3. Data Processing Agreement.
1. WIKIEXPERT TERMS
These Terms govern your access to, and use of, the Site and Services and Expert Content (as defined below) and constitute a binding legal agreement between you and Candide.
Please read carefully these Terms, which may be found at www.wikiexpert.com/terms/.If you do not agree to these Terms, you have no right to use the Services, Site or Expert Content.
In addition, in these Terms, unless the context requires otherwise, words in one gender include all genders and words in the singular include the plural and vice-versa.
In these Terms, the following words shall have the following meanings:
“Candide Content” means all Content that Candide makes available through the Site or Services, including any Content licensed from a third party, but excluding Expert Content.
“Candide-ID” means a unique identification name, chosen by each Expert upon registration.
“Collective Content” means Expert Content and Candide Content.
“Content” means text, graphics, images, music, software, audio, video, information or other materials.
“Expert” means a person or entity who completes Candide’s online account registration process on the Site in order to create a Profile.
“Expert Content” means all Content that an Expert posts, uploads, publishes, submits or transmits to be made available through the Site or Services via the Profile, including but not limited to comments, captions, watermarks, images and tags.
“Profile” means the profile of the Expert, created on the Site by the Expert.
“Tax” or “Taxes” mean any applicable sales taxes, value added taxes (VAT), goods and services taxes (GST) and other similar taxes, including but not limited to withholding, personal or corporate taxes.
“User” means any person who accesses a Profile or the Site.
“you” and “your” refer to the individual or entity that uses the Site or Services.
“we”,“us”,or “our” refer to Candide.
2. Services Description
Users may view Profiles as an unregistered visitor to the Site. However, if you wish to use the Services or post a Profile, you must register in order to create a Candide Account (as defined below).
Candide makes the Site and Services available to Experts solely to facilitate the creation of Profiles. Candide does not provide, and is not responsible for, Expert Content or any information or advice exchanged with Users under any circumstances. Candide does not verify the credentials of any of its Experts. Candide is not liable for any loss or damage related to any and all Profiles or information provided via the Services. All Experts and Users use the Site and Services at their own risk.
Experts are not employees or agents of Candide. They are independent service providers using the Site and Services to market their expertise to Users. Accordingly, Candide is not liable for any loss or damage caused by reliance on any information provided by Experts.
3. Provision of the Services
The Site and Services are provided for persons who are 18 years of age or older and may not be accessed or used by anyone under 18 years old. By accessing or using the Site or Services you represent and warrant that you are 18 years of age or older.
Candide shall provide the Site and Services in accordance with these Terms.
Candide reserves the right, at its sole discretion, to modify the Site, Services or the Terms (including the Service Fee, as defined below), at any time. All minor modifications shall be published on the Site and the new Terms shall be effective from the date of publication as shown in the date displayed at the top of the modified published Terms. Where material changes are made, Experts will be given 30 days prior notice of the changes via email. Experts agree to keep Candide notified at all times of their current email address.
By continuing to access or use the Site or Services after Candide have: (i) posted a modification on the Site; or (ii) provided Experts with 30 days’ notice; as applicable, you are deemed to have accepted the changes and shall be legally bound by the modified Terms.
If you do not agree to changes to the Terms, you must cease using the Site and Services.
5. Expert Account Registration
In order for Experts to access certain features of the Site and to create a Profile, Experts must register to create an account. Use of the Telebond Account shall be subject to the terms and conditions applicable.
6. Candide Account
Your Profile is based upon the personal data you provide to Candide. You may not have more than one (1) active Profile.
You agree to provide accurate, current and complete information during the registration process, to update such information, to keep it accurate, current and complete. Candide reserves the right to suspend or terminate your Candide Account and your access to the Site and Services if you create more than one (1) Candide Account or if any information provided during the registration process or thereafter proves to be inaccurate, not current or incomplete.
You are responsible for safeguarding your password. You agree that you will not disclose your password to any third party and that you will take sole responsibility for any activities or actions under your Candide Account, whether or not you have authorized such activities or actions. You will immediately notify Candide of any unauthorized use of your Candide Account.
Profiles are made publicly available to Users via the Site. A Profile may be created by you after registration.
You are solely responsible for any and all Profiles you post. Accordingly, you represent and warrant that any Profile you post: (i) will not breach any agreements you have entered into with any third parties; and (ii) will; (a) comply with all applicable laws, tax requirements, and rules and regulations that may apply to you and; (b) not conflict with the rights of third parties.
Candide cannot and does not control the Content contained in any Profiles or the information exchanged with Users. Candide has no liability whatsoever for the Content of Profiles, or for any User’s compliance with any applicable laws, rules and regulations.
Candide is not involved in the interactions between Experts and Users and does not refer or endorse or recommend particular Experts to Users. Candide does not edit, modify, filter, screen, monitor, endorse or guarantee Expert Content or the content of communications between Experts and Users. Candide is not party to any agreements entered into between Users and Experts.
Candide reserves the right, at any time and without prior notice, to remove or disable access to any Profile for any reason, including Profiles that Candide, in its sole discretion, considers to be: (i) objectionable for any reason; (ii) in breach of these Terms; or (iii) otherwise harmful to the Site or Services.
8. Fees, Invoicing and Payments Service Fees
Subject to any free trial period agreed with an Expert upon registration, Services are provided to Experts in consideration of Candide receiving a recurring subscription fee as further detailed and published at https://wikiexpert.com/price/ (“Service Fee”); special promotions and discounts might apply. In order to always guarantee access to WikiExpert, the Expert must have a valid payment method associated to its account, so that Candide can charge the monthly Service Fee. For valid payment methods Experts must check their setting on the profile page.
All prices exclusive of VAT, which shall be charged in addition as applicable from time to time.
Set-off and rights of retention of the Expert are excluded unless the claims are undisputed or have been finally established.
Candide provides a communication solution for an Expert and Users to connect and Services to be provided by Expert. If, for any reason the Services provided by the Expert don’t match the Services advertised or expected the Expert and User must agree if there should be a refund and the Expert should act in accordance with its terms. Candide is under no circumstance liable for any compensations or refunds that are directly related to any transaction between an Expert and a User.
All fees payable under these Terms are exclusive of any applicable taxes. You understand and agree that you are solely responsible for determining applicable tax reporting requirements in consultation with your tax advisors. Candide cannot and does not offer tax-related advice to any users of the Site and Services.
You undertake that all payment details provided for the purpose of using the Site and the Services will be correct and that there are sufficient funds or credit facilities to cover all fees payable under these Terms.
9. User Conduct
You are solely responsible for your use of the Site, Services and Content.
You agree not to:
- breach any law or regulation, or any order of a court, including, without limitation, zoning restrictions and tax regulations;
use the Site or Services for any commercial or other purposes that are not expressly permitted by these Terms;
- use the Site or Services to transmit, distribute, post or submit any information concerning any other person or entity, including without limitation, photographs of others without their permission, personal contact information or credit, debit, calling card or account numbers;
- use the Site or Services in connection with the distribution of unsolicited commercial email (“spam”) or advertisements unrelated to lodging in a private residence;
- use automated scripts to collect information or otherwise interact with the Site or Services;
- use the Site or Services related to transactions involving: (i) narcotics, steroids, certain controlled substances or other products that present a risk to consumer safety; (ii) drug paraphernalia; (iii) cigarettes; (iv) items that encourage, promote, facilitate or instruct others to engage in illegal activity; (v) stolen goods including digital and virtual goods; (vi) the promotion of hate, violence, racial intolerance or the financial exploitation of a crime; (vii) items that are considered obscene; (viii) items that infringe or violate any copyright, trademark, right of publicity or privacy or any other proprietary right under the laws of any jurisdiction; (ix) certain sexually oriented materials or services; (x) ammunition, firearms, or certain firearm parts or accessories; or (xi) certain weapons or knives regulated under applicable law;
- use the Site or Services related to transactions that: (i) show the personal data of third parties in breach of applicable law; (ii) support pyramid or ponzi schemes, matrix programs, other “get rich quick” schemes or certain multi-level marketing programs; (iii) are associated with purchases of annuities or lottery contracts, lay-away systems, off-shore banking or transactions to finance or refinance debts funded by a credit card; (iv) are for the sale of certain items before the seller has control or possession of the item; (v) are by payment processors to collect payments on behalf of merchants; (vi) are associated with the sale of traveller’s cheques or money orders; (vii) involve currency exchanges or cheque cashing businesses; (viii) involve certain credit repair, debt settlement services, credit transactions or insurance activities; or (ix) involve offering or receiving payments for the purpose of bribery or corruption;
- use the Site or Services involving the sales of products or services identified by government agencies to have a high likelihood of being fraudulent;
- use, display, mirror or frame the Site or any individual element within the Site, Services, Candide’s name, any Candide or any of its affiliate’s trademarks, logos or other proprietary information, or the layout and design of any page or form contained on a page, without Candide’s express written consent;
- copy, store or otherwise access any information contained on the Site, Services or Content for purposes not expressly permitted by these Terms;
- infringe the rights of any person or entity, including without limitation, their intellectual property, privacy, publicity or contractual rights;
- interfere with or damage the Site or Services, including, without limitation, through the use of viruses, cancel bots, Trojan horses, harmful code, flood pings, denial-of-service attacks, packet or IP spoofing, forged routing or electronic mail address information or similar methods or technology;
- “stalk” or harass any other user of the Site or Services;
- register for more than one Candide Account or register for a Candide Account on behalf of an individual other than yourself;
- systematically retrieve data or other content from the Site or Services to create or compile, directly or indirectly, in single or multiple downloads, a collection, compilation, database, directory or the like, whether by manual methods, through the use of bots, crawlers, or spiders, or otherwise;
- access, tamper with, or use non-public areas of the Site, Candide’s computer systems, or the technical delivery systems of Candide’s Users;
- attempt to probe, scan, or test the vulnerability of any Candide system or network or breach any security or authentication measures;
- avoid, bypass, remove, deactivate, impair, descramble, or otherwise circumvent any technological measure implemented by Candide or any of Candide’s Users or any other third party (including another user) to protect the Site, Services or Collective Content;
- forge any TCP/IP packet header or any part of the header information in any email or newsgroup posting, or in any way use the Site, Services or Collective Content to send altered, deceptive or false source-identifying information;
- attempt to decipher, decompile, disassemble or reverse engineer any of the software used to provide the Site, Services or Collective Content;
- recruit or otherwise solicit any User to join third party services or websites that compete with Candide, without Candide’s prior written approval;
- impersonate any person or entity, or falsify or otherwise misrepresent yourself or your affiliation with any person or entity;
- submit any Profile with a false or misleading information; post, upload, publish, submit or transmit any Content that: (i) infringes, misappropriates or violates a third party’s patent, copyright, trademark, trade secret, moral rights or other intellectual property rights, or rights of publicity or privacy; (ii) violates, or encourages any conduct that would violate, any applicable law or regulation or would give rise to civil liability; (iii) is fraudulent, false, misleading or deceptive; (iv) is defamatory, obscene, pornographic, vulgar or offensive; (v) promotes discrimination, bigotry, racism, hatred, harassment or harm against any individual or group; (vi) is violent or threatening or promotes violence or actions that are threatening to any other person; or (vii) promotes illegal or harmful activities or substances; or
- advocate, encourage, or assist any third party in doing any of the foregoing.
If you believe any User is acting or has acted inappropriately, including but not limited to, anyone who: (i) engages in offensive, violent or sexually inappropriate behaviour; (ii) you suspect of fraud; or (iii) engages in any other disturbing conduct, you should immediately report such person to the appropriate authorities and to Candide.
Candide will have the right to investigate and prosecute breaches of any of the above to the fullest extent permitted by applicable law. Candide may involve and cooperate with law enforcement authorities in prosecuting Users who breach these Terms.
You acknowledge that Candide has no obligation to monitor your access to or use of the Site, Services or Collective Content or to review or edit any Expert Content, but has the right to do so for the purpose of operating the Site and Services, to ensure your compliance with these Terms, or to comply with applicable law or the order or requirement of a court, administrative agency or other governmental body.
10. Ownership and Intellectual Property Rights
The Site, Services and Candide Content, including all associated intellectual property rights are the exclusive property of Candide and its licensors. You will not remove, alter or obscure any copyright, trademark, service mark or other proprietary rights notices incorporated in or accompanying the Site, Services, or Candide Content.
All trademarks, service marks, logos, trade names and any other proprietary designations of Candide or its affiliates used herein are trademarks or registered trademarks of Candide or its affiliates. Any other trademarks, service marks, logos, trade names and any other proprietary designations are the trademarks or registered trademarks of their respective parties.
All intellectual property rights and title to the Services, Site and Content (save to the extent incorporating any Expert Content or third party owned item) shall remain with the Candide and/or its licensors and no interest or ownership in the Services, Site and Content or otherwise is conveyed to you under these Terms. No right to modify, adapt, or translate the Services or create derivative works from the Services is granted to you. Nothing in these Terms shall be construed to mean, by inference or otherwise, that you have any right to obtain source code for the software comprised within the Services.
Disassembly, decompilation or reverse engineering and other source code derivation of the software comprised within the Services is prohibited. To the extent that you are granted the right by law to decompile such software in order to obtain information necessary to render the Services interoperable with other software (and upon written request by you identifying relevant details of the Services(s) with which interoperability is sought and the nature of the information needed), Candide will provide access to relevant source code or information. Candide has the right to impose reasonable conditions including but not limited to the imposition of a reasonable fee for providing such access and information.
11. License to use Candide Content, Services and Site
Subject to your compliance with the terms and conditions of these Terms, Candide grants you a limited, non-exclusive, non-transferable license, to: (i) access and view any Candide Content solely for your personal and non-commercial purposes; (ii) access and view any Expert Content to which you are permitted access, solely for your personal and non-commercial purposes; and (iii) use the Site and Services upon the terms and conditions of these Terms. You have no right to sublicense the license rights granted in this clause. Such licence shall permit you to make such copies of software or other information as are required for you to receive the Services. Where open source software is used as part of the Services, such software use by you will be subject to the terms of the open source licences.
You will not use, copy, adapt, modify, distribute, license, sell, transfer, publicly display, publicly perform, transmit, broadcast or otherwise exploit the Site, Services, or Collective Content, except as expressly permitted in these Terms. No licenses or rights are granted to you by implication or otherwise under any intellectual property rights owned or controlled by Candide or its licensors, except for the licenses and rights expressly granted in these Terms.
10. Expert Content
We may, in our sole discretion, permit Experts to post, upload, publish, submit or transmit Expert Content. By making available any Expert Content on or through the Site and Services, the Expert hereby grants to Candide a worldwide, irrevocable, perpetual, non-exclusive, transferable, royalty-free license, with the right to sublicense, to use, view, copy, adapt, modify, distribute, license, sell, transfer, publicly display, publicly perform, transmit, stream, broadcast, access, view, and otherwise exploit such Expert Content on, through, or by means of the Site and Services. Candide does not claim any ownership rights in any such Expert Content and nothing in these Terms will be deemed to restrict any rights that you may have to use and exploit any such Expert Content.
The Expert acknowledges and agrees that it is solely responsible for all Expert Content that it makes available through the Site and Services. Accordingly, the Expert represents and warrants that: (i) it either is the sole and exclusive owner of all Expert Content that it makes available through the Site and Services or that it has all rights, licenses, consents and releases that are necessary to grant to Candide the rights in such Expert Content, as contemplated under these Terms;
and (ii) neither the Expert Content nor your posting, uploading, publication, submission or transmittal of the Expert Content or Candide’s use of the Expert Content (or any portion thereof) on, through or by means of the Site and the Services will infringe, misappropriate or violate a third party’s patent, copyright, trademark, trade secret, moral rights or other proprietary or intellectual property rights, or rights of publicity or privacy, or result in the violation of any applicable law or regulation.
Expert Content will not, at any time, be deemed to reflect or represent or view or values.
We welcome and encourage you to provide feedback, comments and suggestions for improvements to the Site and Services (“Feedback”). You may submit Feedback by emailing us at firstname.lastname@example.org All Feedback will be the sole and exclusive property of Candide and you hereby irrevocably assign to Candide and agree to irrevocably assign to Candide all of your right, title, and interest in and to all Feedback, including without limitation all worldwide patent, copyright, trade secret, moral and other proprietary or intellectual property rights therein. At Candide’s request and expense, you will execute documents and take such further acts as Candide may reasonably request to assist Candide to acquire, perfect, and maintain its intellectual property rights and other legal protections for the Feedback.
11. Data Protection
Candide and the Expert each undertake to comply with our obligations under any relevant applicable data protection laws, principles and agreements.
To the extent that personal data is processed using the Site, Services or Collective Content, the Expert acknowledges that Candide is a data processor and the Expert is a data controller and each of shall comply with its respective statutory data protection obligations and the terms of the DPA.
If a third party alleges infringement of its data protection rights, Candide shall be entitled to take measures necessary to prevent the infringement of a third party’s rights from continuing.
Where Candide collects and processes personal data of Experts, as a data controller, when providing the Site, Services or Collective Content, such collection and processing shall be in accordance with the PrivacyPolicy.
The Site, Services and Collective Content are provided “as is” without any representation, endorsement or approval and without warranty of any kind, either express or implied other than that: (i) Candide has the right to license the Site, Services and Candide Content; and (ii) that by performing the Services Candide will not knowingly infringe the intellectual property rights of any third party.
Candide makes no warranty that the Site, Services, Collective Content (including, but not limited to the Profiles) will meet your requirements or be available on an uninterrupted, secure, or error-free basis. Candide makes no warranties regarding the quality of any Profiles, the Site, Services or Collective Content or the accuracy, timeliness, truthfulness, completeness or reliability of any Collective Content obtained through the Site or Services.
Candide does not conduct background checks on any Experts, but may conduct such background checks in its sole discretion. Candide does not attempt to confirm, and does not confirm, any Expert’s purported identity or credentials. You are responsible for determining the identity and suitability of others who you contact via the Site and Services. You are solely responsible for all of your communications and interactions with Users of the Site or Services and with other persons with whom you communicate or interact as a result of your use of the Site or Services.
Candide makes no representation or warranties as to the conduct of Users of the Site or Services or their compatibility with any current or future Users of the Site or Services. You agree to take reasonable precautions in all communications and interactions with Users of the Site or Services and with other persons with whom you communicate or interact as a result of your use of the Site or Services, including but not limited to Users who are Experts, regardless of whether such communications or interactions are organized by Candide.
By using the Site or Services, you agree that any legal remedy or liability that you seek to obtain for actions or omissions of Users or other third parties will be limited to a claim against the particular Users or other third parties who caused you harm and you agree not to attempt to impose liability on, or seek any legal remedy from Candide with respect to such acts or omissions.
The Site and Services may contain links to third party websites or resources. You acknowledge and agree that Candide is not responsible or liable for: (i) the availability or accuracy of such websites or resources; or (ii) the content, products, or services on or available from such websites or resources. Links to such websites or resources do not imply any endorsement by Candide of such websites or resources or the content, products, or services available from such websites or resources. You acknowledge sole responsibility for and assume all risk arising from your use of any such websites or resources or the Content, products or services on or available from such websites or resources.
If you accept or agree to these Terms on behalf of a company or other legal entity, you represent and warrant that you have the authority to bind that company or other legal entity to these Terms and, in such event, “you” and “your” will refer and apply to that company or other legal entity.
Except as expressly stated in these Terms, all warranties and conditions, whether express or implied by statute, common law or otherwise (including but not limited to satisfactory quality and fitness for purpose), are hereby excluded to the fullest extent permitted by law.
16. Limitation of Liability
Candide does not exclude or limit its liability to you for fraud, death or personal injury caused by any negligent act or omission or wilful misconduct of Candide in connection with the provision of the Services or Site.
In no event shall Candide be liable to you whether arising under these Terms or in tort (including negligence or breach of statutory duty), misrepresentation or otherwise, for any Consequential Loss. (“Consequential Loss”) shall for the purposes of these Terms mean: (i) pure economic loss; (ii) losses incurred by any client of yours or other third party; (iii) loss of profits (whether categorised as direct or indirect loss); (iv) losses arising from business interruption; (v) loss of business revenue, goodwill or anticipated savings; and (vi) losses whether or not occurring in the normal course of business, wasted management or staff time.
Subject to any applicable mandatory law to the contrary, the total liability of Candide in aggregate (whether in contract, tort or otherwise) under or in connection with these Terms and your use or access to the Site and Services (including any indemnity or contribution) shall not exceed one hundred (100) per cent of the total amount (excluding any Taxes) paid or payable to Candide by you, in the twelve (12) month period prior to the event(s) giving rise to the liability or claim.
In no event shall you raise any claim under these Terms more than one (1) year after the discovery of the circumstances giving rise to such claim.
The Expert agrees to indemnify and keep indemnified Candide, its affiliates, and subsidiaries, and their officers, directors, employees and agents, harmless from and against any claims, liabilities, damages, losses, costs and expenses, including, without limitation, reasonable legal and accounting fees made against Candide by any person
of or in any way connected with: (i) your access to or use of the Site, Services, or Collective Content in breach of these Terms; (ii) your Expert Content; and (iii) your interaction with any User, reliance on any information exchanged via the Site or Services, or creation of a Profile or /iv) breaches of your obligations under any applicable data protection law or regulation or the terms of the DPA.
18. Termination and Candide Account Deactivation
Candide may, at its discretion and without liability to you, with or without cause, with or without prior notice and at any time: (i) terminate these Terms or your access to the Site and Services; and (ii) deactivate or cancel your Candide Account or Profile. In the event Candide terminates these Terms, or your access to the Site and Services or deactivates or cancels your Candide Account or Profile you will remain liable for all amounts payable for use or access to the Site and Services under these Terms.
You may cancel your Candide Account or Profile at any time by contacting Candide by email or post as set out in clause 29 (Contacting Candide). Please note that if your Candide Account or Profile is cancelled, Candide shall at your request delete or return Content you have posted to the Site and Services, including, but not limited to, any reviews or Feedback in accordance with the terms of the DPA.
14. Additional Terms
Certain areas of the Site (and your access to or use of certain aspects of the Site, Services or Collective Content) may have additional terms and conditions which will apply to those areas of the Site, Services or Collective Content. You will be required to agree to and accept such additional terms and conditions by actively clicking your acceptance of such additional terms. If there is a conflict between these Terms and any such additional terms and conditions, the additional terms and conditions will prevail over the Terms with respect to your use of, or access to, that area of the Site, Services, or Collective Content.
You may not assign or transfer these Terms, without Candide’s prior written consent. Any attempt by you to assign or transfer these Terms, without such consent, will be null and void. Candide may assign or transfer these Terms, the provision and ownership of the Site and Services, at its sole discretion, without restriction. Subject to the foregoing, these Terms will bind and inure to the benefit of the parties, their successors and permitted assigns.
Unless otherwise specified in these Terms all notices or amendments to these Terms must be given in writing. In respect of Candide, writing shall include: (i) email (to the email address that you provide on registration or sign up); or (ii) by posting to the Site. For email notices, the date of receipt will be deemed the date on which such notice is sent.
17. Third Party Rights
Save for any associated company of Candide, a person who is not party to these Terms shall have no third party right by statute or otherwise to enforce any term hereunder and the provisions of the Contracts (Rights of Third Parties) Act 1999 are hereby expressly excluded.
18. Entire Agreement
These Terms constitute the whole agreement and understanding between Candide and you regarding the Site, Services, Collective Content and any Profiles created via the Site, and Services and these Terms supersede and replace any and all prior oral or written understandings or agreements between Candide and you regarding the subject matter thereof.
Should a provision of these Terms be invalid or become invalid then the legal effect of the other provisions shall be unaffected. A valid provision is deemed to have been agreed which comes closest to what the parties intended commercially and shall replace the invalid provision. The same shall apply to any omissions.
The failure of Candide to enforce any right or provision of these Terms will not constitute a waiver of future enforcement of that right or provision. The waiver of any such right or provision will be effective only if in writing and signed by a duly authorized representative of Candide.
20. Applicable Law and Jurisdiction
These Terms shall be governed by the laws of England and Wales. Subject to the parties following the dispute resolution procedure set out in clause 27 (Dispute Resolution), the courts of England shall have exclusive jurisdiction for the settlement of all disputes arising under these Terms.
21. Dispute Resolution
In the event of any dispute between the parties to these Terms the parties shall within 10 days of a written request from one party to the other, meet in a good faith effort to resolve the dispute without recourse to proceedings. If the dispute is not resolved as a result of such meeting, any party may (at such meeting or within 14 days from its conclusion) propose to the other in writing that structured negotiations be entered into with the assistance of a neutral advisor (“Neutral Adviser”). If the parties are unable to agree on the appointment of a Neutral Adviser or the Neutral Adviser is unable or unwilling to act, either party may within fourteen days from the date of the proposal to appoint a Neutral Advisor or within fourteen days of notice to any party that he or she is unable or unwilling to act, apply to CEDR to appoint a Neutral Adviser. The parties shall within 14 days of the appointment of the Neutral Adviser meet with him or her in order to agree a programme for the exchange of any relevant information and the structure to be adopted for the negotiations. If considered appropriate, the parties may at any stage seek assistance from CEDR to provide guidance on a suitable procedure. All negotiations connected with the dispute shall be conducted in confidence and without prejudice to the rights of the parties in any future proceedings. If the parties accept the Neutral Advisor's recommendations or otherwise reach agreement on the resolution of the disputes, such agreement shall be set down in writing and, when signed by their duly authorised representative, shall be binding on the parties. Failing agreement, either of the parties may invite the Neutral Adviser to provide a non-binding opinion in writing. Such opinion shall be provided on a without prejudice basis and shall not be used in evidence in any proceedings subsequently commenced pursuant to the terms of these Terms without the prior written consent of the parties.
22. Force Majeure
Neither party shall be responsible to the other in circumstances where some or all of the obligations (except for the obligation for the payment of any fees) under these Terms cannot be performed due to circumstances outside the reasonable control of the defaulting party including, without limitation, an Act of God, change in legislation, fire, explosion, flood, accident, strike, lockout or other industrial dispute, war, terrorist act, riot, civil commotion, failure of public power supplies, third party hacking, viruses, trojans, worms, logic bombs or other material attacking the Site or Services, a denial-of-service attack, a distributed or malicious denial-of service attack, failure of communication facilities, or unavailability of the Internet.
23. Contacting Candide
This Site and the Services are operated by Candide Base Limited of 78, York Street, London, United Kingdom, W1H 1DP ,VAT No. [GB] 188 4641 66. All queries about these Terms, should be sent to our Customer Care – Policy Issues Department at this address, or by email to: email@example.com
Candide is owned and operated by Candide Base Limited (hereinafter referred to as
“Candide”,“we” or “us”). Candide takes your privacy very seriously.
For the purpose of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016, (“GDPR”) or any subsequent amendment or replacement or supplementary legislation (together “Data Protection Law”), the data controller is Candide Base Limited, 78, York Street, London, United Kingdom, W1H 1DP.
Purpose of Data Collection
Our principal goals in collecting data are to:
- provide services, features and content on our Site and to administer your use of the Site;
- improve the Site and Services;
- enable Users to enjoy and easily navigate the Site.
Types of Data Collected
We may collect and process the following types of data about you.
Information you give us:
Personal Data: You may give us personal information about yourself when you register for and use the Services, access certain content or features within the Site or Services, directly contact the Site, subscribe for a newsletter, search for a product or service, place on order on the Site or within the Services or when you report a problem with the Site or Services.
The information you give us may include:
- your name, phone number, mobile phone number, email address and postal address;
- your username, password, and account setting preferences;
- your credit card number, billing address and other billing related information;
- Profile Image, chat messages and shared files;
- (collectively, “Personal Data”).
Information we collect about you:
Non-Identifying Data: When you visit our Site or use our Services, as a User or a non-registered Expert, (any of these, a “Candide User”), we may automatically collect non-identifying data. This information may include:
Log data: This is information that your browser sends whenever you visit a website (“Log Data”). This Log Data may include information such as your computer’s Internet Protocol (“IP”) address, browser type or the webpage you were visiting before you came to our Site, pages of our Site that you visit, the time spent on those pages, information you search for on our Site, access times and dates, and other statistics. We use this information to monitor and analyse use of the Site and the Services and for the Site’s technical administration, to increase our Site’s functionality and user-friendliness, and to better tailor our Site to our visitors’ needs. We do not treat Log Data as Personal Data or use it in association with other Personal Data, although we may aggregate, analyse and evaluate such Log Data for the same purposes stated above regarding other Non-Identifying Data including the Internet protocol (IP) address used to connect your computer to the Internet, your login information, browser type and version, time zone setting, browser plug-in types and versions, operating system and platform;
Information from other online accounts to which you have given us permission to collect data from within your settings or the privacy policies of these other online services. For example, this can be via social media or by choosing to send us your location data when accessing our Site from your smartphone; or it can be from the integrations and connections that you choose to install when using the Services.
(collectively, “Non-Identifying Data”).
Information we receive from other sources.
We also use information collected from other sources:
We may access information about you from third-party sources and platforms. You can register to use the Services by logging onto online accounts you may already have with third party service providers (“TPSP”) e.g. Google, Facebook, Twitter or LinkedIn each, a (“Third Party Account”),via our Site as described below. As part of the functionality of the Site or Service, you may link your Candide Account with Third Party Accounts, by either:
- providing your Third Party Account login information to us through the Site or Service; or
- allowing us to access your Third Party Account, as permitted under the applicable terms and conditions that govern your use of each Third Party Account.
In doing so, you represent that you are permitted under the terms and conditions of the applicable TPSP:
- to disclose your Third Party Account login information to us: and
without you breaching the terms and conditions of the applicable TPSP and without obligation us to pay any fees or making us subject to any usage limitations imposed by the applicable TPSP.
If you register by logging into a Third Party Account via our Site, we will access the data you have provided to the applicable TPSP (such as your actual name, email address, profile picture, names of TPSP friends, names of TPSP groups to which you belong, other information you make publicly available via the applicable TPSP and/or other information you authorize us to access by authorizing the TPSP to provide such information) from your Third Party Accounts and we shall use that data to create your Candide Account and Profile. Depending on the Third Party
Accounts you choose and subject to the privacy settings that you have set in such Third Party Accounts, you understand that by granting us access to the Third Party Accounts, we will access, make
available and store (if applicable and as permitted by the TPSP and authorized by you) the data in your Third Party Accounts so that it is available on and through your Candide Account on the Site and Service. If there is data about your “friends” or people with whom you are associated in your Third Party Account, the data we obtain about those “friends” or people with whom you are associated, may also depend on the privacy settings such people have with the applicable TPSP.
We may receive information about you if you use any of the other websites we operate or the other services we provide. In this case we will have informed you when we collected that data that it may be shared internally and combined with data collected on this Site.
We are also working closely with third parties (including, for example, business partners, sub-contractors in technical, payment and delivery services, advertising networks, analytics providers, search information providers, credit reference agencies) and may receive information about you from them.
We use the following cookies on our Site or within our Services:
Google Analytics - Tracking cookies
Anonymous Analytics - Analytics cookies
We use analytics cookies to tell us whether you have visited the Site previously, and to gather statistics about visits to a page.
Geotargeting - Location cookies
These cookies are used by software which tries to work out what country you are in from information supplied by your browser when it requests a web page. This cookie is completely anonymous and is only used to help target content.
Registration - Signin cookies
When you sign in, we generate cookies that let us know whether you are signed in or not. Our servers use these cookies to work out which account you are signed in with.
Site Performance - Preference cookies
We use site performance cookies to remember preferences you may have set on our Sites.
You can set up your browser options, to stop your computer accepting cookies or to prompt you before accepting a cookie from the websites you visit. If you do not accept cookies, however, you may not be able to use the whole of the Site or all functionality of the Service.
To find out more about cookies, including how to see what cookies have been set and how to manage and delete them, visit www.aboutcookies.org or www.allaboutcookies.org. To opt out of being tracked by Google Analytics across all websites visit http://tools.google.com/dlpage/gaoptout.
Our Site may contain electronic images known as web beacons (sometimes called single-pixel gifs). Web beacons are used along with cookies to compile aggregated statistics to analyse how our Site is used and may also be used in some of our emails to let us know which emails and links have been opened by recipients. This allows us to gauge the effectiveness of our Candide User communications and marketing campaigns.
Use of Your Information
Information you give to us:
Mobile Communications: With your consent, we may use your mobile phone number to send you information, notifications and updates regarding the Site or Service.
Profile Information: We use information we collect at registration in the creation of your Profile. Your Profile will include, among other things, your first and last name, your profile picture and your location. You can select the other items of Personal Data that you wish to be included in your Profile –(“Profile Information”). We will display your Profile Information in your Profile publicly via the Site and, with your prior permission, on third party sites. Any information you choose to provide as part of your Profile Information will be publicly visible to all Users via your Profile and consequently should reflect how much you want other Users to know about you. We recommend that you protect your anonymity and sensitive data and we encourage you to exercise caution regarding the information disclosed in your Profile. You can review and edit your Profile Information at any time.
Profiles: If you create a Profile, we may publish, use, share or otherwise disclose the content of that Profile publicly via the Site and may enable third parties to publish the Profile on their websites.
Candide Marketing: We may also use your information to provide you with Candide (and its subsidiaries) newsletters, marketing or promotional materials and other information that may be of interest to you. We will only contact you by electronic means (e-mail or SMS) with information about goods and services similar to those which were the subject of a previous sale or negotiations of a sale to you. We permit selected third parties to use your data, we (or they) will contact you by electronic means only if you have consented
to this by ticking the relevant box situated on the form on which we collected your data. You may opt out of these marketing related notifications at any time by accessing the “Manage Notifications” section of your Candide Account. Please note that we may also use your Personal Data to contact you with information related to your use of the Service; you may not opt out of these notifications.
Request Fulfilment: We may use information that we collect to fulfil your requests for products, services and information. For example, we may use your information to respond to your customer service requests.
Data Analysis: In order to learn more about how our Site and Services are used, we aggregate and analyse the information we collect. We may use information, for example, to monitor and analyse use of the Site and Services, to improve functionality and to better tailor our content and design to suit our visitors’ needs.
Testimonials: We post testimonials on the Site. With your consent, we may post your testimonial on the Site along with your name. To have your testimonial removed, please contact us at firstname.lastname@example.org
Aggregated Data: We may use your information and aggregate it with data collected from other Experts to attempt to provide you with a better experience, to improve the quality and value of the Site and Services and to analyse and understand how our Site and Services are used. We may also use the combined information without aggregating it to serve you specifically, for instance to deliver a product to you according to your preferences or restrictions.
To Perform Contracts: We may use your information to carry out our obligations arising from any contract entered into between you and us.
Information we collect from you:
Administration Purposes: We may use your information to administer our Site and Services, for internal operations, including troubleshooting, data analysis, testing, research, statistical and survey purposes.
Usability: We may use your information to ensure that content from our Site and Services is presented in the most effective manner for you and for your computer, to allow you to participate in interactive features of our Services, when you choose to do so.
Services Information: We may use your information to inform you about scheduled Services downtimes and new features or to make suggestions and recommendations to you and other users of our Site or Services about our goods or services that may interest you or them.
Analysis: We may use your information to measure or understand the effectiveness of advertising we serve to you and others, and to deliver relevant advertising to you.
Third Party Access to your Data
Information we share with third parties:
Analysis: We may share aggregated information that does not include Personal Data and we may otherwise disclose Non-Identifying Data and Log Data to third parties for industry analysis, demographic profiling, payment processing, customer service and other purposes. Any aggregated information we share will not contain your Personal Data.
Services Delivery: We may employ third party companies and individuals to perform Site-related services, including maintenance services, database management, web analytics, data processing and email and text message
distribution. These third parties will have access to your information only for the purpose of performing these tasks on our behalf.
Companies within our group of companies: We will make your information (including Personal Data) available to all companies within our group of companies in order to provide the Site and Services to Users. Where any group companies are located outside of the EEA, we will ensure that such companies are subject to EU Model clauses in relation to access to and use of your Personal Data.
Third Party Services: To customize your experience on the Site and to simplify our registration process, we provide you with the opportunity to access or interact with TPSPs, such as Google, Facebook, Twitter and LinkedIn. When you connect to the Site through these TPSPs, we may share your information with these TPSPs and they may share Personal Data about you with us. When you allow us to access your information through a Third Party Account to create a Site account, we may use this information for several purposes, including:
relationships automatically within our system. For example, if you connect to us via a service with a public friend list, like Twitter, we may check to see if any people you follow on Twitter are also Site Users. If we find a match, we will replicate your Twitter relationship with those Site Users, setting them to be fans, followers, or friends on our Site.
Populating a list of potential friends to whom you can send service-specific messages. For example, we may use friend lists from a TPSP to create a list of contacts to whom you may choose to share your Profile.
To enhance and personalize your experience on the Site, when you are connected via a TPSP, we may access certain information, such as your profile picture, in order to enhance and personalize your experience on the Site.
Please remember that we do not control the privacy practices of these TPSPs. We encourage you to read the privacy policies of all TPSP websites.
Information we disclose to third parties:
We may disclose your personal data to third parties:
Due Diligence: We may disclose your information in the event that we sell or buy any business or assets, in which case we may disclose your personal data to the prospective seller or buyer of such business or assets.
Compliance with Laws: We may share your information to respond to subpoenas, search warrants, judicial proceedings, court orders, legal process, or other law enforcement measures, to establish or exercise our legal rights, or to defend against legal claims.
Security and Storage
To protect your privacy and your information, Candide uses multiple security procedures and practices to protect
from unauthorized access, destruction, use, modification and disclosure of information of Candide Users.
When you enter information on our Site, we encrypt that information using secure socket layer technology (SSL). SSL creates a secured connection between our web servers and your browser, which protects against unauthorized access to transmitted data and supports data being sent only to intended recipients.
Your information is password protected and our main servers are locked and hosted by a leading provider of Internet access to enterprises with mission-critical Internet application requirements. Access to the hosed environment is secure.
Identity theft and the practice currently known as “phishing” are of great concern to us. Safeguarding information to help protect you from identity theft is a top priority. We do not and will not, at any time, ask you to provide any credit card information, your Candide ID, login password, or national identification numbers in a non-secure or unsolicited email or telephone communication.
We follow generally accepted industry standards to protect information submitted to us, both during transmission and once we receive it. However, no method of transmission over the Internet, or method of electronic storage, is 100% secure. Therefore, we cannot guarantee its absolute security. If you have any questions about security on our Site, you can contact us at email@example.com
Note that we will make any legally required disclosures of any breach of security, confidentiality, or integrity of your unencrypted electronically stored “Personal Data” (as defined in applicable laws on security breach notification) to you via email or conspicuous posting on the Site as quickly as possible and without unreasonable delay, insofar as this is consistent with:
- the legitimate needs of law enforcement; or
- any measures necessary to determine the scope of the breach and restore the reasonable integrity of the data system.
We, our group companies, affiliates, and third party partners to whom we disclose your information may perform activities outside of the EEA and potentially we may collect, transfer, store, and process your information (including Personal Data) in countries outside of the EEA. As a result, your information may be subject to the laws of those countries or other jurisdictions. These laws may not be equivalent to the privacy and data protection laws in your jurisdiction. Personal Data may be disclosed in response to valid demands or requests from government authorities, courts, or law enforcement in these countries. By using the Site or providing us with your information, you consent to the potential collection, transfer, storage, and processing of your information outside of the EEA.
You have the right under Data Protection Law, free of charge, to request:
- Access to your Personal Data.
- Rectification or deletion of your Personal Data.
- A restriction on the processing of your Personal Data.
- Object to the processing of your Personal Data.
- A transfer of your Personal Data (data portability).
- Directly edit your Profile; or
- Deactivate your Candide Account by contacting us or selecting the “Cancel Account” feature of the Service
Please note that, if you cancel your Candide Account, any of your user content on the Site will remain publicly viewable via the Site.
Where we process your Personal Data for marketing purposes, we will inform you and obtain your opt in consent (before collecting your Personal Data) if: (i) we intend to use your Personal Data for such purposes, unless we are informing you about similar goods and services of Candide or its affiliates, or (ii) we intend to disclose your information to any third party for marketing purposes. If you change your mind about being contacted in the future, please opt out by clicking the “unsubscribe” link at the bottom of any email. Once you do this, you will no longer receive any marketing emails from us. We will continue to communicate with you regarding your service billing and support via email.
We send push notifications from time to time in order to update you about any Services or Site updates, events and promotions we may be running. If you no longer wish to receive these communications, please disable these in the settings on your device.
We retain Personal Data for as long as necessary for the relevant activity for which it was provided or collected. This will be for as long as we provide access to the Site or Services to you, your account with us remains open or any period set out in any relevant contract you have with us. In particular we delete the following data as follows:
- Log data - 1 month;
- Backups data - 2 months;
- Emails - 45 days.
However, we may keep some data after your account is closed or you cease using the Site of Services for the purposes set out below.
We will retain de-personalised information after your account has been closed.
Please note: After you have closed your account or deleted information from your account, any information you have shared with others will remain visible. We do not control data that other users may have copied from the Site or Services.
Age of Users
This Site and the Services are not intended for and shall not be used by anyone under the 18 years of age.
Changes to This Policy
Addressing Your Concerns
If you have questions or suggestions or wish to contact our Privacy Officer, please contact us:
By email: firstname.lastname@example.org
3. DATA PROCESSING AGREEMENT
Any capitalised term not defined in this DPA shall have the meaning given to it in the Agreement.
“Affiliates” means any entity that directly or indirectly controls, is controlled by, or is under common control of a party. “Control,” for purposes of this definition, means direct or indirect ownership or control of more than 50% of the voting interests of a party;
“Agreement” means the agreement between the Expert and Candide for the provision of the Services;
“Controller” means the Expert;
“Data Protection Law” means the GDPR and/or any subsequent amendment or replacement or supplementary legislation;
“Data Subject” shall have the same meaning as in Data Protection Law;
“DPA” means this data processing agreement together with Exhibit A and the Security Policy;
“GDPR” means Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016;
“Personal Data” shall have the same meaning as in Data Protection Law; “Processor” means Candide;
“Security Policy” means Candide’s security document as updated from time to time, and accessible via www.wikiexpert.com or otherwise made reasonably available by Candide;
“Standard Contractual Clauses” means the EU model clauses for personal data transfer from controllers to processors c2010-593 - Decision 2010/87EU;
“Sub-Processor” means any person or entity engaged by Candide or its Affiliate to process Personal Data in the provision of the Services to Experts.
2.1. The Processor has agreed to provide the Services to the Controller in accordance with the terms of the Agreement. In providing the Services, the Processor shall process Expert Content on behalf of the Controller. Expert Content may include Personal Data. The Processor will process and protect such Personal Data in accordance with the terms of this DPA.
3.1. In providing the Services to the Controller pursuant to the terms of the Agreement, the Processor shall process Personal Data only to the extent necessary to provide the Solution and Services in accordance with both the terms of the Agreement and the Controller’s instructions documented in the Agreement and this DPA.
4. Processor Obligations
1.1. The Processor may collect, process or use Personal Data only within the scope of this DPA.
1.2. The Processor confirms that it shall process Personal Data on behalf of the Controller and shall take steps to ensure that any natural person acting under the authority of the Processor who has access to Personal Data shall only process the Personal Data on the documented instructions of the Controller.
1.3. The Processor shall promptly inform the Controller, if in the Processor’s opinion, any of the instructions regarding the processing of Personal Data provided by the Controller, breach any Data Protection Law.
1.4. The Processor shall ensure that all employees, agents, officers and contractors involved in the handling of Personal Data: (i) are aware of the confidential nature of the Personal Data and are contractually bound to keep the Personal Data confidential; (ii) have received appropriate training on their responsibilities as a data processor; and (iii) are bound by the terms of this DPA.
1.5. The Processor shall implement appropriate technical and organisational procedures to protect Personal Data, taking into account the state of the art, the costs of implementation and the nature, scope, context and purposes of processing as well as the risk of varying likelihood and severity for the rights and freedoms of natural persons.
1.6. The Processor shall implement appropriate technical and organisational measures to ensure a level of security appropriate to the risk, including inter alia as appropriate: (i) the pseudonymisation and encryption of Personal Data; (ii) the ability to ensure the ongoing confidentiality, integrity, availability and resilience of processing systems and services; (iii) the ability to restore the availability and access to Personal Data in a timely manner in the event of a physical or technical incident; (iv) a process for regularly testing, assessing and evaluating the effectiveness of technical and organisational measures for ensuring the security of the processing. In accessing the appropriate level of security, account shall be taken in particular of the risks that are presented by processing, in particular from accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to Personal Data transmitted, stored or
1.7. The technical and organisational measures detailed in the Security Policy shall be at all times adhered to as a minimum security standard. The Controller accepts and agrees that the technical and organisational measures are subject to development and review and that the Processor may use alternative suitable measures to those detailed in the attachments to this DPA.
1.8. The Controller acknowledges and agrees that, in the course of providing the Solution and Services to the Controller, it may be necessary for the Processor to access the Personal Data to respond to any technical problems or Controller queries and to ensure the proper working of the Services. All such access by the Processor will be limited to those purposes.
1.9. Where Personal Data relating to an EU Data Subject is transferred outside of the EEA it shall be processed in accordance with the provisions of the Standard Contractual Clauses, unless the processing takes place: (i) in a third country or territory recognised by the EU Commission to have an adequate level of protection; or (ii) by an organisation located in a country which has other legally recognised appropriate safeguards in place, such as the EU-US Privacy Shield or Binding Corporate Rules.
1.10. Taking into account the nature of the processing and the information available to the Processor, the Processor shall assist the Controller by having in place appropriate technical and organisational measures, insofar as this is possible, for the fulfilment of the Controller's obligation to respond to requests for exercising the Data Subject's rights and the Controller’s compliance with the Controller’s data protection obligations in respect of the processing of Personal Data.
5. Controller Obligations
5.1. The Controller represents and warrants that it shall comply with the terms of the Agreement, this DPA and Data Protection Law.
5.2. The Controller represents and warrants that it has obtained any and all necessary permissions
and authorisations necessary to permit the Processor, its Affiliates and Sub-Processors, to execute their rights or perform their obligations under this DPA.
The Controller is responsible for compliance with all Data Protection Law, including requirements with regards to the transfer of Personal Data under this DPA and the Agreement.
All Affiliates of the Controller who use the Services shall comply with the obligations of the Controller set out in this DPA.
The Controller shall implement appropriate technical and organisational procedures to protect Personal Data, taking into account the state of the art, the costs of implementation and the nature, scope, context and purposes of processing as well as the risk of varying likelihood and severity for the rights and freedoms of natural persons. The Controller shall implement appropriate technical and organisational measures to ensure a level of security appropriate to the risk, including inter alia as appropriate.
The Controller shall take steps to ensure that any natural person acting under the authority of the Controller who has access to Personal Data only processes the Personal Data on the documented instructions of the Controller.
The Controller may require correction, deletion, blocking and/or making available the Personal Data during or after termination of the Agreement. The Processor will process the request to the extent it is lawful and will reasonably fulfil such request in accordance with its standard operational procedures to the extent possible.
5.7. The Controller acknowledges and agrees that some instructions from the Controller, including destruction or return of data, assisting with audits, inspections or DPIAs by the Processor, may result in additional fees. In such case, the Processor will notify the Controller of its fees for providing such assistance in advance, unless otherwise agreed.
6.1. The Controller acknowledges and agrees that: (i) Affiliates of the Processor may be used as Sub-processors; and (ii) the Processor and its Affiliates respectively may engage Sub-processors
in connection with the provision of the Services.
6.2. All Sub-processors who process Personal Data in the provision of the Services to the Controller shall comply with the obligations of the Processor set out in this DPA.
6.3. Where Sub-processors are located outside of the EEA, the Processor confirms that such Sub-processors: (i) are located in a third country or territory recognised by the EU Commission to have an adequate level of protection; or (ii) have entered into Standard Contractual Clauses with the Processor; or (iii) have other legally recognised appropriate safeguards in place, such as the EU-US Privacy Shield or Binding Corporate Rules.
6.4. The Processor shall make available to the Controller the current list of Sub-processors which shall include the identities of Sub-processors and their country of location. During the term of this DPA, the Processor shall provide the Controller with prior notification, via email, of any changes to the list of Sub-processor(s) who may process Personal Data before authorising any new or replacement Sub-processor(s) to process Personal Data in connection with the provision of the Services.
6.5. The Controller may object to the use of a new or replacement Sub-processor, by notifying the Processor promptly in writing within ten (10) Business Days after receipt of the Processor’s notice. If the Controller objects to a new or replacement Sub-processor, the Controller may terminate the Agreement with respect to those Services which cannot be provided by the Processor without the use of the new or replacement Sub-processor. The Processor will refund the Controller any prepaid fees covering the remainder of the term of the Agreement following the effective date of termination with respect to such terminated Services.
7.1. The limitations on liability set out in the Agreement apply to all claims made pursuant to any breach of the terms of this DPA.
7.2. The parties agree that the Processor shall be liable for any breaches of this DPA caused by the acts and omissions or negligence of its Sub-processors to the same extent the Processor would be liable if performing the services of each Sub-processor directly under the terms of the DPA, subject to any limitations on liability set out in the terms of the Agreement.
7.3. The parties agree that the Controller shall be liable for any breaches of this DPA caused by the acts and omissions or negligence of its Affiliates as if such acts, omissions or negligence had been committed by the Controller itself.
1.7. The Controller shall not be entitled to recover more than once in respect of the same claim.
2.1. The Processor shall make available to the Controller all information reasonably necessary to demonstrate compliance with its processing obligations and allow for and contribute to audits and inspections.
2.2. Any audit conducted under this DPA shall consist of examination of the most recent reports, certificates and/or extracts prepared by an independent auditor bound by confidentiality provisions similar to those set out in the Agreement. In the event that provision of the same is not deemed sufficient in the reasonable opinion of the Controller, the Controller may conduct a more extensive audit which will be: (i) at the Controller’s expense; (ii) limited in scope to matters specific to the Controller and agreed in advance; (iii) carried out during UK business hours and upon reasonable notice which shall be not less than 4 weeks unless an identifiable material issue has arisen; and (iv) conducted in a way which does not interfere with the Processor’s day-to-day business.
2.3. This clause shall not modify or limit the rights of audit of the Controller, instead it is intended to clarify the procedures in respect of any audit undertaken pursuant thereto.
3. Data Breach
1.1. The Processor shall notify the Controller without undue delay after becoming aware of (and in any event within 72 hours of discovering) any accidental or unlawful destruction, loss, alteration or unauthorised disclosure or access to any Personal Data (“Data Breach”).
1.2. The Processor will take all commercially reasonable measures to secure the Personal Data, to limit the effects of any Data Breach, and to assist the Controller in meeting the Controller’s obligations under applicable law.
2. Compliance, Cooperation and Response
2.1. In the event that the Processor receives a request from a Data Subject in relation to Personal Data, the Processor will refer the Data Subject to the Controller unless otherwise prohibited by law. The Controller shall reimburse the Processor for all costs incurred resulting from providing reasonable assistance in dealing with a Data Subject request. In the event that the Processor is legally required to respond to the Data Subject, the Controller will fully cooperate with the Processor as applicable.
2.2. The Processor will notify the Controller promptly of any request or complaint regarding the processing of Personal Data, which adversely impacts the Controller, unless such notification is not permitted under applicable law or a relevant court order.
2.3. The Processor may make copies of and/or retain Personal Data in compliance with any legal or regulatory requirement including, but not limited to, retention requirements.
2.4. The Processor shall reasonably assist the Controller in meeting its obligation to carry out data protection impact assessments (DPIAs), taking into account the nature of processing and the information available to the Processor.
2.5. The parties acknowledge that it is the duty of the Controller to notify the Processor within a reasonable time, of any changes to applicable data protection laws, codes or regulations which may affect the contractual duties of the Processor. The Processor shall respond within a reasonable timeframe in respect of any changes that need to be made to the terms of this DPA or to the technical and organisational measures to maintain compliance. If the parties agree that amendments are required, but the Processor is unable to accommodate the necessary changes, the Controller may terminate the part or parts of the Services which give rise to the non-compliance. To the extent that other parts of the Services provided are not affected by such changes, the provision of those Services shall remain unaffected.
2.6. The Controller and the Processor and, where applicable, their representatives, shall cooperate, on request, with a supervisory data protection authority in the performance of their respective obligations under this DPA.
11. Term and Termination
11.1. The Processor will only process Personal Data for the term of the DPA. The term of this DPA shall coincide with the commencement of the Agreement and this DPA shall terminate automatically together with termination or expiry of the Agreement.
11.2. The Processor shall at the choice of the Controller, upon receipt of a written request (including email) received within 30 days the end of the provision of the Services relating to processing, delete or return Personal Data to the Controller within 30 days of receiving such
request. The Processor shall in any event delete all copies of Personal Data in its systems within 45 days of the effective date of termination of the Agreement unless: (i) applicable law or regulations require storage of the Personal Data after termination; or (ii) partial Personal Data of the User is stored in backups, then such Personal Data shall be deleted from backups up 2 months after the effective date of termination of the Agreement.
12.1. This DPA sets out the entire understanding of the parties with regards to the subject matter herein.
12.2. Should a provision of this DPA be invalid or become invalid then the legal effect of the other provisions shall be unaffected. A valid provision is deemed to have been agreed which comes closest to what the parties intended commercially and shall replace the invalid provision. The same shall apply to any omissions.
12.3. This DPA shall be governed by the laws of England and Wales. The courts of England shall have exclusive jurisdiction for the settlement of all disputes arising under this DPA.
12.4. The parties agree that this DPA is incorporated into and governed by the terms of the Agreement.
Overview of data processing activities to be performed by the Processor
The Controller transfers Personal Data identified in sections 3, 4 and 5 below, as it relates to the processing operations identified in section 6 below.
The Controller is the User.
The Processor received data identified in sections 3, 4 and 5 below, as it relates to the processing operations identified in section 6 below.
The Processor is Candide.
3. Data Subjects
The Personal Data transferred includes but is not limited to the following categories of Data Subjects:
Employees, freelancers and contractors of the Controller and other users added by the Controller from time to time.
Contacts and friends of the Controller contained in any Third Party Services.
Users, Affiliates and other participants from time to time to whom the Controller has granted the right to access the Site and Services in accordance with the terms of the Agreement.
Customers of the Controller and individuals with whom those end users communicate with by email and/or instant messaging.
Service providers of the Controller.
Other individuals to the extent identifiable in the content of emails or their attachments or in archiving content.
4. Categories of Data
The Personal Data transferred includes but is not limited to the following categories of data:
- Personal details, names, usernames, phone numbers, passwords, email and postal addresses of Users.
- Personal Data derived from the Users use of the Site and Services
- Profile information of Users from Third Party Accounts such as name, email address, profile picture, names of friends names of groups you are members of and other information made publicly available via the Third Party Account.
- Personal Data within email and messaging content which identifies or may reasonably be used to identify, data subjects.
- Metadata including sent, to, from, date, time, subject, which may include Personal Data. Financial data provided to use the Services such as credit card number, billing address and other billing related information
- Survey, feedback and assessment messages.
- Information offered by users as part of support enquiries.
5. Processing operations
The Personal Data transferred will be subject to the following basic processing activities:
- Personal Data will be processed to the extent necessary to provide the Solution and Services in accordance with both the Agreement and the Controller’s instructions. The Processor processes Personal Data only on behalf of the Controller.
- Processing operations include but are not limited to: enabling Users to connect with each other to exchange information, to create Profiles in order to offer information and advice to other Users using the Site, the Services or social media. These operations relate to all aspects of Personal Data processed.
- Technical support, issue diagnosis and error correction to ensure the efficient and proper running of the systems and to identify, analyse and resolve technical issues both generally in the provision of the Solution and Services and specifically in answer to a Controller query. This operation may relate to all aspects of Personal Data processed but will be limited to metadata where possible.
- Virus, anti-spam and Malware checking in accordance with the Solution and Services provided. This operation relates to all aspects of Personal Data processed.
- URL scanning for the purposes of the provision of targeted threat protection and similar service which may be provided under the Agreement. This operation relates to attachments and links in emails and will relates to any Personal Data within those attachments or links which could include all categories of Personal Data.
Technical and Organisational Security Measures
Upon the Controller’s written request (no more than once in any 12 month period), the Processor shall provide within a reasonable time, a copy of the most recently completed certification and/or attestation reports (to the extent that to do so does not prejudice the overall security of the Solution and Services). Any audit report submitted to the Controller shall be treated as Confidential Information and subject to the confidentiality provisions of the Agreement between the parties.
The following descriptions provide an overview of the technical and organisational security measures implemented. It should be noted however that, in some circumstances, in order to protect the integrity of the security measures and in the context of data security, detailed descriptions may not be available, however additional information regarding technical and organisational measures may be found in the Security Policy. It’s acknowledged and agreed that the Security Policy and the technical and organisational measures described therein will be updated and amended from time to time, at the sole discretion of the Processor. Notwithstanding the foregoing, the technical and organisational measures will not fall short of those measures described in the Security Policy in any material, detrimental way.
1. Entrance Control
Technical or organisational measures regarding access control, especially regarding legitimation of authorised persons:
The aim of the entrance control is to prevent unauthorised people from physically accessing such data processing equipment which processes or uses Personal Data.
Due to their respective security requirements, business premises and facilities are subdivided into different security zones with different access authorisations. They are monitored by security personnel. Access for employees is only possible with an encoded ID with a photo on it. All other persons have access only after having registered before (e.g. at the main entrance).
Access to special security areas for remote maintenance is additionally protected by a separate access area. The constructional and substantive security standards comply with the security requirements for data centres.
2. System Access Control
Technical and organisational measures regarding the user ID and authentication:
The aim of the system access control is to prevent unauthorised use of data processing systems, are used for the processing of User Content.
Remote access to the data processing systems is only possible through the Processor’s secure VPN tunnel. If the users first authenticate to the secure VPN tunnel, after successful authentication authorisation is executed by providing a unique username and password to a centralised directory service. All access attempts, successful and unsuccessful are logged and monitored.
Additional technical protections are in place using firewalls and proxy servers and state of the art encryption technology that is applied where appropriate to meet the protective purpose based on risk.
3. Data Access Control
Technical and organisational measures regarding the on-demand structure of the authorisation concept, data access rights and monitoring and recording of the same:
Measures regarding data access control are targeted on the basis that only such data can be accessed for which an access authorisation exists and that data cannot be read, copied, changed or deleted in an unauthorised manner during the processing and after the saving of such data.
Access to data necessary for the performance of the particular task is ensured within the systems and applications by a corresponding role and authorisation concept. In accordance to the “least privilege” and "need-to-know" principles, each role has only those rights which are necessary for the fulfilment of the task to be performed by the individual person.
To maintain data access control, state of the art encryption technology is applied to the Personal Data itself where deemed appropriate to protect sensitive data based on risk.
4. Transmission Control
Technical and organisational measures regarding the transport, transfer, transmission, storage and subsequent review of Personal Data on data media (manually or electronically).
Transmission control is implemented so that Personal Data cannot be read, copied, changed or deleted without authorisation, during transfer or while stored on data media, and so that it can be monitored and determined as to which recipients a transfer of Personal Data is intended.
The measures necessary to ensure data security during transport, transfer and transmission of Personal Data as well as any other company or User Content are detailed in the Security Policy. This standard includes a description of the protection required during the processing of data, from the creation of such data to deletion, including the protection of such data in accordance with the data classification level.
For the purpose of transfer control, an encryption technology is used (e.g. remote access to the company network via two factor VPN tunnel and full disk encryption). The suitability of an encryption technology is measured against the protective purpose.
The transfer of Personal Data to a third party (e.g. customers, sub-contractors, service providers) is only made if a corresponding contract exists, and only for the specific purposes. If Personal Data is transferred to companies located outside the EEA, the Processor provides that an adequate level of data protection exists at the target location or organisation in accordance with the European Union's data protection requirements, e.g. by employing contracts based on the Standard Contractual Clauses.
5. Data Entry Control
Technical and organisational measures regarding recording and monitoring of the circumstances of data entry to enable retroactive review.
System inputs are recorded in the form of log files therefore it is possible to review retroactively whether and by whom Personal Data was entered, altered or deleted.
6. Data Processing Control
Technical and organisational measures to differentiate between the competences of principal and contractor:
The aim of the data processing control is to provide that Personal Data is processed by a commissioned data processor in accordance with the Instructions of the principal.
Details regarding data processing control are set forth in the Agreement and DPA.
7. Availability Control
Technical and organisational measures regarding data backup (physical/logical):
Data is stored in triplicate across 2 data centres, with 2 separate cross connections. The data centres can be switched in the event of flooding, earthquake, fire or other physical destruction or power outage protect Personal Data against accidental destruction and loss.
If Personal Data is no longer required for the purposes for which it was processed, it is deleted promptly. It should be noted that with each deletion, the Personal Data is only locked in the first instance and is then deleted for good with a certain delay. This is done in order to prevent accidental deletions or possible intentional damage.
8. Separation Control
Technical and organisational measures regarding purposes of collection and separated processing:
Personal Data used for internal purposes only e.g. as part of the respective customer relationship, may be transferred to a third party such as a subcontractor, solely under consideration of contractual arrangements and appropriate data protection regulatory requirements.
Employees are instructed to collect, process and use Personal Data only within the framework and for the purposes of their duties (e.g. service provision). At a technical level, multi-client capability includes separation of functions as well as appropriate separation of testing and production systems.
User Content is stored in a way that logically separates it from other User data.
The Controller is assigned a unique encryption key, generated using a FIPS 140-2 compliant crypto library, which is used to encrypt and decrypt all of the Controller’s archived data. In addition to the unique encryption keys, all data being written to the storage grid includes the Controller’s unique account code. The Processor’s systems that write data to the storage grid retrieve he encryption key from one system and the customer code from another, which serves as a cross check against two independent systems. The Controller’s encryption key is further encrypted with a Processor key stored within a centralised and restricted key management system. In order for the Processor to access User Content via the master key, the key management system provisions individual keys following a strict process of approval that includes multiple levels of executive authorisation. Use of these master encryption keys is limited to senior production engineers and all access is logged, monitored, and configured for alerting by security via a centralised Security Incident and Event Management (“SIEM”) system. The Controller’s archived data is encrypted at rest using AES256 bit encryption and data in transit is protected by Transport Layer Security (“TLS”).