This Agreement constitutes an integral part of an agreement between CuteSoft Components Inc and the Client, binding on the basis of acceptance of MyLiveChat Terms of Service.
The Client and MyLiveChat are hereinafter also jointly referred to as "Parties" and each separately as a "Party".
-
The Client hereby represents that it has obtained and that it processes Personal Data in accordance with applicable laws, including GDPR. The Client confirms in particular that it has: (i) obtained and holds the legally required direct marketing consents, including consents to send commercial information by e-mail or telephone and to use telecommunications terminal equipment and automated phone call systems for direct marketing purposes – if the Client carries out such activities, (ii) informed the data subjects about the processing of the data to the extent and in a manner required under the GDPR, (iii) has the right to process Personal Data and engage MyLiveChat for carrying out processing activities to the extent and for the purpose defined in Annex 1 hereto. Notwithstanding the foregoing, if the Client is not the Personal Data controller, it confirms that it has received the permission of the respective controller as required under the GDPR to engage MyLiveChat for carrying out processing for the purpose and to the extent in question.
-
The Client hereby confirms that the technical and organizational measures implemented by MyLiveChat and defined in Annex 2 are suitable and sufficient for the protection of the rights of data subjects, and the Client considers MyLiveChat to be providing sufficient guarantees in this respect.
-
Notwithstanding the foregoing, the Client shall use the Service in a safe manner and in accordance with the law, which includes properly securing the Client account authentication data, ensuring the security of the Personal Data while providing them for the purpose of the Service, taking suitable actions to ensure secure encryption or creation of internal backup of the Personal Data entrusted to MyLiveChat and ensuring protection against unauthorized access. The Client hereby acknowledges and accepts that in connection with the Service MyLiveChat uses cookies and other similar technologies to track user activity. The Client undertakes to apply appropriate notices, obtain appropriate consents and have mechanisms for their withdrawal (opt-in and opt-out) required by law to enable MyLiveChat to use these technologies lawfully and collect data from the Contacts' devices in accordance with Privacy Policy available at Privacy Policy and in a manner describer therein.
-
The Client shall inform MyLiveChat without undue delay about any inspection performed by the Inspector General for the Protection of Personal Data (“IGPPD"), and from the moment of its appointment - President of the Personal Data Protection Authority (“PPDPA") that is connected with the processing of the Personal Data entrusted to MyLiveChat and about any notice from the IGPPD or PPDPA requesting explanations regarding the same.
-
MyLiveChat shall process the Personal Data exclusively in line with the instructions from the Client, unless the European Union or Member State law requires otherwise. In the latter case, §4(6)(a) hereof shall apply.
-
The Client's instructions are given in the Agreement or can be given and followed through the functionalities provided by MyLiveChat in the Service. The Client shall make sure that any instructions given to MyLiveChat are in conformity with applicable data protection laws.
-
Any further instructions that go beyond the instructions defined in §3(2) above must pertain to the subject matter of the Agreement or the subject matter of the Service provided in accordance with Terms of Service. If executing further instructions results in costs for MyLiveChat, MyLiveChat shall inform the Client about such costs, explaining the amounts of the costs, before executing the instruction. Only upon the Client's confirmation of bearing these costs and their payment is MyLiveChat obliged to execute further instruction, provided that technical and organisational measures allow it. The Client shall give further instructions in writing, unless urgency or other special circumstances justify giving instructions through electronic means of communication. Instructions in any form other than in writing should be subsequently properly documented without undue delay.
-
MyLiveChat shall immediately inform the Client if MyLiveChat believes that an instruction infringes the GDPR or other European Union or Member State data protection provisions, and shall request the Client to withdraw, change or confirm the challenged instruction. While waiting for the Client's decision, MyLiveChat has the right to suspend the performance of the challenged instruction. If, despite the Client's explanation, executing the challenged instruction would infringe the GDPR or other European Union or Member State data protection provisions, MyLiveChat has the right to refrain from executing the instruction.
-
Taking into account the state of the art, the cost of implementation and the nature, scope, context and purposes of processing as well as the risks for rights and freedoms of natural persons, MyLiveChat hereby represents that as per Article 32 of the GDPR, MyLiveChat has implemented appropriate technical and organizational measures to secure the processing of Personal Data. The description of the implemented measures is available in Annex 2. MyLiveChat may at any time change the implemented measures, provided that the protection level they ensure is not lower than that ensured by the measures applicable at the conclusion of the Agreement. The information about the current technical and organizational measures along with the information about any changes to the scope of the implemented measures can be found in the Client Account as of May 25, 2018. At a justified request of the Client, MyLiveChat shall make available to the Client any further information necessary to demonstrate its compliance with the obligations laid down in Article 28 of the GDPR. The last sentence of §4(5) hereof shall apply as appropriate.
-
MyLiveChat shall ensure appropriate security of the Personal Data against unauthorized access and unauthorized seizure, as well as against damage, destruction or loss, and shall take any necessary steps as required by law to keep the Personal Data and how they are secured confidential.
-
MyLiveChat hereby represents that all persons authorized to process the Personal Data have committed themselves to confidentiality or are under an appropriate statutory obligation of confidentiality as per Article 28(3)(b) of the GDPR, and MyLiveChat shall be liable for their acts or omissions as for its own acts or omissions.
-
It is the responsibility of the Client to satisfy the requests of Personal Data subjects and to prepare replies to such requests. MyLiveChat shall reasonably support the Client to the best of its abilities and to a reasonable extent, in fulfilling its obligations, in particular through the application of appropriate technical and organizational measures necessary for the Client to support the exercise of the data subjects' rights under the GDPR.
-
MyLiveChat shall assist the Client in compliance with the obligations pursuant to Articles 32 to 36 of the GDPR in respect of the Service by providing the Client with the necessary information. In respect of assisting the Client in data protection impact assessment (Article 35 of the GDPR) and in prior consultation with the supervisory authority (Article 36 of the GDPR), MyLiveChat shall assist only insofar as the Client is unable to fulfill its obligations by other means. MyLiveChat shall inform the Client about the costs of such assistance. Once the Client confirms that it will cover such costs, MyLiveChat shall provide the required assistance.
-
MyLiveChat shall inform the Client without undue delay upon receiving any credible and confirmed information:
- that MyLiveChat or its sub-processors have been obliged, under the European Union or Member State law to which MyLiveChat is subject, to process the Personal Data in a manner going beyond the Client's instructions; in such a case, MyLiveChat shall inform the Client of such obligation before processing, unless law prohibits providing such information on important grounds of public interest; in such an event, the notice to the Client shall specify the legal requirement arising from the European Union or Member State law;
- about any identified Personal Data breach committed by MyLiveChat or its subprocessor that affects the Client's Personal Data hereunder. In such a case, MyLiveChat shall support the Client in the Client's fulfilment, where applicable, of an obligation to notify the supervisory authority or the data subject by providing the information available to MyLiveChat in accordance with Article 33(3) of the GDPR.
-
The Client shall have the right to audit MyLiveChat's compliance with the Agreement in terms of Personal Data processing (“Audit"). An Audit may also be conducted by an independent auditor mandated by the Client, subject to prior conclusion of confidentiality agreement between the auditor and MyLiveChat.
-
The Client shall not appoint as an auditor any entity conducting directly or indirectly competitive activity in relation to activity conducted by MyLiveChat. Competitive activity shall mean any activity, whether or not fee-based, irrespective of the place and territory where it is carried out, regardless of the legal form, conducted in the same or the same subject range and addressed to the same group of recipients, coinciding – even partially – with the scope of the main or the side activity of MyLiveChat or of entities from the MyLiveChat group worldwide. Assessment of whether an entity is a competitor will include not only the subject of business activity of such an entity as listed in its articles of association or other document constituting the basis for its functioning, but also any activities actually pursued by that entity. If the Audit is mandated to MyLiveChat's competitors, MyLiveChat shall have the right to refuse to allow the Audit until another entity is mandated to carry out the Audit on behalf of the Client or until the Parties agree on how to further proceed.
-
The Audit shall be subject to the following conditions: (i) it may only apply to the Personal Data entrusted to MyLiveChat for processing under the Agreement, it shall be limited to MyLiveChat's registered office, devices used to process the Personal Data and staff involved in the processing hereunder; (ii) it shall be carried out efficiently and as quickly as possible, taking no more than 2 working days, (iii) it shall not take place more than once a year, unless it is required under applicable laws or by a competent supervisory authority or takes place promptly after a material breach of the Personal Data processed hereunder is identified, (iv) it may take place during regular working hours of MyLiveChat, in a manner that does not disrupt MyLiveChat's business and is in conformity with MyLiveChat's security policies; (v) the Client shall inform MyLiveChat about the intention to carry out the Audit via electronic means of communication or by post at least 14 working days before the intended Audit date. If an Audit cannot be carried out as intended for reasons beyond MyLiveChat's control or if other unexpected obstacles arise, MyLiveChat shall inform the Client about such circumstances and shall suggest a new Audit date, which shall not be later than 7 working days after the date specified by the Client; (vi) the Client shall bear all costs arising from or connected with an Audit, except where an Audit reveals a serious breach of Personal Data security rules that pertains or is a threat to the Client's Personal Data; (vii) an Audit cannot be intended or lead to the disclosure of legally protected secrets (including MyLiveChat's trade secrets). The Client shall create an Audit report that summarizes the Audit findings. The report shall be submitted to MyLiveChat and shall represent MyLiveChat's confidential information which cannot be disclosed to any third parties without MyLiveChat's written permission unless this is required by the applicable laws.
-
If MyLiveChat adheres to an approved certification mechanism referred to in Article 42 of the GDPR or an approved code of conduct referred to in Article 40 of the GDPR, the Client's auditing rights may also be exercised through MyLiveChat's reference to the results of the monitoring of the rules of certification or the code of conduct. If this is the case, the Audit shall only address issues that cannot be sufficiently clarified through the submission of such results by MyLiveChat.
-
MyLiveChat's liability in contract and in tort shall be limited to direct actual losses incurred by the Client. MyLiveChat shall not be liable for lost profit, notwithstanding the source, except where this is caused by wilful misconduct or gross negligence.
-
MyLiveChat's total liability, notwithstanding the number of and grounds for the Client's claims, shall be limited to equivalent of amount payable for the Service for three settlement periods (settlement period shall mean, respectively, monthly period or 30 days) paid by the Client in the settlement period immediately preceding the date when the event causing the damage occurred, with the exclusion of any amounts representing setup fees or any extra charges. The Client hereby releases MyLiveChat from any liability above that limit.
-
MyLiveChat shall not be liable for not performing or improperly performing the Agreement resulting from Force Majeure.
-
The Parties agree that the Client shall be liable for satisfying any and all claims of Personal Data subjects in connection with any damage arising from improper processing of personal data hereunder, unless the Client demonstrates that the damage resulted from the sole through fault of MyLiveChat or MyLiveChat's sub-processors. If the Client fails to demonstrate this, the Client shall unconditionally indemnify MyLiveChat and hold it harmless in respect of any claims filed by the entities whose Personal Data MyLiveChat has processed based on the Agreement, and in connection with the processing of such data hereunder. If action is brought against MyLiveChat, the Client shall, if so required by MyLiveChat, join the proceedings as a party and assume full liability for the claim.
-
The Parties jointly agree that save as otherwise provided in the Agreement, MyLiveChat's remuneration for the activities hereunder is included in the remuneration due for the provision of the Service to the Client.
-
The Agreement has been concluded for an indefinite period, but it shall be terminated no later than on the day of return or deletion of Personal Data according to §7 hereof.
-
The Agreement shall supersede any arrangements between the Parties in respect of entrusting Personal Data which the Parties may have made before in connection with the Service, notwithstanding the form of such arrangements.
-
Any amendments to the Agreement shall be made in writing, including electronic means of communication.
-
Any communications between the Parties shall be sent to the following addresses only:
- MyLiveChat – Info@MyLiveChat.com
- Client – email address used to log-in to the Client's Account
-
The Agreement shall be governed by Canadian law. To any matters not regulated herein, the provisions of the GDPR, other applicable Canadian laws, the Privacy Policy available at Privacy Policy and Terms o.f Service available at Terms of Use shall apply. Any capitalized terms (e.g. Contacts, Force Majeure etc.) not defined herein shall have the meaning as assigned to them in Terms of Service. In the event of any discrepancies between Terms of Service and this Agreement, the provisions of this Agreement in relation to personal data protection shall prevail.
-
The Agreement has been executed in two counterparts, one for each Party.
Purpose of the Personal Data processing
Personal Data shall be processed by MyLiveChat in order for the Client to use the Service provided by MyLiveChat.
Nature of the processing and the processing activities
Processing is both automated and non-automated. Personal Data processing by MyLiveChat takes place using the IT systems provided within the Service and includes following processing activities: collection, recording, storage, adaptation, alteration, disclosure, backuping Personal Data, as well as other activities as required to provide the Service.
MyLiveChat shall not communicate directly with the Personal Data subjects in the course of Personal Data processing.
MyLiveChat's role is limited to making the Service tools available to the Client for use in order to process the Personal Data. MyLiveChat does not have any impact on the scope of Personal Data processed by the Client within the Service, does not determine the purposes and means of their processing and does not monitor scope of such Data.
Categories of data subjects
The Client engages MyLiveChat in processing of the Personal Data of following categories of data subjects:
- Contacts – including persons whose Personal Data are on the Contact List; or whose Personal Data is collected and stored using the Service; or to which the Client will send communication using the Service, in particular contractors, clients, prospects, employees, contacts of the Client's business partners, subscriber of the Client's newsletter;
- participants of webinars;
- persons whose data is collected through forms and surveys;
- persons authorized by the Client to use the Account (Collaborators).
As a rule, the Service is not intended to process special categories of personal data referred to in Article 9 of the GDPR, personal data relating to criminal convictions and offences referred to in Article 10 of the GDPR, nor personal data of children. However, decision as to the scope of data that to be processed by MyLiveChat in the Service belongs to the Client. By using the Service to process such data, the Client confirms that security measures implemented by MyLiveChat are in his opinion sufficient to protect entrusted Personal Data.
Categories of Personal Data to be processed
The Client engages MyLiveChat for processing of following categories of Personal Data:
- regarding Contacts: e-mail address.
The Service also allows for the processing of other information such as:
- first and last name
- company phone number, private phone number, mobile phone number, fax number
- URL address of the website through which Contact provided its data to the Client
- the Contact's address details
- address of the website from which the Client was redirected [http_referer]
- gender, age, date of birth
- workplace
- Personal Data contained in contents sent by the Client with the use of the Service
- additional information about the Contact [comment] and other information based on fields defined by the Client when collecting the Contacts' data from forms or surveys.
- regarding participants of webinars: email address.
The Service also allows for the processing of other information such as:
- first and last name,
- nickname
- address of the website from which the participant was redirected [http_referer]
- additional information about the webinar participant collected by the Client from registration form, during webinar or chat.
- regarding persons whose data is collected through forms and surveys: email address.
The Service also allows for the processing of other information such as:
- first and last name,
- additional information based on the fields defined by the Client.
- regarding Collaborators of the Client: email address, name of user.
- regarding all above categories: data processed automatically while the Service is being used (data about the use of the Service; data collected using cookies or other technologies used to track users activity; IP data of the device from which the Contact was imported to the Client's Contact List or on which the Contact opened an email sent to him by the Client as part of using the Service; location data; data about the web browser).
MyLiveChat uses the support of its subsidiaries, as well as external sub-contractors to provide the Service. The sub-processors listed below provide services supporting some of the tools of the Service (webinars), hosting and colocation, customer support, incident tracking, troubleshooting, and services concerning identifying and solving problems in the Service.