Last Updated: October 1, 2020
Welcome to Inkit Inc.’s Terms of Service.
These Terms of Service (the “Terms”) govern the use of Inkit’s services (the “Services”), which include its website, software, and mobile app, as well as any information, data, text, images, videos, audio files, content, and other materials uploaded to or downloaded from, stored on, obtained via, or transmitted through the Services (collectively, the “Content”).
Please read these Terms carefully. By accessing or using the Services or by clicking to accept the Terms when that option is made available to you, you agree to be bound by these Terms. If you do not agree, do not access or use the Services.
Through the Services, Inkit provides a technology platform that allows its customers to efficiently communicate with and manage third-party vendors. Specifically, the Services allow users to manage, render, store, verify, and transmit images, materials, addresses, information, and other Content to vendors in order for those vendors to provide underlying services (e.g., printing, mailing, swag creation, and order distribution). The Services also allows users to render PDF documents from HTML data using the users’ own data sources. As such, Inkit serves as a core data and service orchestration platform for its users. Importantly, Inkit does not provide, and is not responsible for, any underlying vendor services.
Users who create an account to use the Services may be referred to in these Terms as “Customers.” Content submitted by Customers may be referred to in these Terms as “Customer Data.” Vendors that provide the vendor services described above may be referred to in these Terms as “Vendors.”
A. Compliance.
You are solely responsible for your use of the Services and the Content, including all actions (whether or not authorized) taken by your account. You must use the Services and the Content in compliance with these Terms and all applicable local, state, national, and international laws, rules, and regulations.
B. User Accounts.
In order to access certain features of the Services, you must register a user account. All information you provide as part of this process must be complete and accurate. You agree not let any other person or entity use your account. You are responsible for the actions taken by your account and for safeguarding your username and password. Inkit encourages you to use “strong” passwords (passwords that use a combination of upper- and lowercase letters, numbers, and symbols) and a password manager. Inkit is not liable for any loss or damage arising from your failure to do so. If you know of or reasonably suspect a breach of security related to your account, you must immediately notify Inkit and modify your login information. Inkit reserves the right to remove or reclaim usernames for any reason.
C. Use and Conduct Restrictions.
You are allowed to use the Services as long as you follow the basic rules described in these Terms. If Inkit suspects that you have violated any of the rules below or elsewhere in these Terms, Inkit has the right to terminate your use of the Services and to take other actions it deems appropriate. You agree not to: (i) modify, copy, or create derivative works based on the Services; (ii) license, sell, resell, lease, distribute, or otherwise commercially exploit as a standalone product, or make available to any third party, the Services, any component of the Services, or any Content not owned by you (unless the Content is expressly licensed to you for such purpose); (iii) reverse engineer, decompile, or otherwise derive the source code and other intellectual property underlying the Services or attempt to do any of the foregoing (except to the extent applicable law prohibits restrictions on reverse engineering); (iv) distribute via, or store on, the Services unlawful, offensive, or tortious material; (v) use the Services or the Content, or cause the Services or the Content, to infringe upon or violate any third-party intellectual property or other proprietary right; (vi) attempt to gain unauthorized access to the Services, the Content, or the related systems or networks; (vii) access or search, or attempt to access or search, the Services or the Content by any means (automated or otherwise) other than through currently available, published interfaces; (viii) probe, scan, or test the vulnerability of any system or network related to the Services or breach or circumvent Inkit’s security measures; (ix) interfere with or disrupt the integrity or performance of the Services, the data contained therein, or the servers or networks connected to the Services; (x) send via, upload to, or store on the Services any viruses, worms, time bombs, trojan horses, or other harmful or malicious code, files, scripts, agents, or programs; (xi) use the Services or the Content to phish, pharm, pretext, spider, crawl, or scrape; (xii) alter, remove, or suppress any copyright, trademark, or other proprietary notice displayed by the Services; (xiii) access the Services in order to build a competitive product or service or copy any features, functions, or other component of the Services; (xiv) use the Services to harass, defame, slander, or intimidate; (xv) use the Services or the Content for any illegal or unauthorized purpose; and (xvi) engage in any act that Inkit deems to be in conflict with the spirit or intent of the Services or these Terms.
D. Vendors.
Each Customer is solely responsible for selecting and working with its own Vendors. You acknowledge and agree that Inkit, as a technology platform only, bears no responsibility for any Vendor, the associated services, or whether a Third-Party’s platform, software, or services properly integrate with the Services.
A. Payment Authorization.
All online payments for the Services are processed by Stripe, a third-party payment processor. By using any payment feature of the Services, you agree to be bound by Stripe’s Connected Account Agreement (available at https://stripe.com/connect/acount-terms), in addition to these Terms. Further, when you authorize Inkit (and Stripe) to charge your selected online payment method, you are expressly authorizing Inkit (and Stripe) to charge that payment method for the authorized amount and to use and share your information related to your selected payment method (e.g., your credit card number) to and from third parties for that purpose.
In the event you elect to be billed on a recurring basis for a subscription to the Services, you expressly authorize Inkit (and Stripe) to charge your selected payment method on a recurring basis without further authorization for each recurring charge. Inkit will provide you with notice at least 10 days before changing the price for your subscription fees. If you do not cancel your subscription during that period, you thereby accept the price change.
B. Payment Information.
As part of the payment process, you are required to provide current, complete, and accurate payment information. You must keep your account information and payment method current and you must promptly notify Inkit if your payment method is canceled or if you become aware of a potential breach of security. Please refer to Inkit’s privacy policy for further information about how Inkit uses your personal data.
A. General.
Users may submit Content through or onto the Services (i.e., Customer Data). For example, a Customer may send images, via the Services, to a Vendor in order for those images to be printed and mailed by the Vendor. Similarly, a Vendor may send Content back to a Customer once the Customer’s order has been fulfilled. All Content is the sole responsibility of the person or entity that originated that Content. Inkit does not take responsibility for user-provided Content or independently verify, or warrant the accuracy or completeness, of such Content.
B. Content Submission.
By submitting Content (whether as a Customer or as a Vendor), you represent that: (i) such Content is true, accurate, and not mis-leading; (ii) such Content and its distribution via the Services does not violate any laws, contractual restrictions, or other third-party rights, including copyright, trademark, privacy, personality, or other personal or proprietary right; (iii) such Content does not contain viruses, adware, spyware, worms, or other malicious code; (iv) such Content does not contain social security numbers or personal health data; and (v) you have all the rights, power, and authority necessary to submit, use, and distribute the Content originating with you in connection with the Services and to grant the rights granted in the Terms regarding any such Content. You agree to accept full liability for all Content submitted by you or on your behalf.
C. License Grant & Assignment.
You retain your rights in Content that you submit to the Services. But you grant Inkit a worldwide, non-exclusive, royalty-free, perpetual, irrevocable license (with the right to sublicense) to use, copy, reproduce, process, adapt, modify, publish, transmit, and display that Content in any and all media or distribution methods (now known or later developed) for the following purposes only: (i) to provide the Services; (ii) to improve the Services; and (iii) as otherwise expressly permitted by these Terms.
D. Feedback.
In the event you provide to Inkit an idea, suggestion, recommendation, or other feedback regarding the Services (collectively, the “Feedback”), you agree that Inkit has the right to use, disclose, reproduce, license, distribute, exploit, and incorporate into the Services such Feedback as it sees fit, without obligation (including any obligation to pay you) or restriction of any kind. By providing Feedback, you assign and license to Inkit all, right, title, and interest in and to such Feedback, including any intellectual property rights related thereto.
E. Data Processing Addendum.
If you are a Customer, to the extent your Customer Data contains any Personal Data (as defined in the Data Processing Addendum) that is subject to Data Protection Laws and Regulations (as defined in the Data Processing Addendum) and Inkit processes that Personal Data on your behalf, the terms of the data processing addendum at www.inkit.com/legal/dpa (“Data Processing Addendum”) apply. In such event, the Data Processing Addendum is incorporated into these Terms by reference, and you agree to comply with the Data Processing Addendum’s terms.
A. Reliance on Content.
Your use of, and reliance on, any Content, whether user-provided or not, is at your own risk. Inkit does not endorse, support, or guarantee that such Content is complete, truthful, or reliable. Inkit is not liable for any Content (including errors or omissions in the Content), nor any loss or damages resulting from the use of, or reliance on, that Content.
B. Right to Remove Content.
Inkit has the right, but not the obligation, to review, edit, refuse to post, delete, disable access to, or otherwise make unavailable any Content, including user-provided Content, without notice and for any reason.
A. Inkit’s Rights.
All right, title, and interest in and to the Services, the Content (excluding user-provided Content), and any intellectual property related thereto are Inkit’s exclusive property. The Services are protected by copyright, trademark, and other laws of both the United States and foreign countries, as further discussed in Section 7.
B. Your License.
Inkit hereby grants you a personal, limited, non-exclusive, non-transferrable, non-sublicensable license to use the Services solely as contemplated by these Terms. This license is for the sole purpose of enabling you to use and enjoy the benefit of the Services as provided by Inkit in the manner permitted by these Terms. You agree not to use the Services or related intellectual property for any other purpose.
A. Trademarks.
The trademarks, service marks, logos, and other distinctive brand features used as part of or displayed through the Services (the “Trademarks”) are registered or unregistered trademarks of Inkit or third parties. You may not use any of these Trademarks without the prior, written approval from the trademark owner. Nothing related to the Services grants you, expressly or implicitly, any right or license to use any of these Trademarks or may be construed to mean Inkit has the authority to grant any right or license on behalf of any third-party trademark owner.
B. Copyright.
Much of the Content throughout the Services is protected by copyright laws and may be covered by other restrictions as well. Such Content is proprietary to Inkit or used consistent with the owner’s permission or applicable law or regulation. Inkit retains all rights it may hold, including copyright, in its Content. Copyrights and other proprietary rights in the Content may also subsist in individuals and entities other than, or in addition to, Inkit. Inkit expressly prohibits the copying of any such protected Content, except as expressly permitted by these Terms.
C. Reservation of Rights.
All rights not expressly granted by Inkit herein are specifically reserved. Subject to Section 6(B), nothing in the Services or these Terms grants you, expressly or implicitly, any right or license to use any content or property of any third party or may be construed to mean that Inkit has the authority to grant any right or license on behalf of any third party.
D. Copyright Policy.
Inkit reserves the right to remove Content alleged to be infringing without prior notice, at its discretion, and without liability to you. Inkit will respond to notices of alleged copyright infringement that comply with applicable law and that are properly provided to it. Inkit’s designated copyright agent for notice of alleged copyright infringement is:
Copyright Agent
Inkit Inc.
619 S 10th St., #301
Minneapolis, MN 55404
privacy@inkit.com
Any information that you provide to Inkit is subject to Inkit’s privacy policy. The privacy policy, which can be found at https://www.inkit.com/legal#privacy-policy, is incorporated into the Terms by reference. You understand that by using the Services you consent to the collection and use of your information as detailed in that policy.
These Terms apply until you or Inkit terminate this agreement. In the event you have created a user account and want to terminate this agreement, you must do so via the Services’ cancellation feature or by sending an email to contact@inkit.com that clearly states you would like to deactivate your account. In the event you have not created a user account, you may end this agreement simply by no longer accessing the Services. Inkit may cease providing you with all or part of the Services and terminate this agreement at any time for any reason. This section doesn’t affect Inkit’s rights to change, limit, or stop providing the Services without prior notice. When this agreement terminates, all of the Terms terminate, except that the following sections will continue to apply: 4 (User-Provided Content), 5 (All Content), 6A (Inkit’s Rights), 7 (Intellectual Property), 8 (Privacy), 10 (Disclaimers and Limitations of Liability), and 11 (Miscellaneous).
Please read this section carefully since it limits the liability of Inkit and its parents, subsidiaries, affiliates, related companies, managers, officers, directors, employees, agents, representatives, partners, and licensors (collectively, the “Inkit Entities”). Each of the subsections below applies only up to the maximum extent permitted under applicable law. Some jurisdictions do not allow the disclaimer of implied warranties or the limitation of liability in contracts, and as a result, the contents of this section may not apply to you. Nothing in this section is intended to limit any rights you may have that may not be lawfully limited.
A. The Services are Available “As-Is.”
Your use of the Services and the Content is at your own risk. Except as expressly set forth in these Terms, the Services (including its related services and features) are provided to you on an “AS IS” and “AS AVAILABLE” basis. Without limiting the foregoing, to the maximum extent permitted under applicable law, THE INKIT ENTITIES DISCLAIM ALL WARRANTIES AND CONDITIONS, WHETHER EXPRESS OR IMPLIED, INCLUDING WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, COPYRIGHT OWNERSHIP, AND NONINFRINGEMENT.
The Inkit Entities make no warranty and disclaim all responsibility and liability for: (i) the completeness, accuracy, availability, timeliness, security, or reliability of the Services or the Content, whether user-supplied or not; (ii) any harm to your computer system, loss of data, or other harm that results from your access to or use of the Services or Content; (iii) the deletion of, or the failure to store or to transmit, Content and other communications maintained by the Inkit Entities; and (iv) whether the Services will meet your requirements or be available on an uninterrupted, prompt, secure, or error-free basis. No advice or information, whether oral or written, obtained from the Inkit Entities or through the Services will create any warranty not expressly made herein.
B. Links.
The Services may contain links to third-party websites and resources. The Inkit Entities are not responsible or liable for: (i) the availability or accuracy of such websites or resources; or (ii) the content, products, or services on or available from such websites or resources. Links to such websites or resources do not imply any endorsement by the Inkit Entities of such websites or resources or the content, products, or services available from such websites or resources. You acknowledge sole responsibility for and assume all risk arising from your use of any such websites or resources.
C. Limitation of Liability.
TO THE MAXIMUM EXTENT PERMITTED BY LAW, THE INKIT ENTITIES ARE NOT LIABLE FOR ANY INDIRECT, INCIDENTAL, SPECIAL, CONSEQUENTIAL, OR PUNITIVE DAMAGES, OR ANY LOSS OF PROFITS OR REVENUES, WHETHER INCURRED DIRECTLY OR INDIRECTLY, OR ANY LOSS OF DATA, USE, GOODWILL, OR OTHER INTANGIBLE LOSSES, RESULTING FROM: (I) THE SERVICES; (II) THE CONTENT; (III) YOUR USE OF, INABILITY TO USE, OR THE PERFORMANCE OF THE SERVICES; (IV) ANY ERRORS OR OMISSIONS IN THE SERVICES OR THE CONTENT; OR (V) ANY ACTION OR INACTION BY ANY THIRD PARTY, INCLUDING (WITHOUT LIMITATION) WHETHER A VENDOR’S PLATFORM, SOFTWARE, OR SERVICES PROPERLY INTEGRATE WITH INKIT’S SERVICES OR WHETHER A CUSTOMER’S DATA AND ITS DISSEMINATION COMPLIES WITH APPLICABLE LAW.
IN NO EVENT SHALL THE AGGREGATE LIABILITY OF THE INKIT ENTITIES EXCEED THE GREATER OF $2,500 OR THE AMOUNT YOU PAID INKIT, IF ANY.
THE LIMITATIONS OF THIS SUBSECTION APPLY TO ANY THEORY OF LIABILITY, WHETHER BASED ON WARRANTY, CONTRACT, STATUTE, TORT (INCLUDING NEGLIGENCE), OR OTHERWISE, AND WHETHER OR NOT THE INKIT ENTITIES HAVE BEEN INFORMED OF THE POSSIBILITY OF ANY SUCH DAMAGE, AND EVEN IF A REMEDY SET FORTH HEREIN IS FOUND TO HAVE FAILED OF ITS ESSENTIAL PURPOSE.
YOU AGREE THAT, IN THE EVENT YOU INCUR ANY DAMAGES, LOSSES, OR INJURIES THAT ARISE OUT OF INKIT'S ACTS OR OMISSIONS, THE DAMAGES, IF ANY, CAUSED TO YOU ARE NOT IRREPARABLE OR SUFFICIENT TO ENTITLE YOU TO AN INJUNCTION PREVENTING ANY EXPLOITATION OF ANY WEBSITE, SERVICE, PROPERTY, PRODUCT, OR OTHER CONTENT OWNED OR CONTROLLED BY THE INKIT ENTITIES, AND YOU WILL HAVE NO RIGHTS TO ENJOIN OR RESTRAIN THE DEVELOPMENT, PRODUCTION, DISTRIBUTION, ADVERTISING, EXHIBITION, OR EXPLOITATION OF ANY WEBSITE, PROPERTY, PRODUCT, SERVICE, OR OTHER CONTENT OWNED OR CONTROLLED BY THE INKIT ENTITIES.
BY ACCESSING THE SERVICES, YOU UNDERSTAND THAT YOU MAY BE WAIVING RIGHTS WITH RESPECT TO CLAIMS THAT ARE AT THIS TIME UNKNOWN OR UNSUSPECTED, AND IN ACCORDANCE WITH SUCH WAIVER, YOU ACKNOWLEDGE THAT YOU HAVE READ, UNDERSTAND, AND EXPRESSLY WAIVE THE BENEFITS OF SECTION 1542 OF THE CIVIL CODE OF CALIFORNIA (AND ANY SIMILAR LAW OF ANY STATE OR TERRITORY), WHICH PROVIDES: "A GENERAL RELEASE DOES NOT EXTEND TO CLAIMS WHICH THE CREDITOR DOES NOT KNOW OR SUSPECT TO EXIST IN HIS FAVOR AT THE TIME OF EXECUTING THE RELEASE, WHICH IF KNOWN BY HIM MUST HAVE MATERIALLY AFFECTED HIS SETTLEMENT WITH THE DEBTOR."
D. Indemnity.
You hereby indemnify the Inkit Entities from any demand, damages, liability, expenses, and losses, including reasonable attorneys’ fees, relating to any third-party claim, suit, action, or proceeding related to or arising out of: (i) your use or misuse of the Services or the Content; (ii) any Customer Data or other Content provided or submitted by you; (iii) any breach or alleged breach by you of these Terms; and (iv) any misrepresentation made by you in connection with this agreement. Inkit reserves the right to assume the exclusive defense and control of any matter subject to indemnification by you.
A. Evolving Services.
The Services are always evolving and may change from time to time without notice. Inkit may stop (permanently or temporarily) providing the Services (or any feature) to you or to users generally and may not be able to provide you with notice. Further, Inkit may modify the Services at its discretion. New features will be subject to these Terms.
B. Changes to Terms.
Inkit may revise these Terms from time to time. The most current version will always be located here. If the revision, in Inkit’s discretion, is material, Inkit will notify you via email to the email address associated with your account or by posting notice to its website. In consideration for your access to the Services, you agree to check back here from time to time to determine if the Terms have been revised. By continuing to access or use the Services after those revisions become effective, you agree to be bound by the revised Terms.
C. User Requirements for Individuals.
In order to use the Services, you must be able to form a binding contract with Inkit. If you are an individual under the age to form a binding contract with Inkit under appliable law, you may not access or use the Services.
D. Company Representatives.
If you are accessing or using the Services on behalf of a company, you represent that you have authority to bind that company to this agreement, and in such case, “you” and “your” refer to that company throughout this agreement.
E. Waiver and Severability.
Inkit’s failure to enforce any right or provision in these Terms is not a waiver of that right or provision. Any waiver must be in writing and signed by an authorized Inkit representative. In the event that any provision of these Terms (in whole or in part) is held to be invalid or unenforceable, then that provision will be limited or eliminated to the minimum extent necessary and the remaining provisions of these Terms will remain in effect.
F. Controlling Law and Arbitration.
The Terms and any related actions are governed by Delaware law, without regard to or application of Delaware’s conflict of law provisions or those of any other jurisdiction, including your state or country of residence. YOU AGREE THAT ANY CAUSE OF ACTION, CONTROVERSY, OR CLAIM ARISING OUT OF OR RELATED TO THE USE OF THE SERVICES OR THE CONTENT BETWEEN INKIT AND YOURSELF OR AS TO THE CONSTRUCTION, INTERPRETATION, AND EFFECT OF THIS AGREEMENT MUST BE SUBMITTED EXCLUSIVELY TO ARBITRATION BEFORE THE AMERICAN ARBITRATION ASSOCIATION, IN ACCORDANCE WITH ITS APPLICABLE RULES, IN LOS ANGELES, CALIFORNIA. AN AWARD OF ARBITRATION MAY BE CONFIRMED IN A COURT OF COMPETENT JURISDICTION. You agree that you and Inkit are each waiving the right to a trial by jury and to participate in a class action or class arbitration. The following is a list of exceptions to the foregoing dispute resolution requirements:
G. Entire Agreement.
The Terms are the entire and exclusive agreement between Inkit and you regarding the Services and Content (excluding any separate written agreement with Inkit that is expressly in addition to these Terms), and these Terms supersede and replace any prior agreements between Inkit and you regarding the Services and Content.
H. Construction.
The headings in this agreement are inserted for reference only and do not limit the scope, extent, or intent of the agreement or its provisions. As used in this agreement, the words “include” and “including,” and variations, are considered to be followed by the words “without limitation.”
I. Contact Information.
The Services are operated and provided by:
Inkit Inc.
619 S 10th St., #301
Minneapolis, MN 55404
Last Updated: October 1, 2020
Welcome to Inkit Inc.’s privacy policy.
This privacy policy describes how Inkit collects, uses, stores, secures, and shares your information when you use or access its Services (as that term is defined in the Terms of Services, which is located at https://www.inkit.com/legal#terms-of-service).
Please read this policy carefully so you understand what information Inkit collects and how Inkit uses it. By using or accessing the Services, you agree to be bound by this privacy policy’s terms. This privacy policy applies to all users, regardless of whether you register an account.
In order to provide and improve the Services and to operate its business, Inkit collects various types of information, including information that identifies you or may identify you. What information Inkit collects and how Inkit collects it is described below.
A. Information Provided by You.
When you use Inkit’s website or Services, Inkit collects the following information if and when you submit it:
Inkit collects this information when you create an account, fill out a form, send Inkit an email, subscribe to a newsletter, or otherwise submit information to Inkit.
B. Information Collected Automatically.
In addition, Inkit (and its service providers and business partners) may automatically log the following information about you, your computer, your mobile device, and your activity on the Services:
Inkit (and its service providers and business partners) facilitate the collection of this information by using the following technologies:
C. Information Collected from Third Parties.
Inkit may combine personal information that it receives from you with personal information it obtains from other sources, such as its Customers, affiliates, data providers, business partners (e.g., joint marketing partners or event co-sponsors), and publicly accessible sources (e.g., social media platforms).
Inkit does not use your personal information, except as described in this privacy policy. Inkit may use the information it collects for the following purposes:
Inkit does not share your personal information with third parties, except as described in this privacy policy. Inkit may share your information in the following circumstances:
Certain links throughout the Services may direct you away from the Services. Inkit is not responsible for, and cannot control, the privacy practices of other sites and third parties. Once you leave Inkit’s Services, information subsequently collected is no longer governed by this privacy policy.
Inkit takes reasonable measures to protect your information from unauthorized access and against loss, misuse, and alteration by third parties. Although Inkit makes reasonable, good faith efforts to store the information collected through the Services in a private, secure operating environment, Inkit cannot guarantee its absolute security during its transmission or its storage. Further, while Inkit attempts to ensure the integrity and security of its network and systems, it cannot guarantee that its security measures will prevent third parties (e.g., “hackers”) from illegally accessing this information. Except to the extent that it is specifically set forth in a separate written agreement between you and Inkit, Inkit does not warrant that your information will be protected against loss, misuse, or alteration by third parties. No method of transmission over the Internet or method of electronic storage is 100% secure, and Inkit cannot guarantee the security thereof.
Inkit does not knowingly collect or solicit personal information from anyone under 13 or knowingly allow children under 13 to use, access, or register for the Services. If you are under 13, please do not send any information about yourself to Inkit. No one under the age of 13 may provide to Inkit any personal information. In the event that Inkit learns that it has collected personal information from a child under 13, Inkit will delete that information as quickly as reasonably possible. If you believe that Inkit might have any information from a child under 13, please contact Inkit at privacy@inkit.com.
Some web browsers offer a “Do No Track” (“DNT”) signal. A DNT signal is an HTTP header field indicating your preference regarding tracking or cross-site user tracking. Inkit does not respond to DNT signals.
Inkit may revise this privacy policy to reflect changes to its information practices. The most current version will always be located here. If the revision, in Inkit’s discretion, is material, it will attempt to notify you via email to the email address associated with your account or by posting notice on its website. As partial consideration for accessing or using the Services, you agree to check back here from time to time to determine if the privacy policy has been revised. By continuing to access or use the Services after the revisions have become effective, you agree to be bound by the revised privacy policy.
You are responsible for maintaining the accuracy of any information you submit to Inkit. If your personal information changes or if you no longer desire to use the Services, you may change or delete certain information by editing your account settings or by contacting privacy@inkit.com. Inkit will respond to your request within 45 days. However, even after you cancel your account or request that your personal information be deleted, some information from your account may remain stored or viewable or used, but only in compliance with this privacy policy.
You may opt-out of receiving promotional emails from Inkit by following the instructions in those emails or by emailing privacy@inkit.com with your request. If you opt-out, Inkit may still send you non-promotional emails, such as emails regarding your account or providing information that you have specifically requested.
Inkit will retain your information for as long as needed to provide the Services and as otherwise set forth in this privacy policy. If you wish to cancel your account or request that Inkit no longer use your information to provide you services, contact privacy@inkit.com. Inkit will retain and use your information as necessary to comply with its legal obligations, resolve disputes, and enforce its agreements.
Like many websites, the Services are accessible by an international audience, including visitors from the European Economic Area and other non-U.S. territories. By using the Services, you expressly agree that your personal information, and any information or materials that you submit to the Services, may be used for the purposes identified in this privacy policy and the Terms of Service. In addition, such data may be stored on servers located outside your jurisdiction and in jurisdictions that may have less stringent privacy practices than your own. By using the Services, you expressly consent to the transfer of your data from your country or jurisdiction to other countries or jurisdictions around the world, including to the United States, for use by Inkit and its affiliates for the purposes described herein, subject only to any additional requirements that may be set forth in a separate, written agreement between you and Inkit.
The California Consumer Privacy Act of 2018 (“CCPA”) provides California consumers with certain rights regarding their personal information. Those rights are described in Appendix A below.
If you have questions or comments regarding this privacy policy, please contact:
Inkit Inc.
619 S 10th St., #301,
Minneapolis, MN 55404
This appendix (the “Appendix”) applies only to California residents. This Appendix describes (1) how Inkit collects, uses, and shares Personal Information of California residents in operating its business and (2) the rights of California residents with respect to that Personal Information. For purposes of this Appendix, “Personal Information” has the meaning given to it in the CCPA (without including any exempted information).
Your California Privacy Rights.
You have the rights listed below. However, these rights are not absolute, and in certain cases, Inkit may decline your request as permitted by law.
How to exercise your California Privacy Rights.
You may submit a request to exercise your above-described rights by emailing privacy@inkit.com. You will need to verify your identity before Inkit will be able to process your request, and Inkit reserves the right to confirm your California residency. Government identification may be required. You can designate an authorized agent to make a request on your behalf, but Inkit will need to verify both your and your agent’s identities and your agent must provide valid power of attorney or other proof of authority acceptable to Inkit. Inkit cannot process your request if you do not provide sufficient detail to allow Inkit to understand and respond to it. Inkit will work to respond to your verifiable request within 45 days of receiving it. In certain cases, Inkit may be required or permitted by law to deny your request.
Inkit does not sell your Personal Information.
Based on Inkit’s current understanding of the CCPA, Inkit does not “sell” your Personal Information as defined in the CCPA. However, like many companies online, Inkit uses services provided by Google, Facebook, and other advertising companies that track website visitor activity to help deliver interest-based ads to those visitors. Inkit describes this in more detail in the above privacy policy.
Personal Information Inkit collects, uses, and discloses.
The specific details of the categories of Personal Information that Inkit collects from you is described in Section 1 (What Information Inkit Collects and How Inkit Collects It) of the above privacy policy.
The specific details of how Inkit uses the categories of Personal Information that it collects from you is described in Section 2 (Inkit’s Use of Your Information) of the above privacy policy.
The specific details of how Inkit discloses the categories of Personal Information that it collects from you is described in Section 3 (Inkit’s Disclosure of Your Information) of the above privacy policy.
Inkit Inc. (“Inkit”, “us“, “our“, and “we“) respects the intellectual property rights of others and expects its users to do the same. In accordance with the Digital Millennium Copyright Act of 1998, the text of which may be found on the U.S. Copyright Office website at http://www.copyright.gov/ legislation/dmca.pdf, we will respond expeditiously to claims of copyright infringement committed using the Inkit service or the Inkit website (the “Site”) if such claims are reported to our Designated Copyright Agent identified in the sample notice below.
If you are a copyright owner, authorized to act on behalf of one, or authorized to act under any exclusive right under copyright, please report alleged copyright infringements taking place on or through the Site by completing the following DMCA Notice of Alleged Infringement and delivering it to our Designated Copyright Agent. Upon receipt of Notice as described below, Inkit will take whatever action, in its sole discretion, it deems appropriate, including removal of the challenged content from the Site.
DMCA Notice of Alleged Infringement (“Notice”)
1. Identify the copyrighted work that you claim has been infringed, or – if multiple copyrighted works are covered by this Notice – you may provide a representative list of the copyrighted works that you claim have been infringed.
2. Identify the material or link you claim is infringing (or the subject of infringing activity) and to which access is to be disabled, including at a minimum, if applicable, the URL of the link shown on the Site or the exact location where such material may be found.
3. Provide your full legal name, company affiliation (if applicable), mailing address, telephone number, and, if available, email address.
4. Include both of the following statements in the body of the Notice:
5. Provide your full legal name and your electronic or physical signature.
Please note that, pursuant to 17 U.S.C. § 512(f), any misrepresentation of material fact (falsities) in a written notification automatically subjects the complaining party to liability for any damages, costs and attorney’s fees incurred by us in connection with the written notification and allegation of copyright infringement.
Deliver this Notice, with all items completed, to our Designated Copyright Agent:
Inkit Legal Department
Inkit Inc.
619 S 10th St #301
Minneapolis, MN 55404
Last Updated: October 1, 2020
Inkit use cookies and similar technologies throughout the Services (as that term is defined in Inkit’s Terms of Services, which is located here https://www.inkit.com/legal#terms-of-service). This page describes what cookies are, how and why Inkit uses cookies generally, what specific cookies Inkit uses, and how you can disable them, if you so choose.
Cookies are data files containing small amounts of information that are placed on your computer or device when you visit a website. Cookies are widely used by website owners to uniquely identify your browser and to store information or settings for a variety of purposes, such as to keep you logged into your account as you navigate between secure pages, to remember your preferences between sessions, to facilitate online advertising, and so on.
Cookies set by a website owner (in this case, Inkit) are called “first-party cookies.” Cookies set by parties other than the website owner are called “third-party cookies.” Third-party cookies enable third-party features or functionality to be provided through the website (like advertising, interactive content, and analytics). The parties that set these third-party cookies can recognize your computer when you visit the website in question and certain other websites. Inkit uses both first-party and third-party cookies.
Inkit uses, or allows to be used, 4 types of cookies on its website.
The below table shows the specific cookies served through Inkit’s website:
You can prevent cookies from being set on your computer or device by adjusting the settings of your browser (see your browser “Help” for how to do this). However, be aware that disabling cookies will affect the functionality of this and many other websites that you visit. Disabling cookies will usually result in also disabling certain functionality and features of this website and the Services. Therefore, it is recommended that you do not disable cookies.
In addition, the Inkit Cookie Consent tool can be utilized to customize your cookie preferences. The tool will record when you have consented to Inkit’s cookie policy and will ask for consent periodically to ensure users stay up-to-date with changes to Inkit’s cookie and privacy policies. The consent tool specifically controls the marketing cookies and analytical cookies set by using Inkit and the Services. Essential cookies cannot be disabled.
Questions? For more information, contact Inkit at privacy@inkit.com.
Last Updated: October 1, 2020
These Standard Contractual Clauses form part of the Data Processing Addendum between Inkit Inc. and the Customer or any applicable Authorized Affiliate (the “DPA”) to reflect the parties’ agreement with regard to the Processing of Personal Data (as defined in the DPA). For purposes of these Standard Contractual Clauses, when and as applicable, the Customer and any applicable Authorized Affiliate are each the data exporter, and the Customer’s signing of the DPA or an Agreement referencing the DPA, or a Customer’s Affiliate signing an Order Form under an Agreement referencing the DPA, shall be treated assigning of these Standard Contractual Clauses and their appendices. All capitalized terms not defined herein have the meaning set forth in the DPA.
For the purposes of Article 26(2) of Directive 95/46/EC for the transfer of personal data to processors established in third countries which do not ensure an adequate level of data protection.
Name of the data exporting organisation: Customer or Customer Authorized Affiliate as set forth in the DPA or any applicable Order Form
Address:as set forth in the DPA or any applicable Order Form
Tel./ Fax/email: as set forth in the DPA or any applicable Order Form
Other information needed to identify the organisation: Not applicable
(the data exporter)
And
Name of the data importing organisation: Inkit Inc.
Address: 619 S 10th St., #301, Minneapolis, MN 55404
Tel: 612-223-3000; email: support@inkit.com
Other information needed to identify the organisation: Not applicable
(the data importer)
each a “party”; together“the parties”,
HAVE AGREED on the following Contractual Clauses (the Clauses) in order to adduce adequate safeguards with respect to the protection of privacy and fundamental rights and freedoms of individuals for the transfer by the data exporter to the data importer of the personal data specified in Appendix 1.
*********************
Clause 1
Definitions
For the purposes of the Clauses:
(a) 'personal data', 'special categories of data', 'process/processing', 'controller', 'processor', 'data subject' and 'supervisory authority' shall have the same meaning as in Directive 95/46/EC of the European Parliament and of the Council of 24 October 1995 on the protection of individuals with regard to the processing of personal data and on the free movement of such data[1];
(b) 'the data exporter'means the controller who transfers the personal data;
(c) 'the data importer'means the processor who agrees to receive from the data exporter personal data intended for processing on his behalf after the transfer in accordance with his instructions and the terms of the Clauses and who is not subject to a third country's system ensuring adequate protection within the meaning of Article 25(1) of Directive 95/46/EC;
(d) 'the subprocessor' means any processor engaged by the data importer or by any other subprocessor of the data importer who agrees to receive from the data importer or from any other subprocessor of the data importer personal data exclusively intended for processing activities to be carried out on behalf of the data exporter after the transfer in accordance with his instructions, the terms of the Clauses and the terms of the written subcontract;
(e) 'the applicable data protection law' means the legislation protecting the fundamental rights and freedoms of individuals and, in particular, their right to privacy with respect to the processing of personal data applicable to a data controller in the Member State in which the data exporter is established;
(f) 'technical and organisational security measures' means those measures aimed at protecting personal data against accidental or unlawful destruction or accidental loss,alteration, unauthorised disclosure or access, in particular where the processing involves the transmission of data over a network, and against all other unlawful forms of processing.
Clause 2
Details of the transfer
The details of the transfer and in particular the special categories of personal data where applicable are specified in Appendix 1 which forms an integral part of the Clauses.
Clause 3
Third-party beneficiary clause
1. The data subject can enforce against the data exporter this Clause, Clause 4(b) to (i), Clause 5(a)to (e), and (g) to (j), Clause 6(1) and (2), Clause 7, Clause 8(2), and Clauses 9 to 12 as third-party beneficiary.
2. The data subject can enforce against the data importer this Clause, Clause 5(a) to (e) and (g), Clause 6, Clause 7, Clause 8(2), and Clauses 9 to 12, in cases where the data exporter has factually disappeared or has ceased to exist in law unless any successor entity has assumed the entire legal obligations of the data exporter by contract or by operation of law, as a result of which it takes on the rights and obligations of the data exporter, in which case the data subject can enforce them against such entity.
3. The data subject can enforce against the subprocessor this Clause, Clause 5(a) to (e) and (g),Clause 6, Clause 7, Clause 8(2), and Clauses 9 to 12, in cases where both the data exporter and the data importer have factually disappeared or ceased to exist in law or have become insolvent, unless any successor entity has assumed the entire legal obligations of the data exporter by contract or by operation of law as a result of which it takes on the rights and obligations of the data exporter, in which case the data subject can enforce them against such entity. Such third-party liability of the subprocessor shall be limited to its own processing operations under the Clauses.
4. The parties do not object to a data subject being represented by an association or other body if the data subject so expressly wishes and if permitted by national law.
Clause 4
Obligations of the data exporter
The data exporter agrees and warrants:
(a) that the processing,including the transfer itself, of the personal data has been and will continue to be carried out in accordance with the relevant provisions of the applicable data protection law (and, where applicable, has been notified to the relevant authorities of the Member State where the data exporter is established) and does not violate the relevant provisions of that State;
(b) that it has instructed and throughout the duration of the personal data processing services will instruct the data importer to process the personal data transferred only on the data exporter's behalf and in accordance with the applicable data protection law and the Clauses;
(c) that the data importer will provide sufficient guarantees in respect of the technical and organisational security measures specified in Appendix 2 to this contract;
(d) that after assessment of the requirements of the applicable data protection law, the security measures are appropriate to protect personal data against accidental or unlawful destruction or accidental loss, alteration, unauthorised disclosure or access, in particular where the processing involves the transmission of data over a network, and against all other unlawful forms of processing, and that these measures ensure a level of security appropriate to the risks presented by the processing and the nature of the data to be protected having regard to the state of the art and the cost of their implementation;
(e) that it will ensure compliance with the security measures;
(f) that, if the transfer involves special categories of data, the data subject has been informed or will be informed before, or as soon as possible after, the transfer that its data could be transmitted to a third country not providing adequate protection within the meaning of Directive 95/46/EC;
(g) to forward any notification received from the data importer or any subprocessor pursuant to Clause 5(b) and Clause 8(3) to the data protection supervisory authority if the data exporter decides to continue the transfer or to lift the suspension;
(h) to make available to the data subjects upon request a copy of the Clauses, with the exception of Appendix 2, and a summary description of the security measures, as well as a copy of any contract for subprocessing services which has to be made in accordance with the Clauses, unless the Clauses or the contract contain commercial information, in which case it may remove such commercial information;
(i) that, in the event of subprocessing, the processing activity is carried out in accordance with Clause 11 by a subprocessor providing at least the same level of protection for the personal data and the rights of data subject as the data importer under the Clauses; and
(j) that it will ensure compliance with Clause 4(a) to (i).
Clause 5
Obligations of the data importer[2]
The data importer agrees and warrants:
(a) to process the personal data only on behalf of the data exporter and in compliance with its instructions and the Clauses; if it cannot provide such compliance for whatever reasons, it agrees to inform promptly the data exporter of its inability to comply, in which case the data exporter is entitled to suspend the transfer of data and/or terminate the contract;
(b) that it has no reason to believe that the legislation applicable to it prevents it from fulfilling the instructions received from the data exporter and its obligations under the contract and that in the event of a change in this legislation which is likely to have a substantial adverse effect on the warranties and obligations provided by the Clauses, it will promptly notify the change to the data exporter as soon as it is aware, in which case the data exporter is entitled to suspend the transfer of data and/or terminate the contract;
(c) that it has implemented the technical and organisational security measures specified in Appendix 2 before processing the personal data transferred;
(d) that it will promptly notify the data exporter about:
(i) any legally binding request for disclosure of the personal data by a law enforcement authority unless otherwise prohibited, such as a prohibition under criminal law to preserve the confidentiality of a law enforcement investigation,
(ii) any accidental or unauthorised access, and
(iii) any request received directly from the data subjects without responding to that request, unless it has been otherwise authorised to do so;
(e) to deal promptly and properly with all inquiries from the data exporter relating to its processing of the personal data subject to the transfer and to abide by the advice of the supervisory authority with regard to the processing of the data transferred;
(f) at the request of the data exporter to submit its data processing facilities for audit of the processing activities covered by the Clauses which shall be carried out by the data exporter or an inspection body composed of independent members and in possession of the required professional qualifications bound by a duty of confidentiality, selected by the data exporter, where applicable, in agreement with the supervisory authority;
(g) to make available to the data subject upon request a copy of the Clauses, or any existing contract for subprocessing, unless the Clauses or contract contain commercial information, in which case it may remove such commercial information, with the exception of Appendix 2 which shall be replaced by a summary description of the security measures in those cases where the data subject is unable to obtain a copy from the data exporter;
(h) that, in the event of subprocessing, it has previously informed the data exporter and obtained its prior written consent;
(i) that the processing services by the subprocessor will be carried out in accordance with Clause 11;
(j) to send promptly a copy of any subprocessor agreement it concludes under the Clauses to the data exporter.
Clause 6
Liability
1. The parties agree that any data subject, who has suffered damage as a result of any breach of the obligations referred to in Clause 3 or in Clause 11 by any party or subprocessor is entitled to receive compensation from the data exporter for the damage suffered.
2. If a data subject is not able to bring a claim for compensation in accordance with paragraph 1 against the data exporter, arising out of a breach by the data importer or his subprocessor of any of their obligations referred to in Clause 3 or in Clause 11, because the data exporter has factually disappeared or ceased to exist in law or has become insolvent, the data importer agrees that the data subject may issue a claim against the data importer as if it were the data exporter, unless any successor entity has assumed the entire legal obligations of the data exporter by contract of by operation of law, in which case the data subject can enforce its rights against such entity.
The data importer may not rely on a breach by a subprocessor of its obligations in order to avoid its own liabilities.
3. If a data subject is not able to bring a claim against the data exporter or the data importer referred to in paragraphs 1 and 2, arising out of a breach by the subprocessor of any of their obligations referred to in Clause 3 or in Clause 11 because both the data exporter and the data importer have factually disappeared or ceased to exist in law or have become insolvent, the subprocessor agrees that the data subject may issue a claim against the data subprocessor with regard to its own processing operations under the Clauses as if it were the data exporter or the data importer, unless any successor entity has assumed the entire legal obligations of the data exporter or data importer by contract or by operation of law, in which case the data subject can enforce its rights against such entity. The liability of the subprocessor shall be limited to its own processing operations under the Clauses.
Clause 7
Mediation and jurisdiction
1. The data importer agrees that if the data subject invokes against it third-party beneficiary rights and/or claims compensation for damages under the Clauses, the data importer will accept the decision of the data subject:
(a) to refer the dispute to mediation, by an independent person or, where applicable, by the supervisory authority;
(b) to refer the dispute to the courts in the Member State in which the data exporter is established.
2. The parties agree that the choice made by the data subject will not prejudice its substantive or procedural rights to seek remedies in accordance with other provisions of national or international law.
Clause 8
Cooperation with supervisory authorities
1. The data exporter agrees to deposit a copy of this contract with the supervisory authority if it so requests or if such deposit is required under the applicable data protection law.
2. The parties agree that the supervisory authority has the right to conduct an audit of the data importer, and of any subprocessor, which has the same scope and is subject to the same conditions as would apply to an audit of the data exporter under the applicable data protection law.
3. The data importer shall promptly inform the data exporter about the existence of legislation applicable to it or any subprocessor preventing the conduct of an audit of the data importer, or any subprocessor, pursuant to paragraph 2. In such a case the data exporter shall be entitled to take the measures foreseen in Clause 5 (b).
Clause 9
Governing Law
The Clauses shall be governed by the law of the Member State in which the data exporter is established.
Clause 10
Variation of the contract
The parties undertake not to vary or modify the Clauses. This does not preclude the parties from adding clauses on business related issues where required as long as they do not contradict the Clause.
Clause 11
Subprocessing
1. The data importer shall not subcontract any of its processing operations performed on behalf of the data exporter under the Clauses without the prior written consent of the data exporter. Where the data importer subcontracts its obligations under the Clauses, with the consent of the data exporter, it shall do so only by way of a written agreement with the subprocessor which imposes the same obligations on the subprocessor as are imposed on the data importer under the Clauses[3]. Where the subprocessor fails to fulfill its data protection obligations under such written agreement the data importer shall remain fully liable to the data exporter for the performance of the subprocessor's obligations under such agreement.
2. The prior written contract between the data importer and the subprocessor shall also provide for a third-party beneficiary clause as laid down in Clause 3 for cases where the data subject is not able to bring the claim for compensation referred to in paragraph 1 of Clause 6 against the data exporter or the data importer because they have factually disappeared or have ceased to exist in law or have become insolvent and no successor entity has assumed the entire legal obligations of the data exporter or data importer by contract or by operation of law. Such third-party liability of the subprocessor shall be limited to its own processing operations under the Clauses.
3. The provisions relating to data protection aspects for subprocessing of the contract referred to in paragraph 1 shall be governed by the law of the Member State in which the data exporter is established.
4. The data exporter shall keep a list of subprocessing agreements concluded under the Clauses and notified by the data importer pursuant to Clause 5 (j), which shall be updated at least once a year. The list shall be available to the data exporter's data protection supervisory authority.
Clause 12
Obligation after the termination of personal data processing services
1. The parties agree that on the termination of the provision of data processing services, the data importer and the subprocessor shall, at the choice of the data exporter, return all the personal data transferred and the copies thereof to the data exporter or shall destroy all the personal data and certify to the data exporter that it has done so, unless legislation imposed upon the data importer prevents it from returning or destroying all or part of the personal data transferred. In that case, the data importer warrants that it will guarantee the confidentiality of the personal data transferred and will not actively process the personal data transferred anymore.
2. The data importer and the subprocessor warrant that upon request of the data exporter and/or of the supervisory authority, it will submit its data processing facilities for an audit of the measures referred to in paragraph 1.
*********************
APPENDIX 1 TO THE STANDARD CONTRACTUAL CLAUSES
This Appendix forms part of the Clauses and must be completed and signed by the parties.
The Member States may complete or specify,according to their national procedures, any additional necessary information to be contained in this Appendix.
Details relevant for this Appendix 1,completed by the parties, are available in Schedule 2 to the DPA.
*********************
APPENDIX 2 TO THE STANDARD CONTRACTUAL CLAUSES
This Appendix forms part of the Clauses and must be completed and signed by the parties.
Description of the technical and organisational security measures implemented by the data importer in accordance with Clauses 4(d) and 5(c) (or document/legislation attached):
Refer to Inkit’s Security, Privacy, and Architecture Datasheet attached as Schedule 1 to the DPA.
[1] Parties may reproduce definitions and meanings contained in Directive 95/46/EC within this Clause if they considered it better for the contract to stand alone.
[2] Mandatory requirements of the national legislation applicable to the data importer which do not go beyond what is necessary in a democratic society on the basis of one of the interests listed in Article 13(1) of Directive 95/46/EC, that is, if they constitute a necessary measure to safeguard national security, defence, public security, the prevention, investigation, detection and prosecution of criminal offences or of breaches of ethics for the regulated professions, an important economic or financial interest of the State or the protection of the data subject or the rights and freedoms of others, are not in contradiction with the standard contractual clauses. Some examples of such mandatory requirements which do not go beyond what is necessary in a democratic society are, interalia, internationally recognised sanctions, tax- reporting requirements or anti-money-laundering reporting requirements.
[3] This requirement may be satisfied by the subprocessor co-signing the contract entered into between the data exporter and the data importer under this Decision.
Last Updated: October 1, 2020
These Standard Contractual Clauses form part of the Data Processing Addendum between Inkit Inc. and the Customer or any applicable Authorized Affiliate (the “DPA”) to reflect the parties’ agreement with regard to the Processing of Personal Data (as defined in the DPA). For purposes of these Standard Contractual Clauses, when and as applicable, the Customer and any applicable Authorized Affiliate are each the data exporter, and the Customer’s signing of the DPA or an Agreement referencing the DPA, or a Customer’s Affiliate signing an Order Form under an Agreement referencing the DPA, shall be treated assigning of these Standard Contractual Clauses and their appendices. All capitalized terms not defined herein have the meaning set forth in the DPA.
For the purposes of Article 26(2) of Directive 95/46/EC for the transfer of personal data to processors established in third countries which do not ensure an adequate level of data protection.
Name of the data exporting organisation: Customer or Customer Authorized Affiliate as set forth in the DPA or any applicable Order Form
Address:as set forth in the DPA or any applicable Order Form
Tel./ Fax/email: as set forth in the DPA or any applicable Order Form
Other information needed to identify the organisation: Not applicable
(the data exporter)
And
Name of the data importing organisation: Inkit Inc.
Address: 619 S 10th St., #301, Minneapolis, MN 55404
Tel: 612-223-3000; email: support@inkit.com
Other information needed to identify the organisation: Not applicable
(the data importer)
each a “party”; together“the parties”,
HAVE AGREED on the following Contractual Clauses (the Clauses) in order to adduce adequate safeguards with respect to the protection of privacy and fundamental rights and freedoms of individuals for the transfer by the data exporter to the data importer of the personal data specified in Appendix 1.
*********************
Clause 1
Definitions
For the purposes of the Clauses:
(a) 'personal data', 'special categories of data', 'process/processing', 'controller', 'processor', 'data subject' and 'supervisory authority' shall have the same meaning as in Directive 95/46/EC of the European Parliament and of the Council of 24 October 1995 on the protection of individuals with regard to the processing of personal data and on the free movement of such data[1];
(b) 'the data exporter'means the controller who transfers the personal data;
(c) 'the data importer'means the processor who agrees to receive from the data exporter personal data intended for processing on his behalf after the transfer in accordance with his instructions and the terms of the Clauses and who is not subject to a third country's system ensuring adequate protection within the meaning of Article 25(1) of Directive 95/46/EC;
(d) 'the subprocessor' means any processor engaged by the data importer or by any other subprocessor of the data importer who agrees to receive from the data importer or from any other subprocessor of the data importer personal data exclusively intended for processing activities to be carried out on behalf of the data exporter after the transfer in accordance with his instructions, the terms of the Clauses and the terms of the written subcontract;
(e) 'the applicable data protection law' means the legislation protecting the fundamental rights and freedoms of individuals and, in particular, their right to privacy with respect to the processing of personal data applicable to a data controller in the Member State in which the data exporter is established;
(f) 'technical and organisational security measures' means those measures aimed at protecting personal data against accidental or unlawful destruction or accidental loss,alteration, unauthorised disclosure or access, in particular where the processing involves the transmission of data over a network, and against all other unlawful forms of processing.
Clause 2
Details of the transfer
The details of the transfer and in particular the special categories of personal data where applicable are specified in Appendix 1 which forms an integral part of the Clauses.
Clause 3
Third-party beneficiary clause
1. The data subject can enforce against the data exporter this Clause, Clause 4(b) to (i), Clause 5(a)to (e), and (g) to (j), Clause 6(1) and (2), Clause 7, Clause 8(2), and Clauses 9 to 12 as third-party beneficiary.
2. The data subject can enforce against the data importer this Clause, Clause 5(a) to (e) and (g), Clause 6, Clause 7, Clause 8(2), and Clauses 9 to 12, in cases where the data exporter has factually disappeared or has ceased to exist in law unless any successor entity has assumed the entire legal obligations of the data exporter by contract or by operation of law, as a result of which it takes on the rights and obligations of the data exporter, in which case the data subject can enforce them against such entity.
3. The data subject can enforce against the subprocessor this Clause, Clause 5(a) to (e) and (g),Clause 6, Clause 7, Clause 8(2), and Clauses 9 to 12, in cases where both the data exporter and the data importer have factually disappeared or ceased to exist in law or have become insolvent, unless any successor entity has assumed the entire legal obligations of the data exporter by contract or by operation of law as a result of which it takes on the rights and obligations of the data exporter, in which case the data subject can enforce them against such entity. Such third-party liability of the subprocessor shall be limited to its own processing operations under the Clauses.
4. The parties do not object to a data subject being represented by an association or other body if the data subject so expressly wishes and if permitted by national law.
Clause 4
Obligations of the data exporter
The data exporter agrees and warrants:
(a) that the processing,including the transfer itself, of the personal data has been and will continue to be carried out in accordance with the relevant provisions of the applicable data protection law (and, where applicable, has been notified to the relevant authorities of the Member State where the data exporter is established) and does not violate the relevant provisions of that State;
(b) that it has instructed and throughout the duration of the personal data processing services will instruct the data importer to process the personal data transferred only on the data exporter's behalf and in accordance with the applicable data protection law and the Clauses;
(c) that the data importer will provide sufficient guarantees in respect of the technical and organisational security measures specified in Appendix 2 to this contract;
(d) that after assessment of the requirements of the applicable data protection law, the security measures are appropriate to protect personal data against accidental or unlawful destruction or accidental loss, alteration, unauthorised disclosure or access, in particular where the processing involves the transmission of data over a network, and against all other unlawful forms of processing, and that these measures ensure a level of security appropriate to the risks presented by the processing and the nature of the data to be protected having regard to the state of the art and the cost of their implementation;
(e) that it will ensure compliance with the security measures;
(f) that, if the transfer involves special categories of data, the data subject has been informed or will be informed before, or as soon as possible after, the transfer that its data could be transmitted to a third country not providing adequate protection within the meaning of Directive 95/46/EC;
(g) to forward any notification received from the data importer or any subprocessor pursuant to Clause 5(b) and Clause 8(3) to the data protection supervisory authority if the data exporter decides to continue the transfer or to lift the suspension;
(h) to make available to the data subjects upon request a copy of the Clauses, with the exception of Appendix 2, and a summary description of the security measures, as well as a copy of any contract for subprocessing services which has to be made in accordance with the Clauses, unless the Clauses or the contract contain commercial information, in which case it may remove such commercial information;
(i) that, in the event of subprocessing, the processing activity is carried out in accordance with Clause 11 by a subprocessor providing at least the same level of protection for the personal data and the rights of data subject as the data importer under the Clauses; and
(j) that it will ensure compliance with Clause 4(a) to (i).
Clause 5
Obligations of the data importer[2]
The data importer agrees and warrants:
(a) to process the personal data only on behalf of the data exporter and in compliance with its instructions and the Clauses; if it cannot provide such compliance for whatever reasons, it agrees to inform promptly the data exporter of its inability to comply, in which case the data exporter is entitled to suspend the transfer of data and/or terminate the contract;
(b) that it has no reason to believe that the legislation applicable to it prevents it from fulfilling the instructions received from the data exporter and its obligations under the contract and that in the event of a change in this legislation which is likely to have a substantial adverse effect on the warranties and obligations provided by the Clauses, it will promptly notify the change to the data exporter as soon as it is aware, in which case the data exporter is entitled to suspend the transfer of data and/or terminate the contract;
(c) that it has implemented the technical and organisational security measures specified in Appendix 2 before processing the personal data transferred;
(d) that it will promptly notify the data exporter about:
(i) any legally binding request for disclosure of the personal data by a law enforcement authority unless otherwise prohibited, such as a prohibition under criminal law to preserve the confidentiality of a law enforcement investigation,
(ii) any accidental or unauthorised access, and
(iii) any request received directly from the data subjects without responding to that request, unless it has been otherwise authorised to do so;
(e) to deal promptly and properly with all inquiries from the data exporter relating to its processing of the personal data subject to the transfer and to abide by the advice of the supervisory authority with regard to the processing of the data transferred;
(f) at the request of the data exporter to submit its data processing facilities for audit of the processing activities covered by the Clauses which shall be carried out by the data exporter or an inspection body composed of independent members and in possession of the required professional qualifications bound by a duty of confidentiality, selected by the data exporter, where applicable, in agreement with the supervisory authority;
(g) to make available to the data subject upon request a copy of the Clauses, or any existing contract for subprocessing, unless the Clauses or contract contain commercial information, in which case it may remove such commercial information, with the exception of Appendix 2 which shall be replaced by a summary description of the security measures in those cases where the data subject is unable to obtain a copy from the data exporter;
(h) that, in the event of subprocessing, it has previously informed the data exporter and obtained its prior written consent;
(i) that the processing services by the subprocessor will be carried out in accordance with Clause 11;
(j) to send promptly a copy of any subprocessor agreement it concludes under the Clauses to the data exporter.
Clause 6
Liability
1. The parties agree that any data subject, who has suffered damage as a result of any breach of the obligations referred to in Clause 3 or in Clause 11 by any party or subprocessor is entitled to receive compensation from the data exporter for the damage suffered.
2. If a data subject is not able to bring a claim for compensation in accordance with paragraph 1 against the data exporter, arising out of a breach by the data importer or his subprocessor of any of their obligations referred to in Clause 3 or in Clause 11, because the data exporter has factually disappeared or ceased to exist in law or has become insolvent, the data importer agrees that the data subject may issue a claim against the data importer as if it were the data exporter, unless any successor entity has assumed the entire legal obligations of the data exporter by contract of by operation of law, in which case the data subject can enforce its rights against such entity.
The data importer may not rely on a breach by a subprocessor of its obligations in order to avoid its own liabilities.
3. If a data subject is not able to bring a claim against the data exporter or the data importer referred to in paragraphs 1 and 2, arising out of a breach by the subprocessor of any of their obligations referred to in Clause 3 or in Clause 11 because both the data exporter and the data importer have factually disappeared or ceased to exist in law or have become insolvent, the subprocessor agrees that the data subject may issue a claim against the data subprocessor with regard to its own processing operations under the Clauses as if it were the data exporter or the data importer, unless any successor entity has assumed the entire legal obligations of the data exporter or data importer by contract or by operation of law, in which case the data subject can enforce its rights against such entity. The liability of the subprocessor shall be limited to its own processing operations under the Clauses.
Clause 7
Mediation and jurisdiction
1. The data importer agrees that if the data subject invokes against it third-party beneficiary rights and/or claims compensation for damages under the Clauses, the data importer will accept the decision of the data subject:
(a) to refer the dispute to mediation, by an independent person or, where applicable, by the supervisory authority;
(b) to refer the dispute to the courts in the Member State in which the data exporter is established.
2. The parties agree that the choice made by the data subject will not prejudice its substantive or procedural rights to seek remedies in accordance with other provisions of national or international law.
Clause 8
Cooperation with supervisory authorities
1. The data exporter agrees to deposit a copy of this contract with the supervisory authority if it so requests or if such deposit is required under the applicable data protection law.
2. The parties agree that the supervisory authority has the right to conduct an audit of the data importer, and of any subprocessor, which has the same scope and is subject to the same conditions as would apply to an audit of the data exporter under the applicable data protection law.
3. The data importer shall promptly inform the data exporter about the existence of legislation applicable to it or any subprocessor preventing the conduct of an audit of the data importer, or any subprocessor, pursuant to paragraph 2. In such a case the data exporter shall be entitled to take the measures foreseen in Clause 5 (b).
Clause 9
Governing Law
The Clauses shall be governed by the law of the Member State in which the data exporter is established.
Clause 10
Variation of the contract
The parties undertake not to vary or modify the Clauses. This does not preclude the parties from adding clauses on business related issues where required as long as they do not contradict the Clause.
Clause 11
Subprocessing
1. The data importer shall not subcontract any of its processing operations performed on behalf of the data exporter under the Clauses without the prior written consent of the data exporter. Where the data importer subcontracts its obligations under the Clauses, with the consent of the data exporter, it shall do so only by way of a written agreement with the subprocessor which imposes the same obligations on the subprocessor as are imposed on the data importer under the Clauses[3]. Where the subprocessor fails to fulfill its data protection obligations under such written agreement the data importer shall remain fully liable to the data exporter for the performance of the subprocessor's obligations under such agreement.
2. The prior written contract between the data importer and the subprocessor shall also provide for a third-party beneficiary clause as laid down in Clause 3 for cases where the data subject is not able to bring the claim for compensation referred to in paragraph 1 of Clause 6 against the data exporter or the data importer because they have factually disappeared or have ceased to exist in law or have become insolvent and no successor entity has assumed the entire legal obligations of the data exporter or data importer by contract or by operation of law. Such third-party liability of the subprocessor shall be limited to its own processing operations under the Clauses.
3. The provisions relating to data protection aspects for subprocessing of the contract referred to in paragraph 1 shall be governed by the law of the Member State in which the data exporter is established.
4. The data exporter shall keep a list of subprocessing agreements concluded under the Clauses and notified by the data importer pursuant to Clause 5 (j), which shall be updated at least once a year. The list shall be available to the data exporter's data protection supervisory authority.
Clause 12
Obligation after the termination of personal data processing services
1. The parties agree that on the termination of the provision of data processing services, the data importer and the subprocessor shall, at the choice of the data exporter, return all the personal data transferred and the copies thereof to the data exporter or shall destroy all the personal data and certify to the data exporter that it has done so, unless legislation imposed upon the data importer prevents it from returning or destroying all or part of the personal data transferred. In that case, the data importer warrants that it will guarantee the confidentiality of the personal data transferred and will not actively process the personal data transferred anymore.
2. The data importer and the subprocessor warrant that upon request of the data exporter and/or of the supervisory authority, it will submit its data processing facilities for an audit of the measures referred to in paragraph 1.
*********************
APPENDIX 1 TO THE STANDARD CONTRACTUAL CLAUSES
This Appendix forms part of the Clauses and must be completed and signed by the parties.
The Member States may complete or specify,according to their national procedures, any additional necessary information to be contained in this Appendix.
Details relevant for this Appendix 1,completed by the parties, are available in Schedule 2 to the DPA.
*********************
APPENDIX 2 TO THE STANDARD CONTRACTUAL CLAUSES
This Appendix forms part of the Clauses and must be completed and signed by the parties.
Description of the technical and organisational security measures implemented by the data importer in accordance with Clauses 4(d) and 5(c) (or document/legislation attached):
Refer to Inkit’s Security, Privacy, and Architecture Datasheet attached as Schedule 1 to the DPA.
[1] Parties may reproduce definitions and meanings contained in Directive 95/46/EC within this Clause if they considered it better for the contract to stand alone.
[2] Mandatory requirements of the national legislation applicable to the data importer which do not go beyond what is necessary in a democratic society on the basis of one of the interests listed in Article 13(1) of Directive 95/46/EC, that is, if they constitute a necessary measure to safeguard national security, defence, public security, the prevention, investigation, detection and prosecution of criminal offences or of breaches of ethics for the regulated professions, an important economic or financial interest of the State or the protection of the data subject or the rights and freedoms of others, are not in contradiction with the standard contractual clauses. Some examples of such mandatory requirements which do not go beyond what is necessary in a democratic society are, interalia, internationally recognised sanctions, tax- reporting requirements or anti-money-laundering reporting requirements.
[3] This requirement may be satisfied by the subprocessor co-signing the contract entered into between the data exporter and the data importer under this Decision.
Last Updated: October 1, 2020
You may elect to receive notifications any time a Sub-Processor is added to the above list by emailing legal@inkit.com and requesting to receive such notifications.