PLEASE READ THESE TERMS CAREFULLY
This Agreement applies to Customers as business users and Customers as personal users when downloading Didimo API free-of-charge. If Customer is using Didimo API for personal use this Agreement also applies and prevails in the event of a conflict.
By accepting to be bound by this Agreement, Customer also agrees to be legally bound by the following, which form a part of this Agreement:
- Any extra terms which may add to, or replace some of, these terms from time to time, for example if Didimo’s services are updates or if there are any changes to the law;
- Specific terms which may apply to certain software solutions, or additional terms added after free use; and
When material changes are made to these terms Didimo will provide Customer with appropriate notice by displaying prominent notice on its website or writing to Customer. In some cases, Customer will be notified in advance, and Customer will be deemed to have accepted any changes by continued use of Didimo API, after such changes have been made.
Notice to Personal Use Customers –
This Agreement sets out who Didimo is, how Didimo will provide Didimo API, how Customer and Didimo may change or end this Agreement, what to do if there is a problem, and other important information. If Customer thinks there is a mistake in this Agreement, it should contact Didimo to discuss. When Customer uses Didimo API, it will be required to use data on Customer’s computer or device. Customer must check carefully how much data will be used as using too much data might mean that data limits are exceeded and there could be more to pay than expected, particularly if used by Customer outside of their home country. Customer is solely responsible for all internet access charges related to the use of Didimo API.
1. Who Didimo Is and How to Contact Didimo. Didimo is registered in Delaware, USA under EIN 81-3350352. If Customer wishes to contact Didimo it can write to 140th Avenue North, Suite 101, Clearwater, Florida, FL33762 phone +341 220 301 525, or email firstname.lastname@example.org.
2. How Didimo Will Contact Customer. If Didimo has to contact Customer it will do so by writing or by telephone using the contact details provided when Customer applies to use Didimo API.
3. About Didimo. Didimo provides a software solution, which is accessed by Customer through an application program interface (the “Didimo API”), that is able to turn an image of a person’s head (an “Initial Image”) into a 3-D animation file in an .fbx or other format (an “Animation File”). Didimo might at any time update the software supplied to Customer, provided that the software shall always match the description provided before conclusion of this Agreement. Didimo API is not aimed at children. If Customer is under the age of 16, it is not entitled to use Didimo API. Didimo hereby agrees to make the Didimo API available to Customer on a non-exclusive, non-transferable basis for personal or internal business use by Customer for the period and subject to the restrictions set forth the Order Form entered into between the parties (each an “Order Form”). Subject to section 5, one Order Form covers the creation of ten (10) free Didimos. Each Customer shall only be entitled to one (1) Order Form on a free-of-charge basis. Any additional Order Forms shall be subject to Didimo’s charges in force at the time such additional Order Form is concluded. Customer must check the terms and conditions for all fee-paying use before accepting them. Customer agrees that it shall use the Didimo API solely to make Animation Files for personal use or on behalf of Customer’s Users (as hereinafter defined), and that it shall use the Didimo API in compliance with this Agreement, any limitations in the Order Form and all applicable laws. “Users” means third parties who use one or more of the online platforms offered by Customer and listed in the Order Form (the “Customer Online Platform”). Customer shall not attempt to gain unauthorized access to the Didimo API, nor, to the maximum extent legally enforceable, disassemble, decompile, reverse engineer or otherwise attempt to derive source code or other trade secrets from the Didimo API or any Animation Files. Customer shall not sell, resell, rent or lease the use of the Didimo API or reproduce all or any portion of the Didimo API. Didimo offers Didimo API in the EU and outside the EU. For more specific information on its rights, Customer’s using Didimo API for personal use should check the relevant consumer laws in the jurisdiction in which they are based.
4. License to Use Animation Files. All Animation Files shall remain the property of Didimo and may only be used as set forth in this Agreement. Didimo hereby grants Customer a fully-paid, non-transferable (except as provided in Section 7), non-sublicensable right and license during the term of this Agreement to (a) store the Animation Files on its own servers and (b) to use the Animation Files. Customers shall not make the Animation Files available for download by Users whether using Didimo API for business or personal use, and Customers using Didimo API for business purposes shall ensure that its Users do not use the Animation Files for any purpose other than in connection with the Customer Online Platform. Should a Customer wish to license and/or exploit the Animation Files for any other purpose or beyond the term of this Agreement, Customer shall submit a written request to Didimo providing enough details describing such proposed use to Didimo’s satisfaction. Thereafter, the parties will negotiate in good faith the terms of the proposed use, provided that Customer shall not license and/or exploit the Animation Files for any reason whatsoever beyond sharing on Users’ personal social media profiles (i.e., Facebook, Twitter, Instagram) without Didimo’s approval, which it may withhold at its sole discretion. Customer shall ensure its Users do not, to the maximum extent legally enforceable, disassemble, decompile, reverse engineer or otherwise attempt to derive source code or other trade secrets from the Animation Files. Customer shall use Animation Files in accordance with all applicable laws (including privacy laws) and any third party rights.
5. How to Get Didimo. Customers accessing Didimo API free-of-charge will be permitted to download up to ten (10) Didimo files for no fee. Customer can find details about usage Didimo’s Website and if Customer is an existing customer, it can find specific details regarding its existing usage tier by logging into its Didimo Xperience account. When Customer applies to access Didimo API online, Didimo will acknowledge the application by email, containing the Order Form. Please note that this initial email does not mean that the access has been granted. Didimo may contact Customer to advise that the request has not been accepted. This may be because the usage tier is not available, Customer is not allowed to enter into an agreement with Didimo or there has been a mistake in the pricing or description of software. The access is only granted when Didimo emails Customer to confirm this. At this point, a legally binding contract will be in place between Customer and Didimo and Customer will be granted access to Didimo API based on the usage tier it has selected. Didimo will supply access to Didimo API until (i) this Agreement is terminated in accordance with section 6 and 14, or (ii) the number of free downloads permitted have been reached.
6. Personal Use Customers - How to Stop Using Didimo. Customers downloading Didimo API free-of-charge, upon downloading Didimo API hereby understand and accept that performance under this Agreement begins when Didimo API is downloaded and as such there is no withdrawal period (also known as a ‘cooling off period’), which also does not apply in the event of free-of-charge digital services. However, Customer is at all times able to terminate this Agreement under the terms in section 14. Any Customer exercising its right to cancel may be entitled to retrieve the content it has created on Didimo API. Please contact Didimo using the contact details at the top of this Agreement for more information about this.
7. Use of Didimo API for personal use. Customers using Didimo API for personal use may only use Didimo API and its software on five computers or devices within its household. The personal use of Didimo API is personal and exclusive to Customer and it is therefore not permitted to transfer it to any other third party. Accordingly, no other person shall have any rights to enforce Customer’s use of Didimo API or this Agreement. Didimo API can be used anywhere in the world providing Customer complies with local laws. When Didimo grants access to Didimo API it does so on a non-exclusive basis. Similar software may be provided to other users for both business and personal use. Didimo may transfer its rights and obligations under this Agreement to another organisation. It will always notify Customer in writing if it intends to do this.
8. Personal Data.
**8.1 Applicable Privacy Laws. **“Applicable Privacy Laws” shall mean all applicable data protection and privacy legislation in force from time to time in the UK and European Union, including the General Data Protection Regulation ((EU) 2016/679) (“GDPR”); the Privacy and Electronic Communications Directive 2002/58/EC (as updated by Directive 2009/136/EC) and the Privacy and Electronic Communications Regulations 2003 (SI 2003/2426) as amended, as well as any applicable privacy legislation to which a party is subject.
8.2 Data Sharing. Customer shall submit an Initial Image to the Didimo API. Each Initial Image submitted by Customer to the Didimo API and the Animation File derived therefrom shall be assigned a unique identifier. Didimo acknowledges that Initial Image and Animation File, and certain other information provided by Customer, may be personal data in certain jurisdictions and may be subject to Applicable Privacy Laws.
8.3 Parties Obligations. Both parties will comply with all applicable requirements of the Applicable Privacy Laws.
Business Use Customers. For the purposes of the GDPR, when processing personal data for business use Customers, Didimo is acting as a data processor and Customer is acting as a data controller. Users are data subjects. Accordingly, to comply with Article 28(3) of the GDPR, the parties accept the terms of the data processing schedule attached hereto.
Personal Use Customers. For the purposes of the GDPR, when processing personal data for personal use Customers, Didimo is acting as a data controller and Customer is a data subject.
All Customers. This Section 8 and the data processing schedule is in addition to, and does not relieve, remove or replace, a party’s obligations or rights under the Applicable Privacy Laws. Nothing in this Agreement shall prevent or limit exercise of a data subject’s right under the GDPR.
8.6 Privacy Indemnity – Business Use Only. Each party shall indemnify the other against all liabilities, costs, expenses, damages and losses (including but not limited to any direct, indirect or consequential losses, loss of profit, loss of reputation and all interest, penalties and legal costs (calculated on a full indemnity basis) and all other reasonable professional costs and expenses) suffered or incurred by the indemnified party arising out of or in connection with the breach of the Applicable Privacy Laws, this section 8 and/or the data processing schedule (and in the case of Customer, due to breach of its consent collection and notice obligations under section 8.5) by the indemnifying party, its employees or agents, provided that the indemnified party gives to the indemnifier prompt notice of such claim, full information about the circumstances giving rise to it, reasonable assistance in dealing with the claim and sole authority to manage, defend and/or settle it. The liability of Didimo under this section 8.6 shall be subject to the limits set out in section 8 of this Agreement.
9. Didimo Obligations.
(i) Quality of Didimo API and Software for Personal Use Customers. Some national consumer rights laws and EU, laws such as Directive 2011/83/EU pertaining to EU-based personal use Customers, give personal use Customers using Didimo API and its software for personal use only, certain legal rights applicable in the jurisdiction in which they reside (“Statutory Rights”), for example that Didimo API and its software is of satisfactory quality, is fit for purpose and matches the description provided to personal use Customers. Didimo must provide software that complies with Customer’s Statutory Rights when Didimo supplies Didimo API and its software. Customer’s using Didimo API for personal use should check the relevant consumer laws in the jurisdiction in which they are based. Didimo shall use all reasonable efforts to ensure that Didimo API and its software is free from defects, viruses and other malicious content. However, Didimo does not warrant that Didimo API and its software is compatible with any third-party equipment other than that stated on Didimo’s website, and Customer hereby acknowledges that there may be minor errors or bugs in the software. To avoid faults in software, Customer must install any fixes, updates, upgrades, new releases and new versions of Didimo API and its software as soon as reasonably possible after it is notified of such updates. Customer hereby acknowledges that the quality of Didimo API and its software may be affected by a variety of factors, including Customer’s location, its bandwidth and the speed of internet connection. Didimo at all times might update any software supplied to Customer, provided that the Didimo API and its software shall always match the description provided to Customer before it signs up to this Agreement. Notwithstanding the foregoing, Didimo is not responsible for any delays outside its control. If Customer’s access to Didimo API and its software is delayed by an event outside of Didimo’s control then it will contact Customer as soon as possible to notify it and will take steps to minimise the effect of the delay. Provided Didimo does this it will not be liable for any delays caused by the event, however, if there is a risk of substantial delay Customer may contact Didimo to end its usage in accordance with section 14.
(ii) Warranty for All Customers. Didimo shall use all reasonable efforts to enable availability of the Didimo API 24 hours a day, 7 days a week, except for planned maintenance downtime (which Didimo shall use commercially reasonable efforts to schedule outside of business hours for a majority of its customers). Didimo warrants to Customer that the Didimo API and the Animation Files will operate in accordance with any written documentation published from time to time by Didimo (the “Documentation”). For any breach of any of the foregoing warranties, Customer’s exclusive remedy shall be termination of this Agreement as provided in Section 14 below, without prejudice to a personal use Customer’s Statutory Rights referred to at section 9.1.(i).
9.2.DISCLAIMER OF OTHER WARRANTIES. OTHER THAN THE EXPRESS WARRANTIES PROVIDED IN THE PRECEDING PROVISION, DIDIMO DISCLAIMS ALL WARRANTIES, REPRESENTATIONS AND CONDITIONS, EXPRESS OR IMPLIED, INCLUDING IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE, IN RELATION TO OR ARISING OUT OF THIS AGREEMENT, THE DIDIMO API, ANY ANIMATION FILE OR ANY OTHER SERVICES PROVIDED BY DIDIMO, OR THE USE OR PROVISION OF THE DIDIMO API OR ANY ANIMATION FILE. NOTHING IN THIS SECTION 9.2 AFFECTS A PERSONAL USE CUSTOMER’S STATUTORY RIGHTS IN THE JURISDICTION WHERE THEY RESIDE.
9.3. No Liability for Security Breaches. Didimo agrees to use reasonable measures to protect any personally identifiable or confidential information held by Didimo or transmitted to it. The parties agree that notwithstanding such efforts or the features of the Didimo API, no product, hardware, software or service can completely secure access to electronic data and that there are persons and entities, including enterprises, governments and quasi-governmental actors, that will attempt to breach any electronic security measure. In addition to any other limitations set forth in this Agreement, to the maximum extent enforceable in accordance with applicable law, under no circumstances will Didimo be liable to Customer, its Users or any person or entity, for any claim, loss, liability or other expense arising out of or related to any security breach.
10. Ownership. Didimo shall own all intellectual property rights in and to the Didimo API and all Animation Files, and except as set forth herein, nothing in this Agreement shall be deemed to confer any rights to any such intellectual property. As between Didimo and Customer, all rights in any Initial Image shall belong to Customer and Didimo shall have no rights to such Initial Image. Customer hereby grants to Didimo a non-exclusive license during the term of this Agreement to use and store the Initial Image to produce an Animation File, and Customer represents that it has the right to grant such license. Didimo will be free to use any feedback, suggestions, evaluations or improvements that Customer gives to Didimo regarding or relating to the Didimo API, the development or marketing thereof, the product roadmap or otherwise without any restriction or obligation to Customer.
11. Confidentiality. Each party acknowledges that as a result of performing under this Agreement it may have access to data or information, oral or written, related to the other party’s past, present or future research, development or business activities that the other party reasonably considers to be confidential or proprietary, including any such information received by a party from a third-party (“Confidential Information”). Confidential Information does not include (a) any information that is or becomes generally available to the public without breach by the receiving party; (b) any information properly obtained before or after the date of this Agreement from a third party without an obligation of confidentiality; (c) any information independently developed by the receiving party without reference to Confidential Information; or (d) any information to the extent that may be necessary to establish or assert rights hereunder, in a court of law or as may be required by law or governmental regulations or authority (including court order or subpoena); provided, however, that prior to disclosing any Confidential Information as required by law or the government, the receiving party shall promptly notify the disclosing party. During the term of this Agreement, each party agrees that it will not disclose Confidential Information of the other party or use Confidential Information of the other party other than as necessary to perform its obligations and exercise rights under this Agreement.
12. LIMITATIONS OF LIABILITY.
12.1 Personal Use Customers. If Didimo fails to comply with this Agreement, it is responsible for loss of damage that is a foreseeable result of Didimo breaking these terms or for failing to use reasonable care and skill, however, it is not responsible for any loss or damage that is not foreseeable. Loss or damage is foreseeable if it is either obvious it will happen, or if at the time that Customer requests use of Didimo API, both Didimo and Customer were aware it might happen, for example, if Customer notifies Didimo. Didimo does not exclude its liability in any way where it would be unlawful to do so. This includes liability for death or personal injury caused by Didimo’s negligence or for fraud, breach of privacy laws, or other such liability with the law states that Didimo cannot exclude or limit. If defective software which Didimo has supplied damages a device or digital content belonging to Customer and this is due to a failure of Didimo’s reasonable care and skill, Didimo will either repair the damage or pay Customer compensation. However, Didimo will not be liable for damage which Customer could have avoided by following Didimo’s advice to apply an update which was offered free of charge or for damage caused by Customer failing to correctly follow installation instructions or to have in place the minimum recommended system requirements. Furthermore, Didimo is not responsible for the cost of repairing any pre-existing faults or damage to Customer’s device or any pre-existing digital content.
12.2 For all Customers. NOT WITHSTANDING THE FOREGOING, AND SUBJECT TO A PERSONAL USE CUSTOMER’S STATUTORY RIGHTS, NEITHER PARTY SHALL BE LIABLE TO THE OTHER PARTY FOR ANY SPECIAL, INCIDENTAL, INDIRECT OR CONSEQUENTIAL DAMAGES, INCLUDING, BUT NOT LIMITED TO, LOST PROFITS OR DATA, ARISING OUT OF THIS AGREEMENT, THE DIDIMO API, ANY ANIMATION FILE OR ANY OTHER SERVICES PROVIDED BY DIDIMO OR THE USE OR PROVISION OF THE DIDIMO API OR ANY ANIMATION FILE, WHETHER BASED IN CONTRACT, TORT OR ANY OTHER LEGAL THEORY, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.
13. Complaints for Personal Use Customers. Didimo will try to resolve any disputes with Customers quickly and efficiently. If Customers are unhappy with Didimo API and its software or any other matter, Customer should contact Didimo as soon as possible and Didimo will try to resolve the matter as soon as possible, and in the event of any dispute, us its internal complaint handling procedure. Customers based in the EU may also use an online dispute resolution platform to resolve any dispute with Didimo. For more details, please visit https://webgate.ec.europa.eu/odr.
14. Term and Termination.
14.1 For All Customers. This Agreement shall continue in full force so long as the term under any Order Form is effective, until suspended or terminated in accordance with this section 14. Notwithstanding the foregoing, either party shall be entitled to terminate this Agreement or any Order Form immediately upon written notice to the other party in the event that (i) the other party declares bankruptcy, (ii) breaches any material term set forth herein and fails to cure such breach within 30 days from the date of receipt of written notice thereof, or (iii) in the event of personal use Customers, to the extent that their Statutory Rights permit them to do so. Notwithstanding the foregoing, (a) to the extent any Order Form remains in effect beyond the scheduled expiration or termination of this Agreement, this Agreement shall be deemed to remain in effect until such time as such Order Form has expired or been terminated in accordance with the terms set forth therein, (b) in the event Didimo terminates provision of the Didimo API, Didimo shall provide at least 30 days’ notice of such termination and thereafter this Agreement and any Order Forms shall automatically terminate and (c) in the event that Didimo does terminate or suspend this Agreement or terminate or suspend access to Didimo API and its software Customer accepts that Didimo shall have no liability or responsible to Customer. **14.2 Personal Use Customers – Termination and Suspension.**Didimo will take all commercially reasonable efforts to ensure that Didimo API and its software remains in operation however Customer may experience temporary interruptions. This might be to allow Didimo to deal with technical problems or make minor technical changes, or to allow Didimo to update its serves and content to reflect any changes in relevant laws and regulatory or contractual and licensing requirements. Didimo will be entitled to terminate this Agreement, or suspend access to Didimo API and its software at any time including in the event of Customer’s actual or suspected unauthorised use of Didimo API and its software or failure to comply with this Agreement. Didimo will also be entitled to suspend or terminate this Agreement and access to Didimo API if it withdraws it software.
14.3 Post Termination Provisions for All Customers. The following (1) and (2) of this section 14 shall survive any termination of this Agreement: (1) Customer shall not attempt to gain unauthorized access to Didimo API, nor, to the maximum extent legally enforceable, disassemble, decompile, reverse engineer or otherwise attempt to derive source code or other trade secrets from the Didimo API or any Animation Files; and (2) Customer shall not sell, resell, rent or lease the use of Didimo API or reproduce all or any portion of the Didimo API. Section 4 and sections 8 through to 18 shall survive any termination of this Agreement.
15. Business Use Customers Only - Indemnification. Didimo shall defend and indemnify Customer from and against any claim, demand, suit or proceeding (a “Claim”) made or brought against Customer by a third party alleging that the use of the Didimo API or any Animation File (other than any portion of the Animation File derived from or related to the Initial Image) in accordance with this Agreement and the Documentation infringes or misappropriates the intellectual property rights of a third party. Customer shall defend and indemnify Didimo and its licensors from and against any Claim made or brought against Didimo or any of its licensors by a third party related to the use by Customer or any User of the Didimo API or any Animation File. As a condition to the indemnification obligations under this Section 15, the indemnified party shall (a) promptly give the indemnifying party written notice of the Claim, (b) give the indemnifying party sole control of the defense and settlement of the Claim (provided that the indemnifying party may not settle any Claim that imposes any obligation or liability on the indemnified party without the consent of the indemnifying party, such consent not to be unreasonably withheld), and (c) provide to the indemnifying party all reasonable assistance in the defense of the Claim, at the indemnifying party’s expense. If the indemnifying party assumes defense of the Claim as provided for herein, the indemnified party may only retain its own counsel at its own expense.
16. Governing Law and Jurisdiction
16.1 Personal Use Customers - Applicable Law and Courts. This Agreement will be governed by the law which the personal Use Customer is normally resident. Personal Use Customers can bring legal proceedings in the courts of the country in which they are normally resident.
16.2 Business Use Customers - Arbitration. The following section 16.2 applies to Customers using Didimo API and software for business use only. The internal laws of the State of Delaware, regardless of any choice of law principles, shall govern the validity of this Agreement, the construction of its terms and the interpretation and enforcement of the rights and duties of the parties. All disputes, controversies or differences which may arise between the parties hereto, out of or in relation to or in connection with this Agreement, the Hosted Services or any of the other Services, the use or provision of the Hosted Services or any other Services and/or the relationship between the parties hereunder, shall be finally settled by arbitration in San Francisco, CA in accordance with the International Arbitration Rules of the American Arbitration Association. The award rendered by the arbitrator shall be final and binding upon the parties hereto, and any judgment upon such award may be entered in any court having jurisdiction thereof. Arbitration proceedings shall be conducted in the English language. Any and all costs and fees related to any arbitration proceedings hereunder shall be paid solely by the party hereto which does not prevail and against whom the arbitration award is rendered, as determined by the arbitrator. Notwithstanding the foregoing, either party hereto shall, at any time, have the right to seek preliminary equitable or injunctive relief in any court of competent jurisdiction, including without limitation in order to enjoin the infringement of such party’s intellectual property rights.
17. Publicity. Customer grants Didimo the permission to use Customer’s name, logos, and marks to identify Customer as a customer of Didimo in publicly available marketing materials and on Didimo’s website and agrees to serve as a reference for Didimo and its services upon request. If a personal use Customer wishes to object to this, it should contact Didimo by using the details at the start of this Agreement.
18. Miscellaneous. This Agreement, together with any Order Form, supersedes all proposals, oral or written, all negotiations, conversations or discussions between or among the parties relating to the subject matter of this Agreement and all past dealing or industry customs (including any contradictory or additional language in any purchase order) whether Didimo API is used for business or personal use. No amendment, waiver or modification of any provision of this Agreement shall be effective unless in writing and signed by both parties. The relationship between the parties under this Agreement where the Customer uses Didimo for business use is that of independent contractors and neither shall be, nor represent itself to be, the joint venture, franchiser, franchisee, partner, agent or representative of the other party for any purpose whatsoever. This Agreement may be executed in counterparts and by facsimile or scanned pdf, each of which shall constitute originals and all of which, when taken together, shall constitute the same original. This Agreement may not be assigned by either party without the consent of the other party, whether by operation of law, merger or otherwise; except that either party may assign this Agreement to an entity acquiring substantially all of such party’s business related to this Agreement and assuming all of such party’s obligations and liabilities hereunder. This Agreement shall inure to the benefit of and be binding upon the parties hereto and their respective successors and permitted assigns. Any notice pursuant this Agreement shall be deemed effective when delivered in person, upon receipt of a facsimile to the respective fax numbers listed on the signature page of this Agreement (or to such different facsimile number as either party may designate in writing to the other pursuant to this paragraph from time to time) or one day after sending such notice to the address listed below by reputable overnight courier with confirmation of next-day receipt. If any provision of this Agreement is held to be unenforceable or invalid for any reason, or if any governmental agency rules that any portion of this Agreement is illegal or contrary to public policy, the remaining provisions, to the extent feasible, will continue in full force and effect with such unenforceable or invalid provision to be changed and interpreted to best accomplish its original intent and objectives. Excluding payment obligations hereunder (where applicable), neither party shall be liable to the other party for failure or delay in performing its obligations hereunder if such failure or delay is due to circumstances beyond its reasonable control including, without limitation, acts of any governmental body, war, insurrection, sabotage, embargo, fire, flood, strike or other labor disturbance, interruption of or delay in transportation, unavailability of or interruption or delay in telecommunications or third party services, failure of third party software or inability to obtain raw materials, supplies or power.
DATA PROCESSING SCHEDULE – APPLICABLE TO BUSINESS CUSTOMERS ONLY
- Definitions For the purposes of this Schedule, the following terms: “Controller”, “Data Subject”, “International Organisation”, “Personal Data”, “Personal Data Breach”, “processing” and “Processor”, shall have the meanings given to them at Article 4 of the GDPR. The following terms shall have the meanings:
|Protected Data||means Personal Data received from or on behalf of Customer in connection with the performance of Didimo’s obligations under the Agreement; and|
|Sub-Processor||means any agent, subcontractor or other third party (excluding its employees) engaged by Didimo for carrying out any processing activities on behalf of Customer in respect of the Protected Data.|
Compliance with Applicable Privacy Laws. The parties agree that Customer is a Controller and that Didimo is a Processor for the purposes of processing Protected Data pursuant to the Agreement. Customer shall at all times comply with all Applicable Privacy Laws in connection with the processing of Protected Data. Customer shall ensure all instructions given by it to Didimo in respect of Protected Data (including the terms of this Schedule) shall at all times be in accordance with Applicable Privacy Laws. Nothing in this Schedule relieves either party of any responsibilities or liabilities under the Applicable Privacy Laws.
Didimo’s compliance with Applicable Privacy Laws. Didimo shall process Protected Data in compliance with the obligations placed on it under Applicable Privacy Laws and the terms of this Schedule.
Instructions. Didimo shall only process (and shall ensure that it’s personnel and Sub-Processors only process) the Protected Data in accordance with Customer’s instructions set out at Part A of this Schedule and the terms of this Schedule, except to the extent: (i) that alternative processing instructions are agreed between the parties in writing; or (ii) otherwise required by applicable law (and shall inform Customer of that legal requirement before processing, unless applicable law prevents it doing so on important grounds of public interest). If Didimo believes that any instruction received by it from Customer is likely to infringe the Applicable Privacy Laws it shall **** be entitled to cease to provide the relevant services under the Agreement until the parties have agreed appropriate amended instructions which are not infringing.
Security. To protect the Protected Data against accidental, unauthorised or unlawful destruction, loss, alteration, disclosure or access, Didimo shall implement and maintain the technical and organisational measures in accordance with Didimo’s security commitment set out in Part B of this Schedule.
Sub-processing. Customer authorises the appointment of the Sub-Processors listed at https://privacy.mydidimo.com/subprocessor-list/, which may be updated by Didimo in its discretion from time to time. Prior to the relevant Sub-Processor carrying out any processing activities in respect of the Protected Data, Didimo shall ensure that each Sub-Processor is bound by a written contract containing materially the same obligations as under this Schedule that is enforceable by Didimo and ensure each such Sub-Processor complies with all such obligations. Didimo shall: (i) remain fully liable to Customer under this Schedule for all the acts and omissions of each Sub-Processor as if they were its own (but not to a greater extent than that); and (ii) ensure that all persons authorised by Didimo (including Didimo’s personnel) or any Sub-Processor to process Protected Data are subject to a binding written contractual obligation to keep the Protected Data confidential.
Assistance. Didimo shall (at Customer’s cost) assist Customer in ensuring compliance with Customer’s obligations pursuant to Articles 32 to 36 of the GDPR (and any similar obligations under the Applicable Privacy Laws) taking into account the nature of the processing and the information available to Didimo. Didimo shall (at Customer’s cost) taking into account the nature of the processing, assist Customer (by appropriate technical and organisational measures), insofar as this is possible, for the fulfilment of Customer’s obligations to respond to requests for exercising the Data Subjects’ rights under Chapter III of the GDPR (and any similar obligations under Applicable Privacy Laws) in respect of any Protected Data.
International transfers. Didimo shall not process and/or transfer, or otherwise directly or indirectly disclose, any Protected Data in or to countries outside of the UK or the EEA or to any International Organisation without the prior written authorisation of Customer, unless Didimo has implemented one of the safeguards set out in Chapter V (Articles 44-50) of the GDPR (including use of the Standard Contractual Clauses) prior to such processing/transfer.
Audits and processing. Didimo shall, in accordance with Applicable Privacy Laws, make available to Customer such information that is in its possession or control as is necessary to demonstrate Didimo’s compliance with the obligations placed on it under this Schedule and to demonstrate compliance with the obligations on each party imposed by Article 28 of the GDPR (and under any equivalent Applicable Privacy Laws equivalent to that Article 28), and allow for and contribute to audits, including inspections, by Customer (or another auditor mandated by Customer) for this purpose (subject to a maximum of one audit request in any 12 month period, and provided that such audit is conducted on reasonable notice, during normal business hours in the UK and results in minimal disruption to Didimo’s business).
Personal Data Breach. Didimo shall notify Customer without undue delay and in writing on becoming aware of any Personal Data Breach in respect of any Protected Data.
11.Deletion/Return. Upon termination of provision of the services under the Agreement relating to the processing of Protected Data, at Customer’s cost and Customer’s option, Didimo shall either return all of the Protected Data to Customer or securely dispose of the Protected Data (and thereafter promptly delete all existing copies of it) except to the extent that any applicable law requires Didimo to store such Protected Data.
Part A: Processing Activities
Processing of the Protected Data by Didimo under this Schedule and the Agreement, shall be for the subject-matter, duration, nature and purposes and involve the types of Personal Data and categories of Data Subjects set out in this Part A.
Subject-matter of processing:
To enable Didimo to provide the services and perform its obligations under the Agreement.
Duration of the processing:
Nature and purpose of the processing:
To enable Didimo to provide the services to Customer pursuant to the terms of the Agreement.
Type of Personal Data:
Categories of Data Subjects:
Ordinary Data Subjects (the services provided by Didimo are not intended for vulnerable adults or children), including Customer’s Data Subjects and any User.
Part B: Minimum technical and organisational security measures
In accordance with Applicable Privacy Laws, taking into account the state of the art, the costs of implementation and the nature, scope, context and purposes of the processing of the Protected Data to be carried out under or in connection with this Agreement, as well as the risks of varying likelihood and severity for the rights and freedoms of natural persons and the risks that are presented by the processing, especially from accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to the Protected Data transmitted, stored or otherwise processed, Didimo shall implement appropriate technical and organisational security measures appropriate to the risk, including, as appropriate, those matters mentioned in Articles 32(1)(a) to 32(1)(d) (inclusive) of the GDPR.