Service Terms and Conditions
Service
Terms and Conditions
PLEASE
READ THESE TERMS AND CONDITIONS OF USE CAREFULLY. THESE TERMS AND CONDITIONS OF
USE MAY HAVE CHANGED SINCE YOUR LAST VISIT TO THIS WEBSITE AND TO THE PRODUCTS.
YOU AGREE TO CHECK FOR UPDATES TO THESE TERMS AND CONDITIONS OF USE. BY USING
THIS WEBSITE OR THE PRODUCTS, YOU INDICATE YOUR ACCEPTANCE OF THESE TERMS AND
CONDITIONS OF USE. IF YOU DO NOT ACCEPT THESE TERMS AND CONDITIONS OF USE, THEN
YOU MAY NOT USE THIS WEBSITE OR THE PRODUCTS.
Requirements
to use LinkTrust
NO
PORNOGRAPHIC, ADULT ORIENTED, SEXUALLY EXPLICIT SITES OR CONTENT ALLOWED.
Customer may contact LinkTrust to arrange for LinkTrust to review questionable
campaigns for compliance prior to campaign launch. Campaigns will be deemed
acceptable to LinkTrust on a case by case basis. LinkTrust retains the right to
from time to time audit the campaigns and material Customers are distributing
through LinkTrust. If reviewed material is deemed to not meet the standards set
forth in this agreement, LinkTrust will request the Customer make changes to
bring the campaign and material into compliance. If Customer fails to make the
necessary changes LinkTrust is authorized to remove the campaign, materials or
terminate this agreement immediately, without liability to LinkTrust.
Customer
shall comply with the CAN-SPAM Act or other applicable International SPAM laws
for all campaigns, if Customer’s Affiliates are sending emails, then the
Affiliate must comply with the CAN-SPAM Act and other applicable International
SPAM laws when sending such emails with LinkTrust code in the email. If partner
or Affiliates are not in compliance as determined by LinkTrust, LinkTrust
reserves the right to terminate this agreement immediately, without liability
to LinkTrust. LinkTrust does not permit non-compliance with the Federal
CAN-SPAM Act or other international laws governing SPAM. If Customer’s domain
becomes ‘blacklisted’ and adversely affects LinkTrust and LinkTrust’s ability
to serve Customer, LinkTrust will take appropriate steps to assist the Customer
in finding a resolution. If the SPAM agency will not remove the Customer’s
domain and if a resolution cannot be found by the parties, Customer domain may
be required to be removed from LinkTrust’s IP space. If Customer does not
remove itself from LinkTrust’s IP space, then LinkTrust reserves the right to
terminate the Agreement (and Customer’s use of the Site and/or the Services)
immediately, without liability to LinkTrust.
Software
and Services
Rent,
Lease, or Transfer. Customer shall not and shall not permit any third
party to rent, lease, transfer or otherwise utilize rights to the Service or
the Software, other than Affiliates as contemplated by these Terms and
Conditions. Terms and Conditions.
Appropriate
Accounts: Customer shall not and shall not permit any third party to use
a single Partner Center account for multiple business entities, unless
specifically authorized by LinkTrust in writing. As a LinkTrust customer, you
may not sell, assign, or transfer your service or your rights or obligations
hereunder without the prior written consent of LinkTrust.
Reverse
Engineering: Customer shall not and shall not permit any third party to
translate, reverse engineer, decompile, recompile, update, modify, or create
derivative works based on the Service or the Software or any part of the
Software or merge the Software into any other software.
Ownership
of Materials: All patents, copyrights, circuit layouts, mask works, trade
secrets, and other proprietary rights in or related to the Software are and
will remain the exclusive property of LinkTrust, whether or not specifically
recognized or perfected under the laws of the jurisdiction in which the
Software is used or licensed. Customer will not take any action that jeopardizes
LinkTrust’s proprietary rights or acquire any right in the Software or the
Confidential Information, as defined herein. Unless otherwise agreed on a
case-by-case basis, LinkTrust will own all rights in any copy, translation,
modification, adaptation, or derivation of the Software or other items of
Confidential Information, including any improvement or development thereof.
Customer will obtain, at LinkTrust’s request, the execution of any instrument
that may be appropriate to assign these rights to LinkTrust or perfect these
rights in LinkTrust’s name.
Data
Storage and Ownership
Data
Storage. The Software and Customer Data will be hosted on LinkTrust servers,
unless otherwise agreed by the parties. LinkTrust does not warrant that
Customer use of the Services will be error-free or secure. In addition, the
security mechanisms implemented by LinkTrust have inherent limitations that are
out of the control of LinkTrust, and Customer must determine whether the
Services sufficiently meet Customer’s requirements. While LinkTrust shall make
every reasonable effort to protect and backup Customer and LinkTrust Data on a
regular basis, other than pursuant to the confidentiality obligations with
respect to Customer’s Confidential Information under the Agreement, LinkTrust
is not responsible for Customer Data residing on LinkTrust servers. Customer is
responsible for making and keeping current copies of Affiliates and their
related information. Customer is responsible for all use of Affiliates account
and confidentiality of Affiliate’s passwords and information.
Customer
Data: “Customer Data” consists of the following: (i) information input into the
LinkTrust interface by Customer or Affiliate, and (ii) user behavior on
Customer’s web site captured by the LinkTrust Service system on the Customer’s
behalf. LinkTrust agrees that Customer will own all Customer Data. LinkTrust
shall not use the Customer Data except directly in furtherance of the purposes
of this Agreement. LinkTrust shall not disclose the Customer Data to any third
party unless directed by Customer, unless (a) such disclosure is made by
LinkTrust in response to a court order, and provided that LinkTrust has given
Customer reasonable notice of such court order, or (b) is in aggregate
non-personally identifiable data. Upon Customer’s request, Customer is entitled
to, and LinkTrust will provide Customer, at Customer’s expense, all Customer
Data, in a format reasonably determined by LinkTrust.
LinkTrust’s
Data: Customer Data specifically does not include any information and/or
tracking methodologies generated by the LinkTrust system, regardless of whether
or not the information or tracking methodology was generated as a result of
Customer’s use of the LinkTrust system. All data that is not Customer Data
belongs to LinkTrust (collectively “LinkTrust’s Data”). Customer agrees that
LinkTrust owns all LinkTrust’s Data. Customer shall have a non-exclusive
license to use LinkTrust’s Data during the term of the Agreement only as
necessary to use the Services.
Term. This Agreement commences on the effective date specified in the Service Order and continues for the initial subscription term specified in the Service Order, unless this Agreement is terminated earlier in accordance with the terms of this Agreement. This Agreement automatically renews for additional successive terms as outlined in the original Service Order unless at least 30 days before the end of the then-current term either party provides written notice to the other party that it does not intend to renew.
Term and
Termination
The term of this Agreement shall commence upon the effective date of the Service Order, and shall continue for the term specified in the Sservice Order, unless terminated upon the breach of this Agreement or as otherwise provided herein. LinkTrust shall have the right to immediately terminate Customer's account if Customer is engaging in violation of this Agreement and the issue cannot be cured by the process set out in this Agreement. Such improper activity may include sending or encouraging emails in violation of CAN SPAM, Adult Content or DDOS. LinkTrust reserves the right to manage and monitor Customer and Affiliate activities through various mechanisms both internal and third party to ensure network and service safety and compliance.
Customer Right to Terminate: Upon written notice to LinkTrust, Customer shall have the right to terminate this Agreement without cause. In such event: LinkTrust shall discontinue its Services with respect to this Agreement. Customer shall be obligated to pay LinkTrust for any invoices as outlined in original Service Order.
Termination of Affiliates. Customer will immediately terminate any Affiliate from using LinkTrust after notification from LinkTrust of a violation, or in the case where Customer is in violation, Customer will cease activity that violates this Agreement. If activity is instigated by Customer’s Affiliate(s), then Customer has responsibility to work with Affiliate to cease activity and rectify the current issues. Customer understands that maintaining Customer’s network connection is of the utmost importance to LinkTrust, and Customer agrees that if Customer’s Affiliates or Customer jeopardizes LinkTrust’s network connection, and/or jeopardizes LinkTrust’s business in any way, that Customer’s account may be terminated by LinkTrust. LinkTrust will assist Customer in resolving issues with Affiliates prior to terminating Customer’s account. In addition, LinkTrust reserves the right to discontinue the Site login of any Affiliate that violates the CAN-SPAM Act or any other applicable International SPAM laws and to discontinue providing advertisements to such Affiliate, at any time as determined by LinkTrust in its sole discretion. If LinkTrust decides to take such action, LinkTrust shall promptly notify Customer of its decision in writing.
Branded
Platform Terms
Subject
to the terms and conditions herein, LinkTrust may grant Customer the right to
access and use a white-labeled version of the LinkTrust platform that is
branded by LinkTrust and Customer (the “Branded Platform”) using such Customer
trademarks, service marks, trade names, trade dress, logos, and other marks or
branding elements as designated by Customer from time to time (collectively,
the “Customer Marks”). Customer acknowledges and agrees that access to and use
of the Branded Platform may require the payment of additional fees. In addition
to the terms and conditions herein, access to and use of the Branded Platform
may require Customer to accept and abide by additional terms and conditions
applicable to such Branded Platform and any services offered on or through the
Branded Platform. If such additional terms and conditions are made available to
Customer in connection with the Branded Platform, those additional terms and
conditions also apply to Customer’s access to and use of the Branded Platform.
By
purchasing or otherwise obtaining the right to access and use the Branded
Platform, Customer hereby grants to LinkTrust a non-exclusive, royalty-free,
fully paid-up, worldwide right and license to use, reproduce, publish, display
and distribute the Customer Marks on or in connection with the Branded Platform
and related services. By designating any Customer Marks for use on or in
connection with the Branded Platform or any related services, or by otherwise
providing LinkTrust with access to any such Customer Marks, Customer represents
and warrants to LinkTrust that: (a) Customer has all the necessary rights, consents
and licenses to use the Customer Marks and to grant the foregoing license to
LinkTrust; and (b) the Customer Marks do not and will not violate any
applicable laws or infringe, misappropriate or otherwise violate any
intellectual property rights or other proprietary rights of any third party.
Subject
to Customer’s compliance with the terms and conditions herein, including the
payment of any applicable fees when due to LinkTrust, LinkTrust may grant
Customer the right to authorize or permit its Affiliates to access or use the
Branded Platform in accordance with the terms and conditions herein. In no
event shall Customer grant to its Affiliates any rights to the Branded Platform
that are broader than, or otherwise inconsistent with, the rights expressly
granted by LinkTrust to Customer hereunder. Prior to authorizing or permitting
any Customer Affiliate to access or use the Branded Platform, including any
content, functionality or services offered on or through the Branded Platform,
Customer shall enter into a written agreement with such Customer Affiliate
(each, an “Affiliate Agreement”) that requires each Customer Affiliate to
accept, agree and adhere to all of the terms and conditions set forth herein.
Each Affiliate Agreement shall also include terms that are at least as
protective of the rights and information of LinkTrust under the terms herein,
including, without limitation, provisions protecting LinkTrust’s intellectual
property that are at least as protective of LinkTrust’s proprietary interests in
the LinkTrust platform, software, products, and services as those set forth
herein, including appropriate restrictions on reverse engineering,
disassembling, and decompiling the LinkTrust platform, software, products and
services. In addition to and without limiting the foregoing,
Customer shall also include
the following required flow-down provisions in each Affiliate Agreement.
Customer shall not modify, or agree to any modifications to or waivers of, any
of the following provisions unless approved in writing by LinkTrust on a
case-by-case basis.
(1)
Affiliate
hereby consents to Customer’s disclosure of Affiliate data to LinkTrust LLC
(“LinkTrust”) and its affiliates, contractors and agents, and Customer’s and
LinkTrust’s, its affiliates’, contractors’ and agents’ use and processing of
Affiliate data, in connection with Affiliate’s access to and/or use of the
Branded Platform and any related services.
(2)
Affiliate
acknowledges and agrees that: (a) LinkTrust may generate, receive, maintain,
transmit and otherwise have access to technical, system, usage and related
information, including information about LinkTrust’s platform, software,
products and services, as well as Affiliate’s products, services, systems and
software, that is gathered periodically to facilitate the provision of the
Branded Platform and related services (collectively, “LinkTrust Service Data”);
and (b) LinkTrust may use LinkTrust Service Data to provide, maintain, protect
and improve the Branded Platform and other LinkTrust products and services and
to create and develop new products and services, subject to LinkTrust’s
compliance with applicable law. Notwithstanding anything to the contrary,
LinkTrust will own all right, title and interest in and to any products,
services and intellectual property and any derivatives thereof developed by or
on behalf of LinkTrust from any LinkTrust Service Data.
(3)
LinkTrust
provides no warranties, covenants or guarantees under or in connection with
this Affiliate Agreement, whether express, implied or statutory, all of which
are hereby disclaimed. Affiliate hereby forever releases and shall hold
harmless LinkTrust from and against any and all claims, suits, demands,
actions, proceedings, liabilities, damages, costs and expenses, of whatever
nature, arising out of or in connection with this Affiliate Agreement and/or
the performance of, or any failure to perform under, this Affiliate Agreement.
(4)
LinkTrust
is an intended third party beneficiary of this Affiliate Agreement with rights
to directly enforce the terms of this Affiliate Agreement.
Customer
shall be responsible and liable for the acts and omissions of each Customer
Affiliate and its employees, users, and agents to the same extent as if such
acts or omissions were by Customer, and Customer shall be responsible for all
fees and expenses payable to LinkTrust hereunder. Customer acknowledges and
agrees that any act or omission of its Affiliates or any of their
respective employees, users or agents in connection with their access to or use
of the Branded Platform and/or any related services, which act or omission
would constitute a breach of the terms herein if undertaken by Customer,
shall be considered a material breach by Customer hereunder. Customer
shall supervise the activities and performance of each Customer Affiliate and
shall be jointly and severally liable with each such Customer Affiliate for any
act or failure to act by such Customer Affiliate. If LinkTrust determines that
the performance or conduct of any Customer Affiliate is in violation of the
terms herein, LinkTrust may immediately suspend or terminate (as determined by
LinkTrust in its sole discretion) such Customer Affiliate’s right to access and
use the Branded Platform and any related services without any refund to
Customer or such Customer Affiliate, and without any penalty or liability whatsoever
to LinkTrust. Customer shall indemnify LinkTrust and its shareholders,
officers, members, managers, employees and agents for the acts and omissions of
all Customer Affiliates to the extent such acts or omissions would create
indemnification obligations for Customer hereunder if Customer would have
performed (or failed to perform) such acts or omissions.
Service
Level Agreement, Warranties and Liability
General
Warranties. LinkTrust warrants that it owns all rights, title, and
interest in and to the Software, or that in the case of any third party
software that it has the right to grant a sublicense to use such third party
software, that all Software shall substantially conform to the Functional
Specifications. LinkTrust further warrants that any Services provided by
LinkTrust under this Agreement shall be performed in a workmanlike manner and
in accordance with the prevailing professional standards of the software
industry. This warranty coverage shall include any modifications made to the
Software by LinkTrust. Such warranty shall extend for sixty (60) days from
acceptance and shall survive inspection, test, acceptance, use, and payment.
Operation
of Software. LinkTrust does not warrant that the operation of the
Software or the operation of the Software Products will be uninterrupted or
error free. Remedy. In the event of any breach of the warranties set
forth in this Agreement, LinkTrust’s sole and exclusive responsibility, and
Customer’s sole and exclusive remedy, shall be for LinkTrust to correct or
replace, at no additional charge to Customer, any portion of the Software or
Services found to be defective.
Warranty
Disclaimer
EXCEPT
AS SET FORTH HERE, LINKTRUST MAKES NO EXPRESS OR IMPLIED REPRESENTATIONS OR
WARRANTIES WITH RESPECT TO THE SOFTWARE, OR SERVICES OR THEIR CONDITION,
MERCHANTABILITY, FITNESS FOR ANY PARTICULAR PURPOSE OR USE BY PARTNER.
LINKTRUST FURNISHES THE ABOVE WARRANTIES IN LIEU OF ALL OTHER WARRANTIES,
EXPRESSED OR IMPLIED, INCLUDING THE WARRANTIES OF MERCHANTABILITY AND FITNESS
FOR A PARTICULAR PURPOSE.
Voiding
of Warranties. Any and all warranties and indemnifications shall be void
as to Services or Software where the non-compliance is caused by or related to
(1) the acts or omissions of non-LinkTrust personnel, its agents, or third
parties; (2) misuse, theft, vandalism, fire, water, or other peril; (3) any
alterations or modifications made to any Software by the Customer, it
representatives, or agents; (4) use of the Software other than in the operating
environment specified in the technical specifications; or (5) coding, information,
or specifications created or provided by Customer.
Customer
Warranties Authority. Customer represents and warrants to the LinkTrust
that Customer has all requisite power and authority to execute and deliver this
Agreement and to perform the Customer’s obligations hereunder. This Agreement
has been duly and validly executed and delivered by the Customer, and
constitutes a valid and binding obligation of the Customer, enforceable against
the Customer in accordance with its terms.
Conflict
with Other Agreements. Customer represents and warrants to the LinkTrust
that neither the execution and delivery of this Agreement by the Customer nor
the consummation by the Customer of the transactions contemplated by this
Agreement will (i) conflict with or violate any provision of the Certificate of
Incorporation or bylaws of the Customer; (ii) require on the part of the
Customer any filing with, or any permit, authorization, consent, or approval
of, any court, arbitration tribunal, administrative agency or commission, or
other governmental or regulatory authority or agency (a “Governmental Entity”);
(iii) conflict with, result in a breach of, constitute (with or without due
notice or lapse of time or both) a default under, result in the acceleration
of, create in any party the right to accelerate, terminate, modify, or cancel,
or require any notice, consent, or waiver under, any agreement, instrument,
contract, or arrangement to which the Customer is a party or by which the
Customer or any of its properties is bound; or (iv) violate any order, writ,
injunction, decree, law, statute, rule, or regulation applicable to the
Customer.
Financial Ability. Customer
represents and warrants to the LinkTrust that it presently has sufficient funds
and will have sufficient funds available to timely pay LinkTrust all amounts
due or that will come due under this Agreement.
European Data. If Customer’s
use of the Services involves the processing of data of individuals based in the
European Economic Area, Customer agrees to comply with the terms set forth in the
Data Processing Addendum attached as Schedule 1 hereto. The Data Processing
Addendum is hereby incorporated into this Agreement by reference. Customer warrants
and represents that it is solely responsible when using the Services for
complying with applicable data protection, security, and privacy laws and
regulations (including, where applicable, the EU General Data Protection
Regulation and the EU e-Privacy Directive/Regulation), including without
limitation, complying with any applicable notice and consent requirements.
DISCLAIMER
OF LIABILITY
BOTH
PARTIES SHALL NOT BE LIABLE FOR ANY (A) SPECIAL, INDIRECT, INCIDENTAL,
PUNITIVE, OR CONSEQUENTIAL DAMAGES, INCLUDING LOSS OF PROFITS, ARISING FROM OR
RELATED TO A BREACH OF THIS AGREEMENT OR ANY ORDER OR THE OPERATION OR USE OF
THE SOFTWARE AND SERVICES INCLUDING SUCH DAMAGES, WITHOUT LIMITATION, AS
DAMAGES ARISING FROM LOSS OF DATA OR PROGRAMMING, LOSS OF REVENUE OR PROFITS,
FAILURE TO REALIZE SAVINGS OR OTHER BENEFITS, DAMAGE TO EQUIPMENT, AND CLAIMS
AGAINST PARTNER BY ANY THIRD PERSON, EVEN IF BOTH PARTIES HAVE BEEN ADVISED OF
THE POSSIBILITY OF SUCH DAMAGES; (B) DAMAGES (REGARDLESS OF THEIR NATURE) FOR
ANY DELAY OR FAILURE BY BOTH PARTIES TO PERFORM THEIR OBLIGATIONS UNDER THIS
AGREEMENT DUE TO ANY CAUSE BEYOND LINKTRUST’S REASONABLE CONTROL; OR (C) CLAIMS
MADE A SUBJECT OF A LEGAL PROCEEDING AGAINST LINKTRUST MORE THAN TWO YEARS
AFTER ANY SUCH CAUSE OF ACTION FIRST AROSE.
LIMITATION
OF LIABILITY. NOTWITHSTANDING ANY OTHER PROVISION OF THIS AGREEMENT, BUT
EXCLUDING ANY CLAIMS FOR INDEMNIFICATION UNDER THIS AGREEMENT BOTH PARTIES
LIABILITIES
UNDER
THIS AGREEMENT, WHETHER UNDER CONTRACT LAW, TORT LAW, WARRANTY, OR OTHERWISE
SHALL BE LIMITED TO DIRECT DAMAGES NOT TO EXCEED THE AMOUNTS ACTUALLY RECEIVED
BY LINKTRUST UNDER THIS AGREEMENT.
Entire
Agreement. If any of the provisions of this Agreement shall be invalid or
unenforceable under the laws of the jurisdiction where enforcement is sought
whether on the basis of a court decision or of arbitral award applicable to the
entire Agreement, such invalidity or unenforceability shall not invalidate or
render unenforceable the entire Agreement but rather the entire Agreement shall
be construed as if not containing the particular invalid or unenforceable
provision or provisions and the rights and obligations of LinkTrust and
Customer shall be construed and enforced accordingly.
Events
of Default and Remedies. LinkTrust and Customer acknowledge and agree that the
following shall constitute events of default (“Events of Default”) and that the
occurrence of one (1) or more of such Events of Default shall constitute a
material breach of this Agreement, which shall allow a party, as applicable, to
seek the rights and remedies set forth in this Section:
Customer’s
failure to timely pay any undisputed amount owed to LinkTrust, provided that
such failure is not cured within fifteen (15) calendar days following receipt
of written notice of such failure; Customer’s breach of this agreement or if
Customer otherwise misuses the Software in contravention of this Agreement;
Rights and Remedies of LinkTrust upon Default of Customer.
Upon the
occurrence of an Event of Default by or with respect to Customer, LinkTrust
shall be entitled to any of the following remedies: terminate, in whole or in
part, this Agreement; and/or subject to the terms of Section 17, seek to
recover damages from Customer; and/or exercise the right of self-help.
Transition Rights Termination by Customer. In the event Customer terminates
this Agreement pursuant to the terms of this Agreement in whole or in part,
Customer shall provide to LinkTrust a written notice of transition (“Transition
Notice”), setting forth the target date on which Customer plans to cut-over
from LinkTrust’s system to a new system or otherwise not require the future
services of LinkTrust (the “Target Cut-Over Date”). At least thirty (30) days
prior to the actual cut-over date (“Actual Cut-Over Date”), Customer shall
provide LinkTrust with written notice of the Actual Cut-Over Date. LinkTrust
shall continue to provide to Customer all Services required by Customer
(“Transition Period”). Services provided by LinkTrust during the Transition
Period shall continue as necessary for an orderly transition to another system.
Patent
and Other Proprietary Rights Indemnification
All
information exchanged between the parties is confidential, as more fully set
forth below.
Confidential
Information. “Confidential Information” means any material, data, or
information in whatever form or media of a party to this Agreement that is
provided or disclosed to the other, except for any information that is: (a)
publicly available or later becomes available other than through a breach of
this Agreement; (b) known to the Receiving Party or its employees, agents, or
representatives prior to such disclosure or is independently developed by the
Receiving Party or its employees, agents, or representatives subsequent to such
disclosure; or (c) subsequently lawfully obtained by the Receiving Party or its
employees, agents, or representatives from a Third Party without obligations of
confidentiality.
Confidential
Information shall include the following categories of information whether
disclosed orally or not marked as confidential:
Written
Deliverables, network configurations, network architecture, Services rendered
by LinkTrust to Customer, financial and operational information, and other
matters relating to the operation of the parties’ business, including
information relating to actual or potential Customers and Customer lists,
Customer usage or requirements, business and Customer usage forecasts and
projections, accounting, finance or tax information, pricing information, and
any information relating to the corporate and/or operational structure of Customer
and its Affiliates, Software, Equipment, Deliverables, or Services rendered
under the Letter Agreement and any amendments thereto, any information
exchanged between the parties pursuant to the Nondisclosure Agreement, and all
information and materials relating to Third Party vendors, systems integrators,
or consultants of Customer that have provided or that may provide in the future
any part of Customer’s information or communications infrastructure to
Customer. The party that has received Confidential Information (the “Receiving
Party”) shall exercise the same degree of care and protection with respect to
the Confidential Information of the party that has disclosed Confidential
Information to the Receiving Party (the “Disclosing Party”) that it exercises
with respect to its own Confidential Information and shall not directly or
indirectly disclose, copy, distribute, republish, or allow any Third Party to
have access to any Confidential Information of the Disclosing Party.
Notwithstanding the above, LinkTrust may disclose Customer’s Confidential
Information to its employees and agents who have a need to know.
Ownership
of Intellectual Property: Pre-existing intellectual property and all
improvements thereto that LinkTrust uses in connection with performing the
Services, providing any Deliverables and performing any other Services
hereunder shall remain the sole and exclusive property of LinkTrust.
Any
Custom Programming, including all source code and materials developed by
LinkTrust, all intermediate and partial versions thereof, as well as all
specifications, program materials, flow charts, notes, outlines, and the like
created in connection therewith (collectively, “Custom Programming Materials”)
shall be the sole and exclusive property of LinkTrust. All written reports,
requirements documents (including newly created technical and non-technical
data embodied therein), specifications, program materials, flow charts, notes,
outlines, and the like that are developed, conceived, originated, prepared, or
generated by LinkTrust in connection with LinkTrust’s performance under this
Agreement including, without limitation, all copyright, trademark, trade
secret, and all other proprietary rights therein and derivative works created
therefrom (collectively, “Written Deliverables”), shall be the sole and
exclusive property of LinkTrust.
Such
ownership of Custom Programming Materials and Written Deliverables shall inure
to the benefit of LinkTrust from the date of the conception, creation, or
fixation of the Custom Programming Materials and Written Deliverables in a
tangible medium of expression, as applicable. Customer agrees to assist
LinkTrust in obtaining and enforcing all rights and other legal protections for
the Custom Programming Materials and Written Deliverables and to execute any
and all documents that LinkTrust may reasonably request in connection
therewith, including any copyright assignment document(s). LinkTrust shall
ensure that all Custom Programming Materials and Written Deliverables created
hereunder (including each page of any document produced) will be marked as
follows:
Confidential
and Proprietary © Copyright [20__/Year Developed] LinkTrust Technologies, LLC.
All Rights Reserved
Privileged
Information. LinkTrust shall keep and maintain all Privileged Information
in strict confidence and shall protect all such Privileged Information from
disclosure to third parties without the prior written consent of Customer, and
Customer shall keep and maintain all Privileged Information in strict
confidence and shall protect all such Privileged Information from disclosure to
third parties without the prior written consent of LinkTrust.
Residuals. LinkTrust
will not be precluded by this Agreement from rendering services or developing
work product that is competitive with, or functionally comparable to, the
services rendered and Deliverables provided hereunder. LinkTrust shall not be
restricted in its use of ideas, concepts, know-how, methodologies, and
techniques acquired or learned in the course of activities hereunder.
The
provisions of this Section shall not be construed to alter LinkTrust’s
obligations under any nondisclosure agreements between the parties.
Employee/Agent
Acknowledgment. LinkTrust and Customer shall not disclose Confidential
Information or Privileged Information to any of their employees, agents, or
representatives unless and until such employee, agent, or representative has
been made aware that his or her obligations under this Agreement are subject to
confidentiality.
Survival. The
terms of this Article shall survive the expiration or termination of this
Agreement.
International
Privacy Laws. In addition to the above, if any country where Services are
to be rendered under the Agreement has or enacts a data protection-related law
that requires the execution of a data export agreement, then LinkTrust shall,
upon Customer’s request, execute and cause any subcontractors to execute such
supplemental agreement promptly on such terms and conditions as shall be
mutually agreed.
Non-Competition.
Except as otherwise expressly provided in this Agreement, Customer shall
indemnify and defend LinkTrust, its directors, and its officers, and shall hold
such parties harmless from and against any and all claims, liabilities, damages
and expenses, including reasonable attorneys’ fees, arising from any third
party claim in connection with (a) any Customer supplied intellectual property,
(b) any Functional Specifications supplied by Customer, or (c) Customer’s
transaction of business through the use of any web page, website or service.
The provisions of this section shall not apply to any third party loss or
damage caused by LinkTrust’s gross negligence or willful misconduct.
Compliance
with Laws/ Changes in Laws. LinkTrust and Partner each shall comply with the
provision of all applicable federal, state, county and local laws, ordinances,
regulations, and codes [as of the date of this Agreement] including, but not
limited to, LinkTrust’s and Partner’s obligations as employers with regard to
the health, safety, and payment of its employees, and identification and
procurement of required permits, certificates, approvals, and inspections in
LinkTrust’s and Partner’s performance of this Agreement.
General
Indemnity
Indemnity. Subject
to the limitations contained in this Agreement, both parties agree to indemnify
and hold each other harmless, from any liabilities, penalties, demands, or
claims finally awarded (including the costs, expenses, and reasonable
attorney’s fees on account thereof) that may be made by any third party,
resulting from the indemnifying party’s gross negligence or willful acts or
omissions or those of persons furnished by the indemnifying party, its agents,
or subcontractors or resulting from use of the Software, Software Products,
and/or Services furnished hereunder.
Customer
agrees to defend LinkTrust, at LinkTrust’s request, against any such liability,
claim, or demand. Customer agrees to notify LinkTrust promptly of any written
claims or demands against the indemnified party for which the indemnifying
party is responsible hereunder. The foregoing indemnity shall be in addition to
any other indemnity obligations of LinkTrust or Customer set forth in this
Agreement.
Assumption
of Defense. If the indemnifying party fails to assume the defense of any
actual or threatened action covered within the earlier of (a) any deadline
established by a third party in a written demand or by a court, and (b) thirty
(30) days of notice of the claim, the indemnified party may follow such course
of action as it reasonably deems necessary to protect its interest and shall be
indemnified for all costs reasonably incurred in such course of action.
Obligations
that survive termination
The
parties recognize and agree that their obligations under this Agreement survive
the cancellation, termination, or expiration of this Agreement or the License
granted.
Amendments,
Modifications, or Supplements
Amendments,
modifications, or supplements to this Agreement shall be permitted, provided
all such changes shall be in writing signed by the authorized representatives
of both parties, and all such changes shall reference this Agreement and
identify the specific articles or sections of this Agreement or the particular
order that is amended, modified, or supplemented.
Governing
law and venue
The
validity, construction, interpretation, and performance of this Agreement shall
be governed by and construed in accordance with the domestic laws of the State
of Utah except as to its principals of conflicts of laws and the parties hereto
irrevocably submit to the exclusive jurisdiction and venue of the State and
Federal Courts of Utah to resolve any disputes arising hereunder or related
hereto. Jurisdiction.
The
parties hereto hereby (a) submit to the exclusive jurisdiction of any state or
federal court sitting in Utah for the purpose of any Action arising out of or
relating to this Agreement brought by any party hereto, and (b) irrevocably
waive, and agree not to assert by way of motion, defense, or otherwise, in any
such Action, any claim that it is not subject personally to the jurisdiction of
the above-named courts, that its property is exempt or immune from attachment
or execution, that the Action is brought in an inconvenient forum, that the
venue of the Action is improper, or that this Agreement may not be enforced in
or by any of the above-named courts.
Waiver
of breach
No
waiver of breach or failure to exercise any option, right, or privilege under
the terms of this Agreement or any order on any occasion or occasions shall be
construed to be a waiver of the same or any other option, right, or privilege
on any other occasion.
Waiver
of right to jury trial
THE
Customer HEREBY UNCONDITIONALLY WAIVES THEIR RESPECTIVE RIGHTS TO A JURY TRIAL
OF ANY CLAIM OR CAUSE OF ACTION ARISING DIRECTLY OR INDIRECTLY OUT OF, RELATED
TO, OR IN ANY WAY CONNECTED WITH THE PERFORMANCE OR BREACH OF THIS AGREEMENT,
AND/OR THE RELATIONSHIP THAT IS BEING ESTABLISHED AMONG THEM. The scope of this
waiver is intended to be all encompassing of any and all disputes that may be
filed in any court or other tribunal (including, without limitation, contract
claims, tort claims, breach of duty claims, and all other common law and
statutory claims).
THIS
WAIVER IS IRREVOCABLE, MEANING THAT IT MAY NOT BE MODIFIED EITHER ORALLY OR IN
WRITING, AND THE WAIVER SHALL APPLY TO ANY SUBSEQUENT AMENDMENTS, RENEWALS,
SUPPLEMENTS, OR MODIFICATIONS TO THIS AGREEMENT, AND RELATED DOCUMENTS, OR TO
ANY OTHER DOCUMENTS OR AGREEMENTS RELATING TO THIS TRANSACTION OR ANY RELATED
TRANSACTION. In the event of litigation, this Agreement may be filed as a
written consent to a trial by the court. Each of the parties hereto (a)
certifies that no representative, agent, or attorney of any other party has
represented, expressly or otherwise, that such other party would not, in the
event of litigation, seek to enforce that foregoing waiver, and (b)
acknowledges that it and the other parties hereto have been induced to enter
into this Agreement, as applicable, by, among other things, the mutual waivers
and certifications.
Force
Majeure
LinkTrust
shall not be responsible for any delay or failure in performance of any part of
this Agreement to the extent that such delay or failure is caused by fire,
flood, earthquake, explosion, war, embargo, government requirement, civil, or
military authority, act of God, terrorism, cyber-terrorism, act or omission of
carriers, or other similar causes beyond its control.
If any
such an event of force majeure occurs and such event continues for ninety (90)
days or more, the party delayed or unable to perform shall give immediate
notice to the other party, and the party affected by the other’s delay or
inability to perform may elect at its sole discretion to (a) terminate this
Agreement upon mutual agreement of the parties; (b) suspend such order for the
duration of the condition and obtain or sell elsewhere Software or Services
comparable to the Software or Services to have been obtained under this
Agreement; or (c) resume performance of such order once the condition ceases
with the option of the affected party to extend the period of this Agreement up
to the length of time the condition endured. Unless written notice is given
within thirty (30) days after the affected party is notified of the condition,
option (c) shall be deemed selected.
Covenant
of Good Faith
Each
Party agrees that, in its respective dealings with the other Party under or in
connection with this Agreement, it shall act in good faith.
Notices
All
notices, demands, or other communications herein provided to be given or that
may be given by any party to the other shall be deemed to have been duly given
when made in writing and delivered in person, or upon receipt, if deposited in
the United States mail, postage prepaid, certified mail, return receipt
requested, as follows:
Notices
to Customer will be sent to address included in signature document.
Notices
to LinkTrust: LinkTrust Technologies, LLC. 12884 S. Frontrunner Blvd. STE 140
Draper, UT 84020 Attn: Office Manager
With a
required copy to: Daniel F. Van Woerkom, Van Woerkom Law, PLLC 11038 N Highland
Blvd. #200 Highland, UT 84003, or to such address as the parties may provide to
each other in writing from time to time.
Background,
enumerations, and headings
The
“Background,” enumerations, and headings contained in this Agreement are for
convenience of reference only and are not intended to have any substantive
significance in interpreting this Agreement.
Incorporation
of Appendices and Exhibits
Any
appendices referred to in this Agreement and attached hereto are integral parts
of this Agreement and are incorporated herein by this reference.
Severability
If any
of the provisions of this Agreement shall be invalid or unenforceable under the
laws of the jurisdiction where enforcement is sought whether on the basis of a
court decision or of arbitral award applicable to the entire Agreement, such
invalidity or unenforceability shall not invalidate or render unenforceable the
entire Agreement but rather the entire Agreement shall be construed as if not
containing the particular invalid or unenforceable provision or provisions and
the rights and obligations of LinkTrust and Customer shall be construed and
enforced accordingly.
Counterparts
This
Agreement and any Appendix hereto, may be executed simultaneously in two (2) or
more counterparts, each of which will be considered an original, but all of
which together will constitute one and the same instrument.
Facsimile
or Electronic Execution
The
parties agree that transmission to the other party of this Agreement with its
facsimile signatures or e-signed signatures shall suffice to bind the party
transmitting same to this Agreement in the same manner as if an original
signature had been delivered. Without limitation of the foregoing, each party
who transmits this Agreement with its facsimile signature or e-signed signature
covenants to deliver the original thereof to the other party as soon as
possible thereafter if requested.
DOS
Protection
Upon
determination of an incident, LinkTrust will immediately reroute traffic
through its mitigation provider.
Patent and
Other Proprietary Rights Indemnification
Except
as otherwise expressly provided in this Agreement, Partner shall indemnify and
defend LinkTrust, its directors, and its officers, and shall hold such parties
harmless from and against any and all claims, liabilities, damages and
expenses, including reasonable attorneys’ fees, arising from any third party
claim in connection with (a) any Partner supplied intellectual property, (b)
any Functional Specifications supplied by Partner, or (c) Partner’s transaction
of business through the use of any web page, website or service. The provisions
of this Section 16 shall not apply to any third party loss or damage caused by
LinkTrust’s gross negligence or willful misconduct.
Definitions
Whenever
used in this Agreement, or additions to this Agreement, the following terms
shall have the meaning ascribed to them below. Other capitalized terms used in
this Agreement are defined in the context in which they are used and shall have
the meanings ascribed therein. The terms defined in this Schedule include the
plural as well as the singular.
Customer
Data shall mean
information
input into the Software interface by Customer, and
user
behavior on Customer’s web site captured by the Software on the Customer’s
behalf, all of which shall be stored on LinkTrust servers.
Affiliate(s)
or Affiliate Company shall mean those persons, entities, or companies that sign
up with Customer and use LinkTrust Services and/or newsletters in connection
with Customer’s business.
Documentation
means collectively:
all of
the written, printed, electronic, or other format materials published or
otherwise made available by LinkTrust that relate to the functional,
operational, and/or performance capabilities of the LinkTrust and/or any
Software;
all
user, operator, system administration, technical, support, and other manuals
and all other written, printed, electronic, or other format materials published
or otherwise made available by LinkTrust that describe the functional, operational,
and/or performance capabilities of the LinkTrust and/or any Software including
but not limited to the Functional Specifications and Software Acceptance Plan;
any
other Deliverable that is not Hardware or Software. Documentation shall not
include Source Code.
License(s)
shall mean any personal, nonexclusive, nontransferable, non-assignable license
or licenses for Customer’s internal use only granted by LinkTrust to Customer
to use the Software under this Agreement.
Privileged
Information shall mean information identified by Customer, Customer, or
LinkTrust as privileged.
Services
shall mean the work done by LinkTrust in support of the Software, including but
not limited to development services, installation services, training,
consulting, support, telephone support, and such other services.
Site
shall mean a Customer’s computer facility located in one specific geographic
location.
Software
means the aggregate of the Standard Software and the Custom Software including
all physical components that are provided by LinkTrust, including but not
limited to, magnetic media, job aids, templates, and other similar devices.
“Source
Code” means computer software in the form of source statements for the Software
(excluding all Third Party Software) including, without limitation, all
software in the form of electronic and printed human-readable, mnemonic or
English-like program listings, including printed and on-line descriptions of
the design of such software including, without limitation, data definition
models, indices, structure tables, system flow charts, program flow charts,
defined terms, file layouts, program narratives, global documentation
(including global variables) and program listings.
A
denial-of-service (DoS) attack is an attempt to make a computer resource
unavailable to its intended users. Although the means to, motives for, and
targets of a DoS attack may vary, it generally comprises the concerted,
malevolent efforts of a person or persons to prevent an Internet site or
service from functioning efficiently or at all, temporarily or indefinitely.
Schedule 1
Data Processing
Addendum
This Data Processing Addendum (“DPA” or
“Addendum”) forms part of the Service Terms and Conditions between you (“Customer”)
and LinkTrust LLC (“Processor”) (the “Agreement”) pursuant to which Processor
will provide the services set forth in the Agreement (the “Services”) to
Customer. Processor agrees to comply with the following provisions with respect
to any Personal Data Processed for Customer in connection with the provision of
the Services. References to the Agreement will be construed as including this
DPA. Any capitalized terms not defined herein shall have the respective
meanings given to them in the Agreement. Except as modified below, the terms of
the Agreement shall remain in full force and effect.
In consideration of the mutual obligations
set out herein, the parties hereby agree that the terms and conditions set out
below shall be added as an addendum to the Agreement.
1. DEFINITIONS
In this DPA, the following terms shall have
the meanings set out below:
“Affiliates” means any entity which is
controlled by, controls or is in common control with Processor.
“Customer” means the Customer that has
executed the Agreement.
“Customer Personal Data” means
Personal Data provided by Customer to Processor.
“Data Controller” means the entity
which determines the purposes and means of the Processing of Personal Data.
“Data Processor” means the entity
which Processes Personal Data on behalf of the Data Controller.
“Data Protection Laws” means the laws
and regulations of the European Union which are applicable to the Processing of
Personal Data under the Agreement, including without limitation the GDPR.
“Data Subject” means the individual to
whom Personal Data relates as defined by the GDPR.
“GDPR” means the General Data
Protection Regulation (GDPR), EU 2016/679.
“Personal Data” means any information
relating to an identified or identifiable person.
“Processing” means any operation or
set of operations which is performed upon Personal Data, whether or not by
automatic means, such as collection, recording, organization, storage,
adaptation or alteration, retrieval, consultation, use, disclosure by
transmission, dissemination or otherwise making available, alignment or
combination, blocking, erasure or destruction (“Process”, “Processes” and
“Processed” shall have the same meaning).
“Security Breach” has the meaning set
forth in Section 7 of this DPA.
“Sub-processor” means any Data
Processor engaged by Processor.
2. PROCESSING OF CUSTOMER PERSONAL DATA
2.1 The parties agree that with regard to the
Processing of Customer Personal Data, Customer is the Data Controller and
Processor is the Data Processor.
2.2 Customer shall, in its use or receipt of
the Services, process Customer Personal Data in accordance with the
requirements of the Data Protection Laws and Customer will ensure that its
instructions for the Processing
of Customer Personal Data comply with
the Data Protection Laws. Customer shall have sole responsibility for the
accuracy, quality, and legality of Customer Personal Data and the means by
which Customer obtained the Customer Personal Data.
2.3 During the Term of the
Agreement, Processor shall only Process Customer Personal Data on behalf of and
in accordance with the Agreement and Customer’s instructions. Customer
instructs Processor to Process Customer Personal Data for the following
purposes: (i) Processing in accordance with the Agreement and any applicable
orders; and (ii) Processing to comply with other reasonable instructions
provided by Customer where such instructions are consistent with the terms of
the Agreement.
2.4 The objective of
Processing of Customer Personal Data by Processor is the performance of the
Services pursuant to the Agreement. The types of Customer Personal Data to be
Processed by Processor include IP address, deviceID, userID, first name, last
name, email address, mailing address, and banking information (including account
number and routing information). The categories of Data Subjects Processed
under this DPA are Customer’s affiliates and advertisers.
3. RIGHTS OF DATA SUBJECTS
3.1 To the extent Customer,
in its use or receipt of the Services, does not have the ability to correct,
amend, restrict, block or delete Customer Personal Data, and/or as required by
the Data Protection Laws, Processor will use commercially reasonable efforts to
comply with reasonable requests by Customer to facilitate such actions to the extent
Processor is legally permitted to do so.
3.2 Processor shall, to the
extent legally permitted, promptly notify Customer if it receives a request
from a Data Subject for access to, correction, amendment, deletion of or
objection to the processing of that person’s Personal Data. Processor shall not
respond to any such Data Subject request without Customer’s prior written
consent except to confirm that the request relates to Customer. Processor shall
provide Customer with commercially reasonable cooperation and assistance in
relation to the handling of a Data Subject’s request, to the extent legally
permitted and to the extent Customer does not have access to such Customer
Personal Data through its use or receipt of the Services.
4. PROCESSOR PERSONNEL
4.1 Processor shall ensure
that its personnel engaged in the Processing of Customer Personal Data are
subject to obligations of confidentiality.
4.2 Processor shall ensure
that access to Customer Personal Data is limited to those personnel who require
such access to perform the Services.
5. SUB-PROCESSORS
5.1 Customer acknowledges
and agrees that (i) Processor Affiliates may be retained as Sub-processors; and
(ii) Processor may engage third-party Sub-processors in connection with the
provision of the Services. Any such Sub-processors will be permitted to obtain
Customer Personal Data only to deliver the Services Processor has retained them
to provide, and are prohibited from using Customer Personal Data for any other
purpose. Processor agrees that any agreement with a Sub-processor will include
substantially the same data protection obligations as set out in this DPA.
5.2 Processor may continue
to use those Sub-processors already engaged by Processor or any Processor
affiliate as at the date of this DPA.
5.3 Processor shall give
Customer prior written notice of the appointment of any new Sub-processor,
including full details of the Processing to be undertaken by the Sub-processor.
If, within 10 days of receipt of that notice, Customer notifies Processor in
writing of any objections (on reasonable grounds) to the proposed appointment,
Processor shall not appoint that proposed Sub-processor until reasonable steps
have been taken to address the objections raised by Customer and Customer has
been provided with a reasonable written explanation of the steps taken.
6. SECURITY; AUDIT RIGHTS;
DATA PROTECTION IMPACT ASSESSMENTS
6.1 Processor shall maintain
administrative, physical and technical safeguards for protection of the
security, confidentiality and integrity of Customer Personal Data.
6.2 No more than once per
year, Customer may engage a mutually agreed upon third party to audit Processor
solely for the purposes of meeting its audit requirements pursuant to the Data
Protection Laws. To request an audit, Customer must submit a detailed audit
plan at least four (4) weeks in advance of the proposed audit date describing the
proposed scope, duration, and start date of the audit. Audit requests must be
sent to support@linktrust.com. The audit must be conducted during regular
business hours, subject to Processor’s policies, and may not unreasonably
interfere with Processor’s business activities. Any audits are at Customer's
expense.
6.3 Any request for
Processor to provide assistance with an audit is considered a separate service
if such audit assistance requires the use of resources different from or in
addition to those required by law. Customer shall reimburse Processor for any
time spent for any such audit at the rates agreed to by the parties. All
reimbursement rates shall be reasonable, taking into account the resources
expended by Processor. Customer shall promptly notify Processor with
information regarding any non-compliance discovered during the course of an
audit.
6.4 Processor will
reasonably cooperate with Customer, at Customer’s expense, where Customer is
conducting a data protection impact assessment.
7. SECURITY BREACH
MANAGEMENT AND NOTIFICATION
7.1 If Processor becomes
aware of any unlawful access to any Customer Personal Data stored on
Processor’s equipment or in Processor’s facilities, or unauthorized access to
such equipment or facilities resulting in material loss, disclosure, or
alteration of Customer Personal Data (“Security Breach”), Processor will
promptly: (i) notify Customer of the Security Breach; (ii) investigate the
Security Breach and provide Customer with information about the Security Breach;
and (iii) take reasonable steps to mitigate the effects and to minimize any
damage resulting from the Security Breach.
7.2. Customer agrees that an
unsuccessful Security Breach attempt will not be subject to this Section. An
unsuccessful Security Breach attempt is one that results in no unauthorized
access to Customer Personal Data or to any of Processor’s equipment or facilities
storing Customer Personal Data, and may include, without limitation, pings and
other broadcast attacks on firewalls or edge servers, port scans, unsuccessful
log-on attempts, denial of service attacks, or similar incidents.
7.3. Notification(s) of
Security Breaches, if any, will be delivered to one or more of Customer’s
business, technical or administrative contacts by any means Processor selects,
including via email. It is Customer’s sole responsibility to ensure it
maintains accurate contact information on Processor’s support systems at all
times.
8. RETURN AND DELETION OF
CUSTOMER DATA
Processor shall return
Customer Personal Data to Customer, to the extent possible, and/or delete
Customer Personal Data in accordance with Processor’s data retention policies
which adhere to requirements of the Data Protection Laws, and in a manner
consistent with the terms of the Agreement. Data Retention Policy
9. STANDARD CONTRACTUAL
CLAUSES
Customer (as "data
exporter") and Processor (as "data importer") hereby enter into
the Standard Contractual Clauses attached as Exhibit 1 in respect of any
transfer of Customer Personal Data from the Customer to Processor.
10. PARTIES TO THIS DPA
Nothing in this DPA shall
confer any benefits or rights on any person or entity other than the parties to
this DPA.
11. SEVERANCE
Should any provision of this
DPA be invalid or unenforceable, then the remainder of this DPA shall remain
valid and in force. The invalid or unenforceable provision shall be either (i)
amended as necessary to ensure its validity and enforceability, while
preserving the parties’ intentions as closely as possible or, if this is not
possible, (ii) construed in a manner as if the invalid or unenforceable part
had never been contained therein.
Exhibit
1
Standard Contractual Clauses (processors)
Clause 1
Definitions
For
the purposes of the Clauses:
(a)
'personal
data', 'special categories of data', 'process/processing', 'controller',
'processor', 'data subject'
and 'supervisory authority' shall have
the same meaning as in Directive 95/46/EC of the European Parliament and of the
Council of 24
October 1995 on the
protection of individuals with regard to the processing of personal data and on
the free movement of
such data;
(b) '
the
data exporter'
means the controller who transfers the personal data;
(c)
'the
data importer'
means the processor who agrees to receive from the data
exporter personal data intended for
processing
on his behalf after the transfer in accordance with his instructions and the
terms of the Clauses and who is not
subject to a third country's system
ensuring adequate protection within the meaning of Article 25(1) of
Directive 95/46/EC;
(d)
'the
subprocessor'
means any processor engaged by the data importer or by any
other subprocessor of the data importer who agrees to receive from the data
importer or from any other subprocessor of the data importer personal data
exclusively intended for processing activities to be carried out on behalf of
the data exporter after the transfer in accordance with his instructions, the
terms of the Clauses and the terms of the written subcontract;
(e) 'the applicable data protection law'
means the legislation protecting the fundamental rights and freedoms of
individuals
and, in particular, their right to privacy with respect to the processing of
personal data applicable to a data controller in the Member State in which the
data exporter is established;
(f)
'technical
and organisational security measures'
means those measures aimed at
protecting personal data against
accidental
or unlawful destruction or accidental loss, alteration, unauthorised disclosure
or access, in particular where the
processing involves the transmission
of data over a network, and against all other unlawful forms of processing.
Clause 2
Details of the transfer
The details of the transfer and in particular the special
categories of personal data where applicable are specified in Appendix 1
which
forms an integral part of the Clauses.
Clause 3
Third-party beneficiary clause
1. The data subject can enforce against the
data exporter this Clause, Clause 4(b) to (i), Clause 5(a) to (e), and (g) to
(j), Clause 6(1) and (2), Clause 7, Clause 8(2), and Clauses 9 to 12 as
third-party beneficiary.
2. The data subject can enforce against the
data importer this Clause, Clause 5(a) to (e) and (g), Clause 6, Clause 7,
Clause 8(2), and Clauses 9 to 12, in cases where
the data exporter has factually disappeared or has ceased to exist in law
unless any successor entity has assumed the entire legal obligations of the
data exporter by contract or by operation of law, as a result of which it takes
on the rights and obligations of the data exporter, in which case the data subject
can enforce them against such entity.
3.
The data
subject can enforce against the subprocessor this Clause, Clause 5(a) to (e)
and (g), Clause 6, Clause 7,
Clause 8(2),
and Clauses 9 to 12, in cases where both the data exporter and the data
importer have factually disappeared or ceased to exist in law
or have
become insolvent,
unless any successor
entity has assumed the entire legal obligations of the data exporter by
contract or by operation of law as a result of which it takes on the rights and
obligations of the data exporter, in which case the data subject can enforce
them against such entity
. Such third-party liability of the subprocessor
shall be limited to its own processing operations under the Clauses.
4. The parties do not object to a data subject
being represented by an association or other body if the data subject so
expressly wishes and if permitted by national law.
Clause 4
Obligations of the data exporter
The data exporter agrees and warrants:
(a) that
the processing, including the transfer itself, of the personal data has been
and will continue to be carried out in
accordance
with the relevant provisions of the applicable data protection law (and, where
applicable, has been notified to
the relevant authorities of the Member
State where the data exporter is established) and does not violate the relevant
provisions of that State;
(b) that
it has instructed and throughout the duration of the personal data processing
services will instruct the data importer
to
process the personal data transferred only on the data exporter's behalf and in
accordance with the applicable data
protection law and the Clauses;
(c) that
the data importer will provide sufficient guarantees in respect of the
technical and organisational security measures specified in Appendix 2 to this
contract;
(d) that after assessment of the requirements
of the applicable data protection law, the security measures are appropriate to
protect
personal data against accidental or unlawful destruction or accidental loss,
alteration, unauthorised disclosure or
access,
in particular where the processing involves the transmission of data over a
network, and against all other unlawful forms of processing, and that these
measures ensure a level of security appropriate to the risks presented by the
processing
and the nature of the data to be protected having regard to
the state of the art and the cost of their implementation;
(e) that it will ensure compliance with the
security measures;
(f) that, if the transfer involves special
categories of data, the data subject has been informed or will be informed
before, or as
soon
as possible after, the transfer that its data could be transmitted to a third
country not providing adequate protection within the meaning of Directive
95/46/EC;
(g)
to forward any
notification received from the data importer or any subprocessor pursuant to
Clause 5(b) and Clause 8(3) to the data protection
supervisory authority
if the data exporter decides to continue the transfer or to lift the
suspension;
(h) to make available to the data subjects
upon request a copy of the Clauses, with the exception of
Appendix
2, and a summary description of the security measures
, as well as a copy
of any contract for subprocessing services which has to be made in accordance
with the Clauses, unless the Clauses or the contract contain commercial
information, in which case it may remove such commercial information;
(i) that,
in the event of subprocessing, the processing activity is carried out in
accordance with Clause 11 by a subprocessor providing at least the same level
of protection for the personal data and the rights of data subject as the data
importer under the Clauses; and
(j) that
it will ensure compliance with Clause 4(a) to (i).
Clause 5
Obligations of the data importer
The data importer agrees and warrants:
(a) to process the personal data only on behalf
of the data exporter and in compliance with its instructions and the Clauses;
if
it
cannot provide such compliance for whatever reasons, it agrees to inform
promptly the data exporter of its inability to comply, in which case the data
exporter is entitled to suspend the transfer of data and/or terminate the
contract;
(b) that
it has no reason to believe that the legislation applicable to it prevents it
from fulfilling the instructions received
from
the data exporter and its obligations under the contract and that in the event
of a change in this legislation which is
likely to have a substantial adverse effect on the warranties and
obligations provided by the Clauses, it will promptly notify the change to the
data exporter as soon as it is aware, in which case the data exporter is
entitled to suspend the
transfer of data and/or terminate the contract;
(c) that
it has implemented the technical and organisational security measures specified
in Appendix 2 before processing the personal data transferred;
(d) that
it will promptly notify the data exporter about:
(i) any
legally binding request for disclosure of the personal data by a law
enforcement authority unless otherwise prohibited, such as a prohibition under
criminal law to preserve the confidentiality of a law enforcement
investigation,
(ii) any
accidental or unauthorised access, and
(iii) any
request received directly from the data subjects without responding to that
request, unless it has been otherwise authorised to do so;
(e) to
deal promptly and properly with all inquiries from the data exporter relating
to its processing of the personal data
subject
to the transfer and to abide by the advice of the supervisory authority with
regard to the processing of the data
transferred;
(f) at the request of the data exporter to
submit its data processing facilities for audit of the processing activities
covered by the Clauses which shall be carried out by the data exporter or an
inspection body composed of independent members and in possession of the
required professional qualifications bound by a duty of confidentiality,
selected by the data exporter,
where applicable, in agreement with the
supervisory authority;
(g) to make available to the data subject upon
request a copy of the Clauses, or any existing contract for subprocessing,
unless the Clauses or contract contain commercial information, in which case it
may remove such commercial information, with the exception of Appendix 2 which
shall be replaced by a summary description of the security measures in those
cases where the data
subject is unable to obtain a copy from the
data exporter;
(h) that, in the event of subprocessing, it
has previously informed the data exporter and obtained
its prior written consent;
(i) that
the
processing services by the subprocessor will be carried out in accordance with
Clause 11
;
(j) to send promptly a copy of any
subprocessor agreement it concludes under the Clauses to the data exporter.
Clause 6
Liability
1. The parties agree
that any data subject, who has suffered damage as a result of any breach of the
obligations
referredto inClause 3 or in Clause 11 by any
party or subprocessor is entitled to receive compensation from the data
exporter for the damage suffered.
2.
If a
data subject is not able to bring a claim for compensation in accordance with
paragraph 1 against the data exporter, arising out of a breach by the data
importer or his subprocessor of any of their obligations referred to in Clause
3 or in Clause 11, because the data exporter has factually disappeared or
ceased to exist in law or has become insolvent,
the data importer agrees that the data subject may issue a claim against the
data
importer as if it were the data exporter,
unless any successor entity has assumed the entire legal obligations of
the data exporter by contract of by operation of law, in which case the data
subject can enforce its rights against such entity.
The data importer may not rely on a
breach by a subprocessor of its obligations in order to avoid its own
liabilities.
3.
If a
data subject is not able to bring a claim against the data exporter or the data
importer referred to in paragraphs 1 and 2, arising out of a breach by the
subprocessor of any of their obligations referred to in Clause 3 or in Clause
11 because both the data exporter and the data importer have factually
disappeared or
ceased to exist in
law or have become insolvent, the subprocessor agrees that the data subject may
issue a claim against the data subprocessor
with regard to its own processing operations under the Clauses
as if it were the data exporter or the data importer,
unless any successor entity has assumed the entire legal obligations of
the data exporter or data importer by contract or by operation of law, in which
case the data subject can enforce its rights against such entity.
The
liability of the subprocessor shall be limited to its own processing operations
under the Clauses.
Clause 7
Mediation and jurisdiction
1. The data importer agrees that if the data
subject invokes against it third-party beneficiary rights and/or claims
compensation for damages under the Clauses, the data importer will accept the
decision of the data subject:
(a) to
refer the dispute to mediation, by an independent person or, where applicable,
by the supervisory authority;
(b) to
refer the dispute to the courts in the Member State in which the data exporter
is established.
2. The parties agree
that the choice made by the data subject will not prejudice its substantive or
procedural rights to seek
remedies in accordance with other provisions
of national or international law.
Clause 8
Cooperation with supervisory authorities
1. The data exporter agrees to deposit a copy
of this contract with the supervisory authority if it so requests or if such
deposit is required under the applicable data protection
law.
2. The parties agree
that the supervisory authority has the right to conduct an audit of the data
importer, and of any subprocessor, which has the same
scope and is subject
to the same conditions as would apply to an audit of the data exporter under
the applicable data protection law.
3. The data importer shall promptly inform the
data exporter about the existence of legislation applicable to it or any
subprocessor preventing the conduct of an audit of the data importer, or any
subprocessor, pursuant to paragraph 2. In such a case the data exporter shall
be entitled to take the measures foreseen in Clause 5 (b).
Clause 9
Governing Law
The
Clauses shall be governed by the law of the Member State in which the data
exporter is established.
Clause 10
Variation of the contract
The parties undertake not to vary or modify the Clauses. This
does not preclude the parties from adding clauses on business related issues
where required as long as they do not contradict the Clause.
Clause
11
Subprocessing
1. The data importer shall not subcontract any
of its processing operations performed on behalf of the data exporter under the
Clauses without the prior written consent of the data exporter. Where the data
importer subcontracts its obligations under the Clauses, with the consent of
the data exporter, it shall do so only by way of a written agreement with the
subprocessor which imposes the same obligations on the subprocessor as are
imposed on the data importer under the Clauses. Where the subprocessor fails to
fulfil its data protection obligations under such written agreement the data
importer shall remain fully liable to the data exporter for the performance of
the subprocessor's obligations under such agreement.
2. The prior written contract between the data
importer and the subprocessor shall also provide for a third-party beneficiary
clause as laid down in Clause 3 for cases where the data subject is not able to
bring the claim for compensation referred to in paragraph 1 of Clause 6 against
the data exporter or the data importer because they have factually disappeared
or have ceased to exist in law or have become insolvent
and no successor entity has assumed the entire legal obligations of the
data exporter or data importer by contract or by operation of law.
Such
third-party liability of the subprocessor shall be limited to its own
processing operations under the Clauses.
3. The provisions relating to data protection
aspects for subprocessing of the contract referred to in paragraph 1 shall be
governed by the law of the
Member State in which
the data exporter is established.
4. The data exporter
shall keep a list of subprocessing agreements concluded under the Clauses and
notified by the data importer pursuant to Clause 5 (j), which shall be updated
at least once a year. The list shall be available to the data exporter's data
protection supervisory authority.
Clause 12
Obligation after the termination of personal data
processing services
1. The parties agree that on the termination
of the provision of data processing services, the data importer and the
subprocessor shall, at the choice of the data exporter, return all the personal
data transferred and the copies thereof to the data exporter or shall destroy
all the personal data and certify to the data
exporter that it has done so, unless legislation imposed upon the data importer
prevents it from returning or destroying all or part of the personal
data transferred. In that case, the data importer warrants
that it will guarantee the confidentiality of the
personal data transferred and will not actively process the personal data
transferred
anymore.
2. The data importer and the subprocessor
warrant that upon request of the data exporter and/or of the supervisory
authority, it will submit its data processing facilities for an audit of the
measures referred to in paragraph 1.
Appendix 1 to the Standard Contractual Clauses
This Appendix forms part of the Clauses and
must be completed and signed by the parties.
The Member States may complete or specify,
according to their national procedures, any additional necessary information to
be contained in this Appendix.
Data exporter
The data exporter is (please specify briefly
your activities relevant to the transfer):
Customer who is making use of LinkTrust’s
affiliate and performance marketing software.
Data importer
The data importer is (please specify briefly
activities relevant to the transfer):
LinkTrust LLC, a provider of affiliate and
performance marketing software.
Data subjects
The personal data transferred concern the
following categories of data subjects (please specify):
Customer’s affiliates and advertisers.
Categories of data
The personal data transferred concern the
following categories of data (please specify):
IP address, deviceID, userID, first name, last name,
email address, mailing address, and banking information (including account
number and routing information).
Special categories of data (if
appropriate)
The personal data transferred concern the
following special categories of data (please specify):
None.
Processing operations
The personal data transferred will be subject
to the following basic processing activities (please specify):
The provision of the services by LinkTrust to
Customer under the Agreement.
Appendix 2 to the Standard Contractual Clauses
Description of the technical and
organisational security measures implemented by the data importer in accordance
with Clauses 4(d) and 5(c) (or document/legislation attached):
Description of Technical and
Organizational Security Measures
LinkTrust implements the
technical and organizational security measures described below in respect of
personal data that it processes:
·
Information
security policy:
LinkTrust maintains a written information security policy that specifies the
security standards it applies to protect the personal data it processes in
accordance with these Clauses. The information security policy mandates the
use of appropriate technical and organizational security measures throughout
LinkTrust's organization to protect personal data against unauthorized and
unlawful processing and against accidental loss, damage or destruction.
·
Data
Protection:
LinkTrust has appointed an employee with responsibility for ensuring the
security of personal data processed by LinkTrust throughout its organization
and for reviewing, maintaining and updating LinkTrust's information security
policy in accordance with best industry practice.
·
Physical
security:
Access to data processing facilities, including server rooms, offices, rooms
and facilities is restricted to duly authorized employees and contractors who
have been issued with security badges.
·
Firewall
and anti-virus:
LinkTrust
has implemented appropriate firewall, anti-virus, anti-spyware and other
anti-malware software and technologies on applicable networks and systems it
uses to process personal data.
·
Encryption:
LinkTrust has
implemented appropriate cryptographic controls according to the risk associated
with the information and systems being protected.
·
Asset
management:
LinkTrust has implemented processes for asset management, including how IT
identifies, tracks, tags, and maintains IT assets, including recordkeeping
procedures for user requests.
·
Access
controls:
LinkTrust has implemented technical access controls that restrict access to
personal data it processes to duly authorized employees and contractors only.
·
Usernames
/ passwords:
Access
to personal data will be controlled through access privileges (described
above), usernames and confidential passwords.
·
Back-up:
LinkTrust will make
regular back-ups of the personal data that it processes. Data back-ups will be
stored securely at an offsite location and will be available for data
restoration.
Copyright ©2019 LinkTrust Technologies. All Rights Reserved