-
Preamble
-
These Terms and Conditions (hereinafter “T&C”) apply to the use of the DAR Lean
Platform
available via
the address https://app.darlean.com and as an app
from
DAR TECH Limited, Kyriakou Matsi 46, Apt 101,
1082, Nicosia, Cyprus (hereinafter “DAR TECH”) including all Services, videos,
recordings,
sounds, texts,
graphics and other materials sent, received, stored or otherwise displayed on the DAR Lean
Platform.
These T&C create a legal agreement between DAR TECH and each User of the DAR Lean
Platform
and/or Services.
- By accessing or using the DAR Lean Platform and/or Services, the User automatically agrees to
the T&C,
whether or not the User has entered into a separate contract with DAR TECH. If the User does not
agree
to the T&C in full, he/she is prohibited from accessing the DAR Lean Platform and Services
and using the
content and services offered there.
- To use the DAR Lean Platform, App and Services, the User must be 18 years old and an
Entrepreneur or
Business Owner. Contracts are not concluded with consumers.
- The User expressly acknowledges that DAR TECH already objects to all deviating regulations in
any order
or in other business documents of the User.
- IMPORTANT NOTICE – This T&C requires the use of arbitration on an individual basis to
resolve
disputes between any User and DAR TECH, rather than jury trials or class actions. Please read
Section 10.6 for further details.
-
Definitions
- The definitions used in this T&C refer exclusively to this T&C and do not affect the
definitions in DAR
TECH's Privacy Statement or other documents. In this T&C, unless otherwise expressly
stated in the text,
the following terms shall have the meanings given below:
- DAR Lean Platform or Platform: the DAR Lean
cloud-based internet platform operated by DAR
TECH under the web address https://app.darlean.com, which allows Users to
organize and manage
operational processes as well as teamwork, including, inter alia, productivity tools,
processes,
planning, HR management and reporting.
- DAR Lean App or App: DAR TECH also offers the DAR Lean
Services as an app available via an
external app store.
- User: a legal or natural person who uses the Platform and Services of
DAR TECH, regardless of
whether the User has registered or there is a contractual relationship between the
Contracting Parties.
- Entrepreneurs or Business Owners: natural or legal
persons or partnerships with legal capacity who
run a business. Businesses are any permanent organizations of independent economic
activity, even
if they are not profit-oriented. Consumers are not Entrepreneurs/Business Owners.
- Contracting Party/Parties or Party/Parties: This is
understood to mean DAR TECH and the User
individually or jointly. This applies irrespective of whether a contractual relationship
has already been
established between the User and DAR TECH or not.
- User’s Personal Account or Personal Account: a set of
protected Platform pages created as a
result of the User’s registration, using which the User is able to access the
functionality of the DAR
Lean Services, allowing the User to manage settings, edit the account, and perform other
actions
necessary to implement the functionality of the DAR Lean Services within the authority
granted to him.
- Administrator: a person authorised by the User to manage the
administrative panel in the User’s
Personal Account, responsible for managing the settings, editing the account, and
performing actions necessary for the use of the DAR Lean Services within the limits of
his authority.
- Privacy Statement: a document, as amended and supplemented, which
defines the procedure and
conditions for the collection, use, storage, processing, protection, and privacy of the
User’s data,
including Personal Data, which forms an integral part of these T&C, and which is
available at: https://darlean.com/en/policy.
- Referral Link: a link to the Platform provided to the User by the
Administrator to register and make
changes to the account by filling out the form in the User’s Personal Account.
- DAR Lean Services or Services: the services and tools
available to Users through the Platform and
the App.
- General Data Protection Regulation (GDPR): EU-General Data Protection
Regulation or GDPR
means Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April
2016 on
the protection of individuals with regard to the processing of personal data, on the
free movement of
such data and repealing Directive 95/46/EC as last published.
- Personal Data: any information relating to an identified or
identifiable natural person (“Data
Subject”); an identifiable natural person is one who can be identified, directly or
indirectly, in particular
by reference to an identifier such as a name, an identification number, location data,
an online
identifier or to one or more factors specific to the physical, physiological, genetic,
mental, economic,
cultural or social identity of that natural person.
-
TERMS OF USE
- DAR TECH shall grant the User, under the T&C, the right to use the DAR Lean Platform and DAR
Lean
App as well as the additional Services available therein.
- The DAR Lean Platform and DAR Lean App is a fee-based online platform of DAR TECH that offers
various DAR Lean Services. In order to use the DAR Lean Services on the Platform and DAR Lean
App,
Users must meet certain technical requirements, and under certain circumstances, pay a fee for a
certain
duration, and the User shall pay DAR TECH any such applicable fee as provided in Sections 5 and
6. A
separate contract between DAR TECH and the User will be concluded when the use of the DAR Lean
Services starts. The conditions in these T&Cs apply to all contracts between DAR TECH and
the Users as
well as to any use of the DAR Lean Services. Any deviating agreements must be recorded in
writing.
- The functionality, interface, and any Services provided on the Platform and DAR Lean App,
including any
Services, may be modified, supplemented, and updated, and may change the form and nature of the
Platform’s or Services’ functionality at any time without prior notice to the User, and
therefore, their use is
offered on an “as is” basis, that is, in the form and volume in which DAR TECH provides them at
the time
of the User’s request. DAR TECH shall have the right, at its sole discretion, to terminate
(temporarily or
permanently, in whole or in separate territories, to Users of all or certain categories, or
models of devices
and (or) operating systems, software products), the provision of support for the DAR Lean
Services, its
parts, and (or) individual Services (or any individual functions within the Services) to all
Users in general or
an individual User, in particular, without prior notice.
- DAR TECH shall have the right to restrict or prohibit (temporarily or permanently) the User’s
access to the
DAR Lean Platform, App and/or Services to its functionality, if the User has violated ethical
standards both
in relation to employees of DAR TECH and other Users or has violated any provisions of these
T&C.
- Information content of the Platform and DAR Lean App, changes in the design of the Platform and DAR
Lean App, and changes in the prices of the fees may be made by DAR TECH without prior notice to the
Users.
- After successful registration, the User shall gain access to the User’s Personal Account and be able to use
the functionalities of the Platform.
- DAR TECH may at any time, at its sole discretion and without prior notice to the User, transfer
all or part of its rights and obligations arising from these T&C and other legal documents
applicable to the legal relations between the Parties to any third party.
- The User shall use the DAR Lean Services and the User’s Personal Account in good faith, without
violating any laws, any rights or freedoms of any person (including third parties), and the
standards of morality and ethics.
- If the User has a claim against another User in connection with the latter’s use of the
Platform,
the User shall address the claim directly to that User and settle the claim independently and
without the involvement of DAR TECH.
- If the User violates the T&C, the law, standards of morality and ethics, or technical
requirements or fails to meet its payment obligation, DAR TECH shall have the right to suspend,
block, or delete the User’s Personal Account, prohibit, or restrict access to some or all of the
functions of the DAR Lean Services using the User’s Personal Account.
- The User guarantees that all claims of rights holders/authors/contractors arising from the use
of the DAR Lean Services information by the User in contradiction with these T&C shall be
settled
independently by the User, at his own expense. If DAR TECH receives claims from third parties
regarding illegal use of the intellectual property on the DAR Lean Platform and DAR Lean App,
the
User agrees to compensate all losses of DAR TECH incurred as a result of such claims, and DAR
TECH
also reserves the right to unilaterally terminate these T&C as between the Parties by deleting
the
User’s profile.
-
REGISTRATION CONDITIONS
- DAR TECH shall provide the User access to information relating to the DAR Lean Services before
the User’s registration. The prerequisite for the conclusion of a contract is the registration
of
the User or Administrator on the DAR Lean Platform and DAR Lean App. The User shall have the
right
to use the DAR Lean Services after registering in his personal account and entering into these
T&C.
- By completing registration on the DAR Lean Platform, the User makes a binding offer to conclude
a contract. The User and/or Administrator also confirm that all information provided by him/her
during registration is true and complete. He/she is obliged to inform DAR TECH immediately of
any
change in the registration data. DAR TECH may accept this offer by activating the Personal
Account
for the User’s use of the DAR Lean Services. With the acceptance of the offer, the contract
between
the Parties is concluded in the form of these T&C.
- If an Administrator uses the DAR Lean Services on behalf of a legal entity User, he/she shall
(and hereby does) confirm his/her authority to act on behalf of that legal entity User, and such
Administrator shall accept these T&C on behalf of such User.
- The date of the Agreement between the Parties shall be deemed to be the date of successful
registration of the Administrator and/or User on the Platform or App, subject to the available
functionality.
- Then the Administrator shall register the Users on behalf of a legal entity by successively
having the User carry out all of the following specific actions:
- clicking on the Referral Link provided to the User by the Administrator. By such
clicking,
the User confirms his/her intention to use the Platform’s or App Services.
- reading and accepting the T&C, reading the Privacy Statement and successfully
registering
on the Platform or App.
- After registering, the User is given access to the User’s Personal Account using the email
address or subscriber phone number, and a password is set up. When registering, the User
specifies
a subscriber phone number. Further use of the DAR Lean Services by the User constitutes
unconditional acceptance of these T&C.
- It is the responsibility of the Administrator and/or the User to ensure the security and safety
of the password to third parties. If the password is lost or compromised and if third parties
gain
unauthorised access to the Personal Account, the Administrator and/or User shall immediately
notify
DAR TECH at the email address: support@darlean.com.
Until
such a notice is received, all actions
taken using the Administrator and/or User’s Personal Account shall be deemed to have been
accepted
by the Administrator and/or User.
- The User undertakes not to use anyone else’s username and password to access the DAR Lean
Services and not to provide their verification data to other Users or third parties to access
the
Platform..
-
SERVICES FROM DAR TECH
- DAR TECH offers Users free (limited access) and several paid subscriptions with additional
functions. Full details of the prices and information on the individual subscriptions can be
found
at: https://darlean.com/en/plans.
- DAR TECH shall provide the User with the purchased Services during the term of the applicable
Subscription Period in accordance with these T&Cs. This does not affect DAR TECH's right to
terminate the contract between the Parties for a good cause or as otherwise provided in these
T&C.
- For more information on the services, products, information, contract or subscription period
and performance of DAR TECH, please refer to: https://darlean.com/en.
-
SUBSCRIPTION FEE AND PAYMENT PROCEDURE
- The prices for the various payment versions are listed on https://darlean.com/en/plans. These prices
are
not binding and exclude the applicable statutory taxes. As soon as a contract is concluded, the
fee
is payable and due immediately.
- The cost of access to the functionality of the DAR Lean Services may change at the discretion
of DAR TECH; however, a change in such cost shall not affect the cost of access to the DAR Lean
Services functionality for Users who have paid such cost in full at the previous price for the
remainder of the applicable Subscription Period only. DAR TECH shall notify Users of changes to
the
DAR Lean Services functionality by specifying the cost of the Platform in accordance with
Section
6.1.
- The purchase of access to the functionality of the DAR Lean Services shall be for a certain
period. At the same time, the User shall have the right to select the period for purchasing
access
to the functionality of the DAR Lean Services (hereinafter “Subscription Period”) in the
relevant
tab of the Platform from a limited selection of possible Subscription Periods.
- Payment for a subscription to access the functionality of the DAR Lean Platform and Services
shall be made through electronic payment system providers allowing payment by credit or debit
cards
of international payment systems. For payment, the User must select one of the payment methods
offered on the DAR Lean Platform. Other payment methods are not possible.
- In terms of implementing the payment infrastructure, the DAR Lean Services is based solely on
financial services.
- The User agrees that DAR TECH is not responsible for failures in operating the payment systems.
- The processing of card data entry and the payments themselves shall be carried out by a
financial service provider.
- Payment obligations shall be considered to have been fulfilled by the User if the payment is
authorised in the system. The proof of the payment shall be the payment system information about
the
payment made.
- DAR TECH shall have no control over the electronic payment system and shall not be responsible
for errors in such a payment system. If, as a result of such errors, the User’s money is
debited,
but the system does not authorise the payment, the obligation to return the funds to the User
shall
lie with the electronic payment system provider.
- If the User does not fulfil his payment obligation towards DAR TECH, DAR TECH is entitled to
temporarily block the User's profile until the owed payment has been received. All other claims
of
DAR TECH remain unaffected by this.
-
INTELLECTUAL PROPERTY
- The DAR Lean Platform, App and Services contain the results of intellectual activity owned by
DAR TECH. DAR TECH owns and reserves all right, title, and interest in and to the DAR Lean
Platform,
App and the Services, including without limitation any intellectual property rights therein or
thereto.
- By using the DAR Lean Services, the User acknowledges and agrees that all content on the
Platform and App, and the structure of content on the Platform, are protected by copyright,
trademark, and other intellectual property rights and that these rights are valid and protected
in
all forms, on all media and in relation to all technologies, whether currently existing or later
developed or created. No rights to any content on the Platform, including but not limited to
audio-visual works, images, methodological materials, or trademarks, shall be transferred to the
User as a result of using the DAR Lean Services and entering into these T&C.
- Without prejudice to the universality of the foregoing provisions, the User acknowledges that
the DAR Lean Services contain the results of intellectual activity, protected rights, and other
materials of third parties and that, as between the Parties, such rights belong to DAR TECH. The
User is prohibited from copying, modifying, changing, deleting, supplementing, publishing,
transferring the objects of exclusive and personal non-property rights contained in the Platform
or
App, creating derivative works, making, or selling products based thereon, reproducing,
displaying,
or in any other way exercising or using such rights without the express permission of the rights
holder.
- DAR TECH shall grant a limited, personal, non-exclusive, non-commercial, revocable, and
non-transferable license to view the DAR Lean Services content to anyone who has accepted the
T&C.
The User undertakes not to copy content from the Platform using automated systems (such as
scripts,
bots, spiders, scanners, etc.) or using other information extraction systems and technologies
(frames, User data extraction masks) without the prior written permission of the respective
right
holder. No materials from the DAR Lean Services may be copied, reproduced, modified,
republished,
uploaded, posted on third-party products, transferred to third parties, or distributed in any
form
or by any means without the prior written consent of DAR TECH except as expressly provided in
these
T&C.
- DAR TECH shall have the right to set limits on access to the DAR Lean Services products,
including setting time and quantitative limits in order to prevent unauthorized access to the
DAR
Lean Services products by third parties.
- Suggestions made by Users do not give rise to any property rights of the User against DAR TECH.
Notwithstanding any provision in these T&C to the contrary, DAR TECH may use, develop and
implement
any information, suggestions, comments, or other feedback (collectively, “Feedback”) provided to
DAR TECH by or on behalf of User in connection with the development, operation, marketing and
sale
of the Platform and/or Services, in its discretion and with no compensation to any person
providing
such Feedback, irrespective of any intellectual property or proprietary rights claimed by User
in
such Feedback. User represents that it has not, and will not, knowingly provide Feedback that is
subject to any third-party intellectual property rights.
-
PERSONAL DATA
- Personal data of the User will be stored and processed automatically by DAR TECH in the
performance of this contract. In this regard, DAR TECH hereby refers to the Privacy Statement
available at https://darlean.com/en/policy.
- Insofar as DAR TECH processes Personal Data of Data Subjects attributable to the User
(including, but not limited to employees or third parties of the User to whom the User has –
within
the limitations and prerequisites laid out in the Platform – granted access to the Platform, the
App or to Services), DAR TECH shall be Processor within the meaning of Article 4(8) GDPR and the
respective User shall be Controller within the meaning of Article 4(7) GDPR. In such a case, the
Contracting Parties agree that the Annex to the Terms & Conditions: Processing Agreement for the
use
of the DAR Lean Platform together with the appendices referenced therein, available at [Link]
(hereinafter “Data Processing Agreement”) shall apply as an agreement pursuant to Article 28
GDPR.
This Data Processing Agreement shall be deemed an integral part of these T&C.
-
LIABILITY / DISCLAIMER OF WARRANTIES
- DAR TECH shall not be liable for the performance of the DAR Lean Services and does not
guarantee the uninterrupted operation of the DAR Lean Services. DAR TECH also does not guarantee
the
safety of the information posted on the Platform and App and the possibility of uninterrupted
access to the Platform and App.
- The Platform and App may contain links to other websites or services on the Internet
(hereinafter “Third-Party Websites”). DAR TECH shall not check these
Third-Party
Websites or their
content for compliance with any requirements (authenticity, completeness, legality, etc.). DAR
TECH
shall not be liable for any information or materials posted on Third-Party Websites to which the
User gains access in connection with the use of the DAR Lean Platform or Services, including any
opinions or statements expressed on Third-Party Websites, advertisements, etc., as well as for
the
availability of such websites or content and the consequences of their use by the User.
- DAR TECH will not be liable for any direct, indirect, incidental, special, exemplary or
consequential damages, personal injury/wrongful death, lost profits, lost data, or business
interruption, the use or misuse of submissions or content in any way whatsoever arising out of
the
use of, or inability to use, the Platform and/or any Services, whether or not DAR TECH is
advised
of the possibility of such damages. In the event that the foregoing exclusion of liability is
found
by a court of competent jurisdiction to be unenforceable, and a determination is made that DAR
TECH
is liable, under no circumstances will DAR TECH be liable to any person or entity for more than
the
amount paid to DAR TECH by such person or entity in the 90 days immediately preceding the date
on
which the claim was first asserted.
- The User shall be liable to DAR TECH for the legality of all instructions given and shall
indemnify and hold DAR TECH harmless from and against any and all damages and losses resulting
from
compliance with such instructions. Further, each User shall defend, indemnify and hold harmless
DAR
TECH from and against all liability, claims, actions, and expenses, including attorneys' fees
and
costs, arising out of such User’s use of the Platform and/or Services or such User’s breach or
alleged breach of any term, condition, obligation, representation or warranty in this T&C. The
User
agrees that the provisions in this paragraph will survive any termination of such User’s
Personal
Account, the Platform or Services, or these T&C.
- DAR TECH does not guarantee that the DAR Lean Services meet the User’s requirements and that
access to the Platform will be uninterrupted, fast, reliable, or error-free. Software and
hardware
errors both on the side of DAR TECH and on the side of the User, which made it impossible for
the
User to access the Platform, are force majeure circumstances and grounds for exemption from
liability for non-fulfilment of obligations by DAR TECH under these T&C.
- The presentation, information and advertising of products and services on the DAR Lean Platform
and/or the App and/or Third-Party Websites and/or any other websites, folders or advertising
materials do not constitute a binding offer by DAR TECH to sell specific products or services.
- DAR TECH shall not be responsible for advertising materials distributed using the Service and
Platform products, as well as for goods and services offered in accordance with these
advertising
materials.
- Subsidiaries, directors, employees, managers, agents, representatives, or vendors of DAR TECH
may not give express or implied warranties on behalf of DAR TECH.
- Furthermore, to the extent permitted by applicable law, DAR TECH disclaims all express and
implied warranties regarding the DAR Lean Services suitability for specific purposes not
expressly
defined in these T&C, including without limitation any warranty regarding the commercial value,
respect for property rights, protection against computer viruses, title, non-infringement,
merchantability, or fitness for a particular purpose.
- DAR TECH cannot guarantee the absence of errors and defects on the Platform and/or App, as
well as uninterrupted access to the Platform and/or App, which may depend on the network
connection, the User’s software and equipment, and other factors. The User agrees that he/she is
solely responsible for using the Service and the Platform products. DAR TECH cannot guarantee
that
the Platform or Services are fully available in all jurisdictions, therefore, the use of the DAR
Lean Services is permitted subject to the laws of the Commonwealth of Massachusetts.
- Each User forever releases, discharges, and covenants not to sue DAR TECH from and with
respect to any and all liability, claims, actions, and expenses that may arise, whether caused
by
the negligence of DAR TECH or otherwise, in connection with the User’s use of the Platform
and/or
Services or the User’s interaction with any person or entity through or as a result of the
Platform
and/or Services.
- DAR TECH shall have no responsibility or liability for, or involvement with, any relationship
that exists or comes to exist between or among Users of the Platform.
- To the extent permitted by applicable law, each User and DAR TECH agrees that regardless of
any statute or law to the contrary, any claim or cause of action arising out of or related to
use of
the Platform and/or Services or this T&C (including the Privacy Policy) must be filed within ONE
(1) YEAR after such claim or cause of action arose (or, if longer, within the shortest statute
of
limitations for such claim which the Parties may establish by agreement) or the claim will be
forever barred.
-
Additional provision for the use of the dar lean app
- The User is granted a non-exclusive, non-transferable and limited right by DAR TECH to access
and use the DAR Lean App. This use is solely for personal and non-commercial purposes.
- The User may download and install the App from the respective application stores. The
availability of the App may vary depending on the device, operating system and region.
- The User may not reproduce, distribute, make publicly available, modify or otherwise use the
App without authorisation. The App may not be decompiled, reverse engineered, disassembled or
otherwise converted into a readable form.
- Updates, upgrades and modifications to the App will be made at DAR TECH's sole discretion and
may change the way the App is used or restrict the use of the App.
- DAR TECH cannot guarantee that the App will be error-free or uninterrupted at all times.
Outages may occur due to maintenance, updates or for other reasons beyond DAR TECH's control.
- The App is protected by copyright and all rights thereto are owned by DAR TECH or its
licensors. By using the App, the User does not acquire any ownership or other rights in the App
other than the right to use expressly granted in these T&C.
-
Final Provisions
- Except with respect to Section 11.6 (which can only be amended by mutual written agreement of
the
parties), DAR TECH shall have the right to unilaterally amend the T&C, with such amendments
taking
effect 30 days after the publication of the new version of the T&C. On each subsequent visit to
the
Platform or App prior to using the Personal Account, the User undertakes to read the new version
of
these T&C. Continued use of the DAR Lean Platform, App and Services and the User’s Personal
Account
shall constitute the User’s acceptance of the terms and conditions of the new version of these
T&C.
If the User does not agree with the terms and conditions of the new version of these T&C, he/she
shall stop using the Platform and Services.
- Should one or more provisions of this contract be or become invalid, this shall not affect the
remaining provisions of this contract.
- The headings of the provisions contained in these T&C are for convenience only and shall not
be used in interpreting them.
- This T&C and all aspects of the Platform and Services will be governed by and construed in
accordance with the internal laws of the United States and the Commonwealth of Massachusetts
governing contracts entered into and to be fully performed in Massachusetts (thus, without
regard to
conflict of laws provisions), regardless of any User’s location.
- With respect to any disputes or claims not subject to informal dispute resolution or
arbitration (as set forth below), each User agrees not to commence or prosecute any action in
connection therewith other than in the state or federal courts located in Boston, Massachusetts,
and
each User hereby consents to, and waive all defenses of lack of personal jurisdiction and forum
non
conveniens with respect to, venue and jurisdiction in the state and federal courts located in
Boston, Massachusetts.
- 11.6. To expedite resolution and control the cost of any dispute, controversy, or claim related
to
this T&C ("Dispute"), each User and DAR TECH agrees to first attempt to negotiate any Dispute
(except those Disputes expressly provided below) informally for at least thirty (30) days before
initiating any arbitration or court proceeding. Such informal negotiations commence upon written
notice from one party to the other. If such User and DAR TECH are unable to resolve a Dispute
through informal negotiations within 30 days, either such User or DAR TECH may elect to have the
Dispute (except those Disputes expressly excluded below) finally and exclusively resolved by
binding
arbitration. Any election to arbitrate by one party will be final and binding on the other. EACH
USER UNDERSTANDS THAT ABSENT THIS PROVISION, SUCH USER WOULD HAVE THE RIGHT TO SUE IN COURT AND
HAVE
A JURY TRIAL. The arbitration will be commenced and conducted under the Streamlined Arbitration
Rules and Procedures (the “Rules”) of JAMS, which is available at the JAMS website at
www.jamsadr.com. The determination of whether a Dispute is subject to arbitration will be
governed
by the Federal Arbitration Act and determined by a court rather than an arbitrator. The User’s
arbitration fees and share of arbitrator compensation will be governed by the Rules. The
arbitration
may be conducted in person, through the submission of documents, by phone, by video conference,
or
online. The arbitrator will make a decision in writing, but need not provide a statement of
reasons
unless requested by a party. The arbitrator must follow applicable law, and any award may be
challenged if the arbitrator fails to do so. Notwithstanding the above, each User and DAR TECH
agrees that arbitration will be limited to the Dispute between DAR TECH and the User
individually.
To the full extent permitted by law, (a) no arbitration will be joined with any other; (b) there
is
no right or authority for any Dispute to be arbitrated on a class-action basis or to utilize
class
action procedures; and (c) there is no right or authority for any Dispute to be brought in a
purported representative capacity on behalf of the general public or any other persons. Each
User
and DAR TECH agrees that the following Disputes are not subject to the above provisions
concerning
informal negotiations and binding arbitration: (a) any Disputes seeking to enforce or protect,
or
concerning the validity of, any of DAR TECH’s intellectual property rights; and (b) any claim
for
injunctive relief or to compel arbitration, stay proceedings pending arbitration, or to confirm,
modify, vacate or enter judgment on the award entered by the arbitrator.
- The User may obtain any clarification on the matters of interest by contacting DAR TECH by email
at
support@darlean.com.
Annex to the Terms & Conditions (T&C)
Processing Agreement for the Use of the DAR Lean Platform of (the “Agreement”) DARLEAN US CORP. ("DARLEAN US")
-
Preamble and Scope of this Agreement, Annex to the Terms & Conditions
- This Agreement is an integral part of the Terms & Conditions (T&C) on the use of the DAR Lean Platform concluded between DARLEAN US CORP., 850 New Burton Road, Suite 201, Dover, DE 19904, USA (in short, "DARLEAN US") and the Contractual Partner. Capitalized terms used and not otherwise defined herein shall have the meanings ascribed to them in the T&C.
- This Agreement serves as a Processing agreement between the Contractual Partner as Controller and DARLEAN US as Processor.
- This Agreement shall only apply between DARLEAN US and the Contractual Partner if the Contractual Partner is based within the United States of America.
-
Definitions
- DAR Lean Platformmeans the cloud-based internet platform operated by DARLEAN US
under
the web address https://app.darlean.com, which allows
Users to
organize and manage operational
processes as well as teamwork, including, inter alia, productivity tools, processes, planning,
HR
management and reporting.
- Annex or Agreement means this Annex to the Terms & Conditions
(T&C) of DARLEAN US for the use of the DAR Lean Platform.
- Contractual Partner or Controller means any natural or legal
person who concludes or has concluded a contract with DARLEAN US for the use of the DAR Lean
Platform
which includes the Terms & Conditions.
- DARLEAN US means DARLEAN US CORP., 850 New Burton Road, Suite 201, Dover, DE 19904, USA.
- Privacy Lawsmeans the data protection laws applicable to the Processing of Personal Data under this Agreement, including inter alia the following and as amended from time to time:
- to the extent applicable, the California Consumer Privacy Act of 2018, as amended by the California Privacy Rights Act of 2020, together with any regulations promulgated thereunder (CCPA)
- in each case to the extent effective and applicable and together with any regulations promulgated thereunder: (i) the Colorado Privacy Act; (ii) the Connecticut Act Concerning Personal Data Privacy and Online Monitoring; (iii) the Utah Consumer Privacy Act; (iv) the Virginia Consumer Data Protection Act; (v) the Delaware Personal Data Privacy Act; (vi) the Indiana Consumer Data Protection Act; (vii) the Iowa Consumer Data Protection Act; (viii) the Montana Consumer Data Privacy Act; (ix) the Oregon Consumer Privacy Act; (x) the Tennessee Information Protection Act; (xi) the Texas Data Privacy and Security Act; (xii) New Jersey SB 332; (xiii) New Hampshire SB 255; (xiv) the Nebraska Data Privacy Act; and (xv) the Kentucky Consumer Data Protection Act, (collectively, State Data Protection Laws).
- General Data Protection Regulation, Regulation (EU) 2016/679, as it forms part of domestic law in the UK by virtue of section 3 of the European Union (Withdrawal) Act 2018 (UK GDPR);
- Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (EU GDPR).
- Parties refers to DAR TECH and the Contractual Partner collectively.
- Personal Data is as defined within the T&Cs.
- Processing means any operation or set of operations which is performed on
Personal
Data or on sets of Personal Data, whether or not by automated means, such as collection,
recording,
organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use,
disclosure by transmission, dissemination or otherwise making available, alignment or
combination,
restriction, erasure or destruction.
- Controllermeans, unless explicitly stated otherwise by applicable Privacy Laws, the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the Processing of Personal Data; where the purposes and means of such Processing are determined by law, the Controller or the specific criteria for its nomination may be provided for by such legal provisions.
- Processormeans, unless explicitly stated otherwise by applicable Privacy Laws, a natural or legal person, public authority, agency or other body which processes Personal Data on behalf of the Controller.
- Recipientmeans, unless explicitly stated otherwise by applicable Privacy Laws, a natural or legal person, public authority, agency or another body, to which the Personal Data are disclosed, whether a third party or not. However, public authorities which may receive Personal Data in the framework of a particular inquiry in accordance with applicable law shall not be regarded as Recipients; the Processing of those data by those public authorities shall be in compliance with the applicable Privacy Laws according to the purposes of the Processing.
- Special Categories of Personal Datameans, unless explicitly stated otherwise by applicable Privacy Laws, personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, genetic data, biometric data for the purpose of uniquely identifying a natural person, data concerning health or data concerning a natural person's sex life or sexual orientation.
- State Laws Datameans any Personal Data regulated by any State Data Protection Laws and Processed by DARLEAN US solely on behalf of Contractual Partner.
- Terms & Conditions means DAR TECH’s Terms and Conditions on the use of the DAR
Lean Platform.
-
Objective of the Agreement, Contractual Partner as Controller
- DARLEAN US undertakes to perform, on behalf of the Contractual Partner, the data Processing operations in accordance with the Terms & Conditions and this Agreement as further described in
Appendix 1 of this Agreement.
- The Contractual Partner is deemed to be Controller relating to the data Processing operations in accordance with Section 3.1. Accordingly, the Contractual Partner is obliged to implement all obligations applicable to Controllers under the applicable Privacy Laws and to monitor their implementation and compliance. The Contractual Partner confirms that before using the DAR Lean Platform, the Contractual Partner understands and is compliant with the relevant statutory provisions, in particular those relating to the applicable Privacy Laws to which they are subject. Further, Contractual Partner represents, warrants, and covenants that: (i) it has (and will have) Processed, collected, and disclosed all Personal Data in compliance with applicable law and provided any notice and obtained all consents and rights required by applicable law to enable DARLEAN US to lawfully Process Personal Data as permitted by the T&C and this Agreement; (ii) it has (and will continue to have) full right and authority to make Personal Data available to DARLEAN US under the T&C and this Agreement; and (iii) DARLEAN US‘ Processing of the Personal Data in accordance with the T&C, this Agreement, and/or Contractual Partner‘s instructions does and will not infringe upon or violate any applicable law or any rights of any third party.
- The Contractual Partner undertakes not to make the DAR Lean Platform or individual modules or functions thereof accessible to Users if such use is prohibited under the legal provisions to which the Contractual Partner is subject. In such case, the Contractual Partner must instruct the Users without undue delay not to use the DAR Lean Platform or the relevant modules or functions, and to revoke, if possible, the User authorizations for such use; if such revocation is not possible within the DAR Lean Platform, the Contractual Partner shall immediately inform DARLEAN US about this circumstance. The Contractual Partner shall indemnify, defend, and hold DARLEAN US harmless from and against any claims of Users against DARLEAN US arising from the Contractual Partner's breach of these obligations.
-
Processing by DARLEAN US, Right to Instruction
- DARLEAN US shall process Personal Data as further described in Appendix 1 of this Agreement only on documented instructions from the Contractual Partner, including with regard to transfers of Personal Data to a third country or an international organization, unless required to do so by any applicable law to which DARLEAN US is subject; in such a case, DARLEAN US shall inform the Contractual Partner of that legal requirement before Processing, unless that law prohibits such information on important grounds of public interest.
The conclusion of a contract on the use of the DAR Lean Platform between DARLEAN US and the Contractual Partner to which the T&C and this Agreement are attached as integral parts shall be deemed to be such documented instruction to Process Personal Data. Subsequent instructions may also be given by the Contractual Partner throughout the duration of the Processing of Personal Data. These instructions shall always be documented.
- DARLEAN US shall immediately inform the Contractual Partner if, without seeking legal advice, it considers that an instruction given by the Contractual Partner obviously infringes applicable Privacy Laws. DARLEAN US shall not be obliged to seek legal advice on the performance of this Agreement and shall not provide any legal advice related to the performance of this Agreement.
- DAR TECH shall immediately inform the Contractual Partner whether it is obliged, under EU or EU
Member State law, to process Personal Data contrary to the instructions of the Contractual
Partner
or without the instructions of the Contractual Partner, if such notification is legally
permissible.DARLEAN US shall immediately inform the Contractual Partner whether it is legally obliged to process Personal Data contrary to the instructions of the Contractual Partner or without the instructions of the Contractual Partner, if such notification is legally permissible.
- Instructions given by the Contractual Partner must be consistent with the subject matter of this Agreement. Should DARLEAN US incur an expense of more than one working hour as a result of following any individual instruction upon the explicit request of the Contractual Partner, the entire expense shall be reimbursed by the Contractual Partner.
-
Confidentiality
DARLEAN US shall ensure that persons authorized to process Personal Data have committed themselves to confidentiality or are under an appropriate statutory obligation of confidentiality.
-
Data Security
- DARLEAN US shall implement technical and organisational measures to ensure the security of the Personal Data. This includes protecting the data against a breach of security leading to accidental or unlawful destruction, loss, alteration, unauthorised disclosure or access to the data (Personal Data breach). In assessing the appropriate level of security, DARLEAN US shall take due account of the state of the art, the costs of implementation, the nature, scope, context and purposes of Processing and the risks involved for the Data Subject.
- DARLEAN US fulfils its obligation under Section 6.1 by implementing the measures set out in Appendix 2 of this Agreement. DARLEAN US is entitled to adapt the technical and organizational measures to the current state of the art from time to time to ensure an adequate level of data security.
- DARLEAN US shall inform the Contractual Partner of any Personal Data breach, in so far as such breach concerns data processed by DARLEAN US on behalf of the Contractual Partner and results in a risk to the rights and freedoms of natural persons. This information shall be provided without delay as soon as DARLEAN US becomes aware of such a breach and shall be addressed to the contact point notified in writing by the Contractual Partner.
- The information provided to the Contractual Partner pursuant to Section 6.3 shall include the
following, as far as possible in the light of the circumstances:
- the nature of the Personal Data breach including where possible, the categories and
approximate number of Data Subjects concerned and the categories and approximate number
of
Personal Data records concerned;
- the likely consequences of the Personal Data breach; and
- the measures taken or proposed to be taken to address the Personal Data breach,
including,
where appropriate, measures to mitigate its possible adverse effects.
- In addition to the purposes described in Appendix 1, DARLEAN US hereby informs the Contractual Partner and the Contractual Partner expressly agrees that DARLEAN US may process Personal Data as further described in Appendix 1 of this Agreement, to the extent necessary, for the purposes of IT Security and the prevention of fraud and abuse. If certain Personal Data Processed on behalf of the Contractual Partner is found to affect IT security (e.g. because certain files contain viruses), DARLEAN US reserves the right to delete such data in accordance with the Terms & Conditions and to immediately inform the Contractual Partner.
-
International Transfers
Contractual Partner hereby instructs DARLEAN US to transfer Personal Data to, and to Process Personal Data in, the United States and/or to any other jurisdiction in which DARLEAN US or its Sub-Processors have operations, and Contractual Partner hereby consents to the foregoing.
-
Sub-Processing
- DARLEAN US has the Contractual Partner’s general authorisation for the engagement of sub-processors from an agreed list pursuant to Appendix 3 of this Agreement. DARLEAN US shall inform the Contractual Partner of any intended changes concerning the addition or replacement of other processors or sub-processors (hereinafter collectively “Sub-Processors”), thereby giving the Contractual Partner the opportunity to object to and prohibit such changes. If the Contractual Partner does not object within two weeks after such notification, the addition or replacement shall be deemed to have been approved. If such objection is raised, DARLEAN US shall be entitled to terminate this Agreement as well as the underlying contractual relationship with the Contractual Partner to the end of the month by giving two weeks‘ notice.
- Where DARLEAN US engages another Sub-Processor for carrying out specific Processing activities on behalf of the Contractual Partner, the data protection obligations required by applicable Privacy Laws shall be imposed on that Sub-Processor by way of a contract.
-
Assistance
- Taking into account the nature of the Processing, DARLEAN US shall assist the Contractual Partner by appropriate technical and organizational measures, insofar as this is possible, for the fulfilment of the Contractual Partner‘s obligation to respond to requests for exercising the Data Subject‘s rights under applicable Privacy Laws. DARLEAN US shall fulfil this obligation by forwarding requests received from Data Subjects to the Contractual Partner. If the Contractual Partner deems it necessary to receive additional support from DARLEAN US and DARLEAN US agrees to provide such support, DARLEAN US shall be entitled to demand additional appropriate remuneration for rendering such additional support.
- Moreover, taking into account the nature of Processing and the information available to DARLEAN US, DARLEAN US shall assist the Contractual Partner in ensuring compliance with the Contractual Partner’s obligations under applicable Privacy Laws. DARLEAN US shall do so by (i) taking the measures set forth in Sections 5 (“Confidentiality”) and 6 (“Data Security”) of this Agreement; (ii) notifying the Contractual Partner of a breach of Personal Data pursuant to Section 6.3; and (iii) providing the information set forth in Appendix 1 of this Agreement. If the Contractual Partner deems it necessary to receive additional support from DARLEAN US and DARLEAN US agrees to provide such support, DARLEAN US shall be entitled to demand additional appropriate remuneration for rendering such additional support.
-
Deletion and Return of Personal Data
- DARLEAN US hereby informs the Contractual Partner that currently a deletion of the entire Workspace is only possible by way of a separate written notification from the Contractual Partner to DARLEAN US. DARLEAN US is entitled to integrate such functionality (which would allow Contractual Partner to delete an entire Workspace without providing a separate written notification to DARLEAN US) into the DAR Lean Platform in the future.
- DARLEAN US shall moreover, at the choice of the Contractual Partner, delete or return all the Personal Data to the Contractual Partner after the end of the provision of services relating to Processing, and delete existing copies unless applicable law requires storage of the Personal Data.
-
Intentionally Omitted.
-
Liability
- The liability of both Parties is subject to any limitations of liability set forth in the T&C.
- The Contractual Partner shall be liable to DARLEAN US for the legality of all instructions given.
- The Contractual Partner shall indemnify, defend, and hold DARLEAN US harmless from and against any and all claims, actions, proceedings, expenses, liabilities (including without limitation any governmental investigations, complaints and actions), damages, attorneys’ fees, and/or losses arising or resulting from Contractual Partner’s breach or alleged breach of this Agreement or from DARLEAN US’s compliance with any instructions of Contractual Partner.
-
Miscellaneous
- The Final Provisions (Section 11) of the Terms & Conditions shall also apply for this Agreement.
- In the event of a contradiction between this Agreement and the provisions of related agreements between the Parties existing at the time when this Agreement is agreed or entered into thereafter, this Agreement shall prevail. Notwithstanding the foregong, this Agreement shall not prevail over future amendments to this Agreement (unless expressly specified in such amendment).
-
U.S. State Law Provisions
- To the extent Contractual Partner makes available to DARLEAN US Personal Data regulated by the CCPA for a business purpose pursuant to this Agreement and/or to the extent DARLEAN US Processes Personal Data regulated by the CCPA solely on behalf of Contractual Partner (collectively, “California Personal Data”), then to the extent required by the CCPA, the California Data Appendix (attached hereto as Appendix 4, the “California Data Appendix”) will apply to DARLEAN US’ Processing of such California Personal Data and the Parties hereby agree to comply with such California Data Appendix, which is hereby incorporated into this Agreement in its entirety. In the event of a conflict between this Agreement and the California Data Appendix, the California Data Appendix will control to the extent applicable to the California Personal Data.
- To the extent DARLEAN US Processes State Laws Data, then to the extent required by State Data Protection Laws, the Other States Data Appendix (attached hereto as Appendix 5, the “Other States Data Appendix”) will apply to DARLEAN US’ Processing of such State Laws Data and the Parties hereby agree to comply with such Other States Data Appendix, which is hereby incorporated into this Agreement in its entirety. In the event of a conflict between this Agreement and the Other States Data Appendix, the Other States Data Appendix will control to the extent applicable to the State Laws Data.
Appendix 1: Description of the Processing
DAR Lean Platform Processing: Definitions
- Users: Users of the DAR Lean Platform who are either (i) the Contractual
Partner, (ii) in a contractual relationship with the Contractual Partner (e.g. as employees or contract
partners), or (iii) to whom the Contractual Partner has granted access to the DAR Lean Platform.
- Interested Party: A natural person who is not yet a User of the DAR Lean
Platform but has received an invitation to use it.
- Workspace Data: Personal Data that a User enters by using the various
modules
of the DAR Lean Platform within a Workspace, in particular:
- Invitation Data: This includes Personal Data entered by the
User
for the purpose of inviting an Interested Party, such as in particular the e-mail address as
well as
the intended role.
- Collaboration Data: This includes Personal Data that occurs
as a
result of multiple Users interacting with each other or within a Team, specifically Personal
Data
contained in project plans, functional personal tasks, meeting notes, Personal Data related to
video
conferencing (including video transmission), or related User assignments/assignments.
- Team Data: This includes Personal Data related to the Team
(including human resources) of a Workspace, in particular listings of Users, roles, hierarchies,
employee contract terms (if applicable), working time records, leave dates and types.
- Work Data: This includes Personal Data related to tasks, in
particular the assignment of Users to tasks, Per-onal Data related to processes, projects or
budgets.
- Media Data: This includes Personal Data contained in uploaded
files, such as Word and PDF files, image, video and audio files.
- Special categories of personal data: DARLEAN US confirms that free-text fields are available within the DAR Lean platform. Whether DARLEAN US processes Special Categories of Personal Data is dependent upon whether Users enter such data into the free-text fields within the DAR Lean Platform.
Processing activities on behalf of the Controller (Contractual Partner):
Categories of data subjects: | Categories of personal data: | Subject matter and nature: | Purpose: | Duration of the processing: |
Users | Workspace Data | Processing (especially collecting, recording, organizing, structuring, storing, retrieving,
combining or erasing) Personal Data that has been entered by the User into the DAR Lean
Platform
in accordance with the Terms & Conditions as well as this Agreement. The scope of Processing
is
depending on the subscription plan chosen by the Contractual Partner. | Provide Collaboration Tools to Users on behalf of the Contractual Partner | Duration of the contractual relationship between the Contractual Partner and DARLEAN US. |
Users, Interested Party | Name, E-Mail | Collecting the name and e-mail address of an Interested Party from the User, transmission of
an
e-mail, storing the invitation data. | Invite Interested Parties to the DAR Lean Platform on behalf of the Contractual Partner | Until the transmission of the invitation e-mail and then for a reasonable time within which
the
Interested Party is able to accept the invitation |
Users | Workspace Data | Accessing User’s Workspace Data on an individual basis upon User’s explicit request. | Provision of technical assistance and support to Users upon request, on behalf of the
Contractual Partner | Until the completion of the technical assistance or support activity |
Appendix 2: Technical and organizational measures
DARLEAN US has implemented suitable technical and organizational measures to fulfil the legal requirements set forth in the applicable Privacy Laws. These measures include inter alia:
-
Pseudonymization
Implementation of suitable pseudoymization methods.
-
Encryption
Implementation of SSL encryption, encryption of local hard drives.
-
Confidentiality
-
Physical access control
No unauthorized access to data Processing systems, e.g. magnetic or chip cards, keys,
electric
door openers, plant security or gatekeepers, alarm systems, video systems;
-
Access rights
No unauthorized system use, e.g. secure passwords, automatic locking mechanisms, two-factor
authentication, encryption of data media;
-
Access control
No unauthorized reading, copying, modification or removal within the system, e.g.
Authorization
concepts and needs-based access rights, logging of accesses;
-
Separation control
Separate processing of data collected for different purposes, e.g. multi-client capability,
sandboxing;
-
Pseudonymization (Art. 32 (1) letter a GDPR)
The processing of personal data in such a way that the data can no longer be assigned to a
specific data subject without the inclusion of additional information, provided that this
additional information is kept separately and is subject to appropriate technical and
organizational measures.
-
Integrity
-
Transmission control
No unauthorized reading, copying, modification or removal during electronic transmission or
transport, e.g. encryption, Virtual Private Networks (VPN), electronic signature.
-
Entry control
Determining whether and by whom personal data have been entered, modified or removed from
data
processing systems, e.g: logging, document management.
-
Availability and resilience
-
Availability control
Protection against accidental or wilful destruction or loss, e.g. backup strategy
(online/offline; on-site/off-site), uninterruptible power supply (UPS), virus protection,
firewall, reporting channels and emergency plans;
-
Rapid restorability
-
Procedures for regular review, assessment and evaluation
- Data protection management;
- Incident-Response-Management;
- Privacy-friendly default settings (Art. 25 (2) GDPR);
- Order control
- No data Processing in the sense of Art. 28 GDPR without corresponding instruction of the
Contractual Partner, e.g. clear contract drafting, formalized order management, strict selection
of
the service provider, obligation to assure in advance, and follow-up checks.
Appendix 3: Sub-Processors
Sub-Processor | Function | Country | Legal basis for data export |
DAR Solutions LLP., 180640002340
Almaty, Koktem microdistrict 2 – 22,
Kazakhstan
| Technical Assistance and Support of Users | Kazakhstan | Standard Contractual Clauses (SCC) |
AMAZON WEB SERVICES EMEA SOCIÉTÉ À RESPONSABILITÉ LIMITÉE 38 AVENUE JOHN F. KENNEDY, L-1855
LUXEMBOURG | Hosting | Luxembourg | (EU Member State) |
Appendix 4: California Data Appendix
- This California Data Appendix (this “Appendix”), forms part of the Agreement. Capitalized terms used and not otherwise defined herein shall have the meanings ascribed to them in the Agreement. The types of California Personal Data subject to processing hereunder are as set forth in Appendix 1.
- CCPA Provisions.
- In this Appendix, the following terms have the meanings given in the CCPA: "business purpose", “personal information”, “processing”, “service provider”, “contractor”, “person”, “share”, “sharing”, “shared”, “sell”, “selling”, “sale” and “sold”.
- Except as otherwise required by applicable law or as otherwise permitted by the CCPA, DARLEAN US shall:
- not sell or share California Personal Data;
- not retain, use, or disclose California Personal Data for any purpose other than for the business purposes as set out in the T&C and the Agreement (including Appendix 1) for the Contractual Partner, nor retain, use, or disclose California Personal Data for a commercial purpose other than the business purposes specified in the T&C and the Agreement (including Appendix 1), or as otherwise permitted by the CCPA;
- not retain, use, or disclose California Personal Data outside of the direct business relationship between the Parties;
- not combine California Personal Data, which DARLEAN US receives pursuant to the Agreement or from or on behalf of Contractual Partner, with personal information which it receives from or on behalf of another person or persons, or collects from its own interaction with the individual to whom such California Personal Data relates, except as otherwise expressly permitted by the CCPA;
- reasonably cooperate with Contractual Partner in responding to any requests from any individual regarding California Personal Data relating to such individual, including reasonably assisting Contractual Partner in deletion, correction, or limitation of the use of such California Personal Data where required under the CCPA, and including instructing DARLEAN US’ service providers and/or contractors (if any) to so reasonably cooperate in such response;
- reasonably assist Contractual Partner through appropriate technical and organizational measures in Contractual Partner’s complying with the requirements of subdivisions (d) to (f), inclusive, of Section 1798.100 of the CCPA, taking into account the nature of the California Personal Data processing by DARLEAN US;
- implement and maintain commercially reasonable security procedures and practices, including the procedures and practices set out in Appendix 2, appropriate to the nature of the California Personal Data intended to protect such California Personal Data from unauthorized access, destruction, use, modification, or disclosure;
- comply with all applicable obligations under the CCPA and provide the same level of privacy protection with respect to California Personal Data as required by the CCPA;
- notify Contractual Partner if DARLEAN US determines it can no longer meet its obligations under the CCPA; and
- to the extent required by the CCPA, comply with Section 1798.140(m) of the CCPA with respect to deidentified data (as defined in the CCPA) received by DARLEAN US from Contractual Partner.
To the extent DARLEAN US is a contractor, DARLEAN US certifies that DARLEAN US understands the restrictions provided in Sections 2(b)(i), 2(b)(ii), 2(b)(iii), and 2(b)(iv) and will comply with them.
-
DARLEAN US acknowledges and agrees that the California Personal Data has been disclosed to it for the limited and specified purposes set forth in the T&C and the Agreement (including Appendix 1) and DARLEAN US further acknowledges and agrees that Contractual Partner shall have the right: (i) to take reasonable and appropriate steps to ensure that DARLEAN US uses California Personal Data in a manner consistent with Contractual Partner’s obligations under the CCPA; and (ii) upon notice from Contractual Partner to DARLEAN US, to take reasonable and appropriate steps to stop and remediate unauthorized use of California Personal Data.
-
To the extent required by the CCPA and to the extent DARLEAN US is a contractor, DARLEAN US shall permit, subject to agreement of the Parties, Contractual Partner to monitor DARLEAN US’ compliance with this Appendix through measures, including, but not limited to, ongoing manual reviews and automated scans, and regular assessments, audits, or other technical and operational testing once every twelve (12) months (each, an “Audit”), upon reasonable prior notice from Contractual Partner, provided that no third-party auditor (each an “Auditor”) shall be a competitor of DARLEAN US, nor shall any Auditor be compensated on a contingency basis, and provided further that in no event shall Contractual Partner or any Auditor have access to the information of any other customer of DARLEAN US and the disclosures made pursuant to this Section 2(d) (“Audit Information”) shall be held in confidence as DARLEAN US’ confidential information and subject to any confidentiality obligations in the T&C, and provided further that no Audit shall be undertaken unless or until Contractual Partner has requested, and DARLEAN US has provided, information about DARLEAN US’ data protection practices and Contractual Partner reasonably determines that an Audit remains necessary to demonstrate material compliance with the obligations laid down in this Appendix. Without limiting the generality of any provision in the T&C, Contractual Partner shall employ the same degree of care to safeguard Audit Information that it uses to protect its own confidential and proprietary information and in any event, not less than a reasonable degree of care under the circumstances, and Contractual Partner shall be liable for any improper disclosure or use of Audit Information by Contractual Partner or its agents.
-
If DARLEAN US engages any other person to assist DARLEAN US in processing California Personal Data for a business purpose on behalf of Contractual Partner, DARLEAN US shall notify Contractual Partner of such engagement, and the engagement shall be pursuant to a written contract binding the other person to observe substantially similar requirements to those set forth in this Appendix. DARLEAN US hereby notifies Contractual Partner that DARLEAN US may engage the persons listed in Appendix 3 of the Agreement to assist DARLEAN US in processing California Personal Data for a business purpose on behalf of Contractual Partner.
Appendix 4: California Data Appendix
- State Data Protection Laws. This Other States Data Appendix (this “Appendix”), forms part of the Agreement. Capitalized terms used and not otherwise defined herein shall have the meanings ascribed to them in the Agreement.
- Instructions. Contractual Partner hereby instructs DARLEAN US to Process State Laws Data as set out in the T&C and the Agreement (including Appendix 1).
- Nature of the Processing; Purpose of the Processing. The nature and purpose of the Processing is as set forth in the T&C and the Agreement (including Appendix 1).
- Types of State Laws Data. The types of State Laws Data subject to Processing are as set forth in Appendix 1.
- Duration of Processing. The duration of the State Laws Data Processing is as set forth in the Agreement (including Appendix 1).
- Rights, Duties, and Obligations. Except as otherwise required or permitted by applicable law, DARLEAN US shall:
-
Ensure that each person Processing State Laws Data on behalf of DARLEAN US is subject to a duty of confidentiality with respect to such State Laws Data;
-
At Contractual Partner’s choice and direction, delete or return all State Laws Data to Contractual Partner in accordance with Section 10 of the Agreement, unless retention of such State Laws Data is required by applicable law;
-
Make available to Contractual Partner all information necessary to demonstrate DARLEAN US’ compliance with the obligations in the State Data Protection Laws;
-
Taking into account the context of Processing, DARLEAN US shall implement appropriate technical and organizational measures, including the measures set out in Appendix 2, designed to ensure a level of security with respect to the State Laws Data appropriate to the risk in accordance with the Agreement;
-
Allow for, contribute to, and cooperate with reasonable audits, inspections, and/or assessments (each a “State Audit”) by Contractual Partner or Contractual Partner’s designated third-party representative (each, a “State Auditor”), provided that, to the extent permitted by State Data Protection Laws, as an alternative, Contractual Partner hereby consents that DARLEAN US may arrange for a qualified and independent auditor or assessor to conduct (at least annually and at Contractual Partner’s expense (except to the extent State Data Protection Laws require such expense to be borne by DARLEAN US)) a State Audit of DARLEAN US’ policies and technical and organizational measures in support of the obligations under the State Data Protection Laws using an appropriate and accepted control standard or framework and State Audit procedure for the State Audits as applicable and DARLEAN US shall provide a report of such State Audit (and the results thereof) to Contractual Partner upon request. No third-party State Auditor appointed by Contractual Partner shall be a competitor of DARLEAN US, nor shall any such State Auditor be compensated on a contingency basis. In no event shall Contractual Partner or any State Auditor have access to the information of any other customer of DARLEAN US and the disclosures made pursuant to this Section 1(e)(v) (“State Audit Information”) shall be held in confidence as DARLEAN US’ Confidential Information and subject to the confidentiality obligations in the T&C, and provided further that no State Audit under this Section 1(e)(v) shall be undertaken unless or until Contractual Partner has requested, and DARLEAN US has provided, information about DARLEAN US’ data protection practices and Contractual Partner reasonably determines that such a State Audit remains necessary to demonstrate material compliance with the obligations laid down in the State Data Protection Laws. Without limiting the generality of any provision in the T&C, Contractual Partner shall employ the same degree of care to safeguard State Audit Information that it uses to protect its own confidential and proprietary information and in any event, not less than a reasonable degree of care under the circumstances, and Contractual Partner shall be liable for any improper disclosure or use of State Audit Information by Contractual Partner or its agents; and
-
Engage a subcontractor to Process State Laws Data on behalf of DARLEAN US only after providing Contractual Partner with an opportunity to object, and DARLEAN US shall bind each such subcontractor to a written contract in accordance with State Data Protection Laws that requires such subcontractor to comply with obligations of processors (as defined in the State Data Protection Laws) under the State Data Protection Laws and to meet equivalent obligations with respect to such State Laws Data as are set forth in this Other States Data Appendix. Contractual Partner hereby consents to DARLEAN US’ engagement of the subcontractors listed in Appendix 3 of this Agreement to Process State Laws Data.
- Deidentified Data. To the extent required by State Data Protection Laws, with respect to Deidentified Data received by DARLEAN US from Contractual Partner, DARLEAN US shall: (A) take reasonable measures to ensure that such data cannot be associated with an individual; (B) publicly commit to maintain, use, and Process such Deidentified Data only in a de-identified fashion and not attempt to re-identify such Deidentified Data; and (C) comply with the State Data Protection Laws. “Deidentified Data” means data that cannot reasonably be used to infer information about, and that cannot otherwise be linked to, an identified individual or an identifiable individual, or to a device linked to such individual.