These Terms of Service (the “Terms”) including its appendices listed below, order form and/or any other agreement constitutes the entire agreement (“Agreement”) between the Customer or You and Datalaksa  (”Datalaksa ” or “we,” “our” or “us”), regarding your use of our services specified in the Terms (the software, and services are collectively referred to as the “Service”). Please read these Terms carefully. You may authorize your employees or other individual authorized users (collectively, “Authorized Users”) to use the Service. You agree that you are fully responsible with respect to any use of the Service by an Authorized User, including any breach by an Authorized User of these Terms.

​

The following appendices forms an inseparable part of and is governed by the terms of these Terms of Service:

​

Annex 1: Data Processing Agreement

​

In the event of any conflicting terms in the Terms and its appendices, the Terms shall take precedence over the appendices, except in any matters relating to the processing of personal data, in which case Annex 1 (Data Processing Agreement) shall take precedence.

​

1. The Service

​

The Service is an analytics and reporting solution that helps customers collect their online data for reporting, analysis and active data management. The Service is provided only electronically through user interfaces on third party platforms, for example through an add-in or add-on functionality, and through interfaces hosted by Datalaksa.

​

2. Eligibility

​

The Service is not intended for users that are consumers (being an individual acting primarily for purposes other than a trade, business or profession) and the applicability of consumer protection legislation is therefore excluded. You must be 18 years of age or older to enter into this agreement and use the Service. You represent and warrant that any information you submit is true and accurate and that you are 18 years of age or older and are fully able and competent to enter into, and abide by these Terms, and that you have the authority to bind the Customer entity listed on the Agreement, if applicable.

​

3. Account Registration

​

All Authorized Users must register to use the Service. You agree to, and cause all Authorized Users to: (a) provide accurate, current and complete information as may be prompted by registration forms on the Service (“Registration Data”); (b) maintain the security of, and not share with any third party, any logins, passwords, or other credentials that you or any Authorized User selects or that are provided to you or any Authorized User for use on the Service; (c) maintain and promptly update the Registration Data, and any other information you or any Authorized User provides to us, and to keep all such information accurate, current, and complete; and (d) notify us immediately of any unauthorized use of any Authorized User account or any other breach of security by emailing us at privacy@datalaksa.com.  Any activity on an Authorized User’s account shall be the sole responsibility of the Customer.

​

4. Free Trial

​

We may at our sole discretion offer you free trials for selected features of the Service or a limited time trial period of the entire Service. Once your free trial period ends, your ability to access the Service will terminate. Datalaksa  reserves the right to determine if you are eligible for a free trial and to discontinue any free trial without notice at our sole discretion.

​

5. Fees and payment

​

Access to selected features of the Service may be provided to you free of charge. We will charge fees for certain features, either on a one-time or a subscription basis (“Paid Services”). Datalaksa  reserves the right to implement fees or change the fees for certain services at any time by providing you notice on the Service or otherwise. When you purchase any Paid Services, you authorize Datalaksa  or its third party payment processors to charge the credit card identified by you (which you represent and warrant that you are authorized to use) all applicable fees for your purchase, including all applicable taxes, and you agree that our payment provider can store your credit card information. If Datalaksa  does not receive payment from your credit card provider, you agree to pay all amounts due upon demand and Datalaksa  may suspend your access to the Services until full payment is received or terminate the Terms of Service. All sales are final and Datalaksa  will not issue refunds, including for prepaid monthly fees. If you choose an automatic recurring payment and later decide to end your subscription, cancelling the payment is your responsibility. Datalaksa  does not refund automatic payments not cancelled in time.

​

6. Access; Use Restrictions

​

Datalaksa  hereby grants you the right to access and use the Service, subject to your compliance with these Terms at all times, including timely payment of all applicable fees.  Your right to access and use the Service is personal, limited to your internal business purposes, non-transferable, non-exclusive, and revocable. With the tools provided by Datalaksa , you may create additional connectors to the Service (“Custom Connector(s)”), which you may use solely with the Service to support your permitted use of the Service. 

​

Your access and use of the Service are based on the Service client, data source, data destination and usage restrictions. Access and use may be restricted to one individual, company, your Datalaksa  team or specific data access/usage. There may be additional restrictions, which may change from time to time, and we will use reasonable efforts to provide you with advance notice of impending changes in a timely manner. Specific written agreements for access and usage restrictions will be indicated in the Agreement and they will override these Terms.

​

Without limiting the generality of the foregoing, you will not, will not attempt to, and will not permit or encourage any third party to:

​

1. reverse engineer, disassemble, decompile, decode, or otherwise attempt to derive or gain improper access to any software component of the Service, in whole or in part;

2. modify or create derivative works of the Service, in whole or in part (except for Custom Connectors);

3. use the Service in any manner or for any purpose that infringes, misappropriates, or otherwise violates any intellectual property right or other right of any third party including but not limited to accessing Custom Connector Services for which you have no rights or in violation of the terms of Custom Connector Services;

4. interfere with or disrupt the integrity of the Service or any content or data contained therein or transmitted thereby;

5. access, monitor, or copy any content or information on the Service using any robot, spider, scraper, or other automated means or any manual process for any purpose without our express written permission;

6. violate the restrictions in any robot exclusion headers on the Service or bypass or circumvent other measures employed to prevent or limit access to the Service;

7. take any action that imposes, or may impose, in our discretion, an unreasonable or disproportionately large load on our infrastructure;

8. deep-link to any portion of the Service for any purpose without our express written permission;

9. “frame”, “mirror,” sell, resell, rent, or lease any portion of the Service or otherwise incorporate any part of the Service into any other website without our prior written authorization;

10. input any virus, malware, or other harmful code into the Service;

11. use the Service or any Datalaksa  Confidential Information for benchmarking or competitive analysis with respect to competitive or related products or services or to develop, commercialize, license, or sell any product, service, or technology that could, directly or indirectly, compete with the Service; or

12. violate any applicable local, provincial national, or international law or regulation.

​

We may at any time suspend or terminate your or any Authorized User’s access to the Service if we have reason to believe that you are not complying with the Terms or you are otherwise abusing the Service.

​

7. Third-party services, data and content

​

7.1 The Service allows you to gather data from multiple third-party data sources and services, including various third-party websites (jointly “Third-Party Services”). The Third-Party Services from which the data can be gathered are selected by Datalaksa  at its sole discretion and Datalaksa  may, during the Term, change the Third-Party Services that are compatible with the Service. In addition, Datalaksa  may discontinue the compatible Third-Party Services if the applicable service providers of the Third-Party Services discontinue the relevant services or discontinue making such services available to Datalaksa . If you create Custom Connectors to access third-party services of your choice (“Custom Connector Services”), you shall be solely liable for accessing such Custom Connector Services. Datalaksa  shall have a right to discontinue your use of Custom Connector Services, if you breach the terms of this Agreement.

​

7.2 Datalaksa  assumes no liability whatsoever for the data or other content collected from Third-Party Services, such as Facebook, Google Analytics and Google Ads or from Custom Connector Services. You are solely responsible for ascertaining that you have the right to use the Service for gathering and processing any such data by using the Service, and you must obtain any such consents and authorizations as may be needed from time to time in relation to such data or other content and their processing by using the Service. We do not assume any liability for such Third-Party Services, Custom Connector Services or software, and you are exclusively responsible for obtaining any necessary licenses or consents needed for their use. You must familiarize yourself with the applicable terms and conditions, including any restrictions on use, in relation to any such Third-Party Services and Custom Connector Services and you agree to comply with the third-party terms and conditions applicable to the Third-Party Services and Custom Connector Services in addition to the terms of the Agreement.

​

7.3 Furthermore, the Service may contain links to web pages and content of third parties as a service to those interested in this information. We do not monitor, endorse, or adopt, or have any control over any third-party web pages or content. We undertake no responsibility to update or review any such web pages or third-party content and can make no guarantee as to its accuracy or completeness. Additionally, if you follow a link or otherwise navigate away from the Service, please be aware that these Terms will no longer govern. You should review the applicable terms and policies, including privacy and data gathering practices, of any web page, third-party content or service provider to which you navigate from the Service. You access and use third-party content at your own risk.

​

7.4With respect to Google services, our tools will only have rights to access your Google Analytics/Ads/YouTube data (depending on which service you are logging in to), and nothing else on your Google account. You can revoke Datalaksa’ right to access your data at any point from your Google account control panel (https://security.google.com/settings/security/permissions).

​

8. Modifications to the Service

​

You acknowledge that Datalaksa  may make modifications to the Service during the Term without prior notice to you; however, Datalaksa  will use reasonable efforts to notify you of any material changes to the Service in advance.  In the event of material changes to the Service, Datalaksa  may provide further instructions to you with respect to any actions required by you in order to continue access and use of the Service, if necessary.

​

9. Subcontractors

​

Datalaksa  may engage subcontractors to perform the Service under the Agreement, provided that Datalaksa  remains fully liable for any actions of such subcontractors. Notwithstanding the foregoing, Datalaksa  shall not be liable for the acts or omissions of any of its hosting service or data communication service providers.

​

10. Term and Termination

​

10.1 Your account and subscription of the Service remains in effect unless you terminate it or unless Datalaksa  terminates your account as provided by these Terms. Your account and subscription of the Service may, depending on your choice, be automatically renewable or valid for a fixed period. If your subscription is automatically renewable, your subscription to the Service will remain in effect and will be renewed automatically at the end of each subscription period unless you terminate your subscription or we terminate it.

​

If your subscription is made for a fixed period and/or not automatically renewable, your subscription will automatically terminate at the end of the agreed subscription period.

​

Upon the termination or expiration of the Agreement, you must immediately stop using the Service.

​

10.2 Datalaksa  may terminate this Agreement or terminate or suspend any Authorized User’s access or use of the Service in the following circumstances:

​

(a) If Customer’s or any Authorized User’s continued use of the Service or Custom Connector Service may, in Datalaksa ’ discretion, result in material harm to Datalaksa , its subcontractors, affiliates, or another customer of the Service, Datalaksa  may reasonably block or restrict Customer’s access to the Service or Custom Connector Service;.

​

(b) if Customer or any Authorized User has (i) submitted information to the Service in violation of applicable law; (ii) accessed Custom Connector Services for which Customer or any Authorized User has no rights or in violation of the terms of such services or (iii) otherwise used the Service in breach of these Terms, including the restrictions set forth in Section 6 above;

​

(c) any fees due by Customer remain unpaid fifteen (15) days after the applicable due date as set forth in the Agreement; or

​

(d) if Customer commits a material breach of its obligations under the Agreement and does not remedy such breach within thirty (30) days of receiving notice of breach from Datalaksa.

​

​

10.3 Either party may terminate the Agreement upon written notice to the other party if the other party enters into bankruptcy, becomes insolvent or makes an assignment for the benefit of creditors.

​

11. Feedback

​

Any feedback, comments, suggestions, ideas, or other information provided by you in the form of email or other submissions to us (collectively “Feedback”), are non-confidential and you hereby grant to us and our subcontractors and affiliates a nonexclusive, royalty-free, perpetual, irrevocable, and fully sublicensable right to use your Feedback for any purpose without compensation or attribution to you.

​

12. Trademarks

​

12.1 The “Datalaksa” name, the Datalaksa  logos, and any other product or service name or slogan contained on the Service are trademarks or registered trademarks of Datalaksa  and its suppliers or licensors, and may not be copied, imitated or used, in whole or in part, without the prior written permission of the applicable trademark owner. All other trademarks, registered trademarks, product names and company names or logos mentioned on the Service are the property of their respective owners. Reference to any products, services, processes or other information, by trade name, trademark, manufacturer, supplier or otherwise, does not constitute or imply endorsement, sponsorship, or recommendation thereof by us, or vice versa.

​

12.2 Datalaksa may use your company name(s) and logo(s) for marketing purposes, including on the Datalaksa website and in press releases, promotional and sales literature, customer/prospect presentations, and customers lists.

​

13. Ownership and intellectual property rights

​

13.1 As between you and Datalaksa, Datalaksa owns all right, title, and interest, including all intellectual property rights, in and to the Service, and any services available in connection with the Service. For the modifications you have made with Custom Connector, you shall have non-exclusive, royalty free, worldwide right to use any such modifications for the sole purpose of using the Service. Any intellectual property rights pertaining to the Custom Connector modifications shall belong to Datalaksa . Except for those rights expressly granted in these Terms, no other rights are granted, either express or implied, to you and all other rights are hereby reserved.

​

14. Confidential information

​

If we share non-public information about the Service with you, you must keep it confidential and use reasonable security measures to prevent unauthorized disclosure of or access to that information.

​

15. Privacy Policy and processing of data

​

15.1 Datalaksa  will process personal data as both 1) data controller; and 2) data processor on documented instructions from you as the data controller.

​

15.2 As a data controller, we process personal data about you when you sign up for the Service or when you otherwise provide personal information to us in the context of this Agreement. Our collection and use of this information, which we process as the data controller, is described in the Privacy Policy, available at datalaksa.com/privacy-policy.

​

15.3 As a data processor, we process such personal data which you have provided to us (including collected or generated through the use of the Service) for the purpose of providing the Service. This processing of personal data is governed by a separate Data Processing Agreement entered into between you and us in connection with your signing up for the Service.

​

16. Customer Data

​

16.1 Customer, its subsidiaries, affiliates and customers retain all rights pertaining to all data, personal data or other information that Customer, or another party on Customer’s behalf, provides to Datalaksa  for the purpose of providing the Service (“Customer Data”). Where permitted by Data Protection Laws, Datalaksa  may process Customer Data or other data derived from the operation of the Service: (i) to build or improve the quality of its services (data shall be in aggregated and anonymous form); (ii) to detect security incidents; (iii) to protect against fraudulent or illegal activity and (iv) to create public statistics, for example, to enable Customers to benchmark their performance against industry level statistics (data shall be in aggregated and anonymous form). In no event does the aggregated data include any personally identifiable information or company level data.

​

17. Disclaimer of Warranties

​

Your use of the service, including, without limitation, your use of any content accessible through the service and your interactions and dealings with any service users, is at your sole risk. Datalaksa  does not warrant uninterrupted use or operation of the service or your access to any content. No advice or information, whether oral or written, obtained by you from the service will create any warranty regarding datalaksa  that is not expressly stated in these terms.

​

Except for any express warranties included herein, we disclaim all warranties, to the maximum extent permitted by law, express or implied, with respect to the service, including any warranties of merchantability, non-infringement, or fitness for a particular purpose and we do not warrant the accuracy of any data provided in connection with the service, or that the service is free of bugs or errors.

​

18. Indemnification

​

18.1 Datalaksa  will defend, indemnify and hold harmless Customer from and against any costs, damages, expenses, and liabilities (including, but not limited to, reasonable attorneys’ fees) arising out of or in relation to third-party claims or actions arising out of or relating to infringement of a third party’s intellectual property rights due to Customer’s use of the Service, except to the extent such claims or actions arise out of or are related to (i) any modification or combination of the Service by Customer with any service not provided by Datalaksa ; (ii) any third-party programs, information, or data (including any Third-Party Services and Custom Connector Services); (iii) any access or use of the Services by Customer in violation of these Terms, including the restrictions set forth in Section 6; or (iv) any data, information, or content provided by Customer.

​

Datalaksa’s indemnification obligation in this Section only applies under the condition that Customer has notified Datalaksa  in writing of a claim or action within a reasonable time.

​

In case such third party claim is made or is likely to be made, Datalaksa  is responsible, at its own cost, for obtaining any necessary rights for Customer to continue to use the Service under the terms of the Agreement or replace or modify the infringing part of the Service to be non-infringing without decreasing functionality. If Datalaksa  is unable to replace or modify the infringing part, then Datalaksa  may terminate this Agreement upon written notice to Customer, in which case Customer shall be entitled, as its sole remedy, to a pro-rata refund in the amount of the unused portion of any prepaid fees for the terminated Service calculated as of the effective date of termination. Datalaksa  liability, and your sole remedy, for infringement of intellectual property rights in the Service shall be limited to this Section 18.1.

​

18.2 Customer will defend, indemnify and hold harmless Datalaksa  from and against any costs, damages, expenses, and liabilities (including, but not limited to, reasonable attorneys’ fees) arising out of or in relation to third-party claims or actions arising out of or relating to:

​

(a) any breach by Customer or any Authorized User of the restrictions set forth in Section 6 above;

 

(b) any violation of applicable law by Customer;

 

(c) any data, information, or content inputted into the Service or otherwise provided by Customer, including any actual or alleged infringement of third-party intellectual property rights or rights to privacy arising out of any such data, information,

or content, including Customer Data and Custom Connector Services;

 

(d) any of Customer’s products or services;

 

(e) any material breach by Customer of this Agreement; or

 

(f) any gross negligence, willful misconduct, or fraud by Customer.

​

19. Limitation of Liability

​

Neither party nor its suppliers or licensors will be liable for any indirect, incidental, special, consequential, or exemplary damages, including, without limitation, damages for loss of profits, goodwill, use, data, or other intangible losses (even if such party or any supplier or licensor has been advised of the possibility of these damages), arising out of this Agreement.

​

Datalaksa ’ maximum total liability towards the Customer and its Authorized Users for all claims under these Terms or otherwise in relation to the Service, whether in contract, tort, or otherwise, is limited to 100 EUR.

​

Any limitations of liability under this Section 19 shall not apply with respect breach of Section 14 (Confidential information) or in the event of gross negligence, willful misconduct, or fraud.

​

20. Governing law and dispute resolution

​

These Terms shall be governed and construed in accordance with the laws of Singapore, without giving effect to principles of conflicts of law or to the Convention on Contracts for the International Sale of Goods. Any dispute, controversy or claim arising out of or relating to this contract, or the breach, termination or validity thereof, shall be finally settled by arbitration in accordance with the Arbitration Rules of Singapore\ The number of arbitrators shall be one. The language of the arbitration shall be English.

​

21. Other terms

​

Neither party will be responsible for any failure or delay in the performance of its obligations under this Agreement (except for any payment obligations) due to causes beyond its reasonable control (a “Force Majeure Event”), which may include, without limitation, labor disputes, strikes, lockouts, shortages of or inability to obtain energy, raw materials or supplies, denial of service or other malicious attacks, telecommunications failure or degradation, pandemics, epidemics, public health emergencies, governmental orders and acts (including government-imposed travel restrictions and quarantines), material changes in law, war, terrorism, riot, or acts of God. A Force Majeure Event suffered by a subcontractor of a party shall also be considered a Force Majeure Event in relation to the party if the work to be performed under subcontracting cannot be done or acquired from another source without incurring unreasonable costs or significant loss of time.  Our failure to act in a particular circumstance does not waive our ability to act with respect to that circumstance or similar circumstances.

 

Any provision of these Terms that is found to be invalid, unlawful, or unenforceable will be severed from these Terms, and the remaining provisions of these Terms will continue to be in full force and effect. The section headings and titles in these Terms are for convenience only and have no legal or contractual effect.

​

Neither party may assign this Agreement.

​

Datalaksa  may change the content of this Agreement, subject to posting a notice of change in its web page.

​

During the term of the Agreement and for a period of twelve (12) months thereafter, the Customer shall not, without Datalaksa  prior written consent, directly or indirectly solicit, hire or employ any employee or individual independent contractor of Datalaksa  or its affiliated companies to become an employee or individual independent contractor of the Customer.

​

Any notices under or in relation to the Agreement shall be sent in accordance with the notice provisions in the Agreement.

​

By using the Service, you consent to receiving electronic communications from us. These communications may include notices about your account and information concerning or related to the Service.

​

ANNEX 1 | DATA PROCESSING AGREEMENT

​

1. Nature and purpose of the processing

​

This Data Processing Agreement (“DPA”) is an annex to and forms an inseparable part of the Agreement between the Customer or you and Datalaksa , regarding your use of our Services.

​

The agreed Service delivery may include processing of personal data by Datalaksa  and its subcontractors, on behalf of the Customer, within the scope described in the Agreement. The purpose of this DPA is to set the terms and conditions governing such processing by Datalaksa  on behalf of the Customer in compliance with the requirements set by the General Data Protection Regulation (EU) 2016/679 (“GDPR”) and other applicable data protection legislation, including the California Consumer Privacy Act of 2018 (“CCPA”) (collectively, “Data Privacy Laws”).

​

Datalaksa  may process personal data only on behalf of the Customer solely to the extent necessary for the provision of the Services set forth in the Agreement, and may not otherwise process or use personal data for purposes other than those set forth in this DPA or as reasonably instructed by the Customer in writing where such instructions are consistent with the terms of the Agreement. Datalaksa  may not sell the Customer’s personal data, as the term “sale” is defined under the CCPA. This DPA shall take precedence over conflicting provisions relating to processing of personal data in the Agreement, unless otherwise expressly stated in this DPA.

​

The parties acknowledge and agree that the Customer enters into this DPA on behalf of itself and on behalf of its affiliates which utilize the Services as defined in the Agreement (“Affiliates”), thereby establishing a separate DPA between Datalaksa  and each of the Customer Affiliates subject to the terms of this DPA. The Customer and Affiliates are jointly referred to as the “Customer”. Datalaksa  enters into this DPA on its own behalf and on behalf of those of Datalaksa ’ group companies that are involved in the processing of personal data under this DPA and the Agreement.

​

All references to “personal data”, “processing”, “data subject” and other terms defined in Data Privacy Laws and not expressly defined herein shall have the same meaning in this DPA as in Article 4 of the GDPR. When CCPA applies, these above mentioned terms shall have the same meaning as defined in the CCPA; “controller” shall mean “Business” and “processor or “data processor” shall mean “Service Provider”.

​

In the event that under the Agreement it is agreed that Datalaksa ’ cloud based service shall be delivered by a third-party provider (Amazon Web Services, Microsoft, Google or other) the parties acknowledge that any personal data processed within the cloud service shall be exclusively governed by the terms and conditions for the cloud service as stipulated and amended from time to time by the cloud service provider.

​

2. Term and termination of this DPA

​

This DPA shall become effective upon the Customer entering into the Agreement and shall remain in force during the validity of the Agreement and thereafter for as long as necessary for the finalization of the agreed processing of personal data.

​

3. Processing of your personal data

​

For the sake of clarity, it is noted that in relation to the personal data processed under this DPA, Datalaksa  acts as a data processor or second data processor (a so called sub-processor), and the Customer acts as a data controller or first data processor (to the extent Datalaksa  process personal data for which a customer of the Customer is considered controller).

​

The types of personal data and categories of data subjects may include the following depending on the service(s) Datalaksa  provides:

​

Categories of data subjects:

The personal data will concern the following categories of data subjects:

Customers or users (including prospective customer’s or user’s) of the Customer or Customer’s customers.

​

Types of personal data

• Online identifiers, such as cookie identifiers, internet protocol addresses and device identifiers; precise location data; client identifiers;

• Contact details, such as names, email addresses, phone numbers and addresses;

• Data relating to individuals provided to Datalaksa  via the Services by (or at the direction of) the Customer, including to create and collaborate on reports, graphs and charts;

• Event data and CRM data relating to individuals provided to Datalaksa  via the Services by (or at the direction of) the Customer, such as data about data subjects and the actions they take on or in relation to specific websites, apps, services or applications.

• Financial and transactional details such as accounting, sales, orders, invoices, payments and items purchased.

• Other personal data submitted to the Services by (or at the direction of) the Customer within the scope of the Agreement.

​

This DPA with the Agreement constitutes the instructions in accordance with which any such data is processed as per the date of entering into this DPA.

​

Datalaksa  shall not process the personal data provided to Datalaksa  via the Services by (or at the direction of) the Customer for any other purpose or otherwise deviate from the Customer’s instructions relating to the processing of personal data in any way, unless required to do so by the laws of the European Union or its member states to which Datalaksa  is subject, in which case Datalaksa  shall inform the Customer of that legal requirement before carrying out such processing (unless that law prohibits Datalaksa  from doing so).

​

In the event that Datalaksa  believes an instruction from the Customer is in breach of applicable data protection legislation or otherwise lacks instructions which, in Datalaksa  assessment, are necessary to perform the processing of personal data in accordance with this DPA or applicable data protection legislation, Datalaksa shall promptly inform the Customer thereof and await further necessary instructions.

​

4. Responsibilities of the Customer

​

The Customer is the owner of its personal data and is responsible for the accuracy, legality, integrity and content reliability of such personal data. Customer shall, in its use of the Services, process personal data in accordance with the requirements of applicable data protection legislation and Customer will ensure that its instructions for the processing of personal data shall comply with applicable data protection legislation. Customer is solely liable for its compliance with Data Privacy Laws in its use of the Services. Customer must provide a written notification to Datalaksa  without undue delay if it believes this DPA and Customer’s written instructions do not fulfil requirements of applicable Data Privacy Laws.

​

5. Assistance to the Customer

​

5.1 Datalaksa  will assist the Customer in ensuring compliance with their obligations under Article 32 (security of processing), Article 33 (notification of personal data breaches to supervisory authorities), Article 34 (communication of personal data breach to data subjects), Article 35 (data protection impact assessments) and Article 36 (prior consultation), taking into account the nature of processing and the information available to the Datalaksa . Any assistance by Datalaksa  outside the scope of the services agreed under the Agreement shall be charged by Datalaksa  at the then current rate applied by Datalaksa.

​

5.2 Datalaksa  shall, taking into account the nature of the processing, assist the Customer by appropriate technical or organisational measures, in the fulfilment of the Customer’s obligations to respond to data subject requests relating to their exercise of their rights under Data Privacy Laws. In this respect, Datalaksa  shall provide assistance only upon request by the Customer. Any request directed to Datalaksa  by a data subject shall be referred by Datalaksa  to the Customer without undue delay. Any assistance by processor outside the scope of the Services agreed under the Agreement shall be charged by Datalaksa  at the then current rate applied by Datalaksa.

​

5.3 Datalaksa  shall notify the Customer about any personal data breaches concerning the Customer’s personal data without undue delay after having become aware of such personal data breach. To the extent possible, the notification shall include the following information:

​

description of the nature of the personal data breach including where possible the categories and approximate number of data subjects and personal data records concerned;

the name and contact details of Datalaksa  data protection officer or other contacts where further information can be obtained;

description of the likely consequences of the personal data breach; and

description of the measures taken or proposed to be taken to address the personal data breach, including, where appropriate, measures to mitigate its possible adverse effects.

​

5.4 Where it is not possible for Datalaksa  to provide the information as indicated in Section 5.3 at the same time as the notification of the personal data breach, the information may be provided in phases without undue delay.

​

6. Confidentiality and security

​

6.1 Datalaksa  shall ensure that all persons authorized to process the personal data of the Customer are bound by an obligation of confidentiality with respect to such personal data, and only processes such personal data on instructions from the Customer, unless required to do so under applicable EU or EU member state law.

​

6.2 Datalaksa  shall implement appropriate technical and organizational measures to ensure a level of security appropriate to the risk of processing, taking into account the state of the art, the costs of implementation, and the nature, scope, context and purposes of processing. This shall include, inter alia as appropriate, measures to:

​

implement and maintain technical and organisational measures for safeguarding the confidentiality, integrity, availability and resilience of systems and services processing personal data;

restore the availability and access to personal data in a timely manner in the event of an incident;

regularly test, assess and evaluate the effectiveness of technical and organisational measures for ensuring the security of the processing; and

pseudonymize and/or encrypt personal data.

​

6.3 On request, Datalaksa  shall cooperate with the supervisory authority in the performance of its tasks and shall comply with decisions by the supervisory authority on security measures required to comply with the GDPR. If and to the extent the Customer or the supervisory authority instructs Datalaksa  to perform any measure, activity or action outside the scope of the Services agreed to under the Agreement, then such instruction shall be considered a request for additional services pursuant to the Agreement and additional fees may apply.

​​

7. Sub-processors and transfers to third countries

​

7.1 The Customer acknowledges that Datalaksa  needs to engage other processors for carrying out specific processing activities, and that Datalaksa  wishes to deliver standard services to its customers in a consistent, secure and efficient manner. Accordingly, the DPA shall constitute a general authorization by the Customer for Datalaksa ’ use of sub-processors. Datalaksa  shall ensure that sub-processors are bound by a written agreement that require them to provide at least the level of data protection required by Datalaksa  under this DPA. Datalaksa  shall inform the Customer of changes concerning its sub-processors, including the identity and location of new or replaced sub-processors. A list of sub-processors (including their name, country, processing activities and country/area where processing activities are carried out) is available at Datalaksa web page or other location as designated by Datalaksa  from time to time. Datalaksa  will notify the Customers by adding the name and above mentioned details of new and replacement sub-processors to the list prior to them starting sub-processing of personal data.

​

7.2 Where a sub-processor fails to fulfil its data protection obligation, Datalaksa shall remain fully liable to the Customer for the performance of that sub-processor’s obligations.

​

7.3 If the Customer has a reasonable objection to any new or replacement sub-processor, it shall notify Datalaksa  of such objection in writing within ten (10) days of the notification. In case the Customer objects to the use of a specific sub-processor, the parties shall enter into good faith negotiations on how to resolve the issue. In case the negotiations do not solve the issue and the Customer opposes Datalaksa ’ use of a specific sub-processor either party shall, for a justified reason and as a final remedy, be entitled to terminate the relevant Agreement on thirty days’ written notice.

​

7.4 Datalaksa  and its sub-processors may transfer or process personal data outside the EU/EEA area.

​

7.5 When transfer of personal data by Datalaksa  to a sub-processor outside the EU/EEA, is permitted as stated above, in case of any transfer Datalaksa  shall ensure that transfer is only made to (a) a country deemed by the Commission to have an adequate level of protection, (b) entities having entered into the EU Commission standard contractual clauses approved by the European Union concerning the transfer of personal data to outside the EU/EEA or provided other appropriate safeguards as described in Article 46 of the GDPR.

​

7.6 Subject to the above and subject to Datalaksa  keeping the Customer informed of any transfer of personal data outside the EU/EEA, the Customer gives its consent to the transfers and authorizes Datalaksa  to conclude processor to processor standard contractual clauses based on the European Commission Decision 2021/915 of 4 June 2021 to transfer Personal Data to processors located outside the EU/EEA.

​​

8. Retention of your data

​​

Datalaksa  has no obligation to store and Datalaksa  will not store any of Customer’s data after the termination of your account and/or subscription of the Service. Datalaksa will, at Customer’s election, promptly delete or return all personal data related to Customer’s account after the end of the provision of the Services relating to processing and delete existing copies unless applicable legislation requires storage of the personal data.

​

9. Audit

​

9.1 Datalaksa  shall upon the Customer’s request make available to the Customer all information necessary to demonstrate compliance with the obligations laid down in this DPA and the GDPR.

​

9.2 The Customer or an auditor authorized by the Customer (however, not a competitor of the Datalaksa ) is entitled to audit the activities pursuant to the DPA. The Parties shall agree on the time of the auditing and other details ahead of time and at latest 30 days before the inspection. The auditing shall be carried out in a way that does not impede the obligations of Datalaksa  or its subcontractors in regard to third parties. The representatives of the Customer and the auditor must sign conventional non-disclosure commitments. The Customer shall be responsible for its own and Datalaksa ’ expenses caused by the auditing. If notable defects are perceived during auditing, Datalaksa  shall be liable for the costs incurred from remediating said defects.

​

9.3. Provided that the parties have an applicable Non-Disclosure Agreement in place, Datalaksa  reserves the right to provide the Customer with a copy of a third-party certification or report in lieu of an onsite audit as described in 9.2 above. In the event the customer does not find all reasonably needed info from the report, then 9.2. will apply.