General terms and conditions

ChatBot SaaS nixi1  

 

These General Terms and Conditions govern the relationship between the Company and CorreYvuela Bot, S.L. (hereinafter "nixi1" or the "Society indistinctly) with registered office in Barcelona, Calle Platón 6, 1ª planta, puerta 5, CP 08021 and N.I.F. B66810078, jointly referred to as "the Parties".

Its acceptance and consequent formalisation will take place telematically, and nixi1 will keep a digital report of its acceptance, available to the Company at any time. They are provided in downloadable format. However, they will be permanently available on the platform dashboard for consultation. In any case, after acceptance, you will receive an email acknowledging receipt of the registration.

They may only be formalised in Spanish.

In the event that the Company detects that an error has occurred when entering your data during your registration as a user of the platform, you may modify them on the platform itself under the terms described in Condition 5. In any case, you may correct errors related to the data by contacting customer service, as well as exercise the right of rectification contemplated in our Privacy Policy in the case of data of a personal nature.

nixi1 reserves the right to modify the present conditions, the Company having the guarantees of termination that are regulated in the present General Conditions.

1. DEFINITIONS

Except to the extent expressly provided otherwise in these Conditions:

1.1. "Agreement" or "Contract" 1.2. shall mean these General Terms and Conditions, including the Annexes and any amendments thereto as they may be amended from time to time;

1.2. "Service Level Agreement". is the level of quality of the services covered by these General Conditions guaranteed by nixi1;

1.3. "Annex" means any document containing agreements on scheduling parameters, planning, pricing, quality, particular conditions, etc. attached to the main body of these General Conditions;

1.4. "Cause of Force Majeure". involves matters beyond a Party's reasonable control that occur without the ability to foresee, control or avoid as described in these Terms and Conditions;

1.5. "ChatBot SaaS nixi1". are the software and technology owned by nixi1 that allows a user/Customer of the Company to make enquiries, be assisted or, where applicable, make reservations for tourism services, within a messaging tool such as WhatsApp, Facebook Messenger, Telegram, SMS or any other with which nixi1 has reached an agreement. As well as through a website, an app, a blog or nixi1's own white label channels such as the ChatWeb, the messaging App (hereinafter, the "nixi1 customer App") and the "API Connection" so that third parties and customers of the platform who wish to incorporate the Chat functionality into their own App or applications, can integrate them into nixi1's systems, as additional communication channels. 1.6. "Customers" or "Customers of the Company" 1.7. are the user(s) Client(s) of the Company, the natural or legal persons who contract the Company's services or access the SaaS;

1.7. "Data Processor Contract". refers to the contract which governs nixi1's access to personal data for which the Company is responsible for the provision of the Services and which contains the minimum requirements regarding the protection of personal data that the Parties must comply with in order to protect both the personal data subjects and the disclosing Party;

1.8. "Corporate e-mail is an e-mail address that belongs to and is managed by the Company and whose domain identifies the Company, and the registration of e-mail accounts such as @gmail.com, @yahoo.com, @hotmail.com or similar is not permitted;

1.9. "Account is the set of computer identifications, passwords and authorisations, including keys obtained automatically through the nixi1 delegated authentication system (tokens) that allow a person to access and use the Services, including administrator accounts and accounts of all other users;

1.10. Dashboard is the management environment of the Customers by the Company's organisation to which its operators will be able to access through a username and password and in which they will find and be able to manage and communicate all the information concerning the inventory of products and Services, their Customers, and the conditions and relevant economic information in relation to nixi1's services;

1.11. "Company details". is all information and materials provided by the Company to nixi1 for use in connection with the SaaS Services under this Agreement, including but not limited to text, files, images, graphics, illustrations, data (including Personal Data), audio, video, photographs and other content and materials in any format;

1.12. "Company Customer Data". is all Customer information provided by the Company to nixi1 as data processor. The processor contract will be expressly accepted online;

1.13. 'Personal data has the meaning given to it in the data protection legislation applicable in Spain, whether national or Community legislation;

1.14. "Defects of the Services". are those errors in the Platform that have a material adverse effect on the appearance, operation, functionality or performance of the Services, but excludes any defect or error caused by or arising as a result of: (i) any act or omission of the Company or any person authorised by the Company to use the platform or the Services; (ii) any use of the Services contrary to the Documentation or these Terms and Conditions, whether by the Company or any person authorised by the Company; (iii) failure of the Company to implement, comply with, monitor, perform or observe any of its obligations in these Terms and Conditions; (iv) an incompatibility between the Services and any other system, network, application, program, hardware or software not specified as compatible in the "Hosted Services Specification"; (v) events outside the technological and operational scope of the Services or caused by third parties;

1.15. "Intellectual property rights means all intellectual property rights (copyright, neighbouring rights, database rights), confidential information, trade secrets, know-how, trade names, trademarks, patents, utility models, designs or any other similar rights, anywhere in the world, whether registrable or unregistrable, registered or unregistered, including any application or right to apply for such rights;

1.16. "Business Day". means any day of the week from Monday to Friday that is not a public holiday in Spain, Catalonia or Barcelona;

1.17. "Platform documentation". are the guides, manuals, tool-kits or any documentation made available at any time by nixi1 Company describing the technical and functional aspects regarding the use or operation of the platform and the Services;

1.18. "Duration means the period of time during which the Contract shall remain in force;

1.19. "Hosted Services Specification". refers to any specification, detail, clarification, limitation, tariff, quality of service level, etc. of the Services as set out in the Platform Documentation and Annexes, as well as those specified in the future by the platforms in which nixi1 is integrated. The specifications of the payment plans published on the website shall prevail over any other documentation; 

1.20. 'Business hours means the hours from 10.00 to 17.00 CET from Monday to Friday on working days;

1.21. "Service launch". is the moment when, after the necessary integrations, programming and corporate adaptation works, the Company's Customers can communicate and be assisted through the nixi1 tool;

1.22. "Privacy and Data Protection Policy". refers to the document containing the duty to inform the persons from whom any type of personal data is to be obtained, prior to the processing thereof, which is available at the following address https://nixi1.com/politica-de-privacidad/

1.23. "Company services". refers to all of the Company's services and products offered to its own Customers;

1.24. SaaS (Software as a service): nixi1's software exploitation method according to which a comprehensive service is offered which includes the user licence, maintenance, update and technical support in exchange for certain recurring payments specified in these General Terms and Conditions and those of its ancillary services. The SaaS platform incorporates nixi1's technology providing the Company with a new sales and direct support channel to boost sales, reduce operations, enable direct communication with customers, optimise customer loyalty and manage online collections and recoveries;

1.25. "Hosted Services". o "Services" refers to the set of SaaS services;

1.26. 'Maintenance services are the works of control, revision and correction of defects of the platform and the Services, as well as updates if necessary;

1.27. 'Support services o "Support" are technical and functional support services;

 

2. OBJECT

2.1. The purpose of these Terms and Conditions is to define the terms governing the access and use of the Software as a Service "SaaS" provided by nixi1 to the Companies, allowing access to its SaaS platform and software for specific purposes, as well as those of the Hosted Services.

2.2. The Services will be provided by nixi1 using as a management tool proprietary and third party software applications located on a technology platform to which, once the relevant user licenses have been granted, the Company will have access for the purposes detailed in these Terms and Conditions and/or any Hosted Services Specifications that may have been provided. nixi1 grants to the Company a non-exclusive, non-transferable, royalty-free right to access and use the SaaS and the Hosted Services solely for its internal business purposes, subject to the fulfilment of its payment obligations, under the terms and conditions of these Terms and Conditions. Accordingly, all rights not explicitly granted herein to the Company shall vest in nixi1. The Company therefore does not acquire any rights or licences under these General Terms and Conditions to use the SaaS and the Hosted Services beyond the agreed scope and/or duration. Upon termination of the Agreement, the Company's right to access and use the same shall terminate with immediate effect.

2.3. The territorial scope of the licence is limited to the Spanish market.

 

3. DURATION OF THE CONTRACT

3.1. The Contract entered into with the acceptance of these General Terms and Conditions shall be effective from the date and time of acceptance and shall continue in force for a period of one (1) year.

3.2. The Contract shall be automatically renewed for additional periods of the same duration, unless terminated by either Party two (2) months prior to the end of the initial term or each of the extensions.

 

4. USE OF THE PLATFORM

4.1. nixi1 will ensure that the platform automatically generates an Administrator Account for the Company and provides the login details for that Account, once the Company has registered. Once the Administrator account is created, the Administrator will be able to create and assign other management roles such as Administrators, Brand Managers, Branch Managers, Agents and Operators, as detailed in the Documentation and in accordance with the payment plan selected by the Company.

4.2. Depending on the payment plan chosen, Administrators will be able to: create brands and branches in order to maintain structured information on their bookings, cost centres and to manage their resources more efficiently.

4.3. The Company acknowledges that acceptance of these Terms and Conditions constitutes an agreement for the provision and use of Services and that nixi1 will not provide copies of the Software or any element of the platform to the Company as part of the Services contracted. Furthermore, nixi1 cannot guarantee the achievement of specific results that are not solely dependent on its activity, which are known and accepted by the Company.

4.4. The Company shall use the Platform and the SaaS in accordance with the Platform Documentation and such other instructions and acceptable use policy documentation as may be provided by nixi1 from time to time. It shall be the responsibility of the Company to ensure that all persons with access to the SaaS have the necessary authority and act in compliance with the usage policies. By way of example, but not limitation, Company shall be subject to the following prohibitions: (i) not to sell, resell, license, rent, lease, loan, transfer, provide, publish or distribute the Software or other elements of the Platform as they are owned by Nixi1 or any third party, or any password or username for the nixi1 Account and Services; (ii) not alter, translate, edit or adapt the nixi1 or third party Software, platform or Services; (iii) not make, disassemble or attempt to decompile, reverse engineer or modify the Software, in whole or in part, or make derivative works based on the nixi1 or third party Software; (iv) not falsify, remove or obscure any intellectual property rights, industrial or similar proprietary rights reservations or legal notices of nixi1 or any third party that may have been included in the Software, platform or nixi1's or any third party's Documentation; (v) not exceed the limits set by the Account and credentials purchased during the term of the Agreement, in which case the Company shall be solely responsible for the breach and payment of the excess; (vi) not use the Services in any manner that causes, or may cause, damage to the Services, the Software or the platform or impairment of the availability or accessibility of the Hosted Services or third party Services. In particular, the Company must not use the Hosted Services: (a) in any way that is unlawful, fraudulent or harmful; or (b) in connection with any unlawful, illegal, fraudulent or harmful purpose or activity.

 

5. ACTIVATION AND PROVISION OF SERVICES

5.1. To activate the Hosted Services, the Company agrees to provide nixi1 (or its authorised resellers) with the personal or corporate information requested during the registration process, ensuring that it is stated and kept up to date, complete and truthful.

5.2. The Company agrees to comply with all technical connection prerequisites previously communicated by nixi1 or its authorised distributors or communicated at any time by any means. The Company is responsible, at its own expense and care, for purchasing, preparing, activating and installing everything necessary to use the Services (e.g., a suitable terminal, telephone lines, telephone equipment and modem and/or router equipment, subscriptions, devices, etc.).

5.3. nixi1 will provide the Company with access credentials to the Hosted Services for the duration of the Agreement. These will consist of a username, consisting of the email address that the Company will enter on the first page of the registration. The Company will receive an account verification email in which it will be provided with a link to continue with the process and freely configure its password, accessing the SaaS Dashboard. The Company will activate the Services, manage the permissions to other users of your company and manage the data of your own Administrator Account using such passwords. The Dashboard will contain the copy of the Contract, as well as the Company will be able to modify data that has been entered incorrectly. With the delegated authentication system in nixi1 for the access to the KPI dashboards, the users authorised by the company to access the Dashboard in owner or administrator mode, will also be able to access the KPI dashboards without the need for an additional registration in the system that hosts these dashboards.

5.4. It is the responsibility of the Company to maintain the confidentiality of your credentials, which are strictly personal and non-transferable. The Company will hold nixi1 harmless from any improper and/or unlawful use that any employee, collaborator or third party may make of your Account once it is activated.

5.5. nixi1 reserves the right to modify the conditions of access and use of the Hosted Services for any reason, including but not limited to changes in telecommunications technologies and changes in the technical characteristics of the software, hardware and basic applications (including but not limited to operating systems and technological infrastructures).

 

6. COMPANY INFORMATION AND CONTENT

6.1. The Company grants nixi1 a non-exclusive licence to copy, reproduce, store, distribute, publish, export, adapt, edit and translate the Company Data to the extent reasonably necessary for the performance of nixi1's obligations and the exercise of its rights under these Terms and Conditions, together with the right to sub-license these rights to its service providers to the same extent.

6.2. The Company is solely and exclusively responsible for the data, text, audio, video, images, software, advertising and any other content entered during access to or use of the Platform and the SaaS Services. The Company warrants to nixi1 that the data provided will not (i) infringe nixi1's or any third party's Intellectual Property Rights or other legal rights; (ii) breach the provisions of any law, statute or regulation in each case in any jurisdiction and under any applicable law.

Our white label services allow you to create, publish, store, send and receive content, such as text, images and videos, as well as other materials, including trademarks, logos and other materials owned by or licensed to the Company. The Company grants a worldwide, non-exclusive, sub-licensable and transferable licence to use, reproduce, communicate, distribute, modify, adapt, translate, transform your content solely for the purposes of operating, performing, developing, promoting, updating or improving the nixi1 Services and developing new services or features. The Company represents and warrants that it has all necessary rights to grant the licence to use the content and that any use of the content will not infringe the rights of any third party, applicable law or cause any damages to nixi1, for which the Company will hold nixi1 harmless.

In the event that nixi1 considers or is informed that any of the contents infringe third party rights or applicable legislation, it may proceed to remove them, prior communication to the Company.  

6.3. nixi1 will create backup copies of the Company Data, ensuring that each copy is sufficient to allow nixi1 to restore the Hosted Services to the state they were in at the time the copy was made and will retain and securely store each copy for a maximum period of 30 calendar days.

6.4. The Company shall be solely responsible for the information it enters into the system. Any errors in relation to the Company's Data will be corrected by the Company.

6.5. Administrators may, through the Dashboard, edit and modify the privileges and assignment of brands and delegations, at any time, adapting them to their convenience.

 

7. CUSTOMER INFORMATION AND DATA 

7.1. The Company accepts the online processor agreement which will also be available on the Dashboard in order for nixi1 to provide the Services under the basic terms of Condition 16 of these Terms and Conditions.

 

8. INTELLECTUAL AND INDUSTRIAL PROPERTY RIGHTS

8.1. Nothing in these Terms and Conditions implies the assignment or transfer of any Intellectual Property Rights from nixi1 to the Company or from the Company to nixi1.

8.2. In this regard, the Company retains full ownership and intellectual property rights to any Company Data it may provide and nixi1 or its licensors retain full ownership and intellectual property rights to (i) the Services, the Software or any element of the platform, and any enhancements, derivative works or modifications thereof; (ii) any software, applications, inventions or other technology developed or provided in connection with the Services and (iii) any know-how or Confidential Information on the terms described in this Agreement which is accessed in the course of the performance of this Agreement.

8.3. nixi1 will not be responsible, in any case, for the possible infringements of the applicable legislation, including but not limited to the legislation on Personal Data Protection or intellectual and industrial property, on the content and the Company's Data stored on the platform by the latter, for which the Company will hold the Company completely harmless.

 

9. MAINTENANCE SERVICES

9.1. nixi1 will provide Maintenance Services to the Company during the term of the Contract. Such Maintenance Services shall be provided with due diligence and under standards of quality and care reasonably appropriate to the industry.

9.2. nixi1 will, where practicable, provide the Company with 3 working days written notice of scheduled Maintenance Services or where the commencement of Maintenance is likely to affect the availability of the Services or have a material adverse impact on the Services.

 

10. TECHNICAL SUPPORT, QUERIES AND SERVICE LEVEL

10.1. nixi1 will provide Support Services to the Company for the duration of the Contract in accordance with due diligence and industry standards of quality. Support will be made available to the Company via a dedicated chat facility on the SaaS Dashboard and by email on Business Days from 10.00 to 17.00 CET via the address support@nixi1.com

10.2. nixi1 will respond as quickly as possible to all requests for Support services made by the Company in accordance with the Service Level Agreement corresponding to the contracted Payment Plan. 

10.3. The notification process will be carried out as follows:

(i) The Company will immediately notify nixi1 of all Service failures and nixi1 will in return inform the Company of the nature of the relevant Service failure and the expected time to remedy it.

(ii) The Company shall, if necessary, provide all necessary and reasonable support in order to restore the Service.

(iii) nixi1 will inform you as soon as possible when the malfunction is not related to the Service.

(iv) nixi1 will notify the Company as soon as the failure of the Service has been remedied.

10.4. The response time shall be proportional to the seriousness of the error, and shall in no case exceed 15 working days.

10.5. Any Service for the resolution of errors hosted on the Company's servers will be performed remotely from nixi1's offices. These Services do not include travel to the Company's premises.

10.6. Service Levels: In order to measure the level of Service and thus determine the minimum acceptable quality of the Services during the term of the Contract, the Parties agree to define the indicators set out below. A six-monthly study of the level of use of the platform will be carried out in order to correctly dimension the level of Service necessary to be able to guarantee the quality of the Service. In this way, nixi1 will inform of any need to increase or decrease capacity or of any incident that may arise and affect the stipulated level of quality.

The main service level indicators are: (i) average incident response time; (ii) incident resolution time; (iii) service availability. Response time is defined as the time that elapses between the incident being received and the technician starting to work on its resolution. If necessary, contact will be maintained with the Company to indicate if any corrective action is required or the scope of the actions to be taken to correct the problem. Thus, nixi1 will endeavour to repair any Service interruption as soon as possible in accordance with the protocol according to the table below.

 

Priority level I	Critical priority	Service is seriously affected and the system cannot be used. In these incidents there are no alternatives to using the system and they must be resolved with the highest priority.	The 95% of all failures will be assigned in the course  1 hour during Business Hours.	95 % of all faults will be repaired within 1 day during Business Hours.
Priority Level II	High priority	The service is unavailable to many Customers, but activity can be maintained in other ways. There are no alternatives available for affected Customers to access the service while the issue is being resolved.	The 95% of all failures will be assigned in the course  1 hour during Business Hours.	80 % of all faults will be repaired within 2 days during Business Hours.
Priority Level III	Medium priority	Not all functionalities are available or sporadic failures occur. Alternatives are available for the execution of activities. Some tasks may be affected until the issue is resolved.	The 95% of all failures will be assigned in the course 3 hours during Business Hours.	The 60% of all faults will be repaired within 3 days during Business Hours.
Priority level IV	Low priority	Incidents with minimal degradation of the service that do not affect the availability of the service for the Company, are not visible to the end customer or those that do not affect the execution of the tasks.	The 95% of all failures will be assigned in the course  8 hours during Business Hours.	The 50% of all faults will be repaired within 1 week during Business Hours.

10.7. The training service is not included in the present contract and therefore any problem not related to possible incidences regarding the system and dealing with doubts about the use of the system will not be covered by nixi1 in accordance with the present criteria. At any time, the Company will be able to ask nixi1 for a quotation for the provision of training in relation to the tool.

10.8. Exclusions: nixi1 does not guarantee a higher level of service than that specified in this Agreement and shall not be liable for any claims in the event that the service downtime is greater than the agreed level of service. The following cases/incidents are excluded from this Service Level Agreement:

– Caused by factors beyond nixi1's reasonable control, including Force Majeure events, Internet access or failures of the Company's software, network or hardware.

– The result of any act or omission of the Company or any third party; including its equipment, software or any other technology;

– Caused by connection failures to third party services, where nixi1 will only be obliged to the corresponding notification of the incident and its monitoring or follow-up, given that its direct intervention in the resolution of the incident is not contemplated.

– Result of any upgrade or maintenance work.

– Acts or omissions of the Company or breach of the Contract (e.g., mailbox inaccessibility due to suspension or overage). The Company's account must be current with all bills paid and up to date.

10.9. Service Level Guarantees: For those cases where the agreed minimum level is not reached, a penalty in favour of the Company will be applicable. This means that the next month's tariff payable by the Company will be reduced proportionally.

The penalty level will be calculated according to the number of hours for which the service was unavailable during Support hours as follows:

Priority	Hourly penalty
Critique	10% on the total monthly payment.
High	7% on the total monthly fee
Media	3% on total monthly payment
Baja	1% on the total monthly payment

 

Time penalties in any month are capped at 50% of the total monthly fee. The computation of time excludes maintenance periods under the terms of Condition 9.

11. EXCLUSIVITY OF THE UNDERTAKING

11.1. nixi1 uses a leading technology in the market, key in its business development, so it does not authorise its access, reproduction, distribution, communication, making available, transformation or any type of exploitation beyond what is agreed in these General Conditions, nor of the materials, elements or know how associated.

11.2. During the term of the Contract the Company will exclusively use nixi1's product and services, i.e. the Company will not use any similar or competing service/product, directly or indirectly, with the SaaS Services set out in these Terms and Conditions without the prior authorisation of nixi1. This condition does not apply to other online management systems that do not have developments that allow communication and assistance to the Customers through instant messaging channels.

11.3. Such exclusivity does not extend to nixi1, who may freely and at its sole discretion provide the Services to other entities in the same or different sectors or use partners for the commercialisation of its technology.

 

12. PRICE, INVOICING AND PAYMENT

12.1. In consideration for the SaaS Services, the Company is obliged to pay the mandatory monthly fixed and/or variable amounts in accordance with the  table of Prices and Tariffs. 

To these amounts will be applied additionally the corresponding tax at any given time. Before contracting any of our plans, the Company must examine the table of Prices and Tariffs and consult nixi1, prior to contracting, any doubt related to the services included in each of the tariffs: support@nixi1.com. 

nixi1 reserves the right to modify any element of the price tables and tariffs upon prior written notice on the terms described in these Terms and Conditions.

12.2. nixi1 will issue the relevant invoices to the Company at the end of the relevant month and:

(i) in the Basic Plan, will debit the amount from the bank card whose number has been previously entered by the Company in its Dashboard;

(ii) in the Premium Plan, will debit the amount from the bank card number previously entered by the Company in its Dashboard. Alternatively, at the request of the Company and provided that the Company meets the requirements of the financial risk analysis, nixi1 will issue a bank remittance for the same amount, for the same period, to the bank account specified by the Company in its profile.

The Company will be responsible for ensuring that nixi1's charges are honoured upon receipt of the charge, and will hold nixi1 harmless for any additional costs incurred by nixi1 due to any refunds or insufficient balances which will be borne by the Company.

If the Company fails to meet its payment obligations owed to nixi1 under these Conditions, the interest rate applied by the European Central Bank to its most recent main refinancing transaction carried out prior to the first day of the relevant calendar half year plus eight percentage points will apply to the amount due. In addition, nixi1 will be entitled to claim compensation from the debtor for all duly substantiated collection costs incurred by nixi1 as a result of the debtor's default, including the reimbursement of receipts. Interest will accrue daily until the date of actual payment and will be compounded at the end of each month.

12.3. Furthermore, nixi1 may suspend the provision of the Services after the due date for payment of the amounts due and owing by the Company under these Terms and Conditions, upon giving at least 10 calendar days written notice of its intention to suspend the Services for such reason, without any claim against the Company.

12.4. In the event that the contracting of any implementation and/or training consultancy services, ad hoc integrations and developments or any other service not contemplated in the price of the Contract is agreed, these shall be budgeted and expressly accepted by the Company. 

 

13. CONFIDENTIAL INFORMATION

13.1. The term "Confidential Information" means any information and/or results, whether or not proprietary to a Party, communicated to the other Party, regardless of the medium used for such transmission (paper, drawing, readable medium, via computer, etc.) or the form of such transmission (written, oral or visual), without this relationship being limited to software, platform elements, source code, know-how, plans, drawings, models, designs, specifications, etc. Both Parties agree not to disclose to third parties any Confidential Information disclosed by the other Party in the context of this Agreement, without the prior express written authorisation of the Party providing them, and are bound by the strictest duty of secrecy.

13.2. Both Parties agree to act in good faith at all times with respect to the Confidential Information of the other Party and to exercise reasonable care to protect it from unauthorised disclosure, which care shall be no less than that provided to their own Confidential Information.

13.3. Confidential Information shall only be disclosed to employees or consultants who need to know such information to perform the Services and shall contractually require such personnel to comply with the same obligations of secrecy and confidentiality.

13.4. The Parties shall not use any Confidential Information of the other Party for any purpose other than as set out in these Terms and Conditions.

13.5. Expressly excluded from the obligation of confidentiality are communications or replies to authorities, public officials, courts or any others that are legally obligatory, as well as data that are in the public domain, have been published or can be legally obtained from other sources.

13.6. Upon termination of the contractual relationship, both Parties shall return or destroy all Confidential Information in their possession in the course of their relationship with each other by delivering a certificate of destruction to the other Party.

13.7. The obligation of confidentiality shall continue during and after the termination of the Contract.

13.8. In the event of a request for access to Confidential Information by a Court/Court or Authority, the Parties shall give prior notice if possible in order to minimise the impact as far as possible.

 

14. GUARANTEES

14.1. Nixi1 warrants to the Company that:

(i) Based on the current state of technology applied to business communication and management, it has access to all the knowledge and expertise necessary to perform its obligations under this Agreement;

(ii) You have the legal right and capacity to accept these General Terms and Conditions and to fulfil your obligations;

(iii) You will comply with all applicable legal and regulatory requirements that apply to the exercise of nixi1's rights and the performance of nixi1's obligations under these Terms and Conditions;

(iv) Use reasonable efforts consistent with prevailing industry standards to maintain the Services in a manner that minimises errors and disruptions to the Services;

(v) nixi1 does not warrant that the Services will be uninterrupted or error free; nor does nixi1 make any warranty as to the results that may be obtained from the use of the Services. Except as expressly set out in this section, the Services are provided according to the specifications described in these Terms and Conditions and its Annexes and the Company desires and accepts them subject to the warnings contained herein.

14.2. The Company warrants to Nixi1:

(i) That you have the right and legal capacity to accept these General Terms and Conditions and to fulfil your obligations.

(ii) That you will only use the platform and the Services for the Company's internal business purposes and not for marketing. The Company shall not, without limitation, do any of the following: (i) exceed any of the limitations on use identified in the Documentation provided; (ii) exploit, license, rent, lease, or distribute the SaaS, include it as a service or an outsourcing offering; (iii) reproduce, communicate or transform any portion, feature, function or user interface of the SaaS; (iv) alter the integrity or performance of the SaaS; (v) use the SaaS to include, send or store data that is obscene, intimidating, defamatory, illegal or criminal in nature such as that which infringes third party rights such as data protection or intellectual property; (vi) use the SaaS to interfere with or damage a third party's system or environment; (vii) access the SaaS to create a competing service to that provided by nixi1 or to facilitate access by third parties; or (viii) modify, reverse engineer, disassemble, decompile, reverse engineer, reproduce, distribute, communicate, transform or download any part of the SaaS Services. Company is responsible for complying with all terms of use for any software, content, platform, service or website that it uploads, creates or accesses using the SaaS.

(iii) That it will respect any usage limitations and policies that the platforms integrated in the SaaS impose on its users, even if these have not been communicated by nixi1, holding nixi1 harmless for any breach in this regard, even if the action has been performed through the SaaS.

(iv) That it will provide appropriate computer and communications equipment and will ensure at all times, at its own expense, that such equipment remains adequate to provide access to the platform.

(v) That it shall ensure and guarantee that its Clients: (i) ensure that, for each transaction they carry out through the platform, they have the prior consent of the recipient of the transaction in question or legitimating basis that allows it; (ii) will respect any usage limitations and third party policies that are integrated into the platform and imposed on its users, holding nixi1 harmless for any breach in this regard, even if the action is performed through the SaaS; (iii) are holders of bank accounts, passwords, DNI/NIE/Passport or personal information that they use or include in the SaaS or that they are authorised to do so; (iv) will ensure and warrant that they have the prior consent of the recipient of the transaction in question or legitimate basis to do so.

(vi) That it will provide nixi1 with all the necessary information in relation to the execution and performance of the Contract.

 

15. LIMITATIONS OF LIABILITY

15.1. Neither Party shall be liable to the other Party in respect of any loss arising from a Force Majeure event. Force Majeure Events shall include, without limitation, earthquakes, floods or other natural disasters, labour disputes, actions of governmental entities, war, riots, terrorism, fire, explosions, including failure of the Internet or any public telecommunications network, hacker attacks, denial of service attacks, viruses or other malware, software attacks or infections, power failures, industrial disputes affecting third parties, legislative changes, disasters, pandemics, explosions, fires, floods, riots, terrorist attacks and war. Upon the occurrence of a Force Majeure event, the Party whose performance is affected shall notify the other Party in writing and shall make every effort to resume performance as soon as possible. To the extent that the occurrence of a Force Majeure event makes performance inadvisable, illegal or impossible, the Parties, with prior written consent, may (i) negotiate and equitably modify the affected obligations; (ii) terminate performance of their obligations under these Terms and Conditions if the Force Majeure event continues three (3) months thereafter.

15.2. The Company acknowledges that any complex and AI-integrated software, such as that which is the subject of this Agreement, is never completely free of defects and bugs, even in its final version, given its very essence of experiential learning. nixi1 does not warrant that the Services will be completely free of defects, interruptions and bugs. In addition, nixi1's SaaS operates with access to the user's internet and third party platforms/suppliers so any failure in the network, or in their systems cannot be considered a breach by nixi1 nor does it imply the existence of any relationship between nixi1 and them, nor the acceptance and approval by nixi1 of their content and/or services, being the owner/provider solely responsible for them.

The Company is informed, knows and expressly accepts that the platforms and providers used by the platform have their own terms and conditions to which it has access because they are public. Likewise, the Company will transmit them to its Clients and will ensure that they accept them to the extent applicable to them, and will be responsible for their use of the services in compliance with these obligations. The Company undertakes to provide the service to its Customers only on substantially similar and no less stringent terms.

15.3. nixi1 and its suppliers/partners shall be fully indemnified for any damages arising from any breach of the restrictions set forth herein by the Company or its Clients, without limitation of liability.

15.4. The Company acknowledges that the Services are designed to be compatible only with such messaging tools and to integrate with websites, apps and blogs. In no event does nixi1 warrant or represent that the Services will be compatible with any other software or system unless otherwise communicated by nixi1.

15.5. The Company acknowledges that the quality of the Services provided depends on the channel of interest to the Company, the resolution selected and the type of Internet connection used by the Company to connect channel devices and the type of Internet connection used by the End Customer to access the Company's Service through its own devices, to the nixi1 cloud. The quality of video communication also depends on the geographic location and service level of its cloud providers through which the Services are offered.

15.6. nixi1 shall not be liable for any failure to perform its obligations as defined in this Agreement, if the performance of these obligations has been prevented, interfered with or reasonably delayed by circumstances beyond the control of nixi1.

15.7. The platform allows you to enter your own documents and information, which belong to and are the sole responsibility of the Company, and nixi1 is not responsible in any way for the accuracy or content of the same.

15.8. The Company's sole remedy for a claim of any kind arising out of or related to any Service provided under this Agreement or third party claims, shall be limited to proven direct damages caused by nixi1's sole negligence or willful misconduct in an amount equal to the amount paid for the provision of the particular Services in which the damage occurred and in no event exceeding the amounts paid for that Service in the last 12 months.

15.9. In no event shall nixi1 be liable for indirect, incidental, special, punitive or consequential or third party damages, including, without limitation, lost profits, lost savings, lost productivity, loss of data, databases or loss of software due to business interruption, loss of business, contracts or opportunities.

15.10. Either Party shall defend the other against any claim brought by a third party in connection with the provision of Services within the limitations described in these Terms and Conditions ("...").Third-party claims"provided that: (i) the Party claiming indemnification shall promptly notify the other Party of such Third Party Claim; (ii) the Claiming Party shall assign control of the defence of such Third Party Claim to the other Party; (iii) the Claiming Party shall not enter into separate negotiations, settlements or the like with respect to such Third Party Claim; and (iv) the Claiming Party shall co-operate in all respects with the other Party in the defence against such Third Party Claim. For the purpose of clarification, the Company shall hold nixi1 harmless against all claims brought by a third party as a result of a breach of the Contract by it or its Clients.

 

16. DATA PROTECTION

16.1. Both Parties declare to comply with the provisions of the EU General Data Protection Regulation 2016/679 (hereinafter, GDPR) and the Organic Law 3/2018 on Data Protection and guarantees of digital rights (hereinafter, LOPDygdd) and its implementing regulations in the processing of data covered by this Contract. Likewise, the Parties undertake to comply with any obligations that may be required of them in terms of personal data protection, as well as any other legal or regulatory rules that may affect this area.

16.2. For the development of the object of the Contract, the Parties formalize the corresponding Data Processor Agreement, included below these General Conditions, given that according to the object and nature of the service provided, it is possible that nixi1 may have access to personal data of the clients of the Company in question. This Data Processor Agreement sets out the terms and conditions under which the processing of Personal Data that may occur in the event that nixi1 provides the Company, at any time, with any support or similar service that is necessary for the proper functioning of the ChatBot under this Agreement, in accordance with the legal requirements, will be carried out. By way of example, the minimum content of the same includes the instructions of the controller to the data processor, the duty of confidentiality, the security measures, the subcontracting, the rights of the data subjects, the collaboration of the Parties in the fulfilment of the obligations in the field of data protection, etc.

16.3. During the term of the Agreement, nixi1 will comply with the Privacy and Data Protection Policy which is available at the following address: https://ta.nixi1.com/politica-de-privacidad/ which is incorporated herein by reference. However, nixi1 reserves the right to modify this Policy at its sole discretion or as necessary as a result of legal requirements that may be applicable from time to time.

16.4. For its part, the Company declares that it complies with the provisions of the GDPR and the LOPDygdd and other implementing legislation, and declares that it has duly obtained all necessary consents from its customers and/or contacts and made all necessary disclosures before including Personal Data and using nixi1's software and SaaS Services.

16.5. In order to carry out the appropriate improvement and updating of its solutions, nixi1 may carry out statistical analysis derived from the interaction of the Company's customers with the SaaS Services it provides. In this regard, and unless otherwise stated, the Company authorises this activity and declares to have the appropriate legitimacy with respect to its users to allow this data processing.

16.6 To the extent that nixi1 processes Personal Data disclosed by the Company, nixi1 warrants that:

a) act only on the instructions of the Company in relation to the processing of such Personal Data;

b) has appropriate security measures (both technical and organisational) in place against unlawful or unauthorised access, alteration, unauthorised processing of such Personal Data and against loss or corruption of such Personal Data.

16.7. Nixi1 is not responsible for the use of the data stored in the system. The Company is responsible for the correct management of access, modification or deletion of such data. Our tool stores the Company's management history, so that any access, modification or deletion of data can be checked.

16.8. Nixi1 has installed an e-commerce payment gateway/s provided by an authorised bank. All data provided for these purposes are transmitted directly by the owner of the same to the entity that owns the payment gateway, and will be duly encrypted during the process to ensure maximum security and confidentiality of the same, being hosted on a secure server according to the SSL security protocol, being retained only as long as they are necessary for commercial interaction and legal guarantees between the Parties.

16.9. In the event of a breach of the obligations arising from the data processing by one of the Parties alone, the latter will assume full responsibility for such breach, exonerating the other Party from any possible claims and, consequently, the costs generated by possible sanctions imposed by the ordinary or special Courts or by the Data Protection Agency due to the breach of the aforementioned obligations will be at the expense of the Party in breach. In particular, the Company will indemnify nixi1 against any damages that may be caused to nixi1 by a possible claim for misuse of personal data through its Software.

16.10. The Parties undertake to inform and enforce their employees, including temporary agency workers, as well as collaborators, trainees and, in general, any user who may have access to the Personal Data, of the obligations established in the previous sections and, in particular, those relating to the duty of secrecy and security measures.

16.11. Likewise, both Parties shall refrain from transferring or communicating personal information to third parties without the necessary authorisations from their Clients as required by law, except in the event that this is imposed by law or mandatory regulations, and/or is required to do so by order of a competent authority in accordance with the law.

16.12. In addition, in relation to the data of the signatories and contact persons, the Parties respectively inform each other that they will process the identification and signature data of the signatories, proxies and/or representatives, and of the contact persons of each of the Parties that may be provided, for the purpose of managing and fulfilling the contractual relationship established. The legal basis for the processing of such data is found in the development and execution of the contractual relationship entered into.

16.13. Likewise, it is informed that the data of the signatories may be communicated to third parties, under the terms established in the regulations in force, exclusively in the event that such communication of data is necessary and/or in compliance with legal obligations directly applicable to each of the Parties and/or when the corresponding legal authorisation exists.

16.14. Personal data will be retained for the duration of the contractual relationship and thereafter for the applicable legal periods.

16.15. The Parties may exercise their rights of access, rectification, erasure, opposition, restriction of processing and portability by contacting the addresses of the Parties or, in the case of nixi1, by contacting its Data Protection Officer at the following e-mail address dataprotection@nixi1.com.

16.16. They may also lodge a complaint with the Supervisory Authority. aepd.es.

 

17. TERMINATION, SUSPENSION AND BREACH OF CONTRACT

17.1. The following shall be causes for termination of this Contract:

(i) Mutual agreement between both Parties.

(ii) Dissolution, liquidation or cessation of the activity of one of the Parties.

(iii) Unilaterally for breach by either Party, including the terms and conditions of the suppliers/platforms described in this Agreement. The non-breaching Party shall notify the breaching Party of such breach and the Contract shall be terminated as of right if the breaching Party has not remedied such breach within (10) calendar days. Termination of the Contract shall only occur in respect of those Services in respect of which the breach has occurred.

(iv) Regulatory change that determines the impossibility of continuing to provide the contracted Services.

(v) At any time at nixi1's discretion, upon one month's notice, in the event that the Company has not used the services for 3 consecutive months.

(vi) In the event of breach of the Contract by the Company and termination is requested by a supplier for non-compliance with its terms and conditions.

(vii) In the event that the General Conditions are modified in the terms established.

17.2. For the avoidance of doubt, downtime caused, directly or indirectly, by any of the following shall not be considered a breach of these Terms: (i) Force Majeure; (ii) failure of the Internet or any public telecommunications network; (iii) failure of the Company's computer systems or networks; (iv) interruption of the Service for maintenance or support carried out by nixi1 under the terms described in this Agreement; (v) any reason caused by the Company, a third party or otherwise unrelated to the Services provided by nixi1.

17.3. Upon termination for any cause, all rights and obligations of the Parties under these Terms and Conditions shall automatically terminate, except, without limitation, rights of action accrued prior to termination, payment obligations, confidentiality, data protection, intellectual property and any obligations expressly set forth in these Terms and Conditions or expressly agreed by the Parties to survive subsequent agreements.

17.4. The following shall be causes for suspension of this Contract and of the corresponding provision of the Services, in addition to non-payment of the price in the established terms:

(i) nixi1 is entitled to terminate the Contract with the Company;

(ii) nixi1 or any of its suppliers is obliged to comply with an order of a competent authority to do so;

(iii) nixi1 or any of its suppliers has reasonable grounds to believe that the Company or its Clients are in breach of the Contract;

(iv) Suspension is required for upgrade or maintenance purposes, in which case nixi1 will endeavour to notify the Company in accordance with the terms of Condition 9;

(v) The services of an operator relevant to the provision of the Services are suspended;

(vi) In the event of suspension of any of the providers, all or part of the service if it has reason to suspect fraudulent, illegal or unauthorised use of its services by the Company or its Clients until such conduct has effectively ceased;

(vii) In the event of a breach of the Contract by the Company and a request for termination by a supplier/platform for non-compliance with its policies, terms and conditions;

(viii) In the event that the use of the platform by the Company or the Client represents a risk of (i) security to the services offered by nixi1 or any third party or a negative impact on the systems or content (ii) liability of nixi1 or third parties (iii) it could be considered fraudulent.

17.5. In all such cases, the Company will continue to bear the charges that any supplier/platform may generate during the period of suspension.

 

18. OTHER PROVISIONS

18.1 Independence of the Parties - The Parties are independent contractors. Neither Party shall have any right, power or authority to act or create any obligation, express or implied, on behalf of any other Party except as specified in these Terms and Conditions.

18.2. No Waiver: The delay or omission of the Parties in exercising or claiming their rights under these Terms and Conditions shall not affect such rights nor shall it be construed as a waiver of the exercise of such rights or tolerance of their breach.

18.3. Cumulative Remedies-The rights and remedies available to a Party under these Terms and Conditions are cumulative and in addition to, not exclusive of, or in substitution for, any rights or remedies available to that Party.

18.4. Partial invalidity: The declaration of nullity or invalidity of any condition contained in these General Conditions shall not affect the validity and effectiveness of those conditions that are not affected by said nullity or invalidity, and the condition that becomes invalid or null shall be replaced by another condition that is as similar in spirit as possible to the previous one.

18.5. Entire Agreement: The acceptance of these General Conditions and, therefore, the execution of the Contract between the Parties shall constitute the entire agreement between the Parties in relation to the subject matter hereof, and shall supersede all previous agreements, arrangements and understandings between the Parties in respect of that subject matter, notwithstanding the additional procurement of services at a later date. 

18.6. Notifications - All notices and notifications, requests, orders, permissions and other communications required or provided for in these General Conditions will be made in writing, preferably via email, being the Company who will designate the postal and email address in its Client profile on the platform and designating for this purpose the nixi1 mailbox. support@nixi1.com and the address San Elías, 29, Escalera B, 6º, 1ª, 08006, Barcelona, Spain.

18.7. Modifications -nixi1 reserves the right to modify any Terms by giving prior written notice via email to the account administrator or by providing notice on the Dashboard itself of such modification at least 30 calendar days in advance. If you do not expressly reject the variation of the Terms by the Company by registered post or email within 30 calendar days of notification of the modification or continue to use the Services, you will be deemed to have accepted the modifications to the Terms and Conditions. If the modification is rejected, either the Company or nixi1 may terminate the Agreement and suspend the Services at any time. The Parties agree that in cases where the modification does not involve a material change to the Terms, the Company will be notified of the modification but it will be implemented automatically without any objection by the Company as described above.

18.8. Statements: The headings of the Conditions are only intended to facilitate consultation and do not constitute a definitive interpretative criterion of their content.

 

19. PCI DSS COMPLIANCE

19.1. The Company has been informed of the existence of the PCI DSS regulations, available at https://es.pcisecuritystandards.organd how to comply with it.

19.2. The Company is aware that said regulations are applicable to the object of the present Contract, thus generating a series of obligations to be fulfilled on its part, as well as the obligation to adapt to the requirements and regulations of any modification or evolution that may be dictated by the competent authority with respect to said regulations.

19.3. According to requirement 12.10 "Implement an incident response plan", the incident response teams between the Company and Nixi1 are required to work together. This implies the need for two-way communication between the teams, with additional response times for each communication needing to be factored into the plan.

19.4. nixi1 undertakes to: (i) to act with due diligence and within the parameters of good faith; (ii) to provide the means at its disposal to offer an optimal service so that it can develop properly 24 hours a day, 7 days a week, in a secure, efficient and effective manner; (iii) To inform the Company of all changes and modifications, whether to software or hardware, that may affect the correct operation of the contracted services, in order to carry out maintenance and incident management tasks.

19.5. nixi1 guarantees that in the event of a security incident affecting the service provided to the Company, nixi1 will be notified within 72 hours of the security incident and the measures nixi1 has taken or is taking to remedy the incident.

19.6. Furthermore, nixi1 is obliged to provide information and records in case forensic investigations are necessary.

19.7. nixi1 warrants that, as of the effective date of this Agreement, it has complied with all PCI DSS requirements that apply to the services provided to the Company and has taken the necessary steps to validate its compliance and compliance with the PCI DSS.

 

20. CLAIMS, JURISDICTION AND APPLICABLE LAW

20.1. The Parties shall attempt to resolve amicably any dispute, difference or claim arising out of or relating to the provision of services.

20.2. The Client may send his/her complaint to the mailbox referred to in Condition 18.6 of these General Conditions, and nixi1 will respond within a maximum of 15 calendar days.

20.3. In the event of failure to reach an amicable agreement, any controversy, claim or dispute arising in connection with these terms, including the existence, validity, interpretation, performance, termination or breach of these terms, shall be governed by and construed in accordance with Spanish common law.

20.4. The Parties expressly waive any other jurisdiction that may correspond to them and expressly agree that any question, claim, dispute, discrepancy or controversy resulting from the execution or interpretation of the Contract, or related to it, directly or indirectly, shall be subject to the exclusive jurisdiction of the Courts and Tribunals of the city of Barcelona.

General Conditions SaaS nixi1 (TA and OP). 15 November 2022 

DATA PROCESSING ORDER CONTRACT 

This agreement regulates the obligations in relation to the Protection of Personal Data and the Guarantee of Digital Rights between the Client, DATA CONTROLLER y CorreYvuela Bot, S.L.(hereinafter referred to as "nixi1" or "TREATMENT MANAGER".B, 6º-1ª, CP 08006 and N.I.F. B66810078, jointly and severally named as "the Parties".

Its acceptance and consequent formalisation of the contract will take place telematically, and the Company will keep a digital report of its acceptance, available to the Client at any time. It is provided in downloadable format. However, it will be permanently available on the platform for consultation.

The Company reserves the right to modify it, the Client having the freedom and the guarantees of termination of the contract as set out in nixi1's General Terms and Conditions.

THE PARTIES STATE

I.- That they are bound by a contractual relationship of a commercial nature for the provision of the services by Nixi1 described in the General Terms and Conditions, accepted online by the Customer (hereinafter referred to as the "Customer"). "SERVICE").

II. That for the purposes of the aforementioned and for the provision of said services, it is necessary for the Data Processor to have access to the personal data for whose processing the Controller is responsible.

III. That in order to comply with the provisions of Article 28 of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data, both Parties are interested in entering into a Personal Data Processing Agreement, which they hereby enter into by mutual agreement, on the basis of the following

 

CLAUSES

 

1. PURPOSE OF THE PROCESSOR

By means of this agreement, Nixi1 is authorised as Data Processor, to process on behalf of the Client, Data Controller, the personal data necessary to provide the service. The processing of personal data will be aimed at assisting the Client to digitally consult and formalize any query, transaction or operation allowed and enabled in the nixi1 SaaS solution, all within a messaging tool such as WhatsApp, Facebook Messenger, Instagram, Telegram, IOS, Android, ChatWeb, ChatMail or SMS or any other with which nixi1 has reached an agreement; or through a website, an app or a blog. 

2. DURATION

The duration of this contract shall be limited to the duration of the service contract concluded between the Parties upon online acceptance of the General Terms and Conditions.

3. OBLIGATIONS OF THE PROCESSOR

The Data Processor and all its personnel are obliged to:

a) Use the personal data to which you have access for the purposes of this order only. Under no circumstances may you use the data for your own purposes.

b) To process the data in accordance with the instructions of the Data Controller.

c) If the Processor considers that any of the instructions infringes the General Data Protection Regulation or any other data protection provision of the European Union or Spanish law, the Processor shall immediately inform the Controller.

d) Not to communicate the data to third parties, except with the express authorisation of the Data Controller, in the legally admissible cases.

e) The Processor may communicate the data to other Processors of the same Controller, in accordance with the instructions of the Controller. In this case, the Controller shall identify, in advance and in writing, the entity to which the data must be communicated, the data to be communicated and the security measures to be applied in order to proceed with the communication.

f) If the Processor is required to transfer personal data to a third country or an international organisation, under applicable European Union and/or national law, it will inform the Controller of this legal requirement in advance, unless such law prohibits it for important reasons of public interest. The performance of the contract requires the outsourcing of part of the services and in particular for the purposes of data storage infrastructure, service execution and cloud connectivity, nixi1 has contracted with Amazon Web Services, INC, located in Seattle (United States), 410 Terry Avenue North, a company that has contractually committed to nixi1 that the processing will be carried out only in data centres located in the European Union.

However, should it be necessary to subcontract any other processing, the Controller must be notified in writing in advance, indicating the processing to be subcontracted and clearly and unequivocally identifying the subcontracting company and its contact details. The subcontractor, who will also have the status of data processor, is also obliged to comply with the obligations established in this document for the Data Processor and the instructions issued by the Controller. It is the responsibility of the initial processor to regulate the new relationship in such a way that the new processor is subject to the same conditions and the same formal requirements as the initial processor, as regards the proper processing of personal data and the guarantee of the rights of the data subjects. In the event of non-compliance by the sub-processor, the initial Processor shall remain fully liable to the Controller for compliance with the obligations.

g)Maintain the duty of secrecy with regard to personal data to which it has access by virtue of this assignment, even after the end of its object.

h)Ensure that persons authorised to process personal data undertake, expressly and in writing, to respect confidentiality and to comply with the corresponding security measures, of which they must be duly informed. i) To keep at the Controller's disposal the documentation accrediting compliance with the obligation established in the previous section.

j)Ensure the necessary training in personal data protection for persons authorised to process personal data.

k)Assist the Controller in responding to the exercise of the rights of: 

– Access, rectification, erasure and objection.

– Treatment limitation.

– Data portability.

– Not to be subject to automated individualised decisions.

When the data subjects exercise their rights of access, rectification, erasure and objection, restriction of processing, data portability and the right not to be subject to automated individualised decisions, the Data Controller shall inform the Data Controller in order to resolve the request.

l) Right to information.

– It is the responsibility of the Data Controller to provide the right to information at the time of collection of the data subject's data.

m)Notification of data security breaches.

The Controller shall, without undue delay, and in any event not later than 72 hours, notify the Data Controller of any breach of security of the personal data under its control of which it becomes aware, together with all information relevant to the documentation and communication of the incident.

– Notification shall not be required where such a breach of security is unlikely to constitute a risk to the rights and freedoms of natural persons.

– If available, at least the following information shall be provided:

– Description of the nature of the personal data breach, including, where possible, the categories and approximate number of data subjects affected, and the categories and approximate number of personal data records affected.

– The name and contact details of the Data Protection Officer or other point of contact where further information can be obtained.

– Description of the possible consequences of the personal data security breach.

– Description of the measures taken or proposed to be taken to remedy the personal data breach, including, where appropriate, measures taken to mitigate possible negative effects.

n) Support the Controller in carrying out data protection impact assessments, where appropriate.

o) Support the Controller in carrying out prior consultations with supervisory authorities, where appropriate.

p) Make available to the Controller all information necessary to demonstrate compliance with its obligations, as well as for the performance of audits or inspections carried out by the Controller or any other auditor authorised by the Controller.

q) Treat Personal Data in accordance with the security criteria and content provided for in the EU General Data Protection Regulation 2016/679 (GDPR) as well as observe and adopt the necessary or appropriate technical and organisational security measures to ensure the confidentiality, secrecy and integrity of the Personal Data to which it has access. In particular, it shall implement security mechanisms and measures to:

– Ensure the continued confidentiality, integrity, availability and resilience of processing systems and services.

– Restore availability and access to personal data quickly, in the event of a physical or technical incident.

– Regularly verify, evaluate and assess the effectiveness of the technical and organisational measures implemented to ensure the security of the processing.

Pseudonymise and encrypt personal data, where appropriate.

r) Destination of the data.

– Return to the Data Controller the personal data and, if applicable, the supports on which they are recorded, once the service has been provided.

– The return must entail the complete deletion of the data existing on the computer equipment used by the Data Controller.

– However, the processor may keep a copy, with the data duly blocked, for as long as liability may arise from the performance of the service.

 

4. OBLIGATIONS OF THE CONTROLLER.

It is the responsibility of the Data Controller:

a) Grant the Processor access to the personal data required for the provision of the services referred to in clause 1 of this document.

b) Carry out the analysis of risks that may arise from the processing activity that is to be the subject of the assignment.

c) Carry out, if necessary, a personal data protection impact assessment of the processing operations to be carried out by the Processor.

d) Conduct prior consultations as appropriate.

e) Ensure prior to and throughout the processing that the Processor complies with the GDPR.

f) Supervise the processing, including carrying out inspections and audits, always with 45 days' notice to the Data Controller.

 

5. EXEMPTION FROM LIABILITY.

The Processor shall indemnify and hold the Controller harmless against costs related to a Data Security Breach, where such breach was caused by or attributable to a breach of service by the Processor. In the aforementioned case, it shall be necessary to have a prior report prepared by an independent auditor selected by both Parties, which determines the existence of a breach by the Processor of its data protection obligations under the Contract, or the breach of Data Security caused by or attributable to the breach of the service including the security obligations under the Contract, taking into account the technical, organisational and procedural security measures to be adopted in accordance with the provisions of the GDPR, which guarantee an adequate level of security taking into account the state of technology, the nature of the data processed and the risks to which they are exposed.

6. LEGISLATION AND JURISDICTION.

This contract is governed by current Spanish legislation and, in particular, by the provisions of the RGPD and Organic Law 3/2018 on Data Protection and guarantees of digital rights. The Parties, expressly waiving their jurisdiction, submit all interpretations or conflicts that may arise from this contract to the Courts and Tribunals indicated in the General Conditions accepted by the Client.

nixi1 Data Processing Assignment Agreement. 15 November 2022.