Terms Of Use
Elastic
THESE TERMS OF USE
("TERMS") ARE A BINDING CONTRACT BETWEEN YOU AND ELASTIC
("WE", "US"), A CHATBOT PLATFORM (HENCEFORTH REFERRED TO AS
THE "Platform") BUILT BY ELASTIC TECHNOLOGIES INC, A COMPANY
REGISTERED IN THE STATE OF DELAWARE, USA. BY SUBSCRIBING AND ACCESSING THE
BELOW TERMS, YOU AGREE TO THESE TERMS ON BEHALF OF YOURSELF AS AN INDIVIDUAL
USER, OR ON BEHALF OF THE ORGANIZATION YOU REPRESENT ("CUSTOMER",
"YOU"). IN CASE YOU DO NOT AGREE TO ANY OF THE TERMS LISTED BELOW,
YOU MAY REFRAIN FROM USING (OR ACCESSING) THE PLATFORM AND RELATED SERVICES.
1. Introduction
Welcome to Elastic, an easy-to-use,
multi-messaging customer experience platform ("platform") that allows
non-developers, companies, individuals, and agencies to easily build, train,
manage and analyse their chatbots. Please read on to learn the terms that govern
your use of Elastic website(s), services and platform. If you have any
questions, comments, or concerns regarding these terms or the Services, please
feel free to [email protected]
2. Platform Access
2.1 Eligibility
2.1.1. The Children’s Online Privacy
Protection Act ("COPPA") requires that online service providers
obtain parental consent before they knowingly collect personally identifiable
information online from children who are under 13
2.1.2. We do not knowingly collect or solicit personally identifiable
information from children under 13. If you are a child under 13, please do not
attempt to register for the Services or send any personal information about
yourself to us.
2.1.3. If we learn we have collected personal information from a child under
13, we will delete that information as quickly as possible.
2.1.4. If you believe that a child under 13 may have provided us personal
information, please contact us at [email protected]
2.2 Registration and Account
integrity
2.2.1. As part of the registration
process you will need to sign up and create an account, including a username
& password, on the platform (app.elastic.ae).
2.2.2. Your registration on the platform provides you access to a number of
features and services which are permissible to be accessed only by you. This
registered account and its credentials is not to be shared between users. A
breach of this clause will result in termination of the abused accounts and/or
all accounts provided to you.
2.2.3. If, for any reason, you suspect that your username & password has
been disclosed to, or obtained, by another party you should contact us
immediately. Please note that we never contact users requesting them to confirm
their username & password or other details.
3. Usage of Platform
3.1 Services
3.1.1. We provide you with a platform
interface and a related set of services (“Services”) which can enable you to
subscribe and use the same for creation, modification and maintenance of
chatbot programs that may help you improve your business process(es) in an
as-is condition.
3.1.2. On registration, and subject to Section 5 (when applicable), we will
grant to you the right to access and use the Platform, and any related
functionality, in accordance with the Terms mentioned in this document
3.1.3. Your use of the Services is also governed by (and subject to) different
platform policies that Elastic can be integrated with and which are hereby
incorporated by reference and are a part of these Terms.
Facebook:- https://developers.facebook.com/policy
Telegram:- https://core.telegram.org/
Kik:- https://www.kik.com/developers/
Viber:- https://www.viber.com/terms/viber-developer-distribution-agreement/
Line:- https://developers.line.me/
Skype:-https://www.botframework.com/Content/Developer-Code-of-Conduct-for-Microsoft-Bot-Framework.htm
Slack:- https://api.slack.com/developer-policy
3.1.4. You are solely responsible and liable for complying with the Platform
Policies that you opt for building your chatbot and Elastic bears no commercial
or any other liability or responsibility for the users that access the bot and
the data that gets created. By using the platform you implicitly agree to and
accept all of the Terms and Conditions, or you will lose the right to use the
right to use the platform and services. Your using the Services in any way
means that you agree to some and not all of these Terms, and these Terms will
remain in effect while you use the Services. These Terms include the provisions
in this document, as well as those in the Privacy Policy and Data Processing
Agreement (addendum).
3.2 Limitations of Service
3.2.1.It is acknowledged and agreed
upon that you are completely responsible for evaluating the integrity, quality,
accuracy or reliability of any data provided to us before making/ implementing
any decisions based on this information and any consequences that arise out of
this.
3.2.2. You acknowledge that we do not assume any liability for any data
handled/generated by you on the platform
3.2.3. The licenses granted herein are only for the purpose of allowing you to
connect to and use the Services for your personal or internal business use. You
will not use the services to perform natural language processing for any third
parties.
3.4 Temporary Suspension of Services
3.4.1. We may temporarily limit or
suspend the Services from time to time at its discretion including to perform
upgrades to, and maintenance of, the platform.
3.4.2. We also hold the rights to terminate access to the platform based on any
missed payments as per contractual agreements forwarded to you. Your access to
the platform and/or subscription or other payments for use of Elastic
represents an agreement to abide by the commercial terms and conditions of the
contract forwarded to you, the usage Terms and Conditions listed in this
document as well as the Privacy Policy and Data Processing Agreement that
accompany and are available on www.elastic.ae.
3.5 Unacceptable Use of Services and
User Conduct
3.5.1. You represent, warrant, and
agree that you will not create and / or contribute any Content or User
Submission (each of those terms is defined below) or otherwise create any
chatbots or use the Services in a manner that:
(a) Infringes or violates the intellectual property rights or any other rights
of anyone else (including Elastic);
(b) Violates any law or regulation, including any applicable export control
laws;
(c) Is harmful, fraudulent, deceptive, threatening, harassing, defamatory,
obscene, or otherwise objectionable;
(d) Jeopardizes the security of your Elastic account or anyone else’s (such as
allowing someone else to log in to the Services as you);
(e) Attempts, in any manner, to obtain the password, account, or other security
information from any other user;
(f) Violates the security of any computer network, or cracks any passwords or
security encryption codes;
(g) Runs Maillist, Listserv, any form of auto-responder or “spam” on the
Services, or any processes that run or are activated while you are not logged
into the Services, or that otherwise interfere with the proper working of the
Services (including by placing an unreasonable load on the Services’
infrastructure);
(h) “Crawls,” “scrapes,” or “spiders” any page, data, or portion of or relating
to the Services or Content (through use of manual or automated means);
(i) Copies or stores any significant portion of the Content;
(j) Decompiles, reverse engineers, or otherwise attempts to obtain the source
code or underlying ideas or information of or relating to the Services.
(k) Is non compliant with any international agreements on Global Data Privacy
Regulations (GDPR) and The Children’s Online Privacy Protection Act (“COPPA”)
and any of its revisions, changes or impacts that are listed and will be
communicated to you in case of any changes from the current regulation
3.5.2. A violation of any of the
foregoing is grounds for termination of your right to use or access the
Services, with or without notice and surrender of your contact information,
data and intelligence that you have built on the platform, subject to legal
notices received by a regulatory body received in such a situation.
3.5.3 We understand the need of requiring documented evidence for stress test
or security tests (VAPT). If such a need arises, please contact us at [email protected] to request for the same. Running the stress test or
any form of security tests on the platform without prior approval from Elastic
will cause the bot and/or the account to be deactivated. Elastic does not carry
any liability for the loss caused due to the deactivation of the bot or the
account.
3.6 Account Access
3.6.1. As discussed in Section 2.2,
you are solely responsible for the credentials to your account and for any
activity that happens in the account, intentionally or unintentionally.
3.6.2. In case any unwarranted activity is noticed, you should notify us
immediately by sending an email to [email protected].
3.7 System Maintenance
3.7.1. You are responsible to maintain
and upgrade any OS or systems that are used to access the platform. Any problem
caused in the use of the platform because of older/legacy/unsupported systems
is solely your responsibility.
3.8 Compliance with Laws
3.8.1. You shall comply with all applicable
laws including the ones around protection of personal information and data
privacy.
3.8.2. You are responsible for obtaining any consent required by law from your
users to allow the use of their personal information (if required) for use the
our services, in accordance with the general terms, privacy policy and Data
Processing Agreement.
3.9 Compliance by Users
3.9.1. You will need to ensure that
your Users are informed that they are governed by, and hence comply with, all
applicable laws, including laws governing the protection of personal
information.
4. Data & Privacy Policy
4.1 Data Ownership
4.1.1. As defined in the Data
Processing Agreement, all information shared with us is owned by you. We are
not responsible for evaluating its integrity, quality, accuracy or reliability.
4.1.2. You acknowledge that the responsibility of any data provided/used on the
platform is your responsibility. Any loss of data caused by the downgrading and
removal of any service within the account connected to the downgrade, is also
your responsibility.
4.2 Copyrighted Material
4.2.1. Digital Millennium Copyright
Act (the “DMCA”) relates to online service providers, like us, who are
responsible to remove any material that allegedly violates someone’s copyright.
4.2.2. We respect others’ intellectual property rights, and we reserve the
right to delete or disable any such content, and to terminate the any
account(s) that is/are alleged repeat-infringers.
4.3 Content Monitoring
4.3.1. Any information or content
publicly posted or privately transmitted through the Services, and any chatbots
created using the platform, are the sole responsibility of the person from whom
such content is originated. You should access all such information and content
at your own risk, and we aren’t liable for any errors or omissions in that
information or content or for any damages or loss you might suffer in
connection with it.
4.3.2. We cannot control and have no duty to take any action regarding how you
may interpret and use the Content or what actions you may take as a result of
having been exposed to the Content. You hereby release us from all liability
for you having acquired or not acquired Content through the Services. We can’t
guarantee the identity of any users with whom you interact in using the
Services and are not responsible for which users gain access to the platform.
4.3.3. You are responsible for all Content you contribute, in any manner, to
the Services, and you represent and warrant you have all rights necessary to do
so, in the manner in which you contribute it. You will keep all your
registration information accurate and current. You are responsible for all your
activity in connection with the Services.
4.3.4.The Services may contain links or connections to third party websites or
services that are not owned or controlled by us. When you access third party
websites or use third party services, you accept that there are risks in doing
so, and that we are not responsible for such risks. We encourage you to be
aware of this and to read the terms and conditions and privacy policy of each
third party website or service that you visit or utilize. You are solely
responsible for complying with the terms and conditions, any liability or
commercial conditions set forth and arising from any third party provider
access that you connect to via the Platform
4.3.5. We have no control over, and assume no responsibility for, the content,
accuracy, privacy policies, or practices of or opinions expressed in any third
party websites or by any third party that you interact with through the
Services. In addition, we will not and cannot monitor, verify, censor or edit
the content of any third party site or service. By using the Services, you
release and hold us harmless from any and all liability arising from your use
of any third party website or service.
4.3.6. Your interactions with organizations and/or individuals found on or
through the Services, including payment and delivery of goods or services, and
any other terms, conditions, warranties or representations associated with such
dealings, are solely between you and such organizations and/or individuals. You
should make whatever investigation you feel necessary or appropriate before
proceeding with any online or offline transaction with any of these third
parties. You agree that we shall not be responsible or liable for any loss or
damage of any sort incurred as the result of any such dealings.
4.3.7. If there is a dispute between participants on this site, or between
users and any third party, or a dispute arising out of violation of terms and
conditions set forth here for the use of the Platform, you agree that we are
under no obligation to become involved. In the event that you have a dispute
with one or more other users, you release us, our officers, employees, agents,
and successors from claims, demands, and damages of every kind or nature, known
or unknown, suspected or unsuspected, disclosed or undisclosed, arising out of
or in any way related to such disputes and/or our Services.
4.4 Data Processing, Access and
Backups
4.4.1.We may utilize the services of
multiple sub processors for the purpose of providing the services.
4.4.2. Any data collected by us through our services shall be as defined by us
in the Data Processing Agreement
4.4.3. It is advisable that you take all required backups of your data prior to
requesting a downgrade (or termination) in service
4.5 Privacy Policy
4.5.1.We do not explicitly collect
any personal information such as age, gender, address etc. unless shared
5. Subscriptions, Payments and
Billing
5.1 Free Trial
5.1.1. We offer some basic
functionalities of our Services under a Free Trial. In case you register for
this service, we will make it available to you free of charge, for a trial
basis, until the earlier of (a) the end of the free trial applicable to you;
(b) the start date of any subscription purchased by you; or (c) termination of
the trial by us at our sole discretion.
5.2 Subscription Plans & Fees
5.2.1. In order to avail access to
different features/services from the platform, you may be required to choose
(and pay for) specific subscription plans, as designed and defined by us. The
plans and pricing are subject to change subject to term and commercial
agreement for any subscription plans signed by us with you which will uphold
over any pricing changes.
5.2.2. We have a pre-set, tier based, subscription plans which have been
structured based on many factors like number of bots, interactions, licenses
required, monthly active users (MAU) and many other module based dependencies.
5.2.3. You may choose a relevant subscription plan of your choice (or that is
prescribed by us), by making an upfront payment of the prescribed fees. We have
flexible billing plans, should you wish to term based payments. For subscription
modifications refer section 5.3.
5.2.4. For usage beyond your plan limit, an overage charge as per the base plan
is charged on a monthly basis. Non-payment of the overage charge will lead to
discontinuation of the service.
5.2.5. We reserve the right to change all/any of the subscription plan tiers,
its pricing and the features offered at any time and without prior notice.
5.2.6. For partners and customers registered under Elastic, if payments are
managed by the payment gateway and if card details are available, they will be
automatically invoiced in the designated frequency.
5.3 Subscription Changes
(Upgrade/Downgrade)
5.3.5. Elastic provides easy
upgrade/downgrade options from your chosen subscription.
5.3.6 Plan Upgrade
Whenever you would want to upgrade
your subscription plan, you can do so from the platform. On upgrade, a pro-rata
bill (for the upgraded plan) will be generated based on number of remaining
days in the existing billing cycle. All subsequent bills will be generated
based on the upgraded plan amount.
5.3.7 Plan Downgrade
If you ever wish to downgrade your
existing subscription plan, you may choose to do so from the platform.
Downgrades will be applied only at the end of current billing term. All
subsequent bills will be generated based on the downgraded plan amount.
5.3.8. For immediate downgrades, you may reach out to us at [email protected]
5.4 Subscription Cancellation
5.4.1. All subscription cancellations
will be done manually.
5.4.2 You may cancel your account(s) at any point of time. If you wish so,
please reach out to us at [email protected] for processing cancellations.
5.4.3 No refunds will be processed for subscription cancellations (as described
in 5.5)
5.5 Refund Policy
5.5.1. NO REFUNDS will be offered for
remaining unused days, on cancellation from an existing Subscription Plan
5.5.2 NO REFUNDS will be offered if a downgrade is requested before the end of
current billing term.
5.5.3 In case of any queries, you can write to us at [email protected].
5.6 Processing of Payments and
Billing
5.6.1. We reserve the right to use a
third party payment processor, which is PCI-DSS complaint, for all billing and
payment receipts.
5.6.2 The credit card information provided to us shall be automatically charged
for any modification to existing services, or upon renewal.
5.6.3 In the event where you do not wish to process your payment via credit
card, you can do so through bank/wire transfer/cheque. This would be done only
on your explicit request by writing to us at [email protected].
5.6.4 In the event that we are unable to bill the credit card on file or you
request us (in writing over email) to not bill the credit card, you shall be
solely responsible for completing the expected payment by whatever means. In
the event that payment is not made, the services may become unavailable to you
and we may terminate this Agreement without notice.
5.7 Revision of Fees
5.7.1. We reserve the right to revise
the service fees applicable for a paid plan or functionality at its sole
discretion.
5.7.2 The revised fees will only take effect from the next renewal date of your
existing subscription plan
5.7.3 You would be notified over email in case of such revision of fees.
6 Disclaimer of Warranty
6.1 Risk
6.1.1. Neither Elastic, nor its
licensors or suppliers, make any representations or warranties regarding
suggestions or recommendations of services or products offered or purchased
through the Services. We are not responsible for any links to third party
websites from the Service and the inclusion of any link does not imply an
endorsement of a third party website or service by us
6.1.2 THE SERVICES AND CONTENT ARE PROVIDED BY ELASTIC (AND ITS LICENSORS AND
SUPPLIERS) ON AN “AS-IS” BASIS, WITHOUT WARRANTIES OF ANY KIND, EITHER EXPRESS
OR IMPLIED, INCLUDING, WITHOUT LIMITATION, IMPLIED WARRANTIES OF
MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, NON-INFRINGEMENT, OR THAT
USE OF THE SERVICES WILL BE UNINTERRUPTED OR ERROR-FREE.
6.1.3 ANY USE OF THE SERVICES IS AT YOUR OWN RISK. THE SOFTWARE MAY CONTAIN
BUGS, ERRORS. WE DO NOT WARRANT THE PERFORMANCE OF THE SERVICES, THAT THE
SERVICES WILL OPERATE UNINTERRUPTED OR ERROR-FREE, OR THAT THE SERVICES WILL
OPERATE IN ACCORDANCE WITH ANY ACCOMPANYING DOCUMENTATION
6.2 Use of Internet
6.2.1. Our Services are provided over
the Internet. As such, the Services are subject to the operation of the
Internet and telecommunications infrastructures as well as the operation of
your Internet connection services, all of which are beyond our control.
6.2.2 We do not warrant that the services will be uninterrupted or that you
will be able to access or use the Services at the location and times of your
choosing.
6.3 Technical Support
6.3.1. We provide all kinds of
technical support for any issues/roadblocks to the usage of the available
services, based on our Support Policy.
6.3.2 The support would be provided over email. All communications regarding
the same are expected to be directed to [email protected].
6.3.3. We reserve the right not to provide a full technical support service to
free or trial account users
6.3.4 You are solely responsible for the procurement of any hardware or
services required to use the Services, including any computers, servers, or
Internet access.
7 Liability Limits
7.1. TO THE FULLEST EXTENT ALLOWED BY
APPLICABLE LAW, UNDER NO CIRCUMSTANCES AND UNDER NO LEGAL THEORY (INCLUDING,
WITHOUT LIMITATION, TORT, CONTRACT, STRICT LIABILITY, OR OTHERWISE) SHALL ELASTIC
(OR ITS LICENSORS OR SUPPLIERS) BE LIABLE TO YOU OR TO ANY OTHER PERSON FOR (A)
ANY INDIRECT, SPECIAL, INCIDENTAL, OR CONSEQUENTIAL DAMAGES OF ANY KIND,
INCLUDING DAMAGES FOR LOST PROFITS, LOSS OF GOODWILL, WORK STOPPAGE, ACCURACY
OF RESULTS, OR COMPUTER FAILURE OR MALFUNCTION, OR (B) ANY AMOUNT, IN THE
AGGREGATE, IN EXCESS OF THE GREATER OF (I) $100 OR (II) THE AMOUNTS PAID BY YOU
TO ELASTIC IN CONNECTION WITH THE SERVICES IN THE TWELVE (12) MONTH PERIOD
PRECEDING THIS APPLICABLE CLAIM, OR (C) ANY MATTER BEYOND OUR REASONABLE
CONTROL. SOME STATES DO NOT ALLOW THE EXCLUSION OR LIMITATION OF CERTAIN
DAMAGES, SO THE ABOVE LIMITATION AND EXCLUSIONS MAY NOT APPLY TO YOU.
7.2 We shall not be liable for any indirect, consequential, exemplary,
incidental, special or punitive damages, including loss of profits.
7.3 EXCEPT AS STATED IN SECTION 7.1, ELASTIC AND ITS AFFILIATES, OFFICERS,
LICENSORS, AND/OR CONTRACTORS SHALL NOT BE LIABLE FOR ANY INDIRECT, INCIDENTAL,
SPECIAL OR CONSEQUENTIAL DAMAGES, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH
DAMAGES. TO THE EXTENT THAT A STATE DOES NOT PERMIT THE EXCLUSION OR LIMITATION
OF LIABILITY AS SET FORTH HEREIN, OUR LIABILITY IS LIMITED TO THE FULL EXTENT
PERMITTED BY LAW IN SUCH STATE.
8 Indemnity
8.1. To the fullest extent allowed by
applicable law, you agree to indemnify and hold us, and our affiliates,
officers, agents, employees, and partners harmless from and against any and all
claims, liabilities, damages (actual and consequential), losses and expenses
(including attorneys’ fees) arising from or in any way related to any third party
claims relating to (a) your use of the Services (including any actions taken by
a third party using your account, including those mentioned in Section 3.5),
(b) your violation of these Terms, or (c) your infringement upon any
intellectual property or other proprietary right of any person or entity.
8.2 In the event of such a claim, suit, or action (“Claim”), we will attempt to
provide notice of the Claim to the contact information we have for your account
(provided that failure to deliver such notice shall not eliminate or reduce
your indemnification obligations hereunder).
8.3. We may, at our own expense, assume the defense and control of any matter
otherwise subject to indemnification by you. Doing so shall not excuse your
indemnity obligations in this Agreement. The terms of this paragraph will
survive any termination or cancellation of the Agreement.
9 Ownership
9.1 Intellectual Property
9.1.1. The materials displayed or
performed or available on or through the Services, including, but not limited
to, text, graphics, data, articles, photos, images, illustrations, User
Submissions, and so forth (all of the foregoing, the “Content”) are protected
by copyright and/or other intellectual property laws. You promise to abide by
all copyright notices, trademark rules, information, and restrictions contained
in any Content you access through the Services, and you won’t use, copy,
reproduce, modify, translate, publish, broadcast, transmit, distribute,
perform, upload, display, license, sell or otherwise exploit for any purpose
any Content not owned by you, (i) without the prior consent of the owner of
that Content or (ii) in a way that violates someone else’s (including Elastic’s)
rights.
9.1.2 You understand that we own the Services. You won’t modify, publish, transmit,
participate in the transfer or sale of, reproduce (except as expressly provided
in this Section), create derivative works based on, or otherwise exploit any of
the Services. The Services may allow you to copy or download certain Content;
please remember that just because this functionality exists, doesn’t mean that
all the restrictions above don’t apply – they do!
9.2 User Submissions
9.2.1. Anything you (or your users)
post, upload, share, store, or otherwise provide through the Services,
including any chatbots you create and/or communicate with through the Services,
is your “User Submission.”
9.2.2 Some User Submissions are viewable by other users. In order to display
your User Submissions on the Services, and to allow other users to enjoy them
(where applicable), you grant us certain rights in those User Submissions.
Please note that all of the following licenses are subject to our Privacy
Policy to the extent they relate to User Submissions that are also your
personally-identifiable information
9.2.3. For all User Submissions, you hereby grant us a license to translate,
modify (for technical purposes, for example making sure your content is
viewable on an Android device as well as a desktop) and reproduce and otherwise
act with respect to such User Submissions, in each case to enable us to operate
the Services, as described in more detail below. This is a license only – your
ownership in User Submissions is not affected.
9.2.4 If you store a User Submission in your own personal Elastic account, in a
manner that is not viewable by any other user except you (a “Personal User
Submission”), you grant us the license above, as well as a license to display,
perform, and distribute your Personal User Submission for the sole purpose of
making that Personal User Submission accessible to you and providing the
Services necessary to do so.
9.2.5. If you share a User Submission only in a manner that only certain
specified users can view; for example, a private message to a chatbot (a
“Limited Audience User Submission”), then you grant us the licenses above, as
well as a license to display, perform, and distribute your Limited Audience
User Submission for the sole purpose of making that Limited Audience User
Submission accessible to such other specified users, and providing the Services
necessary to do so. Also, you grant such other specified users a license to
access that Limited Audience User Submission, and to use and exercise all
rights in it, as permitted by the functionality of the Services.
9.2.6 If you share a User Submission publicly on the Services and/or in a
manner that more than just you or certain specified users can view, or if you
provide us (in a direct email or otherwise) with any feedback, suggestions,
improvements, enhancements, and/or feature requests relating to the Services
(each of the foregoing, a “Public User Submission”), then you grant us the
licenses above, as well as a license to display, perform, and distribute your
Public User Submission for the purpose of making that Public User Submission
accessible to all Elastic users and providing the Services necessary to do so,
as well as all other rights necessary to use and exercise all rights in that
Public User Submission in connection with the Services for any purpose. Also,
you grant all other users of the Services a license to access that Public User
Submission, and to use and exercise all rights in it, as permitted by the
functionality of the Services.
9.2.7 You agree that the licenses you grant are royalty-free, perpetual,
sublicensable, irrevocable, and worldwide. All chatbots created through the
Services will automatically include an attribution to Elastic. You agree not to
remove, modify, or obscure the Elastic attribution. In addition, you hereby
grant us a nonexclusive license to use any chatbots you create using the
Services in Elastic’s marketing materials (such as on Elastic.ae). Finally, you
understand and agree that Elastic, in performing the required technical steps
to provide the Services to our users (including you), may need to make changes
to your User Submissions to conform and adapt those User Submissions to the
technical requirements of connection networks, devices, services, or media, and
the foregoing licenses include the rights to do so.
10 Terms
10.1 Effective Date of Terms
10.1.1. The Terms mentioned here are
a binding contract between you and us
10.1.2 The general terms are effective as of the first date that a customer or
a user of the website accesses or uses the Elastic platform or website, until
they are terminated by both or any of the the parties in accordance with
Section 10.2.
10.1.3 This Agreement is effective until terminated by you or by us.
10.1.4 Any Additional Services subscribed to post termination will be subject
to ac is licensed only for the Subscription Period selected during the
registration or upgrade. The Subscription Period may be renewed by paying an
additional license fee as set forth on the Elastic website. This renewal fee
may be charged automatically to the credit card used to initially pay for the
Services.
10.2 Termination by You
10.2.1. You’re free to stop using the
Services at any time; just email us at [email protected] to notify.
10.2.2 Services may be terminated by notifying Elastic of your intent to
terminate this Agreement. Notification of termination must be sent by email to [email protected].
Your termination will be effective upon Elastic’s receipt and processing of the
email. Processing may take up to 24 hours.
10.2.3 Any Additional Services subscribed to post termination will be licensed
only for the Subscription Period selected during the registration or upgrade,
and after payment of the relevant fees.
10.3 Termination by Elastic
10.3.1. We are free to terminate (or suspend
access to) your use of the Services or your account, for any reason in our
discretion, including your breach of these Terms (as described in Section 3.5).
We have the sole right to decide whether you are in violation of any of the
restrictions set forth in these Terms.
10.3.2 We may terminate this Agreement at any time and for any reason. We may
monitor its systems for excessive consumption of network resources and may take
technical or other remedies deemed necessary to prevent or eliminate any excessive
consumption. If we deem your use to be excessive, we may terminate your account
or adjust the price of the Services.
10.3.3 Any Additional Services subscribed to post termination will be subject
to review by us and can be availed only if found acceptable. The additional
services will then be treated as a new registration and will be licensed only
for the Subscription Period selected during the registration, and after payment
of the relevant fees.
10.4 Events upon Termination
10.4.1. Account termination may
result in destruction of any chatbots and Content associated with your account,
so keep that in mind before you decide to terminate your account.
10.4.2 We will try to provide advance notice to you prior to our terminating
your account so that you are able to retrieve any important User Submissions
you may have stored in your account (to the extent allowed by law and these
Terms), but we may not do so if we determine it would be impractical, illegal,
not in the interest of someone’s safety or security, or otherwise harmful to
the rights or property of Elastic.
10.4.3 Provisions that, by their nature, should survive termination of these
Terms shall survive termination. By way of example, all of the following will
survive termination: any obligation you have to pay us or indemnify us, any
limitations on our liability, any terms regarding ownership of intellectual
property rights, and terms regarding disputes between us.
10.4.4 Upon termination, you must immediately cease using the Services. Upon
termination, we may disable further use of the Services or related Services
without further notice and may delete, remove, and erase any account
information and any data stored by us. Such deletions are in our sole
discretion and may occur without notice to you. No refunds shall be given for
any reason.
10.5 Refunds on Termination
10.5.1. Section 5.5 (No Refunds)
applies, regardless of the cause of termination, cancellation, or downgrade of
subscription.
11 General
11.1 Jurisdiction
11.1.1. These Terms are governed by
and will be construed under the laws of USA, without regard to the conflicts of
laws provisions thereof. Any dispute arising from or relating to the subject
matter of these Terms shall be finally settled in USA, in English. Judgment
upon the award rendered by such arbitrator may be entered in any court of
competent jurisdiction. Notwithstanding the foregoing obligation to arbitrate
disputes, each party shall have the right to pursue injunctive or other
equitable relief at any time, from any court of competent jurisdiction. For all
purposes of this Agreement, the parties consent to exclusive jurisdiction and
venue in Texas (state), USA (Country). Any arbitration under these Terms will
take place on an individual basis: class arbitrations and class actions are not
permitted. YOU UNDERSTAND AND AGREE THAT BY ENTERING INTO THESE TERMS, YOU AND ELASTIC
ARE EACH WAIVING THE RIGHT TO TRIAL BY JURY OR TO PARTICIPATE IN A CLASS
ACTION.
11.1.2 These general terms shall be governed solely by the laws of the United States
of America without regard to conflicts of law provisions thereof. You agree
that the exclusive forum for any disputes arising out of or relating to this
Agreement shall be an appropriate federal or state court sitting in the
Republic of India.
11.2 Force Majeure
11.2.1. We shall not be liable by
reason of any failure or delay in performance of its obligation on account of
an unforeseeable and irresistible event, including external causes with the
same characteristics (a “Force Majeure”), which may include DOS attack, strikes,
shortages, riots, fires, act of god, failure by a third party hosting or
utility provider, war, terrorism and government action.
11.3 Notice
11.3.1. Elastic may send notices to
the customer’s email contact points provided by the customer, pursuant to these
terms. You may send notices pursuant to these terms at [email protected]. All
notices will be considered received 24 hours after they are sent.
11.3.2. All questions, notices, demands, or requests to Elastic with respect to
this Agreement shall be made in writing to: [email protected].
11.4 Assignment & Successors
11.4.1. You may not assign, delegate
or transfer these Terms or your rights or obligations hereunder, or your
Services account, in any way (by operation of law or otherwise) without Elastic’s
prior written consent. We may transfer, assign, or delegate these Terms and our
rights and obligations without consent.
11.4.2. These Terms shall be binding upon and inure to the benefit of the
Parties’ respective successors and assigns.
11.4.3. You may not assign or transfer, or purport to assign or transfer, any
of your rights, duties, or obligations under the Agreement to any person or
entity, in whole or in part, whether by assignment, merger, transfer of assets,
sale of stock, operation of law, or otherwise. Elastic may assign or transfer
this Agreement in its sole discretion.
11.5 Amendments
11.5.1. As we are constantly trying
to improve the platform, the Terms may be subject to change
11.5.2. We reserve the right, and may amend, the Terms of this agreement and
related services offered under this agreement (including license fees,
availability, equipment and Services requirements, and limits or restrictions
on the use of Services or services) at any time, at our sole discretion without
notice.
11.5.3. In case of any such amendments, we will bring it to your attention by
notifying you through an email, post on Elastic website, and/or by some other
means, as far as possible.
11.5.4. The amendments made will be effective immediately after posting it.
Continued use of the Services after the amendment constitutes your acceptance
of the same.
11.5.5. If you don’t agree with the new Terms, you are free to reject them;
unfortunately, that means you will no longer be able to use the Services.
11.5.6. Except for changes by us as described here, no other amendment or
modification of these Terms will be effective unless in writing and signed by
both you and us.
11.6 Waiver
11.6.1. No waiver, delay or discharge
by a party will be valid unless in writing and signed by an authorized
representative of the party against which its enforcement is sought. Neither
the failure of either party to exercise any right of termination nor the waiver
of any default will constitute a waiver of the rights granted in the Agreement
with respect to any subsequent or other default.
11.6.2. Failure by us to enforce any accrued rights under these Terms &
Conditions is not to be taken as or deemed to be a waiver of those rights
unless we acknowledge the waiver in writing
11.7 Severability
11.7.1. The foregoing paragraphs,
sub-paragraphs and clauses of these Terms & Conditions shall be read and
construed independently of each other. Should any part of this agreement or its
paragraphs, sub-paragraphs or clauses be found invalid it shall not affect the
remaining paragraphs, sub-paragraphs and clauses.
11.7.2. If a provision of the Agreement is held by a court of competent
jurisdiction to be invalid, void, or unenforceable, the remaining provisions of
the Agreement will not be affected, impaired or invalidated. If the absence of
the provision adversely affects the substantive rights of a party, the parties
agree to replace the provision with a new provision that closely approximates
the economic and proprietary results intended by the parties.
12 Entire Agreement
12.1. The Agreement, the Privacy
Policy, Data Processing Agreement, and all other attached Schedules contain the
entire and exclusive Agreement and understanding between the parties on the
subject matter of the Agreement.
12.2. The Agreement supersedes all prior agreements, understandings and
arrangements related to the subject matter. No representation, undertaking or
promise made prior to the Agreement shall be effective or valid except as may
be expressly stated in the Agreement.
13 Acceptance Signature
11.5.1. As we are constantly trying
to improve the platform, the Terms may be subject to change
11.5.2. We reserve the right, and may amend, the Terms of this agreement and
related services offered under this agreement (including license fees,
availability, equipment and Services requirements, and limits or restrictions
on the use of Services or services) at any time, at our sole discretion without
notice.
11.5.3. In case of any such amendments, we will bring it to your attention by
notifying you through an email, post on Elastic website, and/or by some other
means, as far as possible.
11.5.4. The amendments made will be effective immediately after posting it.
Continued use of the Services after the amendment constitutes your acceptance
of the same.
11.5.5. If you don’t agree with the new Terms, you are free to reject them;
unfortunately, that means you will no longer be able to use the Services.
11.5.6. Except for changes by us as described here, no other amendment or
modification of these Terms will be effective unless in writing and signed by
both you and us.
Addendum - Elastic Data Processing Agreement
This Elastic Data Protection Addendum
("Addendum") including the Standard Contractual Clauses forms part of
the agreement between the parties as defined by the Elastic Customer Terms of
Service ("Agreement")
The term of this DPA shall follow the term of the Agreement. Terms not
otherwise defined herein shall have the meaning as set forth in the Agreement.
Except as modified below, the terms of the Agreement shall remain in full force
and effect.
In consideration of the mutual obligations set out herein, the parties hereby
agree that the terms and conditions set out below shall be added as an Addendum
to the Agreement. Except where the context requires otherwise, references in
this Addendum to the Agreement are to the Agreement as amended by, and
including, this Addendum.
1. Definitions
In this Addendum, the following terms
shall have the meanings set out below and cognate terms shall be construed
accordingly:
1."Applicable Laws" means (a) European Union or Member State laws
with respect to any Company Personal Data in respect of which any Company Group
Member is subject to EU Data Protection Laws; and (b) any other applicable law
with respect to any Company Personal Data in respect of which any Company Group
Member is subject to any other Data Protection Laws;
2."Company Affiliate" means an entity that owns or controls, is owned
or controlled by or is or under common control or ownership with Company, where
control is defined as the possession, directly or indirectly, of the power to
direct or cause the direction of the management and policies of an entity,
whether through ownership of voting securities, by contract or otherwise;
3."Company Group Member" means Company or any Company Affiliate;
4."Company Personal Data" means any Personal Data Processed by a
Contracted Processor on behalf of a Company Group Member pursuant to or in
connection with the Agreement;
5."Contracted Processor" means Vendor or a Sub processor;
6."Data Protection Laws" means EU Data Protection Laws and, to the
extent applicable, the data protection or privacy laws of any other country;
7."EEA" means the European Economic Area;
8."EU Data Protection Laws" means EU Directive 95/46/EC, as
transposed into domestic legislation of each Member State and as amended,
replaced or superseded from time to time, including by the GDPR and laws
implementing or supplementing the GDPR;
9."GDPR"means EU General Data Protection Regulation 2016/679;
10."Restricted Transfer" means:
1.a transfer of Company Personal Data from any Company Group Member to a
Contracted Processor; or
2.an onward transfer of Company Personal Data from a Contracted Processor to a
Contracted Processor, or between two establishments of a Contracted Processor,
in each case, where such transfer would be prohibited by Data Protection Laws
(or by the terms of data transfer agreements put in place to address the data
transfer restrictions of Data Protection Laws) in the absence of the Standard
Contractual Clauses to be established under section [6.4.3 or] 12 below;
11."Services" means the services and other activities to be supplied
to or carried out by or on behalf of Vendor for Company Group Members pursuant
to the Agreement;
12."Standard Contractual Clauses"means the contractual clauses set
out in Annex 2, amended as indicated (in square brackets and italics) in that
Annex and under section 13.4;
13."Subprocessor" means any person (including any third party and any
Vendor Affiliate, but excluding an employee of Vendor or any of its
sub-contractors) appointed by or on behalf of Vendor or any Vendor Affiliate to
Process Personal Data on behalf of any Company Group Member in connection with
the Agreement; and
14."Vendor Affiliate" means an entity that owns or controls, is owned
or controlled by or is or under common control or ownership with Vendor, where
control is defined as the possession, directly or indirectly, of the power to
direct or cause the direction of the management and policies of an entity,
whether through ownership of voting securities, by contract or otherwise.
15.“Vendor” means an entity that owns or controls, is owned or controlled by or
is or under common control or ownership with Vendor, where control is defined
as the possession, directly or indirectly, of the power to direct or cause the
direction of the management and policies of an entity, whether through
ownership of voting securities, by contract or otherwise.
The terms, "Commission", "Controller", "Data
Subject", "Member State", "Personal Data",
"Personal Data Breach", "Processing" and "Supervisory
Authority" shall have the same meaning as in the GDPR, and their cognate
terms shall be construed accordingly.
2. Processing of Company Personal
Data
1.Vendor and each Vendor Affiliate
shall: 1.Not Process Company Personal Data other than on the relevant Company
Group Member’s documented instructions unless Processing is required by
Applicable Laws to which the relevant Contracted Processor is subject, in which
case Vendor or the relevant Vendor Affiliate shall to the extent permitted by
Applicable Laws inform the relevant Company Group Member of that legal
requirement before the relevant Processing of that Personal Data.
2.Each Company Group Member:
1.instructs Vendor and each Vendor Affiliate (and authorises Vendor and each
Vendor Affiliate to instruct each Sub processor) to:
1.Process Company Personal Data; and
2.in particular, transfer Company Personal Data to any country or territory, as
reasonably necessary for the provision of the Services and consistent with the
Agreement; and
2.warrants and represents that it is and will at all relevant times remain duly
and effectively authorised to give the instruction set out in section 2.2.1 on
behalf of each relevant Company Affiliate.
3.Annex 1 to this Addendum sets out certain information regarding the
Contracted Processors' Processing of the Company Personal Data as required by
article 28(3) of the GDPR (and, possibly, equivalent requirements of other Data
Protection Laws). Company may make reasonable amendments to Annex 1 by written
notice to Vendor from time to time as Company reasonably considers necessary to
meet those requirements. Nothing in Annex 1 (including as amended pursuant to
this section) confers any right or imposes any obligation on any party to this
Addendum.
3. Vendor and Vendor Affiliate
Personnel
Vendor and each Vendor Affiliate
shall take reasonable steps to ensure the reliability of any employee, agent or
contractor of any Contracted Processor who may have access to the Company
Personal Data, ensuring in each case that access is strictly limited to those
individuals who need to know / access the relevant Company Personal Data, as
strictly necessary for the purposes of the Agreement, and to comply with
Applicable Laws in the context of that individual's duties to the Contracted
Processor, ensuring that all such individuals are subject to confidentiality
undertakings or professional or statutory obligations of confidentiality.
4. Security
1.Taking into account the state of
the art technology being used in the platform, the costs of implementation and
the nature, scope, context and purposes of Processing as well as the risk of
varying likelihood and severity for the rights and freedoms of natural persons,
Vendor and each Vendor Affiliate shall in relation to the Company Personal Data
implement appropriate technical and organizational measures to ensure a level
of security appropriate to that risk, including, as appropriate, the measures
referred to in Article 32(1) of the GDPR.
2.In assessing the appropriate level of security, Vendor and each Vendor
Affiliate shall take account in particular of the risks that are presented by
Processing, in particular from a Personal Data Breach.
5. Subprocessing
1. Each Company Group Member
authorises Vendor and each Vendor Affiliate to appoint (and permit each
Subprocessor appointed in accordance with this section 5 to appoint)
Subprocessors in accordance with this section 5 and any restrictions in the
Agreement.
2. Vendor and each Vendor Affiliate may continue to use those Subprocessors
already engaged by Vendor or any Vendor Affiliate as at the date of this
Addendum, subject to Vendor and each Vendor Affiliate in each case as soon as
practicable meeting the obligations set out in section 5.4.
3. Vendor shall give Company prior written notice of the appointment of any new
Subprocessor, including full details of the Processing to be undertaken by the
Subprocessor. If, within 30 days of receipt of that notice, Company notifies
Vendor in writing of any objections (on reasonable grounds) to the proposed
appointment: Neither Vendor nor any Vendor Affiliate shall appoint (or disclose
any Company Personal Data to) that proposed Subprocessor until reasonable steps
have been taken to address the objections raised by any Company Group Member
and Company has been provided with a reasonable written explanation of the
steps taken.
4. With respect to each Subprocessor, Vendor or the relevant Vendor Affiliate
shall:
1. Before the Subprocessor first Processes Company Personal Data (or, where
relevant, in accordance with section 5.2), carry out adequate due diligence to
ensure that the Subprocessor is capable of providing the level of protection
for Company Personal Data required by the Agreement;
2. Ensure that the arrangement between on the one hand (a) Vendor, or (b) the
relevant Vendor Affiliate, or (c) the relevant intermediate Subprocessor; and
on the other hand the Subprocessor, is governed by a written contract including
terms which offer at least the same level of protection for Company Personal
Data as those set out in this Addendum and meet the requirements of article
28(3) of the GDPR;
3. If that arrangement involves a Restricted Transfer, ensure that the Standard
Contractual Clauses are at all relevant times incorporated into the agreement
between on the one hand (a) Vendor, or (b) the relevant Vendor Affiliate, or
(c) the relevant intermediate Subprocessor; and on the other hand the
Subprocessor, or before the Subprocessor first Processes Company Personal Data
procure that it enters into an agreement incorporating the Standard Contractual
Clauses with the relevant Company Group Member(s); and
4. Provide to Company for review such copies of the Contracted Processors'
agreements with Subprocessors (which may be redacted to remove confidential
commercial information not relevant to the requirements of this Addendum) as
Company may request from time to time.
5.Vendor and each Vendor Affiliate shall ensure that each Subprocessor performs
the obligations, as they apply to Processing of Company Personal Data carried
out by that Subprocessor, as if it were party to this Addendum in place of
Vendor.
6. Data Subject Rights
Vendor will provide reasonable
assistance, including technical and organizational measures and taking into
account the nature of the Processing, to enable Controller to respond to any
request from Data Subjects seeking to exercise their rights under the Data
Protection Law with respect to Personal Data (including access, rectification,
restriction, deletion or portability of Personal Data, as applicable), to the
extent permitted by the law.
If such request is made directly to Vendor, Vendor will promptly inform Company
Group Member and will advise Data Subjects to submit their request to the
Company Group Member directly, who shall be solely responsible for responding
to any Data Subjects’ requests.
7. Personal Data Breach
1. Vendor shall notify Company
without undue delay upon Vendor or any Subprocessor becoming aware of a
Personal Data Breach affecting Company Personal Data, providing Company with
sufficient information to allow each Company Group Member to meet any
obligations to report or inform Data Subjects of the Personal Data Breach under
the Data Protection Laws.
2. Vendor shall co-operate with Company and each Company Group Member and take
such reasonable commercial steps as are directed by Company to assist in the
investigation, mitigation and remediation of each such Personal Data Breach.
8. Data Protection Impact Assessment
and Prior Consultation
Vendor and each Vendor Affiliate
shall provide reasonable assistance to each Company Group Member with any data
protection impact assessments, and prior consultations with Supervising
Authorities or other competent data privacy authorities, which Company
reasonably considers to be required of any Company Group Member by article 35
or 36 of the GDPR or equivalent provisions of any other Data Protection Law, in
each case solely in relation to Processing of Company Personal Data by, and
taking into account the nature of the Processing and information available to,
the Contracted Processors.
9. Deletion or return of Company
Personal Data
Other than to the extent required to
comply with Data Protection Law, following termination or expiry of the
Agreement, Processor will return or delete all Personal Data processed pursuant
to this DPA in a reasonable time frame. If Processor is unable to delete
Personal Data for technical or other reasons, Processor will apply measures to
ensure that Personal Data is blocked from any further Processing.
10. Audit
1. Vendor and each Vendor Affiliate
shall make available to each Company Group Member on request all information
necessary to demonstrate compliance with this Addendum, and shall allow for and
contribute to audits, including inspections, by any Company Group Member or an
auditor mandated by any Company Group Member in relation to the Processing of
the Company Personal Data by the Contracted Processors.
2. Information and audit rights of the Company Group Members only arise under
section 10.1 to the extent that the Agreement does not otherwise give them
information and audit rights meeting the relevant requirements of Data
Protection Law (including, where applicable, article 28(3)(h) of the GDPR).
3. Company or the relevant Company Affiliate undertaking an audit shall give
Vendor or the relevant Vendor Affiliate reasonable notice of any audit or
inspection to be conducted under section 10.1 and shall make (and ensure that
each of its mandated auditors makes) reasonable endeavours to avoid causing
(or, if it cannot avoid, to minimise) any damage, injury or disruption to the
Contracted Processors' premises, equipment, personnel and business while its
personnel are on those premises in the course of such an audit or inspection.
A Contracted Processor need not give access to its premises for the purposes of
such an audit or inspection:
1. To any individual unless he or she produces reasonable evidence of identity
and authority;
2. Outside normal business hours at those premises, unless the audit or
inspection needs to be conducted on an emergency basis and Company or the
relevant Company Affiilate undertaking an audit has given notice to Vendor or
the relevant Vendor Affiliate that this is the case before attendance outside
those hours begins; or
3. For the purposes of more than [one] audit or inspection, in respect of
each Contracted Processor, in any [calendar year], except for any additional
audits or inspections which:
Company or the relevant Company Affiliate undertaking an audit reasonably
considers necessary because of genuine concerns as to Vendor's or the relevant
Vendor Affiliate’s compliance with this Addendum; or
A Company Group Member is required or requested to carry out by Data Protection
Law, a Supervisory Authority or any similar regulatory authority responsible
for the enforcement of Data Protection Laws in any country or territory,
where Company or the relevant Company Affiliate undertaking an audit has
identified its concerns or the relevant requirement or request in its notice to
Vendor or the relevant Vendor Affiliate of the audit or inspection.
11. Restricted Transfers
1.Subject to section 11.3, each
Company Group Member (as "data exporter") and each Contracted
Processor, as appropriate, (as "data importer") hereby enter into the
Standard Contractual Clauses in respect of any Restricted Transfer from that
Company Group Member to that Contracted Processor.
2.The Standard Contractual Clauses shall come into effect under section 11.1 on
the later of:
1.the data exporter becoming a party to them;
2.the data importer becoming a party to them; and
3.commencement of the relevant Restricted Transfer.
3.Section 11.1 shall not apply to a Restricted Transfer unless its effect,
together with other reasonably practicable compliance steps (which, for the
avoidance of doubt, do not include obtaining consents from Data Subjects), is
to allow the relevant Restricted Transfer to take place without breach of
applicable Data Protection Law.
12. General Terms
Effective 25 May 2018 Elastic will
process Personal Data in accordance with the GDPR requirements contained herein
which are directly applicable to Elastic's provision of the Subscription
Services.
1.Nothing in this Addendum reduces Vendor's or any Vendor Affiliate’s
obligations under the Agreement in relation to the protection of Personal Data
or permits Vendor or any Vendor Affiliate to Process (or permit the Processing
of) Personal Data in a manner which is prohibited by the Agreement. In the
event of any conflict or inconsistency between this Addendum and the Standard
Contractual Clauses, the Standard Contractual Clauses shall prevail.
2.Subject to section 12.1, with regard to the subject matter of this Addendum,
in the event of inconsistencies between the provisions of this Addendum and any
other agreements between the parties, including the Agreement and including
(except where explicitly agreed otherwise in writing, signed on behalf of the
parties) agreements entered into or purported to be entered into after the date
of this Addendum, the provisions of this Addendum shall prevail.
3.Should any provision of this Addendum be invalid or unenforceable, then the
remainder of this Addendum shall remain valid and in force. The invalid or
unenforceable provision shall be either (i) amended as necessary to ensure its
validity and enforceability, while preserving the parties’ intentions as
closely as possible or, if this is not possible, (ii) construed in a manner as
if the invalid or unenforceable part had never been contained therein.
3.commencement of the relevant Restricted Transfer.
3.Section 11.1 shall not apply to a Restricted Transfer unless its effect,
together with other reasonably practicable compliance steps (which, for the
avoidance of doubt, do not include obtaining consents from Data Subjects), is
to allow the relevant Restricted Transfer to take place without breach of
applicable Data Protection Law.
Standard Contractual Clauses
(Processors)
For the purposes of Article 26(2) of
Directive 95/46/EC for the transfer of personal data to processors established
in third countries which do not ensure an adequate level of data protection,
The Customer, as defined in the Elastic Customer Terms of Service (the
"data exporter")
And
Elastic Technologies Inc., 919 North Market Street, Suite 950, Wilmington, New
Castle 19801 (the "data importer"),
each a ‘party’; together ‘the parties’,
HAVE AGREED on the following Contractual Clauses (the Clauses) in order to
adduce adequate safeguards with respect to the protection of privacy and
fundamental rights and freedoms of individuals for the transfer by the data
exporter to the data importer of the personal data specified in Appendix 1.
Clause 1 - Definitions
For the purposes of the Clauses:
(a) ‘personal data’, ‘special categories of data’, ‘process/processing’,
‘controller’, ‘processor’, ‘data subject’ and ‘supervisory authority’ shall
have the same meaning as in Directive 95/46/EC of the European Parliament and
of the Council of 24 October 1995 on the protection of individuals with regard
to the processing of personal data and on the free movement of such data;
(b) ‘the Data Exporter’ means the controller who transfers the personal data;
(c) ‘the Data Importer’ means the processor who agrees to receive from the data
exporter personal data intended for processing on his behalf after the transfer
in accordance with his instructions and the terms of the Clauses and who is not
subject to a third country’s system ensuring adequate protection within the
meaning of Article 25(1) of Directive 95/46/EC;
(d) ‘the Subprocessor’ means any processor engaged by the data importer or by
any other subprocessor of the data importer who agrees to receive from the data
importer or from any other subprocessor of the data importer personal data
exclusively intended for processing activities to be carried out on behalf of
the data exporter after the transfer in accordance with his instructions, the
terms of the Clauses and the terms of the written subcontract;
(e) ‘the applicable data protection law’ means the legislation protecting the
fundamental rights and freedoms of individuals and, in particular, their right
to privacy with respect to the processing of personal data applicable to a data
controller in the Member State in which the data exporter is established;
(f) ‘technical and organisational security measures’ means those measures aimed
at protecting personal data against accidental or unlawful destruction or
accidental loss, alteration, unauthorised disclosure or access, in particular
where the processing involves the transmission of data over a network, and
against all other unlawful forms of processing.
Clause 2 - Details of the transfer
The details of the transfer and in
particular the special categories of personal data where applicable are
specified in Appendix 1 which forms an integral part of the Clauses.
Clause 3 - Third-party beneficiary clause
-The data subject can enforce against
the data exporter this Clause, Clause 4(b) to (i), Clause 5(a) to (e), and (g)
to (j), Clause 6(1) and (2), Clause 7, Clause 8(2), and Clauses 9 to 12 as
third-party beneficiary.
-The data subject can enforce against the data importer this Clause, Clause
5(a) to (e) and (g), Clause 6, Clause 7, Clause 8(2), and Clauses 9 to 12, in
cases where the data exporter has factually disappeared or has ceased to exist
in law unless any successor entity has assumed the entire legal obligations of
the data exporter by contract or by operation of law, as a result of which it
takes on the rights and obligations of the data exporter, in which case the
data subject can enforce them against such entity.
-The data subject can enforce against the subprocessor this Clause, Clause 5(a)
to (e) and (g), Clause 6, Clause 7, Clause 8(2), and Clauses 9 to 12, in cases
where both the data exporter and the data importer have factually disappeared
or ceased to exist in law or have become insolvent, unless any successor entity
has assumed the entire legal obligations of the data exporter by contract or by
operation of law as a result of which it takes on the rights and obligations of
the data exporter, in which case the data subject can enforce them against such
entity. Such third-party liability of the subprocessor shall be limited to its
own processing operations under the Clauses.
- The parties do not object to a data subject being represented by an
association or other body if the data subject so expressly wishes and if
permitted by national law.
Clause 4 - Obligations of the data exporter
The data exporter agrees and
warrants:
(a) that the processing, including the transfer itself, of the personal data
has been and will continue to be carried out in accordance with the relevant
provisions of the applicable data protection law (and, where applicable, has
been notified to the relevant authorities of the Member State where the data
exporter is established) and does not violate the relevant provisions of that
State;
(b) that it has instructed and throughout the duration of the personal
data-processing services will instruct the data importer to process the
personal data transferred only on the data exporter’s behalf and in accordance
with the applicable data protection law and the Clauses;
(c) that the data importer will provide sufficient guarantees in respect of the
technical and organisational security measures specified in Appendix 2 to this
contract;
(d) that after assessment of the requirements of the applicable data protection
law, the security measures are appropriate to protect personal data against
accidental or unlawful destruction or accidental loss, alteration, unauthorised
disclosure or access, in particular where the processing involves the
transmission of data over a network, and against all other unlawful forms of
processing, and that these measures ensure a level of security appropriate to
the risks presented by the processing and the nature of the data to be
protected having regard to the state of the art and the cost of their
implementation;
(e) that it will ensure compliance with the security measures;
(f) that, if the transfer involves special categories of data, the data subject
has been informed or will be informed before, or as soon as possible after, the
transfer that its data could be transmitted to a third country not providing
adequate protection within the meaning of Directive 95/46/EC;
(g) to forward any notification received from the data importer or any
subprocessor pursuant to Clause 5(b) and Clause 8(3) to the data protection
supervisory authority if the data exporter decides to continue the transfer or
to lift the suspension;
(h) to make available to the data subjects upon request a copy of the Clauses,
with the exception of Appendix 2, and a summary description of the security
measures, as well as a copy of any contract for subprocessing services which
has to be made in accordance with the Clauses, unless the Clauses or the
contract contain commercial information, in which case it may remove such
commercial information;
(i) that, in the event of subprocessing, the processing activity is carried out
in accordance with Clause 11 by a subprocessor providing at least the same
level of protection for the personal data and the rights of data subject as the
data importer under the Clauses; and
(j) that it will ensure compliance with Clause 4(a) to (i).
Clause 5 - Obligations of the data importer
The data importer agrees and
warrants:
(a) to process the personal data only on behalf of the data exporter and in
compliance with its instructions and the Clauses; if it cannot provide such
compliance for whatever reasons, it agrees to inform promptly the data exporter
of its inability to comply, in which case the data exporter is entitled to
suspend the transfer of data and/or terminate the contract;
(b) that it has no reason to believe that the legislation applicable to it
prevents it from fulfilling the instructions received from the data exporter
and its obligations under the contract and that in the event of a change in
this legislation which is likely to have a substantial adverse effect on the
warranties and obligations provided by the Clauses, it will promptly notify the
change to the data exporter as soon as it is aware, in which case the data
exporter is entitled to suspend the transfer of data and/or terminate the
contract;
(c) that it has implemented the technical and organisational security measures
specified in Appendix 2 before processing the personal data transferred;
(d) that it will promptly notify the data exporter about:
(i) any legally binding request for disclosure of the personal data by a law
enforcement authority unless otherwise prohibited, such as a prohibition under
criminal law to preserve the confidentiality of a law enforcement
investigation;
(ii) any accidental or unauthorised access; and
(iii) any request received directly from the data subjects without responding
to that request, unless it has been otherwise authorised to do so;
(e) to deal promptly and properly with all inquiries from the data exporter
relating to its processing of the personal data subject to the transfer and to
abide by the advice of the supervisory authority with regard to the processing
of the data transferred;
(f) at the request of the data exporter to submit its data-processing
facilities for audit of the processing activities covered by the Clauses which
shall be carried out by the data exporter or an inspection body composed of
independent members and in possession of the required professional
qualifications bound by a duty of confidentiality, selected by the data
exporter, where applicable, in agreement with the supervisory authority;
(g) to make available to the data subject upon request a copy of the Clauses,
or any existing contract for subprocessing, unless the Clauses or contract
contain commercial information, in which case it may remove such commercial
information, with the exception of Appendix 2 which shall be replaced by a
summary description of the security measures in those cases where the data
subject is unable to obtain a copy from the data exporter;
(h) that, in the event of subprocessing, it has previously informed the data
exporter and obtained its prior written consent;
(i) that the processing services by the subprocessor will be carried out in
accordance with Clause 11;
(j) to send promptly a copy of any subprocessor agreement it concludes under
the Clauses to the data exporter.
Clause 6 - Liability
The parties agree that any data
subject, who has suffered damage as a result of any breach of the obligations
referred to in Clause 3 or in Clause 11 by any party or subprocessor is
entitled to receive compensation from the data exporter for the damage
suffered.
Clause 7 - Mediation and jurisdiction
The data importer agrees that if the
data subject invokes against it third-party beneficiary rights and/or claims
compensation for damages under the Clauses, the data importer will accept the
decision of the data subject:
(a) to refer the dispute to mediation, by an independent person or, where
applicable, by the supervisory authority;
(b) to refer the dispute to the courts in the Member State in which the data
exporter is established.
- The parties agree that the choice made by the data subject will not prejudice
its substantive or procedural rights to seek remedies in accordance with other
provisions of national or international law.
Clause 8 - Cooperation with supervisory
authorities
- The data exporter agrees to deposit
a copy of this contract with the supervisory authority if it so requests or if
such deposit is required under the applicable data protection law.
- The parties agree that the supervisory authority has the right to conduct an
audit of the data importer, and of any subprocessor, which has the same scope
and is subject to the same conditions as would apply to an audit of the data
exporter under the applicable data protection law.
- The data importer shall promptly inform the data exporter about the existence
of legislation applicable to it or any subprocessor preventing the conduct of
an audit of the data importer, or any subprocessor, pursuant to paragraph 2. In
such a case the data exporter shall be entitled to take the measures foreseen in
Clause 5(b).
Clause 9 - Governing law
The Clauses shall be governed by the
law of the Member State in which the data exporter is established.
Clause 10 - Variation of the contract
The parties undertake not to vary or
modify the Clauses. This does not preclude the parties from adding clauses on
business related issues where required as long as they do not contradict the
Clause.
Clause 11 - Subprocessing
- The data importer shall not
subcontract any of its processing operations performed on behalf of the data
exporter under the Clauses without the prior written consent of the data
exporter. Where the data importer subcontracts its obligations under the
Clauses, with the consent of the data exporter, it shall do so only by way of a
written agreement with the subprocessor which imposes the same obligations on
the subprocessor as are imposed on the data importer under the Clauses. Where
the subprocessor fails to fulfil its data protection obligations under such
written agreement the data importer shall remain fully liable to the data
exporter for the performance of the subprocessor’s obligations under such
agreement.
- The prior written contract between the data importer and the subprocessor
shall also provide for a third-party beneficiary clause as laid down in Clause
3 for cases where the data subject is not able to bring the claim for
compensation referred to in paragraph 1 of Clause 6 against the data exporter
or the data importer because they have factually disappeared or have ceased to
exist in law or have become insolvent and no successor entity has assumed the
entire legal obligations of the data exporter or data importer by contract or
by operation of law. Such third-party liability of the subprocessor shall be
limited to its own processing operations under the Clauses.
- The provisions relating to data protection aspects for subprocessing of the
contract referred to in paragraph 1 shall be governed by the law of the Member
State in which the data exporter is established.
- The data exporter shall keep a list of subprocessing agreements concluded
under the Clauses and notified by the data importer pursuant to Clause 5(j),
which shall be updated at least once a year. The list shall be available to the
data exporter’s data protection supervisory authority.
Clause 12 - Obligation after the termination
of personal data-processing services
-The parties agree that on the
termination of the provision of data-processing services, the data importer and
the subprocessor shall, at the choice of the data exporter, return all the
personal data transferred and the copies thereof to the data exporter or shall
destroy all the personal data and certify to the data exporter that it has done
so, unless legislation imposed upon the data importer prevents it from
returning or destroying all or part of the personal data transferred. In that
case, the data importer warrants that it will guarantee the confidentiality of
the personal data transferred and will not actively process the personal data
transferred anymore.
- The data importer and the subprocessor warrant that upon request of the data
exporter and/or of the supervisory authority, it will submit its
data-processing facilities for an audit of the measures referred to in
paragraph 1.
Appendix 1 to the Standard Contractual Clauses
This Appendix forms part of the
Clauses. The Member States may complete or specify, according to their national
procedures, any additional necessary information to be contained in this
Appendix.
A. Data exporter
The data exporter is the Customer, as defined in the Elastic Customer Terms of
Service (“Agreement”).
B. Data importer
The data importer is Elastic Technologies Inc., a global provider of chatbot
and customer engagement software.
C. Data subjects
Categories of data subjects set out under Section 2 of the Data Processing
Agreement to which the Clauses are attached.
D. Categories of data
E. Special categories of data (if appropriate)
The parties do not anticipate the transfer of special categories of data.
F. Processing operations
The processing activities set out under Section 2 of the Data Processing
Agreement to which the Clauses are attached.
Appendix 2 to the Standard Contractual Clauses
This Appendix forms part of the
Clauses.
Description of the technical and organizational security measures implemented
by the data importer in accordance with Clauses 4(d) and 5(c) (or
document/legislation attached):
Elastic currently observes the security practices as described in this Appendix
2.
Notwithstanding any provision to the contrary otherwise agreed to by data
exporter, Elastic may modify or update these practices at its discretion
provided that such modification and update does not result in a material
degradation in the protection offered by these practices. All capitalized terms
not otherwise defined herein shall have the meanings as set forth in the
Agreement and the Addendum.
Hosting: Elastic hosts its platform and services on outsources subprocessors
who adhere to strict physical and environmental guidelines. Elastic maintains
contractual relationships with such vendors in order to provide the Service in
accordance with our Data Processing Agreement.
Authentication: Customer data is stored in multi-tenant systems whose access is
provided via the platform via user interface or application programming
interface. Authentication mechanism is put in place for such access with a
defined policy for passwords. Elastic’s authorization model enforces that only
users with specified access can use the platform.
Access controls and monitoring: Network access control mechanisms are enabled
to prevent acccess to unauthorized protocols keeping the underlying platform
safe. Elastic has systems in place to detect and notify abnormal network
activity patterns.
Elastic also performs periodic vulnerability detection scans to determine
system risks.
Platform Data Access: A limited subset of Elastic’s employees have access to
the customer data who have abided by company Non-Disclosure Agreements. Such
access is controlled and secured by two-factor authentication. A review is done
at least twice a year to determine the roles and individuals requiring such
access.
Background Checks: All Elastic employees undergo background checks prior to the
acceptance of their employment offer under the prevailing legal guidelines. All
employees are required to act in a manner consistent with the company’s
policies, non-disclosure and other contractual requirements.
Data Transmission: All network communication on the platform happens over
secured HTTPS protocol. Elastic follows industry standard implementation for
HTTPS.
Data at Rest: As of 25th of May, 2018, Elastic has implemented changes to
secure the data by using industry standard encryption.
Detection: Elastic logs data around platform access and usage, which includes
alerting systems that would trigger in case of unintended or malicious use of
the platform.
Security Incidents: An incident log is maintained of every incident where an
abnormal platform use or data access is determined, including details and
impact. On every incident an impact analysis is performed and steps are taken
to limit the damage to systems and unauthorized access.
Communication: If Elastic becomes aware of unlawful access to customer data, Elastic
agrees to notify the customers of the incident. It also would communicate -
information about the incident and steps taken for its resolution. Notification
for such incidents will be sent to individual customers or such groups having
been affected by the incident over email and/or phone or a medium Elastic deems
fit.
Availability: Elastic via it’s infrastructure providers ensure a platform
availability of 99.9% availability of the platform and supporting systems.
Backups: Data backups are taken for customer data and configurations at regular
intervals. The periodicity of such backups may change without affecting the
terms of the agreement.
List of Sub-Processors
Amazon Web Services, Inc.
Google, Inc.
Facebook, Inc.
Bitrix
Sendgrid, Inc
Coviam Technology and Services Private Limited
Any other wholly-owned AITS, Inc. or Coviam subsidiary organizations
For more details, email us at [email protected]
Elastic Acquire
THESE TERMS OF USE (“TERMS”) ARE A
BINDING CONTRACT BETWEEN YOU AND ELASTIC ACQUIRE (“WE”, “US”), A CUSTOMER
ACQUISITION PLATFORM (HENCEFORTH REFERRED TO AS THE “Platform”) BUILT BY AITS,
A COMPANY REGISTERED IN THE STATE OF MISSOURI, USA. BY SUBSCRIBING AND
ACCESSING THE BELOW TERMS, YOU AGREE TO THESE TERMS ON BEHALF OF YOURSELF AS AN
INDIVIDUAL USER, OR ON BEHALF OF THE ORGANIZATION YOU REPRESENT (“CUSTOMER”,
“YOU”). IN CASE YOU DO NOT AGREE TO ANY OF THE TERMS LISTED BELOW, YOU MAY
REFRAIN FROM USING (OR ACCESSING) THE PLATFORM AND RELATED SERVICES.
1. Introduction
Welcome to Elastic Acquire, customer
acquisition software for lead generation, lead engagement and content
management. Please read on to learn the terms that govern your use of Elastic
website(s), services and platform. If you have any questions, comments, or
concerns regarding these terms or the Services, please feel free to connect
with us at [email protected]
2. Platform Access
2.1 Eligibility
2.1.1. The Children’s Online Privacy
Protection Act (“COPPA”) requires that online service providers obtain parental
consent before they knowingly collect personally identifiable information
online from children who are under 13
2.1.2. We do not knowingly collect or solicit personally identifiable
information from children under 13. If you are a child under 13, please do not
attempt to register for the Services or send any personal information about
yourself to us.
2.1.3. If we learn we have collected personal information from a child under
13, we will delete that information as quickly as possible.
2.1.4. If you believe that a child under 13 may have provided us personal
information, please contact us at [email protected]
2.2 Registration and Account
integrity
2.2.1. As part of the registration
process you will need to sign up and create an account, including a username
& password, on the platform (app.elastic.ae).
2.2.2. Your registration on the platform provides you access to a number of
features and services which are permissible to be accessed only by you. This
registered account and its credentials is not to be shared between users. A
breach of this clause will result in termination of the abused accounts and/or
all accounts provided to you.
2.2.3. If, for any reason, you suspect that your username & password has
been disclosed to, or obtained, by another party you should contact us
immediately. Please note that we never contact users requesting them to confirm
their username & password or other details.
3. Usage of Platform
3.1 Services
3.1.1. We provide you with a platform
interface and a related set of services (“Services”) which can enable you to
subscribe and use the same for creation, modification and maintenance of RPA
programs that may help you improve your business process(es) in an as-is
condition.
3.1.2. On registration, and subject to Section 5 (when applicable), we will
grant to you the right to access and use the Platform, and any related
functionality, in accordance with the Terms mentioned in this document
3.1.3. You are solely responsible and liable for complying with the Platform
Policies that you opt for using the workflows within the platform and Elastic
bears no commercial or any other liability or responsibility for the the data
being generated and being used by you. By using the platform you implicitly
agree to and accept all of the Terms and Conditions, or you will lose the right
to use the right to use the platform and services. Your using the Services in
any way means that you agree to some and not all of these Terms, and these
Terms will remain in effect while you use the Services. These Terms include the
provisions in this document, as well as those in the Privacy Policy and Data
Processing Agreement (addendum).
3.2 Limitations of Service
3.2.1. It is acknowledged and agreed
upon that you are completely responsible for evaluating the integrity, quality,
accuracy or reliability of any data provided to us before making/ implementing
any decisions based on this information and any consequences that arise out of
this.
3.2.2. You acknowledge that we do not assume any liability for any data
handled/generated by you on the platform including profiles, content, social
channels.
3.2.3. The licenses granted herein are only for the purpose of allowing you to
connect to and use the Services for your personal or internal business use. You
will not use the services to outsource the data to any third parties.
3.3 Service Revisions
3.3.1. As we are constantly trying to
improve the platform, we may introduce modifications/revisions to the
functionality, content, features and modules of the platform, or choose to
discontinue or impose limits on certain features or restrict access to parts or
all of the Services, at any time without notice.
3.3.2. Similarly, we reserve the right to remove any Content from the Services
at any time, for any reason (including, but not limited to, if someone alleges
you contributed that Content in violation of these Terms), at our sole
discretion, and without notice. For any disruption in service or interruptions
please send an email to [email protected] for support and clarifications.
3.2.3. We will provide advance notice to you if there is a change to the Services
resulting in overall material decrease in functionality of the platform or
changes to this Agreement by posting such changes on our website, or via
emails. In such cases, you may terminate your subscription in accordance with
Section 10.2 (Termination)
3.4 Temporary Suspension of Services
3.4.1. We may temporarily limit or
suspend the Services from time to time at its discretion including to perform
upgrades to, and maintenance of, the platform.
3.4.2. We also hold the rights to terminate access to the platform based on any
missed payments as per contractual agreements forwarded to you. Your access to
the platform and/or subscription or other payments for use of Elastic
represents an agreement to abide by the commercial terms and conditions of the
contract forwarded to you, the usage Terms and Conditions listed in this
document as well as the Privacy Policy and Data Processing Agreement that
accompany and are available on www.elastic.ae.
3.5 Unacceptable Use of Services and
User Conduct
3.5.1. You represent, warrant, and
agree that you will not create and / or contribute any Content or User
Submission (each of those terms is defined below) or otherwise create any
process bots or use the Services in a manner that:
(a) Infringes or violates the intellectual property rights or any other rights
of anyone else (including Elastic);
(b) Violates any law or regulation, including any applicable export control
laws;
(c) Is harmful, fraudulent, deceptive, threatening, harassing, defamatory,
obscene, or otherwise objectionable;
(d) Jeopardizes the security of your Elastic account or anyone else’s (such as
allowing someone else to log in to the Services as you);
(e) Attempts, in any manner, to obtain the password, account, or other security
information from any other user;
(f) Violates the security of any computer network, or cracks any passwords or
security encryption codes;
(g) Runs Maillist, Listserv, any form of auto-responder or “spam” on the
Services, or any processes that run or are activated while you are not logged
into the Services, or that otherwise interfere with the proper working of the
Services (including by placing an unreasonable load on the Services’
infrastructure);
(h) “Crawls,” “scrapes,” or “spiders” any page, data, or portion of or relating
to the Services or Content (through use of manual or automated means);
(i) Copies or stores any significant portion of the Content;
(j) Decompiles, reverse engineers, or otherwise attempts to obtain the source
code or underlying ideas or information of or relating to the Services.
(k) Is non compliant with any international agreements on Global Data Privacy
Regulations (GDPR) and The Children’s Online Privacy Protection Act (“COPPA”)
and any of its revisions, changes or impacts that are listed and will be
communicated to you in case of any changes from the current regulation
3.5.2. A violation of any of the foregoing is grounds for termination of your
right to use or access the Services, with or without notice and surrender of
your contact information, data and intelligence that you have built on the
platform, subject to legal notices received by a regulatory body received in
such a situation.
3.6 Account Access
3.6.1. As discussed in Section 2.2,
you are solely responsible for the credentials to your account and for any
activity that happens in the account, intentionally or unintentionally.
3.6.2. In case any unwarranted activity is noticed, you should notify us
immediately by sending an email to [email protected].
3.7 System Maintenance
3.7.1. You are responsible to
maintain and upgrade any OS or systems that are used to access the platform.
Any problem caused in the use of the platform because of older/legacy/unsupported
systems is solely your responsibility.
3.8 Compliance with Laws
3.8.1. You shall comply with all
applicable laws including the ones around protection of personal information
and data privacy.
3.8.2. You are responsible for obtaining any consent required by law from your
users to allow the use of their personal information (if required) for use the
our services, in accordance with the general terms, privacy policy and Data
Processing Agreement.
3.9 Compliance by Users
3.9.1. You will need to ensure that
your Users are informed that they are governed by, and hence comply with, all
applicable laws, including laws governing the protection of personal
information.
4. Data & Privacy Policy
4.1 Data Ownership
4.1.1. As defined in the Data
Processing Agreement, all information shared with us is owned by you. We are
not responsible for evaluating its integrity, quality, accuracy or reliability.
4.1.2. You acknowledge that the responsibility of any data provided/used on the
platform is your responsibility. Any loss of data caused by the downgrading and
removal of any service within the account connected to the downgrade, is also
your responsibility.
4.2 Copyrighted Material
4.2.1. Digital Millennium Copyright
Act (the “DMCA”) relates to online service providers, like us, who are
responsible to remove any material that allegedly violates someone’s copyright.
4.2.2. We respect others’ intellectual property rights, and we reserve the
right to delete or disable any such content, and to terminate the any account(s)
that is/are alleged repeat-infringers.
4.3 Content Monitoring
4.3.1. Any information or content
publicly posted or privately transmitted through the Services, and any process
bots created using the platform, are the sole responsibility of the person from
whom such content is originated. You should access all such information and
content at your own risk, and we aren’t liable for any errors or omissions in
that information or content or for any damages or loss you might suffer in
connection with it.
4.3.2. We cannot control and have no duty to take any action regarding how you
may interpret and use the Content or what actions you may take as a result of
having been exposed to the Content. You hereby release us from all liability
for you having acquired or not acquired Content through the Services. We can’t
guarantee the identity of any users with whom you interact in using the
Services and are not responsible for which users gain access to the platform.
4.3.3. You are responsible for all Content you contribute, in any manner, to
the Services, and you represent and warrant you have all rights necessary to do
so, in the manner in which you contribute it. You will keep all your
registration information accurate and current. You are responsible for all your
activity in connection with the Services.
4.3.4. The Services may contain links or connections to third party websites or
services that are not owned or controlled by us. When you access third party
websites or use third party services, you accept that there are risks in doing
so, and that we are not responsible for such risks. We encourage you to be
aware of this and to read the terms and conditions and privacy policy of each
third party website or service that you visit or utilize. You are solely responsible
for complying with the terms and conditions, any liability or commercial
conditions set forth and arising from any third party provider access that you
connect to via the Platform
4.3.5. We have no control over, and assume no responsibility for, the content,
accuracy, privacy policies, or practices of or opinions expressed in any third
party websites or by any third party that you interact with through the
Services. In addition, we will not and cannot monitor, verify, censor or edit
the content of any third party site or service. By using the Services, you
release and hold us harmless from any and all liability arising from your use
of any third party website or service.
4.3.6. Your interactions with organizations and/or individuals found on or
through the Services, including payment and delivery of goods or services, and
any other terms, conditions, warranties or representations associated with such
dealings, are solely between you and such organizations and/or individuals. You
should make whatever investigation you feel necessary or appropriate before
proceeding with any online or offline transaction with any of these third
parties. You agree that we shall not be responsible or liable for any loss or
damage of any sort incurred as the result of any such dealings.
4.3.7. If there is a dispute between participants on this site, or between
users and any third party, or a dispute arising out of violation of terms and
conditions set forth here for the use of the Platform, you agree that we are
under no obligation to become involved. In the event that you have a dispute
with one or more other users, you release us, our officers, employees, agents,
and successors from claims, demands, and damages of every kind or nature, known
or unknown, suspected or unsuspected, disclosed or undisclosed, arising out of
or in any way related to such disputes and/or our Services.
4.4 Data Processing, Access and
Backups
4.4.1. We may utilize the services of
multiple sub processors for the purpose of providing the services.
4.4.2. Any data collected by us through our services shall be as defined by us
in the Data Processing Agreement
4.4.3. It is advisable that you take all required backups of your data prior to
requesting a downgrade (or termination) in service
4.5 Privacy Policy
4.5.1. We take the privacy of our
users very seriously. For our latest Privacy Policy, please click here.
4.5.2. We do not explicitly collect any personal information such as age,
gender, address etc. unless shared
5. Subscriptions, Payments and
Billing
5.1 Free Trial
5.1.1. We offer some basic
functionalities of our Services under a Free Trial plan. In case you register
for this service, we will make it available to you free of charge, for a trial
basis, until the earlier of (a) the end of the free trial applicable to you;
(b) the start date of any subscription purchased by you; or (c) termination of
the trial by us at our sole discretion.
5.2 Subscription Plans & Fees
5.2.1. In order to avail access to
different features/services from the platform, you may be required to choose
(and pay for) specific subscription plans, as designed and defined by us. The
plans and pricing are subject to change subject to term and commercial
agreement for any subscription plans signed by us with you which will uphold
over any pricing changes
5.2.2. We have a pre-set, tier based, subscription plans which have been
structured based on multiple factors. For more details on the plans and their
pricing please follow this link.
5.2.3. You may choose a relevant subscription plan of your choice (or that is
prescribed by us), by making an upfront payment of the prescribed fees. We have
flexible billing plans, should you wish to term based payments. For
subscription modifications refer section 5.3.
5.2.4. We reserve the right to change all/any of the subscription plan tiers,
its pricing and the features offered at any time and without prior notice.
5.3 Subscription Changes
(Upgrade/Downgrade)
5.3.5. Elastic provides easy
upgrade/downgrade options from your chosen subscription.
5.3.6 Plan Upgrade
Whenever you would want to upgrade
your subscription plan, you can do so from the platform. On upgrade, the benefits
of the upgraded plan will be available for the remainder of the days in the
existing billing cycle. All subsequent bills will be generated based on the
upgraded plan amount.
5.3.7 Plan Downgrade
If you ever wish to downgrade your
existing subscription plan, you may choose to do so from the platform.
Downgrades will be applied only at the end of current billing term. All
subsequent bills will be generated based on the downgraded plan amount.
5.3.8. For immediate downgrades, you may reach out to us at [email protected]
5.4 Subscription Cancellation
5.4.1. All subscription cancellations
will be done manually.
5.4.2 You may cancel your account(s) at any point of time. If you wish so,
please reach out to us at [email protected] for processing cancellations.
5.4.3 No refunds will be processed for subscription cancellations (as described
in 5.5)
5.5 Refund Policy
5.5.1. NO REFUNDS will be offered for
remaining unused days, on cancellation from an existing Subscription Plan
5.5.2. NO REFUNDS will be offered if a downgrade is requested before the end of
current billing term.
5.5.3. In case of any queries, you can write to us at [email protected].
5.6 Processing of Payments and
Billing
5.6.1. We reserve the right to use a
third party payment processor, which is PCI-DSS complaint, for all billing and
payment receipts.
5.6.2 The credit card information provided to us shall be automatically charged
for any modification to existing services, or upon renewal.
5.6.3 In the event where you do not wish to process your payment via credit
card, you can do so through bank/wire transfer/cheque. This would be done only
on your explicit request by writing to us at [email protected].
5.6.4 In the event that we are unable to bill the credit card on file or you
request us (in writing over email) to not bill the credit card, you shall be
solely responsible for completing the expected payment by whatever means. In
the event that payment is not made, the services may become unavailable to you
and we may terminate this Agreement without notice.
5.7 Revision of Fees
5.7.1. We reserve the right to revise
the service fees applicable for a paid plan or functionality at its sole
discretion.
5.7.2. The revised fees will only take effect from the next renewal date of
your existing subscription plan
5.7.3. You would be notified over email in case of such revision of fees.
6 Disclaimer of Warranty
6.1 Risk
6.1.1. Neither Elastic, nor its
licensors or suppliers, make any representations or warranties regarding
suggestions or recommendations of services or products offered or purchased
through the Services. We are not responsible for any links to third party
websites from the Service and the inclusion of any link does not imply an
endorsement of a third party website or service by us
6.1.2 THE SERVICES AND CONTENT ARE PROVIDED BY ELASTIC (AND ITS LICENSORS AND
SUPPLIERS) ON AN “AS-IS” BASIS, WITHOUT WARRANTIES OF ANY KIND, EITHER EXPRESS
OR IMPLIED, INCLUDING, WITHOUT LIMITATION, IMPLIED WARRANTIES OF
MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, NON-INFRINGEMENT, OR THAT
USE OF THE SERVICES WILL BE UNINTERRUPTED OR ERROR-FREE.
6.1.3 ANY USE OF THE SERVICES IS AT YOUR OWN RISK. THE SOFTWARE MAY CONTAIN
BUGS, ERRORS. WE DO NOT WARRANT THE PERFORMANCE OF THE SERVICES, THAT THE
SERVICES WILL OPERATE UNINTERRUPTED OR ERROR-FREE, OR THAT THE SERVICES WILL
OPERATE IN ACCORDANCE WITH ANY ACCOMPANYING DOCUMENTATION
6.2 Use of Internet
6.2.1. Our Services are provided over
the Internet. As such, the Services are subject to the operation of the
Internet and telecommunications infrastructures as well as the operation of
your Internet connection services, all of which are beyond our control.
6.2.2 We do not warrant that the services will be uninterrupted or that you
will be able to access or use the Services at the location and times of your
choosing.
6.3 Technical Support
6.3.1. We provide all kinds of
technical support for any issues/roadblocks to the usage of the available
services, based on our Support Policy.
6.3.2 The support would be provided over email. All communications regarding
the same are expected to be directed to [email protected].
6.3.3. We reserve the right not to provide a full technical support service to
free or trial account users.
6.3.4 You are solely responsible for the procurement of any hardware or
services required to use the Services, including any computers, servers, or
Internet access.
7 Liability Limits
7.1. TO THE FULLEST EXTENT ALLOWED BY
APPLICABLE LAW, UNDER NO CIRCUMSTANCES AND UNDER NO LEGAL THEORY (INCLUDING,
WITHOUT LIMITATION, TORT, CONTRACT, STRICT LIABILITY, OR OTHERWISE) SHALL ELASTIC
(OR ITS LICENSORS OR SUPPLIERS) BE LIABLE TO YOU OR TO ANY OTHER PERSON FOR (A)
ANY INDIRECT, SPECIAL, INCIDENTAL, OR CONSEQUENTIAL DAMAGES OF ANY KIND,
INCLUDING DAMAGES FOR LOST PROFITS, LOSS OF GOODWILL, WORK STOPPAGE, ACCURACY
OF RESULTS, OR COMPUTER FAILURE OR MALFUNCTION, OR (B) ANY AMOUNT, IN THE
AGGREGATE, IN EXCESS OF THE GREATER OF (I) $100 OR (II) THE AMOUNTS PAID BY YOU
TO ELASTIC IN CONNECTION WITH THE SERVICES IN THE TWELVE (12) MONTH PERIOD
PRECEDING THIS APPLICABLE CLAIM, OR (C) ANY MATTER BEYOND OUR REASONABLE
CONTROL. SOME STATES DO NOT ALLOW THE EXCLUSION OR LIMITATION OF CERTAIN
DAMAGES, SO THE ABOVE LIMITATION AND EXCLUSIONS MAY NOT APPLY TO YOU.
7.2. We shall not be liable for any indirect, consequential, exemplary,
incidental, special or punitive damages, including loss of profits.
7.3.EXCEPT AS STATED IN SECTION 7.1, ELASTIC AND ITS AFFILIATES, OFFICERS,
LICENSORS, AND/OR CONTRACTORS SHALL NOT BE LIABLE FOR ANY INDIRECT, INCIDENTAL,
SPECIAL OR CONSEQUENTIAL DAMAGES, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH
DAMAGES. TO THE EXTENT THAT A STATE DOES NOT PERMIT THE EXCLUSION OR LIMITATION
OF LIABILITY AS SET FORTH HEREIN, OUR LIABILITY IS LIMITED TO THE FULL EXTENT
PERMITTED BY LAW IN SUCH STATE.
8 Indemnity
8.1. To the fullest extent allowed by
applicable law, you agree to indemnify and hold us, and our affiliates,
officers, agents, employees, and partners harmless from and against any and all
claims, liabilities, damages (actual and consequential), losses and expenses
(including attorneys’ fees) arising from or in any way related to any third
party claims relating to
(a) your use of the Services (including any actions taken by a third party
using your account, including those mentioned in Section 3.5),
(b) your violation of these Terms, or
(c) your infringement upon any intellectual property or other proprietary right
of any person or entity.
8.2. In the event of such a claim, suit, or action (“Claim”), we will attempt
to provide notice of the Claim to the contact information we have for your
account (provided that failure to deliver such notice shall not eliminate or
reduce your indemnification obligations hereunder).
8.3. We may, at our own expense, assume the defense and control of any matter
otherwise subject to indemnification by you. Doing so shall not excuse your
indemnity obligations in this Agreement. The terms of this paragraph will
survive any termination or cancellation of the Agreement.
9 Ownership
9.1 Intellectual Property
9.1.1. The materials displayed or
performed or available on or through the Services, including, but not limited
to, text, graphics, data, articles, photos, images, illustrations, User
Submissions, and so forth (all of the foregoing, the “Content”) are protected
by copyright and/or other intellectual property laws. You promise to abide by
all copyright notices, trademark rules, information, and restrictions contained
in any Content you access through the Services, and you won’t use, copy,
reproduce, modify, translate, publish, broadcast, transmit, distribute,
perform, upload, display, license, sell or otherwise exploit for any purpose
any Content not owned by you,
(i) without the prior consent of the owner of that Content or
(ii) in a way that violates someone else’s (including Elastic's) rights.
9.1.2 You understand that we own the Services. You won’t modify, publish,
transmit, participate in the transfer or sale of, reproduce (except as
expressly provided in this Section), create derivative works based on, or
otherwise exploit any of the Services. The Services may allow you to copy or
download certain Content; please remember that just because this functionality
exists, doesn’t mean that all the restrictions above don’t apply – they do!
9.2 User Submissions
9.2.1. Anything you (or your users)
post, upload, share, store, or otherwise provide through the Services,
including any process bots you create and/or communicate with through the
Services, is your “User Submission.”
9.2.2. Some User Submissions are viewable by other users. In order to display
your User Submissions on the Services, and to allow other users to enjoy them
(where applicable), you grant us certain rights in those User Submissions.
Please note that all of the following licenses are subject to our Privacy
Policy to the extent they relate to User Submissions that are also your
personally-identifiable information
9.2.3. For all User Submissions, you hereby grant us a license to translate,
modify (for technical purposes, for example making sure your content is
viewable on an Android device as well as a desktop) and reproduce and otherwise
act with respect to such User Submissions, in each case to enable us to operate
the Services, as described in more detail below. This is a license only – your
ownership in User Submissions is not affected.
9.2.4. If you store a User Submission in your own personal Elastic account, in
a manner that is not viewable by any other user except you (a “Personal User
Submission”), you grant us the license above, as well as a license to display,
perform, and distribute your Personal User Submission for the sole purpose of
making that Personal User Submission accessible to you and providing the
Services necessary to do so.
9.2.5. If you share a User Submission only in a manner that only certain
specified users can view; for example, a private message to a process bot (a
“Limited Audience User Submission”), then you grant us the licenses above, as
well as a license to display, perform, and distribute your Limited Audience
User Submission for the sole purpose of making that Limited Audience User
Submission accessible to such other specified users, and providing the Services
necessary to do so. Also, you grant such other specified users a license to
access that Limited Audience User Submission, and to use and exercise all
rights in it, as permitted by the functionality of the Services.
9.2.6. If you share a User Submission publicly on the Services and/or in a
manner that more than just you or certain specified users can view, or if you
provide us (in a direct email or otherwise) with any feedback, suggestions,
improvements, enhancements, and/or feature requests relating to the Services
(each of the foregoing, a “Public User Submission”), then you grant us the
licenses above, as well as a license to display, perform, and distribute your
Public User Submission for the purpose of making that Public User Submission
accessible to all Elastic users and providing the Services necessary to do so,
as well as all other rights necessary to use and exercise all rights in that
Public User Submission in connection with the Services for any purpose. Also,
you grant all other users of the Services a license to access that Public User
Submission, and to use and exercise all rights in it, as permitted by the functionality
of the Services..
9.2.7. You agree that the licenses you grant are royalty-free, perpetual,
sublicensable, irrevocable, and worldwide. All process bots created through the
Services will automatically include an attribution to Elastic. You agree not to
remove, modify, or obscure the Elastic attribution. In addition, you hereby
grant us a nonexclusive license to use any process bots you create using the
Services in Elastic's marketing materials (such as on Elastic.ae). Finally, you
understand and agree that Elastic, in performing the required technical steps
to provide the Services to our users (including you), may need to make changes
to your User Submissions to conform and adapt those User Submissions to the
technical requirements of connection networks, devices, services, or media, and
the foregoing licenses include the rights to do so.
10 Terms
10.1 Effective Date of Terms
10.1.1. The Terms mentioned here are
a binding contract between you and us
10.1.2. The general terms are effective as of the first date that a customer or
a user of the website accesses or uses the Elastic platform or website, until
they are terminated by both or any of the the parties in accordance with
Section 10.2.
10.1.3. This Agreement is effective until terminated by you or by us.
10.1.4. Any Additional Services subscribed to post termination will be subject
to ac is licensed only for the Subscription Period selected during the
registration or upgrade. The Subscription Period may be renewed by paying an
additional license fee as set forth on the Elastic website. This renewal fee
may be charged automatically to the credit card used to initially pay for the
Services.
10.2 Termination by You
10.2.1. You’re free to stop using the
Services at any time; just email us at [email protected] to notify.
10.2.2 Services may be terminated by notifying Elastic of your intent to
terminate this Agreement. Notification of termination must be sent by email to [email protected]
Your termination will be effective upon Elastic's receipt and processing of the
email. Processing may take up to 24 hours.
10.2.3 Any Additional Services subscribed to post termination will be licensed
only for the Subscription Period selected during the registration or upgrade,
and after payment of the relevant fees.
10.3 Termination by Elastic
10.3.1. We are free to terminate (or
suspend access to) your use of the Services or your account, for any reason in
our discretion, including your breach of these Terms (as described in Section
3.5). We have the sole right to decide whether you are in violation of any of
the restrictions set forth in these Terms.
10.3.2 We may terminate this Agreement at any time and for any reason. We may
monitor its systems for excessive consumption of network resources and may take
technical or other remedies deemed necessary to prevent or eliminate any
excessive consumption. If we deem your use to be excessive, we may terminate
your account or adjust the price of the Services.
10.3.3 Any Additional Services subscribed to post termination will be subject
to review by us and can be availed only if found acceptable. The additional
services will then be treated as a new registration and will be licensed only
for the Subscription Period selected during the registration, and after payment
of the relevant fees
10.4 Events upon Termination
10.4.1. Account termination may
result in destruction of any process bots and Content associated with your
account, so keep that in mind before you decide to terminate your account.
10.4.2. We will try to provide advance notice to you prior to our terminating
your account so that you are able to retrieve any important User Submissions
you may have stored in your account (to the extent allowed by law and these
Terms), but we may not do so if we determine it would be impractical, illegal,
not in the interest of someone’s safety or security, or otherwise harmful to
the rights or property of Elastic.
10.4.3. Provisions that, by their nature, should survive termination of these
Terms shall survive termination. By way of example, all of the following will
survive termination: any obligation you have to pay us or indemnify us, any
limitations on our liability, any terms regarding ownership of intellectual
property rights, and terms regarding disputes between us.
10.4.4. Upon termination, you must immediately cease using the Services. Upon
termination, we may disable further use of the Services or related Services
without further notice and may delete, remove, and erase any account
information and any data stored by us. Such deletions are in our sole
discretion and may occur without notice to you. No refunds shall be given for
any reason.
10.5 Refunds on Termination
10.5.1. Section 5.5 (No Refunds)
applies, regardless of the cause of termination, cancellation, or downgrade of
subscription.
11 General
11.1 Jurisdiction
11.1.1. These Terms are governed by
and will be construed under the laws of USA, without regard to the conflicts of
laws provisions thereof. Any dispute arising from or relating to the subject
matter of these Terms shall be finally settled in USA, in English. Judgment
upon the award rendered by such arbitrator may be entered in any court of
competent jurisdiction. Notwithstanding the foregoing obligation to arbitrate
disputes, each party shall have the right to pursue injunctive or other
equitable relief at any time, from any court of competent jurisdiction. For all
purposes of this Agreement, the parties consent to exclusive jurisdiction and
venue in Texas (state), USA (Country). Any arbitration under these Terms will
take place on an individual basis: class arbitrations and class actions are not
permitted. YOU UNDERSTAND AND AGREE THAT BY ENTERING INTO THESE TERMS, YOU AND ELASTIC
ARE EACH WAIVING THE RIGHT TO TRIAL BY JURY OR TO PARTICIPATE IN A CLASS
ACTION.
11.1.2. These general terms shall be governed solely by the laws of the United
States of America without regard to conflicts of law provisions thereof. You
agree that the exclusive forum for any disputes arising out of or relating to
this Agreement shall be an appropriate federal or state court sitting in the
Republic of India.
11.2 Force Majeure
11.2.1. We shall not be liable by
reason of any failure or delay in performance of its obligation on account of
an unforeseeable and irresistable event, including external causes with the
same characteristics (a “Force Majeure”), which may include DOS attack, stikes,
shortages, riots, fires, act of god,failure by a third party hosting or utility
provider, war, terrorism and government action.
11.3 Notice
11.3.1. Elastic may send notices to
the customer’s email contact points provided by the customer, pursuant to these
terms. You may send notices pursuant to these terms at [email protected]. All
notices will be considered received 24 hours after they are sent.
11.3.2. All questions, notices, demands, or requests to Elastic with respect to
this Agreement shall be made in writing to: [email protected].
11.4 Assignment & Successors
11.4.1. You may not assign, delegate
or transfer these Terms or your rights or obligations hereunder, or your
Services account, in any way (by operation of law or otherwise) without Elastic's
prior written consent. We may transfer, assign, or delegate these Terms and our
rights and obligations without consent.
11.4.2. These Terms shall be binding upon and inure to the benefit of the
Parties’ respective successors and assigns.
11.4.3. You may not assign or transfer, or purport to assign or transfer, any
of your rights, duties, or obligations under the Agreement to any person or
entity, in whole or in part, whether by assignment, merger, transfer of assets,
sale of stock, operation of law, or otherwise. Elastic may assign or transfer
this Agreement in its sole discretion.
11.5 Amendments
11.5.1. As we are constantly trying
to improve our the platform, the Terms may be subject to change
11.5.2. We reserve the right, and may amend, the Terms of this agreement and
related services offered under this agreement (including license fees,
availability, equipment and Services requirements, and limits or restrictions
on the use of Services or services) at any time, at our sole discretion without
notice.
11.5.3. In case of any such amendments, we will bring it to your attention by
notifying you through an email, post on Elastic website, and/or by some other
means, as far as possible.
11.5.4. The amendments made will be effective immediately after posting it.
Continued use of the Services after the amendment constitutes your acceptance
of the same.
11.5.5. If you don’t agree with the new Terms, you are free to reject them;
unfortunately, that means you will no longer be able to use the Services.
11.5.6. Except for changes by us as described here, no other amendment or
modification of these Terms will be effective unless in writing and signed by
both you and us.
11.6 Waiver
11.6.1. No waiver, delay or discharge
by a party will be valid unless in writing and signed by an authorized
representative of the party against which its enforcement is sought. Neither
the failure of either party to exercise any right of termination nor the waiver
of any default will constitute a waiver of the rights granted in the Agreement
with respect to any subsequent or other default.
11.6.2. Failure by us to enforce any accrued rights under these Terms &
Conditions is not to be taken as or deemed to be a waiver of those rights
unless we acknowledge the waiver in writing.
11.7 Severability
11.7.1. The foregoing paragraphs,
sub-paragraphs and clauses of these Terms & Conditions shall be read and
construed independently of each other. Should any part of this agreement or its
paragraphs, sub-paragraphs or clauses be found invalid it shall not affect the
remaining paragraphs, sub-paragraphs and clauses.
11.7.2. If a provision of the Agreement is held by a court of competent
jurisdiction to be invalid, void, or unenforceable, the remaining provisions of
the Agreement will not be affected, impaired or invalidated. If the absence of
the provision adversely affects the substantive rights of a party, the parties
agree to replace the provision with a new provision that closely approximates
the economic and proprietary results intended by the parties.
12 Entire Agreement
12.1. The Agreement, the Privacy
Policy, Data Processing Agreement, and all other attached Schedules contain the
entire and exclusive Agreement and understanding between the parties on the
subject matter of the Agreement.
12.2. The Agreement supersedes all prior agreements, understandings and
arrangements related to the subject matter. No representation, undertaking or
promise made prior to the Agreement shall be effective or valid except as may
be expressly stated in the Agreement.
13 Acceptance Signature
11.5.1. BY USING, APPLYING FOR, OR
ACCEPTING THE SERVICES YOU AGREE THAT YOU HAVE READ AND UNDERSTAND THIS
AGREEMENT AND THAT YOU WILL BE BOUND BY AND COMPLY WITH IT. DO NOT USE THE
SERVICES IF YOU DO NOT AGREE TO THIS AGREEMENT.
Addendum - Elastic Data Processing Agreement
This Elastic Data Protection Addendum
("Addendum") including the Standard Contractual Clauses forms part of
the agreement between the parties as defined by the Elastic Customer Terms of
Service (“Agreement”)
The term of this DPA shall follow the term of the Agreement. Terms not
otherwise defined herein shall have the meaning as set forth in the Agreement.
Except as modified below, the terms of the Agreement shall remain in full
force and effect.
In consideration of the mutual obligations set out herein, the parties hereby
agree that the terms and conditions set out below shall be added as an Addendum
to the Agreement.Except where the context requires otherwise, references in
this Addendum to the Agreement are to the Agreement as amended by, and
including, this Addendum.
1. Definitions
In this Addendum, the following terms
shall have the meanings set out below and cognate terms shall be construed
accordingly:
1."Applicable Laws" means (a) European Union or Member State laws
with respect to any Company Personal Data in respect of which any Company Group
Member is subject to EU Data Protection Laws; and (b) any other applicable law
with respect to any Company Personal Data in respect of which any Company Group
Member is subject to any other Data Protection Laws;
2."Company Affiliate" means an entity that owns or controls, is owned
or controlled by or is or under common control or ownership with Company, where
control is defined as the possession, directly or indirectly, of the power to
direct or cause the direction of the management and policies of an entity,
whether through ownership of voting securities, by contract or otherwise;
3."Company Group Member" means Company or any Company Affiliate;
4. "Company Personal Data" means any Personal Data Processed by a
Contracted Processor on behalf of a Company Group Member pursuant to or in
connection with the Agreement;
5. "Contracted Processor" means Vendor or a Subprocessor;
6. "Data Protection Laws" means EU Data Protection Laws and, to the
extent applicable, the data protection or privacy laws of any other country;
7. "EEA" means the European Economic Area;
8. "EU Data Protection Laws" means EU Directive 95/46/EC, as
transposed into domestic legislation of each Member State and as amended,
replaced or superseded from time to time, including by the GDPR and laws
implementing or supplementing the GDPR;
9. "GDPR" means EU General Data Protection Regulation 2016/679;
10. "Restricted Transfer" means:
1. a transfer of Company Personal Data from any Company Group Member to a
Contracted Processor; or
2. an onward transfer of Company Personal Data from a Contracted Processor to a
Contracted Processor, or between. two establishments of a Contracted Processor,
in each case, where such transfer would be prohibited by Data Protection Laws (or
by the terms of data transfer agreements put in place to address the data
transfer restrictions of Data Protection Laws) in the absence of the Standard
Contractual Clauses to be established under section [6.4.3 or] 12 below;
11. "Services" means the services and other activities to be supplied
to or carried out by or on behalf of Vendor for Company Group Members pursuant
to the Agreement;
12. "Standard Contractual Clauses" means the contractual clauses set
out in Annex 2, amended as indicated (in square brackets and italics) in that
Annex and under section 13.4;
13. "Subprocessor" means any person (including any third party and
any Vendor Affiliate, but excluding an employee of Vendor or any of its
sub-contractors) appointed by or on behalf of Vendor or any Vendor Affiliate to
Process Personal Data on behalf of any Company Group Member in connection with
the Agreement; and
14. "Vendor Affiliate" means an entity that owns or controls, is
owned or controlled by or is or under common control or ownership with Vendor,
where control is defined as the possession, directly or indirectly, of the
power to direct or cause the direction of the management and policies of an
entity, whether through ownership of voting securities, by contract or
otherwise.
15. .“Vendor” would mean AITS Inc., owners of the platform Elastic.
16. The terms, "Commission", "Controller", "Data
Subject", "Member State", "Personal Data",
"Personal Data Breach", "Processing" and "Supervisory
Authority" shall have the same meaning as in the GDPR, and their cognate
terms shall be construed accordingly.
2. Processing of Company Personal
Data
1. Vendor and each Vendor Affiliate
shall:
1. Not Process Company Personal Data other than on the
relevant Company Group Member’s documented instructions. unless
Processing is required by Applicable Laws to which the relevant Contracted
Processor is subject, in which case. Vendor or the
relevant Vendor Affiliate shall to the extent permitted by Applicable Laws
inform the relevant Company. Group Member of that
legal requirement before the relevant Processing of that Personal Data.
2. Each Company Group Member:
1. instructs Vendor and each Vendor Affiliate (and authorises Vendor and each
Vendor Affiliate to instruct each. Subprocessor)
to:
1. Process Company Personal Data; and
2. in particular, transfer Company Personal Data to any country or
territory, as reasonably necessary for the provision of the Services and
consistent with the Agreement; and
2. warrants and represents that it is and will at all relevant times remain
duly and effectively authorised to give the instruction set out in section
2.2.1 on behalf of each relevant Company Affiliate.
3.Annex 1 to this Addendum sets out certain information regarding the
Contracted Processors' Processing of the Company Personal Data as required by
article 28(3) of the GDPR (and, possibly, equivalent requirements of other Data
Protection Laws). Company may make reasonable amendments to Annex 1 by written
notice to Vendor from time to time as Company reasonably considers necessary to
meet those requirements. Nothing in Annex 1 (including as amended pursuant to
this section) confers any right or imposes any obligation on any party to this
Addendum.
3. Vendor and Vendor Affiliate
Personnel
Vendor and each Vendor Affiliate
shall take reasonable steps to ensure the reliability of any employee, agent or
contractor of any Contracted Processor who may have access to the Company
Personal Data, ensuring in each case that access is strictly limited to those
individuals who need to know / access the relevant Company Personal Data, as
strictly necessary for the purposes of the Agreement, and to comply with
Applicable Laws in the context of that individual's duties to the Contracted
Processor, ensuring that all such individuals are subject to confidentiality
undertakings or professional or statutory obligations of confidentiality.
4. Security
1. Taking into account the state of
the art technology being used in the platform, the costs of implementation and
the nature, scope, context and purposes of Processing as well as the risk of
varying likelihood and severity for the rights and freedoms of natural persons,
Vendor and each Vendor Affiliate shall in relation to the Company Personal Data
implement appropriate technical and organizational measures to ensure a level
of security appropriate to that risk, including, as appropriate, the measures
referred to in Article 32(1) of the GDPR.
2. In assessing the appropriate level of security, Vendor and each Vendor
Affiliate shall take account in particular of the risks that are presented by
Processing, in particular from a Personal Data Breach.
5. Subprocessing
1. Each Company Group Member
authorises Vendor and each Vendor Affiliate to appoint (and permit each
Subprocessor appointed in accordance with this section 5 to appoint)
Subprocessors in accordance with this section 5 and any restrictions in the
Agreement.
2. Vendor and each Vendor Affiliate may continue to use those Subprocessors
already engaged by Vendor or any Vendor Affiliate as at the date of this
Addendum, subject to Vendor and each Vendor Affiliate in each case as soon as
practicable meeting the obligations set out in section 5.4.
3. Vendor shall give Company prior written notice of the appointment of any new
Subprocessor, including full details of the Processing to be undertaken by the
Subprocessor. If, within 30 days of receipt of that notice, Company notifies
Vendor in writing of any objections (on reasonable grounds) to the proposed
appointment: Neither Vendor nor any Vendor Affiliate shall appoint (or disclose
any Company Personal Data to) that proposed Subprocessor until reasonable steps
have been taken to address the objections raised by any Company Group Member
and Company has been provided with a reasonable written explanation of the
steps taken.
4. With respect to each Subprocessor, Vendor or the relevant Vendor Affiliate
shall:
1.before the Subprocessor first Processes Company Personal Data (or, where
relevant, in accordance with section 5.2), carry out adequate due diligence to
ensure that the Subprocessor is capable of providing the level of protection
for Company Personal Data required by the Agreement;
2. ensure that the arrangement between on the one hand (a) Vendor, or (b) the
relevant Vendor Affiliate, or (c) the relevant intermediate Subprocessor; and
on the other hand the Subprocessor, is governed by a written contract including
terms which offer at least the same level of protection for Company Personal
Data as those set out in this Addendum and meet the requirements of article
28(3) of the GDPR;
3. if that arrangement involves a Restricted Transfer, ensure that the Standard
Contractual Clauses are at all relevant times incorporated into the agreement
between on the one hand (a) Vendor, or (b) the relevant Vendor Affiliate, or
(c) the relevant intermediate Subprocessor; and on the other hand the
Subprocessor, or before the Subprocessor first Processes Company Personal Data
procure that it enters into an agreement incorporating the Standard Contractual
Clauses with the relevant Company Group Member(s); and
4. provide to Company for review such copies of the Contracted Processors'
agreements with Subprocessors (which may be redacted to remove confidential
commercial information not relevant to the requirements of this Addendum) as
Company may request from time to time.
5. Vendor and each Vendor Affiliate shall ensure that each Subprocessor
performs the obligations, as they apply to Processing of Company Personal Data
carried out by that Subprocessor, as if it were party to this Addendum in place
of Vendor.
6. Data Subject Rights
Vendor will provide reasonable
assistance, including technical and organizational measures and taking into
account the nature of the Processing, to enable Controller to respond to any
request from Data Subjects seeking to exercise their rights under the Data
Protection Law with respect to Personal Data (including access, rectification,
restriction, deletion or portability of Personal Data, as applicable), to the
extent permitted by the law.
If such request is made directly to Vendor, Vendor will promptly inform Company
Group Member and will advise Data Subjects to submit their request to the
Company Group Member directly, who shall be solely responsible for responding
to any Data Subjects’ requests.
7. Personal Data Breach
1. Vendor shall notify Company
without undue delay upon Vendor or any Subprocessor becoming aware of a
Personal Data Breach affecting Company Personal Data, providing Company
with sufficient information to allow each Company Group Member to meet any
obligations to report or inform Data Subjects of the Personal Data Breach under
the Data Protection Laws.
2. Vendor shall co-operate with Company and each Company Group Member and take
such reasonable commercial steps as are directed by Company to assist in the
investigation, mitigation and remediation of each such Personal Data Breach.
8. Data Protection Impact Assessment
and Prior Consultation
Vendor and each Vendor Affiliate
shall provide reasonable assistance to each Company Group Member with any data
protection impact assessments, and prior consultations with Supervising
Authorities or other competent data privacy authorities, which Company
reasonably considers to be required of any Company Group Member by article 35
or 36 of the GDPR or equivalent provisions of any other Data Protection Law, in
each case solely in relation to Processing of Company Personal Data by, and
taking into account the nature of the Processing and information available to,
the Contracted Processors.
9. Deletion or return of Company
Personal Data
Other than to the extent required to
comply with Data Protection Law, following termination or expiry of the
Agreement, Processor will return or delete all Personal Data processed pursuant
to this DPA in a reasonable time frame. If Processor is unable to delete
Personal Data for technical or other reasons, Processor will apply measures to
ensure that Personal Data is blocked from any further Processing.
10. Audit
1. Vendor and each Vendor Affiliate
shall make available to each Company Group Member on request all information
necessary to demonstrate compliance with this Addendum, and shall allow for and
contribute to audits, including inspections, by any Company Group Member or an
auditor mandated by any Company Group Member in relation to the Processing of
the Company Personal Data by the Contracted Processors.
2. Information and audit rights of the Company Group Members only arise under
section 10.1 to the extent that the Agreement does not otherwise give them
information and audit rights meeting the relevant requirements of Data
Protection Law (including, where applicable, article 28(3)(h) of the GDPR).
3. Company or the relevant Company Affiliate undertaking an audit shall give
Vendor or the relevant Vendor Affiliate reasonable notice of any audit or
inspection to be conducted under section 10.1 and shall make (and ensure that
each of its mandated auditors makes) reasonable endeavours to avoid causing
(or, if it cannot avoid, to minimise) any damage, injury or disruption to the
Contracted Processors' premises, equipment, personnel and business while its
personnel are on those premises in the course of such an audit or inspection. A
Contracted Processor need not give access to its premises for the purposes of
such an audit or inspection:
1. to any individual unless he or she produces reasonable evidence of identity
and authority;
2. outside normal business hours at those premises, unless the audit or
inspection needs to be conducted on an emergency basis and Company or the
relevant Company Affiliate undertaking an audit has given notice to Vendor or
the relevant Vendor Affiliate that this is the case before attendance outside
those hours begins; or
3. for the purposes of more than [one] audit or inspection, in respect of
each Contracted Processor, in any [calendar year], except for any additional
audits or inspections which:
1. Company or the relevant Company Affiliate undertaking an audit reasonably
considers necessary because of genuine concerns as to Vendor's or the relevant
Vendor Affiliate’s compliance with this Addendum; or
2. A Company Group Member is required or requested to carry out by Data
Protection Law, a Supervisory Authority or any similar regulatory authority
responsible for the enforcement of Data Protection Laws in any country or
territory,
where Company or the relevant Company Affiliate undertaking an audit has
identified its concerns or the relevant requirement or request in its notice to
Vendor or the relevant Vendor Affiliate of the audit or inspection.
11. Restricted Transfers
1.Subject to section 11.3, each
Company Group Member (as "data exporter") and each Contracted
Processor, as appropriate, (as "data importer") hereby enter into the
Standard Contractual Clauses in respect of any Restricted Transfer from that
Company Group Member to that Contracted Processor.
2.The Standard Contractual Clauses shall come into effect under section 11.1 on
the later of:
1. the data exporter becoming a party to them;
2. the data importer becoming a party to them; and
3. commencement of the relevant Restricted Transfer.
3.Section 11.1 shall not apply to a Restricted Transfer unless its effect,
together with other reasonably practicable compliance steps (which, for the
avoidance of doubt, do not include obtaining consents from Data Subjects), is
to allow the relevant Restricted Transfer to take place without breach of
applicable Data Protection Law.
12. General Terms
Elastic will process Personal Data in
accordance with the GDPR requirements contained herein which are directly
applicable to Elastic's provision of the Subscription Services.
1. Nothing in this Addendum reduces Vendor's or any Vendor Affiliate’s
obligations under the Agreement in relation to the protection of Personal Data
or permits Vendor or any Vendor Affiliate to Process (or permit the Processing
of) Personal Data in a manner which is prohibited by the Agreement. In the
event of any conflict or inconsistency between this Addendum and the Standard
Contractual Clauses, the Standard Contractual Clauses shall prevail.
2. Subject to section 12.1, with regard to the subject matter of this Addendum,
in the event of inconsistencies between the provisions of this Addendum and any
other agreements between the parties, including the Agreement and including
(except where explicitly agreed otherwise in writing, signed on behalf of the
parties) agreements entered into or purported to be entered into after the date
of this Addendum, the provisions of this Addendum shall prevail.
3.Should any provision of this Addendum be invalid or unenforceable, then the
remainder of this Addendum shall remain valid and in force. The invalid or
unenforceable provision shall be either (i) amended as necessary to ensure its
validity and enforceability, while preserving the parties’ intentions as
closely as possible or, if this is not possible, (ii) construed in a manner as
if the invalid or unenforceable part had never been contained therein.
Standard Contractual Clauses
(Processors)
For the purposes of Article 26(2) of
Directive 95/46/EC for the transfer of personal data to processors established
in third countries which do not ensure an adequate level of data protection,
The Customer, as defined in the Elastic Customer Terms of Service (the “data
exporter”)
And
AITS, Dubai, United Arab Emirates (the "data importer"),
each a ‘party’; together ‘the parties’,
HAVE AGREED on the following Contractual Clauses (the Clauses) in order to
adduce adequate safeguards with respect to the protection of privacy and
fundamental rights and freedoms of individuals for the transfer by the data
exporter to the data importer of the personal data specified in Appendix 1.
Clause 1 - Definitions
For the purposes of the Clauses:
(a) ‘personal data’, ‘special categories of data’, ‘process/processing’,
‘controller’, ‘processor’, ‘data subject’ and ‘supervisory authority’ shall
have the same meaning as in Directive 95/46/EC of the European Parliament and
of the Council of 24 October 1995 on the protection of individuals with regard
to the processing of personal data and on the free movement of such data;
(b) ‘the Data Exporter’ means the controller who transfers the personal data;
(c) ‘the Data Importer’ means the processor who agrees to receive from the data
exporter personal data intended for processing on his behalf after the transfer
in accordance with his instructions and the terms of the Clauses and who is not
subject to a third country’s system ensuring adequate protection within the
meaning of Article 25(1) of Directive 95/46/EC;
(d) ‘the Subprocessor’ means any processor engaged by the data importer or by
any other subprocessor of the data importer who agrees to receive from the data
importer or from any other subprocessor of the data importer personal data
exclusively intended for processing activities to be carried out on behalf of
the data exporter after the transfer in accordance with his instructions, the
terms of the Clauses and the terms of the written subcontract;
(e) ‘the applicable data protection law’ means the legislation protecting the
fundamental rights and freedoms of individuals and, in particular, their right
to privacy with respect to the processing of personal data applicable to a data
controller in the Member State in which the data exporter is established;
(f) technical and organisational security measures’ means those measures aimed
at protecting personal data against accidental or unlawful destruction or
accidental loss, alteration, unauthorised disclosure or access, in particular
where the processing involves the transmission of data over a network, and
against all other unlawful forms of processing.
Clause 2 - Details of the transfer
The details of the transfer and in
particular the special categories of personal data where applicable are
specified in Appendix 1 which forms an integral part of the Clauses.
Clause 3 - Third-party beneficiary clause
-The data subject can enforce against
the data exporter this Clause, Clause 4(b) to (i), Clause 5(a) to (e), and (g)
to (j), Clause 6(1) and (2), Clause 7, Clause 8(2), and Clauses 9 to 12 as
third-party beneficiary.
-The data subject can enforce against the data importer this Clause, Clause
5(a) to (e) and (g), Clause 6, Clause 7, Clause 8(2), and Clauses 9 to 12, in
cases where the data exporter has factually disappeared or has ceased to exist
in law unless any successor entity has assumed the entire legal obligations of
the data exporter by contract or by operation of law, as a result of which it
takes on the rights and obligations of the data exporter, in which case the data
subject can enforce them against such entity.
-The data subject can enforce against the subprocessor this Clause, Clause 5(a)
to (e) and (g), Clause 6, Clause 7, Clause 8(2), and Clauses 9 to 12, in cases
where both the data exporter and the data importer have factually disappeared
or ceased to exist in law or have become insolvent, unless any successor entity
has assumed the entire legal obligations of the data exporter by contract or by
operation of law as a result of which it takes on the rights and obligations of
the data exporter, in which case the data subject can enforce them against such
entity. Such third-party liability of the subprocessor shall be limited to its
own processing operations under the Clauses.
- The parties do not object to a data subject being represented by an
association or other body if the data subject so expressly wishes and if
permitted by national law.
Clause 4 - Obligations of the data exporter
The data exporter agrees and
warrants:
(a) that the processing, including the transfer itself, of the personal data
has been and will continue to be carried out in accordance with the relevant
provisions of the applicable data protection law (and, where applicable, has
been notified to the relevant authorities of the Member State where the data
exporter is established) and does not violate the relevant provisions of that
State;
(b) that it has instructed and throughout the duration of the personal
data-processing services will instruct the data importer to process the
personal data transferred only on the data exporter’s behalf and in accordance
with the applicable data protection law and the Clauses;
(c) that the data importer will provide sufficient guarantees in respect of the
technical and organisational security measures specified in Appendix 2 to this
contract;
(d) that after assessment of the requirements of the applicable data protection
law, the security measures are appropriate to protect personal data against
accidental or unlawful destruction or accidental loss, alteration, unauthorised
disclosure or access, in particular where the processing involves the
transmission of data over a network, and against all other unlawful forms of
processing, and that these measures ensure a level of security appropriate to
the risks presented by the processing and the nature of the data to be
protected having regard to the state of the art and the cost of their
implementation;
(e) that it will ensure compliance with the security measures;
(f) that, if the transfer involves special categories of data, the data subject
has been informed or will be informed before, or as soon as possible after, the
transfer that its data could be transmitted to a third country not providing
adequate protection within the meaning of Directive 95/46/EC;
(g) to forward any notification received from the data importer or any
subprocessor pursuant to Clause 5(b) and Clause 8(3) to the data protection
supervisory authority if the data exporter decides to continue the transfer or
to lift the suspension;
(h) to make available to the data subjects upon request a copy of the Clauses,
with the exception of Appendix 2, and a summary description of the security
measures, as well as a copy of any contract for subprocessing services which
has to be made in accordance with the Clauses, unless the Clauses or the
contract contain commercial information, in which case it may remove such
commercial information;
(i) that, in the event of subprocessing, the processing activity is carried out
in accordance with Clause 11 by a subprocessor providing at least the same
level of protection for the personal data and the rights of data subject as the
data importer under the Clauses; and
(j) that it will ensure compliance with Clause 4(a) to (i).
Clause 5 - Obligations of the data importer
The data importer agrees and
warrants:
(a) to process the personal data only on behalf of the data exporter and in
compliance with its instructions and the Clauses; if it cannot provide such
compliance for whatever reasons, it agrees to inform promptly the data exporter
of its inability to comply, in which case the data exporter is entitled to
suspend the transfer of data and/or terminate the contract;
(b) that it has no reason to believe that the legislation applicable to it
prevents it from fulfilling the instructions received from the data exporter
and its obligations under the contract and that in the event of a change in
this legislation which is likely to have a substantial adverse effect on the
warranties and obligations provided by the Clauses, it will promptly notify the
change to the data exporter as soon as it is aware, in which case the data
exporter is entitled to suspend the transfer of data and/or terminate the
contract;
(c) that it has implemented the technical and organisational security measures
specified in Appendix 2 before processing the personal data transferred;
(d) that it will promptly notify the data exporter about:
(i) any legally binding request for disclosure of the personal data by a law
enforcement authority unless otherwise prohibited, such as a prohibition under
criminal law to preserve the confidentiality of a law enforcement
investigation;
(ii) any accidental or unauthorised access; and
(iii) any request received directly from the data subjects without responding
to that request, unless it has been otherwise authorised to do so;
(e) to deal promptly and properly with all inquiries from the data exporter
relating to its processing of the personal data subject to the transfer and to
abide by the advice of the supervisory authority with regard to the processing
of the data transferred;
(f) at the request of the data exporter to submit its data-processing
facilities for audit of the processing activities covered by the Clauses which
shall be carried out by the data exporter or an inspection body composed of
independent members and in possession of the required professional
qualifications bound by a duty of confidentiality, selected by the data
exporter, where applicable, in agreement with the supervisory authority;
(g) to make available to the data subject upon request a copy of the Clauses,
or any existing contract for subprocessing, unless the Clauses or contract
contain commercial information, in which case it may remove such commercial
information, with the exception of Appendix 2 which shall be replaced by a
summary description of the security measures in those cases where the data
subject is unable to obtain a copy from the data exporter;
(h) that, in the event of subprocessing, it has previously informed the data
exporter and obtained its prior written consent;
(i) that the processing services by the subprocessor will be carried out in
accordance with Clause 11;
(j) to send promptly a copy of any subprocessor agreement it concludes under
the Clauses to the data exporter.
Clause 6 - Liability
The parties agree that any data
subject, who has suffered damage as a result of any breach of the obligations
referred to in Clause 3 or in Clause 11 by any party or subprocessor is
entitled to receive compensation from the data exporter for the damage
suffered.
Clause 7 - Mediation and jurisdiction
The data importer agrees that if the
data subject invokes against it third-party beneficiary rights and/or claims
compensation for damages under the Clauses, the data importer will accept the
decision of the data subject:
(a) to refer the dispute to mediation, by an independent person or, where
applicable, by the supervisory authority;
(b) to refer the dispute to the courts in the Member State in which the data
exporter is established.
- The parties agree that the choice made by the data subject will not prejudice
its substantive or procedural rights to seek remedies in accordance with other
provisions of national or international law.
Clause 8 - Cooperation with supervisory
authorities
- The data exporter agrees to deposit
a copy of this contract with the supervisory authority if it so requests or if
such deposit is required under the applicable data protection law.
- The parties agree that the supervisory authority has the right to conduct an
audit of the data importer, and of any subprocessor, which has the same scope
and is subject to the same conditions as would apply to an audit of the data
exporter under the applicable data protection law.
- The data importer shall promptly inform the data exporter about the existence
of legislation applicable to it or any subprocessor preventing the conduct of
an audit of the data importer, or any subprocessor, pursuant to paragraph 2. In
such a case the data exporter shall be entitled to take the measures foreseen in
Clause 5(b).
Clause 9 - Governing law
The Clauses shall be governed by the
law of the Member State in which the data exporter is established.
Clause 10 - Variation of the contract
The parties undertake not to vary or
modify the Clauses. This does not preclude the parties from adding clauses on
business related issues where required as long as they do not contradict the
Clause.
Clause 11 - Subprocessing
- The data importer shall not
subcontract any of its processing operations performed on behalf of the data
exporter under the Clauses without the prior written consent of the data
exporter. Where the data importer subcontracts its obligations under the
Clauses, with the consent of the data exporter, it shall do so only by way of a
written agreement with the subprocessor which imposes the same obligations on
the subprocessor as are imposed on the data importer under the Clauses. Where
the subprocessor fails to fulfil its data protection obligations under such
written agreement the data importer shall remain fully liable to the data
exporter for the performance of the subprocessor’s obligations under such
agreement.
- The prior written contract between the data importer and the subprocessor
shall also provide for a third-party beneficiary clause as laid down in Clause
3 for cases where the data subject is not able to bring the claim for
compensation referred to in paragraph 1 of Clause 6 against the data exporter
or the data importer because they have factually disappeared or have ceased to
exist in law or have become insolvent and no successor entity has assumed the
entire legal obligations of the data exporter or data importer by contract or
by operation of law. Such third-party liability of the subprocessor shall be
limited to its own processing operations under the Clauses.
- The provisions relating to data protection aspects for subprocessing of the
contract referred to in paragraph 1 shall be governed by the law of the Member
State in which the data exporter is established.
- The data exporter shall keep a list of subprocessing agreements concluded
under the Clauses and notified by the data importer pursuant to Clause 5(j),
which shall be updated at least once a year. The list shall be available to the
data exporter’s data protection supervisory authority.
Clause 12 - Obligation after the termination
of personal data-processing services
-The parties agree that on the
termination of the provision of data-processing services, the data importer and
the subprocessor shall, at the choice of the data exporter, return all the
personal data transferred and the copies thereof to the data exporter or shall
destroy all the personal data and certify to the data exporter that it has done
so, unless legislation imposed upon the data importer prevents it from
returning or destroying all or part of the personal data transferred. In that
case, the data importer warrants that it will guarantee the confidentiality of
the personal data transferred and will not actively process the personal data
transferred anymore.
- The data importer and the subprocessor warrant that upon request of the data
exporter and/or of the supervisory authority, it will submit its
data-processing facilities for an audit of the measures referred to in
paragraph 1.
Appendix 1 to the Standard Contractual Clauses
This Appendix forms part of the
Clauses. The Member States may complete or specify, according to their national
procedures, any additional necessary information to be contained in this
Appendix.
A. Data exporter
The data exporter is the Customer, as defined in the Elastic Customer Terms of
Service (“Agreement”).
B. Data importer
The data importer is AITS, Inc., a global provider of RPA platform and customer
engagement software.
C. Data subjects
Categories of data subjects set out under Section 2 of the Data Processing
Agreement to which the Clauses are attached
D. Categories of data
Categories of personal data set out under Section 2 of the Data Processing
Agreement to which the Clauses are attached.
E. Special categories of data (if appropriate)
The parties do not anticipate the transfer of special categories of data.
F. Processing operations
The processing activities set out under Section 2 of the Data Processing
Agreement to which the Clauses are attached
Appendix 2 to the Standard Contractual Clauses
This Appendix forms part of the
Clauses.
Description of the technical and organizational security measures implemented
by the data importer in accordance with Clauses 4(d) and 5(c) (or
document/legislation attached):
Elastic currently observes the security practices as described in this Appendix
2.
Notwithstanding any provision to the contrary otherwise agreed to by data
exporter, Elastic may modify or update these practices at its discretion
provided that such modification and update does not result in a material
degradation in the protection offered by these practices. All capitalized terms
not otherwise defined herein shall have the meanings as set forth in the
Agreement and the Addendum.
Hosting: Elastic hosts its platform and services on outsources subprocessors
who adhere to strict physical and environmental guidelines. Elastic maintains
contractual relationships with such vendors in order to provide the Service in
accordance with our Data Processing Agreement
Authentication: Customer data is stored in multi-tenant systems whose access is
provided via the platform via user interface or application programming
interface. Authentication mechanism is put in place for such access with a
defined policy for passwords. Elastic's authorization model enforces that only
users with specified access can use the platform.
Access controls and monitoring: Network access control mechanisms are enabled
to prevent access to unauthorized protocols keeping the underlying platform
safe. Elastic has systems in place to detect and notify abnormal network
activity patterns. Elastic also performs periodic vulnerability detection scans
to determine system risks.
Platform Data Access: A limited subset of Elastic's employees have access to
the customer data who have abided by company Non-Disclosure Agreements. Such
access is controlled and secured by two-factor authentication. A review is done
at least twice a year to determine the roles and individuals requiring such
access.
Background Checks: All Elastic employees undergo background checks prior to the
acceptance of their employment offer under the prevailing legal guidelines. All
employees are required to act in a manner consistent with the company’s
policies, non-disclosure and other contractual requirements.
Data Transmission: All network communication on the platform happens over
secured HTTPS protocol. Elastic follows industry standard implementation for
HTTPS.
Data at Rest: Elastic will secure the data by using industry standard
encryption.
Detection: Elastic logs data around platform access and usage, which includes
alerting systems that would trigger in case of unintended or malicious use of
the platform.
Security Incidents: An incident log is maintained of every incident where an
abnormal platform use or data access is determined, including details and
impact. On every incident an impact analysis is performed and steps are taken
to limit the damage to systems and unauthorized access.
Communication: If Elastic becomes aware of unlawful access to customer data, Elastic
agrees to notify the customers of the incident. It also would communicate -
information about the incident and steps taken for its resolution. Notification
for such incidents will be sent to individual customers or such groups having
been affected by the incident over email and/or phone or a medium Elastic deems
fit.
Availability: Elastic via it’s infrastructure providers ensure a platform
availability of 99.9% availability of the platform and supporting
systems.Backups: Data backups are taken for customer data and configurations at
regular intervals. The periodicity of such backups may change without affecting
the terms of the agreement.
List of Sub-Processors
Amazon Web Services, Inc.
Google, Inc.
Facebook, Inc.
Bitrix
Sendgrid, Inc
Freshsales
Any other wholly-owned AITS or subsidiary organizations
For more details, email us at [email protected]