1. Fees and Payments
Fees for Services: You agree to pay to the Company any fees for each Service you purchase or use, in accordance with the pricing and payment terms presented to you for that Service. Where applicable, you will be billed using the billing method agreed upon when your services agreement was signed. Fees paid by you are non-refundable, except as provided in these Terms or when required by law.
Subscriptions: Some of our Services are billed on a subscription basis (we call these “Subscriptions”). This means that you will be billed in advance on a recurring, periodic basis (each period is called a “billing cycle”). Billing cycles are typically monthly or annual, depending on what subscription plan you select when purchasing a Subscription. Your Subscription will automatically renew at the end of each billing cycle unless you cancel by contacting our customer support team. You may cancel auto-renewal on your Subscription at any time, in which case your Subscription will continue until the end of that billing cycle before terminating. You may cancel auto-renewal on your Subscription immediately after the Subscription starts if you do not want it to renew.
Taxes: Unless otherwise stated, you are responsible for any taxes (other than SightX’s income tax) or duties associated with the sale of the Services, including any related penalties or interest (collectively, “Taxes”). You will pay SightX for the Services without any reduction for Taxes. If SightX is obliged to collect or pay Taxes, the Taxes will be invoiced to you, unless you provide SightX with a valid tax exemption certificate authorized by the appropriate taxing authority or other documentation providing evidence that no tax should be charged. If you are required by law to withhold any Taxes from your payments to SightX, you must provide SightX with an official tax receipt or other appropriate documentation to support such payments.
Price Changes: SightX may change the fees charged for the Services at any time, provided that, for Services billed on a subscription basis, the change will become effective only at the end of the then-current billing cycle of your Subscription. SightX will provide you with reasonable prior written notice of any change in fees to give you an opportunity to cancel your Subscription before the change becomes effective.
2. What we Collect and the Reasons the Company Collects Personal Information
We collect information directly from individuals, from third parties, and automatically through the Company Platform. When you create an account and profile on the Company Platform, we collect your name, contact information, and other information you provide. It helps us deliver a superior level of customer service. It enables us to give you convenient access to our products and services and focus on categories of greatest interest to you. In addition, your personal information helps us keep you posted on the latest product announcements, special offers, and events that you might like to hear about.
3. Use of Information
There are a number of situations in which your personal information may help us give you better products. For example: We may ask for your personal information when you’re discussing a service issue on the phone with an associate, participating in an online survey, registering your products, or purchasing a product. When you interact with the Company, we may collect personal information relevant to the situation, such as your name, mailing address, phone number, email address, and contact preferences; your credit card information and information about the Company products and services you subscribe to and information relating to a support or service issue. We also collect information for market research purposes, to gain a better understanding of our customers and thus provide more valuable service.
We collect information regarding customer activities on our websites and portals. This helps us to determine how best to provide useful information to customers and to understand which parts of our web sites, products, and Internet services are of most interest to them.
We may use personal information to provide products that you have requested as well as for auditing, research, and analysis to improve our products.
This information may be shared with third parties or in special circumstances as described elsewhere in this policy, unless other terms are specifically agreed upon between, as evidenced by a written agreement accepted and executed by the Company.
The Company also enables you to offer our products and services to various third parties. To fulfill your request, the Company may require personal information about the person to whom you are sending the product or service such as their name, physical address, email address, and the like. The personal information you provide about that person is used only for the purpose for which it is collected. Our company will not solicit your end users or use their data without your consent.
5. Publicly Displayed Information is Public
In the event the Company develops bulletin boards, chat features, or other shared communication features on our web site, you should be aware that any information you share might be visible to other users. Personally identifiable information you submit to one of these forums can be read, collected, or used by other individuals to send you unsolicited messages. The Company is not responsible for the personally identifiable information you choose to submit in these forums. For example, if you choose to make information, which was previously nonpublic, available by enabling certain user features, the Company will collect that information from your interaction and the information may become publicly available.
6. When the Company Discloses Your Information
The Company takes your privacy very seriously. The Company does not sell or rent your contact information to other marketers.
There are also times when it may be advantageous for the Company to make certain personal information about you available to companies that the Company has a strategic relationship with or that perform work for the Company to provide products and services to you on our behalf. These companies may help us process information, extend credit, fulfill customer orders, deliver products to you, manage and enhance customer data, provide customer service, assess your interest in our products and services, or conduct customer research or surveys. In such situations, these companies are prohibited from using your personal information for any unauthorized purposes and are also obligated to protect your information in accordance with the Company’s policies, except if we inform you otherwise at the time of collection. Without such information being made available, it would be difficult for you to fully utilize our products and services, or access certain services, offers, and content on our web site.
The Company may take the personal information we receive from individuals responding to our services (surveys, research analytics, etc.) and combine (or aggregate) it with the responses of other customers we may have, to create broader, generic responses to the survey questions. The Company then uses the aggregated information to improve the quality of its services to you, and to develop new services and products. This aggregated non-personally identifying information may be shared with third parties.
We also reserve the right to disclose your personal information for any reason if, in our sole discretion, we believe that it is reasonable to do so, including credit agencies, collection agencies, merchant database agencies, law enforcement, litigation or to satisfy laws, such as the Electronic Communications Privacy Act, the Child Online Privacy Act, regulations, or governmental or legal requests for such information. We may also disclose personal information that is necessary to identify, contact, or bring legal action against someone who may be violating our contracts, policies and procedures. Finally, we may also disclose information about you if we determine that for national security, law enforcement, or other issues of public importance, disclosure is necessary.
7. How the Company Protects Your Personal Information
The Company takes precautions, including administrative, technical, and physical measures, to safeguard your personal information against loss, theft, and misuse, as well as unauthorized access, disclosure, alteration, and destruction.
Our web sites use best-in-class encryption on all web pages where personal information is required. However, no website or Internet transmission is completely secure. You can help us by also taking precautions to protect your personal data when you are on the Internet. Change your passwords often using a combination of letters and numbers, and make sure you use a secure web browser.
While we make every effort to ensure the integrity and security of our network and systems, we cannot guarantee that our security measures will prevent third-party “hackers” from illegally obtaining your personal information.
8. Integrity of Your Personal Information
The Company has safeguards in place to keep your personal information accurate, complete, and up to date for the purposes for which it is used. You always have the right to access and correct the personal information you have provided and can help us ensure that your contact information and preferences are accurate, complete, and up-to-date by notifying us of any changes to your personal information. In addition, you can request a copy of your personal information, your service use history, and your interactions with our sales and support agents by contacting one of our support associates.
9. Privacy of Children
YOU MUST BE EIGHTEEN (18) YEARS OR OLDER TO ACCESS THE COMPANY’S WEBSITE. IF YOU ARE UNDER EIGHTEEN YEARS OF AGE, YOU ARE NOT PERMITTED TO ACCESS THE COMPANY’S WEB SITE FOR ANY REASON. DUE TO THE AGE RESTRICTIONS FOR USE OF THAT WEBSITE, NO INFORMATION OBTAINED BY THAT WEBSITE FALLS WITHIN THE CHILDREN’S ONLINE PRIVACY PROTECTION ACT OF 1998 AND IS NOT MONITORED AS DOING SO.
10. Cookies and Other Technologies
As is true of most web sites, we gather certain information automatically and store it in log files. This information includes Internet Protocol (IP) addresses, browser type, Internet Service Provider (ISP), referring/exit pages, operating system, date/time stamp, and clickstream data. We use this information, which does not identify individual users, to analyze trends, to administer the site, to track users’ movements around the site and to gather demographic information about our user base as a whole. The Company will not use the information collected to market directly to that person.
In some of our email messages we use a “click-through URL” linked to content on our web site. When customers click one of these URLs, they pass through our web server before arriving at the destination web page. We track this click-through data to help us determine interest in particular topics and measure the effectiveness of our customer communications. If you prefer not to be tracked simply avoid clicking text or graphic links in the email.
In addition, we may use pixel tags, tiny graphic images, to tell us what parts of our web site customers have visited or to measure the effectiveness of searches customers perform on our site. Pixel tags also enable us to send email messages in a format, which customers can read. And they tell us whether emails have been opened to ensure that we’re sending only messages that are of interest to our customers. We may use this information to reduce or eliminate messages sent to a customer.
11. Commitment to Your Privacy
The Company takes protecting your privacy very seriously. To make sure your personal information is secure, we communicate these guidelines to our employees and strictly enforce privacy safeguards within the company. In addition, the Company supports industry initiatives to preserve privacy rights on the Internet and in all aspects of electronic commerce.
12. International Users
The Company abides by the safe harbor framework set forth by the U.S. Department of Commerce regarding the collection, use, and retention of personal information.
IF YOU ARE A USER LOCATED IN THE EUROPEAN ECONOMIC AREA, SWITZERLAND OR UNITED KINGDOM, THE DATA PROCESSING ADDDENDUM ACCOMPANIES THESE TERMS AND SETS FORTH OTHER TERMS OF OUR AGREEMENT THAT APPLY SOLELY TO THE EXTENT ANY INFORMATION YOU PROVIDE TO SIGHTX INCLUDES PERSONAL DATA OF INDIVIDUALS LOCATED IN THE EUROPEAN ECONOMIC AREA, SWITZERLAND AND THE UNITED KINGDOM.
13. Links to Sites of Other Companies
Our web site may provide links to the sites of other companies. We are not responsible for their privacy practices. We encourage you to learn about the privacy policies of those companies.
14. Further Questions Regarding Privacy
Country or Region
If you do not want the Company to keep you up-to-date with Company news and the latest information on products and services, please notify us. Naturally, if you notify us that you do not want us to use your information for a particular purpose, we will not do so, however, please note that certain features of our web site will not be available in the event you change your privacy preferences.
16. Express Usage Terms
THE INFORMATION ON THIS WEB SITE IS PROVIDED “AS IS” WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, OR NON-INFRINGEMENT. SOME JURISDICTIONS DO NOT ALLOW THE EXCLUSION OF IMPLIED WARRANTIES, SO THE ABOVE EXCLUSION MAY NOT APPLY TO YOU.
Information on this web site may contain technical inaccuracies or typographical errors. Information may be changed or updated without notice. The Company may also make improvements and/or changes in the products and/or the programs described in this information at any time without notice.
Any comments or materials sent to the Company including feedback data, such as questions, comments, suggestions, or the like regarding the content of any such documents (collectively “Feedback”), shall be deemed to be non-confidential. The Company shall have no obligation of any kind with respect to such Feedback and shall be free to reproduce, use, disclose, exhibit, display, transform, create derivative works and distribute the Feedback to others without limitation. Further, the Company shall be free to use any ideas, concepts, know-how or techniques contained in such Feedback for any purpose whatsoever, including but not limited to developing, manufacturing and marketing products incorporating such Feedback.
Information that the Company publishes on the World Wide Web may contain references or cross references to Company products, programs and services that are not announced or available in your country. Such references do not imply that the Company intends to announce such products, programs or services in your country. Consult your local Company business contact for information regarding the products, programs and services, which may be available to you.
The Company makes no representations whatsoever about any other web site, which you may access through this one. When you access a non-Company web site, please understand that it is independent from the Company, and that the Company has no control over the content on that web site. In addition, a link to a non-Company web site does not mean that the Company endorses or accepts any responsibility for the content, or the use, of such web site. It is up to you to take precautions to ensure that whatever you select for your use is free of such items as viruses, worms, “Trojan Horses” and other items of a destructive nature.
IN NO EVENT WILL THE COMPANY BE LIABLE TO ANY PARTY FOR ANY DIRECT, INDIRECT, SPECIAL OR OTHER CONSEQUENTIAL DAMAGES FOR ANY USE OF THIS WEBSITE, OR ON ANY OTHER HYPERLINKED WEBSITE, INCLUDING, WITHOUT LIMITATION, ANY LOST PROFITS, BUSINESS INTERRUPTION, LOSS OF PROGRAMS OR OTHER DATA ON YOUR INFORMATION HANDLING SYSTEM OR OTHERWISE, EVEN IF WE ARE EXPRESSLY ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.
GDPR Data Processing Addendum
Effective May 25, 2018
This GDPR Data Processing Addendum, including the Standard Contractual Clauses referenced herein (“DPA”), is dated amends and supplements any existing and currently valid service agreement (the “Agreement”) either previously or concurrently made between you (together with subsidiary(ies) and affiliated entities, collectively, “Customer”) and SightX, Inc. (together with subsidiary(ies) and affiliated entities, collectively “Processor”) and sets forth other terms that apply to the extent any information you provide to Processor pursuant to the Agreement includes Personal Data (as defined below).
Terms used but not defined in this DPA, such as “personal data breach”, “processing”, “controller”, “processor” and “data subject”, will have the same meaning as set forth in Article 4 of the GDPR. In addition, the following definitions are used in the Addendum:
- “EU Data Protection Laws” means all laws and regulations of the European Union, the European Economic Area, their member states, Switzerland and the United Kingdom, applicable to the processing of Personal Data under the Agreement, including (where applicable) the GDPR.
- “GDPR” means the General Data Protection Regulation (Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data).
- “Personal Data” means any information relating to an identified or identifiable natural person located in the European Economic Area, Switzerland and United Kingdom. An identifiable natural person is one who can be identified, directly or indirectly, in particular by referencing an identifier such as a name, an identification number, location data, an online identifier, or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural, or social identity of that natural person.
- “Standard Contractual Clauses” means the model clauses for the transfer of personal data to processors established in third countries approved by the European Commission, the approved version of which is set out in the European Commission’s Decision 2010/87/EU of 5 February 2010.
This DPA is effective on the later of (a) the start of enforcement of the GDPR or (b) the date Processor begins to process Personal Data on behalf of Customer.
Data Processing Description
Exhibit A to this DPA describes the data exporter, data importer, data subjects, data categories, special data categories (if appropriate), the processing operations and the technical and organizational measures implemented by Processor to protect the Personal Data. For the purposes of the Standard Contractual Clauses, (a) Customer is the data exporter, and Customer’s execution of this DPA shall be treated as Customer’s execution of the Standard Contractual Clauses and appendices in this DPA; and (b) Processor is the data importer, and Processor’s execution of this DPA shall be treated as Processor’s execution of the Standard Contractual Clauses and appendices in this DPA.
GDPR Contractual Terms
Pursuant to Articles 28, 32 and 33 of the GDPR:
- Customer grants a general authorization to Processor to appoint its affiliates as sub-processors and a specific authorization to Processor and its affiliates to appoint as sub-processors third parties that provide reasonable technological and organizational safeguards to protect the Personal Data. Please email us at firstname.lastname@example.org at any time to request a list of our sub-processors and/or to subscribe to our email updates. [Article 28(2)]
- Processor shall [Article 28(3)]:
- process the Personal Data only on documented instructions from Customer unless required to do so by European Union or Member State law to which Processor is subject; in such a case, Processor shall inform Customer of that legal requirement before processing, unless that law prohibits such information on important grounds of public interest;
- ensure that persons authorized to process the Personal Data have committed themselves to confidentiality or are under an appropriate statutory obligation of confidentiality;
- take all applicable and appropriate measures required of processors pursuant to Article 32 of the GDPR;
- taking into account the nature of the processing, assist Customer by appropriate technical and organizational measures, insofar as this is possible, for the fulfilment of the Customer’s obligation to respond to requests for exercising the data subject’s rights set forth in Chapter III of the GDPR. Processor may charge a fee (based on Processor’s reasonable costs) for responding to data subject requests under this Section 4(b)(iv);
- assist Customer in ensuring compliance with the obligations pursuant to Articles 32 to 36 of the GDPR, taking into account the nature of processing and the information available to Processor;
- at the direction of Customer, delete or return all the Personal Data to Customer after the end of the provision of services relating to processing, and delete existing copies unless European Union or Member State or United States law requires storage of the Personal Data; provided, however, that Processor may retain Personal Data for the length of any applicable statutes of limitations for the purposes of bringing or defending claims. Processor may charge a fee (based on Processor’s reasonable costs) for any data deletion under this Section 4(b)(vi);
- make available to Customer all information necessary to demonstrate compliance with the obligations set forth in Article 28 of the GDPR and allow for and contribute to audits, including inspections, conducted by Customer and immediately inform Customer if, in its opinion, an instruction infringes the GDPR or other European Union or Member State data protection provisions. Processor may charge a fee (based on Processor’s reasonable costs) for any audits under this Section 4(b)(vii).
- Where Processor engages another processor for carrying out specific processing activities on behalf of Customer, the same data protection obligations as set out in this DPA shall be imposed on that other processor by way of a contract or other legal act under European Union or Member State law, in particular providing sufficient guarantees to implement appropriate technical and organizational measures in such a manner that the processing will meet the requirements of the GDPR. [Article 28(4)]
- Taking into account the state of the art, the costs of implementation and the nature, scope, context and purposes of processing as well as the risk of varying likelihood and severity for the rights and freedoms of natural persons, Customer and Processor shall implement appropriate technical and organizational measures to ensure a level of security appropriate to the risk. [Article 32(1)]
- In assessing the appropriate level of security, account shall be taken of the risks that are presented by processing, in particular from accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to Personal Data transmitted, stored or otherwise processed. [Article 32(2)]
- Customer and Processor shall take steps to ensure that any natural person acting under the authority of Customer or Processor who has access to Personal Data does not process them except on instructions from Customer, unless he or she is required to do so by European Union or Member State law (or, in the case of Processor, United States law). [Article 32(4)]
- Processor shall notify Customer without undue delay after becoming aware of a Personal Data breach. [Article 33(2)] Such notice will, at a minimum, (A) describe the nature of the Personal Data breach including where possible, the categories and approximate number of data subjects concerned and the categories and approximate number of Personal Data records concerned; (B) communicate the name and contact details of the data protection officer or other contact where more information can be obtained; (C) describe the likely consequences of the personal data breach; and (D) describe the measures taken or proposed to be taken by the controller to address the personal data breach, including, where appropriate, measures to mitigate its possible adverse effects. [Article 33(3)] Processor’s notification or response under this Section 4(g) shall not be construed as an acknowledgement by Processor of any fault or liability with respect to such Personal Data breach.
- Customer acknowledges and agrees that Processor is located in the United States and that Customer’s provision of Personal Data to Processor for processing is a transfer of Personal Data to the United States;
- All transfers of Customer Personal Data out of the European Economic Area, Switzerland and the United Kingdom to countries that do not ensure an adequate level of data protection within the meaning of applicable data protection laws shall be governed by the Standard Contractual Clauses. The Standard Contractual Clauses, and Appendices 1 and 2 to the Standard Contractual Clauses set out in Exhibit A to this Addendum, are incorporated in this DPA by this reference solely as required with respect to Personal Data. Execution of this DPA by both parties includes execution of the Standard Contractual Clauses with respect to the processing of Personal Data.
Processing by Controller
Customer represents and warrants that the Personal Data provided to Processor for processing under the Agreement and this DPA is collected and/or validly obtained by Customer in compliance with all applicable laws and regulations, including without limitation the EU Data Protection Laws, including without limitation Chapter II of the GDPR.
Limitation of Liability
Each party’s liability arising out of or related to this DPA, whether in contract, tort or under any other theory of liability, is subject to the limitations of liability contained in the Agreement. For the avoidance of doubt, each reference herein to the “DPA” means this DPA including its exhibits and appendices.
To the extent that it is determined by any data protection authority that the Agreement or this DPA is insufficient to comply with the applicable EU Data Protection Laws, or to the extent required otherwise by any changes in the applicable data protection laws, Customer and Processor agree to cooperate in good faith to amend the Agreement or this DPA or enter into further mutually agreeable data processing agreements in an effort to comply with any EU Data Protection Laws applicable to the Processor and Customer.
This DPA is without prejudice to the rights and obligations of the parties under the Agreement which shall continue to have full force and effect. In the event of any conflict between the terms of this DPA and the terms of the Agreement, the terms of this DPA shall prevail solely to the extent that the subject matter concerns the processing of Personal Data. This DPA does not confer any third-party beneficiary rights, is intended for the benefit of the parties hereto and their respective permitted successors and assigns only, and is not for the benefit of, nor may any provision hereof be enforced by, any other person. This DPA only applies to the extent Processor processes Personal Data on behalf of Customer. Except as required under the GDPR, this DPA and any action related thereto shall be governed by and construed in accordance with the laws of the State of Georgia, without giving effect to any conflicts of laws principles. Except for disputes subject to arbitration as described in the Agreement, which provisions are incorporated herein by this reference, the parties consent to the personal jurisdiction of, and venue in, the courts of Atlanta, Georgia. This DPA together with the Agreement is the final, complete and exclusive agreement of the parties with respect to the subject matter hereof and supersedes and merges all prior discussions and agreements between the parties with respect to such subject matter.
Data Processing Addendum
Exhibit A: Appendices to Standard Contractual Clauses
Appendix 1 to the Standard Contractual Clauses
This Appendix forms part of the Standard Contractual Clauses
The Member States may complete or specify, according to their national procedures, any additional necessary information to be contained in this Appendix.
The data exporter is (please specify briefly your activities relevant to the transfer):
Data exporter is Customer, a user of services provided by Processor, the entity that has executed an Agreement and assented to the Standard Contractual Clauses as a data exporter.
The data importer is (please specify briefly activities relevant to the transfer):
SightX, Inc., a global provider of a data analytics and data gathering services that facilitates analysis of human behavior, not limited solely to customers, upon the instruction, guidance, and usage of the SightX software platform by the data exporter in accordance with the terms of the Agreement and the DPA.
The personal data transferred concern the following categories of data subjects (please specify):
Data exporter may submit Personal Data to SightX, Inc., the extent of which is determined and controlled by the data exporter in its sole discretion, and which may include, but is not limited to Personal Data relating to the following categories of data subjects: the data exporter’s representatives and end-users including employees, contractors, business partners, collaborators, and customers of the data exporter. Data subjects may also include individuals attempting to communicate or transfer Personal Data to users of the services provided by SightX, Inc.
Categories of data
The personal data transferred concern the following categories of data (please specify):
Data exporter may submit Personal Data to SightX, Inc., the extent of which is determined and controlled by the data exporter in its sole discretion, and which may include, but is not limited to the following categories of personal data: (a) First and last name; (b) Title; (c) Position; (d) Employer; (e) Contact information (company, email, phone, physical business address); (f) Connection data; (g) Localisation data; and (h) other data in an electronic form used by Customer in the context of the services.
Special categories of data (if appropriate)
The personal data transferred concern the following special categories of data (please specify):
The personal data transferred will be subject to the following processing activities (please specify):
The objective of the processing of personal data by data importer is the performance of the contractual services related to the Agreement with the data exporter. The processes may include collection, storage, retrieval, consultation, use, erasure or destruction, disclosure by transmission, dissemination or otherwise making available data exporter’s data as necessary to provide the services in accordance with the data exporter’s instructions, including related internal purposes (such as quality control, troubleshooting, product development, etc.).
Appendix 2 to the Standard Contractual Clauses
This Appendix forms part of the Standard Contractual Clauses.
Description of the technical and organisational security measures implemented by the data importer in accordance with Clauses 4(d) and 5(c) (or document/legislation attached):