INTRIGUE LICENSE AND TERMS OF SERVICE
Last Updated: February 23, 2021
This License and Terms of Service (“Agreement”) is a legal contract between you (either an individual or organization) and Intrigue Corp. (“we,” “us,” or “Intrigue”). Intrigue provides technology-enabled services, including the Software as a Service offering branded as Intrigue, the website at https://intrigue.io, any Mobile Apps (as defined below), and other related software, content, and services, including all versions and upgrades thereto (collectively, the “Services). It describes how you and Intrigue will interact and work together and how you may use the Services. We have tried to be as straight forward and clear as possible in these terms, but some of the language addresses legal concepts, so please consult an attorney if you have any concerns. We periodically update these terms. If you have an active Intrigue subscription, we will let you know when we do via an email or in-app notification, and you can always access and review the most current version of this Agreement at the URL for this page, or as otherwise made available by Intrigue. If you have a separate written agreement with Intrigue for the Services, then this Agreement will not apply to you.
PLEASE READ THIS AGREEMENT CAREFULLY BEFORE USING THE SERVICES. BY CREATING AN ACCOUNT ON THE SERVICES OR BY ACCESSING OR USING THE SERVICES, YOU ACCEPT THE TERMS AND CONDITIONS OF THIS AGREEMENT WITHOUT MODIFICATION AND AGREE TO BE BOUND BY THEM, INCLUDING ANY UPDATES OR REVISIONS POSTED HERE OR OTHERWISE COMMUNICATED TO YOU. IF YOU DO NOT ACCEPT THE TERMS OF THIS AGREEMENT, YOU MAY NOT CREATE AN ACCOUNT, ACCESS, OR USE THE SERVICES.
THIS AGREEMENT REQUIRES FINAL AND BINDING ARBITRATION TO RESOLVE ANY DISPUTE OR CLAIM ARISING OUT OF OR RELATING IN ANY WAY TO THIS AGREEMENT, OR YOUR ACCOUNT, ACCESS TO OR USE OF THE SERVICES, INCLUDING THE VALIDITY, APPLICABILITY OR INTERPRETATION OF THIS AGREEMENT, AND YOU AGREE THAT ANY SUCH CLAIM WILL BE RESOLVED ONLY ON AN INDIVIDUAL BASIS AND NOT IN A CLASS, CONSOLIDATED OR REPRESENTATIVE ACTION, ARBITRATION OR OTHER SIMILAR PROCESS. PLEASE REVIEW SECTION 10 CAREFULLY TO UNDERSTAND YOUR RIGHTS AND OBLIGATIONS WITH RESPECT TO THE RESOLUTION OF ANY CLAIM.
You represent and warrant that you: (a) are of legal age to form a binding contract; (b) have the right, authority, and capacity to agree to and abide by this Agreement (whether on behalf of yourself or behalf of the organization that you represent); and (c) are not a person barred from using the Services under the laws of any applicable jurisdiction. THE SERVICES ARE NOT INTENDED FOR USERS UNDER THE AGE OF 18, AND SUCH USERS ARE EXPRESSLY PROHIBITED FROM SUBMITTING ANY PERSONAL INFORMATION OR USING ANY ASPECT OF THE SERVICES, AND BY TAKING SUCH ACTIONS YOU AGREE, REPRESENT, AND WARRANT THAT YOU ARE 18 YEARS OF AGE OR OLDER.
1. License Grant, Restrictions, Use of Services
1.1 License. Your use of the Services is subject to and governed by the terms and conditions in this Agreement, including those in the applicable Order Form (as defined below). In the event of a conflict between the terms in an Order Form and this Agreement, the terms in the Order Form shall control with respect the Services provided under such Order Form. Subject to and conditioned on your compliance with the terms and conditions of this Agreement, all other applicable policies, rules, and agreements posted via the Services and those in the applicable Order Form, Intrigue grants you a non-exclusive, non-sublicensable, non-transferable, revocable, limited license use access and use the Services solely for your internal, personal business purposes to assess the security of your internet-facing assets,. You are responsible for your own acts and omissions as well as for all acts and omissions of all persons who use the Services via your account (each, a “User”) and for ensuring their compliance with this Agreement. For the purpose hereof, “Order Form” means each mutually agreed upon order on Intrigue’s Order Form template that specifies the Services, including the type or quantity of items, including the number of seats or users, the fees for such items and any additional terms applicable to the use of such items.
1.2 Mobile Apps. Intrigue may make available mobile software applications for access to and use of certain components of the Services (collectively, “Mobile Apps”). Your access to and use of Mobile Apps is subject to and governed by this Agreement. If any Mobile App is downloaded by you from the iTunes App Store (each, an “iOS Mobile App”) or other app store provider, your use of such iOS Mobile App or other app is further subject to your compliance in all material respects with the terms and conditions of the Usage Rules set forth in the iTunes App Store Terms of Service or other app store provider’s terms of service, as applicable. This Agreement is between you and Intrigue only, and not with Apple Inc. (“Apple”) or any other app store provider, and Apple or such other app store provider is not responsible for iOS Mobile Apps or such other Mobile Apps and the contents thereof; however, Apple and Apple’s (or such other app store provider and its) subsidiaries are third-party beneficiaries of this Agreement with respect to iOS Mobile Apps or Mobile Apps, as applicable.
1.3.1. No Reverse Engineering and other Limitations. You will not or attempt to (and will permit any third party to) (a) access or use the Services for any other purposes (including for any competitive analysis, commercial, professional, or other for-profit purposes); (b) copy the Services; (c) modify, adapt, or create derivative works of the Services; (d) rent, lease, loan, resell, transfer, sublicense, display or distribute the Services to any third party; (e) use or offer any functionality of the Services on a service provider, service bureau, hosted, software as a service, or time sharing basis, provide or permit other individuals or entities to create Internet “links” to the Services, or “frame” or “mirror” the Services on any other server, or wireless or Internet-based device; (f) decompile, disassemble, translate or reverse-engineer the Services or otherwise attempt to derive the Services source code, algorithms, methods or techniques used or embodied in the Services; (g) disclose to any third party the results of any benchmark tests or other evaluation of the Services, (h) remove, alter, obscure, cover or change any trademark, copyright or other proprietary notices, labels or markings from or on the Services; (i) interfere with or disrupt servers or networks connected to any website through which the Services are provided; (j) use the Services to collect or store personal data about any person or entity; (k) use the Services to build a similar or competitive product or service; or (l) use the Services for any illegal, unauthorized or otherwise improper purposes.
1.3.2. Prohibited Use. You are solely responsible and liable for all content, data, information, and other materials that you submit to the Services (“Your Content”). For example, you may not use the Services to abuse, harass, or annoy other users or individuals, to violate contractual obligations you have to others (such as contractual obligations of confidentiality), or to violate the intellectual property, privacy, and other rights of others. You will not submit, upload, or post to the Services or otherwise provide to Intrigue (a) any production data or any confidential or sensitive information, such as protected health information or consumer financial information; (b) infringing, libelous, or otherwise unlawful or tortious material; (c) software viruses, malware, or any other code, files or programs designed to interrupt, destroy or limit the functionality of any software or hardware (“Viruses”); or (d) any of Your Content that consists of unsolicited or unauthorized advertising, promotional materials, junk mail, spam, chain letters, pyramid schemes, commercial electronic messages, or any other form of solicitation. You agree that you are solely responsible for determining whether you have sufficient rights to share material in such manner, and Intrigue shall have no liability whatsoever for any injuries, losses or damages arising from such misuse of the Services, or any components or modifications thereof. Intrigue may immediately suspend your access to the Services, or delete or prevent you from accessing some or all of the materials in your account upon receipt of a complaint from a third party claiming that you or your Users have shared content, data, information, documents, or other materials to or via use of the Services in violation of such third party’s rights. Intrigue’s failure to enforce any of these prohibitions shall not act as a waiver for any future enforcement, will not be considered a breach of this Agreement by Intrigue, and does not create a private right of action for any other party.
1.3.3. Restricted Rights for Government Customers. If you are an agency or unit of the U.S. Government, the Services are provided for ultimate use by such Government entity in accordance with this Agreement and the applicable provisions of the FARs and DFARs. The Services and any related content and data are commercial computer software and commercial computer software documentation, and, as specified in FAR 12.212 or DFARS 227.7202, and their successors, as applicable, the U.S. federal government’s rights to use, reproduce or disclose such software, documentation and other information are restricted in accordance with the terms and conditions of this Agreement. Use, duplication or disclosure by the U.S. federal government is subject to the restrictions as set forth in subparagraph (c)(1)(ii) of the Rights in Technical Data and Computer Software clause at DFARS 252.227-7013 or subparagraphs (c)(1) and (2) of the Commercial Computer Software-Restricted Rights at 48 CFR 52.227-19, as applicable.
1.4 Account. You and Users may not share your account password(s) with any third party. You agree to immediately notify Intrigue of any loss or unauthorized access, disclosure, or use of your account, a personal User login, or password. When you or your users choose to share information with others or invite others to your account via features provided through the Services or otherwise, please understand that Intrigue shall not be responsible or liable to you for the consequences of such choices, including, without limitation, such individuals’ use, theft, misuse, or disclosure to others of the information you share with them. You are fully responsible for all activities that occur under your account. If your account or any User’s account remains inactive for three months or longer, Intrigue reserves the right to suspend or terminate such account, with or without notice to you, and delete all material within such account without liability.
2. Modifying and Terminating the Services. We are constantly changing and improving the Services. We may add or remove functionalities or features, and we may suspend or stop a part or all of the Services altogether for any reason, including without limitation for non-compliance with our terms or policies or if we are investigating suspected misconduct. This Agreement is effective upon the earliest of your acceptance of this Agreement, your creation of an account, or your access or use of the Services, and either party may terminate this Agreement at any time. You can stop using the Services at any time, although we’ll be sorry to see you go. We may also stop providing the Services to you (e.g., by suspending or terminating your account), or add or create new limits to the Services, at any time.
3.1. You shall pay all agreed upon fees for the Services as set forth in the applicable Order Form or as otherwise set forth in the order confirmation page (“Fees”) and in accordance with terms set forth herein or Order Form, as applicable.
3.2. Payment Terms. You will pay Fees net 30 days from the invoice date. Intrigue shall email invoices to you within five (5) business days of the date of the invoice. You shall provide Intrigue with complete and accurate billing contact information including a valid email address. All payments to Intrigue are non-refundable except as otherwise expressly provided in the applicable Order Form or order confirmation page, as applicable. All payments will be made in United States dollars via electric funds transfer, as per the instructions of Intrigue. Intrigue may invoice parts of an order confirmation or Order Form, as applicable, separately or all in one invoice. Any discounts, interests and taxes invoiced to an order confirmation or Order Form, as applicable, shall be allocated equally to each Service and licenses provided under such order confirmation or Order Form, as applicable.
3.3. Late Payments. If you fail to pay any past due invoice, Intrigue may revoke or suspend the Services until such time as you bring your account completely current. Intrigue may charge interest on all past due invoices at a rate of 1.5% per month, or the highest rate allowed by applicable law, whichever is lower. If you are delinquent in your payments for two (2) consecutive months, Intrigue may, upon written notice to you, modify the payment terms to require full pre-payment of any or all order confirmations or Order Forms, as applicable, (both currently contracted and in the future), or require other assurances to secure your payment obligations hereunder.
3.4. Taxes. All Fees exclude any and all taxes and similar fees now in force, enacted or imposed in the future on the transaction, delivery of the Services, including any sales, use or value added taxes, goods and services tax, consumption tax, customs duties or similar charges, but excluding withholding taxes and taxes solely based on Intrigue’s net income, and you shall be responsible for payment of all such taxes, duties and charges, and any related penalties and interest arising from the payment of such amounts. If you are legally required to withhold any amounts to be paid to Intrigue, you will deduct such taxes from the amount otherwise owed, pay the tax to the appropriate taxing authority, and provide to Intrigue on a timely basis properly executed certificates, receipts or other documentation as evidence of such tax payment to the taxing authority, sufficient to permit Intrigue to establish Intrigue’s right to a credit for such taxes against Intrigue’s income tax liability. You shall provide Intrigue with such assistance as Intrigue shall reasonably request in connection with any application by Intrigue to qualify for the benefit of a reduced rate of withholding taxation under the terms of any applicable income tax treaty.
4. Proprietary Rights
4.1. Reservation of Rights in the Services. The Services furnished under this Agreement are licensed and not sold to you, and all rights not expressly granted in this Agreement are reserved by Intrigue. Intrigue possesses all right, title and interest in and to the Services and all copyrights, patents, trademarks, service marks, trade names, trade dress, trade secrets and any other proprietary rights that are associated with the Services throughout the world, and you acknowledge that you receive no right, title or interest to the Services except for the limited rights provided within this Agreement. Intrigue also retains title to any and all copies made of any embodiments or features of the Services, and upon any termination of this Agreement, all such copies must be returned to Intrigue or destroyed, at Intrigue’s instruction. You have no rights to receive any source or object code for the Services, or to use the Services except as expressly set forth in this Agreement. You agree not to contest Intrigue’s title and intellectual property rights in or to the Services.
4.2. Confidential Information.
4.1.1 Nondisclosure. “Confidential Information” means the proprietary information provided or made available by one party (the “Disclosing Party”) to the other party (the “Receiving Party”), which is marked “confidential” or “proprietary” at the time of disclosure by the Disclosing Party, or by its nature or content would reasonably be considered confidential under the circumstances by the Receiving Party, including without limitation, information (tangible or intangible) regarding a party’s technology, designs, techniques, research, know-how, specifications, product plans, pricing, customer information, user data, current or future strategic information, current or future business plans, policies or practices, employee information, and other business and technical information. Confidential Information of Intrigue includes the Services and the pricing of the Services. Receiving Party agrees that it will not (a) use the Disclosing Party’s Confidential Information in any way, for its own benefit or the benefit of any third party, except as expressly permitted by, or as required to implement, this Agreement, or (b) disclose to any third party (except as expressly permitted by this Agreement, required by law or to such party’s attorneys, accountants and other advisors as reasonably necessary or contractors that are bound by written agreements at least as restrictive as this Agreement) any Confidential Information of the Disclosing Party. Receiving Party will secure and protect the confidentiality of the Confidential Information of the Disclosing Party using precautions that are at least as stringent as it takes to protect its own Confidential Information, but in no case less than reasonable precautions.
4.1.2 Exceptions. Receiving Party will have no obligations of confidentiality under Section 4.2.1 for information that is proven by Receiving Party (a) to have been known to Receiving Party prior to its receipt from Disclosing Party from a source other than one having an obligation of confidentiality to Disclosing Party; (b) to have become publicly known, except through a breach of this Agreement by Receiving Party; or (c) to have been entirely independently developed by Receiving Party without use of or reference to the Confidential Information of Disclosing Party. Receiving Party may disclose Confidential Information pursuant to the requirements of a governmental agency or applicable law, provided that, to the extent permitted, it will give Disclosing Party reasonable prior written notice sufficient to permit Disclosing Party to contest such disclosure.
4.2 Feedback. All discoveries, developments, techniques, advice, feedback, suggestions, improvements and similar information developed or provided by you related to the Services (“Feedback”) shall be the sole property of Intrigue, and you hereby assign to Intrigue your entire right, title, and interest in and to any such Feedback. Intrigue shall be the sole owner of all patents, copyrights, and other rights arising therefrom or in connection therewith, and may freely use, reproduce, modify, adapt, create derivative works from, publicly perform, publicly display, distribute, make, have made, assign, pledge, transfer or otherwise grant rights in the Feedback in any form and any medium (whether now known or later developed) without your consent or any obligation to render an accounting or share profits or royalties.
4.3 Content You Submit. The Services allow you to submit content, such as data, information, or other materials. You retain ownership of any intellectual property rights that you hold in that content. When you upload or otherwise submit content to Intrigue or the Services, you give Intrigue (and those we work with) a royalty-free, worldwide license to use, host, store, reproduce, modify, create derivative works (including changes we make at your request or so that your content works better with Services), communicate, publish, and distribute such content. The rights you grant in this license are for the limited purpose of operating, promoting, and improving the Services, and to develop new products and services. This license continues beyond termination of this Agreement, even if you stop using the Services. Make sure you have the necessary rights to grant us this license for any data or content that you submit to Services.
4.5 Copyright Protection
As we ask others to respect our intellectual property rights, we respect the intellectual property rights of others, and require our users and customers to do so. If you are a copyright owner or its agent and believe that any content residing on or accessible through the Services infringes upon your copyrights, you may submit a notification under the Digital Millennium Copyright Act (“DMCA”) by providing our Copyright Agent (the “Designated Agent”) with the following information in writing (see 17 U.S.C § 512(c)(3) for further detail):
• Identification of the work or material being infringed.
• Identification of the material that is claimed to be infringing, including its location, with sufficient detail so that we are capable of finding it and verifying its existence.
• Contact information for the notifying party (the "Notifying Party"), including name, address, telephone number, and email address.
• A statement that the Notifying Party has a good faith belief that the material is not authorized by the copyright owner, its agent or law.
• A statement made under penalty of perjury that the information provided in the notice is accurate and that the Notifying Party is authorized to make the complaint on behalf of the copyright owner.
• A physical or electronic signature of a person authorized to act on behalf of the owner of the copyright that has been allegedly infringed.
Please also note that the information provided in a notice of copyright infringement may be forwarded to the user who posted the allegedly infringing content. After removing material in response to a valid DMCA notice, we will notify the user responsible for the allegedly infringing material that we have removed or disabled access to the material. We reserve the right, in our sole discretion, to terminate any user for actual or apparent copyright infringement.
If you believe you are the wrongful subject of a DMCA notification, you may file a counter-notification with us by providing the following information to the Designated Agent at the address below:
• The specific URLs of material that we have removed or to which we have disabled access.
• Your name, address, telephone number, and email address.
• A statement that you consent to the jurisdiction of U.S. District Court for the Eastern District of Pennsylvania, and that you will accept service of process from the person who provided the original DMCA notification or an agent of such person.
• The following statement: "I swear, under penalty of perjury, that I have a good faith belief that the material was removed or disabled as a result of a mistake or misidentification of the material to be removed or disabled."
• Your signature.
Upon receipt of a valid counter-notification, we will forward it to Notifying Party who submitted the original DMCA notification. The original Notifying Party (or the copyright holder he or she represents) will then have ten (10) days to notify us that he or she has filed legal action relating to the allegedly infringing material. If we do not receive any such notification within ten (10) days, we may restore the material to the Services.
The contact information for our Designated Agent is:
Attention: Copyright Agent
13359 N Hwy 183 #406-1064
Austin, TX 78750.
Email: [email protected]
If you believe that any of your intellectual property rights other than copyrights have been infringed, please e-mail us at [email protected] We reserve the right, in our sole and absolute discretion, to suspend or terminate any user who infringes the intellectual property rights of Intrigue or others, and to remove, delete, edit or disable access to such person’s content. You agree that we have no liability for any action taken under this section.
5 Data Privacy
5.2 Data Processing. If you are considered a data controller providing your Users’ personal information to Intrigue through the Services, then Intrigue will process, store, and use such personal information in accordance with Intrigue’s Data Processing Addendum attached hereto as Addendum A. Intrigue will maintain a security program materially in accordance with industry standards that are designed to protect the security, confidentiality and integrity of such personal information.
5.3 Usage Data. Despite any other provision in this Agreement, Intrigue may publish, share, or otherwise distribute, to any party, analytics, statistics, or other data related to your and your Users’ use of the Services (“Usage Data”), provided that such Usage Data are aggregated with the data from other Intrigue customers or users in a manner that does not allow usage data about you or your Users to be separated from the aggregate data and identified as originating from you.
6 Warranties and Disclaimers.
6.1 Mutual Warranties. Each party warrants to the other that: (a) it has the legal power and authority to enter into this Agreement; (b) it shall at all times comply with all privacy, data security and other laws and regulations applicable to their activities and geographic territory; and (c) the performance of its obligations and duties pursuant to this Agreement does not conflict with any contractual obligations owed to any third party (including, without limitation, obligations of confidentiality).
6.2 No Warranty. TO THE FULLEST EXTENT PERMITTED BY APPLICABLE LAW, AND EXCEPT FOR THE EXPRESS WARRANTIES SET OUT IN THIS SECTION 6, THE SERVICES, INCLUDING ANY DOCUMENTATION, ARE PROVIDED “AS IS,” “AS AVAILABLE,” WITH ALL FAULTS, AND YOUR USE OF THE SERVICES IS AT YOUR SOLE RISK. INTRIGUE MAKES, AND YOU RECEIVE, NO OTHER EXPRESS OR IMPLIED WARRANTIES OF ANY KIND, AND INTRIGUE SPECIFICALLY DISCLAIMS AND EXCLUDES ALL OTHER REPRESENTATIONS OR WARRANTIES, EXPRESS OR IMPLIED, STATUTORY OR OTHERWISE, INCLUDING WITHOUT LIMITATION, ALL WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, TITLE, NON-INFRINGEMENT, AND ALL WARRANTIES ARISING FROM COURSE OF PERFORMANCE, COURSE OF DEALING, OR USAGE OF TRADE; AND ALL STATUTORY REMEDIES. INTRIGUE DOES NOT WARRANT THAT THE SERVICES, OR ANY OTHER PRODUCT OR SERVICE PROVIDED HEREUNDER, WILL BE UNINTERRUPTED, ERROR-FREE, VIRUS-FREE OR SECURE. NO STATEMENT, WHETHER MADE BY INTRIGUE’S EMPLOYEES, AGENTS, OR OTHERWISE, SHALL BE DEEMED TO BE A WARRANTY BY INTRIGUE FOR ANY PURPOSE OR TO GIVE RISE TO ANY LIABILITY ON THE PART OF INTRIGUE. THIS DISCLAIMER OF WARRANTY MAY NOT BE VALID IN SOME JURISDICTIONS AND YOU MAY HAVE WARRANTY RIGHTS UNDER LAW WHICH MAY NOT BE WAIVED OR DISCLAIMED. ANY SUCH WARRANTY EXTENDS ONLY FOR THIRTY (30) DAYS FROM THE EFFECTIVE DATE OF THIS AGREEMENT (UNLESS SUCH LAW PROVIDES OTHERWISE).
7 Indemnification. You hereby agree to defend, at your own expense, and hold harmless Intrigue, from and against all third party claims, suits, and actions against Intrigue to the extent resulting from or arising out of (a) your or the Users’ actual or alleged breach of any of your representations, warranties, or obligations under the Agreement; (b) your or the Users’ use or misuse of the Services, including, without limitation, by using the Services in violation of this Agreement or any other applicable polices, agreements, or rules posted via the Services or otherwise made available to you; or (c) any content or data submitted by you or the Users through the Services, including any Viruses or other material that violates any third party proprietary rights or any contractual or fiduciary obligation owed to a third party (including, without limitation, contractual confidentiality obligations owed to a third party). You further agree to fully indemnify Intrigue from all losses, expenses, damages and costs (including, but not limited to, reasonable attorneys' fees), to the extent arising from such a claim, suit, or action.
8 Limitation of Liability.
8.1 Waiver of Consequential Damages. TO THE FULLEST EXTENT PERMITTED BY APPLICABLE LAW, INTRIGUE AND OUR AFFILIATES WILL NOT BE RESPONSIBLE FOR ANY LOST PROFITS OR REVENUES, LOSS OF OR INABILITY TO ACCESS DATA, INFORMATION, AND OTHER CONTENT, LOSS OF GOODWILL OR FINANCIAL LOSSES, OR INDIRECT, INCIDENTAL, SPECIAL, CONSEQUENTIAL, EXEMPLARY, OR PUNITIVE DAMAGES, ARISING OUT OF OR IN CONNECTION WITH THIS AGREEMENT OR THE USE OR PERFORMANCE OF THE SERVICES. WITHOUT LIMITING THE FOREGOING, INTRIGUE WILL HAVE NO LIABILITY OR RESPONSIBILITY FOR ANY BUSINESS INTERRUPTION OR LOSS OF DATA ARISING FROM THE AUTOMATIC TERMINATION OF THE LICENSE RIGHTS GRANTED HEREIN AND ANY ASSOCIATED CESSATION OF THE SERVICES, ITS FUNCTIONS, ANY UNANTICIPATED OR UNSCHEDULED DOWNTIME FOR ANY REASON OR ANY DELETION, CORRUPTION OR DAMAGE OF DATA ON OR THROUGH THE SERVICES.
8.2 Damages Cap. TO THE FULLEST EXTENT PERMITTED BY LAW, THE TOTAL LIABILITY OF INTRIGUE AND OUR AFFILIATES FOR ANY AND ALL CLAIMS UNDER THIS AGREEMENT, INCLUDING RELATED TO YOUR USE OF THE SERVICES, IS LIMITED TO, IN THE AGGREGATE, THE GREATER OF (a) THE AMOUNT YOU PAID US TO USE THE SERVICES IN THE TWELVE (12) MONTH PERIOD PRIOR TO THE DATE THE CLAIM(S) FIRST AROSE OR (b) USD $50.
8.3 Exclusions. IN ALL CASES, INTRIGUE AND ITS AFFILIATES WILL NOT BE LIABLE FOR ANY LOSS OR DAMAGE THAT IS NOT REASONABLY FORESEEABLE OR THAT IS DUE TO EVENTS OUTSIDE OF OUR REASONABLE CONTROL, SUCH AS WARS, CRIMINAL ACTIVITIES, STORMS, NATURAL DISASTERS, ACTS OF GOVERNMENT, ACTS OF THIRD PARTIES, SUPPLY INTERRUPTIONS, OR TELECOMMUNICATION OR INTERNET FAILURES. IN NO EVENT WILL INTRIGUE HAVE ANY LIABILITY WHATSOEVER WITH REGARD TO ANY CONTENT, DATA, OR OTHER MATERIAL UPLOADED TO THE SERVICES BY YOU, YOUR USERS, OR ANY OTHER CUSTOMER OF INTRIGUE.
8.4 Material Part of Agreement. THE FOREGOING LIMITATIONS, EXCLUSIONS AND DISCLAIMERS, INCLUDING DISCLAIMERS OF WARRANTIES, SHALL APPLY REGARDLESS OF WHETHER SUCH LIABILITY ARISES FROM ANY CLAIM BASED UPON CONTRACT, WARRANTY, TORT (INCLUDING NEGLIGENCE), STRICT LIABILITY OR OTHERWISE, AND WHETHER OR NOT THE PARTY HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH LOSS OR DAMAGE. INSOFAR AS APPLICABLE LAW PROHIBITS ANY LIMITATION ON LIABILITY HEREIN, THE PARTIES AGREE THAT SUCH LIMITATION WILL BE AUTOMATICALLY MODIFIED, BUT ONLY TO THE EXTENT SO AS TO MAKE THE LIMITATION COMPLIANT WITH APPLICABLE LAW. THE PARTIES AGREE THAT THE LIMITATIONS ON LIABILITIES SET FORTH HEREIN ARE AGREED ALLOCATIONS OF RISK AND SUCH LIMITATIONS WILL APPLY NOTWITHSTANDING THE FAILURE OF ESSENTIAL PURPOSE OF ANY LIMITED REMEDY.
9 Governing Law. This Agreement shall be governed by and construed and enforced in accordance with the United States Federal Arbitration Act, other applicable federal laws and the laws of the State of Texas, without regard to conflict of laws principles. The parties agree that neither the United Nations Convention on Contracts for the International Sale of Goods, nor the Uniform Computer Information Transaction Act (UCITA) shall apply to this Agreement, regardless of the states in which the parties do business or are incorporated.
10 Binding Arbitration and Class Action Waiver
10.1 ALL CLAIMS ARISING IN CONNECTION WITH THIS AGREEMENT SHALL BE RESOLVED BY FINAL AND BINDING ARBITRATION RATHER THAN IN COURT, EXCEPT THAT YOU MAY ASSERT CLAIMS IN SMALL CLAIMS COURT (DEFINED FOR THE PURPOSES OF THIS AGREEMENT AS A COURT OF LIMITED JURISDICTION THAT MAY ONLY HEAR CLAIMS NOT EXCEEDING $5,000) IF YOUR CLAIMS ARE WITHIN THE COURT’S JURISDICTION. THERE IS NO JUDGE OR JURY IN ARBITRATION, AND COURT REVIEW OF AN ARBITRATION AWARD IS LIMITED.
10.2 The arbitration shall be conducted by the American Arbitration Association (AAA) under its then-applicable Commercial Arbitration Rules or, as appropriate, its Consumer Arbitration Rules. The AAA’s rules are available at http://www.adr.org/. Payment of all filing, administration and arbitrator fees shall be governed by the AAA’s rules. The arbitration shall be conducted in the English language by a single independent and neutral arbitrator. For any hearing conducted in person as part of the arbitration, you agree that such hearing shall be conducted in Austin, Texas or, if the Consumer Arbitration Rules apply, another location reasonably convenient to both parties with due consideration of their ability to travel and other pertinent circumstances, as determined by the arbitrator. The decision of the arbitrator shall be final and binding. Judgment on the arbitral award may be entered in any court of competent jurisdiction.
10.3 WE EACH AGREE THAT ALL CLAIMS SHALL BE RESOLVED ONLY ON AN INDIVIDUAL BASIS AND NOT IN A CLASS, CONSOLIDATED OR REPRESENTATIVE ACTION OR OTHER SIMILAR PROCESS (INCLUDING ARBITRATION). IF FOR ANY REASON A CLAIM PROCEEDS IN COURT RATHER THAN IN ARBITRATION, WE EACH WAIVE ANY RIGHT TO A JURY TRIAL AND AGREE THAT SUCH CLAIM SHALL BE BROUGHT ONLY IN A COURT OF COMPETENT JURISDICTION IN AUSTIN, TEXAS. YOU HEREBY SUBMIT TO THE PERSONAL JURISDICTION AND VENUE OF SUCH COURTS AND WAIVE ANY OBJECTION ON THE GROUNDS OF VENUE, FORUM NON-CONVENIENS OR ANY SIMILAR GROUNDS WITH RESPECT TO ANY SUCH CLAIM.
10.4 Notwithstanding anything to the contrary, you and Intrigue may seek injunctive relief and any other equitable remedies from any court of competent jurisdiction to protect its intellectual property rights, whether in aid of, pending, or independently of the resolution of any dispute pursuant to the arbitration procedures set forth in this Section 10.
10.5 If Intrigue implements any material change to this Section 10, such change shall not apply to any claim for which you provided written notice to Intrigue before the implementation of the change.
11.1 Notices. All notices or reports shall be in writing and shall be delivered by personal delivery, facsimile transmission, e-mail, overnight mail or by certified or registered mail, return receipt requested, and shall be deemed given upon personal delivery, five days after deposit in the mail, or upon acknowledgment or confirmation of delivery of e-mail or facsimile transmission. Notices to Intrigue shall be sent to Intrigue Corp., 1109 Fiesta St. #2, Austin, TX 78702 (or such other address as Intrigue designates by notice sent pursuant to this paragraph), and shall be addressed to Intrigue’s CEO. All notices to you may be sent to the latest business or e-mail address associated with your account on the Services.
11.2 No Agency. The parties to this Agreement are independent contractors and nothing in this Agreement shall be deemed to create a joint venture, partnership, or agency relationship between the parties in this Agreement. There are no third party beneficiaries to this Agreement.
11.3 Waiver. If one party fails to enforce a provision of this Agreement, it shall not be precluded from enforcing the same provision at another time. To be effective any waiver must be in writing and executed by an authorized signatory of the party to be charged with such waiver.
11.4 Severability. If any provision of this Agreement is deemed unenforceable or invalid by law or by a court decision, the provision shall be changed and interpreted, if possible, to accomplish the intent of the provision within the constraints of the law. Only that provision that is deemed unenforceable or invalid, and not the entire Agreement, shall be invalidated.
11.5 Assignment. You may not assign this Agreement, in whole or in part, whether voluntarily or by operation of law, contract, merger (whether you are the surviving or disappearing entity), stock or asset sale, consolidation, dissolution, through government action or otherwise, to any third party or agency without the prior written consent of Intrigue. Intrigue may assign or delegate this Agreement, in whole or in part, without consent at any time. Intrigue may also, without notice, utilize subcontractors and agents to provide aspects of the Services. Subject to the foregoing, this Agreement will bind and inure to the benefit of the parties’ permitted successors and assigns.
11.6 Modifications. We may modify these terms or any additional terms that apply to Services at any time. For example, we may make changes or add terms to reflect changes to the law or changes to the Services. You should look at the terms regularly and the “Last Updated” date at the beginning of these terms. We will post notice of modified additional terms in the Services, or notify you by email. Changes will not apply retroactively and will become effective when they are posted. Your continued use of the Services after such a modification signifies your acceptance of such modified terms. If you do not agree to the modified terms, you should discontinue your use of Services.
11.7 Entire Agreement. This Agreement, including all applicable Order Forms, addenda, exhibits, additional terms incorporated herein by reference, and attachments hereto, constitutes the sole, final and entire agreement between the parties with respect to the subject matter hereof, and supersedes any and all prior and contemporaneous understandings and agreements (and all such agreements are hereby terminated), written and oral, regarding such subject matter. This Agreement may not be amended by you except in a writing executed by you and an authorized representative of Intrigue. The provisions of any such order and addendum shall govern and take precedence over any conflicting or inconsistent provisions of this Agreement.
11.8 Compliance with Laws. Each party will comply with all applicable foreign, federal, state, and local laws, rules and regulations, including without limitation, U.S. export laws and import and use laws of the country where the Services are delivered or used, and all applicable laws relating to bribery or corruption. Under these laws, the Services may not be sold, leased, downloaded, moved, exported, re-exported, or transferred across borders without a license, or approval from the relevant government authority, to any country, including countries embargoed by the U.S. Government (currently Cuba, Iran, North Korea, Northern Sudan and Syria); or to any restricted or denied end-user including, but not limited to, any person or entity prohibited by the U.S. Office of Foreign Assets Control; or for any restricted end-use. You will maintain throughout your use of the Services all rights and licenses that are required with respect to such use.
11.9 Electronic Execution and Disclosures. You acknowledge and agree that by clicking on the button labeled “I Agree” or “I Accept” or such similar or equivalent buttons, checkboxes or links as may be designated by Intrigue to accept this Agreement hereunder, you are submitting a legally binding electronic signature and are entering into a legally binding contract. You acknowledge that your electronic submissions constitute your agreement and intent to be bound by this Agreement. Pursuant to any applicable statutes, regulations, rules, ordinances or other laws, including, without limitation, the United States Electronic Signatures in Global and National Commerce Act, P.L. 106-229 (the "E-Sign Act") or other similar statutes, YOU HEREBY AGREE TO THE USE OF ELECTRONIC SIGNATURES, CONTRACTS, ORDERS AND OTHER RECORDS AND TO ELECTRONIC DELIVERY OF NOTICES, POLICIES AND RECORDS OF TRANSACTIONS INITIATED OR COMPLETED THROUGH THE SERVICES OFFERED BY INTRIGUE. Further, you hereby waive any rights or requirements under any statutes, regulations, rules, ordinances or other laws in any jurisdiction which require an original signature or delivery or retention of non-electronic records, or to payments or the granting of credits by other than electronic means.
Data Processing Addendum
Insofar as the Intrigue Corp. (“Data Processor”) will be processing personal data on your behalf (“Data Controller”) in the course of performing Intrigue License and Terms of Service (the “Agreement”), the terms of this Data Processing Addendum (“DPA”) shall apply. Any capitalized terms not otherwise defined in this DPA shall have the meaning given to them in the Agreement. In the event of a conflict between any provisions of the Agreement and this DPA, the provisions of this DPA shall govern and control with regard to the processing of personal data. References to “Data Protection Laws” shall mean any law applicable to Data Processor’s processing or use of personal data, including (to the extent applicable), (a) (i) prior to 25 May 2018, Directive 95/46/EC of the European Parliament and of the Council on the protection of individuals with regard to the processing of personal data and on the free movement of such data (“Directive”) and on and after 25 May 2018, Regulation 2016/679 of the European Parliament and of the Council on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (General Data Protection Regulation) (“GDPR”); and (ii) Directive 2002/58/EC concerning the processing of personal data and the protection of privacy in the electronic communications sector and applicable national implementations of it (as may be amended, superseded or replaced), and (b) The California Consumer Privacy Act of 2018, AB375, Title 1.81.5, § 1798.100 et seq., including any implementing law, as amended (“CCPA”).
a) Data Processor will only process, store, and use the personal data it receives from the Data Controller as necessary to provide the Data Processor’s services to the Data Controller, the business purposes as set forth in the Agreement, or Data Controller’s prior written instructions. The Data Processor shall never retain, use, disclose, sell, or process the personal data other than as specified in the Data Controller’s documented instructions or as otherwise permitted by law.
b) The Data Controller has all necessary rights to provide the personal data to the Data Processor for the processing to be performed in connection with the Services. To the extent required by Data Protection Laws, the Data Controller is responsible for providing all necessary privacy notices to data subjects, and unless another legal basis set forth in the Data Protection Laws supports the lawfulness of the processing, and for obtaining any necessary consents from data subject to the processing required under the Agreement. Should such a consent be revoked by a data subject, the Data Controller will inform the Data Processor of such revocation, and the Data Processor is responsible for implementing Data Controller’s instruction with respect to the processing of such personal data.
The Data Processor shall treat all personal data as Confidential Information under the Agreement, and it shall inform all its employees, agents and approved sub-processors engaged in processing the personal data of the confidential nature of the personal data. The Data Processor shall ensure that all such persons or parties have signed confidentiality agreements with obligations no less restrictive in the use and protection of Confidential Information than those in the Agreement.
3. Security Measures.
a) Considering the state of the art, the costs of implementation and the nature, scope, context and purposes of processing as well as the risk of varying likelihood and severity for the rights and freedoms of natural persons, the Data Processor shall implement appropriate technical and organizational measures to ensure a level of security of the processing of personal data appropriate to the risk. The Data Processor shall maintain and follow written security policies that are fully implemented and applicable to the processing of personal data. At a minimum, such policies will include assignment of internal responsibility for information security management, devoting adequate personnel resources to information security, carrying out verification checks on permanent staff who will have access to the personal data, conducting appropriate background checks, requiring employees, vendors and others with access to personal data to enter into written confidentiality agreements, and conducting training to make employees and others with access to the personal data aware of information security risks presented by the processing.
b) At the request of the Data Controller, the Data Processor shall demonstrate the measures it has taken pursuant to this Article 3 and shall allow the Data Controller to audit and test such measures, to the extent it does not require providing access to other customers’ data. Subject to such restriction, the Data Processor shall cooperate with such audits carried out by or on behalf of the Data Controller, shall grant the Data Controller´s auditors reasonable access to any premises and devices involved with the processing of the personal data, and shall provide the Data Controller´s auditors with access to any information relating to the processing of the personal data as may be reasonably required by the Data Controller to ascertain the Data Processor´s compliance with this DPA.
4. Data Transfers.
Data Processor may transfer personal data across the border to a country outside of the United States, as necessary to provide the Services. Upon request by the Data Controller, Data Processor will provide details of its transfers of the European Economic Area (the “EEA”) personal data outside of the United States.
Solely to the extent Data Controller transfers any personal data from (a) the EEA, or (b) a jurisdiction where a European Commission positive adequacy decision under Article 25(6) of Directive 95/46/EC is in force and covers such transfer, then the parties agree that such personal data is subject to the model contractual clauses attached hereto as Appendix 1 and annexed to Commission Decision 2004/915/EC (the “Clauses”), which are hereby incorporated into the Agreement. In such cases, Data Controller is the ‘data exporter’ and Data Processor is the ‘data importer’ as defined in the Clauses.
5. Security Breach.
The Data Processor will notify the Data Controller without undue delay upon discovery of any suspected or actual security or confidentiality breach or other compromise of personal data, describing the breach in reasonable detail, the status of any investigation or mitigation taken by the Data Processor, and if applicable, the potential number of data subjects affected. Data Processor will not communicate with any third party regarding any security breach except as specified by other party or by applicable law.
The Data Processor may subcontract any of its Services-related activities or allow any personal data to be processed by a third party, provided that such subprocessors are bound by data protection obligations compatible with those of the Data Processor under this DPA.
7. Data Subject Rights.
The Data Processor shall assist the Data Controller by appropriate technical and organizational measures, insofar as it is possible, for the fulfilment of the Data Controller’s obligation to respond to requests for exercising the data subject’s rights under the Data Protection Laws.
Appendix 1 – Model Clauses
Data Controller and Data Processor have agreed on the following Contractual Clauses (the Clauses) in order to adduce adequate safeguards with respect to the protection of privacy and fundamental rights and freedoms of individuals for the transfer by the data exporter to the data importer of the personal data specified in Appendix 1/A.
‘the data exporter’ means the controller who transfers the personal data;
‘the data importer’ means the processor who agrees to receive from the data exporter personal data intended for processing on his behalf after the transfer in accordance with his instructions and the terms of the Clauses and who is not subject to a third country’s system ensuring adequate protection within the meaning of Article 25(1) of Directive 95/46/EC;
‘the sub-processor’ means any processor engaged by the data importer or by any other sub-processor of the data importer who agrees to receive from the data importer or from any other sub-processor of the data importer personal data exclusively intended for processing activities to be carried out on behalf of the data exporter after the transfer in accordance with his instructions, the terms of the Clauses and the terms of the written subcontract;
‘the applicable data protection law’ means the legislation protecting the fundamental rights and freedoms of individuals and, in particular, their right to privacy with respect to the processing of personal data applicable to a data controller in the Member State in which the data exporter is established;
‘technical and organizational security measures’ means those measures aimed at protecting personal data against accidental or unlawful destruction or accidental loss, alteration, unauthorized disclosure or access, in particular where the processing involves the trans-mission of data over a network, and against all other unlawful forms of processing.
Details of the transfer
The details of the transfer and in particular the special categories of personal data where applicable are specified in Appendix 1/A which forms an integral part of the Clauses.
Third-party beneficiary clause
a. The data subject can enforce against the data exporter this Clause, Clause 4(b) to (i), Clause 5(a) to (e), and (g) to (j), Clause 6(1) and (2), Clause 7, Clause 8(2), and Clauses 9 to 12 as third-party beneficiary.
b. The data subject can enforce against the data importer this Clause, Clause 5(a) to (e) and (g), Clause 6, Clause 7, Clause 8(2), and Clauses 9 to 12, in cases where the data exporter has factually disappeared or has ceased to exist in law unless any successor entity has assumed the entire legal obligations of the data exporter by contract or by operation of law, as a result of which it takes on the rights and obligations of the data exporter, in which case the data subject can enforce them against such entity.
c. The data subject can enforce against the sub-processor this Clause, Clause 5(a) to (e) and (g), Clause 6, Clause 7, Clause 8(2), and Clauses 9 to 12, in cases where both the data exporter and the data importer have factually disappeared or ceased to exist in law or have become insolvent, unless any successor entity has assumed the entire legal obligations of the data exporter by contract or by operation of law as a result of which it takes on the rights and obligations of the data exporter, in which case the data subject can enforce them against such entity. Such third-party liability of the sub- processor shall be limited to its own processing operations under the Clauses.
d. The parties do not object to a data subject being represented by an association or other body if the data subject so expressly wishes and if permitted by national law.
Obligations of the data exporter
The data exporter agrees and warrants:
(a) that the processing, including the transfer itself, of the personal data has been and will continue to be carried out in accordance with the relevant provisions of the applicable data protection law (and, where applicable, has been notified to the relevant authorities of the Member State where the data exporter is established) and does not violate the relevant provisions of that State;
(b) that it has instructed and throughout the duration of the personal data-processing services will instruct the data importer to process the personal data transferred only on the data exporter’s behalf and in accordance with the applicable data protection law and the Clauses;
(c) that the data importer will provide sufficient guarantees in respect of the technical and organizational security measures specified in Appendix 1/B to this contract;
(d) that after assessment of the requirements of the applicable data protection law, the security measures are appropriate to protect personal data against accidental or un-lawful destruction or accidental loss, alteration, unauthorized disclosure or access, in particular where the processing involves the transmission of data over a network, and against all other unlawful forms of processing, and that these measures ensure a level of security appropriate to the risks presented by the processing and the nature of the data to be protected having regard to the state of the art and the cost of their implementation;
(e) that it will ensure compliance with the security measures;
(f) that, if the transfer involves special categories of data, the data subject has been informed or will be informed before, or as soon as possible after, the transfer that its data could be transmitted to a third country not providing adequate protection within the meaning of Directive 95/46/EC;
(g) to forward any notification received from the data importer or any sub-processor pursuant to Clause 5(b) and Clause 8(3) to the data protection supervisory authority if the data exporter decides to continue the transfer or to lift the suspension;
(h) to make available to the data subjects upon request a copy of the Clauses, with the exception of Appendix 1/B, and a summary description of the security measures, as well as a copy of any contract for sub-processing services which has to be made in accordance with the Clauses, unless the Clauses or the contract contain commercial information, in which case it may remove such commercial information;
(i) that, in the event of sub-processing, the processing activity is carried out in accordance with Clause 11 by a sub- processor providing at least the same level of protection for the personal data and the rights of data subject as the data importer under the Clauses; and
(j) that it will ensure compliance with Clause 4(a) to (i).
Obligations of the data importer
The data importer agrees and warrants:
(a) to process the personal data only on behalf of the data exporter and in compliance with its instructions and the Clauses; if it cannot provide such compliance for whatever reasons, it agrees to inform promptly the data exporter of its inability to comply, in which case the data exporter is entitled to suspend the transfer of data and/or terminate the contract;
(b) that it has no reason to believe that the legislation applicable to it prevents it from fulfilling the instructions received from the data exporter and its obligations under the contract and that in the event of a change in this legislation which is likely to have a substantial adverse effect on the warranties and obligations provided by the Clauses, it will promptly notify the change to the data exporter as soon as it is aware, in which case the data exporter is entitled to suspend the transfer of data and/or terminate the contract;
(c) that it has implemented the technical and organizational security measures specified in Appendix 1/B before processing the personal data transferred;
(d) that it will promptly notify the data exporter about:
i. any legally binding request for disclosure of the personal data by a law enforcement authority unless otherwise prohibited, such as a prohibition under criminal law to preserve the confidentiality of a law enforcement investigation;
ii. any accidental or unauthorized access; and
iii. any request received directly from the data subjects without responding to that request, unless it has been otherwise authorized to do so;
(e) to deal promptly and properly with all inquiries from the data exporter relating to its processing of the personal data subject to the transfer and to abide by the advice of the supervisory authority with regard to the processing of the data transferred;
(f) at the request of the data exporter to submit its data-processing facilities for audit of the processing activities covered by the Clauses which shall be carried out by the data exporter or an inspection body composed of independent members and in possession of the required professional qualifications bound by a duty of confidentiality, select-ed by the data exporter, where applicable, in agreement with the supervisory authority;
(g) to make available to the data subject upon request a copy of the Clauses, or any existing contract for sub-processing, unless the Clauses or contract contain commercial information, in which case it may remove such commercial information, with the exception of Appendix 1/B which shall be replaced by a summary description of the security measures in those cases where the data subject is unable to obtain a copy from the data exporter;
(h) that, in the event of sub-processing, it has previously informed the data exporter and obtained its prior written consent;
(i) that the processing services by the sub-processor will be carried out in accordance with Clause 11;
(j) to send promptly a copy of any sub-processor agreement it concludes under the Clauses to the data exporter.
1. The parties agree that any data subject, who has suffered damage as a result of any breach of the obligations referred to in Clause 3 or in Clause 11 by any party or sub-processor is entitled to receive compensation from the data exporter for the damage suffered.
2. If a data subject is not able to bring a claim for compensation in accordance with paragraph 1 against the data exporter, arising out of a breach by the data importer or his sub-processor of any of their obligations referred to in Clause 3 or in Clause 11, because the data exporter has factually disappeared or ceased to exist in law or has become in-solvent, the data importer agrees that the data subject may issue a claim against the data importer as if it were the data exporter, unless any successor entity has assumed the entire legal obligations of the data exporter by contract of by operation of law, in which case the data subject can enforce its rights against such entity.
The data importer may not rely on a breach by a sub-processor of its obligations in order to avoid its own liabilities.
3. If a data subject is not able to bring a claim against the data exporter or the data importer referred to in paragraphs 1 and 2, arising out of a breach by the sub-processor of any of their obligations referred to in Clause 3 or in Clause 11 because both the data exporter and the data importer have factually disappeared or ceased to exist in law or have become insolvent, the sub-processor agrees that the data subject may issue a claim against the data sub-processor with regard to its own processing operations under the Clauses as if it were the data exporter or the data importer, unless any successor entity has assumed the entire legal obligations of the data exporter or data importer by contract or by operation of law, in which case the data subject can enforce its rights against such entity. The liability of the sub-processor shall be limited to its own processing operations under the Clauses.
Mediation and jurisdiction
1. The data importer agrees that if the data subject invokes against it third-party beneficiary rights and/or claims compensation for damages under the Clauses, the data importer will accept the decision of the data subject;
a. to refer the dispute to mediation, by an independent person or, where applicable, by the supervisory authority;
b. to refer the dispute to the courts in the Member State in which the data exporter is established.
2. The parties agree that the choice made by the data subject will not prejudice its substantive or procedural rights to seek remedies in accordance with other provisions of national or international law.
Cooperation with supervisory authorities
1. The data exporter agrees to deposit a copy of this contract with the supervisory authority if it so requests or if such deposit is required under the applicable data protection law.
2. The parties agree that the supervisory authority has the right to conduct an audit of the data importer, and of any sub-processor, which has the same scope and is subject to the same conditions as would apply to an audit of the data exporter under the applicable data protection law.
3. The data importer shall promptly inform the data exporter about the existence of legislation applicable to it or any sub-processor preventing the conduct of an audit of the data importer, or any sub-processor, pursuant to paragraph 2. In such a case the data exporter shall be entitled to take the measures foreseen in Clause 5(b).
The Clauses shall be governed by the law of the Member State in which the data exporter is established.
Variation of the contract
The parties undertake not to vary or modify the Clauses. This does not preclude the parties from adding clauses on business related issues where required as long as they do not contradict the Clause.
1. The data importer shall not subcontract any of its processing operations performed on behalf of the data exporter under the Clauses without the prior written consent of the data exporter. Where the data importer subcontracts its obligations under the Clauses, with the consent of the data exporter, it shall do so only by way of a written agreement with the sub-processor which imposes the same obligations on the sub-processor as are imposed on the data importer under the Clauses . Where the sub-processor fails to fulfil its data protection obligations under such written agreement the data importer shall re-main fully liable to the data exporter for the performance of the sub-processor’s obligations under such agreement.
2. The prior written contract between the data importer and the sub-processor shall also provide for a third-party beneficiary clause as laid down in Clause 3 for cases where the data subject is not able to bring the claim for compensation referred to in paragraph 1 of Clause 6 against the data exporter or the data importer because they have factually disappeared or have ceased to exist in law or have become insolvent and no successor entity has assumed the entire legal obligations of the data exporter or data importer by contract or by operation of law. Such third-party liability of the sub-processor shall be limited to its own processing operations under the Clauses.
3. The provisions relating to data protection aspects for sub-processing of the contract referred to in paragraph 1 shall be governed by the law of the Member State in which the data exporter is established.
4. The data exporter shall keep a list of sub-processing agreements concluded under the Clauses and notified by the data importer pursuant to Clause 5(j), which shall be updated at least once a year. The list shall be available to the data exporter’s data protection supervisory authority.
Obligation after the termination of personal data-processing services
1. The parties agree that on the termination of the provision of data-processing ser-vices, the data importer and the sub-processor shall, at the choice of the data exporter, return all the personal data transferred and the copies thereof to the data exporter or shall destroy all the personal data and certify to the data exporter that it has done so, unless legislation imposed upon the data importer prevents it from returning or destroying all or part of the personal data transferred. In that case, the data importer warrants that it will guarantee the confidentiality of the personal data transferred and will not actively process the personal data transferred anymore.
2. The data importer and the sub-processor warrant that upon request of the data exporter and/or of the supervisory authority, it will submit its data-processing facilities for an audit of the measures referred to in paragraph 1.
This Appendix forms part of the Clauses and must be completed and signed by the parties.
The Member States may complete or specify, according to their national procedures, any additional necessary information to be contained in this Appendix.
The data exporter is: the non- Intrigue Corp. entity that is a party to the Clauses.
The data importer is: Intrigue Corp. 1109 Fiesta St. #2, Austin, TX 78702.
The personal data transferred concern the following categories of data subjects: data subjects include individuals about whom data that originated in the EEA is provided to Intrigue Corp. via its services by (or at the direction of) the data exporter.
Categories of data
The personal data transferred concern the following categories of data (please specify):
• First and last name
• Email address
• IP address
Special categories of data (if appropriate)
The personal data transferred concern the following special categories of data (please specify): None
The personal data transferred will be subject to the following basic processing activities (please specify): Intrigue Corp. will process the personal data for the purposes of providing its services to the data exporter in accordance with and as described in the Agreement, the DPA, and these Clauses.
This Appendix forms part of the Clauses and must be completed and signed by the parties.
Description of the technical and organizational security measures implemented by the data importer in accordance with Clauses 4(d) and 5(c) (or document/legislation attached):
Intrigue Corp. is committed to implementing appropriate technical and organizational security measures to meet its obligations to the data exporter. Intrigue Corp. has internally documented policies and controls.
These policies refer to all data collected from employees, candidates, users, customers, vendors, or other parties that provide information to Intrigue Corp.
Intrigue Corp. employees must follow these policies. Contractors, consultants, partners and any other external entities are also covered. Generally, our policy refers to anyone we collaborate with or who acts on our behalf and may need access to Intrigue Corp. data.
To help comply with these policies and controls, Intrigue Corp. will:
• Classify all data and apply appropriate controls for each level
• Employ encryption of all customer data in transit and at rest to minimum industry standards
• Perform periodic reviews of all our security policies and controls
• Schedule annual penetration tests of the Intrigue Corp. application and remediate appropriately
• Perform annualized security training for all Intrigue Corp. employees
• Utilize centralized monitoring and logging of all Intrigue Corp. production systems