Welcome to WhosOnLocation, an online people presence management service. This Master Subscription Agreement (“Agreement”) contains the terms which explain our obligations as a service provider and Your obligations as a customer. Please read them carefully along with our Data Processing Agreement, GDPR Statement, Privacy Policy, and, if applicable, ANZ Privacy Statement as these also form part of this Agreement.

You can download the Master Subscription Agreement here.

We have updated Our Master Subscription Agreement. If You are a new Subscriber, then this Master Subscription Agreement will be effective as of 1 June 2019. If You are an existing Subscriber, we are providing You with prior notice of these changes which will be effective as of 1 July, 2019. For a prior version of our Master Subscription Agreement, click here.

THIS AGREEMENT CONSTITUTES A BINDING CONTRACT BETWEEN US AND YOU AND GOVERNS YOUR (AND YOUR END USERS’) USE OF AND ACCESS TO THE SERVICES FROM THE MOMENT YOU CREATE AN ACCOUNT.

By accepting this Agreement, either by creating an account, accessing or using a Service, or authorizing or permitting any End-User to access or use a Service, You agree to be bound by this Agreement. If You are entering into this Agreement on behalf of a company, organization or another legal entity (an “Entity”), You are agreeing to this Agreement for that Entity and representing to WhosOnLocation that You have the authority to bind such Entity and its Affiliates to this Agreement, in which case the terms “Subscriber,” “You,” “Your” or a related capitalized term herein shall refer to such Entity and its Affiliates. If You do not have such authority, or if You do not agree with this Agreement, You must not accept this Agreement and may not use any of the Services.

1. Definitions

When used in this Agreement with the initial letters capitalized, in addition to the terms defined elsewhere in this Agreement, the following terms have the following meanings:

“Account”

means any account created on the Site for Services, whether for trial or subscription purposes.

“Account Owner”

means the person who has the highest level of access to Your Account. By default this is the End-User who initially subscribed to use the Service and accepted the Master Subscription Agreement terms. The Account Owner can subsequently assign another End-User as the Account Owner. There can only be one Account Owner at any time. The Account Owner manages the Account level settings.

“Add-ons”

means any opt-in feature or function that requires independent activation by the Account Owner via the Add-ons management tool available on the Site.

“Administrator”

means any person granted Administrative rights by the Account Owner. Administrators manage Location level settings and can assign privileges to End-Users.

“Affiliate”

means, with respect to a Party, any entity that directly or indirectly controls, is controlled by, or is under common control with such Party, whereby “control” (including, with correlative meaning, the terms “controlled by” and “under common control”) means the possession, directly or indirectly, of the power to direct, or cause the direction of the management and policies of such person, whether through the ownership of voting securities, by contract, or otherwise. An example is a subsidiary of the Entity.

“Agreement”

means the terms and conditions detailed in this Master Subscription Agreement.

“API”

means the application programming interfaces developed and enabled by the WhosOnLocation that permits Customer to access certain functionality provided by the Service, including without limitation, the REST API that enables the interaction with the Service automatically through HTTP requests and the application development API that enables the integration of the Service with other web applications.

“Campus”

A Campus is a ‘Location’ (as defined below) but one which has ‘multiple’ buildings at the same address including universities, business parks, and multi-facility manufacturing plants.

“Confidential Information”

includes all information exchanged between the parties to this Agreement, whether in writing, electronically or orally, including the Data entered into the Site by Your End-Users but does not include information which is, or becomes, publicly available other than through unauthorised disclosure by the other party.

“Customer”

means the organisation or person entered into the Organisation Name field in Your Account. Also referred to as the Subscriber.

“Customer Data”

means any data inputted by You or by Your End-Users into the Site including all text, sound, video, or image files, and software.

“End-User”

means any person or entity, which uses the Service with the authorisation of an Administrator from time to time.

“Geolocation”

means the approximate location of a WolMobile user which is determined using Location Services or a Vehicle (which has a GPS device enabled).

“Guest”

means any non-employee of Your organization; for example, a visitor or contractor.

“Intellectual Property Right”

means any patent, trade mark, service mark, copyright, moral right, right in a design, know-how and any other intellectual or industrial property rights, anywhere in the world whether or not registered.

“Location”

means a physical location where You carry out Your tasks and responsibilities. Locations are normally described as workplaces like Head Office, a warehouse, a school, a distribution centre, etc… but can be non-workplaces. For multiple buildings at one location see “Campus”.

“Location Access Control Point”

means a physical place within a location where people sign themselves into and out of. For example: Main Reception, Warehouse Entrance, Security Gate 1 etc…

“Location Services”

means those user requested services accessible from a user’s mobile phone by WolMobile which uses information from cellular, Wi-Fi, and Global Positioning System (GPS) networks to determine a user’s approximate location if they request it using the opt-in functions on WolMobile.

“Payment Frequency”

means the frequency by which You have nominated to pay Your Subscription; this being monthly or yearly in advance.

“Privacy Policy”

means the privacy policy found at https://whosonlocation.com/privacy-policy/

“Push Notification”

means a message that pops up on WolMobile, our free mobile app for employee and contractor users. Where SMS (text) messages incur a fee, push notifications are free.

“Reseller”

means any authorized third party channel partner or referrer from whom you procure a subscription to the Service.

“Service”

means the online people presence management services made available (as may be changed or updated from time to time by WhosOnLocation) via the Site and other web pages designated by WhosOnLocation, including, individually and collectively, the applicable Software, Updates, API and Documentation.

“Sign-in”

means a Guest or Employee signing into a Location using the people presence management tools available in the Service for the purpose of registering their presence on-site.

“Site”

means the application Internet sites operated by WhosOnLocation and identified by the URL Domain whosonlocation.com.

“SMS”

means ‘Short Message Service’ and is also commonly referred to as a “text message”. WhosOnLocation uses SMS (text) notifications in many areas of its service including, but not limited to, visitor arrival notifications, evacuation management notifications, and trigger notifications. With a SMS, you can send a message of up to 160 characters to another device. Longer messages, those exceeding 160 characters, will automatically be split up into several parts. So a 200 character SMS will consist of 2 parts. A 325 character SMS consists of 3 parts etc…

“SMS Credits”

Each Subscription Plan includes a limited number of SMS Credits. SMS credits are redeemed when SMS (text) messages are sent. 1 credit is redeemed (debited) from your SMS credits balance for every 160 character part sent. Credits are sold in ‘Packs’ and one Pack is 1000 SMS Credits.

“SMS Fees”

If you use more than the included SMS Credits in your Plan (s) additional SMS Charges will apply. You can choose not to use SMS services or suspend them. Current SMS Fees are published on our website.

“Subscriber” , “You” or “Your”

means the person or entity that Subscribed to use the Service and is agreeing to this Agreement, as specified in the “organization“ field on the Account . A Subscriber may be an End-User.

“Subscription Fees”

means the subscription fees and any other fees or charges for any Add-ons or Integrations applicable to Your Subscription Plan, as detailed on the Site or otherwise notified to You by Us, or if applicable, the Reseller from who you procured your Subscription Plan.

“Subscription Plan”

means the Service plan (including any Add-ons, Integrations or other benefits included in such plan) for which You subscribe with respect to each Location, and the functionality and services associated with that plan (as detailed on the Site or otherwise notified to you by Us or the Reseller from whom you procured your Subscription Plan, as applicable).

“Subscription Term”

means the period during which You have agreed to subscribe to the Service. Your Subscription Term will commence at the time that You create Your Account (unless You are eligible for (and elect to access) a Trial, in which case Your Subscription Term will commence at the end of Your Trial Period), and will end when Your Agreement with Us is terminated pursuant to clause 22.

“Trial Period”

means, if available, a free, no obligation period in which You have to evaluate and trial the Service or an Add-on. A Trial Period will normally last 30 days.

“WhosOnLocation”

“We”, “Us” or “Our”: means WhosOnLocation Limited as defined below. WhosOnLocation means: WhosOnLocation Limited which is a registered company incorporated in Wellington, New Zealand or any of its successors or assignees.

“WolEvac”

means WhosOnLocation’s mobile evacuation management app. Nominated users can perform a range of functions depending on the need at the time of the evacuation;

  1. Verify the location’s zone (s) is clear
  2. Verify the safety of people using the roll-call tool
  3. Send an SMS requesting people to confirm they are safe.
  4. Chat with other users
  5. View a post-evacuation report

“WolMobile”

means WhosOnLocation’s mobile app. Users can perform a range of functions depending on the WolMobile rights they are granted by an Administrator;

  1. Tag themselves on or offsite
  2. Acknowledge Hazards and other alerts
  3. Receive Guest Arrival Alerts via Push Notification
  4. Flag their current GEO location, wherever they are in the world
  5. Have WolMobile ‘follow’ their Geolocation

“You”

means the Subscriber, and where the context permits, the Account Owner or an End User. “Your” has a corresponding meaning.

2. Parties and this Relationship

2.1. This Agreement is between the Subscriber and WhosOnLocation Limited, (“WOL”).

2.2. From time to time one of our Resellers may bundle its product or service with a WhosOnLocation Subscription Plan. When you purchase the Reseller’s product or service You will enter into a contract with the Reseller. However, You will also need to register with WhosOnLocation for a Subscription Plan and create or activate an Account (pursuant to this Agreement) and accept the terms of this Agreement.

3. Scope and Intent

These Terms are binding on any use of the Service (including where you have procured your Subscription Plan from a Reseller) and apply to You from the time that You first access the Service. You are deemed to have agreed to these Terms on behalf of any entity for whom you use the Service.

The Service includes any upgrades, modified versions, updates to the Site developed by us, and the Helpdesk.

The Service will evolve over time based on user feedback. WhosOnLocation reserves the right to change these Terms at any time, effective upon the posting of modified Terms of Use and WhosOnLocation will make every effort to communicate these changes to You via email or notification via the Site. It is likely the terms of this Agreement will change over time. It is Your obligation to ensure that You have read, understood and agree to the most recent terms available on the Site. However, on every 12-month anniversary of your initial Subscription Plan, if You renew Your subscription You will have to accept and agree to the current terms of this Agreement.

This Agreement includes our Data Processing Agreement, GDPR Statement, Privacy Policy, and, if applicable, ANZ Privacy Statement, which are accessible in the footer of the Site on the Login screen, and which are hereby incorporated by reference (collectively referred to as the “Agreement”) and You agree to be bound by all of the provisions.

4. Purpose of Service

The safety and security of people and assets starts with knowing who is on-site. The purpose of WhosOnLocation is to keep people and assets safe by giving organisations real-time visibility of who is authorised access to their sites, who is coming on-site, who is actually on-site, and who was on-site. We aim to do this in a way that’s simple, smart and secure.

5. Access to Service

WhosOnLocation grants You the right to access and use the Service via the Site with the particular user roles available to You according to Your Subscription Plan. This right is non-exclusive, non-transferable, and limited by and subject to this Agreement. You acknowledge and agree that:

  • the Account Owner determines who is an End User with Administrator user role access at all times and can revoke or change an Administrator’s access, or level of access, at any time and for any reason, in which case that person or entity will cease to be an Administrator or shall have that different level of access, as the case may be;
  • the Administrator (s) determines who is an End User with non-Administrator user role access at all times and can revoke or change an End User’s access, or level of access, at any time and for any reason, in which case that person or entity will cease to be an End User or shall have that different level of access, as the case may be;

6. Trial Policy

6.1 When you create an Account, You will gain free access to a trial of the Service for a Trial Period, unless a Trial Period is not offered with Your Subscription Plan. A Trial Period may not be offered with certain Subscription Plans as it will not be relevant or appropriate in the context of other rights or benefits You receive from Us or a Reseller as part of that plan.
6.2 During Your Trial Period You will have full access to all training, demo, and support services. We don’t require a credit card during the Trial Period, so You can try these services obligation-free.
6.3 At any time during or prior to the commencement of Your Trial Period, You may elect to use, or continue using, our services as a subscribed customer. In which case:

6.3.1 our Support team will confirm Your Subscription Plan and You must pay Your Subscription Fees in accordance with clause 8 below from the commencement of Your Subscription Term (Your Subscription Term will only commence at the end of the Trial Period, irrespective of your earlier election to become a subscribed customer).

6.3.2 if you elect to become a subscribed customer during your Trial Period, then Your trial Account will become your permanent Account (all of your customizations, data, and actions remain intact).

6.4 5 Days prior to Your Trial Period expiring Our support team will email You to advise that Your trial ends in 5 days.
6.5 At the end of Your Trial Period, We will email you to advise You that Your trial has ended. This email will ask You to confirm whether you wish to continue as a subscribed customer. If yes, then:

6.5.1 our Support team will confirm Your Subscription Plan and You must pay Your Subscription Fees in accordance with clause 8 below from the commencement of Your Subscription Term.

6.5.2 Your trial Account will become your permanent Account (all of your customizations, data, and actions remain intact).

6.6 If you decide not to proceed to becoming a subscribed customer, your Account will be terminated and all Your Customer Data will be deleted.
6.7 We reserve the right to terminate Your Trial at any time if we suspect Your intentions for trialing WhosOnLocation are not for the intended purpose of our Service.

7. Subscription Plans

7.1 About Subscription Plans

You can choose the Subscription Plan that best meets your requirements. There are various Subscription Plans published on our Site (https://whosonlocation.com/pricing/) to choose from.

7.2  Grandfathered Subscription Plans prior to 1 August 2017

Any Location in your Account on the Starter Plan prior to 1 August 2017 will be grandfathered on that Starter Plan as long as the Location linked to that Subscription Plan does not breach the annual Guest Sign-in limits for the Starter Plan (Guest 1,000 p.a and Employee 12,000 p.a) or until Your account terminates.

Subscribers to the Service prior to 1 September 2018 will remain on Your current Subscription Plan (s) and pricing until Your first annual anniversary following 31 December 2019, when you will be migrated to the Subscription Plans published on our Site at the time of Your renewal.

7.3 Downgrade and Upgrade

You can upgrade or downgrade your Subscription Plan for any Location anytime. WhosOnLocation reserves the right to review Your Subscription Plan anytime and if Your annual Guest and/or Employee sign-in count exceeds Your current Plan, You must upgrade to a Plan that meets Your requirements.

8. Your Obligations

8.1 Payment obligations

8.1(a) Invoicing by Reseller

If you have procured Your Subscription Plan from a Reseller (as per clause 2.2 of this Agreement) and, pursuant to Your contract with the Reseller, You have agreed to make payment of Your Subscription Fees directly to the Reseller, the Reseller will invoice You for Your Subscription Fees in accordance with the payment terms agreed between You and the Reseller.  Clause 8.1(b) below will not apply to You unless You renew Your Subscription Plan with Us or subscribe to an opt-in Add-on and that Add-on has an additional Subscription Plan.

8.1(b) Invoicing by WhosOnLocation

Unless clause 8.1(a) applies to Your Subscription Plan, an invoice for Your Subscription Fees will be issued by Us at the frequency nominated by You (Monthly or Yearly).
Subscription Fees will be payable for Your entire Subscription Term.

When paying by Credit Card

  • If You wish to pay monthly We require payment by credit card.
  • If You wish to pay annually You can pay on invoice by credit card or, bank transfer if Your account meets Our bank transfer eligibility criteria.

When paying by Bank Transfer

We accept payment by bank transfer on invoice:

  • If Your monthly or annual invoice exceeds NZD$250.00, AUD$250.00, CAD$250.00, USD$195.00, GBP£145 excluding taxes.

Your Subscription Plan includes a limited number of SMS Credits. Once these included SMS Credits are used, should You continue to use our SMS services, You agree to pay for any additional SMS Credits used. Your SMS Credits balance is available to Account Owners, within the application, under Tools | Account | SMS Status.

All WhosOnLocation invoices will be sent to the Billing Contact whose details are provided by You and recorded under the ‘Account’ / ‘Billing Details’ section of the Account Owners Tools. You must pay or arrange payment of all amounts specified in any invoice by the due date for payment and are payable within 10 days of the invoice date. You are responsible for payment of all taxes and duties in addition to Your Subscription Fees.

8.1(c)  SMS Credits

Your Subscription Plan includes a limited number of SMS Credits. Once these included SMS Credits are used, should You continue to use our SMS services, You agree to pay for any additional SMS Credits used. Your SMS Credits balance is available to Account Owners, within the application, under Tools | Account | SMS Status.

8.2 Preferential pricing or discounts

You may from time to time be offered preferential pricing or discounts for the Subscription Plans as a result of the number of Locations that You have added to the Service or that have been added with Your authority or as a result of Your use of the Service. Eligibility for such preferential pricing or discounts is conditional upon Your acceptance of responsibility for payment of any Subscription Plans in relation to all of Your Locations. Without prejudice to any other rights that WhosOnLocation may have under these Terms or at law, WhosOnLocation reserves the right to render invoices for the full (non-discounted) Subscription Plans due or suspend or terminate Your use of the Service in respect of any or all of Your locations in the event that any invoices for those Subscription Plans are not paid in full by the due date for payment.

8.3 General obligations

You must only use the Service and Site for Your own lawful internal business purposes, in accordance with these Terms and any notice sent by WhosOnLocation or condition posted on the Site. You may use the Service and Site on behalf of others or in order to provide services to others but if You do so You must ensure that You are authorized to do so and that all persons for whom or to whom services are provided comply with and accept all Terms of this Agreement that apply to You.

8.4 Access conditions

8.4.1 You must ensure that all usernames and passwords required to access the Service are kept secure and confidential. You must immediately notify WhosOnLocation of any unauthorized use of Your passwords or any other breach of security and WhosOnLocation will reset Your password and You must take all other actions that WhosOnLocation reasonably deems necessary to maintain or enhance the security of WhosOnLocation’s computing systems and networks and Your access to the Services.

8.4.2 As a condition of these this Agreement, when accessing and using the Services, You must:

A. not attempt to undermine the security or integrity of WhosOnLocation’s computing systems or networks or, where the Services are hosted by a third party, that third party’s computing systems and networks;

B. not use, or misuse, the Services in any way which may impair the functionality of the Services or Site, or other systems used to deliver the Services or impair the ability of any other user to use the Services or Site;

C. not attempt to gain unauthorized access to any materials other than those to which You have been given express permission to access or to the computer system on which the Services are hosted;

D. not transmit, or input into the Site, any: files that may damage any other person’s computing devices or software, content that may be offensive, or material or Data in violation of any law (including Data or other material protected by copyright or trade secrets which You do not have the right to use); and

E. not attempt to modify, copy, adapt, reproduce, disassemble, decompile or reverse engineer any computer programs used to deliver the Services or to operate the Site except as is strictly necessary to use either of them for normal operation.

8.5 Usage Limits

Use of the Service may be subject to limitations, including but not limited to monthly people transaction volumes (Sign-ins) You are permitted to make against WhosOnLocation’s application programming interface. Any such limitations will be defined under your Subscription Plan.

8.6 Communication Conditions

As a condition of these Terms, if You use any communication tools available through the Site (such as any forum, chat room or message center), You agree only to use such communication tools for lawful and legitimate purposes. You must not use any such communication tool for posting or disseminating any material unrelated to the use of the Services, including (but not limited to): offers of goods or services for sale, unsolicited commercial e-mail, files that may damage any other person’s computing devices or software, content that may be offensive to any other users of the Services or the Site, or material in violation of any law (including material that is protected by copyright or trade secrets which You do not have the right to use).

When You make any communication on the Site, You represent that You are permitted to make such communication. WhosOnLocation is under no obligation to ensure that the communications on the Site are legitimate or that they are related only to the use of the Services. As with any other web-based forum, You must exercise caution when using the communication tools available on the Site. However, WhosOnLocation does reserve the right to remove any communication at any time in its sole discretion.

8.7 Indemnity

8.7.1 You indemnify WhosOnLocation against: all claims, costs, damage and loss solely arising from Your breach of any of these Terms or any obligation You may have to WhosOnLocation, including (but not limited to) any costs relating to the recovery of any Subscription Plans that are due but have not been paid by You.

8.7.2 You are not liable to us under clause 8.7.1 for any:

A. loss of profit; or

B. consequential, indirect, incidental or special damage or loss of any kind.

8.7.3 Clause 8.7.2 does not apply to limit your liability:

A. for any actual or alleged claim by a third party that any Customer Data infringes the rights of that third party (including Intellectual Property Rights and privacy rights) or that the Data is incorrect, misleading, objectionable, defamatory, obscene, harassing, threatening, or unlawful in any way;

B. for personal injury, death, fraud or wilful misconduct;

C. to pay the Subscription Plans and any recovery costs that WhosOnLocation or a Referrer (as applicable) incurs in relation to unpaid Subscription Plans; or

D. for a breach of clause 15.1.

9. Help Desk

WhosOnLocation operates an online helpdesk to administer user enquiries. You can access the Helpdesk via the Site.

In the case of technical problems, You must make all reasonable efforts to investigate and diagnose problems before contacting WhosOnLocation. If You still need technical help, please check the support provided:

  1. Online helpdesk https://helpdesk.whosonlocation.com (available 24 x 7 x 365)
  2. Email: support@whosonlocation.com
  3. Worldwide: +64 4 891 0886
  4. Australia: 1300 106 541
  5. United States / Canada: 1 800 501 1761
  6. United Kingdom / EU: 0808 189 1412

10. Subscription Plan Reviews

Any adjustment to Your Subscription Plan must be issued in writing to You at least 30 days prior to the commencement of that fee adjustment. Any adjustment to Your Subscription Plan will not apply until Your next Subscription renewal.

11. Opt-in Add-ons and Subscription Fees

In the event we introduce new Add-ons (Features) that we feel require the introduction of a new fee for that respective new feature’s use; we will advise You, as per our Service Level Commitment detailed in Clause 13.2, 10 days prior to the new feature being released in the Application. You are not obligated to accept or activate any new Add-on feature or service that requires the introduction of a new fee.

11.1 WolMobile

Is a free Mobile app and an Add-on which allows users to tag and off-site from their location, receive visitor arrival notifications, and using Location Services to determine the Geolocation of a user. Depending on your device and available services, Location Services uses a combination of cellular, Wi-Fi, and GPS to determine your location. If you’re not within a clear line of sight to GPS satellites, your device can determine your location using crowd-sourced Wi-Fi and cell tower locations. WhosOnLocation takes no responsibility for the accuracy of a WolMobile user or GPS device.

11.2 WolEvac

Is an free Mobile app and Add-on that allows users to verify the safety of employees, visitors, and contractors in the event of an evacuation. A feature of WolEvac is ‘SMS Verify’ whereby the WolEvac user can activate an SMS message to be sent to employees, and Guests (recipients) requesting they respond to confirm they are safe. The cost of sending this SMS message to recipients is as per the SMS Fees detailed on our website; http://www.whosonlocation.com/pricing. Depending on the recipient’s mobile/cellular phone carrier the carrier may charge the recipient for both receiving the initial SMS from WolEvac and subsequently responding.

12. Service Availability

Whilst we intend that the Service should be available 24 hours a day, seven days a week, it is possible that on occasions the Service or Site may be unavailable to permit maintenance or other development activity to take place.

We have achieved 99.9% availability each year since the Service was first activated in 2012. For clarification 99.9% up-time equals 8 hours, 45 minutes, and 57 seconds of downtime per year. Availability in the last 12 months has been 99.99%.

(This statistic was last updated on 31 May 2019 and can be reviewed in real-time at http://status.whosonlocation.com/)

Force Majeure: We are not responsible for the Service being unavailable where the cause of the event is outside of our control. Such events include, but are not limited to, Acts of God, Terrorism, Earthquake, Flood, Internet Outage, Power Failure, or any other Force Majeure event.

If for any reason we have to interrupt the Service for longer periods than we would normally expect, we will use reasonable endeavours to publish in advance details of such activity on the Site login screen, and via updates through our social media channels.

13. Service Level Commitments

We will advise You via one, some, or all of the following channels:

  1. The login screen message board
  2. Twitter Updates (https://twitter.com/WolOps)
  3. Email to Administrators
  4. Status Page: http://status.whosonlocation.com/

13.1 Unplanned Outages

As soon as practicable of any unplanned outage that occurs We will keep you updated every 30 minutes until availability is restored. Updates will be communicated via one, some, or all of the channels above.

13.2 New Feature Releases and Updates

We will advise You no less than 5 Days in Advance of any Feature release or Update.

We release new features during non-business hours and with as little disruption to users as possible.

13.3 Delays

We will advise You 2 Days in Advance via one, some, or all of the channels listed above with revised delivery dates before the scheduled release.

13.4 Support:

If you contact our Helpdesk team on helpdesk@whosonlocation.com, we will provide:

    • Acknowledgement within 1 hour of your customer support request
    • Resolution or update within 24 hours of your request
    • On-going updates as needed

13.5 Availability | Uptime:

Our Service Level Agreement Commitment for availability | Uptime is 99.9% per month | per annum which equates to downtime of:

  • Monthly: 43m 49.7s
  • Yearly: 8h 45m 57.0s

14. Service Level Commitment Breach

14.1 Service Credits

We provide financial backing to our commitment to achieve and maintain Service Levels. If we do not achieve and maintain the Service Levels as described in this Service Level Commitment (SLC), then you may issue a claim for free extensions to your current Subscription Term by sending an email to helpdesk@whosonlocaton.com.

14.1.1 Credit for breach of Service Level Commitments 13.1 to 13.4 One free month extension to your current Subscription Term.

One free month extension to your current Subscription Term.

14.1.2 Credit for breaching Service Level Commitment 13.5; Availability | Uptime:

Monthly Uptime Percentage Subscription Plan Credit
< 99.9% 1 Month Free Subscription Added to your current Term across all Locations
< 99.5% 2 Months Free Subscription Added to your current Term across all Locations
< 98% 3 Months Free Subscription Added to your current Term across all Locations

14.2 Credit Exclusions

Downtime is the total minutes in a month during which the aspects of a Service is unavailable. Scheduled Downtime and unavailability of a Service, due to limitations such as the failure of a Customer’s hardware, or the Customer’s ISP failure, or any Force Majeure event are not eligible in the calculation.

15. Confidentiality and Privacy

15.1 Confidentiality

Unless the relevant party has the prior written consent of the other or unless required to do so by law:

15.1.1 Each party will preserve the confidentiality of all Confidential Information of the other obtained in connection with these Terms. Neither party will, without the prior written consent of the other, disclose or make any Confidential Information available to any person, or use the same for its own benefit, other than as contemplated by these Terms.

15.1.2 Each party’s obligations under this clause will survive termination of these Terms.

15.1.3 The provisions of clauses 15.1.1 and 15.1.2 shall not apply to any information which:

15.1.3.1 is or becomes public knowledge other than by a breach of this clause;

15.1.3.2 is received from a third party who lawfully acquired it and who is under no obligation restricting its disclosure;

15.1.3.3 is in the possession of the receiving party without restriction in relation to disclosure before the date of receipt from the disclosing party; or

15.1.3.4 is independently developed without access to the Confidential Information.

15.2 Privacy

WhosOnLocation maintains a Privacy Policy that sets out the parties’ obligations in respect of personal information. You should read that policy as well as our GDPR Statement (available on our Website and in the footer of the Service login screen), and if you are an Australian or New Zealand customer, our ANZ Policy Statement and You will have taken to accepted that policy when You accept these Terms.

If you are subject to the territorial scope of the Regulation (EU) 2016/679 (GDPR), as amended or replaced from time-to-time, you agree that the terms and conditions of the Data Procession Agreement attached as Schedule 1 of this Agreement are incorporated into this Agreement.

Our policy is to respect and protect the privacy of our users. This policy statement tells You how we collect information from You and how we use it. We follow five core principles of privacy protection in the operation of its Application:

  1. Notice/Awareness of WhosOnLocation’ information practices
  2. Choice/Consent to provide information
  3. Access/Participation to/in Your own data
  4. Integrity/Security of the Data Collected
  5. Enforcement/Redress through self-regulation.

15.3 Customer Data

15.3.1 You acknowledge that:

15.3.1.1 WhosOnLocation may require access to the Customer Data to exercise its rights and perform its obligations under these Terms; and

15.3.1.2 to the extent that this is necessary but subject to clause 15.1, WhosOnLocation may authorise its officers, and employees to access the Customer Data for this purpose.

15.3.2 You must arrange all consents and approvals that are necessary for WhosOnLocation to access the Customer Data as described in clause 15.3.1.

15.3.3 You acknowledge and agree that to the extent Customer Data contains personal information, in collecting, holding and processing that information through the Service, WhosOnLocation is acting as an agent of yours for the purposes of applicable privacy law. You must obtain all necessary consents from the relevant individual to enable WhosOnLocation to collect, use, hold and process that information in accordance with these Terms.

16. Disclosure of Customer Data following Government Demand

WhosOnLocation adheres to the same principles for all requests from government agencies for user data, requiring governmental entities to follow the applicable laws, rules and procedures for requesting customer data. WhosOnLocation does not provide any government with direct and unfettered access to our customers’ data, and we do not provide any government with our encryption keys or the ability to break our encryption. If a government wants customer data, it needs to follow applicable legal process – meaning, it must serve us with a warrant or court order for content or a subpoena for subscriber information or other non-content data.

We require that any requests be targeted at specific accounts and identifiers. WhosOnLocation’s compliance team reviews government demands for user data to ensure the requests are valid, rejects those that are not valid, and only provides the data specified in the legal order.

Unless the warrant or court order prohibits disclosure to You, upon receipt of any third party request for Customer Data, WhosOnLocation will promptly notify Customer. If WhosOnLocation is not required by law to disclose the Customer Data, WhosOnLocation will reject the request. If the request is valid and WhosOnLocation could be compelled to disclose the requested information, WhosOnLocation will attempt to redirect the third party to request the Customer Data from Customer.

17. Data Protection and Security

WhosOnLocation is committed to helping protect the security of Customer’s information. We have implemented and will maintain and follow appropriate technical and organizational measures intended to protect Customer Data against accidental, unauthorized or unlawful access, disclosure, alteration, loss, or destruction.

Domain

Practise

Organization of Information Security Security Ownership. WhosOnLocation has appointed one or more security officers responsible for coordinating and monitoring the security rules and procedures.

Security Roles and Responsibilities. WhosOnLocation personnel with access to Customer Data are subject to confidentiality obligations.

Asset Management Asset Inventory. WhosOnLocation maintains an inventory of all media on which Customer Data is stored. Access to the inventories of such media is restricted to WhosOnLocation personnel authorized in writing to have such access.

Asset Handling

  • WhosOnLocation imposes restrictions on printing Customer Data and has procedures for disposing of printed materials that contain Customer Data.
  • WhosOnLocation personnel are prohibited from storing Customer Data on portable devices, remotely accessing Customer Data, or processing Customer Data outside WhosOnLocation’s facilities unless authorization is received from the Customer to do so.
Human Resources Security Security Training. WhosOnLocation informs its personnel about relevant security procedures and their respective roles. WhosOnLocation also informs its personnel of possible consequences of breaching the security rules and procedures. WhosOnLocation will only use anonymous data in training.
Physical and Environmental Security Facilities Overview.

  • Dedicated hosting environment, no systems are shared with other parties
  • Replicated filesystem from live to backup systems.
  • Real-time database replication from live to standby systems.
  • Database and filesystem snapshots are taken every 10 minutes for point in time restoration; these are aged out over several weeks. Weekly snapshots kept permanently.
  • Encrypted and secure offsite backups.

Protection from Disruptions. WhosOnLocation uses a variety of industry standard systems to protect against loss of data due to power supply failure or line interference.

Communications and Operations Management Operational Policy. WhosOnLocation maintains security documents describing its security measures and the relevant procedures and responsibilities of its personnel who have access to Customer Data.

Data Recovery Procedures

  • On an ongoing basis, but in no case less frequently than once a week (unless no Customer Data has been updated during that period), WhosOnLocation maintains multiple copies of Customer Data from which Customer Data can be recovered.
  • WhosOnLocation stores copies of Customer Data and data recovery procedures in a different place from where the primary computer equipment processing the Customer Data is located.
  • WhosOnLocation has specific procedures in place governing access to copies of Customer Data.
  • WhosOnLocation reviews data recovery procedures at least every six months.
  • WhosOnLocation logs data restoration efforts, including the person responsible, the description of the restored data and where applicable, the person responsible and which data (if any) had to be input manually in the data recovery process.

Event Logging. WhosOnLocation logs access and use of information systems containing Customer Data, registering the access ID, time, authorization granted or denied, and relevant activity.

Access Control Access Policy. WhosOnLocation maintains a record of security privileges of individuals having access to Customer Data.

Access Authorization

  • WhosOnLocation maintains and updates a record of personnel authorized to access WhosOnLocation systems that contain Customer Data.
  • WhosOnLocation deactivates authentication credentials that have not been used for a period of time not to exceed six months.
  • WhosOnLocation identifies those personnel who may grant, alter or cancel authorized access to data and resources.
  • WhosOnLocation ensures that where more than one individual has access to systems containing Customer Data, the individuals have separate identifiers/log-ins.

Least Privilege

  • Technical support personnel are only permitted to have access to Customer Data when needed.
  • WhosOnLocation restricts access to Customer Data to only those individuals who require such access to perform their job function.

Integrity and Confidentiality

  • WhosOnLocation instructs WhosOnLocation personnel to disable administrative sessions when leaving premises WhosOnLocation controls or when computers are otherwise left unattended.
  • WhosOnLocation stores passwords in a way that makes them unintelligible while they are in force.

Authentication

  • WhosOnLocation uses industry standard practices to identify and authenticate users who attempt to access information systems.
  • Where authentication mechanisms are based on passwords, WhosOnLocation requires that the passwords are renewed regularly.
  • Where authentication mechanisms are based on passwords, WhosOnLocation requires the password to be at least eight characters long.
  • WhosOnLocation monitors repeated attempts to gain access to the information system using an invalid password.
  • WhosOnLocation uses industry standard password protection practices, including practices designed to maintain the confidentiality and integrity of passwords when they are assigned and distributed, and during storage.

Network Design. WhosOnLocation has controls to avoid individuals assuming access rights they have not been assigned to gain access to Customer Data they are not authorized to access.

Information Security Incident Management Incident Response Process

  • WhosOnLocation maintains a record of security breaches with a description of the breach, the time period, the consequences of the breach, the name of the reporter, and to whom the breach was reported, and the procedure for recovering data.
  • For each security breach that is a Security Incident, notification by WhosOnLocation is described in the “Security Incident Notification” section below.
Business Continuity Management
  • WhosOnLocation maintains emergency and contingency plans for the facilities in which WhosOnLocation information systems that process Customer Data are located.
  • WhosOnLocation’s redundant storage and its procedures for recovering data are designed to attempt to reconstruct Customer Data in its original or last-replicated state from before the time it was lost or destroyed.
Third-Party Penetration Testing Security Assessments

WhosOnLocation tests all code for security vulnerabilities before release, and regularly scans our network and systems for vulnerabilities. Third-party assessments are also conducted regularly against OWASP and other global standards. Testing includes:

  • Application vulnerability threat assessments
  • Network vulnerability threat assessments
  • Selected penetration testing and code review
  • Security control framework review and testing

18. Security Incident Notification

If WhosOnLocation becomes aware of any unlawful access to any Customer Data stored on WhosOnLocation’s equipment or in WhosOnLocation’s facilities, or unauthorized access to such equipment or facilities resulting in loss, disclosure, or alteration of Customer Data (each a “Security Incident”), WhosOnLocation will promptly:

  1. Notify Customer of the Security Incident;
  2. Investigate the Security Incident and provide Customer with detailed information about the Security Incident; and
  3. Take reasonable steps to mitigate the effects and to minimize any damage resulting from the Security Incident.

Notification(s) of Security Incidents will be delivered to one or more of Customer’s administrators by any means WhosOnLocation selects, including via email. It is Customer’s sole responsibility to ensure Customer’s administrators maintain accurate contact information on their WhosOnLocation account profile. WhosOnLocation’s obligation to report or respond to a Security Incident under this section is not an acknowledgement by WhosOnLocation of any fault or liability with respect to the Security Incident.

Customer must notify WhosOnLocation promptly about any possible misuse of its accounts or authentication credentials or any security incident related to WhosOnLocation.

19. Intellectual Property

19.1 General

This Subscription is not a sale. Title to, and all Intellectual Property Rights in the Services, the Site and any documentation relating to the Services remain the property of WhosOnLocation (or its licensors).

19.2 Ownership of Data

Title to, and all Intellectual Property Rights in, the Data remain Your property. However, Your access to the Data is contingent on full payment of the WhosOnLocation Subscription Plan when due. You grant WhosOnLocation a licence to use, copy, transmit, store, and back-up Your information and Data for the purposes of enabling You to access and use the Services and for any other purpose related to provision of services to You. In the event of Termination of your account you can, as per Clause 22.7, download a copy of Your Data.

19.3 Backup of Data

WhosOnLocation adheres to its best practice policies and procedures to prevent data loss, including a daily system data back-up regime, but does not make any guarantees that there will be no loss of Data.

19.4 Third-party applications and Your Data.

If You enable third-party applications for use in conjunction with the Services, You acknowledge that WhosOnLocation may allow the providers of those third-party applications to access Your Data as required for the interoperation of such third-party applications with the Services. WhosOnLocation shall not be responsible for any disclosure, modification or deletion of Your Data resulting from any such access by third-party application providers.

20. Warranties and Acknowledgements

20.1 Authority

You warrant that where You have registered to use the Service on behalf of another person, You have the authority to agree to these Terms on behalf of that person and agree that by registering to use the Service You bind the person on whose behalf You act to the performance of any and all obligations that You become subject to by virtue of these Terms, without limiting Your own personal obligations under these Terms.

20.2 Acknowledgement: You acknowledge that

20.2.1 You are authorized to use the Services and the Site and to access the information and Data that You input into the Site, including any information or Data input into the Site by any person You have authorized to use the Service. You are also authorized to access the processed information and Data that is made available to You through Your use of the Site and the Services (whether that information and Data is Your own or that of anyone else).

20.2.2 WhosOnLocation has no responsibility to any person other than You and nothing in this Agreement confers, or purports to confer, a benefit on any person other than You. If You use the Services or access the Site on behalf of or for the benefit of anyone other than Yourself (whether a body corporate or otherwise) You agree that:

20.2.2.1 You are responsible for ensuring that You have the right to do so;

20.2.2.2 You are responsible for authorizing any person who is given access to information or Data, and You agree that WhosOnLocation has no obligation to provide any person access to such information or Data without Your authorization and may refer any requests for information to You to address; and

20.2.2.3 You will indemnify WhosOnLocation against any claims or loss relating to WhosOnLocation’s refusal to provide any person access to Your information or Data in accordance with these Terms:

– WhosOnLocation’s making available information or Data to any person with Your authorization.

20.2.3 The provision of, access to, and use of, the Services are on an “as is” basis and at Your own risk.

20.2.4 WhosOnLocation does not warrant that the use of the Service will be uninterrupted or error free. Among other things, the operation and availability of the systems used for accessing the Service, including public telephone services, computer networks and the Internet, can be unpredictable and may from time to time interfere with or prevent access to the Services. WhosOnLocation is not in any way responsible for any such interference or prevention of Your access or use of the Services.

20.2.5 It is Your sole responsibility to determine that the Services meet the needs of Your business and are suitable for the purposes for which they are used.

20.3 No warranties

WhosOnLocation gives no warranty about the Services. Without limiting the foregoing, WhosOnLocation does not warrant that the Services will meet Your requirements or that it will be suitable for any particular purpose. To avoid doubt, all implied conditions or warranties are excluded in so far as is permitted by law, including (without limitation) warranties of merchantability, fitness for purpose, title and non-infringement.

20.4 Consumer guarantees

You warrant and represent that You are acquiring the right to access and use the Services for the purposes of a business and that, to the maximum extent permitted by law, any statutory consumer guarantees or legislation intended to protect non-business consumers in any jurisdiction does not apply to the supply of the Services, the Site or these Terms.

21. Limitation of Liability

21.1 To the maximum extent permitted by law, we exclude all liability and responsibility to You (or any other person) in contract, tort (including negligence), or otherwise, for any consequential loss or damage (including loss of profits and savings) resulting, directly or indirectly, from any use of, or reliance on, the Service or Site.
21.2 Subject to clauses 21.3 below, if You suffer loss or damage as a result of our negligence or failure to comply with these Terms, any claim by You against us arising from our negligence or failure will be limited in respect of any one incident, or series of connected incidents, to the Subscription Fees paid by You in the previous 12 months. If You are not satisfied with the Service, Your sole and exclusive remedy is to terminate these Terms in accordance with Clause 22.
21.3 This clause 21 does not apply to limit our liability for personal injury, death, fraud or wilful misconduct.

22. Termination

22.1 Non-Good Faith Rights to Terminate

If for any reason we suspect You have no intention of becoming a subscribed user or, after becoming a subscribed user have reason to suspect you are a competitor with no Good Faith intention of using the Services for its intended Purpose, we reserve the right to terminate Your Account without prejudice immediately.

22.2 Prepaid Subscription Plans

WhosOnLocation will not provide any refund for any remaining prepaid Subscription Fees for a pre-paid Subscription Plan.

22.3 No-Fault Termination:

Either Party may elect to terminate Your Account and subscription to a Service as of the end of Your then current Subscription Term by providing notice, in accordance with this Agreement, on or prior to the date thirty (30) days preceding the end of such Subscription Term. Unless Your Account and subscription to a Service is so terminated, Your subscription to a Service will renew for a Subscription Term equivalent in length to the then expiring Subscription Term.

Unless agreed otherwise in writing, the Subscription Fees applicable to Your Subscription Plan for any such subsequent Subscription Term shall be Our standard Subscription Charges for the Subscription Plan to which You have subscribed or which You have deployed, as applicable, as of the time such subsequent Subscription Term commences.

22.4 Accrued Rights:

Termination of these Terms is without prejudice to any rights and obligations of the parties accrued up to and including the date of termination. On termination of this Agreement You will:

  • remain liable for any accrued Subscription Fees and other charges or amounts which become due for payment before or after termination; and
  • Immediately cease to use the Services and the Site.

22.5 Expiry or termination:

Clauses 8.1, 8.7, 15, 19, 20, 21, and 22 survive the expiry or termination of these Terms.

22.6 Breach by You:

If You:

  1. breach any of these Terms (including, without limitation, by non-payment of any Subscription Fees) and do not remedy the breach within 14 days after receiving notice of the breach if the breach is capable of being remedied;
  2. breach any of these Terms and the breach is not capable of being remedied or any payment of Subscription Fees that are more than 30 days overdue); or
  3. You or Your business become insolvent or Your business goes into liquidation or has a receiver or manager appointed of any of its assets or if You become insolvent, or make any arrangement with Your creditors, or become subject to any similar insolvency event in any jurisdiction,

WhosOnLocation may take any or all of the following actions, at its sole discretion:

  1. Terminate this Agreement and Your use of the Services and the Site;
  2. Suspend for any definite or indefinite period of time, Your use of the Services and the Site;
  3. Suspend or terminate access to all or any Data.
  4. Take either of the actions in sub-clauses (1), (2) and (3) of this clause 22.6 in respect of any or all other persons whom You have authorised to have access to Your information or Data.
  5. For the avoidance of doubt, if payment of any invoice for Subscription Fees due in relation to any of Your Billing Contacts, Subscriptions or any of Your Locations (as defined in clause 8) is not made in full by the relevant due date, WhosOnLocation may: suspend or terminate Your use of the Service, the authority for all or any of Your Locations to use the Service, or Your rights of access to all or any Data.

22.7 Data Removal on Termination:

We will retain Customer Data stored in your Account for 30 days after expiration or termination of Your Subscription Plan. After the 30-day retention period ends, We will disable Customer’s account and delete all Customer Data except that information that we must retain for our own company records that shows You were a Customer and we are obligated to retain by Law. If Your Subscription Fees are fully paid at the time of termination You will be able to download a copy of Your Data prior to deletion.

23. General

23.1 Entire agreement:

These Terms, together with the WhosOnLocation Privacy Policy and the Terms of any other notices or instructions given to You under these Terms of Use, supersede and extinguish all prior agreements, representations (whether oral or written), and understandings and constitute the entire agreement between You and WhosOnLocation relating to the Services and the other matters dealt with in these Terms.

23.2 Waiver:

If either party waives any breach of these Terms, this will not constitute a waiver of any other breach. No waiver will be effective unless made in writing.

23.3 Delays:

Neither party will be liable for any delay or failure in performance of its obligations under these Terms if the delay or failure is due to any cause outside its reasonable control. This clause does not apply to any obligation to pay money.

23.4 No Assignment:

Neither party may assign any of its rights or obligations hereunder, whether by operation of law or otherwise, without the other party’s prior written consent (not to be unreasonably withheld); provided, however, either party may assign this Agreement in its entirety, without the other party’s consent to its Affiliate or in connection with a merger, acquisition, corporate reorganization, or sale of all or substantially all of its assets. Notwithstanding the foregoing, if a party is acquired by, sells substantially all of its assets to, or undergoes a change of control in favor of, a direct competitor of the other party, then such other party may terminate this Agreement upon written notice. In the event of such a termination, We will refund to You any prepaid Subscription Fees allocable to the remainder of Your Subscription Term for the period after the effective date of such termination.

23.5 Governing law and jurisdiction:

23.5.1 If the information or Data You are accessing using the Services and the Site is solely that of a person who is a tax resident in New Zealand at the time that You accept these Terms then New Zealand law governs this Agreement and You submit to the exclusive jurisdiction of the courts of New Zealand for all disputes arising out of or in connection with this Agreement.

23.5.2 If the information or Data You are accessing using the Services and the Site is solely that of a person who is a tax resident in Australia at the time that You accept these Terms then Australian law governs this Agreement and You submit to the exclusive jurisdiction of the courts of Australia for all disputes arising out of or in connection with this Agreement.

23.5.3 If the information or Data You are accessing using the Services and the Site is solely that of a person who is a tax resident in the United States of America at the time that You accept these Terms then the State of California law govern this Agreement and You submit to the exclusive jurisdiction of the state courts of San Francisco County, California or federal court for the Northern District of California for all disputes arising out of or in connection with this Agreement.

23.5.4 In all other situations this Agreement is governed by the laws of New Zealand and You hereby submit to the exclusive jurisdiction of the courts of New Zealand for all disputes arising out of or in connection with this Agreement.

23.5.5 Notwithstanding the above, you agree that WhosOnLocation shall still be allowed to apply for injunctive remedies (or an equivalent type of urgent legal relief) in any jurisdiction.

23.5.6 Arbitration Option

23.5.6.1 For any claim (excluding claims for injunctive or other equitable relief) where the total amount of the award sought is less than $10,000, the party requesting relief may elect to resolve the dispute in a cost effective manner through binding non-appearance-based arbitration. In the event a party elects arbitration, they shall initiate such arbitration through an established alternative dispute resolution (“ADR”) provider mutually agreed upon by the parties.

23.5.6.2 The ADR provider and the parties must comply with the following rules: (a) the arbitration shall be conducted by telephone, online and/or be solely based on written submissions, the specific manner shall be chosen by the party initiating the arbitration; (b) the arbitration shall not involve any personal appearance by the parties or witnesses unless otherwise mutually agreed by the parties; and (c) any judgment on the award rendered by the arbitrator shall be final and may be entered in any court of competent jurisdiction.

23.6 Federal Government End Use Provisions

23.6.1 If You are a U.S. federal government department or agency or contracting on behalf of such department or agency, each of the Services is a “Commercial Item” as that term is defined at 48 C.F.R. 2.101, consisting of “Commercial Computer Software” and “Commercial Computer Software Documentation”, as those terms are used in 48 C.F.R. 12.212 or 48 C.F.R. 227.7202. Consistent with 48 C.F.R. 12.212 or 48 C.F.R. 227.7202-1 through 227.7202-4, as applicable, the Services are licensed to You with only those rights as provided under the terms and conditions of this Agreement.

23.7 Anti-Corruption

23.7.1 You agree that You have not received or been offered any illegal or improper bribe, kickback, payment, gift, or thing of value from any of Our employees or agents in connection with this Agreement. Reasonable gifts and entertainment provided in the ordinary course of business do not violate the above restriction. If You learn of any violation of the above restriction, You will use reasonable efforts to promptly notify Our Legal Department at trust@whosonlocation.com.

23.8 Severability:

If any part or provision of these Terms is invalid, unenforceable or in conflict with the law, that part or provision is replaced with a provision which, as far as possible, accomplishes the original purpose of that part or provision. The remainder of this Agreement will be binding on the parties.

23.9 Notices:

Any notice given under these Terms by either party to the other must be in writing by email and will be deemed to have been given on transmission. Notices to WhosOnLocation must be sent to helpdesk@whosonlocation.com or to any other email address notified by email to You by WhosOnLocation. Notices to You will be sent to the email address which You provided when setting up Your access to the Service.

23.10 Rights of Third Parties:

A person who is not a party to these Terms has no right to benefit under or to enforce any term of these Terms.

Contact for Questions about these Terms of Use:

If you have any questions about the Terms of Use, the practices of this Website Service, or your dealings with us, you may contact us by sending an email to:

Email at support@whosonlocation.com or by writing to:

Attn: Terms of Use Issues
WhosOnLocation Customer Services

WhosOnLocation Ltd
P.O. Box 27023
Te Aro, Wellington, New Zealand 6011

Last Updated on: 1 June 2019

Master Subscription Agreement.pdf

 

Schedule 1 – Data Processing Agreement

This Schedule applies to Customer Personal Data that we process in the course of providing You the services under the Agreement.

The scope and duration, as well as the extent and nature of the collection, processing and use of Customer Personal Data under this Schedule shall be as defined in the Agreement and otherwise in our Privacy Policy.

1. Definitions

1.1. Definitions

Unless the context otherwise requires or as otherwise set out in the Agreement:

Customer Personal Data means any Personal Data provided by You and/or processed by us under Your instructions.

Personal Data means any information relating to an identifiable data subject.

Personal Data Breach means a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to Personal Data transmitted, stored or otherwise processed.

Privacy Laws means any applicable laws and/or regulations (including the GDPR) that relate to the security and protection of Personal Data.

Regulatory Bodies means those government departments and regulatory, statutory and other bodies, entities and committees which, whether under statute, rule, regulation, code of practice or otherwise, are entitled to regulate, investigate or influence the matters relating to the security of data, Personal Data and privacy protection.

Third Country means a country or territory which is not a Member State of the European Union or EEA.

1.2. Interpretation:

1.2.1. References to “identifiable”, “data processor”, “data controller”, “data subject”, “process” and “processing” shall have the same meanings ascribed to them by GDPR.

1.2.2. Clause headings are inserted for ease of reference only and do not affect the construction of this Schedule.

2. Data Controller and Processor

2.1. Roles

You acknowledge that, in the context of the Agreement and this Schedule, and for the purposes of the Privacy Laws, You are the data controller and we are the data processor.  We undertake to duly fulfil the obligations set out in this Schedule.

2.2. Your Obligations

2.2.1. You are responsible for data controller obligations under the applicable Privacy Laws, including providing any required notices and obtaining any required consents, and for the processing instructions you give us.

2.2.2. You warrant that no contractual confidentiality obligations prohibit the processing of Customer Personal Data as described in this Schedule and in the Agreement.

2.2.3. You warrant that the production, collection, processing of Customer Personal Data has been and will continue to be carried out in accordance with the applicable Privacy Laws.

3. Terms and Conditions

We shall ensure that all Customer Personal Data is processed:

3.1.1. on your behalf in accordance with the Agreement, this Schedule and Your written instructions from time to time;

3.1.2. in compliance with the applicable Privacy Laws.

We shall immediately notify You is any instruction provided by you is in breach of any applicable Privacy Laws.

3.2 Principle of Processing

Personal Data shall be processed under the general principles of lawfulness, fairness, transparency, purpose limitation, data minimization, accuracy, storage limitation, integrity and confidentiality, and accountability.

3.3 Cooperation Obiligations:

We shall provide you with all information necessary to demonstrate compliance with applicable Privacy Laws and assist and support you:

3.3.1. in the event of an investigation or other control measures or any other measure by any Regulatory Body, to the extent that such investigation relates to Customer Personal Data;

3.3.2. in the event of the exercise of liability claims by data subjects or a third party related to the processing in scope of this Schedule;

3.3.3. in complying with the rights of data subjects, including the right to obtain a transparent information and communication, the right to access, rectify, and erase their Personal Data, restrict, or object to, the processing of their Personal Data, exercise their right to data portability;

3.3.4. in notifying and obtaining approvals from Regulatory Body where required;

3.3.5. in performing data protection impact assessments;

3.3.6. in consulting with Regulatory Bodies.

3.4 Data Breach:

If we become aware of a Personal Data Breach, we will notify you and take appropriate steps as set out in the Security Incident Notification section of the Agreement.  In addition, to the extent that such information is available, we shall summarize in reasonable detail the impact of such Personal Data Breach, including describing:

3.4.1. the nature of the Personal Data Breach;

3.4.2. the categories and numbers of data subjects concerned;

3.4.3. the categories and numbers of Personal Data records concerned;

3.4.4. the estimated risk and the likely consequences of the Personal Data Breach; and

3.4.5. the measures taken or proposed to be taken to address the Personal Data Breach.

3.5. Data Subject Rights:

We will promptly inform You of our receipt of any inquiry or request from a data subject with respect to Customer Personal Data processed by us.  Except were we are obliged to under any applicable laws, we shall not respond to any such request unless You expressly authorize us.

3.6. Data Protection and Security (Technical and Organizational):

Within our Agreement and Privacy Policy, we will maintain an up-to-date list of technical and organizational measures to protect Customer Personal Data from unauthorized processing that will meet the requirements of the applicable Privacy Laws.

3.7. Cross-Border Transfers:

Any transfer of Customer Personal Data to a Third Country will be performed as required by applicable Privacy Laws and with adequate security measures.  Our server regions are noted on our website.  In particular, transfers can be performed if we:

3.7.1. have given You notice (including by updating the list of data locations on our website or by dashboard notification) containing the details of the new locations; and

3.7.2. You do not express your disagreement within thirty (30) days from the receipt of the notice.

In the case of disagreement, we shall collaborate to find a reasonable solution.

3.8. Subcontractors:

You gives us general written consent for us to authorize subcontractors to process Customer Personal Data subject to the following conditions:

3.8.1. we must maintain an up-to-date list of the names and locations of all subcontractors, and shall make this list reasonably available to You;

3.8.2. we will provide You with prior notice of the engagement of any new subcontractors (including via a dashboard notification);

3.8.3. You have thirty (30) days from receiving such notice to object to any changes to subcontractors (acting reasonably); and

3.8.4. the contract entered into between us and a subcontractor is on terms which are substantially the same as those set out in this Schedule.

3.9. Return/Destruction of Customer Personal Data:

At the earlier of:

3.9.1. termination or expiration of the Agreement; or

3.9.2. when requested to do so by You,

we shall hand over to You and/or erase or destroy Customer Personal Data as required by You.

3.10. Verification:

We will make available to You all information necessary to demonstrate compliance with the obligations under this Schedule and applicable Privacy Laws, and allow for and contribute to inspections and audits conducted in a reasonable manner by You or your representatives.

3.11. Communication:

Any notice, objection or other communication to be given to us under this Schedule shall be in served on our Data Protection Officer, as set out in our Privacy Policy from time-to-time.

3.12. Term:

This Schedule takes effect from the time that You first access our services, and remains effective during the term of the Agreement.

4. Agreement

4.1. Agreement:

This Schedule is supplemental to the Agreement, and other than as stated by this Schedule, the Agreement remains in full force and effect.

4.2. Priority:

In the event of any conflict between the terms of the Agreement and this Schedule, the terms in this Schedule shall prevail (to the extent of any such inconsistency).

© WhosOnLocation 2019