CAST AI Group, Inc.
Terms of Service
Effective Date: February 1, 2021
CAST AI GROUP, INC. (together with its subsidiaries, “CAST AI” “OUR”, “WE,” OR “US”) OFFERS ITS PRODUCTS AND SERVICES FROM THE DASHBOARD LOCATED AT CONSOLE.CAST.AI AND ALL MOBILE VERSIONS OF THE SAME (THE “DASHBOARD”) SUBJECT TO THE FOLLOWING TERMS OF SERVICE CONDITIONS.
BY ACCESSING AND USING THE DASHBOARD AND/OR THE CAST AI CLOUD SERVICES (AS DEFINED BELOW) OR BY CLICKING “I AGREE” DURING THE CUSTOMER ONBOARDING PROCESS, YOU ACKNOWLEDGE AND AGREE TO BE BOUND BY THESE TERMS OF SERVICE AS THE “CUSTOMER” HEREUNDER. THESE TERMS OF SERVICE ARE A LEGALLY BINDING AGREEMENT. IF YOU USE THE DASHBOARD AND/OR THE CAST AI CLOUD SERVICES ACTING AS THE AGENT FOR A COMPANY OR OTHER ENTITY, YOU REPRESENT THAT YOU HAVE THE LEGAL AUTHORITY TO BIND SUCH COMPANY OR ENTITY AS THE “CUSTOMER” HEREUNDER, AND YOU GUARANTEE COMPLIANCE BY SUCH COMPANY OR ENTITY WITH THESE TERMS OF SERVICE. THESE TERMS OF SERVICE AND ANY APPLICABLE ORDER FORM YOU MAY HAVE ENTERED INTO WITH CAST AI ARE A LEGALLY BINDING AGREEMENT AND ARE REFERRED TO AS THE “AGREEMENT.”
CAST AI RESERVES THE RIGHT AT ANY TIME TO CHANGE, ADD, OR DELETE PORTIONS OF THESE TERMS OF SERVICE. CAST AI WILL POST CHANGES TO THESE TERMS OF SERVICE, IF ANY, TO THE DASHBOARD BY REPLACING THESE TERMS OF SERVICE WITH UPDATED TERMS OF SERVICE THAT INCLUDE A NEW EFFECTIVE DATE SET FORTH ABOVE. IT IS YOUR RESPONSIBILITY TO CHECK THE DASHBOARD PERIODICALLY FOR CHANGES. FOLLOWING ANY UPDATE TO THE TERMS OF SERVICE, YOU WILL BE ASKED TO ACCEPT SUCH UPDATED TERMS OF SERVICE BY CLICKING “I AGREE”. FAILURE TO ACCEPT ANY SUCH UPDATED TERMS OF SERVICE WILL RESULT IN THE TERMINATION OF THIS AGREEMENT AND THE CAST AI CLOUD SERVICES BY CAST AI, AND CUSTOMER’S SOLE REMEDY FOR LOSS OF USE OF THE CAST AI CLOUD SERVICES IN SUCH CASE WILL BE TO CEASE USING THE CAST AI CLOUD SERVICES.
- 1. As used in this Agreement:
1.1 “Access Credentials” mean login information, passwords, security protocols, and policies through which Users access and use the CAST AI Cloud Services.
1.2 “Admin User” means the employees and/or contractors of Customer who are designated to be Administrative Users and have the ability to issue Access Credentials.
1.3 “CAST AI Analytics” means any information, data, statistics, metadata, inferences, interrelationships, and/or associations generated by the CAST AI Cloud Services, including without limitation as derived from aggregated anonymized inputs to, and usage of, the CAST AI Cloud Services across all CAST AI customers. In no event will CAST AI Analytics include any personally identifiable information or Customer Inputs.
1.4 “CAST AI Cloud Services” means the CAST AI software as a service offerings, including those designated in the applicable Order Form, which are made generally commercially available by CAST AI as of the Effective Date, and all Updates thereto made generally commercially available by CAST AI to its customers during the Term (as defined below).
1.5 “CAST AI Technology” means the computer software, computer code, scripts, neural networks, artificial intelligence, application programming interfaces, methodologies, processes, templates, work flows, diagrams, tools, algorithms, formulas, user interfaces, know-how, trade secrets, techniques, designs, inventions, third party services and other tangible or intangible technical material, information and works of authorship underlying or otherwise used to make available the CAST AI Cloud Services, including, without limitation, all upgrades, enhancements, modifications, additions and improvements thereto and all derivative works thereof, and Intellectual Property Rights therein and thereto.
1.6 “Customer Inputs” means information, data, text, content, videos, images, audio clips, photos, graphics, and / or other types of content, information and/or data posted, provided and/or uploaded to the CAST AI Cloud Services by Customer.
1.7 “Documentation” means text and/or graphical materials, whether in print or electronic form, that describe the features, functions and use of the CAST AI Cloud Services and which are prepared by CAST AI and delivered by CAST AI to Customer.
1.8 “Intellectual Property Rights” mean any and all now known or hereafter existing (a) rights associated with works of authorship, including copyrights, mask work rights, and moral rights; (b) trademark, trade dress, or service mark rights (c) trade secret rights; (d) patents, patent rights, and industrial property rights; (e) layout design rights, design rights, and other proprietary rights of every kind and nature other than trademarks, service marks, trade dress, and similar rights; and (f) registrations, applications, renewals, extensions, or reissues of the foregoing, in each case, in any jurisdiction throughout the world.
1.9 “Order Form” means CAST AI’s standard order form accepted in writing (or electronically) by Customer and CAST AI, which includes orders placed electronically through the Dashboard. As part of the sign-up process for the CAST AI Cloud Services, the Customer will be asked to select a product plan, and the selected product plan will constitute the initial Order Form hereunder. Each subsequent product plan selected by the Customer, including each upgrade from an existing product-plan selection, will be deemed a new Order Form for purposes of this Agreement.
1.10 “Updates” mean all upgrades, enhancements, improvements, maintenance releases, additions, and modifications of the CAST AI Cloud Services made generally commercially available as part of the CAST AI Cloud Services during the period in which Customer is using the CAST AI Cloud Services. Updates may also include new features and/or functionality for which CAST AI reserves the right to charge an additional fee if Customer elects to activate such new features and/or functionality.
1.11 “User” means Customer’s Admin Users and any other Customer users who have been assigned Access Credentials.
- CAST AI CLOUD SERVICES
2.1 CAST AI Cloud Services. Subject to and in accordance with this Agreement and the applicable Order Forms, including, without limitation, payment of all applicable fees (if any), CAST AI shall make the CAST AI Cloud Services available to Customer pursuant to the terms and conditions of this Agreement.
2.2 Customer Access. Customer acknowledges and agrees that Customer’s Users’ access and use of the CAST AI Cloud Services is dependent upon access to telecommunications and Internet services. Customer will be solely responsible for acquiring and maintaining all telecommunications and Internet services and other hardware and software required to access and use the CAST AI Cloud Services, including, without limitation, all costs, fees, expenses, and taxes of any kind related to the foregoing. CAST AI will not be responsible for any loss or corruption of data, lost communications, or any other loss or damage of any kind arising from any such telecommunications or Internet services or any such hardware or software.
2.3 Modifications to the CAST AI Cloud Services. CAST AI reserves the right to enhance, improve and modify the CAST AI Cloud Services on a continuous basis at no cost to Customer.
- ACCESS GRANT; LICENSES; OWNERSHIP
3.1 Access Grant. Subject to Customer’s compliance with the terms and conditions contained in this Agreement, the Documentation, and each Order Form, CAST AI grants to Customer during the Term a non-exclusive, non-transferable, worldwide, revocable, non-sublicensable right to allow its Users to access and use the CAST AI Cloud Services. The rights set forth in this Section 3.1 may be exercised by Customer’s third-party contractors and service providers; provided that Customer shall be responsible for any breach of this Agreement by any such third-party contractors and service providers.
3.2 Customer Inputs. To enable CAST AI to provide the CAST AI Cloud Services, Customer grants to CAST AI a non-exclusive, royalty-free license to access, use, and copy the Customer Inputs solely as necessary to provide the CAST AI Cloud Services for the benefit of Customer. CAST AI agrees Customer owns all right, title and interest in and to the Customer Inputs and reserves all rights thereto that are not expressly granted to CAST AI under this Agreement. CUSTOMER WILL BE RESPONSIBLE FOR MAKING BACK-UP AND ARCHIVAL COPIES OF ALL CUSTOMER INPUTS. IN NO EVENT WILL CAST AI BE RESPONSIBLE TO CUSTOMER OR ANY OTHER PERSON FOR ANY LOSS, CORRUPTION OR ALTERATION OF CUSTOMER INPUTS, OR FOR ANY LOSS ARISING OUT OF ANY BREACH OF SECURITY, INCLUDING, WITHOUT LIMITATION, ANY SPECIAL, DIRECT, INDIRECT OR OTHER DAMAGES OF ANY KIND.
3.3 Users. Unless otherwise provided in such Customer’s Order Form, Customer, through its Admin Users, may provide for an unlimited number of Users to access and use the CAST AI Cloud Services. CAST AI will provide Admin Users with the ability to grant Access Credentials to each User. Customer will at all times be responsible for all actions taken under Customer’s account.
3.4 Service Level Agreement. The service levels applicable to the CAST AI Cloud Services are set forth at https://resources.cast.ai/service-level-agreement (the “Service Level Agreement”) and are expressly incorporated herein. Service levels vary based on the pricing plan and service level selected by Customer. Customer’s sole and exclusive remedy, and CAST AI’s sole and exclusive obligation, for a breach of any terms of the Service Level Agreement, but not for terms elsewhere in this Agreement, is as provided in the Service Level Agreement.
3.5 Ownership. The CAST AI Cloud Services, the CAST AI Technology, the CAST AI Analytics, the Documentation and all worldwide Intellectual Property Rights in each of the foregoing and in all derivative works of each of the foregoing, are the exclusive property of CAST AI and its licensors. Except for the rights and licenses expressly granted herein, all rights in and to all of the foregoing are reserved by CAST AI and its licensors.
3.6 Marketing. CAST AI may publicly refer to Customer as a customer of CAST AI, including on CAST AI’s website and in sales presentations, and may use Customer’s logo for such purposes. Similarly, Customer may publicly refer to itself as a customer of CAST AI’s software as a service, including on Customer’s website.
3.7 Collection and Use of Information.
(a) Customer acknowledges that CAST AI may, directly or indirectly through the services of third parties, collect and store information regarding use of the CAST AI Cloud Services and about equipment on which the CAST AI Cloud Services is installed or through which it otherwise is accessed and used.
(b) Customer agrees that CAST AI may use such information for any purpose related to any use of the CAST AI Cloud Services by Customer or on Customer’s equipment, including but not limited to:
(i) Improving the performance of the CAST AI Cloud Services or developing updates thereto; and
(ii) Verifying Customer’s compliance with the terms of this Agreement and enforcing CAST AI’s rights, including all Intellectual Property Rights in and to the CAST AI Cloud Services.
3.8 Customer Feedback. In the event Customer provides any suggested improvements, enhancements, or feedback with respect to the CAST AI Cloud Services (collectively, “Feedback”), Customer hereby assigns to CAST AI all rights, title, and interest in and to such Feedback.
- CUSTOMER RESPONSIBILITIES.
4.1 Access Credentials. Customer will be responsible for all acts and omissions of Customer’s Users. Customer agrees to: (1) keep its Access Credentials secure and confidential and not to allow any of Customer’s Users to provide their Access Credentials to anyone else; and (2) not permit others to use Customer’s Access Credentials. Customer will notify CAST AI immediately if it learns of any unauthorized use of any Access Credentials or any other known or suspected breach of security, including as outlined in Schedule A (Customer Data Processing Addendum). CAST AI reserves the right to take any action CAST AI deems necessary or reasonable to ensure the security of the CAST AI Cloud Services and Customer’s Access Credentials and account, including terminating Customer’s access, changing passwords, or requesting additional information to authorize activities related to Customer’s account.
4.2 Use Guidelines. Customer shall comply with all applicable laws, rules and regulations in its use of the CAST AI Cloud Services. Customer shall use the CAST AI Cloud Services solely for Customer’s internal business purposes as contemplated by this Agreement and shall not: (i) license, sublicense, sell, resell, rent, lease, transfer, assign, copy, reproduce, distribute, time share or otherwise commercially exploit or make the CAST AI Cloud Services available to any third party, other than as expressly permitted by this Agreement; (ii) disrupt any servers or networks connected to the CAST AI Cloud Services, or disobey any requirements, procedures, policies or regulations of networks connected to the CAST AI Cloud Services; (iii) attempt to gain unauthorized access to the CAST AI Cloud Services or the CAST AI Technology or any related systems or networks; (iv) remove, alter or obscure any proprietary notices associated with the CAST AI Cloud Services; (v) use the CAST AI Cloud Services in violation of (x) any applicable, law, rule, regulation, or guideline (including any United States export laws and regulations), or (y) any contractual agreement by which Customer is bound; (vi) attempt to probe, scan, or test (including without limitation stress testing or penetration testing) the vulnerability of any system or network associated with the CAST AI Cloud Services or breach any security or authentication measures; (vii) copy, distribute, modify, adapt, hack, disassemble, decompile, decode, or reverse engineer to extract any source code, object code, machine code or any other software code from the CAST AI Cloud Services or CAST AI Technology or otherwise attempt to derive or gain unauthorized access to the CAST AI Cloud Services, the CAST AI Technology or related systems or networks, or otherwise take action inconsistent with Customer’s acknowledgement that title to CAST AI Technology, and all Intellectual Property Rights incorporated therein, shall remain the sole and exclusive property of CAST AI; (viii) access or use the CAST AI Cloud Services or CAST AI Technology for purposes of competitive analysis of the CAST AI Cloud Services or CAST AI Technology, the development, provision, or use of a competing software service or product, or any other purpose that is to the detriment or commercial disadvantage of CAST AI; or (ix) utilize the CAST AI Cloud Services in order to (a) send spam or otherwise duplicative or unsolicited messages in violation of applicable laws; (b) send or store infringing, obscene, threatening, libelous, or otherwise unlawful, unsafe, malicious, abusive or tortious material, including material harmful to children or violative of third party privacy rights; or (c) send or store material containing software viruses, worms, Trojan horses or other harmful computer code, files, scripts, agents or programs or plant malware on CAST AI’s computer systems, those systems of CAST AI’s third-party service providers or vendors, or otherwise use the CAST AI Cloud Services to attempt to upload and/or distribute malware.
(a) Customer agrees that, during the period in which Customer is using the CAST AI Cloud Services and ending on the fourth (4th) anniversary of the last date of Customer’s use of the CAST AI Cloud Services (the “Restricted Period”), Customer will not directly or indirectly, and Customer will ensure that Customer’s Users do not directly or indirectly, (i) render services to any third party for the purposes of competing with the CAST AI Cloud Services or CAST AI Technology; or (ii) interfere with business relationships (whether formed heretofore or hereafter) between CAST AI and its customers or potential customers. Customer acknowledges and agrees that CAST AI will suffer irreparable harm in the event that Customer breaches any of Customer’s obligations under this Section 4.3(a) of this Agreement and that monetary damages would be inadequate to compensate CAST AI for such breach. Accordingly, Customer agrees that, in the event of a breach or threatened breach by Customer of any of Customer’s obligations under Section 4.3(a) of this Agreement, CAST AI will be entitled to obtain from any court of competent jurisdiction preliminary and permanent injunctive relief, and expedited discovery for the purpose of seeking relief, in order to prevent or to restrain any such breach. CAST AI will be entitled to recover its costs incurred in connection with any action to enforce Section 4.3(a) of this Agreement, including reasonable attorneys’ fees and expenses, to the maximum extent permitted by applicable law.
(b) During the period in which Customer is using the CAST AI Cloud Services and for four (4) years thereafter, Customer shall not, and shall not assist any other person or entity to, directly or indirectly, recruit or solicit (other than by general advertisement not directed specifically to any person or persons) for employment or engagement as an independent contractor any person then or within the prior 12 months employed or engaged by CAST AI or any third-party contractor to CAST AI and involved in any respect with the CAST AI Cloud Services or the performance of this Agreement. In the event of a violation of this Section 4.3(b), CAST AI will be entitled to liquidated damages equal to the compensation paid by CAST AI to the applicable employee or contractor during the prior 12 months.
4.4 Customer Input Restrictions. The CAST AI Cloud Services includes the ability for the Customer to upload Customer Inputs. Customer is responsible for all Customer Inputs. Customer represents, warrants and covenants Customer has all rights and licenses necessary to upload the Customer Inputs and to grant the licenses granted hereunder. Customer represents, warrants and covenants that the Customer Inputs:
- will not and do not infringe the patent, copyright, trademark, trade secret, or other intellectual property or proprietary right of others;
- will not and do not violate the privacy, publicity, or other rights of third parties or any other law, statute, ordinance or regulation;
iii. are not and will not become unlawful, tortious, fraudulent, defamatory or harmful to minors, obscene, or pornographic;
- will not and do not disclose or provide information protected under any law, agreement or fiduciary relationship, including but not limited to, proprietary or confidential information of others; and
- will not and do not contain any viruses, Trojan horses, spyware, malware, worms, time bombs, cancelbots, or other disabling devices or other harmful component intended to damage, detrimentally interfere with, surreptitiously intercept or expropriate any system, data or personal information.
4.5 Third Party Services. If and to the extent Customer uses the CAST AI Cloud Services to access or use any third party’s websites, platforms, content, products, services, or information (“Third Party Services”), or CAST AI accesses or uses Third Party Services on Customer’s behalf to facilitate the performance of the CAST AI Cloud Services, Customer shall ensure, and be solely responsible for ensuring, that such access and use, including through keys, passwords, credentials or tokens issued or otherwise made available by Customer or the Third Party Service provider, is authorized by the terms of access and use for such Third Party Services.
- FEES AND PAYMENT.
5.1 Fees. If the Customer elects to use or upgrade to a paid version of the CAST AI Cloud Services, Customer will pay to CAST AI the fees set forth in the Dashboard or in each Order Form in accordance with the payment schedule set forth in the Dashboard or such Order Form, as applicable. Unless otherwise specified in the Dashboard or any Order Form, Customer will be required to pay the fees set forth in the Dashboard, or in the Customer’s Order Form, in full prior to accessing the CAST AI Cloud Services. All fees are nonrefundable, except as expressly otherwise set forth herein, and will be paid in U.S. dollars and exclude all applicable sales, use, and other taxes. Any fees that are not paid when due are subject to interest at one percent (1.0%) per month or the maximum rate permitted by applicable law, whichever is less, from the due date until paid. Customer further acknowledges and agrees that the CAST AI Cloud Services include features that are designed to optimize cost, performance, compliance, and scalability across multiple cloud-computing and cloud-storage providers utilized by the Customer, and therefore CAST AI may incur charges on Customer’s behalf with such cloud-computing and cloud-storage providers. The Customer acknowledges and agrees that any fees or charges incurred by CAST AI on behalf of the Customer with such cloud-computing and cloud-storage providers are solely the obligation of the Customer, and CAST AI will not be responsible for paying any such amounts on behalf of the Customer or otherwise.
5.2 Taxes. Customer will make all payments to CAST AI free and clear of, and without reduction for, any withholding taxes; any such taxes imposed on payments of fees to CAST AI, other than taxes on CAST AI’s income, will be Customer’s sole responsibility, and if requested by CAST AI, Customer will provide CAST AI with official receipts issued by the appropriate taxing authority, or such other evidence as CAST AI may reasonably request, to establish that such taxes have been paid.
- CONFIDENTIALITY AND DATA PROTECTION
6.1 Confidential Information. Each party (the “Disclosing Party”) may from time to time during the Term disclose to or learn from the other party (the “Receiving Party”) certain information regarding the Disclosing Party’s business, including without limitation, technical, marketing, financial, employee, planning, and other confidential or proprietary information whether disclosed orally, in writing or visually, that is either marked or designated as confidential or is identified in writing as confidential at the time of disclosure or which the Receiving Party knew or should have known, under the circumstances, was considered confidential or proprietary by the Disclosing Party (“Confidential Information”). For the avoidance of doubt, the CAST AI Cloud Services and the CAST AI Technology constitutes Confidential Information of CAST AI and Customer Inputs constitute the Confidential Information of Customer.
6.2 Protection of Confidential Information. The Receiving Party will not use any Confidential Information of the Disclosing Party for any purpose not expressly permitted by this Agreement, and will disclose the Confidential Information of the Disclosing Party only to the employees and contractors of the Receiving Party who have a need to know such Confidential Information for purposes of this Agreement and who are under a duty of confidentiality no less restrictive than the Receiving Party’s duty hereunder. The Receiving Party will (a) protect the Disclosing Party’s Confidential Information from unauthorized use, access, or disclosure in the same manner as the Receiving Party protects its own confidential or proprietary information of a similar nature and with no less than reasonable care; and (b) promptly advise the Disclosing Party upon becoming aware of any loss, disclosure, or duplication of the Confidential Information or of any breach of this Agreement, including, without limitation, the misappropriation of the Confidential Information. Both parties acknowledge and agree that the Disclosing Party may be irreparably harmed by any violation of this Section 6 (Confidentiality) and that the use of the Confidential Information for any purpose other than that stated herein may, among other things, enable the Receiving Party or other third parties receiving such Confidential Information to compete unfairly with the Disclosing Party. Therefore, in the event of a breach or threatened breach, the Disclosing Party shall be entitled, in addition to all other rights and remedies available at law or in equity, to seek (i) an injunction restraining such breach; or (ii) a decree for specific performance of the applicable provision of this Agreement. Notwithstanding the termination or expiration of this Agreement, the obligations of the Receiving Party, with respect to the Confidential Information of Disclosing Party, shall be in full force and effect as follows: (A) in the case of any information or materials that constitute a trade secret within the meaning of applicable law, for as long as such information and materials remain as a trade secret, or (B) in the case of any other information or materials, during the Term and for five (5) years following the termination or expiration of this Agreement.
6.3 Exceptions. The Receiving Party’s obligations under this subsection will not apply to any portion of the Disclosing Party’s Confidential Information if the Receiving Party can document that such information: (a) was already lawfully known to the Receiving Party at the time of disclosure by the Disclosing Party; (b) is disclosed to the Receiving Party by a third party who had the right to make such disclosure without any confidentiality restrictions; (c) is, or through no fault of the Receiving Party has become, generally available to the public; or (d) was independently developed by the Receiving Party without use of or reference to the Disclosing Party’s Confidential Information. In addition, the Receiving Party will be allowed to disclose Confidential Information of the Disclosing Party to the extent that such disclosure is (i) approved in writing by the Disclosing Party, (ii) necessary for the Receiving Party to enforce its rights under this Agreement in connection with a legal proceeding; or (iii) required by law or by the order of a court or similar judicial or administrative body, provided that the Receiving Party, as permitted by applicable law, rules and regulations, notifies the Disclosing Party of such required disclosure in writing promptly, and cooperates with the Disclosing Party, at the Disclosing Party’s reasonable request and expense, in any lawful action to contest or limit the scope of such required disclosure.
6.4 Destruction of Confidential Information. The Receiving Party will destroy or permanently erase, as appropriate, all physical and electronic copies of Confidential Information of the Disclosing Party in the Receiving Party’s possession or control promptly upon the written request of the Disclosing Party or the expiration or termination of this Agreement, whichever comes first; provided that any electronic copies stored in connection with the Receiving Party’s back-up and recovery operations conducted in the ordinary course of business may be retained and will continue to be subject to the terms herein. At the Disclosing Party’s request, the Receiving Party will certify in writing that it has fully complied with its obligations under this subsection.
6.5 Confidentiality of Agreement. Neither party will disclose any terms of any Order Form, or any amendment, modification or waiver to this Agreement, to anyone other than its attorneys, accountants, and other professional advisors under a duty of confidentiality except (a) as required by law; (b) pursuant to a mutually agreeable press release; (c) in connection with a proposed merger, financing, or sale of such party’s business (provided that any third party to whom the terms of this Agreement are to be disclosed signs a confidentiality agreement, or is otherwise subject to confidentiality obligations, in each case no less strict than those set forth in this Agreement); or (d) as provided in Subsection 3.6.
6.6 Data Protection. If and to the extent the Customer Inputs include any Personal Data, CAST AI and Customer shall comply with their respective obligations outlined in Schedule A (Customer Data Processing Addendum) attached hereto. For the purposes of this Subsection 6.6, the terms “Processes” and “Personal Data” shall have the meanings assigned in Schedule A. Any Personal Data that constitutes Confidential Information shall be subject to the terms of Schedule A.
6.7 No Protected Health Information. Customer shall not provide, transmit, disclose, or otherwise make available to CAST AI any “Protected Health Information” as defined under the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”). Customer agrees that CAST AI is not a “Business Associate” or “Subcontractor” under HIPAA, and Customer shall not use the CAST AI Cloud Services in any manner that would require CAST AI or the CAST AI Cloud Services to comply with HIPAA, the Health Information Technology for Economic and Clinical Health (“HITECH”) Act, their enabling regulations, or similar state laws or regulations. If Customer transmits or otherwise makes any Protected Health Information available to CAST AI through the CAST AI Cloud Services, Customer will reimburse CAST AI for any costs that CAST AI incurs to extract, delete, remove, and otherwise remediate such information from the CAST AI Cloud Services. As used in this paragraph, the terms “Business Associate,” “Protected Health Information,” and “Subcontractor” shall have the meanings ascribed to them under HIPAA, the HITECH Act, and their enabling regulations.
- WARRANTIES. THE CAST AI CLOUD SERVICES WILL MATERIALLY CONFORM TO THE DOCUMENTATION. IF CUSTOMER BELIEVES THE CAST AI CLOUD SERVICES DO NOT MATERIALLY CONFORM TO THE DOCUMENTATION, CUSTOMER MUST PROVIDE CAST AI NOTICE OF SUCH NONCONFORMITY WITHIN THIRTY (30) DAYS OF THE FIRST INSTANCE OF SUCH NONCONFORMITY. CAST AI WILL HAVE THIRTY (30) DAYS AFTER RECEIVING SUCH NOTICE TO CORRECT SUCH NONCONFORMITY IF CAST AI, IN ITS SOLE DISCRETION, DETERMINES THAT SUCH NONCONFORMITY EXISTS. IF CAST AI DETERMINES THAT SUCH NONCONFORMITY EXISTS, BUT IS UNABLE TO CORRECT SUCH NONCONFORMITY WITHIN SUCH THIRTY (30) DAY PERIOD, CUSTOMER’S SOLE REMEDY WILL BE TO TERMINATE THIS AGREEMENT AND CAST AI WILL PROVIDE A REFUND TO CUSTOMER ON A PRO RATA BASIS OF ANY PREPAID FEES PAID BY CUSTOMER FOR THE REMAINDER OF THE THEN-CURRENT SUBSCRIPTION TERM. THE FOREGOING REPRESENTS CUSTOMER’S SOLE AND EXCLUSIVE REMEDY IN THE EVENT THE CAST AI CLOUD SERVICES DO NOT MATERIALLY CONFORM TO THE DOCUMENTATION. EXCEPT AS PROVIDED IN THE FIRST SENTENCE OF THIS SECTION 7, THE CAST AI CLOUD SERVICES ARE PROVIDED “AS IS”, “AS AVAILABLE”, AND WITHOUT ANY REPRESENTATIONS OR WARRANTIES OF ANY KIND, EXPRESS, IMPLIED, STATUTORY OR OTHERWISE, INCLUDING, WITHOUT LIMITATION, ANY IMPLIED WARRANTY OF MERCHANTABILITY, NON-INFRINGEMENT OR FITNESS FOR A PARTICULAR PURPOSE, AND CAST AI HEREBY DISCLAIMS THE SAME. WITHOUT LIMITING THE GENERALITY OF THE FOREGOING, CAST AI NEITHER WARRANTS THAT THE CAST AI CLOUD SERVICES WILL BE PROVIDED IN AN UNINTERRUPTED, SECURE OR ERROR-FREE MANNER, NOR DOES CAST AI MAKE ANY WARRANTY AS TO THE RESULTS OBTAINED FROM THE CAST AI CLOUD SERVICES OR AS TO THE ACCURACY OR RELIABILITY OF ANY CONTENT CONTAINED IN OR PROVIDED THROUGH THE CAST AI CLOUD SERVICES. USE OF ANY MATERIAL AND DATA OBTAINED THROUGH THE USE OF THE CAST AI CLOUD SERVICES SHALL BE AT CUSTOMER’S OWN DISCRETION AND RISK AND CUSTOMER WILL BE SOLELY RESPONSIBLE FOR ANY DAMAGE TO CUSTOMER’S (OR ANY OTHER USER’S) COMPUTER SYSTEM, MOBILE DEVICE, OR DATA THAT RESULTS FROM THE USE OF THE CAST AI CLOUD SERVICES OR THE DOWNLOAD OF ANY SUCH MATERIAL OR DATA. NO ORAL OR WRITTEN INFORMATION OR ADVICE GIVEN BY CAST AI, ITS AGENTS OR EMPLOYEES WILL CREATE A WARRANTY. ANY USE OF THE CAST AI CLOUD SERVICES IS AT CUSTOMER’S OWN RISK. CAST AI shall not be responsible for ensuring and does not represent or warrant that: (i) the CAST AI Cloud Services will meet Customer’s requirements; or (ii) all deficiencies in the CAST AI Cloud Services can be found or corrected. CAST AI will not be responsible for any loss or corruption of data.
- INDEMNIFICATION. CUSTOMER AGREES TO DEFEND, INDEMNIFY AND HOLD HARMLESS CAST AI, ITS OFFICERS, DIRECTORS, EMPLOYEES, AGENTS, SERVICE PROVIDERS, CONTRACTORS, CLIENTS, SUPPLIERS, RESELLERS, AND LICENSORS, FROM AND AGAINST ANY AND ALL COSTS, FEES, LOSS, CLAIM OR LIABILITY (INCLUDING WITHOUT LIMITATION ALL ATTORNEYS’ FEES AND EXPENSES) WHICH THEY MAY INCUR IN CONNECTION WITH (A) CUSTOMER’S BREACH OF THIS AGREEMENT OR ANY OTHER RULES OR GUIDELINES PROVIDED TO CUSTOMER BY CAST AI, OR (B) CUSTOMER’S USE OF THE CAST AI CLOUD SERVICES.
- LIMITATION OF LIABILITY.
9.1 UNDER NO CIRCUMSTANCES AND UNDER NO LEGAL THEORY (WHETHER IN CONTRACT, TORT, NEGLIGENCE OR OTHERWISE) WILL CAST AI, OR ITS AFFILIATES, OFFICERS, DIRECTORS, EMPLOYEES, AGENTS, SERVICE PROVIDERS, CONTRACTORS, CLIENTS (OTHER THAN CUSTOMER), SUPPLIERS, RESELLERS, OR LICENSORS BE LIABLE TO CUSTOMER OR ANY THIRD PARTY FOR ANY LOST PROFITS, LOST SALES OR BUSINESS, LOST, CORRUPTED, OR STOLEN DATA, BUSINESS INTERRUPTION, LOSS OF GOODWILL, OR FOR ANY TYPE OF INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, CONSEQUENTIAL OR PUNITIVE LOSS OR DAMAGES, OR ANY OTHER LOSS OR DAMAGES INCURRED BY CUSTOMER OR ANY THIRD PARTY IN CONNECTION WITH THIS AGREEMENT OR THE CAST AI CLOUD SERVICES, REGARDLESS OF WHETHER CAST AI HAS BEEN ADVISED OF THE POSSIBILITY OF OR COULD HAVE FORESEEN SUCH DAMAGES.
9.2 NOTWITHSTANDING ANYTHING TO THE CONTRARY IN THIS AGREEMENT, CAST AI’S AGGREGATE LIABILITY TO CUSTOMER OR ANY THIRD PARTY ARISING OUT OF THIS AGREEMENT AND THE CAST AI CLOUD SERVICES SHALL IN NO EVENT EXCEED THE CHARGES AND FEES PAID BY CUSTOMER DURING THE THREE (3) MONTH PERIOD PRIOR TO THE FIRST EVENT OR OCCURRENCE GIVING RISE TO SUCH LIABILITY. CUSTOMER ACKNOWLEDGES AND AGREES THAT THE ESSENTIAL PURPOSE OF THIS SECTION 9.2 IS TO ALLOCATE THE RISKS UNDER THIS AGREEMENT BETWEEN THE PARTIES AND LIMIT POTENTIAL LIABILITY GIVEN THE SUBSCRIPTION CHARGES AND FEES, WHICH WOULD HAVE BEEN SUBSTANTIALLY HIGHER IF CAST AI WERE TO ASSUME ANY FURTHER LIABILITY OTHER THAN AS SET FORTH HEREIN. CAST AI HAS RELIED ON THESE LIMITATIONS IN DETERMINING WHETHER TO PROVIDE CUSTOMER WITH THE RIGHTS TO ACCESS AND USE THE CAST AI CLOUD SERVICES PROVIDED FOR IN THIS AGREEMENT.
9.3 CAST AI acknowledges that some jurisdictions do not allow for the inclusion of implied warranties or limitation of liability for incidental or consequential damages, and as such some of the above limitations may not apply to Customer. IN JURISDICTIONS THAT DO NOT RECOGNIZE IMPLIED WARRANTIES OR LIMITATIONS OF LIABILITY, CAST AI’S LIABILITY WILL BE LIMITED TO THE GREATEST EXTENT PERMITTED BY LAW.
9.4 Customer acknowledges that any and all claims or damages that Customer may have against CAST AI shall only be enforceable against CAST AI and not other entities, its officers, directors, representatives or agents.
- TERM AND TERMINATION.
10.1 Term. The Agreement shall commence on the effective date of the Order Form placed by the Customer for the CAST AI Cloud Services and shall continue for a period of one (1) year, unless a different term is provided in the Customer’s Order Form (“Initial Term”). The Agreement shall renew automatically for additional one (1) year periods (each a “Renewal Term”) unless a party provides the other party with written notice of its intention not to renew the Agreement at least sixty (60) days prior to the expiration of the then-current Term (“Non-Renewal Notice”). In the event a party provides a Non-Renewal Notice pursuant to this Agreement, the Agreement shall expire on the last day of the then-current Term (“Expiration Date”). The Initial Term, together with each Renewal Term, is hereinafter referred to as the “Term.”
10.2 Termination. This Agreement and any Order Form may be terminated by either party (the “Non-breaching Party”) effective immediately upon written notice containing an explanation of the alleged breach to the other party (the “Breaching Party”), if the Breaching Party breaches any provision of this Agreement, and does not cure the breach within thirty (30) days after receiving written notice thereof from the Non-breaching Party; provided, however, that if such breach is not capable of being cured, this Agreement and any Order Form shall terminate immediately upon the Breaching Party receiving notice of such breach from the Non-breaching Party. Anything in this Agreement to the contrary notwithstanding, CAST AI may terminate this Agreement, and Customer’s use of the CAST AI Cloud Services, at any time and for any (or no reason) if Customer is using a free plan or version of the CAST AI Cloud Services.
10.3 Termination Upon Bankruptcy or Insolvency. Either party may, at its option, terminate this Agreement immediately upon written notice to the other, in the event (a) that the other party becomes insolvent or unable to pay its debts when due; (b) the other party files a petition in bankruptcy, reorganization or similar proceeding, or, if filed against the other party, such petition is not removed within ninety (90) days after such filing; (c) the other party discontinues its business; or (d) a receiver is appointed or there is an assignment for the benefit of the other party’s creditors.
10.4 Suspension of Services. CAST AI may cancel or suspend all Users’ access to the CAST AI Cloud Services if: (a) a reasonable threat to the technical security or technical integrity of the CAST AI Cloud Services exists; provided that CAST AI promptly recommences performance upon the cessation of the threat; (b) CAST AI believes that Customer has breached any representation, warranty, or covenant in this Agreement; or (c) any amount due under this Agreement (including any then-effective Order Form) is not received by CAST AI within thirty (30) days after it was due.
10.5 Outstanding Fees. Termination shall not relieve Customer of the obligation to pay any fees accrued or payable to CAST AI prior to the effective date of termination. In the event of termination by Customer pursuant to Section 10.2 or 10.3, promptly after the effective date of such termination, CAST AI shall refund to Customer on a pro-rata basis any prepaid fees paid by Customer for the remainder of the then current subscription term under the terminated Order Forms. In the event of termination by CAST AI pursuant to Section 10.2, 10.3, or 10.4, all amounts payable by Customer under this Agreement and all Order Forms will become immediately due and payable.
10.6 Rights and Obligations Upon Expiration or Termination. Upon expiration or termination of this Agreement, Customer’s and its Users’ right to access and use the CAST AI Cloud Services will immediately terminate, Customer and its Users will immediately cease all use of the CAST AI Cloud Services, and each party will destroy and make no further use of any Confidential Information, materials, or other items (and all copies thereof) belonging to the other party. Without limiting the generality of the foregoing, Customer’s right to use the CAST AI Cloud Services under a particular Order Form is based upon the terms and conditions of that Order Form in addition to the terms and conditions of this Agreement. Accordingly, upon the expiration or termination of an Order Form, Customer’s right to use the Services under that Order Form will also terminate.
10.7 Survival. Sections 1, 3.5, 3.7(b), 3.8, 5, 6, 7, 8, 9, 10, 11, 12 and, to the extent provided therein, Schedule A, shall survive any termination or expiration of this Agreement.
- RESELLER ORDERS.
11.1 Reseller Orders. If Customer orders the CAST AI Cloud Services from an authorized non-affiliated third-party reseller (“Reseller”), then this Section 11 (Reseller Orders) will apply and prevail over any conflicting terms in this Agreement.
11.2 Reseller Payments. The fees for the CAST AI Cloud Services will be set between Customer and Reseller. Customer will make payments of fees directly to Reseller under its agreement with Reseller (“Reseller Agreement”).
11.3 Reseller as Administrator. At Customer’s discretion, Reseller may have access to Customer’s account, Access Credentials, and Customer Inputs. As between CAST AI and Customer, Customer is solely responsible for: (a) any access by Reseller to Customer’s account, Access Credentials, or Customer Inputs, (b) defining in the Reseller Agreement any rights or obligations as between Reseller and Customer with respect to the CAST AI Cloud Services.
11.4 Reseller Technical Support. Customer acknowledges and agrees that Reseller will be responsible for providing First-Level Support (as defined below) for the CAST AI Cloud Services. Reseller may disclose Customer Inputs and Customer Confidential Information to CAST AI as reasonably required in order for Reseller to handle any support issues that Customer escalates to or via Reseller. As used herein, the term “First-Level Support” means the identification, diagnosis, and correction of user issues or problems with the CAST AI Cloud Services by the provision of the following support services by help-desk technicians, prior to the elevation of such support to any CAST AI personnel: (a) telephone, email, and/or chat assistance; and (b) access to technical information on the CAST AI website for proper use of the CAST AI Cloud Services.
11.5 Disclosure of Confidential Information to Reseller. CAST AI may share Customer Confidential Information and Customer Inputs with Reseller as reasonably necessary to provide and support the CAST AI Cloud Services. Customer hereby authorizes such sharing pursuant to Section 6 (Confidentiality).
12.1 Governing Law; Arbitration.
(a) This Agreement shall be governed by and construed in accordance with the laws of the State of Delaware, U.S.A., without reference to conflicts of laws provisions and, as to matters affecting copyrights, trademarks and patents, by U.S. federal law. Any dispute or claim arising out of, or in connection with, the Agreement shall be finally settled by binding arbitration in Miami, Florida, in accordance with the then-current rules and procedures of the American Arbitration Association by one (1) arbitrator appointed by the American Arbitration Association. The arbitrator shall apply the law of the State of Delaware, without reference to rules of conflict of law or statutory rules of arbitration, to the merits of any dispute or claim. Judgment on the award rendered by the arbitrator may be confirmed, reduced to judgment and entered in any court of competent jurisdiction. Customer agrees that, any provision of applicable law notwithstanding, the arbitrator shall have the authority to award the prevailing party its costs and reasonable attorneys’ fees. The foregoing agreement to arbitration includes all claims of any type, including all common law and/or statutory claims under local, state, or federal law. In the event that the above arbitration provision is held invalid or unenforceable, then any dispute with respect to the Agreement shall be brought and heard either in the Florida state courts located in Miami, Florida, or the federal district court located in Miami, Florida. In such event, Customer consents to the in personam jurisdiction and venue of such courts. Customer agrees that service of process upon Customer in any such action may be made if delivered in person, by courier service, by email, by telefacsimile or by first class mail, and shall be deemed effectively given upon receipt; provided, that with respect to notice sent by email, notice shall be deemed effectively given upon CAST AI’s sending of such notice, if such email is not returned to sender or notice is not otherwise returned to CAST AI that the email is undeliverable.
(b) Notwithstanding anything herein to the contrary, if either party seeks preliminary injunctive relief to protect its rights, then such party will have the power, without waiving this arbitration agreement, to invoke the jurisdiction of a court of competent jurisdiction for the exclusive purpose of obtaining such preliminary injunctive relief, and for such purpose each party hereby consents to the jurisdiction of, and the laying of venue in, the state and federal courts sitting in Miami, Florida. Each party hereby waives and agrees not to assert, to the fullest extent permitted by applicable law, any claim that (i) such party is not subject to the jurisdiction of such courts, (ii) venue in such courts is improper, (iii) any proceeding allowed by this paragraph commenced in such courts is brought in an inconvenient forum, and (iv) that any action by a party to seek preliminary injunctive relief in such courts is a waiver of such party’s right to enforce this arbitration agreement.
(c) BY ENTERING INTO THIS ARBITRATION AGREEMENT, CUSTOMER AND CAST AI AGREE THAT EACH MAY BRING CLAIMS WITHIN THE SCOPE OF THIS ARBITRATION AGREEMENT ONLY IN AN INDIVIDUAL CAPACITY AND NOT AS A PLAINTIFF OR CLASS MEMBER IN ANY PURPORTED CLASS OR REPRESENTATIVE PROCEEDING. ALL CLAIMS AND DISPUTES WITHIN THE SCOPE OF THIS ARBITRATION AGREEMENT MUST BE ARBITRATED ON AN INDIVIDUAL BASIS AND NOT ON A CLASS, COLLECTIVE OR REPRESENTATIVE BASIS, ONLY INDIVIDUAL RELIEF IS AVAILABLE, AND CLAIMS OF MORE THAN ONE CUSTOMER OR USER CANNOT BE ARBITRATED OR CONSOLIDATED WITH THOSE OF ANY OTHER CUSTOMER OR USER. If a decision is issued stating that applicable law precludes enforcement of any of this paragraph’s limitations as to a given claim for relief, then that claim must be severed from the arbitration and brought in a court of competent jurisdiction. All other claims will be arbitrated.
12.2 Export; Anti-Corruption. Each party shall comply with the export laws and regulations of the United States and other applicable jurisdictions in providing and using the CAST AI Cloud Services. Without limiting the foregoing, (i) each party represents that it is not named on any U.S. government list of persons or entities prohibited from receiving exports, and (ii) Customer shall not permit its Users to access or use CAST AI Cloud Services in violation of any U.S. export embargo, prohibition or restriction. Customer represents that it has not received or been offered any illegal or improper bribe, kickback, payment, gift, or thing of value from any of CAST AI’s employees or agents in connection with this Agreement. Reasonable gifts and entertainment provided in the ordinary course of business do not violate the above restriction. If Customer learns of any violation of the above restriction, Customer will use reasonable efforts to promptly notify CAST AI.
12.3 Severability. If any provision of this Agreement is, for any reason, held to be invalid or unenforceable, the other provisions of this Agreement will remain enforceable and the invalid or unenforceable provision will be deemed modified so that it is valid and enforceable to the maximum extent permitted by law.
12.4 Waiver; Remedies. Any waiver or failure to enforce any provision of this Agreement on one occasion will not be deemed a waiver of any other provision or of such provision on any other occasion. Other than as expressly stated herein, the remedies provided herein are in addition to, and not exclusive of, any other remedies of a party at law or in equity.
12.5 Entire Agreement. To the maximum extent permitted by applicable law, this Agreement, together with the Service Level Agreement, schedules, annexes, and documents referenced herein and all Order Forms hereunder, constitute the entire agreement between the parties as to its subject matter, and supersede all previous and contemporaneous agreements, proposals or representations, written or oral, concerning the subject matter of this Agreement. No representation, undertaking or promise shall be taken to have been given or be implied from anything said or written in negotiations between the parties prior to this Agreement except as expressly stated in this Agreement. Except as provided in this Agreement, no modification, amendment, or waiver of any provision of this Agreement (or any Order Form) shall be effective unless in writing and signed by both parties (which may include electronic signatures and/or acceptance of such amendments or waivers via a “click-through” or other similar form of electronic acceptance as provided in herein). Customer acknowledges and agrees that its agreement hereunder is not contingent upon the delivery of any future functionality or features not specified herein or in an Order Form or dependent upon any oral or written, public or private comments made by CAST AI with respect to future functionality or features for the CAST AI Cloud Services. In the event of any conflict between the provisions in this Agreement and any Order Form, the terms of such Order Form shall prevail. No terms or conditions stated in a Customer purchase order or in any other Customer order documentation shall be incorporated into or form any part of this Agreement, and all such terms or conditions shall be null and void.
12.6 No Assignment. Neither party will assign, subcontract, delegate, or otherwise transfer this Agreement, or its rights and obligations herein, without obtaining the prior written consent of the other party, and any attempted assignment, subcontract, delegation, or transfer in violation of the foregoing will be null and void; provided, however, that either party may assign this Agreement in connection with a merger, acquisition, reorganization or change of control, including without limitation a sale of all or substantially all of its assets, stock or business to which this Agreement relates. The terms of this Agreement will be binding upon the parties and their respective successors and permitted assigns.
12.7 Force Majeure. Any delay in the performance of any duties or obligations of either party (except the payment of money owed) will not be considered a breach of this Agreement if such delay is caused by a labor dispute, shortage of materials, fire, earthquake, flood, pandemic, or any other event beyond the control of such party, provided that such party uses reasonable efforts, under the circumstances, to notify the other party of the cause of such delay and to resume performance as soon as possible. If an event of force majeure prevents CAST AI from providing the CAST AI Cloud Services for thirty (30) days, Customer may cancel this Agreement and receive a refund of pre-paid fees paid for that period of time for which services are not provided.
12.8 Independent Contractors. CAST AI’s relationship to Customer is that of an independent contractor, and neither party is an agent or partner of the other. Neither party will have, and will not represent to any third party that it has, any authority to act on behalf of the other.
12.9 Notices. All notices provided by CAST AI to Customer under this Agreement may be delivered in writing (a) by electronic mail to the electronic mail address provided by Customer when signing up for the CAST AI Cloud Services; or (b) delivered by registered or certified mail, postage prepaid, return receipt requested or by nationally recognized overnight courier service. All notices provided by Customer to CAST AI under this Agreement may be delivered in writing(a) by electronic mail to [email protected]; or (b) delivered by registered or certified mail, postage prepaid, return receipt requested or by nationally recognized overnight courier service to the service address of:
CAST AI GROUP, INC.
Attn: Legal Department
111 NE 1st Street
8th Floor #1041
Miami FL 33132, United States of America
12.10 Construction. The titles of the sections of this Agreement are for convenience of reference only and are not to be considered in construing this Agreement. Unless the context of this Agreement clearly requires otherwise: (i) references to the plural include the singular, the singular the plural, and the part the whole, (ii) “or” has the inclusive meaning frequently identified with the phrase “and/or,” (iii) “including” has the inclusive meaning frequently identified with the phrase “including but not limited to” or “including without limitation,” (iv) references to “hereunder,” “herein” or “hereof” relate to this Agreement as a whole, and (v) references to “Sections” or “Subsections” in this Agreement refer to sections and subsections of this Agreement, and (vi) references to “Sections” in Schedule A to this Agreement refer to sections of Schedule A to this Agreement. Any reference in this Agreement to any statute, rule, regulation or agreement, including this Agreement, shall be deemed to include such statute, rule, regulation or agreement as it may be modified, varied, amended or supplemented from time to time. The parties agree that this Agreement shall be fairly interpreted in accordance with its terms without any strict construction in favor of or against either party and that ambiguities shall not be interpreted against the drafting party.
Customer Data Processing Addendum
This Customer Data Processing Addendum (“DPA”) forms part of the Terms of Service (“Agreement”) between CAST AI and Customer and shall be effective on the date Customer first begins using the CAST AI Cloud Services. All capitalized terms not defined in this DPA shall have the meanings set forth in the Agreement. Unless clearly stated otherwise, references to “Sections” in this Schedule A refer to sections of this Schedule A.
With respect to the Processing of Personal Data, the parties agree as follows:
- Definitions. As used in this DPA:
1.1. “CCPA” means the California Consumer Privacy Act of 2018, Cal. Civ. Code § 1798.100 et seq.
1.2. “Data Breach” means any breach of security that leads to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of or access to Personal Data Processed by CAST AI or a Sub-processor.
1.3. “Data Controller” means an entity that determines the purposes and means of the Processing of Personal Data.
1.4. “Data Processor” means an entity that Processes Personal Data on behalf of a Data Controller.
1.5. “Data Protection Laws” means all data protection and privacy laws applicable to the Processing of Personal Data under this DPA, including, where applicable, GDPR and CCPA.
1.6. “EEA” means, for the purposes of this DPA, the European Economic Area, United Kingdom and Switzerland.
1.7. “GDPR” means Regulation 2016/679 of the European Parliament and of the Council on the protection of natural persons with regard to the Processing of Personal Data and on the free movement of such data (General Data Protection Regulation) and any member state law implementing the same.
1.8. “Personal Data” means any information relating to an identified or identifiable natural person that is included in Customer Inputs and that, CAST AI Processes on behalf of Customer as a Data Processor in the course of providing the Services (as defined herein).
1.9. “Processing” has the meaning given to it in the GDPR and “process,” “processes” and “processed” shall be interpreted accordingly.
1.10. “Standard Contractual Clauses” means Annex 1, attached to and forming part of this DPA pursuant to the European Commission Decision of 5 February 2010 on standard contractual clauses for the transfer of personal data to processors established in third countries under Directive 95/46/EC.
1.11. “Sub-processor” means any Data Processor engaged by CAST AI to assist in fulfilling its obligations with respect to providing the Services pursuant to the Agreement or this DPA.
- Relationship with the Agreement.
2.1. The parties agree that this DPA shall replace any existing DPA or other contractual provisions pertaining to the subject matter contained herein the parties may have previously entered into in connection with Services.
2.2. If there is any conflict between this DPA and the Agreement, this DPA shall prevail.
2.3. In no event shall any party limit its liability with respect to any individual’s data protection rights under this DPA or otherwise. Customer shall indemnify CAST AI as applicable against any and all such claims or costs of any kind that exceed the exclusions and limitations set forth in the Agreement.
2.4. Except as may be otherwise provided pursuant to CAST AI’s compliance with applicable data transfer mechanisms in Section 10, no one other than a party to this DPA, its successors and permitted assignees shall have any right to enforce any of its terms.
2.5. This DPA shall be governed by and construed in accordance with governing law and jurisdiction provisions in the Agreement, unless required otherwise by applicable Data Protection Laws.
- Roles of the Parties; Processing of Personal Data by Customer and CAST AI.
3.1. As between CAST AI and Customer, Customer is the Data Controller of Personal Data and CAST AI is the Data Processor of Personal Data. CAST AI shall Process Personal Data only as a Data Processor acting at Customer’s direction. CAST AI shall not retain, use, or disclose Personal Data for any purpose other than for the specific purpose of performing the Services as described in the Agreement and this DPA, including retaining, using, or disclosing Personal Data for a commercial purpose other than providing the Services.
3.2. Customer agrees that (i) it shall comply with its obligations as a Data Controller under Data Protection Laws in respect of its Processing of Personal Data and any Processing instructions it issues to CAST AI; and (ii) it has provided notice and obtained all consents and rights necessary under Data Protection Laws for CAST AI to Process Personal Data and provide the products and services described in the Agreement and any Order Form or Schedule, including CAST AI Analytics, CAST AI Cloud Services, Customer use of CAST AI Technology, and professional services (if any) (collectively “Services”). Customer shall immediately notify CAST AI and cease Processing Personal Data in the event any required authorization or legal basis for Processing is revoked or terminates.
3.3. CAST AI shall Process Personal Data only to provide the Services and for the purposes described in the Agreement or otherwise in accordance with Customer’s documented and agreed-upon lawful instructions unless Processing is required by applicable law, in which case CAST AI shall to the extent permitted by applicable laws inform Customer of that legal requirement before the relevant Processing.
3.4. Notwithstanding anything to the contrary in the Agreement or this DPA, Customer acknowledges that CAST AI shall have a right to use and disclose data relating to Users and other Customer personnel and/or that is obtained in connection with the operation, support and/or use of the Services for its own legitimate purposes relating to the operation, support and/or use of the CAST AI Cloud Services, CAST AI Analytics, and CAST AI Technology, such as billing, account management, technical support, product development, and sales and marketing. To the extent any such data is considered personal data under the Data Protection Laws, CAST AI is the Data Controller of such data and accordingly shall Process such data in compliance with applicable Data Protection Laws.
- Details of Processing of Personal Data.
4.1. The subject matter and duration of the Processing of the Personal Data are described in the Agreement and this DPA. The nature and purpose of the Processing of Personal Data is providing the Services.
4.2. The types of Personal Data that may be processed are determined by Customer and may include contact information, such as email address, phone number, social media identifiers, and postal or physical address; device information, such as device identifiers; and professional information, such as job function, title, and employee identification number. Other Personal Data may be submitted as reasonably necessary for Customer to receive or use Services, but in no case shall such Personal Data include sensitive or special categories of Personal Data.
4.3. The Processing of Personal Data pursuant to this DPA will pertain to individuals including employees and contractors of Customer, including those who are authorized to use CAST AI Cloud Services and current and prospective customers and business partners of Customer. The obligations and rights of Customer and CAST AI and the duration of Processing are set forth in the Agreement and this DPA.
- Data Security. Each party shall take appropriate technical and organizational measures against unauthorized or unlawful Processing of Personal Data or its accidental loss, destruction, or damage. CAST AI shall implement and maintain commercially reasonable technical and organizational security measures designed to protect Personal Data from Data Breaches, to help ensure the ongoing confidentiality, integrity, and availability of the Personal Data and Processing systems, in accordance with CAST AI’s security standards, including, as appropriate, the measures referred to in Article 32 of the GDPR. Notwithstanding the above, Customer agrees that it is responsible for its secure use of the Services, including securing its account authentication credentials, protecting the security of Personal Data when in transit, and taking any appropriate steps to securely encrypt or backup Personal Data, as well as the security obligations outlined in the Agreement.
- Data Breach Response. CAST AI shall notify Customer without undue delay after becoming aware of any Data Breach. CAST AI shall make reasonable efforts to identify the cause of the Data Breach and shall undertake such steps as CAST AI deems necessary and reasonable in order to remediate the cause of such Data Breach. CAST AI shall provide information related to the Data Breach to Customer in a timely fashion and as reasonably necessary for Customer to maintain compliance with EEA Data Protection Laws. The obligations herein shall not apply to incidents that are caused by Customer, including Customer’s employees, subcontractors, or agents.
- Confidentiality of Data Processing. CAST AI shall ensure that any person who is authorized by CAST AI to Process Personal Data (including its staff, agents, and subcontractors) shall be under an appropriate obligation of confidentiality.
- Return or Deletion of Data. Upon termination or expiration of the Agreement, CAST AI shall (at Customer’s election) delete or return, if feasible, to Customer all Personal Data remaining in its possession or control, save that this requirement shall not apply: (i) to the extent CAST AI is required by applicable law to retain some or all of the Personal Data; (ii) if CAST AI is Processing the Personal Data on behalf of a co-Data Controller; (iii) if CAST AI is reasonably required to retain some or all of the Personal Data for limited operational and compliance purposes; or (iv) to Personal Data CAST AI has archived on back-up systems. In all such cases, CAST AI shall maintain the Personal Data securely and limit Processing to the purposes that prevent deletion or return of the Personal Data. The terms of this DPA shall survive for so long as CAST AI continues to retain any Personal Data.
- Sub-processing. Customer agrees that this DPA constitutes Customer’s written authorization for CAST AI to engage Sub-processors to Process Personal Data on Customer’s behalf, including the Sub-processors currently engaged by CAST AI. CAST AI shall: (i) take commercially reasonable measures to ensure that Sub-processors have the requisite capabilities to Process Personal Data in accordance with this DPA; (ii) enter into a written agreement with the Sub-processor imposing data protection terms that require the Sub-processor to protect the Personal Data to the standard required by Data Protection Laws; (iii) remain responsible for its compliance with the obligations of this DPA and for any acts or omissions of the Sub-processor that cause CAST AI to breach any of its obligations under this DPA; and (iv) notify Customer in the event that it intends to engage different or additional Sub-processors that will Process Personal Data pursuant to this DPA, which may be done by email or posting on a website identified by CAST AI to Customer, Customer must raise any objection to posted Sub-processors within five (5) calendar days of the posted update. Customer’s objection shall only be effective if submitted to CAST AI in writing, specifically describing Customer’s reasonable belief that CAST AI’s proposed use of the Sub-processor(s) will materially, adversely affect Customer’s compliance with GDPR. In any such case, the parties will make reasonable efforts to reconcile the matter. In the event Customer’s concern cannot be resolved, CAST AI may terminate the Agreement with no penalty and Customer shall immediately pay all fees and costs then owing and incurred by CAST AI as a result of termination.
- International Transfers.
10.1. CAST AI may Process Personal Data anywhere in the world where CAST AI or its Sub-processors maintain data Processing operations. CAST AI shall at all times provide an adequate level of protection for the Personal Data Processed, in accordance with the requirements of Data Protection Laws.
10.2. To the extent performance of the Services requires the transfer of Personal Data from within the EEA to a country outside the EEA not recognized by the European Commission as providing an adequate level of protection for Personal Data (as described in the GDPR), the Standard Contractual Clauses will apply to the transfer.
- Data Protection Authority Inquiries. CAST AI shall (at Customer’s expense) provide commercially reasonable cooperation to assist Customer in its response to any requests from data protection authorities with authority relating to the Processing of Personal Data under the Agreement and this DPA. In the event that any such request is made directly to CAST AI, CAST AI shall not respond to such communication directly without Customer’s prior authorization, unless legally compelled to do so. If CAST AI is required to respond to such a request, CAST AI shall promptly notify Customer and provide it with a copy of the request unless legally prohibited from doing so.
- Individual Rights and Requests. To the extent Customer does not have the ability to independently correct, amend, or delete Personal Data, or block or restrict Processing of Personal Data, then at Customer’s written direction and to the extent required by Data Protection Laws, CAST AI shall comply with any commercially reasonable request by Customer to facilitate such actions. To the extent legally permitted, Customer shall be responsible for any costs arising from CAST AI’s or its Sub-processors’ provision of such assistance. CAST AI shall, to the extent legally permitted, promptly notify Customer if it receives a request from an individual data subject for access to, correction, amendment or deletion of that person’s Personal Data, or a request to restrict Processing. CAST AI shall provide Customer with commercially reasonable cooperation and assistance in relation to handling of a data subject’s request, to the extent legally permitted and to the extent Customer does not have the ability to address the request independently. To the extent legally permitted, Customer shall be responsible for any costs arising from CAST AI’s provision of such assistance.
- Assessments and Data Protection Impact Assessments. CAST AI shall provide written responses (on a confidential basis) to all commercially reasonable requests for information made by Customer regarding Processing of Personal Data, including responses to information security reviews, that are necessary to confirm CAST AI’s compliance with this DPA. CAST AI shall cooperate with audits and inspections performed by Customer or a vendor of Customer reasonably acceptable to CAST AI that are necessary to confirm CAST AI’s compliance with this DPA, provided however, that any such on-site audit or inspection: (i) may not be performed unless necessary to determine CAST AI’s compliance with this DPA and Customer reasonably believes that CAST AI is not complying with this DPA; (ii) must be conducted at Customer’s sole expense and subject to reasonable fees and costs charged by CAST AI; (iii) conducted at a date and time and for a duration mutually agreed by the parties; and (v) must be performed in a manner that does not cause any damage, injury, or disruption to CAST AI’s premises, equipment, personnel, or business. Notwithstanding the foregoing, CAST AI will not be required to disclose any proprietary or privileged information to Customer or an agent or vendor of Customer. Customer shall not exercise its rights under this Section more than once per year, including with respect to any support required to perform a data protection impact assessment.
- Law Enforcement Requests. If a law enforcement agency sends CAST AI a demand for Personal Data (for example, through a subpoena or court order), CAST AI may attempt to redirect the law enforcement agency to request that data directly from Customer. As part of this effort, CAST AI may provide Customer’s basic contact information to the law enforcement agency. If compelled to disclose Personal Data to a law enforcement agency, then CAST AI shall give Customer reasonable notice of the demand to allow Customer to seek a protective order or other appropriate remedy unless CAST AI is legally prohibited from doing so.
- Customer Obligations. Customer shall ensure that Customer is entitled to transfer the relevant Personal Data to CAST AI so that CAST AI may lawfully use, process, and transfer the Personal Data in accordance with the Agreement on the Customer’s behalf. The Customer shall not provide to CAST AI any “Sensitive Personal Data” as defined by GDPR and any national laws adopted pursuant to GDPR, including racial or ethnic origin, political opinions, religious beliefs, trade union membership, physical or mental health or condition, sexual life, or the commission or alleged commission of any crime or offense. Customer shall ensure that the relevant third parties have been informed of, and have given their consent to, such use, processing, and transfer as required by any applicable Data Protection Law and acknowledges that CAST AI is reliant on Customer for direction as to the extent to which CAST AI is entitled to use and process the Personal Data. Consequently, and without limiting any limitations of liability or Customer’s indemnification obligations under the Agreement, CAST AI will not be liable for any claim brought against CAST AI arising from any action or omission by CAST AI to the extent that such action or omission resulted directly from Customer’s instructions and/or any failure of Customer to comply with this DPA.
SCHEDULE A – ANNEX 1
Standard Contractual Clauses (processors)
For the purposes of Article 26(2) of Directive 95/46/EC for the transfer of personal data to processors established in third countries which do not ensure an adequate level of data protection
The entity identified as “Customer” in the DPA (the “data exporter”)
Cast AI Group Inc.,
111 NE 1st Street 8th Floor #1041 Miami, FL 33132, USA.
(the “data importer”)
each a “party”; together “the parties”,
HAVE AGREED on the following Contractual Clauses (the Clauses) in order to adduce adequate safeguards with respect to the protection of privacy and fundamental rights and freedoms of individuals for the transfer by the data exporter to the data importer of the personal data specified in Appendix 1.
For the purposes of the Clauses:
(a) ‘personal data’, ‘special categories of data’, ‘process/processing’, ‘controller’, ‘processor’, ‘data subject’ and ‘supervisory authority’ shall have the same meaning as in Directive 95/46/EC of the European Parliament and of the Council of 24 October 1995 on the protection of individuals with regard to the processing of personal data and on the free movement of such data;
(b) ‘the data exporter’ means the controller who transfers the personal data;
(c) ‘the data importer’ means the processor who agrees to receive from the data exporter personal data intended for processing on his behalf after the transfer in accordance with his instructions and the terms of the Clauses and who is not subject to a third country’s system ensuring adequate protection within the meaning of Article 25(1) of Directive 95/46/EC;
(d) ‘the subprocessor’ means any processor engaged by the data importer or by any other subprocessor of the data importer who agrees to receive from the data importer or from any other subprocessor of the data importer personal data exclusively intended for processing activities to be carried out on behalf of the data exporter after the transfer in accordance with his instructions, the terms of the Clauses and the terms of the written subcontract;
(e) ‘the applicable data protection law’ means the legislation protecting the fundamental rights and freedoms of individuals and, in particular, their right to privacy with respect to the processing of personal data applicable to a data controller in the Member State in which the data exporter is established;
(f) ‘technical and organisational security measures’ means those measures aimed at protecting personal data against accidental or unlawful destruction or accidental loss, alteration, unauthorised disclosure or access, in particular where the processing involves the transmission of data over a network, and against all other unlawful forms of processing.
Details of the transfer
The details of the transfer and in particular the special categories of personal data where applicable are specified in the Processing Appendix which forms an integral part of the Clauses.
Third-party beneficiary clause
- The data subject can enforce against the data exporter this Clause, Clause 4(b) to (i), Clause 5(a) to (e), and (g) to (j), Clause 6(1) and (2), Clause 7, Clause 8(2), and Clauses 9 to 12 as third-party beneficiary.
- The data subject can enforce against the data importer this Clause, Clause 5(a) to (e) and (g), Clause 6, Clause 7, Clause 8(2), and Clauses 9 to 12, in cases where the data exporter has factually disappeared or has ceased to exist in law unless any successor entity has assumed the entire legal obligations of the data exporter by contract or by operation of law, as a result of which it takes on the rights and obligations of the data exporter, in which case the data subject can enforce them against such entity.
- The data subject can enforce against the subprocessor this Clause, Clause 5(a) to (e) and (g), Clause 6, Clause 7, Clause 8(2), and Clauses 9 to 12, in cases where both the data exporter and the data importer have factually disappeared or ceased to exist in law or have become insolvent, unless any successor entity has assumed the entire legal obligations of the data exporter by contract or by operation of law as a result of which it takes on the rights and obligations of the data exporter, in which case the data subject can enforce them against such entity. Such third-party liability of the subprocessor shall be limited to its own processing operations under the Clauses.
- The parties do not object to a data subject being represented by an association or other body if the data subject so expressly wishes and if permitted by national law.
Obligations of the data exporter
The data exporter agrees and warrants:
(a) that the processing, including the transfer itself, of the personal data has been and will continue to be carried out in accordance with the relevant provisions of the applicable data protection law (and, where applicable, has been notified to the relevant authorities of the Member State where the data exporter is established) and does not violate the relevant provisions of that State;
(b) that it has instructed and throughout the duration of the personal data processing services will instruct the data importer to process the personal data transferred only on the data exporter’s behalf and in accordance with the applicable data protection law and the Clauses;
(c) that the data importer will provide sufficient guarantees in respect of the technical and organisational security measures specified in Appendix 2 to this contract;
(d) that after assessment of the requirements of the applicable data protection law, the security measures are appropriate to protect personal data against accidental or unlawful destruction or accidental loss, alteration, unauthorised disclosure or access, in particular where the processing involves the transmission of data over a network, and against all other unlawful forms of processing, and that these measures ensure a level of security appropriate to the risks presented by the processing and the nature of the data to be protected having regard to the state of the art and the cost of their implementation;
(e) that it will ensure compliance with the security measures;
(f) that, if the transfer involves special categories of data, the data subject has been informed or will be informed before, or as soon as possible after, the transfer that its data could be transmitted to a third country not providing adequate protection within the meaning of Directive 95/46/EC;
(g) to forward any notification received from the data importer or any subprocessor pursuant to Clause 5(b) and Clause 8(3) to the data protection supervisory authority if the data exporter decides to continue the transfer or to lift the suspension;
(h) to make available to the data subjects upon request a copy of the Clauses, with the exception of Appendix 2, and a summary description of the security measures, as well as a copy of any contract for subprocessing services which has to be made in accordance with the Clauses, unless the Clauses or the contract contain commercial information, in which case it may remove such commercial information;
(i) that, in the event of subprocessing, the processing activity is carried out in accordance with Clause 11 by a subprocessor providing at least the same level of protection for the personal data and the rights of data subject as the data importer under the Clauses; and
(j) that it will ensure compliance with Clause 4(a) to (i).
Obligations of the data importer
The data importer agrees and warrants:
(a) to process the personal data only on behalf of the data exporter and in compliance with its instructions and the Clauses; if it cannot provide such compliance for whatever reasons, it agrees to inform promptly the data exporter of its inability to comply, in which case the data exporter is entitled to suspend the transfer of data and/or terminate the contract;
(b) that it has no reason to believe that the legislation applicable to it prevents it from fulfilling the instructions received from the data exporter and its obligations under the contract and that in the event of a change in this legislation which is likely to have a substantial adverse effect on the warranties and obligations provided by the Clauses, it will promptly notify the change to the data exporter as soon as it is aware, in which case the data exporter is entitled to suspend the transfer of data and/or terminate the contract;
(c) that it has implemented the technical and organisational security measures specified in Appendix 2 before processing the personal data transferred;
(d) that it will promptly notify the data exporter about:
(i) any legally binding request for disclosure of the personal data by a law enforcement authority unless otherwise prohibited, such as a prohibition under criminal law to preserve the confidentiality of a law enforcement investigation,
(ii) any accidental or unauthorised access, and
(iii) any request received directly from the data subjects without responding to that request, unless it has been otherwise authorised to do so;
(e) to deal promptly and properly with all inquiries from the data exporter relating to its processing of the personal data subject to the transfer and to abide by the advice of the supervisory authority with regard to the processing of the data transferred;
(f) at the request of the data exporter to submit its data processing facilities for audit of the processing activities covered by the Clauses which shall be carried out by the data exporter or an inspection body composed of independent members and in possession of the required professional qualifications bound by a duty of confidentiality, selected by the data exporter, where applicable, in agreement with the supervisory authority;
(g) to make available to the data subject upon request a copy of the Clauses, or any existing contract for subprocessing, unless the Clauses or contract contain commercial information, in which case it may remove such commercial information, with the exception of Appendix 2 which shall be replaced by a summary description of the security measures in those cases where the data subject is unable to obtain a copy from the data exporter;
(h) that, in the event of subprocessing, it has previously informed the data exporter and obtained its prior written consent;
(i) that the processing services by the subprocessor will be carried out in accordance with Clause 11;
(j) to send promptly a copy of any subprocessor agreement it concludes under the Clauses to the data exporter.
- The parties agree that any data subject, who has suffered damage as a result of any breach of the obligations referred to in Clause 3 or in Clause 11 by any party or subprocessor is entitled to receive compensation from the data exporter for the damage suffered.
- If a data subject is not able to bring a claim for compensation in accordance with paragraph 1 against the data exporter, arising out of a breach by the data importer or his subprocessor of any of their obligations referred to in Clause 3 or in Clause 11, because the data exporter has factually disappeared or ceased to exist in law or has become insolvent, the data importer agrees that the data subject may issue a claim against the data importer as if it were the data exporter, unless any successor entity has assumed the entire legal obligations of the data exporter by contract of by operation of law, in which case the data subject can enforce its rights against such entity.
The data importer may not rely on a breach by a subprocessor of its obligations in order to avoid its own liabilities.
- If a data subject is not able to bring a claim against the data exporter or the data importer referred to in paragraphs 1 and 2, arising out of a breach by the subprocessor of any of their obligations referred to in Clause 3 or in Clause 11 because both the data exporter and the data importer have factually disappeared or ceased to exist in law or have become insolvent, the subprocessor agrees that the data subject may issue a claim against the data subprocessor with regard to its own processing operations under the Clauses as if it were the data exporter or the data importer, unless any successor entity has assumed the entire legal obligations of the data exporter or data importer by contract or by operation of law, in which case the data subject can enforce its rights against such entity. The liability of the subprocessor shall be limited to its own processing operations under the Clauses.
Mediation and jurisdiction
- The data importer agrees that if the data subject invokes against it third-party beneficiary rights and/or claims compensation for damages under the Clauses, the data importer will accept the decision of the data subject:
(a) to refer the dispute to mediation, by an independent person or, where applicable, by the supervisory authority;
(b) to refer the dispute to the courts in the Member State in which the data exporter is established.
- The parties agree that the choice made by the data subject will not prejudice its substantive or procedural rights to seek remedies in accordance with other provisions of national or international law.
Cooperation with supervisory authorities
- The data exporter agrees to deposit a copy of this contract with the supervisory authority if it so requests or if such deposit is required under the applicable data protection law.
- The parties agree that the supervisory authority has the right to conduct an audit of the data importer, and of any subprocessor, which has the same scope and is subject to the same conditions as would apply to an audit of the data exporter under the applicable data protection law.
- The data importer shall promptly inform the data exporter about the existence of legislation applicable to it or any subprocessor preventing the conduct of an audit of the data importer, or any subprocessor, pursuant to paragraph 2. In such a case the data exporter shall be entitled to take the measures foreseen in Clause 5 (b).
The Clauses shall be governed by the law of the Member State in which the data exporter is established.
Variation of the contract
The parties undertake not to vary or modify the Clauses. This does not preclude the parties from adding clauses on business related issues where required as long as they do not contradict the Clause.
- The data importer shall not subcontract any of its processing operations performed on behalf of the data exporter under the Clauses without the prior written consent of the data exporter. Where the data importer subcontracts its obligations under the Clauses, with the consent of the data exporter, it shall do so only by way of a written agreement with the subprocessor which imposes the same obligations on the subprocessor as are imposed on the data importer under the Clauses. Where the subprocessor fails to fulfil its data protection obligations under such written agreement the data importer shall remain fully liable to the data exporter for the performance of the subprocessor’s obligations under such agreement.
- The prior written contract between the data importer and the subprocessor shall also provide for a third-party beneficiary clause as laid down in Clause 3 for cases where the data subject is not able to bring the claim for compensation referred to in paragraph 1 of Clause 6 against the data exporter or the data importer because they have factually disappeared or have ceased to exist in law or have become insolvent and no successor entity has assumed the entire legal obligations of the data exporter or data importer by contract or by operation of law. Such third-party liability of the subprocessor shall be limited to its own processing operations under the Clauses.
- The provisions relating to data protection aspects for subprocessing of the contract referred to in paragraph 1 shall be governed by the law of the Member State in which the data exporter is established.
- The data exporter shall keep a list of subprocessing agreements concluded under the Clauses and notified by the data importer pursuant to Clause 5 (j), which shall be updated at least once a year. The list shall be available to the data exporter’s data protection supervisory authority.
Obligation after the termination of personal data processing services
- The parties agree that on the termination of the provision of data processing services, the data importer and the subprocessor shall, at the choice of the data exporter, return all the personal data transferred and the copies thereof to the data exporter or shall destroy all the personal data and certify to the data exporter that it has done so, unless legislation imposed upon the data importer prevents it from returning or destroying all or part of the personal data transferred. In that case, the data importer warrants that it will guarantee the confidentiality of the personal data transferred and will not actively process the personal data transferred anymore.
- The data importer and the subprocessor warrant that upon request of the data exporter and/or of the supervisory authority, it will submit its data processing facilities for an audit of the measures referred to in paragraph 1.
APPENDIX 1 TO THE STANDARD CONTRACTUAL CLAUSES
The data exporter is the entity identified as “Customer” in the DPA.
The data importer is Cast AI Group Inc. a provider of a software-as-a-service platform.
Data subjects are defined in Section 4.3 of the DPA.
Categories of data
The categories of Personal Data are defined in Section 4.2 of the DPA.
Special categories of data (if appropriate)
The personal data transferred concern the following special categories of data (please specify):
The personal data transferred will be subject to the following basic processing activities (please specify):
The nature of the Processing of Personal Data is providing the Services.
APPENDIX 2 TO THE STANDARD CONTRACTUAL CLAUSES
Description of the technical and organisational security measures implemented by the data importer in accordance with Clauses 4(d) and 5(c) (or document/legislation attached):
The data importer shall implement and maintain commercially reasonable technical and organizational security measures designed to protect Personal Data from Data Breaches, to help ensure the ongoing confidentiality, integrity, and availability of the Personal Data and Processing systems, in accordance with the data importer’s security standards, including, as appropriate, the measures referred to in Article 32 of the General Data Protection Regulation.