Terms of Service for Issuers
Applicable as of 8 August 2024
We are Programmable Equity OÜ, an Estonian company with registry code 16320994 and registered address Kristjani road 4, 74015, Harju county, Estonia, hereinafter “we”, “us”, “our” or “KOOS”.
We are operating the website https://koos.io/, its subdomains (the “Website”) and the KOOS solution, including the software, databases, interfaces, mobile application, associated media, documentation, updates, new releases and other components or materials incorporated therein or integrated therewith (hereinafter collectively the “Platform”). Through the Platform, we provide software and solutions to help companies and other organisations (the “Issuer”, “you”, “your”) to receive useful business-related input and actions (the “Contributions”) by enabling the Issuers to detect, attract, engage, motivate, reward, and collaborate with external individuals around their businesses (the “Contributors”).
In addition to solutions and services made available via the Platform KOOS may provide you with certain professional services to assist you in the preparation of your business growth and community engagement strategy and support you in its implementation. Such services are of advisory nature that are provided in reliance on information and input provided by you and with the understanding that the responsibility for the implementation of the strategy lies with you.
Any service made available by KOOS via the Platform or otherwise to the Issuers is hereinafter referred to as the “Issuer Service” or the “Issuer Services”. The specific content, scope and description of the Issuer Services may vary from time to time.
By accepting these Terms, you confirm that you have carefully read and understood these Terms of Service for Issuers (the “Terms”), are lawful representative of the Issuer and at least 18 years old and with active legal capacity and agree to be bound by them. We may add separate appendices to these Terms which form an integral part of these Terms. These Terms, its appendices, and the documents referenced herein form together a legally binding agreement between you and us (the “Agreement”) that shall govern the provision of respective Issuer Services.
In case these Terms are published also in a language other than English and there is any discrepancy or conflict between the English version and the version in another language, then the English language version shall prevail.
- OUR ISSUER SERVICES
- These Terms govern the provision of all Issuer Services which are made available by us to you through the Platform or otherwise as described herein, including any issuer services which are not defined in these Terms, but which are made available to you through the Platform.
- The Issuer Services provide a communication platform for Issuers and Contributors. The Issuer Services include, above all, access to the Platform to help you detect, attract, engage, motivate, reward, and collaborate with the Contributors, and receive the Contributions from them.
- USE OF THE ISSUER SERVICES
- Subject to the Terms, we hereby grant to you a limited non-exclusive, non-sublicensable and non-transferable right/license to use the Issuer Services.
- The Issuer Services are provided to you on an “as is” and “as available” basis without any warranties of any kind either express or implied. We may update, improve, or change the Platform and/or the Issuer Services, including adding and removing features at any time.
- To access the Platform and/or the Issuer Services, you must have an account. To create such an account, you may need to complete certain procedures. If you generate a username and/or password or if we generate a private key to you in such a process, you should keep them confidential and secure. You should change your password regularly. You should inform us immediately if you get information about any breach of security or unauthorized use of your account.
- The Issuer Services provide a communication platform for Issuers and Contributors.
- The Issuer uses the Platform to publish a request for business-related input or actions, along with the offered terms, and invites potential Contributors to participate. The remuneration specified in the offer is gross remuneration.
- The Contributor selects the Issuer's offer and agrees to provide the business-related input or actions described, following the terms and instructions set by the Issuer.
- The Contributor provides the Contribution to the Issuer. The Contribution is accepted when the Issuer decides to reward the Contributor according to the terms set, published, and agreed upon in advance. The Issuer has the right not to reward the Contribution if it does not meet the predefined requirements.
- The Issuer is required to pay the reward for the Contribution, including all applicable taxes, to KOOS at the time of, or prior to, deciding to accept and reward the Contribution.
- KOOS will remunerate the Contributor for the contributions within 5 calendar days after the Issuer has accepted and rewarded the Contribution and the Contributor has completed necessary actions indicated in the KOOS platform. The remuneration will be paid via bank transfer to the account details provided by the Contributor.
- FEES AND PAYMENT
- The Issuer Services are subject to fee(s) (the “Fee” or “Fees”).
- The amounts of Fees will be made available to you on the Platform, Website, by e-mail (for example, through a link in the e-mail) or in any other manner accepted by you in the course of use of the Issuer Services.
- You acknowledge and agree that we may unilaterally change the Fees at any time and from time to time when there is an objective justification for that. Above all, we may unilaterally change the Fees in case (i) there is any change in our costs, expenses, risks and/or liabilities relating to the provision of the Issuer Services, including, without limitation, due to changes in laws and regulations and/or in the interpretation and application of the laws and regulations or (ii) there are other objective reasons of whatsoever nature. We shall notify you of changes in Fees by email, on the Website or in any other manner accepted by you at least 14 days in advance. If you do not agree with such amendments, you may terminate the Agreement by notice in writing to us.
- The amounts of Fees and the rewards for the Contributions are exclusive of value added tax (VAT) which will be added in accordance with applicable laws.
- You shall pay the Fees and the rewards for the Contributions in accordance with our invoices through a card payment or by a bank transfer to our bank account specified in the invoice.
- The Fees are non-cancellable and non-refundable.
- LEGAL, FINANCIAL, TAX AND SIMILAR MATTERS
- As KOOS is a software company, we are not professional advisers in legal, tax, financial or accounting matters. However, we would like to draw your attention to certain legal, regulatory, tax and similar matters that may be relevant in this context. For example:
- your request for business-related input or actions, and the offering and payment of rewards for Contributions, may be regulated by different laws and regulations, including tax laws, advertising laws, consumer protection laws, data protection laws (including GDPR), anti-money laundering and terrorist financing laws. You are responsible for ensuring compliance with all such laws and regulations and, should consult with professional lawyers and other competent advisors if necessary;
- you should also ensure that all your communication with us and the Contributors in relation to the terms and rewards for the Contributions is not ambiguous, deceptive, misleading, or otherwise objectionable;
- you acknowledge that the professional services we may provide you are provided in good faith and on a best efforts basis and it should not be deemed as an advice on legal, tax or financial matters.
- You acknowledge and agree that we are authorized to accept and conclude separate terms and agreements with the Contributors (“Terms of Use for Contributors”).
- You acknowledge and agree that we are able to provide the Issuer Services only with respect to such Contributors that identify themselves with us as set out in the Terms of Use for Contributorsand agree to the Terms of Use for Contributors.
- The Agreement, the Terms of Use for Contributorsand any other agreement do not jointly or separately constitute an agency, employment or other similar relationship. You, us and any Contributor are all independent parties acting within their own legal capacity and economic activity. We and you are not obliged to provide the Contributors employees’ benefits, compensations, disability insurance, social security or unemployment compensation coverage or any other statutory benefits.
- We are not a bank or other financial institution or have any partnerships with financial institutions. We do not offer funding or provide any financial products or services to any Issuers, Contributors or any third party.
- As KOOS is a software company, we are not professional advisers in legal, tax, financial or accounting matters. However, we would like to draw your attention to certain legal, regulatory, tax and similar matters that may be relevant in this context. For example:
- ADDITIONAL OBLIGATIONS
- You and us both must ensure that all information that we provide each other in connection with the Issuer Services, including information that you provide on your client account, is current, complete and accurate.
- You and us both must provide each other with all necessary cooperation in relation to this Agreement and all information and documents that may be required for the performance of this Agreement. You and us both must comply with requests and orders of public authorities and regulatory bodies relating to the use of the Issuer Services.
- You must ensure that all devices, software and hardware used in connection with your use of the Issuer Services are fit for using the Issuer Services.
- You must use all reasonable endeavours to prevent any unauthorised access to, or use of, the Issuer Services.
- We also request your compliance with the following restrictions and obligations that we consider customary for any software services agreement: you should not use the Issuer Services or the Platform in a way that (a) is unlawful, unethical, deceptive, misleading or in conflict with industry practices, or (b) is harmful, threatening, defamatory, infringing, harassing or discriminatory, or (c) may infringe the intellectual property rights or other rights of any third party; you should also not (i) use the Issuer Services or the Platform in any manner that could negatively affect other users from fully enjoying the Issuer Services or the Platform; (ii) attempt to circumvent any content filtering techniques or security measures that we employ for the Issuer Services or the Platform, or attempt to access any service or area of the Issuer Services or the Platform that you are not authorized to access; (iii) use any robot, spider, crawler, scraper, or other automated means or interface not provided by us, to access the Issuer Services or the Platform or to extract data; (iv) use or attempt to use another client’s account or Contributor’s account without authorization; (v) introduce any malware, virus or other harmful material into the Issuer Services or the Platform; (vi) use the Issuer Services or the Platform from a jurisdiction that we have determined to be a jurisdiction where the use of the Issuer Services or the Platform is prohibited; (vii) access any part of the Issuer Services or the Platform to build a product or service which competes with the Issuer Services or the Platform.
- When you communicate with the Contributors on the Platform, including sharing any updates or notices, you may only post content that you own, have created, or that you have clear permission to publish. You may not post false, inaccurate, misleading, unlawful, obscene, defamatory, or libellous content on the Platform. We have no obligation to pre-screen or endorse any of the content you post, but we have the right in our sole discretion to refuse, edit, move, or remove any of your content that is submitted on or through the Platform, without any prior notice.
- For the purpose of facilitating interaction among the communities of different Issuers on the Platform, we have the right to display the information related to you to the Contributors of other Issuers, and vice versa, the information related to other Issuers to your Contributors.
- As a precondition to providing (or continuing to provide) the Issuer Services, we may require that Contributors provide us certain information or documents or take other actions (e.g., to comply with anti-money laundering, terrorist financing prevention laws and regulations, and applicable financial sanctions) from time to time. We ask you to cooperate with us to procure that such information and/or documents are provided and other actions taken in a timely manner.
- You are obliged at any time to submit information (e.g. tax residency, place of business, address, contact details, origin of funds) and documents to us that could be required by us relating to money laundering and terrorist financing prevention (incl. resulting from the money laundering and terrorist financing prevention acts or the legal acts issued on its basis, international legal acts and the instructions of the authorities).
- INTELLECTUAL PROPERTY RIGHTS
- You acknowledge and agree that we and/or our licensors own all intellectual property rights in the Platform and the Issuer Services. Except as expressly stated herein, this Agreement does not grant you intellectual property rights or other rights in respect of the Platform and the Issuer Services.
- Except as may be allowed by mandatory provisions of applicable law, you shall not (i) attempt to copy, modify, duplicate, create derivative works from, frame, mirror, republish, download, display, transmit or distribute all or any portion of the Platform by any means or (ii) attempt to de-compile, reverse compile, disassemble, reverse engineer or otherwise reduce to human-perceivable form all or any part of the Platform.
- We confirm that we have all the rights in relation to the Issuer Services that are necessary to grant all the rights we purport to grant under this Agreement.
- You hereby warrant that the information, corporate visual images, or other works you upload while using Issuer Services do not infringe any rights of any third party, including the intellectual property rights of any third party. You hereby agree to fully indemnify and hold us harmless from and against all damage, liabilities to third parties and all losses incurred in connection with claims by third parties resulting from breach of third-party rights related to such information, corporate visual images or other works, including intellectual property rights.
- We acknowledge and agree that the corporate visual images or other works uploaded to the Platform are your intellectual property. You hereby grant us the non-exclusive, non-transferable (except to the extent necessary to perform the Issuer Services to you pursuant to Agreement), free of charge and worldwide right to display the corporate visual images or other works and information on the Platform generally, and to otherwise use the corporate visual images or other works and information for the provision of the Issuer Services to you during the term of the Agreement.
- DATA PROTECTION
- In order to provide you the Issuer Services, we act as the data processor and process certain personal data about Contributors. Therefore, you must ensure that there exists a legal ground for processing the personal data of Contributors listed in Appendix 1 of the Appendix A.
- You and us both must comply with all data protection legislation, including GDPR that applies to the data processed under this Agreement.
- Your and our roles and responsibilities regarding data processing in the context of this Agreement are set out in Appendix A.
- LIMITATION OF LIABILITY
- We are not liable to you, under the Agreement or otherwise, for any damages other than direct proprietary damages. This limitation does not apply in case the damage is caused intentionally.
- You are not liable to us under the Agreement for any damages other than direct proprietary damages, unless set out otherwise in the Agreement. This limitation does not apply in case the damage is caused intentionally.
- You agree to compensate us, our employees and directors, contractors and entities belonging to the same group with us, all damages, including fees and costs related to the settlement of claims, protecting our rights or participating in proceedings of every kind and nature whatsoever, that are caused by you or by any of your employees, directors, contractors or entities belonging to the same group with you and that arise out of, or are related to the Fees for the Contributions.
- We are liable for breach of this Agreement if we have committed such breach intentionally or as a result of gross negligence. The liability for other breaches is excluded.
- We are not liable for, and you may not rely on, any breach, event or circumstance that has been caused by or is attributable to any action or omission of, or other circumstance depending on any third person, including, without limitation any vulnerability, failure, unavailability, inaccessibility, delay, no-response, abnormal behaviour, change of terms, of software or any other features of the Platform that are provided or are dependent on any third person.
- Our aggregate liability under this Agreement shall be limited to the total amount of fees that you have paid during six months preceding the date on which the claim arose. This limitation does not apply in case the damage is caused intentionally.
- TERMINATION OF AGREEMENT; SUSPENSION OF SERVICES
- You may terminate this Agreement unilaterally (a) ordinarily by giving us at least 30 calendar days’ advance notice in writing, or (b) extraordinarily by notice in writing in case we commit a material breach of our obligations under this Agreement.
- We may terminate this Agreement unilaterally extraordinarily by notice in writing in case you commit a material breach of your obligations under this Agreement.
- We may suspend the provision of the Issuer Services and/or restrict your access to your account without prior notice if (a) you materially breach the Agreement or have not remedied any breach within a reasonable cure-period granted (b) we have a reasonable suspicion of your fraud or your inappropriate activity and/or (c) this is necessary to ensure the security of the Platform and/or other users of our services.
- We may terminate this Agreement unilaterally extraordinarily also in case any actions or omissions of any third party or other circumstances depending on any third party (including change in laws or regulations or actions by any public authority) materially impair our ability to provide the Issuer Services to you and such situation is not of temporary nature.
- Upon the termination of this Agreement for any reason, we may erase your data held with us, except in case we receive, within ten days after the effective date of termination, your written request to deliver the most recent back-up of such data to you. In such case, we use reasonable efforts to deliver the back-up to you in a mutually agreed form within 30 days of the receipt of such request, provided you take actions on your part to receive such data.
- LINKED SITES AND THIRD-PARTY CONTENT
- The Platform and the Issuer Services may include links to other websites or services or to third party content.
- We do not endorse any such linked sites or third-party content or the information, material, products, or services contained on or accessible through linked sites. Access and use of linked sites, including the information, material, products, and services on linked sites or available through linked sites is solely at your own risk.
- AMENDMENTS TO THE TERMS
- We may unilaterally amend these Terms in case (i) we improve, change, adapt or adjust any of the Issuer Services and/or the Platform, including adding or removing any features or elements of the Issuer Services and/or the Platform (ii) there is any change in our costs, expenses, risks and/or liabilities relating to the provision of the Issuer Services, including, without limitation, due to changes in laws and regulations and/or in the interpretation and application of the laws and regulations and/or (iii) there are other objective reasons of whatsoever nature. If we make any such amendments, we shall notify you by providing updated Terms by email, through the Platform or in any other manner accepted by you in the course of the use of the Issuer Services.
- We may also unilaterally amend these Terms on grounds not specified in Section 11.1. If we make any such amendments, we shall notify you in the same manner as provided in Section 11.1 at least 14 days in advance. If you do not agree with such amendments, you may terminate the Agreement by notice in writing to us.
- CONFIDENTIALITY
- The information about a party that the other party obtains in the course of preparation or performance of this Agreement which such party had not obtained without the entry into this Agreement shall be considered as confidential information. The party shall not disclose the other party’s confidential Information to any third party nor use such information for any purpose other than the performance of this Agreement, except (i) upon the prior consent of the other party or (ii) if the disclosure is required under applicable laws and regulations or (ii) the confidential Information is disclosed to the party’s banks, auditors or professional consultants and advisers who are bound by an obligation to hold such information confidential.
- However, a party may disclose the fact of entry into this Agreement and the name, trademark and logo of the other party in its press materials, on the Platform and their websites, and in other sales and marketing materials for the purposes of the promotion of its services.
- The obligations set forth in Section 12 of this Agreement shall survive the termination of the Agreement and shall apply, in respect of each item of Confidential Information, for a period of three years after the disclosure of the respective item of Confidential Information.
- FINAL PROVISIONS
- If any provision of this Agreement is invalid or unenforceable you and us shall make best efforts to replace such provision to achieve the effect closest to the original provision.
- This Agreement constitutes the entire agreement between you and us with respect to the subject matter hereof and supersedes all other prior declarations of intent, agreements and other communication between you and us with respect to the subject matter hereof (merger clause).
- This Agreement shall be governed by Estonian laws. Any dispute or claim arising out of this Agreement shall be subject to the jurisdiction of Harju County Court (Harju Maakohus) in Estonia as the court of first instance.
- Any notice or other communication to you under these Terms is deemed duly delivered if it is sent to your e-mail address registered with us. If you would like to change such email address, please notify us in accordance with Section 13.5.
- Unless otherwise specified in the Terms any notice or other communication under these Terms must be in a form reproducible in writing and, in case of notice to us, it must be sent to the e-mail address specified below:
Name: Programmable Equity OÜ Address Kristjani road 4, 74015 Viimsi vald, Estonia E-mail info@koos.io
APPENDIX – A
DATA PROCESSING AGREEMENT
This Data Processing Agreement (“DPA“) between you and us (the “Parties”) forms an integral part of the Terms/ the Agreement.
WHEREAS:
- You act as the Controller.
- You have entered an agreement with us to purchase from us certain Services. In the course of the provision of the Issuer Services, we need to process personal data for you.
- By this DPA, the Parties enter into a data processing agreement that complies with the requirements of the current legal framework in relation to data processing and with the Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation).
IT IS AGREED AS FOLLOWS:
- DEFINITIONS AND INTERPRETATION
- Unless otherwise defined herein, capitalized terms and expressions used in this DPA shall have the following meaning:
- “DPA” means this Data Processing Agreement and all Schedules;
- “Data Protection Laws” means EU Data Protection Laws and, to the extent applicable, the data protection or privacy laws of any other country;
- “Data Transfer” means:
- a transfer of Issuer Personal Data from you to us; or
- an onward transfer of Issuer Personal Data from us to a Subprocessor, or between two establishments of us;
- “EEA” means the European Economic Area;
- “EU Data Protection Laws” means EU Directive 95/46/EC, as transposed into domestic legislation of each Member State and as amended, replaced or superseded from time to time, including by the GDPR and laws implementing or supplementing the GDPR;
- “GDPR” means EU General Data Protection Regulation 2016/679;
- “Issuer Personal Data” means any Personal Data Processed by us on behalf of you pursuant to or in connection with the Agreement;
- “Services” means the Issuer Services provided by us to you;
- “Subprocessor” means any person appointed by or on behalf of us to process Issuer Personal Data on behalf of you in connection with the DPA.
- The terms, “Commission”, “Controller”, “Data Subject”, “Member State”, “Personal Data”, “Personal Data Breach”, “Processor”, “Processing” and “Supervisory Authority” shall have the same meaning as in the GDPR, and their cognate terms shall be construed accordingly.
- Unless otherwise defined herein, capitalized terms and expressions used in this DPA shall have the following meaning:
- PROCESSING OF ISSUER PERSONAL DATA
- We shall:
- comply with all applicable Data Protection Laws in the Processing of Issuer Personal Data; and
- not process Issuer Personal Data other than to perform the obligations and exercise rights arising under the Agreement or pursuant to your relevant documented instructions.
- If the applicable law prohibits us from performing certain data processing operations requested by you, we shall act under the applicable law and notify you about the reason of the non-performance.
- You hereby instruct us to process Issuer Personal Data. You instruct us to receive or collect and process the Issuer Personal Data items as listed in Appendix 1 to this DPA.
You may provide us additional instructions during the term of this DPA. Instructions shall be provided at least in a form that enables written reproduction (via email, for example). - You shall ensure that you have a valid legal ground for making the Issuer Personal Data under the Agreement and this DPA available to us for Processing. Where appropriate and required under the applicable law, you shall obtain valid consents from the involved data subjects or have other valid legal basis under the GDPR.
You shall also ensure and be responsible that you comply with all requirements applicable to the data controller under the GDPR and other applicable laws. This includes, but is not limited to, the requirement to provide data subjects transparent information concerning the Processing of their personal data, etc. - You shall inform us immediately of withdrawal of the consent for data Processing by any Contributor or termination of any other legal ground for Processing the Issuer Personal Data.
- We shall:
- OUR PERSONNEL
We shall take reasonable steps to ensure the reliability of any employee, agent or contractor of us who may have access to the Issuer Personal Data, ensuring in each case that access is strictly limited to those individuals who need to know / access the relevant Issuer Personal Data, as strictly necessary for the purposes of the Agreement, and to comply with Applicable Laws in the context of that individual’s duties to us, ensuring that all such individuals are subject to confidentiality undertakings or professional or statutory obligations of confidentiality. - SECURITY
- Taking into account the state of the art, the costs of implementation and the nature, scope, context and purposes of Processing as well as the risk of varying likelihood and severity for the rights and freedoms of natural persons, we shall in relation to the Issuer Personal Data implement appropriate technical and organizational measures to ensure a level of security appropriate to that risk, including, as appropriate, the measures referred to in Article 32(1) of the GDPR.
- We follow generally accepted industry standards to protect the information submitted to us, both during transmission and once we receive it. We maintain appropriate administrative, technical and physical safeguards to protect Personal Data against accidental or unlawful destruction, accidental loss, unauthorized alteration, unauthorized disclosure or access, misuse, and any other unlawful form of Processing of the Personal Data in our possession. This includes, for example, firewalls, password protection and other access and authentication controls. We use SSL technology to encrypt data during transmission through the public internet, and we also employ application-layer security features to further anonymize Personal Data. However, no method of transmission over the Internet, or method of electronic storage, is 100% secure. We cannot ensure or warrant the security of any information you transmit to us or store on the Service, and you do so at your own risk. We also cannot guarantee that such information may not be accessed, disclosed, altered, or destroyed by breach of any of our physical, technical, or managerial safeguards.
- If we learn of a security systems breach, we will inform you and the authorities of the occurrence of the breach in accordance with applicable law.
- We shall review the applicable security measures from time to time and you have a right to give us recommendations concerning the applicable security measures.
- SUBPROCESSING
- You hereby give us a general authorisation to engage Subprocessors. We shall ensure that the same data protection obligations as set out in this DPA and in the applicable law are imposed on each Subprocessor engaged by us by way of a contract concluded between us and the relevant Subprocessor. We shall remain fully liable to you for the performance of data processing related obligations by the Subprocessor.
- Please note that we may change or add Subprocessors from time to time. We do not have an obligation to notify you in advance if we want to change or add Subprocessors. You have the right to ask from us the list of current Subprocessors at any time and we shall provide you this information without undue delay, but in no longer than 30 days.
- DATA SUBJECT RIGHTS
- Taking into account the nature of the Processing and information available to us, we shall assist you in ensuring the compliance with the obligations pursuant to GDPR Articles 32 to 36.
- Considering clause 6.1., inter alia, we shall assist you by implementing appropriate technical and organisational measures, insofar as this is possible, for the fulfilment of your obligations, as reasonably understood by you, to respond to requests to exercise Data Subject rights under the Data Protection Laws.
- We shall:
- notify you if we receive a request from a Data Subject under any Data Protection Law in respect of Issuer Personal Data; and
- ensure that we do not respond to that request except pursuant to your documented instructions or as required by applicable laws to which we are subject, in which case we shall to the extent permitted by applicable laws inform you of that legal requirement before we respond to the request.
- PERSONAL DATA BREACH
- We shall notify you without undue delay if we become aware of a Personal Data Breach affecting Issuer Personal Data, providing you with sufficient information to allow you to meet any obligations to report or inform Data Subjects of the Personal Data Breach under the Data Protection Laws.
- We shall co-operate with you and take reasonable commercial steps as are directed by you to assist in the investigation, mitigation, and remediation of each such Personal Data Breach.
- DATA PROTECTION IMPACT ASSESSMENT AND PRIOR CONSULTATION
We shall provide reasonable assistance to you with any data protection impact assessments, and prior consultations with Supervising Authorities or other competent data privacy authorities, which you reasonably consider to be required by articles 35 or 36 of the GDPR or equivalent provisions of any other Data Protection Law, in each case solely in relation to Processing of Issuer Personal Data by, and taking into account the nature of the Processing and information available to us. - DELETION OR RETURN OF ISSUER PERSONAL DATA
We shall, no later than within 30 calendar days of the date of cessation of any Services involving the Processing of Issuer Personal Data, delete and procure the deletion of all copies of those Issuer Personal Data unless we have a valid legal basis for retaining data for a longer period (such as our legitimate interest or legal obligation, for example). - AUDIT RIGHTS
- Subject to this Section 10, we shall make available to you on request all information necessary to demonstrate compliance with this DPA, and shall allow for and contribute to audits, including inspections, by you or an auditor mandated by you in relation to the Processing of the Issuer Personal Data by us.
- Your information and audit rights only arise under Section 10.1 to the extent that the DPA does not otherwise give you information and audit rights meeting the relevant requirements of Data Protection Law. You shall notify us of the wish to perform the audit reasonably and not less than 30 days in advance. You or an auditor appointed by you shall carry out the audit during regular working hours and so that the audit interferes with our regular business activities as little as possible. All costs related to the audit shall be payable by you.
- DATA TRANSFER
We may not execute Data Transfer or authorize the Data Transfer to countries outside the EU and/or the European Economic Area (EEA) without your prior approval unless this is permitted under this clause. You allow us to transfer Issuer Personal Data outside the EEA, including involving Subprocessors located outside the EEA, if the transfer is made on the basis of the adequacy decision by the European Commission or we have adopted other appropriate safeguards as required by Chapter V of the GDPR (e.g., standard contractual clauses adopted by the European Commission). If we transfer Issuer Personal Data outside EEA, you may request from us information about the countries to which such data is transferred, and about the adopted safeguards. In the event that any of the implemented measures prove to be insufficient to meet the requirements arising from this applicable law (Chapter V of the GDPR in particular) for the transfer of Issuer Personal Data outside the EEA to be lawful, we will make reasonable efforts to implement a data transfer mechanism that meets the requirements of the applicable law (Chapter V of the GDPR in particular) or shall terminate such Data Transfer. - GOVERNING LAW AND JURISDICTION
- This DPA is governed by Estonian laws.
- Any dispute arising in connection with this DPA, which the Parties will not be able to resolve amicably, will be submitted to the exclusive jurisdiction of the courts of Harju County Court (Harju Maakohus) in Estonia.
Appendix 1 to DPA
Categories of Data Subjects and Types of Personal Data
Categories of Data Subjects | Types of Personal Data |
---|---|
Contributors defined by you | Contact details: e-mail address; phone number, first and last name. If the Contributor is a legal person, we may request information about the representatives of the legal person - first and last name, title of the representative, the date of birth or personal identification code, and identity document number and other document details. |
Contributors defined by you | Service data: data on rewards, number of rewards, value of rewards, information about the issuer of the rewards and other relevant information and statistics |
Contributors defined by you | Payment data: payment account details and payment amount (in the event of payment to data subject) |