A. This ZOLOZ Real ID Addendum to the Alibaba Cloud International Website Product Terms of Service (the “Addendum”) is an Additional Agreement as defined in the Alibaba Cloud International Website Product Terms of Service (the “Product Terms”) and is entered into by and between the applicable Alibaba Cloud contracting entity in accordance with the Product Terms (“Company”) and you (or “Customer”). This Addendum governs the download, installation, access to and/or use of Solution by Customer. This document also incorporates the applicable Solution Specific Terms or Service Level Agreement that apply to the specific Solution that Customer has purchased.
B. Customer agrees to be bound by this Addendum through Customer’s download, installation, access to and/or use of any Solution, and/or Customer’s express agreement to the same.
C. Company reserves the right to alter, modify, add to or otherwise vary this Addendum by notice in writing to Customer at any time. Customer shall be bound by this Addendum so amended, and such other terms as may be incorporated by reference. In any event, if Customer continues to download, install, access and/or use Solution after such notice, Customer shall be deemed to have accepted the amendment.
D. The rights and protections conferred on Company under this Addendum and the terms incorporated herein, shall be in addition to the rights and protections conferred on Company under any other contracts that Company has been conferred rights and protections as a third-party beneficiary.
1. Definitions
“Affiliate” means in relation to a party any person directly or indirectly Controlling, Controlled by, or under common Control with that party. For the purposes of this definition, "Control", "Controlling", and "Controlled" mean having the right to elect a majority of the board of directors or other comparable body responsible for management and direction of a person by contract, by virtue of share ownership or otherwise.
“API” means any application programming interface provided by Company to Customer from time to time for accessing Solution.
“Authorised Personnel” means an employee, agent, contractor, consultant, supplier or other personnel, who is authorised by Customer to use Solution for facilitating the provision of Customer Services.
“Business Day” means a day other than a Saturday, Sunday or public holiday in the Territory, People’s Republic of China, or Singapore.
“Change Request Note” has the meaning given to it in clause 10(b) of this Addendum.
“Company Developed Material” means any material solely developed by Company or its Affiliates or its Licensors, including any software, systems, data, processes, test plans, test results and know-how used in connection with Solution. For the avoidance of doubt, any modification, feedback or ideas (in any form whatsoever) provided by Customer or its Affiliates related to Company Developed Material (including all IP Rights in Solution) shall be considered as part and parcel of Company Developed Material.
“Company IP” means all IP Rights subsisting in Solution (including Updates, if any), the Foreground IP, the Documentation (and any portion reproduced or incorporated in the User Reference Materials), Company’s trademarks, Company’s Pre-Existing Material, Company Developed Material, and Company Systems.
“Company Systems” means the software, hardware, systems and network infrastructure used by Company and its Affiliates in their respective businesses.
“Confidential Information” means all information (whether oral, written or in another form) disclosed by the Disclosing Entity to the Receiving Entity, directly or indirectly, that is:
a. by its nature or by the circumstances of the disclosure, or could reasonably be expected to be, regarded as confidential;
b. marked as or instructed to be confidential at the time of disclosure to the Receiving Entity, or if disclosed in oral form, is identified as confidential at the time of disclosure to the Receiving Entity; or
c. proprietary (whether owned by the Disclosing Entity or a third party to whom the Disclosing Entity owes a non-disclosure obligation),
including, to the extent that it is confidential:
a. the fact and content of the negotiations between the Parties in relation to the Addendum;
b. Personal Data of End Users;
c. information comprised in or relating to any of the Disclosing Entity’s IP Rights; and
d. any information agreed between the Parties in writing to be ‘Confidential Information’,
but does not include information which:
a. the Disclosing Entity specifies in writing is not confidential;
b. has been duly received by the Receiving Entity from a third party which, to the knowledge of the Receiving Entity, is not subject to a confidentiality obligation to the Disclosing Entity;
c. is or becomes part of the public domain (other than through breach of either the Addendum); or
d. was independently developed by the Receiving Entity, without reliance on any Confidential Information of the Disclosing Entity.
“Content Provider” means a third-party content provider who supplies Content Provider Information to Company.
“Content Provider Information” means information supplied by Content Provider to Company for integration of such information into Solutions to distribute and display such information to Customer.
“Customer” means the individual or legal entity that has been approved by Company to purchase Company’s Solution for download, installation, access to and/or use.
“Customer Data” means any and all data entered or stored in, generated by or Processed by Customer in connection with Solution, including all Derived Data, De-Identified Data, and Data relating to End Users, Affiliates and Transactions.
“Customer Portal” means the secure portal hosted by Company through which Customer may activate Solution and where data, images and transactions processed by Company as part of Solution would be made available to Customer.
“Customer Service” means each product or service developed, distributed or provided by Customer (as applicable) that uses or relies on Solution.
“Customer Systems” means the software, hardware, systems and network infrastructure used by Customer to provide Customer Services, and otherwise used in its respective businesses, which for the avoidance of doubt excludes the Company Systems.
“Data” means all data which is stored, Processed or created, by or on behalf of an entity in the course of the performance of obligations under this Addendum, or otherwise under or in connection with this Addendum.
“De-Identified Data” means data derived from End User Personal Data to the extent that the personally identifiable information has been removed or detached, and as a result is no longer considered Personal Data under Relevant Privacy Laws.
“Derived Data” means data, in electronic or any other format, that is transformed, translated, modified, or otherwise derived from original information or data by a Party or its Affiliates. For purposes of clarity, Derived Data may be derived by transforming, translating or modifying Data, but such transformation, translation, or modification shall not affect the rights or obligations of the Parties with respect to any of the original Data.
“Disclosing Entity” means the entity disclosing Confidential Information, and includes that entity’s Representatives and Affiliates.
“Documentation” means documentation provided to Customer, which describes the functions and use of Solution.
“End User” means either a natural person permitted by Customer to use the Customer Services.
“End User Terms” has the meaning given to it in clause 5 of this Addendum.
“Force Majeure Event” in relation to an entity, means an act of nature, force or cause beyond an entity’s, its Affiliates’ or Representatives’ reasonable control, including: (i) a fire, flood, elements of nature or other acts of God; (ii) pandemic or epidemic; (iii) an outbreak of escalation of hostilities, war, riots or civil disorders, or an act of terrorism; (iv) internet failures, computer, telecommunications, electrical power failures or any other equipment failures; (v) a labour dispute (whether or not employees’ demands are reasonable or within the entity’s power to satisfy); (vi) acts or omissions of a Government Agency prohibiting or impeding the affected entity (or its Affiliates or Representatives) from performing its obligations under this Addendum or the Solution Specific Terms, including orders of domestic or foreign courts or tribunals, governmental restrictions, sanctions, or change in Relevant Law; and (vii) the non-performance by a third party for any similar cause beyond the reasonable control of the entity.
“Foreground IP” means all IP Rights developed, created, arising from, conceived or invented by or on behalf of the parties (including any modifications, customizations or enhancements that may be created by third parties, such as independent software vendors) during or after the Usage Term.
“Government Agency” means any government, semi-governmental, statutory, administrative, or judicial or quasi-judicial body having jurisdiction in connection with the activities contemplated by this Addendum, and includes anybody having regulatory or supervisory authority over any part of the business or affairs of Customer, Company or its Affiliates.
“IP Rights” means any of the following rights in any jurisdiction anywhere in the world: (a) all patents and patent disclosures, utility model, design patents and rights in inventions; (b) trademarks, service marks, logos, tradenames, trade dress and domain names, together with all goodwill associated therewith; (c) copyrights, copyrightable rights, moral rights and database rights; (d) rights in know-how, confidential information, trade secrets, and proprietary rights and processes; and (e) all other intellectual property rights or forms of protection, subsisting now or in the future, having equivalent or similar effect to the rights referred to in any of the foregoing items (a) to (d), subject matter of any of the foregoing, tangible embodiments of any of the foregoing, in each case, whether unregistered or registered (including all applications, rights to apply and rights to claim priority), including all divisionals, continuations, continuations-in-part, reissues, extensions, re-examinations, renewals and extensions thereof, as applicable.
“Loss” means all claims, judgments, awards, damages, losses, liabilities or costs of any kind and however arising, including legal costs (on a full indemnity basis), penalties, fines and interest.
“Military End Use” / “Military End User” has the meaning given to it in clause 3(v) of this Addendum.
“Person” includes any natural person, individual, firm, company, partnership, joint venture, an unincorporated body or association, trust, corporation or other body corporate and any Government Agency (whether or not having a separate legal personality).
“Personal Data” means: (a) information, whether true or not, about an individual who can be identified from that piece of data or from other data to which the data recipient has or is likely to have access; or; (b) considered to be personal data, personal information, personally identifiable information or equivalent under Relevant Privacy Laws.
“Pre-Existing Material” means any material or know-how that is developed or owned by a Party (or its licensor or Affiliate as the case may be) before the date that this Addendum is entered into.
“Process” (including its correlative meanings, “Processing” and “Processed”) means: (a) the receipt, access, acquisition, collection, compilation, use, modification, storage, processing, safeguarding, security, disposal, destruction, disclosure, or transfer of Data; or (b) such other activities that may be considered to be processing of Data under Relevant Laws.
“Prohibited Activities” means activities that may disrupt international peace and security, including: (a) the design, development, production, handling, operation, maintenance, storage, detection, identification, dissemination or use of weapons of mass destruction, including nuclear, chemical or biological weapons; (b) the development, production, maintenance or storage of missiles which are capable of delivering any such weapon; (c) the transportation of any such or similar weapons; or (d) the involvement in any military activities.
“Receiving Entity” means the entity receiving the Confidential Information, including its Representatives and Affiliates.
“Relevant Data Consents” means consents or permissions given by End Users in relation to the Processing of their Personal Data.
“Relevant Laws” means any applicable law, statute, rule, regulation, directive, treaty, judgement, order, guidelines, decree, interpretation, permit, injunction of any Government Agency, whether or not of the Territory, and in each case, as amended from time to time.
“Relevant Privacy Laws” means Relevant Laws relating to privacy and data protection, including those relating to the Processing of Data and other information.
“Representative” of a Person means an officer, director, employee, agent, auditor, adviser, consultant, joint venturer, contractor or sub-contractor of the Person or of an Affiliate of that Person, or any other Person solely when acting at the direction of or on behalf of that Person in connection with the performance of that Person’s obligations under this Addendum and/or use of the Solution.
“Rules” has the meaning given to it in clause 18 of this Addendum.
“Sanctioned Person” has the meaning given to it in clause 3(u) of this Addendum.
“SDK” means any software code provided by Company to Customer from time to time, for incorporation by Customer into any Customer Systems to enable the relevant devices to call, invoke, redirect to, communicate with, or otherwise access Solution.
“Security Incident” means any actual or suspected: (a) loss or misuse of Personal Data by any means; (b) unauthorised or unlawful Processing, sale, or rental of Personal Data, including under Relevant Laws and Relevant Data Consents; or (c) other act or omission that compromises the privacy, security or confidentiality of Personal Data.
“SIAC” has the meaning given to it in clause 18 of this Addendum.
“Solution” means the ZOLOZ Real ID product/service purchased by Customer from the Company.
“Solution Specific Terms” or “Service Level Agreement” means the terms and conditions between Company and Customer, governing Customer’s download, installation, access to and/or use of the relevant Solution, as updated by notice in writing from Company to Customer from time to time.
“Technological Change” means any development that customises, enhances, or changes existing functionality of Solution, including the creation of any new application programme interfaces, alternative user interfaces or extension to existing data structure.
“Territory” means the territory within which, Company has approved, for Customer to purchase from Company and thereafter, download, install, access to and/or use of any of the Solution.
“Transferred Personal Data” has the meaning given to it in clause 17 of this Addendum.
“Updates” means modifications to Solution provided by Company from time to time.
“Usage Term” means the period commencing on delivery of Solution to Customer and continuing until expiration or termination of Customer’s entitlement to use Solution, pursuant to the Addendum.
“User Reference Materials” means the user guides and materials for the Customer Services.
2. Solution Specific Terms/Service Level Agreement
(a) In consideration for Customer’s payment of the fees and subject to the terms and conditions set forth in the applicable Solution Specific Terms and Service Level Agreement, Company hereby authorizes Customer during the Usage Term and within the Territory specified, on a non-exclusive, revocable, non-transferable, non-sublicensable basis, to access and use (i) the applicable modules as made available to Customer through Solution, (ii) the APIs, SDKs (if applicable) and the Documentation relevant to the receipt of Solution and (iii) the Customer Portal (if applicable), solely for the purpose of Customer providing the Customer Services in the Territory to its End Users.
(b) Customer hereby authorizes Company during the Usage Term and within the Territory specified, on a worldwide, revocable, non-exclusive, sub-licensable through multiple tiers, royalty- and fee-free basis, to use, and to allow its Affiliates and Representatives to use Customer IP Rights solely for purpose of and in connection with Customer’s use of Solution in the Territory.
(c) Customer agrees to use Solution and provide the Customer Services in accordance with: (i) the applicable Solution Specific Terms and Service Level Agreement (as may be updated by Company from time to time) that governs Customer’s use of the relevant Solution (the terms of which shall be between Customer and Company); (b) this Addendum; (c) the applicable Documentation, and (d) any other terms or requirements, documentation, policies or guidelines as may be required and notified by Company to Customer from time to time.
(d) Depending on Solution purchased by Customer, Company may release Updates to Solution from time to time. Such Updates shall form part of Solution and be subject to this Addendum. Customer further acknowledges and agrees that Company shall have the right to add, suspend, substitute, replace, remove or discontinue any component, feature or function of Solution through such Updates for any reason or no reason without any liability towards Customer and/or any End Users.
(e) Customer acknowledges and agrees that Company shall have the right to Process any Customer Data that it has access to (including transfer of any such Customer Data to third parties for Processing) for the purposes of this Addendum and development and maintenance of Solution.
(f) Customer shall obtain all relevant Regulatory Approvals or third-party consents and determine any restrictions applicable to its use of Solution or provision of Customer Services under the Relevant Laws.
(g) Service Standards for Incident Response
Company acknowledges and agrees that the ability of Customer to provide the Customer Services to End Users is dependent upon the connectivity and availability of Solution, APIs and SDKs. Company shall provide the following commitments upon the occurrence of any Incident which affects the availability or provision of Solution:
Incident Severity Level | Description | Target Response Time |
P0 | Severe Incident: Customer cannot use critical job functions in production environment Customer’s entire End User base is impacted Workaround required immediately or Solution is unavailable | Four (4) hours |
P1 | Major Incident: Functionality of Solution impacted A portion of Customer’s End User base is impacted Workaround required | Eight (8) hours on the Business Day |
P2 | Incident has affected or will affect Customer’s productivity: Workaround exists, but incident needs to be fixed Solution can be used and accessed, but with a level of degradation that is acceptable for Customer in the short-term | Twenty-four (24) hours on the Business Days |
P3 | No or minimal impact on Customer: Incident does not affect Solution | Five (5) Business Days |
Premium Support Services
In addition to the above, in consideration of the payment of fees for Premium Support Services by Customer, Company agrees to provide the following Premium Support Services:
(i) Premium Target Response Time
Incident Severity Level | Description | Target Response Time |
P0 | Severe Incident: Customer cannot use critical job functions in production environment Customer’s entire End User base is impacted Workaround required immediately or Solution is unavailable | One (1) hours |
P1 | Major Incident: Functionality of Solution impacted A portion of Customer’s End User base is impacted Workaround required | Two (2) hours |
P2 | Incident has affected or will affect Customer’s productivity: Workaround exists, but incident needs to be fixed Solution can be used and accessed, but with a level of degradation that is acceptable for Customer in the short-term | Four (4) hours on the Business Days |
P3 | No or minimal impact on Customer: Incident does not affect Solution | Eight (8) hours on the Business Days |
(ii) In-Depth Technical Support
Company in-depth technical support reachable via exclusive Dingtalk group for in-depth troubleshooting and complex issues resolution.
(iii) Dedicated Account Manager
A customer success manager (CSM) will be assigned in Premium Support Service. The CSM will act as a focal point for communication or escalation, and work with Customer periodically to collect feedback.
(iv) Incident Management
Incident’s status will be reviewed by the assigned CSM and ensure each Incident will be attended to a timely manner.
(v) Regular Meeting (Quarterly Business Review)
Every quarter, the assigned CSM will organize review meeting with Customer to review services quality, analyze outstanding issues and discuss capacity planning.
(vi) Premium Service Report
Every quarter, the assigned CSM will work with Customer to summarize organization’s usage patterns, support experience and service performance. A service report will be generated by CSM that includes Incident history, important incident analysis, cloud consumption analysis, and recommendation.
(vii) Health Check
Every quarter, the assigned CSM will work with Customer to perform health check based on the following data. The data scope might change as Company will, from time to time, update product and the measurement metrics.
Data Type | Data Breakdown | |
Service Delivery | 1 Usage Metrics | Total user initialization count |
Total user submit count (finish the flow) | ||
Average user submit success rate | ||
Total user successfully passed verification | ||
Average success rate | ||
2 Result Distribution | Total user submit count (finish the flow) | |
Total user successfully passed verification | ||
Total user pending of verification | ||
Total user failed passed verification | ||
Average success rate | ||
Average pending rate | ||
Average failure rate | ||
3 DOC OCR Performance Funnel | Total Initialized | |
Doc sessions started | ||
Doc Image Received (ID Successful Rate) | ||
Doc Image Spoof Check Pending | ||
Doc Image Received Count / Doc sessions started | ||
Doc Spoof Check Pending Cases / Doc Image OCR Processed Count | ||
4 DOC Pending Distribution | Spoof – Tamper | |
Spoof – Screen Recapture | ||
Spoof – Security Feature | ||
Spoof – Material | ||
Spoof – Tamper Rate | ||
Spoof – Screen Recapture Rate | ||
Spoof – Security Feature Rate | ||
Spoof – Material Rate | ||
5 Face Check Performance Funnel | Start Count (Doc Recognized) | |
Face Image Received | ||
Face Image Pass of Liveness Check (Liveness check successful rate) | ||
Face Image Failure of similarity | ||
Face Image Received Count / Start Count | ||
Face Liveness Check Passed Count / Face Image Received Count | ||
Failure Count of Face Similarity / Face Liveness Check Passed Count |
For the purposes of this clause 2(g) “Service Standards for Incident Response”, an "Incident" means a failure of Solution to materially conform to its Documentation, but does not include a failure caused by:
(i) Customer’s failure to use Solution in accordance with the applicable Documentation or the Agreement;
(ii) a modification of Solution without Company's consent;
(iii) a defect, error or malfunction in any item of hardware or software not supplied by Company or its Affiliates pursuant to the Agreement;
(iv) a defect, error or malfunction in any telecommunications carrier service;
(v) API requests processed per second by all the Customer Services exceeding five (5);
(vi) a fault or failure of Customer System or network; or
(vii) any other problem, event or delay that is outside the reasonable control of Company (including, without limitation, a Force Majeure Event, an event that is attributable to a third-party data centre that is not hosted by Company).
3. Customer Requirements - Customers must:
(a) in using any Solution offered by Company, comply with the applicable Solution Specific Terms and Service Level Agreement (as may be updated by Company from time to time) that governs use of that relevant Solution (the terms of which shall be between Customer and Company). Customer shall also comply with Documentation, security procedures, technical standards, system and data security requirements, policies and rules, as notified by Company from time to time;
(b) at Company's request, provide Company with information about its security procedures and other measures sufficient to demonstrate to Company the adequacy of those procedures and measures;
(c) ensure that only Authorised Personnel and End Users may access and use Solution or Customer Services, as applicable;
(d) make commercially reasonable efforts to ensure that it conducts due diligence and on-boarding procedures in relation to End Users to ensure that End Users have suitable information and communications technology infrastructure, practices and protocols, and access controls, to access and use the applicable Customer Services;
(e) prevent a Security Incident;
(f) ensure that access to and use of Solution by all Authorised Personnel and End Users comply with all usage metrics or other requirements provided by Company from time to time;
(g) only use an API or SDK specified and permitted by Company to access and use Solution;
(h) comply with all Relevant Laws, including all Relevant Privacy Laws, and obtain all Relevant Data Consents;
(i) promptly notify Company in writing of any complaint or investigation under, or relating to, any Relevant Privacy Laws or Relevant Data Consents, to the extent permitted by such Relevant Laws, or any circumstances that may lead to any such complaint or investigation;
(j) act promptly in the resolution of any such complaint, investigation or circumstances;
(k) not do, or omit to do, anything which would put Company in breach of Relevant Privacy Laws or Relevant Data Consents;
(l) take all such steps as Company reasonably requires to facilitate Company's compliance with any of the Relevant Privacy Laws or Relevant Data Consents that apply to the Customer Services;
(m) promptly notify Company in writing if it becomes aware of any changes to a Relevant Privacy Law that may cause the Customer Services, Customer’s business, or the Processing of Data by, operations of, or conduct of, Customer relating to this Addendum, to breach such Relevant Privacy Law;
(n) only store Personal Data on servers or other devices controlled by Customer or its Affiliates in a manner that is in accordance with Relevant Privacy Laws;
(o) back up Data in accordance with good information technology practices, Relevant Laws and Relevant Data Consents, including that backup copies on transportable device or other data media must be marked as backup copies and bear the same IP Rights and authorship notice as the original device or other data media, unless technically unfeasible;
(p) at all times comply with its own system security policies and maintain industry standard safeguards for its information and communications technology infrastructure;
(q) comply and shall procure that any of its Affiliates, its Authorised Personnel and End Users comply with all Relevant Laws;
(r) conduct screening checks on its Affiliates, Authorised Personnel and/or End Users (as the case may be), to ensure that they are not designated as a Sanctioned Person or located, incorporated or ordinarily resident in any country that is the subject of sanctions, or that they intend to or are likely to use Solution for any Prohibited Activities;
(s) ensure that neither itself, nor any of its Affiliates, its Authorised Personnel and End Users is not a Military End User pursuant to EAR § 744.17 (or the equivalent laws of other countries and jurisdictions in the Territory); and
(t) comply with any other vetting or screening procedures reasonably imposed by Company from time to time.
(u) For the purposes of this clause, “Sanctioned Person” shall mean:
(i) a person or entity who appears on the list of Specially Designated Nationals and Blocked Persons maintained by the U.S. Department of the Treasury, Office of Foreign Assets Control, or any other list of persons or entities with whom dealings are restricted or prohibited by any Relevant Jurisdiction;
(ii) the government, including any political subdivision, agency, or instrumentality thereof, of any country against which any Relevant Jurisdiction maintains comprehensive economic sanctions or embargos;
(iii) a national or resident of any country against which any Relevant Jurisdiction maintains comprehensive economic sanctions or an embargo; or
(iv) a person acting or purporting to act, directly or indirectly, on behalf of, or a person owned or controlled by, any of the persons listed in clauses 3(u)(i) to 3(u)(iii) above.
(v) For the purpose of this Addendum, “Military End Use” has the meaning defined under § 744.17 and § 744.21 of the EAR (or the equivalent laws of other countries and jurisdictions in the Territory); and “Military End User” has the meaning defined under § 744.17 of the EAR (or the equivalent laws of other countries and jurisdictions in the Territory).
4. Customer Prohibitions - Customer must not, unless expressly permitted by Company in writing:
(a) incorporate or grant any other person the right to incorporate Solution into another product to form a new product;
(b) use, distribute or permit access to any Solution that has been recalled, or that does not comply with the Documentation;
(c) lease, loan, resell, transfer, sublicense or otherwise make available Solution or Documentation, other than to its Affiliates, Authorised Personnel and End Users as permitted in writing;
(d) make or attempt to make any modification to, reverse engineer, decompile, disassemble, or otherwise seek to recreate the source code or underlying functionality of Solution or any API or SDK;
(e) modify, port, translate, adapt, alter, frame or create derivative works based on Solution;
(f) disable or circumvent any access control or related process or procedure established with respect to Solution;
(g) copy (except for installation and backup of Solution as permitted in writing and the applicable Documentation), translate, disassemble, decompile, attempt to recreate, reverse engineer Solution or any source code object code, software programs, processes, algorithms, methods, techniques, data, or information embodied in Solution, the relevant portal or platform, or the Documentation, or any part, feature, function or user interface thereof, or extract ideas, algorithms, procedures, workflows or hierarchies from Solution, the relevant portal or platform, or the Documentation or otherwise use Solution for the purpose of creating any other product or service;
(h) change or remove any IP Rights and authorship notices from Solution or Documentation;
(i) access or use or attempt to access or use Solution in any way that causes, or may cause, damage to Solution or other Company Systems or impairment of the availability or accessibility of Solution or other Company Systems;
(j) breach, tamper with, compromise or circumvent any security measures included in system and data security requirements, policies and/or rules notified by Company from time to time;
(k) circumvent or disclose the user authentication or security of Solution or Company Systems, or any related host, network, or account;
(l) share, distribute or publish log-in credentials assigned to it except as permitted by Company (as the case may be);
(m) interfere with or disrupt Solution or Company Systems or other equipment or networks connected to Solution;
(n) knowingly do or permit anything to be done which could infringe, invalidate, cancel, harm, challenge, deny, question or contest Company IP;
(o) allow any Company IP to become the subject matter of any charge, lien or encumbrance;
(p) publish or disclose any results of benchmark tests run on any Solution;
(q) disclose, provide or otherwise make available trade secrets in connection with Company IP in any form to any third party;
(r) use Solution to transmit any content, data or information that is unlawful, defamatory, obscene, invasive of another’s privacy or otherwise objectionable;
(s) solicit for employment any employee or consultant of Company or its Affiliates thereof with whom Customer had contact or who became known to it;
(t) permit access to or use of Solution, in violation of any Relevant Laws;
(u) permit access to or use of Solution to disrupt international peace and security, including not permitting access to or use of Solution for any Prohibited Activities; or
(v) permit access to or use of Solution to exploit for Military End Use or to be resold or transferred to any Military End User.
Customer acknowledges and agrees that Company may implement certain technology or software including data loss prevention software, to monitor, analyse and report on Customer's activities in relation to its usage of and access to Solution, as well as to ensure information security of Customer’s Systems. Customer shall not grant access to Solution to any Representative who does not have, or refuse to have, such software implemented on his/her computers.
5. End User terms
Customer shall ensure that where End Users have access to or use of any Solution via Customer Services provided by Customer to End Users, Customer shall also issue, and ensure that End User accepts and complies with, the terms of use of such Customer Services. These terms shall contain, at a minimum, the end user terms of use set out in Annexure A to this Addendum (the “End User Terms”). For the avoidance of doubt, references in the End User Terms to the “Provider” shall be read as references to the “Customer” as defined in this Addendum; and references in the End User Terms to the “Solution licensor” shall be read as references to the “Company” as defined in this Addendum. All capitalised terms used but not defined in the End User Terms shall have the meaning given to them in this Addendum.
6. Customer responsibility
Customer agrees to be responsible for the acts and omissions of all its Authorised Personnel, End Users, Affiliates or Representatives as if they were the acts and omissions of Customer.
7. Reference Materials Licence
Company hereby grants Customer during the Usage Term and within the Territory a non-exclusive, revocable, non‑transferable, non-sublicensable licence to use all or part of the Documentation for the purpose of creating User Reference Materials, provided that: (1) Company’s IP Rights are preserved and IP Rights notices are kept intact; and (2) the User Reference Materials have been approved in writing by Company prior to being released to any Customer Affiliates or End Users.
8. Use of Trademarks
Customer shall comply with (i) branding and marketing guidelines as may be notified by Company in writing, and (ii) the standards of quality and design as notified to Customer by Company from time to time, in relation to the use of Company trademarks. Before each new use of any Trademark, Customer shall obtain prior written approval from Company (which shall not be unreasonably withheld or delayed). If required by Relevant Laws, Customer shall not send any communications to any individuals regarding the Customer Services to its End Users unless appropriate approvals have been obtained under Relevant Laws. Company may, from time to time, and on reasonable prior written notice, audit Customer’s compliance with the terms in this Addendum (including compliance with this clause 8, the applicable Solution Specific Terms and Service Level Agreement as incorporated herein). Where an audit reveals Customer is, or is likely to be, in non-compliance with the aforesaid terms, Customer will bear the full costs of any such audits conducted by Company, and further, Customer shall also use all reasonable efforts to rectify any actual or potential non-compliance.
9. IP Rights
Company owns and will retain, or licenses and will retain their rights under licences for, all Company IP. All rights in Company IP not expressly granted to Customer under this Addendum are reserved by Company. Nothing in this Addendum transfers from Company any proprietary right or interest in any Company IP.
Customer must: (i) promptly notify Company in writing of any actual, attempted, threatened or suspected infringement of any of Company IP; and (ii) at the request and expense of Company, provide all reasonable assistance as Company may require in conducting enforcement proceedings or defending proceedings in respect of Company IP.
All rights, title to and interests in, all Foreground IP shall vest in and shall be the sole and exclusive property of Company, unless otherwise agreed in writing by Company or otherwise set forth in the applicable Solution Specific Terms and Service Level Agreement. For clarity, if Customer (through itself, or other third parties) perform customizations, or create developments, derivatives, enhancements, improvements or additional products, functions or modules relating to Solution, the Documentation and/or other matters using Company IP, all Foreground IP created as a result of the foregoing work shall vest solely and absolutely in Company upon their creation or development, and Company shall have the sole and exclusive right, at its discretion, to file, prosecute and maintain any patent or other registrable IP Rights in and to the Foreground IP.
Customer (including its Affiliates) shall do all acts and things and execute any further documents reasonably required by Company to give effect to and/or perfection of the ownership by Company of all Company IP.
10. Technological Changes
To the extent that, a Customer wishes to request for a Technological Change:
(a) Customer shall promptly discuss such request with Company. Customer acknowledges that it is the sole discretion of Company whether or not it wishes to proceed with the Technological Change requested by Customer;
(b) Any agreed Technological Change shall be documented by Company and Customer by completing a written change control note signed by both Parties setting out the agreed revised fees, deliverable, timetable, and other relevant aspects of such Technological Change (a “Change Request Note”); and
(c) Each Change Request Note shall be substantially in the form set out in the agreement between Customer and Company.
11. Customer Regulatory Requirements
Customer agrees that it is solely responsible for: (a) determining whether or not Relevant Laws impose any restrictions or requirements on any of its activities in connection with this Addendum, Customer Services or any Solution; (b) determining what Regulatory Approvals are required for Customer to use any Solution (if any); and (c) as applicable, obtain from the appropriate Government Agencies all applicable Regulatory Approvals.
12. Warranty
The Solution is provided “as is”. Except to the extent prohibited by Relevant Laws, or to the extent any statutory rights apply that cannot be excluded, limited or waived, Company, its Affiliates and its Licensors: (a) do not make any representations or warranties of any kind, whether express, implied, statutory or otherwise, regarding Solution, and relevant services, and any other matter pertaining to this Addendum or Relevant Data Consents; (b) disclaim any and all warranties of any kind, whether express, implied or statutory, and shall not be responsible for: (i) merchantability, fitness for purpose, non-infringement, satisfactory quality, accuracy, quality, completeness, timeliness, responsiveness, or productivity of any Solution; and (ii) whether Customer’s use of Solution for whatever purpose, will infringe any Relevant Laws; and (c) exclude any warranty that any Solution will be uninterrupted, error free, free of security defects or harmful components ,or that any Data will not be lost or corrupted.
Company shall not be responsible for (a) any representations made by any person regarding the sufficiency or suitability of Solution in any actual application, or (b) Customer’s use of Solution for whatever purpose or whether any such use would violate the Relevant Laws or comply with the regulatory requirements under the Relevant Laws or required by the Government Agency, or (c) reviewing the Customer Data for accuracy.
Customer acknowledges and agrees that Solution, and the access to and use thereof, may be subject to limitations, delays and other problems not in Company’s control (including such limitations, delays and other problems of or attributable to the data source) and inherent in the use of the Internet and electronic communications, and that Company shall not be held responsible for delays, delivery failures or other damage resulting from such limitations.
Customer acknowledges and agrees that Solution are designed to be tools to assist Customer in the provision of the Customer Services, and that Company makes no warranties nor shall Company have any liability that Solution shall meet all of Customer’s requirements, or that the use of Solution shall be uninterrupted, error free or free from security defects.
Company makes no warranties nor shall Company or its Content Provider (as applicable) have any liability (whether in contract, tort, under statute or indemnities or otherwise, including negligence or fundamental breach) with respect to, any third party products or services.
Company makes no warranties on and shall not be responsible for any application of results obtained from the use of Solution or for unintended or unforeseen results obtained in the use of Solution.
13. Liability
TO THE MAXIMUM EXTENT PERMITTED UNDER APPLICABLE LAW, UNDER NO CIRCUMSTANCES SHALL COMPANY BE LIABLE TO CUSTOMER FOR ANY DIRECT DAMAGES, LOSS OF PROFITS, REVENUE, DATA, REPUTATION OR GOODWILL, OR FOR ANY INDIRECT, INCIDENTAL, CONSEQUENTIAL, SPECIAL OR PUNITIVE DAMAGES FOR ANY MATTER RELATING TO SOLUTION, WHETHER SUCH LIABILITY IS ASSERTED ON THE BASIS OF CONTRACT, TORT (INCLUDING, WITHOUT LIMITATION, NEGLIGENCE OR STRICT LIABILITY) OR OTHERWISE, AND EVEN IF INFORMED OF THE POSSIBILITY OF SUCH DAMAGES. NOTWITHSTANDING THE FOREGOING, IF COMPANY IS FOUND LIABLE DIRECTLY TO CUSTOMER FOR ANY DAMAGES, ITS TOTAL LIABILITY RELATED TO, IN CONNECTION WITH AND RISING FROM ITS PURCHASE AND USE OF SOLUTION SHALL NOT EXCEED THE AMOUNT EQUAL TO THE LOWER OF (A) USD $500,000.00 OR (B) FEES PAID BY CUSTOMER TO COMPANY FOR ACCESS TO AND USE OF THE SOLUTION IN THE PRECEDING SIX (6) MONTHS PRIOR TO THE MONTH IN WHICH THE RELEVANT CLAIM IS FIRST MADE GIVING RISE TO LIABILITY. THE EXISTENCE OF MORE THAN ONE CLAIM OR CAUSE OF ACTION WILL NOT ENLARGE THE FOREGOING LIMIT.
Customer agrees to indemnify, defend and hold harmless Company against all Losses arising from (a) the Customer Services, (b) the acts or omissions of Customer and its End Users, Affiliates, Authorised Personnel, and Representatives, (c) management of its relationships with any of the foregoing (including alleged breach of agreements between Customer and any of the foregoing), and/or (c) any breach of its obligations under this Addendum (which includes the applicable Solution Specific Terms and Service Level Agreement as incorporated herein) caused by any of the foregoing.
14. Audit
Without prejudice to any other rights that Company may have under this Addendum, Company may also audit (no more than once annually) Customer’s compliance with the terms in this Addendum. Customer must, with reasonable notice from Company, reasonably cooperate with such audits, including the provision of access to relevant records and personnel. Any audit undertaken under this clause 14 shall be at Company’s own cost, except where the audit reveals non-compliance, in which case, Customer must pay Company’s reasonable costs of the audit.
15. Suspension and Downtime
Without prejudice to the rights under this Addendum, Company may suspend the provision of Solution if:
(a) any amount due to be paid by Customer is overdue or Customer has breached any term of any Solution Specific Terms or this Addendum; and
(b) Company has given Customer at least fourteen (14) days’ written notice, following the amount becoming overdue or Customer’s breach, of its intention to suspend access to or use of Solution,
in which event such action shall not give rise to any cause of breach of contract or other liability against Company.
Customer acknowledges that Solution may be unavailable from time to time. Unavailability of Solution caused directly or indirectly by any of the following shall not be considered a breach by Company of any Solution Specific Terms or this Addendum:
(a) a Force Majeure Event;
(b) a fault or failure of the internet or any public telecommunications network;
(c) a fault or failure of Customer System or network;
(d) any downtime caused or contributed to by the improper use of SDKs, or wrong configure of server-end component like mobile gateway by Customer or End User;
(e) any breach by Customer of Solution Specific Terms or this Addendum; or
(f) scheduled, major, urgent or emergency maintenance, upgrades or updates carried out in accordance with Solution Specific Terms/ Service Level Agreement or this Addendum.
16. Termination
Without prejudice to any other rights that Company may have under any agreement as a third-party beneficiary, Company shall also have the right to terminate or suspend Customer’s access to and use of Solution immediately by notice, and terminate or suspend all licences granted to Customer immediately by notice, without any liability to Customer if: (a) Customer (including its Authorised Personnel, End Users, Affiliates or Representatives) had used or is using Solution outside the scope of this Addendum (which includes the applicable Solution Specific Terms and Service Level Agreement as incorporated herein); (b) Customer (including its Authorised Personnel, End Users, Affiliates or Representatives) is or had been otherwise in material breach of Relevant Laws (including applicable laws or regulations about personal data, data privacy, anti-money laundering, sanctions, export or import control prohibitions in relation to technology (encrypted or otherwise), or is or had been otherwise in breach of the terms set forth in clause 3(p) to clause 3(u)), or this Addendum between Company and Customer; (c) a Security Incident has occurred with respect to Data that is in the possession of, or under the control of Customer, or (d) there is any change in Relevant Laws which makes it unlawful, impossible, or impracticable for Company to continue this Addendum, as it becomes known to Company.
Upon the effective date of termination, Customer shall (a) immediately stop accessing and using Solution; and (b) where applicable, return to Company or, if required by Company, destroy all information concerning Solution in Customer’s possession or control.
17. Data Privacy
If and to the extent applicable, Company agrees to comply with the obligations set out at Annexure B (Data Protection Terms), with regards to the processing of Personal Data received from Customer during its use of Solution (“Transferred Personal Data”).
18. Confidentiality
Each Party retains all ownership rights in and to its Confidential Information. The Receiving Entity will use the same degree of care that it uses to protect the confidentiality of its own confidential information (but not less than reasonable care) to (i) not use any Confidential Information of the Disclosing Entity for any purpose outside the scope of this Addendum and (ii) except as otherwise authorized by the Disclosing Entity in writing, limit access to Confidential Information of the Disclosing Entity to those of its and its Affiliates’ employees and contractors who need that access for purposes consistent with this Addendum.
The Receiving Entity acknowledges that disclosure of Confidential Information would cause substantial harm for which damages alone would not be a sufficient remedy, and therefore that upon any such disclosure by the Receiving Entity, the Disclosing Entity will be entitled to seek appropriate equitable relief in addition to whatever other remedies it might have at law.
19. Governing Law & Dispute Resolution
This Addendum shall be governed by, and construed in accordance with, the laws of the Republic of Singapore. Any dispute arising out of or in connection with this Addendum and the terms incorporated therein, including any question regarding its application, validity or termination, shall be referred to, and exclusively and finally resolved by, arbitration administered by the Singapore International Arbitration Centre (“SIAC”) in accordance with the SIAC Arbitration Rules for the time being in force (“Rules”), which Rules are deemed to be incorporated by reference in this clause. The arbitral tribunal shall consist of three (3) arbitrators, of which one (1) arbitrator shall be appointed by Company, one (1) arbitrator shall be appointed by Customer and the third and presiding arbitrator shall be appointed by the first two (2) arbitrators as agreed between them or failing agreement within thirty (30) days from the appointment of the second arbitrator, by the President of SIAC in accordance with the Rules. The venue and seat of the arbitration must be Singapore, and the arbitration must be conducted in English.
20. Third Party Rights
Customer agrees that: (a) in respect of terms in any agreements that are intended to be for the benefit of Company, Company shall have the right to enforce directly against Customer, notwithstanding that Company is not a party to the Customer Terms, under the Contracts (Rights of Third Parties) Act (Cap.53B); and (b) should any dispute arise between Customer and any third party under the relevant agreement, Customer agrees to release Company from all claims, demands and damages of every kind and nature, known and unknown, suspected and unsuspected, disclosed and undisclosed, foreseeable or unforeseeable, arising out of or in any way connected to such disputes.
Annexure A to the Addendum
End User Terms of Use
1. Usage - End User is permitted to access and use Solution as incorporated into the Customer Services, pursuant to these End User Terms of Use (“End User Terms”), for the sole purpose of enabling End User to receive and/or use the Customer Services. End User shall not modify, reverse engineer, copy, sell, lease, or sublicense Solution. End User may not extract ideas, algorithms, procedures, workflows or hierarchies from Solution or otherwise use Solution for the purpose of developing any other software based on concepts, functions, or operations similar to those in Solution.
2. Confidential Information - End User acknowledges that Solution and all information provided in connection therewith, is proprietary to, and forms part of, the Confidential Information of Solution licensor. End User hereby acknowledges that unauthorised access to or use of Solution may cause immediate and irreparable harm and Provider and/or Solution licensor shall have the right to (i) seek and obtain preliminary and final injunctive relief to enforce these terms of use, and (ii) terminate End User’s licence to access or use Solution in case of any actual or threatened breach, in addition to other rights and remedies that may be available to Provider and/or Solution licensor.
3. Intellectual Property Rights - End User only acquires the right under these End User Terms to access and use Solution, and all intellectual property rights in Solution and all derivatives belong to and shall remain owned by Solution licensor. End User may not copy all or any part of Solution. End User shall maintain adequate security measures to safeguard Solution from unauthorised access or use, and shall comply with security procedures and technical standards as notified by Customer from time to time (if any).
4. Ownership. The copy of Solution is licensed, not sold. Solution licensor retains ownership of the copy of Solution, including all intellectual property rights therein. The Software is protected by international copyright law, international treaties and other applicable laws. End Users will not delete or in any manner alter the copyright, trademark, and other proprietary rights notices or markings appearing on Solution or generated when Solution runs, as delivered.
5. Technical Support - No support requests shall be addressed to Provider. Nothing under these terms of use requires Provider to create or deliver any Updates, or provide any support directly to End User, and Provider makes no representations or warranties regarding any Updates.
6. Warranty - SOLUTION ARE PROVIDED “AS IS”. EXCEPT TO THE EXTENT PROHIBITED BY RELEVANT LAWS, OR TO THE EXTENT ANY STATUTORY RIGHTS APPLY THAT CANNOT BE EXCLUDED, LIMITED OR WAIVED, PROVIDER AND SOLUTION LICENSOR DISCLAIMS ALL EXPRESS, IMPLIED, STATUTORY OR OTHERWISE WARRANTIES REGARDING SOLUTION AND DOCUMENTATION, INCLUDING WITHOUT LIMITATION THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, TITLE OR NON-INFRINGEMENT, EXCEPT AND SOLELY FOR A WARRANTY THAT SOLUTION SHALL MATERIALLY COMPLY WITH THE DOCUMENTATION PROVIDED BY PROVIDER. PROVIDER AND SOLUTION LICENSOR SHALL NOT BE RESPONSIBLE FOR ANY REPRESENTATIONS MADE BY ANY PERSON REGARDING THE SUFFICIENCY OR SUITABILITY OF SOLUTION IN ANY ACTUAL APPLICATION.
7. Liability – TO THE MAXIMUM EXTENT PERMITTED UNDER APPLICABLE LAW, UNDER NO CIRCUMSTANCES SHALL PROVIDER OR SOLUTION LICENSOR BE LIABLE TO END USER FOR ANY DIRECT DAMAGES, LOSS OF PROFITS, REVENUE, DATA, REPUTATION OR GOODWILL, OR FOR ANY INDIRECT, INCIDENTAL, CONSEQUENTIAL, SPECIAL OR PUNITIVE DAMAGES FOR ANY MATTER RELATING TO SOLUTION, WHETHER SUCH LIABILITY IS ASSERTED ON THE BASIS OF CONTRACT, TORT (INCLUDING, WITHOUT LIMITATION, NEGLIGENCE OR STRICT LIABILITY) OR OTHERWISE, AND EVEN IF INFORMED OF THE POSSIBILITY OF SUCH DAMAGES. NOTWITHSTANDING THE FOREGOING, IF PROVIDER OR SOLUTION LICENSOR IS FOUND LIABLE DIRECTLY TO END USER FOR ANY DAMAGES, ITS TOTAL LIABILITY RELATED TO THESE TERMS OF USE SHALL NOT EXCEED THE AMOUNT EQUAL TO THE LOWER OF (A) USD $500,000.00 OR (B) THE FEES PAID BY END USER TO PROVIDER FOR THE CUSTOMER SERVICES THAT INCORPORATES SOLUTION IN THE PRECEDING SIX (6) MONTHS PRIOR TO THE MONTH IN WHICH THE RELEVANT CLAIM IS FIRST MADE GIVING RISE TO LIABILITY. THE EXISTENCE OF MORE THAN ONE CLAIM OR CAUSE OF ACTION WILL NOT ENLARGE THE FOREGOING LIMIT.
8. U.S. Government End Users. Solution is “commercial computer software” as that term is used in FAR 12.212 and DFARS 227.7202. If Solution is being acquired by or on behalf of the U.S. Government, then, as provided in FAR 12.212 and DFARS 227.7202-1 through 227.7202-4, as applicable, the U.S. Government’s rights in the Solution will be only those specified in these End User Terms.
9. Export Law. End User agrees to comply fully with all applicable export laws and regulations to ensure that neither Solution nor any technical data related thereto nor any direct product thereof are exported or re-exported directly or indirectly in violation of, or used for any purposes prohibited by, such laws and regulations.
10. Termination- Provider and/or Solution licensor may terminate End User's permission to use Solution immediately by notice in the event that End User breaches any term or condition of this terms of use. Upon termination, End User must immediately delete all copies of Solution from all devices (and otherwise) and stop accessing and using Solution.
11. Miscellaneous- These End User Terms shall be governed by, and construed in accordance with, the laws of the Republic of Singapore. End User agrees that in respect of these End User Terms that are intended for the benefit of Solution licensor, Solution licensor shall be entitled to enforce these terms directly against the End User, notwithstanding that Solution licensor is not a party to these End User Terms, under the Contracts (Rights of Third Parties) Act (Cap.53B).
Annexure B to the Addendum
Data Protection Terms (the “Terms”)
1. Use restrictions
1.1 Company shall only Process Transferred Personal Data in accordance with the Addendum.
1.2 Company shall only Process Transferred Personal Data:
(i) strictly for the for the purposes of the Addendum and development and maintenance of the Solution, including manual marking of the Transferred Personal Data in order to improve the service quality and/or the functionality (“Purpose”); or
(ii) with Customer’s prior written consent or in accordance with Customer’s instructions.
1.3 Company may Process the Transferred Personal Data when required by law or an order of court, but shall notify Customer as soon as practicable before complying with such law or order of court at its own costs, unless such notification is prohibited under any law or order of court.
2. Customer obligations
2.1 Customer represents and warrants to Company that it has the legal right under all applicable laws to disclose to Company and/or its Affiliates, or permit Company and/or its Affiliates to collect, all Transferred Personal Data and has taken the proper steps to ensure that Company and/or its Affiliates are able to lawfully Process the Transferred Personal Data for the Purpose and any other purposes set out in the Addendum, including providing all required notices or statements to all data subjects of the Transferred Personal Data and obtaining all required consents or permissions or similar or equivalent concept pursuant to any Relevant Privacy Laws from all data subjects of the Transferred Personal Data.
2.2 Customer must:
(i) promptly notify Company in writing of any complaint or investigation under, or relating to, any Relevant Privacy Laws or Relevant Data Consents concerning the Customer’s use of the Solution or concerning the Transferred Personal Data or any circumstances that may lead to any such complaint or investigation;
(ii) act promptly in the resolution of any such complaint, investigation or circumstances;
(iii) not do, or omit to do, anything which would put Company in breach of Relevant Privacy Laws or Relevant Data Consents;
(iv) take all such steps as Company reasonably requires of it to facilitate Company's compliance with any of the Relevant Privacy Laws or Relevant Data Consents that apply to Company, including any Relevant Privacy Laws obliging Company to obtain Relevant Data Consents or to store a copy of Transferred Personal Data within the Territory (including in the circumstance of assignment of Company's rights under the Addendum);
(v) maintain security measures, including physical and electronic measures, in relation to:
(a) the Customer Services;
(b) the technology and infrastructure required to provide and perform the Services; and
(c) the Personal Data in its or its Representative's possession or control,
in accordance with the provisions of clause 4 of the Addendum and all relevant data security standards, including those related to fraud and anti-money laundering, required or identified by:
(d) Company's data security protocols and data integrity and security measures furnished by Company to Customer from time to time; and
(e) Relevant Privacy Laws,
with the more stringent measures to apply in the case of any inconsistency;
(vi) comply with Company's security requirements regarding the dedicated or direct interconnection between its systems, platforms or devices and Customer's operating environment, as specified in clause 4 of the Addendum;
(vii) promptly notify Company in writing if it becomes aware of any changes to a Relevant Privacy Law that may cause the Customer Services, the Processing of Transferred Personal Data or any other activities of Company relating to the Addendum, to breach such Relevant Privacy Law;
(viii) in addition to complying with any obligations for data back-up and storage under any Relevant Privacy Laws and Relevant Data Consents (including any obligations to store a copy of the Transferred Personal Data within the Territory), Customer must:
(a) back up the Transferred Personal Data as often as is necessary to ensure that the Transferred Personal Data can be recovered; and
(b) otherwise comply with the data back-up and storage protocols as provided by Company from time to time;
(ix) in the event of any:
(a) breach of any data security requirement under the Addendum by Customer or its End Users; or
(b) Security Incident, which Customer knows or reasonably suspects has occurred,
Customer must notify Company in writing immediately and comply with all reasonable directions of Company in respect of the breach; and
(x) Company may audit or require a copy of an internal or external audit performed in respect of Customer's compliance with this clause 2 of the Terms from time to time.
2.3 Customer agrees that it is solely responsible for the development, content, operation, maintenance, and Processing of Personal Data in connection with the Customer Services or the Addendum, including:
(i) ensuring that the Processing of Transferred Personal Data, including by Company, and/or its Affiliates, complies with the Relevant Privacy Laws, Relevant Data Consents, and other notices or disclosures provided or made;
(ii) any claims relating to or Losses arising from the Processing of Personal Data or a Security Incident;
(iii) properly handling and processing notices sent to Customer by any Person claiming that Transferred Personal Data (or any actions in relation to it, including actions consistent with the terms of the Addendum) is in breach of Relevant Privacy Laws or violates such Person’s rights;
(iv) responding to any request which Customer may receive from any End User seeking to exercise the rights over his/her Personal Data that he/she may be entitled to in accordance with the Relevant Privacy Laws; and
(v) taking its own steps to maintain appropriate security, protection and backup of Transferred Personal Data, which may include the use of encryption technology to protect Transferred Personal Data from unauthorised access and appropriate archiving of Transferred Personal Data.
2.4 Customer agrees and acknowledges that any Processing of any Transferred Personal Data by Company or its Affiliates, is carried out by them as data intermediaries, data processors or other similar designation under Relevant Privacy Laws, of Customer, on behalf of Customer and for the purposes of Customer.
2.5 In processing transactions using the Services, Customer acknowledges and agrees that all Transferred Personal Data shall be provided in accordance with data standards developed and issued by Company. The data standards are published by Company or its Affiliates and may be varied by Company or its Affiliates from time to time with notice to Customer.
2.6 In relation to all Personal Data to be Processed in connection with the Customer Services, Customer must ensure that:
(i) all consents or approvals required under, or are otherwise necessary or useful to comply with, Relevant Privacy Laws have been obtained;
(ii) all Relevant Data Consents that are necessary or useful for Company to provide the Customer Services to Customer and otherwise perform its other obligations under the Addendum have been obtained;
(iii) all notices and disclosures that are required under, or otherwise necessary or useful to comply with Relevant Privacy Laws and Relevant Data Consents and any notices and disclosures that Customer is required to provide to data subjects of Transferred Personal Data or Government Agencies have been provided or made, including those concerning:
(a) the collection of Personal Data by, and disclosure of Personal Data to, Company or its Affiliates;
(b) the collection and transfer of Personal Data in, by and from the Services in the course of receiving and providing the Services and Customer Services; and
(c) the Processing of Transferred Personal Data by Company,
(iv) as contemplated by the Addendum, including being consistent with and reflecting Company's status as described in clause 2.4 of the Terms; and
(v) a record of all consents (including Relevant Data Consents) or approvals in connection with this clause 2.6 of the Terms is maintained in accordance with all Relevant Privacy Laws.
2.7 After Customer complies with the requirements of this clause 2, if for any reason, whether under Relevant Privacy Laws or any requirement reasonably imposed by Company, Customer is required to subsequently obtain any consent or approval of such data subject of Personal Data or Government Agency for any Processing of Personal Data as set out above, Customer must inform Company and shall obtain such consent or approval before Processing such Personal Data which is the subject of such consent or approval.
3. Processing of Data
3.1 In respect of Transferred Personal Data, Company shall:
(i) comply with the Relevant Privacy Laws of the location of processing as agreed in clause 4.1 of the Terms in relation to its Processing of Transferred Personal Data;
(ii) upon request from Customer, provide reasonable assistance to Customer to respond to requests from individuals exercising their rights under the Relevant Privacy Laws of the location of processing as agreed in clause 4.1 of the Terms; and
(iii) ensure that any Authorised Personnel who Processes the Transferred Personal Data or any person to whom Company discloses Transferred Personal Data Processes it in accordance with terms of the Addendum.
3.2 Customer acknowledges that Company does not intend for Customer Services to be made available to End Users under the age of 15 years. Customer must ensure that all End Users are over 15 years of age and that End Users between 15 and 18 years of age do not use Customer Services without a guardian's consent.
3.3 Company will take reasonable steps to carry out an End User’s request to exercise his/her rights over his/her Personal Data, including by providing access to, correct, restrict Processing of, delete or port Transferred Personal Data, on written notice from Customer. Company shall require End Users to contact Customer in the first instance with any request to exercise his/her rights over his/her Personal Data, including requests for access to, correction, restriction of Processing, deletion or porting of Transferred Personal Data.
4. Location of processing
4.1 Customer hereby consents that Transferred Personal Data will be processed and stored on servers located in Singapore, Hong Kong or Indonesia (as applicable), depending on the specific Solutions subscribed by Customer.
4.2 Unless otherwise stated herein, Company shall not transfer Transferred Personal Data to a place outside the location as agreed in clause 4.1 of the Terms without Customer’s prior written consent. Customer hereby consents that if Customer’s or End User’s use of certain Solution or certain functions of Solution involves transferring Personal Data to mainland China for Processing, Company may transfer Transferred Personal Data to mainland China for Processing.
5. Cross-Border Transfer
5.1 Customer hereby acknowledges and consents that Customer’s or End User’s use of certain Solution or certain functions of Solution may require Transferred Personal Data to be transferred to the mainland China for Processing, and the verification results will be stored on servers located in mainland China and then transferred back to Customer.
5.2 Parties agree and acknowledge that transferring verification results outside of mainland China shall only be conducted in accordance with all Relevant Laws and regulatory requirements. Supplemental agreements may need to be entered into from time to time as mandatorily required by changes in Relevant Laws and regulatory requirements.
6. Security measures
6.1 Company shall implement reasonable technical and operational security measures to protect Transferred Personal Data against unauthorised or accidental access, Processing, modification, copying, disposal, destruction or similar risks.
6.2 Company shall only permit the Authorised Personnel to access Transferred Personal Data on a need-to-know basis and in accordance with the terms of the Addendum.
7. Sub-processing
7.1 Company shall not engage any other processor to Process Transferred Personal Data without Customer’s prior written consent, provided that such consent shall not be unreasonably withheld.
7.2 If Customer consents to Company engaging sub-processors to Process Transferred Personal Data pursuant to clause 7.1 of the Terms, Company shall ensure that it has a written contract with those sub-processors it engages to Process Transferred Personal Data that incorporates obligations equivalent to those set out in the Terms.
7.3 Customer hereby consents to Company engaging ZOLOZ PTE. LTD. and its Affiliates to Process Transferred Personal Data.
8. Data breach
8.1 In the event of any:
(i) breach by Company of any of its data security obligations under the Addendum; or
(ii) security breach of which Company:
(a) is actually aware has occurred; or
(b) has a reasonable suspicion has occurred,
Company must notify Customer in writing promptly and consult with Customer in respect of any steps to be taken in connection with such breach.
9. Retention of Personal Data
9.1 Company shall not retain Transferred Personal Data (or any documents or records containing Transferred Personal Data, electronic or otherwise) for any period of time longer than is necessary to serve the Purpose or as required by law.
9.2 Except as otherwise required by law, Company shall within a reasonable period of time upon the reasonable request of Customer or at its discretion on the expiry or termination of the Addendum:
(i) return all Transferred Personal Data in its possession to Customer; or
(ii) delete all Transferred Personal Data in its possession.