General Terms & Conditions
1. General Aspects
These General Contracting Conditions ("General Conditions") constitute the regulatory framework for the contracting of the services (hereinafter, the "Services") offered by AUTOPILOT TECH, S.L. (hereinafter, "PIPER" or the "Company") to its clients (hereinafter, the "Client/s") through the present website: www.piperai.com (hereinafter, the "Website").
The Client expressly accepts and submits to these General Conditions and to the Order Form or Contract Form, as well as to the Conditions of Use of our Website and the Privacy Policy which together form the applicable agreement between AUTOPILOT TECH, S.L. and the Client (hereinafter, the "Agreement"). Privacy Policy, along with this General Conditions, will collectively form the applicable agreement between AUTOPILOT TECH, S.L. and the Client (hereinafter, the "Agreement"). Therefore, you must read these General Conditions carefully before contracting services through the Website.
PIPER may establish with its Clients particular or specific conditions governing their relationship ("Particular Conditions"). In such cases, the Particular Conditions shall prevail over these General Conditions.
The Client acknowledges having sufficient legal capacity to enter into a contractual obligation.
We may refer to the Client and PIPER individually as the "Party" and both together as the "Parties".
Title II: Account and access and restrictions
4. Registration and user’s profile and account
4.1. In order to access to the Platform and any of the functionalities of the Software, We will require
You to sign up in the Platform and create a profile and account (the “Account”) protected by a
password by providing Us certain information, if applicable, which will always be treated
according to these Terms.
Once You sign up and provide Us with the information requested in the registration process, We
will analyse such information and, in particular, validate that You are the owner of the information
provided. Once this information has been validated, the Account will be created, and We will
provide You with a temporary username and password that You will need to change the first time
You access the Account.
Such Account shall not be transferable and its access information strictly confidential and, hence,
You are fully responsible of the activity occurring under your Account (including, among others,
the management, custody, security and correct use of the access credentials) and We shall not be
liable for any loss or damages that You may suffer as a result of someone else using your Account
and/or accessing or using your content. Likewise, You shall be liable to any losses or damages
caused under the use of your Account, regardless if it is being used by a third party. To maintain
control over your Account You must take precautionary measures to prevent anyone from
accessing your Account, such as maintaining control over the devices that You use to access your
Account or not revealing your password. You are responsible for updating and maintaining the
accuracy of the information You provide to Us relating your Account. You agree to notify Us
immediately the email address detailed in clause 15 below if You discover any unauthorized use of
your Account or login credentials.
4.2. We may permit You to register for and log on to the Software via certain third-party services. The
third party’s collection, use, and disclosure of your information will be subject to that third-party
service’s privacy notice.
4.3. You expressly authorize Us to access your Account for the purpose of helping You manage your
Account and use of the Software. Notwithstanding the foregoing, You may deny such access by
sending Piper an express communication in accordance with clause 15 below, requesting Piper not
to access your Account for these purposes.
4.4. If We detect an identity theft or other fraudulent activity in your Account or any breach of the
Agreement, including these Terms, We can place your Account on hold in order to protect You, Us
or our partners, and We will notify You about it, by sending a notification to the email provided .
When We send You such notification your Account may be suspended, including disabling login
and sending capabilities, to protect the security and privacy of the data held within the Account,
among others, until the dispute or breach is properly resolved.
5. Access and use restrictions
5.1. The access to the Platform and use of the Software shall be restricted to the stated purpose.
Accordingly, You shall not access to the Platform or the use of the Software or otherwise distribute
any Content : (i) in any way that implies a breach of this Agreement, including these Terms; (ii) in
any way that violates any applicable law or regulation, including uploading or submitting content
or information that encourages conducts that may result in civil liability or otherwise violate or
breach any applicable laws, regulations or code of practice, including any violation or
infringement of intellectual or industrial property rights of any person; (iii) in any way that could
damage the functioning of the Software or our servers or any networks connected to any of our
servers in any manner; (iv) for any commercial or for-profit purposes not previously authorized by
Us; (v) to upload files that contain viruses or similar software programs with the aim to damage
another person’s computer or system or otherwise jeopardize the integrity of the Software;
5.2. You will be responsible for the information provided to Us during the use of the same. By
providing such information, You authorize the Company to use this information to comply with
these Terms, for the operation of the Platform and You will be responsible for ensuring that the
information is correct, accurate and duly updated at all times.
5.3. Furthermore, You should not infringe on the intellectual property rights of others, including patent, trademark, trade secret, or other proprietary rights. You are also not allowed to encourage
or induce others to violate intellectual property rights.
5.4. You also agree, represent, and warrant to Us that: (i) You will clearly post, maintain, and abide by
a publicly accessible privacy notice on the digital properties from which the underlying data is
collected that (a) satisfies the requirements of applicable data protection laws, and (b) describes
your use of the Software; (ii) You will get and maintain all necessary permissions and valid
consents required to lawfully transfer data to Us and to enable such data to be lawfully collected,
processed, and shared by Piper for the purposes of providing the Software or as otherwise
directed by You; (iii) You should not use automated systems or software to extract data from the
Software for commercial or non-commercial purposes (Screen Scraping) unless You have
previously concluded a written license agreement with Us for this purpose.
5.5. You will be responsible for collecting the data directly from the final user, complying with the
obligation to inform and ensuring that there is a lawful basis for the processing carried out on the
Platform.
Title III: Fees and payment conditions
6. Fees and payment terms
6.1. The initial fees applied to You will be the ones detailed in the separate software as a service
agreement subscribed between You and Us (“SaaS Agreement).
6.2. According to such SaaS Agreement, when You create an Account in our Platform, You agree to
recurring billing by Us, under the conditions stablished in such SaaS Agreement.
7. Refunds
7.1. You will not be entitled to a refund or credit from Us under any circumstance. However, We may,
at our sole discretion, offer a refund, discount or credit, which shall be expressly agreed and
included in the corresponding SaaS Agreement.
8. Taxes
8.1. “Tax” or “Taxes” means all applicable taxes, including but not limited to indirect taxes such as
goods and services tax (“GST”), value added tax (“VAT”), sales tax, fees, duties, levies, or other
similar taxes. Unless otherwise stated in the SaaS Agreement, any consideration, amount payable,
fees, payment terms and/or any other amounts are exclusive of Taxes. In the event that any
amount payable by You to Us is subject to Taxes, We shall collect the full amount of those Taxes
from you and said collection shall not reduce or somehow impact the amount to which We are
entitled.
You will reimburse and indemnify Us for any Taxes, interest, and penalties that We may be
compelled to pay on account of your non-payment. You must pay any applicable Taxes. In the
event that any payments and/or amount payable by You to Us is subject to (i) any withholding or
similar tax; (ii) any Taxes not collected by Us; or (iii) any other Taxes or other government levy of
whatever nature, the full amount of that tax or levy shall be solely your responsibility and shall
not reduce the amount to which We are entitled under the Agreement. You will indemnify and hold Us harmless against any and all claims by any competent tax authority related to any such
withholding or similar taxes and any penalties and/or interest thereon.
Title IV: Term, termination and effects
9. Term
9.1. Once signed the SaaS Agreement, the term of such SaaS Agreement, including these Terms, will
begin (the “Term”). The Term will continue for as long as you have an Account or until You or We
terminate the SaaS Agreement in accordance with these Terms, whichever happens first.
10. Termination
10.1. You or Piper may terminate the Agreement at any time and for any reason. These Terms may be
terminated for any of the termination reasons included in the SaaS Agreement by either of the
Parties. We may suspend the Software access to You at any time, with or without cause. We will
not refund or reimburse You in any situation. Once your Account is terminated, You acknowledge
and agree that We may permanently delete your Account and all the data associated with it.
10.2. Furthermore, to the fullest extent permitted by applicable law, the Company reserves the right,
without notice and in our sole discretion, to terminate your license to access to the Software and
the Platform and to block or prevent your future access to and use of the Software or the Platform,
including where we reasonably consider that: (a) your use of the Software or the Platform violates
these Terms or applicable law; (b) You fraudulently use or misuse the Software or the Platform; (c)
breach of any obligations of the SaaS Agreement by You; or (d) We are unable to continue
providing the Software to you due to technical or legitimate business reasons. To the fullest extent
permitted by applicable law, your only remedy with respect to any dissatisfaction with: (i) the
Software, (ii) any term of these Terms, (iii) any policy or practice of the Company in operating the
Software, or (iv) any content or information transmitted through the Software, is to terminate your
Account and to discontinue use of any and all parts of the Software or the Platform.
10.3. We also may suspend or terminate your access to the Platform if We determine, in our sole
discretion, that You are either: (i) an organization that has publicly stated or acknowledged that its
goals, objectives, positions, or founding tenets include statements or principles that could be
reasonably perceived to advocate, encourage, or sponsor Hateful Content or A Threat of Physical
Harm; or (iii) a organization that has acted in such a way as could be reasonably perceived to
support, condone, encourage, or represent Hateful Content or A Threat of Physical Harm.
For the purpose of these Terms a (i) “Threat of Physical Harm” means any statement, photograph,
advertisement, or other Content that in our sole judgment could be reasonably perceived to
threaten, advocate, or incite physical harm to or violence against others; and (ii) “Hateful
Content” means any statement, image, photograph, advertisement, or other Content that in our
sole judgment could be reasonably perceived to harm, threaten, promote the harassment of,
promote the intimidation of, promote the abuse of, or promote discrimination against others based
solely on race, ethnicity, national origin, sexual orientation, gender, gender identity, religious
affiliation, age, disability, disease, or immigration status.
10.4. Termination shall be without prejudice to the rights and obligations of the Parties prior to the
effective date of such termination. In case of termination of the SaaS Agreement or these Terms, (i)
obligations, covenants and undertakings of the Parties hereunder which in nature should survive
the termination shall continue in force; (ii) the Client shall immediately pay any unpaid amount
accrued to Us before the termination of the SaaS Agreement and unpaid; and (ii) termination of
the SaaS Agreement shall not entitle the Client to claim any damages or other compensation,
including, without limitation, customer compensation and/or goodwill obtained during the Term.
Title V: Limitations of warranties and indemnifications
11. Limitations of warranties
11.1. You acknowledge and agree that the Software and all information, products and services provided
through it are provided on an "as is" and "as available" basis, and We expressly disclaim all express
or implied warranties of all kinds, including but not limited to the implied warranties of accuracy,
validity reliability, availability, suitability or completeness of any information, content or data
provided through the Software and, therefore, in no event, We will be liable, whether in contract
or tort, for any claim, loss, damage, liability, cost or expense of any kind, whether direct or indirect
(including damages for loss of business, revenues, profits, data, use, goodwill or other intangible
losses) or any other damages of any kind related to You caused from the access or use of the
Software or relying on the content of the Software.
11.2. In addition to the foregoing, We do not warrant the accuracy, completeness, timeliness or
usefulness of the information provided by the final users and recorded through telephone calls
between the Clients and the final users. Any reliance You place on such information is strictly at
your own risk. We disclaim all liability and responsibility arising from any reliance placed on such
materials by You or any other visitor to the Software, or by anyone who may be informed of any of
its contents.
11.3. Likewise, We make no warranty that the Software will meet your requirements, be safe, secure,
uninterrupted, timely, accurate, or error-free, or that your information will be secure.
11.4. We are not responsible for the content, data, or actions of third parties or agencies, linked websites,
or other users or clients of the Software, including third-party applications, products, or services
for use in connection with the Software, including its relevant privacy, security or integrity and
therefore, You release Us, our directors, officers, employees, and agents from any claims and
damages, known and unknown, arising out of or in any way connected with any claim You have
against any such third parties. No advice or information, whether oral or written, obtained by You
from Us or through or from our services creates any warranty not expressly stated in these Terms.
11.5. You acknowledge that the Platform does not replace the responsibilities derived from the
management of your call center / telephone services to the final user, which shall in any case be in
compliance with the applicable data protection regulation.
11.6. Any material downloaded or otherwise obtained through the Platform, the Software, or the server
that makes it available, is done at your own discretion and risk, and You will be solely responsible
for any damage to your computer system or loss of data that results from the download of any
such material, as We cannot guarantee that they are free of viruses, worms, trojan horses or other harmful components. You agree that We have no responsibility or liability for the deletion of, or
the failure to store or to transmit, any content or communication maintained in the Platform or the
Software.
11.7. For the avoidance of doubt, in no instance will We or our team or employees or collaborators or
shareholders or directors be liable for any losses or damages You suffer if You use the Platform
and the Software in violation of these Terms, regardless of whether we terminate or suspend your
Account due to such violation.
11.8. In any case, in the event of proven liability on the part of the Company, the aggregate liability of
the Company whether in contract, warranty, tort (including negligence, whether active, passive, or
imputed), product liability, strict liability, or other theory, arising out of or relating to the use of or
inability to use the Software and/or the Platform shall not exceed the amount paid by You to Us, if
any, for accessing the Software during the [last month] immediately preceding the date of the
claim or [one hundred (100) euros], whichever is lower. To the extent that applicable law prohibits
limitation of such liability, the Company shall limit its liability to the full extent allowed by
applicable law. No action or proceeding shall be brought against the Company more than one (1)
year after the date on which the alleged facts occurred or were discovered.
12. Indemnification
12.1. To the fullest extent permitted by applicable law, You will indemnify, defend and hold Us
harmless and our respective past, present and future employees, officers, directors, contractors,
consultants, suppliers, vendors, service providers, parent companies, subsidiaries, affiliates,
agents, representatives, predecessors, successors and assigns from and against all claims, damages,
liabilities, losses, costs and expenses (including attorneys’ fees) that arise from or related to: (i)
Your access to the Platform and use of the Software, including, but not limited to, services other
than as expressly authorized in these Terms; (ii) violation of these Terms or of the applicable law
by You; (iii) gathering of information of the final users in violation of the data protection
regulation; (iv) use of information from the Software by You; or (v) any misrepresentation made
by You.
12.2. We reserve the right to take over the exclusive defense of any claim for which We may be entitled
to indemnification under these Terms. In such event, You shall provide Us with such
documentation and cooperation as is reasonably requested in order to carry out the
abovementioned actions.
13. Equitable Relief and Subpoena Fees
13.1. Your violation of these Terms may cause irreparable harm to Us, our directors, officers, employees,
agents and collaborators. Therefore, We have the right to seek injunctive relief or other equitable
relief if you violate these Terms (meaning we may request a court order to stop You).
13.2. If We have to provide information in response to a subpoena, court order, or other legal,
governmental, or regulatory inquiry related to your account, then We may charge You for our
costs. These fees may include attorney and employee time spent retrieving the records, preparing
documents, and participating in a deposition.
Title VI: Intellectual property rights and data protection
14. Intellectual property rights
14.1. Our IP Rights: We or our licensors, when applicable, shall retain all right, title and interest to the
Platform and the Software and any content information, material, code and technology that is part
of the Software and any other right, document or material arising from the access to the Platform
and use of our Software, including without limitation, all copyrights, software, patents,
trademarks, navigation architecture, databases, services, graphics, videos and other content and/or
visual components that make up the app other intellectual property rights, logos, icons, user
interfaces, scripts, videos, text, images, sounds, music, videos and artwork (“Our IP”).
14.2. Except with our express written permission or as permitted by applicable laws, You may not (in
whole or in part) copy, distribute, reproduce, adapt, store, transmit, decrypt, print, display,
commercialize, perform, publish or create derivative works, offer for sale or use (except as
explicitly authorized in these Terms) any part of Our IP. No rights are granted to you except as
expressly set forth in these Terms.
14.3. You also agree not to: circumvent, remove, alter, deactivate, degrade or thwart any of the content
protections in the Software; use any robot, spider, scraper or other automated means to access the
Software; decompile, reverse engineer or disassemble any software or other products or processes
accessible through the Software or the service; insert any code or product or manipulate the
content of the Software in any way; or use any data mining, data gathering or extraction method.
In addition, you agree not to upload, post, e-mail or otherwise send or transmit any material
designed to interrupt, destroy or limit the functionality of any computer software or hardware or
telecommunications equipment associated with the Software, including any software viruses or
any other computer code, files or programs.
14.4. In order to allow Us to carry out an effective control and defense Our IP, You expressly authorize
Us to collect information about your use of the Platform, about the equipment in which the
Platform is used, the connection times, the data of the connected devices, as well as any other data
that is relevant to verify the effective access of the Platform and use of the Software. Hence, You
expressly authorize Us to use the information collected during the use of the Platform as effective
evidence of the use of the same in any type of cause and procedure, of any nature, whether against
You or against any third party.
14.5. Your Content: You shall retain all right, title, and interest in and to the material, content, data, and
information (including your personal information and the personal information of others) to
which Piper retrieves or accesses at your direction or with your permission (collectively, “Your
Content”). Subject to these Terms, you grant us permission to use or disclose Your Content
(including any personal information therein) only as necessary for the Software to perform its
functions and/or as otherwise permitted by these Terms. You represent and warrant that: (i) You
own or have otherwise obtained all necessary rights, releases, and permissions to submit all Your
Content to the Platform for the use of the Software and to grant the rights granted to us in these
Terms and (ii) Your Content and its submission and use as you authorize in these Terms will not
violate (a) any applicable law, (b) any third-party intellectual property, privacy, publicity, or other
rights, or (c) any of your or third-party policies or terms governing Your Content. If We believe You are breaching security, other’s intellectual property rights, these Terms (or other
applicable terms) or our Privacy Policy, We may suspend your access to the Platform and use of
the Software and your account, if any.
15. Data protection
15.1. In accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council of 27
April 2016 on the protection of natural persons with regard to the processing of personal data and
Organic Law 3/2018 of 5 December on the Protection of Personal Data and guarantee of digital
rights, Piper informs You that it will be the data controller of their personal data of the signing
Parties of the Terms, which will be processed for the following purposes: (a) to execute and
maintain these Terms and Conditions, manage, develop, and administer the contractual
relationship; and (b) to comply with the legal obligations arising from this relationship. The
legitimacy of the data processing is based on the established contractual relationship, Piper's
legitimate interest in processing contact data, and compliance with applicable legal obligations.
Personal data may be retained until the termination of the relationship, and once terminated, the
data will be blocked for the legally required period for the fulfilment of legal obligations and
responsibilities. The data may be communicated to competent public administrations, agencies,
and authorities. Data subjects may exercise their rights of access, rectification, opposition,
restriction, erasure, portability, and to not be subject to automated decisions by contacting Us
Through the notification channels indicated in Clause 17 of these Terms. You may also file a
complaint with the Supervisory Authority, especially when they have not obtained satisfaction in
the exercise of their rights.
15.2. It is necessary for Piper to process third-party personal data on behalf of the Client in order to
perform correctly the Software. The processing of this personal data is provided under the
responsibility of the Client and carried out on behalf and for the same. For this purpose, the Client
shall act as the controller of the personal data and We shall act as the processor. In compliance
with the applicable data protection regulation, the processing of the personal data of the Client by
Piper shall be governed by the clauses of the Data Processing Agreement (“DPA”) attached as
Annex I to these This Agreement.
16. Third-party content
16.1. In the case that the Software contains or receives an action, information, content, material, data,
opinion, advertisement, promotion, logo or any link to any websites, software, mobile app,
wearable technology or any other third-party content (collectively, the “Third-Party Content”),
We hereby inform You that We are not responsible for such Third-Party Content, or any changes or
updates to them. The Third-Party Content may provide their own terms and conditions of use,
privacy policies and cookies policies that apply to You and your use of such Third-Party Content is
not governed in any manner by these Terms.
16.2. We may display Third-Party Content, which is deemed appropriate and reliable to You. However,
as We cannot control all Third-Party Content included, We make no representations or warranties
of any kind regarding such Third-Party Content, and We accept no responsibility for any loss or
damage which might arise from the use of such Third-Party Content. Accordingly, your use of or
interactions with any Third-Party Content, and any third party that provides Third-Party Content,
are solely between You and such third parties and, therefore, if You decide to access to such
Third-parties Content, You do so entirely at your own risk and subject to the terms and conditions of use for such Third-Party Content.
Title VII: Notices, miscellaneous and applicable law and jurisdiction
17. Notices
17.1. Notifications: All notices, notifications, consents and other communications required or permitted
under this Agreement shall be made in writing and English. In particular, all notices, notifications,
consents and other communications shall be sent to the following address:
The Company:
Identity: AUTOPILOT TECH, S.L.
NIF: B44745263
Adress: Príncipe de Vergara, 86, Bajo 2a, 28006-Madrid, Spain
E-mail: legal@piperai.com
Client: email or physical address detailed in the Order. You will be deemed to have received all
communications sent to that address even if the address is no longer current.
The Parties may change the addresses stated in this Agreement or, communicating them to the
other Parties, in writing and in the form indicated in the paragraphs above.
17.2. Notification of Security Incident: If We become aware of a security incident related to our systems
or databases that contain personal information of You or your contacts, We will notify You if
required by law. In that event, We will also provide You with information about that incident so
that You can evaluate the consequences to You and any legal or regulatory requirements that may
apply to You, unless we are prevented from doing so by legal, security or confidentiality
obligations. Notifying You of a security incident or cooperating with You to respond to one will
not be deemed an acknowledgement or assumption of any liability or fault of Piper for such
incident.
18. Miscellaneous
18.1. Assignment: You shall not assign or transfer your rights or obligations under these Terms, in
whole or in part, to any third party without the prior express written consent of the Company. The
Company may assign its rights and obligations under these Terms without the consent of the
Client.
18.2. Modifications: We may modify, add or remove portions of these Terms, at any time. We will
notify You before any changes. In particular, the Company reserves the right to update and change
the Terms by sending a notification through email to You. You are advised to check these Terms
from time to time for any updates or changes that may impact. If You do not agree to the modified
Terms, You should discontinue your access the Platform and use of the Software. Your continued
use and access to the Platform and use of the Software following any modification to these Terms
shall be deemed an acceptance of all modifications.
18.3. Force Majeure: The Company shall not be liable by reason of any failure or delay in the
performance of its obligations hereunder for any cause beyond the reasonable control of the Company, including but not limited to electrical outages, failure of Internet service providers,
default due to Internet disruption (including without limitation denial of service attacks), riots,
insurrection, acts of terrorism, war (or similar), fires, flood, pandemics, earthquakes, explosions,
and any other similar disaster.
18.4. Entire Agreement: The complete Terms (including the Privacy Policy and the Cookies Policies)
contain the entire understanding between We and You with respect to the access of the Platform
and use of the Software and supersedes all prior written and oral agreements and understandings
relating to this matter, which shall have no further force or effect from the date hereof.
If any provision of these Terms is determined to be invalid or unenforceable in whole or in part,
for any present or future reason, such invalidity or unenforceability shall not affect the
enforceability of any of the remaining provisions hereof. These Terms shall be construed in such a
way as if such invalid or unenforceable provisions had never been contained herein. For those
purposes, the Terms shall no longer be valid exclusively with respect to the null or invalid
provision, and none of the remaining parts or provision of these Terms shall be null, invalid,
prejudiced or affected by such nullity or invalidity.
19. Governing law and jurisdiction
19.1. These Terms. Including the Privacy Policy and Cookies Policy and your access to, and use of the
Platform and the Software shall be governed by and construed exclusively in accordance with the
laws of Spain, without giving effect to any choice or conflict of law provision or rule.
19.2. Any and all dispute, controversy, issue or claim arising out of the performance or interpretation
of these Terms, including the Privacy Policy and Cookies Policy, or related, directly or indirectly,
to the access of the Platform and use of the Software, and/or the provision of content and/or
technology on or through the Platform and the Software shall be settled by the Courts of the city
of Madrid.
Annex I
Data Processing Agreement
In order to comply with the General Terms & Conditions, it is necessary for Piper (“Data Processor”) to
access and process the personal data for and on behalf of the Client (“Data Controller” – jointly
referred as the “Parties”).
The access to personal data by the Processor on behalf of the Controller is subject to the legal provisions of
Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the
protection of natural persons with regard to the processing of personal data and on the free movement
of such data and repealing Directive 95/46/EC (General Data Protection Regulation, hereinafter
"GDPR"), as well as Organic Law 3/2018 of 5 December on the Protection of Personal Data and
guarantee of digital rights (hereinafter "LOPDGDD") insofar as it does not conflict with the GDPR, as
well as any other regulations that may be adopted in the future on this matter and that may replace or
complement them.
For this sole purpose and in compliance with article 28 of the GDPR both Parties freely agree to regulate
access to and processing of personal data in accordance with the following
Clauses
1. Purpose.
1.1. The purpose of this Data Processing Agreement (hereinafter referred to as “DPA”) is to enable the
Processor to process on behalf of the Controller the personal data necessary to comply with the
Terms & Conditions that regulates the use of the Software provided by the Processor, and to define
the conditions under which the Processor will process the personal data to which it has access
during the use of the same, establishing the obligations and responsibilities arising from the
processing of data carried out by the Processor exclusively for and in connection with the
performance of this DPA.
2. Description of the processing.
2.1. The Data Processor is authorized to process, on behalf of Data Controller, the personal to the
extent necessary to comply with the General Terms & Condition preceding this DPA.
2.2. Categories of data subjects whose personal data is processed:
☒ Employees ☒ Candidates ☒ Suppliers
☒ Clients ☒ Final users ☐ Others:
2.3. Categories of personal data.
☒ Identifying data ☒ Personal characteristics ☒ Social circumstances
☒ Professional occupation☒ Academic and professional☒ Economic and financial ☒ Transactions in
goods and services☒ Commercial information ☒ Special categories of personal data ☐ Others:
2.4. Nature of the processing:☒ Collection ☒ Recording ☒ Structuring
☒ Retrieval ☒ Consultation ☒ Use
☐ Confrontation ☒ Combination ☐ Restriction
☒ Storage ☒ Adaptation or alteration ☐ Disclosure bytransmission
☐ Dissemination ☐ Erasure ☐ Destruction
☐ Disclosure ☐ Other:
3. Obligations of the Parties.
3.1. Instructions:
(a) The Processor shall process personal data only based on documented instructions from the
Controller, unless the Processor is required to do so by law applicable to the Processor. In such a
case, the Processor shall inform the Controller of such a legal requirement prior to processing,
unless such law prohibits it for important reasons of public interest. The Controller may also give
further instructions at any time during the period of processing of the personal data. Such
instructions shall always be documented.
(b) The Processor shall immediately inform the Controller if the instructions given by this, in the
opinion of the Processor, is in breach of the GDPR or of the applicable provisions of Union or
Member State data protection law.
3.2. Limitation of the purpose of the processing: the processor shall process personal data only for the
specific purposes of the indicated herein, except when following further instructions from the
controller.
3.3. Duration of the processing of personal data: The DPA is valid as long as the Processor is
processing personal data on behalf of the Controller under the Terms and Conditions.
3.4. Record of processing activities: the Processor undertakes to keep documented a record of all
categories of processing activities carried out on behalf of the controller, containing at least all the
information required by article 30.2 of the GDPR.3.5. Security of the processing:
(a) The Data Processor must assess the possible inherent risks of the processing at the beginning of
the provision of the processing and should apply the corresponding measures to mitigate them in
order to guarantee security and compliance with the provisions on data protection regulations
These measures must guarantee and adequate level of security, including confidentiality,
considering the state of the art and the costs of implementation regarding the risks and the nature of the personal data to be protected. When assessing the risk in relation to the security of personal
data, the following must be taken into consideration: the risks arising from the processing of
personal data, such as the accidental or unlawful destruction, loss or alteration of personal data
transmitted, stored, or otherwise processed, or the unauthorized disclosure of or access to such
data, which are liable to cause physical, material or immaterial damage.
(b) The Data Processor is obliged to make available to the Data Controller, at his simple request, all
the information regarding the security measures effectively implemented, as well as to indicate the
standard, certification, security, and organizational measures that guarantee a level of security
adapted to the risk or certificate of the last audit in the field of data protection, issued by the
auditor. Likewise, the Data Processor will allow control audits to be carried out, about security
measures, by the Data Controller, if they are requested within a reasonable period.(c) The Data Processor will implement the measures detailed in its security document or protocol and
the mechanisms to: (i) ensure the ongoing confidentiality, integrity, availability and resilience of
the processing systems and services; (ii) restore availability and access to personal data, in the
event of a physical or technical incident; (iii) verify and evaluate, on a regular basis, the
effectiveness of the technical and organizational measures implemented to guarantee the security
of the processing of personal data and (iv) where appropriate pseudonymize and encrypt personal
data.
4. Assistance to the Data Controller.
4.1. The Processor will promptly, and in no event later than 3 working days following receipt of the
request, notify the Controller of requests received from the data subject. It will not respond to such
a request itself, unless the Controller has authorized it to do so.
4.2. The Processor shall assist the Controller in fulfilling its obligations when responding to requests
from data subjects to exercise their rights, considering the nature of the processing. In fulfilling its
obligations under points 4.1 and 4.2, the Processor shall comply with the instructions of the
Controller.
4.3. In addition to the Processor's obligation to assist the Controller under clause 4.2, the Processor
shall also assist the Controller in ensuring compliance with the following obligations considering
the nature of the processing and the information available to the Processor:
(a) the obligation to carry out an impact assessment of processing operations on the protection of
personal data (“Data Protection Impact Assessment”) where a type of processing is likely to result
in a high risk to the rights and freedoms of natural persons;
(b) the obligation to consult the competent supervisory authorities prior to processing where a Data
Protection Impact Assessment shows that the processing would entail a high risk if the Controller
does not take measures to mitigate the risk;
(c) The obligation to ensure that personal data is accurate and up to date by informing the Controller
without delay if the Processor discovers that the personal data it is processing is inaccurate or
outdated and (d) the obligations referred to in article 32 of the GDPR.
5. Notification of personal data security breaches.
5.1. In the event of a personal data breach processed by the Processor, it shall notify the Controller
within the first twenty-four (24) hours after becoming aware of the incident and shall send the
required documentation as soon as possible and in any case before the maximum period of
seventy-two (72) hours has elapsed. Such notification shall include at least:
(a) a description of the nature of the personal data breach (including, where possible, the categories
and approximate number of data subjects and data records affected);
(b) contact details of a representative of the Processor from whom the Controller can obtain further
information about the personal data breach and
(c) the likely consequences of the personal data breach and the measures taken or proposed to
remedy the security breach, including measures taken to mitigate any possible negative effects.
5.2. When and to the extent that it is not possible to provide all the information at once, the initial
notification shall provide the information available at that time, and additional information shall
be provided without undue delay as it becomes available.
6. Subcontracting.
6.1. Necessary subcontracting:
(a) The Processor may subcontract third parties to process personal that falls under the Controller’s
responsibility. Some of these subcontracting agreements are necessary in order to provide the
Services and are essential for the operation of the Processor's systems. The Data Processor requires
the subcontracting of the following third parties:
Name,
Postal adress,
Name, position, and contact information of the contact person,
Description of the processing and contracted service.
6.2. New subcontracting: No subcontracting of any services forming part of the subject matter of this
Data Processing Agreement involving the processing of personal data shall take place. However,
in the event that subcontracting any processing becomes necessary, the Processor shall diligently
inform the Controller, specifying the processing activities intended to be subcontracted and clearly
and unambiguously identifying the new subcontracted entity. The Processor shall proceed with
the corresponding subcontracting unless the Controller objects within a period of fifteen (15)
natural days following the notification. In any case, the processing of data by the new
subprocessor shall be in accordance with the Controller's instructions. The Processor shall enter into a contract with the new subprocessor in accordance with the terms provided in the current
data processing agreement and in compliance with Article 28 of the GDPR. In the event of
non-compliance by the new subprocessor, the Processor shall be fully liable to the Controller for
fulfilling the obligations.
7. International transfers.
7.1. Data transfers to a third country or international organization by the Processor may only be
carried out following documented instructions from the Controller or under an explicit
requirement of Union or Member State law to which the Processor is subject; and shall be carried
out in accordance with Chapter V of the GDPR.
7.2. The Controller agrees that when the Processor engages a Sub-Processor in accordance with clause
6 to carry out specific processing activities (on behalf of the Controller) and such activities involve
a transfer of personal data within the meaning of Chapter V of the GDPR, the Processor and
Sub-Processor may ensure compliance with Chapter V of the GDPR by using
Commission-approved standard contractual clauses pursuant to article 46(2) of the GDPR,
provided that the conditions for the use of such standard contractual clauses are met.
8. Breach of clauses and termination of the DPA.
8.1. Notwithstanding the provisions set forth in the GDPR, if the Processor fails to comply with the
obligations assigned to it by this DPA, the Controller may instruct the Processor to suspend the
processing of personal data until the Processor again complies with this DPA, or terminate the
same. The Processor shall promptly inform the Controller in the event that it cannot comply with
this DPA for any reason.
8.2. The Controller shall be entitled to terminate this DPA with regard to the processing of personal
data when:
(a) the processing of personal data by the Processor has been suspended by the Controller in
accordance with letter a) and compliance with this DPA is not resumed within a reasonable
period, and in any event, within a period of one (1) month from the suspension;
(b) the Processor materially or persistently breaches this DPA or the obligations assigned to it by the
GDPR;
(c) the Processor breaches a binding decision of a competent court or the competent supervisory
authority relating to the obligations assigned to it by this DPA and/or the GDPR.
8.3. The Processor shall be entitled to terminate the DPA with regard to the processing of personal data
when, after informing the Controller that its instructions infringe the legal requirements set out in
clause 6.1, letter b), of the GDPR, the Controller insists that such instructions be followed.
8.4. Upon termination of the DPA, the Processor shall, at the Controller's request, delete all personal
data processed on behalf of the Controller and provide evidence to the Controller of such deletion,
or return all personal data to the Controller and delete existing copies, unless Union or Member State law requires storage of the personal data. Until the data is destroyed or returned, the
Processor shall continue to ensure compliance with this DPA.
9. Notifications
For the purpose of complying with their obligations, the Parties establish as the address for the
realization of notifications related to this Agreement, especially those related to clauses 4 and 5 of
this Agreement:
PARTY: Processor
EMAIL: legal@piperai.com