Terms and conditions SaaS
1.1 Agreement means this Customer Agreement on PII Tools product concluded between the Customer and RARE Technologies.
1.2 Application means the web application available as SaaS (software-as-a-service) on the Website through which RARE Technologies provides the Service.
1.3 Audit means an audit of legal compliance of Personal Data processing and an audit of the security of Personal Data.
1.4 Confidential Information means any and all facts related to the performance of this Agreement, including, but not limited to, Personal Data and their processing, including security measures adopted within this processing.
1.5 Customer means a customer using the Application on the basis of the Agreement.
1.6 Customer Account means a non-public part of the Website accessible to the Customer only after entering the Login Details and on the basis of which the Customer may use the Application to the extent permitted by it.
1.7 Customer’s Content means any information and content used by the Customer while using the Application, including information stored by the Customer in the Application.
1.8 DPA means Data Processing Addendum, which forms an annex to and integral part of the Agreement and contains an arrangement on the rights and obligations of the Parties in personal data processing.
1.9 Fee means a fee for the use of the Service in the amount specified in the Price List.
1.10 GDPR means Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation).
1.11 Login Details mean the login name and password through which the Customer accesses the Customer Account.
1.12 Party means a Party to the Agreement, specifically the Customer or RARE Technologies.
1.13 Personal Data mean personal data of natural persons to which RARE Technologies may have access in the performance of the Agreement; this may be any personal data, including special categories of personal data (sensitive data) processed by the Customer via the Application.
1.14 Price List means an overview of fees for the Service specified on the Website.
1.15 RARE Technologies means RaRe Technologies s.r.o., company ID no. 03892620, with principal business address at Svetova 5, 18000 Prague, Czech Republic, incorporated in the Companies Register kept by the City Court in Prague under file No. C 239300, a provider of the Service.
1.16 Registration means the creation of the Customer Account by the Customer through which the Customer can use the Services.
1.17 Service means the service of making PII Tools available through the Application in the scope and in the manner specified in the description of the Service on the Website and in the Agreement; the arrangements made in the Agreement shall prevail over the description on the Website.
1.18 Sub-processor means another processor within the meaning of Art. 28 (2) of the GDPR.
1.19 Test Operation of the Service means the provision of the Service free of charge and to a limited extent (e.g. for a specific trial period). More detailed terms and conditions are available on the Website or below in this Agreement.
1.20 Website means pii-tools.com or its subdomain.
2. Customer Account Registration
2.1 Use of the Application by the Customer is conditional upon Registration.
2.2 The Customer will perform Registration by filling in the required information in the order form on the Website, approving the Agreement and submitting the order form to RARE Technologies for confirmation and invoicing. By submitting the order form, the Customer agrees with this Agreement with a binding effect. The Services will be available the next working day after the conclusion of this Agreement.
2.3 If the Registration and payment is successful, RARE Technologies will send to the Customer an e-mail containing Login Details. The Registration is completed and the Agreement is concluded upon delivery of this e-mail.
2.4 The liability for the veracity and accuracy of representations made and data provided by the Customer during the Registration and in the Customer Account as well as the liability following from provision of incorrect or untrue information shall be borne exclusively by the Customer.
2.5 The Customer agrees to keep the data specified in the Customer Account accurate, complete and up-to-date.
2.6 The Customer may not register more than one Customer Account in the Application without RARE Technologies’ prior approval.
2.7 Only Customer’s employees are authorised to use the Application on behalf of the Customer. The Customer acknowledges that during the performance of the Agreement, RARE Technologies assumes that persons using the Customer Account on behalf of the Customer are authorised to access the Customer Account in accordance with this paragraph. The Customer shall bear all responsibility for use of the Customer Account by these persons.
2.8 The Customer may not allow third parties (other than the persons specified in paragraph 2.7 of the Agreement) to use the Customer Account and agrees to maintain confidentiality of the Login Details. Furthermore, the Customer agrees to inform RARE Technologies without undue delay if the Customer ascertains or believes that its Login Details have been stolen or that its Customer Account may be otherwise compromised or used without authorisation.
3.1 The Customer is obliged to pay a Fee to RARE Technologies for the use of the Service in the Application in the amount specified in the Price List.
3.2 The Fee shall be paid in advance for each calendar month. In case the Customer is going to use the Application during the calendar month in which the Customer performed the Registration, the Customer shall pay the Fee in the amount specified in the Price List for the given calendar month during Registration.
3.3 The Fee shall be paid using the following payment methods:
- online via payment card;
- by recurring payments (e.g. through the PayPal or Stripe service).
RARE Technologies reserves the right to only allow the Customer to pay using one of the above-specified payment methods and, if applicable, to also pay using other payment methods that will be permitted in the future after the effective date hereof.
3.4 The Customer shall fulfil its obligation to pay the monthly amount of the Fee by crediting the total amount of the Fee specified in the Price List to RARE Technologies’ bank account not later than as of the last day of the calendar month in order to use the Service in the following calendar month.
3.5 The Customer acknowledges that RARE Technologies will provide the Service to the Customer only after payment of the Fee for the given period of provision of the Service.
3.6 The Customer acknowledges and agrees that RARE Technologies may unilaterally change the Price List always with effect from the next billing period. Furthermore, the rules stipulated in Art. 12. of the Agreement shall apply to a change in the Price List.
4. Test Operation of the Service
4.1 RARE Technologies allows Test Operation of the Service for the purpose of testing the functionality of the Service by the Customer.
4.2 Test Operation of the Service shall take place based on the Customer’s request. RARE Technologies is not obliged to comply with the request for Test Operation of the Service.
4.3 Test Operation of the Service is provided within the scope and in the manner stipulated by RARE Technologies. RARE Technologies may unilaterally modify the scope and manner of performance of the Test Operation of the Service or not to provide the Test Operation of the Service.
4.4 In case of the Test Operation of the Service, Articles 2 and 3 of the Agreement shall not apply. The rest of the Agreement also applies to the Test Operation of the Service, unless the Article contains a different regulation or unless this is at variance with the purpose of the Test Operation of the Service.
4.5 The Test Operation of the Service is provided to the Customer for a period of 1 week unless RARE Technologies stipulates otherwise or the Parties agree otherwise. RARE Technologies may unilaterally terminate the Test Operation of the Service without stating a reason even during this period.
4.6 The Customer acknowledges that the data stored by the Customer during the Test Operation of the Service will be irrecoverably deleted after its expiry.
5. Use of the Application
5.1 RARE Technologies grants the Customer the authorisation to use the Application within the scope and under the terms and conditions stipulated in the user environment of the Application and under the following conditions:
- The authorisation is non-exclusive, without any territorial and quantitative limitation and is valid for the term of the Agreement; RARE Technologies reserves the right to unilaterally change the territorial and quantitative scope of the authorisation.
- The authorisation also applies to any and all future updates, supplementations, corrections and modifications of the Application, if RARE Technologies performs such updates, supplementations, corrections or modifications and makes them available to the Customer.
- When using the Application, the Customer agrees to comply with the Agreement and all instructions and rules set out in the Application and to act so as to prevent any harm to the Customer, RARE Technologies or other persons using the Application. The Customer, in particular:
- may not extract the database that forms part of the Application by machine or any other means;
- may not allow third parties to use the Application, especially may not sell, lease or otherwise distribute the Application or allow access to the Application to third parties, with the exception of persons stipulated in paragraph 2.7. of the Agreement;
- is obliged to refrain from any dissemination or copying of the Application or any part thereof (including the source code of the Application and any other materials included in the Application or provided along with it), and acknowledges that the Application and all parts thereof are covered by high value intellectual property rights;
- may not modify, combine, distribute, re-translate, analyse, decompile or disassemble the Application or any parts thereof (including the source code) unless expressly permitted by the Agreement or applicable legal regulations that cannot be derogated from by agreement;
- may not circumvent or eliminate measures against misuse of the Application;
- may not use the Application in any manner breaching the applicable legal regulations and/or good morals;
- may not, in any manner, directly or indirectly, pass the Application off as its own technology, including any mentioning of the Application in promotional materials without meeting the conditions set out in paragraph 188.8.131.52 of the Agreement;
- may present its access to the Application to the public only with the written consent of RARE Technologies and with explicit specification of the name of the Application as its operator.
- is obliged to ensure that all the obligations related to the use of the Application set out in the Agreement are also complied with by the persons authorised to use the Application on behalf of the Customer.
- The Customer acknowledges and agrees that any and all data entered in the Application’s database form a part of the database collected by RARE Technologies and become a part thereof without granting the Customer any right to the Application’s database.
5.2 In respect of the use of the Application, the Customer may contact RARE Technologies by e-mail to the address [email protected]
5.3 RARE Technologies is entitled to shut down the Application or its part, change it or make it inaccessible at any time and for any reason, but especially due to non-compliance with the Customer’s obligations stipulated in paragraph 5.1.3. of the Agreement, due to maintenance of the hardware or software equipment of RARE Technologies or third parties which is used for the operation of the Application or for the purpose of updating the Application. RARE Technologies may inform the Customer in advance of downtime, change or inaccessibility of the Application through the Application or by an e-mail sent to the e-mail address specified in the Customer Account.
5.4 The Customer acknowledges and agrees that RARE Technologies is entitled to use a denomination of the Customer, including its business name, logo and should the denomination be a trademark, a trademark, for the purpose of the promotion of the Application and Service, particularly on the Website or in other promotional materials.
5.5 RARE Technologies and, if applicable, its suppliers and licensors retain all property rights to the Application.
5.6 The price of the authorisation for the use of the Application provided under this Article of the Agreement is fully included in the fee for the Service paid by the Customer pursuant to Art. 3.
6. Customer’s Content
6.1 The Customer acknowledges and agrees that RARE Technologies may use, modify and make copies of the Customer’s Content exclusively for the purposes of enabling the Customer to use the Application.
6.2 The Customer represents that it has the right to provide RARE Technologies with the Customer’s Content that is subject to intellectual property rights and that none of the Customer’s Content violates the applicable legal regulations, good morals or third-party rights (including, but not limited to, intellectual property rights). If the Customer’s Content comprises Personal Data, the Customer is responsible for ensuring that it has a legal ground for their processing within the Application.
6.3 The Customer agrees to ensure that the Customer’s Content is free of malware or any other software or components that could endanger the operation of the Application, its security or rights of RARE Technologies or third parties, especially the rights of other users of the Application.
6.4 RARE Technologies agrees to use all efforts that can be reasonably required of it to secure the Customer’s Content against leakage or misuse.
6.5 No property rights to the Customer’s intellectual property that were provided by the Customer to RARE Technologies while using the Application shall pass to RARE Technologies.
6.6 If the Customer fails to comply with the terms and conditions stipulated in this Article of the Agreement in relation to the Customer’s Content or if the Customer’s Content violates legal regulations in any way, RARE Technologies is entitled, but not obliged, to make the Customer’s Content violating these terms and conditions inaccessible or remove it.
7. RARE Technologies’ Liability
7.1 RARE Technologies authorises the Customer to use the Application “as is” and does not guarantee to the Customer uninterrupted availability of the Application.
7.2 RARE Technologies does not guarantee to the Customer any specific result following from the use of the Application. The Application is intended as a tool for making the Customer’s work easier. The Customer uses the Application on its own responsibility and assumes responsibility for all risks related to the use of the Application.
7.3 RARE Technologies is in no way liable vis-à-vis the Customer for any losses or harm related to the use of the Application or its contents, including loss of good reputation, losses caused by interruption of work activities, losses following from a malfunction or failure of the Customer’s equipment through which the Customer uses the Application, or any other damage or losses, except for losses, alienation of or damage to Personal Data caused by breach of RARE Technologies’ obligations following from the applicable legal regulations on personal data protection or the Agreement.
7.4 Within the scope of the limitation of the RARE Technologies’ liability specified in this Article, RARE Technologies is not liable to the Customer for any tangible, intangible, direct, indirect, consequential, economic or other harm caused by the use of the Application or its contents.
8. Customer’s Liability
8.1 The Customer is liable for any and all of its actions made in the Application and for damage it caused to RARE Technologies or third parties, and agrees to also pay to RARE Technologies any and all performances that RARE Technologies was forced to expend in order to satisfy third-party legal claims or penalties imposed by public authorities, including reasonable costs of legal defence in relation to damage caused by the Customer to RARE Technologies. The Customer’s Content is also deemed to constitute actions for which the Customer is liable pursuant to the first sentence of this paragraph.
9. Term and Termination of the Agreement
9.1 The Agreement is valid and effective from the date of its conclusion for an indefinite term.
9.2 Both the Customer and RARE Technologies may terminate the Agreement at any time even without stating a reason so that the Agreement terminates on the last day of the calendar month in which the notice of termination was delivered to the other Party.
9.3 RARE Technologies may terminate the Agreement without a notice period on the grounds of a breach of the Customer’s obligations set out in Art. 5 and 6. The Agreement shall then terminate on the date on which the notice of termination is delivered to the Customer.
9.4 If RARE Technologies terminates the Agreement on the grounds that the Customer raises an objection against the involvement of a new Further Processor within the meaning of paragraph 5.3. of the DPA and RARE Technologies will be unable to provide the Service without the involvement of a Further Processor, the Customer agrees that RARE Technologies may engage the Further Processor against whom the Customer objected in processing until the termination of the Agreement.
9.5 Upon termination of the Agreement, RARE Technologies will make the Customer Account inaccessible to the Customer.
9.6 The Customer acknowledges that the fee paid for the Service pursuant to Art. 3. of the Agreement is non-refundable.
10. Assignment of Rights
10.1 RARE Technologies may assign the Agreement or its rights or obligations following from the Agreement to a third party at any time and the Client expressly agrees with this; the assignment becomes effective upon delivery of a notice of assignment to the Customer’s e-mail address specified in the Agreement.
10.2 The Customer is not entitled to assign the Agreement or any rights established thereby to a third party without the written consent of RARE Technologies.
11.1 All communication between the Parties shall take place by electronic means. A message sent by e-mail shall be deemed delivered at the moment it is sent by e-mail, unless the addressee proves that the message failed to reach the addressee.
12. Amendment to the Agreement
12.1 RARE Technologies may amend this Agreement. The Customer shall be informed of the amendment to the Agreement by an e-mail sent to the e-mail address specified in the Customer Account not later than 30 days before the date of the proposed effective date of the amendment to the Agreement.
12.2 If the Customer disagrees with the proposed amendment to the Agreement, the Customer may terminate the Agreement not later than 15 days before the proposed effective date of the amendment to the Agreement. In case of termination of the Agreement by the Customer, the Agreement terminates upon expiry of the last day preceding the effective date of the proposed amendment to the Agreement or on the last day of the calendar month in which the Customer terminated the Agreement with RARE Technologies, whichever of these dates occurs earlier; the Fee paid for the already ongoing calendar month is non-refundable. If the User does not terminate the Agreement within the set deadline, it shall be deemed that the Customer agrees with the amendment to the Agreement.
12.3 The provisions of paragraphs 12.1 and 12.2 of the Agreement shall not apply to amendments to the Agreement that do not change the rights or obligations of the Parties; this includes, in particular, corrections of grammatical or stylistic errors and typos or changes in the contact details of RARE Technologies. RARE Technologies may make such changes even without having previously informed the Customer.
13. Governing Law and Dispute Resolution
13.1 This Agreement, all claims related to it, their implementation, as well as the use of the Application, shall be governed by the laws of England and Wales (except for conflict-of-law rules of private international law), including the provisions on time-barring. This shall also apply to obligations to compensate damage caused by breach of this Agreement or surrendering of unjust enrichment arising in connection with this Agreement.
13.2 Any disputes concerning the obligations under the Agreement or relating to the legal relationships arising in connection with the Agreement shall be resolved by the courts of England and Wales. The competence of other courts is not permissible.
14.1 If any provision hereof is or becomes invalid, or ineffective or inapplicable at variance with the will of the Parties, or if such invalidity, ineffectiveness or inapplicability unavoidably occurs (especially as a result of a change in the applicable legal regulations), this shall in no way prejudice the validity, effectiveness or applicability of other provisions hereof. In the above-specified cases, the Parties agree to provide each other with mutual co-operation and to perform the relevant legal acts in accordance with the legal regulations, with a view to replacing the invalid, ineffective or inapplicable provision by some other provision so as to preserve and attain the purpose of this Agreement.
RARE Technologies reserves the right to change these terms and conditions from time to time at its sole discretion.
Data Processing Addendum
1. Relationship between DPA and the Agreement
1.1 On the basis of the Agreement, RARE Technologies will be able to handle Personal Data of natural persons uploaded in the Application in connection with the operation of the Application and provision of the Service to the Customer. Personal data will be processed during this process. In relation to the individual Personal Data processing, RARE Technologies shall act as the processor within the meaning of Art. 4 (8) of the GDPR. In relation to the individual Personal Data processing, the Customer shall act as the controller within the meaning of Art. 4 (7) of the GDPR.
1.2 This DPA provides for the relationship between RARE Technologies and the Customer in relation to Personal Data processing.
1.3 All capitalised terms contained in the DPA have the same meaning as defined in the Agreement.
2. Personal Data Processing
2.1 RARE Technologies agrees to process the Personal Data for the Customer within the scope, for the purposes, for the period and in the manners specified in this Article 2 of the DPA, in accordance with the Customer’s documented instructions issued pursuant to paragraph 2.6. of the DPA.
2.2 RARE Technologies agrees to process the Personal Data relating to the data subjects which were made available by the Customer to RARE Technologies in the use of the Application, including, but not limited to, Personal Data included in the files used in the Application. RARE Technologies can thus have access to general personal data (e.g. identification and contact details or contract information) and special categories of personal data (data on health, sexual orientation and other sensitive data) if the Customer decides to look them up in the Application.
2.3 RARE Technologies may process Personal Data only for the purpose of performance of the Agreement consisting in the provision of the Service. For the avoidance of any doubt, RARE Technologies agrees not to process Personal Data for any purposes other than specified in this paragraph.
2.4 The processing of Personal Data by RARE Technologies will have the form of collecting, storing on information carriers, sorting, comparing, transferring and other forms related to the manner of provision of the Service. The Personal Data shall be processed automatically and, if appropriate, also manually so that this activity corresponds to the purpose of Personal Data processing pursuant to paragraph 2.3 of this DPA.
2.5 RARE Technologies agrees to process Personal Data during the term of the Agreement.
2.6 RARE Technologies agrees to process Personal Data pursuant to this DPA on the basis of an instruction under the Agreement. RARE Technologies agrees to process Personal Data also in accordance with other documented Customer’s instructions that the Customer may give to RARE Technologies in conformity with the Agreement and which the Customer gives to RARE Technologies during the term of the Agreement through the Application or by e-mail.
2.7 RARE Technologies shall inform the Customer if, in its opinion, a certain instruction of the Customer is in breach of the applicable legal regulations on personal data protection. Failure to perform such an instruction does not constitute breach of RARE Technologies’ obligations hereunder.
3.1 RARE Technologies agrees to maintain confidentiality of the Confidential Information.
3.2 In relation to the Confidential Information, RARE Technologies agrees to bind all its employees or third parties who process Personal Data on the basis of an agreement with RARE Technologies, as applicable, to maintain confidentiality to the same extent as RARE Technologies, where this obligation shall survive the termination of the labour-law or contractual relationship between the relevant person and RARE Technologies.
4. Personal Data Security
4.1 RARE Technologies agrees to adopt suitable measures corresponding to the risks to prevent unauthorised or accidental access to the Personal Data, their modification, destruction or loss, unauthorised transfer and other unauthorised processing, as well as other misuse of Personal Data.
4.2 RARE Technologies agrees to adopt in particular the following protective measures:
- to protect the media containing Personal Data against unauthorised access;
- to protect Personal Data stored in electronic form against unauthorised access using technologies selected according to their suitability;
- to ensure protection, maintenance and monitoring of security and integrity of RARE Technologies’ network.
4.3 RARE Technologies agrees to process and document the adopted and implemented technical and organisational measures to ensure protection of Personal Data and to keep such documentation up-to-date. RARE Technologies agrees to make the documentation of technical and organisational measures available to the Customer not later than within 10 business days of delivery of the Customer’s request.
5. Involvement of Further Processors
5.1 The Customer acknowledges and authorises RARE Technologies to engage Sub-processors in Personal Data processing under the Agreement, subject to the conditions stipulated in this Article 5.
5.2 As of the date of execution of the Agreement, the Customer expressly authorises RARE Technologies to engage the following Sub-processors in Personal Data processing:
- Microsoft Corporation, with its registered office in Redmond, USA, operating the Microsoft Azure cloud service platform;
- Amazon Web Services Inc., with its registered office in Seattle, USA, operating a cloud service platform.
Personal Data are transferred to Sub-processors specified in this paragraph in accordance with the GDPR, where these Sub-processors agreed to provide RARE Technologies with suitable and appropriate guarantees of Personal Data protection.
5.3 RARE Technologies shall inform the Customer of any and all Sub-processors that RARE Technologies wishes to engage in Personal Data processing, or of replacement of any Sub-processors already involved. The Customer may raise justified objections against the involvement or change of the Sub-processor within 5 business days of the date of delivery of the relevant notice of RARE Technologies. If the Customer does not object to the involvement of a Sub-processor within this deadline, it shall hold that the Customer agrees with the involvement of the Sub-processor.
5.4 RARE Technologies agrees to bind the Sub-processor with the same obligations of Personal Data protection as those binding RARE Technologies under this DPA.
5.5 RARE Technologies is responsible for the processing of Personal Data entrusted to the Sub-processor to the extent to which the Personal Data are used for the performance of the agreement with RARE Technologies. RARE Technologies is liable for breach of the obligations under this Agreement or legal regulations in Personal Data processing by a Sub-processor in the performance of the agreement with RARE Technologies as if the breach of the relevant obligation was committed by RARE Technologies itself.
6. Co-operation and Audit
6.1 RARE Technologies agrees to provide the Customer with co-operation to the extent necessary to ensure compliance of the Personal Data processing hereunder with legal regulations. Within this co-operation, RARE Technologies agrees, in particular, to:
- adopt, without undue delay, technical or organisational measures in the extent necessary for the prevention or remedy of breach of DPA or legal regulations on personal data protection;
- assist the Customer in the implementation and maintenance of suitable technical and organisational measures for the Personal Data processing in connection with fulfilment of this DPA;
- notify the Customer, without undue delay, of any breach of Personal Data or any other security incident that could affect the Personal Data processing under this DPA or the rights and legally protected interests of data subjects;
- assist the Customer in assessing the impact on Personal Data processing under this DPA on personal data protection, or in prior consultations with the supervisory authority;
- provide the Customer, without undue delay, with any and all underlying documents and information necessary to demonstrate that the Personal Data processing under this DPA is carried out in accordance with the legal regulations;
- submit to the Customer, without undue delay, requests of data subjects which they are entitled to make under the legal regulations (right of access, rectification, erasure, etc.) and assist the Customer as appropriate in resolving such requests.
6.2 The Customer may perform an Audit at RARE Technologies at its own expense either on its own or through an authorised third party. RARE Technologies agrees to provide the Customer or a third party authorised by the Customer with all co-operation necessary for the performance of the Audit, including, but not limited to, providing documentation on the technical and organisational measures for the Personal Data processing and other internal regulations concerning the Personal Data processing, and to make available its electronic and information systems to the extent necessary for the Audit for the necessary period of time. The Customer agrees to perform the Audit so as to affect RARE Technologies’ operation only to the necessary extent. For the avoidance of any doubt, the Customer is not in any way allowed to examine any part of the technical tools of RARE Technologies that are subject to intellectual property rights, especially source codes.
6.3 The Customer may perform the Audit once every 12 months of the term of the Agreement and each time RARE Technologies or a Sub-processor breaches obligations under this DPA or under legal regulation on personal data processing.
6.4 If the Customer intends to perform an Audit at RARE Technologies, it is obliged to inform RARE Technologies of this fact not later than 30 days before the date of the planned Audit. RARE Technologies may propose another suitable date, but not later than 30 days of the date proposed by the Customer. RARE Technologies shall notify the Customer of this fact within 3 business days of the date of delivery of the Customer’s notice of the Audit. If the Customer disagrees with the proposed date, it shall notify RARE Technologies of its disagreement within 3 business days of the date of RARE Technologies’ notice of the proposed new Audit date; otherwise, the last date proposed by RARE Technologies shall apply. If RARE Technologies proposed a new Audit date due to a conflict of the date with an audit carried out at RARE Technologies by another controller, the Customer may refuse the proposed date only if it has a justified suspicion that RARE Technologies materially breaches its obligations under this DPA and this material breach will result in a serious infringement of the data subjects’ rights. If the Customer notifies RARE Technologies of its disagreement with the proposed date within the deadline set out in this paragraph, the Audit shall take place on the tenth business day following the original date of the Audit proposed by the Customer.
6.5 For the purposes of paragraph 6.4. of the DPA, it holds that a material breach of RARE Technologies’ obligations means the breach of:
- the obligation to process Personal Data only in accordance with and for the purpose defined by the DPA or some other agreement of the Parties set out in paragraph 2.3 of the DPA;
- the obligation to maintain confidentiality set out in paragraph 3.1. of the DPA;
- the obligation to introduce suitable safety measures set out in paragraph 4.1 of the DPA;
- the obligation to report breach of Personal Data security or some other security incident set out in paragraph 6.1.3. of the DPA.
6.6 RARE Technologies agrees to adopt, without undue delay, technical and organisational measures to remedy errors or security risks ascertained by the Audit to the extent necessary to ensure the remedy.
7. Other Obligations of RARE Technologies
7.1 RARE Technologies agrees to fulfil the processor’s obligations set out in this DPA and the legal regulations on personal data protection, in particular as follows:
- comply with the means and methods of Personal Data processing stipulated in this DPA;
- retain Personal Data only for the period determined by the Customer, not longer than for the term of the Agreement;
- proceed, in processing of Personal Data within the Customer’s instruction, so as not to infringe the rights of any of the data subjects, in particular the right to the preservation of human dignity, and also to ensure that the private and personal life of data subjects is protected against unauthorised interference;
- destroy the Personal Data if so instructed by the Customer, unless it is required by the law to retain such Personal Data; and
- not to transfer Personal Data to third parties without the Customer’s authorisation, which may also be included in this DPA.
8. Termination of Processing
8.1 Unless the Parties agree otherwise, the relationship concerning Personal Data processing following from this DPA shall continue until termination of the Agreement.
8.2 In the event of termination of Personal Data processing, RARE Technologies agrees to transfer all Personal Data to the Customer and delete the existing copies unless the law requires that RARE Technologies retains such existing copies.
8.3 RARE Technologies agrees to maintain confidentiality pursuant to Art. 3 of this DPA and to ensure security of Personal Data even after termination of the Agreement if the Personal Data is not destroyed.
RARE Technologies reserves the right to change these terms and conditions from time to time at its sole discretion.