PLEASE READ THESE TERMS CAREFULLY
This Agreement applies to Customers as business users and Customers as personal users when downloading the App and the Didimo API free-of-charge, including, but not limited to: (i) when you download the App and the Didimo API from the applicable mobile-application store for your Apple or Android device; (ii) when you have downloaded the Didimo API from the Didimo website via the customer portal; (iii) or when you have downloaded the Didimo API from any other site or platform where this Agreement applies. If the Customer is using the App and/or the Didimo API, this Agreement also applies and prevails in the event of a conflict with any other terms Customer may have accepted.
By accepting to be bound by this Agreement, Customer also agrees to be legally bound by the following, which form a part of this Agreement:
Any extra terms which may add to, or replace some of, these terms from time to time, for example if Didimo’s services are updates or if there are any changes to the law;
Specific terms which may apply to certain software solutions, or additional terms added after free use; and
MODIFICATIONS TO THIS AGREEMENT.
Didimo may need to change these terms to reflect changes in law or best practice, to deal with additional features which we introduce or to adapt to the evolution of the App or the Didimo API.
We will endeavour to give you reasonable notice of any change by notifying you of a change when you next start the App or log-in to the Didimo customer portal.
If you do not accept the notified changes, you must immediately discontinue your use of the App and the Didimo API. Customer will be deemed to have accepted any changes by continued use of the App or the Didimo API, after such changes have been made.
YOUR MOBILE APPLICATION STORE TERMS ALSO APPLY.
The ways in which Customer can use the App may also be controlled by the rules and policies of the mobile application store from which Customer downloaded the App.
UPDATES TO THE APP AND DIDIMO API.
From time to time Didimo may automatically update the App and change the Didimo API to improve performance, enhance functionality, reflect changes to the operating system or address security issues. Alternatively Didimo may ask the Customer to update the App for these reasons. If the Customer chooses not to install such updates or if Customer chooses to opt out of automatic updates, Customer may not be able to continue using the App and the Didimo API.
Notice to Personal Use Customers –
This Agreement sets out who Didimo is, how Didimo will provide the App and the Didimo API, how Customer and Didimo may change or end this Agreement, what to do if there is a problem, and other important information. If Customer thinks there is a mistake in this Agreement, it should contact Didimo to discuss. When Customer uses the App and the Didimo API, Customer will be required to use data on Customer’s computer or device. Customer must check carefully how much data will be used as using too much data might mean that data limits are exceeded and there could be more to pay than expected, particularly if used by Customer outside of their home country. Customer is solely responsible for all internet access charges related to the use of the App and the Didimo API.
This introduction section forms a contractual part of the Agreement.
1. Who Didimo Is and How to Contact Didimo. Didimo is registered in Delaware, USA under EIN 81-3350352. If Customer wishes to contact Didimo it can write to 4600, 140th Avenue North, Suite 101, Clearwater, Florida, FL33762 phone +341 220 301 525, or email [email protected]
2. How Didimo Will Contact Customer. If Didimo has to contact Customer it will do so by writing, email or by telephone using the contact details provided when Customer downloads the App and/or creates an account to use the Didimo API.
3. About Didimo. Didimo provides a software solution, which is accessed by Customer through the App or the Didimo customer portal via an application program interface (the “Didimo API”), that is able to turn an image of a person’s head, body or overall physical likeness (an “Initial Image”) into a 3-D animation file in an .fbx or other format (an “Animation File”). Didimo might at any time update the software supplied to Customer, provided that the software shall always match the description provided before conclusion of this Agreement. Neither the App or Didimo API are aimed at children. If Customer is under the age of 16, it is not entitled to use the Ap or the Didimo API. Didimo hereby agrees to make the App and the Didimo API available to Customer on a non-exclusive, non-transferable basis for personal or internal business use by Customer for the period and subject to the restrictions set forth in this Agreement. Customer agrees that it shall use the App and the Didimo API solely to make Animation Files for personal use or on behalf of Customer’s Users (as hereinafter defined), and that it shall use the Didimo API in compliance with this Agreement, and any limitations in the Customer’s individual Didimo account and all applicable laws. “Users” means third parties who use one or more of the online platforms offered by Customer from time to time. Customer shall not attempt to gain unauthorized access to the App or the Didimo API, nor, to the maximum extent legally enforceable, disassemble, decompile, reverse engineer or otherwise attempt to derive source code or other trade secrets from the App, or the Didimo API or any Animation Files. Customer shall not sell, resell, rent or lease the use of the App and the Didimo API or reproduce all or any portion of the App or the Didimo API. Didimo offers the App or the Didimo API in the EU and outside the EU. For more specific information on its rights, Customer’s using the App or the Didimo API for personal use should check the relevant consumer laws in the jurisdiction in which they are based.
4. License to Use Animation Files. All Animation Files shall remain the property of Didimo and may only be used as set forth in this Agreement. Didimo hereby grants Customer a fully-paid, non-transferable (except as provided in Section 7), non-sublicensable right and license during the term of this Agreement to (a) store the Animation Files on its own servers and (b) to use the Animation Files. Customers shall not make the Animation Files available for download by Users whether using the App and/or the Didimo API for business or personal use, and Customers using the App and/or the Didimo API for business purposes shall ensure that its Users do not use the Animation Files for any purpose other than in connection with this Agreement.. Should a Customer wish to license and/or exploit the Animation Files for any other purpose or beyond the term of this Agreement, Customer shall submit a written request to Didimo to [email protected] providing enough details describing such proposed use to Didimo’s satisfaction. Thereafter, the parties will negotiate in good faith the terms of the proposed use, provided that Customer shall not license and/or exploit the Animation Files for any reason whatsoever beyond sharing on Users’ personal social media profiles (i.e., Facebook, Twitter, Instagram) without Didimo’s approval, which it may withhold at its sole discretion. Customer shall ensure its Users do not, to the maximum extent legally enforceable, disassemble, decompile, reverse engineer or otherwise attempt to derive source code or other trade secrets from the Animation Files. Customer shall use Animation Files in accordance with all applicable laws (including privacy laws) and any third party rights.
5. Didimo Use Limitations. Customers accessing the Didimo API free-of-charge will be permitted to download as many Didimos as is authorised from time to time, and as stated in Customer’s individual Didimo account.
6. Personal Use Customers - How to Stop Using Didimo. Customers downloading the App and the Didimo API free-of-charge, upon downloading the App and the Didimo API hereby understand and accept that performance under this Agreement begins when the App and the Didimo API is downloaded and as such there is no withdrawal period (also known as a ‘cooling off period’), which also does not apply in the event of free-of-charge digital services. However, Customer is at all times able to terminate this Agreement under the terms in section 14. Any Customer exercising its right to cancel may be entitled to retrieve the content it has created on Didimo API or within the App or customer portal, save where such content has been deleted by Customer. Please contact Didimo using the contact details at the top of this Agreement for more information about this.
7. Use of the App and the Didimo API. Customers using the App and the Didimo API may only use the App on five computers or devices. However, use of the Didimo API and each Customer account is personal and exclusive to that individual Customer and Customer is therefore not permitted to transfer it to any other third party or allow any third party to access or use the Didimo API or Customer’s account. Accordingly, no other person shall have any rights to enforce Customer’s use of the App and the Didimo API or this Agreement. The App and Didimo API can be used anywhere in the world providing Customer complies with local laws. When Didimo grants access to the App and the Didimo API it does so on a non-exclusive basis. Similar software may be provided to other users for both business and personal use. Didimo may transfer its rights and obligations under this Agreement to another organisation. Didimo will use reasonable efforts to notify Customer by providing an updated version of this Agreement when Customer next logs into the App or their Didimo account.
8. Personal Data.
8.2 Data Sharing. Customer shall submit an Initial Image to the Didimo API. Each Initial Image submitted by Customer to the Didimo API and the Animation File derived therefrom shall be assigned a unique identifier. Didimo acknowledges that Initial Image and Animation File, and certain other information provided by Customer, may be personal data in certain jurisdictions and may be subject to Applicable Privacy Laws.
8.3 Parties Obligations. Both parties will comply with all applicable requirements of the Applicable Privacy Laws.
Business Use Customers. For the purposes of the GDPR, when processing personal data for business use Customers, Didimo is acting as a data processor and Customer is acting as a data controller. Users are data subjects. Accordingly, to comply with Article 28(3) of the GDPR, the parties accept the terms of the data processing schedule attached hereto.
Personal Use Customers. For the purposes of the GDPR, when processing personal data for personal use Customers, Didimo is acting as a data controller and Customer is a data subject.
All Customers. This Section 8 and the data processing schedule is in addition to, and does not relieve, remove or replace, a party’s obligations or rights under the Applicable Privacy Laws. Nothing in this Agreement shall prevent or limit exercise of a data subject’s right under the GDPR. By using the App or the Didimo API, Customer agrees to Didimo collecting and using technical information about the devices and related software, hardware and peripherals on which the App and Didimo API is used to improve Didimo’s products and to provide the Didimo API and the App to Customer. Where applicable, any business use Customer will be solely responsible for informing Users accordingly.
8.6 Privacy Indemnity – Business Use Only. Each party shall indemnify the other against all liabilities, costs, expenses, damages and losses (including but not limited to any direct, indirect or consequential losses, loss of profit, loss of reputation and all interest, penalties and legal costs (calculated on a full indemnity basis) and all other reasonable professional costs and expenses) suffered or incurred by the indemnified party arising out of or in connection with the breach of the Applicable Privacy Laws, this section 8 and/or the data processing schedule (and in the case of Customer, due to breach of its consent collection and notice obligations under section 8.5) by the indemnifying party, its employees or agents, provided that the indemnified party gives to the indemnifier prompt notice of such claim, full information about the circumstances giving rise to it, reasonable assistance in dealing with the claim and sole authority to manage, defend and/or settle it. The liability of Didimo under this section 8.6 shall be subject to the limits set out in section 12of this Agreement.
9. Didimo Obligations.
(i) Quality of the App and the Didimo API and Software for Personal Use Customers. Some national consumer rights laws and EU, laws such as Directive 2011/83/EU pertaining to EU-based personal use Customers, give personal use Customers using the App and/or the Didimo API and its software for personal use only, certain legal rights applicable in the jurisdiction in which they reside (“Statutory Rights”), for example that the App and the Didimo API and its software is of satisfactory quality, is fit for purpose and matches the description provided to personal use Customers. Didimo must provide software that complies with Customer’s Statutory Rights when Didimo supplies the App, Didimo API and its software. Customers using the App and/or the Didimo API for personal use should check the relevant consumer laws in the jurisdiction in which they are based. Didimo shall use all reasonable efforts to ensure that the App, the Didimo API and its software is free from defects, viruses and other malicious content. However, Didimo does not warrant that the app or the Didimo API or its software is compatible with any third-party equipment other than that stated on Didimo’s website or within the customer portal, and Customer hereby acknowledges that there may be minor errors or bugs in the software. To avoid faults in software, Customer must install any fixes, updates, upgrades, new releases and new versions of the App or the Didimo API and its software as soon as reasonably possible after it is notified of such updates. Customer hereby acknowledges that the quality of the App and/or the Didimo API and its software may be affected by a variety of factors, including Customer’s location, its bandwidth and the speed of internet connection. Didimo at all times might update any software supplied to Customer, provided that the App and the Didimo API and its software shall always match the description provided to Customer before it signs up to this Agreement. Notwithstanding the foregoing, Didimo is not responsible for any delays outside its control or which arise from a force majeure event.
(ii) Warranty for All Customers. Didimo shall use all reasonable efforts to enable availability of the App and the Didimo API 24 hours a day, 7 days a week, except for planned maintenance downtime (which Didimo shall use commercially reasonable efforts to schedule outside of business hours for a majority of its customers). Didimo warrants to Customer that the App and the Didimo API and the Animation Files will operate in accordance with any written documentation published from time to time by Didimo (the “Documentation”). For any breach of any of the foregoing warranties, Customer’s exclusive remedy shall be termination of this Agreement as provided in Section 14 below, without prejudice to a personal use Customer’s Statutory Rights referred to at section 9.1.(i).
9.2. DISCLAIMER OF OTHER WARRANTIES. OTHER THAN THE EXPRESS WARRANTIES PROVIDED IN THE PRECEDING PROVISION, DIDIMO DISCLAIMS ALL WARRANTIES, REPRESENTATIONS AND CONDITIONS, EXPRESS OR IMPLIED, INCLUDING IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE, IN RELATION TO OR ARISING OUT OF THIS AGREEMENT, THE DIDIMO API, ANY ANIMATION FILE OR ANY OTHER SERVICES PROVIDED BY DIDIMO, OR THE USE OR PROVISION OF THE APP OR THE DIDIMO API OR ANY ANIMATION FILE. NOTHING IN THIS SECTION 9.2 AFFECTS A PERSONAL USE CUSTOMER’S STATUTORY RIGHTS IN THE JURISDICTION WHERE THEY RESIDE.
9.3. No Liability for Security Breaches. Didimo agrees to use reasonable measures to protect any personally identifiable or confidential information held by Didimo or transmitted to it. The parties agree that notwithstanding such efforts or the features of the App and the Didimo API, no product, hardware, software or service can completely secure access to electronic data and that there are persons and entities, including enterprises, governments and quasi-governmental actors, that will attempt to breach any electronic security measure. In addition to any other limitations set forth in this Agreement, to the maximum extent enforceable in accordance with applicable law, under no circumstances will Didimo be liable to Customer, its Users or any person or entity, for any claim, loss, liability or other expense arising out of or related to any security breach.
10. Ownership and Intellectual Property. Didimo shall own all intellectual property rights in and to the App and the Didimo API and all Animation Files, and except as set forth herein, nothing in this Agreement shall be deemed to confer any rights to any such intellectual property. Customer acknowledges that the Didimo API is protected by intellectual property rights owned or vested in Didimo, including copyright and a US patent (number 15-904,667), and that Didimo will vigorously enforce such intellectual property rights to the fullest extent as permitted by law in the event of any misuse or unauthorised use of the Didimo API by any third-party, including Customer or any User. As between Didimo and Customer, all rights in any Initial Image shall belong to Customer and Didimo shall have no rights to such Initial Image. Customer hereby grants to Didimo a perpetual, non-exclusive license during the term of this Agreement to use and store the Initial Image to produce an Animation File, and to retain such Initial Image for machine learning purposes. Customer represents that it has the right to grant such license, and business use Customers, to the extent applicable, shall procure such license from its Users.. Didimo will be free to use any feedback, suggestions, evaluations or improvements that Customer gives to Didimo regarding or relating to the App or the Didimo API, the development or marketing thereof, the product roadmap or otherwise without any restriction or obligation to Customer. Didimo is giving Customer personally the right to use the App and the Didimo API pursuant to this Agreement. Whilst Customer may have family-sharing rights from their mobile application store account, Customer may not otherwise transfer the App or Didimo API or its customer account to any third party, whether for money, for anything else or for free. If Customer sells any device on which the App or the Didimo API is installed or to which the Customer’s account is connected, Customer must remove the App and the Didimo API from it and permanently disconnect its customer account.
11. Confidentiality. Each party acknowledges that as a result of performing under this Agreement it may have access to data or information, oral or written, related to the other party’s past, present or future research, development or business activities that the other party reasonably considers to be confidential or proprietary, including any such information received by a party from a third-party (“Confidential Information”). Confidential Information does not include (a) any information that is or becomes generally available to the public without breach by the receiving party; (b) any information properly obtained before or after the date of this Agreement from a third party without an obligation of confidentiality; (c) any information independently developed by the receiving party without reference to Confidential Information; or (d) any information to the extent that may be necessary to establish or assert rights hereunder, in a court of law or as may be required by law or governmental regulations or authority (including court order or subpoena); provided, however, that prior to disclosing any Confidential Information as required by law or the government, the receiving party shall promptly notify the disclosing party. During the term of this Agreement, each party agrees that it will not disclose Confidential Information of the other party or use Confidential Information of the other party other than as necessary to perform its obligations and exercise rights under this Agreement.
12. LIMITATIONS OF LIABILITY.
12.1 Personal Use Customers. If Didimo fails to comply with this Agreement, it is responsible for loss of damage that is a foreseeable result of Didimo breaking these terms or for failing to use reasonable care and skill, however, it is not responsible for any loss or damage that is not foreseeable. Loss or damage is foreseeable if it is either obvious it will happen, or if at the time that Customer requests use of Didimo API, both Didimo and Customer were aware it might happen, for example, if Customer notifies Didimo. Didimo does not exclude its liability in any way where it would be unlawful to do so. This includes liability for death or personal injury caused by Didimo’s negligence or for fraud, breach of privacy laws, or other such liability with the law states that Didimo cannot exclude or limit. If defective software which Didimo has supplied damages a device or digital content belonging to Customer and this is due to a failure of Didimo’s reasonable care and skill, Didimo will, at its own election, either repair the damage or pay Customer reasonable compensation for any damage arising solely and directly from Didmo’s breach. However, Didimo will not be liable for damage which Customer could have avoided by following Didimo’s advice to apply an update which was offered free of charge or for damage caused by Customer failing to correctly follow installation instructions or to have in place the minimum recommended system requirements. Furthermore, Didimo is not responsible for the cost of repairing any pre-existing faults or damage to Customer’s device or any pre-existing digital content.
12.2 For all Customers. NOTWITHSTANDING THE FOREGOING, AND SUBJECT TO A PERSONAL USE CUSTOMER’S STATUTORY RIGHTS, NEITHER PARTY SHALL BE LIABLE TO THE OTHER PARTY FOR ANY SPECIAL, INCIDENTAL, INDIRECT OR CONSEQUENTIAL DAMAGES, INCLUDING, BUT NOT LIMITED TO, LOST PROFITS OR DATA, ARISING OUT OF THIS AGREEMENT, THE DIDIMO API, ANY ANIMATION FILE OR ANY OTHER SERVICES PROVIDED BY DIDIMO OR THE USE OR PROVISION OF THE DIDIMO API OR ANY ANIMATION FILE, WHETHER BASED IN CONTRACT, TORT OR ANY OTHER LEGAL THEORY, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.
13. Complaints for Personal Use Customers. Didimo will try to resolve any disputes with Customers quickly and efficiently. If Customers are unhappy with the App or the Didimo API and its software or any other matter, Customer should contact Didimo as soon as possible and Didimo will try to resolve the matter as soon as possible, and in the event of any dispute, us its internal complaint handling procedure. Customers based in the EU may also use an online dispute resolution platform to resolve any dispute with Didimo. For more details, please visit https://webgate.ec.europa.eu/odr.
14. Term and Termination.
14.1 For All Customers. This Agreement shall continue in full force so long as the Customer has the App on its mobile device or available to install in its mobile application store account, or for as long as Customer has an account on the Didimo customer portal, until suspended or terminated in accordance with this section 14. Notwithstanding the foregoing, either party shall be entitled to terminate this Agreement immediately upon written notice to the other party in the event that (i) the other party declares bankruptcy, (ii) breaches any material term set forth herein and fails to cure such breach within 30 days from the date of receipt of written notice thereof, or (iii) in the event of personal use Customers, to the extent that their Statutory Rights permit them to do so. Notwithstanding the foregoing, (a) to the extent any customer account remains in effect beyond the scheduled expiration or termination of this Agreement, this Agreement shall be deemed to remain in effect until such time as such customer account has expired or been terminated in accordance with the terms set forth therein, (b) in the event Didimo terminates provision of the the App or the Didimo API, Didimo shall provide at least 30 days’ notice of such termination and thereafter this Agreement shall automatically terminate and (c) in the event that Didimo does terminate or suspend this Agreement or terminate or suspend access to the App or the Didimo API and its software Customer accepts that Didimo shall have no liability or responsible to Customer.
14.2 Personal Use Customers – Termination and Suspension. Didimo will take all commercially reasonable efforts to ensure that the App and the Didimo API and its software remains in operation however Customer may experience temporary interruptions. This might be to allow Didimo to deal with technical problems or make minor technical changes, or to allow Didimo to update its services and content to reflect any changes in relevant laws and regulatory or contractual and licensing requirements. Didimo will be entitled to terminate this Agreement, or suspend access to the App or the Didimo API and its software at any time including in the event of Customer’s actual or suspected unauthorised use of the App or the Didimo API and its software or failure to comply with this Agreement. Didimo will also be entitled to suspend or terminate this Agreement and access to the App or the Didimo API if it withdraws its software.
14.3 Post Termination Provisions for All Customers. The following (1) and (2) of this section 14 shall survive any termination of this Agreement: (1) Customer shall not attempt to gain unauthorized access to the App or the Didimo API, nor, to the maximum extent legally enforceable, disassemble, decompile, reverse engineer or otherwise attempt to derive source code or other trade secrets from the App or the Didimo API or any Animation Files or attempt to use or use any of Didimo’s intellectual property; and (2) Customer shall not sell, resell, rent or lease the use of the App or Didimo API or reproduce all or any portion of the App or the Didimo API. Section 4 and sections 8 through to 18 shall survive any termination of this Agreement.
15. Business Use Customers Only - Indemnification. Didimo shall defend and indemnify Customer from and against any claim, demand, suit or proceeding (a “Claim”) made or brought against Customer by a third party alleging that the use of the App or the Didimo API or any Animation File (other than any portion of the Animation File derived from or related to the Initial Image) in accordance with this Agreement and the Documentation infringes or misappropriates the intellectual property rights of a third party. Customer shall defend and indemnify Didimo and its licensors from and against any Claim made or brought against Didimo or any of its licensors by a third party related to the use by Customer or any User of the App or the Didimo API or any Animation File. As a condition to the indemnification obligations under this Section 15, the indemnified party shall (a) promptly give the indemnifying party written notice of the Claim, (b) give the indemnifying party sole control of the defense and settlement of the Claim (provided that the indemnifying party may not settle any Claim that imposes any obligation or liability on the indemnified party without the consent of the indemnifying party, such consent not to be unreasonably withheld), and (c) provide to the indemnifying party all reasonable assistance in the defense of the Claim, at the indemnifying party’s expense. If the indemnifying party assumes defense of the Claim as provided for herein, the indemnified party may only retain its own counsel at its own expense.
16. Governing Law and Jurisdiction
16.1 Personal Use Customers - Applicable Law and Courts. This Agreement will be governed by the law which the personal Use Customer is normally resident. Personal Use Customers can bring legal proceedings in the courts of the country in which they are normally resident.
16.2 Business Use Customers - Arbitration. The following section 16.2 applies to Customers using the App or the Didimo API and software for business use only. The internal laws of the State of Delaware, regardless of any choice of law principles, shall govern the validity of this Agreement, the construction of its terms and the interpretation and enforcement of the rights and duties of the parties. All disputes, controversies or differences which may arise between the parties hereto, out of or in relation to or in connection with this Agreement, the App or the Didimo API or any of the other Didimo services, the use or provision of the the App or the Didimo API or any other Didimo services and/or the relationship between the parties hereunder, shall be finally settled by arbitration in San Francisco, CA in accordance with the International Arbitration Rules of the American Arbitration Association. The award rendered by the arbitrator shall be final and binding upon the parties hereto, and any judgment upon such award may be entered in any court having jurisdiction thereof. Arbitration proceedings shall be conducted in the English language. Any and all costs and fees related to any arbitration proceedings hereunder shall be paid solely by the party hereto which does not prevail and against whom the arbitration award is rendered, as determined by the arbitrator. Notwithstanding the foregoing, either party hereto shall, at any time, have the right to seek preliminary equitable or injunctive relief in any court of competent jurisdiction, including without limitation in order to enjoin the infringement of such party’s intellectual property rights.
17. Publicity - Business Use only. Customer grants Didimo the permission to use Customer’s name, logos, and marks to identify Customer as a customer of Didimo in publicly available marketing materials and on Didimo’s website and agrees to serve as a reference for Didimo and its services upon request. If a personal use Customer wishes to object to this, it should contact Didimo by using the details at the start of this Agreement.
DATA PROCESSING SCHEDULE – APPLICABLE TO BUSINESS CUSTOMERS ONLY
1. Definitions For the purposes of this Schedule, the following terms: “Controller”, “Data Subject”, “International Organisation”, “Personal Data”, “Personal Data Breach”, “processing” and “Processor”, shall have the meanings given to them at Article 4 of the GDPR. The following terms shall have the meanings:
Protected Data means Personal Data received from or on behalf of Customer in connection with the performance of Didimo’s obligations under the Agreement; and
Sub-Processor means any agent, subcontractor or other third party (excluding its employees) engaged by Didimo for carrying out any processing activities on behalf of Customer in respect of the Protected Data.
2. Compliance with Applicable Privacy Laws. The parties agree that Customer is a Controller and that Didimo is a Processor for the purposes of processing Protected Data pursuant to the Agreement. Customer shall at all times comply with all Applicable Privacy Laws in connection with the processing of Protected Data. Customer shall ensure all instructions given by it to Didimo in respect of Protected Data (including the terms of this Schedule) shall at all times be in accordance with Applicable Privacy Laws. Nothing in this Schedule relieves either party of any responsibilities or liabilities under the Applicable Privacy Laws.
3. Didimo’s compliance with Applicable Privacy Laws. Didimo shall process Protected Data in compliance with the obligations placed on it under Applicable Privacy Laws and the terms of this Schedule.
4. Instructions. Didimo shall only process (and shall ensure that it’s personnel and Sub-Processors only process) the Protected Data in accordance with Customer’s instructions set out at Part A of this Schedule and the terms of this Schedule, except to the extent: (i) that alternative processing instructions are agreed between the parties in writing; or (ii) otherwise required by applicable law (and shall inform Customer of that legal requirement before processing, unless applicable law prevents it doing so on important grounds of public interest). If Didimo believes that any instruction received by it from Customer is likely to infringe the Applicable Privacy Laws it shall be entitled to cease to provide the relevant services under the Agreement until the parties have agreed appropriate amended instructions which are not infringing.
5. Security. To protect the Protected Data against accidental, unauthorised or unlawful destruction, loss, alteration, disclosure or access, Didimo shall implement and maintain the technical and organisational measures in accordance with Didimo’s security commitment set out in Part B of this Schedule.
6. Sub-processing. Customer authorises the appointment of the Sub-Processors listed at https://didimo.co/subprocessor-list/, which may be updated by Didimo in its discretion from time to time. Prior to the relevant Sub-Processor carrying out any processing activities in respect of the Protected Data, Didimo shall ensure that each Sub-Processor is bound by a written contract containing materially the same obligations as under this Schedule that is enforceable by Didimo and ensure each such Sub-Processor complies with all such obligations. Didimo shall: (i) remain fully liable to Customer under this Schedule for all the acts and omissions of each Sub-Processor as if they were its own (but not to a greater extent than that); and (ii) ensure that all persons authorised by Didimo (including Didimo’s personnel) or any Sub-Processor to process Protected Data are subject to a binding written contractual obligation to keep the Protected Data confidential.
7. Assistance. Didimo shall (at Customer’s cost) assist Customer in ensuring compliance with Customer’s obligations pursuant to Articles 32 to 36 of the GDPR (and any similar obligations under the Applicable Privacy Laws) taking into account the nature of the processing and the information available to Didimo. Didimo shall (at Customer’s cost) taking into account the nature of the processing, assist Customer (by appropriate technical and organisational measures), insofar as this is possible, for the fulfilment of Customer’s obligations to respond to requests for exercising the Data Subjects’ rights under Chapter III of the GDPR (and any similar obligations under Applicable Privacy Laws) in respect of any Protected Data.
8. International transfers. Didimo shall not process and/or transfer, or otherwise directly or indirectly disclose, any Protected Data in or to countries outside of the UK or the EEA or to any International Organisation without the prior written authorisation of Customer, unless Didimo has implemented one of the safeguards set out in Chapter V (Articles 44-50) of the GDPR (including use of the Standard Contractual Clauses) prior to such processing/transfer.
9. Audits and processing. Didimo shall, in accordance with Applicable Privacy Laws, make available to Customer such information that is in its possession or control as is necessary to demonstrate Didimo’s compliance with the obligations placed on it under this Schedule and to demonstrate compliance with the obligations on each party imposed by Article 28 of the GDPR (and under any equivalent Applicable Privacy Laws equivalent to that Article 28), and allow for and contribute to audits, including inspections, by Customer (or another auditor mandated by Customer) for this purpose (subject to a maximum of one audit request in any 12 month period, and provided that such audit is conducted on reasonable notice, during normal business hours in the UK and results in minimal disruption to Didimo’s business).
10. Personal Data Breach. Didimo shall notify Customer without undue delay and in writing on becoming aware of any Personal Data Breach in respect of any Protected Data.
11. Deletion/Return. Upon termination of provision of the services under the Agreement relating to the processing of Protected Data, at Customer’s cost and Customer’s option, Didimo shall either return all of the Protected Data to Customer or securely dispose of the Protected Data (and thereafter promptly delete all existing copies of it) except to the extent that any applicable law requires Didimo to store such Protected Data.
Part A: Processing Activities
Processing of the Protected Data by Didimo under this Schedule and the Agreement, shall be for the subject-matter, duration, nature and purposes and involve the types of Personal Data and categories of Data Subjects set out in this Part A.
Subject-matter of processing:
To enable Didimo to provide the services and perform its obligations under the Agreement.
Duration of the processing:
Nature and purpose of the processing:
To enable Didimo to provide the services to Customer pursuant to the terms of the Agreement.
Type of Personal Data:
Categories of Data Subjects:
Ordinary Data Subjects (the services provided by Didimo are not intended for vulnerable adults or children), including Customer’s Data Subjects and any User.
Part B: Minimum technical and organisational security measures
In accordance with Applicable Privacy Laws, taking into account the state of the art, the costs of implementation and the nature, scope, context and purposes of the processing of the Protected Data to be carried out under or in connection with this Agreement, as well as the risks of varying likelihood and severity for the rights and freedoms of natural persons and the risks that are presented by the processing, especially from accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to the Protected Data transmitted, stored or otherwise processed, Didimo shall implement appropriate technical and organisational security measures appropriate to the risk, including, as appropriate, those matters mentioned in Articles 32(1)(a) to 32(1)(d) (inclusive) of the GDPR.