    3. Case Study. Provided Customer is satisfied with the Services, Company may develop a case study for public dissemination and marketing use by Company describing the benefits Customer has derived from the Services. Customer will reasonably cooperate with such case study. Publishing shall be subject to Customer’s prior written approval, not to be unreasonably withheld.

  10. MISCELLANEOUS

    1. If any provision of this Agreement is found to be unenforceable or invalid, that provision will be limited or eliminated to the minimum extent necessary so that this Agreement will otherwise remain in full force and effect and enforceable. Neither party shall be liable to the other for any delay or failure to perform any of the obligations set forth under this Agreement due to any act of God and/or force majeure causes beyond its reasonable control, including but not limited to hurricane, fire, flood, earthquake, terrorism or similar acts. This Agreement is not assignable, transferable or sublicensable by Customer except with Company’s prior written consent. Company may transfer and assign any of its rights and obligations under this Agreement without consent. This Agreement is the complete and exclusive statement of the mutual understanding of the parties and supersedes and cancels all previous written and oral agreements, communications and other understandings relating to the subject matter of this Agreement, and that all waivers and modifications must be in a writing signed by both parties, except as otherwise provided herein. No agency, partnership, joint venture, or employment is created as a result of this Agreement and Customer does not have any authority of any kind to bind Company in any respect whatsoever. In any action or proceeding to enforce rights under this Agreement, the prevailing party will be entitled to recover costs and attorneys’ fees. All notices under this Agreement will be in writing and will be deemed to have been duly given when received, if personally delivered; when receipt is electronically confirmed, if transmitted by facsimile or e-mail; the day after it is sent, if sent for next day delivery by recognized overnight delivery service; and upon receipt, if sent by certified or registered mail, return receipt requested. This Agreement shall be governed by the laws of the State of California without regard to its conflict of laws provisions. Any disputes hereunder will be resolved via binding arbitration in San Francisco, California under the rules of the American Arbitration Association.

    2. If you reside in the United States and Canada, this Agreement shall be governed by the laws of the State of California without regard to its conflict of laws provisions. Any disputes hereunder will be resolved via binding arbitration in San Francisco, California under the rules of the American Arbitration Association.

    3. If you reside outside of the United States and Canada, this Agreement shall be governed by the laws of Singapore without regard to its conflict of laws provisions. Any dispute arising out of or in connection with this contract, including any question regarding its existence, validity or termination, shall be referred to and finally resolved by arbitration administered by the Singapore International Arbitration Centre (“SIAC”) in accordance with the Arbitration Rules of the Singapore International Arbitration Centre (“SIAC Rules”). The seat of the arbitration shall be Singapore.

Schedule 1

Service Level Terms (applies to Enterprise plan only)

  1. Service Availability

    The Services shall be available 99.9%, measured monthly, excluding holidays and weekends and scheduled maintenance. If Customer requests maintenance during these hours, any uptime or downtime calculation will exclude periods affected by such maintenance. Further, any downtime resulting from outages of third-party connections or utilities or other reasons beyond Company’s control will also be excluded from any such calculation. Customer’s sole and exclusive remedy, and Company’s entire liability, in connection with Service availability shall be that for each period of downtime lasting longer than one hour, Company will credit Customer 5% of Service fees for each period of 30 or more consecutive minutes of downtime; provided that no more than one such credit will accrue per day. Downtime shall begin to accrue as soon as Customer (with notice to Company) recognizes that downtime is taking place, and continues until the availability of the Services is restored. In order to receive downtime credit, Customer must notify Company in writing within 24 hours from the time of downtime, and failure to provide such notice will forfeit the right to receive downtime credit. Such credits may not be redeemed for cash and shall not be cumulative beyond a total of credits for one (1) week of Service Fees in any one (1) calendar month in any event. Company will only apply a credit to the month in which the incident occurred. Company’s blocking of data communications or other Service in accordance with its policies shall not be deemed to be a failure of Company to provide adequate service levels under this Agreement.

    The scheduled time for maintenance is 9 p.m. to 3 a.m. PST/PDT, and may be used by Company with no advance notification to Customer. We may expand these scheduled times provided that we notify you at least one day in advance. In addition, in the event that we in our sole discretion determine that any unscheduled maintenance is necessary, we will use commercially reasonable efforts to notify you.

    The rights and remedies granted under this SLA apply to you only if you are a current subscriber of the Services. This SLA describes your sole remedy, and our entire obligation, if we fail to satisfy our uptime guarantee. This SLA does not diminish or override the disclaimer of warranties in the Agreement to which this SLA is attached (except as expressly stated therein).

Schedule 2

数据处理协议

This Data Processing Agreement with EU Standard Contractual Clauses (Processors), (the “DPA”) forms part of the Customer Terms of Service found at https://digify.com/legal.html, unless Customer has entered into a superseding written Enterprise master service agreement between , Digify Inc. (together, “Company”) and the customer agreeing to these terms (the “Agreement”).

  1. Details of Processing. Details of Company’s role as a processor of Personal Data under the Agreement are set forth below:

    1. 个人数据处理的主题事项:公司向客户提供服务。

    2. 个人数据处理期限:合约期限,以及合约期限届满后至公司删除客户数据期间的任何时段。

    3. 个人数据处理的性质与目的:使客户能够接收、公司能够提供协议中规定的服务及其他义务。

    4. 个人数据类别:若客户数据包含个人数据,其可能包含最终用户的身份识别信息和组织数据,以及最终用户通过服务存储或传输的电子形式文件、图像及其他内容或数据。

    5. 数据主体:若客户数据包含个人数据,则可能涉及客户的最终用户,以及与这些最终用户协作或共享数据的任何个人。

  2. 适用范围。本数据处理协议适用如下:

    1. 欧盟标准合同条款适用于本协议所定义的服务所处理的数据,以及未来服务的变化;

    2. 本协议作为附件B所附的《GDPR补充条款》仅在欧盟数据保护法要求的范围内适用,并将于2018年5月25日生效。

  3. Effect of DPA. If a provision in this DPA conflicts with a provision in the Agreement, then this DPA will control. The Agreement will remain in full force and effect and will be unchanged except as modified by this DPA. This DPA and the EU Standard Contractual Clauses will terminate automatically upon expiration or termination of the Agreement.

附件A

委员会决定C(2010)593

欧盟标准合同条款(处理者)

根据《95/46/EC指令》第26(2)条规定,向未确保充分数据保护水平的第三国设立的数据处理者转移个人数据时

数据导出机构名称:与Digify Inc签订Digify服务协议的客户方

(“数据出口方”)

以及

数据导入机构名称:Digify, Inc.

地址:美国加利福尼亚州旧金山市汤森街350号746室,邮编94107

(“数据导入方”)

每一方均为“一方”;合称“双方”。

双方已就下列合同条款(以下简称"条款")达成一致,旨在为数据出口方向数据进口方转移附录1所列个人数据时,提供充分保障以保护个人隐私及基本权利和自由。

条款1

定义

  1. ““个人数据”、“特殊类别数据”、“处理/处理活动”、“控制者”、“处理者”、“数据主体”和“监管机构”的含义与1995年10月24日欧洲议会和理事会关于在处理个人数据时保护个人以及此类数据自由流动的第95/46/EC号指令中的定义相同;

  2. “数据出口方”指转移个人数据的控制者;

  3. “数据接收方”指同意接收数据移交方提供的个人数据的处理者,该数据经移交后将根据其指示及条款规定代其处理,且不受《95/46/EC指令》第25(1)条所指第三国充分保护制度约束的处理者。

  4. “次级处理者”指由数据进口方或其任何其他次级处理者聘用的任何处理者,该处理者同意从数据进口方或其任何其他次级处理者处接收个人数据,且该等数据专用于在数据转移后根据其指示、条款及书面分包合同的条款,代表数据出口方进行处理活动。

  5. “适用数据保护法”指保护个人基本权利和自由的立法,特别是关于个人数据处理的隐私权立法,该立法适用于数据出口方所在成员国的数据控制者;

  6. “技术和组织安全措施”是指旨在保护个人数据免遭意外或非法销毁、意外丢失、篡改、未经授权的披露或访问(特别是当处理涉及通过网络传输数据时),以及免遭其他所有非法处理形式的措施。

条款2

转账详情

转移的具体细节,特别是涉及特殊类别的个人数据时,均详见附录1,该附录构成条款不可分割的组成部分。

条款3

第三方受益人条款

  1. 数据主体可作为第三方受益人,就本条款、第4条(b)至(i)项、第5条(a)至(e)项及(g)至(j)项、第6条第(1)及(2)款、第7条、第8条第(2)款以及第9至12条向数据出口方主张权利。

  2. 数据主体可就本条款、第5条(a)至(e)项及(g)项、第6条、第7条、第8条第(2)款 及第9至12条。但若数据出口方已实际消失或依法终止存在,且无任何继受实体通过合同或法律效力承接数据出口方的全部法律义务,从而获得数据出口方的权利与义务,则数据主体可向该继受实体主张权利。

  3. 数据主体可向次级处理者主张本条款、第5条(a)至(e)项及(g)项、第6条、第7条、第8条第(2)款 第9至12条的权利,前提是数据出口方与数据进口方均已实际消失、依法终止存在或陷入破产状态,除非存在继受实体通过合同约定或法律效力承接数据出口方的全部法律义务,从而取得数据出口方的权利与义务——在此情形下,数据主体可向该继受实体主张权利。 次级处理者的此类第三方责任应限于其根据条款进行的自身处理操作。

  4. 各方不反对数据主体在明确表示意愿且符合国家法律规定的情况下,由协会或其他机构代表其行事。

第4条

数据出口方的义务

数据出口方同意并保证:

  1. 个人数据的处理(包括数据转移本身)已且将继续按照适用数据保护法的相关规定进行(如适用,已向数据出口方所在成员国的相关主管机构进行通知),且不违反该国的相关规定;

  2. 其已指示且在整个个人数据处理服务期间将指示数据接收方仅代表数据移交方处理所转移的个人数据,并遵守适用的数据保护法律及条款;

  3. 数据接收方将就本合同附录2所规定的技术和组织安全措施提供充分保障;

  4. 在评估适用数据保护法的要求后,安全措施应足以保护个人数据免遭意外或非法销毁、意外丢失、篡改、未经授权的披露或访问——尤其当处理涉及通过网络传输数据时——并防止所有其他非法处理形式; 且这些措施应确保达到与处理活动风险及待保护数据性质相适应的安全水平,同时兼顾技术现状及实施成本;

  5. 确保遵守安全措施;

  6. 若转移涉及特殊类别的数据,则数据主体已获知或将在转移前或转移后尽快获知其数据可能被传输至未提供《95/46/EC指令》所指充分保护的第三国;

  7. 若数据出口方决定继续数据转移或解除暂停,则须将数据进口方或任何次级处理方根据第5(b)条及第8(3)条发出的任何通知转发至数据保护监管机构;

  8. 应数据主体要求,提供条款副本(附录2除外)、安全措施的简要说明,以及根据条款必须签订的任何次级处理服务合同副本,除非条款或合同包含商业信息,在此情况下可删除此类商业信息;

  9. 在发生再处理的情况下,该处理活动应由再处理者按照第11条进行,且该再处理者对个人数据及数据主体权利的保护水平至少与数据进口方根据本条款所提供的保护水平相当;

  10. 确保符合第4(a)至(i)款的规定。

第五条

数据进口方的义务

数据导入方同意并保证:

  1. 仅代表数据出口方处理个人数据,并遵守其指示及条款规定;若因任何原因无法履行此项义务,应立即通知数据出口方其无法履行的情况,在此情况下,数据出口方有权暂停数据传输和/或终止合同;

  2. 其无理由相信适用法律会妨碍其履行数据出口方所作指示及合同义务;若相关法律发生变更可能对条款所载保证与义务产生重大不利影响, 其将在知悉后立即将变更通知数据出口方,在此情况下数据出口方有权暂停数据转移和/或终止合同;

  3. 在处理所转移的个人数据之前,已实施附录2中规定的技术和组织安全措施;

  4. 将及时通知数据出口方以下事项:

    1. 任何执法机构依法提出的个人数据披露请求,除非另有禁止规定,例如刑事法律为维护执法调查保密性而设定的禁止条款;

    2. 任何意外或未经授权的访问;以及

    3. 任何直接来自数据主体的请求,在未获授权的情况下不得不予回应;

  5. 及时妥善处理数据出口方就其处理受转移约束的个人数据提出的所有查询,并遵守监管机构关于处理所转移数据的建议;

  6. 应数据出口方的要求,将其数据处理设施提交接受条款所涵盖处理活动的审计。该审计应由数据出口方或其选定的独立成员组成的检查机构实施,该机构成员须具备所需专业资质并承担保密义务,在适用情况下,该机构成员的选定须与监管机构达成一致。

  7. 应数据主体要求,向其提供条款副本或任何现存的次级处理合同副本,除非条款或合同包含商业信息——在此情况下可删除该商业信息,但附录2除外:当数据主体无法从数据出口方处获取副本时,应以安全措施的概要说明替代该附录。

  8. 在发生次级处理时,已事先通知数据出口方并获得其事先书面同意;

  9. 分包商提供的处理服务将按照第11条的规定进行;

  10. 应立即向数据出口方发送其根据条款签订的任何次级处理者协议的副本。

第六条

责任

  1. 各方同意,任何因任一方或次级处理者违反第3条或第11条所述义务而遭受损害的数据主体,有权就所受损害向数据出口方获得赔偿。

  2. 若因数据导出方已实际消失、依法不再存在或已丧失偿付能力,导致数据主体无法依据第1款就数据导入方或其次级处理者违反第3条或第11条所述任何义务的行为向数据导出方提出赔偿主张, 数据进口方同意数据主体可向其提出索赔,视其为数据出口方;除非任何继受实体已通过合同或法律效力承担数据出口方的全部法律义务,在此情况下数据主体可向该实体主张权利。数据进口方不得以分包处理者违反义务为由免除自身责任。

  3. 若因次级处理者违反第3条或第11条所述任何义务,导致数据主体无法向第1款及第2款所述的数据出口方或数据进口方提出索赔——因数据出口方与数据进口方均已实际消失、依法终止存在或陷入破产—— 次级处理者同意,数据主体可就其自身依据条款进行的数据处理操作向次级处理者提出索赔,视其为数据出口方或数据进口方;除非任何继受实体已通过合同或法律效力承担数据出口方或数据进口方的全部法律义务,在此情况下数据主体可向该实体主张权利。 分包处理方的责任仅限于其根据条款进行的自身处理操作。

第七条

调解与管辖权

  1. 数据导入方同意,若数据主体依据条款对其主张第三方受益人权利及/或索赔损害赔偿,数据导入方将接受数据主体的决定:

    1. 将争议提交调解,由独立人士或(如适用)由监管机构进行调解;

    2. 将争议提交至数据出口方所在成员国的法院处理。

  2. 各方同意,数据主体所作的选择不应损害其依据国家或国际法其他规定寻求救济的实体或程序权利。

第八条

与监管机构的合作

  1. 数据出口方同意,若监管机构提出要求或适用数据保护法要求存放,则将本合同副本存放于监管机构处。

  2. 各方同意,监管机构有权对数据接收方及其任何次级处理方进行审计,该审计的范围和适用条件应与适用数据保护法下对数据传输方的审计相同。

  3. 数据进口方应立即告知数据出口方,存在适用于其自身或任何次级处理方的法律法规,该法规禁止根据第2款对数据进口方或任何次级处理方实施审计。在此情况下,数据出口方有权采取第5(b)条规定的措施。

第九条

适用法律

本条款应受数据出口方所在成员国法律的管辖。

第十条

合同变更

各方承诺不更改或修改本条款。这并不妨碍各方在必要时就业务相关事项增补条款,但前提是这些条款不得与本条款相抵触。

第十一条

子处理

  1. 数据接收方不得在未获得数据移交方事先书面同意的情况下,将其根据条款代表数据移交方执行的任何处理操作进行分包。 若数据接收方经数据传输方同意将本条款项下义务分包,则须通过书面协议与分包处理者订立,该协议须对分包处理者施加与数据接收方在本条款项下所受义务相同的义务。 若分包处理者未能履行该书面协议项下的数据保护义务,数据接收方仍须就分包处理者在该协议项下的义务向数据传输方承担全部责任。

  2. 数据进口方与次级处理方之间的事先书面合同还应规定:当数据主体因自身原因无法依据第6条第1款对数据出口方或数据进口方提出赔偿主张时,可适用第3条规定的第三方受益人条款。当数据主体因数据出口方或数据进口方已实际消失、依法终止存在或陷入破产且无继受实体通过合同或法律效力承接其全部法律义务时,无法依据第6条第1款向其主张赔偿请求的情形,合同应包含第3条规定的第三方受益条款。 次级处理者的此类第三方责任应限于其根据条款进行的自身处理操作。

  3. 关于第1款所述合同分包处理中涉及数据保护方面的规定,应适用数据出口方所在成员国的法律。

  4. 数据出口方应保存一份根据条款签订并由数据进口方依据第5(j)条通知的次级处理协议清单,该清单至少每年更新一次。该清单应向数据出口方的数据保护监管机构提供。

第12条

个人数据处理服务终止后的义务

  1. 双方同意,在数据处理服务终止时,数据接收方和次级处理方应根据数据导出方的选择,将所有已转移的个人数据及其副本归还给数据导出方,或销毁所有个人数据并向数据导出方证明已完成销毁,除非数据接收方所受法律约束使其无法归还或销毁全部或部分已转移的个人数据。 在此情况下,数据接收方保证将确保所转移个人数据的保密性,且不再主动处理所转移的个人数据。

  2. 数据进口方和次级处理方保证,在数据出口方和/或监管机构提出要求时,将提交其数据处理设施,以接受对第1款所述措施的审计。

补充条款

  1. 分包处理。数据接收方可委托其他公司代表其提供服务的部分内容(包括支持服务),数据提供方同意数据接收方向此类分包处理者分包处理个人数据,具体条款详见相关条款。 数据进口方将确保任何分包处理者仅在数据进口方与分包处理者书面协议规定的范围内访问和使用个人数据以提供服务。 数据出口方确认,只要数据进口方与分包处理者签订的分包处理协议至少达到本协议要求的数据保护水平,则数据进口方根据条款与分包处理者签订协议的任何适用要求均应得到充分满足。

  2. 责任。本条款应受主服务协议或服务条款中"责任限制"部分所载责任限制与免责条款的约束,数据进口方与Digify Pte Ltd的总责任合计不得超过协议规定的限额。数据出口方无权就同一损失同时向数据进口方与Digify Pte Ltd主张赔偿。

欧盟标准合同条款附录1

本附录构成条款的一部分。

数据导出器

数据出口方是本协议的客户,该协议已根据数据处理协议(DPA)进行修订。

数据导入工具

数据导入方为Digify, Inc.("公司"),一家为企业提供文件安全服务的服务商。公司提供网站、软件及移动应用程序,使用户能够在发送文件后对其进行加密、保护及追踪。公司服务亦可通过应用程序接口(API)访问。

数据主体

所转移的个人数据涉及数据出口方及其关联方的最终用户,包括数据出口方的雇员、顾问和承包商,以及任何通过数据进口方提供的服务与这些最终用户进行协作或共享的个人。

数据类别

所转移的个人数据涉及最终用户的身份识别信息和组织数据,以及最终用户通过数据接收方服务存储或传输的电子形式文件、图像及其他内容或数据。

加工操作

所转移的个人数据将接受以下基本处理活动(请具体说明):

处理范围。

数据出口方个人数据的处理范围和目的,详见作为本条款附件的数据处理协议(DPA)以及数据出口方与数据进口方之间的协议。

处理期限。

数据处理的期限将依照适用协议中规定的期限执行。

数据删除或归还。

本协议到期或终止时,数据接收方同意根据协议条款,从其服务中删除或返还数据发送方的个人数据。

数据访问权限。

数据出口方可指定一名管理员,该管理员将有权限根据协议访问数据出口方的个人数据。此外,数据出口方的个人终端用户将有权限访问与其通过特定账户访问和使用服务相关的任何个人数据,具体权限范围取决于服务功能、协议内容以及公司与该个人终端用户之间的协议约定。

子处理。

数据导入方可委托其他公司代表其提供部分服务。数据导入方将确保任何此类次级处理方仅在提供服务时访问和使用数据导出方的个人数据,且须严格遵守本协议规定。

欧盟标准合同条款附录2

数据进口方根据相关规定实施的技术和组织安全措施说明

第4(d)款及第5(c)款(或所附文件/立法):

数据隐私联系人

数据接收方的数据隐私官联系方式为:contact@digify.com

安全措施

数据导入方已实施并将持续维护适当的管理、技术和物理保护措施,以保护个人数据。

  1. 访问控制。数据导入方将采取适当措施,防止未经授权的人员访问数据处理设备。

  2. 数据访问控制。数据导入方承诺,有权使用数据处理系统的人员仅可在相应访问权限所涵盖的范围和程度内访问客户个人数据。

  3. 用户控制。数据接收方将采取适当措施,防止其数据处理系统被未经授权的人员使用。此外,数据接收方将采取适当措施,防止存储数据被未经授权的读取、复制或删除。

  4. 传输控制。数据导入方将通过使用处理方的服务来保障客户个人数据的安全。

  5. 组织控制。数据导入方将以符合数据保护法规要求的方式维护其内部组织架构。

  6. 指令控制。数据出口方向数据进口方转移的客户个人数据,仅可根据控制者的指令进行处理。

数据进口方可不时更新这些安全措施,但若数据进口方以实质削弱其中所述管理、技术或物理安全特征的方式更新安全措施,则须通知数据出口方。

附件B

Digify GDPR 补充条款

    1. Company’s Use of Sub-Processors. Customer consents to Company’s appointment of Subcontractors, including

      Sub-processors, to perform the Services. Where a Sub-processor will process Personal Data which is subject to EU Data Protection Laws, Company will ensure that the Sub-processor is subject to contractual obligations regarding Personal Data which satisfy the requirements of EU Data Protection Laws.

      Company’s subprocessors are stated here, and may be updated from time to time at https://digify.com/legal.html:

      公司名称公司所在地功能
      亚马逊网络服务公司美利坚合众国基础设施
      Chargebee, Inc美利坚合众国计费
      Facebook, Inc.美利坚合众国市场营销
      谷歌有限责任公司美利坚合众国市场营销
      对讲机公司美利坚合众国客户支持
      LinkedIn Corporation美利坚合众国市场营销
      Mailchimp美利坚合众国电子邮件服务
      微软公司美利坚合众国市场营销
      PayPal控股公司美利坚合众国计费
      Pipedrive, Inc美利坚合众国销售与支持
      Stripe, IncUnited States of America 计费
      伍特里克公司美利坚合众国客户支持
       Zapier, Inc美利坚合众国 信息解析器

      Company will remain liable for all acts or omissions of its Subcontractors or Sub-processors, and for any subcontracted obligations.

      Company may add or remove Sub-processors from time to time. If Customer objects to a change, it will provide Company with notice of its objection to contact@digify.com including reasonable detail supporting Customer’s concerns within sixty days of receiving notice of a change from Company or, if Customer has not subscribed to receive such notice, within sixty days of Company publishing the change. Company will then use commercially reasonable efforts to review and respond to Customer’s objection within thirty days of receipt of Customer’s objection. Company’s response to Customer’s objection will include, at a minimum, reasonable accommodations, if any, that Customer or Company can take to limit or prevent a new Sub-processor from acting as a processor of Customer Data when Customer makes use of the Services. If Company does not respond to a Customer objection as described above, or cannot reasonably accommodate Customer’s objection, Customer may terminate the Agreement by providing written notice to Company: (a) within thirty days of receipt of a Company response that does not comply with this Section; or (b) if Company fails to respond, within thirty days of the date Company’s response was due.

    2. Security Incidents. Company will promptly, and without undue delay, notify Customer if a Security Incident occurs, so long as applicable law allows this notice. Company may limit the scope of, or refrain from delivering, any disclosures to the extent reasonably necessary to avoid compromising the integrity of Company’s security, an ongoing investigation, or any customer’s or end user’s data. “Security Incident” means any actual unauthorized disclosure of or access to Customer Data, or compromise of Company’s systems that Company determines is reasonably likely to result in such disclosure or access, caused by failure of Company’s Security Measures and excluding any unauthorized disclosure or access that is caused by Customer or its End Users, including Customer or its End Users’ failure to adequately secure equipment or accounts. https://digify.com/terms.html

其他协议:

用户服务条款

隐私政策

数据处理协议

推荐合作伙伴协议