Term & Conditions:

Standard Terms of Use

The following terms and conditions govern all use of Grobiz App and all content, services and products available at or through the website (collectively, the “Service”). The Service is owned and operated by Geobull Innovations LLP, a limited liability partnership incorporated in Pune, India under the LLP Act, 2008 having LLPIN AAP-5839 and having its principal place of business at 135/6, Baner,Pune, 411045 India (hereinafter referred to as the “Grobiz”, which expression shall mean and include its heirs, successors and permitted assigns). Grobiz currently uses third parties to accept payments (hereinafter a “Third-Party Payment Processors”). Subscribers will make all payments to Geobull Innovations LLP on behalf of Grobiz using this Third-Party Payment Processors. Geobull Innovations LLP has the right to change the Third-Party Payment Processor or to cease using a Third-Party Payment Processor at any time. Despite any similarity in name, there is no affiliation between the Third-Party Payment Processor and Geobull Innovations LLP, and the Third-Party Payment Processor is not a party to this Agreement. The Service is offered subject to your acceptance without modification of all of the terms and conditions contained herein and all other operating rules, policies (including, without limitation, Grobiz’s Privacy Policy) and procedures that may be published from time to time on this Site by Geobull Innovations LLP on behalf of Grobiz (collectively, “Grobiz”).

Please read this Agreement carefully before accessing or using the Service. If you do not agree to all the terms and conditions of this agreement, you must not access or use any of our services. If these terms and conditions are considered an offer by Grobiz, acceptance is expressly limited to these terms. The Service is available only to at least 16 years old individuals.

1.1 Your Grobiz Account

If you create a social network or mobile application on the Service, you are responsible for maintaining the security of your account , and you are fully responsible for all activities that occur under the account and any other actions taken in connection. You must not describe or assign keywords to your social network in a misleading or unlawful manner, including in a manner intended to trade on the name or reputation of others. Geobull Innovations LLP on behalf of Grobiz may change or remove any description or keyword that it considers inappropriate or unlawful, or otherwise likely to cause Grobiz’s liability. You must immediately notify Grobiz of any unauthorized uses of your mobile application, your account or any other breaches of security. Geobull Innovations LLP on behalf of Grobiz will not be liable for any acts or omissions by You, including any damages of any kind incurred as a result of such acts or omissions.

1.2 Responsibility of Contributors

If you operate a mobile application, post material to the Service, post links on the Service, or otherwise make (or allow any third party to make) material available by means of the Service (any such material, “Content”) or other services, you are entirely responsible for the content of, and any harm resulting from, that Content. That is the case regardless of whether the Content in question constitutes text, graphics, an audio or video file, or computer software. By making Content available, you represent and warrant that:

  • the downloading, copying and use of the Content will not infringe the proprietary rights, including but not limited to the copyright, patent, trademark or trade secret rights, of any third party;
  • if your employer has rights to intellectual property you create, you have either (1) received permission from your employer to post or make available the Content, including but not limited to any software, or (2) secured from your employer a waiver as to all rights in or to the Content;
  • you have fully complied with any third-party licenses relating to the Content, and have done all things necessary to successfully pass through to end users any required terms;
  • the Content does not contain or install any viruses, worms, malware, Trojan horses or other harmful or destructive content;
  • the Content is not spam, is not machine- or randomly-generated, and does not contain unethical or unwanted commercial content designed to drive traffic to third party sites or boost the search engine rankings of third party sites, or to further unlawful acts (such as phishing) or mislead recipients as to the source of the material (such as spoofing);
  • the Content is not pornographic, libelous or defamatory, does not contain threats or incite violence towards individuals or entities, and does not violate the privacy or publicity rights of any third party;
  • your mobile application is not getting advertised via unwanted electronic messages such as spam links on newsgroups, email lists, blogs and websites, and similar unsolicited promotional methods;
  • your mobile application is not named in a manner that misleads your readers into thinking that you are another person or company. For example, your social network’s URL or name is not the name of a person other than yourself or company other than your own; and
  • you have, in the case of Content that includes computer code, accurately categorized and/or described the type, nature, uses and effects of the materials, whether requested to do so or by otherwise.

By submitting Content to Grobiz for inclusion on any services or applications provided by Grobiz, you grant Grobiz a world-wide, royalty-free, and non-exclusive license to reproduce, modify, adapt and publish the Content solely for the purpose of displaying, distributing and promoting your mobile application. If you delete Content, Grobiz will use reasonable efforts to remove it from the Service, but you acknowledge that caching or references to the Content may not be made immediately unavailable. Without limiting any of those representations or warranties, Grobiz has the right (though not the obligation) to, in Grobiz’s sole discretion (1) refuse or remove any content that, in Grobiz’s reasonable opinion, violates any Grobiz policy or is in any way harmful or objectionable, or (2) terminate or deny access to and use of the Service to any individual or entity for any reason, in Grobiz’s sole discretion. Grobiz will have no obligation to provide a refund of any amounts previously paid.

1.11 Copyright Infringement and DMCA Policy

As Grobiz asks others to respect its intellectual property rights, it respects the intellectual property rights of others too. If you believe that material located on or linked to by Grobiz.app or any Grobiz mobile application violates your copyright, you are encouraged to notify Grobiz in accordance with Grobiz. Grobiz will respond to all such notices, including as required or appropriate by removing the infringing material or disabling all links to the infringing material. In the case of a visitor who may infringe or repeatedly infringes the copyrights or other intellectual property rights of Grobiz or others, Grobiz may, in its discretion, terminate or deny access to and use of the Service to such visitor. In the case of such termination, Grobiz will have no obligation to provide a refund of any amounts previously paid to. Intellectual Property. This Agreement does not transfer from Grobiz to you any Grobiz or third party intellectual property, and all right, title and interest in and to such property will remain (as between the parties) solely with Grobiz, grobiz.app, the grobiz.app logo, and all other trademarks, service marks, graphics and logos used in connection with grobiz.app, or the Service are trademarks or registered trademarks of Grobiz’s licensors. Other trademarks, service marks, graphics and logos used in connection with the Service may be the trademarks of other third parties. Your use of the Service grants you no right or license to reproduce or otherwise use any Grobiz or third-party trademarks.

Notwithstanding anything contained in this Agreement, Grobiz shall be the sole and exclusive owner of all the intellectual property developed by you or any developer on your behalf during a project, which shall be deemed to be assigned to you as long as you fulfil all commercial and other obligations towards Grobiz. In case you choose not to fulfil all commercial obligations or breach any term and condition of this Agreement, any use of the Software or the project or any publishing of the Software or the app on the public app stores or any use of the Software or the project/app by you will be considered as an unauthorized use and amount to infringement of the intellectual property rights of Grobiz.

1.12 Changes

Grobiz reserves the right, at its sole discretion, to modify or replace any part of this Agreement. It is your responsibility to check this Agreement periodically for changes. Your continued use of or access to the Service following the posting of any changes to this Agreement constitutes acceptance of those changes. Grobiz may also, in the future, offer new services and/or features through the Service (including, the release of new tools and resources and modification as well as termination of released features). Such new features and/or services shall be subject to the terms and conditions of this Agreement.

1.13 Termination

Grobiz may terminate your access to all or any part of the Service at any time, with or without cause, with or without notice, effective immediately. If you wish to terminate this Agreement or your grobiz.app account (if you have one), you may simply discontinue using the Service. Grobiz can terminate the Service immediately as part of a general shut down of our service. All provisions of this Agreement which by their nature shall survive termination, including, without limitation, ownership provisions, warranty disclaimers, indemnity and limitations of liability.

1.14 Chargebacks

If we receive a chargeback or payment dispute (i.e. PayPal Dispute) from a credit card company or bank, your service and/or project will be suspended without notice. A $100 chargeback fee (issued to recover fees passed on to us by the credit company), plus any outstanding balances accrued as a result of the chargeback(s) must be paid in full before service is restored, files delivered, or any further work is done. Instead of issuing a chargeback, please contact us to address any billing issues. Requesting a chargeback or opening a PayPal dispute for a valid charge from us is fraud, and is never an appropriate or legal means of obtaining a refund.

1.15 Disclaimer of Warranties

The Service is provided “as is”. Grobiz and its suppliers and licensors hereby disclaim all warranties of any kind, express or implied, including, without limitation, the warranties of merchantability, fitness for a particular purpose and non-infringement. Neither Grobiz nor its suppliers and licensors, makes any warranty that the Service will be error free or that access thereto will be continuous or uninterrupted. You understand that you download from, or otherwise obtain content or services through, the Service at your own discretion and risk.

1.16 Limitation of Liability

You expressly understand and agree that Grobiz shall not be liable for any direct, indirect, incidental, special, consequential or exemplary damages, including but not limited to, damages for loss of profits, goodwill, use, data or other intangible losses (even if Grobiz has been advised of the possibility of such damages), resulting from: (i) the use or the inability to use the service; (ii) the cost of procurement of substitute goods and services resulting from any goods, data, information or services purchased or obtained or messages received or transactions entered into through or from the service; (iii) unauthorized access to or alteration of your transmissions or data; (iv) statements or conduct of any third party on the service; (v) any bugs arising in the app; (vi) corruption of application, hacking attacks, security of the app or any other matter relating to the service; (vii) any rejection of your mobile application from any mobile application store or marketplace; (viii) for any amounts that exceed the fees paid by you to Grobiz under this agreement during the twelve (12) month period prior to the cause of action. Grobiz shall have no liability for any failure or delay due to matters beyond their reasonable control. The foregoing shall not apply to the extent prohibited by applicable law.

1.17 General Representation and Warranty

You represent and warrant that (i) your use of the Service will be in strict accordance with the Grobiz Privacy Policy, with this Agreement and with all applicable laws and regulations (including without limitation any local laws or regulations in your country, state, city, or other governmental area, regarding online conduct and acceptable content, and including all applicable laws regarding the transmission of technical data exported from the United States or the country in which you reside) and (ii) your use of the Service will not infringe or misappropriate the intellectual property rights of any third party.

1.18 Indemnification

You agree to indemnify and hold harmless Grobiz, its contractors, and its licensors, and their respective directors, officers, employees and agents, from and against any and all claims, damages, obligations, losses, liabilities, costs or debts, and expenses (including but not limited to attorney’s fees) arising from: (i) your use of and access to the Service; (ii) your violation of any term of these Terms; (iii) your violation of any third party right, including without limitation any copyright, intellectual property, or privacy right; or (iv) any claim that your Content caused damage to a third party; or (v) any rejection of your mobile application from any mobile application store or marketplace, for any reason whatsoever. This defense and indemnification obligation will survive these Terms and your use of the Service.

1.19 User Generated Apps

All apps created on our platform are User Generated Apps, Grobiz does not endorse and has no control over User Generated Apps submitted by you or others and accepts no responsibility whatsoever in connection with or arising therefrom. User Generated Content App created through the Site is not necessarily reviewed by Grobiz prior to posting in Market Place and does not necessarily reflect the opinions or policies of Grobiz. If at any time Grobiz chooses, in its sole discretion, to monitor the Marketplace, Grobiz nonetheless assumes no responsibility for User Generated Apps, no obligation to modify or remove any inappropriate or inaccurate User Generated Apps, and no responsibility for the conduct of the user submitting any User Generated App. Grobiz makes no warranties, express or implied, as to the suitability, accuracy or reliability of any Content and other materials on the Marketplace. Nonetheless, Administrator reserves the right to prevent you from submitting User Generated App and to edit, restrict or remove any User Generated App for any reason at any time. You agree that Administrator shall accept no liability if we prevent, in our sole discretion, your User Generated App from being submitted, or we edit, restrict or remove it. You also agree to permit any other user of this Site and any third-party website on which your User Generated App may be included, to access, view and comment on the material for such user’s personal use.

1.20 Third-Party Services & Third-Party Application Providers

Grobiz apps utilize multiple Third-Party services including but not limited to Shutter Stock, PubNub, Facebook, Google’s (YouTube, Maps, Firebase, Sheets, API.AI), Sinch, Vuforia, AWS, and others. You acknowledge that the license to each Third-Party Service that you obtain, is a binding agreement between you and the Application Provider. For Third-Party Apps, you acknowledge that (i) you are acquiring the license to each Third-Party App from the Application Provider; (ii) Grobiz is not acting as agent for the Application Provider in providing each such Third-Party App to you; and (iii) Grobiz is not a party to the license between you and the Application Provider with respect to that Third-Party App. The Application Provider of each Third-Party App is solely responsible for that Third-Party App, the content therein, any warranties to the extent that such warranties have not been disclaimed, and any claims that you or any other party may have relating to that Third-Party App. In the case of Third-Party Apps, the License Fee is set as the sole discretion of the Third-Party Application Provider and Grobiz does not collect the License Fee on behalf of the Third-Party Application Provider, you will have to pay this directly to the Third-Party Application Provider. The Licensor may change the License Fee at any time.

1.23 Data Ownership Rights

You Own the App, App data (content) and retain copyright and any other rights you already hold in Application that you create, submit, post, transmit or display on, or through, the Service, including any intellectual property rights which subsist in that Application and your User Content, and you are responsible for protecting those rights. However, we reserve rights to lock your app for further viewing, editing or updating, In case your subscription is cancelled.

1.24 Legal Issues & Jurisdiction

This Agreement, and any disputes arising out of or related hereto, shall be governed by the laws of the State of New Delhi, India without regard to its conflict of laws rules. The parties agree that this contract is not a contract for the sale of goods; therefore, this Agreement shall not be governed by codification of Article 2 or 2A of the Uniform Commercial Code, or any references to the Uniform Computer Information Transactions Act or the United Nations Convention on the International Sale of Goods. The district and high courts located in New Delhi, India shall have exclusive jurisdiction to adjudicate any dispute arising out of or relating to this Agreement. Each party hereby consents to the exclusive jurisdiction of such courts. Non-payment shall result in acceleration of the minimum value of this agreement being payable in full. You acknowledge that in the event of such acceleration, the minimum value of this agreement shall be due and payable as minimum liquidated damages because such balance will bear a reasonable proportion to AP’s minimum probable loss from your non-payment, the amount of AP’s actual loss being incapable to calculate. Client agrees to pay all costs and expenses, including but not limited to, attorney fees and court costs, for the collection and/or enforcement of any obligation under this agreement, whether or not a lawsuit or arbitration is commenced.

This Data Processing Addendum (“DPA”) forms part of the Master Subscription Agreement or other written or electronic agreement between Appy Pie (“AP”) and Customer for the purchase of online services (including associated AP offline or mobile components) from AP (identified either as “Services” or otherwise in the applicable agreement, and hereinafter defined as “Services”) (the “Agreement”) to reflect the parties’ agreement with regard to the Processing of Personal Data.

By agreeing to the Agreement, Customer enters into this DPA on behalf of itself and, to the extent required under applicable Data Protection Laws and Regulations, in the name and on behalf of its Affiliates, if and to the extent AP processes Personal Data for which such Affiliates qualify as the Controller. All capitalized terms not defined herein shall have the meaning set forth in the Agreement.

In the course of providing the Services to Customer pursuant to the Agreement, AP may Process Personal Data on behalf of Customer and the Parties agree to comply with the following provisions with respect to any Personal Data, each acting reasonably and in good faith.

HOW THIS DPA APPLIES

If the Customer entity signing this DPA is a party to the Agreement, this DPA is an addendum to and forms part of the Agreement. In such a case, the AP entity that is party to the Agreement is party to this DPA.

If the Customer entity signing this DPA has executed an Order Form with AP or its Affiliate pursuant to the Agreement, but is not itself a party to the Agreement, this DPA is an addendum to that Order Form and applicable renewal Order Forms, and the Appy Pie entity that is party to such Order Form is party to this DPA.

If the Customer entity signing this DPA is neither a party to an Order Form nor the Agreement, this DPA is not valid and is not legally binding. Such entity should request that the Customer entity that is a party to the Agreement execute this DPA.

This DPA shall not replace any comparable or additional rights relating to Processing of Customer Data contained in Customer’s Agreement (including any existing data processing addendum to the Agreement).

1. DEFINITION

“Affiliate” means any entity that directly or indirectly controls, is controlled by, or is under common control with the subject entity. “Control,” for purposes of this definition, means direct or indirect ownership or control of more than 50% of the voting interests of the subject entity.

“Controller” means the entity, which determines the purposes and means of the Processing of Personal Data.

“Customer Data” means what is defined in the Agreement as “Customer Data.” or “Your Data.”

“Data Protection Laws and Regulations” means all laws and regulations, including laws and regulations of the European Union, the European Economic Area and their member states, applicable to the Processing of Personal Data under the Agreement.

“Data Subject” means the individual to whom Personal Data relates.

“GDPR” means the Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation).

“Personal Data” means any information relating to (i) an identified or identifiable natural person and, (ii) an identified or identifiable legal entity (where such information is protected similarly as personal data or personally identifiable information under applicable Data Protection Laws and Regulations), where for each (i) or (ii), such data is Customer Data.

“Processing” means any operation or set of operations which is performed upon Personal Data, whether or not by automatic means, such as collection, recording, organization, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, blocking, erasure or destruction.

“Processor”means the entity which Processes Personal Data on behalf of the Controller.

“Standard Terms of Use Contractual Clauses” means the agreement executed by and between Customer and AP and annexed here in Schedule 4.

2. PROCESSING OF PERSONAL DATA

2.1 Roles of the Parties. The parties acknowledge and agree that with regard to the Processing of Personal Data, Customer is the Controller, Grobiz is a Processor and that Grobiz or members of the Grobiz Group will engage Sub-processors pursuant to clause 5 “Sub-processors” below.

2.2 Customer’s Processing of Personal Data. Customer shall, in its use of the Services, Process Personal Data in accordance with the requirements of Data Protection Laws and Regulations. For the avoidance of doubt, Customer’s instructions for the Processing of Personal Data shall comply with Data Protection Laws and Regulations. Customers shall have sole responsibility for the accuracy, quality, and legality of Personal Data and the means by which Customer acquired Personal Data.

2.3 Grobiz’s Processing of Personal Data. Grobiz shall treat Personal Data as Confidential Information and shall only Process Personal Data on behalf of and in accordance with Customer’s instructions for the following purposes: (i) Processing in accordance with the Agreement and applicable Order Form(s); (ii) Processing initiated by Users in their use of the Services; and (iii) Processing to comply with other reasonable instructions provided by Customer (e.g., via email) where such instructions are consistent with the terms of the Agreement.

2.4 Details of the Processing. The subject-matter of Processing of Personal Data by Grobiz is the performance of the Services pursuant to the Agreement. The duration of the Processing, the nature and purpose of the Processing, the types of Personal Data and categories of Data Subjects Processed under this DPA are further specified in Schedule 3 (Details of the Processing) to this DPA.

3. RIGHTS OF DATA SUBJECTS

3.1 Data Subject Request. AP shall, to the extent legally permitted, promptly notify Customer if AP receives a request from a Data Subject to exercise the Data Subject’s right of access, right to rectification, restriction of Processing, erasure (“right to be forgotten”), data portability, object to the Processing, or its right not to be subject to an automated individual decision making (“Data Subject Request”). Taking into account the nature of the Processing, AP shall assist Customer by appropriate technical and organizational measures, insofar as this is possible, for the fulfilment of Customer’s obligation to respond to a Data Subject Request under Data Protection Laws and Regulations. In addition, to the extent Customer, in its use of the Services, does not have the ability to address a Data Subject Request, AP shall upon Customer’s request provide commercially reasonable efforts to assist Customer in responding to such Data Subject Request, to the extent AP is legally permitted to do so and the response to such Data Subject Request is required under Data Protection Laws and Regulations. To the extent legally permitted, Customer shall be responsible for any costs arising from AP’s provision of such assistance.

3.2 Data Subject Access Request (DSAR). If you wish to request for a DSAR, all you need to do is send us an email at security@grobiz.app and we’ll respond at the earliest. AP shall, in the event of Data Subject Access Request (DSAR) from a data subject, furnish and send a report to the data subject within one calendar month of receipt of request. DSAR is essentially a request from a data subject for a copy of the personal data being processed by the Controller and an explanation of the purpose for which this personal data is being used.Typically the DPO responds back within 15 days, however the response time is never more than 30 days. In accordance with Article 15 of GDPR, individuals have the right to ask for the following information from AP:

  • What personal data is being processed
  • The purposes for which the personal data is being processed
  • Who has the personal data or who will it be disclosed to
  • The existence of any automated decision-making, including profiling. And, at least where this produces legal or similarly significant effects, what logic is being used for that purpose.
  • How long will the data be retained for (or at least the criteria used to determine this)
4. Grobiz PERSONNEL

4.1 Confidentiality. Grobiz shall ensure that its personnel engaged in the Processing of Personal Data are informed of the confidential nature of the Personal Data, have received appropriate training on their responsibilities and have executed written confidentiality agreements. Grobiz shall ensure that such confidentiality obligations survive the termination of the personnel engagement.

4.2 Reliability. Grobiz shall take commercially reasonable steps to ensure the reliability of any Grobiz personnel engaged in the Processing of Personal Data.

4.3 Limitation of Access. Grobiz shall ensure that Grobiz’s access to Personal Data is limited to those personnel who require such access to perform the Agreement.

5. SECURITY

5.1 Controls for the Protection of Personal Data. Grobiz shall maintain administrative, physical and technical safeguards designed for protection of the security (including protection against unauthorized or unlawful Processing and against accidental or unlawful destruction, loss or alteration or damage, unauthorized disclosure of, or access to, Customer Data), confidentiality and integrity of Customer Data, including Personal Data.

5.2 SOC 1 Report. Upon Customer’s written request no more frequently than once annually, Grobiz shall provide to Customer a copy of Grobiz’s the most recent service organization controls (SOC) 1 report for the Services. Grobiz may require Customer to sign a nondisclosure agreement reasonably acceptable to Grobiz before Grobiz provides a copy of such a report to Customer.

6. SECURITY BREACH MANAGEMENT AND NOTIFICATION

Grobiz has robust incident response management policies and data breach response policy in place and adheres to the procedures in case of any data breach and shall notify Customer without undue delay after becoming aware of the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to Customer Data, including Personal Data, transmitted, stored or otherwise Processed by AP or its Sub-processors of which Grobiz becomes aware (a “Customer Data Incident”) within 72 hours of confirmation of the incident via email and/or phone.

Once Grobiz notifies their Customers, it becomes the Customers’ responsibility to notify their app users or “Data Subjects” about the data breach within 72 hours of the confirmation of the incident by Grobiz. You agree to indemnify and hold harmless Grobiz, its contractors, and its licensors, and their respective directors, officers, employees and agents, from and against any and all claims, damages, obligations, losses, liabilities, costs or debts, and expenses (including but not limited to attorney’s fees) arising from your inability to notify your users or Data Subjects about the data breach within 72 hours.

7. RETURN AND DELETION OF CUSTOMER DATA

Grobiz shall return Customer Data to Customer and, to the extent allowed by applicable law, delete Customer Data in accordance with the procedures and timeframes specified in the Agreement.

8. AUTHORIZED AFFILIATES

8.1 Contractual Relationship. The parties acknowledge and agree that, by executing the Agreement, Customer enters into the DPA on behalf of itself and, as applicable, in the name and on behalf of its Affiliates, thereby establishing a separate DPA between AP and each such Affiliate subject to the provisions of the Agreement, this Clause 9, and Clause 10 below. Each Affiliate agrees to be bound by the obligations under this DPA and, to the extent applicable, the Agreement. For the avoidance of doubt, an Affiliate is not and does not become a party to the Agreement, and is only a party to the DPA. All access to and use of the Services by Affiliates must comply with the terms and conditions of the Agreement, and Customer shall deem any violation of the terms and conditions of the Agreement by an Affiliate a violation.

8.2 Communication.The Customer that is the contracting party to the Agreement shall remain responsible for coordinating all communication with Grobiz under this DPA and be entitled to make and receive any communication in relation to this DPA on behalf of its Affiliates

9. LIMITATION OF LIABILITY

Each party’s and all of its Affiliates’ liability, taken together in the aggregate, arising out of or related to this DPA, and all DPAs between Affiliates and AP, whether in contract, tort or under any other theory of liability, is subject to the “Limitation of Liability” clause of the Agreement, and any reference in such clause to the liability of a party means the aggregate liability of that party and all of its Affiliates under the Agreement and all DPAs together.

10. EUROPE-SPECIFIC PROVISIONS

10.1 GDPR. With effect from 25 May 2018, AP will Process Personal Data in accordance with the GDPR requirements directly applicable to AP’s provision of its Services.

10.2 Data Protection Impact Assessment. With effect from 25 May 2018, upon Customer’s request, AP shall provide Customer with reasonable cooperation and assistance needed to fulfill Customer’s obligation under the GDPR to carry out a data protection impact assessment related to Customer’s use of the Services, to the extent Customer does not otherwise have access to the relevant information, and to the extent such information is available to AP. AP shall provide reasonable assistance to Customer in the cooperation or prior consultation with the Supervisory Authority in the performance of its tasks relating to this Clause 9.2, to the extent required under the GDPR.

10.3 Transfer Mechanisms for Data Transfers. Subject to the terms of this DPA (including Clauses 11.4 and 11.5 below), AP makes available the transfer mechanisms listed below which shall apply, in the order of precedence as set out below in this Clause 11.3, to any online transfers of Personal Data under this DPA from the European Union, the European Economic Area and/or their member states, Switzerland and the United Kingdom to countries which do not ensure an adequate level of data protection within the meaning of Data Protection Laws and Regulations of the foregoing territories, to the extent such transfers are subject to such Data Protection Laws and Regulations:

1. AP’S EU-U.S. and Swiss-U.S. Privacy Shield Framework self-certifications apply to the Services listed in Schedule 2 (EU-US and Swiss-US Privacy Shield Services) to this DPA (the “EU-US and Swiss-US Privacy Shield Services”), subject to the additional terms in Clause 11.4 below

2. The Standard Terms of Use Contractual Clauses set forth in Schedule 4 to this DPA apply to the Services offered by AP subject to the additional terms in Clause 11.5 below.

In the event that Services are covered by more than one transfer mechanism, the transfer of Personal Data will be subject to a single transfer mechanism in accordance with the following order of precedence: (1) AP’s EU-U.S. and Swiss-U.S. Privacy Shield Framework self-certifications and, (2) the Standard Terms of Use Contractual Clauses.

10.4 Additional Terms for EU-US and Swiss-US Privacy Shield Services. Appy Pie LLC (Third-Party Payment Processor) self-certifies to and complies with the EU-U.S. and Swiss-U.S. Privacy Shield Frameworks, as administered by the US Department of Commerce, and shall ensure that it maintains its self-certification to and compliance with the EU-U.S. and Swiss-U.S. Privacy Shield Frameworks with respect to the Processing of Personal Data that is transferred from the European Economic Area and/or Switzerland to the United States.

10.5 Additional Terms for Services offered by AP.

10.5.1 Customers covered by the Standard Terms of Use Contractual Clauses. The Standard Terms of Use Contractual Clauses and the additional terms specified in this Clause 11.5.1 apply to (i) the legal entity that has executed the Standard Terms of Use Contractual Clauses as a data exporter and its Affiliates and, (ii) all Affiliates of Customer established within the European Economic Area, Switzerland and the United Kingdom, which have signed Order Forms for the Services offered by AP. For the purpose of the Standard Terms of Use Contractual Clauses and this Clause 11.5, the aforementioned entities shall be deemed “data exporters”.

10.5.2 Instructions. This DPA and the Agreement are Customer’s complete and final instructions at the time of signature of the Agreement to AP for the Processing of Personal Data. Any additional or alternate instructions must be agreed upon separately. For the purposes of Clause 5(a) of the Standard Terms of Use Contractual Clauses, the following is deemed an instruction by the Customer to process Personal Data: (a) Processing in accordance with the Agreement and applicable Order Form(s); (b) Processing initiated by Users in their use of the Services offered by AP and (c) Processing to comply with other reasonable instructions provided by Customer (e.g., via email) where such instructions are consistent with the terms of the Agreement.

10.5.3 Appointment of New Sub-processors and List of Current Sub-processors. Customer acknowledges and expressly agrees that (a) AP’s Affiliates may be retained as Sub-processors; and (b) AP and AP’s Affiliates respectively may engage third-party Sub-processors in connection with the provision of the Services offered by AP. AP shall make available to Customer the current list of Sub-processors in accordance with Clause 5.2 of this DPA

10.5.4 Notification of New Sub-processors and Objection Right for New Sub-processors. Customer acknowledges and expressly agrees that AP may engage new Sub-processors as described in Clauses 5.2 and 5.3 of the DPA.

10.5.5 Copies of Sub-processor Agreements. The parties agree that AP will provide the copies of the Sub-processor agreements that have all commercial information only upon request by Customer.

10.5.6 Audits and Certifications. The parties agree that the audits shall be carried out in accordance with the following specifications: Upon Customer’s request, and subject to the confidentiality obligations set forth in the Agreement, AP shall make available to Customer (or Customer’s independent, third-party auditor that is not a competitor of AP and that has signed nondisclosure agreement reasonably acceptable to AP) information regarding the AP Group’s compliance with the obligations set forth in this DPA in the form of AP’s SOC 1 report and, for its Sub-processors and its subsidiaries, the third-party certifications and audits set forth in the Security, Privacy and Architecture Documentation located at www.grobiz.app makes them generally available to its customers. Following any notice by AP to Customer of an actual or reasonably suspected unauthorized disclosure of Personal Data, upon Customer’s reasonable belief that AP is in breach of its obligations in respect of protection of Personal Data under this DPA, or if such audit is required by Customer’s Supervisory Authority, Customer may contact AP in accordance with the “Notices” Clause of the Agreement to request an audit at AP’s premises of the procedures relevant to the protection of Personal Data. Any such request shall occur no more than once annually, save in the event of an actual or reasonably suspected unauthorized access to Personal Data. Customer shall reimburse AP for any time expended for any such on-site audit at the AP Group’s then-current professional services rates, which shall be made available to Customer upon request. Before the commencement of any such on-site audit, Customer and AP shall mutually agree upon the scope, timing, and duration of the audit in addition to the reimbursement rate for which Customer shall be responsible. All reimbursement rates shall be reasonable; taking into account the resources expended by AP. Customer shall promptly notify AP with information regarding any non-compliance discovered during the course of an audit.

10.5.7 Certification of Deletion. The parties agree that AP shall provide the certification of deletion of Personal only upon Customer’s request.

10.5.8 Conflict. In the event of any conflict or inconsistency between the body of this DPA and any of its Schedules and the Standard Terms of Use Contractual Clauses in Schedule 4, the Standard Terms of Use Contractual Clauses shall prevail.

1. PARTIES TO THIS DPA

The Section “HOW THIS DPA APPLIES” specifies how AP is party to this DPA.

2. UNRESOLVED PRIVACY OR DATA USE DISPUTES

In the event that AP was unable to satisfactorily address or resolve any privacy or data use concern then please contact us by writing an email to us on privacy@grobiz.com.