“Agreement” refers to and includes the License Agreement, Order Form and these Terms and Conditions.
“Customer” is defined as the person, firm, company or other organisation purchasing the Software licence and/or Hardware.
“Commencement Date” defined as the date on which Customer is first licenced to access and use the Software Service.
“Device” this is defined as end point electronic device that can be used to access the tablet application as part of the Software.
“Partner” defined as a distributor, reseller or third-party supplier authorised to distribute and/or sell the Software Service on behalf of the Company.
“Term Duration” means the effective period between the commencement date and the end date of this EULA and period that the Customer is paying the Recurring Service Fee and is licensed to use the Software
“Intellectual Property Right” means any patent, trade mark, service mark, copyright, moral right, right in a design, know-how and any other intellectual or industrial property rights, anywhere in the world whether or not registered.
“Recurring Service Fee” defined as the fee required for full access to Software Service, made payable by the Customer to the Company or Partner
“End User” this is defined as an individual who engages with the tablet application within the Customer operating environment.
“User Personal Data” is defined as the data collected from the End User of the tablet application who inputs their data in to the Software.
“Payment Schedule” is defined as periodic payment or the financial arrangement that is made between the Company, Partner or third party, with the Customer for payment.
“Information” means any and all data, files, documents, multimedia files, third party links, images, videos, and any other information or material whatsoever (in any format) obtained from the Customer or the End User.
“Confidential Information” includes all information exchanged between the parties to this Agreement, whether in writing, electronically or orally, including the Service but does not include information which is, or becomes, publicly available other than through unauthorised disclosure by the other party.
- Software Licence
2.1. The Company agrees effective from the Commencement Date and payment of the Recurring Service Fee, the Customer a non-exclusive, non-transferable licence to use the Software Service upon the terms of this EULA.
2.2. The Company grants the Customer the right to download and install updates to the Software Service as made available to the Customer from time to time at no additional cost to the Customer.
2.3. The Customer shall not, nor allow third parties on their behalf to;
2.3.1. assign, sub-licence, copy, publish or distribute the Software Service,
2.3.2. allow third parties to use the Software Service,
2.3.3. attempt to copy, reproduce, alter, modify, reverse engineer, disassemble, decompile, transfer, exchange or translate the Software Service; or
2.3.4. create derivative works of the Software Service of any kind whatsoever,
2.3.5. assign the rights that the Customer has acquired under this EULA.
2.4. The Customer acknowledges that a Device licence is non-transferable between user level accounts and that once a Device licence has been added it cannot be transferred.
2.5. The Customer acknowledges that after the Term Duration has expired a subsequent renewal licence must be purchased from the Company or Partner in order for the Software Service to continue.
2.6. The Company reserves the right to make changes to the Software Service or part thereof, from time to time at the Company’s sole discretion, and may from time to time update, add, remove, modify and change any features, designs or functionalities of the Software Service. The Company will endeavour to notify the Customer in advance of changes to the Service, but cannot guarantee this.
- Software Access Conditions
3.1. The Customer must ensure that all usernames and passwords required to access the Software Service are kept secure and confidential.
3.2. The Customer must ensure that they notify the Company immediately if there is any unauthorised use of their account and/or any security risks they may be knowledgeable of.
3.3. The Customer will:
3.3.1. not attempt to undermine the security or integrity of the Software Service systems or network, or where the Software Service are hosted by a third party, that third party’s computing systems and networks,
3.3.2. not use, misuse or input into the Software Service in any way which may impair or damage the functionality of the Software Service.
- Term Duration
4.1. The Term Duration for the Software Service licence will begin on the Commencement Date, at which point the Company or Partner will have received full payment of the Recurring Service Fee and the Customer will have full access to the Software.
4.2. The Term Duration of EULA will continue on a recurring basis on receipt of Recurring Service Fee.
4.3. The Term Duration can be cancelled at any point during the Term Duration with 30 day notice.
- Payment Terms
5.1. The Customer undertakes to pay the Company or the Partner the Recurring Service Fee as per the agreed in the Order Form (or any renewal Order Form) and/or Sales Invoice.
5.2. Full and complete payment as per the Order Form and/or Sales Invoice must be completed prior the Company authorising access to the Software Service. If a different payment period is agreed upon as per the Payment Schedule, the first payment as part of this Payment Schedule must be received in full prior to authorising access.
5.3. The total Payment Schedule period is fixed to monthly payments, unless otherwise stipulated in the Order Form.
5.4. Payment must be made via electronic bank transfer to the account designated by the Company or Partner as per the Sales Invoice.
5.5. If the Recurring Service Fee is not paid in accordance with the provisions hereof and any additional terms of payment communicated to the Customer by the Company or the Partner, all further access to the Software Service will be disabled without notice.
- Trial Account
6.1. Trial account requests are activated solely on the Company’s discretion, and there no obligation to activate a trial licence request, nor a requirement to provide a reason as to why.
6.2. In order to register for a free 14 (fourteen) day trial account the Customer must use a valid trial code which is supplied solely to the Customer by an authorised Partner or direct from the Company.
6.3. The trial account allows one Customer only (which includes all associated companies, partners and subsidiaries) full access to Software Service for 1 (one) Device only, for a period of 14 (fourteen) days only.
6.4. If the Customer requires more than 1 (one) Device to be connected the Software Service, then the 14 (fourteen) day trial cannot be applied to the first Device connected to the Software Service, and the full applicable Recurring Service Fee would apply to 2 (two) or more Devices.
6.5. The Customer must contact the Company or our Partner and pay the applicable Recurring Service Fee in order to activate the Software Licence before the expiry date. Beyond the expiry date, access to the account will cease immediately and the account, including all associated data will be permanently deleted and unrecoverable.
6.6. During the trial account period the Customer agrees to be bound to the terms of this EULA.
Software Availability and Updates
7.1. The Company will endeavour to provide access to the Software Service 24/7/365.
7.2. The Company does not warrant that the Software Service shall be free from errors or interruptions during this time. In addition, the Software Service may contain faults that may lead to interruptions and errors. The Customer understands this and accepts this.
7.2.1. The Customer accepts that the Company may contact the Customer in order to request information needed to identify and remedy such errors.
7.3. From time to time the Company will perform maintenance and upgrades to the Software Service, which may result in interruptions, delays or errors in all or part of the Software Service.
7.3.1. If interruptions to the Software Service are required for maintenance or bug fixes then the Company will endeavour to minimise impact on service levels.
7.3.2. In the instance of scheduled maintenance the Company will try to communicate in advance any planned maintenance with a start date, time and estimated duration; but cannot guarantee that such notification will always be provided.
7.3.3. The Company will endeavour to notify the Customer via the Company’s website and direct email communication to the Customer via the details provided within the ‘Settings’ page of the Software Service, however we cannot guarantee this.
7.4. The Customer must acknowledge that the Software Service is provided over the internet and is dependent on third-party services, therefore external factors beyond the control of the Company may impact on the availability at times, the Customer understands and accepts this.
7.5. It is the Customer’s responsibility to check and ensure that the internet speed from their service provider at the operating location, where the Software Service is being deployed and used by the End User meets or exceeds the minimum recommendation of 5mbps speed.
7.6. If the Customer becomes aware of any Software Service interruptions, bugs or errors, the Customer should notify the Company via e-mail communication to support@InsightKiosk.com.
7.7. The company uses third party integrations with other platforms in order to deliver the Service. We are not responsible for any failures that may interrupt the delivery of the Software Service if caused by third party availability, access, accuracy or any interruption what so ever in relation to the third party.
7.8. We operate independently and do not have official partnerships or association with the integrated platforms within our Software Service. As a result we do not endorse the content or material that may be linked to the third party. The Customer’s use of the third party integrations and services is governed by their terms and conditions and privacy policies. By using the Software Service the Customer agrees that they have read and understood the third party terms of Facebook, Twitter, Instagram, Pinterest, YouTube. These can be accessed by visiting their respective websites.
- Data Management
8.1. Each Party warrants that it shall comply at all times with its respective obligations under applicable data protection law and regulations, the General Data Protection Regulation 2016 (GDPR) and any further legislation that repeals, modifies or supersedes such regulation during the period of this Agreement.
8.3. The Customer ensures that they are entitled to transfer User Personal Data to the Company, so that the Company may lawfully process the data for the purpose of providing the Software Service under this Agreement and that End Users and relevant third parties have provided their consent to the Company’s processing of the User Personal Data in accordance with this EULA and the Company’s Data Processing Addendum.
8.4. Title to, and all property rights in, the User Personal Data collected through the use of the Software Service remain the exclusive property of the Customer. However, the Customers access to the data is contingent on possessing an active Software Service licence.
8.3 User Personal Data collected from End Users cannot be used or sold to third parties by the Company.
8.5. Data transmitted within the Software Service is secured using industry standard security measures to protect against the loss, misuse and alteration of the information, data, and/or content handled by our Software Service. However, the Customer must acknowledge and agree that we cannot guarantee complete security of such data or that our security measures will prevent hacking or malicious activities that may allow unauthorised access to such data.
8.7. The Customer grants the Company permission to copy, transmit, store, and back-up the User Personal Data for the purposes of meeting its obligation outlined in this EULA.
8.9. Data held by the Company may be transferred;
8.9.1. in the event that the Company sell or buy any business or assets, in which case the Company may disclose Customer data to the prospective seller or buyer of such business or assets,
8.9.2. if the Company’s assets are acquired by a third party, in which case data held by the Company will be one of the transferred assets,
8.9.3. if the Company is under a duty to disclose or share Information in order to comply with any governmental agency or a legal obligation, or in order to enforce or apply terms and other agreements; or
8.9.4. to protect the property, rights or safety of the Company, the Software Service and any Partner who are engaged to provide the Software Service. The Company will make reasonable endeavours to notify the Customer prior to making such disclosure.
9.1. Unless the Company or the Customer has the prior written consent of the other and/or a separate Non-Disclosure Agreement has been contracted prior to this Agreement, or unless required to do so by law:
9.1.1. will preserve the confidentiality of all Confidential Information of the other obtained in connection with these Terms. Neither Party will, without the prior written consent of the other, disclose or make any Confidential Information available to any person, or this information for its own benefit, other than in consideration of this Agreement.
9.2. The provisions of clauses 9.1 shall not apply to any information which is:
9.2.1. already available in the public domain or becomes public knowledge other than by a breach of this clause;
9.2.2. received from a third party who lawfully acquired it and who is under no obligation restricting its disclosure;
9.2.3. already the possession of the receiving party without restriction in relation to disclosure prior to date of the disclosure; or
9.2.4. independently developed without access to the Confidential Information.
9.3. Each party’s obligations under this clause will survive termination of this Agreement.
- Intellectual Property Rights
10.1. All intellectual property rights of any nature in the Software Service together with the underlying code are owned directly and solely by the Company.
10.2. The Customer agrees that the rights in the Software Service, including all intellectual property rights, such as trademarks, patents, designs and copyrights, are protected by one or more of copyright, trademark, patent and other laws, regulations and treaties.
10.3 The Customer is expressly prohibited from:
10.3.1 reproducing, copying, editing, transmitting, uploading or incorporating into any other materials, any of the Software Service; and
10.3.2 removing, modifying, altering or using any registered or unregistered marks, logos or design owned by the Company, and using it for any purpose that has not been agreed in writing between the Company and the Customer prior to its use.
10.4. All right, title and interest in and to the Software Service will remain exclusively with the Company under all circumstances.
- Liabilities and Warranties
11.1. Neither Party will be liable for any direct, indirect, special, punitive, exemplary or consequential losses or damages of whatsoever kind arising out of your use, access or reliance to the Software Service, including loss of profit or the like whether or not in the contemplation of the parties, whether based on breach of contract, tort (including negligence), product liability or otherwise.
11.2. The Company will not be liable for any delay or failure to provide the Software Service and/or make the Software Service available for reasons that is due to third parties including without limitation to internet service providers, integrated services, data centre’s, server hosting companies and telecommunication providers.
11.3. The Customer accepts that they are responsible for assessing and insuring against appropriate risks in association to the use of the Software Service within their business operating environment.
11.4. Nothing in this EULA shall be deemed to exclude, restrict or limit liability in the case of death or personal injury resulting from the negligence of the Company or Partner.
11.5. If the Customer suffers loss or damage as a result of Company negligence or failure to comply with these EULA, any claim against the Company, arising from negligence or failure will be limited in respect of any one incident, or series of connected incidents and not exceed the Recurring Service Fee paid by the Customer in the proceeding 12 month period in connection with that claim.
11.6. The Software Service is provided to the Customer on an “as is” basis. The Company makes no representations or warranties, express, implied, statutory or otherwise, regarding the Software Service, including any warranty that the Software Service offerings or third party service will be uninterrupted, error free or completely secure.
11.7. Except to the extent prohibited by law, the Company and Partners disclaims, any and all other warranties, including implied warranties of merchantability, satisfactory quality, fitness for purpose and any warranties arising out of any course of dealing or usage trade.
- Third-party use
12.1. Access to or the use of the Software may not be granted to a third party under any circumstances whatsoever.
- Software Recurring Renewal
13.1. To ensure the continuation of the license the renewal Recurring Service Fee must be received by the Company or Partner on the date of renewal to avoid cancellation.
- Provision of Support Services
14.1. The Company provides support services between 09:00am – 17:00pm (UK time) Monday to Friday (excluding UK bank and public holidays) for the Term Duration.
14.2. The Company will endeavour to provide the support services during these support hours.
14.3. Support services are accessible by visiting our support page at https://www.InsightKiosk.com/support/ or via e-mail at support@InsightKiosk.com.
14.4. Support services consist of:
14.4.1. advice on access and use of the Software Service; and
14.4.2. diagnosis of technical issues and/or faults.
14.5. In the case of technical problems the Customer must make all reasonable efforts to investigate and diagnose problems before contacting the Company.
14.6. The Customer is responsible for providing an accurate and clear description of the issue and/or fault, including all circumstances and user cases.
14.7. The obligation of the Company to provide Support Services will not extend to;
14.7.1. rectification of lost or corrupted data,
14.7.2. a fault in the Customer hardware/device or a third party’s hardware, software, network connections or application or any upgrade in respect thereof; or
14.7.3. a fault in the equipment or in any other software that operates in connection with the Service.
14.7.4. onsite support unless agreed separately in writing and/or agreed as part of an additional support package.
14.8. Requests for support will be processed based on priority levels and the order of date and/or time the support ticket is received.
14.9. The severity of the case will be assigned based on the following guidelines;
14.9.1. High – These are severe impact scenarios where the Software Service has lost all functionality and/or there is an inability to access the Software Service in some form.
18.104.22.168. Support ticket acknowledged and receipt sent to the Customer within a maximum of 2 (two) hours.
22.214.171.124. Issue identified and action plan for resolution developed within a maximum of 24 (twenty four) hours.
126.96.36.199. Issue identified and resolved within a maximum of 48 (forty eight) hours from acknowledgement.
14.9.2. Medium – This is where the Customer is experiencing an issue that is impacting on the maximum efficient running and performance of the Software but not inhibiting the core functionality or usability.
188.8.131.52. Support ticket acknowledged and receipt sent to Customer within a maximum of 12 (twelve) hours.
184.108.40.206. Issue identified and action plan for resolution developed within a maximum of 72 (seventy two) hours.
220.127.116.11. The Company will endeavour to reach a resolution within a reasonable time.
14.9.3. Low Priority – These are scenarios where there is a minor issue to the Service that is causing an inconvenient and/or small impact on Customer or End User experience.
18.104.22.168. Support ticket acknowledged and receipt sent to Customer within a maximum of 24(twenty four) hours.
22.214.171.124. Fault identified and action plan for resolution developed within a reasonable time.
126.96.36.199. The Company will endeavour to reach a resolution within a reasonable time.
14.10. A timely resolution is subject to receiving an accurate description in accordance with clause 15.6, the Company will make reasonable efforts to respond, investigate and/or rectify the fault within a response time that is technically and physically possible.
14.11. The Customer acknowledges that full rectification of the fault cannot be guaranteed within the stated time periods, when there are circumstances that may be beyond the Company’s reasonable control.
15.1. This Agreement may be terminated upon notice only if either Party fails to comply with one or more of the terms outlined in this EULA, which shall be deemed as an act of default;
15.1.1. If the Customer fails to pay the Company or Partner any outstanding Recurring Service Fee;
15.1.2. if either Party breaches any of these terms and do not remedy the breach within 14 (fourteen) days after receiving notice of the breach, if it is capable of being remedied;
15.1.3. In the event that either Party files for bankruptcy, becomes insolvent or has a receiver or manager appointed to any of its assets.
15.2. The Company may suspend or terminate the Customer’s use of the Software Service immediately if:
15.2.1. the Company believes the Customer fraudulently misused or abused any aspect of the Software Service (in whole or in part); or
15.2.2. the Company believes the Customer has provided inaccurate or misleading information;
15.2.3. third party services and network providers cease to make the third party service or network available to the Company.
15.3. In the event of termination under this clause, the Company will not provide any refund for any remaining prepaid period and any outstanding balance must be paid in full.
15.4. Termination of these Terms is without prejudice to any rights and liabilities of either Party accrued up to or including the date of termination.
16.1. The Customer has the right to cancel the Service within 14 (fourteen) days from the Commencement Date.
- Entire agreement
17.1. This EULA and the terms of any other notices or instructions given to the Customer, supersede and extinguish all prior agreements, representations (whether oral or written), and understandings and constitute the entire agreement between the Customer and the Company relating to the Software Services and the other matters dealt with in this EULA.
18.1. Neither party shall be liable for any breach of this EULA or delay to the extent that such breach or delay is caused by an event beyond its reasonable control, provided that, the Party affected by such event notifies the other as soon as it becomes aware of such event and uses all reasonable effort to mitigate or reduce the effect on its performance under this EULA.
18.2. Clause 19.1 does not apply to any obligation to make payment.
- No Waiver
19.1. If either Party waives any breach of these terms, this will not constitute a waiver of any other breach.
20.1. Any notice given under these terms by either Party to the other must be made in writing.
20.2. Notice will be deemed to have been provided on transmission;
20.2.1. if delivered via recorded courier during normal business hours of the recipient; or
20.2.2. via e-mail and a transmission report or return receipt indicating failure of transmission is not generated.
20.3. Notices to the Company must be sent to the registered Company address or via e-mail to support@InsightKiosk.com or to any other email address notified by email to Customer by the Company.
20.4. Notice to the Customer will be sent to the registered company address and/or e-mail address that is provided by the Customer on the ‘Settings’ page of the Software Service, and the Customer agrees to ensure that all information provided is kept accurate and up-to-date.
21.1. The Company is permitted to sub-contract or reassign in whole or in part, its Software Service obligations under this EULA. The Company shall remain liable for the Software Service provided by a sub-contracted party in line with terms within this EULA and the Data Processing Addendum.
- No Assignment
22.1. The Customer is not permitted to assign or transfer any rights or obligations to any other third party without the prior written consent of the Company.
- Rights of Third Parties:
23.1. A person who is not a party to these terms has no right to benefit under or to enforce any term of this EULA.
24.1. If any part or provision of this EULA is deemed to be invalid, unenforceable or in conflict with the law, that part or provision is to be replaced with a provision which, as far as possible, accomplishes the original purpose of that part or provision.
24.2. The remainder of this EULA will be binding on the Parties.
- No Partnership
25.1. This EULA shall in no way be construed as the granting of or establishment of any form of partnership or joint venture. Furthermore, nothing in this EULA shall be interpreted so as to oblige either Party to enter into any further agreement.
- Governing Law Jurisdiction
26.1. This EULA shall be governed by and construed in accordance with English law.
26.2. Any dispute(s) arising in connection with this Agreement are subject to the exclusive jurisdiction of England and Wales.
- What information we collect and why we collect it.
- How we use that information.
- The choices we offer, including how to access and update information.
If you have any questions please send an email to firstname.lastname@example.org.
Information that we collect
We collect information in order to provide our Software Service to you in accordance with the EULA. We collect the following types of information:
Information you provide to us – In order to use our Software Service we require Customer information to register and set up your account for administration purposes, this includes:
- Company Name
- Company Contact Name
- Telephone Number
This information is associated with your account Within the Software Service.
Information collected from your use of the Software Services
In order to deliver our Software Service certain information is collected, this includes:
- Tablet Device information – We collect the Unique Device Identification information – which enables us to authenticate the tablet device you are using with the correct device licence.
- Log information – We collect log information when you use the Software Service, including:
- Internet protocol (IP) address and location.
- Event information in relation to actions such as change of device settings via our Cloud Software Service.
- Browser information.
How we use information that we collect
We use the information we collect to provide the Software Services in accordance with the EULA. This enables us to maintain, update, improve and secure the Software Services for all of our Customers, and their End Users.
We may use the Customer information on record to:
- Contact you in order to fulfill any contractual obligations under the EULA.
- Contact you regarding updates to the Software Service, e.g. upcoming changes or improvements.
- Contact you regarding Software Service licence renewals.
- Contact you regarding legal requests, eg. Data Subject Requests under the GDPR.
- Notify you of updates to information, e.g. change of email address on record.
We store personal information on our servers located within the United Kingdom and inside European Economic Area (EEA).
Third party websites/platforms
Accessing and updating personal information
We aim to provide you with full access to the information we have on record by providing you with access via the ‘Settings’ page within the Software Service. Here you can view, update and edit your information that we have on record. You may also inform us if you have any further data requests via contacting us at email@example.com.
Information that we share
We do not share personal information with companies, organisations and individuals outside of InsightKiosk unless one of the following circumstances applies:
- With your consent.
- For legal compliance obligations.
- We may share general information that does not contain personally identifiable markers, such as general usage stats.
This Data Processing Addendum (“DPA”) forms part of the End User Licence Agreement “EULA” between InsightKiosk the Data Processor (hereinafter called the “Company”) acting on behalf of the Customer the Data Controller (“Customer” and together with the Company, are the “Parties”). This DPA reflects the Parties’ agreement with respect to the terms governing the processing and security of Customer Personal Data under GDPR in relation to the applicable EULA. By using the Software, the Customer agrees to be bound by these terms. Please review them carefully before use and/or installation.
“Affiliate” means an entity that owns or controls, is owned or controlled by or is or under common control or ownership with Company, where control is defined as the possession, directly or indirectly, of the power to direct or cause the direction of the management and policies of an entity, whether through ownership of voting securities, by contract or otherwise.
“Agreed Liability Cap” means the maximum monetary or payment-based amount at which a party’s liability is capped under the applicable EULA.
“Addendum Effective Date” means, as applicable on the 25th May 2018 and thereafter.
“Contracted Processor” means Company or a Subprocessor.
“Customer Personal Data” means any Personal Data Processed by a Contracted Processor on behalf of a Customer in connection with the EULA Agreement.
“Data Incident” means a breach of the Company’s security leading to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to, Customer Data on systems managed by or otherwise controlled by the Company. “Data Incidents” will not include unsuccessful attempts or activities that do not compromise the security of Customer Personal Data, including unsuccessful log-in attempts, pings, port scans, denial of service attacks, and other network attacks on firewalls or networked systems.
“EEA” means the European Economic Area.
“End User” this is defined as an individual who engages with the tablet application within the Customer’s operating environment.
“European Data Protection Legislation” means EU Directive 95/46/EC, as transposed into domestic legislation of each Member State and as amended, replaced or superseded from time to time, including by the GDPR and laws implementing or supplementing the GDPR.
“GDPR” means EU General Data Protection Regulation 2016/679;
“Standard Contract Clauses” or “SCC” means the standard data protection clauses for the transfer of personal data to processors established in third countries which do not ensure an adequate level of data protection, as described in Article 46 of the GDPR.
“Non-European Data Protection Legislation” means data protection or privacy legislation other than the European Data Protection Legislation.
“Notification Email Address” means the email designated by the Customer in the settings page of the cloud management portal.
“Security Documentation” means all documents and information made available by the Company at https://www.insightkiosk.com/terms-of-use/.
“Security Measures” means the security provisions utilised by the Company in order to protect the usage of the Services as explained further in clause 7.1.
“Software Service” means the services and other activities to be supplied to or carried out by or on behalf of the Customer pursuant to the EULA.
“Subprocessors” means third parties authorised under this Data Processing Addendum who have logical access to and process Customer Data in order to provide parts of the Software Services and related technical support on behalf of the Company.
“End User Licence Agreement” “EULA” means the principal terms and conditions under, which the Service is provided to the Customer.
“Term” means the period from the Amendment Effective Date until the end of Company’s provision of the Software Services under the EULA, including, if applicable, any period during which provision of the Software Services may be suspended and any period after termination where Software Services are provided for transitional purposes.
The terms, “Controller”, “Data Subject”, “Personal Data”, “Personal Data Breach”, “Processing” and “Supervisory Authority” shall have the same meaning as in the GDPR.
2. Duration of Data Processing Addendum
2.1. This DPA will take effect on the Amendment Effective Date and, remain in effect until automatic expiry of the EULA licence period and/or the deletion of all Customer Data by the Company.
3. Processing Personal Data
3.1 The parties acknowledge and agree that with regard to the Processing of Personal Data;
3.1.1. The subject-matter of Processing of Personal Data by the Company is pursuant to the EULA. The duration of the Processing, the nature and purpose of the Processing, the types of Personal Data and categories of Data Subjects Processed under this DPA are further specified in Appendix 1;
3.1.2. the processing is carried out in the context of the activities of a Customer within the territory of the EEA; and/or the Customer Personal Data is personal data relating to data subjects who are in the EEA and the processing relates to the offering to them of goods or services in the.
3.1.3. the Company is the Processor the Customer Personal Data;
3.1.4. the Customer is a controller, of the Customer Personal Data; and
3.1.5. each party will comply with the obligations applicable to it under the European Data Protection Legislation with respect to the processing of that Customer Personal Data.
3.1.6. the Company will engage Subprocessors pursuant to the requirements set forth in Clause 15.
4. Company’s Processing of Customer Personal Data.
4.1. By entering into this DPA, the Customer hereby instructs the Company to process Customer Personal Data.
4.2. The Company shall comply with all applicable Data Protection Laws in the Processing of Customer Personal Data.
4.3. The Company will not process Customer Personal Data for Advertising purposes or to serve Advertising in its Software Services.
4.4. The Company will process data as Confidential Information and shall only Process Personal Data on behalf of and in accordance with Customer’s documented instructions for the following purposes:
4.4.1. Processing in accordance with the terms outlined in the EULA,
4.4.2. Processing to provide the Software Services and related technical support,
4.4.3. Processing initiated by End Users in their use of the Software Services; and
4.4.4. Processing to comply with documented reasonable instructions requested in writing by the Customer, where such instructions are consistent with the terms of the EULA and this DPA.
5. Customer’s Processing of Personal Data.
5.1. The Customer shall, in its use of the Software Services, agree to Process Personal Data in accordance with the requirements of Data Protection Laws and Regulations. For the avoidance of doubt, Customer’s instructions for the Processing of Personal Data shall comply with Data Protection Laws and Regulations.
5.2. As a Controller the Customer agrees to maintain sole responsibility for the accuracy, quality, and legality of Personal Data and the means by which it lawfully acquires the Personal Data.
6. Company Personnel
6.1. The Company shall ensure that its personnel engaged in the Processing of Customer Personal Data are informed of the confidential nature of the Personal Data, have received appropriate training on their responsibilities and have signed confidentiality agreements where applicable with the Company.
6.2 The Company shall take commercially reasonable steps to ensure the reliability of any Company employee, agent, contractor or any Contracted Processor.
6.3 The company shall ensure that access to the Customer Personal Data is limited to those personnel requiring access in order to perform in accordance with the EULA and Software Services provided.
7. Data Security
7.1. The Company shall maintain appropriate technical and organisational measures to protect Customer Personal Data against accidental or unlawful destruction, loss, alteration, unauthorised disclosure or access as described in the Company’s Security Measures documentation available to view at https://www.insightkiosk.com/terms-of-use.
7.2. The Company will not materially decrease the overall security of the Software Services during the term of a valid EULA.
7.3. The Company shall assist the Customer with any obligations in respect of security of Personal Data and Personal Data Breaches under the GDPR, as applicable.
8. Data Incident
8.1. The Company shall notify the Customer without undue delay upon the Company or any Subprocessor becoming aware of a Data Incident affecting Customer Personal Data, and provide the Customer with sufficient information to allow the Customer to meet any obligations to report or inform Data Subjects of the Data Incident under the Data Protection Laws.
8.2. Notification(s) of any Data Incident(s) will be delivered to the Notification Email Address or, at the Company’s discretion, by direct communication via telephone or in-person meeting. The Customer is solely responsible for ensuring that the Notification Email Address is current and valid at all times.
8.3. Notifications to Customers will describe, to the extent possible, details of the Data Incident, including measures taken to mitigate the potential risks and if applicable, any migrating recommendations for the Customer.
8.4. The Company shall co-operate with the Customer and take such reasonable commercial steps as are directed by the Customer to assist in the investigation, mitigation and remediation of each Data Incident, to the extent the remediation is within the Company’s reasonable control. The obligations herein shall not apply to incidents that are caused by Customer or Customer’s End Users.
8.5. The Company’s notification of or response to a Data Incident under this clause 8. will not be construed as an acknowledgement by the Company of any fault or liability with respect to the Data Incident.
9. Customer’s Security Responsibilities and Assessment
9.1. The Customer agrees that, without prejudice to the Company’s obligations under Clauses 6 to 8, that the Customer is solely responsible for its use of the Software Services, which includes:
9.1.1 making appropriate use of the Software Services and ensuring that security and compliance features within the Software Service are used;
9.1.2. securing the account authentication credentials, systems and devices the Customer uses to access the Software Services; and
9.1.3. backing up Customer Personal Data.
9.2. The Company has no obligation to protect Customer Personal Data that the Customer transfers and/or stores outside of the Company and its Subprocessor’s service and systems.
9.3. The Customer is solely responsible for reviewing the Security Measures Documentation available at https://www.prointeractive.com/terms-of-use/ and evaluating for itself whether the Software Services, the Security Measures, the and the Company’s commitments under this DPA will meet the Customer’s needs, including with respect to any security obligations of the Customer under the European Data Protection Legislation and/or Non-European Data Protection Legislation, as applicable.
9.4. The Customer acknowledges and agrees that (taking into account the state of the art, the costs of implementation and the nature, scope, context and purposes of the processing of Customer Personal Data as well as the risks to individuals) the security measures implemented and maintained by the Company in the Security Documentation provide a level of security appropriate to the risk in respect of the Customer Personal Data.
10. Audit rights
10.1. Subject to clauses [10.2 to 10.4], the Company shall make available to the Customer on request all information necessary to demonstrate compliance with this DPA, and shall allow for and contribute to audits, including inspections, by the Customer or an auditor mandated by the Customer in relation to the Processing of the Customer Personal Data by the Company.
10.3. The Customer may contact the Company in accordance with the “Notices” Clause within the applicable EULA to request an audit in accordance with clause 10.
10.4. Before the commencement of any such audit, the Customer and the Company shall mutually agree upon the scope, timing, and duration of the audit in addition to the reimbursement rate for which the Customer shall be responsible. All reimbursement rates shall be reasonable, taking into account the resources expended by the Company, or its third-party Subprocessors.
10.5. The Customer or the relevant Customer auditor undertaking an audit shall give the Company reasonable notice of any audit or inspection to be conducted. The Customer shall make (and ensure that each of its mandated auditors makes) reasonable endeavours to avoid causing (or, if it cannot avoid, to minimise) any damage, injury or disruption to the Company’s premises, equipment, personnel and business while its personnel are on those premises in the course of such an audit or inspection. The Company may not give access to its premises for the purposes of such an audit or inspection:
10.5.1. to any individual unless he or she produces reasonable evidence of identity and authority;
10.5.2. outside normal business hours at those premises, unless the audit or inspection needs to be conducted on an emergency basis and the Customer or the relevant Customer auditor undertaking an audit has given notice to the Company that this is the case before attendance outside those hours begins.
10.6. The Company may object in writing to an auditor appointed by Customer to conduct any audit under Clause 10 if the auditor is, in the Company’s reasonable opinion, not suitably qualified or independent, a competitor of the Company, or otherwise manifestly unsuitable. Any such objection under these circumstances will require the Customer to appoint another auditor or conduct the audit itself.
10.7. The Customer shall promptly notify the Company with information regarding any non-compliance discovered during the course of an audit.
11. Data Deletion
11.1. The Company will enable Customers to delete Personal Data during the term of the EULA in a manner consistent with the functionality of the Software Services via data requests to the Company. If the Customer wishes to delete any Customer Personal Data during the applicable EULA term, this will constitute an instruction to the Company to delete the Customer Personal Data from the Company’s systems in accordance with applicable law. The Company will comply with this instruction as soon as reasonably possible and within a maximum period of 60 (sixty) days, unless EU or EU Member State law requires storage.
11.2. Upon expiry of the EULA term the Company shall promptly delete Customer Personal Data from the Company’s systems in accordance with applicable law. The Company will comply with this instruction as soon as reasonably possible and within a maximum period of 60 (sixty) days, unless EU or EU Member State law requires storage. If the Customer wishes to retain Customer Personal Data before deletion, the Customer acknowledges and agrees that they are solely responsible for exporting Customer Personal Data from the Software Service, before the applicable EULA term expires.
11.3. In relation to clause 11.2, irrespective of the EULA term expiry this DPA will continue to apply until the Customer’s Personal Data has been deleted.
12. Data Protection Impact Assessments
12.1. Upon the Customer’s written request, the Company agrees to (taking into account the nature of the processing) provide the Customer with reasonable cooperation and assistance needed to fulfil the Customer’s obligation under the GDPR to carry out a data protection impact assessment related to the Customer’s use of the Software Services, to the extent the Customer does not otherwise have access to the relevant information, and to the extent such information is available to the Company. The Company shall provide reasonable assistance to the Customer in the cooperation or prior consultation with the Supervisory Authority in the performance of its tasks relating to this Clause 12 of this DPA, to the extent required under the GDPR.
13. Data Subject Rights; Data Export
13.1. The Company shall, to the extent legally permitted, promptly notify the Customer if the Company receives a request from a Data Subject to exercise the Data Subject’s right of access, right to rectification, restriction of Processing, erasure (“right to be forgotten”), data portability, object to the Processing, or its right not to be subject to an automated individual decision making (“Data Subject Request”).
13.2. The Customer will be responsible for responding to any such request including, where necessary, by using the functionality of the Software Services.
13.3. Taking into account the nature of the processing, the Company shall assist the Customer by appropriate technical and organisational measures, to the extent that is possible, for the fulfilment of the Customer’s obligation to respond to a Data Subject Request under Data Protection Laws and Regulations. In addition, to the extent the Customer, in its use of the Software Services, does not have the ability to address a Data Subject Request, the Company shall upon the Customer’s request provide commercially reasonable efforts to assist the Customer in responding to such Data Subject Request, to the extent the Company is legally permitted to do so and the response to such Data Subject Request is required under Data Protection Laws and Regulations.
14. Data Transfers
14.1. The Customer agrees that the Company may, subject to Section 14.2, store, process and transfer Customer Personal Data outside of the EEA to any other country in which the Company or any of its Subprocessors maintains facilities.
14.2. If the storage and/or processing of Customer Personal Data involves transfers of Customer Personal Data out of the EEA and the GDPR applies to the transfers of such data the Company will:
14.2.1. ensure that the Standard Contractual Clauses are at all relevant times incorporated into the commercial agreement between on the one hand (a) the Company, or (b) the relevant Company Affiliate, or (c) the relevant intermediate Subprocessor; and on the other hand the Subprocessor, or before the Subprocessor first Processes Customer Personal Data procure that it enters into an agreement incorporating the Standard Contractual Clauses with the relevant Customer(s) (and the Customer shall procure that each Customer Affiliate party to any such Standard Contractual Clauses co-operates with their population and execution).
188.8.131.52. In respect of Transferred Personal Data, the Customer agrees that if, under the GDPR the Company reasonably requires the Customer to enter into Standard Contractual Clauses in respect of such transfers, the Customer will do so.
15.1. The Customer acknowledges and authorises that the Company may engage:
15.1.1. the Company’s Affiliates as Subprocessors; and
15.1.2. the Company and/or Company Affiliates respectively may engage third -party Subprocessors in connection with the provision of the Software Services.
15.2. The Company or a Company Affiliate agrees to only use Subprocessors where there is a written contractual agreement that contains data protection obligations with respect to the protection of Customer Personal Data under the GDPR to the extent applicable to the nature of the services provided by such Subprocessor.
15.3. The Company will ensure that:
15.3.1. the Subprocessor only accesses and uses Customer Personal Data to the extent required to perform the obligations subcontracted to it, and does so in accordance with the applicable EULA (including this DPA) and any Standard Contractual Clauses entered into.
15.3.2. If the Customer is required to enter into the Standard Contractual Clauses as described in Clause 14.2, the above authorizations will constitute Customer’s prior written consent to the subcontracting of the processing of Customer Personal Data if such consent is required under the Standard Contractual Clauses.
15.4. The Company shall remain liable for the acts and omissions of its Subprocessors to the same extent if the Company would be liable if performing the services of the Subprocessor directly under the terms of this DPA, except as otherwise set forth in the DPA.
15.5. The Company and any Company Affiliate may continue to use those Subprocessors already engaged by the Company or any Company Affiliate as at the Addendum Effective Date, subject to Company and each Company Affiliate in each case as soon as practicable meeting the GDPR obligations.
15.6. The Company shall make available to the Customer the current list of Subprocessors for the Software Services upon request. Such Subprocessor lists shall include the identities of those Subprocessors and their country of location and will be accessible as of the Addendum Effective Date.
15.7. The Company shall give the Customer prior written notice to the Notification Email Address on record of the appointment of any new third-party Subprocessor at least 30 days before appointment, including details of the type of Processing to be undertaken by the third-party Subprocessor. If, within 10 (ten) days of receipt of that notice, the Customer notifies the Company in writing of any objections (on reasonable grounds) to the proposed appointment:
15.7.1. The Company shall work with the Customer in good faith to make available a commercially reasonable change in the provision of the Software Services which avoids the use of that proposed third-party Subprocessor; and
15.7.2. where such a change cannot be made before the appointment, notwithstanding anything within the EULA, the Customer may by written notice to the Company with immediate effect terminate the EULA in accordance with the applicable terms and to the extent that it relates to the Software Services which require the use of the proposed Subprocessor.
184.108.40.206. This termination right is the Customer’s sole and exclusive remedy under the circumstance where a change is not commercially viable and the Customer objects to any new third-party Subprocessor.
16. Data Protection Officers
16.1. The Company’s Data protection representatives can be contacted via email at firstname.lastname@example.org and/or by providing notice to the Company as described in the applicable EULA.
16.2. The Customer acknowledges that the Company is required under the GDPR to:
16.2.1. collect and maintain records of certain information, including the name and contact details of each Customer controller on behalf of which the Company is acting and, if applicable, of such controller’s local representative and data protection officer; and
16.2.2. make such information available to the Supervisory Authorities if required.
16.2.3.The Customer will, where required and/or requested, provide such information to the Company via the ‘Settings’ page within the Software Service, and the Customer agrees to ensure that all information provided is kept accurate and up-to-date.
17. Limitation of liability
17.1. If the Standard Contract Clauses have been entered into as described in Clause 14.2, the total combined liability of either party and its Affiliates towards the other Party and its Affiliates under or in connection with the applicable EULA and such Standard Contract Clauses combined will be limited to the Agreed Liability Cap for the relevant party, subject to Clause 17.2.
17.2. Nothing in Clause 17.1 will affect the remaining terms of the EULA and specifically any terms relating to any exclusions that limit liability.
18. Order of precedence
18.1. Nothing in this DPA reduces the Company’s or any Company Affiliate’s obligations under the EULA in relation to the protection of Personal Data or permits the Company or any Company Affiliate to Process (or permit the Processing of) Personal Data in a manner which is prohibited by the EULA. In the event of any conflict or inconsistency between this DPA and the Standard Contractual Clauses, the Standard Contractual Clauses shall prevail.
Subject to Clause 18.1, with regard to the subject matter of this DPA, in the event of inconsistencies between the provisions of this DPA and any other agreements between the Company or the Customer, including the EULA and including (except where explicitly agreed otherwise in writing, signed on behalf of the parties) agreements entered into or purported to be entered into after the Addendum Effective Date, the provisions of this DPA shall prevail.
19.1. Should any provision of this DPA be invalid or unenforceable, then the remainder of this DPA shall remain valid and in force. The invalid or unenforceable provision shall be either:
19.1.1. amended as necessary to ensure its validity and enforceability, while preserving the parties’ intentions as closely as possible or, if this is not possible,
19.1.2. construed in a manner as if the invalid or unenforceable part had never been contained therein.
20. Governing law and jurisdiction
20.1. Without prejudice to Clauses 7 (Mediation and Jurisdiction) and 9 (Governing Law) of the Standard Contractual Clauses:
20.1.1. the Parties to this DPA hereby submit to the choice of jurisdiction stipulated in the EULA with respect to any disputes or claims howsoever arising under this DPA, including disputes regarding its existence, validity or termination or the consequences of its nullity; and
20.1.2. this DPA and all non-contractual or other obligations arising out of or in connection with it are governed by the laws of the country or territory stipulated for this purpose in the EULA.
This Appendix includes details of the Processing of Customer Personal Data as required by GDPR.
The Company’s provision of the Services and related technical support to the Customer’s use of the Services.
Duration of the Processing
The applicable term under the EULA and/or Customer order form, including any period post expiry until the deletion of Customer Personal Data in accordance with this DPA
Nature and Purpose of the Processing
The Company will process Customer Personal Data submitted, stored, sent or received by the Customer, its Affiliates or End Users via the Services for the purposes of providing the Services and related technical support to the Customer in accordance with the DPA.
Categories of Data
Personal data submitted, stored, sent or received by the Customer, its Affiliates or End Users via the Services may include the following categories of data: user names, email, telephone and other data.
Personal data submitted, stored, sent or received via the Services may concern the following categories of data subjects: End Users, Customer’s employees and contractors; and any other person who transmits data via the Services.
User Account Security
- All InsightKiosk user accounts require a valid username and password to access the platform.
- Passwords are never stored in a plain text format and all passwords are encrypted at rest and in transit.
- Passwords must meet minimum requirements of Password must contain a minimum of 8 characters, 1 uppercase letter, 1 lowercase letter, at least 1 number and at least one special character e.g. *%£@ etc.
- InsightKiosk employees are unable to access or recover a password.
- In order to reset a password the change must be validated and confirmed via the email attached to the authenticated user account.
- Brute force user account locking functionality to prevent excessive login attempts.
- Session management and auto log out functionality.
- InsightKiosk uses industry standard encryption to protect your data. This means that all interaction between our server, browser and tablet devices use secure socket layer also known as “SSL” encryption for transit authentication.
- Our API’s are not accessible by end users and our platform does not authenticate with any third party platforms outside of our ecosystem.
Access Account Authentication
InsightKiosk has two user levels:
- Admin – accessible by InsightKiosk employees only, that are authorised on a ‘need to know’ basis and upon role/responsibility.
- End User –has access to their secure user account only.
- All End Users are set up directly by the InsightKiosk team and the platform does not allow any party to sign up as a user without admin level employee authorisation.
- End user accounts have session management protocol operating at all times, so if an admin or end user is inactive for more than 15 minutes the account will be automatically logged out.
InsightKiosk uses Amazon AWS server infrasstructure to deliver its service. You can find security information about the specific products we use below
- EC2 – https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-security.html
- RDS – https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/UsingWithRDS.html
- SES – https://docs.aws.amazon.com/whitepapers/latest/aws-overview-security-processes/amazon-simple-email-service-amazon-ses-security.html
Please review the other tabs on this page, as we provide a thorough overview of our data security measures, policies and procedures. If you would still like to contact us regarding a question or as one of our clients you need to make a data request, please email us on email@example.com.