Terms of Service
Effective from 23 May 2018
- 1. Agreement
- 1.1. These Terms specify the agreement between You and Proactive Software regarding the Services. They set out our obligations as a service provider and Your obligations as a customer. Please read them carefully.
- 1.2. These Terms apply from the time that Proactive Software provides You with access to any Service. By using the Services You acknowledge that You have read and understood and agree to be bound by these Terms.
- 1.3. If You are using the Service on behalf of a business, You represent to us that You have authority to bind that business or entity to these Terms and that business accepts these Terms.
- 1.4. The Services are provided for the length of term chosen by You when you select your plan, subject to Your right to cancel Your account or terminate the Services in accordance with clause 7 and Our right to suspend the Services or terminate this Agreement in accordance with clause 8.
- 1.5. Whilst Proactive Software prohibits unauthorized conduct and content on the Services as indicated below, you may be exposed to such materials and you agree to use the Service at your own risk.
- 2. Access to Services
- 2.1. Proactive Software grants You the right to access and use the Services You have purchased via the Website and according to Your subscription type. This right is non-exclusive, non-transferable, and limited by and subject to this Agreement.
- 3. Changes to the Services
- 3.1. Proactive Software may modify the Services, the Proactive Software Materials and Technology and/or the manner in which the Services are delivered at any time. We will notify You if we make a significant change to the Services.
- 4. Restrictions on Use
- 4.1. You must only use the Service, Website and where applicable, the APIs, for Your own lawful purposes, and in accordance with this Agreement and any notice sent by Proactive Software or condition posted on the Website.
- 4.2. You must not operate or use the Services if You are under the age of 16.
- 4.3. As a condition of access, when accessing and using the Services, and where applicable, the APIs, You must:
- 4.3.1. not collect or attempt to collect any information or communication about any other users of the Service including by monitoring or by intercepting any process or communication initiated by the Service;
- 4.3.2. not attempt to undermine the security or integrity of Proactive Software computing systems or networks or, where the Services are hosted by a third party, that third party's computing systems and networks;
- 4.3.3. not attempt to gain unauthorized access to any materials other than those to which You have been given express permission to access or to the computer system on which the Services are hosted;
- 4.3.4. not transmit, or input into the Services or the Website, any files that may damage any other person's computing devices or software (including by introducing any malicious software or code);
- 4.3.5. not input into the Services or the Website any content that may be offensive, or material or data in violation of any law (including data or other material protected by copyright or trade secrets which You do not have the right to use);
- 4.3.6. not attempt to modify, copy, adapt, reproduce, disassemble, decompile or reverse engineer any computer programs used to deliver the Services or to operate the Website; and
- 4.3.7. not grant or assign rights in the Services or the Website in any way.
- 4.4. Your subscription and Our Service Fees are "per user". The maximum number of users You are allowed to have access the Services is specified in your subscription plan. Only one person may be associated with a user account. You may swap out, delete or suspend a user, and then assign a new user to Your account but you must not exceed the number of users in any way.
- 5. Fees and Payment
- 5.1. The Website sets out the Service Fees. You must pay the Services Fees in advance.
- 5.2. You may pay by credit card, or on invoice where indicated in the subscription plan. Where payment is on invoice, payment is due within 14 days after the invoice is received. Late payments may result in Your account suspension and subsequent cancellation.
- 5.3. No refunds will be made for partial months of service or unused subscriptions.
- 5.4. All fees charged are exclusive of local sales taxes which are Your responsibility to pay.
- 5.5. We may change the Services Fees at any time. Any changes will commence at the beginning of any further or renewal terms after your current subscription term.
- 6. Your Account Information
- 6.1. You agree to provide us with accurate and complete registration and account information and to maintain and promptly update that information in the event of any changes to ensure it is current at all times.
- 6.2. You agree to keep Your login details confidential and secure and will not share them with others.
- 6.3. You are solely responsible for all activity in connection with access to the Services and/or Website through your account or using your login.
- 6.4. If You know or suspect that Your login information has or is likely to become used in an unauthorized way You must immediately change Your password. If You are unable to change Your password, You must immediately notify Proactive Software. We may request that you change your password(s) in connection with the Services at any time, and you will promptly comply with any such request and all reasonable directions We issue in relation to the Services.
- 7. Cancellation
- 7.1. You can cancel Your account and/or terminate the Services at any time by email sent to firstname.lastname@example.org
- 7.2. If You cancel Your account or terminate the Services before the end of Your subscription term, Proactive Software will not provide any refund for any remaining prepaid period for that term.
- 8. Suspension and termination
- 8.1. If:
- 8.1.1. You breach any of these Terms and the breach is not capable of being remedied;
- 8.1.2. You breach any of these Terms where the breach is capable of being remedied but You do not remedy the breach within 14 days after receiving notice of the breach;
- 8.1.3. You or Your business become insolvent, go into liquidation, have a receiver or manager appointed, make any arrangement with Your creditors, or become subject to any similar insolvency event in any jurisdiction;
- 8.1.4. Proactive Software has not received payment of an invoice issued to You within 7 days after the due date, and You have failed to remedy the non-payment within 7 days of receiving notice of the non-payment;
- 8.1.5. as determined by Proactive Software, Your use of the Service may result in material harm to Proactive Software services or any of its users including, if You are using the API and Your code causes unacceptable server load or issues or your use of the Services is otherwise unlawful,
- 8.2. then Proactive Software may, at its sole discretion:
- 8.2.1. terminate this Agreement and/or Your use of the Services and the Website; or
- 8.2.2. suspend for any definite or indefinite period of time, Your access to and use of the Services and the Website.
- 8.3. Where We take any action under this clause 8, We will promptly notify You.
- 9. Consequences of termination
- 9.1. Termination of these Terms is without prejudice to any rights and obligations of the parties accrued up to and including the date of termination. On termination of this Agreement You will:
- 9.1.1. remain liable for any accrued charges and amounts which become due for payment before or after termination; and
- 9.1.2. immediately cease to use the Services and the Website.
- 9.2. Clauses 5, 11, 15, 16, 17, 18, 19, and 25 survive the expiry or termination of these Terms.
- 10. Service Availability and Support
- 10.1. Proactive Software aims to provide a Service availability of 99.99%. In the event of an outage or server access issue, Proactive Software will act to restore customer server access.
- 10.2. While Proactive Software makes all efforts to prevent any disruption to Services during any update or upgrade, there may be times where the Service is inaccessible for a period of time..
- 10.3. Proactive Software is committed to providing excellent customer service, we aim to answer most support issues within 3 hours but Proactive Software makes no guarantee on the period of time before support is provided.
- 10.4. In the event that urgent support is required, we will do take all practical steps to assist. Email support is available 24/7, phone support is available 7am-6pm, Mon-Fri based on Pacific time - GMT+12.
- 11. Intellectual Property
- 11.1. You acknowledge and agree that Proactive Software or its licensor is and remains the owner of, and retains all Intellectual Property Rights in the Proactive Software Materials and Technology, the Services, the Website and any derivative works of them. Except for the right to access the Services and the Website provided for in this Agreement, You do not obtain any rights in the Proactive Software Materials and Technology or the Services.
- 11.2. Each party consents to the other party's use of its brand for the purpose of promoting the use of the Proactive Software services by other potential customers. There is no charge associated with such use and use must be in accordance with any brand use guidelines notified by the owning party from time to time.
- 12. Data
- 12.1. As between You and Proactive Software:
- 12.1.1. Proactive Software owns the rights, title, interest and Intellectual Property Rights in the Proactive Software Data. Proactive Software grants You the right, for the term of this Agreement, to access and use any Proactive Software Data that We supply to You in relation to the Services; and
- 12.1.2. You own the rights, title, and interest and Intellectual Property Rights in the Customer Data. You grant Proactive Software the right to access and use the Customer Data in relation to the Services and to provide support.
- 12.2. Where You incorporate or enter data into the Services You must ensure, in relation to such data, that:
- 12.2.1. You collect and maintain any personal information in the data in compliance with privacy laws;
- 12.2.2. You obtain any necessary third party permissions or consents;
- 12.2.3. You comply with any applicable third party license terms; and
- 12.2.4. the data does not incorporate any unlawful, illegal, fraudulent or harmful data
- 12.3. Proactive Software does not pre-screen any content but reserves the right (but not the obligation) to refuse or remove any content available via the Service that violates our Terms.
- 12.4. Subject to clause 12.5 You may export the Customer Data at any time.
- 12.5. On Your cancellation of Your account or termination of Services in accordance with clause 7 or Our termination of this Agreement or Your access to the Services in accordance with clause 8, Your Customer Data will be held for three months and then permanently deleted unless applicable law requires retention. Retained data is subject to the confidentiality provisions of the Agreement.
- 12.6. Demo sessions and trials of Proactive Software products are archived the month after creation and deleted the following month. After that period if you would like to use the Services, you must purchase a subscription.
- 13. Data Processing Agreement
- 13.1. The Data Processing Agreement set out in Annex A applies to the extent that Proactive Software is processing Personal Data subject to EU Data Protection Law in the course of the performance of the Services.
- 14. Security and privacy
- 14.1. You consent to Proactive Software's Privacy Notice (available here www.proworkflow.com/company/privacy) which explains how We process any personal information We collect.
- 14.2. We will endeavour to provide a secure environment to protect the integrity and security of the Service and of Your information and to prevent data loss. However, except where We are liable under the Applicable Data Protection Law, We provide no guarantee or warranty in relation to data loss or data breaches. You are responsible for backing up the Customer Data.
- 14.3. In the event of a security incident or privacy breach, We will take reasonable and necessary measures and actions to mitigate the incident or breach and/or impact of its effects and We will notify You of any subsequent changes to the Website or Services.
- 15. Confidentiality
- 15.1. Each party's obligations under this clause will survive termination of these Terms. Unless the relevant party has the prior written consent of the other or unless required to do so by law:
- 15.1.1. Each party will preserve the confidentiality of all Confidential Information of the other obtained in connection with these Terms. Neither party will, without the prior written consent of the other, disclose or make any Confidential Information available to any person, or use the same for its own benefit, other than as contemplated by these Terms.
- 15.1.2. Clause 15.1.1 will not apply to any information which:
- 18.104.22.168. is or becomes public knowledge other than by a breach of this clause;
- 22.214.171.124. is received from a third party who lawfully acquired it and who is under no obligation restricting its disclosure;
- 126.96.36.199. is in the possession of the receiving party without restriction in relation to disclosure before the date of receipt from the disclosing party; or
- 188.8.131.52. is independently developed without access to the Confidential Information.
- 16. Warranties
- 16.1. Each party warrants:
- 16.1.1. it has full power, capacity and authority to execute, deliver and perform its obligations under this Agreement; and
- 16.1.2. once executed, this Agreement constitutes legal, valid and binding obligations and is enforceable in accordance with its terms.
- 17. Warranty limitations
- 17.1. Other than the warranties in clause 16.1, Proactive Software makes no other warranty, representation or undertaking whatsoever in respect of the Services, including that Proactive Software does not warrant that the Services or any data will meet Your requirements or that they will be suitable for any particular purpose, will be compatible with any application, program or software not specifically identified as compatible or will be secure, uninterrupted or error-free.
- 17.2. To avoid doubt, all implied conditions or warranties are excluded in so far as is permitted by law, including warranties of merchantability, fitness for purpose, title and non-infringement.
- 17.3. You are acquiring the Services for the purposes of a business and the Consumer Guarantees Act 1993 does not apply to this Agreement.
- 18. Limitation of Liability
- 18.1. Your use of the service is at your sole risk. The service is provided on an "as is" and "as available" basis. To the greatest extent possible in accordance with applicable laws, We specifically disclaim any liability (whether based in contract, tort, strict liability or otherwise) for any direct, indirect, incidental or consequential damages arising out of or in any way connected with the access to or use of the Services or the Website.
- 18.2. In all cases where our liability is not excluded:
- 18.2.1. our liability is limited to the total amount We have received from You for the Service that the liability directly relates to; and
- 18.2.2. We will not be liable for any indirect, incidental, special or consequential damages, (including loss of profit, business, revenue, goodwill, anticipated savings, information or data).
- 18.3. Your only right with respect to dissatisfaction or problems with the Service is to cease to access and to use the Service.
- 19. You agree that You are solely responsible for any 3rd party applications You have built that access the ProWorkflow API. This includes supporting your code and any legal issues that may arise.
- 20. Indemnity
- 20.1. You indemnify Proactive Software against all claims, costs, damage and losses arising from Your breach of any of these Terms or any obligation You may have to Proactive Software, including any third party claims and any costs relating to the recovery of any fees that are due but have not been paid.
- 21. API license
- 21.1. Conditional upon You following these Terms, Proactive Software grants you a limited, non-exclusive, non- assignable, non-transferable license to use the ProWorkflow API to develop, test, and support any software application, website, or product, and to integrate the ProWorkflow API with your Application. Your license is subject to the limitations set out in these Terms and you agree that Proactive Software may terminate your license to use the ProWorkflow APIs if you violate these Terms in relation to the ProWorkflow API.
- 21.2. In addition to the restrictions in clause 4:
- 21.2.1. You may not use the ProWorkflow API or any other technology in a manner that accesses or uses any information beyond what Proactive Software allows under these Terms or the Online Documentation, that changes the Services, that breaks or circumvents any of Proactive Software's technical, administrative, process or security measures, that disrupts or degrades the performance of the Services or the ProWorkflow API, or that tests the vulnerability of Proactive Software's systems or networks;
- 21.2.2. You may not use the ProWorkflow API to replicate or compete with core products or services offered by Proactive Software; and
- 21.2.3. you may not sell, rent, lease, sublicense, redistribute, or syndicate access to the ProWorkflow API.
- 21.3. You are solely responsible for any 3rd party applications you have built, purchased or licensed that access the ProWorkflow API. This includes supporting your code and any legal issues that may arise.
- 22. App Store
- 22.1. Where you purchase our application through an App Store, You acknowledge that these Terms do not apply. Each App Store may have its own terms and conditions which apply. Your use of any App Store and/or download of any application from an App Store is solely at Your risk.
- 23. Revisions
- 23.1. We may amend these Terms at any time without notice, by posting the revised version on the Website, by notifying you in accordance with clause 24 or by communicating it to You through the Services). Revised terms will be effective from the time they are posted, but will not apply retroactively. Your continued use of the Services after the posting of revised terms constitutes Your acceptance of such revised terms.
- 24. Notices
- 24.1. Proactive Software will deliver all notices under this Agreement by email sent to the email address used by You to register for the Services. You will deliver any notice by email sent to email@example.com
- 25. Miscellaneous
- 25.1. Entire agreement: These Terms, together with the Privacy Notice, the Data Processing Agreement where applicable, and the terms of any other notices or instructions We give to You under these Terms constitute the entire agreement between You and Proactive Software and govern your use of the Services and Website. These Terms supersede any prior agreements or earlier versions of these Terms between You and Proactive Software for the use of the Services and Website as of the effective date indicated at the beginning of these Terms.
- 25.2. Delays: Neither party will be liable for any delay or failure in performance of its obligations under these Terms if the delay or failure is due to any cause outside its reasonable control. This clause does not apply to any obligation to pay money.
- 25.3. No Assignment: You may not assign or transfer any rights to any other person without Proactive Software's prior written consent.
- 25.4. Waiver: The failure by any party to enforce any provisions of this agreement at any time shall not operate as a waiver of that provision in respect of the particular act or omission or any other act or omission.
- 25.5. Governing law: This Agreement is governed by the laws of New Zealand, and each party irrevocably submits to the non-exclusive jurisdiction of the New Zealand courts.
- 25.6. Jurisdictional Matters: If You are residing in a jurisdiction which restricts the use of internet-based applications according to age, or which restricts the ability to enter into agreements such as this Agreement according to age and You are under such a jurisdiction and under such age limit, You may not enter into this Agreement and access or use the Service. If You are residing in a jurisdiction where it is forbidden by law to offer or use software for internet communication, You may not enter into this Agreement and You may not download, access or use the Service. By entering into this Agreement, You represent that You have verified in Your own jurisdiction that Your use of the Service is allowed.
- 26. Interpretation and definitions
- 26.1. Interpretation: In these Terms, unless the context otherwise requires:
- 26.1.1. the singular includes the plural and vice versa;
- 26.1.2. a reference to materials means a reference to materials of any kind whether in the form of documentation, software or otherwise;
- 26.1.3. a reference to either party includes reference to its successors and permitted assigns (and where the context so permits) its personnel and representatives;
- 26.1.4. any agreement not to do a thing also constitutes an agreement not to suffer or permit or cause that thing to be done;
- 26.1.5. the words "includes" and "including" are to be read as being followed by the words "without limitation"; and
- 26.1.6. a reference to any documentation and the Website includes as varied or substituted.
- 26.2. Defined terms:
App Store means a third party facility where you can purchase applications including the Apple iPhone store.
Applicable Data Protection Law means all applicable data protection and privacy laws including, where applicable, EU data protection law or New Zealand privacy law.
Customer Data means any data inputted by You or with Your authority into the Website or the Services.
Online Documentation means the documentation available on the Website regarding the Services and use of the Services.
Parties means the customer and Proactive Software.
Proactive Software Data means all data collected by Us or inputted by Us into a Service or supplied by Us to You that is not Customer Data.
Proactive Software, We and Us means Proactive Software Limited (New Zealand Registered Company number 1439564) and includes its successors and assigns, related companies, officers, directors, employees and agents.
Proactive Software Materials and Technology means the materials and technology used by Proactive Software in relation to the Services including design and architecture, methodologies and tools, software and products and any online documentation.
ProWorkflow API means the API that Proactive Software makes available to customers.
Services means the project management software related services supplied by Proactive Software under the trading name ProWorkflow.
Terms means these Terms of Service.
Website means Proactive Software's website at https://www.proworkflow.com.
You means you as the customer of the Services and Your has a corresponding meaning.
ANNEX 1: Data Processing Agreement
- 1. Agreement
- 1.1. Application: This Data Processing Agreement applies to the extent that Personal Data which is subject to EU Data Protection Law is Processed in the course of the performance of the Services. The Parties acknowledge and agree that with regard to such Processing of Personal Data, the customer is the Data Controller and ProWorkflow is a Data Processor.
- 1.2. Authority: If the customer is using the Services on behalf of a business, the customer represents to ProWorkflow that it has authority to bind that business or entity to this Data Processing Agreement and that the business accepts this Data Processing Agreement.
- 1.3. Personal Data: An overview of the categories of Personal Data, the types of Data Subjects, and purposes for which the Personal Data are being processed is provided in Annex 1.
- 2. Data Processing
- 2.1. Data Controller's authority: The Data Controller will, in determining the Services purchased and the Personal Data used in relation to those Services, determine the scope, purposes, and manner by which the Personal Data may be accessed or processed by the Data Processor.
- 2.2. Restrictions on processing: The Data Processor will only process the Personal Data:
- 2.2.1. on documented instructions of the Data Controller.This Data Processing Agreement constitutes the initial instructions and each use of the Services then constitutes further instructions. The Data Processor will use reasonable efforts to follow any later Data Controller instructions, as long as they are required by Data Protection Law, technically feasible and do not require changes to the Services. If the Data Processor otherwise cannot comply with an instruction or is of the opinion that an instruction infringes Applicable Data Protection Law, the Data Processor will immediately notify the Data Controller; or
- 2.2.2. to comply with a legal obligation to which the Data Processor is subject. In such a case, the Data Processor shall inform the Data Controller of that legal obligation before processing, unless that law explicitly prohibits the furnishing of such information to the Data Controller.
- 2.3. Customer Agreement and discretion: The Parties have entered into a Customer Agreement in order to benefit from the expertise of the Data Processor in securing and processing the Personal Data for the purposes of the supply of the Services. The Data Processor may exercise its own discretion in the selection and use of such means as it considers necessary to pursue those purposes, subject to the requirements of this Data Processing Agreement.
- 2.4. Data Controller warranty: The Data Controller warrants that it has all necessary rights to provide the Personal Data to the Data Processor for the Processing to be performed in relation to the Services. To the extent required by the Applicable Data Protection Law, the Data Controller is responsible for ensuring that any necessary data subject consents to this Processing are obtained, and for ensuring that a record of such consents is maintained. If such consent is revoked by the data subject, the Data Controller is responsible for removing the relevant Personal Data from the Services.
- 2.5. Use of third party products: The Services may provide links or integrations or an API which may be used to facilitate integrations to or from Third Party Applications. If Customer elects to integrate with, enable, access or use an API to interact with such Third Party Applications it does so at its own risk and the Data Processor has no responsibility or liability for any Personal Data processed by or through such Third Party Applications. The Data Controller expressly acknowledges and agrees that all enabled Third Party Applications are expressly authorized by the Data Controller and the Data Processor is not a co-processor, subprocessor or controller with respect to any Personal Data processed by or on behalf of the Data Controller through a Third Party Application.
- 3. Confidentiality
- 3.1. Personal Data confidential: The Data Processor shall:
- 3.1.1. treat all Personal Data as strictly confidential;
- 3.1.2. inform all its employees, agents and/or Sub-processors engaged in processing the Personal Data of the confidential nature of the Personal Data; and
- 3.1.3. ensure that all such persons or parties have signed an appropriate confidentiality agreement, are otherwise bound to a duty of confidentiality, or are under an appropriate statutory obligation of confidentiality.
- 4. Security
- 4.1. Technical and organisational measures: The Data Processor shall implement and maintain the Technical and Organisational Measures. The Data Controller agrees that it has reviewed the Technical and Organisational Measures. Each party acknowledges that it considers the Technical and Organisational Measures to be appropriate for non-sensitive categories of Personal Data, taking into account the state of the art, the costs of implementation and the nature, scope, context and purposes of processing, taking account all the risks that are presented by processing, in particular from a Personal Data Breach. The Data Processor does not represent that the Technical and Organisational Measures are appropriate for special categories of data or data regarding minors or criminal history and the Data Controller acknowledges that the Technical and Organisational Measures may not be appropriate for such data.
- 4.2. Types of Personal Data: The Data Controller acknowledges that the Data Processor does not review the types of Personal Data collected in relation to the Services. If the Data Controller submits sensitive Personal Data to the Services, the Data Controller is solely responsible if the Technical and Organisational Measures do not meet the GDPR standard of appropriateness.
- 4.3. Changes to measures: The Data Processor may change the Technical and Organisational Measures at any time without notice so long as it maintains a comparable or better level of security. The Parties will negotiate in good faith the cost, if any, to implement changes required by specific updated security requirements in Applicable Data Protection Law or by data protection authorities of competent jurisdiction.
- 4.4. Login details: The Data Controller shall keep its login details confidential and secure and will not share them with others.If the Data Controller knows or suspects that its login information has or is likely to become used in an unauthorized way it shall immediately change its password or notify the Data Processor if it cannot change its password.
- 4.5. Directions: The Data Controller shall promptly comply with all reasonable directions issued by the Data Processor in relation to security or the Services.
- 5. Demonstration and audit
- 5.1. Demonstration: At the request of the Data Controller, the Data Processor shall make available to the controller all information necessary to demonstrate compliance with the obligations laid down in Article 28 of the GDPR.
- 5.2. Audit: The Data Controller shall be entitled on giving at least 14 days' notice to the Data Processor to carry out, or have carried out by a third party who has entered into a confidentiality agreement with the Data Processor, audits of the Data Processor's premises and operations as these relate to the Personal Data. The Data Processor shall cooperate with such audits carried out by or on behalf of the Data Controller and shall grant the Data Controller's auditors reasonable access to any premises and devices involved with the Processing of the Personal Data. The Data Processor shall provide the Data Controller and/or the Data Controller's auditors with access to any information relating to the Processing of the Personal Data as may be reasonably required by the Data Controller to ascertain the Data Processor's compliance with this Data Processing Agreement.
- 6. Personal Data Breach
- 6.1. Notifications: The Data Processor shall notify the Data Controller without undue delay upon becoming aware of a Personal Data Breach affecting Personal Data, providing Data Controller with sufficient information to allow the Data Controller to meet any obligations to report or inform Data Subjects of the Personal Data Breach under the Applicable Data Protection Laws. Such shall contain:
- 6.1.1. a description of the nature of the incident, including where possible the categories and approximate number of data subjects concerned and the categories and approximate number of Personal Data records concerned;
- 6.1.2. the name and contact details of the Data Processor's data protection officer or another contact point where more information can be obtained;
- 6.1.3. a description of the likely consequences of the incident; and
- 6.1.4. a description of the measures taken or proposed to be taken by the Data Processor to address the incident including, where appropriate, measures to mitigate its possible adverse effects.
- 6.2. Co-operation: The Data Processor shall co-operate with the Data Controller and take such reasonable commercial steps as are directed by Data Controller to assist in the investigation, mitigation and remediation of each such Personal Data Breach.
- 7. Contracting with Sub-Processors
- 7.1. Authorisation: The Data Processor lists the Sub-processors on its Website, including the name, address and role of each Sub-processor. The Data Controller authorises the engagement of such Sub-processors.
- 7.2. Changes: Where the Data Processor removes, adds or replaces a Sub-processor, it will update the list on the Website, thereby giving the Data Controller the opportunity to object to such changes. If the Data Controller objects to such changes to the sub-processors, its sole remedy is to cancel or terminate its account or the Services.
- 7.3. Liability: Notwithstanding authorisation by the Data Controller in accordance with this clause 7, the Data Processor shall remain fully liable vis-à-vis the Data Controller for the performance of any such subprocessor that fails to fulfil its data protection obligations.
- 7.4. Sub-processor obligations: The Data Processor shall ensure that where it engages a Sub-processor for carrying out specific processing activities on behalf of the Data Controller, it will impose the data protection obligations as set out in this Data Protection Agreement as referred to in paragraph 3 of Article 28 of the GDPR on that Sub-processor, in particular providing sufficient guarantees to implement appropriate technical and organisational measures in such a manner that the processing will meet the requirements of the GDPR.
- 7.5. Transfer: The Data Processor may transfer information to multiple countries as part of providing Services. If information originates from the European Economic Area ("EEA") the Data Processor will not transfer the information outside of the EEA unless it has taken such measures as are necessary to ensure the transfer is compliant with the EU Data Protection Law.
- 7.6. Requests from data subjects: The Data Processor shall promptly notify Data Controller if any Sub-processor receives a request from a Data Subject under any Data Protection Law in respect of Personal Data and ensure that the Sub-processor does not respond to that request except on the documented instructions of Data Controller or as required by Applicable Data Protection Laws to which the Sub-processor is subject, in which case Data Processor shall to the extent permitted by Applicable Laws inform Data Controller of that legal requirement before the Sub-processor responds to the request.
- 8. Data Transfers
- 8.1. Transfers: The Data Processor shall be entitled to process Personal Data, including by using Subprocessors, outside the country in which the Data Controller is located as permitted under Data Protection Law. Where the Data Processor transfers Personal Data to a country outside of the European Economic Area without an adequate level of protection, it lists such transfers on its Website. The Data Controller authorises such transfers. If the Data Controller objects to such transfers, its sole remedy is to cancel or terminate its account or the Services.
- 8.2. Statutory mechanism: To the extent that the Data Controller or the Data Processor are relying on a specific statutory mechanism to normalize international data transfers that are subsequently modified, revoked, or held in a court of competent jurisdiction to be invalid, the Data Controller and the Data Processor agree to cooperate in good faith to promptly terminate the transfer or to pursue a suitable alternate mechanism that can lawfully support the transfer.
- 9. Returning or Destruction of Personal Data
- 9.1. Deletion or destruction: The Data Processor shall at the choice of the Data Controller, delete or return all the Personal Data to the Data Controller after the end of the provision of the Services, and delete existing copies subject to clause 9.3.
- 9.2. Return: The Data Controller agrees that return of Personal Data shall be undertaken by the Data Controller exporting the applicable Personal Data from the Services prior to any termination of the Services.
- 9.3. Retained data: The Data Processor may retain Personal Data to the extent and for such period as required by applicable laws (for example, applicable New Zealand tax laws). The Data Processor shall ensure the confidentiality of all such retained Personal Data.
- 9.4. Notification of third parties: The Data Processor shall notify all third parties supporting its own processing of the Personal Data of the termination of the Data Processing Agreement and shall ensure that all such third parties shall either destroy the Personal Data or return the Personal Data to the Data Controller, at the discretion of the Data Controller.
- 10. Assistance to Data Controller
- 10.1. Technical and organisational measures: The Data Processor shall assist the Data Controller by appropriate technical and organisational measures, insofar as this is possible, for the fulfilment of the Data Controller's obligation to respond to requests for exercising the data subject's rights under EU Data Protection Law.
- 10.2. Assistance: The Data Processor shall assist the Data Controller in ensuring compliance with the obligations pursuant to Articles 32 to 36 of the GDPR taking into account the nature of processing and the information available to the Data Processor.
- 10.3. Impact assessments: The Data Processor shall provide reasonable assistance to the Data Controller for any data protection impact assessments, and prior consultations with Supervising Authorities or other competent data privacy authorities, which the Data Controller reasonably considers to be required by article 35 or 36 of the GDPR or equivalent provisions of any other data protection law, in each case solely in relation to Processing of Personal Data by the Data Processor, and taking into account the nature of the Processing and information available to the Data Processor. The Data Processor may charge for such assistance at its standard rates.
- 11. Records
- 11.1. Each party is responsible for its compliance with its documentation requirements, in particular maintaining records of processing where required under Applicable Data Protection Law. Each party shall reasonably assist the other party in its documentation requirements, including providing the information that the other party reasonably requests (such as through use of the Services), in order to enable the other party to comply with any obligations relating to maintaining records of processing.
- 12. Liability
- 12.1. Data subjects: The Parties agree that any Data Subject who has suffered damage as a result of any breach of this DPA may be entitled to seek compensation either from the Data Controller or the Data Processor. If the one Party has paid damages that are partly or fully attributable to the other Party, the former is entitled to claim back the relevant part of the damages from the latter.
- 13. Duration and Termination
- 13.1. Confidentiality: Termination or expiration of this Data Processing Agreement shall not discharge the Data Processor from its confidentiality obligations pursuant to clause 3.
- 13.2. Effective date: The Data Processor shall process Personal Data until the earlier of:
- 13.2.1. the date of termination of the Customer Agreement;
- 13.2.2. any date that the Data Controller instructs that Processing cease; or
- 13.2.3. the return or destruction of all Personal Data in accordance with clause 9.
- 14. Variations
- 14.1. Changes due to Applicable Data Protection Law: Either Party may propose variations to this Data Processing Agreement if it reasonably considers it to be necessary to address the requirements of any Applicable Data Protection Law. If either Party gives such notice, the Parties shall promptly discuss the proposed variations and negotiate in good faith with a view to agreeing and implementing those or alternative variations designed to address the identified requirements as soon as is reasonably practicable.
- 14.2. Changes due to Controller instruction: Where an amendment to the Customer Agreement or this Data Protection Agreement is necessary in order to execute a Data Controller instruction to the Data Processor including to improve security measures:
- 14.2.1. the Parties shall promptly discuss the proposed instruction and negotiate in good faith as soon as is reasonably practicable with a view to agreeing and implementing instruction; and
- 14.2.2. if the Parties are not able to reach agreement, the Data Controller's sole remedy is to sole remedy is to cancel or terminate its account or the Services.
- 15. Notices
- 15.1. Contract details:The Data Controller will deliver all notices under this Data Processing Agreement to the Data Processor's addresses for notices specified in Annex 2. The Data Controller will deliver all notices under this Data Processing Agreement by email sent to the email address used by the Data Controller to register for the Services, or an alternate address if the Data Controller notifies one.
- 16. Miscellaneous
- 16.1. Conflict in terms: In the event of any conflict between this Data Processing Agreement and the Customer Agreement, this Data Processing Agreement will take precedence.
- 16.2. Governing law: This Data Processing Agreement is governed by the laws of New Zealand, and each party irrevocably submits to the non-exclusive jurisdiction of the New Zealand courts.
- 17. Interpretation and definitions
- 17.1. Interpretation: In these Terms, unless the context otherwise requires:
- 17.1.1. the singular includes the plural and vice versa;
- 17.1.2. a reference to materials means a reference to materials of any kind whether in the form of documentation, software or otherwise;
- 17.1.3. a reference to either party includes reference to its respective successors in title and permitted assigns (and where the context so permits) its personnel and representatives;
- 17.1.4. any agreement not to do a thing also constitutes an agreement not to suffer or permit or cause that thing to be done;
- 17.1.5. the words "includes" and "including" are to be read as being followed by the words "without limitation"; and
- 17.1.6. a reference to any documentation and the Website includes as varied or substituted.
- 17.2. Defined terms:
- 17.2.1. Terms such as Processing and Personal Data Breach have the meaning ascribed to them in the GDPR.
- 17.2.2. In addition:
Applicable Data Protection Law means all applicable data protection and privacy laws including, where applicable, EU Data Protection Law or New Zealand privacy law.
Customer Agreement means the Terms of Service or, if the Parties have entered into a separate written agreement for the supply and use of the Services and the Website, that written agreement, each of which addresses the supply of Services to the customer.
Data Controller has the meaning given to "Controller" in the GDPR.
Data Processor has the meaning given to "Processor" in the GDPR.
EU Data Protection Law means Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of Personal Data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation).
GDPR means Directive 95/46/EC (General Data Protection Regulation) of EU Data Protection Law.
ProWorkflow means Proactive Software Limited (New Zealand Registered Company number 1439564 ) and includes its successors and assigns, related companies, officers, directors, employees and agents.
Parties means the customer and ProWorkflow.
Personal Data means such personal data (as that term is defined in the GDPR) as is provided by the Data Controller to the Data Processor for the purposes of the Data Processor providing the Services.
Services means the user research services supplied by ProWorkflow under a Customer Agreement.
Sub-processor means a processor engaged by ProWorkflow for carrying out specific processing activities on the customer's behalf.
Technical and Organisational Measures means the technical and organisational measures outlined on the Website.
Third Party Applications means third party products or services.
Website means the website at www.proworkflow.com.
ANNEX 2: DETAILS OF PROCESSING OF COMPANY PERSONAL DATA
This Annex 2 includes certain details of the Processing of Personal Data as required by Article 28(3) GDPR.
Subject matter and duration of the Processing of Personal Data
The subject matter and duration of the Processing of the Personal Data are set out in the principal part of this Data Processing Agreement.
Categories of Data Subject to whom the Personal Data relates
Data Controller may submit Personal Data to the Services, the extent of which is determined and controlled by the Data Controller in its sole discretion, and which may include, but is not limited to Personal Data relating to the following categories of data subjects:
- Data Controller's Users as authorised by Data Controller to use the Services
- Data Controller's customers' and contractors' information as submitted by Data Controller's Users
Categories of data
Data Controller may submit Personal Data to the Services, the extent of which is determined and controlled by the Data Controller in its sole discretion, and which may include, but is not limited to the following categories of Personal Data:
- Names, email addresses, phone/fax numbers, addresses, photos
Special categories of data/data regarding minors or criminal history
Data Controller may not submit special categories of data or data regarding minors or criminal history to the Services. Such data includes, for the sake of clarity, Personal Data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, trade-union membership, and the processing of data concerning health or sex life.
The objective of Processing of Personal Data by data importer is the performance of the Services pursuant to the Customer Agreement.
ANNEX 3: CONTACT DETAILS
Contact information of the Data Protection Officer of the Data Processor:
Richard Poole - firstname.lastname@example.org
Contact information for support requests: