Terms of Service
Precoro Inc.
Last revised:
1. Definitions
We use the following terms in our Terms and Conditions:
- 1.1. “Additional Service” means a Service or an upgrade to the Platform developed by Precoro according to a separate written individual request of a User sent to Precoro that is ordered by the Customer and provided by Precoro in accordance with these Terms and such individual request, and which invokes additional fees payable by the Customer in addition to its fees under the Payment Plan. Fees for Additional Services are agreed upon individually. In any case, Precoro reserves the right to unilaterally terminate the provision of AdditionalServices at any given time without providing reasons to do so.
- 1.2. When we refer to “Precoro”,or we use pronouns like “we,” “us,” or “our,” we are referring to Precoro, Inc as well as its parents, affiliates, and subsidiaries, our Website, or our Service.
- 1.3. “Concierge Setup“ is an additional service which means all implementation and training services for which fees begin to be charged after your Precoro Account is fully set up, but in any case, no later than thirty (30) days after Precoro has started setting up your Precoro Account.
- 1.4. “Customer” means a legal entity that has Users visiting, browsing, accessing, downloading, installing, or otherwise using the Platform.
- 1.5. “Customer Data” refers to any data, information, content, records, and files that a Customer (or any of its Users) loads, receives through, transmits to, or enters into the Platform or otherwise provides to Precoro, including any and all intellectual property rights in any of the foregoing.
- 1.6. “Order Form” refers to the document setting up a special arrangement signed or executed by electronic means (including e-mail) by the Customer and Precoro at any given
- 1.7. “Party” or “Parties” means the Company and/or the Customer.
- 1.8. “Payment Plan” is a regular tariff that indicates a fee for each User and the minimum quantity of Users and shall be chosen and paid by the Customer on a regular basis according to the Terms.
- 1.9. “Platform” refers to (i) the software, hardware, and systems used by Precoro to host and make the Services available; and (ii) the Website.
- 1.10. “Precoro Account” refers to a tool that is linked to a certain User and Customer via the registration process and specific information provided during the process of creating a Precoro Account, and that allows users to sign in to the Website and use the Services available therein.
- 1.11. “Services” refers to the services provided by Precoro via the Website and which provide streamlined procurement processes for businesses. This includes the possibility of carrying out and recording requests, approvals, purchases, receipts, and to record payments for the Customer's procurements.
- 1.12. “Terms” refers to the Terms and Conditions that manage and govern relationships between Customer and Precoro and provision of Services.
- 1.13. “User” is an individual who is an employee or contractor of a Customer that is authorized by the latter to have access to and use the Platform via a Precoro Account.
- 1.14. “Website” refers to the website https://precoro.com/, which we use for the provision of Services.
2. Subject Matter and General Information
- 2.1. These Terms apply to and administer your access to and use of the Website and the Services available on it.
- 2.2. It is crucial that you read and understand these Terms. They contain limitations of our obligations to you, as well as restrictions and exemptions from our liability to you for damage that you may suffer as a result of creating a Precoro Account with us.
- 2.3. We reserve the right to amend the Terms at any time. If so, we will then post the revised version on our Website. The revised version will be effective at the time it is posted. If we change the user agreement in a way that reduces your rights or increases your responsibilities, we will provide you with 30 days prior notice by posting a notice on our Website.
- 2.4. The Company has succeeded in developing a cloud-based spend management solution for small and midsize businesses that helps automate procurement processes. The Company keeps all information in one place, which lets Users track requisitions, approvals, budgets, and orders.
3. Our Services
Creating a Precoro Account
- 3.1. You will need a Precoro Account to access the Services and Additional Services. Your Precoro Account lets you sign into Services.
- 3.2. By Creating a Precoro account, you, therefore, accept the terms associated with it. In case any of alterations or adjustments to the Terms, you hereby give your consent by continuing to use the Services after being notified of any respective changes. You agree not to use any false, inaccurate, or misleading information when signing up for your Precoro Account. You cannot transfer your Precoro Account credentials to another User, Customer, or any third party. To protect your Precoro Account, keep your Precoro Account details and password confidential. You are solely responsible for all the activity that occurs on your Precoro Account.
- 3.3. You must immediately notify Precoro of any actual or suspected unauthorized use of the Platform. Precoro reserves the right to suspend, deactivate, or replace any Precoro Account if it determines that it may have been used for an unauthorized purpose or in violation of these Terms. Limitations of Use
- 3.4. The Customer acknowledges and agrees that he/she is responsible for all Users' compliance with these Terms and any guidelines and policies published by Precoro from time to time and all Users' activities on the Platform. Without limiting the generality of any of the foregoing, the Customer will not allow, by any means, any other person (including any User) to:
- 3.4.1. use the Platform to send, upload, collect, transmit, store, use, disclose, process or ask Precoro to obtain from third parties or perform any of the above with respect to any Customer data:
- 3.4.1.1. that contains any computer viruses, worms, malicious code, or any software intended to damage or alter a computer system or data;
- 3.4.1.2. that the Customer or the applicable User does not have the lawful right to send, upload, collect, transmit, store, use, disclose, process, copy, transmit, distribute and display or process in any other way;
- 3.4.1.3. that violates any applicable law or infringes violates, or otherwise embezzles the intellectual property or other rights of any third party (including any moral right, privacy right or right of publicity, etc.); or
- 3.4.2. disable, overly burden, impair or otherwise interfere with servers or networks connected to the Platform (e.g., a denial of a service attack, etc.);
- 3.4.3. attempt to gain unauthorized access to the Platform;
- 3.4.4. use any data mining, robots, or similar data gathering or extraction methods or copy, modify, reverse engineer, reverse assemble, disassemble or decompile the Platform or any part thereof or otherwise attempt to discover any source code; except as expressly provided for in these Terms, etc.;
- 3.4.5. use the Platform for the purpose of building a similar or competitive product or service; or
- 3.4.6. use the Platform other than permitted by these Terms.
- 3.4.1. use the Platform to send, upload, collect, transmit, store, use, disclose, process or ask Precoro to obtain from third parties or perform any of the above with respect to any Customer data:
- 3.5. In case Precoro indicates or in any way discovers any activity or facts described in clause 3.4 above, it reserves the right to immediately suspend the use of a Precoro Account, whose Users were involved in said activity, without any notices and thus claim from the respective Customer any damages, penalties, fines or other payments suffered by Precoro (if any) as a result of said activity.
4. Payment Terms
Balance of the Precoro Account
- 4.1. In order to be able to pay for the Services and use them, you need to have a positive balance of funds in your Precoro Account at all times. Replenishment of the balance is done by wire transfer or a credit card payment, or any other methods which may be clearly advertised on the Website in accordance with a relevant invoice with a sum equal to the amount of said transfer.
- 4.2. Services are provided on the basis of a subscription. Invoices for the Services are issued annually. You can download your invoice or pay by credit card https://app.precoro.com/manage/company/balance.
- 4.3. All payment obligations pursuant to this Agreement shall remain in force at all times, and all payments are non-refundable except as otherwise provided in section 5 below.
- 4.4. If the balance in your Precoro Account is not enough to cover a one (1) day Services fee, it will be blocked.
- 4.5. The funds are credited in US dollars at the exchange rate indicated by Precoro according to Precoro’s accounting rules on the date of the invoice.
- 4.6. We charge you for using the Services (excluding Additional Services) by debiting your Precoro Account on a monthly basis according to your Payment Plan. You must choose your Payment Plan on the Website. Charging for Additional Services is carried out according to Article 1.1., 4.17. and 4.20. of the Terms.
- 4.7. The amount (rounded up to two (2) decimals) to be debited from your balance is calculated by using the formula:
Cost of services Precoro = ΣN*Qa*P It means
● N — Number of users with the same Qa
● Qa — % of activity in Precoro is calculated as the percentage of the number of days for which the user has been marked "Active" to the number of days in a month and rounded to an integer.
● P is the cost of the user.
- 4.8. Your Precoro Account is activated after we receive your first payment for Services and Additional Services (if ordered). Following the activation of your Precoro Account, it shall be regularly and automatically debited by Precoro in accordance with your Payment Plan and terms and conditions indicated in this document unless there is a separate agreement in writing agreeing otherwise or the Concierge Setup is used in which case fees will be charged no later than thirty (30) days from the activation date. You can follow and check your balance here https://app.precoro.com/manage/company/balance.
- 4.9. We start to charge you for using the Concierge Setup after your Precoro Account is fully set up, but in any case, no later than thirty (30) days after we have started setting up your Precoro Account.
- 4.10. When you add a User to your Precoro Account, and the number of added Users exceeds the minimum number of Users indicated in the Payment Plan, your balance will be debited based on the current number of Users you have.
- 4.11. When you add a User to your Precoro Account, and the number of added Users is less than the minimum quantity of Users indicated in the Payment Plan, your balance will be debited based on the minimum quantity of Users indicated in the Payment Plan.
- 4.12. Some Customers’ fees under certain Payment Plans may change from time to time when the initial number of Users increases. An automatic Payment Plan change is not available, and in order to request a change of fees in your Payment Plan, you need to contact our support team at [email protected] Precoro will charge your Precoro Account for the actual number of Users in case you did not request a change of fees as required.
- 4.13. If there are not enough funds in your Precoro Account balance to pay for one day of using the Services, Precoro reserves the right to suspend the access of all your Users to the Precoro Account.
- 4.14. Users with administrative rights can access information about their balance of funds and corresponding payment history in their Precoro Account as indicated below:
- 4.15. We notify Users with administrative rights about the suspension of their Precoro Accounts thirty (30), ten (10) days, and one (1) day in advance before a suspension.
- 4.16. The Customer pays applicable fees, set out in the Payment Plan, to Precoro in accordance with the payment terms set out herein and in the Payment Plan.
- 4.17. According to a Customer’s separate request, the Parties may agree upon a fee for Additional Services which are not indicated in a Payment Plan.
- 4.18. Precoro has the right to change its Payment Plan fees unilaterally. If such change is to the disadvantage of the Customer, Precoro shall notify the Customer in writing within ninety (90) days Parties in writing. The Customer has the right within thirty (30) days of such notice to terminate the affected Service in writing with effect from the date the fee increase would have entered into force. If such notice of termination is not given, the Customer is deemed to have approved new fees.
- 4.19. Precoro prepares and sends invoices of any fees that are due and payable to Customers using their contact details on file with Precoro. Unless otherwise expressly stipulated in the Payment Plan, the Customer shall pay all invoices within ten (10) calendar days of the invoice date.
- 4.20. Fees for Additional Services (if any) are indicated in a separate invoice.
- 4.21. If the Customer believes that Precoro has charged or invoiced them incorrectly, they must contact Precoro no later than thirty (30) days after having been charged, especially if the Customer has received an invoice in which an error or problem appeared, in order to receive an adjustment or credit, if applicable. In the event of a dispute, the Customer shall pay any disputed amounts in accordance with the payment terms indicated herein, and all parties included will discuss the disputed amounts in good faith in order to resolve the dispute.
- 4.22. Precoro reserves the right to suspend the Customer’s access to the Services until all due amounts are paid in full.
- 4.23. The Fees set out in these Terms do not include applicable sales, use, gross receipts, value-added, GST or HST, personal property, or any other taxes in any and all jurisdictions, and all applicable duties, tariffs, assessments, export, and import fees or similar charges (including interest and penalties imposed thereon) on the transactions contemplated in connection with these Terms, and the Customer pays, indemnifies and holds Precoro harmless from same, other than taxes based on the net income or profits of Precoro.
5. Refund Policy
- 5.1. Precoro represents and warrants to the Customer that during the Term's validity period, the functionality of the Platform and Services at the time of the Payment Plan shall not materially decrease.
- 5.2. To submit a warranty claim under this Section, the Customer shall:
- 5.2.1. reference this Section, and
- 5.2.2. submit a support request in writing asking to resolve a material decrease in functionality. If the material decrease in functionality persists without relief for more than thirty (30) days after a warranty claim has been provided to Precoro under this Section, then the Customer may receive a refund of any prepaid, unused Services' fees paid by the Customer for the unused period of any Services where the material decrease has taken place. Notwithstanding the foregoing, this warranty shall not apply to any deficiency due to any modification or defect made or caused by someone other than Precoro.
6. Our Responsibility to You
- 6.1. Subject to the Customer's compliance according to these Terms, Precoro will make the Platform available to the Customer on the terms and conditions set out in these Terms.
- 6.2. Precoro may, at its discretion and without any notice:
- 6.2.1. suspend, terminate, or limit the Customer's access to or use of the Precoro Account or the Platform or any component thereof; or
- 6.2.2. modify the Platform without notice or approval of Customers and/or Users.
- 6.3. Precoro will use commercially reasonable efforts to provide reasonable advance notice of such a suspension, termination, or limitation.
- 6.4. The data center provider of Precoro works with commercially reasonable efforts to ensure a minimum of 99.95% uptime. The providers maintain a minimum of N+1 redundancy to power, network, and HVAC services.
- 6.5. Backup and replication strategies are designed to ensure redundancy and fail-over protections during a significant processing failure. Customer data is backed up to multiple durable data stores twice a day and replicated across several data centers and availability zones.
- 6.6. Where feasible, production databases are designed to replicate data between no less than 1 primary and 1 secondary database. All databases are backed up and maintained using industry-standard methods.
- 6.7. The Precoro product is designed to ensure redundancy and seamless failover. The server instances that support the products are also architected with the goal of preventing single points of failure. This design assists Precoro operations in maintaining and updating the product applications and backend while limiting downtime.
7. Exclusion of liability
- 7.1. We will not be liable to you if you do not let us know about an incorrectly executed Service within thirty (30) days after the date of the Service.
- 7.2. We also hold no liability under these Terms if we fail to perform or incorrectly implement the Service where the reason for this was due to events outside of our control or our statutory obligations.
- 7.3. We do not assume liability for damage that is due to any unusual and unforeseeable events over which the Company has no control and whose consequences, despite exercising due care, the Company could not have avoided. This equally applies to cases in which the Company is bound by any orders under Lithuanian legislation, national, court, or administrative orders stating otherwise.
- 7.4. We do not exclude or limit in any way our liability to you where it would be unlawful to do so.
8. Intellectual Property
- 8.1. The content of the Websites as well as the Precoro software, unless noted otherwise, are intellectual property and copyrighted works of the Company. All rights, titles, and interests not expressly granted with respect to the content and the software used in the Website as well as for the provision of the Services are reserved. The “Precoro” logotype is the registered trademark, and all rights are reserved. It cannot be used by any third party unless expressly authorized in writing by the Company.
- 8.2. All rights, title, and interest in the Property will remain with Precoro and are not “sold” to the Customer. Precoro expressly reserves all rights, title, and interest in, and the Customer will not acquire any right, title, or interest to the Platform (including software or any part thereof) and any other materials or content provided by Precoro under these Terms, including any and all modifications, improvements, customizations, updates, enhancements, aggregations, compilations, derivative works, translations, adaptations and results from processing in any form or medium to any of the foregoing.
- 8.3. Precoro shall be entitled to use Customer's trademarks and brands for the purpose of promotion, advertisement, and marketing.
9. Privacy and Confidentiality
- 9.1. Your privacy is important to us. Please read the Precoro Privacy Policy as it describes the types of data we collect from you and your devices, how we use your data, and the legal grounds we have to process your data. Where the processing is based on consent and to the extent permitted by law, by agreeing to these Terms, you agree to the Company's collection, use, and disclosure of your content and data as described in the Privacy Policy. In some cases, we will provide separate notice and request your permission as referenced in the Privacy Policy. Click here for our Privacy Policy. We are entitled to amend our Privacy Policy at any time.
- 9.2. The Parties agree not to disclose any information related to the provision of the Services, Parties' activities, or Parties' corporate structure, which they became aware of during the execution of these Terms, to any third party without the prior written consent of the other Party.
- 9.3. Disclosure of information that is publicly available or has been lawfully obtained from a third party, or an information disclosure in a normal course of business to any official lawyers, auditors or consultants of the Parties, as well as an information disclosure required by the legislation of the country of the registration of any Party, is not treated as a violation of clause 8.2. of the Terms.
10. Data Portability and Deletion
10.1. Precoro is a custodian of Customer Data. During the term of using the Services and/or having an active Precoro Account, the Customer will be permitted to export or share certain Customer Data used for the provision of the Services and collaboration between Precoro and the Customer under these Terms. The Customer acknowledges and agrees that the ability to export or share Customer Data may be limited or unavailable after the Precoro Account is de-activated or Services are no longer provided to the Customer. Following the termination or expiration of any of the Services ordered or a de-activation of the Customer's Precoro Account, we will have no obligation to maintain or provide any Customer Data and may thereafter delete all Customer Data in our systems or otherwise in our possession or under our control. Customer Data is stored no longer than one year after the termination unless otherwise is not requested by any applicable laws.
11. Term, Termination
- 11.1. These Terms shall be enforced upon creating a Precoro Account and are valid for the whole period of existence of such an account unless otherwise not explicitly stated in the Payment Plan or any other instrument in writing signed by both Precoro and the Customer.
- 11.2. Precoro may terminate these Terms or exclude a Customer from it at any time by providing advance written notice of not less than thirty (30) days to the Customer.
- 11.3. The Customer may withdraw from these Terms for their own convenience by providing written notice at least thirty (30) days in advance via email at [email protected] These Terms will be terminated at the end of the applicable renewal period following such notice. The Customer has no right to withdraw from these Terms if there are any debts or financial obligations pertaining to Precoro until any such obligations or debts are settled.
- 11.4. Either Party has the right to, in addition to other remedies, suspend or terminate these Terms if one Party commits a material breach of any provision of these Terms and fails to resolve said breach or to commence corrective action reasonably acceptable to the aggrieved Party and proceed with due diligence to completion within fourteen (14) days after a receipt of a notice of such a breach.
12. Force Majeure
12.1. Neither party shall be liable for failure to perform its obligations under the Agreement if the failure results from circumstances beyond that party's reasonable control; provided, however, that in order to avail itself of the excuse from performance under this Section, the party seeking such excuse must demonstrate diligence in notifying the other party and in attempting to remedy any such supervening conditions. The time of performance of either party's obligations hereunder shall be extended by the time period reasonably necessary to overcome the effects of such circumstances, provided, however, that if such circumstances continue beyond sixty (60) days, the party awaiting performance may cancel the affected Purchase Order without being obligated to compensate the other Party.
13. Miscellaneous
- 13.1. You may not transfer or assign any rights or obligations you have under these Terms without the Company's prior written consent. The Company may transfer or assign these Terms or any right or obligation hereunder at any time.
- 13.2. The Company Services are provided “as-is” and without any representation or warranty, whether express, implied, or statutory. The Company specifically disclaims any implied warranties of title, merchantability, fitness for a particular purpose, and non-infringement.
- 13.3. Precoro may change its contact information by posting the new contact information on its Website or by advising the Customer beforehand. The Customer is solely responsible for keeping its contact information up to date with Precoro via the Platform at all times during the validity of the Terms, and this information may be treated by Precoro as official.
- 13.4. Neither party to these Terms will be liable for delays caused by any event or circumstances beyond reasonable control, including acts of government, flood, fire, earthquakes, civil unrest, acts of terror, strikes, or other labor problems (other than those involving Precoro employees), Internet service provider failures or delays, or the unavailability or modification by third parties of third-party websites/services.
- 13.5. Any provision of these Terms found by a tribunal or court of competent jurisdiction to be illegal or unenforceable will be severed from these Terms, and all other provisions of these Terms will remain in full force and effect.
- 13.6. The Customer's relationship with Precoro is that of an independent contractor, and neither Party is an agent or partner of the other. The Customer has no right to represent any third party with authority to act on behalf of Precoro.
- 13.7. The Customer will gain access to Precoro technical support twenty-four (24) hours a day from Monday to Friday via email at [email protected] or via the Precoro Website.
- 13.8. These Terms and any action related thereto will be governed by and construed in accordance with the substantive laws of the Republic of Lithuania. Should it be impossible to resolve the dispute by means of negotiations, any dispute, controversy, or claim arising out of or in connection with this Agreement, including any questions regarding its existence, validity, or terminations, shall be referred to and finally resolved by an appropriate court of the Republic of Lithuania under its rules which are deemed to be incorporated in reference to this clause.
Data Processing Agreement
Last revised:
This Data Processing Agreement and its Annexes (the “Agreement”) is an addendum to the Terms of Service (“Principal Agreement”) between the Company (or/and the “Data Processor”) and the Customer (the “Data Controller”). All capitalized terms not defined in this DPA shall have the meanings set forth in the Agreement.
I. Preamble
- 1. The Agreement sets out the rights and obligations of the Data Controller and the Company (the Data Processor), when processing personal data on behalf of the Data Controller.
- 2. The Agreement has been designed to ensure the parties’ compliance with Article 28(3) of Regulation 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and the free movement of such data and repealing Directive 95/46/EC GDPR.
- 3. In the context of the provision of Services, the Company will process personal data on behalf of the Data Controller in accordance with the Agreement.
- 4. The Agreement shall take priority over any similar provisions contained in other agreements between the parties.
II. The Rights and Obligations of the Data Controller
- 1. The Data Controller is responsible for ensuring that the processing of Personal Data takes place in compliance with the GDPR, the applicable EU or Member State data protection provisions, and the Agreement.
- 2. The Data Controller has the right and obligation to make decisions about the purposes and means of the processing of personal data.
- 3. The Data Controller shall be responsible, among others, for ensuring that the processing of personal data, which the Company is instructed to perform, has a legal basis.
III. Processing of Personal Data
- 1. Company shall:
- 1.1. comply with all applicable data protection laws in the processing of personal data; and
- 1.2. not process personal data other than on the relevant Data Controller’s documented instructions.
- 2. The Data Controller instructs Company to process personal data.
- 3. Company shall take reasonable steps to ensure the reliability of any employee, agent or contractor of any sub-processor who may have access to the Data Controller’s personal data, ensuring in each case that access is strictly limited to those individuals who need to know/access the relevant the Data Controller’ personal data, as strictly necessary for the purposes of the Principal Agreement, and to comply with applicable laws in the context of that individual’s duties to the sub-processor, ensuring that all such individuals are subject to confidentiality undertakings or professional or statutory obligations of confidentiality.
IV. Confidentiality
- 1. The Company shall only grant access to the personal data being processed on behalf of the Data Controller to persons under the Company’s authority who have committed themselves to confidentiality or are under an appropriate statutory obligation of confidentiality and only on a need-to-know basis. The list of persons to whom access has been granted shall be kept under periodic review. On the basis of this review, such access to personal data can be withdrawn if access is no longer necessary, and personal data shall consequently not be accessible anymore to those persons.
- 2. The Company shall, at the request of the Data Controller, demonstrate that the concerned persons under the Company’s authority are subject to the abovementioned confidentiality.
V. Security of Processing
- 1. Article 32 GDPR stipulates that taking into account state of the art, the costs of implementation and the nature, scope, context, and purposes of the processing, as well as the risk of varying likelihood and severity for the rights and freedoms of natural persons, the Data Controller and Company shall implement appropriate technical and organizational measures to ensure a level of security appropriate to the risk.
- 2. The Data Controller shall evaluate the risks to the rights and freedoms of natural persons inherent in the processing and implement measures to mitigate those risks.
- 3. Depending on their relevance, the measures may include the following:
- a) Pseudonymisation and encryption of personal data;
- b) the ability to ensure ongoing confidentiality, integrity, availability, and resilience of processing systems and services;
- c) the ability to restore the availability and access to personal data in a timely manner in the event of a physical or technical incident;
- d) a process for regularly testing, assessing, and evaluating the effectiveness of technical and organizational measures for ensuring the security of the processing.
- 4. According to Article 32 GDPR, the Company shall also – independently from the Data Controller – evaluate the risks to the rights and freedoms of natural persons inherent in the processing and implement measures to mitigate those risks. To this effect, the Data Controller shall provide the Company with all information necessary to identify and evaluate such risks.
- 5. Furthermore, the Company shall assist the Data Controller in ensuring compliance with the Data Controller’s obligations pursuant to Articles 32 GDPR by inter alia providing the Data Controller with information concerning the technical and organizational measures already implemented by the Company pursuant to Article 32 GDPR along with all other information necessary for the Data Controller to comply with the Data Controller’s obligation under Article 32 GDPR.
VI. Use of Sub-processors
- 1. Customer agrees that the Company may engage sub-processors to process personal data on Customer's behalf in accordance with applicable law. A current list of the Company sub-processors may be found at https://precoro.com/privacy Customer acknowledges and agrees to the engagement of the third parties listed on the sub-processor page as sub-processors in connection with the provision of the Services under this Agreement.
- 2. Where Company engages a sub-processor, Company will enter into a Data Processing Agreement with the sub-processor that imposes on the sub-processor at least the same level of protection that apply to Company under this Agreement.
- 3. If the Company engages a sub-processor in a country outside the European Economic Area that is not recognized by the European Commission as providing an adequate level of protection for personal data, then Company shall, in advance of any transfer of personal data to sub-processor, take steps to ensure that a legal mechanism to achieve adequacy in respect of that processing is in place.
- 4. Company shall provide Customer reasonable advance notice (for which email shall suffice) if it adds or removes sub-processors. Customer may object in writing to Company’s appointment of a new sub-processor on reasonable grounds relating to data protection by notifying Company promptly in writing within five (5) calendar days of receipt of Company’s notice. Such notice shall explain the reasonable grounds for the objection. In such an event, the parties shall discuss such concerns in good faith with a view to achieving a commercially reasonable resolution. If this is not possible, either party may terminate the applicable Services that cannot be provided by Company without the use of the objected-to-new sub-processor.
VII. Transfer of Data to Third Countries or International Organisations
- 1. Any transfer of personal data to third countries or international organizations by the Company shall only occur on the basis of documented instructions from the Data Controller and shall always take place in compliance with Chapter V GDPR.
- 2. In case transfers to third countries or international organizations, which the Company has not been instructed to perform by the Data Controller, is required under EU or Member State law to which the Company is subject, the Company shall inform the Data Controller of that legal requirement prior to processing unless that law prohibits such information on important grounds of public interest.
VIII. Assistance to the Data Controller
- 1. Taking into account the nature of the processing, the Company shall assist the data controller by appropriate technical and organizational measures, insofar as this is possible, in the fulfillment of the Data Controller’s obligations to respond to requests for exercising the data subject’s rights laid down in Chapter III GDPR.
- a) the right to be informed when collecting personal data from the data subject
- b) the right to be informed when personal data have not been obtained from the data subject
- c) the right of access by the data subject
- d) the right to rectification
- e) the right to erasure (‘the right to be forgotten’)
- f) the right to restriction of processing
- g) notification obligation regarding rectification or erasure of personal data or restriction of processing
- h) the right to data portability
- i) the right to object
- j) the right not to be subject to a decision based solely on automated processing, including profiling.
IX. Notification of Personal Data Breach
- 1. The Company shall notify the Data Controller without undue delay upon Company becoming aware of a personal data breach affecting the Data Controller's personal data, providing the Data Controller with sufficient information to allow the Data Controller to meet any obligations to report or inform data subjects of the personal data breach under the data protection laws.
- 2. The Company shall co-operate with the Data Controller and take reasonable commercial steps as directed by the Data Controller to assist in the investigation, mitigation, and remediation of each such personal data breach.
X. Erasure and Return of Data
1. Subject to this section X, the Company shall promptly and in any event, within 10 business days of the date of cessation of any Services involving the processing of the Data Controller's personal data (the “Cessation Date”), delete and procure the deletion of all copies of those the Data Controller personal data.
XI. Audit and Inspection
- 1. Subject to this section XI, Company shall make available to the Data Controller on request all information necessary to demonstrate compliance with this Agreement and shall allow for and contribute to audits, including inspections, by the Data Controller or an auditor mandated by the Data Controller in relation to the processing of the Data Controller personal data by the sub-processors.
- 2. The Company shall be required to provide the supervisory authorities, which pursuant to applicable legislation have access to the Data Controller’s and the Company’s facilities, or representatives acting on behalf of such supervisory authorities, with access to the Company’s physical facilities on presentation of appropriate identification.
XII. The Parties' Agreement on Other Terms
1. The parties may agree on other clauses concerning the provision of the personal data processing service specifying e.g., liability, as long as they do not contradict directly or indirectly the Agreement or prejudice the fundamental rights or freedoms of the data subject and the protection afforded by the GDPR.
XIII. General Terms
- 1. Notices. All notices and communications given under this Agreement must be in writing and will be delivered personally, sent by post, or sent by email to the address or email address set out in the heading of this Agreement at such other address as notified from time to time by the parties changing address.
- 2. Governing Law and Jurisdiction. This Agreement is governed by the laws of The Republic of Lithuania.
- 3. Any dispute arising in connection with this Agreement, which the parties will not be able to resolve amicably, will be submitted to the exclusive jurisdiction of the courts of the Republic of Lithuania.