Terms of Service
- 1. Definitions
- 2. Service
- 3. Registration, trial period, and analysis
- 4. Rights of Use and Proprietary Rights
- 5. Fees
- 6. Warranties
- 7. IPR Indemnification and Limitation of Liability
- 8. Confidentiality
- 9. Term and termination
- 10. Processing of data
- 11. Applicable law and dispute resolution
- 12. General Provisions
BrandBastion Terms of Service
Last updated 01 / 2020
These Terms of Service form an integral part of the Agreement which governs the use of the Service provided by BrandBastion Ltd a Finnish limited liability company with a Finnish business identity code 2570173-5 (“BrandBastion”) to the customer defined in the Order Form (the "Customer"). By signing an Order Form or using the Service, the Customer acknowledges and agrees that the Customer is subject to these Terms of Service and that the Customer accepts these Terms of Service.
As used in these Terms of Service, unless expressly otherwise stated or evident in the context, the following capitalized terms shall have the following meaning.
1.1 “Ad Account” means a predefined advertising account registered with BrandBastion and associated with the advertising account(s) on Facebook.
1.2 “Social media account” means a predefined social media account, such as a Facebook page or an account on Instagram, YouTube, or Twitter, registered with BrandBastion.
1.3 “Affiliate” means an entity which is a subsidiary or parent of, or under common control with, the Party. For these purposes, an entity shall be treated as being controlled by another if that other entity has fifty (50) percent or more of the voting shares in such entity, or that other entity is able to direct the Party’s affairs or is able to appoint a majority of the members of the board of directors or an equivalent body.
1.4 “Advertising Spend” means all charges payable by the Customer for all advertising conducted with respect to an Ad Account in Facebook and regardless of whether the Customer conducted advertising campaigns using the Service or not.
1.5 “Agreement” means these Terms of Service together with the Software Order Form and any appendices thereto which shall govern the provision of the Service by BrandBastion and the use of the Service by the Customer.
1.6 “Facebook” means the social media site known as Facebook and all advertising platforms in Facebook’s ecosystem, including but not limited to, Facebook, Instagram, Messenger, Whatsapp, and Facebook audience network.
1.7 “Software Order Form” means the agreement through which the Customer orders the Service and which, by reference, incorporates these Terms of Service. In the event of a conflict between these Terms of Service and the Software Order Form or any other appendices thereof, the Software Order Form shall prevail unless expressly stated otherwise in the Terms of Service or any other appendices thereof.
1.8 “Party” means BrandBastion or Customer separately. Customer and BrandBastion together are referred to as the “Parties”.
1.9 “Service” means the provision of BrandBastion’s Software available on a software as a service (SaaS) basis via the Internet on BrandBastion’s tool and website and/or by any other means via which the service is made available or can be used as well as any ancillary services that may be available and provided by BrandBastion in relation to the BrandBastion Software.
1.10 “BrandBastion Software” means BrandBastion’s proprietary software, including any changes, updates, upgrades, modifications, and enhancements made thereto, and any related modules, add-ons, tools, browser plugins, and applications as well as any documentation relating thereto all of the foregoing to the extent offered by BrandBastion.
1.11 “Terms of Service” means these terms and conditions applicable to the use of the Service. BrandBastion may update and modify the Terms of Service from time to time and by continuing to use the Service after having been informed of the modification by written notice of BrandBastion, the Customer accepts the modification and the revised Terms of Service shall enter into force after 30 days have elapsed from the notice of revised Terms of Service. All material changes to these Terms of Service shall be informed to the Customer via email prior to them becoming effective.
2.1 The Service consists of SaaS social media tools and documentation provided by BrandBastion, and used by Customer via the Internet. The Service may be used by Customer to manage engagement on social media as well as measure and optimize advertising campaigns on Facebook.
2.2 The Service is designed to help the Customer in managing engagement as well as measuring and optimizing its advertising campaigns, but the Customer remains responsible for how the Customer uses the Service and for achieving the intended goals and results of Customer's advertising campaigns. BrandBastion’s Service operates between the Customer and Facebook platform on which the advertising campaigns are being conducted, and it is the responsibility of the Customer to ensure that the output and results of the Service meet Customer's expectations and requirements.
2.3 BrandBastion is entitled to produce the Service as it deems appropriate. The Service and Facebook are constantly evolving and, as a result, the features made available on the Service may change. In the event of any substantial or major change to the Service, BrandBastion will inform the Customer on its website at https://www.brandbastion.com
2.4 The Service does not include, and BrandBastion does not offer, any telecommunication or networking services or equipment, security services or systems, or hardware or other equipment. If Customer requires any of the foregoing, Customer must obtain such systems, services and equipment at its own expense from third party vendors.
2.5 The Customer undertakes not to use the Service for any unlawful purposes. The Customer also undertakes to comply with BrandBastion's reasonable directions and requests related to the Service.
2.6 The Customer is responsible for complying with all laws, rules and regulations applicable to Customer, including all laws, rules and regulations related to advertising and conducting advertising campaigns.
3. Registration, trial period, and analysis
3.1 Unless otherwise agreed, the Customer shall register before commencing the use of the Service, a free trial or an analysis. In connection with the registration, the Customer shall sign up to the Service and authorize BrandBastion’s access to the Customer’s Facebook ad accounts and social media accounts and to all the information therein and the Customer shall register the Ad Accounts with the Service. BrandBastion shall confirm Customer's registration and the Ad Accounts in due course after having received the registration. The Customer may add and remove Ad Accounts in the Service.
3.2 Free trials are available as agreed between the parties.
3.3 Free analyses are available as agreed between the parties
4. Rights of Use and Proprietary Rights
4.1 Subject to the Customer’s compliance with all the terms of this Agreement, BrandBastion grants to the Customer a non-exclusive, non-transferable, limited right to access and use the Service, against due payment of the agreed fees, solely in connection with the registered predefined Ad Accounts in Facebook.
4.2 Customer shall not i) attempt to copy, modify, duplicate, create or prepare derivative works from or based upon, frame, mirror, republish, download, display, transmit or distribute all or any portion of the Service in any form or media or by any means; ii) access all or any part of the Service in order to build a product or service or feature which competes with the Service; iii) attempt to obtain, or assist third parties in obtaining, unauthorised access to the Service; iv) license, sell, rent, lease, transfer, assign, distribute, display, disclose or otherwise make the Service available to any unauthorised third party; or v) reverse engineer, decompile, decode, decrypt, disassemble, or attempt to derive any source code from the BrandBastion Software (except and only to the extent any foregoing restriction is prohibited by applicable law). If Customer grants any subcontractor, supplier, end-customer or other third party any access to the Service, such subcontractor, supplier, end-customer and third party shall be considered equivalent to the Customer for the purposes of these Terms of Service and the Customer shall be fully responsible and liable for all acts and omissions of such subcontractor, supplier, end-customer and third party as well for ensuring their compliance with this Agreement.
4.3 The Customer agrees and acknowledges that the title and all intellectual property rights in and to the Service and any data, documentation, images, and/or BrandBastion Software related thereto are owned and remain vested in BrandBastion or a third party. No intellectual property rights of BrandBastion shall be transferred pursuant to these Terms of Service. BrandBastion agrees that, unless otherwise agreed in this Agreement, Customer-owned materials provided by the Customer to BrandBastion in connection with the Service shall remain the property of the Customer and BrandBastion agrees that the title and all intellectual property rights in and to such Customer-owned materials remain vested in the Customer.
4.4 If the Customer comments the Service or provides suggestions or ideas for improving the Service, notwithstanding anything stated to the contrary in this Agreement, the Customer agrees that all such comments, suggestions and ideas thereof will be fully assigned to BrandBastion and hence BrandBastion shall own all rights to use and incorporate them into its product offerings.
4.5 For the avoidance of doubt, if the Service includes third-party solutions for which the Customer has a direct contractual relationship with the providers of these third-party solutions (such as Facebook or other marketing platform or mobile measurement providers) regardless of anything to the contrary stated herein, their use shall be exclusively governed by their provider's terms and conditions in their standard form, or as negotiated between the Customer and such third party, applicable to such solutions. This Agreement does not modify or amend, and is not in lieu of, any terms, policies or rules of Facebook or any other third-party provider used by Customer.
5.1 If applicable, BrandBastion’s fee is defined in a separate Software Order Form and is dependent on the products included. Software Order Forms are typically not provided for trial periods or analyses as no fee is charged.
5.2 If the Agreement is terminated as described hereinafter in Section 9, for the last month of use, at least a monthly minimum fee is charged if the Agreement had terminated before end of the calendar month.
5.3 BrandBastion may change the fees from time to time up on 30 days prior notice. The change shall not affect the fees for invoicing periods commenced before the effective date of the change. In case of a price change the Customer shall be entitled to terminate this Agreement to end on the effective date of the price change by notifying BrandBastion thereof in writing.
5.4 The fees for the Service are invoiced monthly in arrears via credit card or invoice, depending on the payment method offered by BrandBastion at the time and chosen by the Customer. Customer shall remit payment 14 days net from the date of invoice. Interest on delayed payments accrues at 12% per annum or the maximum legal interest rate for late payment, whichever is less.
5.5 The fees are exclusive of VAT and any other governmental taxes and levies. The Customer shall be solely responsible for VAT and other taxes and levies imposed on the Customer by applicable laws and authorities in relation to the fees.
6.1 BrandBastion endeavours to make commercially reasonable efforts to ensure that the Service will be available for use on a 24/7 basis excluding temporary maintenance, updating and repairs. BrandBastion does not assume any liability for usage interruptions or breaks, but it endeavours to inform the Customer of Service issues whenever reasonably possible. BrandBastion does not warrant that the Service will be uninterrupted or error-free. However, BrandBastion agrees to use commercially reasonable efforts to be at Customer's disposal in order to support the Customer and to correct any material error or deficiency in the Service.
6.2 The warranty does not cover errors or deficiencies attributable to (a) changes to the Service made by the Customer which have not been approved by BrandBastion in writing; (b) use of the Service contrary to these Terms of Service, or the written instructions given by BrandBastion; (c) use of the Service contrary to the Facebook terms and policies; (d) disturbances or interruptions in the Service due to data network; or (e) a service or product not supplied by BrandBastion or other similar reason outside of the Service.
6.3 The Customer acknowledges that the use of the Service is dependent on Facebook in which Customer's advertising campaigns are carried out and that the actions of the Customer and third-party data providers may also affect the use of the Service. BrandBastion does not accept any liability for the operation and function of any Customer or third-party products, services, actions or omissions, including, but not limited to, those of third-party data providers, Facebook or any third party that operates in or with Facebook.
6.4 TO THE EXTENT ALLOWED BY MANDATORY LAW, BRANDBASTION DOES NOT HAVE ANY OTHER RESPONSIBILITY OR LIABILITY FOR THE SERVICE. THE SERVICE IS PROVIDED "AS IS" AND "AS AVAILABLE" AND BRANDBASTION EXPRESSLY DISCLAIMS ALL OTHER EXPRESS OR IMPLIED WARRANTIES, INCLUDING BUT NOT LIMITED THE WARRANTIES OF MERCHANTABILITY, NON-INFRINGEMENT, CORRECTNESS AND FITNESS FOR A PARTICULAR PURPOSE.
7. IPR Indemnification and Limitation of Liability
7.1 Provided that the Customer remains in compliance with this Agreement, BrandBastion will defend or settle any claim made against the Customer for any intellectual property rights violation relating to the Service arising solely from the actions for which BrandBastion is legally responsible. Customer agrees i) to promptly notify BrandBastion in writing of any such claim, ii) to allow BrandBastion to have sole control over the defence, litigation and/or settlement of any such claim and iii) to cooperate with BrandBastion in the investigation, defence and settlement thereof. BrandBastion shall indemnify Customer for such claim by paying the costs and reasonable attorneys’ fees Customer incurs as a results of such claim, including damages awarded to such third party in a judgment finally awarded against Customer or settlement approved by BrandBastion. If such claim is made or, in BrandBastion's opinion, is likely to be made, then BrandBastion may, at its sole discretion, (i) modify the Service or if it’s not commercially reasonable for BrandBastion to modify the Service, (ii) terminate the Service and/or the Agreement with immediate effect. In no event shall the termination of the Service or the Agreement due to infringement relieve BrandBastion from its obligation to defend and indemnify Customer as set forth herein. BrandBastion shall not settle any claim on behalf of Customer without Customer’s prior written consent if the settlement requires any admission of fault by Customer.
7.2 The Customer shall defend or settle any claim made against BrandBastion, and if applicable, its licensors, and each such Party’s parent organizations, subsidiaries, Affiliates, officers, directors, and employees, if such claim arises out of or in connection with: (a) Customer disrupting the Service in violation of applicable legislation or in violation of Section 4.2 of these Terms of Service; or (b) Customer’s infringement or alleged infringement of any third party’s intellectual property right or (c) the Content. BrandBastion agrees i) to promptly notify the Customer in writing of any such claim, ii) to allow the Customer to have sole control over the defence, litigation and/or settlement of any such claim and iii) to reasonably cooperate with the Customer in the investigation, defence and settlement thereof. The Customer shall indemnify BrandBastion and if applicable, its licensors, and each such Party’s parent organizations, subsidiaries, Affiliates, officers, directors, and employees for such claim by paying the costs and reasonable attorneys’ fees incurred by the foregoing persons or parties as a result of such claim, including damages awarded to such third party in a judgment finally awarded against BrandBastion or settlement approved by the Customer. Customer shall not settle any claim on behalf of BrandBastion without BrandBastion’s prior written consent if the settlement requires any admission of fault by BrandBastion.
7.3 BrandBastion shall have no obligations under this Section 7 to the extent any infringement claim arises from: a) the Customer’s combination of the Service with other software or services or Customer’s modification to any part of the Service or Customer’s violation of Section 4.2 if such claim would not have been made but for Customer’s combination or modification or Customer’s violation of Section 4.2; or b) information or materials provided by the Customer and used by BrandBastion for the performance of the Service in accordance with this Agreement or c) the Content.
7.4 The foregoing remedies constitute Customer’s sole and exclusive remedies and BrandBastion’s entire liability with respect to third party infringement claims.
7.6 EACH PARTY’S TOTAL AGGREGATE LIABILITY UNDER THIS AGREEMENT MAY NOT IN ANY CALENDAR YEAR STARTING FROM THE DAY THE CUSTOMER STARTED USING THE SERVICE EXCEED AN AMOUNT EQUAL TO THE AGGREGATE AMOUNT OF FEES RECEIVED BY BRANDBASTION FROM THE CUSTOMER UNDER THE APPLICABLE ORDER FORM DURING THE TWELVE (12) MONTHS PRECEDING THE EVENT GIVING RISE TO SUCH LIABILITY.
7.7 THE LIMITATIONS SET FORTH ABOVE IN SECTION 7.5 AND 7.6 SHALL NOT APPLY TO (i) A VIOLATION OF SECTION 4.2; OR (ii) THE INDEMNIFICATION OBLIGATIONS SET FORTH IN SECTIONS 7.1 AND 7.2.
8.1 Each Party shall keep in confidence all material and information received from the other Party and marked as confidential or which should be understood to be confidential, and may not use such material or information of the other Party for any purpose other than for the proper fulfilment of the Agreement. The confidentiality and non-use obligations shall not, however, be applied to material and information: (a) which is generally available or otherwise public; or (b) which the receiving Party has received from a third party without any obligation of confidentiality; or (c) which was in the possession of the receiving Party prior to receipt of the same from the other Party without any obligation of confidentiality related thereto or breach of confidentiality obligations.
8.2 Notwithstanding the confidentiality provisions, BrandBastion may collect and analyse the Customer’s advertising spend data and trends as well as engagement related data but may only disclose this Customer data if the data is de-identified or if it is not attributable to any individual or company. In addition, BrandBastion may collect, analyze, and use aggregated, de-identified technical data and related information (such as product or feature usage, device metrics/metadata etc.) to facilitate market research and analysis, quality control, product development/improvement and to provide support and maintenance services. BrandBastion may use, store, or disclose such information or material derived from such information, as long as it is in a form that does not identify or is not attributable to any individual or company.
8.3 Each Party shall promptly upon termination of the Agreement (or when the Party no longer needs the material or information in question for the purposes of the Service) cease using confidential material and information received from the other Party and, unless the Parties separately agree on destruction of such material, return the material in question (including all copies thereof). Each Party shall, however, be entitled to retain the copies required by law or regulations and BrandBastion may use information in the connection with Section 8.2.
8.4 The confidentiality and non-use obligations set out herein will remain in force for five (5) years from the disclosure of each respective confidential material and/or information except that the foregoing time limit shall not apply to trade secrets.
9. Term and termination
9.1 The parties will agree on the term and termination of the agreement in the Software Order Form. If nothing has been specified in the Software Order Form, the provisions of this clause will apply to the term and termination of the agreement.
9.2 Customer may terminate the Agreement and the use of the Service with immediate effect at any time by a prior written notice (email being sufficient) to the account manager assigned to Customer or to email@example.com, in which case BrandBastion shall send the Customer a written confirmation regarding termination without undue delay.
9.3 BrandBastion may terminate the Agreement and the use of the Service for convenience upon 30 days prior written notice by email.
9.4 Either Party may terminate this Agreement with immediate effect if the other Party is in material breach of its obligations hereunder and fails to remedy such breach within 14 days written notice given by the non-breaching Party.
9.5 Upon expiration or termination of this Agreement, the Customer is obliged to cease the use of the Service and shall return or, upon BrandBastion’s request, destroy BrandBastion’s material in its possession and upon BrandBastion's request confirm in writing that it has complied with the aforesaid.
9.6 Upon termination for whatever reason, no paid fees will be returned by BrandBastion, and the Customer is obliged to pay the fees past due at the effective date of such termination. In the event that fees are not fully paid when due or the obligations set out in this Agreement are not otherwise followed by the Customer, BrandBastion reserves the right to terminate the Customer’s right to use the Service with immediate effect.
10. Processing of data
10.1 The Customer expressly acknowledges and agrees that it is Customer's obligation to observe and to comply with any and all privacy and data protection laws (including but not limited to EU General Data Protection Regulation, GDPR), regulations and terms applicable to information that can be used on its own or with other information to identify, contact, or locate a single person, or to identify an individual in context (“Personal Data”) contained in the materials provided by the Customer for the purposes of the Service regardless of the country/state in which the Customer is based. The above mentioned includes, but is not limited to, complying with terms and restrictions related to Customer's use of customer/contact databases and complying with any applicable privacy policies and cookie opting policies.
10.2 In the event that (i) BrandBastion in connection with the Service processes Personal Data as a processor on behalf of the Customer and (ii) the applicable legislation (such as the GDPR) requires Parties to put in place a data processing agreement (DPA) to govern such data processing, the Data Processing Policy (DPP) attached to these Terms of Service as Annex A shall apply. In such event, the DPP set forth in Annex A forms an integral part of the Agreement and shall be applied to the processing of Personal Data by BrandBastion as a processor.
11. Applicable law and dispute resolution
11.1 The Agreement will be governed by the laws of Finland excluding its provisions relating to the choice of law.
11.2 Any dispute, controversy or claim arising out of or relating to this Agreement, or the breach, termination or validity thereof, shall be finally settled by arbitration in accordance with the Arbitration Rules of the Finland Chamber of Commerce. The proceedings shall take place in the English language in Helsinki, Finland.
11.3 Existence of arbitral proceedings, the proceedings, any material presented or drafted in relation to the proceedings and the verdict shall be considered as confidential information under this Agreement.
12. General Provisions
12.1 BrandBastion is entitled to change the working methods, hardware, data communication links, software, user interface or other system components used in providing the Service. BrandBastion may also use subcontractors.
12.2 BrandBastion is entitled to use Customer's name and logo as a reference for advertising purposes.
2.3 Neither Party may assign this Agreement without other Party’s prior written consent. Parties shall, however, be entitled to assign this Agreement in whole or in part to its Affiliates and in the connection with a merger or acquisition process including but not limited to the transfer of business and/or any other corporate transaction or restructuring.
12.4 No provision or right under this Agreement shall be considered waived without an explicit written statement or agreement signed by the waiving Party in each specific case. A waiver of any term, provision or right under this Agreement shall not be construed as a waiver of any other term, provision or right hereunder.
12.5 Neither Party shall be liable to the other for any failure to perform any of its obligations (except payment obligations) under this Agreement during any period in which such performance is delayed by circumstances beyond its reasonable control, such as fire, flood, war, embargo, strike, riot, terrorism, or the intervention of any governmental authority (a “Force Majeure”). In such event, however, the delayed Party must promptly provide the other Party with written notice of the Force Majeure. The delayed Party’s time for performance will be excused for the duration of the Force Majeure.
12.6 This Agreement and the information submitted by the Customer during the registration process for the Service constitute the entire agreement with respect to its subject matter and replaces and supersedes any prior written and/or verbal communications.
12.7 If any provision herein is held to be invalid or unenforceable to any extent, then such provision will be interpreted, construed and reformed to the extent reasonably required to render it valid, enforceable and consistent with its original intent.
12.8 Headings in these Terms of Service are for convenience of reference only and shall in no way affect interpretation of the Agreement.
Annex A - BrandBastion Data Processing Policy
The General Data Protection Regulation (“GDPR”) is a new set of privacy rules which will replace the Data Protection Directive in May 2018. The purpose of BrandBastion’s Data Processing Policy (“Policy”) is to explain how BrandBastion collects, processes and protects client data and how BrandBastion intends to comply with the GDPR.
BrandBastion regards the lawful and correct processing and treatment of personal data as very important to successful business operations and to maintaining confidence with clients, partners and internal and external stakeholders. BrandBastion is committed to ensure that personal data is processed lawfully and in an appropriate manner in all its operations.
BrandBastion’s solution transforms the way brands deal with social engagement by automating the management of millions of pieces of user-generated content and social interactions at scale, while maintaining the quality of 1-on-1 premium services around the clock in real-time. All user-generated content received across defined accounts and platforms are accessed in real time and actions are taken according to brand preference. Depending on brand preference, BrandBastion can take actions such as:
- Removing harmful content
- Sending alerts of situations requiring the client’s attention
- Responding to client inquiries
- Gathering and aggregating data for the purposes of social media analytics or social media listening reports
Under these services, BrandBastion:
- Utilizes the APIs available on each social media platform to extract the user-generated content posted on the client accounts that BrandBastion’s application has been authorized on or extracting user-generated content based on agreed upon parameters
- The user-generated content is run through BrandBastion’s system for processing, whereupon the user-generated content is processed by BrandBastion.
BrandBastion as a data controller and data processor
In order to provide the Services, BrandBastion may process personal data on behalf of the Client as data processor for the purposes of providing the Services.
BrandBastion processes certain personal data relating to the Client relationship as data controller. Such personal data includes, inter alia, name and contact details of the Client’s contact persons, invoicing details and other personal data of Client’s contact persons which BrandBastion processes in order to maintain the Client relationship.
In this section, “Personal Data” refers to any information relating to an identified or identifiable natural person BrandBastion has access to via the Services and processes on behalf of the Client in the course and within the scope of providing the Services.
In connection with the use of the Services, BrandBastion may process various data on behalf of the Client. Such data might include Personal Data. The Client shall be considered as the sole data controller and BrandBastion as the data processor with respect to such data. The following terms and conditions set forth in this section concern the data processing activities of BrandBastion as data processor with respect to the Personal Data it processes on behalf of the Client.
General requirements relating to processing of Personal Data
The Client shall be responsible for the lawful collection, processing and use, and for the accuracy of the Personal Data, as well as for preserving the rights of the individuals concerned. If and to the extent legally required, the Client shall inform the individuals concerned regarding the processing of their Personal Data by BrandBastion, and shall obtain their consent if necessary.
The Personal Data processed by BrandBastion on behalf of the Client may include e.g. Personal Data of the users of Client’s social media accounts (“Users”), such as names, profile pictures and usernames of the Users as well as user-generated content such as comments that the Users leave on the Client’s social media properties or social media platforms at large if covered by BrandBastion’s services.
The Client acknowledges that due to the nature of the Services, BrandBastion cannot control and has no obligation to verify Personal Data BrandBastion processes on behalf of the Client when the Client uses the Services. The Client ensures that BrandBastion may lawfully process the Personal Data on behalf of the Client in accordance with this Agreement.
BrandBastion shall not use Personal Data for any purpose other than that of rendering and providing the Services and will not assert liens or other rights over, or sell or disclose the Personal Data to any third parties, without the Client’s prior written approval. BrandBastion shall process Personal Data in accordance with this Agreement and documented instructions from the Client. The Client’s instructions must be commercially reasonable, compliant with applicable data protection laws and consistent with this Agreement. BrandBastion shall not be obliged to verify whether any instructions given by the Client are consistent with applicable laws, as the Client is responsible for such compliance verification of its instructions. However, if BrandBastion detects that any instruction given by the Client is non-compliant with the requirements of any data protection legislation applicable to BrandBastion’s operations, BrandBastion shall inform the Client of this in writing (email will suffice).
BrandBastion and the Client shall comply with EU Regulation 2016/679 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (“Regulation”) and any applicable European or foreign data protection laws as amended.
BrandBastion and the Client shall implement and maintain appropriate technical and organizational security measures to protect the Personal Data within their area of responsibility, in order to safeguard the Personal Data against unauthorized or unlawful processing or access and against accidental loss, destruction or damage. Such measures include where necessary and appropriate, taking into account the state of the art, the costs of implementation and the nature, scope, context and purposes of processing as well as the risk of varying likelihood and severity for the rights and freedoms of natural persons the following measures:
- access right controls to systems containing Personal Data;
- the pseudonymization and encryption of Personal Data;
- the ability to ensure the ongoing confidentiality, integrity, availability and resilience of processing systems and services;
- the ability to restore the availability and access to Personal Data in a timely manner in the event of a physical or technical incident;
- a process for regularly testing, assessing and evaluating the effectiveness of technical and organizational measures for ensuring the security of the processing.
When BrandBastion provides certain regular reports to the Client, the Personal Data shall primarily be in pseudonymized format. BrandBastion and the Client may separately agree on the scope and extent of the pseudonymization.
BrandBastion’s assistance obligations
In order to assist the Client to respond to requests from individuals exercising their rights as foreseen in applicable data protection law, such as the right of access and the right to rectification or erasure, BrandBastion shall provide the Client with commercially reasonable assistance, without undue delay, taking into account the nature of the processing. BrandBastion shall further provide the Client with commercially reasonable assistance in ensuring compliance with the Client’s obligations to perform security and data protection assessments, breach notifications and prior consultations of the competent supervisory authority, as set out in the applicable data protection law, taking into account the nature of the processing and the information available to BrandBastion. In case such assistance requires extensive measures from BrandBastion, the Client shall pay additional reasonable remuneration to BrandBastion for handling such assistance requests (additional remuneration can be agreed upon in writing via email).
In addition, BrandBastion shall, and shall procure that its personnel (including its subcontractors’ personnel) shall:
- only process Personal Data in accordance with the Client’s written instructions and not for BrandBastion’s own purposes;
- ensure that individuals processing Personal Data have committed themselves to confidentiality or are under an appropriate statutory obligation of confidentiality.
Transfers of Personal Data
The Client accepts that BrandBastion may have Personal Data processed and accessible by its subprocessors outside the Client’s country of domicile to provide the Services. In case the processing is subject to any EU data protection law and Personal Data is transferred from the European Economic Area (“EEA”) to a subprocessor for processing in any country outside the EEA that is not recognized by the European Commission as providing an adequate level of protection for personal data, BrandBastion provides for appropriate safeguards by standard contractual clauses, adopted or approved by the European Commission and applicable to the processing by the non-EEA subprocessor or by any other appropriate safeguard as foreseen under Regulation.
The Client shall have the right to audit the facilities and processing activities of BrandBastion under this Agreement to examine the level of protection and security provided for Personal Data processed under this Agreement and to assess the compliance of BrandBastion with the terms and conditions relating to Personal Data set out herein. Each Party shall bear its own costs for any such audit.
Where an audit may lead to the disclosure of business or trade secrets of BrandBastion or threaten intellectual property rights of BrandBastion, the Client shall employ an independent expert to carry out the audit, and the expert shall agree to be bound to confidentiality to BrandBastion’s benefit.
General authorization. The Client gives its general authorization to allow BrandBastion to involve BrandBastion’s affiliated companies and other subcontractors as subprocessors to process Personal Data in connection with the provision of the Services, to the extent such appointment does not lead to non-compliance with any applicable law or BrandBastion’s obligations under this Agreement. BrandBastion ensures that the involved subprocessors are properly qualified, will be under a data processing agreement with BrandBastion, and comply with data processing obligations similar to the ones which apply to BrandBastion under this Agreement. BrandBastion shall be liable towards the Client for the processing of Personal Data carried out by BrandBastion’s subprocessors.
Change of subprocessor. BrandBastion is free to choose and change its subprocessors. Upon written request, BrandBastion shall inform the Client of subprocessors currently involved. In case there is a later change of subprocessor (addition or replacement), BrandBastion shall notify the Client of such change. In case the Client objects such change of subprocessor on reasonable grounds, the Client has the right to request change of the subprocessor.
BrandBastion shall, without undue delay after having become aware of it, inform the Client in writing about any data breaches relating to Personal Data and any other events where the security of Personal Data processed on behalf of the Client has been compromised. BrandBastion’s notification about the breach to the Client shall include at least the following:
- description of the nature of the breach;
- name and contact details of BrandBastion’s contact point where more information can be obtained;
- description of the measures taken by BrandBastion to address the breach, including, where appropriate, measures to mitigate its possible adverse effects.
Deletion and return of Personal Data
Personal Data shall be processed under this Agreement until the Client has ceased to use the Services.
Within a reasonable time after the termination or expiry of this Agreement, or after the Client has permanently ceased to use the Services, BrandBastion shall permanently delete Personal Data from its storage media, except to the extent that BrandBastion is under a statutory obligation to continue storing such Personal Data. On the Client’s request, BrandBastion shall confirm the deletion in writing (email will suffice). The obligation to delete Personal Data shall not apply to Personal Data contained in regular back-up copies of comprehensive datasets from which the individual deletion of Personal Data would not be possible without significant efforts or costs.