Prosent logo
Organizer App

END-USER AGREEMENT and TERMS OF SERVICE

This END-USER AGREEMENT and these TERMS OF SERVICE (hereinafter the“Agreement”) set forth the binding terms and conditions of use of the Prosent™ suite, by and between

Prosent s.r.o., a company incorporated and existing under the laws of the Slovak Republic, with its seat at: Lermontovova 911/3, Bratislava 811 05, Slovakia, ID No. (IČO): 53 927 940, registered in the Business registry of District Court Bratislava I, section Sro, reg. No. 97747/B (hereinafter the “Provider”), on the one part, and any natural person or legal entity which accepts the terms hereof and submits an order by means of the website https://organizer.prosent.io/ or any associated mobile app (hereinafter the “Website/App”), dedicated to the Prosent™ suite (hereinafter the “User”), on the other part

(the Provider and the User being hereinafter collectively referred to as the “Parties” or each individually as a “Party”).

Preamble

  1. WHEREAS the Provider is a limited liability company duly registered in the Slovak Republic, having created, owning the intellectual property rights to and operating Prosent™ - a proprietary suite of software, practices, processes, methodologies, techniques and know-how - as described in www.prosent.io - constituting a tool intended to facilitate intelligent logging, selection and records of natural persons based on, among other characteristics, facial appearance (hereinafter referred to as the “Software“),

  2. WHEREAS the User make short-term or long-term use of the Software, by means of a license granted by the Provider as well as the Provider's continuous services (hereinafter referred to as the“Purpose” or “Arrangement”).

  3. WHEREAS the Provider intends to (i) keep confidential any and all information and data pertaining to the Software of a proprietary nature, as well as its know-how, (ii) provide to the User an opportunity to use the Software for an agreed period of time for consideration, (iii) ensure the protection of event participants' and other data subjects' personal data to the maximum possible extent in accordance with applicable law, especially with regard to personal data of an especially sensitive nature (biometric data) and (iv) achieve indemnity and define the exclusion of its liability in connection with any use of the Software by the User,

the Parties hereby undertake, to define the terms of their mutual legal relations with respect to any and all use of the Software, facilitate further communication and cooperation regarding the Arrangement, to conduct their further cooperation in accordance herewith, and to exchange certain information concerning the Software, the Parties or affiliates of the Parties as well as necessary information considering mainly participants of events organized on part of the User.

In consideration of the agreement to exchange information, the Parties enter into this Agreement to ensure, without limitation, confidentiality of any information shared, indemnity and limitation of liability of the Provider.

In consideration of the license to use the Software, to be granted by the Provider to the User, the Parties enter into this Agreement in order to define the terms of any such license granted; furthermore, the Parties intend to define the nature and content of any services provided by the Provider with respect to the Software.

Terms and definitions

The terms used herein, in addition to the terms set out above, shall have the meanings as set forth below. Any of the terms defined by the Agreement may be used in their plural and singular forms, whichever is applicable to the context.

  1. "Confidential Information" shall mean any information that the Provider qualifies as a trade secret by labelling physical media as “Confidential” or marking physical or electronic documents with the words “Confidential”, as well as any other information, documents, data and files made available or disclosed to the User in any form (including, without limitation, written, verbal, printed, or electronic forms) before or after the signature of this Agreement, including information made available by means of Affiliates or proxies such as expert advisors (legal, tax, accounting and otherwise), and pertaining to the following:

    1. the Software and/or the Purpose, including but not limited to the existence or status of the Purpose, or the essence and subject matter of the negotiations on the Purpose between the Parties;

    2. the Parties' data, informational materials, project documentation, documents and/or any other information, in any form of capture, e.g. any information about prices, rights and obligations of the Provider, information about orders and customers, economic results, financial, statistical and accounting information, information about technical and software equipment, know-how, business strategies and business plans and/or any other information such as legal, strategic, personal, technical, financial, economic, business, structural, operational, administrative, marketing and organizational information, etc. regardless of the form they were provided in, and

    3. any and all analytical findings, reports, forecasts, R&D data and other documents drafted by the Provider or Representatives thereof, which contain or otherwise refer to any of the aforementioned.

    Any information derived from or based on the Confidential Information in any form (including any of the files and records produced by the User or on behalf thereof) shall be considered Confidential Information.

    The term “Confidential Information” shall not apply to any information or data that (i) was in or came into the public domain through no fault of either Party or Representatives thereof; (ii) was in the possession of the receiving Party or Representatives thereof before disclosure by the disclosing Party, provided that the receiving Party was not aware that the disclosed information might have been subject to confidentiality; (iii) became available to the receiving Party or Representatives thereof on a non-confidential basis from a third party other than the other Party or Representatives thereof, provided that the receiving Party was not aware that such a third party was bound by a confidentiality agreement with the other Party or otherwise; (iv) was independently acquired or developed by the receiving Party or Representatives thereof; or (v) has been designated as non-confidential by the disclosing Party.

  2. “Representatives”, when applicable to relevant individuals or businesses, shall mean executives, officials, partners, employees, agents, lawyers, accountants, auditors, consultants and/or Affiliates of said individuals or businesses.

  3. “Affiliates”, when applicable to either Party, shall mean any entities that belong to the same group of entities as a Party hereto, or entities that a Party directly or indirectly controls, or is controlled by, where “control” shall mean ownership of more than 20% of the voting rights or other equity interest or mechanism of control in the governing body.

  4. “Effective Date” shall mean the date on which the User accepted the terms of this Agreement by means of the Website/App, which is the starting and effective date of this Agreement.

  5. “Term” shall mean the period of time as of the Effective Date and commencement of the Arrangement, during which and only during which the User shall have access to the use of the Software, as specified on the Website/App and/or in the User's order.

  6. “License” shall mean the terms and conditions of use of the Software by the User, mainly but not exclusively detailed by Article III of the Agreement.

  7. “Participant” shall mean any data subject whose personal data, photographs and/or facial features are processed by the Software, mainly but not limited to persons participating in events organized by the User or facilitated by the User, or persons participating in other meetings and gatherings.

  8. “Cap” shall mean the maximum pre-paid number/amount of (i) single events that may be logged and monitored, and/or (ii) Participants - natural persons as data subjects, and/or (iii) photographs uploaded to or stored by the Provider, (iv) storage space or processing power consumed, and/or (v) other variables (as listed on the Website/App), while using the Software under the Arrangement on part of the User.

  9. The term “entity” used herein shall have a general meaning to cover mass media, any organization, company, corporation, association, partnership, group or individual/business.

  10. The term “event” used herein shall have a general meaning to cover organized events, non-profit and for-profit meetings, gatherings, whether in a business, cultural, sports, religious or any other context and without limitations as to the number and nature of participating persons and/or staff.

Confidentiality

  1. Non-disclosure Obligations. The Parties hereby promise and agree that any Confidential Information disclosed to them or their Representatives thereof by the other Party or on its behalf, as of the date of this Agreement or in the future, shall be used solely for the Purpose and that Confidential Information shall be held in confidence by both Parties and Representatives thereof, regardless of their decision to implement the Purpose or not; on the understanding that (i) each Party may only disclose said information to third parties that do not fall under the definition of Representatives or Affiliates, upon prior written approval of the relevant disclosing Party; (ii) the Parties may disclose said information to their Representatives who require it in order to prepare recommendations for the User to make informed decisions on the Purpose and further cooperation, provided that the Representatives make commitments similar hereto in writing to keep any disclosed information strictly confidential; (iii) the Parties may disclose said information in other cases as required by law or applicable stock exchange rules and regulations; (iv) the User may independently use any results generated by the Software for its own purposes in the field of event management.

    Each Party is fully responsible for the breach of any provisions hereof by any of its Representatives, and shall take reasonable measures to prevent unauthorized disclosure of the Confidential Information by the Party or Representatives thereof. Whenever either Party receives Confidential Information, it shall comply with the measures stipulated by any current legislation on the protection of its confidentiality and secrecy, at least to the same extent as it undertakes with respect to its own trade secrets and proprietary information.

  2. Notices. For the avoidance of doubt, the Parties shall not contact any executives, officials, managers or employees of the other Party not involved in the Purpose for any matters concerning the Purpose or Confidential Information without prior notice to the other Party. The Parties shall not contact any third parties not involved in the Purpose for any matters concerning the Purpose or any Confidential Information, with the exception of expert legal and tax advisors bound by obligations of confidentiality equivalent to those under this Agreement, unless previously authorized to engage in such contact by the relevant disclosing Party.

  3. Contacts and Publications. Except as otherwise required by law or applicable stock exchange rules and regulations, the User hereby agrees and undertakes not to authorize any entities to make any statements in respect of the Purpose, disclose information about the Purpose or Arrangement or provide assistance to such entities in this respect, without the prior written consent of the Provider.

  4. Reports. The User shall report to the Provider any actual or suspected violation of the provisions set forth in this Agreement and provide appropriate assistance to minimize the damage caused by said violation(s).

  5. Compelled Disclosures. In the event that a Party or Representatives thereof are requested or ordered by a competent authority to provide any Confidential Information (as required by the existing laws, orders, rules of procedures, in case of interrogation, request of information or documents as part of legal or civil proceedings, in response to a subpoena, or other similar actions, or stock exchange rules and regulations), that Party shall promptly notify the other Party of any said request or order in writing in order to enable the other Party to seek an appropriate remedy for protection of the Confidential Information and take all reasonable measures required to maintain the secrecy of the Confidential Information, including the disputing of requests or orders received.

    In the event that such protection against disclosure, including remedies, protective orders or other protection, is not obtained, or the disclosing Party waives the right to dispute the request or order or protect the Confidential Information otherwise, and the receiving Party or Representatives thereof, by operation of law or pursuant to the opinion and recommendations of their lawyer, are compelled to disclose the Confidential Information, the receiving Party shall disclose the Confidential Information without accepting liability hereunder, but only as and to the extent necessary to legally comply with such compelled disclosure and recommendations of their lawyer, provided that the receiving Party takes all reasonable measures to ensure further secrecy of the Confidential Information in compliance with the written instructions of the disclosing Party.

  6. Return and Erasure of Confidential Information. All Confidential Information disclosed hereunder shall be and remain the property of the disclosing Party and shall be returned to the disclosing Party at any time after the expiration of the Term, as requested. Nothing in this Agreement shall be construed as granting either Party any license or any right to use the Confidential Information provided by the other Party for purposes other than the Purpose. At any time upon written request of the disclosing Party and at its sole discretion, once the Term has expired, any Cap has been exhausted, the receiving Party shall immediately return to the disclosing Party all Confidential Information in its initial form (including hard copies, digital copies, data on magnetic media, etc.), that was in their possession and disclosed for the purpose of this Agreement, within ten (10) days of receipt of the relevant request by the disclosing Party.

    Each Party as the receiving Party agrees that all documents and files, as well as all copies thereof, whether magnetic, printed, audio, video or reproduced otherwise, including archive copies in electronic mail and on hard disks and any other records which are in the possession of its Representatives and reproduced by it or Representatives thereof shall be destroyed; upon written request by the Provider, the User shall provide written certification of compliance therewith confirmed by an authorized person responsible for said destruction of the Confidential Information

  7. Indemnities. Whereas the Provider has made all reasonable endeavors to provide the User with all necessary information, the User hereby understands and agrees that neither the Provider nor Representatives thereof make any warranties or representations, express or implied, regarding the accuracy or completeness of the Confidential Information or any parts thereof, or the useful nature and security of The Software. The User acknowledges that neither the Provider nor any Representatives or Affiliates thereof shall have any liability to the User or Representatives thereof in respect of or resulting from any use of the Confidential Information or wrongful details and omissions contained therein, and/or in respect of or resulting from any use of The Software, potential data leaks, security breaches and other accidental failures resulting from the use of The Software.

    The Provider specifically excludes the use of its Software by consumers (natural persons acting outside of their business and/or professional capacity); the User represents that it is not a consumer and that it acts within its business and/or professional activities.

  8. No Partnership. None of the terms of the Agreement may be construed to the effect that any form of permanent partnership, joint venture, common control or other intrinsic/permanent cooperation is to be created or maintained by and between the Parties.

  9. Specific Performance. The Parties hereto acknowledge that damages alone would not be an adequate remedy for the breach of any of the provisions of this Agreement and the non-breaching Party shall be entitled to the granting of equitable relief, including specific performance, as a remedy for any such breach available in accordance with applicable law.

  10. Termination. The confidentiality obligations contained herein and this Agreement shall be valid for the period of ten (10) years following the Effective Date.

Terms of service

  1. User's Representations. The User hereby confirms and represents that it has familiarized itself with any and all aspects of the Software that may be relevant to its usage under the Arrangement by the User. The User further confirms and represents that its use of the Software for the Purpose shall not lead to a breach of any applicable laws or regulations, in the country of its domicile or with respect to any legislation applicable in the Slovak Republic.

  2. License Agreement. The Provider hereby grants to the User a time-limited renewable License to use the Software, in the form of web applications, ready-to-use installation bundles and installed modules, for consideration and for a period of time as described in the relevant order made by the User.

    1. The User shall have access to the Software by means of a web application, pre-installed suite or mobile application, as made available by the Provider based on the Provider's own consideration.

    2. The User may use the Software worldwide, whereas personal data protection obligations with respect to third countries shall remain unaffected. Any time limitations on the License shall be governed by the relevant order made by the User.

    3. Any License to use the Software shall be granted as non-exclusive. Any license granted hereunder shall specifically exclude access to the Software's source code or underlying technical documentation, as well as any rights to decompilation or modification of the Software.

    4. EXCLUSIONS. The Software is provided to the User “as is”, without the right to modify, reverse-engineer or tamper with any part(s) or feature(s) thereof; any liability on part of the Provider shall be specifically excluded in case of violation of these license terms. The User further undertakes to refrain from copying, selling, renting, licensing, distributing, marketing and otherwise exploiting the Software or any of its parts commercially or in any other manner unrelated to the Purpose, reverse-engineering, decompiling, disassembling, adapting or reproducing the Software or any of its parts.

    5. EXCLUSION OF LIABILITY. The Software is provided to the User “as available”; any liability of the Provider for service outages, local unavailability on part of the User and for other technical reasons, as well as the Provider's liability for loss of data shall be specifically limited to the sum of a full refund of any fees and charges accepted by the Provider hereunder. Any liability of the Provider based on any local use of the Software, disconnected from the Provider's services provided under par. 3.3 hereof, shall be specifically excluded.(see par. 4.4 below for general limitations of liability)

    6. INDEMNITY. The User hereby agrees to defend, indemnify and keep indemnified the Provider and its Affiliates and Representatives against any claim or alleged claims, liabilities, losses, damages and all costs (including legal fees), directly or indirectly attributable to the User's violation of the Agreement or applicable law, and/or misuse of the Software.

    7. Except as defined on the Website/App, refunds for no use or limited use of the License or Provider's services under par. 3 3 below, shall be specifically excluded.

  3. Principles of Cooperation. Unless the Parties agree otherwise in writing, the Provider shall make the Software available to the User under the Arrangement and allow the User to make use of the Software in the following manner:

    1. The User shall be required to install and/or run the Software on relevant camera-enabled device(s); if required, the User will further be required to calibrate the Software and/or answer the Provider's generic and specific questions to an appropriate degree, relating to the nature of the event(s) in question and requirements on personal data submitted.

    2. The User may have Participants register at entry or exit by means of the Software, as run on the User's device or devices. The Software shall accumulate and send to the Provider personal data of logged Participants, including the scanning of facial features and biometric data where individual Participants have given their consent by means of the Software. The Provider shall receive all of the above data and compile a list of Participants, including biometric data where relevant.

    3. The Software will enable the User to request consent with the storage and publishing of event photos, where individual Participants are clearly identifiable, with respect to each Participant individually.

    4. The Provider shall provide the results by means of the Software, or make them available via member-only sections of the Website, to the User in a generally accepted format, along with each Participant's full set of personal data and contact details (as submitted) except for biometric data which is specifically excluded hereunder.

    5. The above process described in par. 3.3.1 to 3.3.4 of this Article shall be repeated for each event and each Participant with respect to whom personal data has been provided, until any Cap is reached or the Term expires.

    6. With respect to photographs and other visual media depicting relevant events, where participants' facial features are identifiable, the user may upload such pictures and use the Software to specifically blur or make unrecognizable the faces of Participants that (i) have not given their consent with the storage and/or publishing of photos and/or (ii) have not given their consent with biometric facial recognition.

    7. If and when the Software is used by the User with respect to future events, Participants shall be required to restate their consent with biometric facial recognition and in case consent is thus confirmed, shall be logged as participating on the event without the need to enter any further personal or other data.

    8. The results of the above steps, including biometric facial recognition where relevant, may be used by the User to (i) simplify Participant registration procedures, (ii) prevent redundancy in data entry, (iii) facilitate compliance with data protection legislation and requirements, as well as a transparent and user-friendly approach to privacy.

    9. The services provided by the Provider or its Affiliates under the Arrangement shall be provided for consideration, for a pre-paid fee as specified on the Website with respect to the applicable Cap; the User may use any means of payment listed on the Website/App or pre-agreed by and between the Parties.

    10. The Parties agree that the Provider shall be in no way obligated to provide its services under the Arrangement and may at its own discretion decide to discontinue and terminate the Arrangement without prejudice. The Provider reserves its right to exclude any number of Participants from biometric evaluation by the Software, without being required to state its reasons (refunds will be provided in case of notable outages unless the reason is a breach hereof by the User).

    11. Warranty and refunds. Taking into consideration the Purpose and the nature of the Arrangement, the Parties acknowledge and agree that the services provided by the Provider or its Affiliates hereunder shall be provided without any warranty or responsibility of the Provider or its Affiliates for any subsequent use of data generated by the Provider and/or any of its Affiliates; any fees paid for services and outputs actually provided, as well as pre-paid services (up to any applicable Cap), shall be non-refundable unless otherwise provided for by the Agreement.

    12. Discounts. Any discounts are subject to terms specifically listed on the Website/App.

    13. Independent Use of Data. The Provider reserves the right, as a means of further developing the Software and its algorithms, to use data acquired by means of the Software purged of personal data (i.e. facial scans and biometric data decoupled from any other personal data except internal unique ID markers of the Provider) for the purposes of software development and machine learning.

    14. Analytics Tools. The Provider may use its own or third party analytics tools to collect information concerning the User's use of the Software, including non-anonymous telemetry; such information shall at all times exclude personal data. The information collected may contain the following, without limitation: device unique identity and device identifiers and settings, carrier, operating system, localization information, date and time spent using the Software, usage metrics and statistics, feature usage, consent and advertising conversion rates, event type, purchase history and other similar information.

  4. As of the date of effect of this Agreement, the Processor is entitled, as a processor pursuant to Art. 28 GDPR, to process on behalf of the Controller personal data of natural persons - Participants designated by the Controller, or others, solely for the purposes of due and timely fulfilment of the Processor's obligations based on the Agreement. The Processor declares that it is able to adopt and shall adopt sufficient and proportionate legal, technical and organizational measures with respect to performance of this Agreement, in order for the associated personal data processing to meet the requirements of the GDPR and in order to ensure the protection of all data subjects‘ rights, especially pursuant to Articles 5, 24, 29, 32, 33 par. 2, 37, 44, 45 and 46 GDPR.

    The terms of appointment of the Provider as the User's data processor shall be as follows, whereas the term “Controller”shall designate the User and the term “Processor” shall designate the Provider for the purposes of data processing hereunder:

    1. As of the date of effect of this Agreement, the Processor is entitled, as a processor pursuant to Art. 28 GDPR, to process on behalf of the Controller personal data of natural persons - Participants designated by the Controller, or others, solely for the purposes of due and timely fulfilment of the Processor's obligations based on the Agreement. The Processor declares that it is able to adopt and shall adopt sufficient and proportionate legal, technical and organizational measures with respect to performance of this Agreement, in order for the associated personal data processing to meet the requirements of the GDPR and in order to ensure the protection of all data subjects‘ rights, especially pursuant to Articles 5, 24, 29, 32, 33 par. 2, 37, 44, 45 and 46 GDPR.

      For the avoidance of any doubt, The Controller declares that it shall implement sufficient and appropriate legal, technical and organizational measures to ensure a level of security appropriate to the risk in order for the associated personal data processing to meet the requirements of the GDPR.

    2. The Processor shall not designate another processor without a prior written or general prior written permission of the Controller. Should the Processor designate another processor with respect to certain data processing on behalf of the Controller, it is obligated to ensure, based on agreements or other legal means, to ensure that this further processor meets at least the same criteria and performs the same obligations as defined by this Agreement, especially with regard to sufficient and proportionate measures to ensure full compliance with the GDPR.

      The Processor shall specifically, by virtue of the Agreement, have the Controller's consent to appoint any operator or operators of Amazon Web Services (AWS) and/or the Google Cloud Platform as a sub-processor with respect to the storage and computational processing of Participants' personal data (corresponding privacy policies may be found at https://aws.amazon.com/privacy/ and https://policies.google.com/privacy).

      The Processor shall specifically, by virtue of the Agreement, have the Controller's consent to appoint its subcontractors tasked with technical support, software development and other activities critical to the functioning of the Software, as well as its Representatives, as sub-processors with respect to any use of Participants' personal data or other personal data processed hereunder.

    3. The Processor is obligated to render to the Controller its assistance, to a reasonable extent, in order to ensure compliance with the GDPR and related legislation; in particular, it is obligated to inform the Controller of any and all circumstances that may, to its knowledge, negatively impact the protection of processed personal data based on this Agreement (Art. 28 par. 3 letts. e), f) and h) GDPR).

    4. Should a data subject whose data is being processed by the Processor on behalf of the Controller apply any of its rights pertaining to personal data protection towards the Processor, the Processor is obligated to ensure the performance of such rights individually and on its own, if possible; should the assistance of the Controller be required, the Processor is required to inform the Controller thereof without delay.

    5. The Processor shall process personal data on behalf of the Controller only based on documented instructions of the Controller, including transfers of personal data to third countries. Absent specific instructions, the Processor may store, retain and further process any data processed on behalf of the Controller in accordance with this Agreement, for the purposes of due performance hereof and of the Processor's services.

    6. Purposes of Processing. The purposes of processing based on this Agreement are the performance of the Purpose (mainly the management of data by the Processor for the Controller, logging and facial recognition of Participants, distribution of Participants into biometrically analyzed and non-analyzed groups).

    7. Data Categories. The following personal data is subject to processing by the Processor under this Agreement:

      • standard personal data of Participants as submitted by the Controllerto the required extent, mainly, but not exclusively: title(s), name and surname, address of permanent and temporary residence, date of birth, photographs, contact data: e-mail address, phone number(s), correspondence address(es);

      • personal data of Participants of an especially sensitive nature, submitted by the Controller(special category under Art. 9 GDPR - biometric facial recognition data);

      (For the avoidance of any doubt, the category of data subjects subject to processing by the Processor hereunder are understood to be solely Participants with respect to any events organized or facilitated by the Controller, or otherwise under the Controller's reasonable control and direction.)

      • standard personal data of the Controller's Affiliates and Representatives, to the extent that such Affiliates and/or Representatives are natural persons, mainly, but not exclusively: title(s), name and surname, contact data: e-mail address, phone number(s), correspondence address(es).

    8. Legality of Processing. The Parties enter into the Agreement with the understanding that

      • standard personal data of Participants, Affiliates and/or Representatives shall be processed on part of the Controller based on the necessity to perform mutual obligationsbetween the Controller and data subjects, and/or relevantlegitimate interests of the Controller;

      • biometric data of any Participants (facial characteristics) shall be processedonly and exclusively based on each data subject's specific consent granted by means of the Software, under Art. 9 par. 2 lett. a) GDPR and the conditions detailed in the Processor's Privacy Policy, as no other compelling legal basis of processing is envisaged.

      The Controller shall ensure that withdrawal of consent by data subjects is at most as technically challenging as the granting of consent; where possible, both Controller and Processor shall offer the option to revoke consent by means of the Software.

    9. Minimization of Processing. The Parties shall at all times endeavor only to process personal data to the minimum extent absolutely necessary to the Arrangement and functioning of the Software. Anonymous (photo/biometrics-only) use of the Software by Participants will be permitted by default and may be switched off by the Controller.

    10. Duration of Processing. The Processor may initiate processing of personal data on behalf of the Controller as of the date of effect of this Agreement and may continue processing for the whole duration of the Term, unless otherwise specifically instructed by the Controller to terminate processing earlier; without prejudice to any processing of personal data preceding the date of effect of this Agreement. Upon instruction of the Controller, the Processor shall erase or hand over to the Controller any specifically designated personal data without delay, and hand over to the Controller any media containing such personal data, without respect to the Term or the term of this Agreement.

      For the avoidance of any doubt the Parties have agreed that the Processor shall under no circumstances be required or obligated to hand over or otherwise transmit raw biometric data used during facial recognition, or intermittent data created by the Processor during the process of facial recognition and building of facial scans, to the Controller; the processing of such data shall be strictly limited to internal AI algorithms and such data will be discarded and erased as soon as practicable in order to protect data subjects' privacy.

      Furthermore, the Processor shall be entitled to purge any data to be handed over or otherwise transmitted to the Controller of any specific reference to the Provider's know how and/or internal functioning of any AI algorithms, unless an official order or act of public authority compels the Provider to relinquish such data.

    11. Transfer of personal data outside the EU. Any transfers of personal data to third countries shall be subject to appropriate safeguards based on adequacy decisions of the European Commission, or standard contractual data protection clauses issued by the European Commission.

      The Controller undertakes, at all times and with respect to personal data protected under the GDPR and/or any other legislation applicable in the Slovak Republic, to comply with the GDPR and/or any other personal data protection legislation applicable to such data, regardless of the country or territory of actual processing. Furthermore, the Controller as the data importer undertakes to abide by the appropriate safeguards for cross-border transfers defined in Annex 1 hereto - Data Transfer Agreement.

    12. Confidentiality and Security. The Processor is obligated to ensure that any persons that access or may access systems or lists of personal data processed under this Agreement are subject to a duty of confidentiality, and to reasonably inform such persons about their rights, duties and liability, mainly, but not exclusively pertaining to personal data protection and confidentiality.

      Furthermore, the Processor shall be obligated to ensure that industry-standard security practices and protocols are in place during any and all processing on its part, including appropriate encryption, pseudonymization, anonymization and deletion of sensitive data where applicable and reasonable.

    13. Privacy Policies. Both Parties shall be required to adapt their privacy policies in accordance with the Processor's Privacy Policy, as published on the Website/App, at least to the extent of mutual cooperation under the Arrangement. The Controller shall specifically be required to inform any data subjects of the nature and conditions of data processing hereunder with regard to their personal data, at least to the extent of the Processor's Privacy Policy, unless the Software specifically includes the Processor's Privacy Policy.

    14. Prohibition of Disclosure. The conditions of Article II hereof concerning non-disclosure and secrecy shall apply mutatis mutandis to personal data processed under this Agreement.

    15. Compensation of Expenses. The Processor's cooperation with the Controller hereunder, if not specifically envisaged by the Agreement, shall be provided for a fair compensation of any expenses incurred on part of the Processor. For avoidance of doubt, the Parties understand and represent that specific instructions to use, modify, correct, erase, transmit or otherwise manipulate personal data, issued by the Controller beyond automated use of the Software under par. 3.3, specific requests by the Controller to respond to data subjects' inquiries or claims, and/or any analysis or research concerning personal data and compliance initiated by the Controller, shall constitute activities not envisaged hereunder and subject to fair compensation, paid in advance or in arrears as per the Processor's request.

    16. Specific Liability. In case any claim for damages or other claim is raised by a data subject against any of the Parties, as well as in case of any proceedings or inquiry initiated by a supervisory authority as per the GDPR or another public authority, the Parties are obligated to render each other any and all assistance to the maximum reasonable extent, in order to ensure due and timely defense against any claims or administrative penalties, and to ensure compliance with any supervisory powers of relevant authorities.

      In case a violation of this Agreement and/or applicable data protection laws by the Controller results in a final and binding decision as against the Processor, requiring the Processor to comply with a claim by a data subject, administrative measures imposed by a public authority or to pay an administrative fine, the Controller shall be obligated to compensate the Processor in full for any damage, expenses including legal fees, or paid claims based on such a decision and corresponding obligations of the Processor based on applicable law. The Processor's liability towards the Controller in case of any decision as against the Controller, requiring the Controller to comply with a claim by a data subject, administrative measures imposed by a public authority or to pay an administrative fine under the GDPR, shall be specifically limited to the sum of the Processor's (Provider's) fee for one year's use of the Software based on the most expensive standard package offered by the Provider, as applicable at the time when any relevant breach of applicable law occurred.

      The Processor's liability towards the Controller in case of any decision as against the Controller, requiring the Controller to comply with a claim by a data subject, administrative measures imposed by a public authority under any legislation other than the GDPR, shall be specifically excluded due to the fact that the Controller shall be solely responsible for compliance with any local legislation.

MISCELLANEOUS AND CLOSING PROVISIONS

  1. Dispute Resolution. This Agreement shall be governed and construed under the legislation of the Slovak Republic. Any dispute, controversy or claim which may arise out of or in connection with the present Agreement, or the execution, breach, termination or invalidity thereof, shall be settled primarily by means of mutual negotiation of the Parties, and failing to achieve a resolution by means of negotiation, by the competent courts of the Slovak Republic.

  2. Assignment. This Agreement shall inure to the benefit of the Parties and their respective successors. Neither Party shall be entitled to assign its rights and obligations hereunder to any third parties without the prior written consent of the other Party.

  3. Indemnity. The User agrees to indemnify, defend and hold the Provider and its Representatives, employees, agents, officers, and directors harmless against any and all claims, costs, suits, and damages, including legal fees arising out of the performance of this Agreement or in connection with the use of the Software and any services provided by the Provider, its Affiliates and/or its employees, agents, officers, and directors under the Arrangement, including claims, damages, and liabilities for injuries suffered, or occurrences of death or property damage, however excluding any claims or liabilities arising out of willful misconduct of the Provider and/or its Affiliates that may arise in connection with the Arrangement.

  4. Limitation of Liability. Except as otherwise expressly set forth in this Agreement, the Provider makes no representations and extends no warranties of any kind, either express or implied, including, but not limited to, warranty of merchantability, fitness for a particular purpose, and validity of the services and resulting deliverables rendered under the Arrangement. Except as otherwise expressly set forth in this Agreement, neither Party shall be liable to the other for monetary damages for any losses, claims, damages, or liabilities arising from any act or omission taken or omitted hereunder to the extent such act or omission was taken in good faith and was not attributable to such Party's material breach of this Agreement, and/or did not constitute fraud, willful misconduct, or recklessness.

    Notwithstanding any other provision herein, in no event shall the Provider have any liability for any lost profits or consequential, punitive, special or indirect damages in connection with the performance or nonperformance of this Agreement and/or provision of services under the Arrangement (whether resulting from negligence or otherwise).

    Notwithstanding any other provision herein, any and all actual liability of the Provider towards the User that is not excluded shall be specifically limited to the sum of the Provider's fee for one year's use of the Software based on the most expensive standard package offered by the Provider, as applicable at the time when any relevant breach of applicable law or of this Agreement occurred.

  5. Language. The present Agreement is executed in the English language.

  6. Headings. The headings of the sections contained in this Agreement are for convenience only and shall not affect the meaning or interpretation of this Agreement.

  7. Notices. All notices, requests, demands, claims and other communications between the Parties under this Agreement shall be in writing. Any notices, requests, demands, claims and other correspondence between the Parties under this Agreement shall be delivered by pre-paid registered mail (with return receipt requested), courier service or personally (against receipt) to authorized addressees.

    Either Party may send a notice, request, demand, claim or any other document under this Agreement to a relevant addressee by facsimile or electronic mail and the said correspondence shall be deemed to have been given and received when confirmed or replied to by the designated addressee. Neither Party shall refuse delivery of any notice hereunder or acknowledgement of receipt.

    Without prejudice to other arrangements, the Provider's following e-mail address shall be considered valid for the purposes of delivery under the Agreement: info@prosent.io without prejudice to other arrangements, the User's e-mail address entered for registration purposes on the Website/App shall be considered valid for the purposes of delivery under the Agreement.

  8. Representations and Warranties. Each Party represents and warrants that (i) it has the right and authority to enter into this Agreement; (ii) it has obtained and shall maintain all authorizations, consents, approvals and licenses as necessary to enter into and perform its obligations hereunder; and (iii) this Agreement is made and shall be performed in full compliance with all contractual commitments and applicable laws. No delay or failure, intended or incidental, by either Party in exercising any right herein and no partial exercise thereof resulting from the other Party's violation of its obligations, warranties and/or representations hereunder shall operate or be construed as a waiver thereof and shall not preclude or impair further exercise of such right or remedy or other rights that such Party may or could have due to the above-said or any other violation of this Agreement by the other Party. All rights and remedies of the Parties under this Agreement may be exercised from time to time and as often as may be deemed expedient.

  9. Amendments. Any amendments, supplements or addenda to this Agreement shall be of equal effect and shall not constitute an integral part hereof unless made in writing and duly executed by each Party through their respective Representatives.

  10. Versions. The Provider reserves the right to modify or amend this Agreement unilaterally, whereas the last and latest version accepted by the User shall be considered binding by and between the Parties; the provider reserves the right not to extend the User's subscription (the Term) and/or discontinue its services in case of refusal on part of the User to accept an updated version hereof, especially where the security of data, privacy and/or compliance with applicable law is concerned.

  11. Entire Agreement. This Agreement constitutes the entire agreement of the Parties with respect to the subject matter hereof and supersedes all prior agreements, representations and understandings of the Parties with respect hereto.

  12. Severability. If any provision of this Agreement is found by a court of competent jurisdiction to be invalid or unenforceable, the validity and enforceability of the remaining provisions of this Agreement shall not be affected or impaired thereby.

  13. Execution. The User represents that it has familiarized itself with the entire contents of this Agreement and agrees to be bound by its terms in its entirety, by appropriate and unequivocal means on the Provider's Website/App.

ANNEX 1 - Data Transfer Agreement

Definitions

For the purposes of the standard contractual clauses comprising this agreement:

(a) “personal data”, “special categories of data/sensitive data”, “process/processing”, “controller”, “processor”, “data subject” and “supervisory authority/authority” shall have the same meaning as in Directive 95/46/EC of 24 October 1995 (whereby “the authority” shall mean the competent data protection authority in the territory in which the data exporter is established);

(b) “data exporter” shall mean the Provider designated in the Agreement;

(c) “data importer” shall mean the User designated in the Agreement;

(d) “Agreement” shall mean the principal agreement between the data exporter and data importer, titled “END-USER AGREEMENT and CONFIDENTIALITY AGREEMENT”, to which these clauses are annexed;

(e) “clauses” shall mean these contractual clauses, which are a free-standing document that does not incorporate commercial business terms established by the parties under separate commercial arrangements.

The details of the transfer (as well as the personal data covered) are specified in the Agreement.

  1. Obligations of the data exporter

    The data exporter warrants and undertakes that:

    (a) The personal data have been collected, processed and transferred in accordance with the laws applicable to the data exporter.

    (b) It has used reasonable efforts to determine that the data importer is able to satisfy its legal obligations under these clauses.

    (c) It will provide the data importer, when so requested, with copies of relevant data protection laws or references to them (where relevant, and not including legal advice) of the country in which the data exporter is established.

    (d) It will respond to enquiries from data subjects and the authority concerning processing of the personal data by the data importer, unless the parties have agreed that the data importer will so respond, in which case the data exporter will still respond to the extent reasonably possible and with the information reasonably available to it if the data importer is unwilling or unable to respond. Responses will be made within a reasonable time.

    (e) It will make available, upon request, a copy of the clauses to data subjects who are third party beneficiaries under clause III, unless the clauses contain confidential information, in which case it may remove such information. Where information is removed, the data exporter shall inform data subjects in writing of the reason for removal and of their right to draw the removal to the attention of the authority. However, the data exporter shall abide by a decision of the authority regarding access to the full text of the clauses by data subjects, as long as data subjects have agreed to respect the confidentiality of the confidential information removed. The data exporter shall also provide a copy of the clauses to the authority where required.

  2. Obligations of the data importer

    The data importer warrants and undertakes that:

    (a) It will have in place appropriate technical and organizational measures to protect the personal data against accidental or unlawful destruction or accidental loss, alteration, unauthorized disclosure or access, and which provide a level of security appropriate to the risk represented by the processing and the nature of the data to be protected.

    (b) It will have in place procedures so that any third party it authorizes to have access to the personal data, including processors, will respect and maintain the confidentiality and security of the personal data. Any person acting under the authority of the data importer, including a data processor, shall be obligated to process the personal data only on instructions from the data importer. This provision does not apply to persons authorized or required by law or regulation to have access to the personal data.

    (c) It has no reason to believe, at the time of entering into these clauses, in the existence of any local laws that would have a substantial adverse effect on the guarantees provided for under these clauses, and it will inform the data exporter (which will pass such notification on to the authority where required) if it becomes aware of any such laws.

    (d) It will process the personal data for purposes described in the Agreement and has the legal authority to give the warranties and fulfil the undertakings set out in these clauses.

    (e) It will identify to the data exporter a contact point within its organization authorized to respond to enquiries concerning processing of the personal data, and will cooperate in good faith with the data exporter, the data subject and the authority concerning all such enquiries within a reasonable time. In case of legal dissolution of the data exporter, or if the parties have so agreed, the data importer will assume responsibility for compliance with the provisions of clause I(e).

    (f) At the request of the data exporter, it will provide the data exporter with evidence of financial resources sufficient to fulfil its responsibilities under clause III (which may include insurance coverage).

    (g) Upon reasonable request of the data exporter, it will submit its data processing facilities, data files and documentation needed for processing to reviewing, auditing and/or certifying by the data exporter (or any independent or impartial inspection agents or auditors, selected by the data exporter and not reasonably objected to by the data importer) to ascertain compliance with the warranties and undertakings in these clauses, with reasonable notice and during regular business hours. The request will be subject to any necessary consent or approval from a regulatory or supervisory authority within the country of the data importer, which consent or approval the data importer will attempt to obtain in a timely fashion.

    (h) It will process the personal data, at its option, in accordance with the data processing principles set forth in clause IX.

    (h) It will not disclose or transfer the personal data to a third party data controller located outside the European Economic Area (EEA) unless it notifies the data exporter about the transfer and

    • i. the third party data controller processes the personal data in accordance with a Commission decision finding that a third country provides adequate protection, or

    • ii. the third party data controller becomes a signatory to these clauses or another data transfer agreement approved by a competent authority in the EU, or

    • iii. data subjects have been given the opportunity to object, after having been informed of the purposes of the transfer, the categories of recipients and the fact that the countries to which data is exported may have different data protection standards, or

    • iv. with regard to onward transfers of sensitive data, data subjects have given their unambiguous consent to the onward transfer.

  3. Liability and third party rights

    (a) Each party shall be liable to the other parties for damages it causes by any breach of these clauses. Liability as between the parties is limited to actual damage suffered. Punitive damages (i.e. damages intended to punish a party for its outrageous conduct) are specifically excluded. Each party shall be liable to data subjects for damages it causes by any breach of third party rights under these clauses. This does not affect the liability of the data exporter under its data protection law or any specific exclusions of liability set forth in the Agreement.

    (b) The parties agree that a data subject shall have the right to enforce as a third party beneficiary this clause and clauses I(b), I(d), I(e), II(a), II(c), II(d), II(e), II(h), II(i), III(a), V, VI(d) and VII against the data importer or the data exporter, for their respective breach of their contractual obligations, with regard to his personal data, and accept jurisdiction for this purpose in the data exporter's country of establishment. In cases involving allegations of breach by the data importer, the data subject must first request the data exporter to take appropriate action to enforce his rights against the data importer; if the data exporter does not take such action within a reasonable period (which under normal circumstances would be one month), the data subject may then enforce his rights against the data importer directly. A data subject is entitled to proceed directly against a data exporter that has failed to use reasonable efforts to determine that the data importer is able to satisfy its legal obligations under these clauses (the data exporter shall have the burden to prove that it took reasonable efforts).

  4. Law applicable to the clauses

    These clauses shall be governed by the law of the country in which the data exporter is established, with the exception of the laws and regulations relating to processing of the personal data by the data importer under clause II(h), which shall apply only if so selected by the data importer under that clause.

  5. Resolution of disputes with data subjects or the authority

    (a) In the event of a dispute or claim brought by a data subject or the authority concerning the processing of the personal data against either or both of the parties, the parties will inform each other about any such disputes or claims, and will cooperate with a view to settling them amicably in a timely fashion.

    (b) The parties agree to respond to any generally available non-binding mediation procedure initiated by a data subject or by the authority. If they do participate in the proceedings, the parties may elect to do so remotely (such as by telephone or other electronic means). The parties also agree to consider participating in any other arbitration, mediation or other dispute resolution proceedings developed for data protection disputes.

    (c) Each party shall abide by a decision of a competent court of the data exporter's country of establishment or of the authority which is final and against which no further appeal is possible.

  6. Termination

    (a) In the event that the data importer is in breach of its obligations under these clauses, then the data exporter may temporarily suspend the transfer of personal data to the data importer until the breach is repaired or the contract is terminated.

    (b) In the event that:

    • the transfer of personal data to the data importer has been temporarily suspended by the data exporter for longer than one month pursuant to paragraph (a);

    • compliance by the data importer with these clauses would put it in breach of its legal or regulatory obligations in the country of import;

    • the data importer is in substantial or persistent breach of any warranties or undertakings given by it under these clauses;

    • a final decision against which no further appeal is possible of a competent court of the data exporter's country of establishment or of the authority rules that there has been a breach of the clauses by the data importer or the data exporter; or

    • a petition is presented for the administration or winding up of the data importer, whether in its personal or business capacity, which petition is not dismissed within the applicable period for such dismissal under applicable law; a winding up order is made; a receiver is appointed over any of its assets; a trustee in bankruptcy is appointed, if the data importer is an individual; a company voluntary arrangement is commenced by it; or any equivalent event in any jurisdiction occurs

    then the data exporter, without prejudice to any other rights which it may have against the data importer, shall be entitled to terminate these clauses, in which case the authority shall be informed where required. In cases covered by (i), (ii), or (iv) above the data importer may also terminate these clauses.

    (c) Either party may terminate these clauses if (i) any Commission positive adequacy decision under Article 25(6) of Directive 95/46/EC (or any superseding text) is issued in relation to the country (or a sector thereof) to which the data is transferred and processed by the data importer, or (ii) Directive 95/46/EC (or any superseding text) becomes directly applicable in such country.

    (d) The parties agree that the termination of these clauses at any time, in any circumstances and for whatever reason (except for termination under clause VI(c)) does not exempt them from the obligations and/or conditions under the clauses as regards the processing of the personal data transferred.

  7. Variation of these clauses

    The parties may not modify these clauses except to update any information pertaining to the transfer as set out in the Agreement, in which case they will inform the authority where required. This does not preclude the parties from adding additional commercial clauses where required.

  8. Description of the Transfer

    The details of the transfer and of the personal data are specified in the Agreement, as well as any supplementary communication and written instruments pertaining to the Agreement.

  9. DATA PROCESSING PRINCIPLES

    1. Purpose limitation: Personal data may be processed and subsequently used or further communicated only for purposes described in the Agreement or subsequently authorized by the data subject.

    2. Data quality and proportionality: Personal data must be accurate and, where necessary, kept up to date. The personal data must be adequate, relevant and not excessive in relation to the purposes for which they are transferred and further processed.

    3. Transparency: Data subjects must be provided with information necessary to ensure fair processing (such as information about the purposes of processing and about the transfer), unless such information has already been given by the data exporter.

    4. Security and confidentiality: Technical and organizational security measures must be taken by the data controller that are appropriate to the risks, such as against accidental or unlawful destruction or accidental loss, alteration, unauthorized disclosure or access, presented by the processing. Any person acting under the authority of the data controller, including a processor, must not process the data except on instructions from the data controller.

    5. Rights of access, rectification, deletion and objection: As provided in Article 12 of Directive 95/46/EC, data subjects must, whether directly or via a third party, be provided with the personal information about them that an organization holds, except for requests which are manifestly abusive, based on unreasonable intervals or their number or repetitive or systematic nature, or for which access need not be granted under the law of the country of the data exporter. Provided that the authority has given its prior approval, access need also not be granted when doing so would be likely to seriously harm the interests of the data importer or other organizations dealing with the data importer and such interests are not overridden by the interests for fundamental rights and freedoms of the data subject. The sources of the personal data need not be identified when this is not possible by reasonable efforts, or where the rights of persons other than the individual would be violated. Data subjects must be able to have the personal information about them rectified, amended, or deleted where it is inaccurate or processed against these principles. If there are compelling grounds to doubt the legitimacy of the request, the organization may require further justifications before proceeding to rectification, amendment or deletion. Notification of any rectification, amendment or deletion to third parties to whom the data have been disclosed need not be made when this involves a disproportionate effort. A data subject must also be able to object to the processing of the personal data relating to him if there are compelling legitimate grounds relating to his particular situation. The burden of proof for any refusal rests on the data importer, and the data subject may always challenge a refusal before the authority.

    6. Sensitive data: The data importer shall take such additional measures (e.g. relating to security) as are necessary to protect such sensitive data in accordance with its obligations under clause II.

    7. Data used for marketing purposes: Where data are processed for the purposes of direct marketing, effective procedures should exist allowing the data subject at any time to “opt-out” from having his data used for such purposes.

    8. Automated decisions: For purposes hereof “automated decision” shall mean a decision by the data exporter or the data importer which produces legal effects concerning a data subject or significantly affects a data subject and which is based solely on automated processing of personal data intended to evaluate certain personal aspects relating to him, such as his performance at work, creditworthiness, reliability, conduct, etc. The data importer shall not make any automated decisions concerning data subjects, except when:

      • such decisions are made by the data importer in entering into or performing a contract with the data subject, and

      • the data subject is given an opportunity to discuss the results of a relevant automated decision with a representative of the parties making such decision or otherwise to make representations to that parties.

        • or

      • where otherwise provided by the law of the data exporter.

Home
AboutContact
Documentation
Getting StartedGlossary
Language
EnglishSlovensky
Privacy policy

© Prosent s.r.o.