TERMS AND CONDITIONS OF PROVISION OF CONFER-O-MATIC SERVICES
- These Terms and Conditions provide for the legal relationships between Confer-O-Matic s.r.o., a company with its registered office at Na Harfě 916/9a, Vysočany, 190 00 Prague 9, Id. No.: 096 88 552, registered in the Commercial Register kept by the Municipal Court in Prague under File No. C 340477, as the Provider, and the User, arising in the provision of the Services to the User.
- These Terms and Conditions form an integral part of the Service Agreement and any other agreements concluded between the Provider and the User in connection with the provision of the Services.
- Event means an event organised by the User for Participants through the Virtual World (including, but not limited to, conferences, workshops, celebrations or other social gatherings). The Event shall be specifically defined between the Parties in the Agreement in accordance with the procedure under Art. 3.2.
- Copyright Act means Act No. 121/2000 Coll., the Copyright Act, as amended.
- Civil Code means Act No. 89/2012 Coll., the Civil Code, as amended.
- Terms and Conditions mean these Terms and Conditions.
- Services mean, in particular, granting access to the Virtual World for the purposes of hosting the Event and providing support within the Event. The basic content of the Services is defined in individual quotation delivered to the User with these Terms & Conditions. Furthermore, the Services may include additional adaptation of the Virtual World to the User (beyond the scope of adaptation included in the Services basic content) or creation of a Virtual World tailored for the User and provision of other related services intended for hosting the Event and use of the Virtual World by the User and his/her/its Participants. The Parties may agree on additional contents of the Services beyond the scope of the basic content pursuant to this paragraph through the procedure specified in Art. 3.2.
- Agreement means the Service Agreement entered into by and between the Provider and the User; in singular, a Party means any of them.
- Participant means any person allowed by the User to participate in the Event.
- User means any natural person operating a business or a legal person who enters into the Service Agreement with the Provider. These Terms and Conditions are not intended for consumers.
- Defect means a situation where the Services do not correspond to the agreed or usual properties and parameters.
- Virtual World means a part of the user interface displayed to the User and the Participants through the Application that serves for hosting the Event. The basic description of the Virtual World and its functions is available here: [insert a link to the basic description]. The Virtual World, including its functions, can be tailored to the User’s needs.
3. Execution of the Agreement
- The User acknowledges that on the Provider’s website and in all other communication channels, through which the Provider promotes and offers the Services to the public, the Services are described as a standard model. The specific contents and scope of the Services depend on the needs of a specific User and the Event that the User wishes to host with the Provider’s assistance, and, therefore, shall be agreed between the Parties in the Agreement in accordance with the procedure pursuant to Art. 3.2.
- The Parties shall agree, in particular, on the following:
- the Event for which the Services are to be provided;
- additional contents of the Services beyond the scope of the basic content in the sense of Art. 2.8, or any modifications of the basic content of the Services or a specific manner of provision of a certain Service if this is necessary in view of its nature;
- price of the Services;
- the period of provision of the Services, including the deadline for provision of the individual Services, especially, the date of the Event, the deadline for making the Virtual World accessible, and the deadline for the creation/modification of the Virtual World tailored to the User’s requirements.
- The Agreement is deemed concluded at the time when, for both parties, a person authorised to act on behalf of the relevant Party explicitly and in writing agrees with the contents of the Agreement, including, but not limited to, subparagraphs (i) to (iv) specified above in this paragraph. For the purposes of this paragraph, written consent also means the form of electronic communication with a simple electronic signature; however, in case of any doubt, the Provider reserves the right to require a higher form of electronic signature or some other means of communication chosen by the Provider for the purpose hereof to ensure a higher degree of trust. In case of doubt, the Provider reserves the right to request that a person acting on behalf of the User document the authorisation to act on behalf of the User (especially if a person other than the User’s governing body acts on behalf of the User).
4. Provision of Services
- Services the provision of which consists in enabling the use of software (especially the provision of the access to the Virtual World) are provided in the software-as-a-service regime. The Provider shall send a link enabling download or otherwise provide the User with the Application which serves for access to the Virtual World and further use of the Services related in its nature to the use of the Virtual World. The User shall subsequently, either on his/her/its own or in co-operation with the Provider, provide the Application for download to the Participants.
- Access by the User and Participants to the Virtual World requires on-line access via the Internet and is possible only through the Application, and the User (or several persons acting or using the Services on behalf of the User) and each Participant are provided with a separate access protected by name and password.
- Any Services other than those consisting in providing access to the Virtual World or Services unrelated to the use of the Virtual World shall be provided according to the nature thereof. Support within the Event, if included in the Services, shall be provided under the terms and conditions stipulated in Art. 7.2. If any part of the Services requires a specific manner of provision of the Service, the Parties shall agree in the Agreement on the manner of provision of the Service according to the procedure pursuant to Art. 3.2.
- The persons responsible for the project on the part of the Provider and the User shall communicate regarding the provision of the Services. The Parties shall provide each other with the names and contact details of such persons when negotiating the Agreement. In case of a change, the Parties shall notify each other of the change without undue delay. Each Party shall ensure that such a person is authorised to act on its behalf to the extent necessary to attain the purpose of this provision.
- The Provider is not liable for any malfunction of the Services that is not caused by the Provider’s fault, including, but not limited to, malfunction caused by outages of third-party services that are integrated into the Provider’s Services (including outages of the signal and connectivity services necessary for the provision of the Services), power outages, data network outages, and other malfunctions caused by third parties or force majeure events. However, the Provider is obliged to use its best efforts to ensure that the Services are functioning again as soon as possible.
- The User acknowledges that the Virtual World may not be available at all times, especially outside the time of the Event. The Provider shall provide the User with access to the Virtual World outside the time of the Event to the extent necessary for full and proper provision of the Services, including the User’s legitimate needs for viewing and testing the Virtual World, sufficiently in advance before the Event.
- The User agrees that the Provider may also provide the Services through third parties.
- The User acknowledges and agrees that the Services will be provided in a condition (especially in view of the version and functionalities) as of the time of execution of the Agreement. Nevertheless, the Provider may unilaterally decide to provide the User with a higher version of the Services (after implementation of software updates, addition of functionalities, etc.); however, this may not limit or disrupt the contents of the Services agreed between the Parties or limit the functionalities that the Services comprised at the time of execution of the Agreement.
5. Rights and obligations of the User
- The User agrees to use the Services only to the agreed extent and in a manner that is not at variance with the generally binding legal regulations.
- The User is obliged to check the functionality of the Services without undue delay after they are provided.
- The User agrees to use the Services only through the Application or in some other manner determined by the Provider.
- The User represents and agrees that the User shall:
- not attempt to obtain unauthorised access to the Services, the Provider’s servers or the Application;
- not prevent access by other persons to the Services or provide the access to the Services to third parties who are not authorised to access them;
- not misuse, block, modify or copy any part of the Services or attempt to disrupt the stability, operation or data of the Services;
- respect the rights of the Provider and third parties during the use of the Services, especially in disposing of objects of intellectual property rights.
- If the User breaches the obligations under this Article of the Terms and Conditions, the User agrees to compensate the Provider for any damage thus incurred to the full extent.
6. User’s content
- The User is responsible for any and all information, materials, works (including copyrighted works) or any other data that the User provides to the Provider for use for the purpose of provision of the Services or which the User uses during the use of the Services (in particular, any data that the User discloses in the Virtual World and makes accessible to third parties or otherwise disseminates through the Virtual World in any way). The rights to this content continue to belong to the User; this shall in no way prejudice the Provider’s licences pursuant to Art. 6.4 and 6.5. The Provider is not liable for any defective content of such data and is not obliged to check the content thereof or actively seek circumstances indicating unlawful content.
- The User agrees not to use, within the use of the Services, any contents that could contain a virus or other software that could destroy, damage or limit the functionality of the Services in relation to the Provider or other users, as well as contents that are illegal, defamatory, pornographic, discriminating, hateful or otherwise objectionable and against good morals, or contents that unlawfully infringe on the copyright or other third-party rights or are associated with criminal activities. The Provider reserves the right to delete the contents at variance with this provision without prior notice or otherwise remove them from the Virtual World or any other platform enabling the placement of content to be used in connection with the provision of the Services or hosting the Event.
- IN THE EVENT OF BREACH OF THE USER’S OBLIGATIONS PURSUANT TO ART. 6.2, THE USER AGREES TO INDEMNIFY THE PROVIDER IN THE SENSE OF SECTION 2890 ET SEQ OF THE CIVIL CODE AND TO PAY TO THE PROVIDER A PECUNIARY AMOUNT EQUAL TO ANY HARM TO THE PROVIDER’S ASSETS INCURRED AS A RESULT OF THIRD-PARTY CLAIMS OR PENALTIES AND RECEIVABLES OF PUBLIC AUTHORITIES, ALL THE ABOVE ARISING IN CONNECTION WITH BREACH OF THE USER’S OBLIGATIONS PURSUANT TO ART. 6.2, INCLUDING PURPOSEFULLY EXPENDED COSTS OF LEGAL DEFENCE AGAINST THIRD-PARTY CLAIMS AND PENALTIES OR RECEIVABLES OF PUBLIC AUTHORITIES.
- If the User provides the Provider with any work protected by intellectual property rights for the purposes of provision of the Services (including, but not limited to, User’s logo, etc.), the User grants to the Provider a licence to the extent necessary for the use thereof for the purpose of provision of the Services, especially for the purpose of placement in the Virtual World and other use in connection with the Event.
- Furthermore, the User grants to the Provider an authorisation (licence) to use the User’s business name and other name used in business relations or other communication with the public, including the associated logo, and authorisation (licence) to use the description of the Event for the purpose of promoting the Provider’s activities, including, but not limited to, for use as a reference that the Provider provided its services to the User and as a reference to the Event. The Provider may modify the logo and description of the Event appropriately for the purposes of use pursuant to the preceding sentence (including translation and combination with other works) and use the thus-modified version thereof. The licence provided by the User to the Provider pursuant to this paragraph shall be irrevocable, non-cancellable and without any limitation in terms of territorial scope, quantity or any other limitation, without any entitlement to a fee, and it shall be granted for the period until the end of the Event and 5 years thereafter.
- The User represents that he/she/it is entitled to grant to the Provider the authorisation to use pursuant to Art. 6.4 and that the use of the objects of intellectual property rights by the Provider in accordance with these provisions will not result in any infringement of third-party rights or any other violation of legal regulations.
7. Customer support, servicing, co-operation of the User in resolving defects
- The User is obliged to notify the Provider of any Defect without undue delay after the Defect is ascertained.
- If the support is agreed as part of the Services, any Defect or any other request for support shall be notified through persons responsible for the project on the part of the Provider and the User pursuant to Art. 4.4.
- The User acknowledges that the customer is available during the Event and on business days from 9:00 a.m. to 3:00 p.m.
- The Provider shall use its best efforts to remedy the Defect without undue delay after it has been notified in accordance with this Article hereof ; however, if a Defect is reported outside the time of availability of the customer support specified in the preceding paragraph, the time of notification of the Defect shall be the first moment after the notification when the customer support is again available pursuant to the preceding paragraph.
- The Defect shall be deemed remedied once the Provider:
- restores functionality of a non-functioning Service or restores full functionality of the Service; or
- localises and notifies the User of the cause of the Defect in case of a Defect for which the Provider is not liable, or any other Defect the remedy of which has not been agreed as part of the Services; or
- provides the User with instructions for use of the Service until the final remedy of the Defect so that the Defect does not manifest itself or that its impact on the User is limited as much as possible.
- The following shall not be deemed a Defect:
- non-existence of a Service feature that has not been agreed between the Parties within negotiations on the contents and scope of the Services;
- a Defect of the Service arising as a result of unauthorised interference with or use of the Service by the User or third parties (especially the Participants);
- malfunction of the User’s data network, malfunction of the transmission data network (public communication networks, content delivery network, etc., including any part thereof), malfunction of the User’s hardware, unavailability of the User’s data arising due to the User’s failure to back up such data, defects of the User’s other software equipment and defects caused by third-party interference with other software equipment of the User;
- other defects for which the Provider is not liable within the meaning of Art. 4.4.
- If the User makes an unauthorised notification of a Defect of the Services (i.e. if it is ascertained that the Defect did not exist or that the Defect occurred as a result of circumstances for which the Provider is not liable, including circumstances on the part of the User), the Provider may request that the User pay the costs associated with the assessment and resolution of the Defect.
- The User agrees to provide the necessary co-operation on request of the Provider or a person authorised by the Provider in remedying any Defects and other malfunctions or in performing modifications of the Services provided to the User.
- The User agrees to provide the Provider with the necessary co-operation to assess and resolve any Defects and any other malfunctions.
8. Licence arrangements
- The User acknowledges and agrees that the Services are operated and provided by the Provider in the “SaaS” form (software as a service). Therefore, the User does not purchase or otherwise acquire the ownership title to the actual software provided within the Service, but rather uses such software by remote access to the Provider’s servers through the Application (for the purposes of this Article, the software and the Application are hereinafter also referred to as the “Subject of the Licence”).
- The User acknowledges that the Provider owns all the rights of use and property rights (or the right to exercise property rights) and other intellectual property rights to the Subject of the Licence. Therefore, the User is obliged to use the Services and the Subject of the Licence only within the scope of the Licence granted.
- In addition to access to the Subject of the Licence, the Provider shall also provide for the operation of the Subject of the Licence under the terms and conditions stipulated below.
- By entering into the Agreement, the Provider grants the User a non-exclusive authorisation to exercise the right to use the Subject of the Licence (hereinafter the “Licence”) within the meaning of Section 2358 et seq. of the Civil Code and pursuant to the Copyright Act.
- The Licence is granted under the following conditions:
- The Licence is limited in time to the term of the obligations under the Agreement (i.e. for the period for which the User ordered the Service or Services).
- The User is allowed to use a reproduction of the Subject of the Licence created on the Provider’s servers. In particular, the User is thus allowed to use the reproduction of the Subject of the Licence that is necessary to install and save the Subject of the Licence into the memory of the computer – server, as well as for displaying, operation and transmission on the Internet. The User may exercise the authorisation pursuant to the preceding sentence exclusively through the Provider on servers specified by the Provider and through the Application. Furthermore, the User is allowed to use the reproduction of the Application (as a specific part of the Subject of the Licence) on his/her/its local disk.
- The Licence is intended solely for the purposes of proper use of the Subject of the Licence within the meaning of the Agreement and these Terms and Conditions and in accordance with the purpose of the Subject of the Licence; proper use does not include, without limitation, any change, modification, publication, downloading or distribution of the Subject of the Licence, use of the Subject of the Licence through automatic processes or robots, reproduction of the Subject of the Licence for the purpose of its dissemination, disclosure or provision of the Subject of the Licence to third parties, lease or lending of the Subject of the Licence, unless the Provider grants the User express written consent to this effect. This does not apply to the provision of the Application to Participants with a view to participating in the Event.
- The licence is granted without any territorial limitation.
- If the Agreement stipulates a limitation of the number of persons using the Services on behalf of the User and/or limitation of the number of Participants, the Licence shall be limited to this number of persons.
- The User may not grant a sub-licence to the Licence to a third party or assign the Licence to a third party without the Provider’s prior written consent.
- The Licence also applies to any and all modifications, updates, improvements or other modifications of the Subject of the Licence and Services performed by the Provider and made available to the User. This shall in no way prejudice Art. 4.8.
- The User is not entitled to receive the source code of the software that forms the Subject of the Licence, nor to inspect, change, modify, decompile or otherwise interfere with the source code in any way. The User may not create, obtain or reproduce any copies of the Subject of the Licence and Services; in particular, the User may not obtain the source code in any way. The User may not incorporate the Subject of the Licence into any other software equipment without the Provider’s prior written consent. The User may not circumvent, remove or limit the mechanisms used to protect the Provider’s rights and any information regarding the copyrights to the Subject of the Licence.
- The fee for the provision of the Licence is included in the price paid by the User for the Services within the meaning of Article 10.
- Breach of any of the User’s obligations stipulated in this Article shall be deemed a material breach of the Agreement.
- The Parties are obliged to maintain confidentiality of all information concerning business secrets of the other Party and also information concerning the business activities of the other Party vis-à-vis any third party. This obligation shall survive termination of the contractual relationship established by the Agreement.
- Information on business activities means any and all information of business, accounting, financial, strategic, marketing and technical nature of which the other Party learns in connection with exercising of the rights and performance of the obligations under the Agreement or under these Terms and Conditions, unless such information is generally available in the relevant business circles.
10. Price of the Services and manner of payment
- The price of the Services will be agreed in the Agreement in accordance with the procedure specified in Art. 3.2.
- If stipulated by the generally binding legal regulations, VAT or other similar tax will be added to the Provider’s fee.
- The tax receipt (invoice) shall be issued by the Provider to the User and sent in an electronic form to the User’s electronic address. The User shall pay the price of the Services on the basis of the payment details specified in the relevant invoice. Unless agreed otherwise, the invoice will be payable within 14 days of its delivery to the User.
- Unless agreed otherwise, the Provider may issue an invoice for the price of the Services after the execution of the Agreement. This shall not apply to invoices subject to billing pursuant to the following paragraph.
- If the price for any part of the Services is agreed as dependent on the time spent on work or some other parameter (unit price), the Provider shall send a statement of work to the User together with the invoice or some other suitable form of billing. The Provider may issue an invoice and account for the unit price only after it provides the relevant part of the Services for which the unit price has been agreed.
- Unless the Parties expressly agree otherwise through the procedure under Art. 3.2, the Provider is not obliged to provide the Services or any part thereof to the User before the price of the Services is paid in full, except for the price of the part of the Services for which a unit price is agreed, depending on the billing within the meaning of Art. 10.5.
- The time when the relevant amount is credited to the Provider’s bank account shall be deemed to be the time of payment of the price of the Services.
- In the event of the User’s delay in payment of the price of the Services (or any part thereof), the Provider is entitled to default interest in the amount of 0.05% of the outstanding amount per day for each, even incomplete, day of delay.
11. Period of provision of the Services
- The Services shall be provided as long as the obligations under the Agreement exist (i.e. for the period for which the User has ordered the Service or Services). The deadlines for provision of the individual Services, especially, the date of the Event, the deadline for making the Virtual World accessible, and the deadline for the creation/modification of the Virtual World tailored to the Users will be agreed in the Agreement through the procedure under Art. 3.2.
- Unless agreed otherwise, the Agreement is concluded for a fixed term until all Services are provided.
12. Termination of the Agreement
- The Agreement may be terminated on the basis of written agreement of the Parties.
- The User may withdraw from the Agreement in the event of material breach of the Agreement or the Terms and Conditions by the Provider. Material breach includes, in particular:
- the Provider’s delay in the provision of the Services or any part thereof exceeding thirty (30) days;
- breach of the confidentiality obligation under Article 9.
- The Provider may withdraw from the Agreement in the event of material breach of the Agreement or the Terms and Conditions by the User. Material breach includes, in particular:
- the User’s delay in payment of the price of the Services exceeding thirty (30) days;
- breach of obligations under Articles 5, 6 and 8;
- breach of the confidentiality obligation under Article 9.
- The withdrawal will not have retrospective effects. The User is obliged to pay to the Provider a proportional part of the price for the Services or part of the Services already provided. However, if the Provider withdraws from the Agreement on the grounds of breach of the User’s obligations under Art. 12.2 less than 7 days before the commencement of the Event, the User is obliged to pay to the Provider the full price of the Services; this shall in no way prejudice the Provider’s right to compensation for damage.
13. Liability for damage
- The Parties disapply Section 2952 of the Civil Code. The Provider is not liable for indirect damage incurred as a result of provision of the Services, i.e. especially for lost profits, loss of sales, loss of data, financial or indirect, extraordinary or consequential damage.
- By executing the Agreement, the User acknowledges that even if the Provider exerts its best efforts, a short-term unavailability of the Service, which may be caused by circumstances beyond the Provider’s control, cannot be excluded.
14. Processing of personal data and use of anonymous data
- The User hereby agrees that the Provider may request anonymised data processed in the Application, including, but not limited to, the Participants’ data, for the purposes of evaluating the manner of use of the Application and the Virtual World by the Participants and the development of the Application. The Provider may request further anonymised data from the User only with the User’s prior express consent. The Parties acknowledge that the User may authorise the Provider to perform the anonymisation of personal data processed in the Application.
15. Final provisions
- The User’s rights arising from the Agreement and these Terms and Conditions may not be assigned to any third party without the Provider’s prior written consent.
- Should any provision of these Terms and Conditions become or be deemed invalid or unenforceable, this shall not prejudice the validity and enforceability of the other provisions hereof. In that case, the Parties are obliged to use all efforts to enter into an amendment to the Agreement replacing the invalid or unenforceable provision by a new provision that corresponds to the original intention.
- The Parties agree that in case of any disputes concerning the obligations following from or legal relationships arising in connection with these Terms and Conditions and the Agreement, they shall exert reasonable efforts to resolve such disputes by mutual agreement.
- The Parties agree that the relationships following from these Terms and Conditions and the Agreement and the legal relationships arising in connection therewith (including obligations to compensate damage or surrender unjust enrichment) will be governed by the laws of the Czech Republic (except for conflict-of-law rules of private international law).
- Any disputes concerning the obligations under these Terms and Conditions and the Agreement or obligations related to the legal relationships arising in connection therewith (including obligations to compensate damage or surrender unjust enrichment) will be resolved by the Czech courts having local jurisdiction according to the Provider’s registered office. The competence of other courts is not permissible.
to the Terms and Conditions of Provision of Confer-O-Matic Services
- In relation to the provision of the Service to the User, the Provider will be able to handle personal data of natural persons acting (on behalf of the User? – trans.) and using the Services and personal data of the Participants. Personal data will be processed within the meaning of the Personal Data Processing Act and the GDPR. In relation to personal data processing, the Provider shall act as the Processor. The User shall act as the Controller.
- Audit means an audit of legal compliance of Personal Data processing and an audit of the security of Personal Data.
- Further Processor means another processor within the meaning of Art. 28 (2) of the GDPR.
- GDPR means Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation).
- Controller means a controller within the meaning of Art. 4 (7) of the GDPR.
- Personal Data Processing Act means Act No. 110/2019 Coll., on personal data processing.
- Processor means a processor within the meaning of Art. 4 (8) of the GDPR.
- The Processor agrees to process Personal Data for the Controller within the scope, for the purposes, for the period and in the manners specified in Article 4 hereof, in accordance with documented instructions of the Controller issued pursuant to Art. 4.5 hereof.
4. Personal Data processing
- Type of Personal Data:
- Other (excluding special categories of Personal Data)
- Categories of Personal Data:
- identification details
- contact details
- identification details of devices (IP address)
- login details
- information on the Event
- information on the Participant’s conduct at a conference
Categories of data subjects to whom the Personal Data pertains
- Type of Personal Data
- Other (excluding special categories of Personal Data)
- Categories of Personal Data:
- identification details
- contact details
- login details
- information on the position or function within the Event
Categories of data subjects to whom the Personal Data pertains
Persons acting and using the Services on behalf of the User (e.g. employees)
- Type of Personal Data:
- performance of the Agreement consisting in the provision of the Service, including proper functioning of the Application for the Users and the Participants, communication with both Parties, as well as any evaluation of the use of the Application by the Participants for the User’s needs, as appropriate;
- anonymisation of Personal Data performed on the basis of the Controller’s instruction with a view to transferring the anonymised data to the Processor and third parties.
- To avoid any doubt, the Processor agrees not to process any Personal Data for the Controller for any purpose other than the purpose specified in this Art. 4.2 hereof.
- Processing of Personal Data by the Processor will have the form of collecting, recording, storing on information carriers, sorting, transfer and retention, anonymisation, as well as any other form necessary for the provision of the Service and performance of the obligations under the Agreement, including the Terms and Conditions; this activity will be carried out by automated means or manually, as applicable, so as to ensure that it corresponds to the purpose of the Personal Data processing pursuant to Art. 4.2 hereof.
- The Processor will process the Personal Data for the term of the Agreement.
- The Processor agrees to inform the Controller if, in the Processor’s opinion, a certain instruction of the Controller violates the GDPR or other regulations of the European Union or another Member State. Failure to comply with such an instruction will not constitute breach of the Processor’s obligations hereunder.
- The Processor agrees to maintain confidentiality of the Confidential Information.
- In relation to the Confidential Information, the Processor agrees to bind all its employees or third parties who process Personal Data on the basis of an agreement with the Processor, as applicable, to maintain confidentiality to the same extent as the Processor, where this obligation shall survive the termination of the labour-law or contractual relationship between the relevant person and the Processor.
6. Personal Data security
- The Processor agrees to adopt suitable measures corresponding to the risks to prevent unauthorised or accidental access to the Personal Data, their modification, destruction or loss, unauthorised transfer and other unauthorised processing, as well as other misuse of Personal Data.
- Taking into account the circumstances, the Processor agrees to adopt the following protective measures; it agrees, in particular, to:
- protect Personal Data stored in electronic form against unauthorised access by creating access rights and control of access to the network; ensure protection, maintenance and monitoring of security and integrity of the Processor’s network;
- perform regular backups of data;
- appoint authorised natural persons to process Personal Data, where only these persons will be authorised to access and process Personal Data in accordance with the provisions hereof;
- adopt any other technical measures that are generally recognised as appropriate security measures for the Personal Data processing method used.
- The Processor agrees to process and document the adopted and implemented technical and organisational measures to ensure protection of Personal Data in accordance with the Personal Data Processing Act and other legal regulations, especially the GDPR, and to keep such documentation up-to-date. The Processor agrees to make the documentation of technical and organisational measures available to the Controller not later than within 15 business days of delivery of the Controller’s request.
7. Involvement of Further Processors
- As of the date of execution of the Agreement, the Controller expressly permits the Processor to involve the following Further Processors in Personal Data processing:
- SFDC Ireland Ltd., Id. No.: 394272, with its registered office at Route de la Longeraie 9, Morges, Switzerland, providing the Processor with the Heroku service;
- Microsoft Corporation, Id. No.: 600413485, with its registered office at One Microsoft Way, Redmond WA 98052, USA, providing the Processor with the Microsoft Azure service ;
- Improbable Worlds Ltd., Id. No.: 08070525, with its registered office at 10 Bishops Square, London E1 6EG, United Kingdom, providing the Processor with the networking engine service (network module) for Improbable video games;
- DataCamp Limited, Id. No.: 07489096, with its registered office at 207 Regent Street, London W1B HH, United Kingdom, providing the Processor with the CDN77 service;
- and other subcontractors – natural persons whose identification shall be provided by the Processor to the Controller at the Controller’s request upon execution of the Agreement with the Processor.
- The Processor shall inform the Controller of any and all Further Processors that the Processor wishes to engage in Personal Data processing, or of replacement of any Further Processors already involved. The Controller may raise justified objections against the involvement or change of the Further Processor within 5 business days of the date of delivery of the relevant notice of the Processor. If the Controller does not object to the involvement of a Further Processor within this deadline, it shall hold that the Controller agrees with the involvement of the Further Processor.
- The Processor agrees to bind the Further Processor with the same obligations as those binding on the Processor hereunder.
8. Co-operation and audit
- The Processor agrees to provide the Controller with co-operation to the extent necessary to ensure legal compliance of the Personal Data processing hereunder. Within this co-operation, the Processor agrees, without limitation, to:
- notify the Controller, without undue delay, of any breach of Personal Data or any other security incident that could affect the Personal Data processing hereunder or the rights and legally protected interests of data subjects;
- assist the Controller in assessing the impact on (of? – trans.) Personal Data processing hereunder on personal data protection, or in prior consultations with the supervisory authority;
- provide the Controller, without undue delay, with any and all underlying documents and information necessary to demonstrate that the Personal Data processing hereunder is carried out in accordance with the law;
- hand over to the Controller, without undue delay, requests of data subjects, which they are entitled to make under the law (right of access, rectification, erasure and other rights specified in Article 15 et seq. of the GDPR) and assist the Controller as appropriate in resolving such requests.
- The Controller may perform an Audit at the Processor on its own or through an authorised third party. The Processor agrees to provide the Controller or a third party authorised by the Controller with all co-operation necessary for the performance of the Audit, including, but not limited to, providing documentation on the technical and organisational measures for the Personal Data processing and other internal regulations concerning the Personal Data processing, and to make available its electronic and information systems to the extent necessary for the Audit for the necessary period of time. The Controller agrees to perform the Audit so as to affect the Processor’s operation only to the necessary extent.
- The Controller may perform the Audit each time the Processor or a Further Processor breaches obligations under this Agreement or under legislation for personal data processing.
- If the Controller intends to perform an Audit at the Processor, it is obliged to inform the Processor of this fact not later than 14 days before the date of the planned Audit. The Parties agree that the Processor may propose some other suitable date, but not later than 14 days after the date proposed by the Controller. The Processor is obliged to notify the Controller of this fact within 3 business days of the date of delivery of the Controller’s notice of the Audit. If the Controller disagrees with the proposed date, the Audit date will take place on the tenth business day following after the original date of the Audit proposed by the Controller.
- After completion of the Audit, the Controller or a person authorised by the Controller shall submit to the Processor a report on the Audit, which will include information on whether the Processor’s or Further Processor’s obligations have been breached and whether such breach constitutes a material breach pursuant to Art.8.7 hereof.
- Any costs of an Audit that does not confirm or detect a material breach of obligations of the Processor or Further Processor shall be borne by the Controller. The costs of an Audit that confirms or detects a material breach of the Processor’s or Further Processor’s obligations shall be borne by the Processor, but shall not exceed the amount of CZK 10,000. In that case, the Processor agrees to compensate the Controller for the costs of the Audit within 14 days of submission of the bill.
- For the purposes of Art. 8.5 and 8.6 hereof, the material breach of the Processor’s obligations means any breach of:
- the obligation to process Personal Data only in accordance with and for the purpose specified by the Controller set out in Art. 4.2 hereof;
- the obligation to maintain confidentiality set out in Art. 5.1 hereof;
- the obligation to introduce security measures set out in Art. 6.2 and the obligation to document these measures under Art. 6.3;
- the obligation not to involve Further Processors in the processing without informing the Controller in advance set out in Art. 7.3;
- the obligation to report breach of Personal Data security or some other security incident set out in Art. 8.1.3.
- The Processor agrees to adopt, without undue delay, technical and organisational measures to remedy errors or security risks ascertained by the Audit to the extent necessary to ensure the remedy.
- The Processor agrees that the Controller will be authorised to perform an Audit at the Further Processor within the scope and under the conditions set out in Art. 8.2 to8.8 hereof.
9. Other obligations of the Processor
- The Processor agrees to perform the obligations of personal data processor set out in the Personal Data Protection Act, the GDPR and herein; in particular, it agrees to:
- comply with the means and methods of Personal Data processing stipulated herein;
- retain Personal Data only for the period determined by the Controller;
- proceed, in processing of Personal Data within the Controller’s instruction, so as not to infringe the rights of any of the data subjects, in particular the right to the preservation of human dignity, and also to ensure that the private and personal life of data subjects is protected against unauthorised interference;
- destroy the Personal Data if so instructed by the Controller or if so requested by a data subject, unless it is required by the law to retain such Personal Data; and
- not to transfer Personal Data to third parties without the Controller’s authorisation.
10. Termination of Personal Data processing
- In the event of termination of the Agreement, the Processor agrees to transfer all Personal Data to the Controller and delete the existing copies unless the law requires that the Processor retains such existing copies.
- The Processor agrees to maintain confidentiality pursuant to Article 5 hereof and to ensure security of Personal Data even after termination of the Agreement if the Personal Data is not destroyed.