1. Data privacy and data security are fundamental to a successful user experience on the Eskalera platform. Your employer cannot discover or track anything you do or share on our Services. We will only provide data that can be linked to you to your employer with your permission or pursuant to a warrant signed by a judge.
2. You are in an independent relationship with Eskalera, although Eskalera’s contract with your employer governs your use of those aspects of our services.
3. You are responsible for populating your Eskalera account and your profile with accurate information so we can make your time with us productive and helpful.
4. Eskalera is not a reporting tool for complaints about the workplace or allegations of misconduct. Any such information should be reported through appropriate channels with your employer or, if applicable, to law enforcement.
5. We use artificial intelligence and machine learning to make our software cooler, smarter, and stronger – but all of it subject to the privacy and trust constraints described above.
You can send any questions to firstname.lastname@example.org.
1.Welcome to Eskalera!
Eskalera provides prescriptive insights for employers to engage and grow their workforces by integrating employees’ quantitative data with real-time sentiment.
This agreement is between you, in your individual capacity, and Eskalera, even if you use Services at the request or invitation of your employer.
These User Terms may change over time. If we make changes to it, we will post the modified User Terms on our website at https://eskalera.com/terms-of-use/. We encourage you to visit this page periodically to learn of any updates.
2.Our Relationship with Employers.
Data privacy and data security are fundamental to a successful user experience on the Eskalera platform. We consider the personal information that you input into the Services to be your data, and Eskalera’s system is designed to securely store and protect your data.
Specifically, Eskalera’s “Core Tenants” are:
• Your interactions and responses while engaging with Eskalera are accessible only by you and are not available to or viewable by your employer.
• To ensure privacy, we only provide fully deidentified data to your employer, meaning that your employer cannot discover or track anything you do or share on our Services.
• We will only provide data that can be linked to you to your employer with your permission or pursuant to a warrant signed by a judge.
3.Eskalera is independent from your employer. Eskalera is not a reporting tool.
As a reminder, Eskalera is not your employer, but a separate entity. Eskalera is designed so you can input personal information while using the Services while knowing that your employer will not have access to such data without your permission or as stipulated in these User Terms.
Eskalera is not a reporting tool for complaints about the workplace or allegations of misconduct. Any such information should be reported through appropriate channels with your employer or, if applicable, to law enforcement.
By agreeing to these User Terms, you expressly acknowledge that Eskalera is not a reporting tool and that (i) Eskalera is not responsible for acting on or reporting any information you submit through the Services to an Employer, law enforcement, or any third party; and (ii) the Employer is not responsible for knowing, discovering, or acting on any information you submit through the Services.
If you would like to speak to an external, non-employer related resource regarding any issue in the work place, Empower Work is a free resource available to anyone facing a difficult work situation. You can find more information here. We are not affiliated with Empower Work, so we provide this information only as a convenience and are not responsible for its services.
If an Employer grants you access to the Services, the Employer will send you an email with information about how to access the Services and how to create an account on the Services. We may pre-populate your account with information the Employer has provided us. We encourage you to review this information for accuracy and completeness. Some of this information may be locked by the Employer and you may not be able to edit it using Eskalera. If any inaccuracies are found, please update the information or contact the Employer accordingly.
You may also have the ability to use the Services independent of an Employer or create a profile on the Services, in which case you may have the option to provide information, such as a picture or professional skills, or to upload documents, such as your resume or transcript.
You agree that any information you provide through account registration or in creating your profile is accurate, current, and complete, and you agree to update your information as necessary to maintain its truth and accuracy. You agree not to misrepresent any information about yourself in creating or using your account or profile. You also agree not to store any confidential information of your employer or any other third party in your profile. Also, please note you are prohibited from creating an account for anyone other than yourself.
You must be at least 16 years old to use the Services. If you are not 16 years of age, you may not access or use the Services. You represent and warrant that you are an individual of legal age to form a binding contract (or if not, you’ve received your parent’s or guardian’s permission to use the Services and gotten your parent or guardian to agree to these User Terms on your behalf).
Your Eskalera profile is your professional profile. As a rule of thumb, keep your content and communications on Eskalera professional.
You are responsible for all content you upload to Eskalera. You are not allowed to post any violent, nude, discriminatory, hateful, or sexually suggestive photos or other similar content via the Services. You agree not use the Services to stalk, defame, bully, harass, abuse, threaten, intimidate, or impersonate other people or entities; or for any illegal or unauthorized purpose, including spam, copyright infringement, identity theft, or fraud. You agree you will not attempt to restrict another user from using or enjoying the Services and you must not encourage or facilitate violations of these User Terms or any other Eskalera terms.
The Content You Submit
The materials displayed, performed or available on or through the Services, including, but not limited to, text, graphics, data, articles, photos, images, illustrations, and so forth are referred to in these User Terms as “Content”.
As described above in the section “Our Relationship with Employers”, if you are granted access to the Services by an Employer or if you use an Employer’s instance of the Services, then you acknowledge and agree that the Content you submit in the Employer’s instance of the Services constitutes Employer Data. Nonetheless, our Core Tenants described above remain in effect.
Otherwise, the Content you submit to the Services belongs to you (“Your Content”). This includes Content that you choose to add to your profile. Eskalera does not claim ownership of any Content that you post on or through the Services. By making Your Content available on or through the Services, you grant to Eskalera a non-exclusive, transferable, sublicensable, worldwide, royalty-free license to use, copy, modify, publicly display, publicly perform and distribute Your Content only in connection with operating and providing the Services.
You are responsible for Your Content. You represent and warrant that you own Your Content or that you have all rights necessary to grant us a license to use Your Content as described in these User Terms. You also represent and warrant that Your Content and the use and provision of Your Content on the Services will not: (a) infringe, misappropriate or violate a third party’s patent, copyright, trademark, trade secret, moral rights or other intellectual property rights, or rights of publicity or privacy; (b) violate, or encourage any conduct that would violate, any applicable law or regulation or would give rise to civil liability; (c) be fraudulent, false, misleading or deceptive; (d) be defamatory, obscene, pornographic, vulgar or offensive; (e) promote discrimination, bigotry, racism, hatred, harassment or harm against any individual or group; (f) be violent or threatening or promote violence or actions that are threatening to any person or entity; or (g) promote illegal or harmful activities or substances.
You also grant to Eskalera a worldwide, perpetual, irrevocable, royalty-free license to use and incorporate into its services any suggestion, enhancement request, recommendation, correction or other feedback provided by you relating to the operation of Eskalera’s services.
We may use artificial intelligence or machine learning algorithms to analyze you or your personal information (including the Content you submit to the Services). This allows us, for example, to provide you with insights to help you grow professionally, such as by providing you with suggestions of skills to pursue to round out your skill set. This also allows us to provide employers with aggregate insights about their workforces. By agreeing to these User Terms, you consent to Eskalera’s use of artificial intelligence analysis and machine learning algorithms on you and your personal information (including the Content you submit to the Services).
You agree that Eskalera may collect aggregated or other deidentified data related to or as a result of use of the Services. Eskalera retains all right, title and interest in and to such data and any and all system performance data and machine learning (including machine learning algorithms and the results and output of such machine learning).
Our Intellectual Property Belongs to Us
Eskalera’s Content is protected by copyright, trademark, patent, trade secret and other laws, and, as between you and Eskalera, we own and retain all rights to the Eskalera Content and the Services, and any future developments, derivatives and enhancements of our Content and Services. You will not remove, alter or conceal any copyright, trademark, service mark or other proprietary rights notices incorporated in or accompanying Eskalera’s Content and you will not reproduce, modify, adapt, prepare derivative works based on, perform, display, publish, distribute, transmit, broadcast, sell, license or otherwise exploit our Content.
The Eskalera name and logo are our trademarks, and may not be copied, imitated or used, in whole or in part, without our prior written permission. In addition, all page headers, custom graphics, button icons and scripts are service marks, trademarks and/or trade dress of Eskalera, and may not be copied, imitated or used, in whole or in part, without prior written our permission.
The Services may allow you to copy or download certain Content; please remember that just because this functionality exists, doesn’t mean that all the restrictions above don’t apply – they do!
We reserve the right to suspend or terminate your account(s) for violation of these User Terms or any other policies associated with the Services.
Account and Website Security and Integrity
While we take steps to protect your data from unauthorized access, security is a team effort. You are responsible for keeping your password secret and secure, and we encourage you to update your password regularly.
By using the Services, you agree not to change or modify the Services to falsely imply that it is associated with another website. Creating accounts through unauthorized means, including scripts, bots, or automated crawlers is prohibited, as is collecting content through crawling, scraping, or caching without our express consent. You may not use the Services in a manner that decompiles, reverse engineers, or otherwise attempts to obtain the source code or underlying ideas or information of or relating to the Services.
You must not attempt to restrict another user from using or enjoying the Services and you must not encourage or facilitate violations of these User Terms or any other Eskalera terms.
You are solely responsible for your interaction with other users of the Services, whether online or offline. You agree that we are not responsible or liable for your conduct. We reserve the right, but have no obligation, to monitor or become involved in disputes between you and other users. Exercise common sense and your best judgment when interacting with others, including when you submit or post Content or any personal or other information.
Third Party Links
Our Services may contain links to third-party websites, apps, services and resources (collectively “Third-Party Services”) that are not under Eskalera’s control. We provide these links only as a convenience and are not responsible for the content, products or services that are available from Third-Party Services. You acknowledge sole responsibility and assume all risk arising from your use of any Third-Party Services.
Violation and Enforcement of These User Terms
We reserve the right to refuse access to the Services to anyone for any reason at any time. We reserve the right to force forfeiture of any username or account for any reason. We may, but have no obligation to, remove, edit, block, and/or monitor Content or accounts containing Content that we determine in our sole discretion violates these User Terms.
7.Reporting Copyright and Other IP Violations
We respect other people’s rights and expect you to do the same. If you repeatedly infringe other people’s intellectual property rights, we will disable your account when appropriate.
8.Disclaimer of Warranties
The Services, including, without limitation, Eskalera Content, are provided on an “as is”, “as available” and “with all faults” basis. To the fullest extent permissible by law, neither Eskalera nor any of its employees, DIRECTORS, STOCKHOLDERS, CUSTOMERS, partners, managers, officers or agents (collectively, the “Eskalera Parties”) make any representations or warranties or endorsements of any kind whatsoever, express or implied, as to: (a) the Services; (b) the Eskalera Content; (c) user Content; or (d) security associated with the transmission of information to Eskalera or via the service. In addition, the Eskalera Parties hereby disclaim all warranties, express or implied, including, but not limited to, the warranties of merchantability, fitness for a particular purpose, non-infringement, title, custom, trade, quiet enjoyment, system integration and freedom from computer virus.
The Eskalera Parties do not represent or warrant that the Services will be error-free or uninterrupted; that defects will be corrected; or that the Services or the server that makes the Services available is free from any harmful components, including, without limitation, viruses. The Eskalera Parties do not make any representations or warranties that the information (including any instructions) on the Services is accurate, complete, or useful. You acknowledge that your use of the Services is at your sole risk. The Eskalera Parties do not warrant that your use of the Services is lawful in any particular jurisdiction, and the Eskalera Parties specifically disclaim such warranties. Some jurisdictions limit or do not allow the disclaimer of implied or other warranties so the above disclaimer may not apply to you to the extent such jurisdiction’s law is applicable to you and these User Terms.
By accessing or using the Services you represent and warrant that your activities are lawful in every jurisdiction where you access or use the Services.
The Eskalera Parties do not endorse content and specifically disclaim any responsibility or liability to any person or entity for any loss, damage (whether actual, consequential, punitive or otherwise), injury, claim, liability or other cause of any kind or character based upon or resulting from any content.
Users hereby give any consents required by law for the services to operate as set forth in these User Terms.
9.Limitation of Liability; Waiver
Under no circumstances will the Eskalera parties be liable to you for any loss or damages of any kind (including, without limitation, for any direct, indirect, economic, exemplary, special, punitive, incidental or consequential losses or damages) that are directly or indirectly related to: (a) the Services; (b) the Eskalera Content; (c) OTHER Content; (d) your use of, inability to use, or the performance of the Services; (e) any action taken in connection with an investigation by the Eskalera parties or law enforcement authorities regarding your or any other party’s use of the service; (f) any action taken in connection with copyright or other intellectual property owners; (g) any errors or omissions in the service’s operation; or (h) any damage to any user’s computer, mobile device, or other equipment or technology including, without limitation, damage from any security breach or from any virus, bugs, tampering, fraud, error, omission, interruption, defect, delay in operation or transmission, computer line or network failure or any other technical or other malfunction, including, without limitation, damages for lost profits, loss of goodwill, loss of data, work stoppage, accuracy of results, or computer failure or malfunction, even if foreseeable or even if the Eskalera parties have been advised of or should have known of the possibility of such damages, whether in an action of contract, negligence, strict liability or tort (including, without limitation, whether caused in whole or in part by negligence, acts of god, telecommunications failure, or theft or destruction of the service). In no event will the Eskalera Parties be liable to you or anyone else for loss, damage or injury, including, without limitation, death or personal injury. Some states do not allow the exclusion or limitation of incidental or consequential damages, so the above limitation or exclusion may not apply to you. In no event will the Eskalera Parties total liability to you for all damages, losses or causes of action exceed one hundred United States dollars ($100.00).
You agree that in the event you incur any damages, losses or injuries that arise out of Eskalera’s acts or omissions, the damages, if any, caused to you are not irreparable or sufficient to entitle you to an injunction preventing any exploitation of any web site, service, property, product or other content owned or controlled by the Eskalera Parties, and you will have no rights to enjoin or restrain the development, production, distribution, advertising, exhibition or exploitation of any web site, property, product, service, or other content owned or controlled by the Eskalera Parties.
By accessing or using the Services, you understand that you may be waiving rights with respect to claims that are at this time unknown or unsuspected, and in accordance with such waiver, you acknowledge that you have read and understand, and hereby expressly waive, the benefits of section 1542 of the civil code of California, and any similar law of any state or territory, which provides as follows: “A general release does not extend to claims that the creditor or releasing party does not know or suspect to exist in his or her favor at the time of executing the release and that, if known by him or her, would have materially affected his or her settlement with the debtor or released party.”
Eskalera is not responsible for the actions, content, information, or data of third parties, and you release us, our directors, officers, employees, and agents from any claims and damages, known and unknown, arising out of or in any way connected with any claim you have against any such third parties.
Unless prohibited by law, you agree to defend (at Eskalera’s request), indemnify and hold the Eskalera Parties harmless from and against any claims, liabilities, damages, losses, and expenses, including without limitation, reasonable attorney’s fees and costs, arising out of or in any way connected with any of the following (including as a result of your direct activities on the Services or those conducted on your behalf): (i) Your Content or your access to or use of the Services; (ii) your breach or alleged breach of these User Terms; (iii) your violation of any third-party right, including without limitation, any intellectual property right, publicity, confidentiality, property or privacy right; (iv) your violation of any laws, rules, regulations, codes, statutes, ordinances or orders of any governmental and quasi-governmental authorities, including, without limitation, all regulatory, administrative and legislative authorities; or (v) any misrepresentation made by you. You will cooperate as fully required by Eskalera in the defense of any claim. Eskalera reserves the right to assume the exclusive defense and control of any matter subject to indemnification by you, and you will not in any event settle any claim without the prior written consent of Eskalera.
You agree that any dispute between you and Eskalera arising out of or relating to these User Terms, the Services, or any other Eskalera products or services (collectively, “Disputes”) will be governed by the arbitration procedure outlined below.
Governing Law: These User Terms and the resolution of any Disputes shall be governed by and construed in accordance with the laws of the State of California without regard to its conflict of laws principles.
Informal Dispute Resolution: We want to address your concerns without needing a formal legal case. Before filing a claim against Eskalera, you agree to try to resolve the Dispute informally by contacting us at email@example.com. We’ll try to resolve the Dispute informally by contacting you through email. If a dispute is not resolved within 15 days after submission, you or Eskalera may bring a formal proceeding.
We Both Agree To Arbitrate: You and Eskalera agree to resolve any Disputes through final and binding arbitration, except as set forth under Exceptions to Agreement to Arbitrate below.
Opt-out of Agreement to Arbitrate: You may decline this agreement to arbitrate by contacting us at firstname.lastname@example.org within 30 days of first accepting these User Terms and stating that you (include your first and last name) decline this arbitration agreement. Arbitration Procedures: The American Arbitration Association (AAA) will administer the arbitration under its Commercial Arbitration Rules and the Supplementary Procedures for Consumer Related Disputes. The arbitration will be held in the United States county where you live or work, San Francisco, California, or any other location we agree to.
Arbitration Fees: The AAA rules will govern payment of all arbitration fees. If you cannot afford or otherwise do not want to pay arbitration filing, administrative, hearing and/or other fees and cannot obtain a waiver of fees, we will consider in good faith any request by you for us to bear the cost of those fees. We will pay any administration fee, arbitration fees and fees and charges of attorneys, experts and witnesses if and to the extent we are required to pay such fees and charges by law or in order to make this arbitration provision enforceable.
Exceptions to Agreement to Arbitrate: Either you or Eskalera may assert claims, if they qualify, in small claims court in San Francisco, California or any United States county where you live or work. Either party may bring a lawsuit solely for injunctive relief to stop unauthorized use or abuse of the Services, or infringement of intellectual property rights (for example, trademark, trade secret, copyright or patent rights) without first engaging in arbitration or the informal dispute-resolution process described above.
No Class Actions: You may only resolve Disputes with Eskalera on an individual basis and may not bring a claim as a plaintiff or a class member in a class, consolidated, or representative action. Class arbitrations, class actions, private attorney general actions, and consolidation with other arbitrations aren’t allowed under our agreement.
Judicial Forum for Disputes: In the event that the agreement to arbitrate is found not to apply to you or your claim, you and Eskalera agree that any judicial proceeding (other than small claims actions) will be brought in the federal or state courts of San Francisco County, California. Both you and Eskalera consent to venue and personal jurisdiction there. We both agree to waive our right to a jury trial.
Limitation on Claims: Regardless of any statute or law to the contrary, any claim or cause of action arising out of or related to your use of the Services must be filed within one (1) year after such claim or cause of action arose, or else that claim or cause of action will be barred forever.
YOU UNDERSTAND AND AGREE THAT BY ENTERING INTO THESE TERMS, YOU ARE WAIVING THE RIGHT TO TRIAL BY JURY OR TO PARTICIPATE IN A CLASS ACTION.
12.Governing Law & Venue
These User Terms are governed by and construed in accordance with the laws of the State of California, without giving effect to any principles of conflicts of law.
If any provision of these User Terms is held to be unlawful, void, or for any reason unenforceable during arbitration or by a court of competent jurisdiction, then that provision will be deemed severable from these User Terms and will not affect the validity and enforceability of any remaining provisions. Eskalera’s failure to insist upon or enforce strict performance of any provision of these User Terms will not be construed as a waiver of any provision or right. No waiver of any of these User Terms will be deemed a further or continuing waiver of such term or condition or any other term or condition.
These User Terms constitute the entire agreement between you and Eskalera and governs your use of the Service, unless you have a separate signed agreement with Eskalera that states it supersedes these User Terms. These User Terms, including, without limitation, any limitations on liability set forth herein, shall remain in full force and effect notwithstanding any termination of your use of the Services.
You will not assign these User Terms or assign any rights or delegate any obligations hereunder, in whole or in part, whether voluntarily or by operation of law, without the prior written consent of Eskalera. Any purported assignment or delegation by you without the appropriate prior written consent of Eskalera will be null and void. Eskalera may assign these User Terms or any rights hereunder without your consent.
Applicable to Free “Eskalera for All” Services
1. Welcome to Eskalera!
Eskalera provides prescriptive insights for employers to engage and grow their workforces by integrating employees’ quantitative data with real-time sentiment.
These “Customer Terms” Form a Part of a Binding “Contract”
Your Agreement On Behalf of “Customer”
These Customer Terms form a binding contract (a “Contract”) between Customer and us and apply if you sign up an organization for Eskalera for All Services or request that we invite users to join your organization’s Eskalera for All Services. By signing up an organization for Eskalera for All Services or requesting that we invite users to join your organization’s Eskalera for All Services, you acknowledge your understanding of the then-current Contract and agree to the Contract on behalf of Customer. Please make sure you have the necessary authority to enter into the Contract on behalf of Customer before proceeding.
2.Customers and Authorized Users.
Who is “Customer”?
“Customer” is the organization that you represent in agreeing to the Contract. If your Eskalera for All digital space is being set up by someone who is not formally affiliated with an organization, Customer is the individual creating the Eskalera for All digital space. For example, if you signed up for Eskalera for All Services using a personal email address and invited a couple of friends to join but haven’t formed a company yet, you are the Customer. Customer represents and warrants that it has validly entered into the Contract and has the legal power to do so.
Signing Up Using a Corporate Email Domain
If you signed up for the Eskalera for All Services using your corporate email domain, your organization is Customer, and Customer can modify and re-assign roles on your Eskalera for All digital space (including your role) and otherwise exercise its rights under the Contract. If Customer elects to replace you as the representative with ultimate authority for the Eskalera for All digital space, we will provide you with notice following such election and you agree to take any actions reasonably requested by us or Customer to facilitate the transfer of authority to a new representative of Customer.
What This Means for Customer—and for Us
Individuals authorized by Customer to access the Eskalera for All Services (each an “Authorized User”) may submit content or information to the Eskalera for All Services, such as personal information or sentiments (collectively, “Customer Data”), and Customer may exclusively provide us with instructions on what to do with it. For example, Customer may provision or deprovision access to the Eskalera for All Services or manage permissions, retention and export settings.
Customer will (a) inform Authorized Users of all Customer policies and practices that are relevant to their use of the Eskalera for All Services and of any settings that may impact the processing of Customer Data; and (b) ensure the transfer and processing of Customer Data under the Contract is lawful
3.Ownership and Proprietary Rights
What’s Yours is Yours
Except as set forth herein, as between us on the one hand, and Customer and any Authorized Users on the other, Customer will own all Customer Data. Subject to the terms and conditions of the Contract, Customer (for itself and all of its Authorized Users) grants us a worldwide, non-exclusive, limited term license to access, use, process, copy, distribute, perform, export and display Customer Data only as reasonably necessary (a) to provide, maintain and update the Eskalera for All Services; (b) to prevent or address service, security, support or technical issues; (c) as required by law; and (d) as expressly permitted in writing by Customer. Customer represents and warrants that it has secured all rights in and to Customer Data from its Authorized Users as may be necessary to grant this license.
What’s the Authorized User’s is the Authorized User’s
We believe that an Authorized User’s personal information is that Authorized User’s personal information. Therefore, notwithstanding anything to the contrary in these Customer Terms: (i) each Authorized User may have a user profile on the Eskalera for All Services and while using the Eskalera for All Services, an Authorized User may add their personal information to their user profile, in which case such data is not Customer Data, and the Authorized User shall control how the data in their user profile is collected, processed, and disclosed; and (ii) to promote a trusted environment on the Eskalera for All Services, Eskalera will not provide Customer with users’ personal information (e.g. a user’s response to a question) that has not been aggregated or otherwise deidentified unless a user chooses to share the data with Customer or except as required by applicable law.
And What’s Ours is Ours
We own and will continue to own the Eskalera for All Services and our other products and services and all data in our Services other than Customer Data (“Eskalera Data”), including all related intellectual property rights, including system performance metrics and our services’ machine learning, and any future developments, derivatives and enhancements to our products and services. Customer acknowledges that, as our products and services are provided to Customer and to Eskalera’s other customers, our products and services and the underlying algorithms are engaged in continual machine learning, and that the results and output of such learning are owned solely by Eskalera. Customer may only use Eskalera Data in connection with using the Eskalera for All Services. Eskalera will not be restricted from improving its services on the basis of general learning and know-how gained from the provision of our products and services to Customer and Eskalera’s other partners. Eskalera may collect aggregated or other deidentified data related to or as a result of use of our products and services, and Eskalera retains all right, title and interest in and to such data (for example, Eskalera may collect aggregated data to create and provide indices showing diversity or compensation measures for a particular market). All of our rights not expressly granted by this license are hereby retained.
Feedback is Welcome
The more suggestions our customers make, the better our products and services become. If Customer sends us any feedback or suggestions regarding our products and services, there is a chance we will use it, so Customer grants us (for itself and all of its Authorized Users and other Customer personnel) an unlimited, irrevocable, perpetual, sublicensable, transferable, royalty-free license to use any such feedback or suggestions for any purpose without any obligation or compensation to Customer, any Authorized User or other Customer personnel.
Customer and Eskalera will each conspicuously post and comply with a legally sufficient privacy notice on its properties where data is collected and used in association with the Eskalera for All Services. The privacy notice must accurately describe the party’s practices relating to data collection, sharing and use. For any data that Customer submits to the Eskalera for All Services or causes the Eskalera for All Services to process, Customer will ensure that all necessary rights and permissions are established for the transfers and/or use of such data in connection with the Eskalera for All Services in compliance with all applicable laws, regulations, and self-regulatory requirements.
Eskalera will provide the Eskalera for All Services in accord with this Contract, any applicable documentation made available by Eskalera that describes the specifications of the Eskalera for All Services (“Documentation”), and the laws and regulations applicable to Eskalera’s provision of the Eskalera for All Services to its customers generally. Eskalera is responsible for its personnel’s and agents’ compliance with Eskalera’s obligations under this Contract.
Eskalera will maintain appropriate administrative, physical and technical safeguards for the protection of Customer Data, including measures designed to prevent unauthorized access to or disclosure of Customer Data.
In its use of the Eskalera for All Services, Customer will comply with the Contract; the Documentation; and all applicable laws and regulations. Customer will use commercially reasonable efforts to prevent unauthorized access to or use of the Eskalera for All Services and notify Eskalera promptly of any such unauthorized access or use. Customer is responsible for its Authorized Users, personnel’s and agents’ compliance with Customer’s obligations under this Contract
Customer will not (a) make any part of the Eskalera for All Services available to, or use the Eskalera for All Services for the benefit of, any third party; (b) sell, resell, license, sublicense, distribute, make available, rent or lease the Eskalera for All Services; (c) modify, copy or create derivative works of the Eskalera for All Services; (d) disassemble, reverse-engineer or decompile the Eskalera for All Services; (e) access the Eskalera for All Services for purposes of monitoring their availability, performance or functionality, or for any other benchmarking or competitive purposes; (f) use the Eskalera for All Services to store or transmit materials that are unlawful, misleading, libelous, obscene, hateful or violative of others’ privacy rights; or (g) introduce viruses or other malware to the Eskalera for All Services, Eskalera’s systems or end users. Customer will not use the Eskalera for All Services in a manner that violates its agreement with any third party or could reasonably be expected to damage the Eskalera for All Services or reflect unfavorably on the reputation of Eskalera or its partners. Customer will not export, re-export, or transfer the Eskalera for All Services, in whole or in part, to any country, person, or entity subject to U.S. export restrictions.
Customer must ensure that all Authorized Users are over 16 years old.
The Eskalera for All Services are currently available for free, but we reserve the right to charge for certain or all services in the future. We will notify you before any services you are then using for free begin carrying a fee, and if you wish to continue using such services, you must pay all applicable fees for such services.
The Sections titled “Ownership and Proprietary Rights”, “Free Services”, “Effect of Termination”, “Survival”, “Confidentiality”, “Disclaimer”, “Limitation of Liability”, “Mutual Indemnification”, and “General Terms” will survive any termination or expiration of the Contract.
“Confidential Information” means information that the disclosing party identifies as confidential or the receiving party should reasonably understand to be confidential given the circumstances and the type of information. Confidential Information does not include information that the receiving party can demonstrate (a) it knew without restriction before receipt from the disclosing party, (b) is publicly available through no fault of the receiving party, (c) it rightfully received from a third party without a duty of confidentiality or (d) is independently developed without use of the disclosing party’s Confidential Information. The receiving party may use the disclosing party’s Confidential Information only as permitted under the Contract and must use at least reasonable care to prevent any unauthorized use or disclosure of the disclosing party’s Confidential Information. The receiving party may share the disclosing party’s Confidential Information with its employees, agents and contractors who need to know it, as long as they are bound to confidentiality obligations that are consistent with this Contract. If compelled to do so by law, the receiving party may disclose the disclosing party’s Confidential Information
EXCEPT AS EXPRESSLY PROVIDED FOR HEREIN, ESKALERA PROVIDES ALL PRODUCTS AND SERVICES “AS IS” AND “AS AVAILABLE,” WITHOUT WARRANTY OF ANY KIND, AND DISCLAIMS ALL EXPRESS AND IMPLIED WARRANTIES, INCLUDING WITHOUT LIMITATION WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, PERFORMANCE, ACCURACY, RELIABILITY AND NON-INFRINGEMENT. THIS DISCLAIMER OF WARRANTY CONSTITUTES AN ESSENTIAL PART OF THIS AGREEMENT.
11.Limitation of Liability
OTHER THAN IN CONNECTION WITH A PARTY’S INDEMNIFICATION OBLIGATIONS HEREUNDER, IN NO EVENT WILL EITHER PARTY’S AGGREGATE LIABILITY ARISING OUT OF OR RELATED TO THE CONTRACT (WHETHER IN CONTRACT OR TORT OR UNDER ANY OTHER THEORY OF LIABILITY) EXCEED $10,000.
IN NO EVENT WILL EITHER CUSTOMER OR ESKALERA HAVE ANY LIABILITY TO THE OTHER PARTY OR TO ANY THIRD PARTY FOR ANY LOST PROFITS OR REVENUES OR FOR ANY INDIRECT, SPECIAL, INCIDENTAL, CONSEQUENTIAL, COVER OR PUNITIVE DAMAGES HOWEVER CAUSED, WHETHER IN CONTRACT, TORT OR UNDER ANY OTHER THEORY OF LIABILITY, AND WHETHER OR NOT THE PARTY HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. THE FOREGOING DISCLAIMER WILL NOT APPLY TO THE EXTENT PROHIBITED BY APPLICABLE LAW.
The limitations under this “Limitation of Liability” section apply with respect to all legal theories, whether in contract, tort or otherwise, and to the extent permitted by law. The provisions of this “Limitation of Liability” section allocate the risks under this Contract between the parties, and the parties have relied on these limitations in determining whether to enter into this Contract and the offering of the Eskalera for All Services for no charge.
Eskalera will indemnify, defend and hold harmless Customer and its officers, directors, employees and representatives from any liability or expense (including reasonable attorneys’ fees) (“Liabilities”) from any third-party claim that the Eskalera for All Services in the form made available by Eskalera infringe such third-party’s intellectual-property rights. Customer will indemnify, defend, and hold harmless Eskalera and its officers, directors, employees and representatives (collectively, “Eskalera Parties”) from any Liabilities from any third-party claim arising out of or from Customer Data or any other Customer or user information or materials, or Customer’s violation of applicable laws or regulations or infringement of the intellectual-property or other rights of a third party. Each party’s indemnification obligations are conditioned on (a) the indemnified party providing the indemnitor with prompt written notice of any claim (provided that the failure to promptly notify will only relieve the indemnitor of its obligation to the extent it can demonstrate material prejudice from such failure), (b) the indemnitor having sole control and authority with respect to the defense and settlement of any such claim, and (c) the indemnified party cooperating fully with the indemnitor, at the indemnitor’s sole cost and expense. The indemnitor will not, without the prior written consent of the indemnified party, agree to any settlement of any such claim that does not include a complete release of the indemnified party from all liability or that imposes any liability, obligation or restriction on the indemnified party. The indemnified party may participate with its own counsel, at its own expense. This “Mutual Indemnification” section states the indemnifying party’s sole liability to, and the indemnified party’s exclusive remedy against, the other party for any third party claim described in this section
Eskalera will have no indemnification obligation for claims arising out of or from (a) the combination of the Eskalera for All Services with products or services not supplied by Eskalera, where the cause of action would not have arisen but for such combination, (b) the unauthorized adaptation or modification of the Eskalera for All Services, where the cause of action would not have arisen but for such adaptation or modification, (c) use of the Eskalera for All Services other than as described in the Contract or Documentation, or (d) Customer’s breach of this Contract. If any of the subsections above apply, Customer will indemnify, defend and hold harmless the Eskalera Parties from and against any Liabilities from such claims
Neither party will be liable for failure or delay in performance due to causes beyond its reasonable control, including without limitation acts of God, terrorism, war, riots, fire, earthquake, flood or failure of internet or communications infrastructure.
Customer grants us the right to use Customer’s company name and logo as a reference for marketing or promotional purposes on our website and in other public or private communications with our existing or potential customers, subject to Customer’s standard trademark usage guidelines as provided to us from time-to-time. We don’t want to list customers who don’t want to be listed, so Customer may send us an email to email@example.com stating that it does not wish to be used as a reference.
The Contract is the entire agreement of the parties relating to this subject matter, and it supersedes all other commitments and understandings with respect to such subject matter. In the event of a conflict between these Customer Terms and any other written agreement between the parties, the other written agreement will control.
As our business evolves, we may change these Customer Terms. If we make a material change to the Customer Terms, we will provide Customer with reasonable notice prior to the change taking effect, either by emailing the email address associated with Customer’s account or by posting a notice on eskalera.com. Customer can review the most current version of the Customer Terms at any time by visiting this page and by visiting the most current versions of the other pages that are referenced in the Contract. The materially revised Contract will become effective on the date set forth in our notice, and all other changes will become effective upon posting of the change. If Customer (or any Authorized User) accesses or uses the Eskalera for All Services after the effective date, that use will constitute Customer’s acceptance of any revised terms and conditions.
Except as otherwise set forth herein, all notices under the Contract will be by email. Notices to Eskalera will be sent to firstname.lastname@example.org. Notices will be deemed to have been duly given the day after it is sent in the case of notices through email.
Governing Law, Non-Assignability, & Severability
This Contract is governed by the laws of the State of California, excluding conflicts of laws principles. This Contract is not transferable or assignable without the prior written consent of the non-assigning party; provided, however, that either party may assign this Contract upon written notice, to an affiliate or an acquirer of substantially all of that party’s assets, stock or business by sale, merger or otherwise. Eskalera may terminate this Contract upon notice if Customer assigns this Contract to an Eskalera competitor. If any provision of this Contract is unenforceable, the validity of the remaining provisions will not be affected.
Any action arising under or related to this Contract will be resolved in the state or federal courts (and the parties hereby consent to personal jurisdiction) in the County of San Francisco, CA. The prevailing party is entitled to recover all reasonable fees, costs and expenses of enforcing its rights, including reasonable attorneys’ fees. Claims must be brought in the initiating party’s individual capacity, not as a plaintiff or class member in any class action or similar proceeding.
Eskalera Data Processing Addendum
The terms used in this DPA shall have the meanings set forth in this DPA. Capitalized terms not otherwise defined herein shall have the meaning given to them in the Customer Terms.
For the avoidance of doubt, entering into the Customer Terms shall be deemed entrance into this DPA and acceptance of the Standard Contractual Clauses incorporated herein, including their Appendices.
“Controller” means the entity which determines the purposes and means of the Processing of Personal Data.
“Data Protection Laws” means all applicable data protection and data privacy laws and regulations, including but not limited to the EU General Data Protection Regulation (GDPR), Canada’s Personal Information Protection and Electronic Documents Act (PIPEDA) and the California Consumer Privacy Act (CCPA).
“Data Subject” means the identified or identifiable person or household to whom Personal Data relates.
“Personal Data” shall have the meaning ascribed to “personally identifiable information,” “personal information,” “personal data” or equivalent terms as such terms are defined under the Data Protection Laws, in each case that is Customer Data.
“Personal Data Incident” shall have the meaning assigned by Data Protection Laws to the terms “security incident,” “security breach” or “personal data breach” and shall include any situation in which Eskalera becomes aware that Personal Data, which is transmitted, stored or otherwise Processed by Eskalera or its Sub-processors, has been or is likely to have been accessed, disclosed, altered, lost, destroyed or used by unauthorized persons, in an unauthorized manner.
“Processing” means any operation or set of operations that is performed on Personal Data, whether or not by automatic means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
“Processor” means the entity that Processes Personal Data on behalf of the Controller.
“Sub-processor” means any entity appointed by Eskalera to Process Personal Data on behalf of Customer.
- Roles of the Parties. The parties acknowledge and agree that regarding the Processing of Personal Data under the Customer Terms, Customer is the Controller, Eskalera is the Processor and Eskalera may engage Sub-processors pursuant to Section 3 below.
- Customer’s Processing of Personal Data. Customer shall, in its use of the Services, Process Personal Data in accordance with the requirements of Data Protection Laws, including any applicable requirement to provide notice to Data Subjects of the use of Eskalera as Processor. For the avoidance of doubt, Customer’s instructions for the Processing of Personal Data shall comply with Data Protection Laws. Customer shall have sole responsibility for the accuracy, quality, and legality of Personal Data and the means by which Customer acquired Personal Data. Customer specifically acknowledges that its use of the Services will not violate the rights of any Data Subject that has opted-out from sales or other disclosures of Personal Data, to the extent applicable under Data Protection Laws.
- Eskalera’s Processing of Personal Data. Eskalera shall treat Personal Data as confidential and shall only Process Personal Data on behalf of and in accordance with Customer’s documented instructions unless Processing is required by Data Protection Laws. Customer instructs Eskalera (and authorizes Eskalera to instruct each Sub-processor) to Process Personal Data for the following purposes: (i) Processing in accordance with the Customer Terms; (ii) Processing initiated by Customer’s users in their use of the Services; or (iii) Processing to comply with other documented reasonable instructions provided by Customer (e.g. via email) where such instructions are consistent with the terms of the Customer Terms.
- Details of the Processing. The subject matter of Processing of Personal Data by Eskalera is the performance of the Services pursuant to the Customer Terms. The duration of the Processing, the nature and purpose of the Processing, the types of Personal Data Processed and the categories of Data Subjects for whom Personal Data is Processed are set forth in Schedule 1.
- Confidentiality. Eskalera shall ensure that its personnel engaged in the Processing of Personal Data are informed of the confidential nature of the Personal Data, have received appropriate training on their responsibilities and have executed written confidentiality agreements.
- Security Controls. Eskalera shall implement appropriate technical and organizational measures to maintain the security, confidentiality and integrity of Personal Data, including protection against unauthorized or unlawful Processing and against accidental or unlawful destruction, loss or alteration or damage, unauthorized disclosure of, or access to, Personal Data.
- Data Subject Requests. Eskalera shall, to the extent legally permitted, promptly notify Customer of any requests from Data Subjects seeking to exercise their rights under Data Protection Laws and, taking into account the nature of the Processing, assist Customer by implementing appropriate technical and organizational measures, insofar as this is possible, to assist with Customer’s obligation to respond to such requests. To the extent that Personal Data is not accessible to Customer, in its use of the Services, Eskalera shall, where legally permitted and upon Customer’s request, provide commercially reasonable efforts to assist Customer in responding to such requests if responses to such requests are required by Data Protection Laws. To the extent legally permitted, Customer shall be responsible for any costs arising from Eskalera’s provision of such assistance.
- Data Protection Impact Assessment. Eskalera shall, upon Customer’s written request and taking into account the nature of processing and information available, provide reasonable assistance to Customer in connection with obligations under Articles 32 and 36 of the GDPR or equivalent provisions under Data Protection Laws.
- Return or Deletion of Personal Data.Eskalera shall, upon Customer’s written request, promptly destroy or return any Personal Data after the end of the provision of Services, unless storage of the Personal Data is required by applicable law.
- Data Processor Point of Contact. If Customer has any questions to Processing of Personal Data by Eskalera, Customer may send such questions to the following email: email@example.com.
- Appointment of Sub-processors. Customer acknowledges and agrees that Eskalera may engage Sub-processors in connection with provision of the Services. Eskalera shall enter into a written agreement with any engaged Sub-processor that contains data protection obligations no less protective than those contained in this DPA with respect to the protection of Personal Data to the extent applicable to the nature of the Services provided by such Sub-processor.
- List of Current Sub-processors and Notification of New Sub-Processors. A current list of Sub-processors for the Services, including the identities of those Sub-processors and their country of location, may be requested at any time by emailing firstname.lastname@example.org. Customer may receive notifications of new Sub-processors by emailing email@example.com with the subject “Subscribe”, and if a Customer contact subscribes, Eskalera shall provide the subscriber with notification of new Sub-processor(s) before authorizing such new Sub-processor(s) to Process Personal Data in connection with the provision of the applicable Services.
- Objection to New Sub-processors. Customer may object to Eskalera’s use of a new Sub-processor by notifying Eskalera in writing within ten (10) business days after receipt of Eskalera’s communication advising of the new Sub-processor.
- Liability. Eskalera shall be liable for the acts and omissions of its Sub-processors to the same extent Eskalera would be liable if performing the services of each Sub-processor directly under the terms of this DPA, except as otherwise set forth in the Customer Terms.
- PERSONAL DATA INCIDENTS
- Eskalera shall notify Customer without undue delay after becoming aware of a Personal Data Incident. Eskalera shall make reasonable efforts to identify the cause of such Personal Data Incident and take those steps necessary and reasonable to remediate the cause of such a Personal Data Incident to the extent the remediation is within Eskalera’s reasonable control.
- INTERNATIONAL DATA TRANSFERS
- Personal Data Transfers. Customer agrees to allow transfer of Personal Data outside the country from which it was originally collected provided that such transfer is required in connection with the provision of Services under the Customer Terms and such transfers take place in accordance with Data Protection Laws, including, without limitation, completing any prior assessments required by Data Protection Laws.
- European Specific Provisions. Where Eskalera transfers Personal Data collected in the European Economic Area to a country outside of the European Economic Area and without an adequacy finding under Article 45 of the GDPR, at least one of the transfer mechanisms listed below shall apply:
- Binding Corporate Rules. To the extent Eskalera has adopted Binding Corporate Rules, it shall maintain such rules and promptly notify Customer in the event that the rules are no longer a valid transfer mechanism between Eskalera and Customer.
- EU-US Privacy Shield/Swiss-US Privacy Shield. To the extent Eskalera is certified for the processing necessary to provide the Services, it shall remain certified and shall promptly notify Customer if it does not renew or loses the certifications or amends the certifications so that Personal Data Processed to provide the Services is no longer within the scope of the certification.
- EU Standard Contractual Clauses. The EU Standard Contractual Clauses pursuant to 2010/87/EU (the European Commission’s decision 5 February 2010 on standard contractual clauses for the transfer of personal data to processors established in third countries under Directive 95/46/EC of the European Parliament and of the Council (notified under document C(2010) 593)(Schedule 2) are hereby incorporated in their entirety into this DPA and, to the extent applicable, Eskalera shall ensure that its Sub-processors comply with the obligations of a data importer (as defined in the EU Standard Contractual Clauses). To the extent there is any conflict between this DPA and the EU Standard Contractual Clauses, the terms of the EU Standard Contractual Clauses shall prevail.
- CERTIFICATIONS AND AUDITS
- Upon written request, Eskalera, to the extent that it is acting as a Data Processor to Customer, shall make available to Customer that is not a competitor of Eskalera (or Customer’s independent, third-party auditor that is not a competitor of Eskalera) information regarding Eskalera’s compliance with the obligations set forth under Data Protection Laws, provided that Eskalera shall have no obligation to provide commercially confidential information. On no more than an annual basis, Eskalera shall, to the extent that it is acting as a Data Processor to Customer, following a request by Customer and at Customer’s expense, further allow for and contribute to audits and inspections by Customer or its authorized third-party auditor that shall not be a competitor of Eskalera. The scope, timing and duration of any such audits, including conditions of confidentiality, shall be mutually agreed upon by Eskalera and Customer prior to initiation. Customer shall promptly notify Eskalera with information regarding non-compliance discovered during the course of an audit, and Eskalera shall use commercially reasonable efforts to address any confirmed non-compliance.
- Liability arising out of or related to Processing of Personal Data or otherwise arising out of or related to this DPA (whether in contract, tort or under any other theory of liability) is subject to any limitations of liability provision(s) set forth in the Customer Terms.
List of Schedules
Schedule 1: Details of the Processing
Schedule 2: Standard Contractual Clauses
SCHEDULE 1 – DETAILS OF PERSONAL DATA PROCESSING
Nature and Purpose of Processing
Eskalera will Process Personal Data pursuant to the Customer Terms, as further specified in the Services-related documentation, and as further instructed by Customer in its use of the Services.
Duration of Processing
Customer will Process Personal Data for the duration of the Customer Terms, unless otherwise agreed upon in writing.
Categories of Data Subjects
Customer may submit Personal Data to Eskalera, the extent of which is determined and controlled by Customer in its sole discretion. This may include, but is not limited to Personal Data relating to the following categories of data subjects: Customer’s employees.
Categories of Personal Data
Customer may submit Personal Data to Eskalera, the extent of which is determined and controlled by Customer in its sole discretion. This may include, but is not limited to the following categories of Personal Data:
- Personal Data related to or relevant to the employment of Customer personnel
- Connection data (IP address, username, ID data used for authentication purposes)
These Standard Contractual Clauses are attached to and made part of the DPA.
For the purposes of Article 26(2) of Directive 95/46/EC for the transfer of personal data to processors established in third countries which do not ensure an adequate level of data protection.
Data Exporter and Data Importer are as defined in Appendix 1.
HAVE AGREED on the following Contractual Clauses (the Clauses) in order to adduce adequate safeguards with respect to the protection of privacy and fundamental rights and freedoms of individuals for the transfer by the data exporter to the data importer of the personal data specified in Appendix 1.
For the purposes of the Clauses:
(a) ‘personal data‘, ‘special categories of data‘, ‘process/processing‘, ‘controller‘, ‘processor‘, ‘data subject‘ and ‘supervisory authority‘ shall have the same meaning as in Directive 95/46/EC of the European Parliament and of the Council of 24 October 1995 on the protection of individuals with regard to the processing of personal data and on the free movement of such data;
(b) ‘the data exporter‘ means the controller who transfers the personal data;
(c) ‘the data importer‘ means the processor who agrees to receive from the data exporter personal data intended for processing on his behalf after the transfer in accordance with his instructions and the terms of the Clauses and who is not subject to a third country’s system ensuring adequate protection within the meaning of Article 25(1) of Directive 95/46/EC;
(d) ‘the subprocessor‘ means any processor engaged by the data importer or by any other subprocessor of the data importer who agrees to receive from the data importer or from any other subprocessor of the data importer personal data exclusively intended for processing activities to be carried out on behalf of the data exporter after the transfer in accordance with his instructions, the terms of the Clauses and the terms of the written subcontract;
(e) ‘the applicable data protection law‘ means the legislation protecting the fundamental rights and freedoms of individuals and, in particular, their right to privacy with respect to the processing of personal data applicable to a data controller in the Member State in which the data exporter is established;
(f) ‘technical and organisational security measures‘ means those measures aimed at protecting personal data against accidental or unlawful destruction or accidental loss, alteration, unauthorised disclosure or access, in particular where the processing involves the transmission of data over a network, and against all other unlawful forms of processing.
Details of the transfer
The details of the transfer and in particular the special categories of personal data where applicable are specified in Appendix 1 which forms an integral part of the Clauses.
Third-party beneficiary clause
- The data subject can enforce against the data exporter this Clause, Clause 4(b) to (i), Clause 5(a) to (e), and (g) to (j), Clause 6(1) and (2), Clause 7, Clause 8(2), and Clauses 9 to 12 as third-party beneficiary.
- The data subject can enforce against the data importer this Clause, Clause 5(a) to (e) and (g), Clause 6, Clause 7, Clause 8(2), and Clauses 9 to 12, in cases where the data exporter has factually disappeared or has ceased to exist in law unless any successor entity has assumed the entire legal obligations of the data exporter by contract or by operation of law, as a result of which it takes on the rights and obligations of the data exporter, in which case the data subject can enforce them against such entity.
- The data subject can enforce against the subprocessor this Clause, Clause 5(a) to (e) and (g), Clause 6, Clause 7, Clause 8(2), and Clauses 9 to 12, in cases where both the data exporter and the data importer have factually disappeared or ceased to exist in law or have become insolvent, unless any successor entity has assumed the entire legal obligations of the data exporter by contract or by operation of law as a result of which it takes on the rights and obligations of the data exporter, in which case the data subject can enforce them against such entity. Such third party liability of the subprocessor shall be limited to its own processing operations under the Clauses.
- The parties do not object to a data subject being represented by an association or other body if the data subject so expressly wishes and if permitted by national law.
Obligations of the data exporter
The data exporter agrees and warrants:
- that the processing, including the transfer itself, of the personal data has been and will continue to be carried out in accordance with the relevant provisions of the applicable data protection law (and, where applicable, has been notified to the relevant authorities of the Member State where the data exporter is established) and does not violate the relevant provisions of that State;
- that it has instructed and throughout the duration of the personal data processing services will instruct the data importer to process the personal data transferred only on the data exporter’s behalf and in accordance with the applicable data protection law and the Clauses;
- that the data importer will provide sufficient guarantees in respect of the technical and organizational security measures specified in Appendix 2 to this contract;
- that after assessment of the requirements of the applicable data protection law, the security measures are appropriate to protect personal data against accidental or unlawful destruction or accidental loss, alteration, unauthorized disclosure or access, in particular where the processing involves the transmission of data over a network, and against all other unlawful forms of processing, and that these measures ensure a level of security appropriate to the risks presented by the processing and the nature of the data to be protected having regard to the state of the art and the cost of their implementation;
- that it will ensure compliance with the security measures;
- that, if the transfer involves special categories of data, the data subject has been informed or will be informed before, or as soon as possible after, the transfer that its data could be transmitted to a third country not providing adequate protection within the meaning of Directive 95/46/EC;
- to forward any notification received from the data importer or any subprocessor pursuant to Clause 5(b) and Clause 8(3) to the data protection supervisory authority if the data exporter decides to continue the transfer or to lift the suspension;
- to make available to the data subjects upon request a copy of the Clauses, with the exception of Appendix 2, and a summary description of the security measures, as well as a copy of any contract for subprocessing services which has to be made in accordance with the Clauses, unless the Clauses or the contract contain commercial information, in which case it may remove such commercial information;
- that, in the event of subprocessing, the processing activity is carried out in accordance with Clause 11 by a subprocessor providing at least the same level of protection for the personal data and the rights of data subject as the data importer under the Clauses; and
- that it will ensure compliance with Clause 4(a) to (i).
Obligations of the data importer
The data importer agrees and warrants:
- to process the personal data only on behalf of the data exporter and in compliance with its instructions and the Clauses; if it cannot provide such compliance for whatever reasons, it agrees to inform promptly the data exporter of its inability to comply, in which case the data exporter is entitled to suspend the transfer of data and/or terminate the contract;
- that it has no reason to believe that the legislation applicable to it prevents it from fulfilling the instructions received from the data exporter and its obligations under the contract and that in the event of a change in this legislation which is likely to have a substantial adverse effect on the warranties and obligations provided by the Clauses, it will promptly notify the change to the data exporter as soon as it is aware, in which case the data exporter is entitled to suspend the transfer of data and/or terminate the contract;
- that it has implemented the technical and organizational security measures specified in Appendix 2 before processing the personal data transferred;
- that it will promptly notify the data exporter about:
- any legally binding request for disclosure of the personal data by a law enforcement authority unless otherwise prohibited, such as a prohibition under criminal law to preserve the confidentiality of a law enforcement investigation,
- any accidental or unauthorized access, and
- any request received directly from the data subjects without responding to that request, unless it has been otherwise authorized to do so;
- to deal promptly and properly with all inquiries from the data exporter relating to its processing of the personal data subject to the transfer and to abide by the advice of the supervisory authority with regard to the processing of the data transferred;
- at the request of the data exporter to submit its data processing facilities for audit of the processing activities covered by the Clauses which shall be carried out by the data exporter or an inspection body composed of independent members and in possession of the required professional qualifications bound by a duty of confidentiality, selected by the data exporter, where applicable, in agreement with the supervisory authority;
- to make available to the data subject upon request a copy of the Clauses, or any existing contract for subprocessing, unless the Clauses or contract contain commercial information, in which case it may remove such commercial information, with the exception of Appendix 2 which shall be replaced by a summary description of the security measures in those cases where the data subject is unable to obtain a copy from the data exporter;
- that, in the event of subprocessing, it has previously informed the data exporter and obtained its prior written consent;
- that the processing services by the subprocessor will be carried out in accordance with Clause 11;
- to send promptly a copy of any subprocessor agreement it concludes under the Clauses to the data exporter.
- The parties agree that any data subject, who has suffered damage as a result of any breach of the obligations referred to in Clause 3 or in Clause 11 by any party or subprocessor is entitled to receive compensation from the data exporter for the damage suffered.
- If a data subject is not able to bring a claim for compensation in accordance with paragraph 1 against the data exporter, arising out of a breach by the data importer or his subprocessor of any of their obligations referred to in Clause 3 or in Clause 11, because the data exporter has factually disappeared or ceased to exist in law or has become insolvent, the data importer agrees that the data subject may issue a claim against the data importer as if it were the data exporter, unless any successor entity has assumed the entire legal obligations of the data exporter by contract or by operation of law, in which case the data subject can enforce its rights against such entity.
The data importer may not rely on a breach by a subprocessor of its obligations in order to avoid its own liabilities.
- If a data subject is not able to bring a claim against the data exporter or the data importer referred to in paragraphs 1 and 2, arising out of a breach by the subprocessor of any of their obligations referred to in Clause 3 or in Clause 11 because both the data exporter and the data importer have factually disappeared or ceased to exist in law or have become insolvent, the subprocessor agrees that the data subject may issue a claim against the data subprocessor with regard to its own processing operations under the Clauses as if it were the data exporter or the data importer, unless any successor entity has assumed the entire legal obligations of the data exporter or data importer by contract or by operation of law, in which case the data subject can enforce its rights against such entity. The liability of the subprocessor shall be limited to its own processing operations under the Clauses.
Mediation and jurisdiction
- The data importer agrees that if the data subject invokes against it third-party beneficiary and/or claims compensation for damages under the Clauses, the data importer will accept the decision of the data subject:
- to refer the dispute to mediation, by an independent person or, where applicable, by the supervisory authority;
- to refer the dispute to the courts in the Member State in which the data exporter is established.
- The parties agree that the choice made by the data subject will not prejudice its substantive or procedural rights to seek remedies in accordance with other provisions of national or international law.
Cooperation with supervisory authorities
- The data exporter agrees to deposit a copy of this contract with the supervisory authority if it so requests or if such deposit is required under the applicable data protection law.
- The parties agree that the supervisory authority has the right to conduct an audit of the data importer, and of any subprocessor, which has the same scope and is subject to the same conditions as would apply to an audit of the data exporter under the applicable data protection law.
- The data importer shall promptly inform the data exporter about the existence of legislation applicable to it or any subprocessor preventing the conduct of an audit of the data importer, or any subprocessor, pursuant to paragraph 2. In such a case the data exporter shall be entitled to take the measures foreseen in Clause 5 (b).
The Clauses shall be governed by the law of the Member State in which the data exporter is established.
Variation of the contract
The parties undertake not to vary or modify the Clauses. This does not preclude the parties from adding clauses on business related issues where required as long as they do not contradict the Clause.
- The data importer shall not subcontract any of its processing operations performed on behalf of the data exporter under the Clauses without the prior written consent of the data exporter. Where the data importer subcontracts its obligations under the Clauses, with the consent of the data exporter, it shall do so only by way of a written agreement with the subprocessor which imposes the same obligations on the subprocessor as are imposed on the data importer under the Clauses. Where the subprocessor fails to fulfill its data protection obligations under such written agreement the data importer shall remain fully liable to the data exporter for the performance of the subprocessor’s obligations under such agreement.
- The prior written contract between the data importer and the subprocessor shall also provide for a third-party beneficiary clause as laid down in Clause 3 for cases where the data subject is not able to bring the claim for compensation referred to in paragraph 1 of Clause 6 against the data exporter or the data importer because they have factually disappeared or have ceased to exist in law or have become insolvent and no successor entity has assumed the entire legal obligations of the data exporter or data importer by contract or by operation of law. Such third-party liability of the subprocessor shall be limited to its own processing operations under the Clauses.
- The provisions relating to data protection aspects for subprocessing of the contract referred to in paragraph 1 shall be governed by the law of the Member State in which the data exporter is established.
- The data exporter shall keep a list of subprocessing agreements concluded under the Clauses and notified by the data importer pursuant to Clause 5(j), which shall be updated at least once a year. The list shall be available to the data exporter’s data protection supervisory authority.
Obligation after the termination of personal data processing services
- The parties agree that on the termination of the provision of data processing services, the data importer and the subprocessor shall, at the choice of the data exporter, return all the personal data transferred and the copies thereof to the data exporter or shall destroy all the personal data and certify to the data exporter that it has done so, unless legislation imposed upon the data importer prevents it from returning or destroying all or part of the personal data transferred. In that case, the data importer warrants that it will guarantee the confidentiality of the personal data transferred and will not actively process the personal data transferred anymore.
- The data importer and the subprocessor warrant that upon request of the data exporter and/or of the supervisory authority, it will submit its data processing facilities for an audit of the measures referred to in paragraph 1.
APPENDIX 1 TO THE STANDARD CONTRACTUAL CLAUSES
This Appendix forms part of the Clauses and has been agreed by the parties by virtue of their signing the DPA.
The data exporter is the legal entity identified as “Customer” in the Eskalera Data Processing Addendum.
The data importer is the legal entity identified as Eskalera in the Eskalera Data Processing Addendum.
The personal data transferred concern the following categories of data subjects:
- See Schedule 1
Categories of data
The personal data transferred concern the following categories of data:
- See Schedule 1
Special categories of data
Customer may submit personal data to Eskalera through the Services, the extent of which is determined and controlled by Customer in compliance with applicable Data Protection Laws and which may concern the following special categories of data, if any:
- racial or ethnic origin;
- political opinions;
- religious or philosophical beliefs;
- trade-union membership;
- genetic or biometric data;
- health; and
- sex life.
The Personal Data transferred will be subject to the following basic processing activities:
- The performance of the Services pursuant to the Customer Terms.
APPENDIX 2 TO THE STANDARD CONTRACTUAL CLAUSES
This Appendix forms part of the Clauses and has been agreed by the parties by virtue of their signing the DPA.
Description of the technical and organizational security measures implemented by the data importer in accordance with Clauses 4(d) and 5(c) (or document/legislation attached):
The security measures implemented by the data importer are described in Eskalera’s Security Guidelines.