Version 6 - Date of release: 7 July 2023 This Data Processing Agreement (this ", DPA, ") forms part of Sinch master services agreement (the ", Principal Agreement, ") between Sinch and the Customer and is subject to the Principal Agreement., Definitions., For the purposes of this DPA, capitalized terms shall have the following meanings. Capitalized terms not otherwise defined shall have the meaning given to them in the Principal Agreement., (a) "Customer's, Personal Data, " means any personal data that is processed by Sinch on behalf of the Customer to perform the Services under the Principal Agreement., (b) "Applicable Data Protection Laws", means the GDPR, as transposed into domestic legislation of each Member State (and the United Kingdom) and as amended, replaced or superseded from time to time, and laws implementing, replacing or supplementing the GDPR and all laws applicable to the collection, storage, processing, and use of Customer's Personal Data, including the California Consumer Privacy Act of 2018, Cal. Civ. Code § 1798.…, CCPA, ”). , (c), ", GDPR, " means the General Data Protection Regulation (EU) 2016/679 on the protection of natural persons with regard to the processing of personal data and the free movement of such data., (d) "Sinch Infrastructure", means (i) Sinch’s physical facilities; (ii) hosted cloud infrastructure; (iii) Sinch’s corporate network and the non-public internal network, software, and hardware necessary to provide the Services and which is controlled by Sinch; in each case to the extent used to provide the Services. , (e), ", Restricted Transfer, " means a transfer of the Customer's Personal Data from Sinch to a sub-processor where such transfer would be prohibited by Applicable Data Protection Laws (or by the terms of data transfer agreements put in place to address the data transfer restrictions of Applicable Data Protection Laws) in the absence of appropriate safeguards required for such transfers under Applicable Data Protection Laws…, (f), ", Services, " means the services provided to the Customer by Sinch pursuant to the Principal Agreement. , (g), ", Standard Contractual Clauses, " means the latest version of the standard contractual clauses for the transfer of personal data to processors established in third countries under the GDPR (the current version as at the date of this DPA is as annexed to European Commission Decision 2021/914 (EU) of June 4, 2021). , (h), ", UK Addendum, " means the United Kingdom Addendum (International Data Transfer Addendum to the EU Commission Standard Contractual Clauses) set out at https://ico.org.uk/media/for-organisations/documents/4019539/international-data-transfer-addendum.pdf , (i), The terms ", consent, ", ", controller, ", ", data subject, ", ", Member State, ", ", personal data, ", ", personal data breach, ", ", processor, ", ", sub processor",, ", processing, ", ", supervisory authority, " and ", third party, " shall have the meanings ascribed to them in article 4 of the GDPR or the CCPA, in cases where CCPA is applicable., 2. Compliance with Applicable Data Protection Laws, (a) Sinch and the Customer shall each comply with the provisions and obligations imposed on them by the Applicable Data Protection Laws and shall procure that their employees and sub-processors observe the provisions of the Applicable Data Protection Laws, 3. Details and Scope of the Processing, (a) The Processing of the Customer’s Personal Data within the scope of the Agreement shall be carried out in accordance with the following stipulations and as required under Article 28(3) of the GDPR. The parties may amend this information from time to time, as the parties may reasonably consider necessary to meet those requirements. (i), Subject matter and duration of the processing of personal data:, The subject matter and duration of the processing of the personal data are set out in the Principal Agreement., , (ii), The nature and purpose of the processing of personal data:, Under the Principal Agreement, Sinch provides certain services such as messaging, email, voice calls and other communication services, as further detailed in the Principal Agreement, to the Customer which involves the processing of personal data. Subject to section 3(a)(iv), such processing activities include (a) providing the Services; (b) the detection, prevention and resolution of security and…, , (iii), The types of personal, d, ata to be processed:, The personal data submitted to Sinch’s network, the extent of which is determined and controlled by the Controller in its sole discretion, may include name, email, telephone numbers, IP address and other personal data included in the contact lists and message or call content., , (iv), Independent Data Controller Exclusion, : Notwithstanding any other provision herein, when processing personal data in the course of providing communication services as part of the Services, including the transmission and exchange of SMS via telecommunications networks and other messages and communications, including emails, voice, and other media via other communication platforms, regardless of whether Customer acts as a controller…, , (v), The categories of data subjects to whom the personal data relates:, Senders and recipients of email and sms messages, voice calls or other communication. (b) Sinch shall only process the Customer's Personal Data (i) for the purposes of fulfilling its obligations under the Principal Agreement and (ii) in accordance with the documented instructions described in this DPA or as otherwise instructed by the Customer from time to time. Such Customer's instructions…, 4. Controller and Processor, (a) For the purposes of this DPA, the Customer is the controller of the Customer's Personal Data and Sinch is the processor of such data, except when the Customer acts as a processor of the Customer's Personal Data, in which case Sinch is a sub-processor. (b) Sinch shall at all times have in place an officer who is responsible for assisting the Customer (i) in responding to inquiries…, 5. Confidentiality, (a) Sinch shall ensure that each of its, and sub-processors', personnel that is authorized to process the Customer's Personal Data is subject to confidentiality undertakings or professional or statutory obligations of confidentiality and are trained with the relevant security and Data Protection requirements. , 6. Technical and Organizational Measures, (a) Sinch shall, in relation to the Customer's Personal Data, (a) take and document reasonable and appropriate measures, as described in Annex 2, in relation to the security of the Sinch Infrastructure and the platforms used to provide the Services as described in the Principal Agreement, and (b) on reasonable request at the Customer's cost, assist the Customer in ensuring compliance with…, 7. Data Subject Requests, (a) Sinch provides specific tools in order to assist customers in replying to requests received from data subjects. These include our APIs and interfaces to search event data, suppressions, and retrieve message content. When Sinch receives a complaint, inquiry or request (including requests made by data subjects to exercise their rights pursuant to Applicable Data Protection Laws) related to…, 8. Personal Data Breaches, (a) Sinch shall notify the Customer without undue delay once Sinch becomes aware of a personal data breach affecting the Customer's Personal Data. Sinch shall, taking into account the nature of the processing and the information available to Sinch, use commercially reasonable efforts to provide the Customer with sufficient information to allow the Customer at the Customer's cost, to meet any…, 9. Data Protection Impact Assessments, (a) Sinch shall, taking into account the nature of the processing and the information available, provide reasonable assistance to the Customer at the Customer's cost, with any data protection impact assessments and prior consultations with supervisory authorities or other competent regulatory authorities as required for the Customer to fulfill its obligations under Applicable Data Protection…, 10. Audits, (a) Sinch shall make available to the Customer on reasonable request, information that is reasonably necessary to demonstrate compliance with this DPA. (b) Customer, or a mandated third party auditor, may upon written reasonable request conduct an inspection in relation to the Processing of the Customer’s Personal Data by Sinch and to the extent necessary according to Data Protections…, 11. Return or Destruction of the Customer's Personal Data, (a) The Customer may, by written notice to Sinch no later than at the time of termination of the Principal Agreement, request the return and/or certificate of deletion of all copies of the Customer's Personal Data in the control or possession of Sinch and sub-processors. Sinch shall provide a copy of the Customer’s Data in a form that can be read and processed further. (b) Within ninety…, 12. Data Transfers, (a) The Standard Contractual Clauses and, if required, the UK Addendum, having Sinch act as data importer with the Customer acting as data exporter are incorporated as part of this DPA. If Sinch’s arrangement with a sub-processor involves a Restricted Transfer, Sinch shall ensure that the onward transfer provisions of the Standard Contractual Clauses and/or UK Addendum are incorporated into…, 13. Sub-processing, (a) The Customer hereby gives a general authorization to Sinch to appoint sub-processors in accordance with this Paragraph 13 and Annex 1. Sinch will ensure that sub-processors are bound by written agreements that require them to provide at least the level of data protection required of Sinch by this DPA. The Customer also gives Sinch a specific authorization to continue to use those sub-…, Sub-processor List, ”)., Provided that the Customer subscribes to notifications of new sub-processors through the subscription mechanism found at, https://www.sinch.com/data-protection-agreement/sub-processors/, ,, Sinch shall notify the Customer, through such mechanism, thirty (30) days’ in advance of any intended changes concerning the addition or replacement of any Sub-processor. If, within ten (10) business days of receipt of that notice, the Customer notifies Sinch in writing of any objections on reasonable grounds to the proposed appointment, Sinch shall not appoint that proposed sub-processor until…, 14. Governing law and jurisdiction, (a) The parties to this DPA hereby submit to the choice of jurisdiction stipulated in the Principal Agreement with respect to any disputes or claims howsoever arising under this DPA, including disputes regarding its existence, validity or termination or the consequences of its nullity. (b) This DPA and all non-contractual or other obligations arising out of or in connection with it are…, 15. Order of precedence, (a) With regard to the subject matter of this DPA, in the event of inconsistencies between the provisions of this DPA and any other agreements between the parties, including the Principal Agreement and including (except where explicitly agreed otherwise in writing, signed on behalf of the parties) agreements entered into or purported to be entered into after the date of this DPA, the…, 16. Severance, (a) Should any provision of this DPA be invalid or unenforceable, then the remainder of this DPA shall remain valid and in force. The invalid or unenforceable provision shall be either (i) amended as necessary to ensure its validity and enforceability, while preserving the parties' intentions as closely as possible or, if this is not possible, (ii) construed in a manner as if the invalid or…, 17. Termination, (a) With the termination of the Principal Agreement, this DPA and the Standard Contractual Clauses will terminate upon the fulfillment of Sinch’s obligation to delete the personal data under processing in accordance with Paragraph 11. (b) Any amendment or variation to this DPA shall not be binding on the Parties unless set out in writing and signed by authorised representatives of each of…, Sinch, , The Customer, Signature: Signature: Name: Name: Title: Title: Date Signed: , ANNEX 1, STANDARD CONTRACTUAL CLAUSES, With regard to the Standard Contractual Clauses the Parties agree that: (a) Module 2 (Controller-to-Processor) will apply where Sinch acts as Customer's data processor; Module 3 (Processor-to-Processor) will apply where Sinch acts as Customer sub-processor. For each Module, where applicable: (b) Clause 7 (Docking clause) is incorporated; (c) For the purposes of Clause 9.a) (Use of sub-processors…, ANNEX 2, INFORMATION SECURITY - TECHNICAL AND ORGANIZATIONAL MEASURES, The Technical and Organizational Measures included within this Annex are measures that are applicable on the Service(s) provided by Sinch. If necessary, for the Service, Sinch may include further Technical and Organizational measures in the Service Order or Service, 1) Inventory of information and other associated assets , An inventory of information and other associated assets, including owners, is developed and maintained. An asset owner has been appointed for every asset within the inventory according to the asset tagging policy. , 2) Authentication information , The allocation and management of authentication information is controlled by a management process, which includes advising personnel on the appropriate handling of authentication information. In particular, Sinch: Do not limit the permitted characters that can be used. Password minimum 16 characters Do not use secret questions as a sole password reset requirement Require email…, 3) Access rights , , Access rights to information and other associated assets is provisioned, reviewed, modified and removed in accordance with the organization’s topic-specific policy on and rules for access control. In particular in Sinch: Access rights are reviewed quarterly. User accounts inactive for over 90 days are disabled Quarterly access reviews should be performed for all offices access systems…, 4) ICT readiness for business continuity , ICT readiness is planned, implemented, maintained and tested based on business continuity objectives and ICT continuity requirements. In particular, in Sinch: All Business Units have one or more Disaster Recovery Plans specifically aligned with the product offering. The DRP is tested annually through using Incident Simulation. , 5) Information security awareness, education and training, Personnel of the organization and relevant interested parties receive appropriate information security awareness, education and training and regular updates of the organization's information security policy, topic-specific policies and procedures, as relevant for their job function. In particuar, in Sinch: All employees completed within 3 weeks of start date All employees carried out ISA-…, 6) Capacity management , The use of resources is monitored and adjusted in line with current and expected capacity requirements. , 7) Protection against malware , Protection against malware is implemented and supported by appropriate user awareness. All endpoint devices should have EDR Endpoint detection., 8) Management of technical vulnerabilities, Information about technical vulnerabilities of information systems in use is obtained, Sinch’s exposure to such vulnerabilities is evaluated and appropriate measures are taken. In particular, in Sinch: Vulnerability Scan every 7 days. Apply security patches to all components of the application stack with severity score higher than “Medium“ as determined by the issuer of the patch within…, 9) Configuration Management , Configurations, including security configurations, of hardware, software, services and networks is established, documented, implemented, monitored and reviewed against the following standards: NIST 800-53 and CIS Controls. , 10) Information Backup , Backup copies of information, software and systems are maintained and regularly tested in accordance with the agreed topic-specific policy on backup. The backup routine at least specifies: Backup intervals (minimum weekly) Retention requirements Location for backup storage Extent of backup (e.g. data, configurations, full system backup) Backup strategy (e.g. online…, 11) Monitoring activities, Networks, systems and applications are monitored for anomalous behaviour and appropriate actions taken to evaluate potential information security incidents. Networks, systems and application are monitored for anomalous and malicious behaviour in order to detect potential security incidents. , 12) Network Security, , Networks and network devices are secured, managed and controlled to protect information in systems and applications. For instance, Sinch: Encrypt data at rest on servers, applications, and databases (AES256 Minimum). Encrypt data in transit (TLS 1.2 or higher). Appropriately logging and monitoring to enable recording and detection of actions that can affect, or are relevant to, information…, 13) System life cycle management, Rules for the secure development of software and systems are established and applied. For instance, in Sinch: The system is designed in a secure way utilizing threat modelling as required. There is a plan to maintain the system in line with the vulnerability management control There is an owner of the system There is a plan to replace the system (zero legacy policy) , 14) Security testing in development and acceptance, Security testing processes are defined and implemented in the development life cycle. SAST and vulnerability & secrets detection scans in CICD pipelines. If possible DAST No critical or high vulnerabilities remediated before available for customers Securely manage network infrastructure. All projects follow Product Release Security Checklists , 15) Measures for ensuring physical security of locations at which personal data are processed , Physical and environmental security measures have been implemented within Sinch. For instance, in Sinch: Security perimeters are defined and used to protect areas that contain information and other associated assets. Secure areas are protected by appropriate entry controls and access points. Physical security for offices, rooms and facilities are designed and implemented. Premises are…, 16) Measures for ensuring limited data retention , Measures to ensure limited personal data retention have been implemented. For instance, Sinch: Established a data retention policy, which clearly defines the specific types of data that will be collected, how long it will be retained, and when it will be deleted. Implemented automated deletion processes. Regularly reviews and updates the retention policy. Limits data collection to only what is…, 17) Measures for ensuring accountability , Appropriate technical and organisational measures have been implemented to meet the requirements of accountability. For instance, Sinch: Adopted and implemented data protection policies. Took a ‘data protection by design and default’ approach. Put written contracts in place with organisations that process personal data on Sinch's behalf. Documented its processing activities. Carried out data…, 18) Measures for allowing data portability and ensuring erasure , , Measures to allow the exercise of data subject rights are implemented within Sinch. For instance, Sinch: Erases personal data from back-up systems as well as live systems where necessary, and it clearly tells the individual what will happen to their data. Contacts each recipient to inform them about the erasure, if the personal data is disclosed to others, unless this is impossible or involves…, 19) Measures for ensuring data minimisation , Measures to minimize the amount of data processed are implemented. For instance, for each processing activity Sinch: Implemented measures that ensure that the collection of personal data is adequate, relevant and strictly limited to what is necessary in relation to the purposes for which they are processed. Has assessed that it cannot achieve the purposes of its processing activity with less…
Type: Legal page
Version 7 - Date of release: 7 July 2023., GENERAL TERMS AND CONDITIONS FOR SINCH SERVICES (“GTC”), , 1. DEFINITIONS, Capitalized terms are defined in the Glossary at the end of this document., 2. SUPPLY OF SERVICE AND RESTRICTIONS, 2.1 Supply of Service., Subject to the terms of the Agreement, SINCH will make the Service available to Customer., 2.2 Grant of Rights., SINCH grants to Customer a non-exclusive and non-transferable right to use the Service as permitted under the Agreement solely for the Customer’s internal business operations., 2.3 Acceptable Use Policy., With respect to the Service, Customer shall not: (a) except to the extent such rights cannot be validly waived by law, disassemble, decompile, reverse-engineer, copy, translate or make derivative works, (b) market, rent, sell, lease or use for non-civilian purposes, (c) transmit any content or data that is unlawful, including without limitation any unlawful voice calls, or infringes…, 2.4 Monitoring., SINCH may, but is under no obligation to, monitor use of the Service (only to the extent allowed by applicable law): (a) to comply with applicable law, regulation, or other governmental request or order including disclosing Customer Data in accordance with such law, regulation, request or order; (b) to verify Customer’s compliance with the Agreement; (c) to protect the integrity of…, 2.5 Compliance., Customer shall promptly provide any information as SINCH may request relating to Customer Data or Customer’s use of the Service: (a) to determine Customer’s compliance with the Agreement, and (b) in response to any request made by any regulatory or governmental or statutory body., 2.6 Operating Instructions., Customer shall comply, and use the Service in accordance, with the operating guidelines and policies relating to the use of the Services., 2.7 Suspension of Service., SINCH may suspend use of the Service: (a) as necessary to comply with applicable law or regulation; (b) to perform maintenance (whether planned or emergency) or repair to the SINCH Network; (c) if the use poses a threat to the integrity or continued operation of the SINCH Network or any part of it; (d) if the use is in breach of the Agreement or otherwise exposes SINCH to legal…, 2.8 Third Party Services and Application., The Service may include integrations with web services, software and/or application by third parties (other than SINCH or its Affiliates) that are accessed through the Service and subject to terms and conditions with those third parties., 2.9 Anti-Fraud, SINCH adopts measures to identify and prevent fraud and illegal practices during the use of the Service, including, without limitation, the verification of links inserted by the Customer during the use of the Service. SINCH does not represent that it will be able to block or prevent the transmission of fraudulent messages or voice calls. Customer is responsible for ensuring that its account is…, 3. SINCH RESPONSIBILITIES, 3.1 Provisioning., SINCH provides access to the Service as described in the Order Form., 3.2 Support., SINCH provides support for the Service as referenced in the Order Form., 3.3 Modifications., (a) The Service may be modified by SINCH. SINCH will inform Customer of modifications by email, the support portal, release notes, Documentation or the Service. The information will be delivered by email if the modification is not solely an enhancement. Modifications may include optional new features for the Service, which Customer may use subject to the then- current Supplement and…, 3.4 Excluded Events., Notwithstanding any provision to the contrary in the Agreement, SINCH shall not be liable for any failure to perform or any delay in performing an obligation under the Agreement if such failure or delay arises as a result of or in connection with the occurrence of an Excluded Event., 4. CUSTOMER RESPONSIBILITIES AND CUSTOMER DATA, 4.1 Customer Obligations., Customer shall: (a) comply with all laws and regulations applicable to it in connection with the Customer Data and Customer’s use of the Service, including but not limited to telecommunications laws and regulations, export control laws and regulations, economic, trade and financial sanctions laws, regulations, embargoes, restricted state lists or restrictive measures administered. (b)…, 4.2 Customer Data., Customer is solely responsible for all Customer Data. Customer (i) grants to Sinch (including its Affiliates and subcontractors) a nonexclusive, worldwide right to use, modify, adapt and process Customer Data to analyse, develop, test, and operate, provide and support the Services and/or any of products of SINCH and its Affiliates and (ii) acknowledges that neither SINCH, its Affiliates, nor…, 4.3 Personal Data., Customer will collect and maintain all Personal Data necessary to utilise the Service, and all required consents associated with such Personal Data, in compliance with applicable Data Protection Laws., 4.4 Co-operation, The Customer shall reasonably co-operate with SINCH in SINCH’s supply and support of a Service, including any diagnostic or other maintenance or upgrade activities., 4.5 Access and Security., Customer has the sole and exclusive responsibility for the installation, configuration, security (including firewall security), and integrity of all Customer facilities, systems, equipment, proxy servers, software, networks, network configurations and the like (the “Customer Equipment”) used in conjunction with or related to the Service(s) provided by SINCH, including, without limitation,…, 4.6 Disaster Recovery., Customer is solely responsible for all disaster recovery, business continuity and back up arrangements in respect of its own equipment and all of its Customer Data., 4.7. Test Account, . Sinch may make an account available to the Customer for the purposes of non-productive testing, demonstration and evaluation of certain Services. The terms of the Agreement shall govern the Customer’s use and access to such test account and test Services. The Customer shall ensure that the test account and test Services are used strictly for the purpose of non-production testing, demonstration…, 5. FEES AND TAXES, 5.1 Fees and Payment., Customer will pay fees as stated in the Order Form. For nonpayment, SINCH may, after prior written notice, suspend Customer’s use of the Service until payment is made. Customer cannot withhold, reduce or set-off fees owed during the Term. For any invoice the Customer fails to pay by its due date, interest will thereafter accrue on such unpaid amount at the maximum allowable rate. The fees payable…, 5.2 Taxes., Unless otherwise stated in an Order Form, fees and other charges imposed under an Order Form will not include taxes, including withholding taxes, all of which will be for Customer’s account. Customer is responsible for all taxes including withholding taxes, other than SINCH’s income and payroll taxes. If SINCH is required to pay taxes (other than its income and payroll taxes), Customer will…, 5.3 Set-off., SINCH may, without notice to the Customer, set-off any sums owed by the Customer under this Agreement and/or any other agreement with SINCH against any sums owed by SINCH to Customer regardless of the place of payment or currency of such obligations., 6. TERM AND TERMINATION, 6.1 Term., The Term is as stated in the Order Form., 6.2 Termination by Either Party., A party may terminate the Agreement: (a) upon thirty (30) days written notice of the other party’s material breach unless the breach is remedied during that thirty-day period; (b) as permitted under Sections 3.3(b), 6.3(b), or 8.1(c) (with termination effective thirty (30) days after receipt of notice in each of these cases); or (c) immediately if the other party files for bankruptcy…, 6.3 Termination by SINCH., In addition to the termination rights set out in Section 6.2, SINCH may also terminate the Agreement or any specific Service being affected at any time: (a) upon any termination of a network operator, third-party subcontractor, supplier, or interconnected carrier relationship with SINCH or its Affiliates or the discontinuance of support for equipment or a component of service necessary for…, 6.4 Effect of Expiration or Termination., Upon the effective date of expiration or termination of the Agreement: (a) Customer’s right to use the Service and all SINCH Confidential Information will end; (b) SINCH will cease providing the applicable Service; (c) Confidential Information of the disclosing party will be returned or destroyed as required in writing by the disclosing party; (c) Customer shall promptly pay to…, 6.5 Survival., Sections 1, 2.4, 2.5, 5, 6.4, 6.5, 8, 9, 10, 11, and 13 will survive the expiration or termination of the Agreement., 7. WARRANTIES, 7.1 Compliance with Law., Each Party warrants its current and continuing compliance with all laws and regulations applicable to it in connection with (i) in the case of Sinch, the operation of SINCH’s business as it relates to the Service and (ii) in the case of Customer, the Customer Data and the Customer’s use of the Services., 7.2 Disclaimer., Except as expressly provided in the Agreement, neither SINCH nor its subcontractors make any representation or warranties, and SINCH and its subcontractors disclaim all representations, warranties, terms, conditions or statements, which might have effect between the parties or be implied or incorporated into this Agreement or any collateral contract, whether by statute, common law or otherwise,…, 8. THIRD PARTY CLAIMS, 8.1 Claims Brought Against Customer., (a) SINCH will defend Customer against claims brought against Customer by any third party alleging that Customer’s use of the Service infringes or misappropriates a patent claim, copyright, or trade secret right. SINCH will indemnify Customer against all damages finally awarded against Customer (or the amount of any settlement SINCH enters into) with respect to these claims. (b) SINCH’s…, 8.2 Third Party Claim Procedure., (a) Customer will timely notify SINCH in writing of any claim. (b) SINCH will have the right to fully control the defense (and SINCH shall be free to delegate such claim to its third party insurer or indemnifier). (c) Customer shall fully cooperate in the defense of such claim and shall not undertake any action that is prejudicial to SINCH’s rights. (d) The Customer shall not…, 8.3 Exclusive Remedy., The provisions of Section 8 state the sole, exclusive, and entire liability of SINCH, its Affiliates, and subcontractors to Customer, and is Customer’s sole remedy, with respect to third party claims and to the infringement or misappropriation of third party intellectual property rights., 9. LIMITATION OF LIABILITY, 9.1 Unlimited Liability., Neither party will exclude or limit its liability for damages resulting from: (a) SINCH’s obligations under Section 8.1(a); (b) Customer’s obligations under any Indemnity; (c) unauthorised use or disclosure of Confidential Information; (d) fraud or fraudulent misrepresentation; (e) death or bodily injury arising from either party’s gross negligence or willful misconduct; (…, 9.2 Liability Cap., Subject to Sections 9.1 and 9.3, under no circumstances and regardless of the nature of the claim, shall the maximum aggregate liability of either party (or its respective Affiliates or SINCH’s subcontractors) to the other party or its Affiliates or any other person or entity (howsoever arising) under or in connection with this Agreement including (but not limited to) liability for breach of…, 9.3 Exclusion of Damages., Subject to Section 9.1: (a) Under no circumstances shall either party (nor its respective Affiliates or SINCH’s subcontractors) be liable to the other party or its Affiliates or any other person or entity (whether or not the other party had been advised of the possibility of such loss or damage) for any of the following types of loss or damage arising under or in relation to this Agreement (…, 9.4 Risk Allocation., The Agreement allocates the risks between SINCH and Customer. The fees for the Service reflect this allocation of risk and limitations of liability., 10. INTELLECTUAL PROPERTY RIGHTS, 10.1 SINCH Ownership., SINCH, its Affiliates or licensors own all intellectual property rights in and related to the Service, Documentation, design contributions, related knowledge or processes, and any derivative works of them, including any feedback Customer may provide to Sinch about the Service in connection with Customer’s use of the Service. All rights not expressly granted to Customer are reserved to SINCH, its…, 10.2 Customer Ownership., Customer retains all rights in and related to the Customer Data as between Customer and SINCH., 10.3 Non-Assertion of Rights., Customer covenants, on behalf of itself and its successors and assigns, not to assert against SINCH, its Affiliates or licensors, any rights, or any claims of any rights, in any Service or Documentation., 11. CONFIDENTIALITY, 11.1 Use of Confidential Information., (a) The receiving party will protect all Confidential Information of the disclosing party as strictly confidential to the same extent it protects its own Confidential Information, and not less than a reasonable standard of care. Receiving party will not disclose any Confidential Information of the disclosing party to any person other than its personnel or representatives or those of its…, 11.2 Exceptions., The restrictions on use or disclosure of Confidential Information will not apply to any Confidential Information that: (a) is independently developed by the receiving party without reference to the disclosing party’s Confidential Information; (b) is available to the public without breach of the Agreement by the receiving party; (c) at the time of disclosure, was known to the receiving…, 11.3 Compelled Disclosure, The receiving party may disclose Confidential Information pursuant to a lawful requirement or request from a court or governmental agency (including pursuant to of stock market rule or regulation); provided that prior to making any disclosure, the receiving party will (a) give the disclosing party written notice, to the extent commercially practicable and not otherwise prohibited by law,…, 11.4 Publicity., Neither party will use the name of the other party in publicity activities without the prior written consent of the other, except that Customer agrees that SINCH may use Customer's name and logo in customer listings or quarterly calls with its investors or, at times mutually agreeable to the parties, as part of SINCH's marketing efforts (including reference calls and stories, press testimonials,…, 12. DATA PROTECTION, Data Controller., The Customer acknowledges that SINCH shall act as an independent Data Controller with respect to the processing of Personal Data that is necessary to provide its communications services and carry out its necessary functions and business as a communication services provider, including necessary measures to prevent spam and fraud and measures for control, security, and maintenance of its network,…, 12.2 Data Processor., When SINCH processes Personal Data on behalf of the Customer (in accordance with Data Protection Law), SINCH can be qualified as a Data Processor and the Customer as a Data Controller as defined within this Agreement and the DPA applicable on the service. (a) The parties agree that, when SINCH acts as a Data Processor under applicable Data Protection Law, the DPA is applicable. (b) Each…, 13. MISCELLANEOUS, 13.1 Severability., If any provision of the Agreement is held to be invalid or unenforceable, the invalidity or unenforceability will not affect the other provisions of the Agreement., 13.2 No Waiver., A waiver of any breach of the Agreement is not deemed a waiver of any other breach., 13.3 Electronic Signature., Electronic signatures that comply with applicable law are deemed original signatures., 13.4 Regulatory Matters., SINCH Confidential Information is subject to export control laws of various countries. Customer will not submit SINCH Confidential Information to any government agency for licensing consideration or other regulatory approval, and will not export SINCH Confidential Information to countries, persons or entities if prohibited by export laws., 13.5 Notices., All notices will be in writing and given when delivered to the address set forth in an Order Form with copy to the legal department. Notices by SINCH relating to the operation or support of the Service, and as otherwise permitted in the GTC or an Order Form (including, but not limited to, those under Sections 2.7 and 5.1 of this GTC) may be in the form of electronic mail to Customer’s authorised…, 13.6 Assignment., Without SINCH’s prior written consent, Customer may not assign or transfer the Agreement (or any of its rights or obligations) to any party. SINCH may assign the Agreement to any of its Affiliates. Any attempted assignment in violation of the provisions of this Section will be void ab initio., 13.7 Subcontracting and use of Affiliates., SINCH may subcontract parts of the Service to third parties. SINCH is responsible for breaches of the Agreement caused by its subcontractors. Nothing shall prevent SINCH from delegating the performance of any or all of its obligations under this Agreement to any Affiliate., 13.8 Relationship of the Parties., The parties are independent contractors, and no partnership, franchise, joint venture, agency, fiduciary or employment relationship between the parties is created by the Agreement., 13.9 Rights of third parties., Except as specifically provided for in this Agreement, this Agreement does not give rise to any third party being a third party beneficiary of this Agreement or being entitled to any rights whatsoever, including, but not limited to, the right to enforce any term of this Agreement. Under this Agreement, any liability, loss or damage incurred or suffered by an Affiliate of SINCH in relation to the…, 13.10 Force Majeure., Any delay in performance (other than for the payment of amounts due) caused by conditions beyond the reasonable control of the performing party is not a breach of the Agreement. The time for performance will be extended for a period equal to the duration of the conditions preventing performance., 13.11 Anti-Corruption, The Parties, in addition to acting according to this Agreement, will comply with all Anticorruption and Bribery applicable legislation. Neither party nor its officers, directors, employees, agents, affiliates, delegates or representatives shall pay, offer or promise to pay or authorize the payment, directly or indirectly, of any money, gift, or any other type of favoring to an official or…, 13.12 Export Regulations, Customer acknowledges that the products delivered by SINCH under this Agreement may be controlled under applicable export and import control or sanctions laws and regulations and Customer may require an export or import license from a government authority to export, transfer or import any Hardware, Software or Documentation. Customer represents that it is not on any sanction lists such as the EU…, 13.13 Governing Law., If the Customer is located in: (a) Argentina, the Agreement is governed by the laws of Republic Argentina and the Parties chose the court of Buenos Aires, to resolve the questions or controversies arising from the Agreement, excluding any other, as privileged as it may be; (b) Australia, the Agreement and any claims relating to its subject matter will be governed by and construed under…, 13.14 Entire Agreement., The Agreement constitutes the complete and exclusive statement of the agreement between SINCH and Customer relating to the subject matter of the Agreement and supersedes all prior agreements, arrangements and understandings between the parties relating to that subject matter. Each party acknowledges that in entering into the Agreement it has not relied on any representation, discussion,…, Glossary, 1.1 “, Affiliate, ” means SINCH or any legal entity in which Customer or SINCH, directly or indirectly, holds more than fifty percent (50%) of the entity’s shares or voting rights. Any legal entity will be considered an Affiliate as long as that interest is maintained. 1.2 “, Agreement, ” means an Order Form and documents incorporated into an Order Form. 1.3 “, Confidential Information, " means (a) with respect to Customer: (i) Customer marketing and business requirements, (ii) Customer implementation plans, and/or (iii) Customer financial information, and (b) with respect to SINCH: (i) the Service, Documentation, and (ii) information regarding SINCH research and development, product offerings, pricing and availability. (c) Confidential Information of either SINCH or…, Customer Data, ” means any content, messages, data and/or information that Customer delivers or uploads to the SINCH Network or to a Service or provides via a Service. Customer Data and its derivatives will not include SINCH’s Confidential Information nor any usage data that arises or SINCH generates in the supply of the Service. 1.5 “, Data Controller, ” means given to it in the GDPR. 1.6 “, Data Processor, ” means given to it in the GDPR. 1.7 “, Data Processing Agreement, ” is the Data Processing Agreement (“, DPA, ”) applicable on the Services, and of which the most recent version can be found at https://www.sinch.com/data-protection-agreement/ . 1.8 “, Data Protection Law, ” means the relevant laws and other regulations applicable to the collection, use, storage, disclosure or otherwise processing personal data (such as but not limited to and as far as applicable the General Data Protection Regulation or the “, GDPR, ”), the California Privacy Rights Act (the “, CPRA, ”) and California Consumer Privacy Act (the “, CCPA, ”) and as further defined within the DPA. 1.9 “, Documentation, ” means SINCH's then-current technical and functional documentation as well as any service descriptions and roles and responsibilities descriptions, if applicable, for the Service which is made available to Customer with the Service. 1.10 “, Excluded Event(s), ” means any of the following: (i) a fault in, or any other problem associated with, systems not operated or managed by SINCH; (iii) any breach of the Agreement by the Customer or a third-party within the Customer’s direct control or any third party supplier to the Customer;(iv) any act by the Customer which interferes with or impedes the supply and support of the Service; (v) any suspension of…, General Data Protection Regulation, ” or “, GDPR, ” the General Data Protection Regulation (EU) 2016/679 of the European Parliament and the Council, as amended, supplemented and/or varied from time to time. 1.12 “, Indemnity, ” means any section within an Order Form, Supplement or GTC identified as an indemnity either by its wording or its heading. 1.13 “, Intellectual Property Rights, ” means copyrights, database rights, patents, patent applications, patent rights, trademarks, trademark applications, trademark registrations, trademark rights, trade secrets, rights in know-how and all other intellectual property and proprietary information rights as may exist now or hereafter come into existence under the laws of any country and all pending applications for and right to apply…, Order Form, ” means the ordering document for a Service that references the GTC. 1.15 “, Personal Data, ” information about an individual that is defined as “personal data” or “personal information” as defined within the DPA and, if necessary, further defined within in the applicable Data Protection Law, such as but not limited to the GDPR 1.16 “, Service, ” means any distinct service or services that SINCH provides pursuant to an Order Form including any support associated with such service or services. 1.17 “, SINCH Network, ” means the digital networks (wireless or otherwise), server(s), hardware, software and/or any other equipment that SINCH owns, operates or leases, in its sole discretion, in connection with the supply of the Service and including any extranet access provided by SINCH in connection with the supply of the Service. 1.18 “, Supplement, ” means the Supplemental Terms and Conditions that apply to the Service and that are incorporated in an Order Form. 1.19 “, Term, ” means the term identified in the applicable Order Form, including all renewals.
Type: Legal page