Emplifi Logo With Color

Emplifi Terms and Conditions

Last updated: December 1, 2022

These Terms and Conditions (“Terms”) contain the terms and conditions that govern your access to and use of the Emplifi Services and form a binding agreement between the Emplifi entity identified on the Order and/or the SOW (“we”, “us”, “our” or “Provider”) and you or the entity you represent identified on the Order and/or the SOW (“you” or “Customer”).

If the person accepting these Terms is doing so on behalf of a company or other legal entity identified as the Customer on the applicable Order and/or SOW, such person represents that he or she has the authority to bind the Customer to these Terms. If you do not have such authority, or if you or the Customer do not agree with these Terms, you must not accept these Terms and the Customer may not use the Services.

1. SaaS Services and Professional Services

1.1. We provide Software as a Service (“SaaS Services”) that is accessed through our proprietary software applications (“Software”). The SaaS Services are provided on a subscription basis for a minimum annual subscription term unless set out otherwise in your Order. We may also provide consulting, training, education, implementation, custom modification and configuration, and other works and services (“Professional Services”). The SaaS Services and Professional Services are together also referred to as “Services”.

1.2. These Terms are hereby incorporated into each binding purchase orders for the provision of the SaaS Services (each an “Order”) and Statements of Work for the provision of Professional Services (each a “SOW”) (collectively such Orders and SOWs, together with these Terms, are the “Agreement”).

1.3. Individual Orders set out the subscription term, scope of the SaaS Services, fees and payments terms for the SaaS Services and any other specific terms with respect to the SaaS Services. Individual SOWs set out the fees and payments terms for Professional Services as well as any terms applicable to the Professional Services such as milestones, deliverables, schedules, acceptance criteria, etc.

1.4. If there is any conflict between an Order and/or SOW and these Terms, terms provisions the documents will take precedence in the following order: the SOW then the Order then these Terms.

1.5. When you purchase subscription to the Services through our authorized reseller, the purchase terms of such authorized reseller that you accept when completing the purchase online or otherwise will govern your purchase except to the extent we are the provider of the Services in which case these Terms govern our obligations to you. In any case, you remain responsible for complying with the reseller’s purchase terms which shall prevail over Section 6 of the Terms.

2. Accepting these Terms

2.1. To use the Services, you must first agree to these Terms. You may not use the Services if you do not accept these Terms. Accepting or using the Services constitutes your acceptance of these Terms.

2.2. You may not use the Services unless you are legally bound to these Terms. We reserve the right to terminate the Agreement if (A) you are not of legal age to form a binding, non-rescindable, contract with Provider; (B) when signing on behalf of an entity, you are not authorized to legally bind your company or organization to such terms; or (C) you are a person or entity barred from receiving the Services under the laws of the country of the Provider’s principal place of business or the country in which you are resident or from which you use the Services.

3. Provision of the Services

3.1. Provider may have subsidiaries and affiliated legal entities in other countries that may serve as subcontractors or contact points with respect to the Services provided to you by Provider. Even where Provider’s subsidiaries or affiliates are your primary contact points, the Provider listed on your Order and/or the SOW will remain ultimately responsible for the provision of the Services and you waive any right to assert claims against such other entities with respect to the Services. In addition, we may use services of independent service providers/contractors who may provide certain services to you on our behalf.

3.2. Provider is constantly innovating the SaaS Services to provide the best possible experience for its users. You acknowledge and agree that the form and nature of the SaaS Services may change from time to time without prior notice to you as long as such change does not result in material degradation of the SaaS Services.

3.3. As part of this continuing innovation, you acknowledge and agree that Provider may permanently or temporarily stop providing SaaS Services (or any features within the SaaS Services) to you or to users generally at Provider’s sole discretion, without prior notice to you. If you have pre-paid the SaaS Services for a fixed period of time and (A) Provider stops providing the SaaS Services for any reason other than your breach pursuant to Section 11.3 A or legal requirement pursuant to Section 11.3 B; or (B) you terminate the Agreement for Provider’s material breach pursuant to Section 11.3 A; Provider will, as your sole and exclusive remedy, refund to you pro-rata the corresponding fees for Services already paid by you equivalent to the part or remainder of the term in which you will not use the Services.

3.4. You understand and agree that Provider may at its full discretion, without any liability to you and subject to giving you a prior notice, suspend access to your account for (A) delay with any payment (including delay resulting from your failure to provide billing details or failure to cooperate in order to enable Provider to issue a valid invoice within (fifteen) 15 days from the Service start date stipulated on your Order or SOW) or (B) other breach of the Agreement if such breach is material, and that in such case you may be prevented from accessing the Services, your account details or any files or other content which is contained in your account. If we suspend your access to the Services for delayed payment or other breach of the Agreement, and subsequently reactivate it (e.g. after the breach has been cured), you still remain obliged to pay the Services fees for the entire subscription term including the period for which you could not access the Services as a result of your default; you will not be entitled to any compensation or refunds (whether monetary or in the form of an extended subscription term) for the period for which you could not use the Services. Such suspension of Services shall not be considered a breach of the Agreement by Provider. Further, the foregoing shall not in any way prejudice or prevent Provider from exercising its right to terminate the Agreement for material breach pursuant to Section 11.3 of the Terms.

4. Your use of the Services

4.1. To access the SaaS Services, you or your individual end-users will be required to register into the Provider’s platform and provide identification, contact or similar details as part of the registration process for the SaaS Services or as part of your continued use of the SaaS Services.

4.2. You agree to use the Services only for purposes that are permitted by (A) the Terms; (B) any applicable law, regulation, generally accepted practices, or guidelines in the relevant jurisdictions (including any laws regarding the export of data or software to and from the EU, the United States or other relevant countries); and (C) any other applicable rules (including, without limitation and where applicable, Facebook, Twitter and other social media platform rules).

4.3. You agree not to access (or attempt to access) any of the Services by any means other than through the interface that is provided directly or indirectly by Provider, unless you have been specifically allowed to do so in a separate written agreement with Provider.

4.4. You agree that you will not engage in any activity that interferes with or disrupts the Services (or the servers and networks which are connected to the Services). In particular, you agree not to engage in the following acts or cause or permit others to do so:

a) Use the Services or any Content (as defined below) to violate applicable law or the Terms;

b) Permit a third party to access the Services except your affiliates permitted pursuant to an Order or SOW or otherwise approved by the Provider;

c) Sell, resell, rent, lease, distribute, assign or otherwise transfer the rights to the Services;

d) Modify, translate, or create derivative works of the Services except as permitted by Provider;

e) Use Services for timesharing or service bureau purposes or otherwise for the benefit of a third party;

f) Remove, obscure or alter any proprietary rights notices (including copyright and trademark notices) which may be affixed to or contained in the Services or their outputs;

g) Copy, modify, or create derivative works based on Content without written consent from the rightful owner of such Content;

h) Copy, frame, or mirror any part or content of the Services;

i) Reverse engineer, decompile, disassemble or otherwise attempt to discover the source code or underlying ideas or algorithms of the Services or Software;

j) Access the Services in order to build a competitive product or service, or copy any features, functions or graphics of the Services;

k) Create any link to the Services or frame or mirror the content contained on, or accessible from, the Services;

l) Use the Services to store or transmit infringing, libelous, or otherwise unlawful or tortious material, or to store or transmit material in violation of third-party privacy rights or copyright;

m) Use the Services to knowingly upload, store, transmit or distribute material containing software viruses, worms, Trojan horses or other malicious code, files, scripts, agents or programs that may damage the operation of the Services or third-party’s computer, property of information;

n) Interfere with or disrupt the integrity or performance of the Services or third-party data contained therein;

o) Perform any simulated attack, penetration test, denial of service simulation or similar vulnerability test or scan of the Services; or

p) Attempt to gain unauthorized access to the Services or their related systems or networks or unauthorized access to a third-party account or content created by or for another Provider’s customer.

4.5. The SaaS Services can be used by you only for your own internal business purposes or, if you are an agency providing data analytics, marketing or similar services to your clients, you may use the SaaS Services solely for the benefit of your clients notified to and approved by Provider. You may not use the SaaS Services for the benefit of any third parties not explicitly listed in the Order or otherwise approved by Provider.

4.6. You agree that you will not engage in any activity that may amount to the misuse of the Services or that seeks to circumvent the Services’ terms. For example, if Provider provides you with any portion of the Services as part of a trial, proof of concept (POC) or pilot, you may not engage in data mining or other excessive use of that portion of the Services, beyond what is permitted by the trial, POC or pilot of the Services (and as advertised for that portion of the Services at the time of the relevant promotion). Provider reserves the right to limit your activity on any of its trial, POC or pilot Services for any reason and without notice.

4.7. You agree that you are solely responsible for (and that Provider has no responsibility to you or to any third party for) any breach of your obligations under the Agreement and for the consequences (including any loss or damage which Provider may suffer) of any such breach by you or your clients. You are responsible for all acts and omissions of each individual end-user that you permit to use the Services.

4.8. You acknowledge that additional third-party fees (such as internet service provider fee, social media platform fee, fee for boosted or promoted posts on social media, third-party add-on fee or similar) may apply in connection with your use of the Services. Additional third-party fees are payable by you directly to the relevant third party and the relevant third party receiving such additional fees is responsible for the processing of such fees. You agree that you are solely responsible for payment of such fees or for maintaining appropriate level of funds where applicable. Provider has no responsibility to you or to any third party for payment of any such fees or for unavailability of Services due to your failure to do so.

4.9. You acknowledge that use of the Services in breach of this Section 4 will be considered a material breach of the Agreement, with all consequences resulting therefrom.

5. Your passwords and account security

5.1. You agree and understand that you and your end-users are responsible for maintaining the confidentiality of passwords or other login credentials associated with any account you use to access the Services. Accordingly, you agree that you will be solely responsible for all activities that occur under your account.

5.2. If you become aware of any unauthorized use of your password or of your account, you agree to notify Provider immediately.

6. Fees and taxes

6.1. The Services are provided by Provider for consideration. The fees applicable to your use of the Services are stipulated in your Order and/or the SOW which also set out the payment terms. Provider will invoice you for the Services in accordance with the terms stipulated on the Order and/or the SOW.

6.2. You agree to pay the applicable fees in accordance with an Order and/or SOW. Except as otherwise specified herein or in an Order or SOW, all fees are payable within 30 days, payment obligations are non-cancelable and fees paid are non-refundable, and quantities purchased cannot be decreased during the relevant subscription term stated on the Order and/or SOW.

6.3. Fees for the SaaS Services will be charged upfront in accordance with the Order. Fees for the Professional Services will be invoiced pursuant to milestones set out in the SOW. Customer shall make all payments due under the Order and/or SOW to us no later than by the due dates specified therein.

6.4. If any undisputed invoiced amount is not received by us by the due date, then without limiting our rights or remedies, those charges may accrue late interest at the rate of 1.5% of the outstanding balance per month, or the maximum rate permitted by law, whichever is lower.

6.5. Fees quoted in your Order and SOW exclude any and all applicable taxes, levies, duties or similar governmental assessments of any nature and similar fees (other than taxes solely based on our profit) now in force or imposed in the future on provision of the Services, including any sales, use or value added taxes, services tax or withholding tax, and you shall be responsible for payment of all such taxes and fees. If you are required by any applicable law to deduct or withhold amounts otherwise payable to us hereunder, you agree to pay the required amounts to the relevant governmental authority and pay to us, in addition to the payment to which we are otherwise entitled under the relevant Order or SOW, such additional amount as is necessary to ensure that the net amount actually received by us free and clear of all taxes equals the full amount we would have received had no such deduction or withholding been required.

6.6. No party shall have any right of holdback or set-off against any claims of the other Party under or in connection with the Agreement.

6.7. Provider is not responsible for the payment processing provided by any third party.

7. Content in the Services

7.1. You understand that all information such as, without limitation, electronic data files, written text, computer software, music, audio files or other sounds, photographs, and videos or other images (all such information referred to in these Terms generally as the “Content”) which you may have access to as part of, or through your use of, the Services are the sole responsibility of the persons from which such Content originated. Provider assumes no responsibility or liability for any Content not created by Provider. Content may include information including but not limited to links and/or excerpts that have been made public and obtained by Provider from the Internet and/or social media and any derivative works produced from such public information. You shall notify us in the event that you believe that the Content presented to you in the Services infringes third-party rights such as copyright. As between the parties, you retain ownership, copyright and any other intellectual property rights you hold in content which you submit, post, publish or distribute on or through the Services or otherwise provide to us through use of the Services (“Customer Content”). For the purposes of these Terms, Customer Content shall include any third-party Content submitted by you through the Services and you agree that (i) you are solely responsible for any use of such third-party Content and Provider is not responsible for your exploitation of such third-party Content and has no obligation to monitor or edit your use of any such third-party Content in connection with your use of the Services; and (ii) you shall be solely responsible for obtaining the necessary authorizations to use any third-party Content submitted by you through the Services.

7.2. You should be aware that Content presented to you as part of the Services, including but not limited to advertisements in the Services and sponsored Content within the Services (if any), may be protected by intellectual property, proprietary or privacy rights owned by the respective owners or advertisers who provide such Content to Provider (or by other persons or companies on their behalf). You may not modify, rent, lease, loan, sell, distribute or create derivative works based on such Content (either in whole or in part), unless you have been specifically told that you may do so by Provider or by the owners of that Content, in a separate written agreement.

7.3. You understand that by using the Services you may be exposed to Content that you may find offensive, indecent or objectionable and that, in this respect, you use the Services at your own risk.

7.4. You agree that you are solely responsible for (and that Provider has no responsibility to you or to any third party for) any Customer Content that you create, upload, transmit, publish or distribute while using the Services and for the consequences of your actions (including any loss or damage which Provider or third parties may incur and including any other legal liability, whether liability under civil, commercial, tort, penal or administrative law or any other legal theory) by doing so. We neither endorse nor assume any responsibility or liability for any Content or Customer Content, and any use of Content that may be subject to third party intellectual property, proprietary or privacy rights. You may not use the Services to intentionally transmit or make public infringing, libelous, or otherwise unlawful or tortious Content including Customer Content or to store, transmit or make public any Content including Customer Content in violation of third party’s intellectual property or similar rights. You shall indemnify and hold Provider harmless from all claims and all liabilities, costs, proceedings, damages and expenses awarded against, or incurred or paid by Provider as a result of or in connection with (A) your breach of any third party’s intellectual property or similar rights or (B) your breach of warranty under Section 7.5 or 10.5 below.

7.5. You confirm and warrant to Provider that you have all the rights, power and authority necessary to use any Customer Content that you submit through the Services. Provider may suspend your access or access of your individual end-users to the Services if you or your end-users repeatedly infringe intellectual property rights of third parties by submitting infringing Content through the Services. Provider respects the intellectual property rights of third parties and responds to allegations that third-party Content has been shared by Customer through Provider’s platform without authorization from the copyright holder in accordance with the safe harbor set forth in the Digital Millennium Copyright Act.

8. Proprietary rights

8.1. You acknowledge and agree that Provider (or Provider's licensors) owns all legal rights, title and interest in and to the Services, including any intellectual property rights which subsist in the Services (whether those rights happen to be registered or not, and wherever in the world those rights may exist).

8.2. These Terms are not a work made-for-hire agreement with regard to either party. Subject to the limited rights expressly granted hereunder, we reserve all rights, title and interests and all related intellectual property rights in and to the Services, reports generated through the Services and related documentation and any and all underlying Software, including modifications and derivatives created by us, databases, including data models, structures, data and aggregated statistical data contained therein. For the avoidance of doubt, if any reports or similar outputs from the Services generated by you through the use of the Service include Provider’s trade name, trademark, service mark, logo, domain name or other distinctive Provider’s brand features, their use in connection with that report is permitted and Section 4.4 (f) shall apply.

8.3. Other than the limited license set forth in Section 10, Provider acknowledges and agrees that it obtains no right, title or interest from you (or your licensors) under these Terms in or to any Customer Content that you submit, post, transmit, publish or distribute on, or through, the Services, including any intellectual property rights which subsist in that Customer Content (whether those rights happen to be registered or not, and wherever in the world those rights may exist). Unless you have agreed otherwise in writing with Provider, you agree that you are responsible for protecting and enforcing those rights and that Provider has no obligation to do so on your behalf.

8.4. Unless you have been expressly authorized to do so in writing by Provider, you agree that, in connection with the Services, you will not use any trademark, service mark, trade name, logo of any third-party company or organization in a way that is likely or intended to cause confusion about the owner or authorized user of such marks, names or logos.

9. License from Provider

9.1. Provider grants you a worldwide, royalty-free, non-assignable and non-exclusive right and license to access and use the SaaS Services, on a subscription basis, for the term and in the scope stipulated in your Order. Any SaaS Services unused during your subscription term (including but not limited to situations where you do not use the prepaid SaaS Services in full scope or if you do not use the prepaid SaaS Services for the full duration of the subscription term) shall expire at the end of the subscription term and cannot be transferred to consecutive terms or be refunded.

9.2. When using the Services, you may generate reports and/or other deliverables through your use of the Services. Provider grants you a worldwide, royalty-free, perpetual, non-assignable and non-exclusive right and license to access and use, reproduce, display, distribute, and create derivative works of, any reports or other deliverables that you generate through your use of the SaaS Services and any Professional Services deliverables. This is without prejudice to your ownership of Customer Content, where such Customer Content, or parts thereof, is included in the reports and/or other deliverables generated through the Services.

9.3. The license granted in this Section 9 is for the sole purpose of enabling you to use and enjoy the benefits of the Services as provided by Provider, in the manner permitted by these Terms (in particular Section 4) and the Order and/or SOW. You may not use the Services for the benefit of any third parties unless they are explicitly listed in the relevant Order or SOW or otherwise approved by Provider; if you are an agency, this means you are only permitted to use the Services for the benefit of the specific clients notified to and approved by Provider. You acknowledge that this is a SaaS agreement and that (A) the Software is not sold, and (B) we will not be delivering copies of the Software to you as part of the Services.

9.4. Unless Provider has given you specific written permission to do so or as permitted by Section 18.12, you may not assign (or grant a sublicense of) your rights, grant a security interest in or over your rights, or otherwise transfer any part of your rights granted hereunder.

9.5. You acknowledge that any breach of Section 9 by you or your end-users shall constitute a material breach of the Agreement, with all consequences arising therefrom.

10. Content license and permission tokens from you

10.1. You own your Customer Content and you grant us a non-exclusive, worldwide, terminable and royalty-free license during the term to use such Customer Content (including any third-party Content submitted by you through the Services) to the extent necessary to provide the Services to you pursuant to these Terms. This license includes the right to access and use such Customer Content in the manner permitted by these Terms.

10.2. If you provide, as part of your use of Provider’s Services or as part of the Customer Content which you submit, store, post, publish or distribute on or through the Services, any photograph or other materials protected by personality or privacy rights, you specifically agree that Provider may use such photograph or other materials for the sole purpose of providing the Services.

10.3. You understand that Provider, in performing the required technical steps to provide the Services to you, may (A) transmit or distribute your Customer Content over various public networks and in various media; and (B) make such changes to your Customer Content as are necessary to conform and adapt that Customer Content to the technical requirements of connecting networks, social media platforms, devices, services or media. You agree that this license shall permit Provider to take these actions.

10.4. You acknowledge that provision of Provider’s Services (or particular features within the Services) may be conditioned upon and subject to (A) you giving Provider appropriate access level to your social media content by providing respective social media platform access permissions; and (B) you having appropriate user permissions or roles within the respective social media platform. As a result, when using Provider’s Services, you may be required to grant Provider certain permissions (through a dedicated permission token or a similar permission mechanism) to allow the Services access specific information and perform the requested actions.

10.5. You confirm and warrant to Provider that you have all the rights, power and authority necessary to grant the above license, access and permissions to Provider.

10.6. You may choose to share any ideas, feedback or suggestions regarding the Services (“Feedback”) with us. To the extent you provide any Feedback to us, you hereby grant us a non-exclusive, perpetual, irrevocable, royalty-free, worldwide right and license (with the right to grant sublicenses) to use, make, sell and otherwise exploit in any manner such Feedback without payment of any compensation to you.

11. Ending your relationship with Provider

11.1. The Agreement will continue to apply during the term stipulated in your Order or SOW, or, if no such term is stipulated, until terminated by either you or Provider as set out below.

11.2. During the term stipulated in your Order or SOW, each party may only terminate the Agreement for reasons stipulated in Section 11.3.

11.3. Each of the parties may at any time terminate the Agreement if (A) the other party has materially breached any provision of the Agreement and failed to cure the breach (where such breach is capable of being cured) within a reasonable cure period provided by the other party, or has acted in a manner which clearly shows that it does not intend to or is unable to comply with the terms of the Agreement; or (B) a party is required to do so by law (for example, where the performance of the Agreement is or becomes unlawful); in addition, Provider may at any time terminate the Agreement if (C) the partner with whom Provider offered the Services to you, or whom Provider uses or whose cooperation Provider needs in order to offer the Services to you (such as the social media platforms), has terminated its relationship with Provider or ceased to offer its APIs, data, programs, application or services that are essential for the Services; or (D) Provider is transitioning to no longer providing the Services to users in the country in which you reside or from which you use the Services; or (E) the provision of the Services to you by Provider is, in Provider's opinion, no longer commercially viable. For the purposes of the Agreement, your failure to make timely payments under the Agreement will be considered a material breach of the Agreement if the due amount remains unpaid (fully or partially) more than 90 days after the payment due date. In the event you terminate the Agreement for a material breach by Provider as described in (A) above, or if Provider ceases to provide any part or all of the Services during the Agreement term for reasons stipulated in (C), (D) or (E) above, you shall not be required to make any payments for Services beyond the date of when you terminated the Agreement or when Provider ceased to provide the Services (as applicable). In the event you prepaid the Services, Provider shall in such cases refund the pro-rata proportion of the pre-paid fee.

11.4. When the Agreement ends, all of the legal rights, obligations and liabilities that you and Provider have benefited from, been subject to (or which have accrued over time whilst the Agreement has been in force) and/or which are expressed to continue indefinitely, shall be unaffected by this cessation, and the provisions of Section 18.11 shall continue to apply to such rights, obligations and liabilities indefinitely.

11.5. Further, you understand and agree that if you, despite the termination or expiration of the Agreement for any reason, continue using the Services (e.g. in a situation when your fixed-term order for the Services expires), the terms and conditions of the Agreement (including the payment terms) will continue to apply, and you undertake to pay for the use of the Services by you or your end-users in accordance with the agreed payment terms.

12. Warranties; Exclusions

12.1. Except as expressly stipulated otherwise in these Terms, the Services are provided “as is” and Provider, its subsidiaries and affiliates, and its licensors give no warranty with respect to them. Services features that interoperate with social media networks depend on the continuing availability of those social media network’s APIs, data, application, programs and services for use with the Service. If any social media network ceases to make its APIs, data, application, programs or services available on reasonable terms for the Service, Provider may cease providing such Service features upon reasonable prior written notice to you pursuant to Section 11.3 (C). Provider is not liable or responsible for the quality, accuracy or truthfulness of services or information obtained from social media networks and used within the Services or for interruption of access to such information caused by downtime or unavailability of the social media networks. Social media network content is not created or edited by Provider or its affiliates. Provider expressly disclaims and has no responsibility or liability for any social media network content that may be collected, received or created by you or your end-users in use of the Service.

12.2. In particular, Provider, its subsidiaries and affiliates, and licensors do not represent or warrant to you that (A) your use of the Services will meet your requirements; (B) your use of the Services will be uninterrupted, timely, secure or free from error; (C) any information obtained by you as a result of your use of the Services will be accurate or reliable; and (D) that defects in the operation or functionality of any Software used to provide the Services will be corrected.

12.3. NO CONDITIONS, WARRANTIES OR OTHER TERMS (INCLUDING ANY IMPLIED TERMS AS TO SATISFACTORY QUALITY, FITNESS FOR PURPOSE, MERCHANTABILITY OR NONFRINGEMENT) APPLY TO THE SERVICES EXCEPT TO THE EXTENT OTHERWISE EXPRESSLY SET OUT IN THE AGREEMENT.

12.4. Nothing in the Terms shall affect those statutory rights that you cannot contractually agree to alter or waive.

12.5. Professional Services Warranty. Professional Services will be performed in a professional manner consistent with generally accepted industry standards. Unless provided otherwise in an SOW, this warranty shall be valid for ninety (90) days after the performance of Professional Services. Customer’s sole and exclusive remedy and our sole and exclusive liability shall be the re­performance of the Professional Services.

13. Indemnification

13.1. We will defend any action brought by a third party against Customer to the extent that the action is based on a claim that a Service provided by Provider to Customer, and as used within the scope of these Terms, directly infringes such third party’s intellectual property rights, and we shall hold Customer harmless from any liability for any costs and damages ordered by a court as a result of such action or resulting from a monetary settlement thereof, provided that (A) Customer notifies us promptly in writing of the action (and all prior claims relating to such action), (B) we are given sole control of the defense and all negotiations for settlement or compromise of the action provided it releases Customer of all liability, and (C) Customer reasonably cooperates with us in such defense, including without limitation making available to us all relevant documents and other information in Customer’s possession and by making Customer personnel available to testify or to consult with us or our attorneys. We will have no obligation to indemnify the Customer for any third-party software procured by Customer as indicated on the Order. The claims against Provider based on this Section can be brought within one (1) year from the expiry or termination of this Agreement.

13.2. Customer shall defend us against any claim, demand, suit or proceeding made or brought against us by a third party alleging that Customer’s (i) uploading, provision, or use of any Customer Content (including any third-party Content submitted by Customer through the Services) and/or (ii) use of the Services is in breach of these Terms, infringes or misappropriates the intellectual property rights of a third party or violates applicable law, and shall indemnify us for any damages, attorney fees and costs incurred in connection therewith; provided we promptly give Customer written notice of the claim, demand or notice of suit or proceeding brought against us (provided that Customer may not settle the claim against us unless it releases us of all liability) and provide Customer with reasonable assistance at Customer expense.

13.3. We will have no liability or obligation with respect to any infringement or misappropriation claim based upon: (A) any use of the Services not in accordance with the Agreement or for purposes not intended by us, (B) any use of the Services in combination with other products, equipment, software or data not supplied by us (C) any modification of the Services made by any person other than us where such modification is not authorized by us, or (D) any use of the SaaS Services other than the most current version made available to Customer.

13.4. If the Services are likely to become the subject of an infringement or misappropriation claim, we may, at our sole option and expense, either: (A) procure for Customer the right to continue to use the said Services pursuant to these Terms; or (B) replace or modify said Services to make them non-infringing; or (C) terminate the applicable Order and/or SOW and Customer right to use the Services, and refund to Customer any unused pre-paid fees for said Services as of the date of termination. SECTIONS 13.1, 13.3 AND 13.4 STATE OUR ENTIRE LIABILITY AND CUSTOMER’S SOLE AND EXCLUSIVE REMEDY FOR INFRINGEMENT AND MISAPPROPRIATION CLAIMS AND ACTIONS BASED ON ANY SERVICES OR PRODUCTS PROVIDED BY US.

14. Limitation of liability

14.1. Nothing in the Agreement shall exclude or limit Provider's liability for losses which may not be lawfully excluded or limited by applicable law.

14.2. TO THE MAXIMUM EXTENT PERMITTED BY APPLICABLE LAW, WHATEVER THE LEGAL BASIS FOR THE CLAIM, PROVIDER WILL NOT BE LIABLE FOR ANY INDIRECT DAMAGES (INCLUDING, WITHOUT LIMITATION, SPECIAL, INCIDENTAL, OR CONSEQUENTIAL DAMAGES OF ANY KIND WHATSOEVER (INCLUDING, WITHOUT LIMITATION, ATTORNEYS' FEES), DAMAGES FOR LOST PROFITS OR REVENUES, BUSINESS INTERRUPTION, OR LOSS OF BUSINESS INFORMATION) DUE TO, RESULTING FROM, OR ARISING IN CONNECTION WITH THE AGREEMENT, INCLUDING, WITHOUT LIMITATION, PROVIDER’S PERFORMANCE OR FAILURE TO PERFORM.

14.3. Subject to overall provision in Section 14.1 above, Provider, its subsidiaries and affiliates, and its licensors shall not be liable to you for any indirect or consequential losses which may be incurred by you. Indirect and consequential losses shall include (A) any loss of profit (whether incurred directly or indirectly), loss of goodwill or business reputation, or any loss of data suffered by you; (B) loss or damage which may be incurred by you as a result of (i) any reliance placed by you on the completeness, accuracy or existence of any advertising, or as a result of any relationship or transaction between you and any advertiser or sponsor whose advertising appears on the Services; (ii) any changes which Provider may make to the Services, or for any permanent or temporary cessation in the provision of the Services (or any features within the Services); (iii) the deletion of, corruption of, or failure to store, any Content and other communications data maintained or transmitted by or through your use of the Services; (iv) your failure to provide Provider with accurate account information; (v) your failure to keep your password or account details secure and confidential.

14.4. The limitations of Provider's liability to you in Section 14.3 above shall apply whether or not Provider has been advised of or should have been aware of the possibility of any such losses arising.

14.5. Except for liabilities arising out of Provider’s breach of the obligations of confidentiality under Section 16 and Provider’s indemnification obligations hereunder, Provider's liability for damage incurred by you as a result of or in connection with the Services shall be limited to direct damages and shall not exceed the amount paid or payable by you to Provider for the Services giving rise to that liability during the last twelve months before the occurrence of Provider's liability (or amount corresponding to a twelve-month Service fee, as applicable). The parties agree that this limitation reflects the damage that can be foreseen at the time of conclusion of the Agreement between you and Provider, taking into account all circumstances the parties know or should know while exercising due care and that can arise from a breach of Provider’s obligations under these Terms.

15. Professional Services

15.1. This Section shall apply only if the parties have agreed that we will provide Professional Services to Customer as indicated on an SOW. Customer shall provide us with all information, access, and full good faith cooperation necessary to provide Customer with Professional Services and shall fulfill what is identified on the SOW as Customer’s responsibility. If Customer fails or delays performance, we will be relieved of all obligations to the extent that the obligations are dependent upon such performance. You will reimburse us for all actual and reasonable travel and out-of-pocket expenses incurred as a result of any Professional Services provided.

16. Confidentiality

16.1. Definition of Confidential Information. As used herein, “Confidential Information” means all information disclosed by a party (“Disclosing Party”) to the other party (“Receiving Party”), whether orally or in writing, that is designated as confidential or that should reasonably be understood to be confidential given the nature of the information and the circumstances of disclosure. Except as expressly authorized, the Receiving Party will hold in confidence and not use or disclose any Confidential Information. However, Confidential Information shall not include any information that (A) is or becomes generally known to the public without breach of any obligation owed to the Disclosing Party; (B) was rightfully in its possession or known to the Receiving Party prior to its disclosure by the Disclosing Party without breach of any obligation owed to the Disclosing Party; (C) is rightfully received by a third party without breach of any confidentiality obligation; (D) was independently developed by employees of Receiving Party; or (E) is required to be disclosed in order to enforce these Terms or pursuant to a regulation, law or court order (but only to the minimum extent required to comply with such regulation or order and with advance written notice to the Disclosing Party to the extent legally permitted).

16.2. Both Parties hereby agree, during the term of the Agreement and for a period of three years thereafter, to maintain as confidential all material, non-public Confidential Information, which it learns about the Disclosing Party as a result of its respective performance under these Terms and, except as may be required by applicable law or regulation, to refrain from disclosing any Confidential Information to any third party and to disclose such Confidential Information only to those agents, employees, representatives and professional advisors of the Receiving Party and/or its affiliates who have a need to know such Confidential Information for purposes of the Agreement.

16.3. The Receiving Party may disclose Confidential Information of the Disclosing Party to the extent compelled by law to do so, provided the Receiving Party gives the Disclosing Party prior notice of the compelled disclosure (to the extent legally permitted) and reasonable assistance, at the Disclosing Party's cost, if the Disclosing Party wishes to contest the disclosure. If the Receiving Party is compelled by law to disclose the Disclosing Party’s Confidential Information as part of a civil proceeding to which the Disclosing Party is a party, and the Disclosing Party is not contesting the disclosure, the Disclosing Party will reimburse the Receiving Party for its reasonable cost of compiling and providing secure access to that Confidential Information.

17. Changes to the Agreement

17.1. Any changes to the Agreement shall be made by a written amendment and shall be effective once both parties have signed such amendment.

18. General provisions

18.1. Sometimes when you use the Services, you may (as a result of or through your use of the Services) use a service or download a piece of software or purchase goods, which are provided by another person or company. Your use of these other services, software or goods may be subject to separate terms between you and the company or person concerned. If so, the Agreement does not affect your legal relationship with these other companies or individuals and you remain responsible for complying with the terms of use of such third party' services, software or goods. If you use third parties' services, software or goods while using the Services, you declare that you act in compliance with their terms of use. In particular, if you use Facebook, Twitter or YouTube while using the Services, you must comply with the applicable Facebook (https://www.facebook.com/terms.php), Twitter (https://twitter.com/en/tos), YouTube (https://www.youtube.com/t/terms), Instagram (https://help.instagram.com/581066165581870/) or Google (https://policies.google.com/privacy) rules in versions effective as of the date of use of such services.

18.2. The Agreement constitutes the entire agreement between you and Provider and govern your use of the Services (excluding any services which Provider may provide to you under a separate written agreement), and completely replace any prior agreements between you and Provider in relation to the Services.

18.3. You agree that Provider may provide you with notices by email or regular mail; technical notices may be posted on the Services website. All legal notices addressed to Provider shall be in writing and shall be sent via certified or registered mail (with a copy sent via e-mail), return receipt requested, or overnight courier service. Notices shall be addressed to Emplifi, Inc., 4200 Regent Street, Suite 200, Columbus OH 43219, United States and an e-mail copy to legal@emplifi.io.

18.4. We may identify you as our customer in our marketing materials and issue a press release identifying you as our customer and describing your intended utilization and benefits that you expect to receive from the use of our products and services. The content of any such press release identifying you as our customer shall be subject to your prior approval, which shall not be unreasonably withheld.

18.5. Each party hereby waives any right to a jury trial in connection with any action or litigation in any way arising out of or related to these Terms and/or any Order or SOW concluded under these Terms.

18.6. During the term of the Order/SOW and or a period of 6 months following the termination or expiration of the Order/SOW (the “Restricted Period”), neither party shall solicit the employment of or otherwise entice away from the employment of the other party any individual employee or independent contractor employed or engaged by such other party during the Restricted Period without the prior written consent of such party. Nothing in this Section 18.6 shall restrict a party from (A) making any general solicitation of employment that is not specifically directed at any employee of the other party; or (B) hiring any employee of the other party following a reverse solicitation by that employee. This section will not apply in the event we should cease conducting all business operations.

18.7. You understand and acknowledges that we may be subject to laws and regulations that prohibit export or diversion of certain software and technology to certain countries (“Export Laws”). You will comply with the Export Laws in effect from time to time as they relate to all aspects of these Terms and our Services and Software.

18.8. Except for performance of a payment obligations, neither party will be responsible for any failure to perform or delay in performing any of its obligations under the Terms where and to the extent that such failure or delay results directly or indirectly from an event beyond such party’s reasonable control.

18.9. The parties agree that if one of them does not exercise or enforce any legal right or remedy which is contained in the Terms (or which such party has the benefit of under any applicable law), this will not be taken to be a formal waiver of such party’s rights and that those rights or remedies will still be available to it.

18.10. If any court of law, having the jurisdiction to decide on this matter, rules that any provision of the Terms is invalid, then that provision will be removed from the Terms without affecting the rest of the Terms. The remaining provisions of the Terms will continue to be valid and enforceable.

18.11. The Agreement, and your relationship with Provider under the Agreement, shall be governed by, and construed and enforced in accordance with, the laws of the State of Delaware, and any applicable federal laws of the United States, without regard to conflict of law principles thereunder, and the parties agree to submit to the jurisdiction of the state or federal courts of the State of Delaware to resolve any legal matters arising from the Terms. Notwithstanding this, you agree that Provider shall still be allowed to apply (A) for payment orders (or otherwise enforce payment for Services provided under the Agreement) in the jurisdiction in which you have your registered seat or principal place of business, and (B) for injunctive remedies (or an equivalent type of urgent legal relief) in any jurisdiction. Each party hereby waives any right to a jury trial in connection with any action or litigation in any way arising out of or related to the Order, SOW or these Terms.

18.12. Neither Party may assign any of its rights nor delegate any of its duties under these Terms without the prior written consent of the other Party, which consent will not be unreasonably withheld, provided that Provider may use independent service providers/contractors to deliver Services as provided in Section 4.1. Any unauthorized assignment of these Terms will be null and void. Notwithstanding the foregoing, either party may assign these Terms in its entirety (including Orders, SOWs and Annexes), without consent of the other Party, to the acquiring person in connection with a merger, acquisition, corporate reorganization, or sale of all or substantially all of its assets not involving a direct competitor of the other Party. A Party’s sole remedy for any purported assignment by the other Party in breach of the paragraph shall be, at the non-assigning Party’s election, termination of the Order, SOW and these Terms upon written notice to the assigning Party. Subject to the foregoing, these Terms shall bind and inure to the benefits of the Parties, their respective successors and permitted assigns.

18.13. Schedules, Annexes and Exhibits to these Terms are hereby incorporated into these Terms and binding on both parties.

Schedule A – Service Level Agreement

Schedule B – Data Security Schedule

Schedule C – Data Privacy Schedule

Schedule A – Service Level Agreement

This Schedule A – Service Level Agreement (“SLA”) forms part of the Terms.

Service Availability

Provider will provide the availability of the SaaS Services at 99.5% of time 24 hours a day, 7 days a week, 365 days a year. The percentage of the Services availability time is calculated on a monthly basis as follows:

Standard Support

Any customer support requests are to be sent to the e-mail address support@emplifi.io.

Maximum 3-hour first-response time including approach and scheduled timing is guaranteed by Provider’s Customer Support for requests sent in the standard business hours. Standard business hours are: Monday – Friday (24 hours a day).

In case of exceeding the deadline, compensation in the form of days of Service added to the end of the Service subscription term, at no charge to Customer, will be applicable. The compensation scheme based on the scheduled timing after first response is as follows:

Compensation

In case of full-service unavailability, compensation in the form of days of Service added to the end of the Service subscription term, at no charge to customer will be applicable. The compensation scheme based on the real service availability during each calendar month is as follows:

Schedule B – Data Security Schedule

This Data Security Schedule, including any appendix hereto (the “Data Security Schedule”) forms part of the Terms. Capitalized terms used in this Data Security Schedule that are not defined herein shall have the same meanings as in the underlying Terms. The parties wish to set forth in this Data Security Schedule the additional security requirements with respect to data within the Services.

We have implemented and will maintain appropriate technical and organizational measures, internal controls, and information security routines in accordance with good industry practice and having regard to the state of technological development to protect your data against accidental loss, destruction, or alteration; unauthorized disclosure or access (including but not limited to taking reasonable steps to ensure the reliability of employees having access to your data and providing for limited access rights and access controls; authentication; personnel training; regular back up; data recovery and incident management procedures; restrictions on storing, printing and disposal of personal data; software protection of devices on which personal data are stored; etc.); or unlawful destruction.

Our Commitments

  • Engagement of experienced, professional engineers and security specialists dedicated to ensure that we provide round-the-clock data and systems protection

  • Continuous deployment of proven, up-to-date technologies

  • Ongoing evaluation of emerging security developments and threats

  • Commitment to quality and scalability

1. Measures of encryption

Databases and production data at rest are protected with AES 256 compliant level of encryption.

Products using HTTPS connection with supported TLS 1.2 only protocols.

2. Measures to ensure confidentiality

a. Admission Controls (to prevent unauthorized persons from gaining physical access to data processing facilities with which personal data are processed or used)

Both AWS (https://aws.amazon.com/compliance) and our development offices implemented security control of reception desk, security agency, CCTV systems, access cards, visitor log, policies and restricted access, lockable desks and areas, etc. under ISO 27001 compliance and certification.

b. Entry Control (to prevent data processing systems from being used without authorization)

Need to know and least privilege basis are implemented with approval, review and audit procedures.

c. Access Control (to ensure that persons entitled to use a data processing system have access only to the data to which they have a right of access, and that personal data cannot be read, copied, modified or removed without authorization in the course of processing or use and after storage)

Access is granted on need to know and least privilege basis implemented with approval procedure, implemented revisions and audit procedures.

d. Separation Control (to ensure that data collected for different purposes and/or different controllers can be processed separately)

All customers’ data are strictly separated in our databases based on unique IDs associated with every customer and product. Thanks to usage of ACL and unique user (customer) authorization it is ensured that customer's data are only visible to dedicated customers and no others.

3. Measures to ensure integrity

Various set of validation and controls performed, e.g., change control, revision of audit trails, evaluation of technology used from IT/DevOps/Security and Legal aspect, archiving and business continuity.

4. Measures to ensure and restore availability, data erasure

We maintain business continuity protection plan that minimizes the impact of disruptions to its own as well as customers' businesses and data, provides coordinated responses to potential or actual disruptions, and coordinates restoration activities once a disruption has ended. Such plan includes: (a) disaster backup and recovery plans for critical information technology infrastructure (data centers, hardware, software, power systems, etc.) and critical communications links and plans to restore production capability, and (b) business continuity plans for critical personnel, equipment, facilities, and third-party providers.

Our products are governed by an applicable SLA. It addresses (i) availability of the products; (ii) response times to any tickets raised; (iii) service credits for both the unavailability (downtime) and for delays in response.

Retention and disposal policies are defined for all media types. Retention period for customer data is, depending on the Service or Service feature used by you, 30 to 90 days after the expiration of the contract. We can address individual data retention and deletion requests in compliance with the GDPR.

5. Measures to ensure resilience of processing systems and services

We have implemented the best industry standards (e.g., malware protection, vulnerability management, encryption, awareness, multi-factor authentication, etc.) that ensure compliance with industry standard requirements, such as, depending always on the Service or Service feature used by you, ISO 27001, 27701, SOC 2 Type II, PCI-DSS and HITRUST requirements.

Business continuity protection plans, including disaster backup and recovery plans and business continuity plans for critical personnel, equipment, facilities, and third-party providers, are implemented (see Section 4).

We perform continuous vulnerability scanning and penetration testing. Any vulnerabilities that are found are categorized (Critical, High, Medium, Low) and their remediation prioritized based on severity.

Penetration tests are performed for all major releases and at least annually.

6. Process for regular testing, assessing and evaluating effectiveness of technical and organisational measures

We have implemented both internal and external audits to conform with requirements of industry standards such as, depending always on the Service or Service feature used by you, ISO 27001, 27701, HITRUST, PCI-DSS and SOC 2 Type II. Continuous vulnerability scans and penetration tests are performed.

Schedule C – Data Privacy Schedule

This Data Privacy Schedule, including any appendix hereto (the "Data Privacy Schedule") forms part of the Terms. Capitalized terms used in this Data Privacy Schedule that are not defined herein shall have the same meanings as in the underlying Terms. The parties wish to set forth in this Data Privacy Schedule the additional privacy requirements with respect to Personal Data processed within the Services.

We are serious about privacy of all individuals who use our Services or whose personal data we process.

  • When we process your Customer Private Data (as defined below in Annex 1) in order to provide our Services to you, we process such personal data as your data processor, on your behalf and pursuant to your instructions. The data processing agreement in Addendum to this Data Privacy Schedule shall regulate the processing of such personal data.

  • We may also process your personal data to administer the Service and communicate with you, to provide a better user experience, inform you of new Services or Service features, and, in limited circumstance, to protect the Services and our rights. The nature and extent of processing, the type of personal data processed, the purposes and legal basis on which we process personal data as a data controller, the organizational and technical measures that we implemented to ensure the security of processing, as well as data subject’ rights, are described in detail in our Privacy Policies available at https://emplifi.io/legal/privacy-policy, https://emplifi.io/legal/social-marketing-cloud/privacy-policy-oct-21 and https://www.goinstore.com/privacy-policy/.

  • Data collected from you or your end-users may be transferred to, and stored and processed in, the United Kingdom, United States, Canada or any other country outside the EEA in which we or our affiliates, or subcontractors, suppliers or vendors maintain facilities, subject to us implementing such appropriate legal mechanisms as required by applicable law to ensure an adequate level of personal data protection by us and our third-party processors, such as, to the extent applicable, the Standard Contractual Clauses approved by the European Commission for data transfers from the EU to the USA and/or other third countries.

  • We may use aggregated and anonymized data derived from the data provided by you or collected by the program analytics such as user behavior and activities for our own statistics, for auditing, for the purposes of product and market research and analytics (which help us to optimize and improve our Services and their usability, the range of Services, and to develop new technologies, products and services), and for benchmarks and other analyses. We may publish such anonymized data and share them with third parties; however, we will not directly or indirectly transfer any data received from you to (or use such data in connection with) any ad network, ad exchange, data broker, or other advertising or monetization related toolset.

Addendum to Data Privacy Schedule – Data Processing Agreement

1. Preamble

This Addendum to Data Privacy Schedule – the Data Processing Agreement (“DPA”) shall only apply if we provide to you Services or Services’ features within which we only have access to certain personal data because you give us your permission, authorization, token or other mechanism that allows us to access, collect or otherwise process such data, and thereby instruct us to process such personal data on your behalf, for example:

  • Customer experience services, features and capabilities under Emplifi Social Marketing Cloud, Social Commerce Cloud, Service Cloud, Voice of Customer Services and Live Advisor Software as a Service, which involve the access by Provider to, and storing and management of, communication between you and your customers, prospects, employees, followers or any other persons interacting with you through various non-public communications channels (e.g., Facebook messages, phone, e-mail, SMS, live chat); or

  • Private and proprietary data not publicly available that are submitted by you or on your behalf to the Services, or made accessible by you or on your behalf to Provider for the purpose of providing the Services, such as data from your internal management systems (e.g., CRM, IMS, internal knowledge bases); or

  • Content including personal data of social media users that is managed through User Generated Content Services; or

  • Any other personal data that you entrust to us for processing on your behalf, by specific instruction, where such processing is necessary for us to provide our Services

(“Customer Private Data”).

As a data controller with respect to Customer Private Data, you are responsible for the lawfulness of such processing, including the requisite legal titles (consents or other, as may be applicable) for processing. Further, if you instruct Provider to make Customer Private Data available to, or share your data with, your other service providers, for example by connecting your Provider account with the accounts you have with your other service providers, you remain responsible for implementing the requisite legal measures (such as a data processing agreement between you and your other service provider) for the processing of the Customer Private Data you instruct us to furnish to your other service provider. Provider is not liable for any misprocessing of data that could occur by your provision of the Customer Private Data to Provider or your instruction to Provider to process such Customer Private Data on your behalf.

This Addendum does not apply in situations where we collect and process personal data as a data controller (see our Privacy Policy for further details).

2. Definitions

2.1 “CCPA” means the California Consumer Privacy Act of 2018, Civil Code sections 1798.100 et seq.;

2.2 “GDPR” means the Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation);

2.3 “PIPEDA” means the Personal Information Protection and Electronic Documents Act (S.C. 2000, c. 5);

2.4 “Services” means, for the purpose of this DPA, the types of Services or their features the Provider provides to you under the Terms as your data processor, as specified in the Preamble of this DPA;

2.5 “Standard Contractual Clauses” means Commission Decision 2010/87/EU of 5 February 2010 on standard contractual clauses for the transfer of personal data to processors established in third countries under Directive 95/46/EC of the European Parliament and of the Council and Commission Implementing Decision (EU) 2021/914 of 4 June 2021 on standard contractual clauses for the transfer of personal data to third countries pursuant to Regulation (EU) 2016/679 of the European Parliament and of the Council, as applicable.

The terms “personal data”, “processing” and “data subject” shall have the meaning ascribed to them in the GDPR. The term “personal data” includes “personal information” as defined in the CCPA and PIPEDA; the term “data subject” includes “consumer” as defined in the CCPA.

3. Object / Scope of the processing

3.1 The object/scope of this DPA is the processing of Customer Private Data in connection with the provision of the Services specified in this DPA.

4. Duration

4.1 The duration of this DPA shall correspond to the term of your subscription to Provider’s Services.

5. Specification of Processing (nature, purpose, type of personal data and categories of data subjects)

5.1 The nature and purpose of the intended processing are defined in the Terms and correspond to the provision of the Services defined in this DPA.

5.2 Each transfer of Customer Private Data outside of the EU/EEA shall only take place if the specific conditions as laid down in Art. 44 et seq. GDPR have been fulfilled. All transfers of personal data out of the EU, EEA, United Kingdom, and Switzerland under this DPA, unless based on the European Commission’s adequacy decision, shall be governed by the applicable Standard Contractual Clauses. Standard Contractual Clauses available at https://www.emplifi.io/legal/sccs, to the extent applicable to the parties, are incorporated hereby by reference.

5.3 The types of Customer Private Data processed under this DPA and categories of data subjects are specified in this DPA. As a principle, the scope of Customer Private Data is determined and controlled by you in your sole discretion (as the data controller) and may include, without limitation:

  • 5.3.1 Any personal data that your customers, prospects, employees, followers or any other persons interacting with you through various communications channels share with you through our Services. Such personal data may include, without limitation, unique end-user identifiers (such as IP addresses or their parts), data subjects’ contact information (such as name, address, company, email, telephone), identification data (date of birth), likeness; videos of conversations with Customer’s customers, information about orders (such as reference numbers, receipts, cost), complaints and other information relating to the data subjects’ activities and contents of your conversations with them.

  • 5.3.2 Private and proprietary data not publicly available that are submitted by you or on your behalf to the Services or made accessible by you or on your behalf to Provider for the purpose of providing the Services, such as data from your internal management systems (e.g., CRM, IMS, internal knowledge bases). Such personal data may include your customer data (such as name of customers, purchases, shipping addresses and contact information), employees data identification, Customer’s employee’s performance metrics, contact information, responsibilities, etc.). The scope of personal data varies depending on the databases or inputs received from you.

  • 5.3.3 Information about data subjects’ behavior on Provider’s platform and/or on social media, service performance and use metrics.

  • 5.3.4 Details about your customers or website visitors as well as third party social media posts that may include personal data.

  • 5.3.5 The exact scope of personal data processed is further set out in Annex 1 to this Addendum. The scope will always depend on the specific Service you use and how it is setup and implemented, all which you have a control of.

6. Technical and Organizational Measures

6.1 Taking into account the state of the art, the costs of implementation and the nature, scope, context and purposes of processing as well as the risk of varying likelihood and severity for the rights and freedoms of natural persons, we are obliged to implement appropriate technical and organizational measures in such a manner that the processing of Customer Private Data will meet the requirements of applicable data protection laws and this DPA.

6.2 We have implemented technical and organizational measures as specified in the Data Security Schedule above. You hereby acknowledge and agree that these measures are appropriate and sufficient to conform to the applicable data protection laws.

7. Rectification, restriction, access and erasure of data

7.1 We will only erase or block Customer Private Data upon instruction issued by you. In case of requests regarding the rectification, restriction or the erasure directly addressed to us by a data subject, we will inform you about such request without undue delay.

7.2 Where appropriate we will assist and support you in fulfilment of your obligations under the GDPR, CCPA, PIPEDA and other applicable data protection laws to respond to requests for exercising the data subject’s right, in particular the ‘right to be forgotten’, rectification, restriction, data portability, information and access rights.

7.3 You hereby agree that Provider shall not be liable if you do not take action on the data subject’s request, or if you do not respond correctly or in a timely manner.

8. Our obligations

8.1 We undertake to:

  • 8.1.1 Process the Customer Private Data within the Services specified in this DPA only on documented instructions from your and only for the specific purpose of providing the Services under the Terms unless processing is required by applicable laws to which we are subject to, in which case we shall, to the extent permitted by applicable laws, inform you of that legal requirement before the relevant processing of that Customer Private Data. We shall not retain, use or disclose the Customer Private Data processed on your behalf for any purpose other than for the specific purpose of providing the Services.

  • 8.1.2 Inform you if we consider that an instruction violates data protection laws or regulations. We shall then be entitled to suspend the execution of the relevant instructions.

  • 8.1.3 Keep the Customer Private Data confidential and ensure that persons authorized to process the Customer Private Data have committed themselves to confidentiality or are under an appropriate statutory obligation of confidentiality.

  • 8.1.4 Taking into account the nature of the processing, assist you by implementing and maintaining appropriate technical and organizational measures, insofar as this is possible, for the fulfilment of your obligation to ensure an appropriate level of security and to respond to requests for exercising the data subject's rights.

  • 8.1.5 Assist you in ensuring compliance with the obligations pursuant to Articles 32 to 36 of the GDPR taking into account the nature of processing and the information available to us.

  • 8.1.6 Notify you without undue delay after becoming aware of a personal data breach in relation to the personal data processed on your behalf.

  • 8.1.7 Not sell, as defined in the CCPA, the Customer Private Data processed on your behalf.

  • 8.1.8 At your choice, delete or return all Customer Private Data to you after the end of the provision of Services relating to processing, and delete existing copies unless applicable law requires storage of the personal data.

  • 8.1.9 Make available to you information necessary to demonstrate our compliance with the obligations laid down in this DPA.

9. Sub-processing

9.1 We shall engage another processor (i. e. a sub-processor) only in accordance with this DPA. The mechanism hereby stipulated shall be considered a general written authorization from you (pursuant to Article 28 par. 2 of the GDPR, to the extent applicable).

9.2 If we engage another processor for carrying out specific processing activities on your behalf, the same obligations as set out in this DPA shall be imposed on that other processor by way of a written contract.

9.3 The sub-processors currently engaged by us and hereby authorized by you are listed in Annex 1 below. We will inform you of any intended changes concerning the addition or replacement of other processors, including full details of the processing to be undertaken by the new processor(s), giving you the opportunity to object to such changes.

9.4 If you have a reasonable basis to object to our use of another new processor, you shall notify us promptly in writing within 5 days after being notified. For the avoidance of doubt, you hereby agree that if you are not able to show evidence that the new processor provides an unacceptable risk to the protection of Customer Private Data (e.g., the other processor has a history of security breaches) or is your direct competitor, it would be unreasonable for you to object if the other processor has passed our vendor security evaluation.

9.5 Notwithstanding the foregoing, if you object to the engagement of another processor and your objection is not unreasonable, the parties will come together in good faith to discuss an appropriate solution. We may in particular choose not to use the intended processor or engage the processor only after we take the corrective steps and / or measures requested by you.

9.6 If you interconnect the direct messaging or other similar features of Provider Services with a third-party application, the third-party application will have access via APIs to data from Provider Community direct messaging or similar feature. In such cases, the third-party vendors with whom data are shared shall not be considered our sub-processors engaged by us according to this Section 8; the processing of the shared data shall be subject to a separate data processing agreement, or a similar contractual arrangement concluded directly between you and your relevant third-party vendor.

9.7 Sub-processors engaged by us are subject to the technical and organizational measures that are substantially similar to the technical and organizational measures set out in the Data Security Schedule above.

10. Audit rights

10.1 Upon reasonable advance notice of at least 90 days and in order to ensure and review compliance with the technical and organizational security measures and the obligations laid down in this DPA, we shall permit you to conduct periodic audits or to have them carried out by an auditor mandated by you. We shall, at your written request and within a reasonable period of time, submit to you any and all information, documentation and other factual evidence necessary for the audit. The audit result shall be documented appropriately.

10.2 Audits shall be conducted during reasonable times, shall be of reasonable duration, and shall not unreasonably interfere with our day-to-day operations. In the event that you conduct an audit through a third-party independent contractor, such independent contractor shall be required to enter into a non-disclosure agreement. Additionally, such independent contractor must not be our direct or indirect competitor, nor a person who can reasonably be considered by us unfit (for professional, experience and historic reasons) to perform such audit. Each party shall bear its own costs and expenses arising out of or in connection with the audit.

11. Miscellaneous

11.1 Unless otherwise stipulated herein, the provisions of the Terms shall apply, including any exclusions and limitation of warranties and liabilities provided therein. Provisions in this DPA shall have precedence over any provisions of the Terms relating to the processing of Customer Private Data by Provider in the position of a data processor, if any.

Annex 1: Specification of Customer Private Data

This Annex 1: Specification of Customer Private Data sets out the scope of Customer Private Data processed within various Services features.


1. The following applies only if you buy the Community Management feature of the Social Marketing Cloud or any other features of the Social Marketing Cloud that you may activate and that would require us to access and process any personal data associated with your social network profile, page or account which we cannot access directly from social networks (via API) without your permission and with respect to which you are the data controller:

Social Marketing Cloud (Community Management)

Subject matter and nature of the processing of Customer Private Data is set out in the Terms.

The nature of the processing may include any operation that Provider may perform on Customer Private Data or on sets of Customer Private Data when providing Services, which may include collection, recording, organization, structuring, storage, adaptation, retrieval, consultation, disclosure by transmission or otherwise making available, alignment or combination, erasure or destruction of data (whether or not by automated means).

_________

Purpose of processing of Customer Private Data is to provide the Social Marketing Cloud Services to you.

_________

Categories of Customer Private Data processed by us within the Social Marketing Cloud Services are primarily designated by you, the data controller, based on how you choose to use the Services. As a data controller you may submit or allow access to Customer Private Data within the customer care feature of our Social Marketing Cloud (incl. the integrated AI Chatbot or Review Management feature) or other Social Marketing Cloud features, the extent of which is determined and controlled by you in your sole discretion, and which may include, but is not limited to the following categories of personal data:

  • Any personal data that your customers, followers or any other persons interacting with you through various communications channels share with you through our Services. Such personal data may include, without limitation, data subjects’ contact information (such as name, address, company, email, telephone), identification data (date of birth), information about orders (such as reference numbers, receipts, cost), complaints and other information relating to the data subjects’ activities and contents of your conversations with them.

  • Information about data subjects’ behavior on Provider’s platform and/or on social media.

The exact scope of Customer Private Data processed will always depend on the specific Service or Service feature then available and used by you.

_________

Categories of data subjects are primarily designated by you, the data controller, based on how you choose to use the Services, and may include, without limitation, the following categories of data subjects:

  • Any individuals who interact with you through Community or similar feature of the Social Marketing Cloud (such individuals may include, without limitation, your followers, fans or other page visitors; customers and prospective customers, business partners and vendors; your employees, agents, advisors, and freelancers and other end-users authorized by you to use the Services.


_________

Locations of processing: Czech Republic, EU, USA (Provider’s Services are hosted on AWS cloud, AWS region US West 2). For full information see Provider Privacy Policy available at https://emplifi.io/legal/social-marketing-cloud/privacy-policy-oct-21.

_________

Sub-processors:

  • Amazon Web Services, Inc., headquartered at 410 Terry Avenue, Seattle, WA 98109, United States (hosting of the Services and data storage)

  • Databricks, Inc., headquartered at 160 Spear St., Ste 1300, San Francisco, CA 94105, United States (data processing optimization)

  • Filestack, Inc., headquartered at 122 E Houston St, 2nd Floor, San Antonio, TX 78205, United States (file upload and data conversion services)

  • Intercom R&D Unlimited Company, headquartered at 2nd Floor, Stephen Court, 18-21 St. Stephen’s Green, Dublin 2, Republic of Ireland (outbound messaging and messages measurement, optimization and integrations)

_________


2. The following applies only if you buy the Service Cloud and/or the Social Commerce Cloud:

Service Cloud and Social Commerce Cloud

Subject matter and nature of the processing of Customer Private Data is set out in the Terms.

The nature of the processing may include any operation that Provider may perform on Customer Private Data or on sets of Customer Private Data when providing Services, which may include collection, recording, organization, structuring, storage, adaptation, retrieval, consultation, disclosure by transmission or otherwise making available, alignment or combination, erasure or destruction of data (whether or not by automated means).

_________

Purpose of processing of Customer Private Data is to provide Services Cloud and/or Social Commerce Cloud Services, as applicable, to you.

_________

Categories of Customer Private Data processed by us within the Service Cloud and Social Commerce Cloud Services are primarily designated by you, the data controller, based on how you choose to use the Services. As a data controller you may submit or allow access to Customer Private Data within the Services, the extent of which is determined and controlled by you in your sole discretion, and which may include, but is not limited to the following categories of personal data:

  • Private and proprietary data not publicly available that are submitted by you or on your behalf to the Services or made accessible by you or on your behalf to Provider for the purpose of providing the Services, such as data from your internal commerce systems (e.g., CRM or IMS). Such personal data may include your customer data (such as name of customers, purchases, shipping addresses and contact information) and associated information relating to sales such as order values, bestsellers, status of returning customers etc. which may, in some cases, also include personal data. The scope of personal data varies depending on the databases or inputs received from you and the functionality of the Service Cloud or Social Commerce solution you decide to implement and utilize.

  • Any personal data that your customers and prospects (or any other data subjects, as may be applicable, such as your social media page followers or other persons interacting with you through social media) decide to submit to you via your communications channels utilized within the Service Cloud or Social Commerce Cloud (e.g., phone, email, SMS, Facebook messages or any other communications channels). Such personal data may include, without limitation, data subjects’ contact information (such as name, address, company, email, telephone), identification data (date of birth), contents of your conversations with the data subjects and other information relating to the data subjects’ activities.

  • Information about data subjects’ behavior on Provider’s platform and/or on social media.

The exact scope of personal data processed will always depend on the specific Service or Service feature then available and used by you.

_________

Categories of data subjects are primarily designated by you, the data controller, based on how you choose to use the Services, and may include, without limitation, the following categories of data subjects:

  • Any individuals who interact with you through the Service Cloud or Social Commerce Cloud (such individuals may include, without limitation, your customers and prospective customers; followers, fans or other page visitors; business partners and vendors your employees, agents, advisors, and freelancers and other end-users authorized by you to use the Services

_________

Locations of processing: USA, EU (AWS regions: US-East 1, EU-West 1)

_________

Sub-processors:

  • Amazon Web Services Inc., headquartered at 410 Terry Avenue, Seattle, WA 98109, United States (hosting of the Services and data storage)

  • Microsoft Corporation Inc., headquartered at One Microsoft Way, Redmond, WA 98052-6399, United States (hosting of the Services and data storage)

_________


3. The following table applies only if you buy the Voice of Customer (VoC):

Voice of Customer

Subject matter and nature of the processing of Customer Private Data is set out in the Terms.

The nature of the processing may include any operation that Provider may perform on Customer Private Data or on sets of Customer Private Data when providing Services, which may include collection, recording, organization, structuring, storage, adaptation, retrieval, consultation, disclosure by transmission or otherwise making available, alignment or combination, erasure or destruction of data (whether or not by automated means).

_________

Purpose of processing of Customer Private Data is to provide the Voice of Customer Services to you.

_________

Categories of Customer Private Data processed by us within the Voice of Customer Services are primarily designated by you, the data controller, based on how you choose to use the Services. As a data controller you may submit or allow access to Customer Private Data within the Services, the extent of which is determined and controlled by you in your sole discretion, and which may include, but is not limited to the following categories of personal data:

  • Private and proprietary data not publicly available that are submitted by you or on your behalf to the Services or made accessible by you or on your behalf to Provider for the purpose of providing the Services, such as data from your internal commerce systems (e.g., CRM or any other internal or external databases). Such personal data may include your customer data (such as name of customers, purchases, shipping addresses and contact information; communications, surveys and inquiries you or your customers have submitted to us through features available on the Services website; survey data collected from other surveys through VoC APIs, your customers’ feedback and other interactions with your customer) or any other category of data related to the use case applicable to you. The scope of personal data varies depending on the databases or inputs received from you and the functionality of the Voice of Customer solution you decide to implement and utilize.

  • Any personal data that your customer and prospects (or any other data subjects, as may be applicable, such as your followers, fans or other persons interacting with you decide to submit to you via your communications channels utilized within the Voice of Customer (e.g., your website or mobile app, phone, e-mail, SMS, feedback cards on websites or any other communications channels). Such personal data may include, without limitation, data subjects’ contact information (such as name, address, company, email, telephone), identification data (date of birth), customers’ feedback, and other information relating to the data subjects’ activities and preferences; users’ IP addresses, survey filling start and end time, browser and browser version, OS, mobile device manufacturer, device model, country and city of survey respondent.

  • Information about data subjects’ behavior on Provider’s platform /VoC interface.

The exact scope of personal data processed will always depend on the specific Voice of Customer Service version then available and used by you.

_________

Categories of data subjects are primarily designated by you, the data controller, based on how you choose to use the Services, and may include, without limitation, the following categories of data subjects:

  • Any individuals who interact with you through the Voice of Customer (such individuals may include, without limitation, your customers, prospective customers, followers, fans or other page visitors, and your end-users authorized by you to use the Services).

_________

Locations of processing: Montreal, Canada

_________

Sub-processors:

  • iWeb Technologies Inc., headquartered at 500-14 Place du Commerce, Nuns' Island, Montreal (Quebec) H3E 1T5, Canada (colocation facility used for data storage)

_________


4. The following table applies only if you buy the Live Advisor and/or ShopStream:

Live Advisor and ShopStream

Subject matter and nature of the processing of Customer Private Data is set out in the Terms. The Services consists of hosting live stream call sessions between web-based end-users of your website and your employees.

The nature of the processing may include any operation that Provider may perform on Customer Private Data or on sets of Customer Private Data when providing Services, which may include recording, hosting, retrieval, consultation, disclosure by transmission or otherwise making available, erasure or destruction of data (whether or not by automated means).

_________

Purpose of processing of Customer Private Data is to provide the Live Advisor and/or ShopStream Services to you.

_________

Categories of Customer Private Data processed by us within the Live Advisor and/or ShopStream are primarily designated by you, the data controller, based on how you choose to use the Services. As a data controller you may submit or allow access to Customer Private Data within the Services, the extent of which is determined and controlled by you in your sole discretion, and which may include, but is not limited to the following categories of personal data:

  • Personal data of your websites’ end-users, customers and employees such as their name, likeness, videorecording of conversation with such end-users including the content of such conversation. The Live Advisor and/or ShopStream facilitates the end-users of your website, to see your employees in your retail store via a one-way or two-way video call. This enables your employees to show the end-user your products and services in your retail store and be able to respond to questions posed by the end-user about the products and services. End-users will see your employee’s first name which may be the real name or fake name, depending on your employee’s choice and account setting.

  • We use tracking technology to assign a unique user identifier to the end-user of your website using only the first three octets of the end-user’s IP address. This permits the tracking of an end-user’s journey while visiting your website, if the end-user places a call to your employee and subsequently purchases a product or services from you.

  • Information about your employees’ performance and use of the Live Advisor and/or ShopStream. The report is provided only to your representatives authorized by you.

  • Any other personal data that may be submitted by you and required by us to provide the Live Advisor and/or ShopStream, including requested support services and reporting services, to you.

_________

Categories of data subjects are primarily designated by you, the data controller, based on how you choose to use the Services, and may include, without limitation, the following categories of data subjects:

  • Your employees, customers / end-users of your website

_________

Locations of processing: United Kingdom (AWS region EU-West 2); United States; Pakistan

_________

Sub-processors:

  • Amazon Web Services Inc., headquartered at 410 Terry Avenue, Seattle, WA 98109, United States (hosting of the Services and data storage)

  • Microsoft Corporation Inc., headquartered at One Microsoft Way, Redmond, WA 98052-6399, United States (hosting of the Services and data storage; analytics monitoring)

  • XynoTech, headquartered at B-112, Block 6, Gulshan-e-Iqbal, Karachi, Pakistan (development, implementation support and customer support)

  • Vonage, headquartered at 23 Main Street Holmdel, New Jersey, USA (provider of video conversations)

  • Cometchat headquartered at 1002 Walnut St, Suite 200, Boulder CO, USA (provider of an in-app communication (chat) platform)

_________


5. The following table applies only if you buy the Social UGC (User Generated Content) & Influencer Management:

Social UGC (User Generated Content) & Influencer Management

Subject matter and nature of the processing of Customer Private Data is set out in the Terms.

The nature of the processing may include any operation that Provider may perform on Customer Private Data or on sets of Customer Private Data when providing Services, which may include collection, recording, organization, structuring, storage, adaptation, retrieval, consultation, disclosure by transmission or otherwise making available, alignment or combination, erasure or destruction of data (whether or not by automated means).

_________

Purpose of processing of Customer Private Data is to provide the Social UGC and/or Influencer Management services to you.

_________

Categories of Customer Private Data processed by us within the Social UGC and/or Influencer Management services are primarily designated by you, the data controller, based on how you choose to use the Services. As a data controller you may submit or allow access to Customer Private Data the extent of which is determined and controlled by you in your sole discretion, and which may include, but is not limited to the following categories of personal data:

  • First and last name or initial (or nickname / screenname), contact information (email address and/or unique identifier), Social ID.

  • Any other Customer Private Data that you elect to transmit, collect, or display on Social UGC’s and/or Influencer Managements services.

The exact scope of Customer Private Data processed will always depend on the specific Service or Service feature then available and used by you.

_________

Categories of data subjects are primarily designated by you, the data controller, based on how you choose to use the Services, and may include, without limitation, the following categories of data subjects:

  • Any social media users whom you address through Social UGC (User Generated Content) and/or Influencer Management.

  • Users of Customer’s websites and applications.

  • Purchasers of Customer’s goods and services.

  • Individuals submitting user generated content to Customer’s websites and applications.

_________

Locations of processing: USA (Provider’s Services are hosted on AWS cloud). For full information see Provider Privacy Policy available at https://www.pixlee.com/privacy-policy.

_________

Sub-processors:

  • Redis Labs, Inc., 1700 E El Camino, Mountain View, CA, 94041 (data Storage Solution: social media name, IP addresses)

  • Amazon Web Services Inc., 410 Terry Ave, N. Seattle, WA 98109 (general infrastructure and hosting for portions of application; social media name, image, IP address, purchase information)

  • Heroku Inc., 415 Mission Street Suite 300, San Francisco, CA 94105 (application Hosting: social media name, image, IP address)

  • Fastly Inc., 475 Brannan Street #300, San Francisco, CA 94107 (content caching and delivery: social media profile, images)

  • Intercom Inc., 55 2nd Street 4th Floor, San Francisco, CA 94105 (in-app chat within the Pixlee platform for customers: Name + Email)

  • Functional Software Inc. dba Sentry, 45 Fremont Street, 8th Floor, San Francisco, CA 94105 (Javascript error detection and tracking: IP address)

  • Honeybadger Industries LLC, 11410 NE 124th Street #246, Kirkland, WA, 98034 (error Detection: IP Address)

  • Segment.io, Inc., 100 California St Suite 700, San Francisco, CA, 94111 (analytics tracking and loading: IP Address)

  • Twilio Inc., 01 Spear Street, First Floor, San Francisco, CA, 94105 (outgoing email notifications and content solicitations: first name, email address)

_________

Just some of our recent awards

Social Marketing Cloud
Award - G2 Crowd Leader (Fall 2022)
Award - G2 Crowd Leader - Enterprise (Fall 2022)
Award - Social Marketing Cloud (MarTech Breakthrough Award 2022)
Social Commerce Cloud
Award - The Sammy 2022
Service Cloud
Award - Service Cloud (G2: Leader - Fall 2022) - Experience Management
Award - Service Cloud (G2: High Performer Enterprise - Fall 2022) - Experience Management
Award - Service Cloud (AI Breakthrough Award - 2020) - Bot