Please read these general terms & conditions (the “General Terms & Conditions” or the “Terms”) carefully before accepting. This is a binding document, and these Terms are an integral part of the Agreement.
This General Terms & Conditions regulates the terms of the use of the platform (the “Platform”) including the software embedded (the “Software”) developed by REMUNER, S.L. («We», “Us”, “Remuner” or the «Company») that shall be provided to you (the “Client” or “You” and, together with Remuner, the “Parties”), subject to the terms and conditions detailed below.
Capitalized terms not specifically defined in these Terms shall have the same meaning attributed to them in the Order signed by the Parties.
You warrant and represent that you are entering into these Terms on behalf of the Client and that you have full authority to bind the Client to these Terms.
By using this Software, You acknowledge that You have read and agree to be bound by these Terms, including our Privacy Policy and Cookies Policy which are hereby incorporated by reference. If You do not want to agree to these Terms, You must immediately cease accessing and using the Platform.
Title I: Introduction and use of the Platform
1. Introduction
1.1. The purpose of these Terms is to set forth the general terms and conditions governing the non-exclusive, personal and non-transferable use of the Platform provided by Us directly to the Client or indirectly by any other Company’s wearable technology.
2. Use of Platform and accessibility
2.1. The main object of the Platform’s functionality is to select the relevant information provided by You through several means (CRM, ERP, Excel Sheet, emails, telephone, video calls, emails and other) and process it in order to identify, analyze and calculate relevant information that shall be usable for you.
2.2. The information provided by You will be subject to an automated analysis and calculation process that incorporates Artificial Intelligence (“AI”) components, developed by Us, in order to provide information that you need.
2.3. You are responsible for obtaining and maintaining all connectivity, computer or mobile software, hardware and other devices or equipment needed for access to the Platform and use of the Software and all charges related to the same.
2.4. If You infringe these Terms, your access to the Platform may be terminated immediately and without previous notice.
2.5. Access to the Platform and use of the Software may not be legal by certain persons or in certain countries. You shall be the one responsible for compliance with the laws that You may be subject to. The Company therefore disclaims all liability for access by You in jurisdictions where the access to the Platform or use of the Software could be contrary to the rules or regulations. Certain products and services may not be available or authorized in all jurisdictions or for all persons. Furthermore, the Company does not guarantee that the access to the Platform and Software complies, totally or partially, with the legislations of your country.
3. Platform content and availability
3.1. You acknowledge and agree these Terms only grant You a right to access and use the Platform online and do not grant you any rights over the Platform, or to demand any copy thereof; and that We may use or authorize third parties to use the Platform. Nothing in these Terms shall be construed as limiting in any way the Company’s right to market, distribute, offer or promote the Software or the Platform, directly or through third parties.
3.2. Due to the successive developments of the Software and the services provided by the Platform, We may use, reformat, develop, standardize, update, integrate or upgrade the functionalities of the Software, so as to improve the general functioning of the Platform for any of its users.
3.3. We do not guarantee that the Platform and its content will always be available or be interrupted. We will not be liable if for any reason all or any part of the Platform is unavailable at any time or for any period. From time to time, We may restrict access to some parts of the Platform, or the entire Platform.
3.4 All changes are effective upon posting and apply to all access to and use of the Platform thereafter. You are expected to check the Platform periodically, so You are aware of changes and current Terms because they are binding on You. If You do not agree to the modified Terms, You should discontinue your access and use of the Platform. Your continued use and access to the Platform following any modification to this Terms shall be deemed an acceptance of all modifications.
Title II: Account and access and restrictions
4. Registration and user’s profile and account
4.1. In order to access to the Platform and any of the functionalities of the Software, We will require You to sign up in the Platform and create a profile and account (the “Account”) protected by a password by providing Us certain information, if applicable, which will always be treated according to these Terms.
Once You sign up and provide Us with the information requested in the registration process, We will analyse such information and, in particular, validate that You are the owner of the information provided. Once this information has been validated, the Account will be created, and We will provide You with a temporary username and password that You will need to change the first time You access the Account.
Such Account shall not be transferable and its access information strictly confidential and, hence, You are fully responsible of the activity occurring under your Account (including, among others, the management, custody, security and correct use of the access credentials) and We shall not be liable for any loss or damages that You may suffer as a result of someone else using your Account and/or accessing or using your content. Likewise, You shall be liable to any losses or damages caused under the use of your Account, regardless if it is being used by a third party. To maintain control over your Account You must take precautionary measures to prevent anyone from accessing your Account, such as maintaining control over the devices that You use to access your Account or not revealing your password. You are responsible for updating and maintaining the accuracy of the information You provide to Us relating your Account. You agree to notify Us immediately the email address detailed in clause 15 below if You discover any unauthorized use of your Account or login credentials.
4.2. We may permit You to register for and log on to the Platform via certain third-party services. The third party’s collection, use, and disclosure of your information will be subject to that third-party service’s privacy notice.
4.3. You expressly authorize Us to access your Account for the purpose of helping You manage your Account and use of the Platform. Notwithstanding the foregoing, You may deny such access by sending Remuner an express communication in accordance with clause 15 below, requesting Remuner not to access your Account for these purposes.
4.4. Remuner will be free (during and after the expiration or termination of the Terms or the Services), without obligation to You, to collect, develop, create, extract, compile, synthesize, analyze, use, and/or commercialize, or share with third parties, Aggregated Data for any purpose.
4.5. Remuner may need access to Your Systems Credentials. If You agree to reveal to Remuner Your Credentials, You shall provide Credentials with sufficient permissions via a secure Enterprise Password Management System for Remuner Representatives to configure Subscription Services. Upon providing Your Credentials to Remuner, You grant Remuner permission to access Your accounts to perform the actions mutually agreed. You acknowledge and agree there are risks in giving Remuner access to Credentials, including but not limited to damage, loss, or destruction to Your hardware, software, files, data (including Customer Process Data and Customer Data), or environments (technical, network, systems, servers, or computer), which may occur during, or because of, having access to Credentials. You acknowledge and agree that (a) Section 12 (Indemnification) on General Terms and Conditions does not apply to Claims involving Your Credentials.
4.6. If We detect an identity theft or other fraudulent activity in your Account or any breach of the Agreement, including these Terms, We can place your Account on hold in order to protect You, Us or our partners, and We will notify You about it, by sending a notification to the email provided . When We send You such notification your Account may be suspended, including disabling login and sending capabilities, to protect the security and privacy of the data held within the Account, among others, until the dispute or breach is properly resolved.
5. Access and use restrictions
5. 1. The access to the Platform and use of the Software shall be restricted to the stated purpose. Accordingly, You shall not access to the Platform or the use of the Software or otherwise distribute any Content : (i) in any way that implies a breach of this Agreement, including these Terms; (ii) in any way that violates any applicable law or regulation, including uploading or submitting content or information that encourages conducts that may result in civil liability or otherwise violate or breach any applicable laws, regulations or code of practice, including any violation or infringement of intellectual or industrial property rights of any person; (iii) in any way that could damage the functioning of the Platform or our servers or any networks connected to any of our servers in any manner; (iv) for any commercial or for-profit purposes not previously authorized by Us; (v) to upload files that contain viruses or similar software programs with the aim to damage another person’s computer or system or otherwise jeopardize the integrity of the Platform;
5.2 You will be responsible for the information provided to Us during the use of the same. By providing such information, You authorize the Company to use this information to comply with these Terms, for the operation of the Platform and You will be responsible for ensuring that the information is correct, accurate and duly updated at all times.
5.3. Furthermore, You should not infringe on the intellectual property rights of others, including patent, trademark, trade secret, or other proprietary rights. You are also not allowed to encourage or induce others to violate intellectual property rights.
5.4. You also agree, represent, and warrant to Us that: (i) You will clearly post, maintain, and abide by a publicly accessible privacy notice on the digital properties from which the underlying data is collected that (a) satisfies the requirements of applicable data protection laws, and (b) describes your use of the Platform; (ii) You will get and maintain all necessary permissions and valid consents required to lawfully transfer data to Us and to enable such data to be lawfully collected, processed, and shared by Remuner for the purposes of providing the Platform or as otherwise directed by You; (iii) You should not use automated systems or software to extract data from the Platform for commercial or non-commercial purposes (Screen Scraping) unless You have previously concluded a written license agreement with Us for this purpose.
5.5. You will be responsible for collecting the data directly from your customer, complying with the obligation to inform and ensuring that there is a lawful basis for the processing carried out on the Platform.
Title III: Fees and payment conditions
6. Fees and payment terms
6.1. The initial fees applied to You will be the ones detailed in the separate order form subscribed between You and Us (“Order Form).
6.2. According to such Order Form, when You create an Account in our Platform, You agree to recurring billing by Us, under the conditions stablished in such Order Form.
7. Refunds
7.1. You will not be entitled to a refund or credit from Us under any circumstance. However, We may, at our sole discretion, offer a refund, discount or credit, which shall be expressly agreed and included in the corresponding Order Form.
8. Taxes
8.1. “Tax” or “Taxes” means all applicable taxes, including but not limited to indirect taxes such as goods and services tax (“GST”), value added tax (“VAT”), sales tax, fees, duties, levies, or other similar taxes. Unless otherwise stated in the Order Form, any consideration, amount payable, fees, payment terms and/or any other amounts are exclusive of Taxes. In the event that any amount payable by You to Us is subject to Taxes, We shall collect the full amount of those Taxes from you and said collection shall not reduce or somehow impact the amount to which We are entitled.
You will reimburse and indemnify Us for any Taxes, interest, and penalties that We may be compelled to pay on account of your non-payment. You must pay any applicable Taxes. In the event that any payments and/or amount payable by You to Us is subject to (i) any withholding or similar tax; (ii) any Taxes not collected by Us; or (iii) any other Taxes or other government levy of whatever nature, the full amount of that tax or levy shall be solely your responsibility and shall not reduce the amount to which We are entitled under the Agreement. You will indemnify and hold Us harmless against any and all claims by any competent tax authority related to any such withholding or similar taxes and any penalties and/or interest thereon.
Title IV: Term, termination and effects
9. Term
9.1. Once signed the Order Form, the term of such Order Form, including these Terms, will begin (the “Term”). The Term will continue for as long as you have an Account or until You or We terminate the Order Form in accordance with these Terms, whichever happens first.
10. Termination
10.1. You or Remuner may terminate the Agreement at any time and for any reason. These Terms may be terminated for any of the termination reasons included in the Order Form by either of the Parties. We may suspend the Platform access to You at any time, with or without cause. We will not refund or reimburse You in any situation. Once your Account is terminated, You acknowledge and agree that We may permanently delete your Account and all the data associated with it.
10.2. Furthermore, to the fullest extent permitted by applicable law, the Company reserves the right, without notice and in our sole discretion, to terminate your license to access to the Platform and the Platform and to block or prevent your future access to and use of the Software or the Platform, including where we reasonably consider that: (a) your use of the Software or the Platform violates these Terms or applicable law; (b) You fraudulently use or misuse the Software or the Platform; (c) breach of any obligations of the Order Form by You; or (d) We are unable to continue providing the Platform to you due to technical or legitimate business reasons. To the fullest extent permitted by applicable law, your only remedy with respect to any dissatisfaction with: (i) the Platform, (ii) any term of these Terms, (iii) any policy or practice of the Company in operating the Platform, or (iv) any content or information transmitted through the Platform, is to terminate your Account and to discontinue use of any and all parts of the Software or the Platform.
10.3. We also may suspend or terminate your access to the Platform if We determine, in our sole discretion, that You are either: (i) an organization that has publicly stated or acknowledged that its goals, objectives, positions, or founding tenets include statements or principles that could be reasonably perceived to advocate, encourage, or sponsor Hateful Content or A Threat of Physical Harm; or (iii) a organization that has acted in such a way as could be reasonably perceived to support, condone, encourage, or represent Hateful Content or A Threat of Physical Harm.
For the purpose of these Terms a (i) “Threat of Physical Harm” means any statement, photograph, advertisement, or other Content that in our sole judgment could be reasonably perceived to threaten, advocate, or incite physical harm to or violence against others; and (ii) “Hateful Content” means any statement, image, photograph, advertisement, or other Content that in our sole judgment could be reasonably perceived to harm, threaten, promote the harassment of, promote the intimidation of, promote the abuse of, or promote discrimination against others based solely on race, ethnicity, national origin, sexual orientation, gender, gender identity, religious affiliation, age, disability, disease, or immigration status.
10.4. Termination shall be without prejudice to the rights and obligations of the Parties prior to the effective date of such termination. In case of termination of the Order Form or these Terms, (i) obligations, covenants and undertakings of the Parties hereunder which in nature should survive the termination shall continue in force; (ii) the Client shall immediately pay any unpaid amount accrued to Us before the termination of the Order Form and unpaid; and (ii) termination of the Order Form shall not entitle the Client to claim any damages or other compensation, including, without limitation, customer compensation and/or goodwill obtained during the Term.
Title V: Limitations of warranties and indemnifications
11. Limitations of warranties
11.1. You acknowledge and agree that the Platform and all information, products and services provided through it are provided on an «as is» and «as available» basis, and We expressly disclaim all express or implied warranties of all kinds, including but not limited to the implied warranties of accuracy, validity reliability, availability, suitability or completeness of any information, content or data provided through the Platform and, therefore, in no event, We will be liable, whether in contract or tort, for any claim, loss, damage, liability, cost or expense of any kind, whether direct or indirect (including damages for loss of business, revenues, profits, data, use, goodwill or other intangible losses) or any other damages of any kind related to You caused from the access or use of the Platform or relying on the content of the Platform.
11.2. Likewise, We make no warranty that the Platform will meet your requirements, be safe, secure, uninterrupted, timely, accurate, or error-free, or that your information will be secure.
11.3. We are not responsible for the content, data, or actions of third parties or agencies, linked websites, or other users or clients of the Platform, including third-party applications, products, or services for use in connection with the Platform, including its relevant privacy, security or integrity and therefore, You release Us, our directors, officers, employees, and agents from any claims and damages, known and unknown, arising out of or in any way connected with any claim You have against any such third parties. No advice or information, whether oral or written, obtained by You from Us or through or from our services creates any warranty not expressly stated in these Terms.
11.4. You acknowledge that the Platform does not replace the responsibilities derived from the management of your ERP, CRM, Other relevant system, which shall in any case be in compliance with the applicable data protection regulation.
11.5. Any material downloaded or otherwise obtained through the Platform, the Software, or the server that makes it available, is done at your own discretion and risk, and You will be solely responsible for any damage to your computer system or loss of data that results from the download of any such material, as We cannot guarantee that they are free of viruses, worms, trojan horses or other harmful components. You agree that We have no responsibility or liability for the deletion of, or the failure to store or to transmit, any content or communication maintained in the Platform or the Software.
11.6. For the avoidance of doubt, in no instance will We or our team or employees or collaborators or shareholders or directors be liable for any losses or damages You suffer if You use the Platform and the Software in violation of these Terms, regardless of whether we terminate or suspend your Account due to such violation.
11.7. In any case, in the event of proven liability on the part of the Company, the aggregate liability of the Company whether in contract, warranty, tort (including negligence, whether active, passive, or imputed), product liability, strict liability, or other theory, arising out of or relating to the use of or inability to use the Platform shall not exceed the amount paid by You to Us, if any, for accessing the Platform during the last month immediately preceding the date of the claim or one hundred (100) euros, whichever is lower. To the extent that applicable law prohibits limitation of such liability, the Company shall limit its liability to the full extent allowed by applicable law. No action or proceeding shall be brought against the Company more than one (1) year after the date on which the alleged facts occurred or were discovered.
12. Indemnification
12.1. To the fullest extent permitted by applicable law, You will indemnify, defend and hold Us harmless and our respective past, present and future employees, officers, directors, contractors, consultants, suppliers, vendors, service providers, parent companies, subsidiaries, affiliates, agents, representatives, predecessors, successors and assigns from and against all claims, damages, liabilities, losses, costs and expenses (including attorneys’ fees) that arise from or related to: (i) Your access to the Platform and use of the Software, including, but not limited to, services other than as expressly authorized in these Terms; (ii) violation of these Terms or of the applicable law by You; (iii) gathering of information of the final users in violation of the data protection regulation; (iv) use of information from the Platform by You; or (v) any misrepresentation made by You.
12.2. We reserve the right to take over the exclusive defense of any claim for which We may be entitled to indemnification under these Terms. In such event, You shall provide Us with such documentation and cooperation as is reasonably requested in order to carry out the abovementioned actions.
13. Equitable Relief and Subpoena Fees
13.1. Your violation of these Terms may cause irreparable harm to Us, our directors, officers, employees, agents and collaborators. Therefore, We have the right to seek injunctive relief or other equitable relief if you violate these Terms (meaning we may request a court order to stop You).
13.2. If We have to provide information in response to a subpoena, court order, or other legal, governmental, or regulatory inquiry related to your account, then We may charge You for our costs. These fees may include attorney and employee time spent retrieving the records, preparing documents, and participating in a deposition.
Title VI: Intellectual property rights and data protection
14. Intellectual property rights, use of logo and trade mark
14.1. Our IP Rights: We or our licensors, when applicable, shall retain all right, title and interest to the Platform and the Software and any content information, material, code and technology that is part of the Platform and any other right, document or material arising from the access to the Platform and use of our Software, including without limitation, all copyrights, software, patents, trademarks, navigation architecture, databases, services, graphics, videos and other content and/or visual components that make up the app other intellectual property rights, logos, icons, user interfaces, scripts, videos, text, images, sounds, music, videos and artwork (“Our IP”).
14.2. Except with our express written permission or as permitted by applicable laws, You may not (in whole or in part) copy, distribute, reproduce, adapt, store, transmit, decrypt, print, display, commercialize, perform, publish or create derivative works, offer for sale or use (except as explicitly authorized in these Terms) any part of Our IP. No rights are granted to you except as expressly set forth in these Terms.
14.3. You also agree not to: circumvent, remove, alter, deactivate, degrade or thwart any of the content protections in the Platform; use any robot, spider, scraper or other automated means to access the Platform; decompile, reverse engineer or disassemble any software or other products or processes accessible through the Platform or the service; insert any code or product or manipulate the content of the Platform in any way; or use any data mining, data gathering or extraction method. In addition, you agree not to upload, post, e-mail or otherwise send or transmit any material designed to interrupt, destroy or limit the functionality of any computer software or hardware or telecommunications equipment associated with the Platform, including any software viruses or any other computer code, files or programs.
14.4. In order to allow Us to carry out an effective control and defense Our IP, You expressly authorize Us to collect information about your use of the Platform, about the equipment in which the Platform is used, the connection times, the data of the connected devices, as well as any other data that is relevant to verify the effective access of the Platform and use of the Software. Hence, You expressly authorize Us to use the information collected during the use of the Platform as effective evidence of the use of the same in any type of cause and procedure, of any nature, whether against You or against any third party.
14.5. Your Content: You shall retain all right, title, and interest in and to the material, content, data, and information (including your personal information and the personal information of others) to which Remuner retrieves or accesses at your direction or with your permission (collectively, “Your Content”). Subject to these Terms, you grant us permission to use or disclose Your Content (including any personal information therein) only as necessary for the Platform to perform its functions and/or as otherwise permitted by these Terms. You represent and warrant that: (i) You own or have otherwise obtained all necessary rights, releases, and permissions to submit all Your Content to the Platform for the use of the Software and to grant the rights granted to us in these Terms and (ii) Your Content and its submission and use as you authorize in these Terms will not violate (a) any applicable law, (b) any third-party intellectual property, privacy, publicity, or other rights, or (c) any of your or third-party policies or terms governing Your Content.
If We believe You are breaching security, other’s intellectual property rights, these Terms (or other applicable terms) or our Privacy Policy, We may suspend your access to the Platform and use of the Software and your account, if any.
14.6. You grant Remuner the non-exclusive right to use your logo and trade name, so that we may include it in our portfolio of projects, publish it in the client section of our website, or other marketing materials related to Remuner.
15. Data protection
15.1. In accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and Organic Law 3/2018 of 5 December on the Protection of Personal Data and guarantee of digital rights, Remuner informs You that it will be the data controller of their personal data of the signing Parties of the Terms, which will be processed for the following purposes: (a) to execute and maintain these Terms and Conditions, manage, develop, and administer the contractual relationship; and (b) to comply with the legal obligations arising from this relationship. The legitimacy of the data processing is based on the established contractual relationship, Remuner’s legitimate interest in processing contact data, and compliance with applicable legal obligations. Personal data may be retained until the termination of the relationship, and once terminated, the data will be blocked for the legally required period for the fulfilment of legal obligations and responsibilities. The data may be communicated to competent public administrations, agencies, and authorities. Data subjects may exercise their rights of access, rectification, opposition, restriction, erasure, portability, and to not be subject to automated decisions by contacting Us Through the notification channels indicated in Clause 17 of these Terms. You may also file a complaint with the Supervisory Authority, especially when they have not obtained satisfaction in the exercise of their rights.
15.2. It is necessary for Remuner to process third-party personal data on behalf of the Client in order to perform correctly the Platform. The processing of this personal data is provided under the responsibility of the Client and carried out on behalf and for the same. For this purpose, the Client shall act as the controller of the personal data and We shall act as the processor. In compliance with the applicable data protection regulation, the processing of the personal data of the Client by Remuner shall be governed by the clauses of the Data Processing Agreement (“DPA”) attached as Annex I to these This Agreement.
16. Third-party content
16.1. In the case that the Platform contains or receives an action, information, content, material, data, opinion, advertisement, promotion, logo or any link to any websites, software, mobile app, wearable technology or any other third-party content (collectively, the “Third-Party Content”), We hereby inform You that We are not responsible for such Third-Party Content, or any changes or updates to them. The Third-Party Content may provide their own terms and conditions of use, privacy policies and cookies policies that apply to You and your use of such Third-Party Content is not governed in any manner by these Terms.
16.2. We may display Third-Party Content, which is deemed appropriate and reliable to You. However, as We cannot control all Third-Party Content included, We make no representations or warranties of any kind regarding such Third-Party Content, and We accept no responsibility for any loss or damage which might arise from the use of such Third-Party Content. Accordingly, your use of or interactions with any Third-Party Content, and any third party that provides Third-Party Content, are solely between You and such third parties and, therefore, if You decide to access to such Third-parties Content, You do so entirely at your own risk and subject to the terms and conditions of use for such Third-Party Content.
Title VII: Notices, miscellaneous and applicable law and jurisdiction
17. Notices
17.1. Notifications: All notices, notifications, consents and other communications required or permitted under this Agreement shall be made in writing and English. In particular, all notices, notifications, consents and other communications shall be sent to the following address:
The Company:
Identity: REMUNER, SL
NIF: B72494099
Adress: Numancia 185, 3-1ª,
08204-Barcelona, Spain
E-mail: legal@remuner.com
Client: email or physical address detailed in the Order. You will be deemed to have received all communications sent to that address even if the address is no longer current.
The Parties may change the addresses stated in this Agreement or, communicating them to the other Parties, in writing and in the form indicated in the paragraphs above.
17.2. Notification of Security Incident: If We become aware of a security incident related to our systems or databases that contain personal information of You or your contacts, We will notify You if required by law. In that event, We will also provide You with information about that incident so that You can evaluate the consequences to You and any legal or regulatory requirements that may apply to You, unless we are prevented from doing so by legal, security or confidentiality obligations. Notifying You of a security incident or cooperating with You to respond to one will not be deemed an acknowledgement or assumption of any liability or fault of Remuner for such incident.
18. Miscellaneous
18.1. Assignment: You shall not assign or transfer your rights or obligations under these Terms, in whole or in part, to any third party without the prior express written consent of the Company. The Company may assign its rights and obligations under these Terms without the consent of the Client.
18.2. Modifications: We may modify, add or remove portions of these Terms, at any time. We will notify You before any changes. In particular, the Company reserves the right to update and change the Terms by sending a notification through email to You. You are advised to check these Terms from time to time for any updates or changes that may impact. If You do not agree to the modified Terms, You should discontinue your access the Platform and use of the Software. Your continued use and access to the Platform and use of the Software following any modification to these Terms shall be deemed an acceptance of all modifications.
18.3. Force Majeure: The Company shall not be liable by reason of any failure or delay in the performance of its obligations hereunder for any cause beyond the reasonable control of the Company, including but not limited to electrical outages, failure of Internet service providers, default due to Internet disruption (including without limitation denial of service attacks), riots, insurrection, acts of terrorism, war (or similar), fires, flood, pandemics, earthquakes, explosions, and any other similar disaster.
18.4. Entire Agreement: The complete Terms (including the Privacy Policy and the Cookies Policies) contain the entire understanding between We and You with respect to the access of the Platform and use of the Software and supersedes all prior written and oral agreements and understandings relating to this matter, which shall have no further force or effect from the date hereof.
If any provision of these Terms is determined to be invalid or unenforceable in whole or in part, for any present or future reason, such invalidity or unenforceability shall not affect the enforceability of any of the remaining provisions hereof. These Terms shall be construed in such a way as if such invalid or unenforceable provisions had never been contained herein. For those purposes, the Terms shall no longer be valid exclusively with respect to the null or invalid provision, and none of the remaining parts or provision of these Terms shall be null, invalid, prejudiced or affected by such nullity or invalidity.
19. Governing law and jurisdiction
19.1. These Terms. Including the Privacy Policy and Cookies Policy and your access to, and use of the Platform and the Software shall be governed by and construed exclusively in accordance with the laws of Spain, without giving effect to any choice or conflict of law provision or rule.
19.2. Any and all dispute, controversy, issue or claim arising out of the performance or interpretation of these Terms, including the Privacy Policy and Cookies Policy, or related, directly or indirectly, to the access of the Platform and use of the Software, and/or the provision of content and/or technology on or through the Platform and the Software shall be settled by the Courts of the city of Barcelona.
Annex I
Data Processing Agreement
REMUNER SL (as Service Provider)
This Data Processing Agreement («DPA«) forms part of the main agreement governing access to and use of the Remuner Platform («Principal Agreement«) entered into between (i) the customer of the REMUNER Platform («Company«), acting in its own name and on behalf of each Affiliate of the Entity; and (ii) REMUNER , SL («Vendor » or «REMUNER«) acting on its own behalf and as agent for each Vendor Affiliate
By signing the Agreement, Vendor enters into this DPA on behalf of itself and, to the extent required under applicable Data Protection Laws, in the name and on behalf of any authorized Subprocessor.
In the course of providing the Services to the Company pursuant to the Agreement, the Vendor may process Personal Data on behalf of the Company and the Parties agree to comply with the following provisions with respect to any Personal Data, each acting reasonably and in good faith.
The terms used in this DPA shall have the meanings set forth in this DPA. Capitalized terms not otherwise defined herein shall have the meaning given to them in the Principal Agreement. Except as modified below, the terms of the Principal Agreement shall remain in full force and effect.
In consideration of the mutual obligations set out herein, the parties hereby agree that the terms and conditions set out below shall be added as an DPA to the Principal Agreement. Except where the context requires otherwise, references in this DPA to the Principal Agreement are to the Principal Agreement as amended by, and including, this DPA.
1. OBJECT
1.1. The present DPA regulates the terms and conditions that will apply to the treatment of Personal Data that Vendor may have access by virtue of the Services.
1.2. For the purposes of the present DPA, terms shall have the meanings set out in Annex 1.2.
2. PROCESSING OBJECTIVES
2.1. Vendor undertakes to process personal data on behalf of the Company in accordance with the conditions laid down in this Data Processing Agreement. The processing will be executed exclusively within the framework of the Agreement, and for all such purposes as may be agreed to subsequently.
2.2. Vendor shall refrain from making use of the personal data fo any purpose other than as specified by the Company. The Company will inform Vendor of any such purposes which are not contemplated in this Data Processing Agreement.
2.3. All personal data processed on behalf of the Company shall remain the property of the Company and/or the relevant Data subjects.
2.4. Vendor shall take no unilateral decisions regarding the processing of the personal data for other purposes, including decisions regarding the provision thereof to third parties and the storage duration of the data.
2.5. Annex 2.5 to this DPA sets out certain information regarding the Contracted Processors’ Processing of the Company Personal Data as required by article 28(3) of the GDPR (and, possibly, equivalent requirements of other Data Protection Laws). Company may make reasonable amendments to Annex 2.5 by written notice to Vendor from time to time as Company reasonably considers necessary to meet those requirements. Nothing in Annex 2.5 confers any right or imposes any obligation on any party to this DPA.
3. VENDOR’S OBLIGATIONS
3.1. Vendor shall warrant compliance with the applicable laws and regulations, including laws and regulations governing the protection of personal data.
3.2. Vendor shall furnish the Company promptly on request with details regarding the measures it has adopted to comply with its obligations under this DPA.
3.3 Vendor’s obligations arising under the terms of this DPA apply also to whomsoever processes Company Personal Data under the Vendor’s instructions.
4. VENDOR AND VENDOR AFFILIATE PERSONNEL
4.1. Vendor and each Vendor Affiliate shall take reasonable steps to ensure the reliability of any employee, agent or contractor of any Contracted Processor who may have access to the Company Personal Data, ensuring in each case that access is strictly limited to those individuals who need to know or access the relevant Company Personal Data, as strictly necessary for the purposes of the Principal Agreement, and to comply with Applicable Laws in the context of that individual’s duties to the Contracted Processor, ensuring that all such individuals are subject to confidentiality undertakings or professional or statutory obligations of confidentiality.
5. SECURITY
5.1. Taking into account the state of the art, the costs of implementation and the nature, scope, context and purposes of Processing as well as the risk of varying likelihood and severity for the rights and freedoms of natural persons, Vendor and each Vendor Affiliate shall implement appropriate technical and organizational measures to protect the Data (i) from accidental or unlawful destruction, and (ii) loss, alteration, unauthorized disclosure of, or access to the Data (a «Security Incident»). At a minimum, such measures shall include the security measures identified in Annex 5.1
5.2. In assessing the appropriate level of security, Vendor and each Vendor Affiliate shall take account in particular of the risks that are presented by Processing, in particular from a Personal Data Breach.
5.3. Security incidents: Upon becoming aware of a Security Incident, Vendor shall inform the Company without undue delay (and, where feasible, not later than within 48 hours) and shall provide all such timely information and cooperation as The Company may require in order for the Company to fulfil its data breach reporting obligations under (and in accordance with the timescales required by) Applicable Data Protection Law.
5.4. Vendor shall further take all such measures and actions as are necessary to remedy or mitigate the effects of the Security Incident and shall keep the Company of all developments in connection with the Security Incident. Vendor shall not notify any third parties of a Security Incident affecting the Data unless and to the extent that: (a) the Company has agreed to such notification (such agreement not to be unreasonably withheld, conditioned or delayed), and/or (b) notification is required to be made by the Vendor under Applicable Data Protection Law.
6. SUBPROCESSING
6.1. Each Company Group Member authorizes Vendor and each Vendor Affiliate to appoint (and permit each Subprocessor appointed in accordance with this section 6 to appoint) Subprocessors in accordance with this section 6 and any restrictions in the Principal Agreement.
6.2. Vendor and each Vendor Affiliate may continue to use those Subprocessors already engaged by Vendor or any Vendor Affiliate as at the date of this DPA, subject to Vendor and each Vendor Affiliate in each case as soon as practicable meeting the obligations set out in section 6.4. A list of approved subprocessors as of the date of this DPA is attached hereto as Annex 6.2.
6.3. Vendor shall give Company prior written notice of the appointment of any new Subprocessor, including full details of the Processing to be undertaken by the Subprocessor. If, within 30 days of receipt of that notice, Company notifies Vendor in writing of any objections (on reasonable grounds) to the proposed appointment, neither Vendor nor any Vendor Affiliate shall appoint (or disclose any Company Personal Data to) that proposed Subprocessor until necessarily and reasonable steps have been taken to address the objections raised by any Company Group Member and Company has been provided with a reasonable written explanation of the steps taken.
6.4. With respect to each Subprocessor, Vendor or the relevant Vendor Affiliate shall:
6.4.1. Before the Subprocessor first Processes Company Personal Data (or, where relevant, in accordance with section 6.2), carry out adequate due diligence to ensure that the Subprocessor is capable of providing the level of protection for Company Personal Data required by the Principal Agreement.
6.4.2. Ensure that the arrangement between on the one hand (a) Vendor, or (b) the relevant Vendor Affiliate, or (c) the relevant intermediate Subprocessor; and on the other hand, the Subprocessor, is governed by a written contract including terms which offer at leas the same level of protection for Company Personal Data as those set out in this DPA and meet the requirements of article 28(3) of the GDPR.
6.4.3. If that arrangement involves a Restricted Transfer, ensure that the Standard Contractual Clauses are at all relevant times incorporated into the agreement between on the one hand (a) Vendor, or (b) the relevant Vendor Affiliate, or (c) the relevant intermediate Subprocessor; and on the other hand the Subprocessor, or before the Subprocessor first Processes Company Personal Data procure that it enters into an agreement incorporating the Standard Contractual Clauses with the relevant Company Group Member(s) (and Company shall procure that each Company Affiliate party to any such Standard Contractual Clauses co-operates with their population and execution).
6.4.4. Provide to Company for review such copies of the Contracted Processors’ agreements with Subprocessors (which may be redacted to remove confidential commercial information not relevant to the requirements of this DPA) as Company may request from time to time.
6.5. Vendor and each Vendor Affiliate shall ensure that each Subprocessor performs the obligations under this DPA, as they apply to Processing of Company Personal Data carried out by that Subprocessor, as if it were party to this DPA in place of Vendor.
7. DATA SUBJECT RIGHTS
7.1. Taking into account the nature of the Processing, Vendor and each Vendor Affiliate shall assist each Company Group Member by implementing appropriate technical and organizational measures, insofar as this is possible, for the fulfilment of the Company Group Members’ obligations, as reasonably understood by Company, to respond to requests to exercise Data Subject rights under the Data Protection Laws.
7.2. Vendor shall:
7.2.1. Promptly notify Company if any Contracted Processor receives a request from a Data Subject under any Data Protection Law in respect of Company Personal Data.
7.2.2. Ensure that the Contracted Processor does not respond to that request except on the documented instructions of Company or the relevant Company Affiliate or as required by Applicable Laws to which the Contracted Processor is subject, in which case Vendor shall to the extent permitted by Applicable Laws inform Company of that legal requirement before the Contracted Processor responds to the request.
8. PERSONAL DATA BREACH
8.1. Vendor shall notify Company without undue delay upon Vendor or any Subprocessor becoming aware of a Personal Data Breach affecting Company Personal Data, providing Company with sufficient information to allow each Company Group Member to meet any obligations to report or inform Data Subjects of the Personal Data Breach under the Data Protection Laws.
8.2. Vendor shall co-operate with Company and each Company Group Member and take such reasonable commercial steps as are directed by Company to assist in the investigation, mitigation and remediation of each such Personal Data Breach.
9. DATA PROTECTION IMPACT ASSESSMENT AND PRIOR CONSULTATION
9.1. Vendor and each Vendor Affiliate shall provide reasonable assistance to each Company Group Member with any data protection impact assessments, and prior consultations with Supervising Authorities or other competent data privacy authorities, which Company reasonably considers to be required of any Company Group Member by article 35 or 36 of the GDPR or equivalent provisions of any other Data Protection Law, in each case solely in relation to Processing of Company Personal Data by, and taking into account the nature of the Processing and information available to, the Contracted Processors.
10. DELETION OR RETURN OF COMPANY PERSONAL DATA
10.1. Upon termination or expiry of the Agreement, Vendor shall (at Company’s election) destroy or return to Company all Company Personal Data (including all copies of the Data) in its possession or control (including any data subcontracted to a third party for processing). This requirement shall not apply to the extent that Vendor is required by any applicable law to retain some or all of the Data, in which event Vendor shall isolate and protect the Data from any further processing except to the extent required by such law.
10.2. Upon request by Company, Vendor shall provide a written certification that it has complied with the requirements of this Section signed by an officer of Vendor.
11. AUDIT RIGHTS
11.1. Either following a security incident suffered by Vendor, or upon the instruction of a data protection authority, Vendor shall permit the Company (or its appointed third party auditors) to audit Vendor’s compliance with this DPA, and shall make available to the Company all information, systems and staff necessary for the Company (or its third party auditors) to conduct such audit. Vendor acknowledges that the Company (or its third-party auditors) may enter its premises for the purposes of conducting this audit, provided that the Company gives it reasonable prior notice of its intention to audit, conducts its audit during normal business hours, and takes all reasonable measures to prevent unnecessary disruption to Vendor’s operations. Such audit will be subject to any confidentiality terms agreed between the parties.
12. RESTRICTED TRANSFERS
12.1. Each Company Group Member (as «data exporter») and each Contracted Processor, as appropriate, (as «data importer») hereby enter into the Standard Contractual Clauses in respect of any Restricted Transfer from that Company Group Member to that Contracted Processor.
12.2. The Standard Contractual Clauses shall come into effect on the later of:
12.2.1 The data exporter becoming a party to them.
12.2.2 The data importer becoming a party to them.
12.2.3 Commencement of the relevant Restricted Transfer.
12.3. Section 12.1 shall not apply to a Restricted Transfer unless its effect, together with other reasonably practicable compliance steps (which, for the avoidance of doubt, do not include obtaining consents from Data Subjects), is to allow the relevant Restricted Transfer to take place without breach of applicable Data Protection Law.
12.4. Vendor warrants and represents that, before the commencement of any Restricted Transfer to a Subprocessor which is not a Vendor Affiliate, Vendor’s or the relevant Vendor Affiliate’s entry into the Standard Contractual Clauses, and agreement to variations to those Standard Contractual Clauses, as agent for and on behalf of that Subprocessor will have been duly and effectively authorized (or subsequently ratified) by that Subprocessor.
13. GENERAL TERMS
13.1. Order of precedence
13.1.1. Nothing in this DPA reduces Vendor’s or any Vendor Affiliate’s obligations under the Principal Agreement in relation to the protection of Personal Data or permits Vendor or any Vendor Affiliate to Process (or permit the Processing of) Personal Data in a manner which is prohibited by the Principal Agreement. In the event of any conflict or inconsistency between this DPA and the Standard Contractual Clauses, the Standard Contractual Clauses shall prevail.
13.1.2. Subject to section 13.2, with regard to the subject matter of this DPA, in the event of inconsistencies between the provisions of this DPA and any other agreements between the parties, including the Principal Agreement and including (except where explicitly agreed otherwise in writing, signed on behalf of the parties) agreements entered into or purported to be entered into after the date of this DPA, the provisions of this DPA shall prevail.
13.2. Severance
13.2.1. Should any provision of this DPA be invalid or unenforceable, then the remainder of this DPA shall remain valid and in force. The invalid or unenforceable provision shall be either (i) amended as necessary to ensure its validity and enforceability, while preserving the parties’ intentions as closely as possible or, if this is not possible, (ii) construed in a manner as if the invalid or unenforceable part had never been contained therein.
IN WITNESS WHEREOF, this DPA is entered into and becomes a binding part of the Principal Agreement with effect from the date first set out above.
REMUNER, S.L.
Signature _____________________________
Name ________________________________
Title _________________________________
Date Signed ____________________________
Company
Signature _____________________________
Name ________________________________
Title _________________________________
Date Signed ____________________________
ANNEX 1.2: DEFINITIONS
In this DPA, the following terms shall have the meanings set out below and cognate terms shall be construed accordingly:
1. «Applicable Laws» means (a) European Union or Member State laws with respect to any Company Personal Data in respect of which any Company Group Member is subject to EU Data Protection Laws; and (b) any other applicable law with respect to any Company Personal Data in respect of which any Company Group Member is subject to any other Data Protection Laws;
2. «Company Affiliate» means an entity that owns or controls, is owned or controlled by or is or under common control or ownership with Company, where control is defined as the possession, directly or indirectly, of the power to direct or cause the direction of the management and policies of an entity, whether through ownership of voting securities, by contract or otherwise;
3. «Company Group Member» means Company or any Company Affiliate;
4. «Company Personal Data» means any Personal Data Processed by a Contracted Processor on behalf of a Company Group Member pursuant to or in connection with the Principal Agreement;
5. «Contracted Processor» means Vendor or a Subprocessor;
6. «Data Protection Laws» means EU Data Protection Laws and, to the extent applicable, the data protection or privacy laws of any other country;
7. «EEA» means the European Economic Area;
8. «EU Data Protection Laws» means EU Directive 95/46/EC, as transposed into domestic legislation of each Member State and as amended, replaced or superseded from time to time, including by the GDPR and laws implementing or supplementing the GDPR;
9.»GDPR» means EU General Data Protection Regulation 2016/679;
10. «Restricted Transfer» means:
(i) a transfer of Company Personal Data from any Company Group Member to a Contracted Processor; or
(ii) an onward transfer of Company Personal Data from a Contracted Processor to a Contracted Processor, or between two establishments of a Contracted Processor
In each case, where such transfer would be prohibited by Data Protection Laws (or by the terms of data transfer agreements put in place to address the data transfer restrictions of Data Protection Laws) in the absence of (i) the Standard Contractual Clauses, or (ii) a self-certification to the Privacy Shield (to be maintained for so long as Vendor processes the Company Personal Data), assuming that the scope of such self-certification covers all Company Personal Data that Vendor processes under the Agreement and this DPA, and Vendor agrees to comply with the Privacy Shield Principles when processing any such Company Personal Data.
11. «Services» means the services and other activities to be supplied to or carried out by or on behalf of Vendor for Company Group Members pursuant to the Principal Agreement;
12. «Standard Contractual Clauses» means the contractual clauses adopted or approved by the Commission (accessible here Standard Contractual Clauses) as amended from time to time, or by a supervisory authority in accordance with Articles 28.7 and 28.8 of the GDPR;
13. «Subprocessor» means any person (including any third party and any Vendor Affiliate, but excluding an employee of Vendor or any of its sub-contractors) appointed by or on behalf of Vendor or any Vendor Affiliate to Process Personal Data on behalf of any Company Group Member in connection with the Principal Agreement; and
14. «Vendor Affiliate» means an entity that owns or controls, is owned or controlled by or is or under common control or ownership with Vendor, where control is defined as the possession, directly or indirectly, of the power to direct or cause the direction of the management and policies of an entity, whether through ownership of voting securities, by contract or otherwise.
The terms, «Commission«, «Controller«, «Data Subject«, «Member State«, «Personal Data«, «Personal Data Breach«, «Processing» and «Supervisory Authority» shall have the same meaning as in the GDPR, and their cognate terms shall be construed accordingly.
The word «include» shall be construed to mean include without limitation, and cognate terms shall be construed accordingly.
ANNEX 2.5: DETAILS OF PROCESSING OF COMPANY PERSONAL DATA
This Annex 2.5 includes certain details of the Processing of Company Personal Data as required by Article 28(3) GDPR.
Subject matter and duration of the Processing of Company Personal Data
The subject matter and duration of the Processing of the Company Personal Data are set out in the Principal Agreement and this DPA.
The nature and purpose of the Processing of Company Personal Data
The Vendor might has access to the data in systems, computer or documentary support of the Company, all with the purpose of providing the services detailed in the Principal Agreement.
The types of Company Personal Data to be Processed
It is possible that the Vendor has access to information circulating in the Company systems or collects information associated with personal data whose files are owned by the Company. The extent of which is determined and controlled by the Company in its sole discretion, and which may include, but is not limited to the following categories of Personal Data:
- Name and last name
- Postal address
- Telephone
- Identification number
- Device Data
The categories of Data Subject to whom the Company Personal Data relates
Company may submit Personal Data to the Vendor, the extent of which is determined and controlled by the Company in its sole discretion, and which may include, but is not limited to, Personal Data relating to the following categories of data subjects:
- Prospects, customers, business partners and vendors of the Company (who are natural persons)
- Employees or contact persons of the Company prospects, customers, business partners and vendors.
- Employees, agents, advisors, freelancers of the Company (who are natural persons)
- Company Users authorized by the Company to use the Services
The obligations and rights of Company and Company Affiliates
The obligations and rights of Company and Company Affiliates are set out in the Principal Agreement and this DPA.
ANNEX 5.1
Description of the technical and organizational security measures to be implemented by the Supplier
1. Information Security Program (ISP)
Supplier will maintain an ISP designed to (a) help the Company secure Personal Data against accidental or unlawful loss, access or disclosure, (b) identify reasonably foreseeable and internal risks to security and unauthorized access to the Supplier Network (defined below), and (c) minimize security risks, including through risk assessment and regular testing. Supplier will appoint an employee to be accountable for the ISP.
The ISP will include the following measures:
1.1. Network Security
The Supplier Network will be accessible to employees, contractors and any other person as required to provide the data processing services. Supplier will maintain access controls and policies to manage access to the Supplier Network from each network connection and user, including the use of authentication controls, firewalls or Intrusion Detection systems. Supplier will maintain security incident response plans to handle potential security incidents.
1.2 Physical Security
Physical components of the Supplier Network are housed in facilities (“Facilities”) controlled by an ISO 27001 certified company (i.e. Amazon Web Services) or in Facilities which meet or exceed all of the following physical security requirements:
(i) Physical Access Controls. Physical barrier controls are used to prevent unauthorized entrance to the Facilities both at the perimeter and at building access points. Passage through the physical barriers at the Facilities requires either electronic access control validation (e.g., card access systems, etc.) or validation by human security personnel (e.g., contract or in-house security guard service, receptionist, etc.). Employees and contractors are assigned photo-ID badges that must be worn while the employees and contractors are at any of the Facilities. Visitors are required to sign-in with designated personnel, must show appropriate identification, are assigned a visitor ID badge that must be worn while the visitor is at any of the Facilities, and are continually escorted by authorized employees or contractors while visiting the Facilities.
(ii) Limited Employee and Contractor Access. Supplier provides access to the Facilities to those employees and contractors who have a legitimate business need for such access privileges. When an employee or contractor no longer has a business need for the access privileges assigned to him/her, the access privileges are promptly revoked, even if the employee or contractor continues to be an employee of Supplier or its affiliates.
(iii) Physical Security Protections. All access points (except for main entry doors) are maintained in a locked state. Access points to the Facilities are monitored by video surveillance cameras designed to record all individuals accessing the Facilities. Supplier also maintains electronic intrusion detection systems designed to detect unauthorized access to the Facilities, including monitoring points of vulnerability (e.g., primary entry doors, emergency egress doors, roof hatches, dock bay doors, etc.) with door contacts, glass breakage devices, interior motion-detection, or other devices designed to detect individuals attempting to gain access to the Facilities. All physical access to the Facilities by employees and contractors is logged and routinely audited.
1.3. Personal Data Security. Controls for the Protection of Personal Data.
Supplier will maintain appropriate technical and organizational measures for protection of the security (including protection against unauthorized or unlawful Processing and against accidental or unlawful destruction, loss or alteration or damage, unauthorized disclosure of, or access to, Personal Data), confidentiality and integrity of Personal Data appropriate to the risk, including inter alia as appropriate: (i) the pseudonymisation and encryption of personal data; (ii) the ability to ensure the ongoing confidentiality, integrity, availability and resilience of processing systems and services; (iii) the ability to restore the availability and access to personal data in a timely manner in the event of a physical or technical incident; (iv) a process for regularly testing, assessing and evaluating the effectiveness of technical and organizational measures for ensuring the security of the processing. Supplier regularly monitors compliance with these measures. Supplier will not materially decrease the overall security of the data processing services during a subscription term.
1.4. Business Continuity and Disaster Recovery
Supplier will maintain a Business Continuity and Disaster Recovery plan based on risk. Recovery plan are tested at least annually to guarantee that full recovery us possible to meet expected SLA’s.
1.5. Employee security
Supplier will have signed confidentiality agreements with the employees and contractors. For positions with access to personal information, backgrounds checks are also performed. Also, all employees and contractors will have a common way to report incidents approved by the organization and they will undergo at least an annual security awareness training.
2. Ongoing Evaluation
Supplier must reassess and update their security policies on a periodic basis. Changes must be documented and employ change controls.
ANNEX 6.2
LIST OF AUTHORIZED SUBPROCESSORS
A) Legal entity: Amazon Web Services EMEA, SARL.
Registered address: 38 Avenue John F. Kennedy, L-1855 Luxembourg, R.C.S Luxemburgo: B186284
Business activity: Cloud computing services
Servers: Paris
Purpose of the engagement: Use of data servers in Paris for storage purposes.