Enboarder Terms of Service - UK/EU
- This Agreement governs Enboarder's provision of the Online Services and Customer's access to and use of the Online Services. It contains the general terms and conditions applicable to all such Online Services.
- If you are an individual entering into this Agreement on behalf of an entity, such as your employer, you represent that you have the legal authority to bind that entity.
In this Agreement, unless the context requires otherwise:
- "Acceptable Use Policy" means Enboarder's Acceptable Use Policy available at https://enboarder.com/acceptable-use as updated from time to time on the Website and incorporated by reference into the Agreement;
- "Add-Ons" means advanced functionality to support the Platform which Customer may request under section 5;
- "Add-On Fees" means the fees for the Add-Ons published on the Website;
- "Applications" means software programs provided by Customer that run on or run through the Platform;
- "Content" means Personal Data and all other text, files, images, graphics, illustrations, information, data (including audio, video, photographs, and other content and material), in any format, provided by Customer that are uploaded, reside in, run on or run through, the Platform;
- "Data Protection Addendum" means Enboarder's Data Protection Addendum attached hereto as Addendum A and incorporated by reference into this Agreement;
- "Data Protection Laws" has the meaning set forth in Enboarder's Data Protection Addendum (See Addendum A);
- "Documentation" means material describing the functional processes, assumptions, specifications, and principal operations of the Platform which has been designated by Enboarder as the official documentation for the Platform;
- "Feedback" means all suggestions comments, opinions, code, input, ideas, reports, information, know-how or other feedback provided by Customer (whether in oral, electronic, or written form) to Enboarder related to the Online Services;
- "Fees" means the Subscription Fees and Add-On Fees;
- "Initial Subscription Period" means the period specified in the applicable Order Form;
- "Intellectual Property Rights" means all intellectual property rights throughout the world, including but not limited to, the following rights: copyright (including copyrights, copyright registration and copy rights with respect to computer software, software design, software code, software architecture, firmware, programming tools, graphic user interfaces, reports, dashboard, business rules, use cases, screens, alerts, notification, drawings specifications and databases); moral rights, trade secrets and other rights with respect to confidential or proprietary information; know-how; other rights with respect to inventions, discoveries, ideas, improvements, techniques, formulae, algorithms, processes, schematics, testing procedures, technical information, and other technology; and any other intellectual and industrial property rights, whether or not subject to registration or protection; and all rights under any license or other arrangement with respect to the foregoing;
- "Internal Purposes" means internal business use within Customer's systems, networks, and devices;
- "Log-In Credentials" means sign-in identification and password or other method of access that Enboarder provides to Customer in order to access the Subscription;
- "Malicious Code" means, without limitation, code, files, scripts, agents or programs intended to do harm, including, without limitation, viruses, worms, bombs and trojan horses;
- "Online Services"means any and all of the services, Software, and other offerings provided by Enboarder pursuant to the Agreement, including the Subscription, the offerings provided through the Website, any mobile applications and APIs provided by Enboarder, and all such services and software labelled as alpha, beta, pre-release, trial, preview or otherwise. Online Services may include any enhancements, updates, upgrades, derivatives, or bug fixes to such services, software and offerings, and any documentation, add-ons, templates and sample data sets;
- "Order Form" means an order for the Online Services (using Enboarder's template) signed by the Customer and accepted by Enboarder, which specifies the Subscription, including, without limitation, the number of seats or users, the Initial Subscription Period, the Subscription Fees, and any additional terms applicable to the Subscription;
- "Payment Date" means the recurrent date (monthly or annual) for payment of the Fees as specified in the Order Form;
- "Personal Data" means any information relating to an identified or identifiable natural person which is uploaded to the Platform by or on behalf of the Customer in connection with the Customer's use of the Subscription;
- "Platform" means the workflow platform located at https://enboarder.com/ and related services located in the https://enboarder.com/ domain and subdomains, including software, code, algorithms, hosted services, and web interfaces that is comprised of the web-based authoring environment to create and monitor workflows, and the mobile-first screens that are delivered to manager(s) and employees which are part of the Online Services;
- "Software" means any software forming part of the Platform and/or Add-Ons;
- "Subscription" means the non-exclusive, non-sublicensable, non-transferrable, revocable, limited right and license to access and use the Platform for an Internal Purpose during the Subscription Period, as specified in an Order Form;
- "Subscription Fees" means the monthly or annual fee for the Subscription as set out in the Order Form, or published on the Website from time to time, which Customer must pay in advance to Enboarder in accordance with section 6;
- "Subscription Period" means the Initial Subscription Period as extended under section 17(b); and
- "Website" means www.enboarder.com.
3. LICENSE GRANT
Customer's Subscription is subject to and governed by the terms and conditions in this Agreement, including those in the applicable Order Form. In the event of a conflict between the terms in and Order Form and these Terms of Service, the terms in the Order Form will control with respect to the Subscription provided under such Order Form. The Subscription is granted subject to and conditional on Customer's compliance with the Agreement and upon payment of the Fees in accordance with section 6.
4. USE OF THE SUBSCRIPTION
- To receive the Subscription, Customer must:
- Use the Log-In Credentials;
- For the duration of the Subscription Period, provide Enboarder with access to and a right to use, process, and transmit Customer's Content and Customer's Applications for the purposes of providing the Subscription and for any other purposes specified in the Agreement; and
- Follow any operating procedures and use any software as may be specified in the Documentation or as may be notified by Enboarder from time to time.
- It is a condition of Customer's Subscription that Customer complies at all times with the Acceptable Use Policy.
- Customer acknowledges that Customer is responsible for all hardware, software, and telecommunications services used to access and use the Subscription.
Customer may, during the Subscription Period, request the provision of Add-Ons to be included as part of the Subscription. If the request for Add-Ons is agreed by Enboarder, Customer must pay Enboarder the Add-On Fees at the time set out in section 6. The Agreement will govern Customer's use of and access to such Add-Ons.
6. FEES AND PAYMENT
The Subscription Fees and Add-On Fees will be payable by Customer on or before the Effective Date and on each subsequent Payment Date. All payments must be made in the currency set out in the Order Form via electronic funds transfer, as per Enboarder's instructions. Enboarder will issue an electronic tax invoice upon registration and then prior to each Payment Date.
If Customer fails to pay any past due invoice, Enboarder may revoke or suspend the Subscription until such time as Customer pays any outstanding amounts. Enboarder may charge interest on all past due invoices at a rate of 1.5% per month, or the highest rate allowed under applicable law, whichever is lower.
All Subscription Fees and Add-On Fees are exclusive of all applicable taxes (except for any withholding taxes and taxes solely based on Enboarder's net income), duties, imposts, charges, withholdings, rates, levies, or other governmental impositions of whatever nature and by whatever authority imposed, assessed, or charges ("Taxes") and Customer will be responsible for the payment of all such Taxes and any related penalties and interest arising from the payment of or failure to pay such amounts. If Customer is legally required to withhold any amounts to be paid to Enboarder, Customer may deduct such Taxes from the amount otherwise owed and pay the tax to the appropriate taxing authority, and must provide to Enboarder, on a timely basis, properly executed certificates, receipts or other documentation as evidence of such payment to the taxing authority sufficient to permit Enboarder to establish Enboarder's right to a credit for such Taxes against Enboarder's income tax liability. Customer must provide Enboarder with such assistance as Enboarder may reasonably request in connection with any applicable by Enboarder to qualify for the benefit of a reduced rate of withholding taxation under the terms of any applicable income tax treaty.
7. OWNERSHIP AND LICENSE RESTRICTIONS
- The Subscription is a temporary right to access and use the Platform and Enboarder, its suppliers or its licensors, retain and reserve all rights, including all Intellectual Property Rights, in and to the Platform. For the avoidance of doubt, Enboarder will own all rights, including all Intellectual Property Rights, in any features or functionality of the Platform or the Subscription which are the result of Feedback provided to Enboarder by the Customer, and Customer agrees that Enboarder is free to use, reproduce, modify, adapt, create derivative works from, publicly perform, publicly display, distribute, make, have made, assign, pledge, transfer, or otherwise grant rights in such features or functionality in any form and any medium (whether now known or later developed), without credit or compensation to Customer.
- Subject to the license granted under section 4(a)(ii), Customer and its licensors will retain all Intellectual Property Rights in and to its Content and Applications.
- Restrictions: Except as expressly authorized in the Agreement or by Enboarder in writing, Customer must not, and must not permit any third party to:
- access or use the Subscription for any purpose other than Internal Purposes (including for any competitive analysis, commercial, professional, or other for-profit purposes);
- copy any materials provided as part of the Subscription (except as required to run the Subscription and for reasonable backup purposes);
- modify, adapt, or create derivative works of any Software;
- rent, lease, loan, resell, transfer, sublicense, display, or distribute the Subscription to any third party;
- use or offer any functionality of the Subscription on a service provider, service bureau, hosted, software as a service, or time-sharing basis, provide or permit other individuals or entities to create Internet "links" to the Subscription, or "frame" or "mirror" the Subscription on any other server, or wireless, or Internet-based device;
- decompile, disassemble, translate or reverse-engineer any Software of otherwise attempt to derive source code, algorithms, methods, or techniques used or embodied in the Subscription;
- disclose to any third party the results of any benchmark tests or other evaluation of the Subscription;
- remove, alter, obscure, cover or change any trademark, copyright, or other proprietary notices, labels, or markings from or on the Subscription;
- interfere with or disrupt the servers or networks connected to any website through which the Subscription is provided;
- use the Subscription to build a similar or competitive product or service;
- use the Subscription to transmit Malicious Code;
- use the Subscription for any illegal, unauthorized or otherwise improper purposes;
- attempt to download the Software;
- modify or alter the Software or Documentation; or
- except as permitted under section 8.2, provide or make the Website available in any manner to a third party.
- Other Parties: Any employee, consultant, contractor, or agent hired to perform services for Customer may operate the Subscription on Customer's behalf solely pursuant to and in accordance with this Agreement, provided that:
- Customer is responsible for ensuring that any such party agrees in a legally enforceable manner to abide by and fully comply with the terms and conditions of this Agreement on the same basis as applicable to Customer;
- such use is only in connection with Customer's Internal Purposes;
- . such use does not represent or constitute an increase in the scope of the licenses provided in this Agreement; and
- Customer remains fully responsible and liable for any and all acts or omissions by such third parties related to this Agreement.
- Immediate Termination: Any violation of section 7.2 by the Customer will be considered a material breach of this Agreement and Enboarder may immediately terminate the Agreement without notice in the event of such breach.
8. LINKS AND TOOLS
- The Website may contain links to other websites including, without limitation, social networking, blogging, and other similar sites ("Linked Sites").
- The Linked Sites are provided for Customer's convenience only and it is Customer's responsibility to make Customer's own decisions about the currency, completeness, accuracy, reliability, and suitability of information contained in and use of or access to the Linked Sites.
- Enboarder does not endorse, verify, represent or take any responsibility for the content of the Linked Sites.
- Customer may include a link to the Website, but permission is restricted to making a link without any alteration of the relevant Website contents, Permission is not granted to reproduce, frame or reformat the files, pages, images, information and materials from the Website on any other website unless express prior written permission has been obtained from Enboarder.
- In no event is Customer permitted to use the Website to sell a product or service, or to increase traffic to Customer's website for commercial reasons, such as advertising sales.
- Enboarder reserves the right to prevent linking to the Website at any time.
- Enboarder may provide the use of third-party tools on the Website or in connection with Customer's use of the Subscription (such as for form capture). Such tools are provided "as is" and without warranty of any kind.
9. PERSONAL DATA
Customer represents and warrants and agrees that Customer has made any disclosures to and obtained any consents from the relevant data subjects which are required under applicable Data Protection Laws in order for the Personal Data to be lawfully uploaded to the Platform and Enboarder to process that Personal Data as contemplated by this Agreement.
Customer hereby grants Enboarder a perpetual, irrevocable, non-exclusive, royalty-free, paid-up, worldwide, sublicensable license to use, access, transmit, host, store, and display the Content solely for the purpose of providing and improving the Subscription, including rights to extract, compile, aggregate, synthesize, use, and otherwise analyze all or any portion of the Content. Enboarder may use, publish, share, distribute, or disclose such Content on an aggregate basis or in a de-identified manner that does not allow personal data about Customer to be separated from the aggregate data and identified as originating from Customer.
Customer represents, warrants, and agrees that Customer has all rights to provide the Content and other materials that Customer provides or makes available to Enboarder. Customer acknowledges and agrees that Customer is solely responsible for all Content and for Customer's conduct while using the Subscription. Customer acknowledges and agrees that:
- Customer will evaluate and bear all risks associated with Customer's use and distribution for all Content;
- Customer is responsible for protecting and backing up the Content;
- Customer is responsible for protecting the confidentiality of all Content in Customer's possession and control; and
- Under no circumstances will Enboarder be liable in any way for any Content, including but not limited to, any errors or omissions in any Content, or any loss or damages of any kind incurred as a result of Customer's use, deletion, modification, or correction of any Content. Customer has full discretion and control regarding how to store, protect, remove or delete any Content and Enboarder will have no liability for any damages caused by such deletion or removal of or failure to store or protect Content.
Customer agrees to provide Enboarder with Feedback. Enboarder, in its sole discretion, may or may not respond to Customer's Feedback or promise to address all of Customer's Feedback in the development of future features or functionalities of the service or any related or subsequent versions of such service. Customer assigns, at no charge, all rights, title and interests in Feedback to Enboarder, and agrees that Enboarder is free to use, reproduce, modify, adapt, create derivative works from, publicly perform, publicly display, distribute, make, have made, assign, pledge, transfer or otherwise grant rights in the Feedback in any form and any medium (whether now known or later developed), without credit or compensation to Customer. Customer warrants that the Feedback does not infringe any copyright or trade secret of any third party, and that Customer has no knowledge of any patent of any third party that may be infringed by the Feedback (including any implementation thereof recommended by you). Customer further warrants that Customer's Feedback is not subject to any license terms that would purport to require Enboarder to comply with any additional obligations with respect to any service that incorporates Customer's Feedback.
12. SECURITY, VIRUSES, ERRORS AND AVAILABILITY
- Customer acknowledges that:
- the internet is an insecure public network which means that there are risks that information sent to or from the Online Services may be intercepted, corrupted, or modified by third parties; and
- files obtained from and through the Online Services may contain Malicious Code.
- Customer bears the risks and responsibility for any loss or damage caused, directly or indirectly, by the risks described in this section 12, and Enboarder accepts no liability for any interference with, or damage to, Customer's computer system, device, software, Content or other data occurring in connection with Customer's access or use of the Online Services.
- Notwithstanding the foregoing, Enboarder will take all commercially reasonable steps to maintain the security and the integrity of the Online Services. Specifically, Enboarder will:
- implement appropriate administrative, physical and technical safeguards to protect Customer's Content; and
- as soon as it becomes aware that Malicious Code is contained in or affects the Online Services and/or that any of Customer's Content has, or may have been, subject to unauthorized access, immediately notify Customer and take all reasonable steps to remedy the problem, secure the Content and remove the Malicious Code, as applicable.
13. WARRANTIES, DISCLAIMERS AND EXCLUSIVE REMEDIES
- No representation or warranty (express or implied) is made as to the currency, completeness, accuracy, reliability, suitability, and/or availability of any information on the Website.
- Subject to sections 13(d), 13(e), and 13(f), Enboarder will use commercially reasonable efforts to ensure that the Subscription will operate in accordance with the applicable Documentation.
- Each party represents and warrants that it has the full right, power, and authority to enter into this Agreement and to perform its obligations and duties under this Agreement, and that the performance of such obligations and duties does not conflict with or result in a breach of any other agreement of such party or any judgment, order, or decree by which such party is bound.
- If the Subscription (including the functionality of the Platform) fails to operate in accordance with the applicable Documentation during the Initial Subscription Period and Customer notifies Enboarder in writing of this failure, Enboarder, at its cost, will correct the failure provided that Enboarder may decline to correct the failure if such correction cannot be completed in a commercially reasonable manner but in such event, Customer may terminate this Agreement and recover a pro-rata portion of the Subscription Fees paid by Customer that are attributable to the failed services. This section 13(d) states Enboarder's sole liability and Customer's exclusive remedy for any breach of section 13(b).
- The warranty in section 13(b) will not apply if the failure of the Subscription resulted from improper use or a defect in or failure of any device, communications link or software used to access the Subscription.
- EXCEPT AS SET FORTH IN SECTION 13(b) AND 13(c), ENBOARDER DISCLAIMS ANY AND ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING WITHOUT LIMITATION THE IMPLIED WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, NONINFRINGEMENT, TITLE, QUIET ENJOYMENT AND WARRANTIES ARISING OUT OF COURSE OF DEALING, USAGE OR TRADE PRACTICE, OR BY STATUTE OR IN LAW. ENBOARDER SPECIFICALLY DOES NOT WARRANT THAT THE SUBSCRIPTION WILL MEET CUSTOMER'S REQUIREMENTS, THE OPERATION OR OUTPUT OF THE SUBSCRIPTION WILL BE ERROR-FREE, VIRUS-FREE, SECURE, ACCURATE, RELIABLE, COMPLETE, OR UNINTERRUPTED.
Enboarder will defend, indemnify, and hold Customer harmless against any claim, suit or action brought against Customer by a third party to the extent that such claim, suit or action arises from an allegation that the Online Services, when used as expressly permitted by this Agreement, infringes the Intellectual Property Rights of such third party ("Customer Claim"), and Enboarder will indemnify Customer for any amounts awarded against Customer in judgment or settlement of such Customer Claim. If Enboarder receives prompt notice of a Customer Claim that, in Enboarder's reasonable opinion, is likely to result in an adverse ruling, then Enboarder may: (i) obtain a right for Customer to continue using the Online Services at issue; (ii) modify such Online Services to make it non-infringing; (iii) replace such Online Services with a non-infringing version; or (iv) terminate this Agreement and/or provide a reasonable depreciated or pro-rata refund of amounts prepaid for the allegedly infringing Online Services.
Notwithstanding the foregoing, Enboarder will have no obligation under section 14.1 or otherwise with respect to any infringement claim based upon: (i) any use of the Online Services and/or Documentation not expressly permitted under this Agreement or contrary to the instructions given to Customer by Enboarder; (ii) any use of the Online Services in combination with products, equipment, software, or data not made available by Enboarder if such infringement would have been avoided without the combination with such other products, equipment, software, or data; (iii) Customer's use of the Online Services or Documentation after notice of the alleged or actual infringement from Enboarder or any appropriate authority; or (iv) any modification of the Online Services or Documentation by any person other than Enboarder or its authorized agents or subcontractors (collectively, "Excluded Claims"). Enboarder will have no obligation under section 14.1 or otherwise with respect to any claim based upon the use by Customer of any Content uploaded or accessed through the Online Services to the extent such claim is not based on the Online Services itself. Section 14.1 and 16(b) state Enboarder's sole obligation and liability and Customer's exclusive remedy for all third-party claims.
Customer will defend, indemnify, and hold Enboarder harmless against any claim, suit, proceedings, or losses against or damages, expenses, and costs (including without limitation court costs and reasonable legal fees) incurred by Enboarder brought by a third party to the extent that such claim, suit or action arises from: (i) Customer's failure to comply with or violation of any applicable law or regulation; (ii) Customer's infringement of any third party's Intellectual Property Right; (iii) Customer's use of any Content; (iv) Customer's products or services; or (v) Excluded Claims (each, an "Enboarder Claim").
The foregoing obligations are conditioned on the party seeking indemnification: (i) promptly notifying the other party in writing of such claim; (ii) giving the other party sole control of the defense thereof and any related settlement negotiations; and (iii) cooperating and, at the other party's request and expense, assisting in such defense. Neither party may make any public announcement of any claim, defense, or settlement without the other party's prior written approval. The indemnifying party may not settle, compromise, or resolve a claim without the consent of the indemnified party, if such settlement, compromise, or resolution causes or requires an admission or finding of guilt against the indemnified party, imposes any monetary damages against the indemnified party, or does not fully release the indemnified party from liability with respect to the claim.
In this section:
- "Confidential Information" means information disclosed by a party in connection with the provision or use of the Online Services that either:
- Is designated as confidential by the Discloser at the time of disclosure; or
- Would reasonably be understood by the Recipient, given the nature of the information or the circumstances surrounding its disclosure, to be confidential, including without limitation, Discloser's product designs, product plans, data, software and technology, financial information, marketing plans, business opportunities, proposed terms, pricing information, discounts, inventions and know-how disclosed by Discloser to Recipient, whether in writing, verbally, or otherwise, and whether prior to, on, or after the Effective Date. Enboarder's Confidential Information also includes the Platform, the Subscription, and terms and conditions upon which Enboarder is providing the Online Services to the Customer;
- "Discloser" means a party which discloses Confidential Information to the other party; and
- "Recipient" means a party which receives Confidential Information disclosed by the other party.
A Recipient may not use Confidential Information in any way for its own benefit or the benefit of any third party, except as expressly permitted by, or as required to implement, this Agreement or as otherwise authorized in writing by the Discloser.
- Hold Confidential Information in strict confidence and take reasonable precautions to protect and secure such Confidential Information (such precautions to include, at a minimum, all precautions Recipient employs with respect to its own Confidential Information); and
- Not divulge any Confidential Information to any third party (other than to employees or contractors as set forth below). Any employee or contractor given access to any Confidential Information must have a legitimate "need to know" such Confidential Information for use specified in section 15.2 and Recipient will remain responsible and liable for each such person's compliance with this Agreement.
- Irrespective of any termination of this Agreement, Recipient's obligations with respect to Confidential Information expire 5 years from the date of receipt of the Confidential Information (except with respect to any trade secrets where such obligations will be perpetual).
- Exclusions: This Agreement imposes no obligations with respect to information which:
- was in Recipient's possession before receipt from Discloser;
- is or becomes a matter of public knowledge through no fault of Recipient;
- was rightfully disclosed to Recipient by a third party, who has no restriction on disclosure; or
- is developed by Recipient without use of the Confidential Information as can be shown by documentary evidence. Recipient may make disclosures to the extent required by law or court order, provided Recipient makes reasonable efforts to provide Discloser with notice of such disclosure as promptly as possible and uses diligent efforts to limit such disclosure and obtain confidential treatment or a protective order, and has allowed Discloser to participate in the proceeding.
- Return or Destruction of Confidential Information: Upon termination of this Agreement or written request by Discloser, the Recipient must:
- cease using the Confidential Information; and
- return or destroy the Confidential Information and all copies, notes or extracts thereof to Discloser within 7 business days of such request or termination.
16. LIMITATION OF LIABILITY
- Subject to section 16(d), in no event will Enboarder be liable to Customer for any special, indirect, incidental, consequential, exemplary, or punitive damages, or for any loss of use, data, content, applications, goodwill or profits, business interruption, or costs of procuring substitute software or services, arising out of or in connection with this Agreement or the use or performance of the Subscription. Without limiting the foregoing, Enboarder will have no liability or responsibility for any business interruption or loss of data, content, or applications arising from the automatic termination of the license rights granted herein and any associated cessation of the Platform or Subscription, its functions, any unanticipated or unscheduled downtime for any reason or any deletion, corruption, or damage of data, content, or applications on or through the Platform or Subscription.
- Subject to section 16(d), Enboarder's total cumulative liability to Customer in connection with this Agreement and the supply of the Online Services, including all Order Forms, at any time will be limited to and will not exceed the fees actually paid by Customer to Enboarder for the Subscription in the 12-month period immediately preceding the date of the event that gave rise to such cause of action ("Liability Cap").
- The foregoing limitations, exclusions and disclaimers shall apply regardless of whether such liability arises from any claim based upon contract (including under any indemnity), warranty, tort (including negligence or breach of statutory duty), misrepresentation, restitution or otherwise, and whether or not the party has been advised of the possibility of such loss or damage. The parties agree that the limitations on liabilities set forth herein are agreed allocations of risk and such limitations will apply notwithstanding the failure of essential purpose of any limited remedy
- Nothing in this Agreement excludes the liability of either party for:
- Death or personal injury caused by negligence;
- Fraud or fraudulent misrepresentation; or
- Any other liability that cannot be legally limited by law.
17. SUBSCRIPTION PERIOD AND TERMINATION
- Unless earlier terminated in accordance with this Agreement, the Initial Subscription Period will commence on the Effective Date and end on the term set forth in the applicable Order Form.
- The initial Subscription Period will automatically renew for additional periods of 12 months, unless a party provides written notice to the other party of its intention not to renew at least 30 days prior to expiration of the Initial Subscription Period or any subsequent 12-month period, as appropriate.
- Without limiting any other right or remedy Enboarder may have against Customer arising out of or in connection with this Agreement, Enboarder may, at its option, terminate Customer's Subscription with immediate effect by giving Customer prior written notice if:
- Customer fails to comply with the Acceptable Use Policy when accessing or using the Subscription;
- Customer commits a material breach of any terms in this Agreement where that breach is not capable of remedy; or
- Customer breaches any other provision of this Agreement and fails to remedy that breach within 14 days after receiving notice requiring Customer to do so.
- If Customer's Subscription is terminated under section 17(c), Enboarder will not be liable and Customer will not be entitled to any refund of any part of the Fees previously paid.
- Immediately upon termination of this Agreement:
- all Order Forms and licenses granted under this Agreement will immediately terminate and Customer must immediately cease all use of the Subscription;
- Customer must destroy, or upon Enboarder's request, return to Enboarder the Confidential Information that is in Customer's possession or control; and
- any and all of Customer's payment obligations under each Order Form will immediately become due. Upon Enboarder's request, Customer must certify in writing that it has returned or destroyed all copies of Enboarder's Confidential Information.
- Clauses 1, 6, 7, 10, 11, 13 – 19 will survive termination of this Agreement.
- Compliance with Laws. Customer must comply fully with all applicable laws, including all applicable laws relating to bribery or corruption, and export laws and regulations of any country where Customer uses or accesses any portion or functionality of the Subscription.
- Assignment and Novation. Customer may not assign, delegate or transfer this Agreement or give or transfer the Subscription, Documentation or an interest in them to another individual or entity, in whole or in part, by agreement, operation of law or otherwise. Any attempt to assign this Agreement other than as permitted herein will be null and void. Customer acknowledges that Enboarder may assign, subcontract, or delegate any of its rights or obligations under this Agreement. Subject to the foregoing, this Agreement will bind and inure to the benefit of the parties' permitted successors and assigns.
- Entire Agreement. This Agreement constitutes the entire agreement between the parties in connection with its subject matter and supersedes all previous agreements or understandings between the parties in connection with its subject matter.
- Severability. This Agreement is declared to be severable. If a court of competent jurisdiction holds any part of this Agreement void, invalid, or unenforceable, it is severed and will be deemed to be omitted to the extent that it is void, invalid, or unenforceable, and the remainder of this Agreement will remain in full force and effect, and the provision affected will be construed so as to be enforceable to the maximum extent permissible by law.
- Waiver. A waiver by either party in respect to a breach of a term of this Agreement by the other party will not be taken to be a waiver in respect of any other breach. The failure to enforce any term of this Agreement will not be interpreted as a waiver of that term.
- Governing Law and Jurisdiction. This Agreement and any dispute or claim arising out of or in connection with it or its subject matter or formation (including non-contractual disputes or claims) will be governed by and construed in accordance with the laws of England and Wales. The parties agree that the courts of England and Wales shall have exclusive jurisdiction to settle any action, proceeding, controversy, or claim between them arising out of or relating to this Agreement (including non-contractual disputes or claims). The parties agree that the United Nations Convention on Contracts for the International Sale of Goods will not apply to this Agreement, regardless of the countries in which the parties do business or are incorporated.
Addendum A Data Protection Addendum
This Data Protection Addendum ("Addendum") that is referenced in the Agreement, forms part of the agreement ("Principal Agreement") entered into on the Effective Date of the Agreement between:
- Enboarder Limited (Company Number: 10907898) ("Processor") acting on its own behalf and as agent for each Processor Affiliate; and
- The party defined as Customer under the Agreement ("Controller")acting on its own behalf and as agent for each Controller Affiliate.
The terms used in this Addendum shall have the meanings set forth in this Addendum. Capitalised terms not otherwise defined herein shall have the meaning given to them in the Principal Agreement. Except as modified below, the terms of the Principal Agreement shall remain in full force and effect.
In consideration of the mutual obligations set out herein, the parties hereby agree that the terms and conditions set out below shall be added as an Addendum to the Principal Agreement. Except where the context requires otherwise, references in this Addendum to the Principal Agreement are to the Principal Agreement as amended by, and including, this Addendum.
- "Controller Affiliate" means an entity that owns or controls, is owned or controlled by or is or under common control or ownership with Controller, where control is defined as the possession, directly or indirectly, of the power to direct or cause the direction of the management and policies of an entity, whether through ownership of voting securities, by contract or otherwise;
- "Controller Group Member" means Controller or any Controller Affiliate;
- "Controller Personal Data" means any Personal Data Processed by a Contracted Processor on behalf of a Controller Group Member pursuant to or in connection with the Principal Agreement;
- "Contracted Processor" means Processor or a Subprocessor;
- "Delete" means to remove or obliterate Personal Data such that it cannot be recovered or reconstructed;
- "Data Protection Laws" means all laws relating to the protection of personal data and privacy in force from time to time in any jurisdiction as applicable and binding on any party, including (without limitation):
- the EU GDPR;
- the UK GDPR;
- the UK Data Protection Act 2018;
- the Privacy and Electronic Communications Directive (EU) 2002/58/EC;
- the Privacy and Electronic Communications (EC Directive) Regulations 2003; and
- any laws that implement, replace, extend, re-enact, consolidate oramend any of the foregoing;
- "EEA" means the European Economic Area;
- "GDPR" the EU GDPR and/or UK GDPR (as applicable);
- "EU GDPR" means the EU General Data Protection Regulation 2016/679;
- "Restricted Transfer" means:
- a transfer of Controller Personal Data from any Controller Group Member to a Contracted Processor; or
- an onward transfer of Controller Personal Data from a Contracted Processor to a Contracted Processor, or between two establishments of a Contracted Processor, in each case, where such transfer:
- involves the transfer of Controller Personal Data outside the United Kingdom; or
- would be prohibited by the Data Protection Laws (or by the terms of data transfer agreements put in place to address the data transfer restrictions of Data Protection Laws) in the absence of the Standard Contractual Clauses or UK Addendum to be established below;
- "Services" means the services and other activities to be supplied to or carried out by or on behalf of Processor for Controller Group Members pursuant to the Principal Agreement;
- "Standard Contractual Clauses" means the annex to the commission implementing decision on standard contractual clauses for the transfer of personal data to third countries pursuant to Regulation (EU) 2016/679 of the European Parliament and of the Council or any new standard contractual clauses replacing or amending these from time to time;
- "Subprocessor" means any person (including any third party and any Processor Affiliate, but excluding an employee of Processor or any of its sub-contractors) appointed by or on behalf of Processor or any Processor Affiliate to Process Personal Data on behalf of any Controller Group Member in connection with the Principal Agreement;
- "Processor Affiliate" means an entity that owns or controls, is owned or controlled by or is or under common control or ownership with Processor, where control is defined as the possession, directly or indirectly, of the power to direct or cause the direction of the management and policies of an entity, whether through ownership of voting securities, by contract or otherwise;
- "UK" means the United Kingdom;
- "UK Addendum" means the International Data Transfer Addendum to the EU Commission Standard Contractual Clauses issued by the Information Commissioner's Office pursuant to s 119A (1) Data Protection Act 2018 (UK) or any new UK Addendum replacing or amending these from time to time; and
- "UK GDPR" means the UK version of the GDPR as it forms part of the law of each applicable jurisdiction of the United Kingdom pursuant to the European Union (Withdrawal) Act 2018.
2. Processing of Controller Personal Data
- comply with all applicable Data Protection Laws in the Processing of Controller Personal Data; and
- not Process Controller Personal Data other than on the relevant Controller Group Member's documented instructions unless Processing is required by Data Protection Laws to which the relevant Contracted Processor is subject, in which case Processor or the relevant Processor Affiliate shall to the extent permitted by Data Protection Laws inform the relevant Controller Group Member of that legal requirement before the relevant Processing of that Personal Data.
- instructs Processor and each Processor Affiliate (and authorises Processor and each Processor Affiliate to instruct each Subprocessor) to:
- Process Controller Personal Data; and
- transfer Controller Personal Data to any country or territory,
- warrants and represents that it is and will at all relevant times remain duly and effectively authorised to give the instruction set out in section 2.2(a) on behalf of each relevant Controller Affiliate.
3. Processor and Processor Affiliate Personnel
Processor and each Processor Affiliate shall take reasonable steps to ensure the reliability of any employee, agent or contractor of any Contracted Processor who may have access to the Controller Personal Data, ensuring in each case that access is strictly limited to those individuals who need to know / access the relevant Controller Personal Data, as strictly necessary for the purposes of the Principal Agreement, and to comply with Data Protection Laws in the context of that individual's duties to the Contracted Processor, ensuring that all such individuals are subject to confidentiality undertakings or professional or statutory obligations of confidentiality.
- before the Subprocessor first Processes Controller Personal Data (or, where relevant, in accordance with section 5.2) carry out adequate due diligence to ensure that the Subprocessor is capable of providing the level of protection for Controller Personal Data required by the Principal Agreement;
- ensure that the arrangement between, on the one hand, (a) Processor, or (b) the relevant Processor Affiliate, or (c) the relevant intermediate Subprocessor; and on the other hand the Subprocessor, is governed by a written agreement including terms which offer at least the same level of protection for Controller Personal Data as those set out in this Addendum and meet the requirements of article 28(3) of the GDPR;
- if that arrangement involves a Restricted Transfer, ensure that the Standard Contractual Clauses are at all relevant times incorporated into the agreement referred to in paragraph (b); and
- provide to Controller for review such copies of the Contracted Processors' agreements with Subprocessors (which may be redacted to remove confidential commercial information not relevant to the requirements of this Addendum) as Controller may request from time to time.
6. Data Subject Rights.
- promptly notify Controller if any Contracted Processor receives a request from a Data Subject under any Data Protection Law in respect of Controller Personal Data; and
- ensure that the Contracted Processor does not respond to that request except on the documented instructions of Controller or the relevant Controller Affiliate or as required by Data Protection Laws to which the Contracted Processor is subject, in which case Processor shall to the extent permitted by Data Protection Laws inform Controller of that legal requirement before the Contracted Processor responds to the request.
7. Personal Data Breach.
- describe the nature of the Personal Data Breach, the categories and numbers of Data Subjects concerned, and the categories and numbers of Personal Data records concerned
- communicate the name and contact details of Processor's data protection officer or other relevant contact from whom more information may be obtained;
- describe the likely consequences of the Personal Data Breach; and
- describe the measures taken or proposed to be taken to address the Personal Data Breach.
8. Data Protection Impact Assessment and Prior Consultation
Processor and each Processor Affiliate shall provide reasonable assistance to each Controller Group Member with any data protection impact assessments, and prior consultations with Supervising Authorities or other competent data privacy authorities, which Controller reasonably considers to be required of any Controller Group Member by article 35 or 36 of the GDPR or equivalent provisions of any other Data Protection Law, in each case solely in relation to Processing of Controller Personal Data by, and taking into account the nature of the Processing and information available to, the Contracted Processors
9. Deletion or return of Controller Personal Data
10. Audit rightsa
11. Restricted Transfers
12. General Terms
- the parties to this Addendum hereby submit to the choice of jurisdiction stipulated in the Principal Agreement with respect to any disputes or claims howsoever arising under this Addendum, including disputes regarding its existence, validity or termination or the consequences of its nullity; and
- this Addendum and all non-contractual or other obligations arising out of or in connection with it are governed by the laws of the country or territory stipulated for this purpose in the Principal Agreement.
- by at least 30 (thirty) calendar days' written notice to Processor from time to time make any variations to, or request replacement of, any Standard Contractual Clauses (including any Standard Contractual Clauses entered into under section 11.1, as they apply to Restricted Transfers which are subject to particular Data Protection Laws, which are required, as a result of any change in, or decision of a competent authority under, the Data Protection Laws, to allow those Restricted Transfers to be made (or continue to be made) without breach of the Data Protection Laws; and
- propose any other variations to this Addendum which Controller reasonably considers to be necessary to address the requirements of any Data Protection Laws.
- Processor and each Processor Affiliate shall promptly co-operate (and ensure that any affected Sub-processors promptly co-operate) to ensure that equivalent variations are made to any agreement put in place under section 5.4(c); and
- Controller shall not unreasonably withhold or delay agreement to any consequential variations to this Addendum proposed by Processor to protect the Contracted Processors against additional risks associated with the variations made under section 12.4(a) or 12.5(a).
ANNEX 1: DETAILS OF PROCESSING OF CONTROLLER PERSONAL DATA
This Annex 1 includes certain details of the Processing of Controller Personal Data as required by Article 28(3) GDPR.
As part of hiring individuals (New Hire), data controller will collect certain personal data from the New Hire to communicate before their commencement date, and to set them up as an employee by collecting the relevant information. Data controller will be transferring personal data to the data processor to initiate an effective digital onboarding program for new joiners.
Processing that data in order to deliver relevant and appropriate digital onboarding experiences to new hires
Individual hired by data controller (New Hire), data controller employees (HR, manager of the New Hire, mentor, buddy)
Categories of data
New Hire: first name, surname, email address, phone number, bank details, right to work documents, next of kin information, academic certificates, office location, function, business division/ team
Data controller's employees: name, email address
Special categories of data (if appropriate)
Storage on servers located within the EEA (except where clause 12 Restricted Transfers applies, in which case personal data may be stored on servers located in the data importer's country), deletion, and other processing requested by the data controller
The subject matter and duration of the Processing of the Controller Personal Data are set out in the Principal Agreement and this Addendum.
The obligations and rights of Controller and Controller Affiliates are set out in the Principal Agreement and this Addendum.
ANNEX 2: DETAILS IN RELATION TO RESTRICTED TRANSFERS
Details of Processing
This forms part of the agreement between the Processor and any Contracted Processor.
List of Parties
- Data Exporter:
- Name: Enboarder Ltd
- Address: 10 John Street, London, England, WC1N 2E United Kingdom
- Contact person's name, position and contact details: Aleia Waldmann, Director of Legal Operations, firstname.lastname@example.org Activities relevant to the data transferred under these
- Clauses: Providing people activation services via the Enboarder services
- Role (controller/processor): Processor
- Data Importer:
- Name: Enboard.me Pty Ltd
- Address: 121 Sussex St, Sydney NSW 2000 Australia
- Contact person's name, position and contact details: Aleia Waldmann, Director of Legal Operations, email@example.com Activities relevant to the data transferred under these
- Clauses: Providing people activation services via the Enboarder services
- Role (controller/processor): Processor
- Data Exporter:
Description of Transfer
- Categories of data subjects whose personal data is transferred
The personal data transferred concern the following categories of data subjects:
Individual hired by data exporter (New Hire), customer employees (HR, manager of the New Hire, mentor, buddy)
- Categories of personal data transferred
The personal data transferred concern the following categories of data:
- New Hire: first name, surname, email address, phone number, bank details, right to work documents, next of kin information, academic certificates, office location, function, business division/ team
- Customer's employees: name, email address
- Sensitive data transferred (if applicable) and applied restrictions or safeguards that fully take into consideration the nature of the data and the risks involved, such as for instance strict purpose limitation, access restrictions (including access only for staff having followed specialised training), keeping a record of access to the data, restrictions for onward transfers or additional security measures.
- The frequency of the transfer (e.g. whether the data is transferred on a one-off or continuous basis).
- Nature of the processing
The personal data transferred will be subject to the following basic processing activities:
Storage on servers located within the EEA (except where Restricted Transfers applies, in which case personal data may be stored on servers located in the data importer's country), deletion, and other processing requested by the data controller
- The period for which the personal data will be retained, or, if that is not possible, the criteria used to determine that period
Upon the termination or expiration of the Agreement, or at any time upon Data Controller's request, Data Processor will immediately cease to process Data Controller Data and will promptly return or destroy the Data Controller Data (including all copies) in Data Processor's possession or control (including any Data Controller Data held by Subprocessors) as instructed by Data Controller.
- For transfers to (sub-) processors, also specify subject matter, nature and duration of the processing
Please refer to Annex III below
- Categories of data subjects whose personal data is transferred
Technical and Organizational Measures
This Appendix forms part of the agreement between the Processor and any Contracted Processor.
Description of the technical and organisational security measures implemented by the data importer:
Measures for ensuring ongoing confidentiality, integrity, availability and resilience of processing systems and services
All Infrastructure is built on AWS Cloud with Auto Scaling that adds additional servers when there is a need. All Servers are deployed in at least 2 availability zones for resilience. Only connections over Secure channel using TLCv1.2 and above are allowed. We have implemented Web Application Firewall rules for blocking non-legitimate traffic.
All data is validated in the backend to manage integrity of data before doing business operations. Users are Authenticated and are only allowed to perform operations based on their role.
Daily database backups ensure data can be restored easily.
Measures for ensuring the ability to restore the availability and access to personal data in a timely manner in the event of a physical or technical incident
Daily Backups are done to ensure data can be restored back in case of any technical or physical incident.
Enboarder does not manage their own data centers and all of the data resides on AWS cloud.
Processes for regularly testing, assessing and evaluating the effectiveness of technical and organizational measures in order to ensure the security of the processing.
Enboarder follows Agile development methodology with all tickets marked as Done by QA team after proper testing. QA teams also performs regression and automation testing.
Developers are all trained on OWASP Top 10 coding principles. Continuous checks are done on third party libraries for any vulnerabilities. Enboarder also performs dynamic code scans for any Vulnerabilities introduced in code. Sonarqube performs the Static code Analysis to find any security issues in code.
Measures for user identification and authorization
Enboarder uses JWT cookies for User identification and users have defined roles for authorization. All operations are allowed access based on the Authentication and Authorization role of the user. Enboarder also has connectors for SSO Integration using SAML2 for user Authentication with all IDPs that support SAML2.
Measures for the protection of data during transmission
All of the data is encrypted at Rest and is only transmitted over secure channel using TLS v1.2 and above.
Measures for the protection of data during storage
All of the data is encrypted at Rest using AES 256 encryption with encryption key managed by AWS
Measures for ensuring physical security of locations at which personal data are processed
All of Enboarder Servers are on AWS cloud. Please add links from AWS website here.
Measures for ensuring events logging
All events are logged in AWS using Cloudtrail and Cloudwatch and by Application. All of the events go to Enboarder SIEM solution for monitoring and alerting.
Measures for ensuring system configuration, including default configuration
All of Enboarder Infrastructure is built using Cloudformation Templates (IAAS). All the configurations are applied by code. Manual changes to Infrastructure are not allowed.
Measures for internal IT and IT security governance and management
Enboarder is ISO27001 certified and undergoing SOC-2 compliance program
Measures for ensuring data quality
Enboarder has robust Testing measures in place to ensure data quality remains good. All of the User Input data is sanitized before being saved to the database. Role based access checks are performed to stop non-authorized access
Measures for ensuring limited data retention
Enboarder has policies in place for data purge for backups after 90 days. For application data, configurations allow Admin users to setup their preferences for data purge
Measures for ensuring accountability
Enboarder logs a lot of data in the SIEM solution, which can be used to analyze events in case of any incident.
Measures for allowing data portability and ensuring erasure
Data portability to customers is only via APIs or via special request from the backend. Data erasures if needed to be done for a customer and never executed manually. Enboarder has a mix of manual approval and automated process to perform data destruction activities in control manner.
For transfers to (sub-) processors, also describe the specific technical and organizational measures to be taken by the (sub-) processor to be able to provide assistance to the controller and, for transfers from a processor to a sub-processor, to the data exporter Classify all data and apply appropriate controls for each level
- Employ encryption of all customer data in transit and at rest to minimum industry standards
- Perform periodic reviews of all our security policies and controls
- Schedule annual penetration tests of the Enboarder application and remediate appropriately
- Perform annualized security training for all Enboarder employees
- Utilize centralized monitoring and logging of all Enboarder production systems
|Categories of data subjects whose data the subprocessor may process on behalf of vendor||Data Controller, User||Data Controller, User||Data Controller, User||Data Controller, User||Data Controller, User||Data Controller, User||Data Controller, User||Data Controller, User||Data Controller, User|
|Categories of data that the subprocessor may process on behalf of vendor||Contact data (email); Cookies or tags (IP address, DNS name, and MAC address); Usage logs; Analytics data||Contact data (phone number); Personal data added in SMS messages; Deep links to application||Contact data (email); Personal data added in email messages; Deep links to application||Contact data (phone number); Personal data added in SMS messages; Deep links to application||User interactions for page analytics||Contact data (name, email); Chat and help messages||Contact data (email); Personal data added in email messages; Deep links to application||Storage for videos recorded by customers. This feature is not available by default||Contact data (phone number); Personal data added in SMS messages; Deep links to application|
|Method of transmission of this data from vendor to subprocessor||API over encrypted channel. Stores and processes all information||API over encrypted channel||API over encrypted channel||API over encrypted channel||API over encrypted channel||All data sent to Intercom is encrypted in transit and at rest||API over encrypted channel||Uses widget of MyInterview||API over encrypted channel|
|Purpose of transmission of this data from vendor to subprocessor||Main cloud provider||SMS provider (APAC region)||Email provider (mainly APAC/US region)||SMS provider (EU/UK region)||Analytics and insights to support users and product development||Customer messaging platform||Email provider (EU/UK region)||Video on demand||SMS provider (US region)|
|Format of data processed by the vendor's subprocessor||Various types||json||json||json||json||json||json||Streaming media||json|
|Duration of transmission of this data from vendor to subprocessor||Continuous basis to support service||Continuous basis to support service||Continuous basis to support service||Continuous basis to support service||Continuous basis to support service||Continuous basis to support service||Continuous basis to support service||Continuous basis to support service||Continuous basis to support service|
|Locations where subprocessor processes this data on vendor's behalf||Sydney (AUS); Oregon (USA); Frankfurt (EU/UK); Canada||Australia||USA||UK||Frankfurt (EU/UK); USA||USA||Germany or Belgium||Frankfurt||USA|